dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Compare commits

base: dearsky:v4.2-eddsa1
Branches Tags
dearsky:master dearsky:development
dearsky:nightly-development dearsky:nightly-master dearsky:v6.4 dearsky:v6.2 dearsky:v6.0-eddsa1 dearsky:v6.0 dearsky:v5.6 dearsky:v5.4-eddsa1 dearsky:v5.4 dearsky:v5.2 dearsky:v5.0-eddsa1 dearsky:v5.0 dearsky:v4.2-eddsa1 dearsky:v4.2 dearsky:v4.0-eddsa1 dearsky:v4.0 dearsky:v3.6-eddsa1 dearsky:v3.6 dearsky:v3.4 dearsky:v3.2 dearsky:v3.0 dearsky:v2.6 dearsky:v2.4 dearsky:v2.2 dearsky:v2.0 dearsky:v1.12 dearsky:v1.10 dearsky:v1.8 dearsky:v1.6 dearsky:v1.4 dearsky:v1.2 dearsky:v1.0
...
compare: dearsky:v5.0-eddsa1
Branches Tags
dearsky:development dearsky:master
dearsky:nightly-development dearsky:nightly-master dearsky:v6.4 dearsky:v6.2 dearsky:v6.0-eddsa1 dearsky:v6.0 dearsky:v5.6 dearsky:v5.4-eddsa1 dearsky:v5.4 dearsky:v5.2 dearsky:v5.0-eddsa1 dearsky:v5.0 dearsky:v4.2-eddsa1 dearsky:v4.2 dearsky:v4.0-eddsa1 dearsky:v4.0 dearsky:v3.6-eddsa1 dearsky:v3.6 dearsky:v3.4 dearsky:v3.2 dearsky:v3.0 dearsky:v2.6 dearsky:v2.4 dearsky:v2.2 dearsky:v2.0 dearsky:v1.12 dearsky:v1.10 dearsky:v1.8 dearsky:v1.6 dearsky:v1.4 dearsky:v1.2 dearsky:v1.0

72 Commits
v4.2-eddsa ... v5.0-eddsa

Author SHA1 Message Date
Pol Henarejos
bb45c9b3a8 Merge branch 'master' into development-eddsa 2024-11-12 20:10:07 +01:00
Pol Henarejos
1ea0a91ba8 Fix initialization when initializing a RP2350 board for first time. 
Fixes #60.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-12 19:25:22 +01:00
Pol Henarejos
6f572954d5 If the board is RP2350 or ESP32, the requested certificate must be for secp256k1 key. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-12 19:24:10 +01:00
Pol Henarejos
99a9803328 Update README.md 
Fix headings
 2024-11-10 19:00:29 +01:00
Pol Henarejos
5535f3ec10 No esp32 in eddsa workflows. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 18:47:41 +01:00
Pol Henarejos
f992a04142 Fix eddsa signature. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 18:45:05 +01:00
Pol Henarejos
d858a1e1d5 Upgrade to v5.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 18:10:56 +01:00
Pol Henarejos
b7c6ca58d0 Upgrade to v5.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 15:47:40 +01:00
Pol Henarejos
2f3d70fcac Upgrade mbedtls v3.6.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 15:16:32 +01:00
Pol Henarejos
91c641033a Merge branch 'development' 2024-11-09 15:00:26 +01:00
Pol Henarejos
f3bf3cd8f4 Do not use pico patcher script anymore. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 14:58:42 +01:00
Pol Henarejos
e4736cc448 Upgrade Pico Keys SDK to v7.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 14:58:06 +01:00
Pol Henarejos
bfa8891c8d Update README. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 14:54:51 +01:00
Pol Henarejos
618fdb4c1a Do not request dev cert when performing tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 00:50:51 +01:00
Pol Henarejos
9457433844 Add compile flags for optimization build in ESP32. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 00:20:31 +01:00
Pol Henarejos
c239b4dd7c Fix secure otp build for non rp2350. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 19:46:00 +01:00
Pol Henarejos
96359ebe03 Add secure boot and secure lock commands via rescue. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 19:36:54 +01:00
Pol Henarejos
f301b2a1b1 Add --no-dev-cert to do not request a certificate and use a self-signed one. Do not use if attestation is needed. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 19:13:14 +01:00
Pol Henarejos
4ec1d4d891 Fix initialization and terminal certificate generation. 
Fixes #59.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 17:52:13 +01:00
Pol Henarejos
f1410bbf04 Only request and upload the device certificate if needed. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 17:45:48 +01:00
Pol Henarejos
9b9ea7cae5 Add product and mcu to info in rescue mode. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-07 20:00:41 +01:00
Pol Henarejos
f5b89aed69 Use DEV key from OTP if available when initializing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-07 00:16:22 +01:00
Pol Henarejos
f74a374c64 Fix version header. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-05 19:33:07 +01:00
Pol Henarejos
3c6684cdab Rename CCID_ codes to PICOKEY_ 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-05 19:29:00 +01:00
Pol Henarejos
20ef94c301 Upgrade Pico HSM Tool to v2.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:28:49 +01:00
Pol Henarejos
68360978d6 Use BOOTKEY instead of reading json. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:25:22 +01:00
Pol Henarejos
1933498a33 Add optional bootkey index param for secure_boot. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:24:17 +01:00
Pol Henarejos
0ce89ae968 Add support for lock chip on secure_boot. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:19:55 +01:00
Pol Henarejos
9fa3758dad Add support for OTP raw read/write. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:15:48 +01:00
Pol Henarejos
d1ee43baab Add secure_boot enable. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 02:37:16 +02:00
Pol Henarejos
2856ec6917 Align data in case it's not. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 02:14:51 +02:00
Pol Henarejos
ccec83dfb1 Fix otp write length check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 01:41:12 +02:00
Pol Henarejos
9de1b4ca5d Fix OTP data check size. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 01:24:49 +02:00
Pol Henarejos
cbd9a5d296 Add sanitize check. 
Only pages 0 and 1 are allowed for reading.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 01:24:36 +02:00
Pol Henarejos
eaf3d051e3 Fix sc-hsm test. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-15 23:16:02 +02:00
Pol Henarejos
8e3801e9a2 Revert "Update flash memory for tests." 
This reverts commit 5388c11182.
 2024-10-15 23:00:35 +02:00
Pol Henarejos
5388c11182 Update flash memory for tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-15 22:54:18 +02:00
Pol Henarejos
2b77519a3b Add OTP command to Pico HSM Tool. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-15 22:12:34 +02:00
Pol Henarejos
812a737ff5 Fix length. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:52:29 +02:00
Pol Henarejos
6163b870ed Fix haders. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:51:18 +02:00
Pol Henarejos
08d4dc58aa Add OTP extra command to read/write OTP without bootmode. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:25:59 +02:00
Pol Henarejos
0193e55f7b Use macros in extras. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:06:58 +02:00
Pol Henarejos
9dc3ea3232 Fix emulation alignment. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-01 14:38:56 +02:00
Pol Henarejos
48d92f53a0 Update Dockerfile with latest versions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-01 14:38:44 +02:00
Pol Henarejos
3b083f9bd7 Fix nightly build for master branch 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:27:22 +02:00
Pol Henarejos
9cd7bc7b3e Fix nightly build for master branch 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:26:59 +02:00
Pol Henarejos
4bea47faca Add nightly builds workflow 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:25:06 +02:00
Pol Henarejos
954eb1d890 Add nightly builds workflow 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:22:23 +02:00
Pol Henarejos
f7451f56ed Add support for led dimming and max. brightness. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:21:39 +02:00
Pol Henarejos
1a8c8440cf Add support for LED management 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:08:15 +02:00
Pol Henarejos
9f1e5d0abd Update pico_sdk_import 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-24 00:44:38 +02:00
Pol Henarejos
4b314470b4 Fix header in Linux. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-20 07:19:47 +02:00
Pol Henarejos
d0461f81f4 Upgrade codeaction to v3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-20 07:19:15 +02:00
Pol Henarejos
4454c633e4 Autobuild esp32 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-20 07:16:55 +02:00
Pol Henarejos
15664da61d Added ESP32 OTP support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-16 00:54:47 +02:00
Pol Henarejos
1a2bff33a8 Added ESP32 OTP support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-16 00:51:21 +02:00
Pol Henarejos
cf44794bb6 Fix build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-13 08:47:41 +02:00
Pol Henarejos
33a6a70457 Use sha256 hardware if available. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-13 00:27:16 +02:00
Pol Henarejos
c3ddfe9689 Use OTP 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-11 23:16:51 +02:00
Pol Henarejos
72eb5a2a69 Enable OTP to store a permanent secret key. 
It can be used by HSM or Fido to protect the keys and use it as MKEK.
 2024-09-11 23:16:23 +02:00
Pol Henarejos
95f3a464b1 Use internal TRNG of Pico. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-06 15:16:34 +02:00
Pol Henarejos
bb37a3ddb8 Fix artifacts version 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-05 15:21:51 +02:00
Pol Henarejos
6da49336c9 Use v4 for artifacts 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-05 09:16:20 +02:00
Pol Henarejos
fc69f5e1b1 Upgrade upload-artifact 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-05 07:46:25 +02:00
Pol Henarejos
3602577b6e Merge branch 'master' into development 2024-09-05 07:45:51 +02:00
Pol Henarejos
c6a72e4ffb Fix indent 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-05 07:44:17 +02:00
Pol Henarejos
c889cef488 Merge pull request #52 from polhenarejos/dependabot/github_actions/dot-github/workflows/actions/download-artifact-4.1.7 
Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows
 2024-09-04 01:34:34 +02:00
Pol Henarejos
d78e925d49 Parse and set binary version 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-04 01:30:38 +02:00
dependabot[bot]
bb8fcbcd3f Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4.1.7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-03 23:24:23 +00:00
Pol Henarejos
c433e131eb Use new led color module. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-03 18:08:03 +02:00
Pol Henarejos
11d52495d7 Upgrade to MbedTLS 3.6.1 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-03 12:12:40 +02:00
Pol Henarejos
f450279370 Add support for Edwards curves generation. 
Fixes #51

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-03 11:50:46 +02:00
37 changed files with 661 additions and 599 deletions
Expand all files Collapse all files

4
.github/workflows/codeql.yml vendored
View File

@@ -44,7 +44,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -71,4 +71,4 @@ jobs:
./workflows/autobuild.sh ${{ matrix.mode }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3

34
.github/workflows/nightly.yml vendored Normal file
View File

@@ -0,0 +1,34 @@
name: "Nightly deploy"
on:
schedule:
- cron: '0 2 * * *'
workflow_dispatch:
jobs:
nightly:
name: Deploy nightly
strategy:
fail-fast: false
matrix:
refs: [master, development]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ matrix.refs }}
submodules: 'recursive'
- name : Build
env:
PICO_SDK_PATH: ../pico-sdk
run: |
./workflows/autobuild.sh pico
./build_pico_hsm.sh
- name: Update nightly release
uses: pyTooling/Actions/releaser@main
with:
tag: nightly-${{ matrix.refs }}
rm: true
token: ${{ secrets.GITHUB_TOKEN }}
files: release/*.*

