dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Merge branch 'master' into development-eddsa

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-08-14 13:34:40 +02:00
parent fb5be153ed 3cae928de8
commit ad18577e98
51 changed files with 1345 additions and 1083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/hsm/CMakeLists.txt Normal file
View File

@@ -0,0 +1,6 @@
idf_component_register(
SRCS ${SOURCES}
INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb
REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse
)
idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)

24
src/hsm/cmd_bip_slip.c
View File

@@ -109,11 +109,11 @@ int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
return CCID_OK;
}
int load_master_bip(uint32_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
uint8_t key_type[1]) {
uint8_t mkey[65];
mbedtls_ecp_keypair_init(ctx);
file_t *ef = search_dynamic_file(EF_MASTER_SEED | mid);
file_t *ef = search_file(EF_MASTER_SEED | mid);
if (!file_has_data(ef)) {
return CCID_ERR_FILE_NOT_FOUND;
}
@@ -147,7 +147,7 @@ int load_master_bip(uint32_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
}
int node_derive_path(const uint8_t *path,
size_t path_len,
uint16_t path_len,
mbedtls_ecp_keypair *ctx,
uint8_t chain[32],
uint8_t fingerprint[4],
@@ -155,13 +155,15 @@ int node_derive_path(const uint8_t *path,
uint8_t last_node[4],
uint8_t key_type[1]) {
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
uint16_t tag = 0x0;
uint16_t tag_len = 0, tag = 0x0;
uint8_t node = 0, N[64] = { 0 };
int r = 0;
memset(last_node, 0, 4);
memset(fingerprint, 0, 4);
for (; walk_tlv(path, path_len, &p, &tag, &tag_len, &tag_data); node++) {
asn1_ctx_t ctxi;
asn1_ctx_init((uint8_t *)path, path_len, &ctxi);
for (; walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data); node++) {
if (tag == 0x02) {
if ((node == 0 && tag_len != 1) || (node != 0 && tag_len != 4)) {
return CCID_WRONG_DATA;
@@ -231,7 +233,7 @@ int cmd_bip_slip() {
random_gen(NULL, seed, seed_len);
}
else {
seed_len = MIN(apdu.nc, 64);
seed_len = MIN((uint8_t)apdu.nc, 64);
memcpy(seed, apdu.data, seed_len);
}
if (p1 == 0x1 || p1 == 0x2) {
@@ -254,7 +256,7 @@ int cmd_bip_slip() {
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}
r = flash_write_data_to_file(ef, mkey, sizeof(mkey));
r = file_put_data(ef, mkey, sizeof(mkey));
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}
@@ -268,7 +270,7 @@ int cmd_bip_slip() {
uint8_t chain[32] = { 0 }, fgpt[4] = { 0 }, last_node[4] = { 0 }, key_type = 0, nodes = 0;
size_t olen = 0;
int r =
node_derive_path(apdu.data, apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type);
node_derive_path(apdu.data, (uint16_t)apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type);
if (r != CCID_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
@@ -292,7 +294,7 @@ int cmd_bip_slip() {
pubkey,
sizeof(pubkey));
memcpy(res_APDU + res_APDU_size, pubkey, olen);
res_APDU_size += olen;
res_APDU_size += (uint16_t)olen;
}
else if (key_type == 0x3) {
sha256_sha256(chain, 32, chain);
@@ -308,7 +310,7 @@ int cmd_bip_slip() {
else if (p1 == 0x10) {
uint8_t chain[32] = { 0 }, fgpt[4] = { 0 }, last_node[4] = { 0 }, nodes = 0;
int r = node_derive_path(apdu.data,
apdu.nc,
(uint16_t)apdu.nc,
&hd_context,
chain,
fgpt,

4
src/hsm/cmd_challenge.c
View File

@@ -27,8 +27,8 @@ int cmd_challenge() {
return SW_WRONG_LENGTH();
}
memcpy(res_APDU, rb, apdu.ne);
challenge_len = MIN(apdu.ne, sizeof(challenge));
challenge_len = (uint8_t)MIN(apdu.ne, sizeof(challenge));
memcpy(challenge, rb, challenge_len);
res_APDU_size = apdu.ne;
res_APDU_size = (uint16_t)apdu.ne;
return SW_OK();
}

12
src/hsm/cmd_change_pin.c
View File

@@ -35,7 +35,7 @@ int cmd_change_pin() {
if (!file_has_data(file_pin)) {
return SW_REFERENCE_NOT_FOUND();
}
uint8_t pin_len = file_read_uint8(file_get_data(file_pin));
uint8_t pin_len = file_read_uint8(file_pin);
int r = check_pin(file_pin, apdu.data, pin_len);
if (r != 0x9000) {
return r;
@@ -48,11 +48,11 @@ int cmd_change_pin() {
//encrypt MKEK with new pin
if (P2(apdu) == 0x81) {
hash_multi(apdu.data + pin_len, apdu.nc - pin_len, session_pin);
hash_multi(apdu.data + pin_len, (uint16_t)(apdu.nc - pin_len), session_pin);
has_session_pin = true;
}
else if (P2(apdu) == 0x88) {
hash_multi(apdu.data + pin_len, apdu.nc - pin_len, session_sopin);
hash_multi(apdu.data + pin_len, (uint16_t)(apdu.nc - pin_len), session_sopin);
has_session_sopin = true;
}
r = store_mkek(mkek);
@@ -61,9 +61,9 @@ int cmd_change_pin() {
return SW_EXEC_ERROR();
}
uint8_t dhash[33];
dhash[0] = apdu.nc - pin_len;
double_hash_pin(apdu.data + pin_len, apdu.nc - pin_len, dhash + 1);
flash_write_data_to_file(file_pin, dhash, sizeof(dhash));
dhash[0] = (uint8_t)apdu.nc - pin_len;
double_hash_pin(apdu.data + pin_len, (uint16_t)(apdu.nc - pin_len), dhash + 1);
file_put_data(file_pin, dhash, sizeof(dhash));
low_flash_available();
return SW_OK();
}

285
src/hsm/cmd_cipher_sym.c
View File

@@ -15,16 +15,15 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "sc_hsm.h"
#include "mbedtls/aes.h"
#include "mbedtls/cmac.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/chachapoly.h"
#include "mbedtls/gcm.h"
#include "md_wrap.h"
//#include "mbedtls/md_wrap.h"
#include "mbedtls/md.h"
#include "crypto_utils.h"
#include "sc_hsm.h"
#include "kek.h"
#include "asn1.h"
#include "oid.h"
@@ -43,7 +42,7 @@ extern uint8_t hd_keytype;
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
int *keylen, mbedtls_md_type_t *md_type) {
uint16_t *keylen, mbedtls_md_type_t *md_type) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf prf_alg_oid;
unsigned char *p = params->p;
@@ -78,7 +77,7 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
return 0;
}
if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) {
if ((ret = mbedtls_asn1_get_int(&p, end, (int *)keylen)) != 0) {
if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret);
}
@@ -106,11 +105,11 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
/* Taken from https://github.com/Mbed-TLS/mbedtls/issues/2335 */
int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
size_t input_len,
uint16_t input_len,
uint8_t *input,
size_t shared_info_len,
uint16_t shared_info_len,
uint8_t *shared_info,
size_t output_len,
uint16_t output_len,
uint8_t *output) {
mbedtls_md_context_t md_ctx;
const mbedtls_md_info_t *md_info = NULL;
@@ -134,7 +133,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
}
// keydatalen equals output_len
hashlen = md_info->size;
hashlen = mbedtls_md_get_size(md_info);
if (output_len >= hashlen * ((1ULL << 32) - 1)) {
return exit_code;
}
@@ -163,15 +162,14 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
}
int cmd_cipher_sym() {
int key_id = P1(apdu);
int algo = P2(apdu);
uint8_t key_id = P1(apdu), algo = P2(apdu);
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (wait_button_pressed() == true) { // timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id);
file_t *ef = search_file((KEY_PREFIX << 8) | key_id);
if (hd_keytype == 0) {
if (!ef) {
return SW_FILE_NOT_FOUND();
@@ -180,7 +178,7 @@ int cmd_cipher_sym() {
return SW_CONDITIONS_NOT_SATISFIED();
}
}
int key_size = file_get_size(ef);
uint16_t key_size = file_get_size(ef);
uint8_t kdata[64]; //maximum AES key size
memcpy(kdata, file_get_data(ef), key_size);
if (hd_keytype == 0 && mkek_decrypt(kdata, key_size) != 0) {
@@ -229,7 +227,7 @@ int cmd_cipher_sym() {
return SW_EXEC_ERROR();
}
}
res_APDU_size = apdu.nc;
res_APDU_size = (uint16_t)apdu.nc;
}
else if (algo == ALGO_AES_CMAC) {
const mbedtls_cipher_info_t *cipher_info;
@@ -267,23 +265,22 @@ int cmd_cipher_sym() {
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = apdu.nc;
res_APDU_size = (uint16_t)apdu.nc;
}
else if (algo == ALGO_EXT_CIPHER_ENCRYPT || algo == ALGO_EXT_CIPHER_DECRYPT) {
size_t oid_len = 0, aad_len = 0, iv_len = 0, enc_len = 0;
uint8_t *oid = NULL, *aad = NULL, *iv = NULL, *enc = NULL;
if (!asn1_find_tag(apdu.data, apdu.nc, 0x6, &oid_len,
&oid) || oid_len == 0 || oid == NULL) {
asn1_ctx_t ctxi, oid = {0}, enc = {0}, iv = {0}, aad = {0};
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
if (!asn1_find_tag(&ctxi, 0x6, &oid) || asn1_len(&oid) == 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return SW_WRONG_DATA();
}
asn1_find_tag(apdu.data, apdu.nc, 0x81, &enc_len, &enc);
asn1_find_tag(apdu.data, apdu.nc, 0x82, &iv_len, &iv);
asn1_find_tag(apdu.data, apdu.nc, 0x83, &aad_len, &aad);
asn1_find_tag(&ctxi, 0x81, &enc);
asn1_find_tag(&ctxi, 0x82, &iv);
asn1_find_tag(&ctxi, 0x83, &aad);
uint8_t tmp_iv[16];
memset(tmp_iv, 0, sizeof(tmp_iv));
if (memcmp(oid, OID_CHACHA20_POLY1305, oid_len) == 0) {
if (algo == ALGO_EXT_CIPHER_DECRYPT && enc_len < 16) {
if (memcmp(oid.data, OID_CHACHA20_POLY1305, oid.len) == 0) {
if (algo == ALGO_EXT_CIPHER_DECRYPT && enc.len < 16) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
return SW_WRONG_DATA();
}
@@ -293,22 +290,22 @@ int cmd_cipher_sym() {
mbedtls_chachapoly_setkey(&ctx, kdata);
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
r = mbedtls_chachapoly_encrypt_and_tag(&ctx,
enc_len,
iv ? iv : tmp_iv,
aad,
aad_len,
enc,
enc.len,
asn1_len(&iv) > 0 ? iv.data : tmp_iv,
aad.data,
aad.len,
enc.data,
res_APDU,
res_APDU + enc_len);
res_APDU + enc.len);
}
else if (algo == ALGO_EXT_CIPHER_DECRYPT) {
r = mbedtls_chachapoly_auth_decrypt(&ctx,
enc_len - 16,
iv ? iv : tmp_iv,
aad,
aad_len,
enc + enc_len - 16,
enc,
enc.len - 16,
asn1_len(&iv) > 0 ? iv.data : tmp_iv,
aad.data,
aad.len,
enc.data + enc.len - 16,
enc.data,
res_APDU);
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
@@ -320,60 +317,60 @@ int cmd_cipher_sym() {
return SW_EXEC_ERROR();
}
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
res_APDU_size = enc_len + 16;
res_APDU_size = enc.len + 16;
}
else if (algo == ALGO_EXT_CIPHER_DECRYPT) {
res_APDU_size = enc_len - 16;
res_APDU_size = enc.len - 16;
}
}
else if (memcmp(oid, OID_DIGEST, 7) == 0) {
else if (memcmp(oid.data, OID_DIGEST, 7) == 0) {
const mbedtls_md_info_t *md_info = NULL;
if (memcmp(oid, OID_HMAC_SHA1, oid_len) == 0) {
if (memcmp(oid.data, OID_HMAC_SHA1, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
}
else if (memcmp(oid, OID_HMAC_SHA224, oid_len) == 0) {
else if (memcmp(oid.data, OID_HMAC_SHA224, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA224);
}
else if (memcmp(oid, OID_HMAC_SHA256, oid_len) == 0) {
else if (memcmp(oid.data, OID_HMAC_SHA256, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
}
else if (memcmp(oid, OID_HMAC_SHA384, oid_len) == 0) {
else if (memcmp(oid.data, OID_HMAC_SHA384, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
}
else if (memcmp(oid, OID_HMAC_SHA512, oid_len) == 0) {
else if (memcmp(oid.data, OID_HMAC_SHA512, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
}
if (md_info == NULL) {
return SW_WRONG_DATA();
}
int r = mbedtls_md_hmac(md_info, kdata, key_size, enc, enc_len, res_APDU);
int r = mbedtls_md_hmac(md_info, kdata, key_size, enc.data, enc.len, res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = md_info->size;
res_APDU_size = mbedtls_md_get_size(md_info);
}
else if (memcmp(oid, OID_HKDF_SHA256,
oid_len) == 0 ||
memcmp(oid, OID_HKDF_SHA384,
oid_len) == 0 || memcmp(oid, OID_HKDF_SHA512, oid_len) == 0) {
else if (memcmp(oid.data, OID_HKDF_SHA256,
oid.len) == 0 ||
memcmp(oid.data, OID_HKDF_SHA384,
oid.len) == 0 || memcmp(oid.data, OID_HKDF_SHA512, oid.len) == 0) {
const mbedtls_md_info_t *md_info = NULL;
if (memcmp(oid, OID_HKDF_SHA256, oid_len) == 0) {
if (memcmp(oid.data, OID_HKDF_SHA256, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
}
else if (memcmp(oid, OID_HKDF_SHA384, oid_len) == 0) {
else if (memcmp(oid.data, OID_HKDF_SHA384, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
}
else if (memcmp(oid, OID_HKDF_SHA512, oid_len) == 0) {
else if (memcmp(oid.data, OID_HKDF_SHA512, oid.len) == 0) {
md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
}
int r = mbedtls_hkdf(md_info,
iv,
iv_len,
iv.data,
iv.len,
kdata,
key_size,
enc,
enc_len,
enc.data,
enc.len,
res_APDU,
apdu.ne > 0 &&
apdu.ne < 65536 ? apdu.ne : mbedtls_md_get_size(md_info));
@@ -381,13 +378,14 @@ int cmd_cipher_sym() {
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : mbedtls_md_get_size(md_info);
res_APDU_size = apdu.ne > 0 && apdu.ne < 65536 ? (uint16_t)apdu.ne : (uint16_t)mbedtls_md_get_size(md_info);
}
else if (memcmp(oid, OID_PKCS5_PBKDF2, oid_len) == 0) {
int iterations = 0, keylen = 0;
else if (memcmp(oid.data, OID_PKCS5_PBKDF2, oid.len) == 0) {
int iterations = 0;
uint16_t keylen = 0;
mbedtls_asn1_buf salt,
params =
{ .p = enc, .len = enc_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) };
{ .p = enc.data, .len = enc.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) };
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
int r = pkcs5_parse_pbkdf2_params(&params, &salt, &iterations, &keylen, &md_type);
@@ -409,60 +407,60 @@ int cmd_cipher_sym() {
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = keylen ? keylen : (apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : 32);
res_APDU_size = keylen ? keylen : (apdu.ne > 0 && apdu.ne < 65536 ? (uint16_t)apdu.ne : 32);
}
else if (memcmp(oid, OID_PKCS5_PBES2, oid_len) == 0) {
else if (memcmp(oid.data, OID_PKCS5_PBES2, oid.len) == 0) {
size_t olen = 0;
mbedtls_asn1_buf params =
{.p = aad, .len = aad_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
{.p = aad.data, .len = aad.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
int r = mbedtls_pkcs5_pbes2_ext(&params,
algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT,
kdata,
key_size,
enc,
enc_len,
enc.data,
enc.len,
res_APDU, 4096, &olen);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
return SW_WRONG_DATA();
}
res_APDU_size = olen;
res_APDU_size = (uint16_t)olen;
}
else if (memcmp(oid, OID_KDF_X963, oid_len) == 0) {
else if (memcmp(oid.data, OID_KDF_X963, oid.len) == 0) {
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
if (memcmp(enc, OID_HMAC_SHA1, enc_len) == 0) {
if (memcmp(enc.data, OID_HMAC_SHA1, enc.len) == 0) {
md_type = MBEDTLS_MD_SHA1;
}
else if (memcmp(enc, OID_HMAC_SHA224, enc_len) == 0) {
else if (memcmp(enc.data, OID_HMAC_SHA224, enc.len) == 0) {
md_type = MBEDTLS_MD_SHA224;
}
else if (memcmp(enc, OID_HMAC_SHA256, enc_len) == 0) {
else if (memcmp(enc.data, OID_HMAC_SHA256, enc.len) == 0) {
md_type = MBEDTLS_MD_SHA256;
}
else if (memcmp(enc, OID_HMAC_SHA384, enc_len) == 0) {
else if (memcmp(enc.data, OID_HMAC_SHA384, enc.len) == 0) {
md_type = MBEDTLS_MD_SHA384;
}
else if (memcmp(enc, OID_HMAC_SHA512, enc_len) == 0) {
else if (memcmp(enc.data, OID_HMAC_SHA512, enc.len) == 0) {
md_type = MBEDTLS_MD_SHA512;
}
int r = mbedtls_ansi_x963_kdf(md_type,
key_size,
kdata,
aad_len,
aad,
apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : 32,
aad.len,
aad.data,
apdu.ne > 0 && apdu.ne < 65536 ? (uint16_t)apdu.ne : 32,
res_APDU);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
return SW_WRONG_DATA();
}
res_APDU_size = apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : 32;
res_APDU_size = apdu.ne > 0 && apdu.ne < 65536 ? (uint16_t)apdu.ne : 32;
}
else if (memcmp(oid, OID_NIST_AES, 8) == 0) {
if (oid_len != 9) {
else if (memcmp(oid.data, OID_NIST_AES, 8) == 0) {
if (oid.len != 9) {
return SW_WRONG_DATA();
}
uint8_t aes_algo = oid[8],
uint8_t aes_algo = oid.data[8],
mode =
(algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT);
if ((aes_algo >= 0x01 && aes_algo <= 0x09 && key_size != 16) ||
@@ -473,9 +471,9 @@ int cmd_cipher_sym() {
mbedtls_aes_context ctx;
int r = 0;
mbedtls_aes_init(&ctx);
if (iv == NULL || iv_len == 0) {
iv = tmp_iv;
iv_len = sizeof(tmp_iv);
if (asn1_len(&iv) == 0) {
iv.data = tmp_iv;
iv.len = sizeof(tmp_iv);
}
if (aes_algo == 0x01 || aes_algo == 0x15 || aes_algo == 0x29) { /* ECB */
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
@@ -485,12 +483,12 @@ int cmd_cipher_sym() {
r = mbedtls_aes_setkey_dec(&ctx, kdata, key_size * 8);
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_aes_crypt_ecb(&ctx, mode, enc, res_APDU);
r = mbedtls_aes_crypt_ecb(&ctx, mode, enc.data, res_APDU);
mbedtls_aes_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = MIN(enc_len, 16); // ECB operates with 16-byte blocks
res_APDU_size = MIN(enc.len, 16); // ECB operates with 16-byte blocks
}
else if (aes_algo == 0x02 || aes_algo == 0x16 || aes_algo == 0x2A) { /* CBC */
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
@@ -503,34 +501,34 @@ int cmd_cipher_sym() {
return SW_EXEC_ERROR();
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_aes_crypt_cbc(&ctx, mode, enc_len, iv, enc, res_APDU);
r = mbedtls_aes_crypt_cbc(&ctx, mode, enc.len, iv.data, enc.data, res_APDU);
mbedtls_aes_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = enc_len;
res_APDU_size = enc.len;
}
else if (aes_algo == 0x03 || aes_algo == 0x17 || aes_algo == 0x2B) { /* OFB */
size_t iv_off = 0;
r = mbedtls_aes_setkey_enc(&ctx, kdata, key_size * 8);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_aes_crypt_ofb(&ctx, enc_len, &iv_off, iv, enc, res_APDU);
r = mbedtls_aes_crypt_ofb(&ctx, enc.len, &iv_off, iv.data, enc.data, res_APDU);
mbedtls_aes_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = enc_len;
res_APDU_size = enc.len;
}
else if (aes_algo == 0x04 || aes_algo == 0x18 || aes_algo == 0x2C) { /* CFB */
size_t iv_off = 0;
r = mbedtls_aes_setkey_enc(&ctx, kdata, key_size * 8);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_aes_crypt_cfb128(&ctx, mode, enc_len, &iv_off, iv, enc, res_APDU);
r = mbedtls_aes_crypt_cfb128(&ctx, mode, enc.len, &iv_off, iv.data, enc.data, res_APDU);
mbedtls_aes_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = enc_len;
res_APDU_size = enc.len;
}
else if (aes_algo == 0x06 || aes_algo == 0x1A || aes_algo == 0x2E) { /* GCM */
mbedtls_aes_free(&ctx); // No AES ctx used
@@ -541,29 +539,29 @@ int cmd_cipher_sym() {
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
r = mbedtls_gcm_crypt_and_tag(&gctx,
MBEDTLS_GCM_ENCRYPT,
enc_len,
iv,
iv_len,
aad,
aad_len,
enc,
enc.len,
iv.data,
iv.len,
aad.data,
aad.len,
enc.data,
res_APDU,
16,
res_APDU + enc_len);
res_APDU_size = enc_len + 16;
res_APDU + enc.len);
res_APDU_size = enc.len + 16;
}
else if (algo == ALGO_EXT_CIPHER_DECRYPT) {
r = mbedtls_gcm_auth_decrypt(&gctx,
enc_len - 16,
iv,
iv_len,
aad,
aad_len,
enc + enc_len - 16,
enc.len - 16,
iv.data,
iv.len,
aad.data,
aad.len,
enc.data + enc.len - 16,
16,
enc,
enc.data,
res_APDU);
res_APDU_size = enc_len - 16;
res_APDU_size = enc.len - 16;
}
mbedtls_gcm_free(&gctx);
if (r != 0) {
@@ -575,12 +573,12 @@ int cmd_cipher_sym() {
uint8_t stream_block[16];
r = mbedtls_aes_setkey_enc(&ctx, kdata, key_size * 8);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_aes_crypt_ctr(&ctx, enc_len, &iv_off, iv, stream_block, enc, res_APDU);
r = mbedtls_aes_crypt_ctr(&ctx, enc.len, &iv_off, iv.data, stream_block, enc.data, res_APDU);
mbedtls_aes_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = enc_len;
res_APDU_size = enc.len;
}
else if (aes_algo == 0x07 || aes_algo == 0x1B || aes_algo == 0x2F) { /* CCM */
mbedtls_aes_free(&ctx); // No AES ctx used
@@ -590,35 +588,35 @@ int cmd_cipher_sym() {
if (r != 0) {
return SW_EXEC_ERROR();
}
if (iv_len == 16) {
iv_len = 12;
if (iv.len == 16) {
iv.len = 12;
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
r = mbedtls_ccm_encrypt_and_tag(&gctx,
enc_len,
iv,
iv_len,
aad,
aad_len,
enc,
enc.len,
iv.data,
iv.len,
aad.data,
aad.len,
enc.data,
res_APDU,
res_APDU + enc_len,
res_APDU + enc.len,
16);
res_APDU_size = enc_len + 16;
res_APDU_size = enc.len + 16;
}
else if (algo == ALGO_EXT_CIPHER_DECRYPT) {
r = mbedtls_ccm_auth_decrypt(&gctx,
enc_len - 16,
iv,
iv_len,
aad,
aad_len,
enc,
enc.len - 16,
iv.data,
iv.len,
aad.data,
aad.len,
enc.data,
res_APDU,
enc + enc_len - 16,
enc.data + enc.len - 16,
16);
res_APDU_size = enc_len - 16;
res_APDU_size = enc.len - 16;
}
mbedtls_ccm_free(&gctx);
if (r != 0) {
@@ -626,19 +624,18 @@ int cmd_cipher_sym() {
}
}
}
else if (memcmp(oid, OID_IEEE_ALG, 8) == 0) {
if (oid_len != 9) {
else if (memcmp(oid.data, OID_IEEE_ALG, 8) == 0) {
if (oid.len != 9) {
return SW_WRONG_DATA();
}
uint8_t aes_algo = oid[8],
uint8_t aes_algo = oid.data[8],
mode =
(algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT);
int r = 0;
uint8_t tmp_iv[16];
memset(tmp_iv, 0, sizeof(tmp_iv));
if (iv == NULL || iv_len == 0) {
iv = tmp_iv;
iv_len = sizeof(tmp_iv);
if (asn1_len(&iv) == 0) {
iv.data = tmp_iv;
iv.len = sizeof(tmp_iv);
}
if ((aes_algo == 0x01 && key_size != 32) || (aes_algo == 0x02 && key_size != 64)) {
return SW_WRONG_DATA();
@@ -652,14 +649,14 @@ int cmd_cipher_sym() {
r = mbedtls_aes_xts_setkey_dec(&ctx, kdata, key_size * 8);
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_aes_crypt_xts(&ctx, mode, enc_len, iv, enc, res_APDU);
r = mbedtls_aes_crypt_xts(&ctx, mode, enc.len, iv.data, enc.data, res_APDU);
mbedtls_aes_xts_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = enc_len;
res_APDU_size = enc.len;
}
else if (memcmp(oid, OID_HD, 11) == 0) {
else if (memcmp(oid.data, OID_HD, 11) == 0) {
mbedtls_aes_context ctx;
int r = 0;
uint8_t mode =
@@ -674,16 +671,16 @@ int cmd_cipher_sym() {
r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA512),
kdata,
key_size,
aad,
aad_len,
aad.data,
aad.len,
secret);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
return SW_EXEC_ERROR();
}
if (iv == tmp_iv || iv_len == 0) {
iv = secret + 32;
iv_len = 16;
if (iv.data == tmp_iv || iv.len == 0) {
iv.data = secret + 32;
iv.len = 16;
}
if (algo == ALGO_EXT_CIPHER_ENCRYPT) {
r = mbedtls_aes_setkey_enc(&ctx, secret, key_size * 8);
@@ -694,12 +691,12 @@ int cmd_cipher_sym() {
if (r != 0) {
return SW_EXEC_ERROR();
}
r = mbedtls_aes_crypt_cbc(&ctx, mode, enc_len, iv, enc, res_APDU);
r = mbedtls_aes_crypt_cbc(&ctx, mode, enc.len, iv.data, enc.data, res_APDU);
mbedtls_aes_free(&ctx);
if (r != 0) {
return SW_EXEC_ERROR();
}
res_APDU_size = enc_len;
res_APDU_size = enc.len;
mbedtls_ecdsa_free(&hd_context);
hd_keytype = 0;
}

