diff --git a/CMakeLists.txt b/CMakeLists.txt index 230e34c..5449648 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -47,6 +47,12 @@ target_sources(hsm2040 PUBLIC ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecdsa.c ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp.c ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ecp_curves.c + ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1write.c + ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/hmac_drbg.c + ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/md5.c + ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/ripemd160.c + ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha1.c + ${CMAKE_CURRENT_LIST_DIR}/shake256.c ${CMAKE_CURRENT_LIST_DIR}/neug.c ${CMAKE_CURRENT_LIST_DIR}/ec_p256k1.c @@ -82,6 +88,9 @@ target_include_directories(hsm2040 PUBLIC ) pico_add_extra_outputs(hsm2040) + +#target_compile_definitions(hsm2040 PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1) + target_link_libraries(hsm2040 PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id) # diff --git a/sc_hsm.c b/sc_hsm.c index 0cab4b8..26f3ba4 100644 --- a/sc_hsm.c +++ b/sc_hsm.c @@ -476,17 +476,26 @@ struct ec_curve_mbed_id ec_curves_mbed[] = { }; //Stores the private and public keys in flash -int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id, sc_context_t *ctx) { - int key_size = key_bits/8, r; - uint8_t *pq = (uint8_t *)calloc(1, key_size), *asn1bin; +int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) { + int r, key_size; + uint8_t *asn1bin, *kdata; size_t asn1len = 0; - file_t *fpk; - - mbedtls_mpi_write_binary(&rsa->P, pq, key_size/2); - mbedtls_mpi_write_binary(&rsa->Q, pq+key_size/2, key_size/2); - fpk = file_new((KEY_PREFIX << 8) | key_id); - r = flash_write_data_to_file(fpk, pq, key_size); - free(pq); + if (type == SC_PKCS15_TYPE_PRKEY_RSA) { + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *)key_ctx; + key_size = mbedtls_mpi_size(&rsa->P)+mbedtls_mpi_size(&rsa->Q); + kdata = (uint8_t *)calloc(1, key_size); + mbedtls_mpi_write_binary(&rsa->P, kdata, key_size/2); + mbedtls_mpi_write_binary(&rsa->Q, kdata+key_size/2, key_size/2); + } + else { + mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *)key_ctx; + key_size = mbedtls_mpi_size(&ecdsa->d); + kdata = (uint8_t *)calloc(1, key_size); + mbedtls_mpi_write_binary(&ecdsa->d, kdata, key_size); + } + file_t *fpk = file_new((KEY_PREFIX << 8) | key_id); + r = flash_write_data_to_file(fpk, kdata, key_size); + free(kdata); if (r != HSM_OK) return r; add_file_to_chain(fpk, &ef_kf); @@ -501,10 +510,13 @@ int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id, sc_con prkd->access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE | SC_PKCS15_PRKEY_ACCESS_LOCAL; prkd->native = 1; prkd->key_reference = key_id; - prkd->modulus_length = key_size; + if (type == SC_PKCS15_TYPE_PRKEY_RSA) + prkd->modulus_length = key_size; + else + prkd->field_length = key_size; p15o->data = prkd; - p15o->type = SC_PKCS15_TYPE_PRKEY_RSA; + p15o->type = SC_PKCS15_TYPE_PRKEY | (type & 0xff); r = sc_pkcs15_encode_prkdf_entry(ctx, p15o, &asn1bin, &asn1len); free(prkd); @@ -525,10 +537,14 @@ int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id, sc_con pukd->access_flags = SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; pukd->native = 1; pukd->key_reference = key_id; - pukd->modulus_length = key_size; + + if (type == SC_PKCS15_TYPE_PRKEY_RSA) + pukd->modulus_length = key_size; + else + pukd->field_length = key_size; p15o->data = pukd; - p15o->type = SC_PKCS15_TYPE_PUBKEY_RSA; + p15o->type = SC_PKCS15_TYPE_PUBKEY | (type & 0xff); r = sc_pkcs15_encode_pukdf_entry(ctx, p15o, &asn1bin, &asn1len); free(pukd); @@ -677,6 +693,30 @@ int sc_pkcs15emu_sc_hsm_encode_cvc_req(sc_pkcs15_card_t * p15card, sc_cvc_t *cvc LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); } +void cvc_init_common(sc_cvc_t *cvc) { + memset(cvc, 0, sizeof(cvc)); + + strlcpy(cvc->car, "UTCA00001", sizeof cvc->car); + strlcpy(cvc->chr, "ESHSMCVCA", sizeof cvc->chr); + strlcat(cvc->chr, "00001", sizeof cvc->chr); + strlcpy(cvc->outer_car, "ESHSM00001", sizeof(cvc->outer_car)); +} + +int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_len, uint8_t *hsh) { + uint8_t *cvcbin; + size_t cvclen; + cvc->signatureLen = sig_len; + cvc->signature = (uint8_t *)calloc(1, sig_len); + cvc->outerSignatureLen = sig_len; + cvc->outerSignature = (uint8_t *)calloc(1, sig_len); + int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(p15card, cvc, &cvcbin, &cvclen, true); + if (r != SC_SUCCESS) + return r; + hash(cvcbin, cvclen, hsh); + free(cvcbin); + return r; +} + static int cmd_keypair_gen() { uint8_t key_id = P1(apdu); uint8_t auth_key_id = P2(apdu); @@ -697,8 +737,8 @@ static int cmd_keypair_gen() { const uint8_t *ex = sc_asn1_find_tag(ctx, p, tout, 0x82, &ex_len); const uint8_t *ks = sc_asn1_find_tag(ctx, p, tout, 0x2, &ks_len); int exponent = 65537, key_size = 2048; - uint8_t *cvcbin, *cvcpo; - size_t cvclen, taglen; + uint8_t *cvcbin; + size_t cvclen; if (ex) { sc_asn1_decode_integer(ex, ex_len, &exponent, 0); } @@ -711,36 +751,26 @@ static int cmd_keypair_gen() { uint8_t index = 0; int ret = mbedtls_rsa_gen_key(&rsa, random_gen, &index, key_size, exponent); printf("ret %d\r\n",ret); + sc_cvc_t cvc; - memset(&cvc, 0, sizeof(cvc)); - - strlcpy(cvc.car, "UTCA00001", sizeof cvc.car); - strlcpy(cvc.chr, "ESHSMCVCA", sizeof cvc.chr); - strlcat(cvc.chr, "00001", sizeof cvc.chr); - strlcpy(cvc.outer_car, "ESHSM00001", sizeof(cvc.outer_car)); + cvc_init_common(&cvc); struct sc_object_id rsa15withSHA256 = { { 0,4,0,127,0,7,2,2,2,1,2,-1 } }; cvc.coefficientAorExponentlen = ex_len; - cvc.coefficientAorExponent = calloc(1, ex_len); - memcpy(cvc.coefficientAorExponent, &exponent, ex_len); + cvc.coefficientAorExponent = calloc(1, cvc.coefficientAorExponentlen); + memcpy(cvc.coefficientAorExponent, &exponent, cvc.coefficientAorExponentlen); cvc.pukoid = rsa15withSHA256; cvc.modulusSize = key_size; cvc.primeOrModuluslen = key_size/8; cvc.primeOrModulus = (uint8_t *)calloc(1, cvc.primeOrModuluslen); - cvc.signatureLen = key_size/8; - cvc.signature = (uint8_t *)calloc(1, key_size/8); - cvc.outerSignatureLen = key_size/8; - cvc.outerSignature = (uint8_t *)calloc(1, key_size/8); - mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, key_size/8); - unsigned int cla,tag; - int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, true); - uint8_t hsh[32]; - hash(cvcbin, cvclen, hsh); - ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature); - printf("ret %d\r\n"); - free(cvcbin); + mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, cvc.primeOrModuluslen); - r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false); + uint8_t