Added support for AES 512 bit key size.
AES XTS uses two keys. Therefore, XTS with 2 AES 256 implies 64 bytes key length. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
Submodule pico-hsm-sdk updated: ec9eb7c436...b12e66a057
@@ -175,7 +175,7 @@ int cmd_cipher_sym() {
|
|||||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
int key_size = file_get_size(ef);
|
int key_size = file_get_size(ef);
|
||||||
uint8_t kdata[32]; //maximum AES key size
|
uint8_t kdata[64]; //maximum AES key size
|
||||||
memcpy(kdata, file_get_data(ef), key_size);
|
memcpy(kdata, file_get_data(ef), key_size);
|
||||||
if (mkek_decrypt(kdata, key_size) != 0) {
|
if (mkek_decrypt(kdata, key_size) != 0) {
|
||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
|
|||||||
@@ -27,7 +27,10 @@ int cmd_key_gen() {
|
|||||||
if (!isUserAuthenticated) {
|
if (!isUserAuthenticated) {
|
||||||
return SW_SECURITY_STATUS_NOT_SATISFIED();
|
return SW_SECURITY_STATUS_NOT_SATISFIED();
|
||||||
}
|
}
|
||||||
if (p2 == 0xB2) {
|
if (p2 == 0xB3) {
|
||||||
|
key_size = 64;
|
||||||
|
}
|
||||||
|
else if (p2 == 0xB2) {
|
||||||
key_size = 32;
|
key_size = 32;
|
||||||
}
|
}
|
||||||
else if (p2 == 0xB1) {
|
else if (p2 == 0xB1) {
|
||||||
@@ -37,7 +40,7 @@ int cmd_key_gen() {
|
|||||||
key_size = 16;
|
key_size = 16;
|
||||||
}
|
}
|
||||||
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
|
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
|
||||||
uint8_t aes_key[32]; //maximum AES key size
|
uint8_t aes_key[64]; //maximum AES key size
|
||||||
memcpy(aes_key, random_bytes_get(key_size), key_size);
|
memcpy(aes_key, random_bytes_get(key_size), key_size);
|
||||||
int aes_type = 0x0;
|
int aes_type = 0x0;
|
||||||
if (key_size == 16) {
|
if (key_size == 16) {
|
||||||
@@ -49,6 +52,9 @@ int cmd_key_gen() {
|
|||||||
else if (key_size == 32) {
|
else if (key_size == 32) {
|
||||||
aes_type = HSM_KEY_AES_256;
|
aes_type = HSM_KEY_AES_256;
|
||||||
}
|
}
|
||||||
|
else if (key_size == 64) {
|
||||||
|
aes_type = HSM_KEY_AES_512;
|
||||||
|
}
|
||||||
r = store_keys(aes_key, aes_type, key_id);
|
r = store_keys(aes_key, aes_type, key_id);
|
||||||
if (r != CCID_OK) {
|
if (r != CCID_OK) {
|
||||||
return SW_MEMORY_FAILURE();
|
return SW_MEMORY_FAILURE();
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ int cmd_key_unwrap() {
|
|||||||
if (key_type == 0x0) {
|
if (key_type == 0x0) {
|
||||||
return SW_DATA_INVALID();
|
return SW_DATA_INVALID();
|
||||||
}
|
}
|
||||||
if (key_type == HSM_KEY_RSA) {
|
if (key_type & HSM_KEY_RSA) {
|
||||||
mbedtls_rsa_context ctx;
|
mbedtls_rsa_context ctx;
|
||||||
mbedtls_rsa_init(&ctx);
|
mbedtls_rsa_init(&ctx);
|
||||||
do {
|
do {
|
||||||
@@ -54,7 +54,7 @@ int cmd_key_unwrap() {
|
|||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (key_type == HSM_KEY_EC) {
|
else if (key_type & HSM_KEY_EC) {
|
||||||
mbedtls_ecdsa_context ctx;
|
mbedtls_ecdsa_context ctx;
|
||||||
mbedtls_ecdsa_init(&ctx);
|
mbedtls_ecdsa_init(&ctx);
|
||||||
do {
|
do {
|
||||||
@@ -74,7 +74,7 @@ int cmd_key_unwrap() {
|
|||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (key_type == HSM_KEY_AES) {
|
else if (key_type & HSM_KEY_AES) {
|
||||||
uint8_t aes_key[32];
|
uint8_t aes_key[32];
|
||||||
int key_size = 0, aes_type = 0;
|
int key_size = 0, aes_type = 0;
|
||||||
do {
|
do {
|
||||||
@@ -89,7 +89,10 @@ int cmd_key_unwrap() {
|
|||||||
if (r != CCID_OK) {
|
if (r != CCID_OK) {
|
||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
if (key_size == 32) {
|
if (key_size == 64) {
|
||||||
|
aes_type = HSM_KEY_AES_512;
|
||||||
|
}
|
||||||
|
else if (key_size == 32) {
|
||||||
aes_type = HSM_KEY_AES_256;
|
aes_type = HSM_KEY_AES_256;
|
||||||
}
|
}
|
||||||
else if (key_size == 24) {
|
else if (key_size == 24) {
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ int cmd_key_wrap() {
