pico-hsm

dearsky/pico-hsm

Fork 0

Commit Graph

Select branches

Hide Pull Requests

Styne13/feature/hsm_label

ajkrj/patch-1

development

gris-gris/fix-autobuild

krlnokrl/master

master

#10

#102

#108

#124

#124

#127

#127

#128

#128

#130

#130

#2

#40

#43

#52

nightly-development

nightly-master

v1.0

v1.10

v1.12

v1.2

v1.4

v1.6

v1.8

v2.0

v2.2

v2.4

v2.6

v3.0

v3.2

v3.4

v3.6

v3.6-eddsa1

v4.0

v4.0-eddsa1

v4.2

v4.2-eddsa1

v5.0

v5.0-eddsa1

v5.2

v5.4

v5.4-eddsa1

v5.6

v6.0

v6.0-eddsa1

v6.2

v6.4

62c72c48a5 Moving to new pico-hsm-sdk. Pol Henarejos 2022-08-30 17:55:42 +02:00
3944c8437a Moving to pico-hsm-sdk Pol Henarejos 2022-08-30 17:54:38 +02:00
b7d603342e Upgrading pico-ccid Pol Henarejos 2022-08-29 11:32:39 +02:00
6e5db3c292 Upgrading pico-ccid to version 2.2 Pol Henarejos 2022-08-29 11:31:47 +02:00
4fb26559f4 Adding --so-pin flag for initialize command. Pol Henarejos 2022-08-25 13:47:42 +02:00
c366c1d1a3 Added datetime and options menu to manipulate the RTC and options (press-to-confirm button and optional counter for each key). Pol Henarejos 2022-08-25 13:38:09 +02:00
e8cc6a169e Try to recover MKEK twice: with previous PIN/SO-PIN or after setting the new PIN/SO-PIN just in case some is the same as previous. Pol Henarejos 2022-08-25 01:51:06 +02:00
7d7b6b88ba Trying to recover MKEK to preserver device private key. If not, all are generated again. Pol Henarejos 2022-08-24 17:48:50 +02:00
138af5c113 Adding --pin parameter for initialization. Pol Henarejos 2022-08-24 17:47:28 +02:00
b3bcad9ce6 Making MKEK persistent. Pol Henarejos 2022-08-24 17:46:49 +02:00
cd6f898f8e Fix storing certs in DER format. Pol Henarejos 2022-08-24 13:57:37 +02:00
9ef088971b Integrate all commands to a single script Pol Henarejos 2022-08-24 13:53:11 +02:00
e399b1c0b1 Renaming the tools and moving to tools/ folder. Pol Henarejos 2022-08-24 12:52:47 +02:00
59bacaf5b4 Update scs3.md Pol Henarejos 2022-08-24 14:11:14 +02:00
d872a156c1 Update scs3.md Pol Henarejos 2022-08-24 14:04:14 +02:00
c5e4583762 Add a tool for attestation of a private key. Pol Henarejos 2022-08-23 14:54:38 +02:00
38b9c06138 Reformat oids. Pol Henarejos 2022-08-23 14:52:44 +02:00
df18a1e917 Added header. Pol Henarejos 2022-08-23 00:49:51 +02:00
2bc40771ca Fix generating CVC REQ. Pol Henarejos 2022-08-23 00:49:41 +02:00
5696c7a5da Update public_key_authentication.md Pol Henarejos 2022-08-22 14:24:53 +02:00
c5f980fc98 Fix curve for ECDH key. Pol Henarejos 2022-08-22 01:13:08 +02:00
aebb68724a Removing trailing spaces. Pol Henarejos 2022-08-19 01:44:27 +02:00
1f2ccd8c1c Not used. Pol Henarejos 2022-08-19 01:40:13 +02:00
874058d86a Pull last changes in pico-ccid. Pol Henarejos 2022-08-19 00:03:09 +02:00
8fccb80295 New burn-certs is called after compilation, not before. Not needed anymore. Pol Henarejos 2022-08-18 23:58:38 +02:00
c9c60575c7 Removed 3DES as it is unsecure. Pol Henarejos 2022-08-18 23:55:21 +02:00
7e6ed20b26 Not downloading nested submodules for tinyusb Pol Henarejos 2022-08-18 23:53:49 +02:00
52c7be4e16 Also clone nested submodules Pol Henarejos 2022-08-18 23:38:50 +02:00
36d250fc2b Github does not clone submodules. So, let's do it Pol Henarejos 2022-08-18 23:33:52 +02:00
