pico-hsm

Author	SHA1	Message	Date
Pol Henarejos	dc979194fa	Fix crash in mbedtls 3.6 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-06-23 01:00:14 +02:00
Pol Henarejos	c4a08aff0f	Upgrade to Mbedtls 3.6 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-06-21 21:29:32 +02:00
Pol Henarejos	7cb0bbf982	Merge branch 'development' into esp32 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-06-03 13:06:39 +02:00
Pol Henarejos	8e8192362c	Use macros for referring system fids. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-17 19:43:10 +02:00
Pol Henarejos	b034303193	Use new methods search_file() and file_put_data(). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-17 16:36:34 +02:00
Pol Henarejos	5d0dc210da	Use external unique ID. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-17 11:48:23 +02:00
Pol Henarejos	a674410826	Remove carriage return \r for better debug. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-17 11:46:34 +02:00
Pol Henarejos	842919a26b	Use external unique ID. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-15 23:45:30 +02:00
Pol Henarejos	d8c7fb0856	Remove carriage return \r for better debug. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-10 18:16:38 +02:00
Pol Henarejos	d6456b4dde	First attempt to add support to ESP32. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-04-08 19:41:39 +02:00
Pol Henarejos	c3b66773e8	Use new asn1 structs. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-03-13 18:11:28 +01:00
Pol Henarejos	d82affa880	Added support for building emulation in Windows. It has not been tested but it should not break any linux build. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-01-01 01:55:49 +01:00
Pol Henarejos	e96e1d0097	When a key is generated and stored, it creates its PRKD. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-11-13 15:33:27 +01:00
Pol Henarejos	ed2925cfb6	Use new Pico Keys SDK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-11-06 14:25:42 +01:00
Pol Henarejos	6b1eeb4004	Fix DKEK import when no logged. DKEK shall accept import even if it is not logged in. However, to store the DKEK, the PIN is used for MKEK, which is not available if it is nog logged in. I added a queueing system to store a pending DKEK after login. Therefore, to import a DKEK, the user must import it AND call VERIFY command if it is not already logged in. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-10-12 17:42:31 +02:00
Pol Henarejos	eddb1baf7b	Use new applet selection format. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-10-11 21:03:17 +02:00
Pol Henarejos	e27c8d4ff6	Added flag for compile for CI or production. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-10-09 21:55:31 +02:00
Pol Henarejos	1d3232df36	Fix loading and saving Montgomery keys. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-08-24 16:01:39 +02:00
Pol Henarejos	46d85c029e	Added first commit with BIP and SLIP support for cryptowallets. Needs more work. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-05-23 20:40:16 +02:00
Pol Henarejos	1c7bc18161	Added support for AES 512 bit key size. AES XTS uses two keys. Therefore, XTS with 2 AES 256 implies 64 bytes key length. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-19 20:22:40 +01:00
Pol Henarejos	132054c9b9	Public point is calculated everytime a private key is loaded. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-13 18:01:56 +01:00
Pol Henarejos	fb4ff9424e	Call reset puk store on init. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-07 11:14:42 +01:00
Pol Henarejos	3c160f69c0	Add DV cert to PUK store. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-06 00:40:31 +01:00
Pol Henarejos	fa60ed5049	Update code style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-03-04 14:05:51 +01:00
Pol Henarejos	cd6e280f4f	Switching to new style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-15 00:10:35 +01:00
Pol Henarejos	daaa5bf402	Harmonize coding style. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-02-14 23:13:46 +01:00
Pol Henarejos	fe7c0333ab	Some emulation fixes. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-01-12 20:06:11 +01:00
Pol Henarejos	9ff3254a4c	Update to latest HSM SDK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-12-22 22:50:54 +01:00
Pol Henarejos	eec4612a6f	Fix when secure message cannot be correctly processed. It is discarded. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-30 21:11:06 +01:00
Pol Henarejos	84f646dbad	Fix storing SO-PIN session when checking PIN with SO-PIN. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-10 00:37:33 +02:00
Pol Henarejos	f593060007	Moving delete_file() outside. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-10-09 22:07:21 +02:00
Pol Henarejos	62c72c48a5	Moving to new pico-hsm-sdk.	2022-08-30 17:55:42 +02:00
Pol Henarejos	aebb68724a	Removing trailing spaces. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-19 01:44:27 +02:00
Pol Henarejos	fec02ca733	Removing cvcerts.h dependency. A python script gets the public key of the device (EF_EE_DEV) and requests to our PKI for a CVC. Once got, it is updated to EF_TERMCA (0x2f02). termca_pk is now on EF_KEY_DEV and termca is on EF_TERMCA (concat with DICA). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	6a16d4d55c	Fix returning store_keys(); Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:17:06 +02:00
Pol Henarejos	349df56b09	Missing header. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 15:00:05 +02:00
Pol Henarejos	e6f082d512	Splitting cmd_xxx() functions in separate files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 14:59:27 +02:00
Pol Henarejos	87feed1222	Renaming KEK files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 13:47:43 +02:00
Pol Henarejos	55c8a66613	Fix wrap/unwrap keys with specific allowed algorithms. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 02:58:36 +02:00
Pol Henarejos	2e88422c86	Fix deleting KEK when a key is present in the key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:50:22 +02:00
Pol Henarejos	da841b82d4	Fix deleting KEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:48:05 +02:00
Pol Henarejos	9256a72c3e	Added XKEK derivation to save the KEK from XKEK key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:43:55 +02:00
Pol Henarejos	12e5a586d2	Adding support for XKEK CVC extension. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 22:18:21 +02:00
Pol Henarejos	0556a528f3	Fix DKEK key domain creation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 19:51:59 +02:00
Pol Henarejos	de789cef66	Fix Key Domain deletion. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 19:46:08 +02:00
Pol Henarejos	7208d01547	Adding XKEK Key Domain creation. It validates the membership and creates a XKEK Key Domain. XKEK Key Domains can only be created based on memberships for THAT device. A device can only create XKEK Key Domains with memberships issued for itself. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 19:36:10 +02:00
Pol Henarejos	46cb0a455d	Fix DKEK are only created when requested and not by default. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 14:01:19 +02:00
Pol Henarejos	300e19b612	Moving to mbedtls_platform_zeroize() for better zeroization. Also added more zeroization when a private/secret key is loaded in memory. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 01:52:37 +02:00
Pol Henarejos	2666573050	Fix dkek status report when device is initialized without dkek. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 01:00:27 +02:00
Pol Henarejos	7b27cb7a1c	MKEK is also stored with SO encryption. A copy of MKEK is also stored but encrypted with SO-PIN. Thus, we always ensure that we have an operative copy of MKEK, either with PIN and/or SO-PIN. If user resets PIN, the MKEK is loaded with SO-PIN and stored with the derived key from new PIN. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-12 00:41:04 +02:00

1 2 3 4 5

204 Commits