4
.github/workflows/test.yml vendored
View File

@@ -36,7 +36,7 @@ jobs:
mkdir -p artifacts
docker save pico-hsm-test:bullseye -o artifacts/docker-image.tar
- name: Temporarily save image
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: docker-artifact
path: artifacts
@@ -54,7 +54,7 @@ jobs:
with:
submodules: recursive
- name: Retrieve saved image
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: docker-artifact
path: artifacts

202
CMakeLists.txt
View File

@@ -1,131 +1,129 @@
#
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
cmake_minimum_required(VERSION 3.13)
if(ESP_PLATFORM)
set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
else()
if(ENABLE_EMULATION)
else()
include(pico_sdk_import.cmake)
endif()
if(NOT ENABLE_EMULATION)
include(pico_sdk_import.cmake)
endif()
project(pico_hsm C CXX ASM)
project(pico_hsm C CXX ASM)
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
if(NOT ENABLE_EMULATION)
pico_sdk_init()
endif()
if(NOT ENABLE_EMULATION)
pico_sdk_init()
endif()
if (NOT DEFINED __FOR_CI)
set(__FOR_CI 0)
endif()
if (__FOR_CI)
add_definitions(-D__FOR_CI)
endif()
if(NOT DEFINED __FOR_CI)
set(__FOR_CI 0)
endif()
if(__FOR_CI)
add_definitions(-D__FOR_CI)
endif()
add_executable(pico_hsm)
add_executable(pico_hsm)
endif()
set(SOURCES ${SOURCES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_list_keys.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_read_binary.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_verify.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_reset_retry.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_challenge.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_external_authenticate.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_mse.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_initialize.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_domain.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_wrap.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_keypair_gen.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_update_ef.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_delete_file.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_change_pin.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_gen.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_signature.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_unwrap.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_decrypt_asym.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_cipher_sym.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_derive_asym.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_extras.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_general_authenticate.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_session_pin.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_puk_auth.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_pso.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_bip_slip.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cvc.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/files.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
)
${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_list_keys.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_read_binary.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_verify.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_reset_retry.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_challenge.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_external_authenticate.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_mse.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_initialize.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_domain.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_wrap.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_keypair_gen.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_update_ef.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_delete_file.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_change_pin.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_gen.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_signature.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_unwrap.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_decrypt_asym.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_cipher_sym.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_derive_asym.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_extras.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_general_authenticate.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_session_pin.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_puk_auth.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_pso.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_bip_slip.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cvc.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/files.c
${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
)
set(USB_ITF_CCID 1)
set(USB_ITF_WCID 1)
include(pico-keys-sdk/pico_keys_sdk_import.cmake)
SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h")
if(ESP_PLATFORM)
project(pico_hsm)
endif()
set(INCLUDES ${INCLUDES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm
)
if(NOT ESP_PLATFORM)
target_sources(pico_hsm PUBLIC ${SOURCES})
target_include_directories(pico_hsm PUBLIC ${INCLUDES})
target_compile_options(pico_hsm PUBLIC
-Wall
${CMAKE_CURRENT_LIST_DIR}/src/hsm
)
if (NOT MSVC)
if(NOT ESP_PLATFORM)
target_sources(pico_hsm PUBLIC ${SOURCES})
target_include_directories(pico_hsm PUBLIC ${INCLUDES})
target_compile_options(pico_hsm PUBLIC
-Werror
-Wall
)
endif()
if(ENABLE_EMULATION)
if (NOT MSVC)
target_compile_options(pico_hsm PUBLIC
-fdata-sections
-ffunction-sections
)
endif()
if(APPLE)
target_link_options(pico_hsm PUBLIC
-Wl,-dead_strip
)
elseif(MSVC)
if(NOT MSVC)
target_compile_options(pico_hsm PUBLIC
-WX
-Werror
)
endif()
target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
else()
target_link_options(pico_hsm PUBLIC
-Wl,--gc-sections
if(ENABLE_EMULATION)
if(NOT MSVC)
target_compile_options(pico_hsm PUBLIC
-fdata-sections
-ffunction-sections
)
endif()
if(APPLE)
target_link_options(pico_hsm PUBLIC
-Wl,-dead_strip
)
elseif(MSVC)
target_compile_options(pico_hsm PUBLIC
-WX
)
endif (APPLE)
target_link_libraries(pico_hsm PRIVATE pthread m)
else()
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id pico_aon_timer tinyusb_device tinyusb_board)
endif()
target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
else()
target_link_options(pico_hsm PUBLIC
-Wl,--gc-sections
)
endif(APPLE)
target_link_libraries(pico_hsm PRIVATE pthread m)
endif()
endif()

8
Dockerfile
View File

@@ -18,7 +18,7 @@ WORKDIR /home/builduser
VOLUME /home/builduser/release
ARG VERSION_PICO_SDK 1.4.0
ARG VERSION_PICO_SDK 2.0.0
RUN mkdir -p /home/builduser/Devel/pico
RUN cd /home/builduser/Devel/pico \
@@ -29,8 +29,8 @@ RUN cd /home/builduser/Devel/pico \
RUN pip install cryptography
ARG VERSION_MAJOR 2
ARG VERSION_MINOR 6
ARG VERSION_MAJOR 4
ARG VERSION_MINOR 2
RUN cd /home/builduser \
&& git clone https://github.com/polhenarejos/pico-hsm.git \
@@ -46,7 +46,7 @@ ENV PICO_SDK_PATH /home/builduser/Devel/pico/pico-sdk
ARG USB_VID 0xfeff
ARG USB_PID 0xfcfd
ARG PICO_BOARD waveshare_rp2040_zero
ARG PICO_BOARD waveshare_rp2040_zero
RUN cd /home/builduser/pico-hsm \
&& cd build_release \

62
README.md
View File

@@ -138,6 +138,21 @@ Uses an MKEK to securely store all keys, encrypted with an ephemeral key derived
### > Hierarchical Deterministic Key Generation
Supports BIP32 for asymmetric key derivation and SLIP10 for symmetric key derivation, enabling crypto wallet deployment with infinite key generation. Supports NIST 256 and Koblitz 256 curves for master key generation.[^4]
### > One Time Programming (OTP) Storage
The OTP securely stores the MKEK (Master Key Encryption Key) and Device Key permanently, making it inaccessible from external interfaces. This ensures that the key is protected against unauthorized access and tampering.
### > Secure Boot
Secure Boot ensures only authenticated firmware can run on the device, verifying each firmwares digital signature to block unauthorized code.
### > Secure Lock
Secure Lock restricts the device to the manufacturers firmware only, locking out debug access and preventing any further boot key installations.
### > Rescue Interface
A built-in rescue interface allows recovery of the device if it becomes unresponsive or undetectable. This feature provides a way to restore the device to operational status without compromising security.
### > LED Customization
The LED can be customized to reflect device status and user preferences, offering flexible color and brightness options for an enhanced user experience.
[^1]: PKCS11 modules (`pkcs11-tool` and `sc-tool`) do not support CMAC and key derivation. It must be processed through raw APDU command (`opensc-tool -s`).
[^2]: Available via SCS3 tool. See [SCS3](/doc/scs3.md "SCS3") for more information.
[^3]: Imports are available only if the Pico HSM is previously initialized with a DKEK and DKEK shares are available during the import process.
@@ -147,33 +162,45 @@ Supports BIP32 for asymmetric key derivation and SLIP10 for symmetric key deriva
Pico HSM also supports ESP32-S3 boards, which add secure storage, flash encryption and secure boot.
### > Dynamic VID/PID
Supports setting VID & PID on-the-fly. Use `pico-hsm-tool.py` for specify VID/PID values and reboot the device.
Supports setting VID & PID on-the-fly. Use `pico-hsm-tool.py` or [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") for specify VID/PID values and reboot the device.
### > Rescue Pico HSM Tool
Pico HSM Tool implements a new CCID stack to rescue the Pico HSM in case it has wrong VID/PID values and it is not recognized by the OS.
### > Rescue Pico HSM Tool and Commissioner
Pico HSM Tool implements a new CCID stack to rescue the Pico HSM in case it has wrong VID/PID values and it is not recognized by the OS. It can be accessed through `pico-hsm-tool.py` or [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
## Security considerations
All secret keys (both asymmetric and symmetric) are encrypted and stored in the flash memory of the Raspberry Pico. The DKEK, a 256-bit AES key, is used to protect these private and secret keys. Keys are only held in RAM during signature and decryption operations, and are loaded and cleared each time to avoid potential security vulnerabilities.
All secret keys (both asymmetric and symmetric) are encrypted and stored in the flash memory. The MKEK, a 256-bit AES key, is used to protect these private and secret keys. Keys are held in RAM only during signature and decryption operations, and are loaded and cleared each time to avoid potential security vulnerabilities.
The DKEK itself is encrypted using a doubly salted and hashed PIN, and the PIN is hashed in memory during sessions. This ensures that the PIN is never stored in plain text, either in flash memory or in RAM. However, if no secure channel is used, the PIN is transmitted in plain text from the host to the HSM.
The MKEK itself is encrypted using a doubly salted and hashed PIN, and the PIN is hashed in memory during sessions. This ensures that the PIN is never stored in plaintext, neither in flash memory nor in RAM. However, if no secure channel is used, the PIN may be transmitted in plaintext from the host to the HSM.
DKEKs are used during the export and import of private/secret keys and are part of a Key Domain. A Key Domain is a set of secret/private keys that share the same DKEK. These are also shared by the custodians and are not specific to Pico HSM. Therefore, if a key does not belong to a Key Domain (and thus lacks a DKEK), it cannot be exported.
In the event that the Pico is stolen, the private and secret key contents cannot be accessed without the PIN, even if the flash memory is dumped.
### RP2350 and ESP32-S3
RP2350 and ESP32-S3 microcontrollers are equipped with advanced security features, including Secure Boot and Secure Lock, ensuring that firmware integrity and authenticity are tightly controlled. Both devices support the storage of the Master Key Encryption Key (MKEK) in an OTP (One-Time Programmable) memory region, making it permanently inaccessible for external access or tampering. This secure, non-volatile region guarantees that critical security keys are embedded into the hardware, preventing unauthorized access and supporting robust defenses against code injection or firmware modification. Together, Secure Boot and Secure Lock enforce firmware authentication, while the MKEK in OTP memory solidifies the foundation for secure operations.
### Secure Boot
Secure Boot is a security feature that ensures that only trusted firmware, verified through digital signatures, can be loaded onto the device during the boot process. Once enabled, Secure Boot checks every piece of firmware against a cryptographic signature before execution, rejecting any unauthorized or modified code. This prevents malicious firmware from compromising the devices operation and integrity. With Secure Boot activated, only firmware versions signed by a trusted authority, such as the device manufacturer, will be accepted, ensuring the device remains protected from unauthorized software modifications. **This is irreversible. Once enabled, it CANNOT be disabled.**
**IMPORTANT:** For users wishing to develop and compile custom firmware, a private-public key pair is essential. Activating Secure Boot requires users to generate and manage their own unique private-public key pair. The public key from this pair must be embedded into the device to validate all firmware. Firmware will not boot without a proper digital signature from this key pair. This means that users must sign all future firmware versions with their private key and embed the public key in the device to ensure compatibility.
### Secure Lock
Secure Lock builds on Secure Boot by imposing an even stricter security model. Once activated, Secure Lock prevents any further installation of new boot keys, effectively locking the device to only run firmware that is authorized by the device's primary vendor—in this case, Pico Keys. In addition to preventing additional keys, Secure Lock disables debugging interfaces and puts additional safeguards in place to resist tampering and intrusion attempts. This ensures that the device operates exclusively with the original vendors firmware and resists unauthorized access, making it highly secure against external threats. **This is irreversible. Once enabled, it CANNOT be disabled.**
**IMPORTANT:** Activating Secure Lock not only enables Secure Boot but also invalidates all keys except the official Pico Key. This means that only firmware signed by Pico Key will be recognized, and custom code will no longer be allowed. Once enabled, the Pico Key device will run solely on the official firmware available on the website, with no option for generating or compiling new code for the device.
## Download
**If you own an ESP32-S3 board, go to [ESP32 support](https://www.picokeys.com/esp32-support/) for further information.**
**If you own an ESP32-S3 board, go to [ESP32 Flasher](https://www.picokeys.com/esp32-flasher/) for flashing your Pico HSM.**
Please, go to the Release page and download the UF2 file for your board.
If you own a Raspberry Pico (RP2040 or RP2350), go to [Download page](https://www.picokeys.com/getting-started/), select your vendor and model and download the proper firmware; or go to [Release page](https://www.github.com/polhenarejos/pico-hsm/releases/) and download the UF2 file for your board.
Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
Alternatively you can use the legacy VID/PID patcher as follows:
`./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2`
Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
Note that the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is the most recommended.
Note that the pure-browser option [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") is the most recommended.
## Build
## Build for Raspberry Pico
Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive.
```
@@ -212,9 +239,9 @@ Independent from your Linux distribution or when using another OS that supports
```
sudo docker build \
--build-arg VERSION_PICO_SDK=1.5.0 \
--build-arg VERSION_MAJOR=3 \
--build-arg VERSION_MINOR=4 \
--build-arg VERSION_PICO_SDK=2.0.0 \
--build-arg VERSION_MAJOR=5 \
--build-arg VERSION_MINOR=0 \
--build-arg PICO_BOARD=waveshare_rp2040_zero \
--build-arg USB_VID=0xfeff \
--build-arg USB_PID=0xfcfd \
@@ -321,8 +348,7 @@ For advanced usage scenarios, refer to the documentation and examples provided.
### Important
OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a pair of VID/PID of supported readers. In order to be detectable, you have several options:
- Use `pico-hsm-tool.py` to modify VID/PID on-the-fly.
- Use the online [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
- Patch the UF2 binary (if you just downloaded from the [Release section](https://github.com/polhenarejos/pico-hsm/releases "Release section"))
- Use the pure-browser online [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") that commissions the Pico Key on-the-fly without external tools.
- Build and configure the project with the proper VID/PID with `USB_VID` and `USB_PID` parameters in `CMake` (see [Build section](#build "Build section")). Note that you cannot distribute the patched/compiled binary if you do not own the VID/PID or have an explicit authorization.
## Credits

