dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

When initialized, the device key (EF_KEY_DEV) is only generated if not found.

Browse Source 
To generate a new device key, it must be wiped.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-08-18 20:08:54 +02:00
parent 64052f4f70
commit 82f61ff1d4
1 changed files with 33 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/hsm/cmd_initialize.c
View File

@@ -146,11 +146,16 @@ int cmd_initialize() {
/* When initialized, it has all credentials */ /* When initialized, it has all credentials */
isUserAuthenticated = true; isUserAuthenticated = true;
/* Create terminal private key */ /* Create terminal private key */
file_t *fdkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);
if (!fdkey)
return SW_EXEC_ERROR();
int ret = 0;
if (file_get_size(fdkey) == 0 || file_get_data(fdkey) == NULL) {
mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa); mbedtls_ecdsa_init(&ecdsa);
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1; mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
uint8_t index = 0, key_id = 0; uint8_t index = 0, key_id = 0;
int ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index); ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index);
if (ret != 0) { if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa); mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -175,6 +180,7 @@ int cmd_initialize() {
size_t prkd_len = asn1_build_prkd_ecc(label, strlen((const char *)label), keyid, 20, 192, res_APDU, 4096); size_t prkd_len = asn1_build_prkd_ecc(label, strlen((const char *)label), keyid, 20, 192, res_APDU, 4096);
fpk = search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF); fpk = search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, prkd_len); ret = flash_write_data_to_file(fpk, res_APDU, prkd_len);
}
if (ret != 0) if (ret != 0)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
low_flash_available(); low_flash_available();