dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Before wrapping, check if DKEK is properly configured.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-03-09 20:09:03 +01:00
parent 75ca1b57d9
commit 3660120b11
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/hsm/cmd_key_wrap.c
View File

@@ -19,6 +19,7 @@
#include "sc_hsm.h" #include "sc_hsm.h"
#include "asn1.h" #include "asn1.h"
#include "kek.h" #include "kek.h"
#include "files.h"
extern uint8_t get_key_domain(file_t *fkey); extern uint8_t get_key_domain(file_t *fkey);
@@ -31,12 +32,18 @@ int cmd_key_wrap() {
return SW_SECURITY_STATUS_NOT_SATISFIED(); return SW_SECURITY_STATUS_NOT_SATISFIED();
} }
file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id); file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id);
if (!ef) {
return SW_FILE_NOT_FOUND();
}
uint8_t kdom = get_key_domain(ef); uint8_t kdom = get_key_domain(ef);
if (kdom == 0xff) { if (kdom == 0xff) {
return SW_REFERENCE_NOT_FOUND(); return SW_REFERENCE_NOT_FOUND();
} }
if (!ef) { file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF);
return SW_FILE_NOT_FOUND(); uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * kdom] : 0,
current_dkeks = kdata ? kdata[2 * kdom + 1] : 0;
if (dkeks != current_dkeks || dkeks == 0 || dkeks == 0xff) {
return SW_REFERENCE_NOT_FOUND();
} }
if (key_has_purpose(ef, ALGO_WRAP) == false) { if (key_has_purpose(ef, ALGO_WRAP) == false) {
return SW_CONDITIONS_NOT_SATISFIED(); return SW_CONDITIONS_NOT_SATISFIED();