diff --git a/src/hsm/oid.c b/src/hsm/oid.c
new file mode 100644
index 0000000..56d2da0
--- /dev/null
+++ b/src/hsm/oid.c
@@ -0,0 +1,18 @@
+/*
+ * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#include "oid.h"
diff --git a/src/hsm/oid.h b/src/hsm/oid.h
new file mode 100644
index 0000000..e4822c6
--- /dev/null
+++ b/src/hsm/oid.h
@@ -0,0 +1,81 @@
+/*
+ * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#ifndef _OID_H_
+#define _OID_H_
+
+#include
+#include "pico/stdlib.h"
+
+#define OID_BSI_DE "\x04\x00\x7F\x00\x07"
+
+#define OID_ID_CA OID_BSI_DE "\x02\x02\x03"
+
+#define OID_ID_CA_DH OID_ID_CA "\x01"
+
+#define OID_ID_CA_DH_3DES_CBC_CBC OID_ID_CA_DH "\x01"
+#define OID_ID_CA_DH_AES_CBC_CMAC_128 OID_ID_CA_DH "\x02"
+#define OID_ID_CA_DH_AES_CBC_CMAC_192 OID_ID_CA_DH "\x03"
+#define OID_ID_CA_DH_AES_CBC_CMAC_256 OID_ID_CA_DH "\x04"
+
+#define OID_ID_CA_ECDH OID_ID_CA "\x02"
+
+#define OID_ID_CA_ECDH_3DES_CBC_CBC OID_ID_CA_ECDH "\x01"
+#define OID_ID_CA_ECDH_AES_CBC_CMAC_128 OID_ID_CA_ECDH "\x02"
+#define OID_ID_CA_ECDH_AES_CBC_CMAC_192 OID_ID_CA_ECDH "\x03"
+#define OID_ID_CA_ECDH_AES_CBC_CMAC_256 OID_ID_CA_ECDH "\x04"
+
+#define OID_ID_PK OID_BSI_DE "\x02\x02\0x1"
+#define OID_ID_PK_DH OID_ID_PK "\x01"
+#define OID_ID_PK_ECDH OID_ID_PK "\x02"
+
+#define OID_ID_TA OID_BSI_DE "\x02\x02\x02"
+
+#define OID_ID_TA_RSA OID_ID_TA "\x01"
+
+#define OID_ID_TA_RSA_V1_5_SHA_1 OID_ID_TA_RSA "\x01"
+#define OID_ID_TA_RSA_V1_5_SHA_256 OID_ID_TA_RSA "\x02"
+#define OID_ID_TA_RSA_PSS_SHA_1 OID_ID_TA_RSA "\x03"
+#define OID_ID_TA_RSA_PSS_SHA_256 OID_ID_TA_RSA "\x04"
+#define OID_ID_TA_RSA_V1_5_SHA_512 OID_ID_TA_RSA "\x05"
+#define OID_ID_TA_RSA_PSS_SHA_512 OID_ID_TA_RSA "\x06"
+
+#define OID_ID_TA_ECDSA OID_ID_TA "\x02"
+
+#define OID_IT_TA_ECDSA_SHA_1 OID_ID_TA_ECDSA "\x01"
+#define OID_IT_TA_ECDSA_SHA_224 OID_ID_TA_ECDSA "\x02"
+#define OID_IT_TA_ECDSA_SHA_256 OID_ID_TA_ECDSA "\x03"
+#define OID_IT_TA_ECDSA_SHA_384 OID_ID_TA_ECDSA "\x04"
+#define OID_IT_TA_ECDSA_SHA_512 OID_ID_TA_ECDSA "\x05"
+
+#define OID_ID_RI OID_BSI_DE "\x02\x02\x05"
+
+#define OID_ID_RI_DH OID_ID_RI "\x01"
+
+#define OID_ID_RI_DH_SHA_1 OID_ID_RI_DH "\x01"
+#define OID_ID_RI_DH_SHA_224 OID_ID_RI_DH "\x02"
+#define OID_ID_RI_DH_SHA_256 OID_ID_RI_DH "\x03"
+
+#define OID_ID_RI_ECDH OID_ID_RI "\x02"
+
+#define OID_ID_RI_ECDH_SHA_1 OID_ID_RI_ECDH "\x01"
+#define OID_ID_RI_ECDH_SHA_224 OID_ID_RI_ECDH "\x02"
+#define OID_ID_RI_ECDH_SHA_256 OID_ID_RI_ECDH "\x03"
+
+#define OID_ID_CI OID_BSI_DE "\x02\x02\x06"
+
+#endif
diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index 3edad68..9e9f9c8 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -35,6 +35,8 @@
#include "eac.h"
#include "cvc.h"
#include "asn1.h"
+#include "oid.h"
+#include "mbedtls/oid.h"
const uint8_t sc_hsm_aid[] = {
11,
@@ -160,6 +162,7 @@ void init_sc_hsm() {
uint16_t cert_len = (cvcerts[i][1] << 8) | cvcerts[i][0];
puk_store[i].chr = cvc_get_chr((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].chr_len);
puk_store[i].car = cvc_get_chr((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].car_len);
