pico-hsm

clone/pico-hsm

Fork 0

mirror of https://github.com/polhenarejos/pico-hsm synced 2026-06-11 04:48:16 +02:00

Commit Graph

Select branches

Hide Pull Requests

development

master

#10

#102

#108

#124

#124

#127

#128

#128

#130

#130

#131

#2

#40

#43

#52

nightly-development

nightly-master

v1.0

v1.10

v1.12

v1.2

v1.4

v1.6

v1.8

v2.0

v2.2

v2.4

v2.6

v3.0

v3.2

v3.4

v3.6

v3.6-eddsa1

v4.0

v4.0-eddsa1

v4.2

v4.2-eddsa1

v5.0

v5.0-eddsa1

v5.2

v5.4

v5.4-eddsa1

v5.6

v6.0

v6.0-eddsa1

v6.2

v6.4

v6.6

6e1c47ddf4 Fix with ASN1 encapsulation for keypair generation. It only affects RSA 4096 bits. Pol Henarejos 2022-04-04 22:00:29 +02:00
f1630023c7 Update README.md Pol Henarejos 2022-04-04 21:56:40 +02:00
d49e7be972 Added a new custom APDU (88h) for setting and retrieving datetime. Pol Henarejos 2022-04-04 15:48:04 +02:00
13d17fc4f7 Fixed class with USB-ICC specs, for legacy reasons. Pol Henarejos 2022-04-04 15:46:53 +02:00
d41a488eda Adding support for Transport PIN. Adding support for initialize options. v1.10 Pol Henarejos 2022-04-04 10:06:48 +02:00
375a18ebac Update README.md Pol Henarejos 2022-04-04 10:04:47 +02:00
20216ac4ba Update README.md Pol Henarejos 2022-04-04 10:01:16 +02:00
d27d8b0c5b Upgrading to version 1.10 Pol Henarejos 2022-04-04 09:57:19 +02:00
a619527482 Adding P1=0x2 and P1=0x3 for reset retry counter. Pol Henarejos 2022-04-03 20:59:50 +02:00
85ff92c4de Adding check for device options whether it can reset retry counter with PIN or without. Pol Henarejos 2022-04-03 20:40:16 +02:00
b1121718db Adding capability to reset retry counter without new PIN Pol Henarejos 2022-04-03 20:37:16 +02:00
2905dcc8c0 Adding custom command to set datetime. Pol Henarejos 2022-04-03 19:57:56 +02:00
c9855f7214 Fix displaying device options. Pol Henarejos 2022-03-31 19:43:33 +02:00
853b8f29a2 Fix returning kcv when pin is not provided. It always return 0x0 Pol Henarejos 2022-03-31 19:31:56 +02:00
d5378ffa41 If has_session_pin is true, it returns sw_ok Pol Henarejos 2022-03-31 19:31:22 +02:00
4400eba974 Fix returning kcv Pol Henarejos 2022-03-31 19:31:02 +02:00
0cc656c6c0 Adding transport PIN option. It does not allow to authenticate and returns sw code 0x6984 Pol Henarejos 2022-03-31 19:12:56 +02:00
c9b32ab5d0 Fix return pin blocked sw code. Pol Henarejos 2022-03-31 18:59:54 +02:00
f9ffd39661 Adding EF_DEVOPS to store the device options during the initialization. Pol Henarejos 2022-03-31 18:56:42 +02:00
bfc12d6856 Renaming files Pol Henarejos 2022-03-31 18:27:00 +02:00
11874b52de Merge branch 'master' into eac Pol Henarejos 2022-03-31 14:46:28 +02:00
b4e928588e Updating tools to 1.8 v1.8 Pol Henarejos 2022-03-31 14:32:57 +02:00
33a2222cd8 Revert "PIN remaining tries only returned when user is not logged in. If so, it returns always OK." Pol Henarejos 2022-03-31 14:30:50 +02:00
923e05a36c Revert "Also for SOPIN." Pol Henarejos 2022-03-31 14:30:50 +02:00
b5cc4d6fd7 Update README.md Pol Henarejos 2022-03-31 13:32:18 +02:00
25291f978f Create rsa_4096.md Pol Henarejos 2022-03-31 13:23:02 +02:00
ad66170379 Also for SOPIN. Pol Henarejos 2022-03-31 13:18:56 +02:00
86e38419ac PIN remaining tries only returned when user is not logged in. If so, it returns always OK. Pol Henarejos 2022-03-31 13:17:16 +02:00
1a5e6a7edc Merge branch 'eac'. Support for PKCS#12 imports with SCS3. Pol Henarejos 2022-03-31 11:37:18 +02:00
7cf166d615 Upgrading to version 1.8 Pol Henarejos 2022-03-31 11:18:52 +02:00
