dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Inner signature of CVC encodes the full certificate body.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-02-22 00:55:36 +01:00
parent e1126b5951
commit a28f217c57
1 changed files with 23 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
sc_hsm.c
View File

@@ -601,7 +601,7 @@ static const struct sc_asn1_entry c_asn1_req[C_ASN1_REQ_SIZE] = {
{ NULL, 0, 0, 0, NULL, NULL } { NULL, 0, 0, 0, NULL, NULL }
}; };
int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc, u8 ** buf, size_t *buflen) int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc, u8 ** buf, size_t *buflen, bool only_body)
{ {
sc_card_t *card = p15card->card; sc_card_t *card = p15card->card;
struct sc_asn1_entry asn1_req[C_ASN1_REQ_SIZE]; struct sc_asn1_entry asn1_req[C_ASN1_REQ_SIZE];
@@ -651,6 +651,10 @@ int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc
sc_format_asn1_entry(asn1_cvc_body + 3, &cvc->chr, &lenchr, 1); sc_format_asn1_entry(asn1_cvc_body + 3, &cvc->chr, &lenchr, 1);
sc_format_asn1_entry(asn1_cvcert , &asn1_cvc_body, NULL, 1); sc_format_asn1_entry(asn1_cvcert , &asn1_cvc_body, NULL, 1);
if (only_body == true) {
r = sc_asn1_encode(card->ctx, asn1_cvcert, buf, buflen);
}
else {
if (cvc->signature && (cvc->signatureLen > 0)) { if (cvc->signature && (cvc->signatureLen > 0)) {
sc_format_asn1_entry(asn1_cvcert + 1, cvc->signature, &cvc->signatureLen, 1); sc_format_asn1_entry(asn1_cvcert + 1, cvc->signature, &cvc->signatureLen, 1);
} }
@@ -666,6 +670,8 @@ int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc
r = sc_asn1_encode(card->ctx, asn1_req, buf, buflen); r = sc_asn1_encode(card->ctx, asn1_req, buf, buflen);
}
LOG_TEST_RET(card->ctx, r, "Could not encode card verifiable certificate"); LOG_TEST_RET(card->ctx, r, "Could not encode card verifiable certificate");
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
@@ -727,18 +733,14 @@ static int cmd_keypair_gen() {
cvc.outerSignature = (uint8_t *)calloc(1, key_size/8); cvc.outerSignature = (uint8_t *)calloc(1, key_size/8);
mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, key_size/8); mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, key_size/8);
unsigned int cla,tag; unsigned int cla,tag;
int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen); int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, true);
//cvcpo = cvcbin;
//sc_asn1_read_tag((const u8 **)&cvcpo, cvclen, &cla, &tag, &taglen);
uint8_t hsh[32]; uint8_t hsh[32];
hash(cvcbin, cvclen, hsh); hash(cvcbin, cvclen, hsh);
ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature); ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature);
printf("ret %d\r\n"); printf("ret %d\r\n");
free(cvcbin); free(cvcbin);
r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen); r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false);
//cvcpo = cvcbin;
//sc_asn1_read_tag((const u8 **)&cvcpo, cvclen, &cla, &tag, &taglen);
printf("r %d\r\n",r); printf("r %d\r\n",r);
memcpy(res_APDU, cvcbin, cvclen); memcpy(res_APDU, cvcbin, cvclen);
free(cvcbin); free(cvcbin);