pico-hsm

Author	SHA1	Message	Date
Pol Henarejos	468051288c	Upgrading to version 1.12. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	565ea12d88	Added dynamic option to enable/disable press to confirm. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	1c7ef50568	Added custom INS (named EXTRAS) to support different extra commands. At this moment: - 0xA: gets/sets the datetime. - 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	878eae9787	Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	24b1d6807b	Added support for reading binary data. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	6bc081a1e1	Added support to write arbitrary data EF. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	afb16fff65	Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	cf81a82645	Added a new custom APDU (88h) for setting and retrieving datetime. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	d27d8b0c5b	Upgrading to version 1.10 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-04 09:57:19 +02:00
Pol Henarejos	a619527482	Adding P1=0x2 and P1=0x3 for reset retry counter. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 20:59:50 +02:00
Pol Henarejos	85ff92c4de	Adding check for device options whether it can reset retry counter with PIN or without. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 20:40:16 +02:00
Pol Henarejos	b1121718db	Adding capability to reset retry counter without new PIN Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 20:37:16 +02:00
Pol Henarejos	2905dcc8c0	Adding custom command to set datetime. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 19:57:56 +02:00
Pol Henarejos	c9855f7214	Fix displaying device options. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:43:33 +02:00
Pol Henarejos	853b8f29a2	Fix returning kcv when pin is not provided. It always return 0x0 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:31:56 +02:00
Pol Henarejos	d5378ffa41	If has_session_pin is true, it returns sw_ok Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:31:22 +02:00
Pol Henarejos	4400eba974	Fix returning kcv Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:31:02 +02:00
Pol Henarejos	0cc656c6c0	Adding transport PIN option. It does not allow to authenticate and returns sw code 0x6984 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:12:56 +02:00
Pol Henarejos	c9b32ab5d0	Fix return pin blocked sw code. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 18:59:54 +02:00
Pol Henarejos	f9ffd39661	Adding EF_DEVOPS to store the device options during the initialization. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 18:56:42 +02:00
Pol Henarejos	bfc12d6856	Renaming files Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 18:27:00 +02:00
Pol Henarejos	33a2222cd8	Revert "PIN remaining tries only returned when user is not logged in. If so, it returns always OK." This reverts commit `86e38419ac`.	2022-03-31 14:30:50 +02:00
Pol Henarejos	923e05a36c	Revert "Also for SOPIN." This reverts commit `ad66170379`.	2022-03-31 14:30:50 +02:00
Pol Henarejos	ad66170379	Also for SOPIN. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 13:18:56 +02:00
Pol Henarejos	86e38419ac	PIN remaining tries only returned when user is not logged in. If so, it returns always OK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 13:17:16 +02:00
Pol Henarejos	7cf166d615	Upgrading to version 1.8 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 11:18:52 +02:00
Pol Henarejos	413c3e0208	Fix update ef when offset is required. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 01:08:39 +02:00
Pol Henarejos	7410498df1	Fix with RSA CRT import mode (keytype 6). In RSA CRT import, the N parameter shall not be imported. Otherwise, mbedtls will fail (it is deduced from N=PQ). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 00:24:50 +02:00
Pol Henarejos	7aee18110e	Fix kmac and kenc computation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-30 23:59:06 +02:00
Pol Henarejos	7aca7b323a	Fix loading kcv, kenc and kmac. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-30 23:21:23 +02:00
Pol Henarejos	4651a0e224	Adding AES wrapping/unwrapping Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-30 01:33:54 +02:00
Pol Henarejos	d018e3b9b9	Adding RSA and EC wrap/unwrap, compatible with SC HSM wrap format. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-30 00:59:37 +02:00
Pol Henarejos	1c272842a7	Adding dkek_decode_key for unwrapping. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 20:18:08 +02:00
Pol Henarejos	0141e0ab4e	Adding ec curve find from prime. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 20:17:42 +02:00
Pol Henarejos	e7d8695394	Added length checks. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 19:16:15 +02:00
Pol Henarejos	6876edea5a	Some fix in encode key Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 19:06:00 +02:00
Pol Henarejos	2e655d6341	Fixes with AES encryption Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 18:25:47 +02:00
Pol Henarejos	2f4cca19c4	Moving some dkek crypt stuff to dkek. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 13:45:28 +02:00
Pol Henarejos	5eb74d8ca3	Adding encode_key with dkek (for wrapping). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 13:45:07 +02:00
Pol Henarejos	7b0d5a6700	Fix loading aes key in decrypt function Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 09:35:06 +02:00
Pol Henarejos	427260663f	Replacing CFB to CBC AES proc Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 09:34:44 +02:00
Pol Henarejos	047a443536	Adding dkek procedures to wrap/unwrap. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 17:38:15 +02:00
Pol Henarejos	2535d0e537	Adding generic aes encryption/decryption. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 17:37:53 +02:00
Pol Henarejos	6fe7d7991b	Len of CMAC is always 16. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 17:37:24 +02:00
Pol Henarejos	d061958f90	Moving hash to other file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 16:02:28 +02:00
Pol Henarejos	69a406832d	Adding hsm initializing options Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 01:37:36 +02:00
Pol Henarejos	cd4ceb0a61	Fix returning current dkeks when the device is initialized without dkeks. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 01:37:19 +02:00
Pol Henarejos	450ec5dec1	Also list PRKD files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 20:47:11 +02:00
Pol Henarejos	c7abd1a067	Adding DKEK report Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 20:27:10 +02:00
Pol Henarejos	c6d87756ab	Adding SOPIN verification. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 19:00:21 +02:00

1 2

84 Commits