dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Adding AES wrapping/unwrapping

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-03-30 01:33:54 +02:00
parent d018e3b9b9
commit 4651a0e224
3 changed files with 89 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/hsm/dkek.c
View File

@@ -272,7 +272,7 @@ int dkek_type_key(const uint8_t *in) {
return 0x0; return 0x0;
} }
int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len) { int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len, int *key_size_out) {
uint8_t kcv[8]; uint8_t kcv[8];
memset(kcv, 0, sizeof(kcv)); memset(kcv, 0, sizeof(kcv));
dkek_kcv(kcv); dkek_kcv(kcv);
@@ -336,6 +336,8 @@ int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len) {
return r; return r;
int key_size = get_uint16_t(kb, 8); int key_size = get_uint16_t(kb, 8);
if (key_size_out)
*key_size_out = key_size;
ofs = 10; ofs = 10;
if (key_type == 5 || key_type == 6) { if (key_type == 5 || key_type == 6) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *)key_ctx; mbedtls_rsa_context *rsa = (mbedtls_rsa_context *)key_ctx;

2
src/hsm/dkek.h
View File

@@ -28,7 +28,7 @@ extern int dkek_encrypt(uint8_t *data, size_t len);
extern int dkek_decrypt(uint8_t *data, size_t len); extern int dkek_decrypt(uint8_t *data, size_t len);
extern int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len); extern int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len);
extern int dkek_type_key(const uint8_t *in); extern int dkek_type_key(const uint8_t *in);
extern int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len); extern int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len, int *key_size_out);
#define MAX_DKEK_ENCODE_KEY_BUFFER (8+1+12+6+(8+2*4+2*4096/8+3+13)+16) #define MAX_DKEK_ENCODE_KEY_BUFFER (8+1+12+6+(8+2*4+2*4096/8+3+13)+16)