413c3e0208 Fix update ef when offset is required. Pol Henarejos 2022-03-31 01:08:39 +02:00
7410498df1 Fix with RSA CRT import mode (keytype 6). In RSA CRT import, the N parameter shall not be imported. Otherwise, mbedtls will fail (it is deduced from N=PQ). Pol Henarejos 2022-03-31 00:24:50 +02:00
7aee18110e Fix kmac and kenc computation. Pol Henarejos 2022-03-30 23:59:06 +02:00
7aca7b323a Fix loading kcv, kenc and kmac. Pol Henarejos 2022-03-30 23:21:23 +02:00
4651a0e224 Adding AES wrapping/unwrapping Pol Henarejos 2022-03-30 01:33:54 +02:00
d018e3b9b9 Adding RSA and EC wrap/unwrap, compatible with SC HSM wrap format. Pol Henarejos 2022-03-30 00:59:37 +02:00
1c272842a7 Adding dkek_decode_key for unwrapping. Pol Henarejos 2022-03-29 20:18:08 +02:00
0141e0ab4e Adding ec curve find from prime. Pol Henarejos 2022-03-29 20:17:42 +02:00
e7d8695394 Added length checks. Pol Henarejos 2022-03-29 19:16:15 +02:00
6876edea5a Some fix in encode key Pol Henarejos 2022-03-29 19:06:00 +02:00
2e655d6341 Fixes with AES encryption Pol Henarejos 2022-03-29 18:25:47 +02:00
2f4cca19c4 Moving some dkek crypt stuff to dkek. Pol Henarejos 2022-03-29 13:45:28 +02:00
5eb74d8ca3 Adding encode_key with dkek (for wrapping). Pol Henarejos 2022-03-29 13:45:07 +02:00
7b0d5a6700 Fix loading aes key in decrypt function Pol Henarejos 2022-03-29 09:35:06 +02:00
427260663f Replacing CFB to CBC AES proc Pol Henarejos 2022-03-29 09:34:44 +02:00
047a443536 Adding dkek procedures to wrap/unwrap. Pol Henarejos 2022-03-28 17:38:15 +02:00
7a9ee8145d Adding headers to random.h Pol Henarejos 2022-03-28 17:38:02 +02:00
2535d0e537 Adding generic aes encryption/decryption. Pol Henarejos 2022-03-28 17:37:53 +02:00
6fe7d7991b Len of CMAC is always 16. Pol Henarejos 2022-03-28 17:37:24 +02:00
d061958f90 Moving hash to other file. Pol Henarejos 2022-03-28 16:02:28 +02:00
3112200eb6 Merge branch 'eac' Pol Henarejos 2022-03-28 14:04:05 +02:00
69a406832d Adding hsm initializing options Pol Henarejos 2022-03-28 01:37:36 +02:00
cd4ceb0a61 Fix returning current dkeks when the device is initialized without dkeks. Pol Henarejos 2022-03-28 01:37:19 +02:00
450ec5dec1 Also list PRKD files. Pol Henarejos 2022-03-27 20:47:11 +02:00
c7abd1a067 Adding DKEK report Pol Henarejos 2022-03-27 20:27:10 +02:00
c6d87756ab Adding SOPIN verification. Pol Henarejos 2022-03-27 19:00:21 +02:00
0916489388 Initialization now returns free memory if no parameters are given. Pol Henarejos 2022-03-27 18:53:41 +02:00
b1e83c92e9 Adding cvcerts and dica Pol Henarejos 2022-03-27 18:15:16 +02:00
d01e06aa11 2F02 returns terminal's cvcert and DICA. Pol Henarejos 2022-03-27 18:15:06 +02:00
464107b13f Adding tag 85 for FCP when selecting applet Pol Henarejos 2022-03-25 18:15:26 +01:00
e431b25fc1 Not used Pol Henarejos 2022-03-25 18:15:05 +01:00
e4ed917c1c Updating to v1.6 Pol Henarejos 2022-03-25 17:59:43 +01:00
ade3e6d2fb Added sanity check for some boards without led. Pol Henarejos 2022-03-25 17:58:57 +01:00
d12d18261f Changing name of generic pico. Pol Henarejos 2022-03-25 17:58:41 +01:00
525b4439c9 Update README.md Pol Henarejos 2022-03-25 16:56:53 +01:00
43ec92ddc5 Added script to build all boards. v1.6 Pol Henarejos 2022-03-25 12:51:34 +01:00
74127a038f Changing label name. Pol Henarejos 2022-03-25 12:09:32 +01:00
a01bd39f21 Adding license headers. Pol Henarejos 2022-03-25 12:08:48 +01:00
9c707df93b Create LICENSE Pol Henarejos 2022-03-25 11:32:52 +01:00
4bdb189f10 Update README.md Pol Henarejos 2022-03-25 09:53:54 +01:00