hsh[32]; + cvc_prepare_signatures(&p15card, &cvc, key_size/8, hsh); + ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature); + printf("ret %d\r\n"); + + int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false); printf("r %d\r\n",r); memcpy(res_APDU, cvcbin, cvclen); free(cvcbin); @@ -750,7 +780,7 @@ static int cmd_keypair_gen() { apdu.expected_res_size = cvclen; //sc_asn1_print_tags(cvcbin, cvclen); - r = store_key_rsa(&rsa, key_size, key_id, ctx); + r = store_keys(&rsa, SC_PKCS15_TYPE_PRKEY_RSA, key_id, ctx); printf("r %d\r\n"); mbedtls_rsa_free(&rsa); @@ -774,6 +804,61 @@ static int cmd_keypair_gen() { uint8_t index = 0; int ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index); printf("ret %d\r\n",ret) ; + + uint8_t *cvcbin; + size_t cvclen; + sc_cvc_t cvc; + cvc_init_common(&cvc); + struct sc_object_id ecdsaWithSHA256 = { { 0,4,0,127,0,7,2,2,2,2,3,-1 } }; + cvc.pukoid = ecdsaWithSHA256; + + cvc.coefficientAorExponentlen = mbedtls_mpi_size(&ecdsa.grp.A); + cvc.coefficientAorExponent = calloc(1, cvc.coefficientAorExponentlen); + mbedtls_mpi_write_binary(&ecdsa.grp.A, cvc.coefficientAorExponent, cvc.coefficientAorExponentlen); + + cvc.primeOrModuluslen = mbedtls_mpi_size(&ecdsa.grp.P); + cvc.primeOrModulus = (uint8_t *)calloc(1, cvc.primeOrModuluslen); + mbedtls_mpi_write_binary(&ecdsa.grp.P, cvc.primeOrModulus, cvc.primeOrModuluslen); + + cvc.coefficientBlen = mbedtls_mpi_size(&ecdsa.grp.B); + cvc.coefficientB = (uint8_t *)calloc(1, cvc.coefficientBlen); + mbedtls_mpi_write_binary(&ecdsa.grp.B, cvc.coefficientB, cvc.coefficientBlen); + + cvc.basePointGlen = mbedtls_mpi_size(&ecdsa.grp.G.X)+mbedtls_mpi_size(&ecdsa.grp.G.Y)+mbedtls_mpi_size(&ecdsa.grp.G.Z); + cvc.basePointG = (uint8_t *)calloc(1, cvc.basePointGlen); + ret = mbedtls_ecp_point_write_binary(&ecdsa.grp, &ecdsa.grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &cvc.basePointGlen, cvc.basePointG, cvc.basePointGlen); + printf("ret wb %d\r\n",ret); + + cvc.orderlen = mbedtls_mpi_size(&ecdsa.grp.N); + cvc.order = (uint8_t *)calloc(1, cvc.orderlen); + mbedtls_mpi_write_binary(&ecdsa.grp.N, cvc.order, cvc.orderlen); + + cvc.publicPointlen = mbedtls_mpi_size(&ecdsa.Q.X)+mbedtls_mpi_size(&ecdsa.Q.Y)+mbedtls_mpi_size(&ecdsa.Q.Z); + cvc.publicPoint = (uint8_t *)calloc(1, cvc.publicPointlen); + ret = mbedtls_ecp_point_write_binary(&ecdsa.grp, &ecdsa.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &cvc.publicPointlen, cvc.publicPoint, cvc.publicPointlen); + printf("ret wb %d\r\n",ret); + + cvc.modulusSize = ec_id; //we store the ec_id in the modulusSize, used for RSA, as it is an integer + + uint8_t hsh[32]; + cvc_prepare_signatures(&p15card, &cvc, ecdsa.grp.pbits*2/8+9, hsh); + ret = mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, hsh, sizeof(hsh), cvc.signature, cvc.signatureLen, &cvc.signatureLen, NULL, NULL); + printf("ret %d\r\n"); + + int r = sc_pkcs15emu_sc_hsm_encode_cvc_req(&p15card, &cvc, &cvcbin, &cvclen, false); + printf("r %d\r\n",r); + memcpy(res_APDU, cvcbin, cvclen); + free(cvcbin); + sc_pkcs15emu_sc_hsm_free_cvc(&cvc); + free(p15card.card); + res_APDU_size = cvclen; + apdu.expected_res_size = cvclen; + //sc_asn1_print_tags(cvcbin, cvclen); + + r = store_keys(&ecdsa, SC_PKCS15_TYPE_PRKEY_EC, key_id, ctx); + printf("r %d\r\n"); + + mbedtls_ecdsa_free(&ecdsa); }