dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Added OID definitions.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-06-09 11:53:35 +02:00
parent 4f58cd255b
commit 39f7b5284a
3 changed files with 113 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/hsm/oid.c Normal file
View File

@@ -0,0 +1,18 @@
/*
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "oid.h"

81
src/hsm/oid.h Normal file
View File

@@ -0,0 +1,81 @@
/*
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
* Copyright (c) 2022 Pol Henarejos.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _OID_H_
#define _OID_H_
#include <stdlib.h>
#include "pico/stdlib.h"
#define OID_BSI_DE "\x04\x00\x7F\x00\x07"
#define OID_ID_CA OID_BSI_DE "\x02\x02\x03"
#define OID_ID_CA_DH OID_ID_CA "\x01"
#define OID_ID_CA_DH_3DES_CBC_CBC OID_ID_CA_DH "\x01"
#define OID_ID_CA_DH_AES_CBC_CMAC_128 OID_ID_CA_DH "\x02"
#define OID_ID_CA_DH_AES_CBC_CMAC_192 OID_ID_CA_DH "\x03"
#define OID_ID_CA_DH_AES_CBC_CMAC_256 OID_ID_CA_DH "\x04"
#define OID_ID_CA_ECDH OID_ID_CA "\x02"
#define OID_ID_CA_ECDH_3DES_CBC_CBC OID_ID_CA_ECDH "\x01"
#define OID_ID_CA_ECDH_AES_CBC_CMAC_128 OID_ID_CA_ECDH "\x02"
#define OID_ID_CA_ECDH_AES_CBC_CMAC_192 OID_ID_CA_ECDH "\x03"
#define OID_ID_CA_ECDH_AES_CBC_CMAC_256 OID_ID_CA_ECDH "\x04"
#define OID_ID_PK OID_BSI_DE "\x02\x02\0x1"
#define OID_ID_PK_DH OID_ID_PK "\x01"
#define OID_ID_PK_ECDH OID_ID_PK "\x02"
#define OID_ID_TA OID_BSI_DE "\x02\x02\x02"
#define OID_ID_TA_RSA OID_ID_TA "\x01"
#define OID_ID_TA_RSA_V1_5_SHA_1 OID_ID_TA_RSA "\x01"
#define OID_ID_TA_RSA_V1_5_SHA_256 OID_ID_TA_RSA "\x02"
#define OID_ID_TA_RSA_PSS_SHA_1 OID_ID_TA_RSA "\x03"
#define OID_ID_TA_RSA_PSS_SHA_256 OID_ID_TA_RSA "\x04"
#define OID_ID_TA_RSA_V1_5_SHA_512 OID_ID_TA_RSA "\x05"
#define OID_ID_TA_RSA_PSS_SHA_512 OID_ID_TA_RSA "\x06"
#define OID_ID_TA_ECDSA OID_ID_TA "\x02"
#define OID_IT_TA_ECDSA_SHA_1 OID_ID_TA_ECDSA "\x01"
#define OID_IT_TA_ECDSA_SHA_224 OID_ID_TA_ECDSA "\x02"
#define OID_IT_TA_ECDSA_SHA_256 OID_ID_TA_ECDSA "\x03"
#define OID_IT_TA_ECDSA_SHA_384 OID_ID_TA_ECDSA "\x04"
#define OID_IT_TA_ECDSA_SHA_512 OID_ID_TA_ECDSA "\x05"
#define OID_ID_RI OID_BSI_DE "\x02\x02\x05"
#define OID_ID_RI_DH OID_ID_RI "\x01"
#define OID_ID_RI_DH_SHA_1 OID_ID_RI_DH "\x01"
#define OID_ID_RI_DH_SHA_224 OID_ID_RI_DH "\x02"
#define OID_ID_RI_DH_SHA_256 OID_ID_RI_DH "\x03"
#define OID_ID_RI_ECDH OID_ID_RI "\x02"
#define OID_ID_RI_ECDH_SHA_1 OID_ID_RI_ECDH "\x01"
#define OID_ID_RI_ECDH_SHA_224 OID_ID_RI_ECDH "\x02"
#define OID_ID_RI_ECDH_SHA_256 OID_ID_RI_ECDH "\x03"
#define OID_ID_CI OID_BSI_DE "\x02\x02\x06"
#endif