17
build_pico_hsm.sh
View File

@@ -1,9 +1,15 @@
#!/bin/bash
VERSION_MAJOR="4"
VERSION_MINOR="2-eddsa1"
VERSION_MAJOR="5"
VERSION_MINOR="0-eddsa1"
SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
#if ! [[ -z "${GITHUB_SHA}" ]]; then
# SUFFIX="${SUFFIX}.${GITHUB_SHA}"
#fi
rm -rf release/*
mkdir -p build_release
mkdir -p release
cd build_release
for board in 0xcb_helios \
@@ -96,8 +102,7 @@ for board in 0xcb_helios \
wiznet_w5100s_evb_pico
do
rm -rf *
PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake .. -DPICO_BOARD=$board
make -kj20
mv pico_hsm.uf2 ../release/pico_hsm_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2
PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board
make -j`nproc`
mv pico_hsm.uf2 ../release/pico_hsm_$board-$SUFFIX.uf2
done

2
pico-keys-sdk

Submodule pico-keys-sdk updated: 75ab3ec70e...1d86efa33b

32
pico_sdk_import.cmake
View File

@@ -18,9 +18,20 @@ if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_P
message("Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')")
endif ()
if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_TAG} AND (NOT PICO_SDK_FETCH_FROM_GIT_TAG))
set(PICO_SDK_FETCH_FROM_GIT_TAG $ENV{PICO_SDK_FETCH_FROM_GIT_TAG})
message("Using PICO_SDK_FETCH_FROM_GIT_TAG from environment ('${PICO_SDK_FETCH_FROM_GIT_TAG}')")
endif ()
if (PICO_SDK_FETCH_FROM_GIT AND NOT PICO_SDK_FETCH_FROM_GIT_TAG)
set(PICO_SDK_FETCH_FROM_GIT_TAG "master")
message("Using master as default value for PICO_SDK_FETCH_FROM_GIT_TAG")
endif()
set(PICO_SDK_PATH "${PICO_SDK_PATH}" CACHE PATH "Path to the Raspberry Pi Pico SDK")
set(PICO_SDK_FETCH_FROM_GIT "${PICO_SDK_FETCH_FROM_GIT}" CACHE BOOL "Set to ON to fetch copy of SDK from git if not otherwise locatable")
set(PICO_SDK_FETCH_FROM_GIT_PATH "${PICO_SDK_FETCH_FROM_GIT_PATH}" CACHE FILEPATH "location to download SDK")
set(PICO_SDK_FETCH_FROM_GIT_TAG "${PICO_SDK_FETCH_FROM_GIT_TAG}" CACHE FILEPATH "release tag for SDK")
if (NOT PICO_SDK_PATH)
if (PICO_SDK_FETCH_FROM_GIT)
@@ -29,11 +40,22 @@ if (NOT PICO_SDK_PATH)
if (PICO_SDK_FETCH_FROM_GIT_PATH)
get_filename_component(FETCHCONTENT_BASE_DIR "${PICO_SDK_FETCH_FROM_GIT_PATH}" REALPATH BASE_DIR "${CMAKE_SOURCE_DIR}")
endif ()
FetchContent_Declare(
pico_sdk
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
GIT_TAG master
)
# GIT_SUBMODULES_RECURSE was added in 3.17
if (${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.17.0")
FetchContent_Declare(
pico_sdk
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
GIT_SUBMODULES_RECURSE FALSE
)
else ()
FetchContent_Declare(
pico_sdk
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
)
endif ()
if (NOT pico_sdk)
message("Downloading Raspberry Pi Pico SDK")
FetchContent_Populate(pico_sdk)

1
sdkconfig.defaults
View File

@@ -9,6 +9,7 @@ CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_WL_SECTOR_SIZE_512=y
CONFIG_WL_SECTOR_MODE_PERF=y
COMPILER_OPTIMIZATION="Performance"
CONFIG_MBEDTLS_CMAC_C=y
CONFIG_MBEDTLS_CHACHA20_C=y

40
src/hsm/cmd_bip_slip.c
View File

@@ -38,7 +38,7 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
mbedtls_mpi_init(&kchild);
if (i[0] >= 0x80) {
if (mbedtls_mpi_cmp_int(&parent->d, 0) == 0) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
data[0] = 0x00;
mbedtls_mpi_write_binary(&parent->d, data + 1, 32);
@@ -72,19 +72,19 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
memcpy(cchild, iR, 32);
mbedtls_mpi_free(&il);
mbedtls_mpi_free(&kchild);
return CCID_OK;
return PICOKEY_OK;
}
int sha256_ripemd160(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160), output, 32, output);
return CCID_OK;
return PICOKEY_OK;
}
int sha256_sha256(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), output, 32, output);
return CCID_OK;
return PICOKEY_OK;
}
int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
@@ -98,7 +98,7 @@ int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
sizeof(buffer));
sha256_ripemd160(buffer, sizeof(buffer), buffer);
memcpy(fingerprint, buffer, 4);
return CCID_OK;
return PICOKEY_OK;
}
int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
@@ -106,7 +106,7 @@ int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
mbedtls_mpi_write_binary(&ctx->d, buffer, sizeof(buffer));
sha256_ripemd160(buffer, sizeof(buffer), buffer);
memcpy(fingerprint, buffer, 4);
return CCID_OK;
return PICOKEY_OK;
}
int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
@@ -115,13 +115,13 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
mbedtls_ecp_keypair_init(ctx);
file_t *ef = search_file(EF_MASTER_SEED | mid);
if (!file_has_data(ef)) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memcpy(mkey, file_get_data(ef), sizeof(mkey));
int r = mkek_decrypt(mkey + 1,
sizeof(mkey) - 1);
if (r != CCID_OK) {
return CCID_EXEC_ERROR;
if (r != PICOKEY_OK) {
return PICOKEY_EXEC_ERROR;
}
if (mkey[0] == 0x1 || mkey[0] == 0x2) {
if (mkey[0] == 0x1) {
@@ -131,7 +131,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1);
}
else {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_mpi_read_binary(&ctx->d, mkey + 1, 32);
@@ -143,7 +143,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
memcpy(chain, mkey + 1, 32);
}
key_type[0] = mkey[0];
return CCID_OK;
return PICOKEY_OK;
}
int node_derive_path(const uint8_t *path,
@@ -166,16 +166,16 @@ int node_derive_path(const uint8_t *path,
for (; walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data); node++) {
if (tag == 0x02) {
if ((node == 0 && tag_len != 1) || (node != 0 && tag_len != 4)) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (node == 0) {
if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != CCID_OK) {
if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != PICOKEY_OK) {
return r;
}
}
else if (node > 0) {
node_fingerprint_bip(ctx, fingerprint);
if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != CCID_OK) {
if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != PICOKEY_OK) {
return r;
}
memcpy(last_node, tag_data, 4);
@@ -183,7 +183,7 @@ int node_derive_path(const uint8_t *path,
}
else if (tag == 0x04) {
if (node == 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
else if (node > 0) {
node_fingerprint_slip(ctx, fingerprint);
@@ -202,7 +202,7 @@ int node_derive_path(const uint8_t *path,
if (nodes) {
*nodes = node;
}
return CCID_OK;
return PICOKEY_OK;
}
int cmd_bip_slip() {
@@ -253,11 +253,11 @@ int cmd_bip_slip() {
mkey[0] = p1;
file_t *ef = file_new(EF_MASTER_SEED | p2);
int r = mkek_encrypt(mkey + 1, sizeof(mkey) - 1);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
r = file_put_data(ef, mkey, sizeof(mkey));
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
@@ -271,7 +271,7 @@ int cmd_bip_slip() {
size_t olen = 0;
int r =
node_derive_path(apdu.data, (uint16_t)apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
@@ -317,7 +317,7 @@ int cmd_bip_slip() {
&nodes,
last_node,
&hd_keytype);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&hd_context);
return SW_EXEC_ERROR();
}

4
src/hsm/cmd_change_pin.c
View File

@@ -42,7 +42,7 @@ int cmd_change_pin() {
}
uint8_t mkek[MKEK_SIZE];
r = load_mkek(mkek); //loads the MKEK with old pin
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
//encrypt MKEK with new pin
@@ -57,7 +57,7 @@ int cmd_change_pin() {
}
r = store_mkek(mkek);
release_mkek(mkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
uint8_t dhash[33];

