From 8b9be258dee8db7d7e7037bccf894925c04fa29f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 9 Dec 2025 19:15:35 +0100 Subject: [PATCH 1/9] Fix applet cmp Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 09ec076..7583ecf 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 09ec0767b6a3bd79b2a176fb468e97d9fde28449 +Subproject commit 7583ecff1817c56c6f6c65e31ee86a97eeab3d5d From 1d21d93b74011453092f4542fb0e95aa48a0761b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 9 Dec 2025 21:39:10 +0100 Subject: [PATCH 2/9] Move enterprise attestation to another branch. Signed-off-by: Pol Henarejos --- src/fido/cbor_make_credential.c | 53 ++------------------------------- 1 file changed, 3 insertions(+), 50 deletions(-) diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 01785f4..3faf094 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -40,7 +40,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { PublicKeyCredentialDescriptor excludeList[MAX_CREDENTIAL_COUNT_IN_LIST] = { 0 }; size_t excludeList_len = 0; CredOptions options = { 0 }; - uint64_t pinUvAuthProtocol = 0, enterpriseAttestation = 0, hmacSecretPinUvAuthProtocol = 1; + uint64_t pinUvAuthProtocol = 0, hmacSecretPinUvAuthProtocol = 1; int64_t kty = 2, hmac_alg = 0, crv = 0; CborByteString kax = { 0 }, kay = { 0 }, salt_enc = { 0 }, salt_auth = { 0 }; bool hmac_secret_mc = false; @@ -187,9 +187,6 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (val_u == 0x09) { // pinUvAuthProtocol CBOR_FIELD_GET_UINT(pinUvAuthProtocol, 1); } - else if (val_u == 0x0A) { // enterpriseAttestation - CBOR_FIELD_GET_UINT(enterpriseAttestation, 1); - } } CBOR_PARSE_MAP_END(map, 1); @@ -266,15 +263,6 @@ int cbor_make_credential(const uint8_t *data, size_t len) { if (pinUvAuthParam.present == false && options.uv == pfalse && file_has_data(ef_pin)) { //8.1 CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED); } - if (enterpriseAttestation > 0) { - if (!(get_opts() & FIDO2_OPT_EA)) { - CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); - } - if (enterpriseAttestation != 1 && enterpriseAttestation != 2) { //9.2.1 - CBOR_ERROR(CTAP2_ERR_INVALID_OPTION); - } - //Unfinished. See 6.1.2.9 - } if (pinUvAuthParam.present == true) { //11.1 int ret = verify((uint8_t)pinUvAuthProtocol, paut.data, clientDataHash.data, (uint16_t)clientDataHash.len, pinUvAuthParam.data); if (ret != CborNoError) { @@ -536,19 +524,6 @@ int cbor_make_credential(const uint8_t *data, size_t len) { ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash); } - bool self_attestation = true; - if (enterpriseAttestation == 2 || (ka && ka->use_self_attestation == pfalse)) { - mbedtls_ecp_keypair_free(&ekey); - mbedtls_ecp_keypair_init(&ekey); - uint8_t key[32] = {0}; - if (load_keydev(key) != 0) { - CBOR_ERROR(CTAP1_ERR_OTHER); - } - ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, key, 32); - mbedtls_platform_zeroize(key, sizeof(key)); - md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - self_attestation = false; - } if (md != NULL) { ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); } @@ -585,9 +560,6 @@ int cbor_make_credential(const uint8_t *data, size_t len) { cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); uint8_t lparams = 3; - if (enterpriseAttestation == 2) { - lparams++; - } if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { lparams++; } @@ -599,32 +571,13 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, aut_data, aut_data_len)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x03)); - CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, self_attestation == false || is_nk ? 