dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Adding signature to public file.

Browse Source 
Storing private key in disk.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-02-21 00:27:53 +01:00
parent ecfeb63273
commit fe429bf5af
2 changed files with 47 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
sc_hsm.c
View File

@@ -148,9 +148,14 @@ static int cmd_select() {
static int cmd_list_keys() static int cmd_list_keys()
{ {
static uint16_t r[] = { KEY_PREFIX | 0x100, KEY_PREFIX | 0x200, DCOD_PREFIX | 0x100, CD_PREFIX | 0x300 }; for (file_chain_t *fc = ef_prkdf; fc; fc = fc->next) {
res_APDU = (uint8_t *)r; res_APDU[res_APDU_size++] = KEY_PREFIX;
res_APDU_size = sizeof(r); res_APDU[res_APDU_size++] = fc->file->fid & 0xff;
}
for (file_chain_t *fc = ef_cdf; fc; fc = fc->next) {
res_APDU[res_APDU_size++] = CD_PREFIX;
res_APDU[res_APDU_size++] = fc->file->fid & 0xff;
}
return SW_OK(); return SW_OK();
} }
@@ -321,7 +326,7 @@ static int cmd_initialize() {
uint8_t dhash[32]; uint8_t dhash[32];
double_hash_pin(p, tag_len, dhash); double_hash_pin(p, tag_len, dhash);
flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); flash_write_data_to_file(file_pin1, dhash, sizeof(dhash));
hash(p, tag_len, session_pin); hash_multi(p, tag_len, session_pin);
has_session_pin = true; has_session_pin = true;
} }
} }
@@ -330,7 +335,7 @@ static int cmd_initialize() {
uint8_t dhash[32]; uint8_t dhash[32];
double_hash_pin(p, tag_len, dhash); double_hash_pin(p, tag_len, dhash);
flash_write_data_to_file(file_sopin, dhash, sizeof(dhash)); flash_write_data_to_file(file_sopin, dhash, sizeof(dhash));
hash(p, tag_len, session_sopin); hash_multi(p, tag_len, session_sopin);
has_session_sopin = true; has_session_sopin = true;
} }
} }
@@ -364,13 +369,13 @@ static int cmd_initialize() {
void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) { void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) {
uint8_t o1[32]; uint8_t o1[32];
hash(pin, len, o1); hash_multi(pin, len, o1);
for (int i = 0; i < sizeof(o1); i++) for (int i = 0; i < sizeof(o1); i++)
o1[i] ^= pin[i%len]; o1[i] ^= pin[i%len];
hash(o1, sizeof(o1), output); hash_multi(o1, sizeof(o1), output);
} }
void hash(const uint8_t *input, size_t len, uint8_t output[32]) void hash_multi(const uint8_t *input, size_t len, uint8_t output[32])
{ {
mbedtls_sha256_context ctx; mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx); mbedtls_sha256_init(&ctx);
@@ -390,6 +395,18 @@ void hash(const uint8_t *input, size_t len, uint8_t output[32])
mbedtls_sha256_free (&ctx); mbedtls_sha256_free (&ctx);
} }
void hash(const uint8_t *input, size_t len, uint8_t output[32])
{
mbedtls_sha256_context ctx;
mbedtls_sha256_init(&ctx);
mbedtls_sha256_starts (&ctx, 0);
mbedtls_sha256_update (&ctx, input, len);
mbedtls_sha256_finish (&ctx, output);
mbedtls_sha256_free (&ctx);
}
static int cmd_import_dkek() { static int cmd_import_dkek() {
if (dkeks == 0) if (dkeks == 0)
return SW_COMMAND_NOT_ALLOWED(); return SW_COMMAND_NOT_ALLOWED();
@@ -446,9 +463,12 @@ int store_key_rsa(mbedtls_rsa_context *rsa, int key_bits, uint8_t key_id) /*in b
mbedtls_mpi_write_binary(&rsa->Q, pq+key_size/2, key_size/2); mbedtls_mpi_write_binary(&rsa->Q, pq+key_size/2, key_size/2);
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id); file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
int r = flash_write_data_to_file(fpk, pq, key_size); int r = flash_write_data_to_file(fpk, pq, key_size);
free(pq);
if (r != HSM_OK) if (r != HSM_OK)
return r; return r;
add_file_to_chain(fpk, &ef_prkdf); add_file_to_chain(fpk, &ef_prkdf);
low_flash_available();
return HSM_OK;
} }
sc_context_t *create_context() { sc_context_t *create_context() {
@@ -465,6 +485,9 @@ static int cmd_keypair_gen() {
