Skip to content

Commit

Permalink
Use new Pico Keys SDK.
Browse files Browse the repository at this point in the history 
Signed-off-by: Pol Henarejos <[email protected]>
  • Loading branch information
@polhenarejos
polhenarejos committed Nov 6, 2023
1 parent cc19f8f commit ed2925c
Show file tree
Hide file tree
Showing 11 changed files with 76 additions and 76 deletions.
4 changes: 2 additions & 2 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ set(SOURCES ${SOURCES}

)
set(USB_ITF_CCID 1)
include(pico-hsm-sdk/pico_hsm_sdk_import.cmake)
include(pico-keys-sdk/pico_keys_sdk_import.cmake)

set(INCLUDES ${INCLUDES}
${CMAKE_CURRENT_LIST_DIR}/src/hsm
Expand Down Expand Up @@ -109,5 +109,5 @@ endif (APPLE)
else()
pico_add_extra_outputs(pico_hsm)

target_link_libraries(pico_hsm PRIVATE pico_hsm_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
endif()
2 changes: 1 addition & 1 deletion src/hsm/cmd_derive_asym.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ int cmd_derive_asym() {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_EC, dest_id);
r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
if (r != CCID_OK) {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
Expand Down
6 changes: 3 additions & 3 deletions src/hsm/cmd_initialize.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,13 +187,13 @@ int cmd_initialize() {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
ret = store_keys(&ecdsa, HSM_KEY_EC, key_id);
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
if (ret != CCID_OK) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
size_t cvc_len = 0;
if ((cvc_len = asn1_cvc_aut(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
if ((cvc_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
Expand All @@ -205,7 +205,7 @@ int cmd_initialize() {
return SW_EXEC_ERROR();
}

if ((cvc_len = asn1_cvc_cert(&ecdsa, HSM_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
if ((cvc_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR();
}
Expand Down
8 changes: 4 additions & 4 deletions src/hsm/cmd_key_gen.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,16 +44,16 @@ int cmd_key_gen() {
memcpy(aes_key, random_bytes_get(key_size), key_size);
int aes_type = 0x0;
if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
r = store_keys(aes_key, aes_type, key_id);
if (r != CCID_OK) {
Expand Down
22 changes: 11 additions & 11 deletions src/hsm/cmd_key_unwrap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ int cmd_key_unwrap() {
if (key_type == 0x0) {
return SW_DATA_INVALID();
}
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
mbedtls_rsa_context ctx;
mbedtls_rsa_init(&ctx);
do {
Expand All @@ -45,8 +45,8 @@ int cmd_key_unwrap() {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR();
}
Expand All @@ -57,7 +57,7 @@ int cmd_key_unwrap() {
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
do {
Expand All @@ -67,8 +67,8 @@ int cmd_key_unwrap() {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
}
r = store_keys(&ctx, HSM_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR();
}
Expand All @@ -79,7 +79,7 @@ int cmd_key_unwrap() {
}
prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size, prkd_buf, sizeof(prkd_buf));
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
uint8_t aes_key[64];
int key_size = 0, aes_type = 0;
do {
Expand All @@ -95,16 +95,16 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
else {
return SW_EXEC_ERROR();
Expand Down
14 changes: 7 additions & 7 deletions src/hsm/cmd_key_wrap.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ int cmd_key_wrap() {
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, HSM_KEY_RSA, res_APDU, &wrap_len, meta_tag, tag_len);
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_RSA, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_rsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_ECC) {
Expand All @@ -81,7 +81,7 @@ int cmd_key_wrap() {
}
return SW_EXEC_ERROR();
}
r = dkek_encode_key(kdom, &ctx, HSM_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_ecdsa_free(&ctx);
}
else if (*dprkd == P15_KEYTYPE_AES) {
Expand All @@ -90,22 +90,22 @@ int cmd_key_wrap() {
return SW_SECURE_MESSAGE_EXEC_ERROR();
}

