dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Removing stuff with old read/write. Currently OPENPGP does not work and it won't until we finish the migration.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-02-07 11:14:33 +01:00
parent 0c43939de2
commit bb5da16da6
1 changed files with 44 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
openpgp-do.c
View File

@@ -50,7 +50,8 @@ static const uint8_t *pw_err_counter_p[3];
static int
gpg_pw_get_err_counter (uint8_t which)
{
return flash_cnt123_get_value (pw_err_counter_p[which]);
//return flash_cnt123_get_value (pw_err_counter_p[which]);
return 3;
}
int
@@ -76,7 +77,7 @@ gpg_pw_locked (uint8_t which)
void
gpg_pw_reset_err_counter (uint8_t which)
{
flash_cnt123_clear (&pw_err_counter_p[which]);
//flash_cnt123_clear (&pw_err_counter_p[which]);
if (pw_err_counter_p[which] != NULL)
GPG_MEMORY_FAILURE ();
}
@@ -84,7 +85,7 @@ gpg_pw_reset_err_counter (uint8_t which)
void
gpg_pw_increment_err_counter (uint8_t which)
{
flash_cnt123_increment (which, &pw_err_counter_p[which]);
//flash_cnt123_increment (which, &pw_err_counter_p[which]);
}
@@ -385,15 +386,15 @@ gpg_write_digital_signature_counter (const uint8_t *p, uint32_t dsc)
if ((dsc >> 10) == 0)
{ /* no upper bits */
hw1 = NR_COUNTER_DS_LSB | ((dsc & 0x0300) >> 8) | ((dsc & 0x00ff) << 8);
flash_put_data_internal (p, hw1);
//flash_put_data_internal (p, hw1);
return p+2;
}
else
{
hw0 = NR_COUNTER_DS | ((dsc & 0xfc0000) >> 18) | ((dsc & 0x03fc00) >> 2);
hw1 = NR_COUNTER_DS_LSB | ((dsc & 0x0300) >> 8) | ((dsc & 0x00ff) << 8);
flash_put_data_internal (p, hw0);
flash_put_data_internal (p+2, hw1);
//flash_put_data_internal (p, hw0);
//flash_put_data_internal (p+2, hw1);
return p+4;
}
}
@@ -403,8 +404,8 @@ gpg_reset_digital_signature_counter (void)
{
if (digital_signature_counter != 0)
{
flash_put_data (NR_COUNTER_DS);
flash_put_data (NR_COUNTER_DS_LSB);
//flash_put_data (NR_COUNTER_DS);
//flash_put_data (NR_COUNTER_DS_LSB);
digital_signature_counter = 0;
}
}
@@ -419,13 +420,13 @@ gpg_increment_digital_signature_counter (void)
{ /* carry occurs from l10 to h14 */
hw0 = NR_COUNTER_DS | ((dsc & 0xfc0000) >> 18) | ((dsc & 0x03fc00) >> 2);
hw1 = NR_COUNTER_DS_LSB; /* zero */
flash_put_data (hw0);
flash_put_data (hw1);
//flash_put_data (hw0);
//flash_put_data (hw1);
}
else
{
hw1 = NR_COUNTER_DS_LSB | ((dsc & 0x0300) >> 8) | ((dsc & 0x00ff) << 8);
flash_put_data (hw1);
//flash_put_data (hw1);
}
digital_signature_counter = dsc;
@@ -657,6 +658,7 @@ do_kgtime_all (uint16_t tag, int with_tag)
}
const uint8_t openpgpcard_aid[] = {
14, //len
0xd2, 0x76, /* D: National, 276: DEU ISO 3166-1 */
0x00, 0x01, 0x24, /* Registered Application Provider Identifier */
0x01, /* Application: OpenPGPcard */
@@ -665,6 +667,11 @@ const uint8_t openpgpcard_aid[] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* To be overwritten */
};
const uint8_t sc_hsm_aid[] = {
11,
0xE8,0x2B,0x06,0x01,0x04,0x01,0x81,0xC3,0x1F,0x02,0x01
};
static void
do_openpgpcard_aid (uint16_t tag, int with_tag)
{
@@ -765,13 +772,13 @@ rw_pw_status (uint16_t tag, int with_tag,
/* The first byte of DATA specifies the lifetime. */
if (data[0] == 0 && pw1_lifetime_p != NULL)
{
flash_bool_clear (&pw1_lifetime_p);
//flash_bool_clear (&pw1_lifetime_p);
if (pw1_lifetime_p != NULL) /* No change after update */
return 0;
}
else if (pw1_lifetime_p == NULL)
{
pw1_lifetime_p = flash_bool_write (NR_BOOL_PW1_LIFETIME);
