dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Compare commits

base: dearsky:v3.6
Branches Tags
dearsky:master dearsky:development
dearsky:nightly-development dearsky:nightly-master dearsky:v6.4 dearsky:v6.2 dearsky:v6.0-eddsa1 dearsky:v6.0 dearsky:v5.6 dearsky:v5.4-eddsa1 dearsky:v5.4 dearsky:v5.2 dearsky:v5.0-eddsa1 dearsky:v5.0 dearsky:v4.2-eddsa1 dearsky:v4.2 dearsky:v4.0-eddsa1 dearsky:v4.0 dearsky:v3.6-eddsa1 dearsky:v3.6 dearsky:v3.4 dearsky:v3.2 dearsky:v3.0 dearsky:v2.6 dearsky:v2.4 dearsky:v2.2 dearsky:v2.0 dearsky:v1.12 dearsky:v1.10 dearsky:v1.8 dearsky:v1.6 dearsky:v1.4 dearsky:v1.2 dearsky:v1.0
...
compare: dearsky:v3.6-eddsa1
Branches Tags
dearsky:development dearsky:master
dearsky:nightly-development dearsky:nightly-master dearsky:v6.4 dearsky:v6.2 dearsky:v6.0-eddsa1 dearsky:v6.0 dearsky:v5.6 dearsky:v5.4-eddsa1 dearsky:v5.4 dearsky:v5.2 dearsky:v5.0-eddsa1 dearsky:v5.0 dearsky:v4.2-eddsa1 dearsky:v4.2 dearsky:v4.0-eddsa1 dearsky:v4.0 dearsky:v3.6-eddsa1 dearsky:v3.6 dearsky:v3.4 dearsky:v3.2 dearsky:v3.0 dearsky:v2.6 dearsky:v2.4 dearsky:v2.2 dearsky:v2.0 dearsky:v1.12 dearsky:v1.10 dearsky:v1.8 dearsky:v1.6 dearsky:v1.4 dearsky:v1.2 dearsky:v1.0

22 Commits
v3.6 ... v3.6-eddsa

Author SHA1 Message Date
Pol Henarejos
fb5be153ed Fix merge. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:51:15 +01:00
Pol Henarejos
0ac71f2fff Removed old SDK 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:47:21 +01:00
Pol Henarejos
6ec5235cc3 Upgrade Pico Keys SDK and mbedtls 3.5 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:38:33 +01:00
Pol Henarejos
ff74d6306e mbedtls 3.5 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:27:02 +01:00
Pol Henarejos
ba562da00e Merge branch 'development' into development-eddsa 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 23:11:08 +01:00
Pol Henarejos
b94810d31d Added triggers to development-eddsa branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:17:06 +02:00
Pol Henarejos
2c4be41ecf Remove print. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:12:40 +02:00
Pol Henarejos
447d223de4 Fix mbedtls ed448 bugs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:12:34 +02:00
Pol Henarejos
4f9f7f14fe Add support for Edwards cvc. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:08:39 +02:00
Pol Henarejos
6699913eff Add edwards signature test. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:06:02 +02:00
Pol Henarejos
b0057bc3fe Add edwards key import test. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:05:52 +02:00
Pol Henarejos
e3a773d145 Add edwards key generation test. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:05:43 +02:00
Pol Henarejos
10a47f9177 Uniform ec key loading. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:05:34 +02:00
Pol Henarejos
9f49a144ac Add support for Edwards key import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:05:11 +02:00
Pol Henarejos
e67a7091ff Add support for Edwards key generation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-24 16:04:45 +02:00
Pol Henarejos
5e801fbae7 Merge branch 'development' into development-eddsa 2023-08-24 10:35:51 +02:00
Pol Henarejos
5bdba8e1e8 Move to ecp_keypair instead of ecdsa. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-22 17:20:56 +02:00
Pol Henarejos
5df4e62f81 Revert previous fix. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-22 17:20:11 +02:00
Pol Henarejos
faef2dc278 Added support for EdDSA signature. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-22 17:10:03 +02:00
Pol Henarejos
22d8793683 Add fix in EdDSA. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-22 15:29:26 +02:00
Pol Henarejos
32c8bc4a24 Enable EdDSA for curves Ed25519 and Ed448 in config file. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-16 15:05:46 +02:00
Pol Henarejos
b5174d64af Using SDK with EdDSA support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-14 02:45:16 +02:00
16 changed files with 134 additions and 63 deletions
Expand all files Collapse all files

