Upgrading to Version 2.10.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-17 12:00:37 +01:00
parent 9ac5200792 fe95093484
commit 5e0b0bfe38
24 changed files with 624 additions and 152 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -64,6 +64,7 @@ target_sources(pico_fido PUBLIC
        ${CMAKE_CURRENT_LIST_DIR}/src/fido/cbor_cred_mgmt.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fido/cbor_config.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fido/cbor_vendor.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fido/cbor_large_blobs.c
        )
 set(HSM_DRIVER "hid")
 include(pico-hsm-sdk/pico_hsm_sdk_import.cmake)
--- a/README.md
+++ b/README.md
@@ -19,10 +19,14 @@ Pico FIDO has implemented the following features:
 - Support for vendor Config
 - Backup with 24 words
 - Secure lock to protect the device from flash dumpings
- Permissions support (MC, GA, CM, ACFG)
+- Permissions support (MC, GA, CM, ACFG, LBW)
 - Authenticator configuration
 - minPinLength extension
 - Self attestation
 - Enterprise attestation
 - credBlobs extension
 - largeBlobKey extension
 - largeBlobs support (2048 bytes máx.)
 All these features are compliant with the specification. Therefore, if you detect some behaviour that is not expected or it does not follow the rules of specs, please open an issue.
@@ -34,10 +38,6 @@ If the Pico is stolen the contents of private and secret keys can be read.
 ## Download
 Please, go to the [Release page](https://github.com/polhenarejos/pico-fido/releases "Release page") and download the UF2 file for your board.
 Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you are planning to use it with OpenSC or similar, you should modify Info.plist of CCID driver to add these VID/PID or use the VID/PID patcher as follows: `./pico-fido-patch-vidpid.sh VID:PID input_fido_file.uf2 output_fido_file.uf2`
 You can use whatever VID/PID, but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
 ## Build
 Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive.
@@ -52,6 +52,8 @@ Note that PICO_BOARD, USB_VID and USB_PID are optional. If not provided, pico bo
 After make ends, the binary file pico_fido.uf2 will be generated. Put your pico board into loading mode, by pushing BOOTSEL button while pluging on, and copy the UF2 to the new fresh usb mass storage Pico device. Once copied, the pico mass storage will be disconnected automatically and the pico board will reset with the new firmware. A blinking led will indicate the device is ready to work.
 **Remark:** Pico Fido uses HID interface and thus, VID/PID values are irrelevant in terms of operativity. You can safely use any arbitrary value or the default ones.
 ## Led blink
 Pico FIDO uses the led to indicate the current status. Four states are available:
 ### Press to confirm
--- a/build_pico_fido.sh
+++ b/build_pico_fido.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 VERSION_MAJOR="2"
-VERSION_MINOR="8"
+VERSION_MINOR="10"
 rm -rf release/*
 cd build_release
--- a/src/fido/cbor.c
+++ b/src/fido/cbor.c
@@ -37,6 +37,7 @@ int cbor_selection();
 int cbor_cred_mgmt(const uint8_t *data, size_t len);
 int cbor_config(const uint8_t *data, size_t len);
 int cbor_vendor(const uint8_t *data, size_t len);
 int cbor_large_blobs(const uint8_t *data, size_t len);
 const uint8_t aaguid[16] = {0x89, 0xFB, 0x94, 0xB7, 0x06, 0xC9, 0x36, 0x73, 0x9B, 0x7E, 0x30, 0x52, 0x6D, 0x96, 0x81, 0x45}; // First 16 bytes of SHA256("Pico FIDO2")
@@ -68,6 +69,8 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) {
            return cbor_cred_mgmt(data + 1, len - 1);
        else if (data[0] == CTAP_CONFIG)
            return cbor_config(data + 1, len - 1);
        else if (data[0] == CTAP_LARGE_BLOBS)
            return cbor_large_blobs(data + 1, len - 1);
    }
    else if (cmd == CTAP_VENDOR_CBOR) {
        return cbor_vendor(data, len);
--- a/src/fido/cbor_client_pin.c
+++ b/src/fido/cbor_client_pin.c
@@ -31,7 +31,6 @@
 #include "hsm.h"
 #include "apdu.h"
 uint8_t permissions_rp_id = 0, permission_set = 0;
 uint32_t usage_timer = 0, initial_usage_time_limit = 0;
 uint32_t max_usage_time_period  = 600*1000;
 bool needs_power_cycle = false;
@@ -63,11 +62,11 @@ void clearPinUvAuthTokenPermissionsExceptLbw() {
 }
 void stopUsingPinUvAuthToken() {
    permissions_rp_id = 0;
    paut.permissions = 0;
    usage_timer = 0;
    paut.in_use = false;
    memset(paut.rp_id_hash, 0, sizeof(paut.rp_id_hash));
    paut.has_rp_id = false;
    initial_usage_time_limit = 0;
    paut.user_present = paut.user_verified = false;
    user_present_time_limit = 0;
@@ -486,7 +485,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
        if (subcommand == 0x9) {
            if (permissions == 0)
                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
-            if ((permissions & CTAP_PERMISSION_BE) || (permissions & CTAP_PERMISSION_LBW)) // Not supported yet
+            if ((permissions & CTAP_PERMISSION_BE)) // Not supported yet
                CBOR_ERROR(CTAP2_ERR_UNAUTHORIZED_PERMISSION);
        }
@@ -547,6 +546,8 @@ int cbor_client_pin(const uint8_t *data, size_t len) {
            mbedtls_sha256((uint8_t *)rpId.data, rpId.len, paut.rp_id_hash, 0);
            paut.has_rp_id = true;
        }
        else
            paut.has_rp_id = false;
        uint8_t pinUvAuthToken_enc[32 + IV_SIZE];
        encrypt(pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc);
        CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
--- a/src/fido/cbor_config.c
+++ b/src/fido/cbor_config.c
@@ -95,7 +95,7 @@ int cbor_config(const uint8_t *data, size_t len) {
        else if (val_u == 0x03) {
            CBOR_FIELD_GET_UINT(pinUvAuthProtocol, 1);
        }
-        else if (val_u == 0x04) { // pubKeyCredParams
+        else if (val_u == 0x04) {
            CBOR_FIELD_GET_BYTES(pinUvAuthParam, 1);
        }
    }
@@ -204,8 +204,7 @@ int cbor_config(const uint8_t *data, size_t len) {
        CBOR_FREE_BYTE_STRING(minPinLengthRPIDs[i]);
    }
-        if (error != CborNoError)
+    if (error != CborNoError) {
        {
        if (error == CborErrorImproperValue)
            return CTAP2_ERR_CBOR_UNEXPECTED_TYPE;
        return error;
--- a/src/fido/cbor_cred_mgmt.c
+++ b/src/fido/cbor_cred_mgmt.c
@@ -221,10 +221,20 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
        }
        cred_counter++;
-        CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, subcommand == 0x04 ? 5 : 4));
+
        uint8_t l = 4;
        if (subcommand == 0x04)
            l++;
        if (cred.extensions.present == true) {
            if (cred.extensions.credProtect > 0)
               l++;
            if (cred.extensions.largeBlobKey == ptrue)
               l++;
        }
        CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, l));
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x06));
-        uint8_t l = 0;
+        l = 0;
        if (cred.userId.present == true)
            l++;
        if (cred.userName.present == true)
@@ -279,8 +289,22 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) {
            asserted = true;
            rpIdHashx = rpIdHash;
        }
        if (cred.extensions.present == true) {
            if (cred.extensions.credProtect > 0) {
                CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A));
                CBOR_CHECK(cbor_encode_uint(&mapEncoder, cred.extensions.credProtect));
            }
            if (cred.extensions.largeBlobKey == ptrue) {
                uint8_t largeBlobKey[32];
                int ret = credential_derive_large_blob_key(cred.id.data, cred.id.len, largeBlobKey);
                if (ret != 0) {
                    CBOR_ERROR(CTAP2_ERR_PROCESSING);
                }
                CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0B));
                CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey)));
                mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey));
            }
        }
        credential_free(&cred);
        mbedtls_ecdsa_free(&key);
    }
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@@ -85,9 +85,10 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    Credential creds[MAX_CREDENTIAL_COUNT_IN_LIST] = {0};