//pw1_lifetime_p = flash_bool_write (NR_BOOL_PW1_LIFETIME);
if (pw1_lifetime_p == NULL) /* No change after update */
return 0;
}
@@ -846,7 +853,7 @@ rw_algorithm_attr (uint16_t tag, int with_tag,
gpg_reset_algo_attr (kk);
/* Read it again, since GC may occur. */
algo_attr_pp = get_algo_attr_pointer (kk);
flash_enum_clear (algo_attr_pp);
//flash_enum_clear (algo_attr_pp);
if (*algo_attr_pp != NULL)
return 0;
}
@@ -856,9 +863,9 @@ rw_algorithm_attr (uint16_t tag, int with_tag,
gpg_reset_algo_attr (kk);
/* Read it again, since GC may occur. */
algo_attr_pp = get_algo_attr_pointer (kk);
if (*algo_attr_pp)
flash_enum_clear (algo_attr_pp);
*algo_attr_pp = flash_enum_write (kk_to_nr (kk), algo);
//if (*algo_attr_pp)
// flash_enum_clear (algo_attr_pp);
//*algo_attr_pp = flash_enum_write (kk_to_nr (kk), algo);
if (*algo_attr_pp == NULL)
return 0;
}
@@ -985,8 +992,8 @@ rw_kdf (uint16_t tag, int with_tag, const uint8_t *data, int len, int is_write)
&& data[42] == 0x87 && data[76] == 0x88))))
return 0;
if (*do_data_p)
flash_do_release (*do_data_p);
//if (*do_data_p)
//flash_do_release (*do_data_p);
/* Clear all keystrings and auth states */
gpg_do_write_simple (NR_DO_KEYSTRING_PW1, NULL, 0);
@@ -1003,7 +1010,7 @@ rw_kdf (uint16_t tag, int with_tag, const uint8_t *data, int len, int is_write)
}
else
{
*do_data_p = flash_do_write (NR_DO_KDF, data, len);
//*do_data_p = flash_do_write (NR_DO_KDF, data, len);
if (*do_data_p)
return 1;
else
@@ -1325,20 +1332,20 @@ gpg_do_delete_prvkey (enum kind_of_key kk, int clean_page_full)
if (do_data == NULL)
{
if (clean_page_full)
flash_key_release_page (kk);
// if (clean_page_full)
//flash_key_release_page (kk);
return;
}
do_ptr[nr] = NULL;
flash_do_release (do_data);
//flash_do_release (do_data);
key_addr = (uint8_t *)kd[kk].pubkey - prvkey_len;
kd[kk].pubkey = NULL;
if (clean_page_full)
/*if (clean_page_full)
flash_key_release_page (kk);
else
flash_key_release (key_addr, key_size);
*/
if (admin_authorized == BY_ADMIN && kk == GPG_KEY_FOR_SIGNING)
{ /* Recover admin keystring DO. */
const uint8_t *ks_pw3 = gpg_do_read_simple (NR_DO_KEYSTRING_PW3);
@@ -1455,7 +1462,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data,
}
DEBUG_INFO ("Getting keystore address...\r\n");
key_addr = flash_key_alloc (kk);
//key_addr = flash_key_alloc (kk);
if (key_addr == NULL)
return -1;
@@ -1515,7 +1522,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data,
else
memset (pd->dek_encrypted_3, 0, DATA_ENCRYPTION_KEY_SIZE);
p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
//p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
do_ptr[nr] = p;
random_bytes_free (dek);
@@ -1592,9 +1599,9 @@ gpg_do_chks_prvkey (enum kind_of_key kk,
{
const uint8_t *p;
flash_do_release (do_data);
//flash_do_release (do_data);
do_ptr[nr] = NULL;
p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
//p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
do_ptr[nr] = p;
if (p == NULL)
r = -1;
@@ -2002,7 +2009,7 @@ gpg_data_scan (const uint8_t *do_start, const uint8_t *do_end)
}
}
flash_set_data_pool_last (p);
//flash_set_data_pool_last (p);
num_prv_keys = 0;
if (do_ptr[NR_DO_PRVKEY_SIG] != NULL)
@@ -2037,79 +2044,6 @@ gpg_data_scan (const uint8_t *do_start, const uint8_t *do_end)
digital_signature_counter = (dsc_h14 << 10) | dsc_l10;
}
/*
* Write all data to newly allocated Flash ROM page (from P_START),
* updating PW1_LIFETIME_P, PW_ERR_COUNTER_P, and DO_PTR.
