dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added support for AES 512 bit key size.

Browse Source 
AES XTS uses two keys. Therefore, XTS with 2 AES 256 implies 64 bytes key length.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-03-19 20:22:40 +01:00
parent 86ce01cac2
commit 1c7bc18161
8 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pico-hsm-sdk

Submodule pico-hsm-sdk updated: ec9eb7c436...b12e66a057

2
src/hsm/cmd_cipher_sym.c
View File

@@ -175,7 +175,7 @@ int cmd_cipher_sym() {
return SW_SECURE_MESSAGE_EXEC_ERROR(); return SW_SECURE_MESSAGE_EXEC_ERROR();
} }
int key_size = file_get_size(ef); int key_size = file_get_size(ef);
uint8_t kdata[32]; //maximum AES key size uint8_t kdata[64]; //maximum AES key size
memcpy(kdata, file_get_data(ef), key_size); memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) { if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();

10
src/hsm/cmd_key_gen.c
View File

@@ -27,7 +27,10 @@ int cmd_key_gen() {
if (!isUserAuthenticated) { if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED(); return SW_SECURITY_STATUS_NOT_SATISFIED();
} }
if (p2 == 0xB2) { if (p2 == 0xB3) {
key_size = 64;
}
else if (p2 == 0xB2) {
key_size = 32; key_size = 32;
} }
else if (p2 == 0xB1) { else if (p2 == 0xB1) {
@@ -37,7 +40,7 @@ int cmd_key_gen() {
key_size = 16; key_size = 16;
} }
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC) //at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
uint8_t aes_key[32]; //maximum AES key size uint8_t aes_key[64]; //maximum AES key size
memcpy(aes_key, random_bytes_get(key_size), key_size); memcpy(aes_key, random_bytes_get(key_size), key_size);
int aes_type = 0x0; int aes_type = 0x0;
if (key_size == 16) { if (key_size == 16) {
@@ -49,6 +52,9 @@ int cmd_key_gen() {
else if (key_size == 32) { else if (key_size == 32) {
aes_type = HSM_KEY_AES_256; aes_type = HSM_KEY_AES_256;
} }
else if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id); r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) { if (r != CCID_OK) {
return SW_MEMORY_FAILURE(); return SW_MEMORY_FAILURE();

11
src/hsm/cmd_key_unwrap.c
View File

@@ -34,7 +34,7 @@ int cmd_key_unwrap() {
if (key_type == 0x0) { if (key_type == 0x0) {
return SW_DATA_INVALID(); return SW_DATA_INVALID();
} }
if (key_type == HSM_KEY_RSA) { if (key_type & HSM_KEY_RSA) {
mbedtls_rsa_context ctx; mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx); mbedtls_rsa_init(&ctx);
do { do {
@@ -54,7 +54,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
} }
else if (key_type == HSM_KEY_EC) { else if (key_type & HSM_KEY_EC) {
mbedtls_ecdsa_context ctx; mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx); mbedtls_ecdsa_init(&ctx);
do { do {
@@ -74,7 +74,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
} }
else if (key_type == HSM_KEY_AES) { else if (key_type & HSM_KEY_AES) {
uint8_t aes_key[32]; uint8_t aes_key[32];
int key_size = 0, aes_type = 0; int key_size = 0, aes_type = 0;
do { do {
@@ -89,7 +89,10 @@ int cmd_key_unwrap() {
if (r != CCID_OK) { if (r != CCID_OK) {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
if (key_size == 32) { if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256; aes_type = HSM_KEY_AES_256;
} }
else if (key_size == 24) { else if (key_size == 24) {

7
src/hsm/cmd_key_wrap.c
View File

@@ -85,7 +85,7 @@ int cmd_key_wrap() {
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
} }
else if (*dprkd == P15_KEYTYPE_AES) { else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[32]; //maximum AES key size uint8_t kdata[64]; //maximum AES key size
if (wait_button_pressed() == true) { //timeout if (wait_button_pressed() == true) { //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR(); return SW_SECURE_MESSAGE_EXEC_ERROR();
} }
@@ -95,7 +95,10 @@ int cmd_key_wrap() {
if (mkek_decrypt(kdata, key_size) != 0) { if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
if (key_size == 32) { if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256; aes_type = HSM_KEY_AES_256;
} }
else if (key_size == 24) { else if (key_size == 24) {

