dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
348 Commits 2 Branches 32 Tags
b754fdb44934588f7182659aef2e3ad4cbd8e5bd
Commit Graph

122 Commits

Author SHA1 Message Date
Pol Henarejos
b754fdb449 Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:44:00 +02:00
Pol Henarejos
a926239613 Returning not initialized key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:24:54 +02:00
Pol Henarejos
c80b723112 Using dynamic dkek number and current shares, for each key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:18:35 +02:00
Pol Henarejos
a062b92dad Replacing low level data access to high level routines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:30:42 +02:00
Pol Henarejos
89d40b7c94 Extending DKEK and key storage to key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 00:29:19 +02:00
Pol Henarejos
7b5cb48dcc Added key domains for device initialization and dkek import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 20:06:06 +02:00
Pol Henarejos
7de0121db5 Introducing MANAGE KEY DOMAIN (INS 52) 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-23 14:26:36 +02:00
Pol Henarejos
cb338af8fb Return SW 6600 when button timeouts. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 22:30:07 +02:00
Pol Henarejos
fffe2fb451 Now press-to-confirm button has a timeout of 15 secs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-05 20:56:28 +02:00
Pol Henarejos
5f0b15b5e9 Fix returning wrong pin retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-22 19:21:41 +02:00
Pol Henarejos
86298f3421 Upgrading to version 2.0. 2022-04-19 19:24:10 +02:00
Pol Henarejos
302f287967 Moving EAC and crypto to core. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 19:16:29 +02:00
Pol Henarejos
522860f736 Splitting the core onto another repo, which can be reused by other smart applications. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-19 18:39:52 +02:00
Pol Henarejos
e2f424d4ab No more in the repo 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-14 01:06:50 +02:00
Pol Henarejos
69e869852e Rewritten keypair_gen response (more friendly). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 19:03:33 +02:00
Pol Henarejos
618966b742 Sanity check for keypair gen. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 18:49:13 +02:00
Pol Henarejos
b68920ff45 Added walker function for TLV parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 16:55:34 +02:00
Pol Henarejos
9dfe0ee7b3 Clear session pin on unload and new session. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:25:44 +02:00
Pol Henarejos
da6c578973 Fix tag_len computation for all TLV. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:14:06 +02:00
Pol Henarejos
49d9ec7cf9 Session pin is randomized. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-13 14:12:14 +02:00
Pol Henarejos
af07f1d549 Added INS for session pin generation (needs randomization). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 19:47:43 +02:00
Pol Henarejos
db5f5fd435 When working with SM, wrap() manipulates res_APDU. Thus, we cannot change the pointer of res_APDU anymore. Everything must be memcpy-ed. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:11:42 +02:00
Pol Henarejos
7232625bab Merge branch 'master' into eac 2022-04-11 15:09:33 +02:00
Pol Henarejos
1557a4a039 Fix when generating keypair, which could produce wrong flash save in particular cases of concurrency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 15:09:20 +02:00
Pol Henarejos
2f1f8e0c90 Fix parsing TLV in signatures. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:44:18 +02:00
Pol Henarejos
c4c2bf86ba Fix response APDU in secure channel. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:38:15 +02:00
Pol Henarejos
f26668b81d Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-11 01:16:20 +02:00
Pol Henarejos
964af6a064 Adding wrap() to encrypt and sign response APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:58:54 +02:00
Pol Henarejos
c3a93a46ba Adding unwrap(), to decrypt and verify secure APDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 20:23:36 +02:00
Pol Henarejos
57d593561a Moving all SM stuff to EAC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 19:00:52 +02:00
Pol Henarejos
c098d80524 Adding private key of termca. It is the worst thing I can do, but first I need to develop the secure channel, which uses the private key of device. Later, I will figure out how to generate the private key and certificate during initialization, but it will be difficult, as it needs to be signed by the CA. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-10 01:55:57 +02:00
Pol Henarejos
6c892af9f1 Adding authentication command. Not finished. Needs lot of work. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 23:44:45 +02:00
Pol Henarejos
b545a1618b Added Manage Security Environment command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:50:00 +02:00
Pol Henarejos
dec3d54ddd Adding more SW codes. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-09 20:29:13 +02:00
Pol Henarejos
ce4d0bf102 INS 54h is also occupied too... let's try with 64h. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:38:03 +02:00
Pol Henarejos
4e6bada892 Fix first AID load. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-08 00:29:15 +02:00
Pol Henarejos
98ad2e3d55 Fix returning card data when selected AID. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 23:32:56 +02:00
Pol Henarejos
4a57698173 Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:32:31 +02:00
Pol Henarejos
468051288c Upgrading to version 1.12. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
565ea12d88 Added dynamic option to enable/disable press to confirm. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
1c7ef50568 Added custom INS (named EXTRAS) to support different extra commands. At this moment: 
- 0xA: gets/sets the datetime.
- 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
878eae9787 Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
24b1d6807b Added support for reading binary data. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
6bc081a1e1 Added support to write arbitrary data EF. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
afb16fff65 Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
cf81a82645 Added a new custom APDU (88h) for setting and retrieving datetime. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-07 18:18:24 +02:00
Pol Henarejos
d27d8b0c5b Upgrading to version 1.10 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-04 09:57:19 +02:00
Pol Henarejos
a619527482 Adding P1=0x2 and P1=0x3 for reset retry counter. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:59:50 +02:00
Pol Henarejos
85ff92c4de Adding check for device options whether it can reset retry counter with PIN or without. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:40:16 +02:00
Pol Henarejos
b1121718db Adding capability to reset retry counter without new PIN 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-04-03 20:37:16 +02:00