dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Store all verified certificates (INS MSE) into CA_PREFIX files.

Browse Source 
When a certificate is sent for verification, it is always cached and saved onto a CA_PREFIX.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-06-10 11:59:06 +02:00
parent 65482cad9c
commit 76a41dffa1
1 changed files with 23 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/hsm/sc_hsm.c
View File

@@ -184,7 +184,6 @@ void init_sc_hsm() {
has_session_pin = has_session_sopin = false; has_session_pin = has_session_sopin = false;
isUserAuthenticated = false; isUserAuthenticated = false;
cmd_select(); cmd_select();
const uint8_t *cvcerts[] = { cvca, dica, termca };
if (puk_store_entries > 0) { /* From previous session */ if (puk_store_entries > 0) { /* From previous session */
for (int i = 0; i < puk_store_entries; i++) { for (int i = 0; i < puk_store_entries; i++) {
if (puk_store[i].copied == true) if (puk_store[i].copied == true)
@@ -193,9 +192,15 @@ void init_sc_hsm() {
} }
memset(puk_store, 0, sizeof(puk_store)); memset(puk_store, 0, sizeof(puk_store));
puk_store_entries = 0; puk_store_entries = 0;
const uint8_t *cvcerts[] = { cvca, dica, termca };
for (int i = 0; i < sizeof(cvcerts)/sizeof(uint8_t *); i++) { for (int i = 0; i < sizeof(cvcerts)/sizeof(uint8_t *); i++) {
add_cert_puk_store(cvcerts[i]+2, (cvcerts[i][1] << 8) | cvcerts[i][0], false); add_cert_puk_store(cvcerts[i]+2, (cvcerts[i][1] << 8) | cvcerts[i][0], false);
} }
for (int i = 0; i < 0xfe; i++) {
file_t *ef = search_dynamic_file((CA_CERTIFICATE_PREFIX << 8) | i);
if (ef && file_get_size(ef) > 0)
add_cert_puk_store(file_get_data(ef), file_get_size(ef), false);
}
} }
int sc_hsm_unload() { int sc_hsm_unload() {
@@ -2126,10 +2131,11 @@ int cmd_puk_auth() {
if (ef->data == NULL || file_get_size(ef) == 0) /* found first empty slot */ if (ef->data == NULL || file_get_size(ef) == 0) /* found first empty slot */
break; break;
} }
uint8_t *tmp = (uint8_t *)calloc(4, sizeof(uint8_t)); uint8_t *tmp = (uint8_t *)calloc(file_get_size(ef_puk), sizeof(uint8_t));
memcpy(tmp, puk_data, 4); memcpy(tmp, puk_data, file_get_size(ef_puk));
tmp[1] = tmp[1]-1; tmp[1] = puk_data[1]-1;
flash_write_data_to_file(ef, apdu.data, apdu.nc); flash_write_data_to_file(ef_puk, tmp, file_get_size(ef_puk));
puk_data = file_get_data(ef_puk);
free(tmp); free(tmp);
} }
else if (p1 == 0x1) { /* Replace */ else if (p1 == 0x1) { /* Replace */
@@ -2190,8 +2196,18 @@ int cmd_pso() {
return SW_CONDITIONS_NOT_SATISFIED(); return SW_CONDITIONS_NOT_SATISFIED();
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
if (add_cert_puk_store(apdu.data, apdu.nc, true) != CCID_OK) for (int i = 0; i < 0xfe; i++) {
return SW_FILE_FULL(); uint16_t fid = (CA_CERTIFICATE_PREFIX << 8) | i;
file_t *ca_ef = search_dynamic_file(fid);
if (!ca_ef) {
ca_ef = file_new(fid);
flash_write_data_to_file(ca_ef, apdu.data, apdu.nc);
if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef), false) != CCID_OK)
return SW_FILE_FULL();
low_flash_available();
break;
}
}
return SW_OK(); return SW_OK();
} }
else else