Splitting cmd_xxx() functions in separate files.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

src/hsm/cmd_general_authenticate.c

@@ -0,0 +1,98 @@
+/* 
+ * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
+ * Copyright (c) 2022 Pol Henarejos.
+ * 
+ * This program is free software: you can redistribute it and/or modify  
+ * it under the terms of the GNU General Public License as published by  
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but 
+ * WITHOUT ANY WARRANTY; without even the implied warranty of 
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License 
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "common.h"
+#include "mbedtls/ecdh.h"
+#include "asn1.h"
+#include "sc_hsm.h"
+#include "random.h"
+#include "cvcerts.h"
+#include "oid.h"
+#include "eac.h"
+
+int cmd_general_authenticate() {
+    if (P1(apdu) == 0x0 && P2(apdu) == 0x0) {
+        if (apdu.data[0] == 0x7C) {
+            int r = 0;
+            size_t pubkey_len = 0;
+            const uint8_t *pubkey = NULL;
+            uint16_t tag = 0x0;
+            uint8_t *tag_data = NULL, *p = NULL;
+            size_t tag_len = 0;    
+            while (walk_tlv(apdu.data+2, apdu.nc-2, &p, &tag, &tag_len, &tag_data)) {
+                if (tag == 0x80) {
+                    pubkey = tag_data-1; //mbedtls ecdh starts reading one pos before
+                    pubkey_len = tag_len+1;
+                }
+            }
+            mbedtls_ecdh_context ctx;
+            int key_size = file_read_uint16(termca_pk);
+            mbedtls_ecdh_init(&ctx);
+            mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP192R1;
+            r = mbedtls_ecdh_setup(&ctx, gid);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_DATA_INVALID();
+            }
+            r = mbedtls_mpi_read_binary(&ctx.ctx.mbed_ecdh.d, termca_pk+2, key_size);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_DATA_INVALID();
+            }
+            r = mbedtls_ecdh_read_public(&ctx, pubkey, pubkey_len);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_DATA_INVALID();
+            }
+            size_t olen = 0;
+            uint8_t derived[MBEDTLS_ECP_MAX_BYTES];
+            r = mbedtls_ecdh_calc_secret(&ctx, &olen, derived, MBEDTLS_ECP_MAX_BYTES, random_gen, NULL);
+            mbedtls_ecdh_free(&ctx);
+            if (r != 0) {
+                return SW_EXEC_ERROR();
+            }
+
+            sm_derive_all_keys(derived, olen);
+            
+            uint8_t *t = (uint8_t *)calloc(1, pubkey_len+16);
+            memcpy(t, "\x7F\x49\x3F\x06\x0A", 5);
+            if (sm_get_protocol() == MSE_AES)
+                memcpy(t+5, OID_ID_CA_ECDH_AES_CBC_CMAC_128, 10);
+            else if (sm_get_protocol() == MSE_3DES)
+                memcpy(t+5, OID_ID_CA_ECDH_3DES_CBC_CBC, 10);
+            t[15] = 0x86;
+            memcpy(t+16, pubkey, pubkey_len);
+            
+            res_APDU[res_APDU_size++] = 0x7C;
+            res_APDU[res_APDU_size++] = 20;
+            res_APDU[res_APDU_size++] = 0x81;
+            res_APDU[res_APDU_size++] = 8;
+            memcpy(res_APDU+res_APDU_size, sm_get_nonce(), 8);
+            res_APDU_size += 8;
+            res_APDU[res_APDU_size++] = 0x82;
+            res_APDU[res_APDU_size++] = 8;
+            
+            r = sm_sign(t, pubkey_len+16, res_APDU+res_APDU_size);
+            
+            free(t);
+            if (r != CCID_OK) 
+                return SW_EXEC_ERROR();
+            res_APDU_size += 8;
+        }
+    }
+    return SW_OK();
+}