58
src/hsm/cmd_decrypt_asym.c
View File

@@ -15,10 +15,9 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "sc_hsm.h"
#include "mbedtls/ecdh.h"
#include "crypto_utils.h"
#include "sc_hsm.h"
#include "kek.h"
#include "files.h"
#include "asn1.h"
@@ -27,12 +26,12 @@
#include "oid.h"
int cmd_decrypt_asym() {
int key_id = P1(apdu);
uint8_t key_id = P1(apdu);
uint8_t p2 = P2(apdu);
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id);
file_t *ef = search_file((KEY_PREFIX << 8) | key_id);
if (!ef) {
return SW_FILE_NOT_FOUND();
}
@@ -56,7 +55,7 @@ int cmd_decrypt_asym() {
}
return SW_EXEC_ERROR();
}
int key_size = file_get_size(ef);
uint16_t key_size = file_get_size(ef);
if (apdu.nc < key_size) { //needs padding
memset(apdu.data + apdu.nc, 0, key_size - apdu.nc);
}
@@ -64,7 +63,7 @@ int cmd_decrypt_asym() {
size_t olen = apdu.nc;
r = mbedtls_rsa_pkcs1_decrypt(&ctx, random_gen, NULL, &olen, apdu.data, res_APDU, 512);
if (r == 0) {
res_APDU_size = olen;
res_APDU_size = (uint16_t)olen;
}
}
else {
@@ -84,7 +83,7 @@ int cmd_decrypt_asym() {
if (wait_button_pressed() == true) { //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
int key_size = file_get_size(ef);
uint16_t key_size = file_get_size(ef);
uint8_t *kdata = (uint8_t *) calloc(1, key_size);
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
@@ -111,15 +110,18 @@ int cmd_decrypt_asym() {
}
r = -1;
if (p2 == ALGO_EC_DH) {
*(apdu.data - 1) = (uint8_t)apdu.nc;
r = mbedtls_ecdh_read_public(&ctx, apdu.data - 1, apdu.nc + 1);
}
else if (p2 == ALGO_EC_DH_XKEK) {
size_t pub_len = 0;
const uint8_t *pub = cvc_get_pub(apdu.data, apdu.nc, &pub_len);
uint16_t pub_len = 0;
const uint8_t *pub = cvc_get_pub(apdu.data, (uint16_t)apdu.nc, &pub_len);
if (pub) {
size_t t86_len = 0;
uint16_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86);
uint8_t *t86w = (uint8_t *)t86;
if (t86) {
*(t86w - 1) = (uint8_t)t86_len;
r = mbedtls_ecdh_read_public(&ctx, t86 - 1, t86_len + 1);
}
}
@@ -140,43 +142,41 @@ int cmd_decrypt_asym() {
return SW_EXEC_ERROR();
}
if (p2 == ALGO_EC_DH) {
res_APDU_size = olen + 1;
res_APDU_size = (uint16_t)(olen + 1);
}
else {
res_APDU_size = 0;
size_t ext_len = 0;
uint16_t ext_len = 0;
const uint8_t *ext = NULL;
if ((ext = cvc_get_ext(apdu.data, apdu.nc, &ext_len)) == NULL) {
if ((ext = cvc_get_ext(apdu.data, (uint16_t)apdu.nc, &ext_len)) == NULL) {
return SW_WRONG_DATA();
}
uint8_t *p = NULL, *tag_data = NULL, *kdom_uid = NULL;
uint8_t *p = NULL;
uint16_t tag = 0;
size_t tag_len = 0, kdom_uid_len = 0;
while (walk_tlv(ext, ext_len, &p, &tag, &tag_len, &tag_data)) {
asn1_ctx_t ctxi, ctxo = { 0 }, kdom_uid = { 0 };
asn1_ctx_init((uint8_t *)ext, ext_len, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &ctxo.len, &ctxo.data)) {
if (tag == 0x73) {
size_t oid_len = 0;
uint8_t *oid_data = NULL;
if (asn1_find_tag(tag_data, tag_len, 0x6, &oid_len,
&oid_data) == true &&
oid_len == strlen(OID_ID_KEY_DOMAIN_UID) &&
memcmp(oid_data, OID_ID_KEY_DOMAIN_UID,
asn1_ctx_t oid = {0};
if (asn1_find_tag(&ctxo, 0x6, &oid) == true &&
oid.len == strlen(OID_ID_KEY_DOMAIN_UID) &&
memcmp(oid.data, OID_ID_KEY_DOMAIN_UID,
strlen(OID_ID_KEY_DOMAIN_UID)) == 0) {
if (asn1_find_tag(tag_data, tag_len, 0x80, &kdom_uid_len,
&kdom_uid) == false) {
if (asn1_find_tag(&ctxo, 0x80, &kdom_uid) == false) {
return SW_WRONG_DATA();
}
break;
}
}
}
if (kdom_uid_len == 0 || kdom_uid == NULL) {
if (asn1_len(&kdom_uid) == 0) {
return SW_WRONG_DATA();
}
for (int n = 0; n < MAX_KEY_DOMAINS; n++) {
file_t *tf = search_dynamic_file(EF_XKEK + n);
for (uint8_t n = 0; n < MAX_KEY_DOMAINS; n++) {
file_t *tf = search_file(EF_XKEK + n);
if (tf) {
if (file_get_size(tf) == kdom_uid_len &&
memcmp(file_get_data(tf), kdom_uid, kdom_uid_len) == 0) {
if (file_get_size(tf) == kdom_uid.len &&
memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) {
file_new(EF_DKEK + n);
if (store_dkek_key(n, res_APDU + 1) != CCID_OK) {
return SW_EXEC_ERROR();

4
src/hsm/cmd_delete_file.c
View File

@@ -25,13 +25,13 @@ int cmd_delete_file() {
if (apdu.nc == 0) {
ef = currentEF;
if (!(ef = search_dynamic_file(ef->fid))) {
if (!(ef = search_file(ef->fid))) {
return SW_FILE_NOT_FOUND();
}
}
else {
uint16_t fid = (apdu.data[0] << 8) | apdu.data[1];
if (!(ef = search_dynamic_file(fid))) {
if (!(ef = search_file(fid))) {
return SW_FILE_NOT_FOUND();
}
}

5
src/hsm/cmd_derive_asym.c
View File

@@ -15,10 +15,9 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "sc_hsm.h"
#include "mbedtls/ecdsa.h"
#include "crypto_utils.h"
#include "sc_hsm.h"
#include "cvc.h"
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
@@ -43,7 +42,7 @@ int cmd_derive_asym() {
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) {
if (!(fkey = search_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) {
return SW_FILE_NOT_FOUND();
}
if (key_has_purpose(fkey, ALGO_EC_DERIVE) == false) {

4
src/hsm/cmd_external_authenticate.c
View File

@@ -34,7 +34,7 @@ int cmd_external_authenticate() {
if (apdu.nc == 0) {
return SW_WRONG_LENGTH();
}
file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF);
file_t *ef_puk = search_file(EF_PUKAUT);
if (!file_has_data(ef_puk)) {
return SW_FILE_NOT_FOUND();
}
@@ -46,7 +46,7 @@ int cmd_external_authenticate() {
hash256(input, dev_name_len + challenge_len, hash);
int r =
puk_verify(apdu.data,
apdu.nc,
(uint16_t)apdu.nc,
hash,
32,
file_get_data(ef_puk_aut),

115
src/hsm/cmd_extras.c
View File

@@ -15,11 +15,13 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "mbedtls/ecdh.h"
#include "sc_hsm.h"
#ifndef ENABLE_EMULATION
#include "mbedtls/ecdh.h"
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "hardware/rtc.h"
#else
#include <sys/time.h>
#include <time.h>
#endif
#include "files.h"
#include "random.h"
@@ -28,12 +30,22 @@
#include "mbedtls/chachapoly.h"
int cmd_extras() {
#ifndef ENABLE_EMULATION
// Only allow change PHY without PIN
if (!isUserAuthenticated && P1(apdu) != 0x1B) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
#endif
//check button (if enabled)
if (wait_button_pressed() == true) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
if (P1(apdu) == 0xA) { //datetime operations
if (P2(apdu) != 0x0) {
return SW_INCORRECT_P1P2();
}
if (apdu.nc == 0) {
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
datetime_t dt;
if (!rtc_get_datetime(&dt)) {
return SW_EXEC_ERROR();
@@ -46,13 +58,26 @@ int cmd_extras() {
res_APDU[res_APDU_size++] = dt.hour;
res_APDU[res_APDU_size++] = dt.min;
res_APDU[res_APDU_size++] = dt.sec;
#else
struct timeval tv;
struct tm *tm;
gettimeofday(&tv, NULL);
tm = localtime(&tv.tv_sec);
res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
res_APDU[res_APDU_size++] = tm->tm_mon;
res_APDU[res_APDU_size++] = tm->tm_mday;
res_APDU[res_APDU_size++] = tm->tm_wday;
res_APDU[res_APDU_size++] = tm->tm_hour;
res_APDU[res_APDU_size++] = tm->tm_min;
res_APDU[res_APDU_size++] = tm->tm_sec;
#endif
}
else {
if (apdu.nc != 8) {
return SW_WRONG_LENGTH();
}
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
datetime_t dt;
dt.year = (apdu.data[0] << 8) | (apdu.data[1]);
dt.month = apdu.data[2];
@@ -64,6 +89,18 @@ int cmd_extras() {
if (!rtc_set_datetime(&dt)) {
return SW_WRONG_DATA();
}
#else
struct tm tm;
struct timeval tv;
tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
tm.tm_mon = apdu.data[2];
tm.tm_mday = apdu.data[3];
tm.tm_wday = apdu.data[4];
tm.tm_hour = apdu.data[5];
tm.tm_min = apdu.data[6];
tm.tm_sec = apdu.data[7];
tv.tv_sec = mktime(&tm);
settimeofday(&tv, NULL);
#endif
}
}
@@ -81,8 +118,8 @@ int cmd_extras() {
}
else {
uint8_t newopts[] = { apdu.data[0], (opts & 0xff) };
file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF);
flash_write_data_to_file(tf, newopts, sizeof(newopts));
file_t *tf = search_file(EF_DEVOPS);
file_put_data(tf, newopts, sizeof(newopts));
low_flash_available();
}
}
@@ -149,7 +186,7 @@ int cmd_extras() {
return SW_EXEC_ERROR();
}
mse.init = true;
res_APDU_size = olen;
res_APDU_size = (uint16_t)olen;
}
else if (P2(apdu) == 0x02 || P2(apdu) == 0x03 || P2(apdu) == 0x04) {
if (mse.init == false) {
@@ -167,14 +204,14 @@ int cmd_extras() {
(P2(apdu) == 0x04 && (opts & HSM_OPT_SECURE_LOCK))) {
uint16_t tfids[] = { EF_MKEK, EF_MKEK_SO };
for (int t = 0; t < sizeof(tfids) / sizeof(uint16_t); t++) {
file_t *tf = search_by_fid(tfids[t], NULL, SPECIFY_EF);
file_t *tf = search_file(tfids[t]);
if (tf) {
uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(tf));
memcpy(tmp, file_get_data(tf), file_get_size(tf));
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(tmp)[i] ^= apdu.data[i];
}
flash_write_data_to_file(tf, tmp, file_get_size(tf));
file_put_data(tf, tmp, file_get_size(tf));
free(tmp);
}
}
@@ -185,8 +222,8 @@ int cmd_extras() {
else if (P2(apdu) == 0x04) {
newopts[0] &= ~HSM_OPT_SECURE_LOCK >> 8;
}
file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF);
flash_write_data_to_file(tf, newopts, sizeof(newopts));
file_t *tf = search_file(EF_DEVOPS);
file_put_data(tf, newopts, sizeof(newopts));
low_flash_available();
}
else if (P2(apdu) == 0x03) {
@@ -195,6 +232,60 @@ int cmd_extras() {
}
}
}
#ifndef ENABLE_EMULATION
else if (P1(apdu) == 0x1B) { // Set PHY
if (apdu.nc == 0) {
if (file_has_data(ef_phy)) {
res_APDU_size = file_get_size(ef_phy);
memcpy(res_APDU, file_get_data(ef_phy), res_APDU_size);
}
}
else {
uint8_t tmp[PHY_MAX_SIZE];
memset(tmp, 0, sizeof(tmp));
uint16_t opts = 0;
if (file_has_data(ef_phy)) {
memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy)));
if (file_get_size(ef_phy) >= 8) {
opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1];
}
}
if (P2(apdu) == PHY_VID) { // VIDPID
if (apdu.nc != 4) {
return SW_WRONG_LENGTH();
}
memcpy(tmp + PHY_VID, apdu.data, 4);
opts |= PHY_OPT_VPID;
}
else if (P2(apdu) == PHY_LED_GPIO || P2(apdu) == PHY_LED_MODE) {
if (apdu.nc != 1) {
return SW_WRONG_LENGTH();
}
tmp[P2(apdu)] = apdu.data[0];
if (P2(apdu) == PHY_LED_GPIO) {
opts |= PHY_OPT_GPIO;
}
else if (P2(apdu) == PHY_LED_MODE) {
opts |= PHY_OPT_LED;
}
}
else if (P2(apdu) == PHY_OPTS) {
if (apdu.nc != 2) {
return SW_WRONG_LENGTH();
}
uint16_t opt = (apdu.data[0] << 8) | apdu.data[1];
opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK);
}
else {
return SW_INCORRECT_P1P2();
}
tmp[PHY_OPTS] = opts >> 8;
tmp[PHY_OPTS + 1] = opts & 0xff;
file_put_data(ef_phy, tmp, sizeof(tmp));
low_flash_available();
}
}
#endif
else {
return SW_INCORRECT_P1P2();
}