    size_t allowList_len = 0, creds_len = 0;
    uint8_t *aut_data = NULL;
-    bool asserted = false;
+    bool asserted = false, up = true, uv = false;
    int64_t kty = 2, alg = 0, crv = 0;
    CborByteString kax = {0}, kay = {0}, salt_enc = {0}, salt_auth = {0};
    const bool *credBlob = NULL;
    CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
    uint64_t val_c = 1;
@@ -173,7 +174,8 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
                    CBOR_PARSE_MAP_END(_f2, 3);
                    continue;
                }
-                CBOR_FIELD_KEY_TEXT_VAL_UINT(2, "credProtect", extensions.credProtect);
+                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "credBlob", credBlob);
                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", extensions.largeBlobKey);
                CBOR_ADVANCE(2);
            }
            CBOR_PARSE_MAP_END(_f1, 2);
@@ -237,6 +239,10 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
            }
            //else if (options.up == NULL) //5.7
                //rup = ptrue;
            if (options.uv != NULL)
                uv = *options.uv;
            if (options.up != NULL)
                up = *options.up;
        }
        if (pinUvAuthParam.present == true) { //6.1
@@ -332,7 +338,11 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
            clearPinUvAuthTokenPermissionsExceptLbw();
        }
-        if (!(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV)) {
+        if (extensions.largeBlobKey == pfalse) {
            CBOR_ERROR(CTAP2_ERR_INVALID_OPTION);
        }
        if (up == false && uv == false) {
            selcred = &creds[0];
        }
        else {
@@ -368,6 +378,14 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
        }
    }
    uint8_t largeBlobKey[32];
    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
        ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey);
        if (ret != 0) {
            CBOR_ERROR(CTAP2_ERR_PROCESSING);
        }
    }
    size_t ext_len = 0;
    uint8_t ext [512];
    if (extensions.present == true) {
@@ -377,12 +395,15 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
            extensions.hmac_secret = NULL;
        if (extensions.hmac_secret != NULL)
            l++;
-        if (extensions.credProtect != 0)
+        if (credBlob == ptrue)
            l++;
        CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, l));
-        if (extensions.credProtect != 0) {
+        if (credBlob == ptrue) {
-            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credProtect"));
+            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credBlob"));
-            CBOR_CHECK(cbor_encode_uint(&mapEncoder, extensions.credProtect));
+            if (selcred->extensions.credBlob.present == true)
                CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, selcred->extensions.credBlob.data, selcred->extensions.credBlob.len));
            else
                CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, NULL, 0));
        }
        if (extensions.hmac_secret != NULL) {
@@ -464,7 +485,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    uint8_t lfields = 3;
    if (selcred->opts.present == true && selcred->opts.rk == ptrue)
        lfields++;
-    if (numberOfCredentials > 1 && next == false && !(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV))
+    if (numberOfCredentials > 1 && next == false)
        lfields++;
    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue)
        lfields++;
    cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
    CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields));
@@ -506,10 +529,15 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
        }
        CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
    }
-    if (numberOfCredentials > 1 && next == false && !(flags & FIDO2_AUT_FLAG_UP) && !(flags & FIDO2_AUT_FLAG_UV)) {
+    if (numberOfCredentials > 1 && next == false) {
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05));
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, numberOfCredentials));
    }
    if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) {
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x07));
        CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey)));
    }
    mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey));
    CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
    resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
    ctr++;
--- a/src/fido/cbor_get_info.c
+++ b/src/fido/cbor_get_info.c
@@ -26,7 +26,7 @@ int cbor_get_info() {
    CborEncoder encoder, mapEncoder, arrayEncoder, mapEncoder2;
    CborError error = CborNoError;
    cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
-    CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 12));
+    CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 15));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 3));
@@ -36,9 +36,11 @@ int cbor_get_info() {
    CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02));
-    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 3));
+    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 5));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "credBlob"));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "credProtect"));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "hmac-secret"));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "largeBlobKey"));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "minPinLength"));
    CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder));
@@ -46,7 +48,7 @@ int cbor_get_info() {
    CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, aaguid, sizeof(aaguid)));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x04));
-    CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &arrayEncoder, 7));
+    CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &arrayEncoder, 8));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "ep"));
    CBOR_CHECK(cbor_encode_boolean(&arrayEncoder, get_opts() & FIDO2_OPT_EA));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "rk"));
@@ -60,12 +62,17 @@ int cbor_get_info() {
        CBOR_CHECK(cbor_encode_boolean(&arrayEncoder, true));
    else
        CBOR_CHECK(cbor_encode_boolean(&arrayEncoder, false));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "largeBlobs"));
    CBOR_CHECK(cbor_encode_boolean(&arrayEncoder, true));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "pinUvAuthToken"));
    CBOR_CHECK(cbor_encode_boolean(&arrayEncoder, true));
    CBOR_CHECK(cbor_encode_text_stringz(&arrayEncoder, "setMinPINLength"));
    CBOR_CHECK(cbor_encode_boolean(&arrayEncoder, true));
    CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, MAX_MSG_SIZE));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x06));
    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 2));
    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, 1)); // PIN protocols
@@ -100,6 +107,9 @@ int cbor_get_info() {
    CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2));
    CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0B));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, MAX_LARGE_BLOB_SIZE)); // maxSerializedLargeBlobArray
    file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF);
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0C));
    if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1)
@@ -115,6 +125,9 @@ int cbor_get_info() {
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0E));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, PICO_FIDO_VERSION)); // firmwareVersion
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0F));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, MAX_CREDBLOB_LENGTH)); // maxCredBlobLength
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x15));
    CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 2));
    CBOR_CHECK(cbor_encode_uint(&arrayEncoder, CTAP_CONFIG_AUT_ENABLE));
--- a/src/fido/cbor_large_blobs.c
+++ b/src/fido/cbor_large_blobs.c
@@ -0,0 +1,150 @@
 /*
 * This file is part of the Pico FIDO distribution (https://github.com/polhenarejos/pico-fido).