25
src/hsm/sc_hsm.c
View File

@@ -35,6 +35,8 @@
#include "eac.h" #include "eac.h"
#include "cvc.h" #include "cvc.h"
#include "asn1.h" #include "asn1.h"
#include "oid.h"
#include "mbedtls/oid.h"
const uint8_t sc_hsm_aid[] = { const uint8_t sc_hsm_aid[] = {
11, 11,
@@ -160,6 +162,7 @@ void init_sc_hsm() {
uint16_t cert_len = (cvcerts[i][1] << 8) | cvcerts[i][0]; uint16_t cert_len = (cvcerts[i][1] << 8) | cvcerts[i][0];
puk_store[i].chr = cvc_get_chr((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].chr_len); puk_store[i].chr = cvc_get_chr((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].chr_len);
puk_store[i].car = cvc_get_chr((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].car_len); puk_store[i].car = cvc_get_chr((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].car_len);
puk_store[i].puk = cvc_get_pub((uint8_t *)cvcerts[i]+2, cert_len, &puk_store[i].puk_len);
puk_store[i].up = i-1; puk_store[i].up = i-1;
} }
} }
@@ -1001,7 +1004,7 @@ static int cmd_keypair_gen() {
uint8_t *kdomd = NULL; uint8_t *kdomd = NULL;
if (asn1_find_tag(apdu.data, apdu.nc, 0x92, &kdom_size, &kdomd) && kdom_size > 0 && kdomd != NULL) if (asn1_find_tag(apdu.data, apdu.nc, 0x92, &kdom_size, &kdomd) && kdom_size > 0 && kdomd != NULL)
kdom = *kdomd; kdom = *kdomd;
if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x1\x2",MIN(oid_len,10)) == 0) { //RSA if (memcmp(oid, OID_ID_TA_RSA_V1_5_SHA_256, oid_len) == 0) { //RSA
size_t ex_len = 3, ks_len = 2; size_t ex_len = 3, ks_len = 2;
uint8_t *ex = NULL, *ks = NULL; uint8_t *ex = NULL, *ks = NULL;
uint32_t exponent = 65537, key_size = 2048; uint32_t exponent = 65537, key_size = 2048;
@@ -1038,7 +1041,7 @@ static int cmd_keypair_gen() {
} }
mbedtls_rsa_free(&rsa); mbedtls_rsa_free(&rsa);
} }
else if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x2\x3",MIN(oid_len,10)) == 0) { //ECC else if (memcmp(oid, OID_IT_TA_ECDSA_SHA_256,MIN(oid_len,10)) == 0) { //ECC
size_t prime_len; size_t prime_len;
uint8_t *prime = NULL; uint8_t *prime = NULL;
if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true) if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true)
@@ -1424,15 +1427,15 @@ static int cmd_signature() {
asn1_find_tag(p, tout, 0x4, &hash_len, &hash); asn1_find_tag(p, tout, 0x4, &hash_len, &hash);
} }
if (oid && oid_len > 0) { if (oid && oid_len > 0) {
if (memcmp(oid, "\x2B\x0E\x03\x02\x1A", oid_len) == 0) if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA1, oid_len) == 0)
md = MBEDTLS_MD_SHA1; md = MBEDTLS_MD_SHA1;
else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x04", oid_len) == 0) else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA224, oid_len) == 0)
md = MBEDTLS_MD_SHA224; md = MBEDTLS_MD_SHA224;
else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x01", oid_len) == 0) else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA256, oid_len) == 0)
md = MBEDTLS_MD_SHA256; md = MBEDTLS_MD_SHA256;
else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x02", oid_len) == 0) else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA384, oid_len) == 0)
md = MBEDTLS_MD_SHA384; md = MBEDTLS_MD_SHA384;
else if (memcmp(oid, "\x60\x86\x48\x01\x65\x03\x04\x02\x03", oid_len) == 0) else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA512, oid_len) == 0)
md = MBEDTLS_MD_SHA512; md = MBEDTLS_MD_SHA512;
} }
if (p2 == ALGO_RSA_PSS || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_RSA_PSS_SHA256) { if (p2 == ALGO_RSA_PSS || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_RSA_PSS_SHA256) {
@@ -1949,9 +1952,9 @@ static int cmd_mse() {
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) { while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x80) { if (tag == 0x80) {
if (p2 == 0xA4) { if (p2 == 0xA4) {
if (tag_len == 10 && memcmp(tag_data, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x02", tag_len) == 0) if (tag_len == 10 && memcmp(tag_data, OID_ID_CA_ECDH_AES_CBC_CMAC_128, tag_len) == 0)
sm_set_protocol(MSE_AES); sm_set_protocol(MSE_AES);
else if (tag_len == 10 && memcmp(tag_data, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x01", tag_len) == 0) else if (tag_len == 10 && memcmp(tag_data, OID_ID_CA_ECDH_3DES_CBC_CBC, tag_len) == 0)
sm_set_protocol(MSE_3DES); sm_set_protocol(MSE_3DES);
} }
} }
@@ -2021,9 +2024,9 @@ int cmd_general_authenticate() {
uint8_t *t = (uint8_t *)calloc(1, pubkey_len+16); uint8_t *t = (uint8_t *)calloc(1, pubkey_len+16);
memcpy(t, "\x7F\x49\x3F\x06\x0A", 5); memcpy(t, "\x7F\x49\x3F\x06\x0A", 5);
if (sm_get_protocol() == MSE_AES) if (sm_get_protocol() == MSE_AES)
memcpy(t+5, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x02", 10); memcpy(t+5, OID_ID_CA_ECDH_AES_CBC_CMAC_128, 10);
else if (sm_get_protocol() == MSE_3DES) else if (sm_get_protocol() == MSE_3DES)
memcpy(t+5, "\x04\x00\x7F\x00\x07\x02\x02\x03\x02\x01", 10); memcpy(t+5, OID_ID_CA_ECDH_3DES_CBC_CBC, 10);
t[15] = 0x86; t[15] = 0x86;
memcpy(t+16, pubkey, pubkey_len); memcpy(t+16, pubkey, pubkey_len);