16
src/hsm/cvc.c
View File

@@ -170,10 +170,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
const uint8_t *ext, const uint8_t *ext,
size_t ext_len) { size_t ext_len) {
size_t pubkey_size = 0; size_t pubkey_size = 0;
if (key_type == HSM_KEY_RSA) { if (key_type & HSM_KEY_RSA) {
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0); pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
} }
else if (key_type == HSM_KEY_EC) { else if (key_type & HSM_KEY_EC) {
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0); pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
} }
size_t cpi_size = 4; size_t cpi_size = 4;
@@ -213,10 +213,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
//car //car
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar; *p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
//pubkey //pubkey
if (key_type == HSM_KEY_RSA) { if (key_type & HSM_KEY_RSA) {
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size); p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
} }
else if (key_type == HSM_KEY_EC) { else if (key_type & HSM_KEY_EC) {
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size); p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
} }
//chr //chr
@@ -237,10 +237,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
const uint8_t *ext, const uint8_t *ext,
size_t ext_len) { size_t ext_len) {
size_t key_size = 0; size_t key_size = 0;
if (key_type == HSM_KEY_RSA) { if (key_type & HSM_KEY_RSA) {
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N); key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
} }
else if (key_type == HSM_KEY_EC) { else if (key_type & HSM_KEY_EC) {
key_size = 2 * key_size = 2 *
(int) ((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa) (int) ((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)
->grp.id)-> ->grp.id)->
@@ -264,14 +264,14 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
hash256(body, body_size, hsh); hash256(body, body_size, hsh);
memcpy(p, "\x5F\x37", 2); p += 2; memcpy(p, "\x5F\x37", 2); p += 2;
p += format_tlv_len(key_size, p); p += format_tlv_len(key_size, p);
if (key_type == HSM_KEY_RSA) { if (key_type & HSM_KEY_RSA) {
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32, if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32,
hsh, p) != 0) { hsh, p) != 0) {
memset(p, 0, key_size); memset(p, 0, key_size);
} }
p += key_size; p += key_size;
} }
else if (key_type == HSM_KEY_EC) { else if (key_type & HSM_KEY_EC) {
mbedtls_mpi r, s; mbedtls_mpi r, s;
int ret = 0; int ret = 0;
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa; mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;

7
src/hsm/kek.c
View File

@@ -326,11 +326,14 @@ int dkek_encode_key(uint8_t id,
else if (key_type & HSM_KEY_AES_256) { else if (key_type & HSM_KEY_AES_256) {
kb_len = 32; kb_len = 32;
} }
else if (key_type & HSM_KEY_AES_512) {
kb_len = 64;
}
if (kb_len != 16 && kb_len != 24 && kb_len != 32) { if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
if (*out_len < 8 + 1 + 10 + 6 + 4 + (2 + 32 + 14) + 16) { if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
return CCID_WRONG_LENGTH; return CCID_WRONG_LENGTH;
} }

7
src/hsm/sc_hsm.c
View File

@@ -491,13 +491,13 @@ uint32_t decrement_key_counter(file_t *fkey) {
int store_keys(void *key_ctx, int type, uint8_t key_id) { int store_keys(void *key_ctx, int type, uint8_t key_id) {
int r, key_size = 0; int r, key_size = 0;
uint8_t kdata[4096 / 8]; // worst case uint8_t kdata[4096 / 8]; // worst case
if (type == HSM_KEY_RSA) { if (type & HSM_KEY_RSA) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q); key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2); mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2); mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
} }
else if (type == HSM_KEY_EC) { else if (type & HSM_KEY_EC) {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx; mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d); key_size = mbedtls_mpi_size(&ecdsa->d);
kdata[0] = ecdsa->grp.id & 0xff; kdata[0] = ecdsa->grp.id & 0xff;
@@ -514,6 +514,9 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
else if (type == HSM_KEY_AES_256) { else if (type == HSM_KEY_AES_256) {
key_size = 32; key_size = 32;
} }
else if (type == HSM_KEY_AES_512) {
key_size = 64;
}
memcpy(kdata, key_ctx, key_size); memcpy(kdata, key_ctx, key_size);
} }
else { else {