* Called by flash_copying_gc.
*/
void
gpg_data_copy (const uint8_t *p_start)
{
const uint8_t *p;
int i;
int v;
p = gpg_write_digital_signature_counter (p_start, digital_signature_counter);
if (pw1_lifetime_p != NULL)
{
flash_bool_write_internal (p, NR_BOOL_PW1_LIFETIME);
pw1_lifetime_p = p;
p += 2;
}
if (algo_attr_sig_p != NULL)
{
flash_enum_write_internal (p, NR_KEY_ALGO_ATTR_SIG, algo_attr_sig_p[1]);
algo_attr_sig_p = p;
p += 2;
}
if (algo_attr_dec_p != NULL)
{
flash_enum_write_internal (p, NR_KEY_ALGO_ATTR_DEC, algo_attr_dec_p[1]);
algo_attr_dec_p = p;
p += 2;
}
if (algo_attr_aut_p != NULL)
{
flash_enum_write_internal (p, NR_KEY_ALGO_ATTR_AUT, algo_attr_aut_p[1]);
algo_attr_aut_p = p;
p += 2;
}
for (i = 0; i < 3; i++)
if ((v = flash_cnt123_get_value (pw_err_counter_p[i])) != 0)
{
flash_cnt123_write_internal (p, i, v);
pw_err_counter_p[i] = p + 2;
p += 4;
}
for (i = 0; i < 3; i++)
if ((v = (uif_flags >> (i * 2)) & 3))
{
flash_enum_write_internal (p, NR_DO_UIF_SIG + i, v);
p += 2;
}
data_objects_number_of_bytes = 0;
for (i = 0; i < NR_DO__LAST__; i++)
if (do_ptr[i] != NULL)
{
const uint8_t *do_data = do_ptr[i];
int len = do_data[0];
flash_do_write_internal (p, i, &do_data[1], len);
do_ptr[i] = p + 1;
p += 2 + ((len + 1) & ~1);
data_objects_number_of_bytes += len;
}
flash_set_data_pool_last (p);
}
static const struct do_table_entry *
get_do_entry (uint16_t tag)
{
@@ -2236,7 +2170,7 @@ gpg_do_get_data (uint16_t tag, int with_tag)
#if defined(CERTDO_SUPPORT)
if (tag == GPG_DO_CH_CERTIFICATE)
{
apdu.res_apdu_data = (uint8_t *)ch_certificate_start;
//apdu.res_apdu_data = (uint8_t *)ch_certificate_start;
apdu.res_apdu_data_len = ((apdu.res_apdu_data[2] << 8) | apdu.res_apdu_data[3]);
if (apdu.res_apdu_data_len == 0xffff)
{
@@ -2300,8 +2234,8 @@ gpg_do_put_data (uint16_t tag, const uint8_t *data, int len)
{
const uint8_t **do_data_p = (const uint8_t **)do_p->obj;
if (*do_data_p)
flash_do_release (*do_data_p);
// if (*do_data_p)
// flash_do_release (*do_data_p);
if (len == 0)
{
@@ -2320,7 +2254,7 @@ gpg_do_put_data (uint16_t tag, const uint8_t *data, int len)
else
{
*do_data_p = NULL;
*do_data_p = flash_do_write (nr, data, len);
//*do_data_p = flash_do_write (nr, data, len);
if (*do_data_p)
GPG_SUCCESS ();
else
@@ -2476,13 +2410,13 @@ gpg_do_write_simple (uint8_t nr, const uint8_t *data, int size)
const uint8_t **do_data_p;
do_data_p = (const uint8_t **)&do_ptr[nr];
if (*do_data_p)
flash_do_release (*do_data_p);
//if (*do_data_p)
// flash_do_release (*do_data_p);
if (data != NULL)
{
*do_data_p = NULL;
*do_data_p = flash_do_write (nr, data, size);
//*do_data_p = flash_do_write (nr, data, size);
if (*do_data_p == NULL)
flash_warning ("DO WRITE ERROR");
}