dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Merge branch 'development' into development-eddsa

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-11-06 23:11:08 +01:00
parent b94810d31d 98e9b72b42
commit ba562da00e
44 changed files with 821 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/hsm/cmd_cipher_sym.c
View File

@@ -412,20 +412,21 @@ int cmd_cipher_sym() {
res_APDU_size = keylen ? keylen : (apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : 32);
}
else if (memcmp(oid, OID_PKCS5_PBES2, oid_len) == 0) {
size_t olen = 0;
mbedtls_asn1_buf params =
{ .p = aad, .len = aad_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) };
int r = mbedtls_pkcs5_pbes2(&params,
{.p = aad, .len = aad_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
int r = mbedtls_pkcs5_pbes2_ext(&params,
algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT,
kdata,
key_size,
enc,
enc_len,
res_APDU);
res_APDU, 4096, &olen);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) {
return SW_WRONG_DATA();
}
res_APDU_size = enc_len;
res_APDU_size = olen;
}
else if (memcmp(oid, OID_KDF_X963, oid_len) == 0) {
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;

2
src/hsm/cmd_derive_asym.c
View File

@@ -88,7 +88,7 @@ int cmd_derive_asym() {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_EC, dest_id);
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != CCID_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();

6
src/hsm/cmd_initialize.c
View File

@@ -187,13 +187,13 @@ int cmd_initialize() {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
ret = store_keys(&ecdsa, HSM_KEY_EC, key_id);
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
if (ret != CCID_OK) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t cvc_len = 0;
if ((cvc_len = asn1_cvc_aut(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
if ((cvc_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
@@ -205,7 +205,7 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}
if ((cvc_len = asn1_cvc_cert(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
if ((cvc_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}

24
src/hsm/cmd_key_domain.c
View File

@@ -23,11 +23,14 @@
uint8_t get_key_domain(file_t *fkey) {
size_t tag_len = 0;
if (!file_has_data(fkey)) {
return 0xff;
}
const uint8_t *meta_tag = get_meta_tag(fkey, 0x92, &tag_len);
if (meta_tag) {
return *meta_tag;
}
return 0xff;
return 0x0;
}
int cmd_key_domain() {
@@ -65,10 +68,16 @@ int cmd_key_domain() {
}
import_dkek_share(p2, apdu.data);
if (++current_dkeks >= dkeks) {
if (save_dkek_key(p2, NULL) != CCID_OK) {
/* On fail, it will return to previous dkek state. */
import_dkek_share(p2, apdu.data);
return SW_FILE_NOT_FOUND();
int r = save_dkek_key(p2, NULL);
if (r != CCID_OK) {
if (r == CCID_NO_LOGIN) {
pending_save_dkek = p2;
}
else {
/* On fail, it will return to previous dkek state. */
import_dkek_share(p2, apdu.data);
return SW_FILE_NOT_FOUND();
}
}
}
uint8_t t[MAX_KEY_DOMAINS * 2];
@@ -94,8 +103,9 @@ int cmd_key_domain() {
return SW_WRONG_LENGTH();
}
if (p1 == 0x3) { //if key domain is not empty, command is denied
for (int i = 0; i < dynamic_files; i++) {
if (get_key_domain(&dynamic_file[i]) == p2) {
for (int i = 1; i < 256; i++) {
file_t *fkey = search_dynamic_file(KEY_PREFIX << 8 | i);
if (get_key_domain(fkey) == p2) {
return SW_FILE_EXISTS();
}
}

8
src/hsm/cmd_key_gen.c
View File

@@ -44,16 +44,16 @@ int cmd_key_gen() {
memcpy(aes_key, random_bytes_get(key_size), key_size);
int aes_type = 0x0;
if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {

20
src/hsm/cmd_key_unwrap.c
View File

@@ -35,7 +35,7 @@ int cmd_key_unwrap() {
if (key_type == 0x0) {
return SW_DATA_INVALID();
}
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
do {
@@ -45,8 +45,8 @@ int cmd_key_unwrap() {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
@@ -57,7 +57,7 @@ int cmd_key_unwrap() {
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
do {
@@ -67,7 +67,7 @@ int cmd_key_unwrap() {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_EC, key_id);
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
@@ -79,7 +79,7 @@ int cmd_key_unwrap() {
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
uint8_t aes_key[64];
int key_size = 0, aes_type = 0;
do {
@@ -95,16 +95,16 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
else {
return SW_EXEC_ERROR();

