dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Adding ECC storing keygen.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-02-22 13:22:09 +01:00
parent a28f217c57
commit f97555a8da
2 changed files with 132 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CMakeLists.txt
View File

@@ -47,6 +47,12 @@ target_sources(hsm2040 PUBLIC
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecdsa.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp_curves.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1write.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/hmac_drbg.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/md5.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ripemd160.c
${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha1.c
${CMAKE_CURRENT_LIST_DIR}/shake256.c
${CMAKE_CURRENT_LIST_DIR}/neug.c
${CMAKE_CURRENT_LIST_DIR}/ec_p256k1.c
@@ -82,6 +88,9 @@ target_include_directories(hsm2040 PUBLIC
)
pico_add_extra_outputs(hsm2040)
#target_compile_definitions(hsm2040 PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
target_link_libraries(hsm2040 PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id)
#

161
sc_hsm.c
View File

@@ -476,17 +476,26 @@ struct ec_curve_mbed_id ec_curves_mbed[] = {
};
//Stores the private and public keys in flash
int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id, sc_context_t *ctx) {
int key_size = key_bits/8, r;
uint8_t *pq = (uint8_t *)calloc(1, key_size), *asn1bin;
int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
int r, key_size;
uint8_t *asn1bin, *kdata;
size_t asn1len = 0;
file_t *fpk;
mbedtls_mpi_write_binary(&rsa->P, pq, key_size/2);
mbedtls_mpi_write_binary(&rsa->Q, pq+key_size/2, key_size/2);
fpk = file_new((KEY_PREFIX << 8) | key_id);
r = flash_write_data_to_file(fpk, pq, key_size);
free(pq);
if (type == SC_PKCS15_TYPE_PRKEY_RSA) {
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *)key_ctx;
key_size = mbedtls_mpi_size(&rsa->P)+mbedtls_mpi_size(&rsa->Q);
kdata = (uint8_t *)calloc(1, key_size);
mbedtls_mpi_write_binary(&rsa->P, kdata, key_size/2);
mbedtls_mpi_write_binary(&rsa->Q, kdata+key_size/2, key_size/2);
}
else {
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *)key_ctx;
key_size = mbedtls_mpi_size(&ecdsa->d);
kdata = (uint8_t *)calloc(1, key_size);
mbedtls_mpi_write_binary(&ecdsa->d, kdata, key_size);
}
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
r = flash_write_data_to_file(fpk, kdata, key_size);
free(kdata);
if (r != HSM_OK)
return r;
add_file_to_chain(fpk, &ef_kf);
@@ -501,10 +510,13 @@ int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id, sc_con
prkd->access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE | SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkd->native = 1;
prkd->key_reference = key_id;
prkd->modulus_length = key_size;
if (type == SC_PKCS15_TYPE_PRKEY_RSA)
prkd->modulus_length = key_size;
else
prkd->field_length = key_size;
p15o->data = prkd;
p15o->type = SC_PKCS15_TYPE_PRKEY_RSA;
p15o->type = SC_PKCS15_TYPE_PRKEY | (type & 0xff);
r = sc_pkcs15_encode_prkdf_entry(ctx, p15o, &asn1bin, &asn1len);
free(prkd);
@@ -525,10 +537,14 @@ int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id, sc_con
