Compare commits
27 Commits
v5.4
...
v4.0-eddsa
| Author | SHA1 | Date | |
|---|---|---|---|
|
7493f9eb3e | ||
|
|
d44b780970 | ||
|
|
e7080d6f82 | ||
|
|
9258c9ff70 | ||
|
|
ad18577e98 | ||
|
|
fb5be153ed | ||
|
|
0ac71f2fff | ||
|
|
6ec5235cc3 | ||
|
|
ff74d6306e | ||
|
|
ba562da00e | ||
|
|
b94810d31d | ||
|
|
2c4be41ecf | ||
|
|
447d223de4 | ||
|
|
4f9f7f14fe | ||
|
|
6699913eff | ||
|
|
b0057bc3fe | ||
|
|
e3a773d145 | ||
|
|
10a47f9177 | ||
|
|
9f49a144ac | ||
|
|
e67a7091ff | ||
|
|
5e801fbae7 | ||
|
|
5bdba8e1e8 | ||
|
|
5df4e62f81 | ||
|
|
faef2dc278 | ||
|
|
22d8793683 | ||
|
|
32c8bc4a24 | ||
|
|
b5174d64af |
10
.github/workflows/codeql.yml
vendored
10
.github/workflows/codeql.yml
vendored
@@ -13,10 +13,10 @@ name: "CodeQL"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "master", "development" ]
|
||||
branches: [ "master", "development", "development-eddsa" ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ "master", "development" ]
|
||||
branches: [ "master", "development", "development-eddsa" ]
|
||||
schedule:
|
||||
- cron: '23 5 * * 4'
|
||||
workflow_dispatch:
|
||||
@@ -36,7 +36,7 @@ jobs:
|
||||
language: [ 'cpp', 'python' ]
|
||||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
||||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
||||
mode: [ 'pico', 'esp32', 'local' ]
|
||||
mode: [ 'pico', 'local' ]
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -44,7 +44,7 @@ jobs:
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v3
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
@@ -71,4 +71,4 @@ jobs:
|
||||
./workflows/autobuild.sh ${{ matrix.mode }}
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v3
|
||||
uses: github/codeql-action/analyze@v2
|
||||
|
||||
35
.github/workflows/nightly.yml
vendored
35
.github/workflows/nightly.yml
vendored
@@ -1,35 +0,0 @@
|
||||
name: "Nightly deploy"
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 2 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
nightly:
|
||||
name: Deploy nightly
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
refs: [master, development]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ matrix.refs }}
|
||||
submodules: 'recursive'
|
||||
- name : Build
|
||||
env:
|
||||
PICO_SDK_PATH: ../pico-sdk
|
||||
run: |
|
||||
./workflows/autobuild.sh pico
|
||||
./build_pico_hsm.sh
|
||||
./workflows/autobuild.sh esp32
|
||||
- name: Update nightly release
|
||||
uses: pyTooling/Actions/releaser@main
|
||||
with:
|
||||
tag: nightly-${{ matrix.refs }}
|
||||
rm: true
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
files: release/*.*
|
||||
8
.github/workflows/test.yml
vendored
8
.github/workflows/test.yml
vendored
@@ -13,10 +13,10 @@ name: "Emulation and test"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "master", "development" ]
|
||||
branches: [ "master", "development", "development-eddsa" ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ "master", "development" ]
|
||||
branches: [ "master", "development", "development-eddsa" ]
|
||||
schedule:
|
||||
- cron: '23 5 * * 4'
|
||||
workflow_dispatch:
|
||||
@@ -36,7 +36,7 @@ jobs:
|
||||
mkdir -p artifacts
|
||||
docker save pico-hsm-test:bullseye -o artifacts/docker-image.tar
|
||||
- name: Temporarily save image
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: docker-artifact
|
||||
path: artifacts
|
||||
@@ -54,7 +54,7 @@ jobs:
|
||||
with:
|
||||
submodules: recursive
|
||||
- name: Retrieve saved image
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: docker-artifact
|
||||
path: artifacts
|
||||
|
||||
218
CMakeLists.txt
218
CMakeLists.txt
@@ -1,132 +1,132 @@
|
||||
#
|
||||
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
|
||||
# Copyright (c) 2022 Pol Henarejos.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, version 3.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
|
||||
# Copyright (c) 2022 Pol Henarejos.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, version 3.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
cmake_minimum_required(VERSION 3.13)
|
||||
|
||||
if(ESP_PLATFORM)
|
||||
set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
set(USB_ITF_CCID 1)
|
||||
set(USB_ITF_WCID 1)
|
||||
else()
|
||||
if(NOT ENABLE_EMULATION)
|
||||
set(PICO_USE_FASTEST_SUPPORTED_CLOCK 1)
|
||||
include(pico_sdk_import.cmake)
|
||||
endif()
|
||||
if(ENABLE_EMULATION)
|
||||
else()
|
||||
include(pico_sdk_import.cmake)
|
||||
endif()
|
||||
|
||||
project(pico_hsm C CXX ASM)
|
||||
project(pico_hsm C CXX ASM)
|
||||
|
||||
set(CMAKE_C_STANDARD 11)
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_C_STANDARD 11)
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
|
||||
if(NOT ENABLE_EMULATION)
|
||||
pico_sdk_init()
|
||||
endif()
|
||||
if(NOT ENABLE_EMULATION)
|
||||
pico_sdk_init()
|
||||
endif()
|
||||
|
||||
if(NOT DEFINED __FOR_CI)
|
||||
set(__FOR_CI 0)
|
||||
endif()
|
||||
if(__FOR_CI)
|
||||
add_definitions(-D__FOR_CI)
|
||||
endif()
|
||||
if (NOT DEFINED __FOR_CI)
|
||||
set(__FOR_CI 0)
|
||||
endif()
|
||||
if (__FOR_CI)
|
||||
add_definitions(-D__FOR_CI)
|
||||
endif()
|
||||
|
||||
add_executable(pico_hsm)
|
||||
add_executable(pico_hsm)
|
||||
endif()
|
||||
set(SOURCES ${SOURCES}
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_list_keys.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_read_binary.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_verify.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_reset_retry.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_challenge.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_external_authenticate.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_mse.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_initialize.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_domain.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_wrap.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_keypair_gen.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_update_ef.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_delete_file.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_change_pin.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_gen.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_signature.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_unwrap.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_decrypt_asym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_cipher_sym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_derive_asym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_extras.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_general_authenticate.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_session_pin.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_puk_auth.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_pso.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_bip_slip.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cvc.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/files.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
|
||||
)
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_list_keys.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_read_binary.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_verify.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_reset_retry.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_challenge.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_external_authenticate.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_mse.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_initialize.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_domain.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_wrap.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_keypair_gen.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_update_ef.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_delete_file.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_change_pin.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_gen.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_signature.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_key_unwrap.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_decrypt_asym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_cipher_sym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_derive_asym.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_extras.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_general_authenticate.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_session_pin.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_puk_auth.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_pso.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_bip_slip.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/cvc.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/files.c
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
|
||||
|
||||
)
|
||||
set(USB_ITF_CCID 1)
|
||||
set(USB_ITF_WCID 1)
|
||||
include(pico-keys-sdk/pico_keys_sdk_import.cmake)
|
||||
|
||||
SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h" 1)
|
||||
|
||||
if(ESP_PLATFORM)
|
||||
project(pico_hsm)
|
||||
endif()
|
||||
|
||||
set(INCLUDES ${INCLUDES}
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm
|
||||
)
|
||||
if(NOT ESP_PLATFORM)
|
||||
target_sources(pico_hsm PUBLIC ${SOURCES})
|
||||
target_include_directories(pico_hsm PUBLIC ${INCLUDES})
|
||||
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-Wall
|
||||
)
|
||||
if(NOT MSVC)
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-Werror
|
||||
${CMAKE_CURRENT_LIST_DIR}/src/hsm
|
||||
)
|
||||
endif()
|
||||
if(NOT ESP_PLATFORM)
|
||||
target_sources(pico_hsm PUBLIC ${SOURCES})
|
||||
target_include_directories(pico_hsm PUBLIC ${INCLUDES})
|
||||
|
||||
if(ENABLE_EMULATION)
|
||||
if(NOT MSVC)
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-fdata-sections
|
||||
-ffunction-sections
|
||||
)
|
||||
endif()
|
||||
if(APPLE)
|
||||
target_link_options(pico_hsm PUBLIC
|
||||
-Wl,-dead_strip
|
||||
)
|
||||
elseif(MSVC)
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-WX
|
||||
)
|
||||
|
||||
target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
|
||||
else()
|
||||
target_link_options(pico_hsm PUBLIC
|
||||
-Wl,--gc-sections
|
||||
)
|
||||
endif(APPLE)
|
||||
target_link_libraries(pico_hsm PRIVATE pthread m)
|
||||
else()
|
||||
pico_add_extra_outputs(${CMAKE_PROJECT_NAME})
|
||||
endif()
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-Wall
|
||||
)
|
||||
if (NOT MSVC)
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-Werror
|
||||
)
|
||||
endif()
|
||||
|
||||
if(ENABLE_EMULATION)
|
||||
if (NOT MSVC)
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-fdata-sections
|
||||
-ffunction-sections
|
||||
)
|
||||
endif()
|
||||
if(APPLE)
|
||||
target_link_options(pico_hsm PUBLIC
|
||||
-Wl,-dead_strip
|
||||
)
|
||||
elseif(MSVC)
|
||||
target_compile_options(pico_hsm PUBLIC
|
||||
-WX
|
||||
)
|
||||
|
||||
target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
|
||||
else()
|
||||
target_link_options(pico_hsm PUBLIC
|
||||
-Wl,--gc-sections
|
||||
)
|
||||
endif (APPLE)
|
||||
else()
|
||||
pico_add_extra_outputs(pico_hsm)
|
||||
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
@@ -18,7 +18,7 @@ WORKDIR /home/builduser
|
||||
|
||||
VOLUME /home/builduser/release
|
||||
|
||||
ARG VERSION_PICO_SDK 2.0.0
|
||||
ARG VERSION_PICO_SDK 1.4.0
|
||||
|
||||
RUN mkdir -p /home/builduser/Devel/pico
|
||||
RUN cd /home/builduser/Devel/pico \
|
||||
@@ -29,8 +29,8 @@ RUN cd /home/builduser/Devel/pico \
|
||||
|
||||
RUN pip install cryptography
|
||||
|
||||
ARG VERSION_MAJOR 4
|
||||
ARG VERSION_MINOR 2
|
||||
ARG VERSION_MAJOR 2
|
||||
ARG VERSION_MINOR 6
|
||||
|
||||
RUN cd /home/builduser \
|
||||
&& git clone https://github.com/polhenarejos/pico-hsm.git \
|
||||
@@ -46,7 +46,7 @@ ENV PICO_SDK_PATH /home/builduser/Devel/pico/pico-sdk
|
||||
ARG USB_VID 0xfeff
|
||||
ARG USB_PID 0xfcfd
|
||||
|
||||
ARG PICO_BOARD waveshare_rp2040_zero
|
||||
ARG PICO_BOARD waveshare_rp2040_zero
|
||||
|
||||
RUN cd /home/builduser/pico-hsm \
|
||||
&& cd build_release \
|
||||
|
||||
62
README.md
62
README.md
@@ -138,21 +138,6 @@ Uses an MKEK to securely store all keys, encrypted with an ephemeral key derived
|
||||
### > Hierarchical Deterministic Key Generation
|
||||
Supports BIP32 for asymmetric key derivation and SLIP10 for symmetric key derivation, enabling crypto wallet deployment with infinite key generation. Supports NIST 256 and Koblitz 256 curves for master key generation.[^4]
|
||||
|
||||
### > One Time Programming (OTP) Storage
|
||||
The OTP securely stores the MKEK (Master Key Encryption Key) and Device Key permanently, making it inaccessible from external interfaces. This ensures that the key is protected against unauthorized access and tampering.
|
||||
|
||||
### > Secure Boot
|
||||
Secure Boot ensures only authenticated firmware can run on the device, verifying each firmware’s digital signature to block unauthorized code.
|
||||
|
||||
### > Secure Lock
|
||||
Secure Lock restricts the device to the manufacturer’s firmware only, locking out debug access and preventing any further boot key installations.
|
||||
|
||||
### > Rescue Interface
|
||||
A built-in rescue interface allows recovery of the device if it becomes unresponsive or undetectable. This feature provides a way to restore the device to operational status without compromising security.
|
||||
|
||||
### > LED Customization
|
||||
The LED can be customized to reflect device status and user preferences, offering flexible color and brightness options for an enhanced user experience.
|
||||
|
||||
[^1]: PKCS11 modules (`pkcs11-tool` and `sc-tool`) do not support CMAC and key derivation. It must be processed through raw APDU command (`opensc-tool -s`).
|
||||
[^2]: Available via SCS3 tool. See [SCS3](/doc/scs3.md "SCS3") for more information.
|
||||
[^3]: Imports are available only if the Pico HSM is previously initialized with a DKEK and DKEK shares are available during the import process.
|
||||
@@ -162,45 +147,33 @@ Secure Lock restricts the device to the manufacturer’s firmware only, locking
|
||||
Pico HSM also supports ESP32-S3 boards, which add secure storage, flash encryption and secure boot.
|
||||
|
||||
### > Dynamic VID/PID
|
||||
Supports setting VID & PID on-the-fly. Use `pico-hsm-tool.py` or [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") for specify VID/PID values and reboot the device.
|
||||
Supports setting VID & PID on-the-fly. Use `pico-hsm-tool.py` for specify VID/PID values and reboot the device.
|
||||
|
||||
### > Rescue Pico HSM Tool and Commissioner
|
||||
Pico HSM Tool implements a new CCID stack to rescue the Pico HSM in case it has wrong VID/PID values and it is not recognized by the OS. It can be accessed through `pico-hsm-tool.py` or [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
|
||||
### > Rescue Pico HSM Tool
|
||||
Pico HSM Tool implements a new CCID stack to rescue the Pico HSM in case it has wrong VID/PID values and it is not recognized by the OS.
|
||||
|
||||
## Security considerations
|
||||
All secret keys (both asymmetric and symmetric) are encrypted and stored in the flash memory. The MKEK, a 256-bit AES key, is used to protect these private and secret keys. Keys are held in RAM only during signature and decryption operations, and are loaded and cleared each time to avoid potential security vulnerabilities.
|
||||
All secret keys (both asymmetric and symmetric) are encrypted and stored in the flash memory of the Raspberry Pico. The DKEK, a 256-bit AES key, is used to protect these private and secret keys. Keys are only held in RAM during signature and decryption operations, and are loaded and cleared each time to avoid potential security vulnerabilities.
|
||||
|
||||
The MKEK itself is encrypted using a doubly salted and hashed PIN, and the PIN is hashed in memory during sessions. This ensures that the PIN is never stored in plaintext, neither in flash memory nor in RAM. However, if no secure channel is used, the PIN may be transmitted in plaintext from the host to the HSM.
|
||||
|
||||
DKEKs are used during the export and import of private/secret keys and are part of a Key Domain. A Key Domain is a set of secret/private keys that share the same DKEK. These are also shared by the custodians and are not specific to Pico HSM. Therefore, if a key does not belong to a Key Domain (and thus lacks a DKEK), it cannot be exported.
|
||||
The DKEK itself is encrypted using a doubly salted and hashed PIN, and the PIN is hashed in memory during sessions. This ensures that the PIN is never stored in plain text, either in flash memory or in RAM. However, if no secure channel is used, the PIN is transmitted in plain text from the host to the HSM.
|
||||
|
||||
In the event that the Pico is stolen, the private and secret key contents cannot be accessed without the PIN, even if the flash memory is dumped.
|
||||
|
||||
### RP2350 and ESP32-S3
|
||||
RP2350 and ESP32-S3 microcontrollers are equipped with advanced security features, including Secure Boot and Secure Lock, ensuring that firmware integrity and authenticity are tightly controlled. Both devices support the storage of the Master Key Encryption Key (MKEK) in an OTP (One-Time Programmable) memory region, making it permanently inaccessible for external access or tampering. This secure, non-volatile region guarantees that critical security keys are embedded into the hardware, preventing unauthorized access and supporting robust defenses against code injection or firmware modification. Together, Secure Boot and Secure Lock enforce firmware authentication, while the MKEK in OTP memory solidifies the foundation for secure operations.
|
||||
|
||||
### Secure Boot
|
||||
Secure Boot is a security feature that ensures that only trusted firmware, verified through digital signatures, can be loaded onto the device during the boot process. Once enabled, Secure Boot checks every piece of firmware against a cryptographic signature before execution, rejecting any unauthorized or modified code. This prevents malicious firmware from compromising the device’s operation and integrity. With Secure Boot activated, only firmware versions signed by a trusted authority, such as the device manufacturer, will be accepted, ensuring the device remains protected from unauthorized software modifications. **This is irreversible. Once enabled, it CANNOT be disabled.**
|
||||
|
||||
**IMPORTANT:** For users wishing to develop and compile custom firmware, a private-public key pair is essential. Activating Secure Boot requires users to generate and manage their own unique private-public key pair. The public key from this pair must be embedded into the device to validate all firmware. Firmware will not boot without a proper digital signature from this key pair. This means that users must sign all future firmware versions with their private key and embed the public key in the device to ensure compatibility.
|
||||
|
||||
### Secure Lock
|
||||
Secure Lock builds on Secure Boot by imposing an even stricter security model. Once activated, Secure Lock prevents any further installation of new boot keys, effectively locking the device to only run firmware that is authorized by the device's primary vendor—in this case, Pico Keys. In addition to preventing additional keys, Secure Lock disables debugging interfaces and puts additional safeguards in place to resist tampering and intrusion attempts. This ensures that the device operates exclusively with the original vendor’s firmware and resists unauthorized access, making it highly secure against external threats. **This is irreversible. Once enabled, it CANNOT be disabled.**
|
||||
|
||||
**IMPORTANT:** Activating Secure Lock not only enables Secure Boot but also invalidates all keys except the official Pico Key. This means that only firmware signed by Pico Key will be recognized, and custom code will no longer be allowed. Once enabled, the Pico Key device will run solely on the official firmware available on the website, with no option for generating or compiling new code for the device.
|
||||
|
||||
## Download
|
||||
**If you own an ESP32-S3 board, go to [ESP32 Flasher](https://www.picokeys.com/esp32-flasher/) for flashing your Pico HSM.**
|
||||
**If you own an ESP32-S3 board, go to [ESP32 support](https://www.picokeys.com/esp32-support/) for further information.**
|
||||
|
||||
If you own a Raspberry Pico (RP2040 or RP2350), go to [Download page](https://www.picokeys.com/getting-started/), select your vendor and model and download the proper firmware; or go to [Release page](https://www.github.com/polhenarejos/pico-hsm/releases/) and download the UF2 file for your board.