 * Copyright (c) 2022 Pol Henarejos.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "ctap2_cbor.h"
 #include "fido.h"
 #include "ctap.h"
 #include "files.h"
 #include "apdu.h"
 #include "version.h"
 #include "hsm.h"
 #include "mbedtls/sha256.h"
 static uint64_t expectedLength = 0, expectedNextOffset = 0;
 uint8_t temp_lba[MAX_LARGE_BLOB_SIZE];
 int cbor_large_blobs(const uint8_t *data, size_t len) {
    CborParser parser;
    CborValue map;
    CborEncoder encoder, mapEncoder;
    CborError error = CborNoError;
    uint64_t get = 0, offset = UINT64_MAX, length = 0, pinUvAuthProtocol = 0;
    CborByteString set = {0}, pinUvAuthParam = {0};
    CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map));
    uint64_t val_c = 1;
    CBOR_PARSE_MAP_START(map, 1) {
        uint64_t val_u = 0;
        CBOR_FIELD_GET_UINT(val_u, 1);
        if (val_c <= 0 && val_c != val_u)
            CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
        if (val_u < val_c)
            CBOR_ERROR(CTAP2_ERR_INVALID_CBOR);
        val_c = val_u + 1;
        if (val_u == 0x01) {
            CBOR_FIELD_GET_UINT(get, 1);
        }
        else if (val_u == 0x02) {
            CBOR_FIELD_GET_BYTES(set, 1);
        }
        else if (val_u == 0x03) {
            CBOR_FIELD_GET_UINT(offset, 1);
        }
        else if (val_u == 0x04) {
            CBOR_FIELD_GET_UINT(length, 1);
        }
        else if (val_u == 0x05) {
            CBOR_FIELD_GET_BYTES(pinUvAuthParam, 1);
        }
        else if (val_u == 0x06) {
            CBOR_FIELD_GET_UINT(pinUvAuthProtocol, 1);
        }
    }
    CBOR_PARSE_MAP_END(map, 1);
    if (offset == UINT64_MAX)
        CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
    if (get == 0 && set.present == false)
        CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
    if (get != 0 && set.present == true)
        CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
    cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
    if (get > 0) {
        if (length != 0)
            CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
        if (length > MAX_FRAGMENT_LENGTH)
            CBOR_ERROR(CTAP1_ERR_INVALID_LEN);
        if (offset > file_get_size(ef_largeblob))
            CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
        CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1));
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
        CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, file_get_data(ef_largeblob)+offset, MIN(get, file_get_size(ef_largeblob)-offset)));
    }
    else {
        if (set.len > MAX_FRAGMENT_LENGTH)
            CBOR_ERROR(CTAP1_ERR_INVALID_LEN);
        if (offset == 0) {
            if (length == 0)
                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
            if (length > MAX_LARGE_BLOB_SIZE) {
                CBOR_ERROR(CTAP2_ERR_LARGE_BLOB_STORAGE_FULL);
            }
            if (length < 17) {
                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
            }
            expectedLength = length;
            expectedNextOffset = 0;
        }
        else {
            if (length != 0)
                CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
        }
        if (offset != expectedNextOffset)
            CBOR_ERROR(CTAP1_ERR_INVALID_SEQ);
        if (pinUvAuthParam.present == false)
            CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED);
        if (pinUvAuthProtocol == 0)
            CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER);
        uint8_t verify_data[70] = {0};
        memset(verify_data, 0xff, 32);
        verify_data[32] = 0x0C;
        verify_data[34] = offset & 0xff;
        verify_data[35] = offset >> 8;
        verify_data[36] = offset >> 16;
        verify_data[37] = offset >> 24;
        mbedtls_sha256(set.data, set.len, verify_data+38, 0);
        if (verify(pinUvAuthProtocol, paut.data, verify_data, sizeof(verify_data), pinUvAuthParam.data) != 0)
            CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
        if (!(paut.permissions & CTAP_PERMISSION_LBW))
            CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID);
        if (offset+set.len > expectedLength)
            CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER);
        if (offset == 0)
            memset(temp_lba, 0, sizeof(temp_lba));
        memcpy(temp_lba+expectedNextOffset, set.data, set.len);
        expectedNextOffset += set.len;
        if (expectedNextOffset == expectedLength) {
            uint8_t sha[32];
            mbedtls_sha256(temp_lba, expectedLength-16, sha, 0);
            if (expectedLength > 17 && memcmp(sha, temp_lba+expectedLength-16, 16) != 0)
                CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE);
            flash_write_data_to_file(ef_largeblob, temp_lba, expectedLength);
            low_flash_available();
        }
        goto err;
    }
    CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
    err:
    CBOR_FREE_BYTE_STRING(pinUvAuthParam);
    CBOR_FREE_BYTE_STRING(set);
    if (error != CborNoError)
        return -CTAP2_ERR_INVALID_CBOR;
    res_APDU_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1);
    return 0;
 }
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@@ -119,6 +119,8 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "hmac-secret", extensions.hmac_secret);
                CBOR_FIELD_KEY_TEXT_VAL_UINT(2, "credProtect", extensions.credProtect);
                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "minPinLength", extensions.minPinLength);
                CBOR_FIELD_KEY_TEXT_VAL_BYTES(2, "credBlob", extensions.credBlob);
                CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", extensions.largeBlobKey);
                CBOR_ADVANCE(2);
            }
            CBOR_PARSE_MAP_END(_f1, 2);
@@ -238,10 +240,14 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
        if (strcmp(excludeList[e].type.data, "public-key") != 0)
            continue;
        Credential ecred;
-        if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash, &ecred) == 0 && (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED || flags & FIDO2_AUT_FLAG_UV))
+        if (credential_load(excludeList[e].id.data, excludeList[e].id.len, rp_id_hash, &ecred) == 0 && (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED || (flags & FIDO2_AUT_FLAG_UV)))
                    CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED);
    }
    if (extensions.largeBlobKey == pfalse || (extensions.largeBlobKey == ptrue && options.rk != ptrue)) {
        CBOR_ERROR(CTAP2_ERR_INVALID_OPTION);
