pico-hsm

Author	SHA1	Message	Date
Pol Henarejos	e36c80761e	Fix login session persistence. It is handled when the card reader disconnects, instead of when applet is selected (only the first time). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:50:34 +01:00
Pol Henarejos	bf2624cd88	AES keys are DKEK encrypted in flash. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:40:30 +01:00
Pol Henarejos	8c1977783e	Fix AES initialization context. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:30:39 +01:00
Pol Henarejos	7306a9765e	Fix AES key generation for other 128 and 192 bits. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:29:39 +01:00
Pol Henarejos	5e377cccaf	Added AES encryption/decryption. However, I could not find any interface (neither opensc nor sc-hsm-embedded). Needs further testing. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 01:28:29 +01:00
Pol Henarejos	37957dd8fd	Adding asymmetric decryption. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-06 00:09:01 +01:00
Pol Henarejos	ba3fa745a1	Moving load private key methods. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-05 00:31:55 +01:00
Pol Henarejos	982ca07096	Keys are decrypted when are used for signature. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-05 00:09:36 +01:00
Pol Henarejos	6cd575ea51	Added key unwrap support. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:30:56 +01:00
Pol Henarejos	a29b01cdd8	Adding key wrap support. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:23:15 +01:00
Pol Henarejos	64cf9097e3	Fix saving imported DKEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:10:58 +01:00
Pol Henarejos	f022c3235d	Fix when initialize with 0 dkek shares. DKEK is automatically generated and saved. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:10:15 +01:00
Pol Henarejos	010c8018ea	DKEK is reencrypted with the new pin if changed. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:08:15 +01:00
Pol Henarejos	78bad89415	Private and secret keys are now stored encrypted with DKEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 23:00:59 +01:00
Pol Henarejos	59833d08eb	Adding support for generating more than 32 bytes at a time. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-04 10:46:10 +01:00
Pol Henarejos	41f0b53dd5	Fix listing private keys and X509 certificates. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-03 17:56:22 +01:00
Pol Henarejos	70e153e11d	Fix RSA RAW signature. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-03 00:00:14 +01:00
Pol Henarejos	2f4fb3507b	Fix ECDSA signature computation. Now it works. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-01 23:37:53 +01:00
Pol Henarejos	9202c4db66	Added ECDSA signature. Added RSA cleanups. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-01 01:15:55 +01:00
Pol Henarejos	486c4eb449	Added RSA signature (not tested). Still missing ECDSA signature. Trying to figure out what is ECDSA RAW. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-03-01 00:55:01 +01:00
Pol Henarejos	ff06414247	Adding signature computation (unfinished) Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-28 09:43:09 +01:00
Pol Henarejos	44b3792166	Fix with reading dynamic files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-27 20:56:45 +01:00
Pol Henarejos	1918a5769c	Adding symmetric key generation (AES CBC) Fix file search and discovery. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-25 17:04:31 +01:00
Pol Henarejos	857aaf2679	Fix ACL when creating new file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 22:38:15 +01:00
Pol Henarejos	a94c74e508	Added PIN change. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 22:07:52 +01:00
Pol Henarejos	4cdb2f93e5	Fix reset pin. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 20:37:50 +01:00
Pol Henarejos	8657758cf2	Adding acl and pin checks. If pin is blocked, is always blocked despite correct login. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 20:00:37 +01:00
Pol Henarejos	fce1a30f56	Fix deleting key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 19:04:06 +01:00
Pol Henarejos	a4ef5e6d17	Adding delete file command. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-24 16:22:05 +01:00
Pol Henarejos	249de0c5d2	Calling variable token info data generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-23 22:17:58 +01:00
Pol Henarejos	b874575dab	Moving to static dynamic files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-23 17:35:53 +01:00
Pol Henarejos	16bd415fb9	Adding sanity checks. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 18:26:02 +01:00
Pol Henarejos	173d64dd0e	Finalizing EC key generation and storage. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 15:36:32 +01:00
Pol Henarejos	67698eca94	Fixed bug with size of cvc. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 14:27:13 +01:00
Pol Henarejos	f97555a8da	Adding ECC storing keygen. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 13:22:09 +01:00
Pol Henarejos	a28f217c57	Inner signature of CVC encodes the full certificate body. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 00:55:36 +01:00
Pol Henarejos	e1126b5951	In order to announce the public key, the response must be cvc request authenticated. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-22 00:37:02 +01:00
Pol Henarejos	2a770ee7c9	DKEKS are also initialized. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 16:24:32 +01:00
Pol Henarejos	0ef2ee40ac	Adding update_ef command. Flash is reset when initialize Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 16:06:09 +01:00
Pol Henarejos	4e3b43ec35	Adding storage of PRKD and CD. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 12:21:16 +01:00
Pol Henarejos	fe429bf5af	Adding signature to public file. Storing private key in disk. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-21 00:27:53 +01:00
Pol Henarejos	ecfeb63273	Storing private keys as only P and Q for RSA. They are converted on the fly upon a request. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-20 20:05:46 +01:00
Pol Henarejos	e620b891e1	Adding RSA response (unfinished). Adding ECC generation (no response yet). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-20 01:59:48 +01:00
Pol Henarejos	0ae8733d9b	Adding keypair generation. At this moment, only RSA works but without any security check. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-19 02:16:29 +01:00
Pol Henarejos	d6e7fc7cce	Adding PIN login. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-18 16:19:54 +01:00
Pol Henarejos	eaa0265f74	Adding import dkek shares. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-18 15:46:46 +01:00
Pol Henarejos	e59c0d08c4	Adding initialization. - PINs are never stored, neither in flash nor in RAM. - PINs are stored in flash in doubled salted way. - PINs are stored in RAM in single salted way. - SOPIN in RAM (single salted) is used to encrypt/decrypt DKEK. - PINs in RAM (single salted) are used to encrypt/decrypt private keys related with user/so pins. - DKEK is only used to export/import data. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-18 13:28:41 +01:00
Pol Henarejos	633f005efd	Adding INS_CHALLENGE for DKEK generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-17 19:50:12 +01:00
Pol Henarejos	c8325babb2	Fixed pin reset Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-14 00:29:04 +01:00
Pol Henarejos	86cef892ff	Adding PIN reset counter. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-02-13 18:27:49 +01:00

1 2

51 Commits