6
src/hsm/cmd_decrypt_asym.c
View File

@@ -48,9 +48,9 @@ int cmd_decrypt_asym() {
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
}
int r = load_private_key_rsa(&ctx, ef);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@@ -178,7 +178,7 @@ int cmd_decrypt_asym() {
if (file_get_size(tf) == kdom_uid.len &&
memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) {
file_new(EF_DKEK + n);
if (store_dkek_key(n, res_APDU + 1) != CCID_OK) {
if (store_dkek_key(n, res_APDU + 1) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
mbedtls_platform_zeroize(res_APDU, 32);

2
src/hsm/cmd_delete_file.c
View File

@@ -38,7 +38,7 @@ int cmd_delete_file() {
if (!authenticate_action(ef, ACL_OP_DELETE_SELF)) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
if (delete_file(ef) != CCID_OK) {
if (delete_file(ef) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
return SW_OK();

6
src/hsm/cmd_derive_asym.c
View File

@@ -57,9 +57,9 @@ int cmd_derive_asym() {
int r;
r = load_private_key_ec(&ctx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@@ -88,7 +88,7 @@ int cmd_derive_asym() {
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}

127
src/hsm/cmd_extras.c
View File

@@ -28,6 +28,19 @@
#include "kek.h"
#include "mbedtls/hkdf.h"
#include "mbedtls/chachapoly.h"
#ifdef PICO_RP2350
#include "otp.h"
#endif
#define CMD_DATETIME 0xA
#define CMD_DYNOPS 0x6
#define CMD_SECURE_LOCK 0x3A
#define SECURE_LOCK_KEY_AGREEMENT 0x1
#define SECURE_LOCK_ENABLE 0x2
#define SECURE_LOCK_MASK 0x3
#define SECURE_LOCK_DISABLE 0x4
#define CMD_PHY 0x1B
#define CMD_OTP 0x4C
int cmd_extras() {
#ifndef ENABLE_EMULATION
@@ -40,7 +53,7 @@ int cmd_extras() {
if (wait_button_pressed() == true) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
if (P1(apdu) == 0xA) { //datetime operations
if (P1(apdu) == CMD_DATETIME) { //datetime operations
if (P2(apdu) != 0x0) {
return SW_INCORRECT_P1P2();
}
@@ -84,7 +97,7 @@ int cmd_extras() {
#endif
}
}
else if (P1(apdu) == 0x6) { //dynamic options
else if (P1(apdu) == CMD_DYNOPS) { //dynamic options
if (P2(apdu) != 0x0) {
return SW_INCORRECT_P1P2();
}
@@ -103,11 +116,11 @@ int cmd_extras() {
low_flash_available();
}
}
else if (P1(apdu) == 0x3A) { // secure lock
else if (P1(apdu) == CMD_SECURE_LOCK) { // secure lock
if (apdu.nc == 0) {
return SW_WRONG_LENGTH();
}
if (P2(apdu) == 0x01) { // Key Agreement
if (P2(apdu) == SECURE_LOCK_KEY_AGREEMENT) { // Key Agreement
mbedtls_ecdh_context hkey;
mbedtls_ecdh_init(&hkey);
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
@@ -143,7 +156,7 @@ int cmd_extras() {
mse.init = true;
res_APDU_size = (uint16_t)olen;
}
else if (P2(apdu) == 0x02 || P2(apdu) == 0x03 || P2(apdu) == 0x04) {
else if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_MASK || P2(apdu) == SECURE_LOCK_DISABLE) {
if (mse.init == false) {
return SW_COMMAND_NOT_ALLOWED();
}
@@ -152,11 +165,11 @@ int cmd_extras() {
if (ret != 0) {
return SW_WRONG_DATA();
}
if (P2(apdu) == 0x02 || P2(apdu) == 0x04) { // Enable
if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_DISABLE) { // Enable
uint16_t opts = get_device_options();
uint8_t newopts[] = { opts >> 8, (opts & 0xff) };
if ((P2(apdu) == 0x02 && !(opts & HSM_OPT_SECURE_LOCK)) ||
(P2(apdu) == 0x04 && (opts & HSM_OPT_SECURE_LOCK))) {
if ((P2(apdu) == SECURE_LOCK_ENABLE && !(opts & HSM_OPT_SECURE_LOCK)) ||
(P2(apdu) == SECURE_LOCK_DISABLE && (opts & HSM_OPT_SECURE_LOCK))) {
uint16_t tfids[] = { EF_MKEK, EF_MKEK_SO };
for (int t = 0; t < sizeof(tfids) / sizeof(uint16_t); t++) {
file_t *tf = search_file(tfids[t]);
@@ -171,24 +184,24 @@ int cmd_extras() {
}
}
}
if (P2(apdu) == 0x02) {
if (P2(apdu) == SECURE_LOCK_ENABLE) {
newopts[0] |= HSM_OPT_SECURE_LOCK >> 8;
}
else if (P2(apdu) == 0x04) {
else if (P2(apdu) == SECURE_LOCK_DISABLE) {
newopts[0] &= ~HSM_OPT_SECURE_LOCK >> 8;
}
file_t *tf = search_file(EF_DEVOPS);
file_put_data(tf, newopts, sizeof(newopts));
low_flash_available();
}
else if (P2(apdu) == 0x03) {
else if (P2(apdu) == SECURE_LOCK_MASK) {
memcpy(mkek_mask, apdu.data, apdu.nc);
has_mkek_mask = true;
}
}
}
#ifndef ENABLE_EMULATION
else if (P1(apdu) == 0x1B) { // Set PHY
else if (P1(apdu) == CMD_PHY) { // Set PHY
if (apdu.nc == 0) {
if (file_has_data(ef_phy)) {
res_APDU_size = file_get_size(ef_phy);
@@ -196,50 +209,84 @@ int cmd_extras() {
}
}
else {
uint8_t tmp[PHY_MAX_SIZE];
memset(tmp, 0, sizeof(tmp));
uint16_t opts = 0;
if (file_has_data(ef_phy)) {
memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy)));
if (file_get_size(ef_phy) >= 8) {
opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1];
}
}
if (P2(apdu) == PHY_VID) { // VIDPID
if (P2(apdu) == PHY_VIDPID) { // VIDPID
if (apdu.nc != 4) {
return SW_WRONG_LENGTH();
}
memcpy(tmp + PHY_VID, apdu.data, 4);
opts |= PHY_OPT_VPID;
phy_data.vid = (apdu.data[0] << 8) | apdu.data[1];
phy_data.pid = (apdu.data[2] << 8) | apdu.data[3];
phy_data.vidpid_present = true;
}
else if (P2(apdu) == PHY_LED_GPIO || P2(apdu) == PHY_LED_MODE) {
if (apdu.nc != 1) {
return SW_WRONG_LENGTH();
}
tmp[P2(apdu)] = apdu.data[0];
if (P2(apdu) == PHY_LED_GPIO) {
opts |= PHY_OPT_GPIO;
}
else if (P2(apdu) == PHY_LED_MODE) {
opts |= PHY_OPT_LED;
}
else if (P2(apdu) == PHY_LED_GPIO) {
phy_data.led_gpio = apdu.data[0];
phy_data.led_gpio_present = true;
}
else if (P2(apdu) == PHY_LED_BTNESS) {
phy_data.led_brightness = apdu.data[0];
phy_data.led_brightness_present = true;
}
else if (P2(apdu) == PHY_OPTS) {
if (apdu.nc != 2) {
return SW_WRONG_LENGTH();
}
uint16_t opt = (apdu.data[0] << 8) | apdu.data[1];
opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK);
phy_data.opts = (apdu.data[0] << 8) | apdu.data[1];
}
else {
return SW_INCORRECT_P1P2();
}
tmp[PHY_OPTS] = opts >> 8;
tmp[PHY_OPTS + 1] = opts & 0xff;
file_put_data(ef_phy, tmp, sizeof(tmp));
uint8_t tmp[PHY_MAX_SIZE];
uint16_t tmp_len = 0;
memset(tmp, 0, sizeof(tmp));
if (phy_serialize_data(&phy_data, tmp, &tmp_len) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
file_put_data(ef_phy, tmp, tmp_len);
low_flash_available();
}
}
#endif
#if PICO_RP2350
else if (P1(apdu) == CMD_OTP) {
if (apdu.nc < 2) {
return SW_WRONG_LENGTH();
}
uint16_t row = (apdu.data[0] << 8) | apdu.data[1];
bool israw = P2(apdu) == 0x1;
if (apdu.nc == 2) {
if (row > 0xbf && row < 0xf48) {
return SW_WRONG_DATA();
}
if (israw) {
memcpy(res_APDU, otp_buffer_raw(row), apdu.ne);
}
else {
memcpy(res_APDU, otp_buffer(row), apdu.ne);
}
res_APDU_size = apdu.ne;
}
else {
apdu.nc -= 2;
apdu.data += 2;
if (apdu.nc > 1024) {
return SW_WRONG_LENGTH();
}
if (apdu.nc % (israw ? 4 : 2)) {
return SW_WRONG_DATA();
}
uint8_t adata[1024] __attribute__((aligned(4)));
memcpy(adata, apdu.data, apdu.nc);
int ret = 0;
if (israw) {
ret = otp_write_data_raw(row, adata, apdu.nc);
}
else {
ret = otp_write_data(row, adata, apdu.nc);
}
if (ret != 0) {
return SW_EXEC_ERROR();
}
}
}
#endif
else {
return SW_INCORRECT_P1P2();

4
src/hsm/cmd_general_authenticate.c
View File

@@ -47,7 +47,7 @@ int cmd_general_authenticate() {
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
r = load_private_key_ecdh(&ectx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ectx);
return SW_EXEC_ERROR();
}
@@ -106,7 +106,7 @@ int cmd_general_authenticate() {
r = sm_sign(t, pubkey_len + 16, res_APDU + res_APDU_size);
free(t);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
res_APDU_size += 8;

