coelner/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2024-09-20 03:10:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: coelner:fc69f5e1b12f81033b16a834084160954cbee5e2
Branches Tags
coelner:master
coelner:development
coelner:development-eddsa
coelner:esp32
coelner:r2
coelner:r1
coelner:gnuk
coelner:v4.2-eddsa1
coelner:v4.2
coelner:v4.0-eddsa1
coelner:v4.0
coelner:v3.6-eddsa1
coelner:v3.6
coelner:v3.4
coelner:v3.2
coelner:v3.0
coelner:v2.6
coelner:v2.4
coelner:v2.2
coelner:v2.0
coelner:v1.12
coelner:v1.10
coelner:v1.8
coelner:v1.6
coelner:v1.4
coelner:v1.2
coelner:v1.0
...
compare: coelner:c3ddfe96895ea7eea4bf0f3d93a61d947a084466
Branches Tags
coelner:development
coelner:master
coelner:development-eddsa
coelner:esp32
coelner:r2
coelner:r1
coelner:gnuk
coelner:v4.2-eddsa1
coelner:v4.2
coelner:v4.0-eddsa1
coelner:v4.0
coelner:v3.6-eddsa1
coelner:v3.6
coelner:v3.4
coelner:v3.2
coelner:v3.0
coelner:v2.6
coelner:v2.4
coelner:v2.2
coelner:v2.0
coelner:v1.12
coelner:v1.10
coelner:v1.8
coelner:v1.6
coelner:v1.4
coelner:v1.2
coelner:v1.0

5 Commits
fc69f5e1b1 ... c3ddfe9689

Author SHA1 Message Date
Pol Henarejos
c3ddfe9689
Use OTP 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-11 23:16:51 +02:00
Pol Henarejos
72eb5a2a69
Enable OTP to store a permanent secret key. 
It can be used by HSM or Fido to protect the keys and use it as MKEK.
 2024-09-11 23:16:23 +02:00
Pol Henarejos
95f3a464b1
Use internal TRNG of Pico. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-06 15:16:34 +02:00
Pol Henarejos
bb37a3ddb8
Fix artifacts version 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-05 15:21:51 +02:00
Pol Henarejos
6da49336c9
Use v4 for artifacts 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-05 09:16:20 +02:00
5 changed files with 22 additions and 76 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/test.yml vendored
View File

@ -36,7 +36,7 @@ jobs:
mkdir -p artifacts mkdir -p artifacts
docker save pico-hsm-test:bullseye -o artifacts/docker-image.tar docker save pico-hsm-test:bullseye -o artifacts/docker-image.tar
- name: Temporarily save image - name: Temporarily save image
uses: actions/upload-artifact@v4.1.7 uses: actions/upload-artifact@v4
with: with:
name: docker-artifact name: docker-artifact
path: artifacts path: artifacts
@ -54,7 +54,7 @@ jobs:
with: with:
submodules: recursive submodules: recursive
- name: Retrieve saved image - name: Retrieve saved image
uses: actions/download-artifact@v4.1.7 uses: actions/download-artifact@v4
with: with:
name: docker-artifact name: docker-artifact
path: artifacts path: artifacts

2
CMakeLists.txt
View File

@ -125,7 +125,5 @@ if(NOT ESP_PLATFORM)
) )
endif(APPLE) endif(APPLE)
target_link_libraries(pico_hsm PRIVATE pthread m) target_link_libraries(pico_hsm PRIVATE pthread m)
else()
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id pico_aon_timer tinyusb_device tinyusb_board)
endif() endif()
endif() endif()

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit 697e2fd2637e96a09f074905836b69fe5020b4a7 Subproject commit 108cfec47c8b72472acbf6d3f8cc50260bfb09bd

12
src/hsm/cmd_initialize.c
View File

@ -219,19 +219,11 @@ int cmd_initialize() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
const uint8_t *keyid = const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
(const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
*label = (const uint8_t *) "ESPICOHSMTR"; *label = (const uint8_t *) "ESPICOHSMTR";
uint16_t prkd_len = asn1_build_prkd_ecc(label, uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, 4096);
(uint16_t)strlen((const char *) label),
keyid,
20,
256,
res_APDU,
4096);
fpk = search_file(EF_PRKD_DEV); fpk = search_file(EF_PRKD_DEV);
ret = file_put_data(fpk, res_APDU, prkd_len); ret = file_put_data(fpk, res_APDU, prkd_len);
} }
if (ret != 0) { if (ret != 0) {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();

