webadmin/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm synced 2026-04-17 04:42:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • c609cec441 Update usage.md Pol Henarejos 2022-03-14 00:59:22 +01:00
  • 587ead4ad9 Update README.md Pol Henarejos 2022-03-14 00:58:42 +01:00
  • e3d809ae7f Create aes.md Pol Henarejos 2022-03-14 00:55:32 +01:00
  • 4f142d1b93 Create backup-and-restore.md Pol Henarejos 2022-03-13 23:54:15 +01:00
  • 1f7e7aa14c Update usage.md Pol Henarejos 2022-03-13 22:14:56 +01:00
  • a4baa99fce Update usage.md Pol Henarejos 2022-03-13 20:21:54 +01:00
  • df020efa46 Update usage.md Pol Henarejos 2022-03-12 20:24:55 +01:00
  • c31dd26e22 Create usage.md Pol Henarejos 2022-03-12 01:29:25 +01:00
  • 6d22fc20d4 Update README.md Pol Henarejos 2022-03-10 18:56:51 +01:00
  • 3d74952c41 Update README.md Pol Henarejos 2022-03-10 18:47:01 +01:00
  • 51f574f9f6 Update README.md Pol Henarejos 2022-03-10 18:36:59 +01:00
  • 1c6fb98350 Logout user when applet selected. Pol Henarejos 2022-03-10 00:48:47 +01:00
  • f1c0b12f5c Increasing random buffer and checks. Pol Henarejos 2022-03-10 00:13:13 +01:00
  • 213b675b9f Fix returned error code for wrong pin. Pol Henarejos 2022-03-10 00:09:35 +01:00
  • b701f639ac Increasing CCID buffer. Pol Henarejos 2022-03-10 00:08:22 +01:00
  • 4a0144ed2a Adding version header to show in lsusb command (bcdDevice) and major version in pkcs15-tool -D. Pol Henarejos 2022-03-08 18:43:30 +01:00
  • 9be78aade6 Changing project name. Pol Henarejos 2022-03-08 00:37:27 +01:00
  • b7ee325d4f Create README.md Pol Henarejos 2022-03-08 00:36:42 +01:00
  • 3e89e8f835 Updating submodule url Pol Henarejos 2022-03-07 23:50:15 +01:00
  • 70f71e742e Not used anymore. Pol Henarejos 2022-03-07 23:49:08 +01:00
  • 7988083d6b Reorganization of file structure. At this moment I disabled openpgp/gnuk due to missing deep tests. Pol Henarejos 2022-03-07 23:37:10 +01:00
  • bad954a2c4 USB serial now returns the Pico unique ID. v1.0 Pol Henarejos 2022-03-07 01:38:32 +01:00
  • a5902db07f Adding -DUSB_VID=0xXXXX -DUSB_PID=0xYYYY feature to overwrite default VID/PID. Pol Henarejos 2022-03-07 01:27:28 +01:00
  • e75b7bbb1b Using default VID/PID to avoid licensing issues with FSIJ. Pol Henarejos 2022-03-07 01:26:32 +01:00
  • 266be17366 Adding script to patch binary with desired VID:PID. Pol Henarejos 2022-03-07 01:09:48 +01:00
  • 44b4b432d8 Removing LCD layout. Pol Henarejos 2022-03-07 00:58:45 +01:00
  • f1868680ca Using original ATR. Pol Henarejos 2022-03-07 00:58:10 +01:00
  • eda8c0ce15 Some code cleanups and led blink modifications. Pol Henarejos 2022-03-06 14:26:17 +01:00
  • 855b51730b Fix symmetric AES encryption/decryption. It works! Pol Henarejos 2022-03-06 01:55:48 +01:00
  • e36c80761e Fix login session persistence. It is handled when the card reader disconnects, instead of when applet is selected (only the first time). Pol Henarejos 2022-03-06 01:50:34 +01:00
  • bf2624cd88 AES keys are DKEK encrypted in flash. Pol Henarejos 2022-03-06 01:40:30 +01:00
  • 8c1977783e Fix AES initialization context. Pol Henarejos 2022-03-06 01:30:39 +01:00
  • 7306a9765e Fix AES key generation for other 128 and 192 bits. Pol Henarejos 2022-03-06 01:29:39 +01:00
  • 5e377cccaf Added AES encryption/decryption. However, I could not find any interface (neither opensc nor sc-hsm-embedded). Needs further testing. Pol Henarejos 2022-03-06 01:28:29 +01:00
  • 37957dd8fd Adding asymmetric decryption. Pol Henarejos 2022-03-06 00:09:01 +01:00