|
||||
Please, go to the Release page and download the UF2 file for your board.
|
||||
|
||||
Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
|
||||
Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
|
||||
|
||||
Alternatively you can use the legacy VID/PID patcher as follows:
|
||||
`./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2`
|
||||
|
||||
You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
|
||||
|
||||
Note that the pure-browser option [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") is the most recommended.
|
||||
Note that the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is the most recommended.
|
||||
|
||||
## Build for Raspberry Pico
|
||||
## Build
|
||||
Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive.
|
||||
|
||||
```
|
||||
@@ -239,9 +212,9 @@ Independent from your Linux distribution or when using another OS that supports
|
||||
|
||||
```
|
||||
sudo docker build \
|
||||
--build-arg VERSION_PICO_SDK=2.0.0 \
|
||||
--build-arg VERSION_MAJOR=5 \
|
||||
--build-arg VERSION_MINOR=0 \
|
||||
--build-arg VERSION_PICO_SDK=1.5.0 \
|
||||
--build-arg VERSION_MAJOR=3 \
|
||||
--build-arg VERSION_MINOR=4 \
|
||||
--build-arg PICO_BOARD=waveshare_rp2040_zero \
|
||||
--build-arg USB_VID=0xfeff \
|
||||
--build-arg USB_PID=0xfcfd \
|
||||
@@ -348,7 +321,8 @@ For advanced usage scenarios, refer to the documentation and examples provided.
|
||||
### Important
|
||||
OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a pair of VID/PID of supported readers. In order to be detectable, you have several options:
|
||||
- Use `pico-hsm-tool.py` to modify VID/PID on-the-fly.
|
||||
- Use the pure-browser online [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") that commissions the Pico Key on-the-fly without external tools.
|
||||
- Use the online [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
|
||||
- Patch the UF2 binary (if you just downloaded from the [Release section](https://github.com/polhenarejos/pico-hsm/releases "Release section"))
|
||||
- Build and configure the project with the proper VID/PID with `USB_VID` and `USB_PID` parameters in `CMake` (see [Build section](#build "Build section")). Note that you cannot distribute the patched/compiled binary if you do not own the VID/PID or have an explicit authorization.
|
||||
|
||||
## Credits
|
||||
|
||||
@@ -1,23 +1,57 @@
|
||||
#!/bin/bash
|
||||
|
||||
VERSION_MAJOR="5"
|
||||
VERSION_MINOR="4"
|
||||
SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
|
||||
#if ! [[ -z "${GITHUB_SHA}" ]]; then
|
||||
# SUFFIX="${SUFFIX}.${GITHUB_SHA}"
|
||||
#fi
|
||||
VERSION_MAJOR="4"
|
||||
VERSION_MINOR="0-eddsa1"
|
||||
|
||||
rm -rf release/*
|
||||
mkdir -p build_release
|
||||
mkdir -p release
|
||||
cd build_release
|
||||
PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}"
|
||||
board_dir=${PICO_SDK_PATH}/src/boards/include/boards
|
||||
for board in "$board_dir"/*
|
||||
|
||||
for board in adafruit_feather_rp2040 \
|
||||
adafruit_itsybitsy_rp2040 \
|
||||
adafruit_kb2040 \
|
||||
adafruit_macropad_rp2040 \
|
||||
adafruit_qtpy_rp2040 \
|
||||
adafruit_trinkey_qt2040 \
|
||||
arduino_nano_rp2040_connect \
|
||||
datanoisetv_rp2040_dsp \
|
||||
eetree_gamekit_rp2040 \
|
||||
garatronic_pybstick26_rp2040 \
|
||||
melopero_shake_rp2040 \
|
||||
nullbits_bit_c_pro \
|
||||
pico \
|
||||
pico_w \
|
||||
pimoroni_badger2040 \
|
||||
pimoroni_interstate75 \
|
||||
pimoroni_keybow2040 \
|
||||
pimoroni_motor2040 \
|
||||
pimoroni_pga2040 \
|
||||
pimoroni_picolipo_4mb \
|
||||
pimoroni_picolipo_16mb \
|
||||
pimoroni_picosystem \
|
||||
pimoroni_plasma2040 \
|
||||
pimoroni_servo2040 \
|
||||
pimoroni_tiny2040 \
|
||||
pimoroni_tiny2040_2mb \
|
||||
pololu_3pi_2040_robot \
|
||||
seeed_xiao_rp2040 \
|
||||
solderparty_rp2040_stamp \
|
||||
solderparty_rp2040_stamp_carrier \
|
||||
solderparty_rp2040_stamp_round_carrier \
|
||||
sparkfun_micromod \
|
||||
sparkfun_promicro \
|
||||
sparkfun_thingplus \
|
||||
vgaboard \
|
||||
waveshare_rp2040_lcd_0.96 \
|
||||
waveshare_rp2040_lcd_1.28 \
|
||||
waveshare_rp2040_one \
|
||||
waveshare_rp2040_plus_4mb \
|
||||
waveshare_rp2040_plus_16mb \
|
||||
waveshare_rp2040_zero \
|
||||
wiznet_w5100s_evb_pico
|
||||
do
|
||||
board_name="$(basename -- $board .h)"
|
||||
rm -rf *
|
||||
PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name
|
||||
make -j`nproc`
|
||||
mv pico_hsm.uf2 ../release/pico_hsm_$board_name-$SUFFIX.uf2
|
||||
PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake .. -DPICO_BOARD=$board
|
||||
make -kj20
|
||||
mv pico_hsm.uf2 ../release/pico_hsm_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2
|
||||
|
||||
done
|
||||
|
||||
Submodule pico-keys-sdk updated: 6e6b524878...b945ae4f0e
@@ -18,20 +18,9 @@ if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_P
|
||||
message("Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')")
|
||||
endif ()
|
||||
|
||||
if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_TAG} AND (NOT PICO_SDK_FETCH_FROM_GIT_TAG))
|
||||
set(PICO_SDK_FETCH_FROM_GIT_TAG $ENV{PICO_SDK_FETCH_FROM_GIT_TAG})
|
||||
message("Using PICO_SDK_FETCH_FROM_GIT_TAG from environment ('${PICO_SDK_FETCH_FROM_GIT_TAG}')")
|
||||
endif ()
|
||||
|
||||
if (PICO_SDK_FETCH_FROM_GIT AND NOT PICO_SDK_FETCH_FROM_GIT_TAG)
|
||||
set(PICO_SDK_FETCH_FROM_GIT_TAG "master")
|
||||
message("Using master as default value for PICO_SDK_FETCH_FROM_GIT_TAG")
|
||||
endif()
|
||||
|
||||
set(PICO_SDK_PATH "${PICO_SDK_PATH}" CACHE PATH "Path to the Raspberry Pi Pico SDK")
|
||||
set(PICO_SDK_FETCH_FROM_GIT "${PICO_SDK_FETCH_FROM_GIT}" CACHE BOOL "Set to ON to fetch copy of SDK from git if not otherwise locatable")
|
||||
set(PICO_SDK_FETCH_FROM_GIT_PATH "${PICO_SDK_FETCH_FROM_GIT_PATH}" CACHE FILEPATH "location to download SDK")
|
||||
set(PICO_SDK_FETCH_FROM_GIT_TAG "${PICO_SDK_FETCH_FROM_GIT_TAG}" CACHE FILEPATH "release tag for SDK")
|
||||
|
||||
if (NOT PICO_SDK_PATH)
|
||||
if (PICO_SDK_FETCH_FROM_GIT)
|
||||
@@ -40,22 +29,11 @@ if (NOT PICO_SDK_PATH)
|
||||
if (PICO_SDK_FETCH_FROM_GIT_PATH)
|
||||
get_filename_component(FETCHCONTENT_BASE_DIR "${PICO_SDK_FETCH_FROM_GIT_PATH}" REALPATH BASE_DIR "${CMAKE_SOURCE_DIR}")
|
||||
endif ()
|
||||
# GIT_SUBMODULES_RECURSE was added in 3.17
|
||||
if (${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.17.0")
|
||||
FetchContent_Declare(
|
||||
pico_sdk
|
||||
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
|
||||
GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
|
||||
GIT_SUBMODULES_RECURSE FALSE
|
||||
)
|
||||
else ()
|
||||
FetchContent_Declare(
|
||||
pico_sdk
|
||||
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
|
||||
GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
|
||||
)
|
||||
endif ()
|
||||
|
||||
FetchContent_Declare(
|
||||
pico_sdk
|
||||
GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
|
||||
GIT_TAG master
|
||||
)
|
||||
if (NOT pico_sdk)
|
||||
message("Downloading Raspberry Pi Pico SDK")
|
||||
FetchContent_Populate(pico_sdk)
|
||||
|
||||
@@ -1,18 +1,16 @@
|
||||
# This file was generated using idf.py save-defconfig. It can be edited manually.
|
||||
# Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration
|
||||
#
|
||||
IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=y
|
||||
IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1
|
||||
|
||||
CONFIG_TINYUSB=y
|
||||
CONFIG_TINYUSB_TASK_STACK_SIZE=16384
|
||||
|
||||
CONFIG_PARTITION_TABLE_CUSTOM=y
|
||||
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
|
||||
CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
|
||||
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv"
|
||||
CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv"
|
||||
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
|
||||
CONFIG_WL_SECTOR_SIZE_512=y
|
||||
CONFIG_WL_SECTOR_MODE_PERF=y
|
||||
COMPILER_OPTIMIZATION="Performance"
|
||||
|
||||
CONFIG_MBEDTLS_CMAC_C=y
|
||||
CONFIG_MBEDTLS_CHACHA20_C=y
|
||||
@@ -32,7 +30,7 @@ CONFIG_MBEDTLS_TLS_DISABLED=y
|
||||
# CONFIG_ESP_WIFI_ENABLED is not set
|
||||
# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
|
||||
# CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT is not set
|
||||
# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
|
||||
# CONFIG_WPA_MBEDTLS_CRYPTO is not set
|
||||
# CONFIG_MBEDTLS_PSK_MODES is not set
|
||||
# CONFIG_MBEDTLS_KEY_EXCHANGE_RSA is not set
|
||||
# CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE is not set
|
||||
@@ -47,8 +45,8 @@ CONFIG_MBEDTLS_TLS_DISABLED=y
|
||||
# CONFIG_MBEDTLS_SSL_ALPN is not set
|
||||
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
|
||||
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
|
||||
# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
|
||||
# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
|
||||
# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set
|
||||
# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set
|
||||
# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
|
||||
# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
|
||||
mbedtls_mpi_init(&kchild);
|
||||
if (i[0] >= 0x80) {
|
||||
if (mbedtls_mpi_cmp_int(&parent->d, 0) == 0) {
|
||||
return PICOKEY_ERR_NULL_PARAM;
|
||||
return CCID_ERR_NULL_PARAM;
|
||||
}
|
||||
data[0] = 0x00;
|
||||
mbedtls_mpi_write_binary(&parent->d, data + 1, 32);
|
||||
@@ -72,19 +72,19 @@ int node_derive_bip_child(const mbedtls_ecp_keypair *parent,
|
||||
memcpy(cchild, iR, 32);
|
||||
mbedtls_mpi_free(&il);
|
||||
mbedtls_mpi_free(&kchild);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int sha256_ripemd160(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
|
||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
|
||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160), output, 32, output);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int sha256_sha256(const uint8_t *buffer, size_t buffer_len, uint8_t *output) {
|
||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), buffer, buffer_len, output);
|
||||
mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), output, 32, output);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
|
||||
@@ -98,7 +98,7 @@ int node_fingerprint_bip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
|
||||
sizeof(buffer));
|
||||
sha256_ripemd160(buffer, sizeof(buffer), buffer);
|
||||
memcpy(fingerprint, buffer, 4);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
|
||||
@@ -106,7 +106,7 @@ int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) {
|
||||
mbedtls_mpi_write_binary(&ctx->d, buffer, sizeof(buffer));
|
||||
sha256_ripemd160(buffer, sizeof(buffer), buffer);
|
||||
memcpy(fingerprint, buffer, 4);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
|
||||
@@ -115,13 +115,13 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
|
||||
mbedtls_ecp_keypair_init(ctx);
|
||||
file_t *ef = search_file(EF_MASTER_SEED | mid);
|
||||
if (!file_has_data(ef)) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
memcpy(mkey, file_get_data(ef), sizeof(mkey));
|
||||
int r = mkek_decrypt(mkey + 1,
|
||||
sizeof(mkey) - 1);
|
||||
if (r != PICOKEY_OK) {
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
if (r != CCID_OK) {
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
if (mkey[0] == 0x1 || mkey[0] == 0x2) {
|
||||
if (mkey[0] == 0x1) {
|
||||
@@ -131,7 +131,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
|
||||
mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1);
|
||||
}
|
||||
else {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
mbedtls_mpi_read_binary(&ctx->d, mkey + 1, 32);
|
||||
@@ -143,7 +143,7 @@ int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32],
|
||||
memcpy(chain, mkey + 1, 32);
|
||||
}
|
||||
key_type[0] = mkey[0];
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int node_derive_path(const uint8_t *path,
|
||||
@@ -166,16 +166,16 @@ int node_derive_path(const uint8_t *path,
|
||||
for (; walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data); node++) {
|
||||
if (tag == 0x02) {
|
||||
if ((node == 0 && tag_len != 1) || (node != 0 && tag_len != 4)) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (node == 0) {
|
||||
if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != PICOKEY_OK) {
|
||||
if ((r = load_master_bip(tag_data[0], ctx, chain, key_type)) != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
}
|
||||
else if (node > 0) {
|
||||
node_fingerprint_bip(ctx, fingerprint);
|
||||
if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != PICOKEY_OK) {
|
||||
if ((r = node_derive_bip_child(ctx, chain, tag_data, ctx, chain)) != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
memcpy(last_node, tag_data, 4);
|
||||
@@ -183,7 +183,7 @@ int node_derive_path(const uint8_t *path,
|
||||
}
|
||||
else if (tag == 0x04) {
|
||||
if (node == 0) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
else if (node > 0) {
|
||||
node_fingerprint_slip(ctx, fingerprint);
|
||||
@@ -202,7 +202,7 @@ int node_derive_path(const uint8_t *path,
|
||||
if (nodes) {
|
||||
*nodes = node;
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int cmd_bip_slip() {
|
||||
@@ -253,11 +253,11 @@ int cmd_bip_slip() {
|
||||
mkey[0] = p1;
|
||||
file_t *ef = file_new(EF_MASTER_SEED | p2);
|
||||
int r = mkek_encrypt(mkey + 1, sizeof(mkey) - 1);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = file_put_data(ef, mkey, sizeof(mkey));
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
low_flash_available();
|
||||
@@ -271,7 +271,7 @@ int cmd_bip_slip() {
|
||||
size_t olen = 0;
|
||||
int r =
|
||||
node_derive_path(apdu.data, (uint16_t)apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
@@ -317,7 +317,7 @@ int cmd_bip_slip() {
|
||||
&nodes,
|
||||
last_node,
|
||||
&hd_keytype);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&hd_context);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
|
||||
@@ -42,7 +42,7 @@ int cmd_change_pin() {
|
||||
}
|
||||
uint8_t mkek[MKEK_SIZE];
|
||||
r = load_mkek(mkek); //loads the MKEK with old pin
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
//encrypt MKEK with new pin
|
||||
@@ -57,7 +57,7 @@ int cmd_change_pin() {
|
||||
}
|
||||
r = store_mkek(mkek);
|
||||
release_mkek(mkek);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
uint8_t dhash[33];
|
||||
|
||||
@@ -143,7 +143,10 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
|
||||
mbedtls_md_update(&md_ctx, input, input_len);
|
||||
|
||||
//TODO: be careful with architecture little vs. big
|
||||
put_uint32_t_be(counter, counter_buf);
|
||||
counter_buf[0] = (uint8_t) ((counter >> 24) & 0xff);
|
||||
counter_buf[1] = (uint8_t) ((counter >> 16) & 0xff);
|
||||
counter_buf[2] = (uint8_t) ((counter >> 8) & 0xff);
|
||||
counter_buf[3] = (uint8_t) ((counter >> 0) & 0xff);
|
||||
|
||||
mbedtls_md_update(&md_ctx, counter_buf, 4);
|
||||
|
||||
@@ -410,7 +413,13 @@ int cmd_cipher_sym() {
|
||||
size_t olen = 0;
|
||||
mbedtls_asn1_buf params =
|
||||
{.p = aad.data, .len = aad.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
|
||||
int r = mbedtls_pkcs5_pbes2_ext(¶ms, algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT, kdata, key_size, enc.data, enc.len, res_APDU, MAX_APDU_DATA, &olen);
|
||||
int r = mbedtls_pkcs5_pbes2_ext(¶ms,
|
||||
algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT,
|
||||
kdata,
|
||||
key_size,
|
||||
enc.data,
|
||||
enc.len,
|
||||
res_APDU, 4096, &olen);
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
if (r != 0) {
|
||||
return SW_WRONG_DATA();
|
||||
@@ -655,7 +664,6 @@ int cmd_cipher_sym() {
|
||||
secret[64] = { 0 };
|
||||
mbedtls_aes_init(&ctx);
|
||||
if (hd_keytype != 0x3) {
|
||||
mbedtls_ecdsa_free(&hd_context);
|
||||
return SW_INCORRECT_PARAMS();
|
||||
}
|
||||
key_size = 32;
|
||||
|
||||
@@ -48,9 +48,9 @@ int cmd_decrypt_asym() {
|
||||
mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
|
||||
}
|
||||
int r = load_private_key_rsa(&ctx, ef);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
if (r == PICOKEY_VERIFICATION_FAILED) {
|
||||
if (r == CCID_VERIFICATION_FAILED) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -178,7 +178,7 @@ int cmd_decrypt_asym() {
|
||||
if (file_get_size(tf) == kdom_uid.len &&
|
||||
memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) {
|
||||
file_new(EF_DKEK + n);
|
||||
if (store_dkek_key(n, res_APDU + 1) != PICOKEY_OK) {
|
||||
if (store_dkek_key(n, res_APDU + 1) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
mbedtls_platform_zeroize(res_APDU, 32);
|
||||
|
||||
@@ -30,7 +30,7 @@ int cmd_delete_file() {
|
||||
}
|
||||
}
|
||||
else {
|
||||
uint16_t fid = get_uint16_t_be(apdu.data);
|
||||
uint16_t fid = (apdu.data[0] << 8) | apdu.data[1];
|
||||
if (!(ef = search_file(fid))) {
|
||||
return SW_FILE_NOT_FOUND();
|
||||
}
|
||||
@@ -38,7 +38,7 @@ int cmd_delete_file() {
|
||||
if (!authenticate_action(ef, ACL_OP_DELETE_SELF)) {
