coelner/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2024-09-20 11:20:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Before wrapping, check if DKEK is properly configured.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2023-03-09 20:09:03 +01:00
parent 75ca1b57d9
commit 3660120b11
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/hsm/cmd_key_wrap.c
View File

@ -19,6 +19,7 @@
#include "sc_hsm.h"
#include "asn1.h"
#include "kek.h"
#include "files.h"
extern uint8_t get_key_domain(file_t *fkey);
@ -31,12 +32,18 @@ int cmd_key_wrap() {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
file_t *ef = search_dynamic_file((KEY_PREFIX << 8) | key_id);
if (!ef) {
return SW_FILE_NOT_FOUND();
}
uint8_t kdom = get_key_domain(ef);
if (kdom == 0xff) {
return SW_REFERENCE_NOT_FOUND();
}
if (!ef) {
return SW_FILE_NOT_FOUND();
file_t *tf_kd = search_by_fid(EF_KEY_DOMAIN, NULL, SPECIFY_EF);
uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * kdom] : 0,
current_dkeks = kdata ? kdata[2 * kdom + 1] : 0;
if (dkeks != current_dkeks || dkeks == 0 || dkeks == 0xff) {
return SW_REFERENCE_NOT_FOUND();
}
if (key_has_purpose(ef, ALGO_WRAP) == false) {
return SW_CONDITIONS_NOT_SATISFIED();