13
src/hsm/cmd_general_authenticate.c
View File

@@ -15,10 +15,9 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "sc_hsm.h"
#include "mbedtls/ecdh.h"
#include "asn1.h"
#include "sc_hsm.h"
#include "random.h"
#include "oid.h"
#include "eac.h"
@@ -28,18 +27,20 @@ int cmd_general_authenticate() {
if (P1(apdu) == 0x0 && P2(apdu) == 0x0) {
if (apdu.data[0] == 0x7C) {
int r = 0;
size_t pubkey_len = 0;
uint16_t pubkey_len = 0;
const uint8_t *pubkey = NULL;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data + 2, apdu.nc - 2, &p, &tag, &tag_len, &tag_data)) {
uint16_t tag_len = 0;
asn1_ctx_t ctxi;
asn1_ctx_init(apdu.data + 2, (uint16_t)(apdu.nc - 2), &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x80) {
pubkey = tag_data - 1; //mbedtls ecdh starts reading one pos before
pubkey_len = tag_len + 1;
}
}
file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);
file_t *fkey = search_file(EF_KEY_DEV);
if (!fkey) {
return SW_EXEC_ERROR();
}

66
src/hsm/cmd_initialize.c
View File

@@ -28,7 +28,7 @@ extern void scan_all();
extern char __StackLimit;
int heapLeft() {
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
char *p = malloc(256); // try to avoid undue fragmentation
int left = &__StackLimit - p;
free(p);
@@ -48,18 +48,20 @@ int cmd_initialize() {
has_session_pin = has_session_sopin = false;
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
uint16_t tag_len = 0;
asn1_ctx_t ctxi;
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x80) { //options
file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF);
flash_write_data_to_file(tf, tag_data, tag_len);
file_t *tf = search_file(EF_DEVOPS);
file_put_data(tf, tag_data, tag_len);
}
else if (tag == 0x81) { //user pin
if (file_pin1 && file_pin1->data) {
uint8_t dhash[33];
dhash[0] = tag_len;
dhash[0] = (uint8_t)tag_len;
double_hash_pin(tag_data, tag_len, dhash + 1);
flash_write_data_to_file(file_pin1, dhash, sizeof(dhash));
file_put_data(file_pin1, dhash, sizeof(dhash));
hash_multi(tag_data, tag_len, session_pin);
has_session_pin = true;
}
@@ -67,20 +69,20 @@ int cmd_initialize() {
else if (tag == 0x82) { //sopin pin
if (file_sopin && file_sopin->data) {
uint8_t dhash[33];
dhash[0] = tag_len;
dhash[0] = (uint8_t)tag_len;
double_hash_pin(tag_data, tag_len, dhash + 1);
flash_write_data_to_file(file_sopin, dhash, sizeof(dhash));
file_put_data(file_sopin, dhash, sizeof(dhash));
hash_multi(tag_data, tag_len, session_sopin);
has_session_sopin = true;
}
}
else if (tag == 0x91) { //retries user pin
file_t *tf = search_by_fid(0x1082, NULL, SPECIFY_EF);
file_t *tf = search_file(EF_PIN1_MAX_RETRIES);
if (tf && tf->data) {
flash_write_data_to_file(tf, tag_data, tag_len);
file_put_data(tf, tag_data, tag_len);
}
if (file_retries_pin1 && file_retries_pin1->data) {
flash_write_data_to_file(file_retries_pin1, tag_data, tag_len);
file_put_data(file_retries_pin1, tag_data, tag_len);
}
}
else if (tag == 0x92) {
@@ -90,10 +92,10 @@ int cmd_initialize() {
release_mkek(mkek);
return SW_MEMORY_FAILURE();
}
flash_write_data_to_file(tf, NULL, 0);
file_put_data(tf, NULL, 0);
}
else if (tag == 0x93) {
file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF);
file_t *ef_puk = search_file(EF_PUKAUT);
if (!ef_puk) {
release_mkek(mkek);
return SW_MEMORY_FAILURE();
@@ -103,14 +105,14 @@ int cmd_initialize() {
pk_status[0] = puks;
pk_status[1] = puks;
pk_status[2] = tag_data[1];
flash_write_data_to_file(ef_puk, pk_status, sizeof(pk_status));
for (int i = 0; i < puks; i++) {
file_put_data(ef_puk, pk_status, sizeof(pk_status));
for (uint8_t i = 0; i < puks; i++) {
file_t *tf = file_new(EF_PUK + i);
if (!tf) {
release_mkek(mkek);
return SW_MEMORY_FAILURE();
}
flash_write_data_to_file(tf, NULL, 0);
file_put_data(tf, NULL, 0);
}
}
else if (tag == 0x97) {
@@ -120,12 +122,12 @@ int cmd_initialize() {
file_t *tf = file_new(EF_DKEK+i);
if (!tf)
return SW_MEMORY_FAILURE();
flash_write_data_to_file(tf, NULL, 0);
file_put_data(tf, NULL, 0);
}
*/
}
}
file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF);
file_t *tf_kd = search_file(EF_KEY_DOMAIN);
if (!tf_kd) {
release_mkek(mkek);
return SW_EXEC_ERROR();
@@ -141,7 +143,7 @@ int cmd_initialize() {
if (dkeks) {
if (*dkeks > 0) {
uint16_t d = *dkeks;
if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
return SW_EXEC_ERROR();
}
}
@@ -151,28 +153,28 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}
uint16_t d = 0x0101;
if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
return SW_EXEC_ERROR();
}
}
}
else {
uint16_t d = 0x0000;
if (flash_write_data_to_file(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
return SW_EXEC_ERROR();
}
}
if (kds) {
uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS);
memset(t, 0xff, 2 * k);
if (flash_write_data_to_file(tf_kd, t, 2 * k) != CCID_OK) {
if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) {
return SW_EXEC_ERROR();
}
}
/* When initialized, it has all credentials */
isUserAuthenticated = true;
/* Create terminal private key */
file_t *fdkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);
file_t *fdkey = search_file(EF_KEY_DEV);
if (!fdkey) {
return SW_EXEC_ERROR();
}
@@ -198,8 +200,8 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}
file_t *fpk = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, cvc_len);
file_t *fpk = search_file(EF_EE_DEV);
ret = file_put_data(fpk, res_APDU, (uint16_t)cvc_len);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
@@ -211,8 +213,8 @@ int cmd_initialize() {
}
memcpy(res_APDU + cvc_len, res_APDU, cvc_len);
mbedtls_ecdsa_free(&ecdsa);
fpk = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, 2 * cvc_len);
fpk = search_file(EF_TERMCA);
ret = file_put_data(fpk, res_APDU, (uint16_t)(2 * cvc_len));
if (ret != 0) {
return SW_EXEC_ERROR();
}
@@ -220,15 +222,15 @@ int cmd_initialize() {
const uint8_t *keyid =
(const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
*label = (const uint8_t *) "ESPICOHSMTR";
size_t prkd_len = asn1_build_prkd_ecc(label,
strlen((const char *) label),
uint16_t prkd_len = asn1_build_prkd_ecc(label,
(uint16_t)strlen((const char *) label),
keyid,
20,
256,
res_APDU,
4096);
fpk = search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF);
ret = flash_write_data_to_file(fpk, res_APDU, prkd_len);
fpk = search_file(EF_PRKD_DEV);
ret = file_put_data(fpk, res_APDU, prkd_len);
}
if (ret != 0) {

44
src/hsm/cmd_key_domain.c
View File

@@ -22,7 +22,7 @@
#include "files.h"
uint8_t get_key_domain(file_t *fkey) {
size_t tag_len = 0;
uint16_t tag_len = 0;
if (!file_has_data(fkey)) {
return 0xff;
}
@@ -44,7 +44,7 @@ int cmd_key_domain() {
if (p2 >= MAX_KEY_DOMAINS) {
return SW_WRONG_P1P2();
}
file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF);
file_t *tf_kd = search_file(EF_KEY_DOMAIN);
if (!tf_kd) {
return SW_EXEC_ERROR();
}
@@ -83,17 +83,17 @@ int cmd_key_domain() {
uint8_t t[MAX_KEY_DOMAINS * 2];
memcpy(t, kdata, tf_kd_size);
t[2 * p2 + 1] = current_dkeks;
if (flash_write_data_to_file(tf_kd, t, tf_kd_size) != CCID_OK) {
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
}
else {
file_t *tf = search_dynamic_file(EF_XKEK + p2);
file_t *tf = search_file(EF_XKEK + p2);
if (2 * p2 >= tf_kd_size) {
return SW_INCORRECT_P1P2();
}
if (current_dkeks == 0xff && !tf) { //XKEK have always 0xff
if (current_dkeks == 0xff && !file_has_data(tf)) { //XKEK have always 0xff
return SW_REFERENCE_NOT_FOUND();
}
}
@@ -103,8 +103,8 @@ int cmd_key_domain() {
return SW_WRONG_LENGTH();
}
if (p1 == 0x3) { //if key domain is not empty, command is denied
for (int i = 1; i < 256; i++) {
file_t *fkey = search_dynamic_file(KEY_PREFIX << 8 | i);
for (uint16_t i = 1; i < 256; i++) {
file_t *fkey = search_file(KEY_PREFIX << 8 | (uint8_t)i);
if (get_key_domain(fkey) == p2) {
return SW_FILE_EXISTS();
}
@@ -129,16 +129,16 @@ int cmd_key_domain() {
else if (p1 == 0x4) {
t[2 * p2 + 1] = current_dkeks = 0;
}
if (flash_write_data_to_file(tf_kd, t, tf_kd_size) != CCID_OK) {
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
return SW_EXEC_ERROR();
}
file_t *tf = NULL;
if ((tf = search_dynamic_file(EF_DKEK + p2))) {
if ((tf = search_file(EF_DKEK + p2))) {
if (delete_file(tf) != CCID_OK) {
return SW_EXEC_ERROR();
}
}
if (p1 == 0x3 && (tf = search_dynamic_file(EF_XKEK + p2))) {
if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) {
if (delete_file(tf) != CCID_OK) {
return SW_EXEC_ERROR();
}
@@ -150,8 +150,8 @@ int cmd_key_domain() {
}
else if (p1 == 0x2) { //XKEK Key Domain creation
if (apdu.nc > 0) {
size_t pub_len = 0;
file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF);
uint16_t pub_len = 0;
file_t *fterm = search_file(EF_TERMCA);
if (!fterm) {
return SW_EXEC_ERROR();
}
@@ -159,13 +159,13 @@ int cmd_key_domain() {
if (!pub) {
return SW_EXEC_ERROR();
}
size_t t86_len = 0;
uint16_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86);
if (!t86 || t86[0] != 0x4) {
return SW_EXEC_ERROR();
}
size_t t54_len = 0;
const uint8_t *t54 = cvc_get_field(apdu.data, apdu.nc, &t54_len, 0x54);
uint16_t t54_len = 0;
const uint8_t *t54 = cvc_get_field(apdu.data, (uint16_t)apdu.nc, &t54_len, 0x54);
if (!t54) {
return SW_WRONG_DATA();
}
@@ -174,7 +174,7 @@ int cmd_key_domain() {
memcpy(input + 1, t86 + 1, (t86_len - 1) / 2);
hash256(input, (t86_len - 1) / 2 + 1, hash);
free(input);
int r = puk_verify(t54, t54_len, hash, 32, apdu.data, apdu.nc);
int r = puk_verify(t54, t54_len, hash, 32, apdu.data, (uint16_t)apdu.nc);
if (r != 0) {
return SW_CONDITIONS_NOT_SATISFIED();
}
@@ -184,12 +184,12 @@ int cmd_key_domain() {
}
//All checks done. Get Key Domain UID
pub = cvc_get_pub(apdu.data, apdu.nc, &pub_len);
pub = cvc_get_pub(apdu.data, (uint16_t)apdu.nc, &pub_len);
if (pub) {
size_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86);
t86_len = 0;
t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86);
if (t86) {
flash_write_data_to_file(tf, t86 + 1, t86_len - 1);
file_put_data(tf, t86 + 1, (uint16_t)t86_len - 1);
low_flash_available();
}
}
@@ -203,8 +203,8 @@ int cmd_key_domain() {
res_APDU[1] = dkeks > current_dkeks ? dkeks - current_dkeks : 0;
dkek_kcv(p2, res_APDU + 2);
res_APDU_size = 2 + 8;
file_t *tf = search_dynamic_file(EF_XKEK + p2);
if (tf) {
file_t *tf = search_file(EF_XKEK + p2);
if (file_has_data(tf)) {
memcpy(res_APDU + 10, file_get_data(tf), file_get_size(tf));
res_APDU_size += file_get_size(tf);
}

57
src/hsm/cmd_key_unwrap.c
View File

@@ -15,23 +15,34 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "crypto_utils.h"
#include "sc_hsm.h"
#include "crypto_utils.h"
#include "kek.h"
#include "cvc.h"
int cmd_key_unwrap() {
int key_id = P1(apdu), r = 0;
uint8_t key_id = P1(apdu);
int r = 0;
if (P2(apdu) != 0x93) {
return SW_WRONG_P1P2();
}
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
int key_type = dkek_type_key(apdu.data);
uint8_t kdom = -1, *allowed = NULL, prkd_buf[128];
size_t allowed_len = 0, prkd_len = 0;
uint8_t *data = apdu.data;
uint16_t data_len = apdu.nc;
if (data_len == 0) { // New style
file_t *tef = search_file(0x2F10);
if (!file_has_data(tef)) {
return SW_FILE_NOT_FOUND();
}
data = file_get_data(tef);
data_len = file_get_size(tef);
}
int key_type = dkek_type_key(data);
uint8_t *allowed = NULL;
int16_t kdom = -1;
uint16_t allowed_len = 0;
if (key_type == 0x0) {
return SW_DATA_INVALID();
}
@@ -39,54 +50,50 @@ int cmd_key_unwrap() {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
do {
r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len);
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
int key_size = ctx.len;
mbedtls_rsa_free(&ctx);
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
do {
r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len);
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
int key_size = ctx.grp.nbits;
mbedtls_ecp_keypair_free(&ctx);
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & PICO_KEYS_KEY_AES) {
uint8_t aes_key[64];
int key_size = 0, aes_type = 0;
do {
r = dkek_decode_key(++kdom,
r = dkek_decode_key((uint8_t)++kdom,
aes_key,
apdu.data,
apdu.nc,
data,
data_len,
&key_size,
&allowed,
&allowed_len);
@@ -113,20 +120,19 @@ int cmd_key_unwrap() {
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}
prkd_len = asn1_build_prkd_aes(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf));
}
if ((allowed != NULL && allowed_len > 0) || kdom >= 0) {
size_t meta_len = (allowed_len > 0 ? 2 + allowed_len : 0) + (kdom >= 0 ? 3 : 0);
uint16_t meta_len = (allowed_len > 0 ? 2 + allowed_len : 0) + (kdom >= 0 ? 3 : 0);
uint8_t *meta = (uint8_t *) calloc(1, meta_len), *m = meta;
if (allowed_len > 0) {
*m++ = 0x91;
*m++ = allowed_len;
*m++ = (uint8_t)allowed_len;
memcpy(m, allowed, allowed_len); m += allowed_len;
}
if (kdom >= 0) {
*m++ = 0x92;
*m++ = 1;
*m++ = kdom;
*m++ = (uint8_t)kdom;
}
r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_len);
free(meta);
@@ -134,16 +140,9 @@ int cmd_key_unwrap() {
return r;
}
}
if (prkd_len > 0) {
file_t *fpk = file_new((PRKD_PREFIX << 8) | key_id);
r = flash_write_data_to_file(fpk, prkd_buf, prkd_len);
if (r != 0) {
return SW_EXEC_ERROR();
}
}
if (res_APDU_size > 0) {
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);
r = flash_write_data_to_file(fpk, res_APDU, res_APDU_size);
r = file_put_data(fpk, res_APDU, res_APDU_size);
if (r != 0) {
return SW_EXEC_ERROR();
}

