coelner/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2024-09-20 11:20:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added support for ECDH_XKEK.

Browse Source 
Note that it is unfinished. ECDH_XKEK is utilized for deriving and setting the KEK, based on the calc DH secret. It should not return anything, just SW_OK (this is not what is happening right now).

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-08-10 23:51:41 +02:00
parent 34d9469157
commit 356eeea505
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/hsm/sc_hsm.c
View File

@ -1800,7 +1800,7 @@ static int cmd_decrypt_asym() {
}
mbedtls_rsa_free(&ctx);
}
else if (p2 == ALGO_EC_DH) {
else if (p2 == ALGO_EC_DH || p2 == ALGO_EC_DH_XKEK) {
mbedtls_ecdh_context ctx;
if (wait_button() == true) //timeout
return SW_SECURE_MESSAGE_EXEC_ERROR();
@ -1827,7 +1827,20 @@ static int cmd_decrypt_asym() {
return SW_DATA_INVALID();
}
free(kdata);
r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1);
r = -1;
if (p2 == ALGO_EC_DH)
r = mbedtls_ecdh_read_public(&ctx, apdu.data-1, apdu.nc+1);
else if (p2 == ALGO_EC_DH_XKEK) {
size_t pub_len = 0;
const uint8_t *pub = cvc_get_pub(apdu.data, apdu.nc, &pub_len);
if (pub) {
size_t t86_len = 0;
const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86);
if (t86) {
r = mbedtls_ecdh_read_public(&ctx, t86-1, t86_len+1);
}
}
}
if (r != 0) {
mbedtls_ecdh_free(&ctx);
return SW_DATA_INVALID();