14
src/hsm/cmd_key_wrap.c
View File

@@ -67,7 +67,7 @@ int cmd_key_wrap() {
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, HSM_KEY_RSA, res_APDU, &wrap_len, meta_tag, tag_len);
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_RSA, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_rsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_ECC) {
@@ -81,7 +81,7 @@ int cmd_key_wrap() {
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, HSM_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_ecp_keypair_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
@@ -90,22 +90,22 @@ int cmd_key_wrap() {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
int key_size = file_get_size(ef), aes_type = HSM_KEY_AES;
int key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES;
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata, sizeof(kdata));

8
src/hsm/cmd_keypair_gen.c
View File

@@ -69,10 +69,10 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
if ((res_APDU_size =
asn1_cvc_aut(&rsa, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, HSM_KEY_RSA, key_id);
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
if (ret != CCID_OK) {
mbedtls_rsa_free(&rsa);
return SW_EXEC_ERROR();
@@ -146,7 +146,7 @@ int cmd_keypair_gen() {
}
}
if ((res_APDU_size =
asn1_cvc_aut(&ecdsa, HSM_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
if (ext) {
free(ext);
}
@@ -156,7 +156,7 @@ int cmd_keypair_gen() {
if (ext) {
free(ext);
}
ret = store_keys(&ecdsa, HSM_KEY_EC, key_id);
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
return SW_EXEC_ERROR();

8
src/hsm/cmd_read_binary.c
View File

@@ -88,10 +88,10 @@ int cmd_read_binary() {
return SW_WARNING_EOF();
}
uint16_t maxle = data_len - offset;
if (apdu.ne > maxle) {
apdu.ne = maxle;
}
//uint16_t maxle = data_len - offset;
//if (apdu.ne > maxle) {
// apdu.ne = maxle;
//}
memcpy(res_APDU, file_get_data(ef) + offset, data_len - offset);
res_APDU_size = data_len - offset;
}

16
src/hsm/cmd_reset_retry.c
View File

@@ -36,16 +36,15 @@ int cmd_reset_retry() {
if (P1(apdu) == 0x0 || P1(apdu) == 0x2) {
int newpin_len = 0;
if (P1(apdu) == 0x0) {
if (apdu.nc <= 8) {
uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin));
if (apdu.nc <= so_pin_len + 1) {
return SW_WRONG_LENGTH();
}
uint16_t r = check_pin(file_sopin, apdu.data, 8);
uint16_t r = check_pin(file_sopin, apdu.data, so_pin_len);
if (r != 0x9000) {
return r;
}
newpin_len = apdu.nc - 8;
has_session_sopin = true;
hash_multi(apdu.data, 8, session_sopin);
newpin_len = apdu.nc - so_pin_len;
}
else if (P1(apdu) == 0x2) {
if (!has_session_sopin) {
@@ -83,15 +82,14 @@ int cmd_reset_retry() {
return SW_COMMAND_NOT_ALLOWED();
}
if (P1(apdu) == 0x1) {
if (apdu.nc != 8) {
uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin));
if (apdu.nc != so_pin_len) {
return SW_WRONG_LENGTH();
}
uint16_t r = check_pin(file_sopin, apdu.data, 8);
uint16_t r = check_pin(file_sopin, apdu.data, so_pin_len);
if (r != 0x9000) {
return r;
}
has_session_sopin = true;
hash_multi(apdu.data, 8, session_sopin);
}
else if (P1(apdu) == 0x3) {
if (!has_session_sopin) {