58
src/hsm/cmd_initialize.c
View File

@@ -15,14 +15,15 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "crypto_utils.h"
#include "sc_hsm.h"
#include "crypto_utils.h"
#include "files.h"
#include "random.h"
#include "kek.h"
#include "version.h"
#include "asn1.h"
#include "cvc.h"
#include "otp.h"
extern void scan_all();
@@ -132,10 +133,10 @@ int cmd_initialize() {
release_mkek(mkek);
return SW_EXEC_ERROR();
}
if (ret_mkek != CCID_OK) {
if (ret_mkek != PICOKEY_OK) {
ret_mkek = load_mkek(mkek); //Try again with new PIN/SO-PIN just in case some is the same
}
if (store_mkek(ret_mkek == CCID_OK ? mkek : NULL) != CCID_OK) {
if (store_mkek(ret_mkek == PICOKEY_OK ? mkek : NULL) != PICOKEY_OK) {
release_mkek(mkek);
return SW_EXEC_ERROR();
}
@@ -143,31 +144,31 @@ int cmd_initialize() {
if (dkeks) {
if (*dkeks > 0) {
uint16_t d = *dkeks;
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
else {
int r = save_dkek_key(0, random_bytes_get(32));
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
uint16_t d = 0x0101;
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
}
else {
uint16_t d = 0x0000;
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
if (kds) {
uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS);
memset(t, 0xff, 2 * k);
if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) {
if (file_put_data(tf_kd, t, 2 * k) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@@ -179,59 +180,60 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}
int ret = 0;
if (ret_mkek != CCID_OK || !file_has_data(fdkey)) {
if (ret_mkek != PICOKEY_OK || !file_has_data(fdkey)) {
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
uint8_t index = 0, key_id = 0;
ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index);
uint8_t key_id = 0;
if (otp_key_2) {
ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256K1, &ecdsa, otp_key_2, 32);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
ret = mbedtls_ecp_mul(&ecdsa.grp, &ecdsa.Q, &ecdsa.d, &ecdsa.grp.G, random_gen, NULL);
}
else {
ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
}
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
if (ret != CCID_OK) {
if (ret != PICOKEY_OK) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t cvc_len = 0;
if ((cvc_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
uint16_t ee_len = 0, term_len = 0;
if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
file_t *fpk = search_file(EF_EE_DEV);
ret = file_put_data(fpk, res_APDU, (uint16_t)cvc_len);
ret = file_put_data(fpk, res_APDU, ee_len);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
if ((cvc_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, 4096 - ee_len, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
memcpy(res_APDU + cvc_len, res_APDU, cvc_len);
mbedtls_ecdsa_free(&ecdsa);
fpk = search_file(EF_TERMCA);
ret = file_put_data(fpk, res_APDU, (uint16_t)(2 * cvc_len));
ret = file_put_data(fpk, res_APDU, ee_len + term_len);
if (ret != 0) {
return SW_EXEC_ERROR();
}
const uint8_t *keyid =
(const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
*label = (const uint8_t *) "ESPICOHSMTR";
uint16_t prkd_len = asn1_build_prkd_ecc(label,
(uint16_t)strlen((const char *) label),
keyid,
20,
256,
res_APDU,
4096);
uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, 4096);
fpk = search_file(EF_PRKD_DEV);
ret = file_put_data(fpk, res_APDU, prkd_len);
}
if (ret != 0) {
return SW_EXEC_ERROR();

12
src/hsm/cmd_key_domain.c
View File

@@ -72,8 +72,8 @@ int cmd_key_domain() {
import_dkek_share(p2, apdu.data);
if (++current_dkeks >= dkeks) {
int r = save_dkek_key(p2, NULL);
if (r != CCID_OK) {
if (r == CCID_NO_LOGIN) {
if (r != PICOKEY_OK) {
if (r == PICOKEY_NO_LOGIN) {
pending_save_dkek = p2;
}
else {
@@ -86,7 +86,7 @@ int cmd_key_domain() {
uint8_t t[MAX_KEY_DOMAINS * 2];
memcpy(t, kdata, tf_kd_size);
t[2 * p2 + 1] = current_dkeks;
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
@@ -129,17 +129,17 @@ int cmd_key_domain() {
else if (p1 == 0x4) {
t[2 * p2 + 1] = current_dkeks = 0;
}
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
file_t *tf = NULL;
if ((tf = search_file(EF_DKEK + p2))) {
if (delete_file(tf) != CCID_OK) {
if (delete_file(tf) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) {
if (delete_file(tf) != CCID_OK) {
if (delete_file(tf) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}

4
src/hsm/cmd_key_gen.c
View File

@@ -56,10 +56,10 @@ int cmd_key_gen() {
aes_type = PICO_KEYS_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
if (find_and_store_meta_key(key_id) != CCID_OK) {
if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();

20
src/hsm/cmd_key_unwrap.c
View File

@@ -51,8 +51,8 @@ int cmd_key_unwrap() {
mbedtls_rsa_init(&ctx);
do {
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
@@ -62,7 +62,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
mbedtls_rsa_free(&ctx);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@@ -71,8 +71,8 @@ int cmd_key_unwrap() {
mbedtls_ecp_keypair_init(&ctx);
do {
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
return SW_EXEC_ERROR();
}
@@ -82,7 +82,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
mbedtls_ecp_keypair_free(&ctx);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@@ -97,8 +97,8 @@ int cmd_key_unwrap() {
&key_size,
&allowed,
&allowed_len);
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != CCID_OK) {
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
@@ -117,7 +117,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@@ -136,7 +136,7 @@ int cmd_key_unwrap() {
}
r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_len);
free(meta);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
}

10
src/hsm/cmd_key_wrap.c
View File

@@ -60,9 +60,9 @@ int cmd_key_wrap() {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
r = load_private_key_rsa(&ctx, ef);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@@ -74,9 +74,9 @@ int cmd_key_wrap() {
mbedtls_ecp_keypair ctx;
mbedtls_ecp_keypair_init(&ctx);
r = load_private_key_ec(&ctx, ef);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@@ -110,7 +110,7 @@ int cmd_key_wrap() {
r = dkek_encode_key(kdom, kdata_aes, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata_aes, sizeof(kdata_aes));
}
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
res_APDU_size = wrap_len;

6
src/hsm/cmd_keypair_gen.c
View File

@@ -63,7 +63,7 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
if (ret != CCID_OK) {
if (ret != PICOKEY_OK) {
mbedtls_rsa_free(&rsa);
return SW_EXEC_ERROR();
}
@@ -144,7 +144,7 @@ int cmd_keypair_gen() {
}
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
if (ret != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
}
@@ -154,7 +154,7 @@ int cmd_keypair_gen() {
else {
return SW_WRONG_DATA();
}
if (find_and_store_meta_key(key_id) != CCID_OK) {
if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);

2
src/hsm/cmd_mse.c
View File

@@ -51,7 +51,7 @@ int cmd_mse() {
}
else {
if (p2 == 0xB6) {
if (puk_store_select_chr(tag_data) == CCID_OK) {
if (puk_store_select_chr(tag_data) == PICOKEY_OK) {
return SW_OK();
}
}

8
src/hsm/cmd_pso.c
View File

@@ -40,11 +40,11 @@ int cmd_pso() {
apdu.nc += tlv_len;
}
int r = cvc_verify(apdu.data, (uint16_t)apdu.nc, current_puk->cvcert, current_puk->cvcert_len);
if (r != CCID_OK) {
if (r == CCID_WRONG_DATA) {
if (r != PICOKEY_OK) {
if (r == PICOKEY_WRONG_DATA) {
return SW_DATA_INVALID();
}
else if (r == CCID_WRONG_SIGNATURE) {
else if (r == PICOKEY_WRONG_SIGNATURE) {
return SW_CONDITIONS_NOT_SATISFIED();
}
return SW_EXEC_ERROR();
@@ -56,7 +56,7 @@ int cmd_pso() {
ca_ef = file_new(fid);
file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc);
if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef),
false) != CCID_OK) {
false) != PICOKEY_OK) {
return SW_FILE_FULL();
}

8
src/hsm/cmd_reset_retry.c
View File

@@ -59,19 +59,19 @@ int cmd_reset_retry() {
dhash[0] = newpin_len;
double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1);
file_put_data(file_pin1, dhash, sizeof(dhash));
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
uint8_t mkek[MKEK_SIZE];
int r = load_mkek(mkek); //loads the MKEK with SO pin
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
hash_multi(apdu.data + (apdu.nc - newpin_len), newpin_len, session_pin);
has_session_pin = true;
r = store_mkek(mkek);
release_mkek(mkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_EXEC_ERROR();
}
low_flash_available();
@@ -99,7 +99,7 @@ int cmd_reset_retry() {
return SW_WRONG_LENGTH();
}
}
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
return SW_OK();

18
src/hsm/cmd_signature.c
View File

@@ -83,17 +83,17 @@ int pkcs1_strip_digest_info_prefix(mbedtls_md_type_t *algorithm,
*algorithm = digest_info_prefix[i].algorithm;
}
if (out_dat == NULL) {
return CCID_OK;
return PICOKEY_OK;
}
if (*out_len < hash_len) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
memmove(out_dat, in_dat + hdr_len, hash_len);
*out_len = hash_len;
return CCID_OK;
return PICOKEY_OK;
}
}
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
//-----
@@ -143,9 +143,9 @@ int cmd_signature() {
mbedtls_rsa_init(&ctx);
int r = load_private_key_rsa(&ctx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_rsa_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();
@@ -154,7 +154,7 @@ int cmd_signature() {
if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
uint16_t nc = (uint16_t)apdu.nc;
if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,
&nc) != CCID_OK) { //gets the MD algo id and strips it off
&nc) != PICOKEY_OK) { //gets the MD algo id and strips it off
return SW_EXEC_ERROR();
}
apdu.nc = nc;
@@ -265,9 +265,9 @@ int cmd_signature() {
md = MBEDTLS_MD_SHA512;
}
int r = load_private_key_ec(&ctx, fkey);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ctx);
if (r == CCID_VERIFICATION_FAILED) {
if (r == PICOKEY_VERIFICATION_FAILED) {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}
return SW_EXEC_ERROR();

4
src/hsm/cmd_update_ef.c
View File

@@ -78,7 +78,7 @@ int cmd_update_ef() {
}
if (offset == 0) {
int r = file_put_data(ef, data, data_len);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
}
@@ -92,7 +92,7 @@ int cmd_update_ef() {
memcpy(data_merge + offset, data, data_len);
int r = file_put_data(ef, data_merge, offset + data_len);
free(data_merge);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
}

56
src/hsm/cvc.c
View File

@@ -333,7 +333,7 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
}
mbedtls_ecp_keypair ectx;
mbedtls_ecp_keypair_init(&ectx);
if (load_private_key_ec(&ectx, fkey) != CCID_OK) {
if (load_private_key_ec(&ectx, fkey) != PICOKEY_OK) {
mbedtls_ecp_keypair_free(&ectx);
return 0;
}
@@ -702,12 +702,12 @@ int puk_verify(const uint8_t *sig,
uint16_t puk_len = 0;
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
if (!puk) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t oid_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
if (!oid) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
uint16_t t81_len = 0, t82_len = 0;
@@ -716,7 +716,7 @@ int puk_verify(const uint8_t *sig,
&t81_len,
0x82);
if (!t81 || !t82) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_rsa_context rsa;
mbedtls_rsa_init(&rsa);
@@ -744,32 +744,32 @@ int puk_verify(const uint8_t *sig,
}
if (md == MBEDTLS_MD_NONE) {
mbedtls_rsa_free(&rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
int r = mbedtls_mpi_read_binary(&rsa.N, t81, t81_len);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_mpi_read_binary(&rsa.E, t82, t82_len);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_complete(&rsa);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_check_pubkey(&rsa);
if (r != 0) {
mbedtls_rsa_free(&rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_pkcs1_verify(&rsa, md, (unsigned int)hash_len, hash, sig);
mbedtls_rsa_free(&rsa);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
}
else if (memcmp(oid, OID_ID_TA_ECDSA, 9) == 0) { //ECC
@@ -790,34 +790,34 @@ int puk_verify(const uint8_t *sig,
md = MBEDTLS_MD_SHA512;
}
if (md == MBEDTLS_MD_NONE) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86);
if (!t86) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_ecp_group_id ec_id = cvc_inherite_ec_group(ca, ca_len);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_ecdsa_context ecdsa;
mbedtls_ecdsa_init(&ecdsa);
int ret = mbedtls_ecp_group_load(&ecdsa.grp, ec_id);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
ret = mbedtls_ecp_point_read_binary(&ecdsa.grp, &ecdsa.Q, t86, t86_len);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ret = mbedtls_ecp_check_pubkey(&ecdsa.grp, &ecdsa.Q);
if (ret != 0) {
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
@@ -827,44 +827,44 @@ int puk_verify(const uint8_t *sig,
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ret = mbedtls_mpi_read_binary(&s, sig + sig_len / 2, sig_len / 2);
if (ret != 0) {
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ret = mbedtls_ecdsa_verify(&ecdsa.grp, hash, hash_len, &ecdsa.Q, &r, &s);
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa);
if (ret != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
}
return CCID_OK;
return PICOKEY_OK;
}
int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len) {
uint16_t puk_len = 0;
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
if (!puk) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t oid_len = 0, cv_body_len = 0, sig_len = 0;
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len);
const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len);
if (!sig) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (!cv_body) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (!oid) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
mbedtls_md_type_t md = MBEDTLS_MD_NONE;
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
@@ -905,18 +905,18 @@ int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16
}
}
if (md == MBEDTLS_MD_NONE) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md);
uint8_t hash[64], hash_len = mbedtls_md_get_size(md_info);
uint8_t tlv_body = 2 + format_tlv_len(cv_body_len, NULL);
int r = mbedtls_md(md_info, cv_body - tlv_body, cv_body_len + tlv_body, hash);
if (r != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = puk_verify(sig, sig_len, hash, hash_len, ca, ca_len);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
return CCID_OK;
return PICOKEY_OK;
}

