dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
550 Commits 2 Branches 32 Tags
b9ec473aaaff1040299086f47159b59f25770f63
Commit Graph

550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pol Henarejos
b9ec473aaa Fix critical bug saving SO-PIN securely. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-10 00:27:46 +02:00
Pol Henarejos
b7eb0dff02 Upgrade to Version 3.0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-09 22:27:11 +02:00
Pol Henarejos
06f550cc04 Update usage.md 2022-10-09 22:26:45 +02:00
Pol Henarejos
1752b1aec7 Update usage.md 2022-10-09 22:25:35 +02:00
Pol Henarejos
67ea640a14 Fix endianness of patcher (again) 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-09 22:20:41 +02:00
Pol Henarejos
f593060007 Moving delete_file() outside. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-09 22:07:21 +02:00
Pol Henarejos
8504eed35c Adding fixes and moving to Mbedtls 3.2.1 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-09 22:07:10 +02:00
Pol Henarejos
8b29b137a8 Small fixes. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-09 22:04:30 +02:00
Pol Henarejos
08d3ca6d27 Update README.md 2022-10-09 19:57:52 +02:00
Pol Henarejos
e6767f4c0a Moving pointer. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-25 23:25:16 +02:00
Pol Henarejos
9e5d65706e Merge pull request #2 from rrottmann/master 
Building pico-hsm using Linux containers
 2022-09-25 18:42:37 +02:00
Reiner Rottmann
61d7b6da38 Added Dockerfile for building pico-hsm and updated README.md with instructions. 2022-09-23 20:36:05 +02:00
Pol Henarejos
6affe64ec5 Adding missing file to pico-hsm-sdk. 2022-08-31 14:19:32 +02:00
Pol Henarejos
ab75718927 Using pico_hsm_sdk library instead. 2022-08-31 14:10:04 +02:00
Pol Henarejos
9e1747e539 Upgrading pico-hsm-sdk version to v3.0 2022-08-31 14:09:02 +02:00
Pol Henarejos
a7396dc698 Fix the endianness of vid/pid patcher. 2022-08-31 14:08:29 +02:00
Pol Henarejos
67699bd24c Before initializing, we select the applet. 2022-08-30 17:55:56 +02:00
Pol Henarejos
62c72c48a5 Moving to new pico-hsm-sdk. 2022-08-30 17:55:42 +02:00
Pol Henarejos
3944c8437a Moving to pico-hsm-sdk 2022-08-30 17:54:38 +02:00
Pol Henarejos
b7d603342e Upgrading pico-ccid 2022-08-29 11:32:39 +02:00
Pol Henarejos
6e5db3c292 Upgrading pico-ccid to version 2.2 2022-08-29 11:31:47 +02:00
Pol Henarejos
4fb26559f4 Adding --so-pin flag for initialize command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 13:47:42 +02:00
Pol Henarejos
c366c1d1a3 Added datetime and options menu to manipulate the RTC and options (press-to-confirm button and optional counter for each key). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 13:38:09 +02:00
Pol Henarejos
e8cc6a169e Try to recover MKEK twice: with previous PIN/SO-PIN or after setting the new PIN/SO-PIN just in case some is the same as previous. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
7d7b6b88ba Trying to recover MKEK to preserver device private key. If not, all are generated again. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
138af5c113 Adding --pin parameter for initialization. 
If provided, it unlocks MKEK before initialization.
If not, it will generate a new MKEK and device certificate.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
b3bcad9ce6 Making MKEK persistent. 
It must be persistent as it encrypts device private key and therefore it must survive across reinitializations.
However, if no PIN is provided to unlock it, it will be lost, as with device private key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
cd6f898f8e Fix storing certs in DER format. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
9ef088971b Integrate all commands to a single script 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
e399b1c0b1 Renaming the tools and moving to tools/ folder. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-25 01:51:16 +02:00
Pol Henarejos
59bacaf5b4 Update scs3.md 
Updated patch.
 2022-08-24 14:11:14 +02:00
Pol Henarejos
d872a156c1 Update scs3.md 
Updated CA certs.
 2022-08-24 14:04:14 +02:00
Pol Henarejos
c5e4583762 Add a tool for attestation of a private key. 
It looks for a particular private key and generates a report with some useful information and validates the source of the private key, whether it is generated in this device or outside.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-23 14:54:38 +02:00
Pol Henarejos
38b9c06138 Reformat oids. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-23 14:52:44 +02:00
Pol Henarejos
df18a1e917 Added header. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-23 00:50:07 +02:00
Pol Henarejos
2bc40771ca Fix generating CVC REQ. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-23 00:50:06 +02:00
Pol Henarejos
5696c7a5da Update public_key_authentication.md 2022-08-22 14:24:53 +02:00
Pol Henarejos
c5f980fc98 Fix curve for ECDH key. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-22 01:13:08 +02:00
Pol Henarejos
aebb68724a Removing trailing spaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-19 01:44:27 +02:00
Pol Henarejos
1f2ccd8c1c Not used. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-19 01:40:13 +02:00
Pol Henarejos
874058d86a Pull last changes in pico-ccid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-19 00:03:09 +02:00
Pol Henarejos
8fccb80295 New burn-certs is called after compilation, not before. Not needed anymore. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:58:38 +02:00
Pol Henarejos
c9c60575c7 Removed 3DES as it is unsecure. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:55:21 +02:00
Pol Henarejos
7e6ed20b26 Not downloading nested submodules for tinyusb 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:53:49 +02:00
Pol Henarejos
52c7be4e16 Also clone nested submodules 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:38:50 +02:00
Pol Henarejos
36d250fc2b Github does not clone submodules. So, let's do it 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:33:52 +02:00
Pol Henarejos
84ba0e03de Fix missing TinyUSB submodule 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:31:17 +02:00
Pol Henarejos
7d27c4b546 Fix autobuild 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:28:29 +02:00
Pol Henarejos
80b2bab0f8 Granting root to apt 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:23:58 +02:00
Pol Henarejos
79372ced2f Just install the SDK in the workflow 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-08-18 23:21:42 +02:00