- Fixed bug where PublicKD was saved in EE_CERTIFICATE_PREFIX. We save there the CSR instead in CVC format.
- We put the CHR and CAR into the CSR if provided during the keypair generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
@@ -658,6 +658,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
|
|||||||
if (r != HSM_OK)
|
if (r != HSM_OK)
|
||||||
return r;
|
return r;
|
||||||
//add_file_to_chain(fpk, &ef_prkdf);
|
//add_file_to_chain(fpk, &ef_prkdf);
|
||||||
|
/*
|
||||||
sc_pkcs15_pubkey_info_t *pukd = (sc_pkcs15_pubkey_info_t *)calloc(1, sizeof(sc_pkcs15_pubkey_info_t));
|
sc_pkcs15_pubkey_info_t *pukd = (sc_pkcs15_pubkey_info_t *)calloc(1, sizeof(sc_pkcs15_pubkey_info_t));
|
||||||
memset(pukd, 0, sizeof(sc_pkcs15_pubkey_info_t));
|
memset(pukd, 0, sizeof(sc_pkcs15_pubkey_info_t));
|
||||||
pukd->id.len = 1;
|
pukd->id.len = 1;
|
||||||
@@ -688,6 +689,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
|
|||||||
if (r != HSM_OK)
|
if (r != HSM_OK)
|
||||||
return r;
|
return r;
|
||||||
//add_file_to_chain(fpk, &ef_cdf);
|
//add_file_to_chain(fpk, &ef_cdf);
|
||||||
|
*/
|
||||||
low_flash_available();
|
low_flash_available();
|
||||||
return HSM_OK;
|
return HSM_OK;
|
||||||
}
|
}
|
||||||
@@ -823,13 +825,21 @@ int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc
|
|||||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
void cvc_init_common(sc_cvc_t *cvc) {
|
void cvc_init_common(sc_cvc_t *cvc, sc_context_t *ctx) {
|
||||||
memset(cvc, 0, sizeof(sc_cvc_t));
|
memset(cvc, 0, sizeof(sc_cvc_t));
|
||||||
|
|
||||||
strlcpy(cvc->car, "UTCA00001", sizeof cvc->car);
|
size_t lencar = 0, lenchr = 0;
|
||||||
strlcpy(cvc->chr, "ESHSMCVCA", sizeof cvc->chr);
|
const unsigned char *car = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x42, &lencar);
|
||||||
strlcat(cvc->chr, "00001", sizeof cvc->chr);
|
const unsigned char *chr = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x5f20, &lenchr);
|
||||||
strlcpy(cvc->outer_car, "ESHSM00001", sizeof(cvc->outer_car));
|
if (car && lencar > 0)
|
||||||
|
strlcpy(cvc->car, car, MIN(lencar,sizeof(cvc->car)));
|
||||||
|
else
|
||||||
|
strlcpy(cvc->car, "UTCA00001", sizeof(cvc->car));
|
||||||
|
if (chr && lenchr > 0)
|
||||||
|
strlcpy(cvc->chr, chr, MIN(lenchr, sizeof(cvc->chr)));
|
||||||
|
else
|
||||||
|
strlcpy(cvc->chr, "ESHSMCVCA00001", sizeof(cvc->chr));
|
||||||
|
strlcpy(cvc->outer_car, "ESHSM00001", sizeof(cvc->outer_car));
|
||||||
}
|
}
|
||||||
|
|
||||||
int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_len, uint8_t *hsh) {
|
int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_len, uint8_t *hsh) {
|
||||||
@@ -862,7 +872,7 @@ static int cmd_keypair_gen() {
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
size_t tout = 0;
|
size_t tout = 0;
|
||||||
//sc_asn1_print_tags(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len);
|
sc_asn1_print_tags(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len);
|
||||||
const uint8_t *p = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x7f49, &tout);
|
