dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
423 Commits 2 Branches 32 Tags
32d0cdcea7fcc60afc839cdb815bf2e409876f6a
Commit Graph

138 Commits

Author SHA1 Message Date
Pol Henarejos
32d0cdcea7 Save cached challenge length. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 18:58:35 +02:00
Pol Henarejos
332fe8c884 Generated challenges are cached and dev_name (ESTERMXXXXX) based on terminal certificate. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 16:40:51 +02:00
Pol Henarejos
59f0cf7732 Fix CA certificates selection. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 16:33:53 +02:00
Pol Henarejos
b803505287 When a certificate is verified, the corresponding certificate description and the certificate are cached and saved. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 16:30:19 +02:00
Pol Henarejos
76a41dffa1 Store all verified certificates (INS MSE) into CA_PREFIX files. 
When a certificate is sent for verification, it is always cached and saved onto a CA_PREFIX.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 11:59:06 +02:00
Pol Henarejos
a17a4c0a3c Finished key public registration. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-10 11:09:25 +02:00
Pol Henarejos
5eb086935e Added INS_PSO. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-09 19:02:59 +02:00
Pol Henarejos
a4ffcebb0f Added variable puk_store. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-09 14:15:17 +02:00
Pol Henarejos
39f7b5284a Added OID definitions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-09 11:53:35 +02:00
Pol Henarejos
4f58cd255b Adding PUK store. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-08 20:01:37 +02:00
Pol Henarejos
0e59166c64 Added MSE for B6 CRT. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-08 17:35:30 +02:00
Pol Henarejos
d057729675 Fix returning the status of PIN1 when it is not initialized. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-07 19:58:21 +02:00
Pol Henarejos
b14a323ef8 Added INS PUK with status query. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-07 19:44:47 +02:00
Pol Henarejos
4bf5a80a7a Added key usage counter to decryption operations. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:13:18 +02:00
Pol Henarejos
40efcd71c3 Added device option KEY_COUNTER_ALL. 
When it is set, it enables the key usage counter for all keys when generated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:10:53 +02:00
Pol Henarejos
aca291da9e Key usage counter is added for every generated key. 
When a key is generated, a key usage counter is added. It starts from 2^32-1 and is decremented for every sign request. Once it reaches 0, it forbids more signatures for this key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:04:14 +02:00
Pol Henarejos
7f6bcdfb11 Addded fast crc32 checksum for DKEK storage. 
It is for checking the integrity of the DKEK and thus, the scret keys, as they are encrypted with DKEK.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 15:51:52 +02:00
Pol Henarejos
696110a5b0 Key domain deletion and kek deletion are only allowed when key domain is empty. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:36:32 +02:00
Pol Henarejos
73fb61070f Added kek deletion in a particular key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:30:08 +02:00
Pol Henarejos
23da8047bc Fix deleting key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:22:15 +02:00
Pol Henarejos
bf70a08c9f Added key domain deletion. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:16:40 +02:00
Pol Henarejos
ce410dae65 Fix when setup a key domain. 
Now the dkek is cleared before imports.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:01:21 +02:00
Pol Henarejos
94a42c4267 Fix changing PIN with multiple domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-02 20:09:43 +02:00
Pol Henarejos
f4cc1fed36 Fix meta parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-02 19:30:09 +02:00
Pol Henarejos
7c27be784b Fix parsing meta data on key generation. 2022-06-02 14:12:11 +02:00
Pol Henarejos
7d1b22c337 Added meta information for symmetric keys. 2022-06-02 12:12:12 +02:00
Pol Henarejos
7b79d7ffde Moving CVC procedures to a separate file. 2022-06-01 09:46:23 +02:00
Pol Henarejos
541d5b3c19 Fix CVC signature length. 
Since it is variable, it needs to be recomputed every time.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 20:38:30 +02:00
Pol Henarejos
d0098015fe Removing OpenSC dependency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 19:26:00 +02:00
Pol Henarejos
3660a35c2c Implementing own functions for cvc manipulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 18:51:43 +02:00
Pol Henarejos
9132dd16f0 Fix decoding asn1 integer. 
It caused overflow.
 2022-05-31 01:14:09 +02:00
Pol Henarejos
652551269e Using own asn1 int decoder. 2022-05-31 00:40:29 +02:00
Pol Henarejos
81730f37a9 Removing sc_pkcs1_strip_digest(). 
It is hard coded here (taken from OpenSC).
 2022-05-31 00:25:54 +02:00
Pol Henarejos
4b86e96660 Removing card_context from store_keys(). 
It does not generate PRKD, as it will be stored by the client.
 2022-05-31 00:14:30 +02:00
Pol Henarejos
271240f11c Fix initializing device. 2022-05-31 00:09:21 +02:00
Pol Henarejos
00e8596a0e Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
39ab429c88 Adding key domain to key generation, wrap, unwrap, export and import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:51 +02:00
Pol Henarejos
4fa8d4ba64 Fix warnings 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 20:58:45 +02:00
Pol Henarejos
1ac4402f99 res_APDU SHALL NOT BE moved, only memcpied or memmoved. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:58:35 +02:00
Pol Henarejos
8554262aaf Migrating away from tinyUSB. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:36:33 +02:00
Pol Henarejos
d2766b2225 Using printf instead of TU 2022-05-26 14:16:32 +02:00
Pol Henarejos
f124ee52ce Do not add FMD in FCI. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:31:46 +02:00
Pol Henarejos
2167d28514 Add meta files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 22:57:59 +02:00
Pol Henarejos
80792dc555 Private/secret keys can be selected. 
It returns FCP when a private/secret key is selected but it is not allowed to read them.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 13:06:00 +02:00
Pol Henarejos
080337f847 Added key domain setup 
It accepts different dkek shares for each key domain.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 11:08:29 +02:00
Pol Henarejos
5e20c830fd Return key domain not found only when they are prepared. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:48:22 +02:00
Pol Henarejos
b754fdb449 Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:44:00 +02:00
Pol Henarejos
a926239613 Returning not initialized key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:24:54 +02:00
Pol Henarejos
c80b723112 Using dynamic dkek number and current shares, for each key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:18:35 +02:00
Pol Henarejos
a062b92dad Replacing low level data access to high level routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:30:42 +02:00