dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Merge branch 'master' into development-eddsa

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-08-14 13:34:40 +02:00
parent fb5be153ed 3cae928de8
commit ad18577e98
51 changed files with 1345 additions and 1083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
src/hsm/cmd_keypair_gen.c
View File

@@ -31,33 +31,23 @@ int cmd_keypair_gen() {
}
int ret = 0;
size_t tout = 0;
//sc_asn1_print_tags(apdu.data, apdu.nc);
uint8_t *p = NULL;
//DEBUG_DATA(apdu.data,apdu.nc);
if (asn1_find_tag(apdu.data, apdu.nc, 0x7f49, &tout, &p) && tout > 0 && p != NULL) {
size_t oid_len = 0;
uint8_t *oid = NULL;
if (asn1_find_tag(p, tout, 0x6, &oid_len, &oid) && oid_len > 0 && oid != NULL) {
if (memcmp(oid, OID_ID_TA_RSA_V1_5_SHA_256, oid_len) == 0) { //RSA
size_t ex_len = 3, ks_len = 2;
uint8_t *ex = NULL, *ks = NULL;
asn1_ctx_t ctxi, ctxo = { 0 };
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
if (asn1_find_tag(&ctxi, 0x7f49, &ctxo) && asn1_len(&ctxo) > 0) {
asn1_ctx_t oid = { 0 };
if (asn1_find_tag(&ctxo, 0x6, &oid) && asn1_len(&oid) > 0) {
if (memcmp(oid.data, OID_ID_TA_RSA_V1_5_SHA_256, oid.len) == 0) { //RSA
asn1_ctx_t ex = { 0 }, ks = { 0 };
uint32_t exponent = 65537, key_size = 2048;
if (asn1_find_tag(p, tout, 0x82, &ex_len, &ex) && ex_len > 0 && ex != NULL) {
uint8_t *dt = ex;
exponent = 0;
for (int i = 0; i < ex_len; i++) {
exponent = (exponent << 8) | *dt++;
}
if (asn1_find_tag(&ctxo, 0x82, &ex) && asn1_len(&ex) > 0) {
exponent = asn1_get_uint(&ex);
}
if (asn1_find_tag(p, tout, 0x2, &ks_len, &ks) && ks_len > 0 && ks != NULL) {
uint8_t *dt = ks;
key_size = 0;
for (int i = 0; i < ks_len; i++) {
key_size = (key_size << 8) | *dt++;
}
if (asn1_find_tag(&ctxo, 0x2, &ks) && asn1_len(&ks) > 0) {
key_size = asn1_get_uint(&ks);
}
printf("KEYPAIR RSA %lu (%lx)\r\n",
printf("KEYPAIR RSA %lu (%lx)\n",
(unsigned long) key_size,
(unsigned long) exponent);
mbedtls_rsa_context rsa;
@@ -69,7 +59,7 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
if ((res_APDU_size =
asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
(uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
@@ -79,13 +69,13 @@ int cmd_keypair_gen() {
}
mbedtls_rsa_free(&rsa);
}
else if (memcmp(oid, OID_ID_TA_ECDSA_SHA_256, MIN(oid_len, 10)) == 0) { //ECC
size_t prime_len;
uint8_t *prime = NULL;
if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true) {
else if (memcmp(oid.data, OID_ID_TA_ECDSA_SHA_256, MIN(oid.len, 10)) == 0) { //ECC
asn1_ctx_t prime = { 0 };
if (asn1_find_tag(&ctxo, 0x81, &prime) != true) {
return SW_WRONG_DATA();
}
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime, prime_len);
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime.data, prime.len);
printf("KEYPAIR ECC %d\n", ec_id);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
return SW_FUNC_NOT_SUPPORTED();
}
@@ -111,50 +101,47 @@ int cmd_keypair_gen() {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t l91 = 0, ext_len = 0;
uint8_t *p91 = NULL, *ext = NULL;
if (asn1_find_tag(apdu.data, apdu.nc, 0x91, &l91, &p91) && p91 != NULL && l91 > 0) {
for (int n = 0; n < l91; n++) {
if (p91[n] == ALGO_EC_DH_XKEK) {
size_t l92 = 0;
uint8_t *p92 = NULL;
if (!asn1_find_tag(apdu.data, apdu.nc, 0x92, &l92,
&p92) || p92 == NULL || l92 == 0) {
asn1_ctx_t a91 = { 0 }, ext = { 0 };
if (asn1_find_tag(&ctxi, 0x91, &a91) && asn1_len(&a91) > 0) {
for (size_t n = 0; n < a91.len; n++) {
if (a91.data[n] == ALGO_EC_DH_XKEK) {
asn1_ctx_t a92 = {0};
if (!asn1_find_tag(&ctxi, 0x92, &a92) || asn1_len(&a92) == 0) {
return SW_WRONG_DATA();
}
if (p92[0] > MAX_KEY_DOMAINS) {
if (a92.data[0] > MAX_KEY_DOMAINS) {
return SW_WRONG_DATA();
}
file_t *tf_xkek = search_dynamic_file(EF_XKEK + p92[0]);
file_t *tf_xkek = search_file(EF_XKEK + a92.data[0]);
if (!tf_xkek) {
return SW_WRONG_DATA();
}
ext_len = 2 + 2 + strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size(
ext.len = 2 + 2 + (uint16_t)strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size(
tf_xkek);
ext = (uint8_t *) calloc(1, ext_len);
uint8_t *pe = ext;
ext.data = (uint8_t *) calloc(1, ext.len);
uint8_t *pe = ext.data;
*pe++ = 0x73;
*pe++ = ext_len - 2;
*pe++ = (uint8_t)ext.len - 2;
*pe++ = 0x6;
*pe++ = strlen(OID_ID_KEY_DOMAIN_UID);
*pe++ = (uint8_t)strlen(OID_ID_KEY_DOMAIN_UID);
memcpy(pe, OID_ID_KEY_DOMAIN_UID, strlen(OID_ID_KEY_DOMAIN_UID));
pe += strlen(OID_ID_KEY_DOMAIN_UID);
*pe++ = 0x80;
*pe++ = file_get_size(tf_xkek);
*pe++ = (uint8_t)file_get_size(tf_xkek);
memcpy(pe, file_get_data(tf_xkek), file_get_size(tf_xkek));
}
}
}
if ((res_APDU_size =
asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
if (ext) {
free(ext);
(uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
if (ext.data) {
free(ext.data);
}
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
if (ext) {
free(ext);
if (ext.data) {
free(ext.data);
}
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
@@ -172,7 +159,7 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);
ret = flash_write_data_to_file(fpk, res_APDU, res_APDU_size);
ret = file_put_data(fpk, res_APDU, res_APDU_size);
if (ret != 0) {
return SW_EXEC_ERROR();
}