dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
312 Commits 2 Branches 32 Tags
b61575bbc39c3bddb6a7a505513952a5d5c749bf
Commit Graph

104 Commits

Author SHA1 Message Date
Pol Henarejos
b61575bbc3 Adding some mutex to improve concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:08:10 +02:00
Pol Henarejos
3781777138 Adding some kind of permanent flash memory that does not wipe out when initializing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 11:37:41 +02:00
Pol Henarejos
2f1f8e0c90 Fix parsing TLV in signatures. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:44:18 +02:00
Pol Henarejos
c4c2bf86ba Fix response APDU in secure channel. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:38:15 +02:00
Pol Henarejos
f26668b81d Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:16:20 +02:00
Pol Henarejos
964af6a064 Adding wrap() to encrypt and sign response APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:58:54 +02:00
Pol Henarejos
c3a93a46ba Adding unwrap(), to decrypt and verify secure APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:23:36 +02:00
Pol Henarejos
57d593561a Moving all SM stuff to EAC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 19:00:52 +02:00
Pol Henarejos
c098d80524 Adding private key of termca. It is the worst thing I can do, but first I need to develop the secure channel, which uses the private key of device. Later, I will figure out how to generate the private key and certificate during initialization, but it will be difficult, as it needs to be signed by the CA. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 01:55:57 +02:00
Pol Henarejos
6c892af9f1 Adding authentication command. Not finished. Needs lot of work. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 23:44:45 +02:00
Pol Henarejos
b545a1618b Added Manage Security Environment command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:50:00 +02:00
Pol Henarejos
dec3d54ddd Adding more SW codes. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:29:13 +02:00
Pol Henarejos
ce4d0bf102 INS 54h is also occupied too... let's try with 64h. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:38:03 +02:00
Pol Henarejos
4e6bada892 Fix first AID load. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:29:15 +02:00
Pol Henarejos
98ad2e3d55 Fix returning card data when selected AID. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 23:32:56 +02:00
Pol Henarejos
4a57698173 Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:32:31 +02:00
Pol Henarejos
468051288c Upgrading to version 1.12. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
565ea12d88 Added dynamic option to enable/disable press to confirm. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
1c7ef50568 Added custom INS (named EXTRAS) to support different extra commands. At this moment: 
- 0xA: gets/sets the datetime.
- 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
878eae9787 Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
24b1d6807b Added support for reading binary data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
6bc081a1e1 Added support to write arbitrary data EF. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
afb16fff65 Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
cf81a82645 Added a new custom APDU (88h) for setting and retrieving datetime. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
dc820a60ae Fixed class with USB-ICC specs, for legacy reasons. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
d27d8b0c5b Upgrading to version 1.10 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-04 09:57:19 +02:00
Pol Henarejos
a619527482 Adding P1=0x2 and P1=0x3 for reset retry counter. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:59:50 +02:00
Pol Henarejos
85ff92c4de Adding check for device options whether it can reset retry counter with PIN or without. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:40:16 +02:00
Pol Henarejos
b1121718db Adding capability to reset retry counter without new PIN 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:37:16 +02:00
Pol Henarejos
2905dcc8c0 Adding custom command to set datetime. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 19:57:56 +02:00
Pol Henarejos
c9855f7214 Fix displaying device options. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:43:33 +02:00
Pol Henarejos
853b8f29a2 Fix returning kcv when pin is not provided. It always return 0x0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:31:56 +02:00
Pol Henarejos
d5378ffa41 If has_session_pin is true, it returns sw_ok 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:31:22 +02:00
Pol Henarejos
4400eba974 Fix returning kcv 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:31:02 +02:00
Pol Henarejos
0cc656c6c0 Adding transport PIN option. It does not allow to authenticate and returns sw code 0x6984 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 19:12:56 +02:00
Pol Henarejos
c9b32ab5d0 Fix return pin blocked sw code. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 18:59:54 +02:00
Pol Henarejos
f9ffd39661 Adding EF_DEVOPS to store the device options during the initialization. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 18:56:42 +02:00
Pol Henarejos
bfc12d6856 Renaming files 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 18:27:00 +02:00
Pol Henarejos
33a2222cd8 Revert "PIN remaining tries only returned when user is not logged in. If so, it returns always OK." 
This reverts commit 86e38419ac.
 2022-03-31 14:30:50 +02:00
Pol Henarejos
923e05a36c Revert "Also for SOPIN." 
This reverts commit ad66170379.
 2022-03-31 14:30:50 +02:00
Pol Henarejos
ad66170379 Also for SOPIN. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 13:18:56 +02:00
Pol Henarejos
86e38419ac PIN remaining tries only returned when user is not logged in. If so, it returns always OK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 13:17:16 +02:00
Pol Henarejos
7cf166d615 Upgrading to version 1.8 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 11:18:52 +02:00
Pol Henarejos
413c3e0208 Fix update ef when offset is required. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 01:08:39 +02:00
Pol Henarejos
7410498df1 Fix with RSA CRT import mode (keytype 6). 
In RSA CRT import, the N parameter shall not be imported. Otherwise, mbedtls will fail (it is deduced from N=PQ).

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-31 00:24:50 +02:00
Pol Henarejos
7aee18110e Fix kmac and kenc computation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 23:59:06 +02:00
Pol Henarejos
7aca7b323a Fix loading kcv, kenc and kmac. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 23:21:23 +02:00
Pol Henarejos
4651a0e224 Adding AES wrapping/unwrapping 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 01:33:54 +02:00
Pol Henarejos
d018e3b9b9 Adding RSA and EC wrap/unwrap, compatible with SC HSM wrap format. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-30 00:59:37 +02:00
Pol Henarejos
1c272842a7 Adding dkek_decode_key for unwrapping. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-03-29 20:18:08 +02:00