198
src/hsm/kek.c
View File

@@ -29,6 +29,7 @@
#include "mbedtls/ecdsa.h"
#include "mbedtls/chachapoly.h"
#include "files.h"
#include "otp.h"
extern bool has_session_pin, has_session_sopin;
extern uint8_t session_pin[32], session_sopin[32];
@@ -51,7 +52,7 @@ uint32_t crc32c(const uint8_t *buf, size_t len) {
int load_mkek(uint8_t *mkek) {
if (has_session_pin == false && has_session_sopin == false) {
return CCID_NO_LOGIN;
return PICOKEY_NO_LOGIN;
}
const uint8_t *pin = NULL;
if (pin == NULL && has_session_pin == true) {
@@ -69,23 +70,23 @@ int load_mkek(uint8_t *mkek) {
}
}
if (pin == NULL) { //Should never happen
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (has_mkek_mask) {
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(mkek)[i] ^= mkek_mask[i];
}
}
int ret =
aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
int ret = aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
if (ret != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) {
return CCID_WRONG_DKEK;
return PICOKEY_WRONG_DKEK;
}
return CCID_OK;
if (has_mkek_mask || otp_key_1) {
const uint8_t *mask = otp_key_1 ? otp_key_1 : mkek_mask;
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(mkek)[i] ^= mask[i];
}
}
return PICOKEY_OK;
}
mse_t mse = { .init = false };
@@ -94,14 +95,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
mbedtls_chachapoly_context chatx;
mbedtls_chachapoly_init(&chatx);
mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx,
len - 16,
mse.key_enc,
mse.Qpt,
65,
data + len - 16,
data,
data);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx, len - 16, mse.key_enc, mse.Qpt, 65, data + len - 16, data, data);
mbedtls_chachapoly_free(&chatx);
return ret;
}
@@ -109,7 +103,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
int load_dkek(uint8_t id, uint8_t *dkek) {
file_t *tf = search_file(EF_DKEK + id);
if (!file_has_data(tf)) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
return mkek_decrypt(dkek, DKEK_KEY_SIZE);
@@ -121,7 +115,7 @@ void release_mkek(uint8_t *mkek) {
int store_mkek(const uint8_t *mkek) {
if (has_session_pin == false && has_session_sopin == false) {
return CCID_NO_LOGIN;
return PICOKEY_NO_LOGIN;
}
uint8_t tmp_mkek[MKEK_SIZE];
if (mkek == NULL) {
@@ -139,12 +133,9 @@ int store_mkek(const uint8_t *mkek) {
if (!tf) {
release_mkek(tmp_mkek);
release_mkek(tmp_mkek_pin);
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
aes_encrypt_cfb_256(session_pin,
MKEK_IV(tmp_mkek_pin),
MKEK_KEY(tmp_mkek_pin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
aes_encrypt_cfb_256(session_pin, MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
file_put_data(tf, tmp_mkek_pin, MKEK_SIZE);
release_mkek(tmp_mkek_pin);
}
@@ -155,32 +146,29 @@ int store_mkek(const uint8_t *mkek) {
if (!tf) {
release_mkek(tmp_mkek);
release_mkek(tmp_mkek_sopin);
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
aes_encrypt_cfb_256(session_sopin,
MKEK_IV(tmp_mkek_sopin),
MKEK_KEY(tmp_mkek_sopin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
aes_encrypt_cfb_256(session_sopin, MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE);
release_mkek(tmp_mkek_sopin);
}
low_flash_available();
release_mkek(tmp_mkek);
return CCID_OK;
return PICOKEY_OK;
}
int store_dkek_key(uint8_t id, uint8_t *dkek) {
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
int r = mkek_encrypt(dkek, DKEK_KEY_SIZE);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
file_put_data(tf, dkek, DKEK_KEY_SIZE);
low_flash_available();
return CCID_OK;
return PICOKEY_OK;
}
int save_dkek_key(uint8_t id, const uint8_t *key) {
@@ -188,7 +176,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) {
if (!key) {
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
}
@@ -202,7 +190,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
uint8_t tmp_dkek[DKEK_KEY_SIZE];
file_t *tf = search_file(EF_DKEK + id);
if (!tf) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
memset(tmp_dkek, 0, sizeof(tmp_dkek));
if (file_get_size(tf) == DKEK_KEY_SIZE) {
@@ -213,7 +201,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
}
file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE);
low_flash_available();
return CCID_OK;
return PICOKEY_OK;
}
int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
@@ -221,45 +209,45 @@ int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
memset(kcv, 0, 8);
memset(hsh, 0, sizeof(hsh));
int r = load_dkek(id, dkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
hash256(dkek, DKEK_KEY_SIZE, hsh);
mbedtls_platform_zeroize(dkek, sizeof(dkek));
memcpy(kcv, hsh, 8);
return CCID_OK;
return PICOKEY_OK;
}
int dkek_kenc(uint8_t id, uint8_t *kenc) { //kenc 32 bytes
uint8_t dkek[DKEK_KEY_SIZE + 4];
memset(kenc, 0, 32);
int r = load_dkek(id, dkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4);
hash256(dkek, sizeof(dkek), kenc);
mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK;
return PICOKEY_OK;
}
int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
uint8_t dkek[DKEK_KEY_SIZE + 4];
memset(kmac, 0, 32);
int r = load_dkek(id, dkek);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4);
hash256(dkek, DKEK_KEY_SIZE + 4, kmac);
mbedtls_platform_zeroize(dkek, sizeof(dkek));
return CCID_OK;
return PICOKEY_OK;
}
int mkek_encrypt(uint8_t *data, uint16_t len) {
int r;
uint8_t mkek[MKEK_SIZE + 4];
if ((r = load_mkek(mkek)) != CCID_OK) {
if ((r = load_mkek(mkek)) != PICOKEY_OK) {
return r;
}
r = aes_encrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
@@ -270,7 +258,7 @@ int mkek_encrypt(uint8_t *data, uint16_t len) {
int mkek_decrypt(uint8_t *data, uint16_t len) {
int r;
uint8_t mkek[MKEK_SIZE + 4];
if ((r = load_mkek(mkek)) != CCID_OK) {
if ((r = load_mkek(mkek)) != PICOKEY_OK) {
return r;
}
r = aes_decrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
@@ -278,15 +266,9 @@ int mkek_decrypt(uint8_t *data, uint16_t len) {
return r;
}
int dkek_encode_key(uint8_t id,
void *key_ctx,
int key_type,
uint8_t *out,
uint16_t *out_len,
const uint8_t *allowed,
uint16_t allowed_len) {
int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint16_t *out_len, const uint8_t *allowed, uint16_t allowed_len) {
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
@@ -298,21 +280,21 @@ int dkek_encode_key(uint8_t id,
uint8_t kenc[32];
memset(kenc, 0, sizeof(kenc));
r = dkek_kenc(id, kenc);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kcv[8];
memset(kcv, 0, sizeof(kcv));
r = dkek_kcv(id, kcv);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kmac[32];
memset(kmac, 0, sizeof(kmac));
r = dkek_kmac(id, kmac);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
@@ -331,10 +313,10 @@ int dkek_encode_key(uint8_t id,
}
if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
return CCID_WRONG_LENGTH;
return PICOKEY_WRONG_LENGTH;
}
put_uint16_t(kb_len, kb + 8);
@@ -346,7 +328,7 @@ int dkek_encode_key(uint8_t id,
}
else if (key_type & PICO_KEYS_KEY_RSA) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) { //13 bytes pading
return CCID_WRONG_LENGTH;
return PICOKEY_WRONG_LENGTH;
}
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
kb_len = 0;
@@ -367,7 +349,7 @@ int dkek_encode_key(uint8_t id,
}
else if (key_type & PICO_KEYS_KEY_EC) {
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 8 + 9 * 66 + 2 + 4) + 16) { //4 bytes pading
return CCID_WRONG_LENGTH;
return PICOKEY_WRONG_LENGTH;
}
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
kb_len = 0;
@@ -386,12 +368,7 @@ int dkek_encode_key(uint8_t id,
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp,
&ecdsa->grp.G,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
@@ -399,12 +376,7 @@ int dkek_encode_key(uint8_t id,
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
mbedtls_ecp_point_write_binary(&ecdsa->grp,
&ecdsa->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen;
@@ -458,25 +430,20 @@ int dkek_encode_key(uint8_t id,
kb[kb_len] = 0x80;
}
r = aes_encrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, kb_len_pad);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
memcpy(out + *out_len, kb, kb_len_pad);
*out_len += kb_len_pad;
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB),
kmac,
256,
out,
*out_len,
out + *out_len);
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, out, *out_len, out + *out_len);
*out_len += 16;
if (r != 0) {
return r;
}
return CCID_OK;
return PICOKEY_OK;
}
int dkek_type_key(const uint8_t *in) {
@@ -492,70 +459,59 @@ int dkek_type_key(const uint8_t *in) {
return 0x0;
}
int dkek_decode_key(uint8_t id,
void *key_ctx,
const uint8_t *in,
uint16_t in_len,
int *key_size_out,
uint8_t **allowed,
uint16_t *allowed_len) {
int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_len, int *key_size_out, uint8_t **allowed, uint16_t *allowed_len) {
uint8_t kcv[8];
int r = 0;
memset(kcv, 0, sizeof(kcv));
r = dkek_kcv(id, kcv);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kmac[32];
memset(kmac, 0, sizeof(kmac));
r = dkek_kmac(id, kmac);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
uint8_t kenc[32];
memset(kenc, 0, sizeof(kenc));
r = dkek_kenc(id, kenc);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
if (memcmp(kcv, in, 8) != 0) {
return CCID_WRONG_DKEK;
return PICOKEY_WRONG_DKEK;
}
uint8_t signature[16];
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB),
kmac,
256,
in,
in_len - 16,
signature);
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, in, in_len - 16, signature);
if (r != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
if (memcmp(signature, in + in_len - 16, 16) != 0) {
return CCID_WRONG_SIGNATURE;
return PICOKEY_WRONG_SIGNATURE;
}
int key_type = in[8];
if (key_type != 5 && key_type != 6 && key_type != 12 && key_type != 15) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if ((key_type == 5 || key_type == 6) &&
memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02", 12) != 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (key_type == 12 &&
memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03", 12) != 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (key_type == 15 && memcmp(in + 9, "\x00\x08\x60\x86\x48\x01\x65\x03\x04\x01", 10) != 0) {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
uint16_t ofs = 9;
@@ -579,13 +535,13 @@ int dkek_decode_key(uint8_t id,
ofs += len + 2;
if ((in_len - 16 - ofs) % 16 != 0) {
return CCID_WRONG_PADDING;
return PICOKEY_WRONG_PADDING;
}
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
memset(kb, 0, sizeof(kb));
memcpy(kb, in + ofs, in_len - 16 - ofs);
r = aes_decrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, in_len - 16 - ofs);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
@@ -602,14 +558,14 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
len = get_uint16_t(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
}
else if (key_type == 6) {
@@ -623,7 +579,7 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
//PQ
@@ -633,7 +589,7 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
//N
len = get_uint16_t(kb, ofs); ofs += len + 2;
@@ -643,33 +599,33 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (key_type == 5) {
r = mbedtls_rsa_import(rsa, &rsa->N, NULL, NULL, &rsa->D, &rsa->E);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
else if (key_type == 6) {
r = mbedtls_rsa_import(rsa, NULL, &rsa->P, &rsa->Q, NULL, &rsa->E);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
r = mbedtls_rsa_complete(rsa);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
r = mbedtls_rsa_check_privkey(rsa);
if (r != 0) {
mbedtls_rsa_free(rsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
else if (key_type == 12) {
@@ -687,7 +643,7 @@ int dkek_decode_key(uint8_t id,
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
if (ec_id == MBEDTLS_ECP_DP_NONE) {
mbedtls_ecdsa_free(ecdsa);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
ofs += len;
@@ -709,7 +665,7 @@ int dkek_decode_key(uint8_t id,
r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
ofs += len;
@@ -725,17 +681,17 @@ int dkek_decode_key(uint8_t id,
}
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
r = mbedtls_ecp_check_pub_priv(ecdsa, ecdsa, random_gen, NULL);
if (r != 0) {
mbedtls_ecdsa_free(ecdsa);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
else if (key_type == 15) {
memcpy(key_ctx, kb + ofs, key_size);
}
return CCID_OK;
return PICOKEY_OK;
}

