dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Fix DKEK import when no logged.

Browse Source 
DKEK shall accept import even if it is not logged in. However, to store the DKEK, the PIN is used for MKEK, which is not available if it is nog logged in. I added a queueing system to store a pending DKEK after login.

Therefore, to import a DKEK, the user must import it AND call VERIFY command if it is not already logged in.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-10-12 17:42:31 +02:00
parent 2693ab4926
commit 6b1eeb4004
4 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/hsm/kek.c
View File

@@ -36,6 +36,7 @@ extern bool has_session_pin, has_session_sopin;
extern uint8_t session_pin[32], session_sopin[32];
uint8_t mkek_mask[MKEK_KEY_SIZE];
bool has_mkek_mask = false;
uint8_t pending_save_dkek = 0xff;
#define POLY 0xedb88320