|
|||||||
mbedtls_ecdsa_free(&ctx);
|
mbedtls_ecdsa_free(&ctx);
|
||||||
}
|
}
|
||||||
else if (*dprkd == P15_KEYTYPE_AES) {
|
else if (*dprkd == P15_KEYTYPE_AES) {
|
||||||
uint8_t kdata[32]; //maximum AES key size
|
uint8_t kdata[64]; //maximum AES key size
|
||||||
if (wait_button_pressed() == true) { //timeout
|
if (wait_button_pressed() == true) { //timeout
|
||||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
@@ -95,7 +95,10 @@ int cmd_key_wrap() {
|
|||||||
if (mkek_decrypt(kdata, key_size) != 0) {
|
if (mkek_decrypt(kdata, key_size) != 0) {
|
||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
}
|
}
|
||||||
if (key_size == 32) {
|
if (key_size == 64) {
|
||||||
|
aes_type = HSM_KEY_AES_512;
|
||||||
|
}
|
||||||
|
else if (key_size == 32) {
|
||||||
aes_type = HSM_KEY_AES_256;
|
aes_type = HSM_KEY_AES_256;
|
||||||
}
|
}
|
||||||
else if (key_size == 24) {
|
else if (key_size == 24) {
|
||||||
|
|||||||
@@ -170,10 +170,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
|
|||||||
const uint8_t *ext,
|
const uint8_t *ext,
|
||||||
size_t ext_len) {
|
size_t ext_len) {
|
||||||
size_t pubkey_size = 0;
|
size_t pubkey_size = 0;
|
||||||
if (key_type == HSM_KEY_RSA) {
|
if (key_type & HSM_KEY_RSA) {
|
||||||
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
|
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
|
||||||
}
|
}
|
||||||
else if (key_type == HSM_KEY_EC) {
|
else if (key_type & HSM_KEY_EC) {
|
||||||
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
|
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
|
||||||
}
|
}
|
||||||
size_t cpi_size = 4;
|
size_t cpi_size = 4;
|
||||||
@@ -213,10 +213,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
|
|||||||
//car
|
//car
|
||||||
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
|
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
|
||||||
//pubkey
|
//pubkey
|
||||||
if (key_type == HSM_KEY_RSA) {
|
if (key_type & HSM_KEY_RSA) {
|
||||||
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
|
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
|
||||||
}
|
}
|
||||||
else if (key_type == HSM_KEY_EC) {
|
else if (key_type & HSM_KEY_EC) {
|
||||||
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
|
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
|
||||||
}
|
}
|
||||||
//chr
|
//chr
|
||||||
@@ -237,10 +237,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
|
|||||||
const uint8_t *ext,
|
const uint8_t *ext,
|
||||||
size_t ext_len) {
|
size_t ext_len) {
|
||||||
size_t key_size = 0;
|
size_t key_size = 0;
|
||||||
if (key_type == HSM_KEY_RSA) {
|
if (key_type & HSM_KEY_RSA) {
|
||||||
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
|
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
|
||||||
}
|
}
|
||||||
else if (key_type == HSM_KEY_EC) {
|
else if (key_type & HSM_KEY_EC) {
|
||||||
key_size = 2 *
|
key_size = 2 *
|
||||||
(int) ((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)
|
(int) ((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)
|
||||||
->grp.id)->
|
->grp.id)->
|
||||||
@@ -264,14 +264,14 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
|
|||||||
hash256(body, body_size, hsh);
|
hash256(body, body_size, hsh);
|
||||||
memcpy(p, "\x5F\x37", 2); p += 2;
|
memcpy(p, "\x5F\x37", 2); p += 2;
|
||||||
p += format_tlv_len(key_size, p);
|
p += format_tlv_len(key_size, p);
|
||||||
if (key_type == HSM_KEY_RSA) {
|
if (key_type & HSM_KEY_RSA) {
|
||||||
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32,
|
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32,
|
||||||
hsh, p) != 0) {
|
hsh, p) != 0) {
|
||||||
memset(p, 0, key_size);
|
memset(p, 0, key_size);
|
||||||
}
|
}
|
||||||
p += key_size;
|
p += key_size;
|
||||||
}
|
}
|
||||||
else if (key_type == HSM_KEY_EC) {