24
src/hsm/cmd_key_wrap.c
View File

@@ -24,14 +24,15 @@
extern uint8_t get_key_domain(file_t *fkey);
int cmd_key_wrap() {
int key_id = P1(apdu), r = 0;
int r = 0;
uint8_t key_id = P1(apdu);
if (P2(apdu) != 0x92) {
return SW_WRONG_P1P2();
}
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id);
file_t *ef = search_file((KEY_PREFIX << 8) | key_id);
if (!ef) {
return SW_FILE_NOT_FOUND();
}
@@ -39,7 +40,7 @@ int cmd_key_wrap() {
if (kdom == 0xff) {
return SW_REFERENCE_NOT_FOUND();
}
file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF);
file_t *tf_kd = search_file(EF_KEY_DOMAIN);
uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * kdom] : 0,
current_dkeks = kdata ? kdata[2 * kdom + 1] : 0;
if (dkeks != current_dkeks || dkeks == 0 || dkeks == 0xff) {
@@ -48,13 +49,12 @@ int cmd_key_wrap() {
if (key_has_purpose(ef, ALGO_WRAP) == false) {
return SW_CONDITIONS_NOT_SATISFIED();
}
file_t *prkd = search_dynamic_file((PRKD_PREFIX << 8) | key_id);
file_t *prkd = search_file((PRKD_PREFIX << 8) | key_id);
if (!prkd) {
return SW_FILE_NOT_FOUND();
}
const uint8_t *dprkd = file_get_data(prkd);
size_t wrap_len = MAX_DKEK_ENCODE_KEY_BUFFER;
size_t tag_len = 0;
uint16_t wrap_len = MAX_DKEK_ENCODE_KEY_BUFFER, tag_len = 0;
const uint8_t *meta_tag = get_meta_tag(ef, 0x91, &tag_len);
if (*dprkd == P15_KEYTYPE_RSA) {
mbedtls_rsa_context ctx;
@@ -85,14 +85,14 @@ int cmd_key_wrap() {
mbedtls_ecp_keypair_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[64]; //maximum AES key size
uint8_t kdata_aes[64]; //maximum AES key size
if (wait_button_pressed() == true) { //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
int key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES;
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
uint16_t key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES;
memcpy(kdata_aes, file_get_data(ef), key_size);
if (mkek_decrypt(kdata_aes, key_size) != 0) {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
@@ -107,8 +107,8 @@ int cmd_key_wrap() {
else if (key_size == 16) {
aes_type = PICO_KEYS_KEY_AES_128;
}
r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = dkek_encode_key(kdom, kdata_aes, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata_aes, sizeof(kdata_aes));
}
if (r != CCID_OK) {
return SW_EXEC_ERROR();

89
src/hsm/cmd_keypair_gen.c
View File

@@ -31,33 +31,23 @@ int cmd_keypair_gen() {
}
int ret = 0;
size_t tout = 0;
//sc_asn1_print_tags(apdu.data, apdu.nc);
uint8_t *p = NULL;
//DEBUG_DATA(apdu.data,apdu.nc);
if (asn1_find_tag(apdu.data, apdu.nc, 0x7f49, &tout, &p) && tout > 0 && p != NULL) {
size_t oid_len = 0;
uint8_t *oid = NULL;
if (asn1_find_tag(p, tout, 0x6, &oid_len, &oid) && oid_len > 0 && oid != NULL) {
if (memcmp(oid, OID_ID_TA_RSA_V1_5_SHA_256, oid_len) == 0) { //RSA
size_t ex_len = 3, ks_len = 2;
uint8_t *ex = NULL, *ks = NULL;
asn1_ctx_t ctxi, ctxo = { 0 };
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
if (asn1_find_tag(&ctxi, 0x7f49, &ctxo) && asn1_len(&ctxo) > 0) {
asn1_ctx_t oid = { 0 };
if (asn1_find_tag(&ctxo, 0x6, &oid) && asn1_len(&oid) > 0) {
if (memcmp(oid.data, OID_ID_TA_RSA_V1_5_SHA_256, oid.len) == 0) { //RSA
asn1_ctx_t ex = { 0 }, ks = { 0 };
uint32_t exponent = 65537, key_size = 2048;
if (asn1_find_tag(p, tout, 0x82, &ex_len, &ex) && ex_len > 0 && ex != NULL) {
uint8_t *dt = ex;
exponent = 0;
for (int i = 0; i < ex_len; i++) {
exponent = (exponent << 8) | *dt++;
}
if (asn1_find_tag(&ctxo, 0x82, &ex) && asn1_len(&ex) > 0) {
exponent = asn1_get_uint(&ex);
}
if (asn1_find_tag(p, tout, 0x2, &ks_len, &ks) && ks_len > 0 && ks != NULL) {
uint8_t *dt = ks;
key_size = 0;
for (int i = 0; i < ks_len; i++) {
key_size = (key_size << 8) | *dt++;
}
if (asn1_find_tag(&ctxo, 0x2, &ks) && asn1_len(&ks) > 0) {
key_size = asn1_get_uint(&ks);
}
printf("KEYPAIR RSA %lu (%lx)\r\n",
printf("KEYPAIR RSA %lu (%lx)\n",
(unsigned long) key_size,
(unsigned long) exponent);
mbedtls_rsa_context rsa;
@@ -69,7 +59,7 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
if ((res_APDU_size =
asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
(uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
@@ -79,13 +69,13 @@ int cmd_keypair_gen() {
}
mbedtls_rsa_free(&rsa);
}
else if (memcmp(oid, OID_ID_TA_ECDSA_SHA_256, MIN(oid_len, 10)) == 0) { //ECC
size_t prime_len;
uint8_t *prime = NULL;
if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true) {
else if (memcmp(oid.data, OID_ID_TA_ECDSA_SHA_256, MIN(oid.len, 10)) == 0) { //ECC
asn1_ctx_t prime = { 0 };
if (asn1_find_tag(&ctxo, 0x81, &prime) != true) {
return SW_WRONG_DATA();
}
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime, prime_len);
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime.data, prime.len);
printf("KEYPAIR ECC %d\n", ec_id);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
return SW_FUNC_NOT_SUPPORTED();
}
@@ -111,50 +101,47 @@ int cmd_keypair_gen() {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t l91 = 0, ext_len = 0;
uint8_t *p91 = NULL, *ext = NULL;
if (asn1_find_tag(apdu.data, apdu.nc, 0x91, &l91, &p91) && p91 != NULL && l91 > 0) {
for (int n = 0; n < l91; n++) {
if (p91[n] == ALGO_EC_DH_XKEK) {
size_t l92 = 0;
uint8_t *p92 = NULL;
if (!asn1_find_tag(apdu.data, apdu.nc, 0x92, &l92,
&p92) || p92 == NULL || l92 == 0) {
asn1_ctx_t a91 = { 0 }, ext = { 0 };
if (asn1_find_tag(&ctxi, 0x91, &a91) && asn1_len(&a91) > 0) {
for (size_t n = 0; n < a91.len; n++) {
if (a91.data[n] == ALGO_EC_DH_XKEK) {
asn1_ctx_t a92 = {0};
if (!asn1_find_tag(&ctxi, 0x92, &a92) || asn1_len(&a92) == 0) {
return SW_WRONG_DATA();
}
if (p92[0] > MAX_KEY_DOMAINS) {
if (a92.data[0] > MAX_KEY_DOMAINS) {
return SW_WRONG_DATA();
}
file_t *tf_xkek = search_dynamic_file(EF_XKEK + p92[0]);
file_t *tf_xkek = search_file(EF_XKEK + a92.data[0]);
if (!tf_xkek) {
return SW_WRONG_DATA();
}
ext_len = 2 + 2 + strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size(
ext.len = 2 + 2 + (uint16_t)strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size(
tf_xkek);
ext = (uint8_t *) calloc(1, ext_len);
uint8_t *pe = ext;
ext.data = (uint8_t *) calloc(1, ext.len);
uint8_t *pe = ext.data;
*pe++ = 0x73;
*pe++ = ext_len - 2;
*pe++ = (uint8_t)ext.len - 2;
*pe++ = 0x6;
*pe++ = strlen(OID_ID_KEY_DOMAIN_UID);
*pe++ = (uint8_t)strlen(OID_ID_KEY_DOMAIN_UID);
memcpy(pe, OID_ID_KEY_DOMAIN_UID, strlen(OID_ID_KEY_DOMAIN_UID));
pe += strlen(OID_ID_KEY_DOMAIN_UID);
*pe++ = 0x80;
*pe++ = file_get_size(tf_xkek);
*pe++ = (uint8_t)file_get_size(tf_xkek);
memcpy(pe, file_get_data(tf_xkek), file_get_size(tf_xkek));
}
}
}
if ((res_APDU_size =
asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
if (ext) {
free(ext);
(uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
if (ext.data) {
free(ext.data);
}
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
if (ext) {
free(ext);
if (ext.data) {
free(ext.data);
}
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
@@ -172,7 +159,7 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);
ret = flash_write_data_to_file(fpk, res_APDU, res_APDU_size);
ret = file_put_data(fpk, res_APDU, res_APDU_size);
if (ret != 0) {
return SW_EXEC_ERROR();
}

10
src/hsm/cmd_list_keys.c
View File

@@ -21,11 +21,11 @@
int cmd_list_keys() {
/* First we send DEV private key */
/* Both below conditions should be always TRUE */
if (search_by_fid(EF_PRKD_DEV, NULL, SPECIFY_EF)) {
if (search_file(EF_PRKD_DEV)) {
res_APDU[res_APDU_size++] = EF_PRKD_DEV >> 8;
res_APDU[res_APDU_size++] = EF_PRKD_DEV & 0xff;
}
if (search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF)) {
if (search_file(EF_KEY_DEV)) {
res_APDU[res_APDU_size++] = EF_KEY_DEV >> 8;
res_APDU[res_APDU_size++] = EF_KEY_DEV & 0xff;
}
@@ -60,5 +60,11 @@ int cmd_list_keys() {
res_APDU[res_APDU_size++] = f->fid & 0xff;
}
}
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
if ((apdu.rlen + 2 + 10) % 64 == 0) { // FIX for strange behaviour with PSCS and multiple of 64
res_APDU[res_APDU_size++] = 0;
res_APDU[res_APDU_size++] = 0;
}
#endif
return SW_OK();
}

12
src/hsm/cmd_mse.c
View File

@@ -33,8 +33,10 @@ int cmd_mse() {
if (p1 & 0x1) { //SET
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
uint16_t tag_len = 0;
asn1_ctx_t ctxi;
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x80) {
if (p2 == 0xA4) {
if (tag_len == 10 &&
@@ -54,15 +56,15 @@ int cmd_mse() {
}
}
else if (p2 == 0xA4) { /* Aut */
for (int i = 0; i < MAX_PUK; i++) {
file_t *ef = search_dynamic_file(EF_PUK + i);
for (uint8_t i = 0; i < MAX_PUK; i++) {
file_t *ef = search_file(EF_PUK + i);
if (!ef) {
break;
}
if (!file_has_data(ef)) {
break;
}
size_t chr_len = 0;
uint16_t chr_len = 0;
const uint8_t *chr = cvc_get_chr(file_get_data(ef),
file_get_size(ef),
&chr_len);

37
src/hsm/cmd_pso.c
View File

@@ -20,7 +20,7 @@
#include "asn1.h"
#include "cvc.h"
extern int add_cert_puk_store(const uint8_t *data, size_t data_len, bool copy);
extern int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy);
extern PUK *current_puk;
int cmd_pso() {
@@ -33,13 +33,13 @@ int cmd_pso() {
return SW_REFERENCE_NOT_FOUND();
}
if (apdu.data[0] != 0x7F || apdu.data[1] != 0x21) {
uint8_t tlv_len = 2 + format_tlv_len(apdu.nc, NULL);
uint8_t tlv_len = 2 + format_tlv_len((uint16_t)apdu.nc, NULL);
memmove(apdu.data + tlv_len, apdu.data, apdu.nc);
memcpy(apdu.data, "\x7F\x21", 2);
format_tlv_len(apdu.nc, apdu.data + 2);
format_tlv_len((uint16_t)apdu.nc, apdu.data + 2);
apdu.nc += tlv_len;
}
int r = cvc_verify(apdu.data, apdu.nc, current_puk->cvcert, current_puk->cvcert_len);
int r = cvc_verify(apdu.data, (uint16_t)apdu.nc, current_puk->cvcert, current_puk->cvcert_len);
if (r != CCID_OK) {
if (r == CCID_WRONG_DATA) {
return SW_DATA_INVALID();
@@ -49,28 +49,28 @@ int cmd_pso() {
}
return SW_EXEC_ERROR();
}
for (int i = 0; i < 0xfe; i++) {
for (uint8_t i = 0; i < 0xfe; i++) {
uint16_t fid = (CA_CERTIFICATE_PREFIX << 8) | i;
file_t *ca_ef = search_dynamic_file(fid);
file_t *ca_ef = search_file(fid);
if (!ca_ef) {
ca_ef = file_new(fid);
flash_write_data_to_file(ca_ef, apdu.data, apdu.nc);
file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc);
if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef),
false) != CCID_OK) {
return SW_FILE_FULL();
}
size_t chr_len = 0;
const uint8_t *chr = cvc_get_chr(apdu.data, apdu.nc, &chr_len);
uint16_t chr_len = 0;
const uint8_t *chr = cvc_get_chr(apdu.data, (uint16_t)apdu.nc, &chr_len);
if (chr == NULL) {
return SW_WRONG_DATA();
}
size_t puk_len = 0, puk_bin_len = 0;
const uint8_t *puk = cvc_get_pub(apdu.data, apdu.nc, &puk_len), *puk_bin = NULL;
uint16_t puk_len = 0, puk_bin_len = 0;
const uint8_t *puk = cvc_get_pub(apdu.data, (uint16_t)apdu.nc, &puk_len), *puk_bin = NULL;
if (puk == NULL) {
return SW_WRONG_DATA();
}
size_t oid_len = 0;
uint16_t oid_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
if (oid == NULL) {
return SW_WRONG_DATA();
@@ -82,15 +82,15 @@ int cmd_pso() {
}
}
else if (memcmp(oid, OID_ID_TA_ECDSA, 9) == 0) { //ECC
mbedtls_ecp_group_id ec_id = cvc_inherite_ec_group(apdu.data, apdu.nc);
mbedtls_ecp_group_id ec_id = cvc_inherite_ec_group(apdu.data, (uint16_t)apdu.nc);
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
if (mbedtls_ecp_group_load(&grp, ec_id) != 0) {
mbedtls_ecp_group_free(&grp);
return SW_WRONG_DATA();
}
size_t plen = mbedtls_mpi_size(&grp.P);
size_t t86_len = 0;
uint16_t plen = (uint16_t)mbedtls_mpi_size(&grp.P);
uint16_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86);
if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
if (plen != t86_len) {
@@ -126,7 +126,7 @@ int cmd_pso() {
}
}
file_t *cd_ef = file_new((CD_PREFIX << 8) | i);
size_t cd_len = asn1_build_cert_description(chr,
uint16_t cd_len = (uint16_t)asn1_build_cert_description(chr,
chr_len,
puk_bin,
puk_bin_len,
@@ -137,14 +137,14 @@ int cmd_pso() {
return SW_EXEC_ERROR();
}
uint8_t *buf = (uint8_t *) calloc(cd_len, sizeof(uint8_t));
int r = asn1_build_cert_description(chr,
r = (int)asn1_build_cert_description(chr,
chr_len,
puk_bin,
puk_bin_len,
fid,
buf,
cd_len);
flash_write_data_to_file(cd_ef, buf, cd_len);
file_put_data(cd_ef, buf, cd_len);
free(buf);
if (r == 0) {
return SW_EXEC_ERROR();
@@ -153,7 +153,6 @@ int cmd_pso() {
break;
}
}
return SW_OK();
}
else {
return SW_INCORRECT_P1P2();

16
src/hsm/cmd_puk_auth.c
View File

@@ -21,7 +21,7 @@
int cmd_puk_auth() {
uint8_t p1 = P1(apdu), p2 = P2(apdu);
file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF);
file_t *ef_puk = search_file(EF_PUKAUT);
if (!file_has_data(ef_puk)) {
if (apdu.nc > 0) {
return SW_FILE_NOT_FOUND();
@@ -36,8 +36,8 @@ int cmd_puk_auth() {
if (p2 != 0x0) {
return SW_INCORRECT_P1P2();
}
for (int i = 0; i < puk_data[0]; i++) {
ef = search_dynamic_file(EF_PUK + i);
for (uint8_t i = 0; i < puk_data[0]; i++) {
ef = search_file(EF_PUK + i);
if (!ef) { /* Never should not happen */
return SW_MEMORY_FAILURE();
}
@@ -48,7 +48,7 @@ int cmd_puk_auth() {
uint8_t *tmp = (uint8_t *) calloc(file_get_size(ef_puk), sizeof(uint8_t));
memcpy(tmp, puk_data, file_get_size(ef_puk));
tmp[1] = puk_data[1] - 1;
flash_write_data_to_file(ef_puk, tmp, file_get_size(ef_puk));
file_put_data(ef_puk, tmp, file_get_size(ef_puk));
puk_data = file_get_data(ef_puk);
free(tmp);
}
@@ -56,12 +56,12 @@ int cmd_puk_auth() {
if (p2 >= puk_data[0]) {
return SW_INCORRECT_P1P2();
}
ef = search_dynamic_file(EF_PUK + p2);
ef = search_file(EF_PUK + p2);
if (!ef) { /* Never should not happen */
return SW_MEMORY_FAILURE();
}
}
flash_write_data_to_file(ef, apdu.data, apdu.nc);
file_put_data(ef, apdu.data, (uint16_t)apdu.nc);
low_flash_available();
}
else {
@@ -72,14 +72,14 @@ int cmd_puk_auth() {
if (p2 >= puk_data[0]) {
return SW_INCORRECT_P1P2();
}
file_t *ef = search_dynamic_file(EF_PUK + p2);
file_t *ef = search_file(EF_PUK + p2);
if (!ef) {
return SW_INCORRECT_P1P2();
}
if (!file_has_data(ef)) {
return SW_REFERENCE_NOT_FOUND();
}
size_t chr_len = 0;
uint16_t chr_len = 0;
const uint8_t *chr = cvc_get_chr(file_get_data(ef), file_get_size(ef), &chr_len);
if (chr) {
memcpy(res_APDU, chr, chr_len);

15
src/hsm/cmd_read_binary.c
View File

@@ -18,14 +18,13 @@
#include "sc_hsm.h"
int cmd_read_binary() {
uint16_t fid = 0x0;
uint32_t offset = 0;
uint16_t offset = 0;
uint8_t ins = INS(apdu), p1 = P1(apdu), p2 = P2(apdu);
const file_t *ef = NULL;
if ((ins & 0x1) == 0) {
if ((p1 & 0x80) != 0) {
if (!(ef = search_by_fid(p1 & 0x1f, NULL, SPECIFY_EF))) {
if (!(ef = search_file(p1 & 0x1f))) {
return SW_FILE_NOT_FOUND();
}
offset = p2;
@@ -37,7 +36,7 @@ int cmd_read_binary() {
}
else {
if (p1 == 0 && (p2 & 0xE0) == 0 && (p2 & 0x1f) != 0 && (p2 & 0x1f) != 0x1f) {
if (!(ef = search_by_fid(p2 & 0x1f, NULL, SPECIFY_EF))) {
if (!(ef = search_file(p2 & 0x1f))) {
return SW_FILE_NOT_FOUND();
}
}
@@ -46,9 +45,7 @@ int cmd_read_binary() {
if (file_id == 0x0) {
ef = currentEF;
}
else if (!(ef =
search_by_fid(file_id, NULL,
SPECIFY_EF)) && !(ef = search_dynamic_file(file_id))) {
else if (!(ef = search_file(file_id))) {
return SW_FILE_NOT_FOUND();
}
@@ -63,12 +60,12 @@ int cmd_read_binary() {
}
}
if ((fid >> 8) == KEY_PREFIX || !authenticate_action(ef, ACL_OP_READ_SEARCH)) {
if ((ef->fid >> 8) == KEY_PREFIX || !authenticate_action(ef, ACL_OP_READ_SEARCH)) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (ef->data) {
if ((ef->type & FILE_DATA_FUNC) == FILE_DATA_FUNC) {
uint16_t data_len = ((int (*)(const file_t *, int))(ef->data))((const file_t *) ef, 1); //already copies content to res_APDU
uint16_t data_len = (uint16_t)((int (*)(const file_t *, int))(ef->data))((const file_t *) ef, 1); //already copies content to res_APDU
if (offset > data_len) {
return SW_WRONG_P1P2();
}

