pico-hsm

clone/pico-hsm

Fork 0

mirror of https://github.com/polhenarejos/pico-hsm synced 2026-06-11 04:48:16 +02:00

Commit Graph

Select branches

Hide Pull Requests

development

master

#10

#102

#108

#124

#124

#127

#128

#128

#130

#130

#131

#2

#40

#43

#52

nightly-development

nightly-master

v1.0

v1.10

v1.12

v1.2

v1.4

v1.6

v1.8

v2.0

v2.2

v2.4

v2.6

v3.0

v3.2

v3.4

v3.6

v3.6-eddsa1

v4.0

v4.0-eddsa1

v4.2

v4.2-eddsa1

v5.0

v5.0-eddsa1

v5.2

v5.4

v5.4-eddsa1

v5.6

v6.0

v6.0-eddsa1

v6.2

v6.4

v6.6

e0b9a68fad Deregistering OpenSC. Pol Henarejos 2022-05-31 19:28:03 +02:00
d0098015fe Removing OpenSC dependency. Pol Henarejos 2022-05-31 19:26:00 +02:00
3660a35c2c Implementing own functions for cvc manipulation. Pol Henarejos 2022-05-31 18:51:43 +02:00
9132dd16f0 Fix decoding asn1 integer. Pol Henarejos 2022-05-31 01:14:09 +02:00
652551269e Using own asn1 int decoder. Pol Henarejos 2022-05-31 00:40:29 +02:00
81730f37a9 Removing sc_pkcs1_strip_digest(). Pol Henarejos 2022-05-31 00:25:54 +02:00
4b86e96660 Removing card_context from store_keys(). Pol Henarejos 2022-05-31 00:14:30 +02:00
271240f11c Fix initializing device. Pol Henarejos 2022-05-31 00:09:21 +02:00
00e8596a0e Adding asn1_find_tag() for searching for a tag in a asn1 string. Pol Henarejos 2022-05-30 23:31:17 +02:00
39ab429c88 Adding key domain to key generation, wrap, unwrap, export and import. Pol Henarejos 2022-05-30 16:13:51 +02:00
96175c9fd3 Adding usb descriptors Pol Henarejos 2022-05-30 16:13:20 +02:00
cee3e83077 Moving again to tinyUSB Pol Henarejos 2022-05-29 01:53:01 +02:00
4fa8d4ba64 Fix warnings Pol Henarejos 2022-05-27 20:58:45 +02:00
1ac4402f99 res_APDU SHALL NOT BE moved, only memcpied or memmoved. Pol Henarejos 2022-05-27 00:58:35 +02:00
8554262aaf Migrating away from tinyUSB. Pol Henarejos 2022-05-27 00:36:33 +02:00
d4d989e562 Moving from tinyUSB to low level custom solution. Pol Henarejos 2022-05-26 14:16:55 +02:00
d2766b2225 Using printf instead of TU Pol Henarejos 2022-05-26 14:16:32 +02:00
f124ee52ce Do not add FMD in FCI. Pol Henarejos 2022-05-24 23:31:46 +02:00
2167d28514 Add meta files. Pol Henarejos 2022-05-24 22:57:59 +02:00
80792dc555 Private/secret keys can be selected. Pol Henarejos 2022-05-24 13:06:00 +02:00
080337f847 Added key domain setup Pol Henarejos 2022-05-24 11:08:29 +02:00
5e20c830fd Return key domain not found only when they are prepared. Pol Henarejos 2022-05-24 10:48:22 +02:00
b754fdb449 Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. Pol Henarejos 2022-05-24 10:44:00 +02:00
a926239613 Returning not initialized key domains. Pol Henarejos 2022-05-24 09:24:54 +02:00
c80b723112 Using dynamic dkek number and current shares, for each key domain. Pol Henarejos 2022-05-24 09:18:35 +02:00
a062b92dad Replacing low level data access to high level routines. Pol Henarejos 2022-05-24 00:30:42 +02:00
89d40b7c94 Extending DKEK and key storage to key domains. Pol Henarejos 2022-05-24 00:29:19 +02:00
7b5cb48dcc Added key domains for device initialization and dkek import. Pol Henarejos 2022-05-23 20:06:06 +02:00
7de0121db5 Introducing MANAGE KEY DOMAIN (INS 52) Pol Henarejos 2022-05-23 14:26:36 +02:00
cb338af8fb Return SW 6600 when button timeouts. Pol Henarejos 2022-05-05 22:30:07 +02:00
89bb5d2815 Fix val returned on wait_button() Pol Henarejos 2022-05-05 22:27:38 +02:00
fffe2fb451 Now press-to-confirm button has a timeout of 15 secs. Pol Henarejos 2022-05-05 20:56:28 +02:00
373a3ce491 Fix patch_vid version, which now uses ccid version. Pol Henarejos 2022-05-05 20:56:04 +02:00
0a798b9f9a Upgrading pico-ccid. Pol Henarejos 2022-05-05 20:10:35 +02:00
5f0b15b5e9 Fix returning wrong pin retries. Pol Henarejos 2022-04-22 19:21:41 +02:00