3 : 2)); + CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, self_attestation || is_nk ? -alg : -FIDO2_ALG_ES256)); + CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES256)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "sig")); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, sig, olen)); - if (self_attestation == false || is_nk) { - CborEncoder arrEncoder; - file_t *ef_cert = NULL; - if (enterpriseAttestation == 2) { - ef_cert = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF); - } - if (!file_has_data(ef_cert)) { - ef_cert = ef_certdev; - } - CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "x5c")); - CBOR_CHECK(cbor_encoder_create_array(&mapEncoder2, &arrEncoder, 1)); - CBOR_CHECK(cbor_encode_byte_string(&arrEncoder, file_get_data(ef_cert), file_get_size(ef_cert))); - CBOR_CHECK(cbor_encoder_close_container(&mapEncoder2, &arrEncoder)); - } CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); - if (enterpriseAttestation == 2) { - CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x04)); - CBOR_CHECK(cbor_encode_boolean(&mapEncoder, true)); - } - if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05)); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey))); From d90dbb6c5fd461b619dde79f15052372af7fdf43 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 9 Dec 2025 21:39:14 +0100 Subject: [PATCH 3/9] Move Secure Boot to another branch. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 7583ecf..8cb2484 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 7583ecff1817c56c6f6c65e31ee86a97eeab3d5d +Subproject commit 8cb2484aa3d0ab5d44207fce40b766abdfcc4e4f From ae36143498382e91d88a08867ff481d1f072b8aa Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Dec 2025 15:39:57 +0100 Subject: [PATCH 4/9] Revert "Move Secure Boot to another branch." This reverts commit d90dbb6c5fd461b619dde79f15052372af7fdf43. --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 8cb2484..7583ecf 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 8cb2484aa3d0ab5d44207fce40b766abdfcc4e4f +Subproject commit 7583ecff1817c56c6f6c65e31ee86a97eeab3d5d From e86862033c29ccd7cbb466186a42f505c1794d86 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Dec 2025 15:40:10 +0100 Subject: [PATCH 5/9] Revert "Move enterprise attestation to another branch." This reverts commit 1d21d93b74011453092f4542fb0e95aa48a0761b. --- src/fido/cbor_make_credential.c | 53 +++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 3faf094..01785f4 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -40,7 +40,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { PublicKeyCredentialDescriptor excludeList[MAX_CREDENTIAL_COUNT_IN_LIST] = { 0 }; size_t excludeList_len = 0; CredOptions options = { 0 }; - uint64_t pinUvAuthProtocol = 0, hmacSecretPinUvAuthProtocol = 1; + uint64_t pinUvAuthProtocol = 0, enterpriseAttestation = 0, hmacSecretPinUvAuthProtocol = 1; int64_t kty = 2, hmac_alg = 0, crv = 0; CborByteString kax = { 0 }, kay = { 0 }, salt_enc = { 0 }, salt_auth = { 0 }; bool hmac_secret_mc = false; @@ -187,6 +187,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (val_u == 0x09) { // pinUvAuthProtocol CBOR_FIELD_GET_UINT(pinUvAuthProtocol, 1); } + else if (val_u == 0x0A) { // enterpriseAttestation + CBOR_FIELD_GET_UINT(enterpriseAttestation, 1); + } } CBOR_PARSE_MAP_END(map, 1); @@ -263,6 +266,15 @@ int cbor_make_credential(const uint8_t *data, size_t len) { if (pinUvAuthParam.present == false && options.uv == pfalse && file_has_data(ef_pin)) { //8.1 CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED); } + if (enterpriseAttestation > 0) { + if (!