|
||||
return SW_SECURITY_STATUS_NOT_SATISFIED();
|
||||
}
|
||||
if (delete_file(ef) != PICOKEY_OK) {
|
||||
if (delete_file(ef) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
return SW_OK();
|
||||
|
||||
@@ -52,14 +52,14 @@ int cmd_derive_asym() {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
if (apdu.data[0] == ALGO_EC_DERIVE) {
|
||||
mbedtls_ecdsa_context ctx;
|
||||
mbedtls_ecdsa_init(&ctx);
|
||||
mbedtls_ecp_keypair ctx;
|
||||
mbedtls_ecp_keypair_init(&ctx);
|
||||
|
||||
int r;
|
||||
r = load_private_key_ecdsa(&ctx, fkey);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if (r == PICOKEY_VERIFICATION_FAILED) {
|
||||
r = load_private_key_ec(&ctx, fkey);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
if (r == CCID_VERIFICATION_FAILED) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -69,7 +69,7 @@ int cmd_derive_asym() {
|
||||
mbedtls_mpi_init(&nd);
|
||||
r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
mbedtls_mpi_free(&a);
|
||||
mbedtls_mpi_free(&nd);
|
||||
return SW_DATA_INVALID();
|
||||
@@ -77,22 +77,22 @@ int cmd_derive_asym() {
|
||||
r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a);
|
||||
mbedtls_mpi_free(&a);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
mbedtls_mpi_free(&nd);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = mbedtls_mpi_copy(&ctx.d, &nd);
|
||||
mbedtls_mpi_free(&nd);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
}
|
||||
else {
|
||||
return SW_WRONG_DATA();
|
||||
|
||||
@@ -17,9 +17,8 @@
|
||||
|
||||
#include "sc_hsm.h"
|
||||
#include "mbedtls/ecdh.h"
|
||||
#ifdef PICO_PLATFORM
|
||||
#include "pico/aon_timer.h"
|
||||
#include "hardware/watchdog.h"
|
||||
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
|
||||
#include "hardware/rtc.h"
|
||||
#else
|
||||
#include <sys/time.h>
|
||||
#include <time.h>
|
||||
@@ -29,27 +28,11 @@
|
||||
#include "kek.h"
|
||||
#include "mbedtls/hkdf.h"
|
||||
#include "mbedtls/chachapoly.h"
|
||||
#ifdef PICO_RP2350
|
||||
#include "otp.h"
|
||||
#endif
|
||||
|
||||
#define CMD_DATETIME 0xA
|
||||
#define CMD_DYNOPS 0x6
|
||||
#define CMD_SECURE_LOCK 0x3A
|
||||
#define CMD_REBOOT 0xFB
|
||||
#define SECURE_LOCK_KEY_AGREEMENT 0x1
|
||||
#define SECURE_LOCK_ENABLE 0x2
|
||||
#define SECURE_LOCK_MASK 0x3
|
||||
#define SECURE_LOCK_DISABLE 0x4
|
||||
#define CMD_PHY 0x1B
|
||||
#define CMD_OTP 0x4C
|
||||
#define CMD_MEMORY 0x5
|
||||
|
||||
int cmd_extras() {
|
||||
int cmd = P1(apdu);
|
||||
#ifndef ENABLE_EMULATION
|
||||
// Only allow change PHY without PIN
|
||||
if (!isUserAuthenticated && cmd != CMD_PHY && cmd != CMD_MEMORY) {
|
||||
if (!isUserAuthenticated && P1(apdu) != 0x1B) {
|
||||
return SW_SECURITY_STATUS_NOT_SATISFIED();
|
||||
}
|
||||
#endif
|
||||
@@ -57,50 +40,71 @@ int cmd_extras() {
|
||||
if (wait_button_pressed() == true) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
if (cmd == CMD_DATETIME) { //datetime operations
|
||||
if (P1(apdu) == 0xA) { //datetime operations
|
||||
if (P2(apdu) != 0x0) {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
if (apdu.nc == 0) {
|
||||
#ifdef PICO_PLATFORM
|
||||
struct timespec tv;
|
||||
aon_timer_get_time(&tv);
|
||||
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
|
||||
datetime_t dt;
|
||||
if (!rtc_get_datetime(&dt)) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
res_APDU[res_APDU_size++] = dt.year >> 8;
|
||||
res_APDU[res_APDU_size++] = dt.year & 0xff;
|
||||
res_APDU[res_APDU_size++] = dt.month;
|
||||
res_APDU[res_APDU_size++] = dt.day;
|
||||
res_APDU[res_APDU_size++] = dt.dotw;
|
||||
res_APDU[res_APDU_size++] = dt.hour;
|
||||
res_APDU[res_APDU_size++] = dt.min;
|
||||
res_APDU[res_APDU_size++] = dt.sec;
|
||||
#else
|
||||
struct timeval tv;
|
||||
struct tm *tm;
|
||||
gettimeofday(&tv, NULL);
|
||||
#endif
|
||||
struct tm *tm = localtime(&tv.tv_sec);
|
||||
res_APDU_size += put_uint16_t_be(tm->tm_year + 1900, res_APDU);
|
||||
tm = localtime(&tv.tv_sec);
|
||||
res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
|
||||
res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
|
||||
res_APDU[res_APDU_size++] = tm->tm_mon;
|
||||
res_APDU[res_APDU_size++] = tm->tm_mday;
|
||||
res_APDU[res_APDU_size++] = tm->tm_wday;
|
||||
res_APDU[res_APDU_size++] = tm->tm_hour;
|
||||
res_APDU[res_APDU_size++] = tm->tm_min;
|
||||
res_APDU[res_APDU_size++] = tm->tm_sec;
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
if (apdu.nc != 8) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
|
||||
datetime_t dt;
|
||||
dt.year = (apdu.data[0] << 8) | (apdu.data[1]);
|
||||
dt.month = apdu.data[2];
|
||||
dt.day = apdu.data[3];
|
||||
dt.dotw = apdu.data[4];
|
||||
dt.hour = apdu.data[5];
|
||||
dt.min = apdu.data[6];
|
||||
dt.sec = apdu.data[7];
|
||||
if (!rtc_set_datetime(&dt)) {
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
#else
|
||||
struct tm tm;
|
||||
tm.tm_year = get_uint16_t_be(apdu.data) - 1900;
|
||||
struct timeval tv;
|
||||
tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
|
||||
tm.tm_mon = apdu.data[2];
|
||||
tm.tm_mday = apdu.data[3];
|
||||
tm.tm_wday = apdu.data[4];
|
||||
tm.tm_hour = apdu.data[5];
|
||||
tm.tm_min = apdu.data[6];
|
||||
tm.tm_sec = apdu.data[7];
|
||||
time_t tv_sec = mktime(&tm);
|
||||
#ifdef PICO_PLATFORM
|
||||
struct timespec tv = {.tv_sec = tv_sec, .tv_nsec = 0};
|
||||
aon_timer_set_time(&tv);
|
||||
#else
|
||||
struct timeval tv = {.tv_sec = tv_sec, .tv_usec = 0};
|
||||
tv.tv_sec = mktime(&tm);
|
||||
settimeofday(&tv, NULL);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else if (cmd == CMD_DYNOPS) { //dynamic options
|
||||
else if (P1(apdu) == 0x6) { //dynamic options
|
||||
if (P2(apdu) != 0x0) {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
@@ -109,7 +113,8 @@ int cmd_extras() {
|
||||
}
|
||||
uint16_t opts = get_device_options();
|
||||
if (apdu.nc == 0) {
|
||||
res_APDU_size += put_uint16_t_be(opts, res_APDU);
|
||||
res_APDU[res_APDU_size++] = opts >> 8;
|
||||
res_APDU[res_APDU_size++] = opts & 0xff;
|
||||
}
|
||||
else {
|
||||
uint8_t newopts[] = { apdu.data[0], (opts & 0xff) };
|
||||
@@ -118,17 +123,24 @@ int cmd_extras() {
|
||||
low_flash_available();
|
||||
}
|
||||
}
|
||||
else if (cmd == CMD_SECURE_LOCK) { // secure lock
|
||||
else if (P1(apdu) == 0x3A) { // secure lock
|
||||
if (apdu.nc == 0) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
if (P2(apdu) == SECURE_LOCK_KEY_AGREEMENT) { // Key Agreement
|
||||
if (P2(apdu) == 0x01) { // Key Agreement
|
||||
mbedtls_ecdh_context hkey;
|
||||
mbedtls_ecdh_init(&hkey);
|
||||
mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
|
||||
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
|
||||
int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp,
|
||||
&hkey.ctx.mbed_ecdh.d,
|
||||
&hkey.ctx.mbed_ecdh.Q,
|
||||
random_gen,
|
||||
NULL);
|
||||
mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
|
||||
ret = mbedtls_ecp_point_read_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Qp, apdu.data, apdu.nc);
|
||||
ret = mbedtls_ecp_point_read_binary(&hkey.ctx.mbed_ecdh.grp,
|
||||
&hkey.ctx.mbed_ecdh.Qp,
|
||||
apdu.data,
|
||||
apdu.nc);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdh_free(&hkey);
|
||||
return SW_WRONG_DATA();
|
||||
@@ -137,20 +149,38 @@ int cmd_extras() {
|
||||
|
||||
uint8_t buf[MBEDTLS_ECP_MAX_BYTES];
|
||||
size_t olen = 0;
|
||||
ret = mbedtls_ecdh_calc_secret(&hkey, &olen, buf, MBEDTLS_ECP_MAX_BYTES, random_gen, NULL);
|
||||
ret = mbedtls_ecdh_calc_secret(&hkey,
|
||||
&olen,
|
||||
buf,
|
||||
MBEDTLS_ECP_MAX_BYTES,
|
||||
random_gen,
|
||||
NULL);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdh_free(&hkey);
|
||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, buf, olen, mse.Qpt, sizeof(mse.Qpt), mse.key_enc, sizeof(mse.key_enc));
|
||||
ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
NULL,
|
||||
0,
|
||||
buf,
|
||||
olen,
|
||||
mse.Qpt,
|
||||
sizeof(mse.Qpt),
|
||||
mse.key_enc,
|
||||
sizeof(mse.key_enc));
|
||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdh_free(&hkey);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
|
||||
ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, MAX_APDU_DATA);
|
||||
ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp,
|
||||
&hkey.ctx.mbed_ecdh.Q,
|
||||
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
||||
&olen,
|
||||
res_APDU,
|
||||
4096);
|
||||
mbedtls_ecdh_free(&hkey);
|
||||
if (ret != 0) {
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -158,19 +188,20 @@ int cmd_extras() {
|
||||
mse.init = true;
|
||||
res_APDU_size = (uint16_t)olen;
|
||||
}
|
||||
else if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_MASK || P2(apdu) == SECURE_LOCK_DISABLE) {
|
||||
else if (P2(apdu) == 0x02 || P2(apdu) == 0x03 || P2(apdu) == 0x04) {
|
||||
if (mse.init == false) {
|
||||
return SW_COMMAND_NOT_ALLOWED();
|
||||
}
|
||||
uint16_t opts = get_device_options();
|
||||
|
||||
int ret = mse_decrypt_ct(apdu.data, apdu.nc);
|
||||
if (ret != 0) {
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_DISABLE) { // Enable
|
||||
if (P2(apdu) == 0x02 || P2(apdu) == 0x04) { // Enable
|
||||
uint16_t opts = get_device_options();
|
||||
uint8_t newopts[] = { opts >> 8, (opts & 0xff) };
|
||||
if ((P2(apdu) == SECURE_LOCK_ENABLE && !(opts & HSM_OPT_SECURE_LOCK)) ||
|
||||
(P2(apdu) == SECURE_LOCK_DISABLE && (opts & HSM_OPT_SECURE_LOCK))) {
|
||||
if ((P2(apdu) == 0x02 && !(opts & HSM_OPT_SECURE_LOCK)) ||
|
||||
(P2(apdu) == 0x04 && (opts & HSM_OPT_SECURE_LOCK))) {
|
||||
uint16_t tfids[] = { EF_MKEK, EF_MKEK_SO };
|
||||
for (int t = 0; t < sizeof(tfids) / sizeof(uint16_t); t++) {
|
||||
file_t *tf = search_file(tfids[t]);
|
||||
@@ -185,24 +216,24 @@ int cmd_extras() {
|
||||
}
|
||||
}
|
||||
}
|
||||
if (P2(apdu) == SECURE_LOCK_ENABLE) {
|
||||
if (P2(apdu) == 0x02) {
|
||||
newopts[0] |= HSM_OPT_SECURE_LOCK >> 8;
|
||||
}
|
||||
else if (P2(apdu) == SECURE_LOCK_DISABLE) {
|
||||
else if (P2(apdu) == 0x04) {
|
||||
newopts[0] &= ~HSM_OPT_SECURE_LOCK >> 8;
|
||||
}
|
||||
file_t *tf = search_file(EF_DEVOPS);
|
||||
file_put_data(tf, newopts, sizeof(newopts));
|
||||
low_flash_available();
|
||||
}
|
||||
else if (P2(apdu) == SECURE_LOCK_MASK && (opts & HSM_OPT_SECURE_LOCK)) {
|
||||
memcpy(mkek_mask, apdu.data, MKEK_KEY_SIZE);
|
||||
else if (P2(apdu) == 0x03) {
|
||||
memcpy(mkek_mask, apdu.data, apdu.nc);
|
||||
has_mkek_mask = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifndef ENABLE_EMULATION
|
||||
else if (cmd == CMD_PHY) { // Set PHY
|
||||
else if (P1(apdu) == 0x1B) { // Set PHY
|
||||
if (apdu.nc == 0) {
|
||||
if (file_has_data(ef_phy)) {
|
||||
res_APDU_size = file_get_size(ef_phy);
|
||||
@@ -210,97 +241,51 @@ int cmd_extras() {
|
||||
}
|
||||
}
|
||||
else {
|
||||
if (P2(apdu) == PHY_VIDPID) { // VIDPID
|
||||
uint8_t tmp[PHY_MAX_SIZE];
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
uint16_t opts = 0;
|
||||
if (file_has_data(ef_phy)) {
|
||||
memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy)));
|
||||
if (file_get_size(ef_phy) >= 8) {
|
||||
opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1];
|
||||
}
|
||||
}
|
||||
if (P2(apdu) == PHY_VID) { // VIDPID
|
||||
if (apdu.nc != 4) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
phy_data.vid = get_uint16_t_be(apdu.data);
|
||||
phy_data.pid = get_uint16_t_be(apdu.data + 2);
|
||||
phy_data.vidpid_present = true;
|
||||
memcpy(tmp + PHY_VID, apdu.data, 4);
|
||||
opts |= PHY_OPT_VPID;
|
||||
}
|
||||
else if (P2(apdu) == PHY_LED_GPIO) {
|
||||
phy_data.led_gpio = apdu.data[0];
|
||||
phy_data.led_gpio_present = true;
|
||||
}
|
||||
else if (P2(apdu) == PHY_LED_BTNESS) {
|
||||
phy_data.led_brightness = apdu.data[0];
|
||||
phy_data.led_brightness_present = true;
|
||||
else if (P2(apdu) == PHY_LED_GPIO || P2(apdu) == PHY_LED_MODE) {
|
||||
if (apdu.nc != 1) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
tmp[P2(apdu)] = apdu.data[0];
|
||||
if (P2(apdu) == PHY_LED_GPIO) {
|
||||
opts |= PHY_OPT_GPIO;
|
||||
}
|
||||
else if (P2(apdu) == PHY_LED_MODE) {
|
||||
opts |= PHY_OPT_LED;
|
||||
}
|
||||
}
|
||||
else if (P2(apdu) == PHY_OPTS) {
|
||||
if (apdu.nc != 2) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
phy_data.opts = get_uint16_t_be(apdu.data);
|
||||
uint16_t opt = (apdu.data[0] << 8) | apdu.data[1];
|
||||
opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK);
|
||||
}
|
||||
else {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
if (phy_save() != PICOKEY_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
tmp[PHY_OPTS] = opts >> 8;
|
||||
tmp[PHY_OPTS + 1] = opts & 0xff;
|
||||
file_put_data(ef_phy, tmp, sizeof(tmp));
|
||||
low_flash_available();
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#if PICO_RP2350
|
||||
else if (cmd == CMD_OTP) {
|
||||
if (apdu.nc < 2) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
uint16_t row = get_uint16_t_be(apdu.data);
|
||||
bool israw = P2(apdu) == 0x1;
|
||||
if (apdu.nc == 2) {
|
||||
if (row > 0xbf && row < 0xf48) {
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
if (israw) {
|
||||
memcpy(res_APDU, otp_buffer_raw(row), apdu.ne);
|
||||
}
|
||||
else {
|
||||
memcpy(res_APDU, otp_buffer(row), apdu.ne);
|
||||
}
|
||||
res_APDU_size = apdu.ne;
|
||||
}
|
||||
else {
|
||||
apdu.nc -= 2;
|
||||
apdu.data += 2;
|
||||
if (apdu.nc > 1024) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
if (apdu.nc % (israw ? 4 : 2)) {
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
uint8_t adata[1024] __attribute__((aligned(4)));
|
||||
memcpy(adata, apdu.data, apdu.nc);
|
||||
int ret = 0;
|
||||
if (israw) {
|
||||
ret = otp_write_data_raw(row, adata, apdu.nc);
|
||||
}
|
||||
else {
|
||||
ret = otp_write_data(row, adata, apdu.nc);
|
||||
}
|
||||
if (ret != 0) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifdef PICO_PLATFORM
|
||||
else if (cmd == CMD_REBOOT) {
|
||||
if (apdu.nc != 0) {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
watchdog_reboot(0, 0, 100);
|
||||
}
|
||||
#endif
|
||||
else if (cmd == CMD_MEMORY) {
|
||||
res_APDU_size = 0;
|
||||
uint32_t free = flash_free_space(), total = flash_total_space(), used = flash_used_space(), nfiles = flash_num_files(), size = flash_size();
|
||||
res_APDU_size += put_uint32_t_be(free, res_APDU + res_APDU_size);
|
||||
res_APDU_size += put_uint32_t_be(used, res_APDU + res_APDU_size);
|
||||
res_APDU_size += put_uint32_t_be(total, res_APDU + res_APDU_size);
|
||||
res_APDU_size += put_uint32_t_be(nfiles, res_APDU + res_APDU_size);
|
||||
res_APDU_size += put_uint32_t_be(size, res_APDU + res_APDU_size);
|
||||
}
|
||||
else {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
|
||||
@@ -44,11 +44,11 @@ int cmd_general_authenticate() {
|
||||
if (!fkey) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
mbedtls_ecdsa_context ectx;
|
||||
mbedtls_ecdsa_init(&ectx);
|
||||
r = load_private_key_ecdsa(&ectx, fkey);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ectx);
|
||||
mbedtls_ecp_keypair ectx;
|
||||
mbedtls_ecp_keypair_init(&ectx);
|
||||
r = load_private_key_ecdh(&ectx, fkey);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ectx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
mbedtls_ecdh_context ctx;
|
||||
@@ -56,12 +56,12 @@ int cmd_general_authenticate() {
|
||||
mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1;
|
||||
r = mbedtls_ecdh_setup(&ctx, gid);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(&ectx);
|
||||
mbedtls_ecp_keypair_free(&ectx);
|
||||
mbedtls_ecdh_free(&ctx);
|
||||
return SW_DATA_INVALID();
|
||||
}
|
||||
r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d);
|
||||
mbedtls_ecdsa_free(&ectx);
|
||||
mbedtls_ecp_keypair_free(&ectx);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdh_free(&ctx);
|
||||
return SW_DATA_INVALID();
|
||||
@@ -106,7 +106,7 @@ int cmd_general_authenticate() {
|
||||
r = sm_sign(t, pubkey_len + 16, res_APDU + res_APDU_size);
|
||||
|
||||
free(t);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
res_APDU_size += 8;
|
||||
|
||||
@@ -15,15 +15,14 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "sc_hsm.h"
|
||||
#include "crypto_utils.h"
|
||||
#include "sc_hsm.h"
|
||||
#include "files.h"
|
||||
#include "random.h"
|
||||
#include "kek.h"
|
||||
#include "version.h"
|
||||
#include "asn1.h"
|
||||
#include "cvc.h"
|
||||
#include "otp.h"
|
||||
|
||||
extern void scan_all();
|
||||
|
||||
@@ -43,14 +42,10 @@ extern void reset_puk_store();
|
||||
int cmd_initialize() {
|
||||
if (apdu.nc > 0) {
|
||||
uint8_t mkek[MKEK_SIZE];
|
||||
uint16_t opts = get_device_options();
|
||||
if (opts & HSM_OPT_SECURE_LOCK && !has_mkek_mask) {
|
||||
return SW_SECURITY_STATUS_NOT_SATISFIED();
|
||||
}
|
||||
int ret_mkek = load_mkek(mkek); //Try loading MKEK with previous session
|
||||
initialize_flash(true);
|
||||
scan_all();
|
||||
has_session_pin = has_session_sopin = has_mkek_mask = false;