    }
    if (options.up == ptrue || options.up == NULL) { //14.1
        if (pinUvAuthParam.present == true) {
            if (getUserPresentFlagValue() == false) {
@@ -289,7 +295,13 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
                }
            }
        }
        if (extensions.credBlob.present == true)
            l++;
        CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, l));
        if (extensions.credBlob.present == true) {
            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credBlob"));
            CBOR_CHECK(cbor_encode_boolean(&mapEncoder, extensions.credBlob.len < MAX_CREDBLOB_LENGTH));
        }
        if (extensions.credProtect != 0) {
            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credProtect"));
            CBOR_CHECK(cbor_encode_uint(&mapEncoder, extensions.credProtect));
@@ -377,8 +389,16 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    ret = mbedtls_ecdsa_write_signature(&ekey, MBEDTLS_MD_SHA256, hash, 32, sig, sizeof(sig), &olen, random_gen, NULL);
    mbedtls_ecdsa_free(&ekey);
    uint8_t largeBlobKey[32];
    if (extensions.largeBlobKey == ptrue && options.rk == ptrue) {
        ret = credential_derive_large_blob_key(cred_id, cred_id_len, largeBlobKey);
        if (ret != 0) {
            CBOR_ERROR(CTAP2_ERR_PROCESSING);
        }
    }
    cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0);
-    CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 4));
+    CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, extensions.largeBlobKey == ptrue && options.rk == ptrue ? 5 : 4));
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01));
    CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "packed"));
@@ -407,6 +427,12 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x04));
    CBOR_CHECK(cbor_encode_boolean(&mapEncoder, enterpriseAttestation == 2));
    if (extensions.largeBlobKey == ptrue && options.rk == ptrue) {
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05));
        CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey)));
    }
    mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey));
    CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder));
    resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1);
--- a/src/fido/credential.c
+++ b/src/fido/credential.c
@@ -60,6 +60,10 @@ int credential_create(CborCharString *rpId, CborByteString *userId, CborCharStri
    if (extensions->present == true) {
        CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x07));
        CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2,  CborIndefiniteLength));
        if (extensions->credBlob.present == true && extensions->credBlob.len < MAX_CREDBLOB_LENGTH) {
            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "credBlob"));
            CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, extensions->credBlob.data, extensions->credBlob.len));
        }
        if (extensions->credProtect != 0) {
            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "credProtect"));
            CBOR_CHECK(cbor_encode_uint(&mapEncoder2, extensions->credProtect));
@@ -68,6 +72,10 @@ int credential_create(CborCharString *rpId, CborByteString *userId, CborCharStri
            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "hmac-secret"));
            CBOR_CHECK(cbor_encode_boolean(&mapEncoder2, *extensions->hmac_secret));
        }
        if (extensions->largeBlobKey == ptrue) {
            CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "largeBlobKey"));
            CBOR_CHECK(cbor_encode_boolean(&mapEncoder2, true));
        }
        CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2));
    }
    CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x08));
@@ -155,6 +163,8 @@ int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *r
                    CBOR_FIELD_GET_KEY_TEXT(2);
                    CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "hmac-secret", cred->extensions.hmac_secret);
                    CBOR_FIELD_KEY_TEXT_VAL_UINT(2, "credProtect", cred->extensions.credProtect);
                    CBOR_FIELD_KEY_TEXT_VAL_BYTES(2, "credBlob", cred->extensions.credBlob);
                    CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", cred->extensions.largeBlobKey);
                    CBOR_ADVANCE(2);
                }
                CBOR_PARSE_MAP_END(_f1, 2);
@@ -309,10 +319,24 @@ int credential_derive_chacha_key(uint8_t *outk) {
    int r = 0;
    if ((r = load_keydev(outk)) != 0)
        return r;
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
+    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)"SLIP-0022", 9, outk);
    mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)CRED_PROTO, 4, outk);
    mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)"Encryption key", 14, outk);
    return 0;
 }
 int credential_derive_large_blob_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk) {
    memset(outk, 0, 32);
    int r = 0;
    if ((r = load_keydev(outk)) != 0)
        return r;
    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
    mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)"SLIP-0022", 9, outk);
    mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)CRED_PROTO, 4, outk);
    mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)"largeBlobKey", 12, outk);
    mbedtls_md_hmac(md_info, outk, 32, cred_id, cred_id_len, outk);
    return 0;
 }
--- a/src/fido/credential.h
+++ b/src/fido/credential.h
@@ -31,6 +31,8 @@ typedef struct CredExtensions {
    const bool *hmac_secret;
    uint64_t credProtect;
    const bool *minPinLength;
    CborByteString credBlob;
    const bool *largeBlobKey;
    bool present;
 } CredExtensions;
@@ -62,5 +64,6 @@ extern void credential_free(Credential *cred);
 extern int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash);
 extern int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred);
 extern int credential_derive_hmac_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk);
 extern int credential_derive_large_blob_key(const uint8_t *cred_id, size_t cred_id_len, uint8_t *outk);
 #endif // _CREDENTIAL_H_
--- a/src/fido/ctap.h
+++ b/src/fido/ctap.h
@@ -114,6 +114,7 @@ typedef struct {
 #define CTAP_GET_NEXT_ASSERTION  0x08
 #define CTAP_CREDENTIAL_MGMT     0x0A
 #define CTAP_SELECTION           0x0B
 #define CTAP_LARGE_BLOBS         0x0C
 #define CTAP_CONFIG              0x0D
 #define CTAP_CONFIG_AUT_ENABLE      0x03e43f56b34285e2
--- a/src/fido/fido.c
+++ b/src/fido/fido.c
@@ -116,7 +116,8 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe
    mbedtls_x509write_crt_set_authority_key_identifier(&ctx);
    mbedtls_x509write_crt_set_key_usage(&ctx, MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN);
    int ret = mbedtls_x509write_crt_der(&ctx, buffer, buffer_size, core1 ? random_gen : random_gen_core0, NULL);
-    mbedtls_pk_free(&key);
+    /* pk cannot be freed, as it is freed later */
    //mbedtls_pk_free(&key);
    return ret;
 }
@@ -242,11 +243,15 @@ int scan_files(bool core1) {
            mbedtls_ecdsa_context key;
            mbedtls_ecdsa_init(&key);
            int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, file_get_data(ef_keydev), file_get_size(ef_keydev));
-            if (ret != 0)
+            if (ret != 0) {
                mbedtls_ecdsa_free(&key);
                return ret;
            }
            ret = mbedtls_ecp_mul(&key.grp, &key.Q, &key.d, &key.grp.G, core1 ? random_gen : random_gen_core0, NULL);
-            if (ret != 0)
+            if (ret != 0) {
                mbedtls_ecdsa_free(&key);
                return ret;
            }
            ret = x509_create_cert(&key, cert, sizeof(cert), core1);
            mbedtls_ecdsa_free(&key);
            if (ret <= 0)
@@ -284,6 +289,10 @@ int scan_files(bool core1) {
    else {
        printf("FATAL ERROR: Auth Token not found in memory!\r\n");
    }
    ef_largeblob = search_by_fid(EF_LARGEBLOB, NULL, SPECIFY_EF);
    if (!file_has_data(ef_largeblob)) {
        flash_write_data_to_file(ef_largeblob, (const uint8_t *)"\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c", 17);
    }
    low_flash_available();
    return CCID_OK;
 }
--- a/src/fido/fido.h
+++ b/src/fido/fido.h
@@ -78,6 +78,10 @@ extern void set_opts(uint8_t);
 #define MAX_CREDENTIAL_COUNT_IN_LIST 16
 #define MAX_CRED_ID_LENGTH        1024
 #define MAX_RESIDENT_CREDENTIALS  256
 #define MAX_CREDBLOB_LENGTH       128
 #define MAX_MSG_SIZE              1024
 #define MAX_FRAGMENT_LENGTH       (MAX_MSG_SIZE - 64)
 #define MAX_LARGE_BLOB_SIZE       2048
 typedef struct known_app {
    const uint8_t *rp_id_hash;
--- a/src/fido/files.c
+++ b/src/fido/files.c
@@ -29,6 +29,7 @@ file_t file_entries[] = {
    {.fid = EF_AUTHTOKEN,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},   // AUTH TOKEN
    {.fid = EF_MINPINLEN,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},   // MIN PIN LENGTH
    {.fid = EF_OPTS,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},   // Global options
    {.fid = EF_LARGEBLOB,  .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0xff}},   // Large Blob
    { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, .ef_structure = 0, .acl = {0} } //end
 };
@@ -40,3 +41,4 @@ file_t *ef_counter = NULL;
 file_t *ef_pin = NULL;
 file_t *ef_authtoken = NULL;
 file_t *ef_keydev_enc = NULL;
 file_t *ef_largeblob = NULL;
--- a/src/fido/files.h
+++ b/src/fido/files.h
@@ -31,6 +31,7 @@
 #define EF_MINPINLEN    0x1100
 #define EF_CRED         0xCF00 // Creds at 0xCF00 - 0xCFFF
 #define EF_RP           0xD000 // RPs at 0xD000 - 0xD0FF
 #define EF_LARGEBLOB    0x1101 // Large Blob Array
 extern file_t *ef_keydev;
 extern file_t *ef_certdev;
@@ -38,5 +39,6 @@ extern file_t *ef_counter;
 extern file_t *ef_pin;
 extern file_t *ef_authtoken;
 extern file_t *ef_keydev_enc;
 extern file_t *ef_largeblob;
 #endif //_FILES_H_
--- a/src/fido/version.h
+++ b/src/fido/version.h
@@ -18,7 +18,7 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_
-#define PICO_FIDO_VERSION 0x0208
+#define PICO_FIDO_VERSION 0x020A
 #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff)
 #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff)
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -296,7 +296,7 @@ class Device():
    def doGA(self, client_data=Ellipsis, rp_id=Ellipsis, allow_list=None, extensions=None, user_verification=None, event=None, ctap1=False, check_only=False):
        client_data = client_data if client_data is not Ellipsis else CollectedClientData.create(
-                    type=CollectedClientData.TYPE.CREATE, origin=self.__origin, challenge=os.urandom(32)
+                    type=CollectedClientData.TYPE.GET, origin=self.__origin, challenge=os.urandom(32)
                )
        rp_id = rp_id if rp_id is not Ellipsis else self.__rp['id']
        if (ctap1 is True):
--- a/tests/pico-fido/test_authenticate.py
+++ b/tests/pico-fido/test_authenticate.py
@@ -76,7 +76,7 @@ def test_get_assertion_allow_list_filtering_and_buffering(device):
        len(rp2_assertions)
    )
-    assert counts in [(None, None), (l1, l2)]
+    assert counts in [(1, 1), (l1, l2)]
 def test_corrupt_credId(device, MCRes):
    # apply bit flip
--- a/tests/pico-fido/test_blob.py
+++ b/tests/pico-fido/test_blob.py
@@ -0,0 +1,130 @@
 import pytest
 from fido2.ctap import CtapError
 from fido2.ctap2.pin import PinProtocolV2, ClientPin
 from utils import verify
 import os
 PIN='12345678'
 SMALL_BLOB=b"A"*32
 LARGE_BLOB=b"B"*1024
@pytest.fixture(scope="function")
 def MCCredBlob(device):
    res = device.doMC(extensions={'credBlob': SMALL_BLOB})['res'].attestation_object
    return res
@pytest.fixture(scope="function")
 def GACredBlob(device, MCCredBlob):
    res = device.doGA(allow_list=[
            {"id": MCCredBlob.auth_data.credential_data.credential_id, "type": "public-key"}
        ], extensions={'getCredBlob': True})
    assertions = res['res'].get_assertions()
    for a in assertions:
        verify(MCCredBlob, a, res['req']['client_data'].hash)
    return assertions[0]
@pytest.fixture(scope="function")
 def MCLBK(device):
    res = device.doMC(
        rk=True,
        extensions={'largeBlob':{'support':'required'}}
        )['res']
    return res
@pytest.fixture(scope="function")
 def GALBRead(device, MCLBK):
    res = device.doGA(
        allow_list=[
            {"id": MCLBK.attestation_object.auth_data.credential_data.credential_id, "type": "public-key"}
        ],extensions={'largeBlob':{'read': True}}
        )
    assertions = res['res'].get_assertions()
    for a in assertions:
        verify(MCLBK.attestation_object, a, res['req']['client_data'].hash)
    return res['res']
@pytest.fixture(scope="function")
 def GALBReadLBK(GALBRead):
    return GALBRead.get_assertions()[0]
@pytest.fixture(scope="function")
 def GALBReadLB(GALBRead):
    return GALBRead.get_response(0)
@pytest.fixture(scope="function")
 def GALBWrite(device, MCLBK):
    res = device.doGA(
        allow_list=[
            {"id": MCLBK.attestation_object.auth_data.credential_data.credential_id, "type": "public-key"}
        ],extensions={'largeBlob':{'write': LARGE_BLOB}}
        )
    assertions = res['res'].get_assertions()
    for a in assertions:
        verify(MCLBK.attestation_object, a, res['req']['client_data'].hash)
    return res['res'].get_response(0)
 def test_supports_credblob(info):
    assert info.extensions
    assert 'credBlob' in info.extensions
    assert info.max_cred_blob_length
    assert info.max_cred_blob_length > 0
 def test_mc_credblob(MCCredBlob):
    assert MCCredBlob.auth_data.extensions
    assert "credBlob" in MCCredBlob.auth_data.extensions
    assert MCCredBlob.auth_data.extensions['credBlob'] is True
 def test_ga_credblob(GACredBlob):
    assert GACredBlob.auth_data.extensions
    assert "credBlob" in GACredBlob.auth_data.extensions
    assert GACredBlob.auth_data.extensions['credBlob'] == SMALL_BLOB
 def test_wrong_credblob(device, info):
    device.reset()
    cdh = os.urandom(32)
    ClientPin(device.client()._backend.ctap2).set_pin(PIN)
    pin_token = ClientPin(device.client()._backend.ctap2).get_pin_token(PIN, permissions=ClientPin.PERMISSION.MAKE_CREDENTIAL | ClientPin.PERMISSION.AUTHENTICATOR_CFG)
    protocol = PinProtocolV2()
    MC = device.MC(
        client_data_hash=cdh,
        extensions={'credBlob': b'A'*(info.max_cred_blob_length+1)},
        pin_uv_protocol=protocol.VERSION,
        pin_uv_param=protocol.authenticate(pin_token, cdh)
        )['res']
    assert MC.auth_data.extensions
    assert "credBlob" in MC.auth_data.extensions
    assert MC.auth_data.extensions['credBlob'] is False
    res = device.doGA(allow_list=[
            {"id": MC.auth_data.credential_data.credential_id, "type": "public-key"}
        ], extensions={'getCredBlob': True})
    assertions = res['res'].get_assertions()
    for a in assertions:
        verify(MC, a, res['req']['client_data'].hash)
    assert assertions[0].auth_data.extensions
    assert "credBlob" in assertions[0].auth_data.extensions
    assert len(assertions[0].auth_data.extensions['credBlob']) == 0
 def test_supports_largeblobs(info):
    assert info.extensions
    assert 'largeBlobKey' in info.extensions
    assert 'largeBlobs' in info.options
    assert info.max_large_blob is None or (info.max_large_blob > 1024)
 def test_get_largeblobkey_mc(MCLBK):
    assert 'supported' in MCLBK.extension_results
    assert MCLBK.extension_results['supported'] is True
 def test_get_largeblobkey_ga(GALBReadLBK):
    assert GALBReadLBK.large_blob_key is not None
 def test_get_largeblob_rw(GALBWrite, GALBReadLB):
    assert 'written' in GALBWrite.extension_results
    assert GALBWrite.extension_results['written'] is True
    assert 'blob' in GALBReadLB.extension_results
    assert GALBReadLB.extension_results['blob'] == LARGE_BLOB
--- a/tests/pico-fido/test_cred_mgmt.py
+++ b/tests/pico-fido/test_cred_mgmt.py
@@ -3,76 +3,78 @@ import time
 import random
 from fido2.ctap import CtapError
 from fido2.ctap2 import CredentialManagement
-from fido2.utils import sha256, hmac_sha256
+from fido2.utils import sha256
-from fido2.ctap2.pin import PinProtocolV2
+from fido2.ctap2.pin import PinProtocolV2, ClientPin
 from binascii import hexlify
 from utils import generate_random_user
 PIN = "12345678"
@pytest.fixture(params=[PIN], scope = 'function')
-def PinToken(request, device, client_pin):
+def client_pin_set(request, device, client_pin):
    #device.reboot()
    device.reset()
    pin = request.param
    client_pin.set_pin(pin)
    return client_pin.get_pin_token(pin)
@pytest.fixture(scope = 'function')
-def MC_RK_Res(device, PinToken):
+def MC_RK_Res(device, client_pin_set):
    rp = {"id": "ssh:", "name": "Bate Goiko"}
    device.doMC(rp=rp, rk=True)
    rp = {"id": "xakcop.com", "name": "John Doe"}
    device.doMC(rp=rp, rk=True)
 def PinToken(device):
    return ClientPin(device.client()._backend.ctap2).get_pin_token(PIN, permissions=ClientPin.PERMISSION.MAKE_CREDENTIAL | ClientPin.PERMISSION.CREDENTIAL_MGMT)
-@pytest.fixture(scope = 'function')
+def CredMgmt(device):
-def CredMgmt(device, PinToken):
+    pt = PinToken(device)
    pin_protocol = PinProtocolV2()
-    return CredentialManagement(device.client()._backend.ctap2, pin_protocol, PinToken)
+    return CredentialManagement(device.client()._backend.ctap2, pin_protocol, pt)
-def _test_enumeration(CredMgmt, rp_map):
+def _test_enumeration(device, rp_map):
    "Enumerate credentials using BFS"
-    res = CredMgmt.enumerate_rps()
+    credMgmt = CredMgmt(device)
    res = credMgmt.enumerate_rps()
    assert len(rp_map.keys()) == len(res)
    for rp in res:
-        creds = CredMgmt.enumerate_creds(sha256(rp[3]["id"]))
+        creds = credMgmt.enumerate_creds(sha256(rp[3]["id"].encode()))
-        assert len(creds) == rp_map[rp[3]["id"].decode()]
+        assert len(creds) == rp_map[rp[3]["id"]]
-def _test_enumeration_interleaved(CredMgmt, rp_map):
+def _test_enumeration_interleaved(device, rp_map):
    "Enumerate credentials using DFS"
-    first_rp = CredMgmt.enumerate_rps_begin()
+    credMgmt = CredMgmt(device)
    first_rp = credMgmt.enumerate_rps_begin()
    assert len(rp_map.keys()) == first_rp[CredentialManagement.RESULT.TOTAL_RPS]
    rk_count = 1
-    first_rk = CredMgmt.enumerate_creds_begin(sha256(first_rp[3]["id"]))
+    first_rk = credMgmt.enumerate_creds_begin(sha256(first_rp[3]["id"].encode()))
    for i in range(1, first_rk[CredentialManagement.RESULT.TOTAL_CREDENTIALS]):
-        c = CredMgmt.enumerate_creds_next()
+        c = credMgmt.enumerate_creds_next()
        rk_count += 1
-    assert rk_count == rp_map[first_rp[3]["id"].decode()]
+    assert rk_count == rp_map[first_rp[3]["id"]]
    for i in range(1, first_rp[CredentialManagement.RESULT.TOTAL_RPS]):
-        next_rp = CredMgmt.enumerate_rps_next()
+        next_rp = credMgmt.enumerate_rps_next()
        rk_count = 1
-        first_rk = CredMgmt.enumerate_creds_begin(
+        first_rk =credMgmt.enumerate_creds_begin(
-            sha256(next_rp[3]["id"])
+            sha256(next_rp[3]["id"].encode())
        )
        for i in range(1, first_rk[CredentialManagement.RESULT.TOTAL_CREDENTIALS]):
-            c = CredMgmt.enumerate_creds_next()
+            c = credMgmt.enumerate_creds_next()
            rk_count += 1
-        assert rk_count == rp_map[next_rp[3]["id"].decode()]
+        assert rk_count == rp_map[next_rp[3]["id"]]
-def CredMgmtWrongPinAuth(device, pin_token):
+def CredMgmtWrongPinAuth(device):
    pin_token = PinToken(device)
    pin_protocol = PinProtocolV2()
    wrong_pt = bytearray(pin_token)
    wrong_pt[0] = (wrong_pt[0] + 1) % 256
@@ -98,55 +100,58 @@ def test_get_info(info):
    assert 0x8 in info
    assert info[0x8] > 1
-def test_get_metadata(CredMgmt, MC_RK_Res):
+def test_get_metadata_ok(MC_RK_Res, device):
-    metadata = CredMgmt.get_metadata()
+    metadata = CredMgmt(device).get_metadata()