4
.github/workflows/codeql.yml vendored
View File

@@ -13,10 +13,10 @@ name: "CodeQL"
on:
push:
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
schedule:
- cron: '23 5 * * 4'
workflow_dispatch:

4
.github/workflows/test.yml vendored
View File

@@ -13,10 +13,10 @@ name: "Emulation and test"
on:
push:
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master", "development" ]
branches: [ "master", "development", "development-eddsa" ]
schedule:
- cron: '23 5 * * 4'
workflow_dispatch:

2
pico-keys-sdk

Submodule pico-keys-sdk updated: f0687c1ef3...e5e2169a47

18
src/hsm/cmd_derive_asym.c
View File

@@ -53,13 +53,13 @@ int cmd_derive_asym() {
return SW_WRONG_LENGTH();
}
if (apdu.data[0] == ALGO_EC_DERIVE) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
int r;
r = load_private_key_ecdsa(&ctx, fkey);
r = load_private_key_ec(&ctx, fkey);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
@@ -70,7 +70,7 @@ int cmd_derive_asym() {
mbedtls_mpi_init(&nd);
r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1);
if (r != 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
mbedtls_mpi_free(&a);
mbedtls_mpi_free(&nd);
return SW_DATA_INVALID();
@@ -78,22 +78,22 @@ int cmd_derive_asym() {
r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a);
mbedtls_mpi_free(&a);
if (r != 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
mbedtls_mpi_free(&nd);
return SW_EXEC_ERROR();
}
r = mbedtls_mpi_copy(&ctx.d, &nd);
mbedtls_mpi_free(&nd);
if (r != 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
}
else {
return SW_WRONG_DATA();

12
src/hsm/cmd_general_authenticate.c
View File

@@ -43,11 +43,11 @@ int cmd_general_authenticate() {
if (!fkey) {
return SW_EXEC_ERROR();
}
mbedtls_ecdsa_context ectx;
mbedtls_ecdsa_init(&ectx);
r = load_private_key_ecdsa(&ectx, fkey);
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
r = load_private_key_ecdh(&ectx, fkey);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair_free(&ectx);
return SW_EXEC_ERROR();
}
mbedtls_ecdh_context ctx;
@@ -55,12 +55,12 @@ int cmd_general_authenticate() {
mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1;
r = mbedtls_ecdh_setup(&ctx, gid);
if (r != 0) {
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair_free(&ectx);
mbedtls_ecdh_free(&ctx);
return SW_DATA_INVALID();
}
r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d);
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair_free(&ectx);
if (r != 0) {
mbedtls_ecdh_free(&ctx);
return SW_DATA_INVALID();

10
src/hsm/cmd_key_unwrap.c
View File

@@ -58,22 +58,22 @@ int cmd_key_unwrap() {
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
do {
r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
int key_size = ctx.grp.nbits;
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r != CCID_OK) {
return SW_EXEC_ERROR();
}

10
src/hsm/cmd_key_wrap.c
View File

@@ -71,18 +71,18 @@ int cmd_key_wrap() {
mbedtls_rsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_ECC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
r = load_private_key_ecdsa(&ctx, ef);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
r = load_private_key_ec(&ctx, ef);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
uint8_t kdata[64]; //maximum AES key size

15
src/hsm/cmd_keypair_gen.c
View File

@@ -86,10 +86,23 @@ int cmd_keypair_gen() {
return SW_WRONG_DATA();
}
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime, prime_len);
printf("KEYPAIR ECC %d\r\n", ec_id);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
return SW_FUNC_NOT_SUPPORTED();
}
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) {
size_t g_len = 0;
uint8_t *g = NULL;
if (asn1_find_tag(p, tout, 0x83, &g_len, &g) != true) {
return SW_WRONG_DATA();
}
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g[0] != 9)) {
ec_id = MBEDTLS_ECP_DP_ED25519;
}
else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g_len != 56 || g[0] != 5)) {
ec_id = MBEDTLS_ECP_DP_ED448;
}
}
printf("KEYPAIR ECC %d\r\n", ec_id);
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
uint8_t index = 0;

