pico-hsm

dearsky/pico-hsm

Fork 0

Commit Graph

Select branches

Hide Pull Requests

Styne13/feature/hsm_label

ajkrj/patch-1

development

gris-gris/fix-autobuild

krlnokrl/master

master

#10

#102

#108

#124

#124

#127

#127

#128

#128

#130

#130

#2

#40

#43

#52

nightly-development

nightly-master

v1.0

v1.10

v1.12

v1.2

v1.4

v1.6

v1.8

v2.0

v2.2

v2.4

v2.6

v3.0

v3.2

v3.4

v3.6

v3.6-eddsa1

v4.0

v4.0-eddsa1

v4.2

v4.2-eddsa1

v5.0

v5.0-eddsa1

v5.2

v5.4

v5.4-eddsa1

v5.6

v6.0

v6.0-eddsa1

v6.2

v6.4

df15a27ceb Removing mbedtls submodule Pol Henarejos 2022-04-19 19:38:42 +02:00
5f4aafed37 Introducing version 2.0 with the following enhancements: - Added Secure Messaging. - Added Session PIN. - Added tool to burn CVCerts onto the firmware, like a PKI. Pol Henarejos 2022-04-19 19:25:43 +02:00
86298f3421 Upgrading to version 2.0. v2.0 Pol Henarejos 2022-04-19 19:24:10 +02:00
77971ac7e6 Using MBEDTLS from pico ccid. Pol Henarejos 2022-04-19 19:19:16 +02:00
302f287967 Moving EAC and crypto to core. Pol Henarejos 2022-04-19 19:16:29 +02:00
b9c08d72c4 Update .gitmodules Pol Henarejos 2022-04-19 18:42:48 +02:00
522860f736 Splitting the core onto another repo, which can be reused by other smart applications. Pol Henarejos 2022-04-19 18:39:52 +02:00
b09fc75913 CVCert is burn only if it does not exist. This check is only executed for first configuration. Pol Henarejos 2022-04-14 18:31:39 +02:00
1b010c8a68 Specifying POST method Pol Henarejos 2022-04-14 17:11:51 +02:00
e2f424d4ab No more in the repo Pol Henarejos 2022-04-14 01:06:50 +02:00
b9fb224d62 Adding a tool to burn device CVC. It generates a new keypair and sends the public key to Pico HSM CA, which signs the request. The certificate, CA and private key are burned onto the firmware. Pol Henarejos 2022-04-14 01:03:03 +02:00
69e869852e Rewritten keypair_gen response (more friendly). Pol Henarejos 2022-04-13 19:03:33 +02:00
618966b742 Sanity check for keypair gen. Pol Henarejos 2022-04-13 18:49:13 +02:00
b68920ff45 Added walker function for TLV parsing. Pol Henarejos 2022-04-13 16:55:34 +02:00
9dfe0ee7b3 Clear session pin on unload and new session. Pol Henarejos 2022-04-13 14:25:44 +02:00
da6c578973 Fix tag_len computation for all TLV. Pol Henarejos 2022-04-13 14:14:06 +02:00
49d9ec7cf9 Session pin is randomized. Pol Henarejos 2022-04-13 14:12:14 +02:00
af07f1d549 Added INS for session pin generation (needs randomization). Pol Henarejos 2022-04-11 19:47:43 +02:00
db5f5fd435 When working with SM, wrap() manipulates res_APDU. Thus, we cannot change the pointer of res_APDU anymore. Everything must be memcpy-ed. Pol Henarejos 2022-04-11 15:11:42 +02:00
7232625bab Merge branch 'master' into eac Pol Henarejos 2022-04-11 15:09:33 +02:00
1557a4a039 Fix when generating keypair, which could produce wrong flash save in particular cases of concurrency. Pol Henarejos 2022-04-11 15:09:20 +02:00
b61575bbc3 Adding some mutex to improve concurrency. Pol Henarejos 2022-04-11 15:08:10 +02:00
3781777138 Adding some kind of permanent flash memory that does not wipe out when initializing. Pol Henarejos 2022-04-11 11:37:41 +02:00
2f1f8e0c90 Fix parsing TLV in signatures. Pol Henarejos 2022-04-11 01:44:18 +02:00
c4c2bf86ba Fix response APDU in secure channel. Pol Henarejos 2022-04-11 01:38:15 +02:00
f26668b81d Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. Pol Henarejos 2022-04-11 01:16:20 +02:00
964af6a064 Adding wrap() to encrypt and sign response APDU. Pol Henarejos 2022-04-10 20:58:54 +02:00
c3a93a46ba Adding unwrap(), to decrypt and verify secure APDU. Pol Henarejos 2022-04-10 20:23:36 +02:00
57d593561a Moving all SM stuff to EAC. Pol Henarejos 2022-04-10 19:00:52 +02:00