82
src/hsm/sc_hsm.c
View File

@@ -232,7 +232,7 @@ int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_
} }
int parse_token_info(const file_t *f, int mode) { int parse_token_info(const file_t *f, int mode) {
char *label = "SmartCard-HSM"; char *label = "Pico-HSM";
char *manu = "Pol Henarejos"; char *manu = "Pol Henarejos";
sc_pkcs15_tokeninfo_t *ti = (sc_pkcs15_tokeninfo_t *)calloc(1, sizeof(sc_pkcs15_tokeninfo_t)); sc_pkcs15_tokeninfo_t *ti = (sc_pkcs15_tokeninfo_t *)calloc(1, sizeof(sc_pkcs15_tokeninfo_t));
ti->version = HSM_VERSION_MAJOR; ti->version = HSM_VERSION_MAJOR;
@@ -589,7 +589,7 @@ static int cmd_import_dkek() {
//Stores the private and public keys in flash //Stores the private and public keys in flash
int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) { int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
int r, key_size; int r, key_size;
uint8_t *asn1bin; uint8_t *asn1bin = NULL;
size_t asn1len = 0; size_t asn1len = 0;
uint8_t kdata[4096/8]; //worst case uint8_t kdata[4096/8]; //worst case
if (type == SC_PKCS15_TYPE_PRKEY_RSA) { if (type == SC_PKCS15_TYPE_PRKEY_RSA) {
@@ -598,23 +598,34 @@ int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size/2); mbedtls_mpi_write_binary(&rsa->P, kdata, key_size/2);
mbedtls_mpi_write_binary(&rsa->Q, kdata+key_size/2, key_size/2); mbedtls_mpi_write_binary(&rsa->Q, kdata+key_size/2, key_size/2);
} }
else { else if (type == SC_PKCS15_TYPE_PRKEY_EC) {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *)key_ctx; mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *)key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d); key_size = mbedtls_mpi_size(&ecdsa->d);
kdata[0] = ecdsa->grp.id & 0xff; kdata[0] = ecdsa->grp.id & 0xff;
mbedtls_mpi_write_binary(&ecdsa->d, kdata+1, key_size); mbedtls_mpi_write_binary(&ecdsa->d, kdata+1, key_size);
key_size++; key_size++;
} }
else if (type & HSM_KEY_AES) {
if (type == HSM_KEY_AES_128)
key_size = 16;
else if (type == HSM_KEY_AES_192)
key_size = 24;
else if (type == HSM_KEY_AES_256)
key_size = 32;
memcpy(kdata, key_ctx, key_size);
}
r = dkek_encrypt(kdata, key_size); r = dkek_encrypt(kdata, key_size);
if (r != HSM_OK) { if (r != HSM_OK) {
return r; return r;
} }
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id); file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
if (!fpk)
return SW_MEMORY_FAILURE();
r = flash_write_data_to_file(fpk, kdata, key_size); r = flash_write_data_to_file(fpk, kdata, key_size);
if (r != HSM_OK) if (r != HSM_OK)
return r; return r;
//add_file_to_chain(fpk, &ef_kf); //add_file_to_chain(fpk, &ef_kf);
if (type == SC_PKCS15_TYPE_PRKEY_RSA || type == SC_PKCS15_TYPE_PRKEY_EC) {
struct sc_pkcs15_object *p15o = (struct sc_pkcs15_object *)calloc(1,sizeof (struct sc_pkcs15_object)); struct sc_pkcs15_object *p15o = (struct sc_pkcs15_object *)calloc(1,sizeof (struct sc_pkcs15_object));
sc_pkcs15_prkey_info_t *prkd = (sc_pkcs15_prkey_info_t *)calloc(1, sizeof (sc_pkcs15_prkey_info_t)); sc_pkcs15_prkey_info_t *prkd = (sc_pkcs15_prkey_info_t *)calloc(1, sizeof (sc_pkcs15_prkey_info_t));
@@ -639,8 +650,11 @@ int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
r = sc_pkcs15_encode_prkdf_entry(ctx, p15o, &asn1bin, &asn1len); r = sc_pkcs15_encode_prkdf_entry(ctx, p15o, &asn1bin, &asn1len);
free(prkd); free(prkd);
//sc_asn1_print_tags(asn1bin, asn1len); //sc_asn1_print_tags(asn1bin, asn1len);
}
fpk = file_new((PRKD_PREFIX << 8) | key_id); fpk = file_new((PRKD_PREFIX << 8) | key_id);
r = flash_write_data_to_file(fpk, asn1bin, asn1len); r = flash_write_data_to_file(fpk, asn1bin, asn1len);
if (asn1bin)
free(asn1bin); free(asn1bin);
if (r != HSM_OK) if (r != HSM_OK)
return r; return r;
@@ -1083,19 +1097,16 @@ static int cmd_key_gen() {
//at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC) //at this moment, we do not use the template, as only CBC is supported by the driver (encrypt, decrypt and CMAC)
uint8_t aes_key[32]; //maximum AES key size uint8_t aes_key[32]; //maximum AES key size
memcpy(aes_key, random_bytes_get(key_size), key_size); memcpy(aes_key, random_bytes_get(key_size), key_size);
r = dkek_encrypt(aes_key, key_size); int aes_type = 0x0;
if (r != HSM_OK) if (key_size == 16)
return SW_EXEC_ERROR(); aes_type = HSM_KEY_AES_128;
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id); else if (key_size == 24)
if (!fpk) aes_type = HSM_KEY_AES_192;
return SW_MEMORY_FAILURE(); else if (key_size == 32)
r = flash_write_data_to_file(fpk, aes_key, key_size); aes_type = HSM_KEY_AES_256;
if (r != HSM_OK) sc_context_t *card_ctx = create_context();
return SW_MEMORY_FAILURE(); r = store_keys(aes_key, aes_type, key_id, card_ctx);
fpk = file_new((PRKD_PREFIX << 8) | key_id); free(card_ctx);
if (!fpk)
return SW_MEMORY_FAILURE();
r = flash_write_data_to_file(fpk, NULL, 0);
if (r != HSM_OK) if (r != HSM_OK)
return SW_MEMORY_FAILURE(); return SW_MEMORY_FAILURE();
low_flash_available(); low_flash_available();
@@ -1327,6 +1338,21 @@ static int cmd_key_wrap() {
r = dkek_encode_key(&ctx, HSM_KEY_EC, res_APDU, &wrap_len); r = dkek_encode_key(&ctx, HSM_KEY_EC, res_APDU, &wrap_len);
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
} }
else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[32]; //maximum AES key size
int key_size = file_read_uint16(ef->data), aes_type = HSM_KEY_AES;
memcpy(kdata, file_read(ef->data+2), key_size);
if (dkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();
}
if (key_size == 32)
aes_type = HSM_KEY_AES_256;
else if (key_size == 24)
aes_type = HSM_KEY_AES_192;
else if (key_size == 16)
aes_type = HSM_KEY_AES_128;
r = dkek_encode_key(kdata, aes_type, res_APDU, &wrap_len);
}
if (r != HSM_OK) if (r != HSM_OK)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
res_APDU_size = wrap_len; res_APDU_size = wrap_len;
@@ -1345,8 +1371,7 @@ static int cmd_key_unwrap() {
if (key_type == HSM_KEY_RSA) { if (key_type == HSM_KEY_RSA) {
mbedtls_rsa_context ctx; mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx); mbedtls_rsa_init(&ctx);
r = dkek_decode_key(&ctx, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); r = dkek_decode_key(&ctx, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, NULL);
printf("r %d\r\n",r);
if (r != HSM_OK) { if (r != HSM_OK) {
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -1359,7 +1384,7 @@ static int cmd_key_unwrap() {
else if (key_type == HSM_KEY_EC) { else if (key_type == HSM_KEY_EC) {
mbedtls_ecdsa_context ctx; mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx); mbedtls_ecdsa_init(&ctx);
r = dkek_decode_key(&ctx, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); r = dkek_decode_key(&ctx, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, NULL);
if (r != HSM_OK) { if (r != HSM_OK) {
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -1369,6 +1394,23 @@ static int cmd_key_unwrap() {
free(card_ctx); free(card_ctx);
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
} }
else if (key_type == HSM_KEY_AES) {
uint8_t aes_key[32];
int key_size = 0, aes_type;
r = dkek_decode_key(aes_key, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, &key_size);
if (r != HSM_OK) {
return SW_EXEC_ERROR();
}
if (key_size == 32)
aes_type = HSM_KEY_AES_256;
else if (key_size == 24)
aes_type = HSM_KEY_AES_192;
else if (key_size == 16)
aes_type = HSM_KEY_AES_128;
sc_context_t *card_ctx = create_context();
r = store_keys(aes_key, aes_type, key_id, card_ctx);
free(card_ctx);
}
return SW_OK(); return SW_OK();
} }