|
||||
has_session_pin = has_session_sopin = false;
|
||||
uint16_t tag = 0x0;
|
||||
uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL;
|
||||
uint16_t tag_len = 0;
|
||||
@@ -137,10 +132,10 @@ int cmd_initialize() {
|
||||
release_mkek(mkek);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
if (ret_mkek != PICOKEY_OK) {
|
||||
if (ret_mkek != CCID_OK) {
|
||||
ret_mkek = load_mkek(mkek); //Try again with new PIN/SO-PIN just in case some is the same
|
||||
}
|
||||
if (store_mkek(ret_mkek == PICOKEY_OK ? mkek : NULL) != PICOKEY_OK) {
|
||||
if (store_mkek(ret_mkek == CCID_OK ? mkek : NULL) != CCID_OK) {
|
||||
release_mkek(mkek);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
@@ -148,31 +143,31 @@ int cmd_initialize() {
|
||||
if (dkeks) {
|
||||
if (*dkeks > 0) {
|
||||
uint16_t d = *dkeks;
|
||||
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
|
||||
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
else {
|
||||
int r = save_dkek_key(0, random_bytes_get(32));
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
uint16_t d = 0x0101;
|
||||
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
|
||||
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
uint16_t d = 0x0000;
|
||||
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != PICOKEY_OK) {
|
||||
if (file_put_data(tf_kd, (const uint8_t *) &d, sizeof(d)) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
if (kds) {
|
||||
uint8_t t[MAX_KEY_DOMAINS * 2], k = MIN(*kds, MAX_KEY_DOMAINS);
|
||||
memset(t, 0xff, 2 * k);
|
||||
if (file_put_data(tf_kd, t, 2 * k) != PICOKEY_OK) {
|
||||
if (file_put_data(tf_kd, t, 2 * k) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
@@ -184,60 +179,59 @@ int cmd_initialize() {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
int ret = 0;
|
||||
if (ret_mkek != PICOKEY_OK || !file_has_data(fdkey)) {
|
||||
if (ret_mkek != CCID_OK || !file_has_data(fdkey)) {
|
||||
mbedtls_ecdsa_context ecdsa;
|
||||
mbedtls_ecdsa_init(&ecdsa);
|
||||
mbedtls_ecp_group_id ec_id = MBEDTLS_ECP_DP_SECP256R1;
|
||||
uint8_t key_id = 0;
|
||||
if (otp_key_2) {
|
||||
ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256K1, &ecdsa, otp_key_2, 32);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
ret = mbedtls_ecp_mul(&ecdsa.grp, &ecdsa.Q, &ecdsa.d, &ecdsa.grp.G, random_gen, NULL);
|
||||
}
|
||||
else {
|
||||
ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, NULL);
|
||||
}
|
||||
uint8_t index = 0, key_id = 0;
|
||||
ret = mbedtls_ecdsa_genkey(&ecdsa, ec_id, random_gen, &index);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
|
||||
if (ret != PICOKEY_OK) {
|
||||
if (ret != CCID_OK) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
uint16_t ee_len = 0, term_len = 0;
|
||||
if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
|
||||
size_t cvc_len = 0;
|
||||
if ((cvc_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
|
||||
file_t *fpk = search_file(EF_EE_DEV);
|
||||
ret = file_put_data(fpk, res_APDU, ee_len);
|
||||
ret = file_put_data(fpk, res_APDU, (uint16_t)cvc_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
|
||||
if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, MAX_APDU_DATA - ee_len, NULL, 0, true)) == 0) {
|
||||
if ((cvc_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
memcpy(res_APDU + cvc_len, res_APDU, cvc_len);
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
fpk = search_file(EF_TERMCA);
|
||||
ret = file_put_data(fpk, res_APDU, ee_len + term_len);
|
||||
ret = file_put_data(fpk, res_APDU, (uint16_t)(2 * cvc_len));
|
||||
if (ret != 0) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
|
||||
const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
|
||||
const uint8_t *keyid =
|
||||
(const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
|
||||
*label = (const uint8_t *) "ESPICOHSMTR";
|
||||
uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, MAX_APDU_DATA);
|
||||
uint16_t prkd_len = asn1_build_prkd_ecc(label,
|
||||
(uint16_t)strlen((const char *) label),
|
||||
keyid,
|
||||
20,
|
||||
256,
|
||||
res_APDU,
|
||||
4096);
|
||||
fpk = search_file(EF_PRKD_DEV);
|
||||
ret = file_put_data(fpk, res_APDU, prkd_len);
|
||||
|
||||
}
|
||||
if (ret != 0) {
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -247,7 +241,10 @@ int cmd_initialize() {
|
||||
}
|
||||
else { //free memory bytes request
|
||||
int heap_left = heapLeft();
|
||||
res_APDU_size += put_uint32_t_be(heap_left, res_APDU);
|
||||
res_APDU[0] = ((heap_left >> 24) & 0xff);
|
||||
res_APDU[1] = ((heap_left >> 16) & 0xff);
|
||||
res_APDU[2] = ((heap_left >> 8) & 0xff);
|
||||
res_APDU[3] = ((heap_left >> 0) & 0xff);
|
||||
res_APDU[4] = 0;
|
||||
res_APDU[5] = HSM_VERSION_MAJOR;
|
||||
res_APDU[6] = HSM_VERSION_MINOR;
|
||||
|
||||
@@ -52,9 +52,6 @@ int cmd_key_domain() {
|
||||
if (tf_kd_size == 0) {
|
||||
return SW_WRONG_P1P2();
|
||||
}
|
||||
if (2 * p2 >= tf_kd_size) {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * p2] : 0,
|
||||
current_dkeks = kdata ? kdata[2 * p2 + 1] : 0;
|
||||
if (p1 == 0x0) { //dkek import
|
||||
@@ -72,8 +69,8 @@ int cmd_key_domain() {
|
||||
import_dkek_share(p2, apdu.data);
|
||||
if (++current_dkeks >= dkeks) {
|
||||
int r = save_dkek_key(p2, NULL);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r == PICOKEY_NO_LOGIN) {
|
||||
if (r != CCID_OK) {
|
||||
if (r == CCID_NO_LOGIN) {
|
||||
pending_save_dkek = p2;
|
||||
}
|
||||
else {
|
||||
@@ -86,13 +83,16 @@ int cmd_key_domain() {
|
||||
uint8_t t[MAX_KEY_DOMAINS * 2];
|
||||
memcpy(t, kdata, tf_kd_size);
|
||||
t[2 * p2 + 1] = current_dkeks;
|
||||
if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
|
||||
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
low_flash_available();
|
||||
}
|
||||
else {
|
||||
file_t *tf = search_file(EF_XKEK + p2);
|
||||
if (2 * p2 >= tf_kd_size) {
|
||||
return SW_INCORRECT_P1P2();
|
||||
}
|
||||
if (current_dkeks == 0xff && !file_has_data(tf)) { //XKEK have always 0xff
|
||||
return SW_REFERENCE_NOT_FOUND();
|
||||
}
|
||||
@@ -129,17 +129,17 @@ int cmd_key_domain() {
|
||||
else if (p1 == 0x4) {
|
||||
t[2 * p2 + 1] = current_dkeks = 0;
|
||||
}
|
||||
if (file_put_data(tf_kd, t, tf_kd_size) != PICOKEY_OK) {
|
||||
if (file_put_data(tf_kd, t, tf_kd_size) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
file_t *tf = NULL;
|
||||
if ((tf = search_file(EF_DKEK + p2))) {
|
||||
if (delete_file(tf) != PICOKEY_OK) {
|
||||
if (delete_file(tf) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
if (p1 == 0x3 && (tf = search_file(EF_XKEK + p2))) {
|
||||
if (delete_file(tf) != PICOKEY_OK) {
|
||||
if (delete_file(tf) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -56,10 +56,10 @@ int cmd_key_gen() {
|
||||
aes_type = PICO_KEYS_KEY_AES_512;
|
||||
}
|
||||
r = store_keys(aes_key, aes_type, key_id);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_MEMORY_FAILURE();
|
||||
}
|
||||
if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
|
||||
if (find_and_store_meta_key(key_id) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
low_flash_available();
|
||||
|
||||
@@ -51,38 +51,38 @@ int cmd_key_unwrap() {
|
||||
mbedtls_rsa_init(&ctx);
|
||||
do {
|
||||
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
|
||||
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
|
||||
if (r != PICOKEY_OK) {
|
||||
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
|
||||
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
|
||||
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
mbedtls_rsa_free(&ctx);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
else if (key_type & PICO_KEYS_KEY_EC) {
|
||||
mbedtls_ecdsa_context ctx;
|
||||
mbedtls_ecdsa_init(&ctx);
|
||||
mbedtls_ecp_keypair ctx;
|
||||
mbedtls_ecp_keypair_init(&ctx);
|
||||
do {
|
||||
r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
|
||||
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
|
||||
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
@@ -97,8 +97,8 @@ int cmd_key_unwrap() {
|
||||
&key_size,
|
||||
&allowed,
|
||||
&allowed_len);
|
||||
} while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
|
||||
if (r != PICOKEY_OK) {
|
||||
} while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
if (key_size == 64) {
|
||||
@@ -117,7 +117,7 @@ int cmd_key_unwrap() {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = store_keys(aes_key, aes_type, key_id);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
@@ -136,7 +136,7 @@ int cmd_key_unwrap() {
|
||||
}
|
||||
r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_len);
|
||||
free(meta);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -60,9 +60,9 @@ int cmd_key_wrap() {
|
||||
mbedtls_rsa_context ctx;
|
||||
mbedtls_rsa_init(&ctx);
|
||||
r = load_private_key_rsa(&ctx, ef);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
if (r == PICOKEY_VERIFICATION_FAILED) {
|
||||
if (r == CCID_VERIFICATION_FAILED) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -71,18 +71,18 @@ int cmd_key_wrap() {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
}
|
||||
else if (*dprkd == P15_KEYTYPE_ECC) {
|
||||
mbedtls_ecdsa_context ctx;
|
||||
mbedtls_ecdsa_init(&ctx);
|
||||
r = load_private_key_ecdsa(&ctx, ef);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if (r == PICOKEY_VERIFICATION_FAILED) {
|
||||
mbedtls_ecp_keypair ctx;
|
||||
mbedtls_ecp_keypair_init(&ctx);
|
||||
r = load_private_key_ec(&ctx, ef);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
if (r == CCID_VERIFICATION_FAILED) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
}
|
||||
else if (*dprkd == P15_KEYTYPE_AES) {
|
||||
uint8_t kdata_aes[64]; //maximum AES key size
|
||||
@@ -110,7 +110,7 @@ int cmd_key_wrap() {
|
||||
r = dkek_encode_key(kdom, kdata_aes, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
|
||||
mbedtls_platform_zeroize(kdata_aes, sizeof(kdata_aes));
|
||||
}
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
res_APDU_size = wrap_len;
|
||||
|
||||
@@ -58,11 +58,12 @@ int cmd_keypair_gen() {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
|
||||
if ((res_APDU_size =
|
||||
(uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
|
||||
if (ret != PICOKEY_OK) {
|
||||
if (ret != CCID_OK) {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
@@ -78,6 +79,19 @@ int cmd_keypair_gen() {
|
||||
if (ec_id == MBEDTLS_ECP_DP_NONE) {
|
||||
return SW_FUNC_NOT_SUPPORTED();
|
||||
}
|
||||
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) {
|
||||
asn1_ctx_t g = { 0 };
|
||||
if (asn1_find_tag(&ctxo, 0x83, &g) != true) {
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g.data[0] != 9)) {
|
||||
ec_id = MBEDTLS_ECP_DP_ED25519;
|
||||
}
|
||||
else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g.len != 56 || g.data[0] != 5)) {
|
||||
ec_id = MBEDTLS_ECP_DP_ED448;
|
||||
}
|
||||
}
|
||||
printf("KEYPAIR ECC %d\r\n", ec_id);
|
||||
mbedtls_ecdsa_context ecdsa;
|
||||
mbedtls_ecdsa_init(&ecdsa);
|
||||
uint8_t index = 0;
|
||||
@@ -117,7 +131,8 @@ int cmd_keypair_gen() {
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, ext.data, ext.len)) == 0) {
|
||||
if ((res_APDU_size =
|
||||
(uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
|
||||
if (ext.data) {
|
||||
free(ext.data);
|
||||
}
|
||||
@@ -129,7 +144,7 @@ int cmd_keypair_gen() {
|
||||
}
|
||||
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
if (ret != PICOKEY_OK) {
|
||||
if (ret != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
}
|
||||
@@ -139,7 +154,7 @@ int cmd_keypair_gen() {
|
||||
else {
|
||||
return SW_WRONG_DATA();
|
||||
}
|
||||
if (find_and_store_meta_key(key_id) != PICOKEY_OK) {
|
||||
if (find_and_store_meta_key(key_id) != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
file_t *fpk = file_new((EE_CERTIFICATE_PREFIX << 8) | key_id);
|
||||
|
||||
@@ -22,10 +22,12 @@ int cmd_list_keys() {
|
||||
/* First we send DEV private key */
|
||||
/* Both below conditions should be always TRUE */
|
||||
if (search_file(EF_PRKD_DEV)) {
|
||||
res_APDU_size += put_uint16_t_be(EF_PRKD_DEV, res_APDU + res_APDU_size);
|
||||
res_APDU[res_APDU_size++] = EF_PRKD_DEV >> 8;
|
||||
res_APDU[res_APDU_size++] = EF_PRKD_DEV & 0xff;
|
||||
}
|
||||
if (search_file(EF_KEY_DEV)) {
|
||||
res_APDU_size += put_uint16_t_be(EF_KEY_DEV, res_APDU + res_APDU_size);
|
||||
res_APDU[res_APDU_size++] = EF_KEY_DEV >> 8;
|
||||
res_APDU[res_APDU_size++] = EF_KEY_DEV & 0xff;
|
||||
}
|
||||
//first CC
|
||||
for (int i = 0; i < dynamic_files; i++) {
|
||||
|
||||
@@ -51,7 +51,7 @@ int cmd_mse() {
|
||||
}
|
||||
else {
|
||||
if (p2 == 0xB6) {
|
||||
if (puk_store_select_chr(tag_data) == PICOKEY_OK) {
|
||||
if (puk_store_select_chr(tag_data) == CCID_OK) {
|
||||
return SW_OK();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,11 +40,11 @@ int cmd_pso() {
|
||||
apdu.nc += tlv_len;
|
||||
}
|
||||
int r = cvc_verify(apdu.data, (uint16_t)apdu.nc, current_puk->cvcert, current_puk->cvcert_len);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r == PICOKEY_WRONG_DATA) {
|
||||
if (r != CCID_OK) {
|
||||
if (r == CCID_WRONG_DATA) {
|
||||
return SW_DATA_INVALID();
|
||||
}
|
||||
else if (r == PICOKEY_WRONG_SIGNATURE) {
|
||||
else if (r == CCID_WRONG_SIGNATURE) {
|
||||
return SW_CONDITIONS_NOT_SATISFIED();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -56,7 +56,7 @@ int cmd_pso() {
|
||||
ca_ef = file_new(fid);
|
||||
file_put_data(ca_ef, apdu.data, (uint16_t)apdu.nc);
|
||||
if (add_cert_puk_store(file_get_data(ca_ef), file_get_size(ca_ef),
|
||||
false) != PICOKEY_OK) {
|
||||
false) != CCID_OK) {
|
||||
return SW_FILE_FULL();
|
||||
}
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ int cmd_read_binary() {
|
||||
offset = p2;
|
||||
}
|
||||
else {
|
||||
offset = make_uint16_t_be(p1, p2) & 0x7fff;
|
||||
offset = make_uint16_t(p1, p2) & 0x7fff;
|
||||
ef = currentEF;
|
||||
}
|
||||
}
|
||||
@@ -41,7 +41,7 @@ int cmd_read_binary() {
|
||||
}
|
||||
}
|
||||
else {
|
||||
uint16_t file_id = make_uint16_t_be(p1, p2); // & 0x7fff;
|
||||
uint16_t file_id = make_uint16_t(p1, p2); // & 0x7fff;
|
||||
if (file_id == 0x0) {
|
||||
ef = currentEF;
|
||||
}
|
||||
|
||||
@@ -59,19 +59,19 @@ int cmd_reset_retry() {
|
||||
dhash[0] = newpin_len;
|
||||
double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1);
|
||||
file_put_data(file_pin1, dhash, sizeof(dhash));
|
||||
if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
|
||||
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
|
||||
return SW_MEMORY_FAILURE();
|
||||
}
|
||||
uint8_t mkek[MKEK_SIZE];
|
||||
int r = load_mkek(mkek); //loads the MKEK with SO pin
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
hash_multi(apdu.data + (apdu.nc - newpin_len), newpin_len, session_pin);
|
||||
has_session_pin = true;
|
||||
r = store_mkek(mkek);
|
||||
release_mkek(mkek);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
low_flash_available();
|
||||
@@ -99,7 +99,7 @@ int cmd_reset_retry() {
|
||||
return SW_WRONG_LENGTH();
|
||||
}
|
||||
}
|
||||
if (pin_reset_retries(file_pin1, true) != PICOKEY_OK) {
|
||||
if (pin_reset_retries(file_pin1, true) != CCID_OK) {
|
||||
return SW_MEMORY_FAILURE();
|
||||
}
|
||||
return SW_OK();
|
||||
|
||||
@@ -48,7 +48,7 @@ int cmd_select() {
|
||||
//}
|
||||
|
||||
if (apdu.nc == 2) {
|
||||
fid = get_uint16_t_be(apdu.data);
|
||||
fid = get_uint16_t(apdu.data, 0);
|
||||
}
|
||||
|
||||
//if ((fid & 0xff00) == (KEY_PREFIX << 8))
|
||||
@@ -119,7 +119,8 @@ int cmd_select() {
|
||||
res_APDU[res_APDU_size++] = 0x85;
|
||||
res_APDU[res_APDU_size++] = 5;
|
||||
uint16_t opts = get_device_options();
|
||||
res_APDU_size += put_uint16_t_be(opts, res_APDU + res_APDU_size);
|
||||
res_APDU[res_APDU_size++] = opts >> 8;
|
||||
res_APDU[res_APDU_size++] = opts & 0xff;
|
||||
res_APDU[res_APDU_size++] = 0xFF;
|
||||
res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR;
|
||||
res_APDU[res_APDU_size++] = HSM_VERSION_MINOR;
|
||||
|
||||
@@ -20,6 +20,7 @@
|
||||
#include "asn1.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "random.h"
|
||||
#include "mbedtls/eddsa.h"
|
||||
|
||||
extern mbedtls_ecp_keypair hd_context;
|
||||
extern uint8_t hd_keytype;
|
||||
@@ -82,17 +83,17 @@ int pkcs1_strip_digest_info_prefix(mbedtls_md_type_t *algorithm,
|
||||
*algorithm = digest_info_prefix[i].algorithm;
|
||||
}
|
||||
if (out_dat == NULL) {
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
if (*out_len < hash_len) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
memmove(out_dat, in_dat + hdr_len, hash_len);
|
||||
*out_len = hash_len;
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
}
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
//-----
|
||||
|
||||
@@ -142,9 +143,9 @@ int cmd_signature() {
|
||||
mbedtls_rsa_init(&ctx);
|
||||
|
||||
int r = load_private_key_rsa(&ctx, fkey);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
if (r == PICOKEY_VERIFICATION_FAILED) {
|
||||
