dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added initialization with self-signed certificate.

Browse Source 
It will allow the initialization with OpenSC tool (sc-hsm-tool --initialize). However, it will not allow the use of card with SCS3, as it needs a PKI with trust chain. In this case, pico-hsm-tool.py shall be used for initialization.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-03-22 01:04:24 +01:00
parent 5e0f62265d
commit 2a5fe1cc6d
4 changed files with 73 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/hsm/cmd_initialize.c
View File

@@ -197,17 +197,29 @@ int cmd_initialize() {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
mbedtls_ecdsa_free(&ecdsa);
file_t *fpk = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, cvc_len);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
if ((cvc_len = asn1_cvc_cert(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
memcpy(res_APDU + cvc_len, res_APDU, cvc_len);
mbedtls_ecdsa_free(&ecdsa);
fpk = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, 2 * cvc_len);
if (ret != 0) {
return SW_EXEC_ERROR();
}
const uint8_t *keyid =
(const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
*label = (const uint8_t *) "ESTERMHSM";
*label = (const uint8_t *) "ESPICOHSMTR";
size_t prkd_len = asn1_build_prkd_ecc(label,
strlen((const char *) label),
keyid,
@@ -217,6 +229,7 @@ int cmd_initialize() {
4096);
fpk = search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, prkd_len);
}
if (ret != 0) {
return SW_EXEC_ERROR();