38
src/hsm/cvc.c
View File

@@ -166,10 +166,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
size_t ext_len,
bool full) {
size_t pubkey_size = 0;
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
}
size_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0;
@@ -222,10 +222,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
//car
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
//pubkey
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
}
//chr
@@ -266,10 +266,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
size_t ext_len,
bool full) {
size_t key_size = 0;
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
key_size = 2 * (int)((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)->grp.id)->bit_size + 7) / 8);
}
size_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size);
@@ -289,13 +289,13 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
hash256(body, body_size, hsh);
memcpy(p, "\x5F\x37", 2); p += 2;
p += format_tlv_len(key_size, p);
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32, hsh, p) != 0) {
memset(p, 0, key_size);
}
p += key_size;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_mpi r, s;
int ret = 0;
mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
@@ -450,17 +450,17 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
size_t seq_len = 0;
const uint8_t *seq = NULL;
uint8_t first_tag = 0x0;
if (key_type & HSM_KEY_EC) {
if (key_type & PICO_KEYS_KEY_EC) {
seq = (const uint8_t *)"\x07\x20\x80";
seq_len = 3;
first_tag = 0xA0;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
seq = (const uint8_t *)"\x02\x74";
seq_len = 2;
first_tag = 0x30;
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
seq = (const uint8_t *)"\x07\xC0\x10";
seq_len = 3;
first_tag = 0xA8;
@@ -469,10 +469,10 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
size_t seq2_size =
asn1_len_tag(0x30, asn1_len_tag(0x4, keyid_len) + asn1_len_tag(0x3, seq_len));
size_t seq3_size = 0, seq4_size = 0;
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0)) + asn1_len_tag(0x2, 2)));
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
seq3_size = asn1_len_tag(0xA0, asn1_len_tag(0x30, asn1_len_tag(0x2, 2)));
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0))));
}
@@ -504,7 +504,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
memcpy(p, seq, seq_len); p += seq_len;
//Seq 3
if (key_type & HSM_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES) {
*p++ = 0xA0;
p += format_tlv_len(asn1_len_tag(0x30, asn1_len_tag(0x2, 2)), p);
*p++ = 0x30;
@@ -518,7 +518,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
//Seq 4
*p++ = 0xA1;
size_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0));
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
inseq4_len += asn1_len_tag(0x2, 2);
}
p += format_tlv_len(asn1_len_tag(0x30, inseq4_len), p);
@@ -528,7 +528,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
p += format_tlv_len(asn1_len_tag(0x4, 0), p);
*p++ = 0x4;
p += format_tlv_len(0, p);
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
*p++ = 0x2;
p += format_tlv_len(2, p);
*p++ = (keysize >> 8) & 0xff;
@@ -549,7 +549,7 @@ size_t asn1_build_prkd_ecc(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_EC,
PICO_KEYS_KEY_EC,
buf,
buf_len);
}
@@ -566,7 +566,7 @@ size_t asn1_build_prkd_rsa(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_RSA,
PICO_KEYS_KEY_RSA,
buf,
buf_len);
}
@@ -583,7 +583,7 @@ size_t asn1_build_prkd_aes(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_AES,
PICO_KEYS_KEY_AES,
buf,
buf_len);
}

33
src/hsm/kek.c
View File

@@ -36,6 +36,7 @@ extern bool has_session_pin, has_session_sopin;
extern uint8_t session_pin[32], session_sopin[32];
uint8_t mkek_mask[MKEK_KEY_SIZE];
bool has_mkek_mask = false;
uint8_t pending_save_dkek = 0xff;
#define POLY 0xedb88320
@@ -286,7 +287,7 @@ int dkek_encode_key(uint8_t id,
size_t *out_len,
const uint8_t *allowed,
size_t allowed_len) {
if (!(key_type & HSM_KEY_RSA) && !(key_type & HSM_KEY_EC) && !(key_type & HSM_KEY_AES)) {
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
return CCID_WRONG_DATA;
}
@@ -316,17 +317,17 @@ int dkek_encode_key(uint8_t id,
return r;
}
if (key_type & HSM_KEY_AES) {
if (key_type & HSM_KEY_AES_128) {
if (key_type & PICO_KEYS_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES_128) {
kb_len = 16;
}
else if (key_type & HSM_KEY_AES_192) {
else if (key_type & PICO_KEYS_KEY_AES_192) {
kb_len = 24;
}
else if (key_type & HSM_KEY_AES_256) {
else if (key_type & PICO_KEYS_KEY_AES_256) {
kb_len = 32;
}
else if (key_type & HSM_KEY_AES_512) {
else if (key_type & PICO_KEYS_KEY_AES_512) {
kb_len = 64;
}
@@ -344,7 +345,7 @@ int dkek_encode_key(uint8_t id,
algo = (uint8_t *) "\x00\x08\x60\x86\x48\x01\x65\x03\x04\x01"; //2.16.840.1.101.3.4.1 (2+8)
algo_len = 10;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) { //13 bytes pading
return CCID_WRONG_LENGTH;
}
@@ -365,7 +366,7 @@ int dkek_encode_key(uint8_t id,
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02";
algo_len = 12;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 8 + 9 * 66 + 2 + 4) + 16) { //4 bytes pading
return CCID_WRONG_LENGTH;
}
@@ -417,13 +418,13 @@ int dkek_encode_key(uint8_t id,
memcpy(out + *out_len, kcv, 8);
*out_len += 8;
if (key_type & HSM_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES) {
out[*out_len] = 15;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
out[*out_len] = 5;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
out[*out_len] = 12;
}
*out_len += 1;
@@ -457,7 +458,7 @@ int dkek_encode_key(uint8_t id,
if (kb_len < kb_len_pad) {
kb[kb_len] = 0x80;
}
r = aes_encrypt(kenc, NULL, 256, HSM_AES_MODE_CBC, kb, kb_len_pad);
r = aes_encrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, kb_len_pad);
if (r != CCID_OK) {
return r;
}
@@ -481,13 +482,13 @@ int dkek_encode_key(uint8_t id,
int dkek_type_key(const uint8_t *in) {
if (in[8] == 5 || in[8] == 6) {
return HSM_KEY_RSA;
return PICO_KEYS_KEY_RSA;
}
else if (in[8] == 12) {
return HSM_KEY_EC;
return PICO_KEYS_KEY_EC;
}
else if (in[8] == 15) {
return HSM_KEY_AES;
return PICO_KEYS_KEY_AES;
}
return 0x0;
}
@@ -584,7 +585,7 @@ int dkek_decode_key(uint8_t id,
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
memset(kb, 0, sizeof(kb));
memcpy(kb, in + ofs, in_len - 16 - ofs);
r = aes_decrypt(kenc, NULL, 256, HSM_AES_MODE_CBC, kb, in_len - 16 - ofs);
r = aes_decrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, in_len - 16 - ofs);
if (r != CCID_OK) {
return r;
}