14
src/hsm/cmd_reset_retry.c
View File

@@ -34,17 +34,17 @@ int cmd_reset_retry() {
return SW_COMMAND_NOT_ALLOWED();
}
if (P1(apdu) == 0x0 || P1(apdu) == 0x2) {
int newpin_len = 0;
uint8_t newpin_len = 0;
if (P1(apdu) == 0x0) {
uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin));
if (apdu.nc <= so_pin_len + 1) {
uint8_t so_pin_len = file_read_uint8(file_sopin);
if ((uint16_t)apdu.nc <= so_pin_len + 1) {
return SW_WRONG_LENGTH();
}
uint16_t r = check_pin(file_sopin, apdu.data, so_pin_len);
if (r != 0x9000) {
return r;
}
newpin_len = apdu.nc - so_pin_len;
newpin_len = (uint8_t)apdu.nc - so_pin_len;
}
else if (P1(apdu) == 0x2) {
if (!has_session_sopin) {
@@ -53,12 +53,12 @@ int cmd_reset_retry() {
if (apdu.nc > 16) {
return SW_WRONG_LENGTH();
}
newpin_len = apdu.nc;
newpin_len = (uint8_t)apdu.nc;
}
uint8_t dhash[33];
dhash[0] = newpin_len;
double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1);
flash_write_data_to_file(file_pin1, dhash, sizeof(dhash));
file_put_data(file_pin1, dhash, sizeof(dhash));
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
return SW_MEMORY_FAILURE();
}
@@ -82,7 +82,7 @@ int cmd_reset_retry() {
return SW_COMMAND_NOT_ALLOWED();
}
if (P1(apdu) == 0x1) {
uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin));
uint8_t so_pin_len = file_read_uint8(file_sopin);
if (apdu.nc != so_pin_len) {
return SW_WRONG_LENGTH();
}

13
src/hsm/cmd_select.c
View File

@@ -23,7 +23,7 @@ void select_file(file_t *pe) {
currentDF = (file_t *) MF;
currentEF = NULL;
}
else if (pe->type & FILE_TYPE_INTERNAL_EF) {
else if (pe->type & (FILE_TYPE_INTERNAL_EF|FILE_TYPE_WORKING_EF)) {
currentEF = pe;
currentDF = &file_entries[pe->parent];
}
@@ -63,8 +63,7 @@ int cmd_select() {
pfx == DCOD_PREFIX ||
pfx == DATA_PREFIX ||
pfx == PROT_DATA_PREFIX) {*/
if (fid != 0x0 && !(pe = search_dynamic_file(fid)) &&
!(pe = search_by_fid(fid, NULL, SPECIFY_EF))) {
if (fid != 0x0 && !(pe = search_file(fid))) {
return SW_FILE_NOT_FOUND();
}
/*}*/
@@ -96,7 +95,7 @@ int cmd_select() {
}
}
else if (p1 == 0x04) { //Select by DF name - e.g., [truncated] application identifier
if (!(pe = search_by_name(apdu.data, apdu.nc))) {
if (!(pe = search_by_name(apdu.data, (uint16_t)apdu.nc))) {
return SW_FILE_NOT_FOUND();
}
if (card_terminated) {
@@ -104,12 +103,12 @@ int cmd_select() {
}
}
else if (p1 == 0x08) { //Select from the MF - Path without the MF identifier
if (!(pe = search_by_path(apdu.data, apdu.nc, MF))) {
if (!(pe = search_by_path(apdu.data, (uint8_t)apdu.nc, MF))) {
return SW_FILE_NOT_FOUND();
}
}
else if (p1 == 0x09) { //Select from the current DF - Path without the current DF identifier
if (!(pe = search_by_path(apdu.data, apdu.nc, currentDF))) {
if (!(pe = search_by_path(apdu.data, (uint8_t)apdu.nc, currentDF))) {
return SW_FILE_NOT_FOUND();
}
}
@@ -125,7 +124,7 @@ int cmd_select() {
res_APDU[res_APDU_size++] = 0xFF;
res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR;
res_APDU[res_APDU_size++] = HSM_VERSION_MINOR;
res_APDU[1] = res_APDU_size - 2;
res_APDU[1] = (uint8_t)res_APDU_size - 2;
}
}
else {

59
src/hsm/cmd_signature.c
View File

@@ -58,8 +58,8 @@ static const uint8_t hdr_ripemd160[] = {
static const struct digest_info_prefix {
mbedtls_md_type_t algorithm;
const uint8_t *hdr;
size_t hdr_len;
size_t hash_len;
uint16_t hdr_len;
uint16_t hash_len;
} digest_info_prefix[] = {
{ MBEDTLS_MD_MD5, hdr_md5, sizeof(hdr_md5), 16 },
{ MBEDTLS_MD_SHA1, hdr_sha1, sizeof(hdr_sha1), 20 },
@@ -72,11 +72,11 @@ static const struct digest_info_prefix {
};
int pkcs1_strip_digest_info_prefix(mbedtls_md_type_t *algorithm,
const uint8_t *in_dat,
size_t in_len,
uint16_t in_len,
uint8_t *out_dat,
size_t *out_len) {
uint16_t *out_len) {
for (int i = 0; digest_info_prefix[i].algorithm != 0; i++) {
size_t hdr_len = digest_info_prefix[i].hdr_len, hash_len = digest_info_prefix[i].hash_len;
uint16_t hdr_len = digest_info_prefix[i].hdr_len, hash_len = digest_info_prefix[i].hash_len;
const uint8_t *hdr = digest_info_prefix[i].hdr;
if (in_len == (hdr_len + hash_len) && !memcmp(in_dat, hdr, hdr_len)) {
if (algorithm) {
@@ -105,10 +105,7 @@ int cmd_signature() {
if (!isUserAuthenticated) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if ((!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) &&
!(fkey =
search_by_fid((KEY_PREFIX << 8) | key_id, NULL,
SPECIFY_EF))) || !file_has_data(fkey)) {
if (!(fkey = search_file((KEY_PREFIX << 8) | key_id)) || !file_has_data(fkey)) {
return SW_FILE_NOT_FOUND();
}
if (get_key_counter(fkey) == 0) {
@@ -117,7 +114,7 @@ int cmd_signature() {
if (key_has_purpose(fkey, p2) == false) {
return SW_CONDITIONS_NOT_SATISFIED();
}
int key_size = file_get_size(fkey);
uint16_t key_size = file_get_size(fkey);
if (p2 == ALGO_RSA_PKCS1_SHA1 || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_EC_SHA1) {
md = MBEDTLS_MD_SHA1;
}
@@ -153,11 +150,10 @@ int cmd_signature() {
}
return SW_EXEC_ERROR();
}
uint8_t *hash = apdu.data;
size_t hash_len = apdu.nc;
asn1_ctx_t hash = {.len = (uint16_t)apdu.nc, .data = apdu.data};
if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
size_t nc = apdu.nc;
if (pkcs1_strip_digest_info_prefix(&md, apdu.data, apdu.nc, apdu.data,
uint16_t nc = (uint16_t)apdu.nc;
if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,
&nc) != CCID_OK) { //gets the MD algo id and strips it off
return SW_EXEC_ERROR();
}
@@ -165,35 +161,34 @@ int cmd_signature() {
}
else {
//sc_asn1_print_tags(apdu.data, apdu.nc);
size_t tout = 0, oid_len = 0;
uint8_t *p = NULL, *oid = NULL;
if (asn1_find_tag(apdu.data, apdu.nc, 0x30, &tout, &p) && tout > 0 && p != NULL) {
size_t tout30 = 0;
uint8_t *c30 = NULL;
if (asn1_find_tag(p, tout, 0x30, &tout30, &c30) && tout30 > 0 && c30 != NULL) {
asn1_find_tag(c30, tout30, 0x6, &oid_len, &oid);
asn1_ctx_t ctxi, ctxo = { 0 }, oid = { 0 };
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
if (asn1_find_tag(&ctxi, 0x30, &ctxo) && asn1_len(&ctxo) > 0) {
asn1_ctx_t a30 = { 0 };
if (asn1_find_tag(&ctxo, 0x30, &a30) && asn1_len(&a30) > 0) {
asn1_find_tag(&a30, 0x6, &oid);
}
asn1_find_tag(p, tout, 0x4, &hash_len, &hash);
asn1_find_tag(&ctxo, 0x4, &hash);
}
if (oid && oid_len > 0) {
if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA1, oid_len) == 0) {
if (asn1_len(&oid)) {
if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA1, oid.len) == 0) {
md = MBEDTLS_MD_SHA1;
}
else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA224, oid_len) == 0) {
else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA224, oid.len) == 0) {
md = MBEDTLS_MD_SHA224;
}
else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA256, oid_len) == 0) {
else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA256, oid.len) == 0) {
md = MBEDTLS_MD_SHA256;
}
else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA384, oid_len) == 0) {
else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA384, oid.len) == 0) {
md = MBEDTLS_MD_SHA384;
}
else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA512, oid_len) == 0) {
else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA512, oid.len) == 0) {
md = MBEDTLS_MD_SHA512;
}
}
if (p2 >= ALGO_RSA_PSS && p2 <= ALGO_RSA_PSS_SHA512) {
if (p2 == ALGO_RSA_PSS && !oid) {
if (p2 == ALGO_RSA_PSS && asn1_len(&oid) == 0) {
if (apdu.nc == 20) { //default is sha1
md = MBEDTLS_MD_SHA1;
}
@@ -221,7 +216,7 @@ int cmd_signature() {
}
else {
uint8_t *signature = (uint8_t *) calloc(key_size, sizeof(uint8_t));
r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, hash_len, hash, signature);
r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, hash.len, hash.data, signature);
memcpy(res_APDU, signature, key_size);
free(signature);
}
@@ -291,7 +286,7 @@ int cmd_signature() {
return SW_EXEC_ERROR();
}
memcpy(res_APDU, buf, olen);
res_APDU_size = olen;
res_APDU_size = (uint16_t)olen;
mbedtls_ecp_keypair_free(&ctx);
}
else if (p2 == ALGO_HD) {
@@ -311,7 +306,7 @@ int cmd_signature() {
return SW_EXEC_ERROR();
}
memcpy(res_APDU, buf, olen);
res_APDU_size = olen;
res_APDU_size = (uint16_t)olen;
mbedtls_ecdsa_free(&hd_context);
hd_keytype = 0;
}

19
src/hsm/cmd_update_ef.c
View File

@@ -48,15 +48,17 @@ int cmd_update_ef() {
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
uint16_t tag_len = 0;
asn1_ctx_t ctxi;
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x54) { //ofset tag
for (int i = 1; i <= tag_len; i++) {
for (size_t i = 1; i <= tag_len; i++) {
offset |= (*tag_data++ << (8 * (tag_len - i)));
}
}
else if (tag == 0x53) { //data
data_len = tag_len;
data_len = (uint16_t)tag_len;
data = tag_data;
}
}
@@ -70,15 +72,12 @@ int cmd_update_ef() {
if (fid == 0x0 && !ef) {
return SW_FILE_NOT_FOUND();
}
else if (fid != 0x0 &&
!(ef =
search_by_fid(fid, NULL,
SPECIFY_EF)) && !(ef = search_dynamic_file(fid))) { //if does not exist, create it
else if (fid != 0x0 && !(ef = search_file(fid))) { //if does not exist, create it
//return SW_FILE_NOT_FOUND();
ef = file_new(fid);
}
if (offset == 0) {
int r = flash_write_data_to_file(ef, data, data_len);
int r = file_put_data(ef, data, data_len);
if (r != CCID_OK) {
return SW_MEMORY_FAILURE();
}
@@ -91,7 +90,7 @@ int cmd_update_ef() {
uint8_t *data_merge = (uint8_t *) calloc(1, offset + data_len);
memcpy(data_merge, file_get_data(ef), offset);
memcpy(data_merge + offset, data, data_len);
int r = flash_write_data_to_file(ef, data_merge, offset + data_len);
int r = file_put_data(ef, data_merge, offset + data_len);
free(data_merge);
if (r != CCID_OK) {
return SW_MEMORY_FAILURE();

14
src/hsm/cmd_verify.c
View File

@@ -37,27 +37,27 @@ int cmd_verify() {
return SW_REFERENCE_NOT_FOUND();
}
if (apdu.nc > 0) {
return check_pin(file_pin1, apdu.data, apdu.nc);
return check_pin(file_pin1, apdu.data, (uint16_t)apdu.nc);
}
if (file_read_uint8(file_get_data(file_retries_pin1)) == 0) {
if (file_read_uint8(file_retries_pin1) == 0) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_pin1)));
return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_pin1));
}
else if (p2 == 0x88) { //SOPin
if (file_read_uint8(file_get_data(file_sopin)) == 0) { //not initialized
if (file_read_uint8(file_sopin) == 0) { //not initialized
return SW_REFERENCE_NOT_FOUND();
}
if (apdu.nc > 0) {
return check_pin(file_sopin, apdu.data, apdu.nc);
return check_pin(file_sopin, apdu.data, (uint16_t)apdu.nc);
}
if (file_read_uint8(file_get_data(file_retries_sopin)) == 0) {
if (file_read_uint8(file_retries_sopin) == 0) {
return SW_PIN_BLOCKED();
}
if (has_session_sopin) {
return SW_OK();
}
return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_sopin)));
return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_sopin));
}
else if (p2 == 0x85) {
return SW_OK();