  • ba3fa745a1 Moving load private key methods. Pol Henarejos 2022-03-05 00:31:55 +01:00
  • 982ca07096 Keys are decrypted when are used for signature. Pol Henarejos 2022-03-05 00:09:36 +01:00
  • 6cd575ea51 Added key unwrap support. Pol Henarejos 2022-03-04 23:30:56 +01:00
  • a29b01cdd8 Adding key wrap support. Pol Henarejos 2022-03-04 23:23:15 +01:00
  • 64cf9097e3 Fix saving imported DKEK. Pol Henarejos 2022-03-04 23:10:58 +01:00
  • f022c3235d Fix when initialize with 0 dkek shares. DKEK is automatically generated and saved. Pol Henarejos 2022-03-04 23:10:15 +01:00
  • 010c8018ea DKEK is reencrypted with the new pin if changed. Pol Henarejos 2022-03-04 23:08:15 +01:00
  • 78bad89415 Private and secret keys are now stored encrypted with DKEK. Pol Henarejos 2022-03-04 23:00:59 +01:00
  • dcabd78ddb Cleaning debug. Pol Henarejos 2022-03-04 23:00:24 +01:00
  • 59833d08eb Adding support for generating more than 32 bytes at a time. Pol Henarejos 2022-03-04 10:46:10 +01:00
  • 41f0b53dd5 Fix listing private keys and X509 certificates. Pol Henarejos 2022-03-03 17:56:22 +01:00
  • ab6a081fdf Better debugging. Pol Henarejos 2022-03-03 00:00:29 +01:00
  • 70e153e11d Fix RSA RAW signature. Pol Henarejos 2022-03-03 00:00:14 +01:00
  • 2f4fb3507b Fix ECDSA signature computation. Now it works. Pol Henarejos 2022-03-01 23:37:53 +01:00
  • 9202c4db66 Added ECDSA signature. Added RSA cleanups. Pol Henarejos 2022-03-01 01:15:55 +01:00
  • 486c4eb449 Added RSA signature (not tested). Still missing ECDSA signature. Trying to figure out what is ECDSA RAW. Pol Henarejos 2022-03-01 00:55:01 +01:00
  • ff06414247 Adding signature computation (unfinished) Pol Henarejos 2022-02-28 09:43:09 +01:00
  • 553bd793b9 RP 2040 does not have PIN support (i.e., pin pad support). Thus, we disable it to enable openssl pkcs11 engine interaction. Pol Henarejos 2022-02-27 20:58:04 +01:00
  • 8d6acb8162 Updating ATR. Pol Henarejos 2022-02-27 20:57:24 +01:00
  • 44b3792166 Fix with reading dynamic files. Pol Henarejos 2022-02-27 20:56:45 +01:00
  • 1918a5769c Adding symmetric key generation (AES CBC) Fix file search and discovery. Pol Henarejos 2022-02-25 17:04:31 +01:00
  • 36cd26acd3 More candy debug. Pol Henarejos 2022-02-25 17:03:28 +01:00
  • 6777221e48 Allow for null data write to allocate physical space. Pol Henarejos 2022-02-25 17:03:05 +01:00
  • 857aaf2679 Fix ACL when creating new file. Pol Henarejos 2022-02-24 22:38:15 +01:00
  • a94c74e508 Added PIN change. Pol Henarejos 2022-02-24 22:07:52 +01:00
  • 4cdb2f93e5 Fix reset pin. Pol Henarejos 2022-02-24 20:37:50 +01:00
  • 8657758cf2 Adding acl and pin checks. If pin is blocked, is always blocked despite correct login. Pol Henarejos 2022-02-24 20:00:37 +01:00
  • fce1a30f56 Fix deleting key. Pol Henarejos 2022-02-24 19:04:06 +01:00
  • a4ef5e6d17 Adding delete file command. Pol Henarejos 2022-02-24 16:22:05 +01:00
  • 249de0c5d2 Calling variable token info data generation. Pol Henarejos 2022-02-23 22:17:58 +01:00
  • a90aac5533 Making files to accept data callbacks (useful for asn1 data). Pol Henarejos 2022-02-23 22:17:31 +01:00
  • b874575dab Moving to static dynamic files. Pol Henarejos 2022-02-23 17:35:53 +01:00
  • b9bbddd24e Using separate eps. Pol Henarejos 2022-02-23 17:35:29 +01:00
  • d6368a221f Return some SW even if no app is selected. Pol Henarejos 2022-02-23 17:35:02 +01:00
  • c29f8d6cc5 Migrating to static memory to avoid malloc for new files. Let's see how it works. Pol Henarejos 2022-02-23 12:00:34 +01:00
