pico-hsm

Author	SHA1	Message	Date
Pol Henarejos	855b51730b	Fix symmetric AES encryption/decryption. It works! Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:55:48 +01:00
Pol Henarejos	e36c80761e	Fix login session persistence. It is handled when the card reader disconnects, instead of when applet is selected (only the first time). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:50:34 +01:00
Pol Henarejos	bf2624cd88	AES keys are DKEK encrypted in flash. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:40:30 +01:00
Pol Henarejos	8c1977783e	Fix AES initialization context. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:30:39 +01:00
Pol Henarejos	7306a9765e	Fix AES key generation for other 128 and 192 bits. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:29:39 +01:00
Pol Henarejos	5e377cccaf	Added AES encryption/decryption. However, I could not find any interface (neither opensc nor sc-hsm-embedded). Needs further testing. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:28:29 +01:00
Pol Henarejos	37957dd8fd	Adding asymmetric decryption. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 00:09:01 +01:00
Pol Henarejos	ba3fa745a1	Moving load private key methods. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-05 00:31:55 +01:00
Pol Henarejos	982ca07096	Keys are decrypted when are used for signature. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-05 00:09:36 +01:00
Pol Henarejos	6cd575ea51	Added key unwrap support. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:30:56 +01:00
Pol Henarejos	a29b01cdd8	Adding key wrap support. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:23:15 +01:00
Pol Henarejos	64cf9097e3	Fix saving imported DKEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:10:58 +01:00
Pol Henarejos	f022c3235d	Fix when initialize with 0 dkek shares. DKEK is automatically generated and saved. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:10:15 +01:00
Pol Henarejos	010c8018ea	DKEK is reencrypted with the new pin if changed. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:08:15 +01:00
Pol Henarejos	78bad89415	Private and secret keys are now stored encrypted with DKEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:00:59 +01:00
Pol Henarejos	59833d08eb	Adding support for generating more than 32 bytes at a time. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 10:46:10 +01:00
Pol Henarejos	41f0b53dd5	Fix listing private keys and X509 certificates. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-03 17:56:22 +01:00
Pol Henarejos	70e153e11d	Fix RSA RAW signature. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-03 00:00:14 +01:00
Pol Henarejos	2f4fb3507b	Fix ECDSA signature computation. Now it works. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-01 23:37:53 +01:00
Pol Henarejos	9202c4db66	Added ECDSA signature. Added RSA cleanups. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-01 01:15:55 +01:00
Pol Henarejos	486c4eb449	Added RSA signature (not tested). Still missing ECDSA signature. Trying to figure out what is ECDSA RAW. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-01 00:55:01 +01:00
Pol Henarejos	ff06414247	Adding signature computation (unfinished) Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-28 09:43:09 +01:00
Pol Henarejos	44b3792166	Fix with reading dynamic files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-27 20:56:45 +01:00
Pol Henarejos	1918a5769c	Adding symmetric key generation (AES CBC) Fix file search and discovery. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-25 17:04:31 +01:00
Pol Henarejos	857aaf2679	Fix ACL when creating new file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 22:38:15 +01:00
Pol Henarejos	a94c74e508	Added PIN change. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 22:07:52 +01:00
Pol Henarejos	4cdb2f93e5	Fix reset pin. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 20:37:50 +01:00
Pol Henarejos	8657758cf2	Adding acl and pin checks. If pin is blocked, is always blocked despite correct login. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 20:00:37 +01:00
Pol Henarejos	fce1a30f56	Fix deleting key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 19:04:06 +01:00
Pol Henarejos	a4ef5e6d17	Adding delete file command. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 16:22:05 +01:00
Pol Henarejos	249de0c5d2	Calling variable token info data generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-23 22:17:58 +01:00
Pol Henarejos	b874575dab	Moving to static dynamic files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-23 17:35:53 +01:00
Pol Henarejos	16bd415fb9	Adding sanity checks. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 18:26:02 +01:00
Pol Henarejos	173d64dd0e	Finalizing EC key generation and storage. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 15:36:32 +01:00
Pol Henarejos	67698eca94	Fixed bug with size of cvc. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 14:27:13 +01:00
Pol Henarejos	f97555a8da	Adding ECC storing keygen. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 13:22:09 +01:00
Pol Henarejos	a28f217c57	Inner signature of CVC encodes the full certificate body. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 00:55:36 +01:00
Pol Henarejos	e1126b5951	In order to announce the public key, the response must be cvc request authenticated. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 00:37:02 +01:00
Pol Henarejos	2a770ee7c9	DKEKS are also initialized. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 16:24:32 +01:00
Pol Henarejos	0ef2ee40ac	Adding update_ef command. Flash is reset when initialize Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 16:06:09 +01:00
Pol Henarejos	4e3b43ec35	Adding storage of PRKD and CD. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 12:21:16 +01:00
Pol Henarejos	fe429bf5af	Adding signature to public file. Storing private key in disk. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 00:27:53 +01:00
Pol Henarejos	ecfeb63273	Storing private keys as only P and Q for RSA. They are converted on the fly upon a request. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-20 20:05:46 +01:00
Pol Henarejos	e620b891e1	Adding RSA response (unfinished). Adding ECC generation (no response yet). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-20 01:59:48 +01:00
Pol Henarejos	0ae8733d9b	Adding keypair generation. At this moment, only RSA works but without any security check. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-19 02:16:29 +01:00
Pol Henarejos	d6e7fc7cce	Adding PIN login. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-18 16:19:54 +01:00
Pol Henarejos	eaa0265f74	Adding import dkek shares. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-18 15:46:46 +01:00
Pol Henarejos	e59c0d08c4	Adding initialization. - PINs are never stored, neither in flash nor in RAM. - PINs are stored in flash in doubled salted way. - PINs are stored in RAM in single salted way. - SOPIN in RAM (single salted) is used to encrypt/decrypt DKEK. - PINs in RAM (single salted) are used to encrypt/decrypt private keys related with user/so pins. - DKEK is only used to export/import data. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-18 13:28:41 +01:00
Pol Henarejos	633f005efd	Adding INS_CHALLENGE for DKEK generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-17 19:50:12 +01:00
Pol Henarejos	c8325babb2	Fixed pin reset Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-14 00:29:04 +01:00

1 2

52 Commits