c098d80524 Adding private key of termca. It is the worst thing I can do, but first I need to develop the secure channel, which uses the private key of device. Later, I will figure out how to generate the private key and certificate during initialization, but it will be difficult, as it needs to be signed by the CA. Pol Henarejos 2022-04-10 01:55:57 +02:00
6c892af9f1 Adding authentication command. Not finished. Needs lot of work. Pol Henarejos 2022-04-09 23:44:45 +02:00
b545a1618b Added Manage Security Environment command. Pol Henarejos 2022-04-09 20:50:00 +02:00
dec3d54ddd Adding more SW codes. Pol Henarejos 2022-04-09 20:29:13 +02:00
ce4d0bf102 INS 54h is also occupied too... let's try with 64h. Pol Henarejos 2022-04-08 00:38:03 +02:00
4e6bada892 Fix first AID load. Pol Henarejos 2022-04-08 00:29:15 +02:00
98ad2e3d55 Fix returning card data when selected AID. Pol Henarejos 2022-04-07 23:32:56 +02:00
e686b42934 Merge branch 'master' into eac Pol Henarejos 2022-04-07 18:34:40 +02:00
239e01c3f8 Update extra_command.md v1.12 Pol Henarejos 2022-04-07 18:34:14 +02:00
0d839c3136 Merge branch 'master' into eac Pol Henarejos 2022-04-07 18:32:49 +02:00
4a57698173 Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). Pol Henarejos 2022-04-07 18:32:31 +02:00
cc3bfad00a Merge branch 'master' into eac Pol Henarejos 2022-04-07 18:18:50 +02:00
468051288c Upgrading to version 1.12. Pol Henarejos 2022-04-06 19:16:28 +02:00
565ea12d88 Added dynamic option to enable/disable press to confirm. Pol Henarejos 2022-04-06 15:14:23 +02:00
1c7ef50568 Added custom INS (named EXTRAS) to support different extra commands. At this moment: - 0xA: gets/sets the datetime. - 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available. Pol Henarejos 2022-04-06 14:41:09 +02:00
878eae9787 Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. Pol Henarejos 2022-04-06 14:38:22 +02:00
24b1d6807b Added support for reading binary data. Pol Henarejos 2022-04-05 18:07:20 +02:00
6bc081a1e1 Added support to write arbitrary data EF. Pol Henarejos 2022-04-05 17:28:22 +02:00
afb16fff65 Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. Pol Henarejos 2022-04-04 22:00:29 +02:00
cf81a82645 Added a new custom APDU (88h) for setting and retrieving datetime. Pol Henarejos 2022-04-04 15:48:04 +02:00
dc820a60ae Fixed class with USB-ICC specs, for legacy reasons. Pol Henarejos 2022-04-04 15:46:53 +02:00
c57cc139f6 Update README.md Pol Henarejos 2022-04-07 00:10:09 +02:00
79426f35cd Update extra_command.md Pol Henarejos 2022-04-07 00:06:44 +02:00
502a7ba81c Create store_data.md Pol Henarejos 2022-04-06 23:56:29 +02:00
deef209687 Update README.md Pol Henarejos 2022-04-06 19:52:10 +02:00
bb09f212d2 Create extra_command.md Pol Henarejos 2022-04-06 19:51:05 +02:00
1e6556ebdd Upgrading to version 1.12. Pol Henarejos 2022-04-06 19:16:28 +02:00
cfd86df45e Update README.md Pol Henarejos 2022-04-06 17:25:07 +02:00
c16a7a3c5c Added dynamic option to enable/disable press to confirm. Pol Henarejos 2022-04-06 15:14:23 +02:00
7060d2d2ca Added custom INS (named EXTRAS) to support different extra commands. At this moment: - 0xA: gets/sets the datetime. - 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available. Pol Henarejos 2022-04-06 14:41:09 +02:00
532d79bcc5 Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. Pol Henarejos 2022-04-06 14:38:22 +02:00
770097d6ab Added support for reading binary data. Pol Henarejos 2022-04-05 18:07:20 +02:00
ce2a1c21de Added support to write arbitrary data EF. Pol Henarejos 2022-04-05 17:28:22 +02:00
d16c9b2324 Update README.md Pol Henarejos 2022-04-04 22:27:33 +02:00
