dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added support for AES 512 bit key size.

Browse Source 
AES XTS uses two keys. Therefore, XTS with 2 AES 256 implies 64 bytes key length.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-03-19 20:22:40 +01:00
parent 86ce01cac2
commit 1c7bc18161
8 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/hsm/cmd_key_gen.c
View File

@@ -27,7 +27,10 @@ int cmd_key_gen() {
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (p2 == 0xB2) {
if (p2 == 0xB3) {
key_size = 64;
}
else if (p2 == 0xB2) {
key_size = 32;
}
else if (p2 == 0xB1) {
@@ -37,7 +40,7 @@ int cmd_key_gen() {
key_size = 16;
}
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
uint8_t aes_key[32]; //maximum AES key size
uint8_t aes_key[64]; //maximum AES key size
memcpy(aes_key, random_bytes_get(key_size), key_size);
int aes_type = 0x0;
if (key_size == 16) {
@@ -49,6 +52,9 @@ int cmd_key_gen() {
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
}
else if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
return SW_MEMORY_FAILURE();