if (r == CCID_VERIFICATION_FAILED) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
@@ -153,7 +154,7 @@ int cmd_signature() {
|
||||
if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
|
||||
uint16_t nc = (uint16_t)apdu.nc;
|
||||
if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,
|
||||
&nc) != PICOKEY_OK) { //gets the MD algo id and strips it off
|
||||
&nc) != CCID_OK) { //gets the MD algo id and strips it off
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
apdu.nc = nc;
|
||||
@@ -228,8 +229,8 @@ int cmd_signature() {
|
||||
mbedtls_rsa_free(&ctx);
|
||||
}
|
||||
else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) {
|
||||
mbedtls_ecdsa_context ctx;
|
||||
mbedtls_ecdsa_init(&ctx);
|
||||
mbedtls_ecp_keypair ctx;
|
||||
mbedtls_ecp_keypair_init(&ctx);
|
||||
md = MBEDTLS_MD_SHA256;
|
||||
if (p2 == ALGO_EC_RAW) {
|
||||
if (apdu.nc == 32) {
|
||||
@@ -263,34 +264,38 @@ int cmd_signature() {
|
||||
else if (p2 == ALGO_EC_SHA512) {
|
||||
md = MBEDTLS_MD_SHA512;
|
||||
}
|
||||
int r = load_private_key_ecdsa(&ctx, fkey);
|
||||
if (r != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if (r == PICOKEY_VERIFICATION_FAILED) {
|
||||
int r = load_private_key_ec(&ctx, fkey);
|
||||
if (r != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
if (r == CCID_VERIFICATION_FAILED) {
|
||||
return SW_SECURE_MESSAGE_EXEC_ERROR();
|
||||
}
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
size_t olen = 0;
|
||||
uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
|
||||
if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
|
||||
&olen, random_gen, NULL) != 0) {
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
|
||||
r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
|
||||
}
|
||||
else {
|
||||
r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
|
||||
&olen, random_gen, NULL);
|
||||
}
|
||||
if (r != 0) {
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
return SW_EXEC_ERROR();
|
||||
}
|
||||
memcpy(res_APDU, buf, olen);
|
||||
res_APDU_size = (uint16_t)olen;
|
||||
mbedtls_ecdsa_free(&ctx);
|
||||
mbedtls_ecp_keypair_free(&ctx);
|
||||
}
|
||||
else if (p2 == ALGO_HD) {
|
||||
size_t olen = 0;
|
||||
uint8_t buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
|
||||
uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
|
||||
if (hd_context.grp.id == MBEDTLS_ECP_DP_NONE) {
|
||||
mbedtls_ecdsa_free(&hd_context);
|
||||
return SW_CONDITIONS_NOT_SATISFIED();
|
||||
}
|
||||
if (hd_keytype != 0x1 && hd_keytype != 0x2) {
|
||||
mbedtls_ecdsa_free(&hd_context);
|
||||
return SW_INCORRECT_PARAMS();
|
||||
}
|
||||
md = MBEDTLS_MD_SHA256;
|
||||
|
||||
@@ -78,7 +78,7 @@ int cmd_update_ef() {
|
||||
}
|
||||
if (offset == 0) {
|
||||
int r = file_put_data(ef, data, data_len);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_MEMORY_FAILURE();
|
||||
}
|
||||
}
|
||||
@@ -92,7 +92,7 @@ int cmd_update_ef() {
|
||||
memcpy(data_merge + offset, data, data_len);
|
||||
int r = file_put_data(ef, data_merge, offset + data_len);
|
||||
free(data_merge);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_MEMORY_FAILURE();
|
||||
}
|
||||
}
|
||||
|
||||
101
src/hsm/cvc.c
101
src/hsm/cvc.c
@@ -26,6 +26,7 @@
|
||||
#include "oid.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "files.h"
|
||||
#include "mbedtls/eddsa.h"
|
||||
|
||||
extern const uint8_t *dev_name;
|
||||
extern uint16_t dev_name_len;
|
||||
@@ -71,7 +72,7 @@ const uint8_t *pointA[] = {
|
||||
"\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC",
|
||||
};
|
||||
|
||||
uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, uint16_t buf_len) {
|
||||
uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uint16_t buf_len) {
|
||||
uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN];
|
||||
const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 };
|
||||
const uint8_t oid_ri[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 };
|
||||
@@ -88,7 +89,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, u
|
||||
uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size);
|
||||
uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
|
||||
uint16_t tot_len = 0, tot_data_len = 0;
|
||||
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
|
||||
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
|
||||
tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
|
||||
oid = oid_ri;
|
||||
}
|
||||
@@ -109,7 +110,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, u
|
||||
//oid
|
||||
*p++ = 0x6; p += format_tlv_len(sizeof(oid_ecdsa), p); memcpy(p, oid, sizeof(oid_ecdsa));
|
||||
p += sizeof(oid_ecdsa);
|
||||
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
|
||||
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
|
||||
//p
|
||||
*p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
|
||||
p += p_size;
|
||||
@@ -293,11 +294,15 @@ uint16_t asn1_cvc_cert(void *rsa_ecdsa,
|
||||
else if (key_type & PICO_KEYS_KEY_EC) {
|
||||
mbedtls_mpi r, s;
|
||||
int ret = 0;
|
||||
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
|
||||
mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
|
||||
mbedtls_mpi_init(&r);
|
||||
mbedtls_mpi_init(&s);
|
||||
ret =
|
||||
mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
|
||||
if (ecdsa->grp.id == MBEDTLS_ECP_DP_ED25519 || ecdsa->grp.id == MBEDTLS_ECP_DP_ED448) {
|
||||
ret = mbedtls_eddsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, body, body_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
|
||||
}
|
||||
else {
|
||||
ret = mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
|
||||
}
|
||||
if (ret == 0) {
|
||||
mbedtls_mpi_write_binary(&r, p, key_size / 2); p += key_size / 2;
|
||||
mbedtls_mpi_write_binary(&s, p, key_size / 2); p += key_size / 2;
|
||||
@@ -326,10 +331,10 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
|
||||
if (!fkey) {
|
||||
return 0;
|
||||
}
|
||||
mbedtls_ecdsa_context ectx;
|
||||
mbedtls_ecdsa_init(&ectx);
|
||||
if (load_private_key_ecdsa(&ectx, fkey) != PICOKEY_OK) {
|
||||
mbedtls_ecdsa_free(&ectx);
|
||||
mbedtls_ecp_keypair ectx;
|
||||
mbedtls_ecp_keypair_init(&ectx);
|
||||
if (load_private_key_ec(&ectx, fkey) != CCID_OK) {
|
||||
mbedtls_ecp_keypair_free(&ectx);
|
||||
return 0;
|
||||
}
|
||||
int ret = 0;
|
||||
@@ -349,15 +354,20 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
|
||||
p += asn1_cvc_cert(rsa_ecdsa, key_type, p, cvcert_size, ext, ext_len, false);
|
||||
//outcar
|
||||
*p++ = 0x42; p += format_tlv_len(outcar_len, p); memcpy(p, outcar, outcar_len); p += outcar_len;
|
||||
uint8_t hsh[32];
|
||||
memcpy(p, "\x5f\x37", 2); p += 2;
|
||||
p += format_tlv_len(key_size, p);
|
||||
hash256(body, cvcert_size + outcar_size, hsh);
|
||||
mbedtls_mpi r, s;
|
||||
mbedtls_mpi_init(&r);
|
||||
mbedtls_mpi_init(&s);
|
||||
ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
|
||||
mbedtls_ecdsa_free(&ectx);
|
||||
if (ectx.grp.id == MBEDTLS_ECP_DP_ED25519 || ectx.grp.id == MBEDTLS_ECP_DP_ED448) {
|
||||
ret = mbedtls_eddsa_sign(&ectx.grp, &r, &s, &ectx.d, body, cvcert_size + outcar_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
|
||||
}
|
||||
else {
|
||||
uint8_t hsh[32];
|
||||
hash256(body, cvcert_size + outcar_size, hsh);
|
||||
ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
|
||||
}
|
||||
mbedtls_ecp_keypair_free(&ectx);
|
||||
if (ret != 0) {
|
||||
mbedtls_mpi_free(&r);
|
||||
mbedtls_mpi_free(&s);
|
||||
@@ -421,7 +431,8 @@ uint16_t asn1_build_cert_description(const uint8_t *label,
|
||||
p += format_tlv_len(asn1_len_tag(0x4, sizeof(uint16_t)), p);
|
||||
*p++ = 0x4;
|
||||
p += format_tlv_len(sizeof(uint16_t), p);
|
||||
put_uint16_t_be(fid, p); p += sizeof(uint16_t);
|
||||
*p++ = fid >> 8;
|
||||
*p++ = fid & 0xff;
|
||||
return (uint16_t)(p - buf);
|
||||
}
|
||||
|
||||
@@ -497,7 +508,8 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label,
|
||||
p += format_tlv_len(asn1_len_tag(0x2, 2), p);
|
||||
*p++ = 0x2;
|
||||
p += format_tlv_len(2, p);
|
||||
p += put_uint16_t_be(keysize, p);
|
||||
*p++ = (keysize >> 8) & 0xff;
|
||||
*p++ = keysize & 0xff;
|
||||
}
|
||||
|
||||
//Seq 4
|
||||
@@ -516,7 +528,8 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label,
|
||||
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
|
||||
*p++ = 0x2;
|
||||
p += format_tlv_len(2, p);
|
||||
p += put_uint16_t_be(keysize, p);
|
||||
*p++ = (keysize >> 8) & 0xff;
|
||||
*p++ = keysize & 0xff;
|
||||
}
|
||||
return (uint16_t)(p - buf);
|
||||
}
|
||||
@@ -689,12 +702,12 @@ int puk_verify(const uint8_t *sig,
|
||||
uint16_t puk_len = 0;
|
||||
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
|
||||
if (!puk) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
uint16_t oid_len = 0;
|
||||
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
|
||||
if (!oid) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
|
||||
uint16_t t81_len = 0, t82_len = 0;
|
||||
@@ -703,7 +716,7 @@ int puk_verify(const uint8_t *sig,
|
||||
&t81_len,
|
||||
0x82);
|
||||
if (!t81 || !t82) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
mbedtls_rsa_context rsa;
|
||||
mbedtls_rsa_init(&rsa);
|
||||
@@ -731,32 +744,32 @@ int puk_verify(const uint8_t *sig,
|
||||
}
|
||||
if (md == MBEDTLS_MD_NONE) {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
int r = mbedtls_mpi_read_binary(&rsa.N, t81, t81_len);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
r = mbedtls_mpi_read_binary(&rsa.E, t82, t82_len);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
r = mbedtls_rsa_complete(&rsa);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
r = mbedtls_rsa_check_pubkey(&rsa);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(&rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
r = mbedtls_rsa_pkcs1_verify(&rsa, md, (unsigned int)hash_len, hash, sig);
|
||||
mbedtls_rsa_free(&rsa);
|
||||
if (r != 0) {
|
||||
return PICOKEY_WRONG_SIGNATURE;
|
||||
return CCID_WRONG_SIGNATURE;
|
||||
}
|
||||
}
|
||||
else if (memcmp(oid, OID_ID_TA_ECDSA, 9) == 0) { //ECC
|
||||
@@ -777,34 +790,34 @@ int puk_verify(const uint8_t *sig,
|
||||
md = MBEDTLS_MD_SHA512;
|
||||
}
|
||||
if (md == MBEDTLS_MD_NONE) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
uint16_t t86_len = 0;
|
||||
const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86);
|
||||
if (!t86) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
mbedtls_ecp_group_id ec_id = cvc_inherite_ec_group(ca, ca_len);
|
||||
if (ec_id == MBEDTLS_ECP_DP_NONE) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
mbedtls_ecdsa_context ecdsa;
|
||||
mbedtls_ecdsa_init(&ecdsa);
|
||||
int ret = mbedtls_ecp_group_load(&ecdsa.grp, ec_id);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
ret = mbedtls_ecp_point_read_binary(&ecdsa.grp, &ecdsa.Q, t86, t86_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
ret = mbedtls_ecp_check_pubkey(&ecdsa.grp, &ecdsa.Q);
|
||||
if (ret != 0) {
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
mbedtls_mpi r, s;
|
||||
mbedtls_mpi_init(&r);
|
||||
@@ -814,44 +827,44 @@ int puk_verify(const uint8_t *sig,
|
||||
mbedtls_mpi_free(&r);
|
||||
mbedtls_mpi_free(&s);
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
ret = mbedtls_mpi_read_binary(&s, sig + sig_len / 2, sig_len / 2);
|
||||
if (ret != 0) {
|
||||
mbedtls_mpi_free(&r);
|
||||
mbedtls_mpi_free(&s);
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
ret = mbedtls_ecdsa_verify(&ecdsa.grp, hash, hash_len, &ecdsa.Q, &r, &s);
|
||||
mbedtls_mpi_free(&r);
|
||||
mbedtls_mpi_free(&s);
|
||||
mbedtls_ecdsa_free(&ecdsa);
|
||||
if (ret != 0) {
|
||||
return PICOKEY_WRONG_SIGNATURE;
|
||||
return CCID_WRONG_SIGNATURE;
|
||||
}
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len) {
|
||||
uint16_t puk_len = 0;
|
||||
const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len);
|
||||
if (!puk) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
uint16_t oid_len = 0, cv_body_len = 0, sig_len = 0;
|
||||
const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6);
|
||||
const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len);
|
||||
const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len);
|
||||
if (!sig) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (!cv_body) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (!oid) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
mbedtls_md_type_t md = MBEDTLS_MD_NONE;
|
||||
if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA
|
||||
@@ -892,18 +905,18 @@ int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16
|
||||
}
|
||||
}
|
||||
if (md == MBEDTLS_MD_NONE) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md);
|
||||
uint8_t hash[64], hash_len = mbedtls_md_get_size(md_info);
|
||||
uint8_t tlv_body = 2 + format_tlv_len(cv_body_len, NULL);
|
||||
int r = mbedtls_md(md_info, cv_body - tlv_body, cv_body_len + tlv_body, hash);
|
||||
if (r != 0) {
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
r = puk_verify(sig, sig_len, hash, hash_len, ca, ca_len);
|
||||
if (r != 0) {
|
||||
return PICOKEY_WRONG_SIGNATURE;
|
||||
return CCID_WRONG_SIGNATURE;
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ file_t file_entries[] = {
|
||||
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
|
||||
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //retries PIN (SOPIN)
|
||||
/* 15 */ { .fid = EF_DEVOPS, .parent = 5, .name = NULL,
|
||||
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
|
||||
.type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
|
||||
.ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, //Device options
|
||||
/* 16 */ { .fid = EF_PRKDFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
|
||||
.data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, //EF.PrKDFs
|
||||
|
||||
294
src/hsm/kek.c
294
src/hsm/kek.c
@@ -29,7 +29,6 @@
|
||||
#include "mbedtls/ecdsa.h"
|
||||
#include "mbedtls/chachapoly.h"
|
||||
#include "files.h"
|
||||
#include "otp.h"
|
||||
|
||||
extern bool has_session_pin, has_session_sopin;
|
||||
extern uint8_t session_pin[32], session_sopin[32];
|
||||
@@ -50,17 +49,9 @@ uint32_t crc32c(const uint8_t *buf, size_t len) {
|
||||
return ~crc;
|
||||
}
|
||||
|
||||
void mkek_masked(uint8_t *mkek, const uint8_t *mask) {
|
||||
if (mask) {
|
||||
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
|
||||
MKEK_KEY(mkek)[i] ^= mask[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int load_mkek(uint8_t *mkek) {
|
||||
if (has_session_pin == false && has_session_sopin == false) {
|
||||
return PICOKEY_NO_LOGIN;
|
||||
return CCID_NO_LOGIN;
|
||||
}
|
||||
const uint8_t *pin = NULL;
|
||||
if (pin == NULL && has_session_pin == true) {
|
||||
@@ -78,24 +69,23 @@ int load_mkek(uint8_t *mkek) {
|
||||
}
|
||||
}
|
||||
if (pin == NULL) { //Should never happen
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
|
||||
if (has_mkek_mask) {
|
||||
mkek_masked(mkek, mkek_mask);
|
||||
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
|
||||
MKEK_KEY(mkek)[i] ^= mkek_mask[i];
|
||||
}
|
||||
}
|
||||
|
||||
int ret = aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
|
||||
int ret =
|
||||
aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
|
||||
if (ret != 0) {
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) {
|
||||
return PICOKEY_WRONG_DKEK;
|
||||
return CCID_WRONG_DKEK;
|
||||
}
|
||||
if (otp_key_1) {
|
||||
mkek_masked(mkek, otp_key_1);
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
mse_t mse = { .init = false };
|
||||
@@ -104,7 +94,14 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
|
||||
mbedtls_chachapoly_context chatx;
|
||||
mbedtls_chachapoly_init(&chatx);
|
||||
mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12);
|
||||
int ret = mbedtls_chachapoly_auth_decrypt(&chatx, len - 16, mse.key_enc, mse.Qpt, 65, data + len - 16, data, data);
|
||||
int ret = mbedtls_chachapoly_auth_decrypt(&chatx,
|
||||
len - 16,
|
||||
mse.key_enc,
|
||||
mse.Qpt,
|
||||
65,
|
||||
data + len - 16,
|
||||
data,
|
||||
data);
|
||||
mbedtls_chachapoly_free(&chatx);
|
||||
return ret;
|
||||
}
|
||||
@@ -112,7 +109,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
|
||||
int load_dkek(uint8_t id, uint8_t *dkek) {
|
||||
file_t *tf = search_file(EF_DKEK + id);
|
||||
if (!file_has_data(tf)) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
|
||||
return mkek_decrypt(dkek, DKEK_KEY_SIZE);
|
||||
@@ -124,7 +121,7 @@ void release_mkek(uint8_t *mkek) {
|
||||
|
||||
int store_mkek(const uint8_t *mkek) {
|
||||
if (has_session_pin == false && has_session_sopin == false) {
|
||||
return PICOKEY_NO_LOGIN;
|
||||
return CCID_NO_LOGIN;
|
||||
}
|
||||
uint8_t tmp_mkek[MKEK_SIZE];
|
||||
if (mkek == NULL) {
|
||||
@@ -134,9 +131,6 @@ int store_mkek(const uint8_t *mkek) {
|
||||
else {
|
||||
memcpy(tmp_mkek, mkek, MKEK_SIZE);
|
||||
}
|
||||
if (otp_key_1) {
|
||||
mkek_masked(tmp_mkek, otp_key_1);
|
||||
}
|
||||
*(uint32_t *) MKEK_CHECKSUM(tmp_mkek) = crc32c(MKEK_KEY(tmp_mkek), MKEK_KEY_SIZE);