9a93c8afe0 Adding new features of 2.0. Pol Henarejos 2022-04-19 19:41:44 +02:00
fe990100d9 I am not sure why is being modified. Pol Henarejos 2022-04-19 19:41:09 +02:00
df15a27ceb Removing mbedtls submodule Pol Henarejos 2022-04-19 19:38:42 +02:00
5f4aafed37 Introducing version 2.0 with the following enhancements: - Added Secure Messaging. - Added Session PIN. - Added tool to burn CVCerts onto the firmware, like a PKI. Pol Henarejos 2022-04-19 19:25:43 +02:00
86298f3421 Upgrading to version 2.0. v2.0 Pol Henarejos 2022-04-19 19:24:10 +02:00
77971ac7e6 Using MBEDTLS from pico ccid. Pol Henarejos 2022-04-19 19:19:16 +02:00
302f287967 Moving EAC and crypto to core. Pol Henarejos 2022-04-19 19:16:29 +02:00
b9c08d72c4 Update .gitmodules Pol Henarejos 2022-04-19 18:42:48 +02:00
522860f736 Splitting the core onto another repo, which can be reused by other smart applications. Pol Henarejos 2022-04-19 18:39:52 +02:00
b09fc75913 CVCert is burn only if it does not exist. This check is only executed for first configuration. Pol Henarejos 2022-04-14 18:31:39 +02:00
1b010c8a68 Specifying POST method Pol Henarejos 2022-04-14 17:11:51 +02:00
e2f424d4ab No more in the repo Pol Henarejos 2022-04-14 01:06:50 +02:00
b9fb224d62 Adding a tool to burn device CVC. It generates a new keypair and sends the public key to Pico HSM CA, which signs the request. The certificate, CA and private key are burned onto the firmware. Pol Henarejos 2022-04-14 01:03:03 +02:00
69e869852e Rewritten keypair_gen response (more friendly). Pol Henarejos 2022-04-13 19:03:33 +02:00
618966b742 Sanity check for keypair gen. Pol Henarejos 2022-04-13 18:49:13 +02:00
b68920ff45 Added walker function for TLV parsing. Pol Henarejos 2022-04-13 16:55:34 +02:00
9dfe0ee7b3 Clear session pin on unload and new session. Pol Henarejos 2022-04-13 14:25:44 +02:00
da6c578973 Fix tag_len computation for all TLV. Pol Henarejos 2022-04-13 14:14:06 +02:00
49d9ec7cf9 Session pin is randomized. Pol Henarejos 2022-04-13 14:12:14 +02:00
af07f1d549 Added INS for session pin generation (needs randomization). Pol Henarejos 2022-04-11 19:47:43 +02:00
db5f5fd435 When working with SM, wrap() manipulates res_APDU. Thus, we cannot change the pointer of res_APDU anymore. Everything must be memcpy-ed. Pol Henarejos 2022-04-11 15:11:42 +02:00
7232625bab Merge branch 'master' into eac Pol Henarejos 2022-04-11 15:09:33 +02:00
1557a4a039 Fix when generating keypair, which could produce wrong flash save in particular cases of concurrency. Pol Henarejos 2022-04-11 15:09:20 +02:00
b61575bbc3 Adding some mutex to improve concurrency. Pol Henarejos 2022-04-11 15:08:10 +02:00
3781777138 Adding some kind of permanent flash memory that does not wipe out when initializing. Pol Henarejos 2022-04-11 11:37:41 +02:00
2f1f8e0c90 Fix parsing TLV in signatures. Pol Henarejos 2022-04-11 01:44:18 +02:00
c4c2bf86ba Fix response APDU in secure channel. Pol Henarejos 2022-04-11 01:38:15 +02:00
f26668b81d Fixed IV computation. IV is computed encrypting macCounter with a initial IV=0x0000. Pol Henarejos 2022-04-11 01:16:20 +02:00
964af6a064 Adding wrap() to encrypt and sign response APDU. Pol Henarejos 2022-04-10 20:58:54 +02:00
c3a93a46ba Adding unwrap(), to decrypt and verify secure APDU. Pol Henarejos 2022-04-10 20:23:36 +02:00
57d593561a Moving all SM stuff to EAC. Pol Henarejos 2022-04-10 19:00:52 +02:00
c098d80524 Adding private key of termca. It is the worst thing I can do, but first I need to develop the secure channel, which uses the private key of device. Later, I will figure out how to generate the private key and certificate during initialization, but it will be difficult, as it needs to be signed by the CA. Pol Henarejos 2022-04-10 01:55:57 +02:00