int key_size = file_get_size(ef), aes_type = HSM_KEY_AES;
int key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES;
memcpy(kdata, file_get_data(ef), key_size);
if (mkek_decrypt(kdata, key_size) != 0) {
return SW_EXEC_ERROR();
}
if (key_size == 64) {
aes_type = HSM_KEY_AES_512;
aes_type = PICO_KEYS_KEY_AES_512;
}
else if (key_size == 32) {
aes_type = HSM_KEY_AES_256;
aes_type = PICO_KEYS_KEY_AES_256;
}
else if (key_size == 24) {
aes_type = HSM_KEY_AES_192;
aes_type = PICO_KEYS_KEY_AES_192;
}
else if (key_size == 16) {
aes_type = HSM_KEY_AES_128;
aes_type = PICO_KEYS_KEY_AES_128;
}
r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len, meta_tag, tag_len);
mbedtls_platform_zeroize(kdata, sizeof(kdata));
Expand Down
8 changes: 4 additions & 4 deletions src/hsm/cmd_keypair_gen.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,10 @@ int cmd_keypair_gen() {
return SW_EXEC_ERROR();
}
if ((res_APDU_size =
asn1_cvc_aut(&rsa, HSM_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
return SW_EXEC_ERROR();
}
ret = store_keys(&rsa, HSM_KEY_RSA, key_id);
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
if (ret != CCID_OK) {
mbedtls_rsa_free(&rsa);
return SW_EXEC_ERROR();
Expand Down Expand Up @@ -133,7 +133,7 @@ int cmd_keypair_gen() {
}
}
if ((res_APDU_size =
asn1_cvc_aut(&ecdsa, HSM_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
if (ext) {
free(ext);
}
Expand All @@ -143,7 +143,7 @@ int cmd_keypair_gen() {
if (ext) {
free(ext);
}
ret = store_keys(&ecdsa, HSM_KEY_EC, key_id);
ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
mbedtls_ecdsa_free(&ecdsa);
if (ret != CCID_OK) {
return SW_EXEC_ERROR();
Expand Down
38 changes: 19 additions & 19 deletions src/hsm/cvc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
size_t ext_len,
bool full) {
size_t pubkey_size = 0;
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0);
}
size_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0;
Expand Down Expand Up @@ -221,10 +221,10 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa,
//car
*p++ = 0x42; p += format_tlv_len(lencar, p); memcpy(p, car, lencar); p += lencar;
//pubkey
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
p += asn1_cvc_public_key_rsa(rsa_ecdsa, p, pubkey_size);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
p += asn1_cvc_public_key_ecdsa(rsa_ecdsa, p, pubkey_size);
}
//chr
Expand Down Expand Up @@ -265,10 +265,10 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
size_t ext_len,
bool full) {
size_t key_size = 0;
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N);
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
key_size = 2 * (int)((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)->grp.id)->bit_size + 7) / 8);
}
size_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size);
Expand All @@ -288,13 +288,13 @@ size_t asn1_cvc_cert(void *rsa_ecdsa,
hash256(body, body_size, hsh);
memcpy(p, "\x5F\x37", 2); p += 2;
p += format_tlv_len(key_size, p);
if (key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_RSA) {
if (mbedtls_rsa_rsassa_pkcs1_v15_sign(rsa_ecdsa, random_gen, NULL, MBEDTLS_MD_SHA256, 32, hsh, p) != 0) {
memset(p, 0, key_size);
}
p += key_size;
}
else if (key_type & HSM_KEY_EC) {
else if (key_type & PICO_KEYS_KEY_EC) {
mbedtls_mpi r, s;
int ret = 0;
mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
Expand Down Expand Up @@ -440,17 +440,17 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
size_t seq_len = 0;
const uint8_t *seq = NULL;
uint8_t first_tag = 0x0;
if (key_type & HSM_KEY_EC) {
if (key_type & PICO_KEYS_KEY_EC) {
seq = (const uint8_t *)"\x07\x20\x80";
seq_len = 3;
first_tag = 0xA0;
}
else if (key_type & HSM_KEY_RSA) {
else if (key_type & PICO_KEYS_KEY_RSA) {
seq = (const uint8_t *)"\x02\x74";
seq_len = 2;
first_tag = 0x30;
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
seq = (const uint8_t *)"\x07\xC0\x10";
seq_len = 3;
first_tag = 0xA8;
Expand All @@ -459,10 +459,10 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
size_t seq2_size =
asn1_len_tag(0x30, asn1_len_tag(0x4, keyid_len) + asn1_len_tag(0x3, seq_len));
size_t seq3_size = 0, seq4_size = 0;
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0)) + asn1_len_tag(0x2, 2)));
}
else if (key_type & HSM_KEY_AES) {
else if (key_type & PICO_KEYS_KEY_AES) {
seq3_size = asn1_len_tag(0xA0, asn1_len_tag(0x30, asn1_len_tag(0x2, 2)));
seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0))));
}
Expand Down Expand Up @@ -494,7 +494,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
memcpy(p, seq, seq_len); p += seq_len;

//Seq 3
if (key_type & HSM_KEY_AES) {
if (key_type & PICO_KEYS_KEY_AES) {
*p++ = 0xA0;
p += format_tlv_len(asn1_len_tag(0x30, asn1_len_tag(0x2, 2)), p);
*p++ = 0x30;
Expand All @@ -508,7 +508,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
//Seq 4
*p++ = 0xA1;
size_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0));
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
inseq4_len += asn1_len_tag(0x2, 2);
}
p += format_tlv_len(asn1_len_tag(0x30, inseq4_len), p);
Expand All @@ -518,7 +518,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label,
p += format_tlv_len(asn1_len_tag(0x4, 0), p);
*p++ = 0x4;
p += format_tlv_len(0, p);
if (key_type & HSM_KEY_EC || key_type & HSM_KEY_RSA) {
if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
*p++ = 0x2;
p += format_tlv_len(2, p);
*p++ = (keysize >> 8) & 0xff;
Expand All @@ -539,7 +539,7 @@ size_t asn1_build_prkd_ecc(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_EC,
PICO_KEYS_KEY_EC,
buf,
buf_len);
}
Expand All @@ -556,7 +556,7 @@ size_t asn1_build_prkd_rsa(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_RSA,
PICO_KEYS_KEY_RSA,
buf,
buf_len);
}
Expand All @@ -573,7 +573,7 @@ size_t asn1_build_prkd_aes(const uint8_t *label,
keyid,
keyid_len,
keysize,
HSM_KEY_AES,
PICO_KEYS_KEY_AES,
buf,
buf_len);
}
Expand Down
Loading

0 comments on commit ed2925c

Please sign in to comment.