|
||||
if (has_session_pin) {
|
||||
uint8_t tmp_mkek_pin[MKEK_SIZE];
|
||||
@@ -145,9 +139,12 @@ int store_mkek(const uint8_t *mkek) {
|
||||
if (!tf) {
|
||||
release_mkek(tmp_mkek);
|
||||
release_mkek(tmp_mkek_pin);
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
aes_encrypt_cfb_256(session_pin, MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
|
||||
aes_encrypt_cfb_256(session_pin,
|
||||
MKEK_IV(tmp_mkek_pin),
|
||||
MKEK_KEY(tmp_mkek_pin),
|
||||
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
|
||||
file_put_data(tf, tmp_mkek_pin, MKEK_SIZE);
|
||||
release_mkek(tmp_mkek_pin);
|
||||
}
|
||||
@@ -158,29 +155,32 @@ int store_mkek(const uint8_t *mkek) {
|
||||
if (!tf) {
|
||||
release_mkek(tmp_mkek);
|
||||
release_mkek(tmp_mkek_sopin);
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
aes_encrypt_cfb_256(session_sopin, MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
|
||||
aes_encrypt_cfb_256(session_sopin,
|
||||
MKEK_IV(tmp_mkek_sopin),
|
||||
MKEK_KEY(tmp_mkek_sopin),
|
||||
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
|
||||
file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE);
|
||||
release_mkek(tmp_mkek_sopin);
|
||||
}
|
||||
low_flash_available();
|
||||
release_mkek(tmp_mkek);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int store_dkek_key(uint8_t id, uint8_t *dkek) {
|
||||
file_t *tf = search_file(EF_DKEK + id);
|
||||
if (!tf) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
int r = mkek_encrypt(dkek, DKEK_KEY_SIZE);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
file_put_data(tf, dkek, DKEK_KEY_SIZE);
|
||||
low_flash_available();
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int save_dkek_key(uint8_t id, const uint8_t *key) {
|
||||
@@ -188,7 +188,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) {
|
||||
if (!key) {
|
||||
file_t *tf = search_file(EF_DKEK + id);
|
||||
if (!tf) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
memcpy(dkek, file_get_data(tf), DKEK_KEY_SIZE);
|
||||
}
|
||||
@@ -202,7 +202,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
|
||||
uint8_t tmp_dkek[DKEK_KEY_SIZE];
|
||||
file_t *tf = search_file(EF_DKEK + id);
|
||||
if (!tf) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
memset(tmp_dkek, 0, sizeof(tmp_dkek));
|
||||
if (file_get_size(tf) == DKEK_KEY_SIZE) {
|
||||
@@ -213,7 +213,7 @@ int import_dkek_share(uint8_t id, const uint8_t *share) {
|
||||
}
|
||||
file_put_data(tf, tmp_dkek, DKEK_KEY_SIZE);
|
||||
low_flash_available();
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
|
||||
@@ -221,45 +221,45 @@ int dkek_kcv(uint8_t id, uint8_t *kcv) { //kcv 8 bytes
|
||||
memset(kcv, 0, 8);
|
||||
memset(hsh, 0, sizeof(hsh));
|
||||
int r = load_dkek(id, dkek);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
hash256(dkek, DKEK_KEY_SIZE, hsh);
|
||||
mbedtls_platform_zeroize(dkek, sizeof(dkek));
|
||||
memcpy(kcv, hsh, 8);
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int dkek_kenc(uint8_t id, uint8_t *kenc) { //kenc 32 bytes
|
||||
uint8_t dkek[DKEK_KEY_SIZE + 4];
|
||||
memset(kenc, 0, 32);
|
||||
int r = load_dkek(id, dkek);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x1", 4);
|
||||
hash256(dkek, sizeof(dkek), kenc);
|
||||
mbedtls_platform_zeroize(dkek, sizeof(dkek));
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes
|
||||
uint8_t dkek[DKEK_KEY_SIZE + 4];
|
||||
memset(kmac, 0, 32);
|
||||
int r = load_dkek(id, dkek);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
memcpy(dkek + DKEK_KEY_SIZE, "\x0\x0\x0\x2", 4);
|
||||
hash256(dkek, DKEK_KEY_SIZE + 4, kmac);
|
||||
mbedtls_platform_zeroize(dkek, sizeof(dkek));
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int mkek_encrypt(uint8_t *data, uint16_t len) {
|
||||
int r;
|
||||
uint8_t mkek[MKEK_SIZE + 4];
|
||||
if ((r = load_mkek(mkek)) != PICOKEY_OK) {
|
||||
if ((r = load_mkek(mkek)) != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
r = aes_encrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
|
||||
@@ -270,7 +270,7 @@ int mkek_encrypt(uint8_t *data, uint16_t len) {
|
||||
int mkek_decrypt(uint8_t *data, uint16_t len) {
|
||||
int r;
|
||||
uint8_t mkek[MKEK_SIZE + 4];
|
||||
if ((r = load_mkek(mkek)) != PICOKEY_OK) {
|
||||
if ((r = load_mkek(mkek)) != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
r = aes_decrypt_cfb_256(MKEK_KEY(mkek), MKEK_IV(mkek), data, len);
|
||||
@@ -278,9 +278,15 @@ int mkek_decrypt(uint8_t *data, uint16_t len) {
|
||||
return r;
|
||||
}
|
||||
|
||||
int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint16_t *out_len, const uint8_t *allowed, uint16_t allowed_len) {
|
||||
int dkek_encode_key(uint8_t id,
|
||||
void *key_ctx,
|
||||
int key_type,
|
||||
uint8_t *out,
|
||||
uint16_t *out_len,
|
||||
const uint8_t *allowed,
|
||||
uint16_t allowed_len) {
|
||||
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
|
||||
@@ -292,21 +298,21 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
|
||||
uint8_t kenc[32];
|
||||
memset(kenc, 0, sizeof(kenc));
|
||||
r = dkek_kenc(id, kenc);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
uint8_t kcv[8];
|
||||
memset(kcv, 0, sizeof(kcv));
|
||||
r = dkek_kcv(id, kcv);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
uint8_t kmac[32];
|
||||
memset(kmac, 0, sizeof(kmac));
|
||||
r = dkek_kmac(id, kmac);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -325,13 +331,13 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
|
||||
}
|
||||
|
||||
if (kb_len != 16 && kb_len != 24 && kb_len != 32 && kb_len != 64) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (*out_len < 8 + 1 + 10 + 6 + (2 + 64 + 14) + 16) { // 14 bytes padding
|
||||
return PICOKEY_WRONG_LENGTH;
|
||||
return CCID_WRONG_LENGTH;
|
||||
}
|
||||
|
||||
put_uint16_t_be(kb_len, kb + 8);
|
||||
put_uint16_t(kb_len, kb + 8);
|
||||
memcpy(kb + 10, key_ctx, kb_len);
|
||||
kb_len += 2;
|
||||
|
||||
@@ -340,19 +346,19 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
|
||||
}
|
||||
else if (key_type & PICO_KEYS_KEY_RSA) {
|
||||
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) { //13 bytes pading
|
||||
return PICOKEY_WRONG_LENGTH;
|
||||
return CCID_WRONG_LENGTH;
|
||||
}
|
||||
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
|
||||
kb_len = 0;
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
|
||||
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D);
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N);
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E);
|
||||
|
||||
@@ -361,36 +367,46 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
|
||||
}
|
||||
else if (key_type & PICO_KEYS_KEY_EC) {
|
||||
if (*out_len < 8 + 1 + 12 + 6 + (8 + 2 * 8 + 9 * 66 + 2 + 4) + 16) { //4 bytes pading
|
||||
return PICOKEY_WRONG_LENGTH;
|
||||
return CCID_WRONG_LENGTH;
|
||||
}
|
||||
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
|
||||
kb_len = 0;
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len);
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A);
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B);
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P);
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
|
||||
|
||||
size_t olen = 0;
|
||||
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
|
||||
kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
|
||||
kb_len += (uint16_t)olen;
|
||||
mbedtls_ecp_point_write_binary(&ecdsa->grp,
|
||||
&ecdsa->grp.G,
|
||||
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
||||
&olen,
|
||||
kb + 8 + kb_len + 2,
|
||||
sizeof(kb) - 8 - kb_len - 2);
|
||||
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
|
||||
kb_len += 2 + (uint16_t)olen;
|
||||
|
||||
kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len);
|
||||
put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
|
||||
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
|
||||
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
|
||||
|
||||
mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
|
||||
kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
|
||||
kb_len += (uint16_t)olen;
|
||||
mbedtls_ecp_point_write_binary(&ecdsa->grp,
|
||||
&ecdsa->Q,
|
||||
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
||||
&olen,
|
||||
kb + 8 + kb_len + 2,
|
||||
sizeof(kb) - 8 - kb_len - 2);
|
||||
put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
|
||||
kb_len += 2 + (uint16_t)olen;
|
||||
|
||||
algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
|
||||
algo_len = 12;
|
||||
@@ -421,7 +437,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
|
||||
}
|
||||
|
||||
if (allowed && allowed_len > 0) {
|
||||
*out_len += put_uint16_t_be(allowed_len, out + *out_len);
|
||||
put_uint16_t(allowed_len, out + *out_len); *out_len += 2;
|
||||
memcpy(out + *out_len, allowed, allowed_len);
|
||||
*out_len += allowed_len;
|
||||
}
|
||||
@@ -442,20 +458,25 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
|
||||
kb[kb_len] = 0x80;
|
||||
}
|
||||
r = aes_encrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, kb_len_pad);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
memcpy(out + *out_len, kb, kb_len_pad);
|
||||
*out_len += kb_len_pad;
|
||||
|
||||
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, out, *out_len, out + *out_len);
|
||||
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB),
|
||||
kmac,
|
||||
256,
|
||||
out,
|
||||
*out_len,
|
||||
out + *out_len);
|
||||
|
||||
*out_len += 16;
|
||||
if (r != 0) {
|
||||
return r;
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int dkek_type_key(const uint8_t *in) {
|
||||
@@ -471,93 +492,104 @@ int dkek_type_key(const uint8_t *in) {
|
||||
return 0x0;
|
||||
}
|
||||
|
||||
int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_len, int *key_size_out, uint8_t **allowed, uint16_t *allowed_len) {
|
||||
int dkek_decode_key(uint8_t id,
|
||||
void *key_ctx,
|
||||
const uint8_t *in,
|
||||
uint16_t in_len,
|
||||
int *key_size_out,
|
||||
uint8_t **allowed,
|
||||
uint16_t *allowed_len) {
|
||||
uint8_t kcv[8];
|
||||
int r = 0;
|
||||
memset(kcv, 0, sizeof(kcv));
|
||||
r = dkek_kcv(id, kcv);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
uint8_t kmac[32];
|
||||
memset(kmac, 0, sizeof(kmac));
|
||||
r = dkek_kmac(id, kmac);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
uint8_t kenc[32];
|
||||
memset(kenc, 0, sizeof(kenc));
|
||||
r = dkek_kenc(id, kenc);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
if (memcmp(kcv, in, 8) != 0) {
|
||||
return PICOKEY_WRONG_DKEK;
|
||||
return CCID_WRONG_DKEK;
|
||||
}
|
||||
|
||||
uint8_t signature[16];
|
||||
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, in, in_len - 16, signature);
|
||||
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB),
|
||||
kmac,
|
||||
256,
|
||||
in,
|
||||
in_len - 16,
|
||||
signature);
|
||||
if (r != 0) {
|
||||
return PICOKEY_WRONG_SIGNATURE;
|
||||
return CCID_WRONG_SIGNATURE;
|
||||
}
|
||||
if (memcmp(signature, in + in_len - 16, 16) != 0) {
|
||||
return PICOKEY_WRONG_SIGNATURE;
|
||||
return CCID_WRONG_SIGNATURE;
|
||||
}
|
||||
|
||||
int key_type = in[8];
|
||||
if (key_type != 5 && key_type != 6 && key_type != 12 && key_type != 15) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
if ((key_type == 5 || key_type == 6) &&
|
||||
memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02", 12) != 0) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
if (key_type == 12 &&
|
||||
memcmp(in + 9, "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03", 12) != 0) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
if (key_type == 15 && memcmp(in + 9, "\x00\x08\x60\x86\x48\x01\x65\x03\x04\x01", 10) != 0) {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
uint16_t ofs = 9;
|
||||
|
||||
//OID
|
||||
uint16_t len = get_uint16_t_be(in + ofs);
|
||||
uint16_t len = get_uint16_t(in, ofs);
|
||||
ofs += len + 2;
|
||||
|
||||
//Allowed algorithms
|
||||
len = get_uint16_t_be(in + ofs);
|
||||
len = get_uint16_t(in, ofs);
|
||||
*allowed = (uint8_t *) (in + ofs + 2);
|
||||
*allowed_len = len;
|
||||
ofs += len + 2;
|
||||
|
||||
//Access conditions
|
||||
len = get_uint16_t_be(in + ofs);
|
||||
len = get_uint16_t(in, ofs);
|
||||
ofs += len + 2;
|
||||
|
||||
//Key OID
|
||||
len = get_uint16_t_be(in + ofs);
|
||||
len = get_uint16_t(in, ofs);
|
||||
ofs += len + 2;
|
||||
|
||||
if ((in_len - 16 - ofs) % 16 != 0) {
|
||||
return PICOKEY_WRONG_PADDING;
|
||||
return CCID_WRONG_PADDING;
|
||||
}
|
||||
uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding)
|
||||
memset(kb, 0, sizeof(kb));
|
||||
memcpy(kb, in + ofs, in_len - 16 - ofs);
|
||||
r = aes_decrypt(kenc, NULL, 256, PICO_KEYS_AES_MODE_CBC, kb, in_len - 16 - ofs);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
|
||||
int key_size = get_uint16_t_be(kb + 8);
|
||||
int key_size = get_uint16_t(kb, 8);
|
||||
if (key_size_out) {
|
||||
*key_size_out = key_size;
|
||||
}
|
||||
@@ -566,78 +598,78 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
|
||||
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
|
||||
mbedtls_rsa_init(rsa);
|
||||
if (key_type == 5) {
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
}
|
||||
else if (key_type == 6) {
|
||||
//DP-1
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
|
||||
//DQ-1
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
//PQ
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
//N
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
}
|
||||
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
|
||||
if (key_type == 5) {
|
||||
r = mbedtls_rsa_import(rsa, &rsa->N, NULL, NULL, &rsa->D, &rsa->E);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
}
|
||||
else if (key_type == 6) {
|
||||
r = mbedtls_rsa_import(rsa, NULL, &rsa->P, &rsa->Q, NULL, &rsa->E);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
r = mbedtls_rsa_complete(rsa);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
r = mbedtls_rsa_check_privkey(rsa);
|
||||
if (r != 0) {
|
||||
mbedtls_rsa_free(rsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
}
|
||||
else if (key_type == 12) {
|
||||
@@ -645,53 +677,65 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
|
||||
mbedtls_ecdsa_init(ecdsa);
|
||||
|
||||
//A
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
|
||||
//B
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
|
||||
//P
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
|
||||
if (ec_id == MBEDTLS_ECP_DP_NONE) {
|
||||
mbedtls_ecdsa_free(ecdsa);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
ofs += len;
|
||||
|
||||
//N
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += len + 2;
|
||||
|
||||
//G
|
||||
len = get_uint16_t_be(kb + ofs); ofs += len + 2;
|
||||
len = get_uint16_t(kb, ofs);
|
||||
if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) {
|
||||
ec_id = MBEDTLS_ECP_DP_ED25519;
|
||||
}
|
||||
else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) {
|
||||
ec_id = MBEDTLS_ECP_DP_ED448;
|
||||
}
|
||||
ofs += len + 2;
|
||||
|
||||
//d
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
ofs += len;
|
||||
|
||||
//Q
|
||||
len = get_uint16_t_be(kb + ofs); ofs += 2;
|
||||
len = get_uint16_t(kb, ofs); ofs += 2;
|
||||
r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
|
||||
if (r != 0) {
|
||||
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
|
||||
if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
|
||||
r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL);
|
||||
}
|
||||
else {
|
||||
r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
|
||||
}
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
}
|
||||
r = mbedtls_ecp_check_pub_priv(ecdsa, ecdsa, random_gen, NULL);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(ecdsa);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
}
|
||||
else if (key_type == 15) {
|
||||
memcpy(key_ctx, kb + ofs, key_size);
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
120
src/hsm/sc_hsm.c
120
src/hsm/sc_hsm.c
@@ -43,8 +43,6 @@ bool has_session_pin = false, has_session_sopin = false;
|
||||
const uint8_t *dev_name = NULL;
|
||||
uint16_t dev_name_len = 0;
|
||||
|
||||
uint8_t PICO_PRODUCT = 1;
|
||||
|
||||
static int sc_hsm_process_apdu();
|
||||
|
||||
static void init_sc_hsm();
|
||||
@@ -82,12 +80,11 @@ extern int cmd_bip_slip();
|
||||
|
||||
extern const uint8_t *ccid_atr;
|
||||
|
||||
int sc_hsm_select_aid(app_t *a, uint8_t force) {
|
||||
(void) force;
|
||||
int sc_hsm_select_aid(app_t *a) {
|
||||
a->process_apdu = sc_hsm_process_apdu;
|
||||
a->unload = sc_hsm_unload;
|
||||
init_sc_hsm();
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
INITIALIZER( sc_hsm_ctor ) {
|
||||
@@ -180,10 +177,10 @@ uint8_t puk_status[MAX_PUK];
|
||||
|
||||
int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
|
||||
if (data == NULL || data_len == 0) {
|
||||
return PICOKEY_ERR_NULL_PARAM;
|
||||
return CCID_ERR_NULL_PARAM;