    assert metadata[CredentialManagement.RESULT.EXISTING_CRED_COUNT] == 2
    assert metadata[CredentialManagement.RESULT.MAX_REMAINING_COUNT] >= 48
-def test_enumerate_rps(CredMgmt, MC_RK_Res):
+def test_enumerate_rps(MC_RK_Res, device):
-    res = CredMgmt.enumerate_rps()
+    res = CredMgmt(device).enumerate_rps()
    assert len(res) == 2
-    assert res[0][CredentialManagement.RESULT.RP]["id"] == b"ssh:"
+    assert res[0][CredentialManagement.RESULT.RP]["id"] == "ssh:"
    assert res[0][CredentialManagement.RESULT.RP_ID_HASH] == sha256(b"ssh:")
    # Solo doesn't store rpId with the exception of "ssh:"
-    assert res[1][CredentialManagement.RESULT.RP]["id"] == b"xakcop.com"
+    assert res[1][CredentialManagement.RESULT.RP]["id"] == "xakcop.com"
    assert res[1][CredentialManagement.RESULT.RP_ID_HASH] == sha256(b"xakcop.com")
-def test_enumarate_creds(CredMgmt, MC_RK_Res):
+def test_enumarate_creds(MC_RK_Res, device):
-    res = CredMgmt.enumerate_creds(sha256(b"ssh:"))
+    credMgmt = CredMgmt(device)
    res = credMgmt.enumerate_creds(sha256(b"ssh:"))
    assert len(res) == 1
    assert_cred_response_has_all_fields(res[0])
-    res = CredMgmt.enumerate_creds(sha256(b"xakcop.com"))
+    res = credMgmt.enumerate_creds(sha256(b"xakcop.com"))
    assert len(res) == 1
    assert_cred_response_has_all_fields(res[0])
-    res = CredMgmt.enumerate_creds(sha256(b"missing.com"))
+    res = credMgmt.enumerate_creds(sha256(b"missing.com"))
    assert not res
-def test_get_metadata_wrong_pinauth(device, MC_RK_Res, PinToken):
+def test_get_metadata_wrong_pinauth(device, MC_RK_Res):
    cmd = lambda credMgmt: credMgmt.get_metadata()
-    _test_wrong_pinauth(device, cmd, PinToken)
+    _test_wrong_pinauth(device, cmd)
-def test_rpbegin_wrong_pinauth(device, MC_RK_Res, PinToken):
+def test_rpbegin_wrong_pinauth(device, MC_RK_Res):
    cmd = lambda credMgmt: credMgmt.enumerate_rps_begin()
-    _test_wrong_pinauth(device, cmd, PinToken)
+    _test_wrong_pinauth(device, cmd)
-def test_rkbegin_wrong_pinauth(device, MC_RK_Res, PinToken):
+def test_rkbegin_wrong_pinauth(device, MC_RK_Res):
    cmd = lambda credMgmt: credMgmt.enumerate_creds_begin(sha256(b"ssh:"))
-    _test_wrong_pinauth(device, cmd, PinToken)
+    _test_wrong_pinauth(device, cmd)
-def test_rpnext_without_rpbegin(device, CredMgmt, MC_RK_Res):
+def test_rpnext_without_rpbegin(device, MC_RK_Res):
-    CredMgmt.enumerate_creds_begin(sha256(b"ssh:"))
+    credMgmt = CredMgmt(device)
    credMgmt.enumerate_creds_begin(sha256(b"ssh:"))
    with pytest.raises(CtapError) as e:
-        CredMgmt.enumerate_rps_next()
+        credMgmt.enumerate_rps_next()
    assert e.value.code == CtapError.ERR.NOT_ALLOWED
-def test_rknext_without_rkbegin(device, CredMgmt, MC_RK_Res):
+def test_rknext_without_rkbegin(device, MC_RK_Res):
-    CredMgmt.enumerate_rps_begin()
+    credMgmt = CredMgmt(device)
    credMgmt.enumerate_rps_begin()
    with pytest.raises(CtapError) as e:
-        CredMgmt.enumerate_creds_next()
+        credMgmt.enumerate_creds_next()
    assert e.value.code == CtapError.ERR.NOT_ALLOWED
-def test_delete(device, PinToken, CredMgmt):
+def test_delete(device):
    # create a new RK
    rp = {"id": "example_3.com", "name": "John Doe 2"}
@@ -156,21 +161,22 @@ def test_delete(device, PinToken, CredMgmt):
    auth = device.doGA(rp_id=rp['id'])
    # get the ID from enumeration
-    creds = CredMgmt.enumerate_creds(reg.auth_data.rp_id_hash)
+    credMgmt = CredMgmt(device)
    creds = credMgmt.enumerate_creds(reg.auth_data.rp_id_hash)
    for cred in creds:
        if cred[7]["id"] == reg.auth_data.credential_data.credential_id:
            break
    # delete it
    cred = {"id": cred[7]["id"], "type": "public-key"}
-    CredMgmt.delete_cred(cred)
+    credMgmt.delete_cred(cred)
    # make sure it doesn't work
    with pytest.raises(CtapError) as e:
        auth = device.doGA(rp_id=rp['id'])
    assert e.value.code == CtapError.ERR.NO_CREDENTIALS
-def test_add_delete(device, PinToken, CredMgmt):
+def test_add_delete(device):
    """ Delete a credential in the 'middle' and ensure other credentials are not affected. """
    rp = {"id": "example_4.com", "name": "John Doe 3"}
@@ -182,11 +188,12 @@ def test_add_delete(device, PinToken, CredMgmt):
        regs.append(reg)
    # Check they all enumerate
-    res = CredMgmt.enumerate_creds(regs[1].auth_data.rp_id_hash)
+    credMgmt = CredMgmt(device)
    res = credMgmt.enumerate_creds(regs[1].auth_data.rp_id_hash)
    assert len(res) == 3
    # delete the middle one
-    creds = CredMgmt.enumerate_creds(reg.auth_data.rp_id_hash)
+    creds = credMgmt.enumerate_creds(reg.auth_data.rp_id_hash)
    for cred in creds:
        if cred[7]["id"] == regs[1].auth_data.credential_data.credential_id:
            break
@@ -194,16 +201,16 @@ def test_add_delete(device, PinToken, CredMgmt):
    assert cred[7]["id"] == regs[1].auth_data.credential_data.credential_id
    cred = {"id": cred[7]["id"], "type": "public-key"}
-    CredMgmt.delete_cred(cred)
+    credMgmt.delete_cred(cred)
    # Check one less enumerates
-    res = CredMgmt.enumerate_creds(regs[0].auth_data.rp_id_hash)
+    res = credMgmt.enumerate_creds(regs[0].auth_data.rp_id_hash)
    assert len(res) == 2
 def test_multiple_creds_per_multiple_rps(
-    device, PinToken, CredMgmt, MC_RK_Res
+    device, MC_RK_Res
 ):
-    res = CredMgmt.enumerate_rps()
+    res = CredMgmt(device).enumerate_rps()
    assert len(res) == 2
    new_rps = [
@@ -217,27 +224,26 @@ def test_multiple_creds_per_multiple_rps(
        for i in range(0, 3):
            reg = device.doMC(rp=rp, rk=True, user=generate_random_user())
-    res = CredMgmt.enumerate_rps()
+    credMgmt = CredMgmt(device)
    res = credMgmt.enumerate_rps()
    assert len(res) == 5
    for rp in res:
        if rp[3]["id"][:12] == "new_example_":
-            creds = CredMgmt.enumerate_creds(sha256(rp[3]["id"].encode("utf8")))
+            creds = credMgmt.enumerate_creds(sha256(rp[3]["id"].encode("utf8")))
            assert len(creds) == 3
@pytest.mark.parametrize(
    "enumeration_test", [_test_enumeration, _test_enumeration_interleaved]
 )
 def test_multiple_enumeration(
-    device, PinToken, MC_RK_Res, CredMgmt, enumeration_test
+    device, MC_RK_Res, enumeration_test
 ):
    """ Test enumerate still works after different commands """
    res = CredMgmt.enumerate_rps()
    expected_enumeration = {"xakcop.com": 1, "ssh:": 1}
-    enumeration_test(CredMgmt, expected_enumeration)
+    enumeration_test(device, expected_enumeration)
    new_rps = [
        {"id": "example-2.com", "name": "Example-2-creds", "count": 2},
@@ -253,27 +259,19 @@ def test_multiple_enumeration(