277
src/hsm/cvc.c
View File

@@ -15,9 +15,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "common.h"
#include "cvc.h"
#include "sc_hsm.h"
#include "cvc.h"
#include "mbedtls/rsa.h"
#include "mbedtls/ecdsa.h"
#include <string.h>
@@ -30,14 +29,14 @@
#include "mbedtls/eddsa.h"
extern const uint8_t *dev_name;
extern size_t dev_name_len;
extern uint16_t dev_name_len;
size_t asn1_cvc_public_key_rsa(mbedtls_rsa_context *rsa, uint8_t *buf, size_t buf_len) {
uint16_t asn1_cvc_public_key_rsa(mbedtls_rsa_context *rsa, uint8_t *buf, uint16_t buf_len) {
const uint8_t oid_rsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x01, 0x02 };
size_t n_size = mbedtls_mpi_size(&rsa->N), e_size = mbedtls_mpi_size(&rsa->E);
size_t ntot_size = asn1_len_tag(0x81, n_size), etot_size = asn1_len_tag(0x82, e_size);
size_t oid_len = asn1_len_tag(0x6, sizeof(oid_rsa));
size_t tot_len = asn1_len_tag(0x7f49, oid_len + ntot_size + etot_size);
uint16_t n_size = (uint16_t)mbedtls_mpi_size(&rsa->N), e_size = (uint16_t)mbedtls_mpi_size(&rsa->E);
uint16_t ntot_size = asn1_len_tag(0x81, n_size), etot_size = asn1_len_tag(0x82, e_size);
uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_rsa));
uint16_t tot_len = asn1_len_tag(0x7f49, oid_len + ntot_size + etot_size);
if (buf == NULL || buf_len == 0) {
return tot_len;
}
@@ -73,7 +72,7 @@ const uint8_t *pointA[] = {
"\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC",
};
size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_t buf_len) {
uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uint16_t buf_len) {
uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN];
const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 };
const uint8_t oid_ri[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 };
@@ -83,14 +82,14 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_
size_t o_size = mbedtls_mpi_size(&ecdsa->grp.N), y_size = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &g_size, G_buf, sizeof(G_buf));
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &y_size, Y_buf, sizeof(Y_buf));
size_t c_size = 1;
size_t ptot_size = asn1_len_tag(0x81, p_size), atot_size = asn1_len_tag(0x82, a_size ? a_size : (pointA[ecdsa->grp.id] && ecdsa->grp.id < 6 ? p_size : 1));
size_t btot_size = asn1_len_tag(0x83, b_size), gtot_size = asn1_len_tag(0x84, g_size);
size_t otot_size = asn1_len_tag(0x85, o_size), ytot_size = asn1_len_tag(0x86, y_size);
size_t ctot_size = asn1_len_tag(0x87, c_size);
size_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
size_t tot_len = 0, tot_data_len = 0;
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
uint16_t c_size = 1;
uint16_t ptot_size = asn1_len_tag(0x81, (uint16_t)p_size), atot_size = asn1_len_tag(0x82, a_size ? (uint16_t)a_size : (pointA[ecdsa->grp.id] && ecdsa->grp.id < 6 ? (uint16_t)p_size : 1));
uint16_t btot_size = asn1_len_tag(0x83, (uint16_t)b_size), gtot_size = asn1_len_tag(0x84, (uint16_t)g_size);
uint16_t otot_size = asn1_len_tag(0x85, (uint16_t)o_size), ytot_size = asn1_len_tag(0x86, (uint16_t)y_size);
uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size);
uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
uint16_t tot_len = 0, tot_data_len = 0;
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS {
tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
oid = oid_ri;
}
@@ -113,27 +112,27 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_
p += sizeof(oid_ecdsa);
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
//p
*p++ = 0x81; p += format_tlv_len(p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
*p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
p += p_size;
//order
*p++ = 0x82; p += format_tlv_len(o_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.N, p, o_size);
*p++ = 0x82; p += format_tlv_len((uint16_t)o_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.N, p, o_size);
p += o_size;
//G
*p++ = 0x83; p += format_tlv_len(g_size, p); memcpy(p, G_buf, g_size); p += g_size;
//G
*p++ = 0x83; p += format_tlv_len((uint16_t)g_size, p); memcpy(p, G_buf, g_size); p += g_size;
//Y
*p++ = 0x84; p += format_tlv_len(y_size, p); memcpy(p, Y_buf, y_size); p += y_size;
*p++ = 0x84; p += format_tlv_len((uint16_t)y_size, p); memcpy(p, Y_buf, y_size); p += y_size;
}
else {
//p
*p++ = 0x81; p += format_tlv_len(p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
*p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
p += p_size;
//A
if (a_size) {
*p++ = 0x82; p += format_tlv_len(a_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.A, p, a_size); p += a_size;
*p++ = 0x82; p += format_tlv_len((uint16_t)a_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.A, p, a_size); p += a_size;
}
else { //mbedtls does not set point A for some curves
if (pointA[ecdsa->grp.id] && ecdsa->grp.id < 6) {
*p++ = 0x82; p += format_tlv_len(p_size, p); memcpy(p, pointA[ecdsa->grp.id], p_size);
*p++ = 0x82; p += format_tlv_len((uint16_t)p_size, p); memcpy(p, pointA[ecdsa->grp.id], p_size);
p += p_size;
}
else {
@@ -142,15 +141,15 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_
}
}
//B
*p++ = 0x83; p += format_tlv_len(b_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.B, p, b_size);
*p++ = 0x83; p += format_tlv_len((uint16_t)b_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.B, p, b_size);
p += b_size;
//G
*p++ = 0x84; p += format_tlv_len(g_size, p); memcpy(p, G_buf, g_size); p += g_size;
*p++ = 0x84; p += format_tlv_len((uint16_t)g_size, p); memcpy(p, G_buf, g_size); p += g_size;
//order
*p++ = 0x85; p += format_tlv_len(o_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.N, p, o_size);
*p++ = 0x85; p += format_tlv_len((uint16_t)o_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.N, p, o_size);
p += o_size;
//Y
*p++ = 0x86; p += format_tlv_len(y_size, p); memcpy(p, Y_buf, y_size); p += y_size;
*p++ = 0x86; p += format_tlv_len((uint16_t)y_size, p); memcpy(p, Y_buf, y_size); p += y_size;
//cofactor
*p++ = 0x87; p += format_tlv_len(c_size, p);
*p++ = 1;
@@ -158,55 +157,52 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_
return tot_len;
}
size_t asn1_cvc_cert_body(void *rsa_ecdsa,
uint16_t asn1_cvc_cert_body(void *rsa_ecdsa,
uint8_t key_type,
uint8_t *buf,
size_t buf_len,
uint16_t buf_len,
const uint8_t *ext,
size_t ext_len,
uint16_t ext_len,
bool full) {
size_t pubkey_size = 0;
uint16_t pubkey_size = 0;
if (key_type & PICO_KEYS_KEY_RSA) {
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
}
else if (key_type & PICO_KEYS_KEY_EC) {
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
}
size_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0;
uint16_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0;
if (ext && ext_len > 0) {
ext_size = asn1_len_tag(0x65, ext_len);
}
const uint8_t *role = (const uint8_t *)"\x06\x09\x04\x00\x7F\x00\x07\x03\x01\x02\x02\x53\x01\x00";
size_t rolelen = 14;
uint16_t rolelen = 14;
if (full) {
role_size = asn1_len_tag(0x7f4c, rolelen);
valid_size = asn1_len_tag(0x5f24, 6) + asn1_len_tag(0x5f25, 6);
}
uint8_t *car = NULL, *chr = NULL;
size_t lencar = 0, lenchr = 0;
if (asn1_find_tag(apdu.data, apdu.nc, 0x42, &lencar,
&car) == false || lencar == 0 || car == NULL) {
car = (uint8_t *) dev_name;
lencar = dev_name_len;
asn1_ctx_t ctxi, car = {0}, chr = {0};
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
if (asn1_find_tag(&ctxi, 0x42, &car) == false || asn1_len(&car) == 0) {
car.data = (uint8_t *) dev_name;
car.len = dev_name_len;
if (dev_name == NULL) {
car = (uint8_t *)"ESPICOHSMTR00001";
lencar = strlen((const char *)car);
car.data = (uint8_t *)"ESPICOHSMTR00001";
car.len = (uint16_t)strlen((const char *)car.data);
}
}
if (asn1_find_tag(apdu.data, apdu.nc, 0x5f20, &lenchr,
&chr) == false || lenchr == 0 || chr == NULL) {
chr = (uint8_t *) dev_name;
lenchr = dev_name_len;
if (chr == NULL) {
chr = car;
lenchr = lencar;
if (asn1_find_tag(&ctxi, 0x5f20, &chr) == false || asn1_len(&chr) == 0) {
chr.data = (uint8_t *) dev_name;
chr.len = dev_name_len;
if (chr.data == NULL) {
chr.data = car.data;
chr.len = car.len;
}
}
size_t car_size = asn1_len_tag(0x42, lencar), chr_size = asn1_len_tag(0x5f20, lenchr);
uint16_t car_size = asn1_len_tag(0x42, car.len), chr_size = asn1_len_tag(0x5f20, chr.len);
size_t tot_len = asn1_len_tag(0x7f4e, cpi_size + car_size + pubkey_size + chr_size + ext_size + role_size + valid_size);
uint16_t tot_len = asn1_len_tag(0x7f4e, cpi_size + car_size + pubkey_size + chr_size + ext_size + role_size + valid_size);
if (buf_len == 0 || buf == NULL) {
return tot_len;
@@ -220,7 +216,7 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
//cpi
*p++ = 0x5f; *p++ = 0x29; *p++ = 1; *p++ = 0;
//car
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
*p++ = 0x42; p += format_tlv_len(car.len, p); memcpy(p, car.data, car.len); p += car.len;
//pubkey
if (key_type & PICO_KEYS_KEY_RSA) {
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
@@ -229,7 +225,7 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
}
//chr
*p++ = 0x5f; *p++ = 0x20; p += format_tlv_len(lenchr, p); memcpy(p, chr, lenchr); p += lenchr;
*p++ = 0x5f; *p++ = 0x20; p += format_tlv_len(chr.len, p); memcpy(p, chr.data, chr.len); p += chr.len;
if (full) {
*p++ = 0x7f;
*p++ = 0x4c;
@@ -258,22 +254,22 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
return tot_len;
}
size_t asn1_cvc_cert(void *rsa_ecdsa,
uint16_t asn1_cvc_cert(void *rsa_ecdsa,
uint8_t key_type,
uint8_t *buf,
size_t buf_len,
uint16_t buf_len,
const uint8_t *ext,
size_t ext_len,
uint16_t ext_len,
bool full) {
size_t key_size = 0;
uint16_t key_size = 0;
if (key_type & PICO_KEYS_KEY_RSA) {
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
key_size = (uint16_t)mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
}
else if (key_type & PICO_KEYS_KEY_EC) {
key_size = 2 * (int)((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)->grp.id)->bit_size + 7) / 8);
}
size_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size);
size_t tot_len = asn1_len_tag(0x7f21, body_size + sig_size);
uint16_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size);
uint16_t tot_len = asn1_len_tag(0x7f21, body_size + sig_size);
if (buf_len == 0 || buf == NULL) {
return tot_len;
}
@@ -318,20 +314,20 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
}
return p - buf;
return (uint16_t)(p - buf);
}
size_t asn1_cvc_aut(void *rsa_ecdsa,
uint16_t asn1_cvc_aut(void *rsa_ecdsa,
uint8_t key_type,
uint8_t *buf,
size_t buf_len,
uint16_t buf_len,
const uint8_t *ext,
size_t ext_len) {
size_t cvcert_size = asn1_cvc_cert(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, false);
size_t outcar_len = dev_name_len;
uint16_t ext_len) {
uint16_t cvcert_size = asn1_cvc_cert(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, false);
uint16_t outcar_len = dev_name_len;
const uint8_t *outcar = dev_name;
size_t outcar_size = asn1_len_tag(0x42, outcar_len);
file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF);
uint16_t outcar_size = asn1_len_tag(0x42, outcar_len);
file_t *fkey = search_file(EF_KEY_DEV);
if (!fkey) {
return 0;
}
@@ -341,8 +337,9 @@ size_t asn1_cvc_aut(void *rsa_ecdsa,
mbedtls_ecp_keypair_free(&ectx);
return 0;
}
int ret = 0, key_size = 2 * mbedtls_mpi_size(&ectx.d);
size_t outsig_size = asn1_len_tag(0x5f37, key_size), tot_len = asn1_len_tag(0x67, cvcert_size + outcar_size + outsig_size);
int ret = 0;
uint16_t key_size = 2 * (uint16_t)mbedtls_mpi_size(&ectx.d);
uint16_t outsig_size = asn1_len_tag(0x5f37, key_size), tot_len = asn1_len_tag(0x67, cvcert_size + outcar_size + outsig_size);
if (buf_len == 0 || buf == NULL) {
return tot_len;
}
@@ -376,28 +373,28 @@ size_t asn1_cvc_aut(void *rsa_ecdsa,
mbedtls_mpi_free(&s);
return 0;
}
mbedtls_mpi_write_binary(&r, p, mbedtls_mpi_size(&r)); p += mbedtls_mpi_size(&r);
mbedtls_mpi_write_binary(&s, p, mbedtls_mpi_size(&s)); p += mbedtls_mpi_size(&s);
mbedtls_mpi_write_binary(&r, p, key_size / 2); p += key_size / 2;
mbedtls_mpi_write_binary(&s, p, key_size / 2); p += key_size / 2;
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
return p - buf;
return (uint16_t)(p - buf);
}
size_t asn1_build_cert_description(const uint8_t *label,
size_t label_len,
uint16_t asn1_build_cert_description(const uint8_t *label,
uint16_t label_len,
const uint8_t *puk,
size_t puk_len,
uint16_t puk_len,
uint16_t fid,
uint8_t *buf,
size_t buf_len) {
size_t opt_len = 2;
size_t seq1_size =
uint16_t buf_len) {
uint16_t opt_len = 2;
uint16_t seq1_size =
asn1_len_tag(0x30, asn1_len_tag(0xC, label_len) + asn1_len_tag(0x3, opt_len));
size_t seq2_size = asn1_len_tag(0x30, asn1_len_tag(0x4, 20)); /* SHA1 is 20 bytes length */
size_t seq3_size =
uint16_t seq2_size = asn1_len_tag(0x30, asn1_len_tag(0x4, 20)); /* SHA1 is 20 bytes length */
uint16_t seq3_size =
asn1_len_tag(0xA1,
asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, sizeof(uint16_t)))));
size_t tot_len = asn1_len_tag(0x30, seq1_size + seq2_size + seq3_size);
uint16_t tot_len = asn1_len_tag(0x30, seq1_size + seq2_size + seq3_size);
if (buf_len == 0 || buf == NULL) {
return tot_len;
}
@@ -436,18 +433,18 @@ size_t asn1_build_cert_description(const uint8_t *label,
p += format_tlv_len(sizeof(uint16_t), p);
*p++ = fid >> 8;
*p++ = fid & 0xff;
return p - buf;
return (uint16_t)(p - buf);
}
size_t asn1_build_prkd_generic(const uint8_t *label,
size_t label_len,
uint16_t asn1_build_prkd_generic(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
int key_type,
uint8_t *buf,
size_t buf_len) {
size_t seq_len = 0;
uint16_t buf_len) {
uint16_t seq_len = 0;
const uint8_t *seq = NULL;
uint8_t first_tag = 0x0;
if (key_type & PICO_KEYS_KEY_EC) {
@@ -465,10 +462,10 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
seq_len = 3;
first_tag = 0xA8;
}
size_t seq1_size = asn1_len_tag(0x30, asn1_len_tag(0xC, label_len));
size_t seq2_size =
uint16_t seq1_size = asn1_len_tag(0x30, asn1_len_tag(0xC, label_len));
uint16_t seq2_size =
asn1_len_tag(0x30, asn1_len_tag(0x4, keyid_len) + asn1_len_tag(0x3, seq_len));
size_t seq3_size = 0, seq4_size = 0;
uint16_t seq3_size = 0, seq4_size = 0;
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0)) + asn1_len_tag(0x2, 2)));
}
@@ -476,7 +473,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
seq3_size = asn1_len_tag(0xA0, asn1_len_tag(0x30, asn1_len_tag(0x2, 2)));
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0))));
}
size_t tot_len = asn1_len_tag(first_tag, seq1_size + seq2_size + seq4_size);
uint16_t tot_len = asn1_len_tag(first_tag, seq1_size + seq2_size + seq4_size);
if (buf_len == 0 || buf == NULL) {
return tot_len;
}
@@ -517,7 +514,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
//Seq 4
*p++ = 0xA1;
size_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0));
uint16_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0));
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
inseq4_len += asn1_len_tag(0x2, 2);
}
@@ -534,16 +531,16 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
*p++ = (keysize >> 8) & 0xff;
*p++ = keysize & 0xff;
}
return p - buf;
return (uint16_t)(p - buf);
}
size_t asn1_build_prkd_ecc(const uint8_t *label,
size_t label_len,
uint16_t asn1_build_prkd_ecc(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
uint8_t *buf,
size_t buf_len) {
uint16_t buf_len) {
return asn1_build_prkd_generic(label,
label_len,
keyid,
@@ -554,13 +551,13 @@ size_t asn1_build_prkd_ecc(const uint8_t *label,
buf_len);
}
size_t asn1_build_prkd_rsa(const uint8_t *label,
size_t label_len,
uint16_t asn1_build_prkd_rsa(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
uint8_t *buf,
size_t buf_len) {
uint16_t buf_len) {
return asn1_build_prkd_generic(label,
label_len,
keyid,
@@ -571,13 +568,13 @@ size_t asn1_build_prkd_rsa(const uint8_t *label,
buf_len);
}
size_t asn1_build_prkd_aes(const uint8_t *label,
size_t label_len,
uint16_t asn1_build_prkd_aes(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
uint8_t *buf,
size_t buf_len) {
uint16_t buf_len) {
return asn1_build_prkd_generic(label,
label_len,
keyid,
@@ -588,18 +585,20 @@ size_t asn1_build_prkd_aes(const uint8_t *label,
buf_len);
}
const uint8_t *cvc_get_field(const uint8_t *data, size_t len, size_t *olen, uint16_t tag) {
uint8_t *rdata = NULL;
if (data == NULL || len == 0) {
const uint8_t *cvc_get_field(const uint8_t *data, uint16_t len, uint16_t *olen, uint16_t tag) {
asn1_ctx_t ctxi, ctxo = { 0 };
asn1_ctx_init((uint8_t *)data, len, &ctxi);
if (asn1_len(&ctxi) == 0) {
return NULL;
}
if (asn1_find_tag(data, len, tag, olen, &rdata) == false) {
if (asn1_find_tag(&ctxi, tag, &ctxo) == false) {
return NULL;
}
return rdata;
*olen = ctxo.len;
return ctxo.data;
}
const uint8_t *cvc_get_body(const uint8_t *data, size_t len, size_t *olen) {
const uint8_t *cvc_get_body(const uint8_t *data, uint16_t len, uint16_t *olen) {
const uint8_t *bkdata = data;
if ((data = cvc_get_field(data, len, olen, 0x67)) == NULL) { /* Check for CSR */
data = bkdata;
@@ -610,7 +609,7 @@ const uint8_t *cvc_get_body(const uint8_t *data, size_t len, size_t *olen) {
return NULL;
}
const uint8_t *cvc_get_sig(const uint8_t *data, size_t len, size_t *olen) {
const uint8_t *cvc_get_sig(const uint8_t *data, uint16_t len, uint16_t *olen) {
const uint8_t *bkdata = data;
if ((data = cvc_get_field(data, len, olen, 0x67)) == NULL) { /* Check for CSR */
data = bkdata;
@@ -621,28 +620,28 @@ const uint8_t *cvc_get_sig(const uint8_t *data, size_t len, size_t *olen) {
return NULL;
}
const uint8_t *cvc_get_car(const uint8_t *data, size_t len, size_t *olen) {
const uint8_t *cvc_get_car(const uint8_t *data, uint16_t len, uint16_t *olen) {
if ((data = cvc_get_body(data, len, olen)) != NULL) {
return cvc_get_field(data, len, olen, 0x42);
}
return NULL;
}
const uint8_t *cvc_get_chr(const uint8_t *data, size_t len, size_t *olen) {
const uint8_t *cvc_get_chr(const uint8_t *data, uint16_t len, uint16_t *olen) {
if ((data = cvc_get_body(data, len, olen)) != NULL) {
return cvc_get_field(data, len, olen, 0x5F20);
}
return NULL;
}
const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen) {
const uint8_t *cvc_get_pub(const uint8_t *data, uint16_t len, uint16_t *olen) {
if ((data = cvc_get_body(data, len, olen)) != NULL) {
return cvc_get_field(data, len, olen, 0x7F49);
}
return NULL;
}
const uint8_t *cvc_get_ext(const uint8_t *data, size_t len, size_t *olen) {
const uint8_t *cvc_get_ext(const uint8_t *data, uint16_t len, uint16_t *olen) {
if ((data = cvc_get_body(data, len, olen)) != NULL) {
return cvc_get_field(data, len, olen, 0x65);
}
@@ -652,7 +651,7 @@ const uint8_t *cvc_get_ext(const uint8_t *data, size_t len, size_t *olen) {
extern PUK puk_store[MAX_PUK_STORE_ENTRIES];
extern int puk_store_entries;
int puk_store_index(const uint8_t *chr, size_t chr_len) {
int puk_store_index(const uint8_t *chr, uint16_t chr_len) {
for (int i = 0; i < puk_store_entries; i++) {
if (memcmp(puk_store[i].chr, chr, chr_len) == 0) {
return i;
@@ -661,8 +660,8 @@ int puk_store_index(const uint8_t *chr, size_t chr_len) {
return -1;
}
mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len) {
size_t chr_len = 0, car_len = 0;
mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, uint16_t ca_len) {
uint16_t chr_len = 0, car_len = 0;
const uint8_t *chr = NULL, *car = NULL;
int eq = -1;
do {
@@ -680,12 +679,12 @@ mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len) {
}
}
} while (car && chr && eq != 0);
size_t ca_puk_len = 0;
uint16_t ca_puk_len = 0;
const uint8_t *ca_puk = cvc_get_pub(ca, ca_len, &ca_puk_len);
if (!ca_puk) {
return MBEDTLS_ECP_DP_NONE;
}
size_t t81_len = 0;
uint16_t t81_len = 0;
const uint8_t *t81 = cvc_get_field(ca_puk, ca_puk_len, &t81_len, 0x81);
if (!t81) {
return MBEDTLS_ECP_DP_NONE;
@@ -695,23 +694,23 @@ mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len) {
}
int puk_verify(const uint8_t *sig,
size_t sig_len,
uint16_t sig_len,
const uint8_t *hash,
size_t hash_len,
uint16_t hash_len,
const uint8_t *ca,
size_t ca_len) {
size_t puk_len = 0;
uint16_t ca_len) {
uint16_t puk_len = 0;
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
if (!puk) {
return CCID_WRONG_DATA;
}
size_t oid_len = 0;
uint16_t oid_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
if (!oid) {
return CCID_WRONG_DATA;
}
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
size_t t81_len = 0, t82_len = 0;
uint16_t t81_len = 0, t82_len = 0;
const uint8_t *t81 = cvc_get_field(puk, puk_len, &t81_len, 0x81), *t82 = cvc_get_field(puk,
puk_len,
&t81_len,
@@ -767,7 +766,7 @@ int puk_verify(const uint8_t *sig,
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
}
r = mbedtls_rsa_pkcs1_verify(&rsa, md, hash_len, hash, sig);
r = mbedtls_rsa_pkcs1_verify(&rsa, md, (unsigned int)hash_len, hash, sig);
mbedtls_rsa_free(&rsa);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
@@ -794,7 +793,7 @@ int puk_verify(const uint8_t *sig,
return CCID_WRONG_DATA;
}
size_t t86_len = 0;
uint16_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86);
if (!t86) {
return CCID_WRONG_DATA;
@@ -848,13 +847,13 @@ int puk_verify(const uint8_t *sig,
return CCID_OK;
}
int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len) {
size_t puk_len = 0;
int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len) {
uint16_t puk_len = 0;
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
if (!puk) {
return CCID_WRONG_DATA;
}
size_t oid_len = 0, cv_body_len = 0, sig_len = 0;
uint16_t oid_len = 0, cv_body_len = 0, sig_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len);
const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len);