pukd->access_flags = SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE;
pukd->native = 1;
pukd->key_reference = key_id;
pukd->modulus_length = key_size;
if (type == SC_PKCS15_TYPE_PRKEY_RSA)
pukd->modulus_length = key_size;
else
pukd->field_length = key_size;
p15o->data = pukd;
p15o->type = SC_PKCS15_TYPE_PUBKEY_RSA;
p15o->type = SC_PKCS15_TYPE_PUBKEY | (type & 0xff);
r = sc_pkcs15_encode_pukdf_entry(ctx, p15o, &asn1bin, &asn1len);
free(pukd);
@@ -677,6 +693,30 @@ int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
}
void cvc_init_common(sc_cvc_t *cvc) {
memset(cvc, 0, sizeof(cvc));
strlcpy(cvc->car, "UTCA00001", sizeof cvc->car);
strlcpy(cvc->chr, "ESHSMCVCA", sizeof cvc->chr);
strlcat(cvc->chr, "00001", sizeof cvc->chr);
strlcpy(cvc->outer_car, "ESHSM00001", sizeof(cvc->outer_car));
}
int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_len, uint8_t *hsh) {
uint8_t *cvcbin;
size_t cvclen;
cvc->signatureLen = sig_len;
cvc->signature = (uint8_t *)calloc(1, sig_len);
cvc->outerSignatureLen = sig_len;
cvc->outerSignature = (uint8_t *)calloc(1, sig_len);
int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(p15card, cvc, &cvcbin, &cvclen, true);
if (r != SC_SUCCESS)
return r;
hash(cvcbin, cvclen, hsh);
free(cvcbin);
return r;
}
static int cmd_keypair_gen() {
uint8_t key_id = P1(apdu);
uint8_t auth_key_id = P2(apdu);
@@ -697,8 +737,8 @@ static int cmd_keypair_gen() {
const uint8_t *ex = sc_asn1_find_tag(ctx, p, tout, 0x82, &ex_len);
const uint8_t *ks = sc_asn1_find_tag(ctx, p, tout, 0x2, &ks_len);
int exponent = 65537, key_size = 2048;
uint8_t *cvcbin, *cvcpo;
size_t cvclen, taglen;
uint8_t *cvcbin;
size_t cvclen;
if (ex) {
sc_asn1_decode_integer(ex, ex_len, &exponent, 0);
}
@@ -711,36 +751,26 @@ static int cmd_keypair_gen() {
uint8_t index = 0;
int ret = mbedtls_rsa_gen_key(&rsa, random_gen, &index, key_size, exponent);
printf("ret %d\r\n",ret);
sc_cvc_t cvc;
memset(&cvc, 0, sizeof(cvc));
strlcpy(cvc.car, "UTCA00001", sizeof cvc.car);
strlcpy(cvc.chr, "ESHSMCVCA", sizeof cvc.chr);
strlcat(cvc.chr, "00001", sizeof cvc.chr);
strlcpy(cvc.outer_car, "ESHSM00001", sizeof(cvc.outer_car));
cvc_init_common(&cvc);
struct sc_object_id rsa15withSHA256 = { { 0,4,0,127,0,7,2,2,2,1,2,-1 } };
cvc.coefficientAorExponentlen = ex_len;
cvc.coefficientAorExponent = calloc(1, ex_len);
memcpy(cvc.coefficientAorExponent, &exponent, ex_len);
cvc.coefficientAorExponent = calloc(1, cvc.coefficientAorExponentlen);
memcpy(cvc.coefficientAorExponent, &exponent, cvc.coefficientAorExponentlen);
cvc.pukoid = rsa15withSHA256;
cvc.modulusSize = key_size;
cvc.primeOrModuluslen = key_size/8;
cvc.primeOrModulus = (uint8_t *)calloc(1, cvc.primeOrModuluslen);
cvc.signatureLen = key_size/8;
cvc.signature = (uint8_t *)calloc(1, key_size/8);
cvc.outerSignatureLen = key_size/8;
cvc.outerSignature = (uint8_t *)calloc(1, key_size/8);
mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, key_size/8);
unsigned int cla,tag;
int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, true);
uint8_t hsh[32];
hash(cvcbin, cvclen, hsh);
ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature);
printf("ret %d\r\n");
free(cvcbin);
mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, cvc.primeOrModuluslen);