+ puk_store[i].puk = cvc_get_pub((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].puk_len);
puk_store[i].up = i-1;
}
}
@@ -1001,7 +1004,7 @@ static int cmd_keypair_gen() {
uint8_t *kdomd = NULL;
if (asn1_find_tag(apdu.data, apdu.nc, 0x92, &kdom_size, &kdomd) && kdom_size > 0 && kdomd != NULL)
kdom = *kdomd;
- if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x1\x2",MIN(oid_len,10)) == 0) { //RSA
+ if (memcmp(oid, OID_ID_TA_RSA_V1_5_SHA_256, oid_len) == 0) { //RSA
size_t ex_len = 3, ks_len = 2;
uint8_t *ex = NULL, *ks = NULL;
uint32_t exponent = 65537, key_size = 2048;
@@ -1038,7 +1041,7 @@ static int cmd_keypair_gen() {
}
mbedtls_rsa_free(&rsa);
}
- else if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x2\x3",MIN(oid_len,10)) == 0) { //ECC
+ else if (memcmp(oid, OID_IT_TA_ECDSA_SHA_256,MIN(oid_len,10)) == 0) { //ECC
size_t prime_len;
uint8_t *prime = NULL;
if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true)
@@ -1424,15 +1427,15 @@ static int cmd_signature() {
asn1_find_tag(p, tout, 0x4, &hash_len, &hash);
}
if (oid && oid_len > 0) {
- if (memcmp(oid, "\x2B\x0E\x03\x02\x1A", oid_len) == 0)
+ if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA1, oid_len) == 0)
md = MBEDTLS_MD_SHA1;
- else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x04", oid_len) == 0)
+ else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA224, oid_len) == 0)
md = MBEDTLS_MD_SHA224;
- else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x01", oid_len) == 0)
+ else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA256, oid_len) == 0)
md = MBEDTLS_MD_SHA256;
- else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x02", oid_len) == 0)
+ else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA384, oid_len) == 0)
md = MBEDTLS_MD_SHA384;
- else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x03", oid_len) == 0)
+ else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA512, oid_len) == 0)
md = MBEDTLS_MD_SHA512;
}
if (p2 == ALGO_RSA_PSS || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_RSA_PSS_SHA256) {
@@ -1949,9 +1952,9 @@ static int cmd_mse() {
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x80) {
if (p2 == 0xA4) {
- if (tag_len == 10 && memcmp(tag_data, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x02", tag_len) == 0)
+ if (tag_len == 10 && memcmp(tag_data, OID_ID_CA_ECDH_AES_CBC_CMAC_128, tag_len) == 0)
sm_set_protocol(MSE_AES);
- else if (tag_len == 10 && memcmp(tag_data, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x01", tag_len) == 0)
+ else if (tag_len == 10 && memcmp(tag_data, OID_ID_CA_ECDH_3DES_CBC_CBC, tag_len) == 0)
sm_set_protocol(MSE_3DES);
}
}
@@ -2021,9 +2024,9 @@ int cmd_general_authenticate() {
uint8_t *t = (uint8_t *)calloc(1, pubkey_len+16);
memcpy(t, "\x7F\x49\x3F\x06\x0A", 5);
if (sm_get_protocol() == MSE_AES)
- memcpy(t+5, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x02", 10);
+ memcpy(t+5, OID_ID_CA_ECDH_AES_CBC_CMAC_128, 10);
else if (sm_get_protocol() == MSE_3DES)
- memcpy(t+5, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x01", 10);
+ memcpy(t+5, OID_ID_CA_ECDH_3DES_CBC_CBC, 10);
t[15] = 0x86;
memcpy(t+16, pubkey, pubkey_len);