88
src/hsm/cvc.h
View File

@@ -19,7 +19,7 @@
#define _CVC_H_
#include <stdlib.h>
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#else
#include <stdbool.h>
@@ -28,70 +28,78 @@
typedef struct PUK {
const uint8_t *puk;
size_t puk_len;
uint16_t puk_len;
const uint8_t *car;
size_t car_len;
uint16_t car_len;
const uint8_t *chr;
size_t chr_len;
uint16_t chr_len;
const uint8_t *cvcert;
size_t cvcert_len;
uint16_t cvcert_len;
bool copied;
} PUK;
#define MAX_PUK_STORE_ENTRIES 4
extern size_t asn1_cvc_cert(void *rsa_ecdsa,
extern uint16_t asn1_cvc_cert(void *rsa_ecdsa,
uint8_t key_type,
uint8_t *buf,
size_t buf_len,
uint16_t buf_len,
const uint8_t *ext,
size_t ext_len,
uint16_t ext_len,
bool full);
extern size_t asn1_cvc_aut(void *rsa_ecdsa,
extern uint16_t asn1_cvc_aut(void *rsa_ecdsa,
uint8_t key_type,
uint8_t *buf,
size_t buf_len,
uint16_t buf_len,
const uint8_t *ext,
size_t ext_len);
extern size_t asn1_build_cert_description(const uint8_t *label,
size_t label_len,
uint16_t ext_len);
extern uint16_t asn1_build_cert_description(const uint8_t *label,
uint16_t label_len,
const uint8_t *puk,
size_t puk_len,
uint16_t puk_len,
uint16_t fid,
uint8_t *buf,
size_t buf_len);
extern const uint8_t *cvc_get_field(const uint8_t *data, size_t len, size_t *olen, uint16_t tag);
extern const uint8_t *cvc_get_car(const uint8_t *data, size_t len, size_t *olen);
extern const uint8_t *cvc_get_chr(const uint8_t *data, size_t len, size_t *olen);
extern const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen);
extern const uint8_t *cvc_get_ext(const uint8_t *data, size_t len, size_t *olen);
extern int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len);
extern mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len);
uint16_t buf_len);
extern const uint8_t *cvc_get_field(const uint8_t *data, uint16_t len, uint16_t *olen, uint16_t tag);
extern const uint8_t *cvc_get_car(const uint8_t *data, uint16_t len, uint16_t *olen);
extern const uint8_t *cvc_get_chr(const uint8_t *data, uint16_t len, uint16_t *olen);
extern const uint8_t *cvc_get_pub(const uint8_t *data, uint16_t len, uint16_t *olen);
extern const uint8_t *cvc_get_ext(const uint8_t *data, uint16_t len, uint16_t *olen);
extern int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len);
extern mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, uint16_t ca_len);
extern int puk_verify(const uint8_t *sig,
size_t sig_len,
uint16_t sig_len,
const uint8_t *hash,
size_t hash_len,
uint16_t hash_len,
const uint8_t *ca,
size_t ca_len);
extern size_t asn1_build_prkd_ecc(const uint8_t *label,
size_t label_len,
uint16_t ca_len);
extern uint16_t asn1_build_prkd_ecc(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
uint8_t *buf,
size_t buf_len);
extern size_t asn1_build_prkd_rsa(const uint8_t *label,
size_t label_len,
uint16_t buf_len);
extern uint16_t asn1_build_prkd_rsa(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
uint8_t *buf,
size_t buf_len);
extern size_t asn1_build_prkd_aes(const uint8_t *label,
size_t label_len,
uint16_t buf_len);
extern uint16_t asn1_build_prkd_aes(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
size_t keyid_len,
size_t keysize,
uint16_t keyid_len,
uint16_t keysize,
uint8_t *buf,
size_t buf_len);
uint16_t buf_len);
extern uint16_t asn1_build_prkd_generic(const uint8_t *label,
uint16_t label_len,
const uint8_t *keyid,
uint16_t keyid_len,
uint16_t keysize,
int key_tpe,
uint8_t *buf,
uint16_t buf_len);
#endif

17
src/hsm/files.c
View File

@@ -19,11 +19,12 @@
extern const uint8_t sc_hsm_aid[];
extern int parse_token_info(const file_t *f, int mode);
extern int parse_ef_dir(const file_t *f, int mode);
file_t file_entries[] = {
/* 0 */ { .fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL,
.ef_structure = 0, .acl = { 0 } }, // MF
/* 1 */ { .fid = 0x2f00, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
/* 1 */ { .fid = 0x2f00, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC, .data = (uint8_t *) parse_ef_dir,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.DIR
/* 2 */ { .fid = 0x2f01, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.ATR
@@ -41,22 +42,22 @@ file_t file_entries[] = {
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.TokenInfo
/* 8 */ { .fid = 0x5033, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.UnusedSpace
/* 9 */ { .fid = 0x1081, .parent = 5, .name = NULL,
/* 9 */ { .fid = EF_PIN1, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (PIN1)
/* 10 */ { .fid = 0x1082, .parent = 5, .name = NULL,
/* 10 */ { .fid = EF_PIN1_MAX_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (PIN1)
/* 11 */ { .fid = 0x1083, .parent = 5, .name = NULL,
/* 11 */ { .fid = EF_PIN1_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (PIN1)
/* 12 */ { .fid = 0x1088, .parent = 5, .name = NULL,
/* 12 */ { .fid = EF_SOPIN, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //PIN (SOPIN)
/* 13 */ { .fid = 0x1089, .parent = 5, .name = NULL,
/* 13 */ { .fid = EF_SOPIN_MAX_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //max retries PIN (SOPIN)
/* 14 */ { .fid = 0x108A, .parent = 5, .name = NULL,
/* 14 */ { .fid = EF_SOPIN_RETRIES, .parent = 5, .name = NULL,
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (SOPIN)
/* 15 */ { .fid = EF_DEVOPS, .parent = 5, .name = NULL,
@@ -101,7 +102,7 @@ file_t file_entries[] = {
///* 30 */ { .fid = 0x0000, .parent = 0, .name = openpgpcard_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} },
/* 31 */ { .fid = 0x0000, .parent = 5, .name = sc_hsm_aid, .type = FILE_TYPE_WORKING_EF,
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } },
/* 32 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL,
/* 32 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL,
.ef_structure = 0, .acl = { 0 } } //end
};

8
src/hsm/files.h
View File

@@ -24,7 +24,13 @@
#define EF_DEVOPS 0x100E
#define EF_MKEK 0x100A
#define EF_MKEK_SO 0x100B
#define EF_XKEK 0x1080
#define EF_XKEK 0x1070
#define EF_PIN1 0x1081
#define EF_PIN1_MAX_RETRIES 0x1082
#define EF_PIN1_RETRIES 0x1083
#define EF_SOPIN 0x1088
#define EF_SOPIN_MAX_RETRIES 0x1089
#define EF_SOPIN_RETRIES 0x108A
#define EF_DKEK 0x1090
#define EF_KEY_DOMAIN 0x10A0
#define EF_PUKAUT 0x10C0

99
src/hsm/kek.c
View File

@@ -15,16 +15,14 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <string.h>
#include "common.h"
#include "sc_hsm.h"
#include "stdlib.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#include "kek.h"
#include "crypto_utils.h"
#include "random.h"
#include "sc_hsm.h"
#include "mbedtls/md.h"
#include "mbedtls/cmac.h"
#include "mbedtls/rsa.h"
@@ -41,7 +39,7 @@ uint8_t pending_save_dkek = 0xff;
#define POLY 0xedb88320
uint32_t crc32c(const uint8_t *buf, size_t len) {
uint32_t crc = ~0;
uint32_t crc = 0xffffffff;
while (len--) {
crc ^= *buf++;
for (int k = 0; k < 8; k++) {
@@ -57,14 +55,14 @@ int load_mkek(uint8_t *mkek) {
}
const uint8_t *pin = NULL;
if (pin == NULL && has_session_pin == true) {
file_t *tf = search_by_fid(EF_MKEK, NULL, SPECIFY_EF);
file_t *tf = search_file(EF_MKEK);
if (file_has_data(tf)) {
memcpy(mkek, file_get_data(tf), MKEK_SIZE);
pin = session_pin;
}
}
if (pin == NULL && has_session_sopin == true) {
file_t *tf = search_by_fid(EF_MKEK_SO, NULL, SPECIFY_EF);
file_t *tf = search_file(EF_MKEK_SO);
if (file_has_data(tf)) {
memcpy(mkek, file_get_data(tf), MKEK_SIZE);
pin = session_sopin;
@@ -109,8 +107,8 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
}
int load_dkek(uint8_t id, uint8_t *dkek) {
file_t *tf = search_dynamic_file(EF_DKEK + id);
if (!tf) {
file_t *tf = search_file(EF_DKEK + id);
if (!file_has_data(tf)) {
return CCID_ERR_FILE_NOT_FOUND;
}
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
@@ -137,7 +135,7 @@ int store_mkek(const uint8_t *mkek) {
if (has_session_pin) {
uint8_t tmp_mkek_pin[MKEK_SIZE];
memcpy(tmp_mkek_pin, tmp_mkek, MKEK_SIZE);
file_t *tf = search_by_fid(EF_MKEK, NULL, SPECIFY_EF);
file_t *tf = search_file(EF_MKEK);
if (!tf) {
release_mkek(tmp_mkek);
release_mkek(tmp_mkek_pin);
@@ -147,13 +145,13 @@ int store_mkek(const uint8_t *mkek) {
MKEK_IV(tmp_mkek_pin),
MKEK_KEY(tmp_mkek_pin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
flash_write_data_to_file(tf, tmp_mkek_pin, MKEK_SIZE);
file_put_data(tf, tmp_mkek_pin, MKEK_SIZE);
release_mkek(tmp_mkek_pin);
}
if (has_session_sopin) {
uint8_t tmp_mkek_sopin[MKEK_SIZE];
memcpy(tmp_mkek_sopin, tmp_mkek, MKEK_SIZE);
file_t *tf = search_by_fid(EF_MKEK_SO, NULL, SPECIFY_EF);
file_t *tf = search_file(EF_MKEK_SO);
if (!tf) {
release_mkek(tmp_mkek);
release_mkek(tmp_mkek_sopin);
@@ -163,7 +161,7 @@ int store_mkek(const uint8_t *mkek) {
MKEK_IV(tmp_mkek_sopin),
MKEK_KEY(tmp_mkek_sopin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
flash_write_data_to_file(tf, tmp_mkek_sopin, MKEK_SIZE);
file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE);
release_mkek(tmp_mkek_sopin);
}
low_flash_available();
@@ -172,7 +170,7 @@ int store_mkek(const uint8_t *mkek) {
}
int store_dkek_key(uint8_t id, uint8_t *dkek) {
file_t *tf = search_dynamic_file(EF_DKEK + id);
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
}
@@ -180,7 +178,7 @@ int store_dkek_key(uint8_t id, uint8_t *dkek) {
if (r != CCID_OK) {
return r;
}
flash_write_data_to_file(tf, dkek, DKEK_KEY_SIZE);
file_put_data(tf, dkek, DKEK_KEY_SIZE);
low_flash_available();
return CCID_OK;
}
@@ -188,7 +186,7 @@ int store_dkek_key(uint8_t id, uint8_t *dkek) {
int save_dkek_key(uint8_t id, const uint8_t *key) {
uint8_t dkek[DKEK_KEY_SIZE];
if (!key) {
file_t *tf = search_dynamic_file(EF_DKEK + id);
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
}
@@ -202,7 +200,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) {
int import_dkek_share(uint8_t id, const uint8_t *share) {
uint8_t tmp_dkek[DKEK_KEY_SIZE];
file_t *tf = search_dynamic_file(EF_DKEK + id);
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
}
@@ -213,7 +211,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
for (int i = 0; i < DKEK_KEY_SIZE; i++) {
tmp_dkek[i] ^= share[i];
}
flash_write_data_to_file(tf, tmp_dkek, DKEK_KEY_SIZE);
file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE);
low_flash_available();
return CCID_OK;
}
@@ -258,7 +256,7 @@ int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
return CCID_OK;
}
int mkek_encrypt(uint8_t *data, size_t len) {
int mkek_encrypt(uint8_t *data, uint16_t len) {
int r;
uint8_t mkek[MKEK_SIZE + 4];
if ((r = load_mkek(mkek)) != CCID_OK) {
@@ -269,7 +267,7 @@ int mkek_encrypt(uint8_t *data, size_t len) {
return r;
}
int mkek_decrypt(uint8_t *data, size_t len) {
int mkek_decrypt(uint8_t *data, uint16_t len) {
int r;
uint8_t mkek[MKEK_SIZE + 4];
if ((r = load_mkek(mkek)) != CCID_OK) {
@@ -284,16 +282,17 @@ int dkek_encode_key(uint8_t id,
void *key_ctx,
int key_type,
uint8_t *out,
size_t *out_len,
uint16_t *out_len,
const uint8_t *allowed,
size_t allowed_len) {
uint16_t allowed_len) {
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
return CCID_WRONG_DATA;
}
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
memset(kb, 0, sizeof(kb));
int kb_len = 0, r = 0;
uint16_t kb_len = 0;
int r = 0;
uint8_t *algo = NULL;
uint8_t algo_len = 0;
uint8_t kenc[32];
@@ -351,17 +350,17 @@ int dkek_encode_key(uint8_t id,
}
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
kb_len = 0;
put_uint16_t(mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t(mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D));
kb_len += mbedtls_mpi_size(&rsa->D);
put_uint16_t(mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D);
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N));
kb_len += mbedtls_mpi_size(&rsa->N);
put_uint16_t(mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N);
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E));
kb_len += mbedtls_mpi_size(&rsa->E);
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E);
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02";
algo_len = 12;
@@ -372,19 +371,19 @@ int dkek_encode_key(uint8_t id,
}
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
kb_len = 0;
put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A));
kb_len += mbedtls_mpi_size(&ecdsa->grp.A);
put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A);
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B));
kb_len += mbedtls_mpi_size(&ecdsa->grp.B);
put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B);
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P));
kb_len += mbedtls_mpi_size(&ecdsa->grp.P);
put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P);
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N));
kb_len += mbedtls_mpi_size(&ecdsa->grp.N);
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp,
@@ -393,12 +392,12 @@ int dkek_encode_key(uint8_t id,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
put_uint16_t(olen, kb + 8 + kb_len);
kb_len += 2 + olen;
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
put_uint16_t(mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
kb_len += mbedtls_mpi_size(&ecdsa->d);
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
mbedtls_ecp_point_write_binary(&ecdsa->grp,
&ecdsa->Q,
@@ -406,8 +405,8 @@ int dkek_encode_key(uint8_t id,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
put_uint16_t(olen, kb + 8 + kb_len);
kb_len += 2 + olen;
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
algo_len = 12;
@@ -450,7 +449,7 @@ int dkek_encode_key(uint8_t id,
memcpy(kb, random_bytes_get(8), 8);
kb_len += 8; //8 random bytes
int kb_len_pad = ((int) (kb_len / 16)) * 16;
uint16_t kb_len_pad = ((uint16_t) (kb_len / 16)) * 16;
if (kb_len % 16 > 0) {
kb_len_pad = ((int) (kb_len / 16) + 1) * 16;
}
@@ -496,10 +495,10 @@ int dkek_type_key(const uint8_t *in) {
int dkek_decode_key(uint8_t id,
void *key_ctx,
const uint8_t *in,
size_t in_len,
uint16_t in_len,
int *key_size_out,
uint8_t **allowed,
size_t *allowed_len) {
uint16_t *allowed_len) {
uint8_t kcv[8];
int r = 0;
memset(kcv, 0, sizeof(kcv));
@@ -559,10 +558,10 @@ int dkek_decode_key(uint8_t id,
return CCID_WRONG_DATA;
}
size_t ofs = 9;
uint16_t ofs = 9;
//OID
size_t len = get_uint16_t(in, ofs);
uint16_t len = get_uint16_t(in, ofs);
ofs += len + 2;
//Allowed algorithms

15
src/hsm/kek.h
View File

@@ -19,10 +19,11 @@
#define _DKEK_H_
#include "crypto_utils.h"
#ifdef ENABLE_EMULATION
#if defined(ENABLE_EMULATION) || defined(ESP_PLATFORM)
#include <stdbool.h>
#endif
extern int load_mkek(uint8_t *);
extern int store_mkek(const uint8_t *);
extern int save_dkek_key(uint8_t, const uint8_t *key);
@@ -31,23 +32,23 @@ extern void init_mkek();
extern void release_mkek(uint8_t *);
extern int import_dkek_share(uint8_t, const uint8_t *share);
extern int dkek_kcv(uint8_t, uint8_t *kcv);
extern int mkek_encrypt(uint8_t *data, size_t len);
extern int mkek_decrypt(uint8_t *data, size_t len);
extern int mkek_encrypt(uint8_t *data, uint16_t len);
extern int mkek_decrypt(uint8_t *data, uint16_t len);
extern int dkek_encode_key(uint8_t,
void *key_ctx,
int key_type,
uint8_t *out,
size_t *out_len,
uint16_t *out_len,
const uint8_t *,
size_t);
uint16_t);
extern int dkek_type_key(const uint8_t *in);
extern int dkek_decode_key(uint8_t,
void *key_ctx,
const uint8_t *in,
size_t in_len,
uint16_t in_len,
int *key_size_out,
uint8_t **,
size_t *);
uint16_t *);
#define MAX_DKEK_ENCODE_KEY_BUFFER (8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16)

