pico-hsm

mirror of https://github.com/polhenarejos/pico-hsm.git synced 2024-09-20 11:20:08 +00:00

Author	SHA1	Message	Date
Pol Henarejos	157923decc	Clafiricate docs about PKA and PIN Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-06 01:44:24 +02:00
Pol Henarejos	7bbcbc57eb	Removing unnecessary debug. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-06 01:36:03 +02:00
Pol Henarejos	9074463f4e	Added clarification on PKA and PIN DKEK is protected in the device with a derived key from the PIN number. Unfortunately, SCS3 does not support the combination of PKA and PIN but OpenSC does. This is explained here. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-06 01:27:51 +02:00
Pol Henarejos	3ebf4fdff5	User authentication is unlinked from session_pin Due to PUK Authentication, user authentication is not linked to having a valid session_pin anymore. In case of enabled PUK Auth, session_pin is used only for unlocking DKEK, but not for granting auth privileges, as they only are granted when PUK Auth succeeds. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-06 01:13:09 +02:00
Pol Henarejos	77e5fa2d2b	Added static files for device key and certiticate. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-15 15:57:54 +02:00
Pol Henarejos	6bd2e65459	Add function for building PrKD asn1 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-15 15:38:11 +02:00
Pol Henarejos	3363e9ad0c	Updating ccid. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-14 19:12:31 +02:00
Pol Henarejos	d1f0f45525	Added support for native PKCS1.5 and OEP decryption. It is not tested, as it is not supported by pkcs11 modules. For instance, OpenSSL implements OEP in local side, calling a RAW decryption on the device. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-14 17:00:23 +02:00
Pol Henarejos	efc1b4a4ae	Fix meta deletion. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-14 16:45:06 +02:00
Pol Henarejos	a45303d9e6	Added support for specific purposes. Added support for SHA512 operations. Keys can only be used for the specific purpose provided during the keypair generation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-14 16:12:04 +02:00
Pol Henarejos	871ff69f56	Fix critical bug. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-14 11:46:44 +02:00
Pol Henarejos	d4b4289c0b	Update extra_command.md Added explanation for Key usage counter.	2022-06-14 11:27:49 +02:00
Pol Henarejos	32af000435	Upgrading to version 2.4. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-13 19:39:35 +02:00
Pol Henarejos	64178192ad	Update README.md Added PKA description.	2022-06-13 15:03:46 +02:00
Pol Henarejos	598752956f	Update scs3.md Added macOS notes.	2022-06-13 14:58:09 +02:00
Pol Henarejos	4dce0e5958	Update public_key_authentication.md Added screenshots.	2022-06-13 14:33:33 +02:00
Pol Henarejos	9f02aef930	Add PKA doc. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-13 14:28:09 +02:00
Pol Henarejos	0c25b0968b	Update scs3.md Added a patch.	2022-06-13 11:59:28 +02:00
Pol Henarejos	ddc0bd7202	Updated SCS3 doc. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-13 11:57:33 +02:00
Pol Henarejos	20727e1508	Point to last checkout. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-12 18:10:59 +02:00
Pol Henarejos	3afc1964dc	Store in dynamic memory PUK authentication. When a PUK is authenticated, session PIN is set to true. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-12 18:10:37 +02:00
Pol Henarejos	914020fd36	Added PUK authentication. Surprisingly, it works from the very beginning. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-12 17:43:50 +02:00
Pol Henarejos	168a8cd5a6	Fix selecting PUK for AUT. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-12 17:42:21 +02:00
Pol Henarejos	eb94ed7806	Separated routines for verifying and parsing CV certificates. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 20:04:48 +02:00
Pol Henarejos	db6b3ec427	Added select MSE for puk AUT. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 20:04:32 +02:00
Pol Henarejos	32d0cdcea7	Save cached challenge length. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 18:58:35 +02:00
Pol Henarejos	332fe8c884	Generated challenges are cached and dev_name (ESTERMXXXXX) based on terminal certificate. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 16:40:51 +02:00
Pol Henarejos	59f0cf7732	Fix CA certificates selection. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 16:33:53 +02:00
Pol Henarejos	b803505287	When a certificate is verified, the corresponding certificate description and the certificate are cached and saved. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 16:30:19 +02:00
Pol Henarejos	3542062ecd	Added function to write the ASN1 certificate description. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 16:29:28 +02:00
Pol Henarejos	824c327a2c	Added function to obtain EC params from root CA cert. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 16:28:55 +02:00
Pol Henarejos	76a41dffa1	Store all verified certificates (INS MSE) into CA_PREFIX files. When a certificate is sent for verification, it is always cached and saved onto a CA_PREFIX. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 11:59:06 +02:00
Pol Henarejos	65482cad9c	Added dynamic public key references. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 11:09:39 +02:00
Pol Henarejos	a17a4c0a3c	Finished key public registration. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 11:09:25 +02:00
Pol Henarejos	2437cf09d1	Added EF for PUKs Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-10 11:08:47 +02:00
Pol Henarejos	c4c394845d	Updated pico-ccid. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 21:25:33 +02:00
Pol Henarejos	a4d4f9a944	Fix outer CAR value. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 21:25:17 +02:00
Pol Henarejos	5eb086935e	Added INS_PSO. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 19:02:59 +02:00
Pol Henarejos	83a583a33f	Fix CVC verification. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 19:02:22 +02:00
Pol Henarejos	143c2d279b	Added cvc_verify to verify a cvcert with other CA cvcert. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 14:16:17 +02:00
Pol Henarejos	08dd596883	Added cvc_get_pub(). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 14:15:35 +02:00
Pol Henarejos	a4ffcebb0f	Added variable puk_store. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 14:15:17 +02:00
Pol Henarejos	8a14c22056	Added OID compilation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 11:53:58 +02:00
Pol Henarejos	39f7b5284a	Added OID definitions. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-09 11:53:35 +02:00
Pol Henarejos	4f58cd255b	Adding PUK store. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-08 20:01:37 +02:00
Pol Henarejos	d96d7a533e	Added procedure for verifying CVC (unfinished). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-08 20:01:23 +02:00
Pol Henarejos	0e59166c64	Added MSE for B6 CRT. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-08 17:35:30 +02:00
Pol Henarejos	6d8161de73	Added functions to retrieve CAR and CHR from certs. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-08 17:34:17 +02:00
Pol Henarejos	494df64674	Added CVCA to burnt certificates. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-08 17:33:48 +02:00
Pol Henarejos	d057729675	Fix returning the status of PIN1 when it is not initialized. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-07 19:58:21 +02:00

1 2 3 4 5 ...

448 Commits