pico-hsm

Author	SHA1	Message	Date
Pol Henarejos	3dcb2e9d70	A PRKD is generated on every key import, regardless it might be replaced later. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-22 22:56:55 +01:00
Pol Henarejos	0f12ff1c48	Added support for PRKD for AES. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-22 22:07:34 +01:00
Pol Henarejos	2a5fe1cc6d	Added initialization with self-signed certificate. It will allow the initialization with OpenSC tool (sc-hsm-tool --initialize). However, it will not allow the use of card with SCS3, as it needs a PKI with trust chain. In this case, pico-hsm-tool.py shall be used for initialization. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-22 01:04:24 +01:00
Pol Henarejos	5e0f62265d	Fix key size of terminal cert. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-20 21:41:38 +01:00
Pol Henarejos	0990805fb6	More code style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-20 20:08:29 +01:00
Pol Henarejos	efba39adc5	Add SW_WRONG_DATA return on bad tag for Chachapoly. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-20 17:58:01 +01:00
Pol Henarejos	13755cb4d5	Fix buffer overflow when importing AES 512 key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-20 17:06:06 +01:00
Pol Henarejos	a69d06b2d9	Fixed chachapoly crypt algorithm. It missed setkey function. So, no key was used at any moment. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-19 20:24:32 +01:00
Pol Henarejos	1c7bc18161	Added support for AES 512 bit key size. AES XTS uses two keys. Therefore, XTS with 2 AES 256 implies 64 bytes key length. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-19 20:22:40 +01:00
Pol Henarejos	86ce01cac2	Added AES XTS via AES_EXT command. Note that it requires 32 bytes or 64 bytes key length. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-19 19:42:37 +01:00
Pol Henarejos	9cb60ba420	Added AES ECB (insecure), CBC (with custom IV), OFB, CFB and GCM (with 16-byte tag) via AES_EXT command. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-19 19:34:34 +01:00
Pol Henarejos	99f1620e7d	Fixes #22 . SC-HSM returns the result with a 0x04 prepended. This comes from OpenSC but it is not clear the exact reason. 0x04 is usually for encoding uncompressed EC points but in that case it does not seem to make sense. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-18 18:40:27 +01:00
Pol Henarejos	132054c9b9	Public point is calculated everytime a private key is loaded. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-13 18:01:56 +01:00
Pol Henarejos	2a3b9b7474	Fix wrapping points. Now it uses mbedtls_ecp_point_write_binary() for better control. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-13 18:01:20 +01:00
Pol Henarejos	4e73723747	Fix checking key domain set. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-10 15:59:52 +01:00
Pol Henarejos	11e5338736	Check if key domain is not already initialized when initializing. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-09 20:09:32 +01:00
Pol Henarejos	3660120b11	Before wrapping, check if DKEK is properly configured. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-09 20:09:03 +01:00
Pol Henarejos	bee6a7bb92	Return error if a non-initialized key domain is deleted. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-09 18:27:47 +01:00
Pol Henarejos	ed674b379c	Zeroize ecdh key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-08 11:15:02 +01:00
Pol Henarejos	6aa8d37d07	If a key does not belong to any key domain, it cannot be wrapped. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 23:45:37 +01:00
Pol Henarejos	963456051e	If public point is not found, it is computed automatically. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 23:45:10 +01:00
Pol Henarejos	d81b21695f	If no key domain is found, 0 is used by default. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 23:15:50 +01:00
Pol Henarejos	51e9e6722e	Reset puk status on failed authentication. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 23:14:55 +01:00
Pol Henarejos	ee73c6e781	Code style Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 17:28:23 +01:00
Pol Henarejos	2f63966c60	Fix checking status of PUK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 15:55:59 +01:00
Pol Henarejos	e624f9ff72	Fix checking if PKU is enabled. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 11:15:07 +01:00
Pol Henarejos	fb4ff9424e	Call reset puk store on init. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 11:14:42 +01:00
Pol Henarejos	63b245b858	Fix initialize with PUK store memory. Now it is cleared. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 11:14:13 +01:00
Pol Henarejos	3c160f69c0	Add DV cert to PUK store. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-06 00:40:31 +01:00
Pol Henarejos	d2d038f14d	Upgrade to version 3.4 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-04 14:35:33 +01:00
Pol Henarejos	fa60ed5049	Update code style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-04 14:05:51 +01:00
Pol Henarejos	20c01eb08d	Fix name of x963 function. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-17 23:54:06 +01:00
Pol Henarejos	420e55901c	Fix HMAC computation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-17 22:43:09 +01:00
Pol Henarejos	7b62ca5327	Upgrade to mbedtls v3.3.0	2023-02-16 23:33:13 +01:00
Pol Henarejos	9279773073	Removed printf Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-15 19:46:42 +01:00
Pol Henarejos	cd6e280f4f	Switching to new style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-15 00:10:35 +01:00
Pol Henarejos	daaa5bf402	Harmonize coding style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-14 23:13:46 +01:00
Pol Henarejos	43a49d2a14	Return reference not found when deleting a key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-14 18:51:30 +01:00
Pol Henarejos	3b9c2d159b	Fix returning existing key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-14 18:47:43 +01:00
Pol Henarejos	14c7852143	Fix returning shared secret. I do not know why a 0x04 was prepended. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-14 11:28:27 +01:00
Pol Henarejos	0685be5f1e	EE_CERTIFICATE is added when importing key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-13 23:53:41 +01:00
Pol Henarejos	af16be64a2	Adding checks on ec import. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-13 23:30:27 +01:00
Pol Henarejos	68071825c2	Fix EC public key computation when importing. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-13 23:24:04 +01:00
Pol Henarejos	fbabb81acd	Fix asymmetric decrypt for OAEP. It only supports SHA256. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-12 21:53:47 +01:00
Pol Henarejos	35c42bccb4	List PRKD if exist. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-30 01:25:25 +01:00
Pol Henarejos	8976dc1f79	Added support for RSA-PKCSv15-SHA224, SHA384 and SHA512. Also added support for RSA-PSS-SHA224, SHA384 and SHA512. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-17 00:41:46 +01:00
Pol Henarejos	9d47e62041	Fix signature for secp521r1. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-17 00:05:46 +01:00
Pol Henarejos	0daddfd477	Fix ECDSA-SHA384 and ECDSA-SHA512. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-17 00:05:31 +01:00
Pol Henarejos	89d617110f	Add asn1_build_prkd_rsa() Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-16 18:54:28 +01:00
Pol Henarejos	17941397e9	Fix exporting large ECC key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-16 18:54:20 +01:00

... 2 3 4 5 6 ...

496 Commits