const uint8_t *p = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x7f49, &tout);
|
||||||
if (p) {
|
if (p) {
|
||||||
size_t oid_len = 0;
|
size_t oid_len = 0;
|
||||||
@@ -881,6 +891,7 @@ static int cmd_keypair_gen() {
|
|||||||
if (ks) {
|
if (ks) {
|
||||||
sc_asn1_decode_integer(ks, ks_len, &key_size, 0);
|
sc_asn1_decode_integer(ks, ks_len, &key_size, 0);
|
||||||
}
|
}
|
||||||
|
printf("KEYPAIR RSA %d\r\n",key_size);
|
||||||
mbedtls_rsa_context rsa;
|
mbedtls_rsa_context rsa;
|
||||||
mbedtls_rsa_init(&rsa);
|
mbedtls_rsa_init(&rsa);
|
||||||
uint8_t index = 0;
|
uint8_t index = 0;
|
||||||
@@ -891,7 +902,7 @@ static int cmd_keypair_gen() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sc_cvc_t cvc;
|
sc_cvc_t cvc;
|
||||||
cvc_init_common(&cvc);
|
cvc_init_common(&cvc, ctx);
|
||||||
struct sc_object_id rsa15withSHA256 = { { 0,4,0,127,0,7,2,2,2,1,2,-1 } };
|
struct sc_object_id rsa15withSHA256 = { { 0,4,0,127,0,7,2,2,2,1,2,-1 } };
|
||||||
cvc.coefficientAorExponentlen = ex_len;
|
cvc.coefficientAorExponentlen = ex_len;
|
||||||
cvc.coefficientAorExponent = calloc(1, cvc.coefficientAorExponentlen);
|
cvc.coefficientAorExponent = calloc(1, cvc.coefficientAorExponentlen);
|
||||||
@@ -942,7 +953,7 @@ static int cmd_keypair_gen() {
|
|||||||
mbedtls_rsa_free(&rsa);
|
mbedtls_rsa_free(&rsa);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_rsa_free(&rsa);
|
mbedtls_rsa_free(&rsa);
|
||||||
}
|
}
|
||||||
else if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x2\x3",MIN(oid_len,10)) == 0) { //ECC
|
else if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x2\x3",MIN(oid_len,10)) == 0) { //ECC
|
||||||
@@ -955,6 +966,7 @@ static int cmd_keypair_gen() {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
printf("KEYPAIR ECC %d\r\n",ec_id);
|
||||||
if (ec_id == MBEDTLS_ECP_DP_NONE)
|
if (ec_id == MBEDTLS_ECP_DP_NONE)
|
||||||
return SW_FUNC_NOT_SUPPORTED();
|
return SW_FUNC_NOT_SUPPORTED();
|
||||||
mbedtls_ecdsa_context ecdsa;
|
mbedtls_ecdsa_context ecdsa;
|
||||||
@@ -969,7 +981,7 @@ static int cmd_keypair_gen() {
|
|||||||
uint8_t *cvcbin;
|
uint8_t *cvcbin;
|
||||||
size_t cvclen;
|
size_t cvclen;
|
||||||
sc_cvc_t cvc;
|
sc_cvc_t cvc;
|
||||||
cvc_init_common(&cvc);
|
cvc_init_common(&cvc, ctx);
|
||||||
struct sc_object_id ecdsaWithSHA256 = { { 0,4,0,127,0,7,2,2,2,2,3,-1 } };
|
struct sc_object_id ecdsaWithSHA256 = { { 0,4,0,127,0,7,2,2,2,2,3,-1 } };
|
||||||
cvc.pukoid = ecdsaWithSHA256;
|
cvc.pukoid = ecdsaWithSHA256;
|
||||||
|
|
||||||
@@ -1076,6 +1088,10 @@ static int cmd_keypair_gen() {
|
|||||||
error:
|
error:
|
||||||
free(ctx);
|
free(ctx);
|
||||||
free(p15card.card);
|
free(p15card.card);
|
||||||
|
if (ret != 0)
|
||||||
|
return SW_EXEC_ERROR();
|
||||||
|
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);
|
||||||
|
ret = flash_write_data_to_file(fpk, res_APDU, res_APDU_size);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return SW_EXEC_ERROR();
|
return SW_EXEC_ERROR();
|
||||||
return SW_OK();
|
return SW_OK();
|
||||||
|
|||||||
Reference in New Issue
Block a user