84ba0e03de Fix missing TinyUSB submodule Pol Henarejos 2022-08-18 23:31:17 +02:00
7d27c4b546 Fix autobuild Pol Henarejos 2022-08-18 23:28:29 +02:00
80b2bab0f8 Granting root to apt Pol Henarejos 2022-08-18 23:23:58 +02:00
79372ced2f Just install the SDK in the workflow Pol Henarejos 2022-08-18 23:21:42 +02:00
6fc91962bd Update codeql.yml Pol Henarejos 2022-08-18 23:13:02 +02:00
fb76c23694 Let's try our autobuild Pol Henarejos 2022-08-18 23:00:09 +02:00
fc6c852e09 When used this tool, the device is always reset to default state. Pol Henarejos 2022-08-18 20:09:23 +02:00
82f61ff1d4 When initialized, the device key (EF_KEY_DEV) is only generated if not found. Pol Henarejos 2022-08-18 20:08:54 +02:00
64052f4f70 Marked EF_DEV files as persistent to remain permanent. Pol Henarejos 2022-08-18 20:08:11 +02:00
36c8150f25 Enhanced the procedure for burning the device certificate. Pol Henarejos 2022-08-18 18:17:21 +02:00
cb492728ec Device key now uses SECP256R1 curve. Pol Henarejos 2022-08-18 18:15:45 +02:00
fec02ca733 Removing cvcerts.h dependency. Pol Henarejos 2022-08-18 13:29:24 +02:00
4e01a78286 Fix OID names. Pol Henarejos 2022-08-18 11:58:05 +02:00
538b39386b List keys returns the DEV key if exists. Pol Henarejos 2022-08-18 11:57:49 +02:00
977aced343 Fix OID names. Pol Henarejos 2022-08-18 11:57:38 +02:00
83b5753bb5 Fix saving DEV key. Pol Henarejos 2022-08-18 11:57:23 +02:00
a57c3b691f Fix passing DEBUG_APDU flag. Pol Henarejos 2022-08-18 11:55:16 +02:00
648a374ebb Create codeql.yml Pol Henarejos 2022-08-17 18:27:55 +02:00
c3568e1211 Create the terminal private key with id = 0. Pol Henarejos 2022-08-14 01:20:54 +02:00
6a16d4d55c Fix returning store_keys(); Pol Henarejos 2022-08-14 01:17:06 +02:00
ab2e71cc40 By default, all CVC are self-generated (chr=car). Pol Henarejos 2022-08-14 01:16:53 +02:00
f79fe9f7d0 Fix when no DKEK is present. Pol Henarejos 2022-08-14 01:16:33 +02:00
6956587106 Add newline at the end of file. Pol Henarejos 2022-08-13 23:31:09 +02:00
349df56b09 Missing header. Pol Henarejos 2022-08-13 15:00:05 +02:00
e6f082d512 Splitting cmd_xxx() functions in separate files. Pol Henarejos 2022-08-13 14:59:27 +02:00
87feed1222 Renaming KEK files. Pol Henarejos 2022-08-13 13:47:43 +02:00
55c8a66613 Fix wrap/unwrap keys with specific allowed algorithms. Pol Henarejos 2022-08-13 02:58:36 +02:00
2e88422c86 Fix deleting KEK when a key is present in the key domain. Pol Henarejos 2022-08-13 00:50:22 +02:00
da841b82d4 Fix deleting KEK. Pol Henarejos 2022-08-13 00:48:05 +02:00
9256a72c3e Added XKEK derivation to save the KEK from XKEK key domain. Pol Henarejos 2022-08-13 00:43:55 +02:00
69120cc961 Added cvc_get_ext() to find CVC extensions. Pol Henarejos 2022-08-13 00:43:35 +02:00
06aaf58f0b Added extension optional parameter to be included in the CVC body. Pol Henarejos 2022-08-13 00:07:24 +02:00
12e5a586d2 Adding support for XKEK CVC extension. Pol Henarejos 2022-08-12 22:18:21 +02:00
0e76ed7077 Adding OID for CVC extensions. Pol Henarejos 2022-08-12 21:12:56 +02:00
be911a7aa7 Clearing hash, just in case. Pol Henarejos 2022-08-12 19:55:07 +02:00
0556a528f3 Fix DKEK key domain creation. Pol Henarejos 2022-08-12 19:51:59 +02:00
de789cef66 Fix Key Domain deletion. Pol Henarejos 2022-08-12 19:46:08 +02:00