6c892af9f1 Adding authentication command. Not finished. Needs lot of work. Pol Henarejos 2022-04-09 23:44:45 +02:00
b545a1618b Added Manage Security Environment command. Pol Henarejos 2022-04-09 20:50:00 +02:00
dec3d54ddd Adding more SW codes. Pol Henarejos 2022-04-09 20:29:13 +02:00
ce4d0bf102 INS 54h is also occupied too... let's try with 64h. Pol Henarejos 2022-04-08 00:38:03 +02:00
4e6bada892 Fix first AID load. Pol Henarejos 2022-04-08 00:29:15 +02:00
98ad2e3d55 Fix returning card data when selected AID. Pol Henarejos 2022-04-07 23:32:56 +02:00
e686b42934 Merge branch 'master' into eac Pol Henarejos 2022-04-07 18:34:40 +02:00
239e01c3f8 Update extra_command.md v1.12 Pol Henarejos 2022-04-07 18:34:14 +02:00
0d839c3136 Merge branch 'master' into eac Pol Henarejos 2022-04-07 18:32:49 +02:00
4a57698173 Moving out INS_EXTRAS from 0x88 (taken by ISO 7816) to 0x54 (presumably free). Pol Henarejos 2022-04-07 18:32:31 +02:00
cc3bfad00a Merge branch 'master' into eac Pol Henarejos 2022-04-07 18:18:50 +02:00
468051288c Upgrading to version 1.12. Pol Henarejos 2022-04-06 19:16:28 +02:00
565ea12d88 Added dynamic option to enable/disable press to confirm. Pol Henarejos 2022-04-06 15:14:23 +02:00
1c7ef50568 Added custom INS (named EXTRAS) to support different extra commands. At this moment: - 0xA: gets/sets the datetime. - 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available. Pol Henarejos 2022-04-06 14:41:09 +02:00
878eae9787 Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. Pol Henarejos 2022-04-06 14:38:22 +02:00
24b1d6807b Added support for reading binary data. Pol Henarejos 2022-04-05 18:07:20 +02:00
6bc081a1e1 Added support to write arbitrary data EF. Pol Henarejos 2022-04-05 17:28:22 +02:00
afb16fff65 Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. Pol Henarejos 2022-04-04 22:00:29 +02:00
cf81a82645 Added a new custom APDU (88h) for setting and retrieving datetime. Pol Henarejos 2022-04-04 15:48:04 +02:00
dc820a60ae Fixed class with USB-ICC specs, for legacy reasons. Pol Henarejos 2022-04-04 15:46:53 +02:00
c57cc139f6 Update README.md Pol Henarejos 2022-04-07 00:10:09 +02:00
79426f35cd Update extra_command.md Pol Henarejos 2022-04-07 00:06:44 +02:00
502a7ba81c Create store_data.md Pol Henarejos 2022-04-06 23:56:29 +02:00
deef209687 Update README.md Pol Henarejos 2022-04-06 19:52:10 +02:00
bb09f212d2 Create extra_command.md Pol Henarejos 2022-04-06 19:51:05 +02:00
1e6556ebdd Upgrading to version 1.12. Pol Henarejos 2022-04-06 19:16:28 +02:00
cfd86df45e Update README.md Pol Henarejos 2022-04-06 17:25:07 +02:00
c16a7a3c5c Added dynamic option to enable/disable press to confirm. Pol Henarejos 2022-04-06 15:14:23 +02:00
7060d2d2ca Added custom INS (named EXTRAS) to support different extra commands. At this moment: - 0xA: gets/sets the datetime. - 0x6: enables/disables press to confirm (BOOTSEL). It allows other dynamic device options. At this moment, only press to confirm option is available. Pol Henarejos 2022-04-06 14:41:09 +02:00
532d79bcc5 Added press button to confirm. Everytime a private/secret key is loaded, the Pico HSM waits for BOOTSEL button press. This mechanism guarantees that no private/secret operations are made without user consent. To confirm the operation, the user must press the BOOTSEL button. In the meanwhile, the device gets into waiting state and no other operation is performed. After release the button, the operation continues normally. Pol Henarejos 2022-04-06 14:38:22 +02:00
770097d6ab Added support for reading binary data. Pol Henarejos 2022-04-05 18:07:20 +02:00
ce2a1c21de Added support to write arbitrary data EF. Pol Henarejos 2022-04-05 17:28:22 +02:00
d16c9b2324 Update README.md Pol Henarejos 2022-04-04 22:27:33 +02:00

... 8 9 10 11 12 ...