84
src/hsm/sc_hsm.c
View File

@@ -43,6 +43,8 @@ bool has_session_pin = false, has_session_sopin = false;
const uint8_t *dev_name = NULL;
uint16_t dev_name_len = 0;
uint8_t PICO_PRODUCT = 1;
static int sc_hsm_process_apdu();
static void init_sc_hsm();
@@ -85,7 +87,7 @@ int sc_hsm_select_aid(app_t *a, uint8_t force) {
a->process_apdu = sc_hsm_process_apdu;
a->unload = sc_hsm_unload;
init_sc_hsm();
return CCID_OK;
return PICOKEY_OK;
}
INITIALIZER( sc_hsm_ctor ) {
@@ -178,10 +180,10 @@ uint8_t puk_status[MAX_PUK];
int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
if (data == NULL || data_len == 0) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
if (puk_store_entries == MAX_PUK_STORE_ENTRIES) {
return CCID_ERR_MEMORY_FATAL;
return PICOKEY_ERR_MEMORY_FATAL;
}
puk_store[puk_store_entries].copied = copy;
@@ -205,17 +207,17 @@ int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
&puk_store[puk_store_entries].puk_len);
puk_store_entries++;
return CCID_OK;
return PICOKEY_OK;
}
int puk_store_select_chr(const uint8_t *chr) {
for (int i = 0; i < puk_store_entries; i++) {
if (memcmp(puk_store[i].chr, chr, puk_store[i].chr_len) == 0) {
current_puk = &puk_store[i];
return CCID_OK;
return PICOKEY_OK;
}
}
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
void reset_puk_store() {
@@ -261,7 +263,7 @@ int sc_hsm_unload() {
has_session_pin = has_session_sopin = false;
isUserAuthenticated = false;
sm_session_pin_len = 0;
return CCID_OK;
return PICOKEY_OK;
}
uint16_t get_device_options() {
@@ -334,16 +336,16 @@ int parse_ef_dir(const file_t *f, int mode) {
int pin_reset_retries(const file_t *pin, bool force) {
if (!pin) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
const file_t *max = search_file(pin->fid + 1);
const file_t *act = search_file(pin->fid + 2);
if (!max || !act) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
uint8_t retries = file_read_uint8(act);
if (retries == 0 && force == false) { // blocked
return CCID_ERR_BLOCKED;
return PICOKEY_ERR_BLOCKED;
}
retries = file_read_uint8(max);
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
@@ -353,26 +355,26 @@ int pin_reset_retries(const file_t *pin, bool force) {
int pin_wrong_retry(const file_t *pin) {
if (!pin) {
return CCID_ERR_NULL_PARAM;
return PICOKEY_ERR_NULL_PARAM;
}
const file_t *act = search_file(pin->fid + 2);
if (!act) {
return CCID_ERR_FILE_NOT_FOUND;
return PICOKEY_ERR_FILE_NOT_FOUND;
}
uint8_t retries = file_read_uint8(act);
if (retries > 0) {
retries -= 1;
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
low_flash_available();
if (retries == 0) {
return CCID_ERR_BLOCKED;
return PICOKEY_ERR_BLOCKED;
}
return retries;
}
return CCID_ERR_BLOCKED;
return PICOKEY_ERR_BLOCKED;
}
bool pka_enabled() {
@@ -391,7 +393,7 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
if (len == sm_session_pin_len && memcmp(data, sm_session_pin, len) != 0) {
int retries;
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
@@ -405,17 +407,17 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
}
if (memcmp(file_get_data(pin) + 1, dhash, sizeof(dhash)) != 0) {
int retries;
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
return SW_PIN_BLOCKED();
}
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
}
}
int r = pin_reset_retries(pin, false);
if (r == CCID_ERR_BLOCKED) {
if (r == PICOKEY_ERR_BLOCKED) {
return SW_PIN_BLOCKED();
}
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_MEMORY_FAILURE();
}
if (pka_enabled() == false) {
@@ -552,18 +554,18 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
memcpy(kdata, key_ctx, key_size);
}
else {
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
if (!fpk) {
return CCID_ERR_MEMORY_FATAL;
return PICOKEY_ERR_MEMORY_FATAL;
}
r = mkek_encrypt(kdata, key_size);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
r = file_put_data(fpk, kdata, (uint16_t)key_size);
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return r;
}
char key_id_str[4] = {0};
@@ -580,7 +582,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
}
}
low_flash_available();
return CCID_OK;
return PICOKEY_OK;
}
int find_and_store_meta_key(uint8_t key_id) {
@@ -614,73 +616,73 @@ int find_and_store_meta_key(uint8_t key_id) {
int r = meta_add((KEY_PREFIX << 8) | key_id, meta, (uint16_t)meta_size);
free(meta);
if (r != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
}
return CCID_OK;
return PICOKEY_OK;
}
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
if (wait_button_pressed() == true) { // timeout
return CCID_VERIFICATION_FAILED;
return PICOKEY_VERIFICATION_FAILED;
}
uint16_t key_size = file_get_size(fkey);
uint8_t kdata[4096 / 8];
memcpy(kdata, file_get_data(fkey), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size / 2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_mpi_read_binary(&ctx->Q, kdata + key_size / 2, key_size / 2) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_rsa_complete(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
if (mbedtls_rsa_check_privkey(ctx) != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_rsa_free(ctx);
return CCID_WRONG_DATA;
return PICOKEY_WRONG_DATA;
}
return CCID_OK;
return PICOKEY_OK;
}
int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
if (wait_button_pressed() == true) { // timeout
return CCID_VERIFICATION_FAILED;
return PICOKEY_VERIFICATION_FAILED;
}
uint16_t key_size = file_get_size(fkey);
uint8_t kdata[67]; // Worst case, 521 bit + 1byte
memcpy(kdata, file_get_data(fkey), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
mbedtls_ecp_group_id gid = kdata[0];
int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
if (r != 0) {
mbedtls_platform_zeroize(kdata, sizeof(kdata));
mbedtls_ecp_keypair_free(ctx);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
@@ -691,9 +693,9 @@ int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
}
if (r != 0) {
mbedtls_ecp_keypair_free(ctx);
return CCID_EXEC_ERROR;
return PICOKEY_EXEC_ERROR;
}
return CCID_OK;
return PICOKEY_OK;
}
int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
return load_private_key_ec(ctx, fkey);
@@ -762,7 +764,7 @@ static const cmd_t cmds[] = {
int sc_hsm_process_apdu() {
int r = sm_unwrap();
if (r != CCID_OK) {
if (r != PICOKEY_OK) {
return SW_DATA_INVALID();
}
for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {

2
src/hsm/version.h
View File

@@ -18,7 +18,7 @@
#ifndef __VERSION_H_
#define __VERSION_H_
#define HSM_VERSION 0x0402
#define HSM_VERSION 0x0500
#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)

2
tests/scripts/func.sh
View File

@@ -37,7 +37,7 @@ gen_and_delete() {
test $? -eq 0 && echo -n "." || exit $?
}
reset() {
python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent > /dev/null 2>&1
python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent --no-dev-cert > /dev/null 2>&1
test $? -eq 0 || exit $?
}

2
tests/scripts/sc_hsm_test.sh
View File

@@ -14,7 +14,7 @@ test $? -eq 0 && echo -n "." || {
echo -e "\t${FAIL}"
exit 1
}
grep -q "338 tests performed" <<< $e && echo -n "." || {
grep -q "334 tests performed" <<< $e && echo -n "." || {
echo -e "\t${FAIL}"
exit 1
}

94
tools/pico-hsm-patch-vidpid.sh
View File

@@ -1,94 +0,0 @@
#!/bin/bash
#
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
# Copyright (c) 2022 Pol Henarejos.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
VERSION_MAJOR="6" #Version of Pico Keys SDK
VERSION_MINOR="0"
echo "----------------------------"
echo "VID/PID patcher for Pico HSM"
echo "----------------------------"
echo ""
if [ "$#" -le 0 ]; then
echo "Usage: $0 VID:PID [input_uf2_file] [output_uf2_file]"
exit 1
fi
IFS=':' read -r -a ARR <<< "$1"
if [ ${#ARR[@]} -ne 2 ]; then
echo "ERROR: Specify vendor and product ids as VID:PID (e.g., $0 CAFE:1234)"
exit 1
fi
VID=${ARR[0]}
PID=${ARR[1]}
if [ ${#VID} -ne 4 ]; then
echo "ERROR: VID length must be 4 hexadecimal characters"
exit 1
fi
if [ ${#PID} -ne 4 ]; then
echo "ERROR: PID length must be 4 hexadecimal characters"
exit 1
fi
if ! [[ $VID =~ ^[0-9A-Fa-f]{1,}$ ]] ; then
echo "ERROR: VID must contain hexadecimal characters"
exit 1
fi
if ! [[ $PID =~ ^[0-9A-Fa-f]{1,}$ ]] ; then
echo "ERROR: PID must contain hexadecimal characters"
exit 1
fi
UF2_FILE_IF="hsm2040.uf2"
UF2_FILE_OF="$UF2_FILE_IF"
if [ "$#" -ge 2 ]; then
UF2_FILE_IF="$2"
UF2_FILE_OF="$UF2_FILE_IF"
fi
if [ "$#" -ge 3 ]; then
UF2_FILE_OF="$3"
fi
echo -n "Patching ${UF2_FILE_IF}... "
if [[ ! -f "$UF2_FILE_IF" ]]; then
echo "ERROR: UF2 file ${UF2_FILE_IF} does not exist"
exit 1
fi
if [ "$UF2_FILE_IF" != "$UF2_FILE_OF" ]; then
cp -R $UF2_FILE_IF $UF2_FILE_OF
fi
LITTLE_VID="\x${VID:2:2}\x${VID:0:2}"
LITTLE_PID="\x${PID:2:2}\x${PID:0:2}"
perl -pi -e "s/\xff\xfe\xfd\xfc\x$VERSION_MINOR\x$VERSION_MAJOR\x01\x02\x03\x01/$LITTLE_VID$LITTLE_PID\x$VERSION_MINOR\x$VERSION_MAJOR\x01\x02\x03\x01/" $UF2_FILE_OF
echo "Done!"
echo ""
echo "Patched file was saved in ${UF2_FILE_OF}"