218
src/hsm/sc_hsm.c
View File

@@ -17,7 +17,6 @@
#include "sc_hsm.h"
#include "files.h"
#include "common.h"
#include "version.h"
#include "crypto_utils.h"
#include "kek.h"
@@ -42,7 +41,7 @@ const uint8_t atr_sc_hsm[] = {
uint8_t session_pin[32], session_sopin[32];
bool has_session_pin = false, has_session_sopin = false;
const uint8_t *dev_name = NULL;
size_t dev_name_len = 0;
uint16_t dev_name_len = 0;
static int sc_hsm_process_apdu();
@@ -52,6 +51,7 @@ static int sc_hsm_unload();
extern int cmd_select();
extern void select_file(file_t *pe);
extern int cmd_list_keys();
extern int cmd_read_binary();
extern int cmd_verify();
extern int cmd_reset_retry();
@@ -87,79 +87,80 @@ int sc_hsm_select_aid(app_t *a) {
return CCID_OK;
}
void __attribute__((constructor)) sc_hsm_ctor() {
INITIALIZER( sc_hsm_ctor ) {
printf("INITIALIZER\n");
ccid_atr = atr_sc_hsm;
register_app(sc_hsm_select_aid, sc_hsm_aid);
}
void scan_files() {
file_pin1 = search_by_fid(0x1081, NULL, SPECIFY_EF);
file_pin1 = search_file(EF_PIN1);
if (file_pin1) {
if (!file_pin1->data) {
printf("PIN1 is empty. Initializing with default password\r\n");
printf("PIN1 is empty. Initializing with default password\n");
const uint8_t empty[33] = { 0 };
flash_write_data_to_file(file_pin1, empty, sizeof(empty));
file_put_data(file_pin1, empty, sizeof(empty));
}
}
else {
printf("FATAL ERROR: PIN1 not found in memory!\r\n");
printf("FATAL ERROR: PIN1 not found in memory!\n");
}
file_sopin = search_by_fid(0x1088, NULL, SPECIFY_EF);
file_sopin = search_file(EF_SOPIN);
if (file_sopin) {
if (!file_sopin->data) {
printf("SOPIN is empty. Initializing with default password\r\n");
printf("SOPIN is empty. Initializing with default password\n");
const uint8_t empty[33] = { 0 };
flash_write_data_to_file(file_sopin, empty, sizeof(empty));
file_put_data(file_sopin, empty, sizeof(empty));
}
}
else {
printf("FATAL ERROR: SOPIN not found in memory!\r\n");
printf("FATAL ERROR: SOPIN not found in memory!\n");
}
file_retries_pin1 = search_by_fid(0x1083, NULL, SPECIFY_EF);
file_retries_pin1 = search_file(EF_PIN1_RETRIES);
if (file_retries_pin1) {
if (!file_retries_pin1->data) {
printf("Retries PIN1 is empty. Initializing with default retriesr\n");
const uint8_t retries = 3;
flash_write_data_to_file(file_retries_pin1, &retries, sizeof(uint8_t));
file_put_data(file_retries_pin1, &retries, sizeof(uint8_t));
}
}
else {
printf("FATAL ERROR: Retries PIN1 not found in memory!\r\n");
printf("FATAL ERROR: Retries PIN1 not found in memory!\n");
}
file_retries_sopin = search_by_fid(0x108A, NULL, SPECIFY_EF);
file_retries_sopin = search_file(EF_SOPIN_RETRIES);
if (file_retries_sopin) {
if (!file_retries_sopin->data) {
printf("Retries SOPIN is empty. Initializing with default retries\r\n");
printf("Retries SOPIN is empty. Initializing with default retries\n");
const uint8_t retries = 15;
flash_write_data_to_file(file_retries_sopin, &retries, sizeof(uint8_t));
file_put_data(file_retries_sopin, &retries, sizeof(uint8_t));
}
}
else {
printf("FATAL ERROR: Retries SOPIN not found in memory!\r\n");
printf("FATAL ERROR: Retries SOPIN not found in memory!\n");
}
file_t *tf = NULL;
tf = search_by_fid(0x1082, NULL, SPECIFY_EF);
tf = search_file(EF_PIN1_MAX_RETRIES);
if (tf) {
if (!tf->data) {
printf("Max retries PIN1 is empty. Initializing with default max retriesr\n");
const uint8_t retries = 3;
flash_write_data_to_file(tf, &retries, sizeof(uint8_t));
file_put_data(tf, &retries, sizeof(uint8_t));
}
}
else {
printf("FATAL ERROR: Max Retries PIN1 not found in memory!\r\n");
printf("FATAL ERROR: Max Retries PIN1 not found in memory!\n");
}
tf = search_by_fid(0x1089, NULL, SPECIFY_EF);
tf = search_file(EF_SOPIN_MAX_RETRIES);
if (tf) {
if (!tf->data) {
printf("Max Retries SOPIN is empty. Initializing with default max retries\r\n");
printf("Max Retries SOPIN is empty. Initializing with default max retries\n");
const uint8_t retries = 15;
flash_write_data_to_file(tf, &retries, sizeof(uint8_t));
file_put_data(tf, &retries, sizeof(uint8_t));
}
}
else {
printf("FATAL ERROR: Retries SOPIN not found in memory!\r\n");
printf("FATAL ERROR: Retries SOPIN not found in memory!\n");
}
low_flash_available();
}
@@ -174,7 +175,7 @@ int puk_store_entries = 0;
PUK *current_puk = NULL;
uint8_t puk_status[MAX_PUK];
int add_cert_puk_store(const uint8_t *data, size_t data_len, bool copy) {
int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
if (data == NULL || data_len == 0) {
return CCID_ERR_NULL_PARAM;
}
@@ -226,17 +227,19 @@ void reset_puk_store() {
}
memset(puk_store, 0, sizeof(puk_store));
puk_store_entries = 0;
file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF);
file_t *fterm = search_file(EF_TERMCA);
if (fterm) {
uint8_t *p = NULL, *fterm_data = file_get_data(fterm), *pq = fterm_data;
size_t fterm_data_len = file_get_size(fterm);
while (walk_tlv(fterm_data, fterm_data_len, &p, NULL, NULL, NULL)) {
add_cert_puk_store(pq, p - pq, false);
uint16_t fterm_data_len = file_get_size(fterm);
asn1_ctx_t ctxi;
asn1_ctx_init(fterm_data, fterm_data_len, &ctxi);
while (walk_tlv(&ctxi, &p, NULL, NULL, NULL)) {
add_cert_puk_store(pq, (uint16_t)(p - pq), false);
pq = p;
}
}
for (int i = 0; i < 0xfe; i++) {
file_t *ef = search_dynamic_file((CA_CERTIFICATE_PREFIX << 8) | i);
file_t *ef = search_file((CA_CERTIFICATE_PREFIX << 8) | (uint8_t)i);
if (ef && file_get_size(ef) > 0) {
add_cert_puk_store(file_get_data(ef), file_get_size(ef), false);
}
@@ -261,9 +264,9 @@ int sc_hsm_unload() {
}
uint16_t get_device_options() {
file_t *ef = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF);
file_t *ef = search_file(EF_DEVOPS);
if (file_has_data(ef)) {
return (file_read_uint8(file_get_data(ef)) << 8) | file_read_uint8(file_get_data(ef) + 1);
return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1);
}
return 0x0;
}
@@ -285,6 +288,7 @@ bool wait_button_pressed() {
}
int parse_token_info(const file_t *f, int mode) {
(void)f;
#ifdef __FOR_CI
char *label = "SmartCard-HSM";
#else
@@ -297,34 +301,53 @@ int parse_token_info(const file_t *f, int mode) {
*p++ = 0; //set later
*p++ = 0x2; *p++ = 1; *p++ = HSM_VERSION_MAJOR;
#ifndef ENABLE_EMULATION
*p++ = 0x4; *p++ = 8; pico_get_unique_board_id((pico_unique_board_id_t *) p); p += 8;
*p++ = 0x4; *p++ = 8; memcpy(p, pico_serial.id, 8); p += 8;
#else
*p++ = 0x4; *p++ = 8; memset(p, 0, 8); p += 8;
#endif
*p++ = 0xC; *p++ = strlen(manu); strcpy((char *) p, manu); p += strlen(manu);
*p++ = 0x80; *p++ = strlen(label); strcpy((char *) p, label); p += strlen(label);
*p++ = 0xC; *p++ = (uint8_t)strlen(manu); strcpy((char *) p, manu); p += strlen(manu);
*p++ = 0x80; *p++ = (uint8_t)strlen(label); strcpy((char *) p, label); p += strlen(label);
*p++ = 0x3; *p++ = 2; *p++ = 4; *p++ = 0x30;
res_APDU_size = p - res_APDU;
res_APDU[1] = res_APDU_size - 2;
res_APDU_size = (uint16_t)(p - res_APDU);
res_APDU[1] = (uint8_t)res_APDU_size - 2;
}
return 2 + (2 + 1) + (2 + 8) + (2 + strlen(manu)) + (2 + strlen(label)) + (2 + 2);
return (int)(2 + (2 + 1) + (2 + 8) + (2 + strlen(manu)) + (2 + strlen(label)) + (2 + 2));
}
int parse_ef_dir(const file_t *f, int mode) {
(void)f;
#ifdef __FOR_CI
char *label = "SmartCard-HSM";
#else
char *label = "Pico-HSM";
#endif
if (mode == 1) {
uint8_t *p = res_APDU;
*p++ = 0x61;
*p++ = 0; //set later
*p++ = 0x4F; *p++ = sc_hsm_aid[0]; memcpy(p, sc_hsm_aid + 1, sc_hsm_aid[0]); p += sc_hsm_aid[0];
*p++ = 0x50; *p++ = (uint8_t)strlen(label); strcpy((char *) p, label); p += strlen(label);
res_APDU_size = (uint16_t)(p - res_APDU);
res_APDU[1] = (uint8_t)res_APDU_size - 2;
}
return (int)(2 + (2 + sc_hsm_aid[0]) + (2 + strlen(label)));
}
int pin_reset_retries(const file_t *pin, bool force) {
if (!pin) {
return CCID_ERR_NULL_PARAM;
}
const file_t *max = search_by_fid(pin->fid + 1, NULL, SPECIFY_EF);
const file_t *act = search_by_fid(pin->fid + 2, NULL, SPECIFY_EF);
const file_t *max = search_file(pin->fid + 1);
const file_t *act = search_file(pin->fid + 2);
if (!max || !act) {
return CCID_ERR_FILE_NOT_FOUND;
}
uint8_t retries = file_read_uint8(file_get_data(act));
uint8_t retries = file_read_uint8(act);
if (retries == 0 && force == false) { // blocked
return CCID_ERR_BLOCKED;
}
retries = file_read_uint8(file_get_data(max));
int r = flash_write_data_to_file((file_t *) act, &retries, sizeof(retries));
retries = file_read_uint8(max);
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
low_flash_available();
return r;
}
@@ -333,14 +356,14 @@ int pin_wrong_retry(const file_t *pin) {
if (!pin) {
return CCID_ERR_NULL_PARAM;
}
const file_t *act = search_by_fid(pin->fid + 2, NULL, SPECIFY_EF);
const file_t *act = search_file(pin->fid + 2);
if (!act) {
return CCID_ERR_FILE_NOT_FOUND;
}
uint8_t retries = file_read_uint8(file_get_data(act));
uint8_t retries = file_read_uint8(act);
if (retries > 0) {
retries -= 1;
int r = flash_write_data_to_file((file_t *) act, &retries, sizeof(retries));
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
if (r != CCID_OK) {
return r;
}
@@ -354,11 +377,11 @@ int pin_wrong_retry(const file_t *pin) {
}
bool pka_enabled() {
file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF);
return file_has_data(ef_puk) && file_read_uint8(file_get_data(ef_puk)) > 0;
file_t *ef_puk = search_file(EF_PUKAUT);
return file_has_data(ef_puk) && file_read_uint8(ef_puk) > 0;
}
int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
if (!file_has_data((file_t *) pin)) {
return SW_REFERENCE_NOT_FOUND();
}
@@ -372,7 +395,7 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | retries);
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
}
}
else {
@@ -386,7 +409,7 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | retries);
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
}
}
int r = pin_reset_retries(pin, false);
@@ -414,16 +437,18 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
return SW_OK();
}
const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len) {
const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len) {
if (ef == NULL) {
return NULL;
}
uint8_t *meta_data = NULL;
uint8_t meta_size = meta_find(ef->fid, &meta_data);
uint16_t meta_size = meta_find(ef->fid, &meta_data);
if (meta_size > 0 && meta_data != NULL) {
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
while (walk_tlv(meta_data, meta_size, &p, &tag, tag_len, &tag_data)) {
asn1_ctx_t ctxi;
asn1_ctx_init(meta_data, meta_size, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, tag_len, &tag_data)) {
if (tag == meta_tag) {
return tag_data;
}
@@ -433,7 +458,7 @@ const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len) {
}
uint32_t get_key_counter(file_t *fkey) {
size_t tag_len = 0;
uint16_t tag_len = 0;
const uint8_t *meta_tag = get_meta_tag(fkey, 0x90, &tag_len);
if (meta_tag) {
return (meta_tag[0] << 24) | (meta_tag[1] << 16) | (meta_tag[2] << 8) | meta_tag[3];
@@ -442,10 +467,10 @@ uint32_t get_key_counter(file_t *fkey) {
}
bool key_has_purpose(file_t *ef, uint8_t purpose) {
size_t tag_len = 0;
uint16_t tag_len = 0;
const uint8_t *meta_tag = get_meta_tag(ef, 0x91, &tag_len);
if (meta_tag) {
for (int i = 0; i < tag_len; i++) {
for (unsigned i = 0; i < tag_len; i++) {
if (meta_tag[i] == purpose) {
return true;
}
@@ -460,15 +485,17 @@ uint32_t decrement_key_counter(file_t *fkey) {
return 0xffffff;
}
uint8_t *meta_data = NULL;
uint8_t meta_size = meta_find(fkey->fid, &meta_data);
uint16_t meta_size = meta_find(fkey->fid, &meta_data);
if (meta_size > 0 && meta_data != NULL) {
uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL;
size_t tag_len = 0;
uint16_t tag_len = 0;
uint8_t *cmeta = (uint8_t *) calloc(1, meta_size);
/* We cannot modify meta_data, as it comes from flash memory. It must be cpied to an aux buffer */
memcpy(cmeta, meta_data, meta_size);
while (walk_tlv(cmeta, meta_size, &p, &tag, &tag_len, &tag_data)) {
asn1_ctx_t ctxi;
asn1_ctx_init(meta_data, meta_size, &ctxi);
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
if (tag == 0x90) { // ofset tag
uint32_t val =
(tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3];
@@ -478,7 +505,7 @@ uint32_t decrement_key_counter(file_t *fkey) {
tag_data[2] = (val >> 8) & 0xff;
tag_data[3] = val & 0xff;
int r = meta_add(fkey->fid, cmeta, meta_size);
int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size);
free(cmeta);
if (r != 0) {
return 0xffffffff;
@@ -494,20 +521,21 @@ uint32_t decrement_key_counter(file_t *fkey) {
// Stores the private and public keys in flash
int store_keys(void *key_ctx, int type, uint8_t key_id) {
int r, key_size = 0;
int r = 0;
uint16_t key_size = 0;
uint8_t kdata[4096 / 8]; // worst case
if (type & PICO_KEYS_KEY_RSA) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
key_size = (uint16_t)mbedtls_mpi_size(&rsa->P) + (uint16_t)mbedtls_mpi_size(&rsa->Q);
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
}
else if (type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d);
size_t olen = 0;
kdata[0] = ecdsa->grp.id & 0xff;
mbedtls_ecp_write_key(ecdsa, kdata + 1, key_size);
key_size++;
mbedtls_ecp_write_key_ext(ecdsa, &olen, kdata + 1, sizeof(kdata) - 1);
key_size = olen + 1;
}
else if (type & PICO_KEYS_KEY_AES) {
if (type == PICO_KEYS_KEY_AES_128) {
@@ -535,46 +563,56 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
if (r != CCID_OK) {
return r;
}
r = flash_write_data_to_file(fpk, kdata, key_size);
r = file_put_data(fpk, kdata, (uint16_t)key_size);
if (r != CCID_OK) {
return r;
}
char key_id_str[4] = {0};
sprintf(key_id_str, "%u", key_id);
if (type & PICO_KEYS_KEY_EC) {
key_size--;
}
uint16_t prkd_len = asn1_build_prkd_generic(NULL, 0, (uint8_t *)key_id_str, (uint16_t)strlen(key_id_str), key_size * 8, type, kdata, sizeof(kdata));
if (prkd_len > 0) {
fpk = file_new((PRKD_PREFIX << 8) | key_id);
r = file_put_data(fpk, kdata, prkd_len);
if (r != 0) {
return SW_EXEC_ERROR();
}
}
low_flash_available();
return CCID_OK;
}
int find_and_store_meta_key(uint8_t key_id) {
size_t lt[4] = { 0, 0, 0, 0 }, meta_size = 0;
uint8_t *pt[4] = { NULL, NULL, NULL, NULL };
uint16_t meta_size = 0;
uint8_t t90[4] = { 0xFF, 0xFF, 0xFF, 0xFE };
for (int t = 0; t < 4; t++) {
uint8_t *ptt = NULL;
size_t ltt = 0;
if (asn1_find_tag(apdu.data, apdu.nc, 0x90 + t, &ltt, &ptt) && ptt != NULL && ltt > 0) {
lt[t] = ltt;
pt[t] = ptt;
meta_size += asn1_len_tag(0x90 + t, lt[t]);
asn1_ctx_t ctxi, ctxo[4] = { 0 };
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
for (uint16_t t = 0; t < 4; t++) {
if (asn1_find_tag(&ctxi, 0x90 + t, &ctxo[t]) && asn1_len(&ctxo[t]) > 0) {
meta_size += asn1_len_tag(0x90 + t, ctxo[t].len);
}
}
if (lt[0] == 0 && pt[0] == NULL) {
if (asn1_len(&ctxo[0]) == 0) {
uint16_t opts = get_device_options();
if (opts & HSM_OPT_KEY_COUNTER_ALL) {
lt[0] = 4;
pt[0] = t90;
ctxo[0].len = 4;
ctxo[0].data = t90;
meta_size += 6;
}
}
if (meta_size) {
uint8_t *meta = (uint8_t *) calloc(1, meta_size), *m = meta;
for (int t = 0; t < 4; t++) {
if (lt[t] > 0 && pt[t] != NULL) {
for (uint8_t t = 0; t < 4; t++) {
if (asn1_len(&ctxo[t]) > 0) {
*m++ = 0x90 + t;
m += format_tlv_len(lt[t], m);
memcpy(m, pt[t], lt[t]);
m += lt[t];
m += format_tlv_len(ctxo[t].len, m);
memcpy(m, ctxo[t].data, ctxo[t].len);
m += ctxo[t].len;
}
}
int r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_size);
int r = meta_add((KEY_PREFIX << 8) | key_id, meta, (uint16_t)meta_size);
free(meta);
if (r != 0) {
return CCID_EXEC_ERROR;
@@ -588,7 +626,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
return CCID_VERIFICATION_FAILED;
}
int key_size = file_get_size(fkey);
uint16_t key_size = file_get_size(fkey);
uint8_t kdata[4096 / 8];
memcpy(kdata, file_get_data(fkey), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
@@ -632,7 +670,7 @@ int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
return CCID_VERIFICATION_FAILED;
}
int key_size = file_get_size(fkey);
uint16_t key_size = file_get_size(fkey);
uint8_t kdata[67]; // Worst case, 521 bit + 1byte
memcpy(kdata, file_get_data(fkey), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
@@ -730,9 +768,9 @@ int sc_hsm_process_apdu() {
}
for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {
if (cmd->ins == INS(apdu)) {
int r = cmd->cmd_handler();
int res = cmd->cmd_handler();
sm_wrap();
return r;
return res;
}
}
return SW_INS_NOT_SUPPORTED();

16
src/hsm/sc_hsm.h
View File

@@ -19,10 +19,14 @@
#define _SC_HSM_H_
#include <stdlib.h>
#ifndef ESP_PLATFORM
#include "common.h"
#else
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif
#include "mbedtls/rsa.h"
#include "mbedtls/ecdsa.h"
#ifndef ENABLE_EMULATION
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
#include "pico/stdlib.h"
#endif
#include "file.h"
@@ -102,20 +106,18 @@ extern const uint8_t sc_hsm_aid[];
extern int pin_reset_retries(const file_t *pin, bool);
extern int pin_wrong_retry(const file_t *pin);
extern void hash(const uint8_t *input, size_t len, uint8_t output[32]);
extern void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]);
extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]);
extern void hash(const uint8_t *input, uint16_t len, uint8_t output[32]);
extern uint16_t get_device_options();
extern bool has_session_pin, has_session_sopin;
extern uint8_t session_pin[32], session_sopin[32];
extern int check_pin(const file_t *pin, const uint8_t *data, size_t len);
extern uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len);
extern bool pka_enabled();
extern const uint8_t *dev_name;
extern size_t dev_name_len;
extern uint16_t dev_name_len;
extern uint8_t puk_status[MAX_PUK];
extern int puk_store_select_chr(const uint8_t *chr);
extern int delete_file(file_t *ef);
extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len);
extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len);
extern bool key_has_purpose(file_t *ef, uint8_t purpose);
extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey);

2
src/hsm/version.h
View File

@@ -18,7 +18,7 @@
#ifndef __VERSION_H_
#define __VERSION_H_
#define HSM_VERSION 0x0306
#define HSM_VERSION 0x0400
#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)