r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false);
uint8_t hsh[32];
cvc_prepare_signatures(&p15card, &cvc, key_size/8, hsh);
ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature);
printf("ret %d\r\n");
int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false);
printf("r %d\r\n",r);
memcpy(res_APDU, cvcbin, cvclen);
free(cvcbin);
@@ -750,7 +780,7 @@ static int cmd_keypair_gen() {
apdu.expected_res_size = cvclen;
//sc_asn1_print_tags(cvcbin, cvclen);
r = store_key_rsa(&rsa, key_size, key_id, ctx);
r = store_keys(&rsa, SC_PKCS15_TYPE_PRKEY_RSA, key_id, ctx);
printf("r %d\r\n");
mbedtls_rsa_free(&rsa);
@@ -774,6 +804,61 @@ static int cmd_keypair_gen() {
uint8_t index = 0;
int ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index);
printf("ret %d\r\n",ret) ;
uint8_t *cvcbin;
size_t cvclen;
sc_cvc_t cvc;
cvc_init_common(&cvc);
struct sc_object_id ecdsaWithSHA256 = { { 0,4,0,127,0,7,2,2,2,2,3,-1 } };
cvc.pukoid = ecdsaWithSHA256;
cvc.coefficientAorExponentlen = mbedtls_mpi_size(&ecdsa.grp.A);
cvc.coefficientAorExponent = calloc(1, cvc.coefficientAorExponentlen);
mbedtls_mpi_write_binary(&ecdsa.grp.A, cvc.coefficientAorExponent, cvc.coefficientAorExponentlen);
cvc.primeOrModuluslen = mbedtls_mpi_size(&ecdsa.grp.P);
cvc.primeOrModulus = (uint8_t *)calloc(1, cvc.primeOrModuluslen);
mbedtls_mpi_write_binary(&ecdsa.grp.P, cvc.primeOrModulus, cvc.primeOrModuluslen);
cvc.coefficientBlen = mbedtls_mpi_size(&ecdsa.grp.B);
cvc.coefficientB = (uint8_t *)calloc(1, cvc.coefficientBlen);
mbedtls_mpi_write_binary(&ecdsa.grp.B, cvc.coefficientB, cvc.coefficientBlen);
cvc.basePointGlen = mbedtls_mpi_size(&ecdsa.grp.G.X)+mbedtls_mpi_size(&ecdsa.grp.G.Y)+mbedtls_mpi_size(&ecdsa.grp.G.Z);
cvc.basePointG = (uint8_t *)calloc(1, cvc.basePointGlen);
ret = mbedtls_ecp_point_write_binary(&ecdsa.grp, &ecdsa.grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &cvc.basePointGlen, cvc.basePointG, cvc.basePointGlen);
printf("ret wb %d\r\n",ret);
cvc.orderlen = mbedtls_mpi_size(&ecdsa.grp.N);
cvc.order = (uint8_t *)calloc(1, cvc.orderlen);
mbedtls_mpi_write_binary(&ecdsa.grp.N, cvc.order, cvc.orderlen);
cvc.publicPointlen = mbedtls_mpi_size(&ecdsa.Q.X)+mbedtls_mpi_size(&ecdsa.Q.Y)+mbedtls_mpi_size(&ecdsa.Q.Z);
cvc.publicPoint = (uint8_t *)calloc(1, cvc.publicPointlen);
ret = mbedtls_ecp_point_write_binary(&ecdsa.grp, &ecdsa.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &cvc.publicPointlen, cvc.publicPoint, cvc.publicPointlen);
printf("ret wb %d\r\n",ret);
cvc.modulusSize = ec_id; //we store the ec_id in the modulusSize, used for RSA, as it is an integer
uint8_t hsh[32];
cvc_prepare_signatures(&p15card, &cvc, ecdsa.grp.pbits*2/8+9, hsh);
ret = mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, hsh, sizeof(hsh), cvc.signature, cvc.signatureLen, &cvc.signatureLen, NULL, NULL);
printf("ret %d\r\n");
int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false);
printf("r %d\r\n",r);
memcpy(res_APDU, cvcbin, cvclen);
free(cvcbin);
sc_pkcs15emu_sc_hsm_free_cvc(&cvc);
free(p15card.card);
res_APDU_size = cvclen;
apdu.expected_res_size = cvclen;
//sc_asn1_print_tags(cvcbin, cvclen);
r = store_keys(&ecdsa, SC_PKCS15_TYPE_PRKEY_EC, key_id, ctx);
printf("r %d\r\n");
mbedtls_ecdsa_free(&ecdsa);
}