23
src/hsm/cmd_signature.c
View File

@@ -20,6 +20,7 @@
#include "asn1.h"
#include "mbedtls/oid.h"
#include "random.h"
#include "mbedtls/eddsa.h"
extern mbedtls_ecp_keypair hd_context;
extern uint8_t hd_keytype;
@@ -233,8 +234,8 @@ int cmd_signature() {
mbedtls_rsa_free(&ctx);
}
else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
md = MBEDTLS_MD_SHA256;
if (p2 == ALGO_EC_RAW) {
if (apdu.nc == 32) {
@@ -268,9 +269,9 @@ int cmd_signature() {
else if (p2 == ALGO_EC_SHA512) {
md = MBEDTLS_MD_SHA512;
}
int r = load_private_key_ecdsa(&ctx, fkey);
int r = load_private_key_ec(&ctx, fkey);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
@@ -278,14 +279,20 @@ int cmd_signature() {
}
size_t olen = 0;
uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
&olen, random_gen, NULL) != 0) {
mbedtls_ecdsa_free(&ctx);
if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
}
else {
r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
&olen, random_gen, NULL);
}
if (r != 0) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
memcpy(res_APDU, buf, olen);
res_APDU_size = olen;
mbedtls_ecdsa_free(&ctx);
mbedtls_ecp_keypair_free(&ctx);
}
else if (p2 == ALGO_HD) {
size_t olen = 0;

40
src/hsm/cvc.c
View File

@@ -27,6 +27,7 @@
#include "oid.h"
#include "mbedtls/md.h"
#include "files.h"
#include "mbedtls/eddsa.h"
extern const uint8_t *dev_name;
extern size_t dev_name_len;
@@ -72,7 +73,7 @@ const uint8_t *pointA[] = {
"\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC",
};
size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, size_t buf_len) {
size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_t buf_len) {
uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN];
const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 };
const uint8_t oid_ri[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 };
@@ -89,7 +90,7 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, siz
size_t ctot_size = asn1_len_tag(0x87, c_size);
size_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
size_t tot_len = 0, tot_data_len = 0;
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
oid = oid_ri;
}
@@ -110,14 +111,14 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, siz
//oid
*p++ = 0x6; p += format_tlv_len(sizeof(oid_ecdsa), p); memcpy(p, oid, sizeof(oid_ecdsa));
p += sizeof(oid_ecdsa);
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
//p
*p++ = 0x81; p += format_tlv_len(p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
p += p_size;
//order
*p++ = 0x82; p += format_tlv_len(o_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.N, p, o_size);
p += o_size;
//G
//G
*p++ = 0x83; p += format_tlv_len(g_size, p); memcpy(p, G_buf, g_size); p += g_size;
//Y
*p++ = 0x84; p += format_tlv_len(y_size, p); memcpy(p, Y_buf, y_size); p += y_size;
@@ -297,11 +298,15 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_mpi r, s;
int ret = 0;
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
ret =
mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
if (ecdsa->grp.id == MBEDTLS_ECP_DP_ED25519 || ecdsa->grp.id == MBEDTLS_ECP_DP_ED448) {
ret = mbedtls_eddsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, body, body_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
}
else {
ret = mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
}
if (ret == 0) {
mbedtls_mpi_write_binary(&r, p, key_size / 2); p += key_size / 2;
mbedtls_mpi_write_binary(&s, p, key_size / 2); p += key_size / 2;
@@ -330,10 +335,10 @@ size_t asn1_cvc_aut(void *rsa_ecdsa,
if (!fkey) {
return 0;
}
mbedtls_ecdsa_context ectx;
mbedtls_ecdsa_init(&ectx);
if (load_private_key_ecdsa(&ectx, fkey) != CCID_OK) {
mbedtls_ecdsa_free(&ectx);
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
if (load_private_key_ec(&ectx, fkey) != CCID_OK) {
mbedtls_ecp_keypair_free(&ectx);
return 0;
}
int ret = 0, key_size = 2 * mbedtls_mpi_size(&ectx.d);
@@ -352,15 +357,20 @@ size_t asn1_cvc_aut(void *rsa_ecdsa,
p += asn1_cvc_cert(rsa_ecdsa, key_type, p, cvcert_size, ext, ext_len, false);
//outcar
*p++ = 0x42; p += format_tlv_len(outcar_len, p); memcpy(p, outcar, outcar_len); p += outcar_len;
uint8_t hsh[32];
memcpy(p, "\x5f\x37", 2); p += 2;
p += format_tlv_len(key_size, p);
hash256(body, cvcert_size + outcar_size, hsh);
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
mbedtls_ecdsa_free(&ectx);
if (ectx.grp.id == MBEDTLS_ECP_DP_ED25519 || ectx.grp.id == MBEDTLS_ECP_DP_ED448) {
ret = mbedtls_eddsa_sign(&ectx.grp, &r, &s, &ectx.d, body, cvcert_size + outcar_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
}
else {
uint8_t hsh[32];
hash256(body, cvcert_size + outcar_size, hsh);
ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
}
mbedtls_ecp_keypair_free(&ectx);
if (ret != 0) {
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);

