mirror of
https://github.com/polhenarejos/pico-hsm.git
synced 2024-09-20 11:20:08 +00:00
Added PUK authentication.
Surprisingly, it works from the very beginning. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
parent
168a8cd5a6
commit
914020fd36
@ -45,5 +45,6 @@ extern const uint8_t *cvc_get_chr(const uint8_t *data, size_t len, size_t *olen)
|
|||||||
extern const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen);
|
extern const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen);
|
||||||
extern int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len);
|
extern int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len);
|
||||||
extern mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len);
|
extern mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len);
|
||||||
|
extern int puk_verify(const uint8_t *sig, size_t sig_len, const uint8_t *hash, size_t hash_len, const uint8_t *ca, size_t ca_len);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -2316,9 +2316,18 @@ int cmd_pso() {
|
|||||||
int cmd_external_authenticate() {
|
int cmd_external_authenticate() {
|
||||||
if (P1(apdu) != 0x0 || P2(apdu) != 0x0)
|
if (P1(apdu) != 0x0 || P2(apdu) != 0x0)
|
||||||
return SW_INCORRECT_P1P2();
|
return SW_INCORRECT_P1P2();
|
||||||
uint8_t *input = (uint8_t *)calloc(dev_name_len+challenge_len, sizeof(uint8_t));
|
if (ef_puk_aut == NULL)
|
||||||
|
return SW_REFERENCE_NOT_FOUND();
|
||||||
|
if (apdu.nc == 0)
|
||||||
|
return SW_WRONG_LENGTH();
|
||||||
|
uint8_t *input = (uint8_t *)calloc(dev_name_len+challenge_len, sizeof(uint8_t)), hash[32];
|
||||||
|
memcpy(input, dev_name, dev_name_len);
|
||||||
|
memcpy(input+dev_name_len, challenge, challenge_len);
|
||||||
|
hash256(input, dev_name_len+challenge_len, hash);
|
||||||
|
int r = puk_verify(apdu.data, apdu.nc, hash, 32, file_get_data(ef_puk_aut), file_get_size(ef_puk_aut));
|
||||||
free(input);
|
free(input);
|
||||||
|
if (r != 0)
|
||||||
|
return SW_CONDITIONS_NOT_SATISFIED();
|
||||||
return SW_OK();
|
return SW_OK();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user