uint8_t key_id = P1(apdu); uint8_t key_id = P1(apdu);
uint8_t auth_key_id = P2(apdu); uint8_t auth_key_id = P2(apdu);
sc_context_t *ctx = create_context(); sc_context_t *ctx = create_context();
struct sc_pkcs15_card p15card;
p15card.card = (sc_card_t *)malloc(sizeof(sc_card_t));
p15card.card->ctx = ctx;
size_t tout = 0; size_t tout = 0;
sc_asn1_print_tags(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); sc_asn1_print_tags(apdu.cmd_apdu_data, apdu.cmd_apdu_data_len);
@@ -478,6 +501,8 @@ static int cmd_keypair_gen() {
const uint8_t *ex = sc_asn1_find_tag(ctx, p, tout, 0x82, &ex_len); const uint8_t *ex = sc_asn1_find_tag(ctx, p, tout, 0x82, &ex_len);
const uint8_t *ks = sc_asn1_find_tag(ctx, p, tout, 0x2, &ks_len); const uint8_t *ks = sc_asn1_find_tag(ctx, p, tout, 0x2, &ks_len);
int exponent = 65537, key_size = 2048; int exponent = 65537, key_size = 2048;
uint8_t *cvcbin;
size_t cvclen;
if (ex) { if (ex) {
sc_asn1_decode_integer(ex, ex_len, &exponent, 0); sc_asn1_decode_integer(ex, ex_len, &exponent, 0);
} }
@@ -506,17 +531,20 @@ static int cmd_keypair_gen() {
cvc.primeOrModuluslen = key_size/8; cvc.primeOrModuluslen = key_size/8;
cvc.primeOrModulus = (uint8_t *)malloc(cvc.primeOrModuluslen); cvc.primeOrModulus = (uint8_t *)malloc(cvc.primeOrModuluslen);
mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, key_size/8); mbedtls_mpi_write_binary(&rsa.N, cvc.primeOrModulus, key_size/8);
int r = sc_pkcs15emu_sc_hsm_encode_cvc(&p15card, &cvc, &cvcbin, &cvclen);
cvc.signatureLen = key_size/8; cvc.signatureLen = key_size/8;
cvc.signature = (uint8_t *)malloc(key_size/8); cvc.signature = (uint8_t *)malloc(key_size/8);
ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, NULL, NULL, MBEDTLS_MD_NONE, offsetof(sc_cvc_t, signature), (uint8_t *)&cvc, cvc.signature); uint8_t hsh[32];
hash(cvcbin, cvclen, hsh);
ret = mbedtls_rsa_rsassa_pkcs1_v15_sign(&rsa, random_gen, &index, MBEDTLS_MD_SHA256, 32, hsh, cvc.signature);
printf("ret %d\r\n"); printf("ret %d\r\n");
u8 *cvcbin; free(cvcbin);
size_t cvclen;
struct sc_pkcs15_card p15card; r = sc_pkcs15emu_sc_hsm_encode_cvc(&p15card, &cvc, &cvcbin, &cvclen);
p15card.card = (sc_card_t *)malloc(sizeof(sc_card_t));
p15card.card->ctx = ctx;
int r = sc_pkcs15emu_sc_hsm_encode_cvc(&p15card, &cvc, &cvcbin, &cvclen);
printf("r %d\r\n",r); printf("r %d\r\n",r);
r = store_key_rsa(&rsa, key_size, key_id);
printf("r %d\r\n");
sc_pkcs15emu_sc_hsm_free_cvc(&cvc); sc_pkcs15emu_sc_hsm_free_cvc(&cvc);
mbedtls_rsa_free(&rsa); mbedtls_rsa_free(&rsa);
free(p15card.card); free(p15card.card);
@@ -524,6 +552,8 @@ static int cmd_keypair_gen() {
res_APDU_size = cvclen; res_APDU_size = cvclen;
apdu.expected_res_size = cvclen; apdu.expected_res_size = cvclen;
free(cvcbin); free(cvcbin);
} }
else if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x2\x3",MIN(oid_len,10)) == 0) { //ECC else if (memcmp(oid, "\x4\x0\x7F\x0\x7\x2\x2\x2\x2\x3",MIN(oid_len,10)) == 0) { //ECC
size_t prime_len; size_t prime_len;
@@ -547,7 +577,7 @@ static int cmd_keypair_gen() {
} }
} }
sc_release_context(ctx); //sc_release_context(ctx);
return SW_OK(); return SW_OK();
} }

1
sc_hsm.h
View File

@@ -45,6 +45,7 @@ extern int pin_reset_retries(const file_t *pin);
extern int pin_wrong_retry(const file_t *pin); extern int pin_wrong_retry(const file_t *pin);
extern void hash(const uint8_t *input, size_t len, uint8_t output[32]); extern void hash(const uint8_t *input, size_t len, uint8_t output[32]);
extern void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]);
extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]); extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]);
extern uint8_t session_pin[32], session_sopin[32]; extern uint8_t session_pin[32], session_sopin[32];