pico-hsm

Author	SHA1	Message	Date
Pol Henarejos	878eae9787	Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	24b1d6807b	Added support for reading binary data. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	6bc081a1e1	Added support to write arbitrary data EF. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	afb16fff65	Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	cf81a82645	Added a new custom APDU (88h) for setting and retrieving datetime. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-07 18:18:24 +02:00
Pol Henarejos	a619527482	Adding P1=0x2 and P1=0x3 for reset retry counter. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 20:59:50 +02:00
Pol Henarejos	85ff92c4de	Adding check for device options whether it can reset retry counter with PIN or without. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 20:40:16 +02:00
Pol Henarejos	b1121718db	Adding capability to reset retry counter without new PIN Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 20:37:16 +02:00
Pol Henarejos	2905dcc8c0	Adding custom command to set datetime. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-03 19:57:56 +02:00
Pol Henarejos	c9855f7214	Fix displaying device options. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:43:33 +02:00
Pol Henarejos	853b8f29a2	Fix returning kcv when pin is not provided. It always return 0x0 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:31:56 +02:00
Pol Henarejos	d5378ffa41	If has_session_pin is true, it returns sw_ok Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:31:22 +02:00
Pol Henarejos	0cc656c6c0	Adding transport PIN option. It does not allow to authenticate and returns sw code 0x6984 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 19:12:56 +02:00
Pol Henarejos	c9b32ab5d0	Fix return pin blocked sw code. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 18:59:54 +02:00
Pol Henarejos	f9ffd39661	Adding EF_DEVOPS to store the device options during the initialization. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 18:56:42 +02:00
Pol Henarejos	bfc12d6856	Renaming files Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 18:27:00 +02:00
Pol Henarejos	33a2222cd8	Revert "PIN remaining tries only returned when user is not logged in. If so, it returns always OK." This reverts commit `86e38419ac`.	2022-03-31 14:30:50 +02:00
Pol Henarejos	923e05a36c	Revert "Also for SOPIN." This reverts commit `ad66170379`.	2022-03-31 14:30:50 +02:00
Pol Henarejos	ad66170379	Also for SOPIN. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 13:18:56 +02:00
Pol Henarejos	86e38419ac	PIN remaining tries only returned when user is not logged in. If so, it returns always OK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 13:17:16 +02:00
Pol Henarejos	413c3e0208	Fix update ef when offset is required. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-31 01:08:39 +02:00
Pol Henarejos	4651a0e224	Adding AES wrapping/unwrapping Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-30 01:33:54 +02:00
Pol Henarejos	d018e3b9b9	Adding RSA and EC wrap/unwrap, compatible with SC HSM wrap format. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-30 00:59:37 +02:00
Pol Henarejos	0141e0ab4e	Adding ec curve find from prime. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 20:17:42 +02:00
Pol Henarejos	2e655d6341	Fixes with AES encryption Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 18:25:47 +02:00
Pol Henarejos	2f4cca19c4	Moving some dkek crypt stuff to dkek. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 13:45:28 +02:00
Pol Henarejos	7b0d5a6700	Fix loading aes key in decrypt function Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-29 09:35:06 +02:00
Pol Henarejos	6fe7d7991b	Len of CMAC is always 16. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 17:37:24 +02:00
Pol Henarejos	cd4ceb0a61	Fix returning current dkeks when the device is initialized without dkeks. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-28 01:37:19 +02:00
Pol Henarejos	450ec5dec1	Also list PRKD files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 20:47:11 +02:00
Pol Henarejos	c7abd1a067	Adding DKEK report Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 20:27:10 +02:00
Pol Henarejos	c6d87756ab	Adding SOPIN verification. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 19:00:21 +02:00
Pol Henarejos	0916489388	Initialization now returns free memory if no parameters are given. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 18:53:41 +02:00
Pol Henarejos	d01e06aa11	2F02 returns terminal's cvcert and DICA. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 18:15:06 +02:00
Pol Henarejos	464107b13f	Adding tag 85 for FCP when selecting applet Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-27 12:26:36 +02:00
Pol Henarejos	74127a038f	Changing label name. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-25 12:09:32 +01:00
Pol Henarejos	a01bd39f21	Adding license headers. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-25 12:08:48 +01:00
Pol Henarejos	c2a474df98	Fix an overflow in EC key derivation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-24 20:42:43 +01:00
Pol Henarejos	483dc5e953	- Fixed a random bug when generating EC keys. - Removed cvc_req. Now it is encapsulated from the previous existing cvc. - All tests passed (sc-hsm-pkcs11-test invasive) Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-24 00:34:29 +01:00
Pol Henarejos	f490f073b0	When updating an EF, if it does not exist, we create it. Added support for CA and CD certificates update. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-21 16:04:40 +01:00
Pol Henarejos	2eab8eba09	Added asymmetric key derivation. Only for EC. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-21 15:37:34 +01:00
Pol Henarejos	783c901567	Replaced EC load private key with read_key, which performs sanity checks. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-21 14:25:00 +01:00
Pol Henarejos	90d1fa0f9b	If modulusSize is used, the test will fail as it is an unexpected field. It does not seems necessary. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-21 11:37:05 +01:00
Pol Henarejos	96b791b3b9	- Fixed bug where PublicKD was saved in EE_CERTIFICATE_PREFIX. We save there the CSR instead in CVC format. - We put the CHR and CAR into the CSR if provided during the keypair generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-21 11:31:24 +01:00
Pol Henarejos	0a2740fbab	Added AES derive support based on HKDF. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-21 00:54:59 +01:00
Pol Henarejos	ae1e2ac111	Fix storing public key description when generating a new keypair. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-19 19:11:09 +01:00
Pol Henarejos	d87073f4cc	Auth status should not be removed when apple is reselected. Auth status is removed when the reader disconnects the card (unloads it). With this fix, it is possible to login first and send immediate low level APDU command that requires authentification (such as login+CMAC). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-17 23:37:02 +01:00
Pol Henarejos	36a8f78313	Added support for AES-CMAC. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-17 23:35:07 +01:00
Pol Henarejos	ab1490a50b	Added ECDH key derivation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-17 00:28:16 +01:00
Pol Henarejos	23f53a6095	Added some free on bad return. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-16 23:40:09 +01:00

1 2

59 Commits