Upgrading patcher to HSM SDK 3.4

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

.gitmodules

@@ -1,3 +1,3 @@
-[submodule "pico-ccid"]
+[submodule "pico-hsm-sdk"]
-	path = pico-ccid
+	path = pico-hsm-sdk
-	url = https://github.com/polhenarejos/pico-ccid.git
+	url = ../pico-hsm-sdk

CMakeLists.txt

@@ -28,75 +28,25 @@ pico_sdk_init()
 
 add_executable(pico_openpgp)
 
-if (NOT DEFINED USB_VID)
-    set(USB_VID 0xFEFF)
-endif()
-add_definitions(-DUSB_VID=${USB_VID})
-if (NOT DEFINED USB_PID)
-    set(USB_PID 0xFCFD)
-endif()
-add_definitions(-DUSB_PID=${USB_PID})
-        
 target_sources(pico_openpgp PUBLIC
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/ccid2040.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb/usb_descriptors.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/file.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/flash.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs/low_flash.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng/random.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng/neug.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/crypto_utils.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid/eac.c
-        
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha256.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/aes.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha512.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/rsa.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/bignum.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/platform_util.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/md.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/oid.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/rsa_alt_helpers.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/constant_time.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecdsa.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecp.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecp_curves.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/asn1write.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/hmac_drbg.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/md5.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ripemd160.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/sha1.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ecdh.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cmac.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cipher.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/cipher_wrap.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/chachapoly.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/camellia.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/chacha20.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/aria.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/poly1305.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/gcm.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/ccm.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/des.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/nist_kw.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/hkdf.c
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library/asn1parse.c
         )
 
 target_include_directories(pico_openpgp PUBLIC
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/fs
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/ccid
+        )
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/rng
+
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/src/usb
+set(HSM_DRIVER "ccid")
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/include
+include(pico-hsm-sdk/pico_hsm_sdk_import.cmake)
-        ${CMAKE_CURRENT_LIST_DIR}/pico-ccid/mbedtls/library
+
+target_compile_options(pico_openpgp PUBLIC
+    -Wall
+    -Werror
 )
 
 pico_add_extra_outputs(pico_openpgp)
 
 #target_compile_definitions(pico_openpgp PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
 
-target_link_libraries(pico_openpgp PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
+target_link_libraries(pico_openpgp PRIVATE pico_hsm_sdk pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)

README.md

@@ -21,13 +21,30 @@ Pico OpenPGP has implemented the following features:
 - USB/CCID support with OpenSC, openssl, etc.
 - Extended APDU support.
 - Lifecycle card (termination and activation).
+- Press-to-confirm button.
+- User Interaction Flag for enabling/disabling press-to-confirm button.
+- Key Derivation Function (KDF) for PIN.
+- Manage Security Environment (MSE).
+- DEK for internal safe storage.
+- AES key generation.
+- AES ciphering and deciphering.
+- Cardholder certificates support.
 
 All these features are compliant with the specification. Therefore, if you detect some behaviour that is not expected or it does not follow the rules of specs, please open an issue.
 
-### About Gnuk
+## AES support
-This project was inspired by [Gnuk](https://wiki.debian.org/GNUK "Gnuk"), a same project but focused on STM32 processor family. Despite the initial idea was to port Gnuk to the Raspberry Pico family, the underlaying architecture is widely different (although they run on ARM). For instance, the Pico has two ARM cores, with an appropiate SDK able to leverage them. Also, Pico has an internal flash storage, which is farly larger compared to STM32 ROM storage. Finally, the Pico has a complete USB interface based on TinyUSB, which difficults to port Gnuk. These are only few examples of the difficulties of porting Gnuk to the Raspberry Pico.
+There is no known software that supports AES with OpenPGP. Nevertheless, it can be used with customized PKCS11 modules or interfacing with raw APDU packets.
 
