dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Fix DKEK import when no logged.

Browse Source 
DKEK shall accept import even if it is not logged in. However, to store the DKEK, the PIN is used for MKEK, which is not available if it is nog logged in. I added a queueing system to store a pending DKEK after login.

Therefore, to import a DKEK, the user must import it AND call VERIFY command if it is not already logged in.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-10-12 17:42:31 +02:00
parent 2693ab4926
commit 6b1eeb4004
4 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/hsm/cmd_key_domain.c
View File

@@ -68,10 +68,16 @@ int cmd_key_domain() {
}
import_dkek_share(p2, apdu.data);
if (++current_dkeks >= dkeks) {
if (save_dkek_key(p2, NULL) != CCID_OK) {
/* On fail, it will return to previous dkek state. */
import_dkek_share(p2, apdu.data);
return SW_FILE_NOT_FOUND();
int r = save_dkek_key(p2, NULL);
if (r != CCID_OK) {
if (r == CCID_NO_LOGIN) {
pending_save_dkek = p2;
}
else {
/* On fail, it will return to previous dkek state. */
import_dkek_share(p2, apdu.data);
return SW_FILE_NOT_FOUND();
}
}
}
uint8_t t[MAX_KEY_DOMAINS * 2];