webadmin/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm synced 2026-04-15 03:42:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
396 Commits 2 Branches 33 Tags
v2.2
Commit Graph

396 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pol Henarejos
a48dfbbaf4 Some fixes with RAPDU. 
When C0 is sent, pointers were not set properly.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
v2.2 		2022-06-06 14:27:33 +02:00
Pol Henarejos
61625c4c5e Update README.md 
Fix typos.
 2022-06-06 11:53:39 +02:00
Pol Henarejos
3124f5e565 Upgrading build tool to version 2.2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 00:29:55 +02:00
Pol Henarejos
48a05f9afc Upgrading to version 2.2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 00:13:08 +02:00
Pol Henarejos
26fdf8b00c Upgrading Pico CCID to version 2.0. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-06 00:12:32 +02:00
Pol Henarejos
34cb360d62 Updated docs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-05 20:40:41 +02:00
Pol Henarejos
4bf5a80a7a Added key usage counter to decryption operations. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:13:18 +02:00
Pol Henarejos
40efcd71c3 Added device option KEY_COUNTER_ALL. 
When it is set, it enables the key usage counter for all keys when generated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:10:53 +02:00
Pol Henarejos
aca291da9e Key usage counter is added for every generated key. 
When a key is generated, a key usage counter is added. It starts from 2^32-1 and is decremented for every sign request. Once it reaches 0, it forbids more signatures for this key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 20:04:14 +02:00
Pol Henarejos
7f6bcdfb11 Addded fast crc32 checksum for DKEK storage. 
It is for checking the integrity of the DKEK and thus, the scret keys, as they are encrypted with DKEK.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 15:51:52 +02:00
Pol Henarejos
696110a5b0 Key domain deletion and kek deletion are only allowed when key domain is empty. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:36:32 +02:00
Pol Henarejos
73fb61070f Added kek deletion in a particular key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:30:08 +02:00
Pol Henarejos
23da8047bc Fix deleting key domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:22:15 +02:00
Pol Henarejos
bf70a08c9f Added key domain deletion. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:16:40 +02:00
Pol Henarejos
ce410dae65 Fix when setup a key domain. 
Now the dkek is cleared before imports.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-03 11:01:21 +02:00
Pol Henarejos
94a42c4267 Fix changing PIN with multiple domain. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-02 20:09:43 +02:00
Pol Henarejos
f4cc1fed36 Fix meta parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-06-02 19:30:09 +02:00
Pol Henarejos
7c27be784b Fix parsing meta data on key generation. 2022-06-02 14:12:11 +02:00
Pol Henarejos
7d1b22c337 Added meta information for symmetric keys. 2022-06-02 12:12:12 +02:00
Pol Henarejos
1e550c8866 Using custom mbedtls configuration file. 2022-06-01 12:58:19 +02:00
Pol Henarejos
2febbe2795 Fix missing comma. 2022-06-01 12:57:42 +02:00
Pol Henarejos
299516f576 Fix set point A. 
mbedtls does not set point A for some curves.
 2022-06-01 11:51:33 +02:00
Pol Henarejos
6edeab6f85 Signatures in CVC are in plain format. 
Plain format concatenates r||s.
 2022-06-01 10:30:20 +02:00
Pol Henarejos
7b79d7ffde Moving CVC procedures to a separate file. 2022-06-01 09:46:23 +02:00
Pol Henarejos
c4f06ccead Not used anymore. 2022-06-01 08:58:58 +02:00
Pol Henarejos
541d5b3c19 Fix CVC signature length. 
Since it is variable, it needs to be recomputed every time.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 20:38:30 +02:00
Pol Henarejos
e0b9a68fad Deregistering OpenSC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 19:28:03 +02:00
Pol Henarejos
d0098015fe Removing OpenSC dependency. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 19:26:00 +02:00
Pol Henarejos
3660a35c2c Implementing own functions for cvc manipulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-31 18:51:43 +02:00
Pol Henarejos
9132dd16f0 Fix decoding asn1 integer. 
It caused overflow.
 2022-05-31 01:14:09 +02:00
Pol Henarejos
652551269e Using own asn1 int decoder. 2022-05-31 00:40:29 +02:00
Pol Henarejos
81730f37a9 Removing sc_pkcs1_strip_digest(). 
It is hard coded here (taken from OpenSC).
 2022-05-31 00:25:54 +02:00
Pol Henarejos
4b86e96660 Removing card_context from store_keys(). 
It does not generate PRKD, as it will be stored by the client.
 2022-05-31 00:14:30 +02:00
Pol Henarejos
271240f11c Fix initializing device. 2022-05-31 00:09:21 +02:00
Pol Henarejos
00e8596a0e Adding asn1_find_tag() for searching for a tag in a asn1 string. 2022-05-30 23:31:17 +02:00
Pol Henarejos
39ab429c88 Adding key domain to key generation, wrap, unwrap, export and import. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:51 +02:00
Pol Henarejos
96175c9fd3 Adding usb descriptors 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-30 16:13:20 +02:00
Pol Henarejos
cee3e83077 Moving again to tinyUSB 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-29 01:53:01 +02:00
Pol Henarejos
4fa8d4ba64 Fix warnings 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 20:58:45 +02:00
Pol Henarejos
1ac4402f99 res_APDU SHALL NOT BE moved, only memcpied or memmoved. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:58:35 +02:00
Pol Henarejos
8554262aaf Migrating away from tinyUSB. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-27 00:36:33 +02:00
Pol Henarejos
d4d989e562 Moving from tinyUSB to low level custom solution. 2022-05-26 14:16:55 +02:00
Pol Henarejos
d2766b2225 Using printf instead of TU 2022-05-26 14:16:32 +02:00
Pol Henarejos
f124ee52ce Do not add FMD in FCI. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 23:31:46 +02:00
Pol Henarejos
2167d28514 Add meta files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 22:57:59 +02:00
Pol Henarejos
80792dc555 Private/secret keys can be selected. 
It returns FCP when a private/secret key is selected but it is not allowed to read them.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 13:06:00 +02:00
Pol Henarejos
080337f847 Added key domain setup 
It accepts different dkek shares for each key domain.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 11:08:29 +02:00
Pol Henarejos
5e20c830fd Return key domain not found only when they are prepared. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:48:22 +02:00
Pol Henarejos
b754fdb449 Refactoring initialize command to support no dkek, random dkek, dkek shares and key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 10:44:00 +02:00
Pol Henarejos
a926239613 Returning not initialized key domains. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-05-24 09:24:54 +02:00