16
src/hsm/kek.c
View File

@@ -696,7 +696,14 @@ int dkek_decode_key(uint8_t id,
len = get_uint16_t(kb, ofs); ofs += len + 2;
//G
len = get_uint16_t(kb, ofs); ofs += len + 2;
len = get_uint16_t(kb, ofs);
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) {
ec_id = MBEDTLS_ECP_DP_ED25519;
}
else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) {
ec_id = MBEDTLS_ECP_DP_ED448;
}
ofs += len + 2;
//d
len = get_uint16_t(kb, ofs); ofs += 2;
@@ -711,7 +718,12 @@ int dkek_decode_key(uint8_t id,
len = get_uint16_t(kb, ofs); ofs += 2;
r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
if (r != 0) {
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL);
}
else {
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
}
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;

16
src/hsm/sc_hsm.c
View File

@@ -627,7 +627,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
return CCID_OK;
}
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
if (wait_button_pressed() == true) { // timeout
return CCID_VERIFICATION_FAILED;
}
@@ -642,17 +642,25 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecdsa_free(ctx);
mbedtls_ecp_keypair_free(ctx);
return CCID_EXEC_ERROR;
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
}
else {
r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
}
if (r != 0) {
mbedtls_ecdsa_free(ctx);
mbedtls_ecp_keypair_free(ctx);
return CCID_EXEC_ERROR;
}
return CCID_OK;
}
int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
return load_private_key_ec(ctx, fkey);
}
#define INS_VERIFY 0x20
#define INS_MSE 0x22

3
src/hsm/sc_hsm.h
View File

@@ -118,7 +118,8 @@ extern int delete_file(file_t *ef);
extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len);
extern bool key_has_purpose(file_t *ef, uint8_t purpose);
extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);
extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey);
extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey);
extern bool wait_button_pressed();
extern int store_keys(void *key_ctx, int type, uint8_t key_id);
extern int find_and_store_meta_key(uint8_t key_id);

2
tests/pico-hsm/test_020_keypair_gen.py
View File

@@ -24,7 +24,7 @@ def test_gen_initialize(device):
device.initialize()
@pytest.mark.parametrize(
"curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448']
"curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448']
)
def test_gen_ecc(device, curve):
keyid = device.key_generation(KeyType.ECC, curve)

13
tests/pico-hsm/test_021_key_import.py
View File

@@ -21,7 +21,7 @@ import pytest
import hashlib
import os
from picohsm import DOPrefixes
from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448
from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448, ed25519, ed448
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
from const import DEFAULT_DKEK
@@ -70,6 +70,17 @@ def test_import_montgomery(device, curve):
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
@pytest.mark.parametrize(
"curve", [ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey]
)
def test_import_edwards(device, curve):
pkey = curve.generate()
keyid = device.import_key(pkey)
pubkey = device.public_key(keyid, param=curve)
assert(pubkey.public_bytes(Encoding.Raw, PublicFormat.Raw) == pkey.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
@pytest.mark.parametrize(
"size", [128, 192, 256]
)

9
tests/pico-hsm/test_030_signature.py
View File

@@ -55,3 +55,12 @@ def test_signature_rsa(device, modulus, scheme):
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.verify(pubkey, data, signature, scheme)
@pytest.mark.parametrize(
"curve", ['ed25519', 'ed448']
)
def test_signature_edwards(device, curve):
keyid = device.key_generation(KeyType.ECC, curve)
pubkey = device.public_key(keyid=keyid)
signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data)
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
device.verify(pubkey, data, signature)