        # Now expect creds from this RP
        expected_enumeration[rp["id"]] = rp["count"]
-    enumeration_test(CredMgmt, expected_enumeration)
+    enumeration_test(device, expected_enumeration)
    enumeration_test(CredMgmt, expected_enumeration)
    metadata = CredMgmt.get_metadata()
    enumeration_test(CredMgmt, expected_enumeration)
    enumeration_test(CredMgmt, expected_enumeration)
@pytest.mark.parametrize(
    "enumeration_test", [_test_enumeration, _test_enumeration_interleaved]
 )
 def test_multiple_enumeration_with_deletions(
-    device, PinToken, MC_RK_Res, CredMgmt, enumeration_test
+    device, MC_RK_Res, enumeration_test
 ):
    """ Create each credential in random order.  Test enumerate still works after randomly deleting each credential"""
    res = CredMgmt.enumerate_rps()
    expected_enumeration = {"xakcop.com": 1, "ssh:": 1}
-    enumeration_test(CredMgmt, expected_enumeration)
+    enumeration_test(device, expected_enumeration)
    new_rps = [
        {"id": "example-1.com", "name": "Example-1-creds"},
@@ -294,7 +292,7 @@ def test_multiple_enumeration_with_deletions(
        else:
            expected_enumeration[rp["id"]] += 1
-        enumeration_test(CredMgmt, expected_enumeration)
+        enumeration_test(device, expected_enumeration)
    total_creds = len(new_rps)
@@ -304,10 +302,11 @@ def test_multiple_enumeration_with_deletions(
        num = expected_enumeration[rp]
        index = 0 if num == 1 else random.randint(0, num - 1)
-        cred = CredMgmt.enumerate_creds(sha256(rp.encode("utf8")))[index]
+        credMgmt = CredMgmt(device)
        cred = credMgmt.enumerate_creds(sha256(rp.encode("utf8")))[index]
        # print('Delete %d index (%d total) cred of %s' % (index, expected_enumeration[rp], rp))
-        CredMgmt.delete_cred({"id": cred[7]["id"], "type": "public-key"})
+        credMgmt.delete_cred({"id": cred[7]["id"], "type": "public-key"})
        expected_enumeration[rp] -= 1
        if expected_enumeration[rp] == 0:
@@ -316,43 +315,13 @@ def test_multiple_enumeration_with_deletions(
        if len(list(expected_enumeration.keys())) == 0:
            break
-        enumeration_test(CredMgmt, expected_enumeration)
+        enumeration_test(device, expected_enumeration)
-def _test_wrong_pinauth(device, cmd, PinToken):
+def _test_wrong_pinauth(device, cmd):
-    credMgmt = CredMgmtWrongPinAuth(device, PinToken)
+    credMgmt = CredMgmtWrongPinAuth(device)
    for i in range(2):
        with pytest.raises(CtapError) as e:
            cmd(credMgmt)
        assert e.value.code == CtapError.ERR.PIN_AUTH_INVALID
    with pytest.raises(CtapError) as e:
        cmd(credMgmt)
    assert e.value.code == CtapError.ERR.PIN_AUTH_BLOCKED
    #device.reboot()
    credMgmt = CredMgmtWrongPinAuth(device, PinToken)
    for i in range(2):
        time.sleep(0.2)
        with pytest.raises(CtapError) as e:
            cmd(credMgmt)
        assert e.value.code == CtapError.ERR.PIN_AUTH_INVALID
    with pytest.raises(CtapError) as e:
        cmd(credMgmt)
    assert e.value.code == CtapError.ERR.PIN_AUTH_BLOCKED
    #device.reboot()
    credMgmt = CredMgmtWrongPinAuth(device, PinToken)
    for i in range(1):
        time.sleep(0.2)
        with pytest.raises(CtapError) as e:
            cmd(credMgmt)
        assert e.value.code == CtapError.ERR.PIN_AUTH_INVALID
    with pytest.raises(CtapError) as e:
        cmd(credMgmt)
    assert e.value.code == CtapError.ERR.PIN_BLOCKED
--- a/tests/pico-fido/test_minpinlength.py
+++ b/tests/pico-fido/test_minpinlength.py
@@ -0,0 +1,81 @@
 import pytest
 from fido2.ctap2.extensions import CredProtectExtension
 from fido2.webauthn import UserVerificationRequirement
 from fido2.ctap import CtapError
 from fido2.ctap2.pin import PinProtocolV2, ClientPin
 from fido2.ctap2 import Config
 PIN='12345678'
 MINPINLENGTH=6
@pytest.fixture(scope="function")
 def MCMinPin(device):
    res = device.doMC(rk=True, extensions={'minPinLength': True})['res'].attestation_object
    return res
@pytest.fixture(scope="function")
 def SetMinPin(device):
    device.reset()
    ClientPin(device.client()._backend.ctap2).set_pin(PIN)
    cfg = FidoConfig(device)
    cfg.set_min_pin_length(MINPINLENGTH,rp_ids=['example.com'])
@pytest.fixture(scope="function")
 def SetMinPinWrongRpid(device):
    device.reset()
    ClientPin(device.client()._backend.ctap2).set_pin(PIN)
    cfg = FidoConfig(device)
    cfg.set_min_pin_length(MINPINLENGTH,rp_ids=['notanexample.com'])
 def PinToken(device):
    return ClientPin(device.client()._backend.ctap2).get_pin_token(PIN, permissions=ClientPin.PERMISSION.MAKE_CREDENTIAL | ClientPin.PERMISSION.AUTHENTICATOR_CFG)
 def FidoConfig(device):
    pt = PinToken(device)
    pin_protocol = PinProtocolV2()
    return Config(device.client()._backend.ctap2, pin_protocol, pt)
 def test_supports_minpin(info):
    assert info.extensions
    assert 'minPinLength' in info.extensions
    assert info.options
    assert 'setMinPINLength' in info.options
    assert info.options['setMinPINLength'] is True
 def test_minpin(SetMinPin, MCMinPin):
    assert MCMinPin.auth_data.extensions
    assert "minPinLength" in MCMinPin.auth_data.extensions
    assert MCMinPin.auth_data.extensions['minPinLength'] == MINPINLENGTH
 def test_minpin_bad_rpid(SetMinPinWrongRpid, MCMinPin):
    assert not MCMinPin.auth_data.extensions
    assert "minPinLength" not in MCMinPin.auth_data.extensions
 def test_setminpin(device, SetMinPin, MCMinPin):
    cfg = FidoConfig(device)
    cfg.set_min_pin_length(MINPINLENGTH+2,rp_ids=['example.com'])
    res = device.doMC(rk=True, extensions={'minPinLength': True})['res'].attestation_object
    assert res.auth_data.extensions
    assert "minPinLength" in res.auth_data.extensions
    assert res.auth_data.extensions['minPinLength'] == MINPINLENGTH+2
 def test_no_setminpin(device, SetMinPin, MCMinPin):
    cfg = FidoConfig(device)
    with pytest.raises(CtapError) as e:
        cfg.set_min_pin_length(MINPINLENGTH-2,rp_ids=['example.com'])
    assert e.value.code == CtapError.ERR.PIN_POLICY_VIOLATION
 def test_setminpin_check_force(device, SetMinPin, MCMinPin):
    cfg = FidoConfig(device)
    cfg.set_min_pin_length(len(PIN)+1,rp_ids=['example.com'])
    info = device.client()._backend.ctap2.get_info()
    assert info.force_pin_change == True
@pytest.mark.parametrize(
    "force", [True, False]
 )
 def test_setminpin_set_forcee(device, SetMinPin, MCMinPin, force):
    cfg = FidoConfig(device)
    cfg.set_min_pin_length(MINPINLENGTH,rp_ids=['example.com'],force_change_pin=force)
    info = device.client()._backend.ctap2.get_info()
    assert info.force_pin_change == force