|
||||
}
|
||||
if (puk_store_entries == MAX_PUK_STORE_ENTRIES) {
|
||||
return PICOKEY_ERR_MEMORY_FATAL;
|
||||
return CCID_ERR_MEMORY_FATAL;
|
||||
}
|
||||
|
||||
puk_store[puk_store_entries].copied = copy;
|
||||
@@ -207,17 +204,17 @@ int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) {
|
||||
&puk_store[puk_store_entries].puk_len);
|
||||
|
||||
puk_store_entries++;
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int puk_store_select_chr(const uint8_t *chr) {
|
||||
for (int i = 0; i < puk_store_entries; i++) {
|
||||
if (memcmp(puk_store[i].chr, chr, puk_store[i].chr_len) == 0) {
|
||||
current_puk = &puk_store[i];
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
}
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
|
||||
void reset_puk_store() {
|
||||
@@ -263,17 +260,19 @@ int sc_hsm_unload() {
|
||||
has_session_pin = has_session_sopin = false;
|
||||
isUserAuthenticated = false;
|
||||
sm_session_pin_len = 0;
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
uint16_t get_device_options() {
|
||||
file_t *ef = search_file(EF_DEVOPS);
|
||||
if (file_has_data(ef)) {
|
||||
return get_uint16_t_be(file_get_data(ef));
|
||||
return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1);
|
||||
}
|
||||
return 0x0;
|
||||
}
|
||||
|
||||
extern uint32_t board_button_read(void);
|
||||
|
||||
bool wait_button_pressed() {
|
||||
uint32_t val = EV_PRESS_BUTTON;
|
||||
#ifndef ENABLE_EMULATION
|
||||
@@ -336,16 +335,16 @@ int parse_ef_dir(const file_t *f, int mode) {
|
||||
|
||||
int pin_reset_retries(const file_t *pin, bool force) {
|
||||
if (!pin) {
|
||||
return PICOKEY_ERR_NULL_PARAM;
|
||||
return CCID_ERR_NULL_PARAM;
|
||||
}
|
||||
const file_t *max = search_file(pin->fid + 1);
|
||||
const file_t *act = search_file(pin->fid + 2);
|
||||
if (!max || !act) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
uint8_t retries = file_read_uint8(act);
|
||||
if (retries == 0 && force == false) { // blocked
|
||||
return PICOKEY_ERR_BLOCKED;
|
||||
return CCID_ERR_BLOCKED;
|
||||
}
|
||||
retries = file_read_uint8(max);
|
||||
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
|
||||
@@ -355,26 +354,26 @@ int pin_reset_retries(const file_t *pin, bool force) {
|
||||
|
||||
int pin_wrong_retry(const file_t *pin) {
|
||||
if (!pin) {
|
||||
return PICOKEY_ERR_NULL_PARAM;
|
||||
return CCID_ERR_NULL_PARAM;
|
||||
}
|
||||
const file_t *act = search_file(pin->fid + 2);
|
||||
if (!act) {
|
||||
return PICOKEY_ERR_FILE_NOT_FOUND;
|
||||
return CCID_ERR_FILE_NOT_FOUND;
|
||||
}
|
||||
uint8_t retries = file_read_uint8(act);
|
||||
if (retries > 0) {
|
||||
retries -= 1;
|
||||
int r = file_put_data((file_t *) act, &retries, sizeof(retries));
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
low_flash_available();
|
||||
if (retries == 0) {
|
||||
return PICOKEY_ERR_BLOCKED;
|
||||
return CCID_ERR_BLOCKED;
|
||||
}
|
||||
return retries;
|
||||
}
|
||||
return PICOKEY_ERR_BLOCKED;
|
||||
return CCID_ERR_BLOCKED;
|
||||
}
|
||||
|
||||
bool pka_enabled() {
|
||||
@@ -393,7 +392,7 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
|
||||
if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
|
||||
if (len == sm_session_pin_len && memcmp(data, sm_session_pin, len) != 0) {
|
||||
int retries;
|
||||
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
|
||||
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
|
||||
return SW_PIN_BLOCKED();
|
||||
}
|
||||
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
|
||||
@@ -407,17 +406,17 @@ uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) {
|
||||
}
|
||||
if (memcmp(file_get_data(pin) + 1, dhash, sizeof(dhash)) != 0) {
|
||||
int retries;
|
||||
if ((retries = pin_wrong_retry(pin)) < PICOKEY_OK) {
|
||||
if ((retries = pin_wrong_retry(pin)) < CCID_OK) {
|
||||
return SW_PIN_BLOCKED();
|
||||
}
|
||||
return set_res_sw(0x63, 0xc0 | (uint8_t)retries);
|
||||
}
|
||||
}
|
||||
int r = pin_reset_retries(pin, false);
|
||||
if (r == PICOKEY_ERR_BLOCKED) {
|
||||
if (r == CCID_ERR_BLOCKED) {
|
||||
return SW_PIN_BLOCKED();
|
||||
}
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_MEMORY_FAILURE();
|
||||
}
|
||||
if (pka_enabled() == false) {
|
||||
@@ -462,7 +461,7 @@ uint32_t get_key_counter(file_t *fkey) {
|
||||
uint16_t tag_len = 0;
|
||||
const uint8_t *meta_tag = get_meta_tag(fkey, 0x90, &tag_len);
|
||||
if (meta_tag) {
|
||||
return get_uint32_t_be(meta_tag);
|
||||
return (meta_tag[0] << 24) | (meta_tag[1] << 16) | (meta_tag[2] << 8) | meta_tag[3];
|
||||
}
|
||||
return 0xffffffff;
|
||||
}
|
||||
@@ -498,9 +497,14 @@ uint32_t decrement_key_counter(file_t *fkey) {
|
||||
asn1_ctx_init(meta_data, meta_size, &ctxi);
|
||||
while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
|
||||
if (tag == 0x90) { // ofset tag
|
||||
uint32_t val = get_uint32_t_be(tag_data);
|
||||
uint32_t val =
|
||||
(tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3];
|
||||
val--;
|
||||
put_uint32_t_be(val, tag_data);
|
||||
tag_data[0] = (val >> 24) & 0xff;
|
||||
tag_data[1] = (val >> 16) & 0xff;
|
||||
tag_data[2] = (val >> 8) & 0xff;
|
||||
tag_data[3] = val & 0xff;
|
||||
|
||||
int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size);
|
||||
free(cmeta);
|
||||
if (r != 0) {
|
||||
@@ -549,18 +553,18 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
|
||||
memcpy(kdata, key_ctx, key_size);
|
||||
}
|
||||
else {
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
file_t *fpk = file_new((KEY_PREFIX << 8) | key_id);
|
||||
if (!fpk) {
|
||||
return PICOKEY_ERR_MEMORY_FATAL;
|
||||
return CCID_ERR_MEMORY_FATAL;
|
||||
}
|
||||
r = mkek_encrypt(kdata, key_size);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
r = file_put_data(fpk, kdata, (uint16_t)key_size);
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return r;
|
||||
}
|
||||
char key_id_str[4] = {0};
|
||||
@@ -577,7 +581,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) {
|
||||
}
|
||||
}
|
||||
low_flash_available();
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int find_and_store_meta_key(uint8_t key_id) {
|
||||
@@ -611,81 +615,89 @@ int find_and_store_meta_key(uint8_t key_id) {
|
||||
int r = meta_add((KEY_PREFIX << 8) | key_id, meta, (uint16_t)meta_size);
|
||||
free(meta);
|
||||
if (r != 0) {
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
|
||||
if (wait_button_pressed() == true) { // timeout
|
||||
return PICOKEY_VERIFICATION_FAILED;
|
||||
return CCID_VERIFICATION_FAILED;
|
||||
}
|
||||
|
||||
uint16_t key_size = file_get_size(fkey);
|
||||
uint8_t kdata[4096 / 8];
|
||||
memcpy(kdata, file_get_data(fkey), key_size);
|
||||
if (mkek_decrypt(kdata, key_size) != 0) {
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
if (mbedtls_mpi_read_binary(&ctx->P, kdata, key_size / 2) != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_rsa_free(ctx);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (mbedtls_mpi_read_binary(&ctx->Q, kdata + key_size / 2, key_size / 2) != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_rsa_free(ctx);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (mbedtls_mpi_lset(&ctx->E, 0x10001) != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_rsa_free(ctx);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
if (mbedtls_rsa_import(ctx, NULL, &ctx->P, &ctx->Q, NULL, &ctx->E) != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_rsa_free(ctx);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (mbedtls_rsa_complete(ctx) != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_rsa_free(ctx);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
if (mbedtls_rsa_check_privkey(ctx) != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_rsa_free(ctx);
|
||||
return PICOKEY_WRONG_DATA;
|
||||
return CCID_WRONG_DATA;
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
return CCID_OK;
|
||||
}
|
||||
|
||||
int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
|
||||
int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
|
||||
if (wait_button_pressed() == true) { // timeout
|
||||
return PICOKEY_VERIFICATION_FAILED;
|
||||
return CCID_VERIFICATION_FAILED;
|
||||
}
|
||||
|
||||
uint16_t key_size = file_get_size(fkey);
|
||||
uint8_t kdata[67]; // Worst case, 521 bit + 1byte
|
||||
memcpy(kdata, file_get_data(fkey), key_size);
|
||||
if (mkek_decrypt(kdata, key_size) != 0) {
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
mbedtls_ecp_group_id gid = kdata[0];
|
||||
int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
|
||||
if (r != 0) {
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
mbedtls_ecdsa_free(ctx);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
mbedtls_ecp_keypair_free(ctx);
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
mbedtls_platform_zeroize(kdata, sizeof(kdata));
|
||||
r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
|
||||
if (r != 0) {
|
||||
mbedtls_ecdsa_free(ctx);
|
||||
return PICOKEY_EXEC_ERROR;
|
||||
if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
|
||||
r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
|
||||
}
|
||||
return PICOKEY_OK;
|
||||
else {
|
||||
r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
|
||||
}
|
||||
if (r != 0) {
|
||||
mbedtls_ecp_keypair_free(ctx);
|
||||
return CCID_EXEC_ERROR;
|
||||
}
|
||||
return CCID_OK;
|
||||
}
|
||||
int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
|
||||
return load_private_key_ec(ctx, fkey);
|
||||
}
|
||||
|
||||
#define INS_VERIFY 0x20
|
||||
@@ -751,7 +763,7 @@ static const cmd_t cmds[] = {
|
||||
|
||||
int sc_hsm_process_apdu() {
|
||||
int r = sm_unwrap();
|
||||
if (r != PICOKEY_OK) {
|
||||
if (r != CCID_OK) {
|
||||
return SW_DATA_INVALID();
|
||||
}
|
||||
for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {
|
||||
|
||||
@@ -32,9 +32,6 @@
|
||||
#include "file.h"
|
||||
#include "apdu.h"
|
||||
#include "pico_keys.h"
|
||||
#include "usb.h"
|
||||
|
||||
#define MAX_APDU_DATA (USB_BUFFER_SIZE - 20)
|
||||
|
||||
extern const uint8_t sc_hsm_aid[];
|
||||
|
||||
@@ -123,7 +120,8 @@ extern int delete_file(file_t *ef);
|
||||
extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len);
|
||||
extern bool key_has_purpose(file_t *ef, uint8_t purpose);
|
||||
extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
|
||||
extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);
|
||||
extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey);
|
||||
extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey);
|
||||
extern bool wait_button_pressed();
|
||||
extern int store_keys(void *key_ctx, int type, uint8_t key_id);
|
||||
extern int find_and_store_meta_key(uint8_t key_id);
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
#ifndef __VERSION_H_
|
||||
#define __VERSION_H_
|
||||
|
||||
#define HSM_VERSION 0x0504
|
||||
#define HSM_VERSION 0x0400
|
||||
|
||||
#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
|
||||
#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)
|
||||
|
||||
Binary file not shown.
@@ -24,7 +24,7 @@ def test_gen_initialize(device):
|
||||
device.initialize()
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448']
|
||||
"curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448']
|
||||
)
|
||||
def test_gen_ecc(device, curve):
|
||||
keyid = device.key_generation(KeyType.ECC, curve)
|
||||
|
||||
@@ -21,7 +21,7 @@ import pytest
|
||||
import hashlib
|
||||
import os
|
||||
from picohsm import DOPrefixes
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448, ed25519, ed448
|
||||
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
|
||||
from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
|
||||
from const import DEFAULT_DKEK
|
||||
@@ -70,6 +70,17 @@ def test_import_montgomery(device, curve):
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"curve", [ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey]
|
||||
)
|
||||
def test_import_edwards(device, curve):
|
||||
pkey = curve.generate()
|
||||
keyid = device.import_key(pkey)
|
||||
pubkey = device.public_key(keyid, param=curve)
|
||||
assert(pubkey.public_bytes(Encoding.Raw, PublicFormat.Raw) == pkey.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"size", [128, 192, 256]
|
||||
)
|
||||
|
||||
@@ -55,3 +55,12 @@ def test_signature_rsa(device, modulus, scheme):
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.verify(pubkey, data, signature, scheme)
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"curve", ['ed25519', 'ed448']
|
||||
)
|
||||
def test_signature_edwards(device, curve):
|
||||
keyid = device.key_generation(KeyType.ECC, curve)
|
||||
pubkey = device.public_key(keyid=keyid)
|
||||
signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data)
|
||||
device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
|
||||
device.verify(pubkey, data, signature)
|
||||
|
||||
@@ -27,7 +27,7 @@ from cvc import oid
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from picohsm import DOPrefixes, APDUResponse, SWCodes
|
||||
|
||||
KDM = unhexlify(b'30820420060B2B0601040181C31F0402016181ED7F2181E97F4E81A25F290100421045535049434F48534D434130303030317F494F060A04007F0007020202020386410421EE4A21C16A10F737F12E78E5091B266612038CDABEBB722B15BF6D41B877FBF64D9AB69C39B9831B1AE00BEF2A4E81976F7688D45189BB232A24703D8A96A55F201045535049434F48534D445630303030317F4C12060904007F000703010202530580000000005F25060202000801085F24060203000601045F37403F75C08FFFC9186B56E6147199E82BFC327CEEF72495BC567961CD54D702F13E3C2766FCD1D11BD6A9D1F4A229B76B248CEB9AF88D59A74D0AB149448705159B6281E97F2181E57F4E819E5F290100421045535049434F48534D445630303030317F494F060A04007F000702020202038641043359F5234CE62E0EB80460046D8FD1AAE018CC8B9E687B40AA2C047E352409B45153D1AD888E4E7E780A3B1FA8C69CA8998BD271C8849137149142E96816A5A45F201045535049434F48534D54524A5A58314A7F4C0E060904007F0007030102025301005F25060205000100085F24060206000100085F374016F155B01CDE7FB902C8A631FCB6938458CB570EAB088DEFE1FFACD3AEFF069020256EECCF8E962461534ED682DB87BB9801E25556F87BF524385C536D19A7D1638201F1678201ED7F218201937F4E82014B5F290100421045535049434F48534D54524A5A58314A7F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A786410443F0BAB3EB271E1B762BDB81C2CC10C21CF9E8A73241B86C9552614A8842DA00A556C20BC4250C275981FE196F8D2E8766DE06C609BA07AC3E6E1468EAC451408701015F201045535049434F48534D54524A5A58314A5F37402E79A552EA5ABE1B4244841CC55515F31CACFE9B3E0A3FC3FC178DFD5ED6ADC67E03FCC65C24A8A65658768A1A522F372E9897B87058E453A647FC58E089D30D421045535049434F48534D54524A5A58314A5F37400B54434EF57C6DD55D26B44F63940E9F15C10FBC8FC013528F76ACF917D74EF41D635D630F778862ADBD3EE8574F4ABC28B9A6044DFCB9C30D83C1A4DBE6437054400964DBAED86825DBA4E5BCEFF66DAF5739A71D4B2677FB1F53ABA23B3D1D1A686A06478C3CF7FF797FE7C8A4D090D881319BD15AABE709D3EA74A48C88E4387F')
|
||||
KDM = unhexlify(b'30820420060b2b0601040181c31f0402016181ed7f2181e97f4e81a25f290100421045535049434f48534d434130303030317f494f060a04007f0007020202020386410421ee4a21c16a10f737f12e78e5091b266612038cdabebb722b15bf6d41b877fbf64d9ab69c39b9831b1ae00bef2a4e81976f7688d45189bb232a24703d8a96a55f201045535049434f48534d445630303030317f4c12060904007f000703010202530580000000005f25060202000801085f24060203000601045f37403f75c08fffc9186b56e6147199e82bfc327ceef72495bc567961cd54d702f13e3c2766fcd1d11bd6a9d1f4a229b76b248ceb9af88d59a74d0ab149448705159b6281e97f2181e57f4e819e5f290100421045535049434f48534d445630303030317f494f060a04007f00070202020203864104c8561b41e54fea81bb80dd4a6d537e7c3904344e8ca90bc5f668111811e02c8d5d51ca93ca89558f2a8a9cbb147434e3441ec174505ff980fd7a7106286196915f201045535049434f48534d54524a444736387f4c0e060904007f0007030102025301005f25060203000300065f24060204000300055f3740983de63d0975b715ebd8a93cb38fa9638882c8b7064d51a6facabed693b92edc098e458b713203413ef6de0958c44772cbdbc264205c7b1bdb8b4fcb2516437f638201f1678201ed7f218201937f4e82014b5f290100421045535049434f48534d54524a444736387f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641048b1f450912a2e4d428b7eefc5fa05618a9ef295e90009a61cbb0970181b333474ea94f94cde5a11aba0589e85d4225002789ff1cdcf25756f059647b49fc2a158701015f201045535049434f48534d54524a444736385f3740372407c20de7257c89dae1e6606c8a046ca65efaa010c0a22b75c402ee243de51f5f1507457193679ed9db4fbbfe8efb9d695b684492b665ad8ba98c1f84ea38421045535049434f48534d54524a444736385f374098718e2e14a44386b689b71a101530316b65ab49a91bab0dd56099c5161ecb8aadff6cf27449f94034e58b7306f01e6ffa2766a2f5bb1281e12e5f1f9174733454400cf8926ca5bec9a91bcd47bf391c15d94ef6e3243d5fd1fffeaafd586766bc3221eafd808f17f8450f238cc1fe7ab1854443db31d622f53a2b3fdb3ad750d5ce')
|
||||
|
||||
def test_initialize(device):
|
||||
device.initialize(key_domains=1)
|
||||
|
||||
@@ -37,7 +37,7 @@ gen_and_delete() {
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
}
|
||||
reset() {
|
||||
python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent --no-dev-cert > /dev/null 2>&1
|
||||
python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent > /dev/null 2>&1
|
||||
test $? -eq 0 || exit $?