-As a consequence, Pico OpenPGP is designed from zero. Well, not strictly from zero, as it borrows some of the buffering between USB and CCID interfaces from Gnuk. Cryptographic operations are implemented with MBEDTLS library.
+During asymmetric key generation for DEC key, Pico OpenPGP also generates a 32 bits symmetric key for AES operations.
+
+OpenPGP card 3.4 specifications describe the procedure to perform ciphering (encryption and decryption) with AES via PSO:ENCIPHER and PSO:DECIPHER. Both commands are supported by Pico OpenPGP.
+
+### About Gnuk
+This project was inspired by [Gnuk](https://wiki.debian.org/GNUK "Gnuk"), a same project but focused on STM32 processor family. Despite the initial idea was to port Gnuk to the Raspberry Pico family, the underlaying architecture is widely different (although boh run on ARM). For instance, the Pico has two ARM cores, with an appropiate SDK able to leverage them. Also, Pico has an internal flash storage, which is farly larger compared to STM32 ROM storage. Finally, the Pico has a complete USB interface based on TinyUSB, which difficults to port Gnuk. These are only few examples of the difficulties of porting Gnuk to the Raspberry Pico.
+
+As a consequence, Pico OpenPGP is designed from zero. Well, not strictly from zero, as it borrows some of the cryptographic operations implemented with MbedTLS library.
+
+Whilst Gnuk is OpenPGP 2.0 with small set of enhancements, Pico OpenPGP aims at being OpenPGP 3.4 compliant, with new features (not present in Gnuk), such as Manage Security Environment (MSE) or UIF.
 
 ## Security considerations
 All secret keys (asymmetric and symmetric) are stored encrypted in the flash memory of the Raspberry Pico. DEK is used as a 256 bit AES key to protect private and secret keys. Keys are never stored in RAM except for signature and decryption operations and only during the process. All keys (including DEK) are loaded and cleared every time to avoid potential security flaws.
@@ -115,7 +132,6 @@ OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a
 
 ## Credits
 Pico OpenPGP uses the following libraries or portion of code:
-- mbedTLS for cryptographic operations.
+- MbedTLS for cryptographic operations.
-- gnuk for low level CCID procedures support.
 - TinyUSB for low level USB procedures.
 

build_pico_openpgp.sh

@@ -1,21 +1,53 @@
 #!/bin/bash
 
 VERSION_MAJOR="1"
-VERSION_MINOR="4"
+VERSION_MINOR="8"
 
 rm -rf release/*
 cd build_release
 
-for board in adafruit_feather_rp2040 adafruit_itsybitsy_rp2040 adafruit_qtpy_rp2040 adafruit_trinkey_qt2040 arduino_nano_rp2040_connect melopero_shake_rp2040 pimoroni_interstate75 pimoroni_keybow2040 pimoroni_pga2040 pimoroni_picolipo_4mb pimoroni_picolipo_16mb pimoroni_picosystem pimoroni_plasma2040 pimoroni_tiny2040 pybstick26_rp2040 sparkfun_micromod sparkfun_promicro sparkfun_thingplus vgaboard waveshare_rp2040_lcd_0.96 waveshare_rp2040_plus_4mb waveshare_rp2040_plus_16mb waveshare_rp2040_zero
+for board in adafruit_feather_rp2040 \
+    adafruit_itsybitsy_rp2040 \
+    adafruit_kb2040 \
+    adafruit_macropad_rp2040 \
+    adafruit_qtpy_rp2040 \
+    adafruit_trinkey_qt2040 \
+    arduino_nano_rp2040_connect \
+    datanoisetv_rp2040_dsp \
+    eetree_gamekit_rp2040 \
+    garatronic_pybstick26_rp2040 \
+    melopero_shake_rp2040 \
+    pico \
+    pico_w \
+    pimoroni_badger2040 \
+    pimoroni_interstate75 \
+    pimoroni_keybow2040 \
+    pimoroni_motor2040 \
+    pimoroni_pga2040 \
+    pimoroni_picolipo_4mb \
+    pimoroni_picolipo_16mb \
+    pimoroni_picosystem \
+    pimoroni_plasma2040 \
+    pimoroni_servo2040 \
+    pimoroni_tiny2040 \
+    pimoroni_tiny2040_2mb \
+    seeed_xiao_rp2040 \
+    solderparty_rp2040_stamp \
+    solderparty_rp2040_stamp_carrier \
+    solderparty_rp2040_stamp_round_carrier \
+    sparkfun_micromod \
+    sparkfun_promicro \
+    sparkfun_thingplus \
+    vgaboard \
+    waveshare_rp2040_lcd_0.96 \
+    waveshare_rp2040_plus_4mb \
+    waveshare_rp2040_plus_16mb \
+    waveshare_rp2040_zero \
+    wiznet_w5100s_evb_pico
 do
     rm -rf *
-    PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake .. -DPICO_BOARD=$board 
+    PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
     make -kj20
     mv pico_openpgp.uf2 ../release/pico_openpgp_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2
 