87
tools/pico-hsm-tool.py
View File

@@ -39,7 +39,7 @@ except ModuleNotFoundError:
sys.exit(-1)
try:
from picohsm import PicoHSM, PinType, DOPrefixes, KeyType, EncryptionMode, utils, APDUResponse, SWCodes, AES
from picohsm import PicoHSM, PinType, DOPrefixes, KeyType, EncryptionMode, utils, APDUResponse, SWCodes, AES, Platform
except ModuleNotFoundError:
print('ERROR: picohsm module not found! Install picohsm package.\nTry with `pip install pypicohsm`')
sys.exit(-1)
@@ -57,6 +57,8 @@ from argparse import RawTextHelpFormatter
pin = None
BOOTKEY = [225, 209, 107, 167, 100, 171, 215, 18, 212, 239, 110, 62, 221, 116, 78, 213, 99, 140, 38, 11, 119, 28, 249, 129, 81, 17, 11, 175, 172, 155, 200, 113]
def hexy(a):
return [hex(i) for i in a]
@@ -67,6 +69,7 @@ def parse_args():
parser.add_argument('--pin', help='PIN number')
parser_init.add_argument('--so-pin', help='SO-PIN number')
parser_init.add_argument('--silent', help='Confirms initialization silently.', action='store_true')
parser_init.add_argument('--no-dev-cert', help='Do not request a device certificate (it will use a self-signed certificate). Do not use if attestation is needed.', action='store_true', default=False)
parser_attestate = subparser.add_parser('attestate', help='Generates an attestation report for a private key and verifies the private key was generated in the devices or outside.')
parser_attestate.add_argument('-k', '--key', help='The private key index', metavar='KEY_ID')
@@ -94,11 +97,15 @@ def parse_args():
parser_phy = subparser.add_parser('phy', help='Set PHY options.')
subparser_phy = parser_phy.add_subparsers(title='commands', dest='subcommand', required=True)
parser_phy_vp = subparser_phy.add_parser('vidpid', help='Sets VID/PID. Use VID:PID format (e.g. 1234:5678)')
parser_phy_ledn = subparser_phy.add_parser('led', help='Sets LED GPIO number.')
parser_phy_ledn = subparser_phy.add_parser('led_gpio', help='Sets LED GPIO number.')
parser_phy_optwcid = subparser_phy.add_parser('wcid', help='Enable/Disable Web CCID interface.')
parser_phy_vp.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?')
parser_phy_ledn.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?')
parser_phy_optwcid.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable Web CCID interface.', nargs='?')
parser_phy_ledbtness = subparser_phy.add_parser('led_brightness', help='Sets LED max. brightness.')
parser_phy_ledbtness.add_argument('value', help='Value of the max. brightness.', metavar='VAL', nargs='?')
parser_phy_optdimm = subparser_phy.add_parser('led_dimmable', help='Enable/Disable LED dimming.')
parser_phy_optdimm.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable LED dimming.', nargs='?')
parser_secure = subparser.add_parser('secure', help='Manages security of Pico HSM.')
subparser_secure = parser_secure.add_subparsers(title='commands', dest='subcommand', required=True)
@@ -131,9 +138,18 @@ def parse_args():
parser_keygen = subparser.add_parser('keygen', help='Generates private keypair or secret key.')
subparser_keygen = parser_keygen.add_subparsers(title='commands', dest='subcommand', required=True)
parser_keygen_aes = subparser_keygen.add_parser('aes', help='Generates an AES key.')
parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]',choices=[128, 192, 256], default=128, type=int)
parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]', choices=[128, 192, 256], default=128, type=int)
parser_keygen_x25519 = subparser_keygen.add_parser('x25519', help='Generates a private X25519 keypair.')
parser_keygen_x448 = subparser_keygen.add_parser('x448', help='Generates a private X448 keypair.')
parser_keygen_x25519 = subparser_keygen.add_parser('ed25519', help='Generates a private Ed25519 keypair.')
parser_keygen_x448 = subparser_keygen.add_parser('ed448', help='Generates a private Ed448 keypair.')
parser_otp = subparser.add_parser('otp', help='Read/write OTP values.')
parser_otp.add_argument('subcommand', choices=['read', 'write', 'secure_boot'], help='Read, write or enable Secure Boot', nargs='?')
parser_otp.add_argument('--row', help='OTP row (in HEX)', required='write' in sys.argv or 'read' in sys.argv)
parser_otp.add_argument('-d', '--data', help='Data to write (in HEX) [e.g. 0011223344556677889900AABBCCDDEEFF]', required='write' in sys.argv)
parser_otp.add_argument('--lock', help='Lock & protect (no other firmwares can be loaded)', action='store_true')
parser_otp.add_argument('--index', help='Bootkey index [0-3]', type=int, default=0, choices=[0, 1, 2, 3])
args = parser.parse_args()
return args
@@ -204,24 +220,28 @@ def initialize(picohsm, args):
so_pin = '57621880'
picohsm.initialize(pin=pin, sopin=so_pin)
response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
if (not args.no_dev_cert):
response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
cert = bytearray(response)
Y = CVC().decode(cert).pubkey().find(0x86).data()
print(f'Public Point: {hexlify(Y).decode()}')
cert = bytearray(response)
Y = CVC().decode(cert).pubkey().find(0x86).data()
print(f'Public Point: {hexlify(Y).decode()}')
pbk = base64.urlsafe_b64encode(Y)
data = urllib.parse.urlencode({'pubkey': pbk}).encode()
j = get_pki_data('cvc', data=data)
print('Device name: '+j['devname'])
dataef = base64.urlsafe_b64decode(
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
pbk = base64.urlsafe_b64encode(Y)
params = {'pubkey': pbk}
if (picohsm.platform in (Platform.RP2350, Platform.ESP32)):
params['curve'] = 'secp256k1'
data = urllib.parse.urlencode(params).encode()
j = get_pki_data('cvc', data=data)
print('Device name: '+j['devname'])
dataef = base64.urlsafe_b64decode(
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
picohsm.select_file(0x2f02)
response = picohsm.put_contents(0x0000, data=dataef)
picohsm.select_file(0x2f02)
response = picohsm.put_contents(0x0000, data=dataef)
print('Certificate uploaded successfully!')
print('')
print('Certificate uploaded successfully!')
print('')
print('Note that the device is initialized with a default PIN and '
'configuration.')
print('Now you can initialize the device as usual with your chosen PIN '
@@ -447,8 +467,10 @@ def cipher(picohsm, args):
def keygen(picohsm, args):
if (args.subcommand == 'aes'):
ret = picohsm.key_generation(KeyType.AES, param=args.size)
elif (args.subcommand in ['x25519', 'x448']):
curve = 'curve' + args.subcommand[1:]
elif (args.subcommand in ['x25519', 'x448', 'ed25519', 'ed448']):
curve = args.subcommand
if (args.subcommand in ['x25519', 'x448']):
curve = 'curve' + args.subcommand[1:]
ret = picohsm.key_generation(KeyType.ECC, curve)
print('Key generated successfully.')
print(f'Key ID: {ret}')
@@ -460,10 +482,15 @@ def phy(picohsm, args):
sp = val.split(':')
if (len(sp) != 2):
print('ERROR: VID/PID have wrong format. Use VID:PID format (e.g. 1234:5678)')
return
val = int(sp[0],16).to_bytes(2, 'big') + int(sp[1],16).to_bytes(2, 'big')
elif (args.subcommand == 'led'):
elif (args.subcommand in ['led_gpio', 'led_brightness']):
if (args.subcommand == 'led_brightness'):
if (int(val) > 15 or int(val) < 0):
print('ERROR: LED brightness must be between 0 and 15.')
return
val = [int(val)]
elif (args.subcommand == 'wcid'):
elif (args.subcommand in ['wcid', 'led_dimmable']):
val = val == 'enable'
ret = picohsm.phy(args.subcommand, val)
if (ret):
@@ -471,8 +498,21 @@ def phy(picohsm, args):
else:
print('Command executed successfully. Please, restart your Pico Key.')
def otp(picohsm, args):
if (args.subcommand == 'read'):
row = int(args.row, 16)
ret = picohsm.otp(row=row)
print(f'OTP row {args.row}: {hexlify(ret).decode()}')
elif (args.subcommand == 'write'):
row = int(args.row, 16)
data = unhexlify(args.data)
picohsm.otp(row=row, data=data)
print(f'OTP row {args.row} written successfully.')
elif (args.subcommand == 'secure_boot'):
picohsm.secure_boot(BOOTKEY, bootkey_index=args.index, lock=args.lock)
def main(args):
sys.stderr.buffer.write(b'Pico HSM Tool v1.14\n')
sys.stderr.buffer.write(b'Pico HSM Tool v2.0\n')
sys.stderr.buffer.write(b'Author: Pol Henarejos\n')
sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n')
sys.stderr.buffer.write(b'\n\n')
@@ -499,7 +539,8 @@ def main(args):
keygen(picohsm, args)
elif (args.command == 'phy'):
phy(picohsm, args)
elif (args.command == 'otp'):
otp(picohsm, args)
def run():
args = parse_args()

30
workflows/autobuild.sh
View File

@@ -2,16 +2,38 @@
git submodule update --init --recursive
sudo apt update
if [[ $1 == "pico" ]]; then
sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib
git clone https://github.com/raspberrypi/pico-sdk
cd pico-sdk
git submodule update --init
cd ..
git clone https://github.com/raspberrypi/picotool
cd picotool
git submodule update --init
mkdir build
cd build
if [[ $1 == "pico" ]]; then
cmake -DPICO_SDK_PATH=../../pico-sdk ..
make -j`nproc`
sudo make install
cd ../..
mkdir build_pico
cd build_pico
cmake -DPICO_SDK_PATH=../pico-sdk ..
else
cmake -DENABLE_EMULATION=1 ..
fi
make
elif [[ $1 == "esp32" ]]; then
sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0
git clone --recursive https://github.com/espressif/esp-idf.git
cd esp-idf
./install.sh esp32s3
. ./export.sh
cd ..
idf.py set-target esp32s3
idf.py all
else
mkdir build
cd build
cmake -DENABLE_EMULATION=1 ..
make
fi