78
src/hsm/kek.c
View File

@ -29,6 +29,7 @@
#include "mbedtls/ecdsa.h" #include "mbedtls/ecdsa.h"
#include "mbedtls/chachapoly.h" #include "mbedtls/chachapoly.h"
#include "files.h" #include "files.h"
#include "otp.h"
extern bool has_session_pin, has_session_sopin; extern bool has_session_pin, has_session_sopin;
extern uint8_t session_pin[32], session_sopin[32]; extern uint8_t session_pin[32], session_sopin[32];
@ -72,19 +73,19 @@ int load_mkek(uint8_t *mkek) {
return CCID_EXEC_ERROR; return CCID_EXEC_ERROR;
} }
if (has_mkek_mask) { int ret = aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(mkek)[i] ^= mkek_mask[i];
}
}
int ret =
aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
if (ret != 0) { if (ret != 0) {
return CCID_EXEC_ERROR; return CCID_EXEC_ERROR;
} }
if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) { if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) {
return CCID_WRONG_DKEK; return CCID_WRONG_DKEK;
} }
if (has_mkek_mask || otp_key_1) {
const uint8_t *mask = otp_key_1 ? otp_key_1 : mkek_mask;
for (int i = 0; i < MKEK_KEY_SIZE; i++) {
MKEK_KEY(mkek)[i] ^= mask[i];
}
}
return CCID_OK; return CCID_OK;
} }
@ -94,14 +95,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) {
mbedtls_chachapoly_context chatx; mbedtls_chachapoly_context chatx;
mbedtls_chachapoly_init(&chatx); mbedtls_chachapoly_init(&chatx);
mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12); mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12);
int ret = mbedtls_chachapoly_auth_decrypt(&chatx, int ret = mbedtls_chachapoly_auth_decrypt(&chatx, len - 16, mse.key_enc, mse.Qpt, 65, data + len - 16, data, data);
len - 16,
mse.key_enc,
mse.Qpt,
65,
data + len - 16,
data,
data);
mbedtls_chachapoly_free(&chatx); mbedtls_chachapoly_free(&chatx);
return ret; return ret;
} }
@ -141,10 +135,7 @@ int store_mkek(const uint8_t *mkek) {
release_mkek(tmp_mkek_pin); release_mkek(tmp_mkek_pin);
return CCID_ERR_FILE_NOT_FOUND; return CCID_ERR_FILE_NOT_FOUND;
} }
aes_encrypt_cfb_256(session_pin, aes_encrypt_cfb_256(session_pin, MKEK_IV(tmp_mkek_pin), MKEK_KEY(tmp_mkek_pin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
MKEK_IV(tmp_mkek_pin),
MKEK_KEY(tmp_mkek_pin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
file_put_data(tf, tmp_mkek_pin, MKEK_SIZE); file_put_data(tf, tmp_mkek_pin, MKEK_SIZE);
release_mkek(tmp_mkek_pin); release_mkek(tmp_mkek_pin);
} }
@ -157,10 +148,7 @@ int store_mkek(const uint8_t *mkek) {
release_mkek(tmp_mkek_sopin); release_mkek(tmp_mkek_sopin);
return CCID_ERR_FILE_NOT_FOUND; return CCID_ERR_FILE_NOT_FOUND;
} }
aes_encrypt_cfb_256(session_sopin, aes_encrypt_cfb_256(session_sopin, MKEK_IV(tmp_mkek_sopin), MKEK_KEY(tmp_mkek_sopin), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
MKEK_IV(tmp_mkek_sopin),
MKEK_KEY(tmp_mkek_sopin),
MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE); file_put_data(tf, tmp_mkek_sopin, MKEK_SIZE);
release_mkek(tmp_mkek_sopin); release_mkek(tmp_mkek_sopin);
} }
@ -278,13 +266,7 @@ int mkek_decrypt(uint8_t *data, uint16_t len) {
return r; return r;
} }
int dkek_encode_key(uint8_t id, int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint16_t *out_len, const uint8_t *allowed, uint16_t allowed_len) {
void *key_ctx,
int key_type,
uint8_t *out,
uint16_t *out_len,
const uint8_t *allowed,
uint16_t allowed_len) {
if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) { if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) {
return CCID_WRONG_DATA; return CCID_WRONG_DATA;
} }
@ -386,12 +368,7 @@ int dkek_encode_key(uint8_t id,
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);
size_t olen = 0; size_t olen = 0;
mbedtls_ecp_point_write_binary(&ecdsa->grp, mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
&ecdsa->grp.G,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len); put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen; kb_len += 2 + (uint16_t)olen;
@ -399,12 +376,7 @@ int dkek_encode_key(uint8_t id,
mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d)); mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);
mbedtls_ecp_point_write_binary(&ecdsa->grp, mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
&ecdsa->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&olen,
kb + 8 + kb_len + 2,
sizeof(kb) - 8 - kb_len - 2);
put_uint16_t((uint16_t)olen, kb + 8 + kb_len); put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
kb_len += 2 + (uint16_t)olen; kb_len += 2 + (uint16_t)olen;
@ -465,12 +437,7 @@ int dkek_encode_key(uint8_t id,
memcpy(out + *out_len, kb, kb_len_pad); memcpy(out + *out_len, kb, kb_len_pad);
*out_len += kb_len_pad; *out_len += kb_len_pad;
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, out, *out_len, out + *out_len);
kmac,
256,
out,
*out_len,
out + *out_len);
*out_len += 16; *out_len += 16;
if (r != 0) { if (r != 0) {
@ -492,13 +459,7 @@ int dkek_type_key(const uint8_t *in) {
return 0x0; return 0x0;
} }
int dkek_decode_key(uint8_t id, int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_len, int *key_size_out, uint8_t **allowed, uint16_t *allowed_len) {
void *key_ctx,
const uint8_t *in,
uint16_t in_len,
int *key_size_out,
uint8_t **allowed,
uint16_t *allowed_len) {
uint8_t kcv[8]; uint8_t kcv[8];
int r = 0; int r = 0;
memset(kcv, 0, sizeof(kcv)); memset(kcv, 0, sizeof(kcv));
@ -526,12 +487,7 @@ int dkek_decode_key(uint8_t id,
} }
uint8_t signature[16]; uint8_t signature[16];
r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), r = mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_ECB), kmac, 256, in, in_len - 16, signature);
kmac,
256,
in,
in_len - 16,
signature);
if (r != 0) { if (r != 0) {
return CCID_WRONG_SIGNATURE; return CCID_WRONG_SIGNATURE;
} }