dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
1,138 Commits 2 Branches 32 Tags
f1a8d8bc91ce9512f760ee3c558c8a2bba9f5bb6
Commit Graph

1138 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pol Henarejos
d90b296237 Added keygen command to generate AES, X25519 and X448 keys. 
It replaces x25519/x448 commands and cipher keygen subcommand.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 16:57:11 +01:00
Pol Henarejos
e98b26fee5 Flush stderr. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 15:34:33 +01:00
Pol Henarejos
2086a68c53 Key id not needed on keygen. 
It also returns the fresh new generated key id.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 15:34:21 +01:00
Pol Henarejos
74afa07512 Do not make a PRKD on key unwrap since it is already done when storing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 15:33:52 +01:00
Pol Henarejos
e96e1d0097 When a key is generated and stored, it creates its PRKD. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 15:33:27 +01:00
Pol Henarejos
4d47f0224e Fix emulation in apple. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 14:26:46 +01:00
Pol Henarejos
58692b2711 Fix PRKD cert on key unwrap. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-13 14:14:10 +01:00
Pol Henarejos
a5ab1cabc5 Add support for AES-ECB, AES-CBC with custom IV, AES-OFB, AES-CFB, AES-GCM, AES-CCM, AES-CTR and AES-XTS. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-11 21:19:31 +01:00
Pol Henarejos
1c7cdc8564 Added support for CMAC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-11 20:28:13 +01:00
Pol Henarejos
d74b3418bc Fix typo 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-11 20:13:38 +01:00
Pol Henarejos
fb5be153ed Fix merge. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
v3.6-eddsa1 		2023-11-06 23:51:15 +01:00
Pol Henarejos
0ac71f2fff Removed old SDK 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:47:21 +01:00
Pol Henarejos
6ec5235cc3 Upgrade Pico Keys SDK and mbedtls 3.5 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:38:33 +01:00
Pol Henarejos
ff74d6306e mbedtls 3.5 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:27:02 +01:00
Pol Henarejos
ba562da00e Merge branch 'development' into development-eddsa 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:11:08 +01:00
Pol Henarejos
98e9b72b42 Upgrade version to 3.6. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
v3.6 		2023-11-06 17:26:43 +01:00
Pol Henarejos
1b0d23cf24 Add two new boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 17:26:24 +01:00
Pol Henarejos
3ccff7881f Upgrade to Pico Keys SDK 5. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 17:25:04 +01:00
Pol Henarejos
a3bf2e9e14 If no key is found, generate a new one. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 17:10:19 +01:00
Pol Henarejos
88ff27f354 Fix mbedTLS 3.5 build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 17:01:27 +01:00
Pol Henarejos
ed2925cfb6 Use new Pico Keys SDK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 14:25:42 +01:00
Pol Henarejos
cc19f8f061 Use new pico-keys-sdk submodule. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 14:20:39 +01:00
Pol Henarejos
b6831a4650 Rename pico-hsm-sdk submodule to new name. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 14:20:19 +01:00
Pol Henarejos
652a0f0d21 Fix managing spaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-12 21:04:02 +02:00
Pol Henarejos
9dbf4b3172 Removing pkcs11-tool test for EC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-12 19:03:37 +02:00
Pol Henarejos
76522829ef User must log in after DKEK import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-12 17:42:49 +02:00
Pol Henarejos
6b1eeb4004 Fix DKEK import when no logged. 
DKEK shall accept import even if it is not logged in. However, to store the DKEK, the PIN is used for MKEK, which is not available if it is nog logged in. I added a queueing system to store a pending DKEK after login.

Therefore, to import a DKEK, the user must import it AND call VERIFY command if it is not already logged in.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-12 17:42:31 +02:00
Pol Henarejos
2693ab4926 Fix applet selection. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-12 17:40:56 +02:00
Pol Henarejos
5d21e39aa6 Fix deleting key domain. 
It only checks if contains keys and no other files.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-12 17:40:20 +02:00
Pol Henarejos
1bf0d6337b Added backup and restore tests (pkcs11 wrap/unwrap). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 21:12:06 +02:00
Pol Henarejos
1950b03d35 Add more pkcs11-tool tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 21:11:41 +02:00
Pol Henarejos
4be258f4c7 Fix applet loading. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 21:04:53 +02:00
Pol Henarejos
eddb1baf7b Use new applet selection format. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 21:03:17 +02:00
Pol Henarejos
11bb00e186 Default key domain is 0. 
It allows to wrap keys not associated to any key domain.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 21:03:09 +02:00
Pol Henarejos
aaed6bd7b6 New format for applet selection. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 21:02:18 +02:00
Pol Henarejos
2853b38b08 Add PKCS11 tool test 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 13:00:24 +02:00
Pol Henarejos
654cb1e4e0 Added AES pkcs11 tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 12:13:21 +02:00
Pol Henarejos
185d19504f Add plaintext debug. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-11 12:12:53 +02:00
Pol Henarejos
dbe0ef19de Fix store binary test script. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 22:17:22 +02:00
Pol Henarejos
c3b57b229f Add sc-hsm-pkcs11-test to test matrix. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 21:56:41 +02:00
Pol Henarejos
43c46e9112 Add sc-hsm-embedd pkcs11 driver and test. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 21:56:18 +02:00
Pol Henarejos
d5af9160c1 Build in docker with for CI flag. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 21:55:55 +02:00
Pol Henarejos
e27c8d4ff6 Added flag for compile for CI or production. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 21:55:31 +02:00
Pol Henarejos
2ecfff0ebb Add store binary data tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 21:15:51 +02:00
Pol Henarejos
3057aba041 Fix redundant line. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 21:15:23 +02:00
Pol Henarejos
011a594fe4 Also use artifacts@v3 on upload. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 19:18:04 +02:00
Pol Henarejos
448d61dd2d Use artifact@v3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 19:00:36 +02:00
Pol Henarejos
fa821c43c8 Prune images autom. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 19:00:23 +02:00
Pol Henarejos
9db3e78d32 Not necessary rmi 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 18:41:01 +02:00
Pol Henarejos
b74c4070d1 When build, it copies generated binaries to image, which will be used later by other jobs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-10-09 18:26:16 +02:00