dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
365 Commits 2 Branches 32 Tags
81730f37a9adf77234e3dbeb21eb50c8708aec5d
Commit Graph

365 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pol Henarejos
81730f37a9 Removing sc_pkcs1_strip_digest(). 
It is hard coded here (taken from OpenSC).
 2022-05-31 00:25:54 +02:00
Pol Henarejos
4b86e96660 Removing card_context from store_keys(). 
It does not generate PRKD, as it will be stored by the client.
 2022-05-31 00:14:30 +02:00
Pol Henarejos
271240f11c Fix initializing device. 2022-05-31 00:09:21 +02:00
Pol Henarejos
00e8596a0e Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
39ab429c88 Adding key domain to key generation, wrap, unwrap, export and import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:51 +02:00
Pol Henarejos
96175c9fd3 Adding usb descriptors 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:20 +02:00
Pol Henarejos
cee3e83077 Moving again to tinyUSB 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-29 01:53:01 +02:00
Pol Henarejos
4fa8d4ba64 Fix warnings 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 20:58:45 +02:00
Pol Henarejos
1ac4402f99 res_APDU SHALL NOT BE moved, only memcpied or memmoved. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:58:35 +02:00
Pol Henarejos
8554262aaf Migrating away from tinyUSB. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:36:33 +02:00
Pol Henarejos
d4d989e562 Moving from tinyUSB to low level custom solution. 2022-05-26 14:16:55 +02:00
Pol Henarejos
d2766b2225 Using printf instead of TU 2022-05-26 14:16:32 +02:00
Pol Henarejos
f124ee52ce Do not add FMD in FCI. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:31:46 +02:00
Pol Henarejos
2167d28514 Add meta files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 22:57:59 +02:00
Pol Henarejos
80792dc555 Private/secret keys can be selected. 
It returns FCP when a private/secret key is selected but it is not allowed to read them.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 13:06:00 +02:00
Pol Henarejos
080337f847 Added key domain setup 
It accepts different dkek shares for each key domain.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 11:08:29 +02:00
Pol Henarejos
5e20c830fd Return key domain not found only when they are prepared. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:48:22 +02:00
Pol Henarejos
b754fdb449 Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:44:00 +02:00
Pol Henarejos
a926239613 Returning not initialized key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:24:54 +02:00
Pol Henarejos
c80b723112 Using dynamic dkek number and current shares, for each key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:18:35 +02:00
Pol Henarejos
a062b92dad Replacing low level data access to high level routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:30:42 +02:00
Pol Henarejos
89d40b7c94 Extending DKEK and key storage to key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:29:19 +02:00
Pol Henarejos
7b5cb48dcc Added key domains for device initialization and dkek import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 20:06:06 +02:00
Pol Henarejos
7de0121db5 Introducing MANAGE KEY DOMAIN (INS 52) 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 14:26:36 +02:00
Pol Henarejos
cb338af8fb Return SW 6600 when button timeouts. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:30:07 +02:00
Pol Henarejos
89bb5d2815 Fix val returned on wait_button() 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:27:38 +02:00
Pol Henarejos
fffe2fb451 Now press-to-confirm button has a timeout of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:28 +02:00
Pol Henarejos
373a3ce491 Fix patch_vid version, which now uses ccid version. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:04 +02:00
Pol Henarejos
0a798b9f9a Upgrading pico-ccid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:10:35 +02:00
Pol Henarejos
5f0b15b5e9 Fix returning wrong pin retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-22 19:21:41 +02:00
Pol Henarejos
9a93c8afe0 Adding new features of 2.0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:41:44 +02:00
Pol Henarejos
fe990100d9 I am not sure why is being modified. 2022-04-19 19:41:09 +02:00
Pol Henarejos
df15a27ceb Removing mbedtls submodule 2022-04-19 19:38:42 +02:00
Pol Henarejos
5f4aafed37 Introducing version 2.0 with the following enhancements: 
- Added Secure Messaging.
- Added Session PIN.
- Added tool to burn CVCerts onto the firmware, like a PKI.
 2022-04-19 19:26:34 +02:00
Pol Henarejos
86298f3421 Upgrading to version 2.0. v2.0 2022-04-19 19:24:10 +02:00
Pol Henarejos
77971ac7e6 Using MBEDTLS from pico ccid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:19:16 +02:00
Pol Henarejos
302f287967 Moving EAC and crypto to core. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:16:29 +02:00
Pol Henarejos
b9c08d72c4 Update .gitmodules 
Updating module for pico-ccid
 2022-04-19 18:42:48 +02:00
Pol Henarejos
522860f736 Splitting the core onto another repo, which can be reused by other smart applications. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 18:39:52 +02:00
Pol Henarejos
b09fc75913 CVCert is burn only if it does not exist. This check is only executed for first configuration. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 18:31:39 +02:00
Pol Henarejos
1b010c8a68 Specifying POST method 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 17:11:51 +02:00
Pol Henarejos
e2f424d4ab No more in the repo 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 01:06:50 +02:00
Pol Henarejos
b9fb224d62 Adding a tool to burn device CVC. It generates a new keypair and sends the public key to Pico HSM CA, which signs the request. The certificate, CA and private key are burned onto the firmware. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 01:03:03 +02:00
Pol Henarejos
69e869852e Rewritten keypair_gen response (more friendly). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 19:03:33 +02:00
Pol Henarejos
618966b742 Sanity check for keypair gen. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 18:49:13 +02:00
Pol Henarejos
b68920ff45 Added walker function for TLV parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 16:55:34 +02:00
Pol Henarejos
9dfe0ee7b3 Clear session pin on unload and new session. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:25:44 +02:00
Pol Henarejos
da6c578973 Fix tag_len computation for all TLV. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:14:06 +02:00
Pol Henarejos
49d9ec7cf9 Session pin is randomized. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:12:14 +02:00
Pol Henarejos
af07f1d549 Added INS for session pin generation (needs randomization). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 19:47:43 +02:00