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ test $? -eq 0 && echo -n "." || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
grep -q "334 tests performed" <<< $e && echo -n "." || {
|
||||
grep -q "338 tests performed" <<< $e && echo -n "." || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
94
tools/pico-hsm-patch-vidpid.sh
Executable file
94
tools/pico-hsm-patch-vidpid.sh
Executable file
@@ -0,0 +1,94 @@
|
||||
#!/bin/bash
|
||||
|
||||
#
|
||||
# This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
|
||||
# Copyright (c) 2022 Pol Henarejos.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, version 3.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
VERSION_MAJOR="6" #Version of Pico Keys SDK
|
||||
VERSION_MINOR="0"
|
||||
|
||||
echo "----------------------------"
|
||||
echo "VID/PID patcher for Pico HSM"
|
||||
echo "----------------------------"
|
||||
echo ""
|
||||
|
||||
if [ "$#" -le 0 ]; then
|
||||
echo "Usage: $0 VID:PID [input_uf2_file] [output_uf2_file]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
IFS=':' read -r -a ARR <<< "$1"
|
||||
|
||||
if [ ${#ARR[@]} -ne 2 ]; then
|
||||
echo "ERROR: Specify vendor and product ids as VID:PID (e.g., $0 CAFE:1234)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VID=${ARR[0]}
|
||||
PID=${ARR[1]}
|
||||
|
||||
if [ ${#VID} -ne 4 ]; then
|
||||
echo "ERROR: VID length must be 4 hexadecimal characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ${#PID} -ne 4 ]; then
|
||||
echo "ERROR: PID length must be 4 hexadecimal characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [[ $VID =~ ^[0-9A-Fa-f]{1,}$ ]] ; then
|
||||
echo "ERROR: VID must contain hexadecimal characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [[ $PID =~ ^[0-9A-Fa-f]{1,}$ ]] ; then
|
||||
echo "ERROR: PID must contain hexadecimal characters"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
UF2_FILE_IF="hsm2040.uf2"
|
||||
UF2_FILE_OF="$UF2_FILE_IF"
|
||||
|
||||
if [ "$#" -ge 2 ]; then
|
||||
UF2_FILE_IF="$2"
|
||||
UF2_FILE_OF="$UF2_FILE_IF"
|
||||
fi
|
||||
|
||||
if [ "$#" -ge 3 ]; then
|
||||
UF2_FILE_OF="$3"
|
||||
fi
|
||||
|
||||
|
||||
echo -n "Patching ${UF2_FILE_IF}... "
|
||||
|
||||
if [[ ! -f "$UF2_FILE_IF" ]]; then
|
||||
echo "ERROR: UF2 file ${UF2_FILE_IF} does not exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$UF2_FILE_IF" != "$UF2_FILE_OF" ]; then
|
||||
cp -R $UF2_FILE_IF $UF2_FILE_OF
|
||||
fi
|
||||
|
||||
LITTLE_VID="\x${VID:2:2}\x${VID:0:2}"
|
||||
LITTLE_PID="\x${PID:2:2}\x${PID:0:2}"
|
||||
|
||||
perl -pi -e "s/\xff\xfe\xfd\xfc\x$VERSION_MINOR\x$VERSION_MAJOR\x01\x02\x03\x01/$LITTLE_VID$LITTLE_PID\x$VERSION_MINOR\x$VERSION_MAJOR\x01\x02\x03\x01/" $UF2_FILE_OF
|
||||
|
||||
echo "Done!"
|
||||
echo ""
|
||||
echo "Patched file was saved in ${UF2_FILE_OF}"
|
||||
@@ -39,7 +39,7 @@ except ModuleNotFoundError:
|
||||
sys.exit(-1)
|
||||
|
||||
try:
|
||||
from picohsm import PicoHSM, PinType, DOPrefixes, KeyType, EncryptionMode, utils, APDUResponse, SWCodes, AES, Platform
|
||||
from picohsm import PicoHSM, PinType, DOPrefixes, KeyType, EncryptionMode, utils, APDUResponse, SWCodes, AES
|
||||
except ModuleNotFoundError:
|
||||
print('ERROR: picohsm module not found! Install picohsm package.\nTry with `pip install pypicohsm`')
|
||||
sys.exit(-1)
|
||||
@@ -57,8 +57,6 @@ from argparse import RawTextHelpFormatter
|
||||
|
||||
pin = None
|
||||
|
||||
BOOTKEY = [225, 209, 107, 167, 100, 171, 215, 18, 212, 239, 110, 62, 221, 116, 78, 213, 99, 140, 38, 11, 119, 28, 249, 129, 81, 17, 11, 175, 172, 155, 200, 113]
|
||||
|
||||
def hexy(a):
|
||||
return [hex(i) for i in a]
|
||||
|
||||
@@ -69,7 +67,6 @@ def parse_args():
|
||||
parser.add_argument('--pin', help='PIN number')
|
||||
parser_init.add_argument('--so-pin', help='SO-PIN number')
|
||||
parser_init.add_argument('--silent', help='Confirms initialization silently.', action='store_true')
|
||||
parser_init.add_argument('--no-dev-cert', help='Do not request a device certificate (it will use a self-signed certificate). Do not use if attestation is needed.', action='store_true', default=False)
|
||||
|
||||
parser_attestate = subparser.add_parser('attestate', help='Generates an attestation report for a private key and verifies the private key was generated in the devices or outside.')
|
||||
parser_attestate.add_argument('-k', '--key', help='The private key index', metavar='KEY_ID')
|
||||
@@ -97,15 +94,11 @@ def parse_args():
|
||||
parser_phy = subparser.add_parser('phy', help='Set PHY options.')
|
||||
subparser_phy = parser_phy.add_subparsers(title='commands', dest='subcommand', required=True)
|
||||
parser_phy_vp = subparser_phy.add_parser('vidpid', help='Sets VID/PID. Use VID:PID format (e.g. 1234:5678)')
|
||||
parser_phy_ledn = subparser_phy.add_parser('led_gpio', help='Sets LED GPIO number.')
|
||||
parser_phy_ledn = subparser_phy.add_parser('led', help='Sets LED GPIO number.')
|
||||
parser_phy_optwcid = subparser_phy.add_parser('wcid', help='Enable/Disable Web CCID interface.')
|
||||
parser_phy_vp.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?')
|
||||
parser_phy_ledn.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?')
|
||||
parser_phy_optwcid.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable Web CCID interface.', nargs='?')
|
||||
parser_phy_ledbtness = subparser_phy.add_parser('led_brightness', help='Sets LED max. brightness.')
|
||||
parser_phy_ledbtness.add_argument('value', help='Value of the max. brightness.', metavar='VAL', nargs='?')
|
||||
parser_phy_optdimm = subparser_phy.add_parser('led_dimmable', help='Enable/Disable LED dimming.')
|
||||
parser_phy_optdimm.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable LED dimming.', nargs='?')
|
||||
|
||||
parser_secure = subparser.add_parser('secure', help='Manages security of Pico HSM.')
|
||||
subparser_secure = parser_secure.add_subparsers(title='commands', dest='subcommand', required=True)
|
||||
@@ -138,21 +131,10 @@ def parse_args():
|
||||
parser_keygen = subparser.add_parser('keygen', help='Generates private keypair or secret key.')
|
||||
subparser_keygen = parser_keygen.add_subparsers(title='commands', dest='subcommand', required=True)
|
||||
parser_keygen_aes = subparser_keygen.add_parser('aes', help='Generates an AES key.')
|
||||
parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]', choices=[128, 192, 256], default=128, type=int)
|
||||
parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]',choices=[128, 192, 256], default=128)
|
||||
parser_keygen_x25519 = subparser_keygen.add_parser('x25519', help='Generates a private X25519 keypair.')
|
||||
parser_keygen_x448 = subparser_keygen.add_parser('x448', help='Generates a private X448 keypair.')
|
||||
|
||||
parser_otp = subparser.add_parser('otp', help='Read/write OTP values.')
|
||||
parser_otp.add_argument('subcommand', choices=['read', 'write', 'secure_boot'], help='Read, write or enable Secure Boot', nargs='?')
|
||||
parser_otp.add_argument('--row', help='OTP row (in HEX)', required='write' in sys.argv or 'read' in sys.argv)
|
||||
parser_otp.add_argument('-d', '--data', help='Data to write (in HEX) [e.g. 0011223344556677889900AABBCCDDEEFF]', required='write' in sys.argv)
|
||||
parser_otp.add_argument('--lock', help='Lock & protect (no other firmwares can be loaded)', action='store_true')
|
||||
parser_otp.add_argument('--index', help='Bootkey index [0-3]', type=int, default=0, choices=[0, 1, 2, 3])
|
||||
|
||||
parser_reboot = subparser.add_parser('reboot', help='Reboots the Pico HSM.')
|
||||
|
||||
parser_memory = subparser.add_parser('memory', help='Get memory usage.')
|
||||
|
||||
args = parser.parse_args()
|
||||
return args
|
||||
|
||||
@@ -222,28 +204,24 @@ def initialize(picohsm, args):
|
||||
so_pin = '57621880'
|
||||
|
||||
picohsm.initialize(pin=pin, sopin=so_pin)
|
||||
if (not args.no_dev_cert):
|
||||
response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
|
||||
response = picohsm.get_contents(DOPrefixes.EE_CERTIFICATE_PREFIX, 0x00)
|
||||
|
||||
cert = bytearray(response)
|
||||
Y = CVC().decode(cert).pubkey().find(0x86).data()
|
||||
print(f'Public Point: {hexlify(Y).decode()}')
|
||||
cert = bytearray(response)
|
||||
Y = CVC().decode(cert).pubkey().find(0x86).data()
|
||||
print(f'Public Point: {hexlify(Y).decode()}')
|
||||
|
||||
pbk = base64.urlsafe_b64encode(Y)
|
||||
params = {'pubkey': pbk}
|
||||
if (picohsm.platform in (Platform.RP2350, Platform.ESP32)):
|
||||
params['curve'] = 'secp256k1'
|
||||
data = urllib.parse.urlencode(params).encode()
|
||||
j = get_pki_data('cvc', data=data)
|
||||
print('Device name: '+j['devname'])
|
||||
dataef = base64.urlsafe_b64decode(
|
||||
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
|
||||
pbk = base64.urlsafe_b64encode(Y)
|
||||
data = urllib.parse.urlencode({'pubkey': pbk}).encode()
|
||||
j = get_pki_data('cvc', data=data)
|
||||
print('Device name: '+j['devname'])
|
||||
dataef = base64.urlsafe_b64decode(
|
||||
j['cvcert']) + base64.urlsafe_b64decode(j['dvcert']) + base64.urlsafe_b64decode(j['cacert'])
|
||||
|
||||
picohsm.select_file(0x2f02)
|
||||
response = picohsm.put_contents(0x0000, data=dataef)
|
||||
picohsm.select_file(0x2f02)
|
||||
response = picohsm.put_contents(0x0000, data=dataef)
|
||||
|
||||
print('Certificate uploaded successfully!')
|
||||
print('')
|
||||
print('Certificate uploaded successfully!')
|
||||
print('')
|
||||
print('Note that the device is initialized with a default PIN and '
|
||||
'configuration.')
|
||||
print('Now you can initialize the device as usual with your chosen PIN '
|
||||
@@ -371,7 +349,7 @@ class SecureLock:
|
||||
|
||||
def disable_device_aut(self):
|
||||
ct = self.get_skey()
|
||||
self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x04, data=list(ct))
|
||||
self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x04, p3=list(ct))
|
||||
|
||||
def secure(picohsm, args):
|
||||
slck = SecureLock(picohsm)
|
||||
@@ -482,15 +460,10 @@ def phy(picohsm, args):
|
||||
sp = val.split(':')
|
||||
if (len(sp) != 2):
|
||||
print('ERROR: VID/PID have wrong format. Use VID:PID format (e.g. 1234:5678)')
|
||||
return
|
||||
val = int(sp[0],16).to_bytes(2, 'big') + int(sp[1],16).to_bytes(2, 'big')
|
||||
elif (args.subcommand in ['led_gpio', 'led_brightness']):
|
||||
if (args.subcommand == 'led_brightness'):
|
||||
if (int(val) > 15 or int(val) < 0):
|
||||
print('ERROR: LED brightness must be between 0 and 15.')
|
||||
return
|
||||
elif (args.subcommand == 'led'):
|
||||
val = [int(val)]
|
||||
elif (args.subcommand in ['wcid', 'led_dimmable']):
|
||||
elif (args.subcommand == 'wcid'):
|
||||
val = val == 'enable'
|
||||
ret = picohsm.phy(args.subcommand, val)
|
||||
if (ret):
|
||||
@@ -498,33 +471,8 @@ def phy(picohsm, args):
|
||||
else:
|
||||
print('Command executed successfully. Please, restart your Pico Key.')
|
||||
|
||||
def otp(picohsm, args):
|
||||
if (args.subcommand == 'read'):
|
||||
row = int(args.row, 16)
|
||||
ret = picohsm.otp(row=row)
|
||||
print(f'OTP row {args.row}: {hexlify(ret).decode()}')
|
||||
elif (args.subcommand == 'write'):
|
||||
row = int(args.row, 16)
|
||||
data = unhexlify(args.data)
|
||||
picohsm.otp(row=row, data=data)
|
||||
print(f'OTP row {args.row} written successfully.')
|
||||
elif (args.subcommand == 'secure_boot'):
|
||||
picohsm.secure_boot(BOOTKEY, bootkey_index=args.index, lock=args.lock)
|
||||
|
||||
def reboot(picohsm, args):
|
||||
picohsm.reboot()
|
||||
|
||||
def memory(picohsm, args):
|
||||
mem = picohsm.memory()
|
||||
print(f'Memory usage:')
|
||||
print(f'\tFree: {mem["free"]/1024:.2f} kilobytes ({mem["free"]*100/mem["total"]:.2f}%)')
|
||||
print(f'\tUsed: {mem["used"]/1024:.2f} kilobytes ({mem["used"]*100/mem["total"]:.2f}%)')
|
||||
print(f'\tTotal: {mem["total"]/1024:.2f} kilobytes')
|
||||
print(f'\tFlash size: {mem["size"]/1024:.2f} kilobytes')
|
||||
print(f'\tFiles: {mem["files"]}')
|
||||
|
||||
def main(args):
|
||||
sys.stderr.buffer.write(b'Pico HSM Tool v2.2\n')
|
||||
sys.stderr.buffer.write(b'Pico HSM Tool v1.14\n')
|
||||
sys.stderr.buffer.write(b'Author: Pol Henarejos\n')
|
||||
sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n')
|
||||
sys.stderr.buffer.write(b'\n\n')
|
||||
@@ -551,12 +499,7 @@ def main(args):
|
||||
keygen(picohsm, args)
|
||||
elif (args.command == 'phy'):
|
||||
phy(picohsm, args)
|
||||
elif (args.command == 'otp'):
|
||||
otp(picohsm, args)
|
||||
elif (args.command == 'reboot'):
|
||||
reboot(picohsm, args)
|
||||
elif (args.command == 'memory'):
|
||||
memory(picohsm, args)
|
||||
|
||||
|
||||
def run():
|
||||
args = parse_args()
|
||||
|
||||
@@ -2,54 +2,16 @@
|
||||
|
||||
git submodule update --init --recursive
|
||||
sudo apt update
|
||||
|
||||
if [[ $1 == "pico" ]]; then
|
||||
sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib
|
||||
git clone https://github.com/raspberrypi/pico-sdk
|
||||
cd pico-sdk
|
||||
git checkout tags/2.1.1
|
||||
git submodule update --init
|
||||
cd ..
|
||||
git clone https://github.com/raspberrypi/picotool
|
||||
cd picotool
|
||||
git submodule update --init
|
||||
mkdir build
|
||||
cd build
|
||||
cmake -DPICO_SDK_PATH=../../pico-sdk ..
|
||||
make -j`nproc`
|
||||
sudo make install
|
||||
cd ../..
|
||||
mkdir build_pico
|
||||
cd build_pico
|
||||
if [[ $1 == "pico" ]]; then
|
||||
cmake -DPICO_SDK_PATH=../pico-sdk ..
|
||||
make
|
||||
cd ..
|
||||
elif [[ $1 == "esp32" ]]; then
|
||||
sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0
|
||||
git clone --recursive https://github.com/espressif/esp-idf.git
|
||||
cd esp-idf
|
||||
./install.sh esp32s3
|
||||
. ./export.sh
|
||||
cd ..
|
||||
idf.py set-target esp32s3
|
||||
idf.py all
|
||||
mkdir -p release
|
||||
cd build
|
||||
esptool.py --chip ESP32-S3 merge_bin -o ../release/pico_hsm_esp32-s3.bin @flash_args
|
||||
cd ..
|
||||
cd esp-idf
|
||||
./install.sh esp32s2
|
||||
. ./export.sh
|
||||
cd ..
|
||||
idf.py set-target esp32s2
|
||||
idf.py all
|
||||
mkdir -p release
|
||||
cd build
|
||||
esptool.py --chip ESP32-S2 merge_bin -o ../release/pico_hsm_esp32-s2.bin @flash_args
|
||||
cd ..
|
||||
else
|
||||
mkdir build
|
||||
cd build
|
||||
cmake -DENABLE_EMULATION=1 ..
|
||||
make
|
||||
fi
|
||||
make
|
||||
|
||||
Reference in New Issue
Block a user