|
else if (key_type & HSM_KEY_EC) {
|
||||||
mbedtls_mpi r, s;
|
mbedtls_mpi r, s;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
|
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
|
||||||
|
|||||||
@@ -326,11 +326,14 @@ int dkek_encode_key(uint8_t id,
|
|||||||
else if (key_type & HSM_KEY_AES_256) {
|
else if (key_type & HSM_KEY_AES_256) {
|
||||||
kb_len = 32;
|
kb_len = 32;
|
||||||
}
|
}
|
||||||
|
else if (key_type & HSM_KEY_AES_512) {
|
||||||
|
kb_len = 64;
|
||||||
|
}
|
||||||
|
|
||||||
if (kb_len != 16 && kb_len != 24 && kb_len != 32) {
|
if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
|
||||||
return CCID_WRONG_DATA;
|
return CCID_WRONG_DATA;
|
||||||
}
|
}
|
||||||
if (*out_len < 8 + 1 + 10 + 6 + 4 + (2 + 32 + 14) + 16) {
|
if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
|
||||||
return CCID_WRONG_LENGTH;
|
return CCID_WRONG_LENGTH;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -385,7 +388,7 @@ int dkek_encode_key(uint8_t id,
|
|||||||
size_t olen = 0;
|
size_t olen = 0;
|
||||||
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
|
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
|
||||||
put_uint16_t(olen, kb + 8 + kb_len);
|
put_uint16_t(olen, kb + 8 + kb_len);
|
||||||
kb_len += 2+olen;
|
kb_len += 2 + olen;
|
||||||
|
|
||||||
put_uint16_t(mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
|
put_uint16_t(mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
|
||||||
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
|
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
|
||||||
@@ -393,7 +396,7 @@ int dkek_encode_key(uint8_t id,
|
|||||||
|
|
||||||
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
|
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
|
||||||
put_uint16_t(olen, kb + 8 + kb_len);
|
put_uint16_t(olen, kb + 8 + kb_len);
|
||||||
kb_len += 2+olen;
|
kb_len += 2 + olen;
|
||||||
|
|
||||||
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
|
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
|
||||||
algo_len = 12;
|
algo_len = 12;
|
||||||
|
|||||||
@@ -491,13 +491,13 @@ uint32_t decrement_key_counter(file_t *fkey) {
|
|||||||
int store_keys(void *key_ctx, int type, uint8_t key_id) {
|
int store_keys(void *key_ctx, int type, uint8_t key_id) {
|
||||||
int r, key_size = 0;
|
int r, key_size = 0;
|
||||||
uint8_t kdata[4096 / 8]; // worst case
|
uint8_t kdata[4096 / 8]; // worst case
|
||||||
if (type == HSM_KEY_RSA) {
|
if (type & HSM_KEY_RSA) {
|
||||||
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
|
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
|
||||||
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
|
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
|
||||||
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
|
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
|
||||||
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
|
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
|
||||||
}
|
}
|
||||||
else if (type == HSM_KEY_EC) {
|
else if (type & HSM_KEY_EC) {
|
||||||
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
|
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
|
||||||
key_size = mbedtls_mpi_size(&ecdsa->d);
|
key_size = mbedtls_mpi_size(&ecdsa->d);
|
||||||
kdata[0] = ecdsa->grp.id & 0xff;
|
kdata[0] = ecdsa->grp.id & 0xff;
|
||||||
@@ -514,6 +514,9 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
|
|||||||
else if (type == HSM_KEY_AES_256) {
|
else if (type == HSM_KEY_AES_256) {
|
||||||
key_size = 32;
|
key_size = 32;
|
||||||
}
|
}
|
||||||
|
else if (type == HSM_KEY_AES_512) {
|
||||||
|
key_size = 64;
|
||||||
|
}
|
||||||
memcpy(kdata, key_ctx, key_size);
|
memcpy(kdata, key_ctx, key_size);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
Reference in New Issue
Block a user