 done
-
-rm -rf *
-PICO_SDK_PATH=~/Devel/pico/pico-sdk cmake ..
-make -kj20
-mv pico_openpgp.uf2 ../release/pico_openpgp_pico_generic-$VERSION_MAJOR.$VERSION_MINOR.uf2

patch_vidpid.sh

@@ -17,8 +17,8 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 
-VERSION_MAJOR="1" #Version of Pico CCID Core
+VERSION_MAJOR="3" #Version of Pico CCID Core
-VERSION_MINOR="1"
+VERSION_MINOR="4"
 
 echo "----------------------------"
 echo "VID/PID patcher for Pico OpenPGP"

src/openpgp/files.c

@@ -138,9 +138,12 @@ file_t file_entries[] = {
     /* 51 */ { .fid = EF_PW_PRIV, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
     /* 52 */ { .fid = EF_DEK, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
     /* 53 */ { .fid = EF_KDF, .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_R_WP },
+    /* 54 */ { .fid = EF_CH_1, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
+    /* 55 */ { .fid = EF_CH_2, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
+    /* 56 */ { .fid = EF_CH_3, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_NONE },
     
-    /* 54 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
+    /* 57 */ { .fid = 0x0000, .parent = 0, .name = openpgp_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = ACL_RO },
-    /* 55 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = ACL_NONE } //end
+    /* 58 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = ACL_NONE } //end
 };
 
 const file_t *MF = &file_entries[0];

src/openpgp/files.h

@@ -35,6 +35,9 @@
 #define EF_PB_DEC       0x10d5
 #define EF_PB_AUT       0x10d6
 #define EF_DEK          0x1099
+#define EF_CH_1         0x1f21
+#define EF_CH_2         0x1f22
+#define EF_CH_3         0x1f23
 
 #define EF_EXT_HEADER   0x004d //C
 #define EF_FULL_AID     0x004f //S
@@ -63,6 +66,7 @@
 #define EF_TS_DEC       0x00cf //S
 #define EF_TS_AUT       0x00d0 //S
 #define EF_RESET_CODE   0x00d3 //S
+#define EF_AES_KEY      0x00d5 //S
 #define EF_UIF_SIG      0x00d6 //S
 #define EF_UIF_DEC      0x00d7 //S
 #define EF_UIF_AUT      0x00d8 //S

src/openpgp/openpgp.h

@@ -21,7 +21,8 @@
 #include "stdlib.h"
 #include <pico/stdlib.h>
 
-#include "ccid2040.h"
+#include "hsm.h"
+#include "apdu.h"
 
 extern bool has_pw1;
 extern bool has_pw3;

src/openpgp/version.h

@@ -23,5 +23,10 @@
 #define OPGP_VERSION_MAJOR ((OPGP_VERSION >> 8) & 0xff)
 #define OPGP_VERSION_MINOR (OPGP_VERSION & 0xff)
 
-#endif
 
+#define PIPGP_VERSION 0x0108
+
+#define PIPGP_VERSION_MAJOR ((PIPGP_VERSION >> 8) & 0xff)
+#define PIPGP_VERSION_MINOR (PIPGP_VERSION & 0xff)
+
+#endif