7208d01547 Adding XKEK Key Domain creation. Pol Henarejos 2022-08-12 19:36:10 +02:00
46cb0a455d Fix DKEK are only created when requested and not by default. Pol Henarejos 2022-08-12 14:01:19 +02:00
300e19b612 Moving to mbedtls_platform_zeroize() for better zeroization. Pol Henarejos 2022-08-12 01:52:37 +02:00
2666573050 Fix dkek status report when device is initialized without dkek. Pol Henarejos 2022-08-12 01:00:27 +02:00
5506b46c9d Fix finding MKEK file. Pol Henarejos 2022-08-12 00:57:08 +02:00
7b27cb7a1c MKEK is also stored with SO encryption. Pol Henarejos 2022-08-12 00:41:04 +02:00
84a70a1de0 Adding MKEK_SO file descriptor. Pol Henarejos 2022-08-12 00:39:25 +02:00
1756ec49ad When user resets retry counter and sends the SO-PIN (P1=0x0) it becomes authenticated in this session. Pol Henarejos 2022-08-12 00:29:34 +02:00
7b286b04b1 Introducing MKEK (Master Key Encryption Key). Pol Henarejos 2022-08-12 00:20:02 +02:00
a731e88c78 Adding MKEK ef id. Pol Henarejos 2022-08-11 22:59:54 +02:00
ffd31f2ea7 Memset kcv to 0 always when called. Pol Henarejos 2022-08-10 23:58:01 +02:00
356eeea505 Added support for ECDH_XKEK. Pol Henarejos 2022-08-10 23:51:41 +02:00
34d9469157 When creating XKEK domain, it returns key domain UID. Pol Henarejos 2022-08-10 23:29:08 +02:00
36b1bf9875 Added ECDH algorithms for XKEK and AUT. Pol Henarejos 2022-08-10 23:28:44 +02:00
7badd19a07 Upgrading PICO SDK to v1.4 and adding new boards. Pol Henarejos 2022-08-09 01:28:39 +02:00
f122a9ab28 Upgrade to version 2.6. v2.6 Pol Henarejos 2022-08-09 00:42:58 +02:00
14dbad4dd7 Do not return PIN unitialized if PKA is enabled. Pol Henarejos 2022-08-09 00:27:53 +02:00
cdce9ab50b Adding pka_enabled() to check whether the device is configured with PKA. Pol Henarejos 2022-08-09 00:26:56 +02:00
30d3270e1d Adding clarification on setting PKA and PIN with SCS3. Pol Henarejos 2022-08-09 00:26:35 +02:00
157923decc Clafiricate docs about PKA and PIN Pol Henarejos 2022-08-06 01:44:24 +02:00
7bbcbc57eb Removing unnecessary debug. Pol Henarejos 2022-08-06 01:36:03 +02:00
9074463f4e Added clarification on PKA and PIN Pol Henarejos 2022-08-06 01:27:51 +02:00
3ebf4fdff5 User authentication is unlinked from session_pin Pol Henarejos 2022-08-06 01:11:51 +02:00
77e5fa2d2b Added static files for device key and certiticate. Pol Henarejos 2022-06-15 15:57:54 +02:00
6bd2e65459 Add function for building PrKD asn1 Pol Henarejos 2022-06-15 15:38:11 +02:00
3363e9ad0c Updating ccid. Pol Henarejos 2022-06-14 19:12:31 +02:00
d1f0f45525 Added support for native PKCS1.5 and OEP decryption. Pol Henarejos 2022-06-14 17:00:23 +02:00
efc1b4a4ae Fix meta deletion. Pol Henarejos 2022-06-14 16:45:06 +02:00
a45303d9e6 Added support for specific purposes. Added support for SHA512 operations. Pol Henarejos 2022-06-14 16:12:04 +02:00
871ff69f56 Fix critical bug. v2.4 Pol Henarejos 2022-06-14 11:46:44 +02:00
d4b4289c0b Update extra_command.md Pol Henarejos 2022-06-14 11:27:49 +02:00
32af000435 Upgrading to version 2.4. Pol Henarejos 2022-06-13 19:39:35 +02:00
64178192ad Update README.md Pol Henarejos 2022-06-13 15:03:46 +02:00
598752956f Update scs3.md Pol Henarejos 2022-06-13 14:58:09 +02:00

... 6 7 8 9 10 ...