6e1c47ddf4 Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. Pol Henarejos 2022-04-04 22:00:29 +02:00
f1630023c7 Update README.md Pol Henarejos 2022-04-04 21:56:40 +02:00
d49e7be972 Added a new custom APDU (88h) for setting and retrieving datetime. Pol Henarejos 2022-04-04 15:48:04 +02:00
13d17fc4f7 Fixed class with USB-ICC specs, for legacy reasons. Pol Henarejos 2022-04-04 15:46:53 +02:00
d41a488eda Adding support for Transport PIN. Adding support for initialize options. v1.10 Pol Henarejos 2022-04-04 10:06:48 +02:00
375a18ebac Update README.md Pol Henarejos 2022-04-04 10:04:47 +02:00
20216ac4ba Update README.md Pol Henarejos 2022-04-04 10:01:16 +02:00
d27d8b0c5b Upgrading to version 1.10 Pol Henarejos 2022-04-04 09:57:19 +02:00
a619527482 Adding P1=0x2 and P1=0x3 for reset retry counter. Pol Henarejos 2022-04-03 20:59:50 +02:00
85ff92c4de Adding check for device options whether it can reset retry counter with PIN or without. Pol Henarejos 2022-04-03 20:40:16 +02:00
b1121718db Adding capability to reset retry counter without new PIN Pol Henarejos 2022-04-03 20:37:16 +02:00
2905dcc8c0 Adding custom command to set datetime. Pol Henarejos 2022-04-03 19:57:56 +02:00
c9855f7214 Fix displaying device options. Pol Henarejos 2022-03-31 19:43:33 +02:00
853b8f29a2 Fix returning kcv when pin is not provided. It always return 0x0 Pol Henarejos 2022-03-31 19:31:56 +02:00
d5378ffa41 If has_session_pin is true, it returns sw_ok Pol Henarejos 2022-03-31 19:31:22 +02:00
4400eba974 Fix returning kcv Pol Henarejos 2022-03-31 19:31:02 +02:00
0cc656c6c0 Adding transport PIN option. It does not allow to authenticate and returns sw code 0x6984 Pol Henarejos 2022-03-31 19:12:56 +02:00
c9b32ab5d0 Fix return pin blocked sw code. Pol Henarejos 2022-03-31 18:59:54 +02:00
f9ffd39661 Adding EF_DEVOPS to store the device options during the initialization. Pol Henarejos 2022-03-31 18:56:42 +02:00
bfc12d6856 Renaming files Pol Henarejos 2022-03-31 18:27:00 +02:00
11874b52de Merge branch 'master' into eac Pol Henarejos 2022-03-31 14:46:28 +02:00
b4e928588e Updating tools to 1.8 v1.8 Pol Henarejos 2022-03-31 14:32:57 +02:00
33a2222cd8 Revert "PIN remaining tries only returned when user is not logged in. If so, it returns always OK." Pol Henarejos 2022-03-31 14:30:50 +02:00
923e05a36c Revert "Also for SOPIN." Pol Henarejos 2022-03-31 14:30:50 +02:00
b5cc4d6fd7 Update README.md Pol Henarejos 2022-03-31 13:32:18 +02:00
25291f978f Create rsa_4096.md Pol Henarejos 2022-03-31 13:23:02 +02:00
ad66170379 Also for SOPIN. Pol Henarejos 2022-03-31 13:18:56 +02:00
86e38419ac PIN remaining tries only returned when user is not logged in. If so, it returns always OK. Pol Henarejos 2022-03-31 13:17:16 +02:00
1a5e6a7edc Merge branch 'eac'. Support for PKCS#12 imports with SCS3. Pol Henarejos 2022-03-31 11:37:18 +02:00
7cf166d615 Upgrading to version 1.8 Pol Henarejos 2022-03-31 11:18:52 +02:00
413c3e0208 Fix update ef when offset is required. Pol Henarejos 2022-03-31 01:08:39 +02:00
7410498df1 Fix with RSA CRT import mode (keytype 6). In RSA CRT import, the N parameter shall not be imported. Otherwise, mbedtls will fail (it is deduced from N=PQ). Pol Henarejos 2022-03-31 00:24:50 +02:00
7aee18110e Fix kmac and kenc computation. Pol Henarejos 2022-03-30 23:59:06 +02:00
7aca7b323a Fix loading kcv, kenc and kmac. Pol Henarejos 2022-03-30 23:21:23 +02:00
4651a0e224 Adding AES wrapping/unwrapping Pol Henarejos 2022-03-30 01:33:54 +02:00
d018e3b9b9 Adding RSA and EC wrap/unwrap, compatible with SC HSM wrap format. Pol Henarejos 2022-03-30 00:59:37 +02:00
1c272842a7 Adding dkek_decode_key for unwrapping. Pol Henarejos 2022-03-29 20:18:08 +02:00

... 8 9 10 11 12 ...