c2a474df98 Fix an overflow in EC key derivation. Pol Henarejos 2022-03-24 20:42:43 +01:00
483dc5e953 - Fixed a random bug when generating EC keys. - Removed cvc_req. Now it is encapsulated from the previous existing cvc. - All tests passed (sc-hsm-pkcs11-test invasive) Pol Henarejos 2022-03-24 00:34:29 +01:00
f490f073b0 When updating an EF, if it does not exist, we create it. Added support for CA and CD certificates update. Pol Henarejos 2022-03-21 16:04:40 +01:00
2eab8eba09 Added asymmetric key derivation. Only for EC. Pol Henarejos 2022-03-21 15:37:34 +01:00
783c901567 Replaced EC load private key with read_key, which performs sanity checks. Pol Henarejos 2022-03-21 14:25:00 +01:00
90d1fa0f9b If modulusSize is used, the test will fail as it is an unexpected field. It does not seems necessary. Pol Henarejos 2022-03-21 11:37:05 +01:00
96b791b3b9 - Fixed bug where PublicKD was saved in EE_CERTIFICATE_PREFIX. We save there the CSR instead in CVC format. - We put the CHR and CAR into the CSR if provided during the keypair generation. Pol Henarejos 2022-03-21 11:31:24 +01:00
78d71a6d9c Upgrading to version 1.4. v1.4 Pol Henarejos 2022-03-21 00:55:50 +01:00
0a2740fbab Added AES derive support based on HKDF. Pol Henarejos 2022-03-21 00:54:59 +01:00
3192e928ff Fixed a bug with deleting intermediate EF on flash. A new field on EF flash structure is added. Thus, the old structure must be erased. Pol Henarejos 2022-03-21 00:16:00 +01:00
ae1e2ac111 Fix storing public key description when generating a new keypair. Pol Henarejos 2022-03-19 19:11:09 +01:00
d87073f4cc Auth status should not be removed when apple is reselected. Auth status is removed when the reader disconnects the card (unloads it). With this fix, it is possible to login first and send immediate low level APDU command that requires authentification (such as login+CMAC). Pol Henarejos 2022-03-17 23:37:02 +01:00
36a8f78313 Added support for AES-CMAC. Pol Henarejos 2022-03-17 23:35:07 +01:00
0628d5015c Update asymmetric-ciphering.md Pol Henarejos 2022-03-17 00:44:38 +01:00
daf0f98660 Update asymmetric-ciphering.md Pol Henarejos 2022-03-17 00:43:44 +01:00
1f06c44a89 Adding ecdh support with MBEDTLS. Pol Henarejos 2022-03-17 00:28:40 +01:00
ab1490a50b Added ECDH key derivation. Pol Henarejos 2022-03-17 00:28:16 +01:00
23f53a6095 Added some free on bad return. Pol Henarejos 2022-03-16 23:40:09 +01:00
920cf3a1c5 Upgrading to v1.2 v1.2 Pol Henarejos 2022-03-16 23:31:10 +01:00
74f2a80fb4 Update README.md Pol Henarejos 2022-03-16 18:51:16 +01:00
29361fa110 Update usage.md Pol Henarejos 2022-03-16 18:50:29 +01:00
679486d38c Update sign-verify.md Pol Henarejos 2022-03-16 18:22:11 +01:00
8988d1cf15 Fix support for ECDSA and ECDSA-SHAx signatures. Pol Henarejos 2022-03-16 18:20:17 +01:00
693c890663 Update asymmetric-ciphering.md Pol Henarejos 2022-03-16 15:13:23 +01:00
591b02804e Fix for HASH PSS and HASH PKCS. Pol Henarejos 2022-03-16 12:02:49 +01:00
37c3028b1c Adding code for AES derive Pol Henarejos 2022-03-16 12:02:09 +01:00
2cedf65f1a Update sign-verify.md Pol Henarejos 2022-03-16 11:33:00 +01:00
c31e4f8c2b Update sign-verify.md Pol Henarejos 2022-03-16 10:04:04 +01:00
c756e756b6 Update sign-verify.md Pol Henarejos 2022-03-16 10:03:24 +01:00
73bc2ede6b Fixed a bug with RSA-PKCS-PSS. Surprisingly, PKCS_V21 signature takes in place (input buffer = output buffer) and, for a strange reason, it does not work for res_APDU. Pol Henarejos 2022-03-16 00:26:54 +01:00

... 9 10 11 12 13