  • 41b1467ab7 Fix with empty extended length header. Fix buffer overflow when extended length. APDU shall be reset at every APDU beginning. Pol Henarejos 2022-02-23 12:00:04 +01:00
  • 16bd415fb9 Adding sanity checks. Pol Henarejos 2022-02-22 18:26:02 +01:00
  • 173d64dd0e Finalizing EC key generation and storage. Pol Henarejos 2022-02-22 15:36:32 +01:00
  • 67698eca94 Fixed bug with size of cvc. Pol Henarejos 2022-02-22 14:27:13 +01:00
  • f97555a8da Adding ECC storing keygen. Pol Henarejos 2022-02-22 13:22:09 +01:00
  • a28f217c57 Inner signature of CVC encodes the full certificate body. Pol Henarejos 2022-02-22 00:55:36 +01:00
  • e1126b5951 In order to announce the public key, the response must be cvc request authenticated. Pol Henarejos 2022-02-22 00:37:02 +01:00
  • 1688ea540e Fix: FPI containing wrong file length. Pol Henarejos 2022-02-21 16:24:47 +01:00
  • 2a770ee7c9 DKEKS are also initialized. Pol Henarejos 2022-02-21 16:24:32 +01:00
  • 0ef2ee40ac Adding update_ef command. Flash is reset when initialize Pol Henarejos 2022-02-21 16:06:09 +01:00
  • d4e4cbbb0a Adding initialize commands. Pol Henarejos 2022-02-21 16:05:32 +01:00
  • 87a47c626b Fix with extended LE. Pol Henarejos 2022-02-21 13:26:30 +01:00
  • 4e3b43ec35 Adding storage of PRKD and CD. Pol Henarejos 2022-02-21 12:21:16 +01:00
  • d32620710e Adding file chains for CC, CE and CD. Pol Henarejos 2022-02-21 12:20:39 +01:00
  • fe429bf5af Adding signature to public file. Storing private key in disk. Pol Henarejos 2022-02-21 00:27:53 +01:00
  • ecfeb63273 Storing private keys as only P and Q for RSA. They are converted on the fly upon a request. Pol Henarejos 2022-02-20 20:05:46 +01:00
  • e620b891e1 Adding RSA response (unfinished). Adding ECC generation (no response yet). Pol Henarejos 2022-02-20 01:59:48 +01:00
  • d904e55aba Updating CVCA Pol Henarejos 2022-02-20 01:58:56 +01:00
  • 0ae8733d9b Adding keypair generation. At this moment, only RSA works but without any security check. Pol Henarejos 2022-02-19 02:16:29 +01:00
  • 67ac86f97d Fix with endianness and search by path name. Pol Henarejos 2022-02-18 16:42:59 +01:00
  • d6e7fc7cce Adding PIN login. Pol Henarejos 2022-02-18 16:19:54 +01:00
  • eaa0265f74 Adding import dkek shares. Pol Henarejos 2022-02-18 15:46:46 +01:00
  • e59c0d08c4 Adding initialization. - PINs are never stored, neither in flash nor in RAM. - PINs are stored in flash in doubled salted way. - PINs are stored in RAM in single salted way. - SOPIN in RAM (single salted) is used to encrypt/decrypt DKEK. - PINs in RAM (single salted) are used to encrypt/decrypt private keys related with user/so pins. - DKEK is only used to export/import data. Pol Henarejos 2022-02-18 13:28:41 +01:00
  • 0fa7f4cd54 Added DKEK file. Pol Henarejos 2022-02-18 13:25:32 +01:00
  • 4bb756b17c Fix when clearing file. It was omitting fid field and thus causing misalignment and corruption data. Pol Henarejos 2022-02-18 13:25:19 +01:00
  • 1630c7b52d Adding unique_id variable. Pol Henarejos 2022-02-18 10:39:03 +01:00
  • 633f005efd Adding INS_CHALLENGE for DKEK generation. Pol Henarejos 2022-02-17 19:50:12 +01:00
  • 4ccc457fab Using mbedtls tag v3.1.0 Pol Henarejos 2022-02-17 19:46:02 +01:00
  • f7553a0a75 Fix bug of not refilling after random bytes are requested. Pol Henarejos 2022-02-17 19:45:23 +01:00
  • c2733e8977 Using files from mbedtls submodule Pol Henarejos 2022-02-17 19:17:24 +01:00