pico-hsm

mirror of https://github.com/polhenarejos/pico-hsm.git synced 2024-09-20 11:20:08 +00:00

Author	SHA1	Message	Date
Pol Henarejos	cd6f898f8e	Fix storing certs in DER format. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-25 01:51:16 +02:00
Pol Henarejos	9ef088971b	Integrate all commands to a single script Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-25 01:51:16 +02:00
Pol Henarejos	e399b1c0b1	Renaming the tools and moving to tools/ folder. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-25 01:51:16 +02:00
Pol Henarejos	59bacaf5b4	Update scs3.md Updated patch.	2022-08-24 14:11:14 +02:00
Pol Henarejos	d872a156c1	Update scs3.md Updated CA certs.	2022-08-24 14:04:14 +02:00
Pol Henarejos	c5e4583762	Add a tool for attestation of a private key. It looks for a particular private key and generates a report with some useful information and validates the source of the private key, whether it is generated in this device or outside. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-23 14:54:38 +02:00
Pol Henarejos	38b9c06138	Reformat oids. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-23 14:52:44 +02:00
Pol Henarejos	df18a1e917	Added header. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-23 00:50:07 +02:00
Pol Henarejos	2bc40771ca	Fix generating CVC REQ. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-23 00:50:06 +02:00
Pol Henarejos	5696c7a5da	Update public_key_authentication.md	2022-08-22 14:24:53 +02:00
Pol Henarejos	c5f980fc98	Fix curve for ECDH key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-22 01:13:08 +02:00
Pol Henarejos	aebb68724a	Removing trailing spaces. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-19 01:44:27 +02:00
Pol Henarejos	1f2ccd8c1c	Not used. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-19 01:40:13 +02:00
Pol Henarejos	874058d86a	Pull last changes in pico-ccid. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-19 00:03:09 +02:00
Pol Henarejos	8fccb80295	New burn-certs is called after compilation, not before. Not needed anymore. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:58:38 +02:00
Pol Henarejos	c9c60575c7	Removed 3DES as it is unsecure. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:55:21 +02:00
Pol Henarejos	7e6ed20b26	Not downloading nested submodules for tinyusb Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:53:49 +02:00
Pol Henarejos	52c7be4e16	Also clone nested submodules Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:38:50 +02:00
Pol Henarejos	36d250fc2b	Github does not clone submodules. So, let's do it Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:33:52 +02:00
Pol Henarejos	84ba0e03de	Fix missing TinyUSB submodule Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:31:17 +02:00
Pol Henarejos	7d27c4b546	Fix autobuild Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:28:29 +02:00
Pol Henarejos	80b2bab0f8	Granting root to apt Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:23:58 +02:00
Pol Henarejos	79372ced2f	Just install the SDK in the workflow Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:21:42 +02:00
Pol Henarejos	6fc91962bd	Update codeql.yml	2022-08-18 23:13:02 +02:00
Pol Henarejos	fb76c23694	Let's try our autobuild Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 23:00:09 +02:00
Pol Henarejos	fc6c852e09	When used this tool, the device is always reset to default state. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 20:09:23 +02:00
Pol Henarejos	82f61ff1d4	When initialized, the device key (EF_KEY_DEV) is only generated if not found. To generate a new device key, it must be wiped. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 20:08:54 +02:00
Pol Henarejos	64052f4f70	Marked EF_DEV files as persistent to remain permanent. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 20:08:11 +02:00
Pol Henarejos	36c8150f25	Enhanced the procedure for burning the device certificate. When initialized, the device generates a private key in place and stores it encrypted. The publick key is recovered and sent to our PKI, which generates a CV certificate. This CV certificate is stored inside the device, jointly with the DV CVC. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	cb492728ec	Device key now uses SECP256R1 curve. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	fec02ca733	Removing cvcerts.h dependency. A python script gets the public key of the device (EF_EE_DEV) and requests to our PKI for a CVC. Once got, it is updated to EF_TERMCA (0x2f02). termca_pk is now on EF_KEY_DEV and termca is on EF_TERMCA (concat with DICA). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	4e01a78286	Fix OID names. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	538b39386b	List keys returns the DEV key if exists. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	977aced343	Fix OID names. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	83b5753bb5	Fix saving DEV key. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	a57c3b691f	Fix passing DEBUG_APDU flag. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-18 18:17:48 +02:00
Pol Henarejos	648a374ebb	Create codeql.yml	2022-08-17 18:27:55 +02:00
Pol Henarejos	c3568e1211	Create the terminal private key with id = 0. This is the terminal private key, which will be signed by our PKI. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:20:54 +02:00
Pol Henarejos	6a16d4d55c	Fix returning store_keys(); Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:17:06 +02:00
Pol Henarejos	ab2e71cc40	By default, all CVC are self-generated (chr=car). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:16:53 +02:00
Pol Henarejos	f79fe9f7d0	Fix when no DKEK is present. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-14 01:16:33 +02:00
Pol Henarejos	6956587106	Add newline at the end of file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 23:31:09 +02:00
Pol Henarejos	349df56b09	Missing header. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 15:00:05 +02:00
Pol Henarejos	e6f082d512	Splitting cmd_xxx() functions in separate files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 14:59:27 +02:00
Pol Henarejos	87feed1222	Renaming KEK files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 13:47:43 +02:00
Pol Henarejos	55c8a66613	Fix wrap/unwrap keys with specific allowed algorithms. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 02:58:36 +02:00
Pol Henarejos	2e88422c86	Fix deleting KEK when a key is present in the key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:50:22 +02:00
Pol Henarejos	da841b82d4	Fix deleting KEK. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:48:05 +02:00
Pol Henarejos	9256a72c3e	Added XKEK derivation to save the KEK from XKEK key domain. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:43:55 +02:00
Pol Henarejos	69120cc961	Added cvc_get_ext() to find CVC extensions. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-08-13 00:43:35 +02:00

1 2 3 4 5 ...

523 Commits