(get_opts() & FIDO2_OPT_EA)) { + CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); + } + if (enterpriseAttestation != 1 && enterpriseAttestation != 2) { //9.2.1 + CBOR_ERROR(CTAP2_ERR_INVALID_OPTION); + } + //Unfinished. See 6.1.2.9 + } if (pinUvAuthParam.present == true) { //11.1 int ret = verify((uint8_t)pinUvAuthProtocol, paut.data, clientDataHash.data, (uint16_t)clientDataHash.len, pinUvAuthParam.data); if (ret != CborNoError) { @@ -524,6 +536,19 @@ int cbor_make_credential(const uint8_t *data, size_t len) { ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash); } + bool self_attestation = true; + if (enterpriseAttestation == 2 || (ka && ka->use_self_attestation == pfalse)) { + mbedtls_ecp_keypair_free(&ekey); + mbedtls_ecp_keypair_init(&ekey); + uint8_t key[32] = {0}; + if (load_keydev(key) != 0) { + CBOR_ERROR(CTAP1_ERR_OTHER); + } + ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, key, 32); + mbedtls_platform_zeroize(key, sizeof(key)); + md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + self_attestation = false; + } if (md != NULL) { ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); } @@ -560,6 +585,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) { cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); uint8_t lparams = 3; + if (enterpriseAttestation == 2) { + lparams++; + } if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { lparams++; } @@ -571,13 +599,32 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, aut_data, aut_data_len)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x03)); - CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, 2)); + CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, self_attestation == false || is_nk ? 3 : 2)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES256)); + CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, self_attestation || is_nk ? -alg : -FIDO2_ALG_ES256)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "sig")); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, sig, olen)); + if (self_attestation == false || is_nk) { + CborEncoder arrEncoder; + file_t *ef_cert = NULL; + if (enterpriseAttestation == 2) { + ef_cert = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF); + } + if (!file_has_data(ef_cert)) { + ef_cert = ef_certdev; + } + CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "x5c")); + CBOR_CHECK(cbor_encoder_create_array(&mapEncoder2, &arrEncoder, 1)); + CBOR_CHECK(cbor_encode_byte_string(&arrEncoder, file_get_data(ef_cert), file_get_size(ef_cert))); + CBOR_CHECK(cbor_encoder_close_container(&mapEncoder2, &arrEncoder)); + } CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); + if (enterpriseAttestation == 2) { + CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x04)); + CBOR_CHECK(cbor_encode_boolean(&mapEncoder, true)); + } + if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x05)); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey))); From 7ac2ce30f04af3f49697ab45df850315412a985f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Dec 2025 15:40:16 +0100 Subject: [PATCH 6/9] Revert "Move other curves to another branch." This reverts commit 46720fb387d08a9925a4bb26945c88864bb7e6ed. --- src/fido/cbor.c | 15 ++++++++++++- src/fido/cbor_get_info.c | 18 ++++++++++++++- src/fido/cbor_make_credential.c | 36 +++++++++++++++++++++++++++++- src/fido/fido.c | 39 +++++++++++++++++++++++++++++++++ src/fido/fido.h | 19 +++++++++++++++- 5 files changed, 123 insertions(+), 4 deletions(-) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index 772ec50..b681c83 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -151,7 +151,8 @@ int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) { CborError COSE_key_params(int crv, int alg, mbedtls_ecp_group *grp, mbedtls_ecp_point *Q, CborEncoder *mapEncoderParent, CborEncoder *mapEncoder) { CborError error = CborNoError; int kty = 1; - if (crv == FIDO2_CURVE_P256) { + if (crv == FIDO2_CURVE_P256 || crv == FIDO2_CURVE_P384 || crv == FIDO2_CURVE_P521 || + crv == FIDO2_CURVE_P256K1) { kty = 2; } @@ -196,6 +197,18 @@ CborError COSE_key(mbedtls_ecp_keypair *key, CborEncoder *mapEncoderParent, if (key->grp.id == MBEDTLS_ECP_DP_SECP256R1) { alg = FIDO2_ALG_ES256; } + else if (key->grp.id == MBEDTLS_ECP_DP_SECP384R1) { + alg = FIDO2_ALG_ES384; + } + else if (key->grp.id == MBEDTLS_ECP_DP_SECP521R1) { + alg = FIDO2_ALG_ES512; + } + else if (key->grp.id == MBEDTLS_ECP_DP_SECP256K1) { + alg = FIDO2_ALG_ES256K; + } + else if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { + alg = FIDO2_ALG_ECDH_ES_HKDF_256; + } return COSE_key_params(crv, alg, &key->grp, &key->Q, mapEncoderParent, mapEncoder); } CborError COSE_key_shared(mbedtls_ecdh_context *key, diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 25c8d4d..92e32a5 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -113,9 +113,25 @@ int cbor_get_info() { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A)); - uint8_t curves = 1; + uint8_t curves = 3; +#ifndef ENABLE_EMULATION + if (phy_data.enabled_curves & PHY_CURVE_SECP256K1) { +#endif + curves++; +#ifndef ENABLE_EMULATION + } +#endif CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, curves)); CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256, &arrayEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES384, &arrayEncoder, &mapEncoder2)); + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES512, &arrayEncoder, &mapEncoder2)); +#ifndef ENABLE_EMULATION + if (phy_data.enabled_curves & PHY_CURVE_SECP256K1) { +#endif + CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256K, &arrayEncoder, &mapEncoder2)); +#ifndef ENABLE_EMULATION + } +#endif CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder)); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 01785f4..7764d1c 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -234,11 +234,45 @@ int cbor_make_credential(const uint8_t *data, size_t len) { if (strcmp(pubKeyCredParams[i].type.data, "public-key") != 0) { CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE); } - if (pubKeyCredParams[i].alg == FIDO2_ALG_ES256) { + if (pubKeyCredParams[i].alg == FIDO2_ALG_ES256 || pubKeyCredParams[i].alg == FIDO2_ALG_ESP256) { if (curve <= 0) { curve = FIDO2_CURVE_P256; } } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ES384 || pubKeyCredParams[i].alg == FIDO2_ALG_ESP384) { + if (curve <= 0) { + curve = FIDO2_CURVE_P384; + } + } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ES512 || pubKeyCredParams[i].alg == FIDO2_ALG_ESP512) { + if (curve <= 0) { + curve = FIDO2_CURVE_P521; + } + } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ESB256) { + if (curve <= 0) { + curve = FIDO2_CURVE_BP256R1; + } + } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ESB384) { + if (curve <= 0) { + curve = FIDO2_CURVE_BP384R1; + } + } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ESB512) { + if (curve <= 0) { + curve = FIDO2_CURVE_BP512R1; + } + } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ES256K +#ifndef ENABLE_EMULATION + && (phy_data.enabled_curves & PHY_CURVE_SECP256K1) +#endif + ) { + if (curve <= 0) { + curve = FIDO2_CURVE_P256K1; + } + } else if (pubKeyCredParams[i].alg <= FIDO2_ALG_RS256 && pubKeyCredParams[i].alg >= FIDO2_ALG_RS512) { // pass } diff --git a/src/fido/fido.c b/src/fido/fido.c index 68dc521..b2849ea 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -96,12 +96,51 @@ mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { if (curve == FIDO2_CURVE_P256) { return MBEDTLS_ECP_DP_SECP256R1; } + else if (curve == FIDO2_CURVE_P384) { + return MBEDTLS_ECP_DP_SECP384R1; + } + else if (curve == FIDO2_CURVE_P521) { + return MBEDTLS_ECP_DP_SECP521R1; + } + else if (curve == FIDO2_CURVE_P256K1) { + return MBEDTLS_ECP_DP_SECP256K1; + } + else if (curve == FIDO2_CURVE_X25519) { + return MBEDTLS_ECP_DP_CURVE25519; + } + else if (curve == FIDO2_CURVE_X448) { + return MBEDTLS_ECP_DP_CURVE448; + } + else if (curve == FIDO2_CURVE_BP256R1) { + return MBEDTLS_ECP_DP_BP256R1; + } + else if (curve == FIDO2_CURVE_BP384R1) { + return MBEDTLS_ECP_DP_BP384R1; + } + else if (curve == FIDO2_CURVE_BP512R1) { + return MBEDTLS_ECP_DP_BP512R1; + } return MBEDTLS_ECP_DP_NONE; } int mbedtls_curve_to_fido(mbedtls_ecp_group_id id) { if (id == MBEDTLS_ECP_DP_SECP256R1) { return FIDO2_CURVE_P256; } + else if (id == MBEDTLS_ECP_DP_SECP384R1) { + return FIDO2_CURVE_P384; + } + else if (id == MBEDTLS_ECP_DP_SECP521R1) { + return FIDO2_CURVE_P521; + } + else if (id == MBEDTLS_ECP_DP_SECP256K1) { + return FIDO2_CURVE_P256K1; + } + else if (id == MBEDTLS_ECP_DP_CURVE25519) { + return MBEDTLS_ECP_DP_CURVE25519; + } + else if (id == MBEDTLS_ECP_DP_CURVE448) { + return FIDO2_CURVE_X448; + } return 0; } diff --git a/src/fido/fido.h b/src/fido/fido.h index 15f9f40..1c3a257 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -54,12 +54,29 @@ extern int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint extern int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret); #define FIDO2_ALG_ES256 -7 //ECDSA-SHA256 +#define FIDO2_ALG_ESP256 -9 //ECDSA-SHA256 P256 +#define FIDO2_ALG_ES384 -35 //ECDSA-SHA384 +#define FIDO2_ALG_ES512 -36 //ECDSA-SHA512 +#define FIDO2_ALG_ECDH_ES_HKDF_256 -25 //ECDH-ES + HKDF-256 +#define FIDO2_ALG_ES256K -47 +#define FIDO2_ALG_ESP384 -51 //ECDSA-SHA384 P384 +#define FIDO2_ALG_ESP512 -52 //ECDSA-SHA512 P521 #define FIDO2_ALG_RS256 -257 #define FIDO2_ALG_RS384 -258 #define FIDO2_ALG_RS512 -259 +#define FIDO2_ALG_ESB256 -265 //ECDSA-SHA256 BP256r1 +#define FIDO2_ALG_ESB384 -267 //ECDSA-SHA384 BP384r1 +#define FIDO2_ALG_ESB512 -268 //ECDSA-SHA512 BP512r1 #define FIDO2_CURVE_P256 1 -#define FIDO2_ALG_ECDH_ES_HKDF_256 -25 //ECDH-ES + HKDF-256 +#define FIDO2_CURVE_P384 2 +#define FIDO2_CURVE_P521 3 +#define FIDO2_CURVE_X25519 4 +#define FIDO2_CURVE_X448 5 +#define FIDO2_CURVE_P256K1 8 +#define FIDO2_CURVE_BP256R1 9 +#define FIDO2_CURVE_BP384R1 10 +#define FIDO2_CURVE_BP512R1 11 #define FIDO2_AUT_FLAG_UP 0x1 #define FIDO2_AUT_FLAG_UV 0x4 From aa9df892d3abd36de45e5d88e1b03c29d82ba5af Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Dec 2025 15:41:47 +0100 Subject: [PATCH 7/9] Revert "Move EDDSA to another branch." This reverts commit 1867f0330fa051209da6f2074338832413fa5f34. --- pico-keys-sdk | 2 +- src/fido/cbor.c | 8 ++++++++ src/fido/cbor_get_assertion.c | 10 ++++++++++ src/fido/cbor_get_info.c | 6 ++++++ src/fido/cbor_make_credential.c | 22 ++++++++++++++++++++++ src/fido/fido.c | 21 +++++++++++++++++++++ src/fido/fido.h | 8 ++++++++ 7 files changed, 76 insertions(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 7583ecf..6b27cad 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 7583ecff1817c56c6f6c65e31ee86a97eeab3d5d +Subproject commit 6b27cad36d60cc4c699d8566bf2b91c6fbeef1cb diff --git a/src/fido/cbor.c b/src/fido/cbor.c index b681c83..fec4d2f 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -209,6 +209,14 @@ CborError COSE_key(mbedtls_ecp_keypair *key, CborEncoder *mapEncoderParent, else if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { alg = FIDO2_ALG_ECDH_ES_HKDF_256; } +#ifdef MBEDTLS_EDDSA_C + else if (key->grp.id == MBEDTLS_ECP_DP_ED25519) { + alg = FIDO2_ALG_EDDSA; + } + else if (key->grp.id == MBEDTLS_ECP_DP_ED448) { + alg = FIDO2_ALG_ED448; + } +#endif return COSE_key_params(crv, alg, &key->grp, &key->Q, mapEncoderParent, mapEncoder); } CborError COSE_key_shared(mbedtls_ecdh_context *key, diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index 37264e8..ee25e79 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -633,10 +633,20 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } +#ifdef MBEDTLS_EDDSA_C + else if (ekey.grp.id == MBEDTLS_ECP_DP_ED25519) { + md = NULL; + } +#endif if (md != NULL) { ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash); ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); } +#ifdef MBEDTLS_EDDSA_C + else { + ret = mbedtls_eddsa_write_signature(&ekey, aut_data, aut_data_len + clientDataHash.len, sig, sizeof(sig), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL); + } +#endif } else { // Bogus signature diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 92e32a5..182e33a 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -114,6 +114,9 @@ int cbor_get_info() { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A)); uint8_t curves = 3; +#ifdef MBEDTLS_EDDSA_C + curves++; +#endif #ifndef ENABLE_EMULATION if (phy_data.enabled_curves & PHY_CURVE_SECP256K1) { #endif @@ -123,6 +126,9 @@ int cbor_get_info() { #endif CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, curves)); CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256, &arrayEncoder, &mapEncoder2)); +#ifdef MBEDTLS_EDDSA_C + CBOR_CHECK(COSE_public_key(FIDO2_ALG_EDDSA, &arrayEncoder, &mapEncoder2)); +#endif CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES384, &arrayEncoder, &mapEncoder2)); CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES512, &arrayEncoder, &mapEncoder2)); #ifndef ENABLE_EMULATION diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 7764d1c..25a5d41 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -273,6 +273,18 @@ int cbor_make_credential(const uint8_t *data, size_t len) { curve = FIDO2_CURVE_P256K1; } } +#ifdef MBEDTLS_EDDSA_C + else if (pubKeyCredParams[i].alg == FIDO2_ALG_EDDSA || pubKeyCredParams[i].alg == FIDO2_ALG_ED25519) { + if (curve <= 0) { + curve = FIDO2_CURVE_ED25519; + } + } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_ED448) { + if (curve <= 0) { + curve = FIDO2_CURVE_ED448; + } + } +#endif else if (pubKeyCredParams[i].alg <= FIDO2_ALG_RS256 && pubKeyCredParams[i].alg >= FIDO2_ALG_RS512) { // pass } @@ -566,6 +578,11 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1 || ekey.grp.id == MBEDTLS_ECP_DP_BP512R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } +#ifdef MBEDTLS_EDDSA_C + else if (ekey.grp.id == MBEDTLS_ECP_DP_ED25519 || ekey.grp.id == MBEDTLS_ECP_DP_ED448) { + md = NULL; + } +#endif if (md != NULL) { ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash); } @@ -586,6 +603,11 @@ int cbor_make_credential(const uint8_t *data, size_t len) { if (md != NULL) { ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); } +#ifdef MBEDTLS_EDDSA_C + else { + ret = mbedtls_eddsa_write_signature(&ekey, aut_data, aut_data_len + clientDataHash.len, sig, sizeof(sig), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL); + } +#endif mbedtls_ecp_keypair_free(&ekey); if (ret != 0) { CBOR_ERROR(CTAP2_ERR_PROCESSING); diff --git a/src/fido/fido.c b/src/fido/fido.c index b2849ea..d6cb9d9 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -111,6 +111,14 @@ mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { else if (curve == FIDO2_CURVE_X448) { return MBEDTLS_ECP_DP_CURVE448; } +#ifdef MBEDTLS_EDDSA_C + else if (curve == FIDO2_CURVE_ED25519) { + return MBEDTLS_ECP_DP_ED25519; + } + else if (curve == FIDO2_CURVE_ED448) { + return MBEDTLS_ECP_DP_ED448; + } +#endif else if (curve == FIDO2_CURVE_BP256R1) { return MBEDTLS_ECP_DP_BP256R1; } @@ -141,6 +149,14 @@ int mbedtls_curve_to_fido(mbedtls_ecp_group_id id) { else if (id == MBEDTLS_ECP_DP_CURVE448) { return FIDO2_CURVE_X448; } +#ifdef MBEDTLS_EDDSA_C + else if (id == MBEDTLS_ECP_DP_ED25519) { + return FIDO2_CURVE_ED25519; + } + else if (id == MBEDTLS_ECP_DP_ED448) { + return