2
src/hsm/kek.h
View File

@@ -74,4 +74,6 @@ extern mse_t mse;
extern int mse_decrypt_ct(uint8_t *, size_t);
extern uint8_t pending_save_dkek;
#endif

40
src/hsm/sc_hsm.c
View File

@@ -24,7 +24,7 @@
#include "eac.h"
#include "cvc.h"
#include "asn1.h"
#include "hsm.h"
#include "pico_keys.h"
#include "usb.h"
#include "random.h"
@@ -80,20 +80,16 @@ extern int cmd_bip_slip();
extern const uint8_t *ccid_atr;
app_t *sc_hsm_select_aid(app_t *a, const uint8_t *aid, uint8_t aid_len) {
if (!memcmp(aid, sc_hsm_aid + 1, MIN(aid_len, sc_hsm_aid[0]))) {
a->aid = sc_hsm_aid;
a->process_apdu = sc_hsm_process_apdu;
a->unload = sc_hsm_unload;
init_sc_hsm();
return a;
}
return NULL;
int sc_hsm_select_aid(app_t *a) {
a->process_apdu = sc_hsm_process_apdu;
a->unload = sc_hsm_unload;
init_sc_hsm();
return CCID_OK;
}
void __attribute__((constructor)) sc_hsm_ctor() {
ccid_atr = atr_sc_hsm;
register_app(sc_hsm_select_aid);
register_app(sc_hsm_select_aid, sc_hsm_aid);
}
void scan_files() {
@@ -289,7 +285,11 @@ bool wait_button_pressed() {
}
int parse_token_info(const file_t *f, int mode) {
#ifdef __FOR_CI
char *label = "SmartCard-HSM";
#else
char *label = "Pico-HSM";
#endif
char *manu = "Pol Henarejos";
if (mode == 1) {
uint8_t *p = res_APDU;
@@ -407,6 +407,10 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
hash_multi(data, len, session_sopin);
has_session_sopin = true;
}
if (pending_save_dkek != 0xff) {
save_dkek_key(pending_save_dkek, NULL);
pending_save_dkek = 0xff;
}
return SW_OK();
}
@@ -492,30 +496,30 @@ uint32_t decrement_key_counter(file_t *fkey) {
int store_keys(void *key_ctx, int type, uint8_t key_id) {
int r, key_size = 0;
uint8_t kdata[4096 / 8]; // worst case
if (type & HSM_KEY_RSA) {
if (type & PICO_KEYS_KEY_RSA) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q);
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2);
mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2);
}
else if (type & HSM_KEY_EC) {
else if (type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d);
kdata[0] = ecdsa->grp.id & 0xff;
mbedtls_ecp_write_key(ecdsa, kdata + 1, key_size);
key_size++;
}
else if (type & HSM_KEY_AES) {
if (type == HSM_KEY_AES_128) {
else if (type & PICO_KEYS_KEY_AES) {
if (type == PICO_KEYS_KEY_AES_128) {
key_size = 16;
}
else if (type == HSM_KEY_AES_192) {
else if (type == PICO_KEYS_KEY_AES_192) {
key_size = 24;
}
else if (type == HSM_KEY_AES_256) {
else if (type == PICO_KEYS_KEY_AES_256) {
key_size = 32;
}
else if (type == HSM_KEY_AES_512) {
else if (type == PICO_KEYS_KEY_AES_512) {
key_size = 64;
}
memcpy(kdata, key_ctx, key_size);

2
src/hsm/sc_hsm.h
View File

@@ -27,7 +27,7 @@
#endif
#include "file.h"
#include "apdu.h"
#include "hsm.h"
#include "pico_keys.h"
extern const uint8_t sc_hsm_aid[];

2
src/hsm/version.h
View File

@@ -18,7 +18,7 @@
#ifndef __VERSION_H_
#define __VERSION_H_
#define HSM_VERSION 0x0304
#define HSM_VERSION 0x0306
#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)