FIDO2_CURVE_ED448; + } +#endif return 0; } @@ -314,6 +330,11 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int cur if (r != 0) { return r; } +#ifdef MBEDTLS_EDDSA_C + if (curve == MBEDTLS_ECP_DP_ED25519) { + return mbedtls_ecp_point_edwards(&key->grp, &key->Q, &key->d, random_gen, NULL); + } +#endif return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL); } mbedtls_platform_zeroize(outk, sizeof(outk)); diff --git a/src/fido/fido.h b/src/fido/fido.h index 1c3a257..481aa6c 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -28,6 +28,9 @@ #endif #include "mbedtls/ecdsa.h" +#ifdef MBEDTLS_EDDSA_C +#include "mbedtls/eddsa.h" +#endif #include "hid/ctap_hid.h" #define CTAP_PUBKEY_LEN (65) @@ -54,13 +57,16 @@ extern int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint extern int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret); #define FIDO2_ALG_ES256 -7 //ECDSA-SHA256 +#define FIDO2_ALG_EDDSA -8 //EdDSA #define FIDO2_ALG_ESP256 -9 //ECDSA-SHA256 P256 +#define FIDO2_ALG_ED25519 -19 //EDDSA Ed25519 #define FIDO2_ALG_ES384 -35 //ECDSA-SHA384 #define FIDO2_ALG_ES512 -36 //ECDSA-SHA512 #define FIDO2_ALG_ECDH_ES_HKDF_256 -25 //ECDH-ES + HKDF-256 #define FIDO2_ALG_ES256K -47 #define FIDO2_ALG_ESP384 -51 //ECDSA-SHA384 P384 #define FIDO2_ALG_ESP512 -52 //ECDSA-SHA512 P521 +#define FIDO2_ALG_ED448 -53 //EDDSA Ed448 #define FIDO2_ALG_RS256 -257 #define FIDO2_ALG_RS384 -258 #define FIDO2_ALG_RS512 -259 @@ -73,6 +79,8 @@ extern int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSec #define FIDO2_CURVE_P521 3 #define FIDO2_CURVE_X25519 4 #define FIDO2_CURVE_X448 5 +#define FIDO2_CURVE_ED25519 6 +#define FIDO2_CURVE_ED448 7 #define FIDO2_CURVE_P256K1 8 #define FIDO2_CURVE_BP256R1 9 #define FIDO2_CURVE_BP384R1 10 From 29f942dab9fd27ec46a93bbd66008540bdededdd Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Dec 2025 15:42:47 +0100 Subject: [PATCH 8/9] Update pointer Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 6b27cad..05fe059 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 6b27cad36d60cc4c699d8566bf2b91c6fbeef1cb +Subproject commit 05fe0596ef004313e166b1e2f900e9af351dd26c From 7dddfd971ef7dfea6766d0f1a229a96e88422f59 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 11 Dec 2025 20:01:08 +0100 Subject: [PATCH 9/9] Build only necessary boards Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 29 +++-------------------------- 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 46266fc..ab83499 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -2,47 +2,24 @@ VERSION_MAJOR="7" VERSION_MINOR="0" -NO_EDDSA=0 SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" #if ! [[ -z "${GITHUB_SHA}" ]]; then # SUFFIX="${SUFFIX}.${GITHUB_SHA}" #fi -if [[ $1 == "--no-eddsa" ]]; then - NO_EDDSA=1 - echo "Skipping EDDSA build" -fi - mkdir -p build_release mkdir -p release -mkdir -p release_eddsa rm -rf -- release/* -if [[ $NO_EDDSA -eq 0 ]]; then - rm -rf -- release_eddsa/* -fi cd build_release PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" SECURE_BOOT_PKEY="${SECURE_BOOT_PKEY:-../../ec_private_key.pem}" -board_dir=${PICO_SDK_PATH}/src/boards/include/boards -for board in "$board_dir"/* +boards=("pico" "pico2") + +for board_name in "${boards[@]}" do - board_name="$(basename -- "$board" .h)" rm -rf -- ./* PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} make -j`nproc` mv pico_fido.uf2 ../release/pico_fido_$board_name-$SUFFIX.uf2 done - -# Build with EDDSA - -if [[ $NO_EDDSA -eq 0 ]]; then - for board in "$board_dir"/* - do - board_name="$(basename -- "$board" .h)" - rm -rf -- ./* - PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} -DENABLE_EDDSA=1 - make -j`nproc` - mv pico_fido.uf2 ../release_eddsa/pico_fido_$board_name-$SUFFIX-eddsa1.uf2 - done -fi