From e057f1718048ac53311cd7e7609b1968b2aace3f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 13:07:01 +0200 Subject: [PATCH 01/16] Using Pico HSM SDK EdDSA branch. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index c7849e0..167bd9b 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit c7849e0bdaa49ddd7ab9773875a975d71b991177 +Subproject commit 167bd9bc1f89c6a33e75e579d1dec00b0348bba1 From 69d618cc6b242ff62d2f538325e5b0f06f2cb3d6 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 13:13:58 +0200 Subject: [PATCH 02/16] Point to proper EdDSA branch. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 167bd9b..cb453d3 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 167bd9bc1f89c6a33e75e579d1dec00b0348bba1 +Subproject commit cb453d3ee70016787bdb904fa8e1c4805576f418 From e8c8ce4d1502dec2aca4e0e9d769ae82bde2bc76 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 14:47:34 +0200 Subject: [PATCH 03/16] Adding support for EdDSA with Ed25519 curve. Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 4 +- pico-hsm-sdk | 2 +- src/fido/cbor_get_assertion.c | 55 ++++++++++++++++++-------- src/fido/cbor_make_credential.c | 69 ++++++++++++++++++++++----------- src/fido/fido.c | 12 ++++-- src/fido/fido.h | 7 ++-- 6 files changed, 101 insertions(+), 48 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index fc7e24a..aa1db41 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -1,7 +1,7 @@ #!/bin/bash -VERSION_MAJOR="3" -VERSION_MINOR="0" +VERSION_MAJOR="5" +VERSION_MINOR="4" rm -rf release/* cd build_release diff --git a/pico-hsm-sdk b/pico-hsm-sdk index cb453d3..e5a98ea 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit cb453d3ee70016787bdb904fa8e1c4805576f418 +Subproject commit e5a98ea9bf9fe62fcea6a54b55bd8580f8b73867 diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index 7967c28..b260be1 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -429,12 +429,12 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { flags = flagsx; selcred = &credsx[credentialCounter]; } - mbedtls_ecdsa_context ekey; - mbedtls_ecdsa_init(&ekey); + mbedtls_ecp_keypair ekey; + mbedtls_ecp_keypair_init(&ekey); int ret = fido_load_key(selcred->curve, selcred->id.data, &ekey); if (ret != 0) { if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) { - mbedtls_ecdsa_free(&ekey); + mbedtls_ecp_keypair_free(&ekey); CBOR_ERROR(CTAP1_ERR_OTHER); } } @@ -582,21 +582,42 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } - ret = mbedtls_md(md, - aut_data, - aut_data_len + clientDataHash.len, - hash); + else if (ekey.grp.id == MBEDTLS_ECP_DP_ED25519) { + md = NULL; + } size_t olen = 0; - ret = mbedtls_ecdsa_write_signature(&ekey, - mbedtls_md_get_type(md), - hash, - mbedtls_md_get_size(md), - sig, - sizeof(sig), - &olen, - random_gen, - NULL); - mbedtls_ecdsa_free(&ekey); + if (md != NULL) { + ret = mbedtls_md(md, + aut_data, + aut_data_len + clientDataHash.len, + hash); + ret = mbedtls_ecdsa_write_signature(&ekey, + mbedtls_md_get_type(md), + hash, + mbedtls_md_get_size(md), + sig, + sizeof(sig), + &olen, + random_gen, + NULL); + } + else { + ret = mbedtls_eddsa_write_signature(&ekey, + aut_data, + aut_data_len + clientDataHash.len, + sig, + sizeof(sig), + &olen, + MBEDTLS_EDDSA_PURE, + NULL, + 0, + random_gen, + NULL); + } + if (ret != 0) { + CBOR_ERROR(CTAP2_ERR_PROCESSING); + } + mbedtls_ecp_keypair_free(&ekey); uint8_t lfields = 3; if (selcred->opts.present == true && selcred->opts.rk == ptrue) { diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index c176408..69f5d9e 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -180,6 +180,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (pubKeyCredParams[i].alg == FIDO2_ALG_ES256K) { curve = FIDO2_CURVE_P256K1; } + else if (pubKeyCredParams[i].alg == FIDO2_ALG_EDDSA) { + curve = FIDO2_CURVE_ED25519; + } else if (pubKeyCredParams[i].alg == 0) { // no present curve = -1; } @@ -370,16 +373,16 @@ int cbor_make_credential(const uint8_t *data, size_t len) { flags |= FIDO2_AUT_FLAG_ED; } uint8_t pkey[66]; - mbedtls_ecdsa_context ekey; - mbedtls_ecdsa_init(&ekey); + mbedtls_ecp_keypair ekey; + mbedtls_ecp_keypair_init(&ekey); int ret = fido_load_key(curve, cred_id, &ekey); if (ret != 0) { - mbedtls_ecdsa_free(&ekey); + mbedtls_ecp_keypair_free(&ekey); CBOR_ERROR(CTAP1_ERR_OTHER); } const mbedtls_ecp_curve_info *cinfo = mbedtls_ecp_curve_info_from_grp_id(ekey.grp.id); if (cinfo == NULL) { - mbedtls_ecdsa_free(&ekey); + mbedtls_ecp_keypair_free(&ekey); CBOR_ERROR(CTAP1_ERR_OTHER); } size_t olen = 0; @@ -419,7 +422,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { memcpy(pa, cbor_buf, rs); pa += rs; memcpy(pa, ext, ext_len); pa += ext_len; if (pa - aut_data != aut_data_len) { - mbedtls_ecdsa_free(&ekey); + mbedtls_ecp_keypair_free(&ekey); CBOR_ERROR(CTAP1_ERR_OTHER); } @@ -432,29 +435,51 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } - ret = mbedtls_md(md, - aut_data, - aut_data_len + clientDataHash.len, - hash); - + else if (ekey.grp.id == MBEDTLS_ECP_DP_ED25519) { + md = NULL; + } + if (md != NULL) { + ret = mbedtls_md(md, + aut_data, + aut_data_len + clientDataHash.len, + hash); + } bool self_attestation = true; if (enterpriseAttestation == 2 || (ka && ka->use_self_attestation == pfalse)) { - mbedtls_ecdsa_free(&ekey); - mbedtls_ecdsa_init(&ekey); + mbedtls_ecp_keypair_free(&ekey); + mbedtls_ecp_keypair_init(&ekey); ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32); md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); self_attestation = false; } - ret = mbedtls_ecdsa_write_signature(&ekey, - mbedtls_md_get_type(md), - hash, - mbedtls_md_get_size(md), - sig, - sizeof(sig), - &olen, - random_gen, - NULL); - mbedtls_ecdsa_free(&ekey); + if (md != NULL) { + ret = mbedtls_ecdsa_write_signature(&ekey, + mbedtls_md_get_type(md), + hash, + mbedtls_md_get_size(md), + sig, + sizeof(sig), + &olen, + random_gen, + NULL); + } + else { + ret = mbedtls_eddsa_write_signature(&ekey, + aut_data, + aut_data_len + clientDataHash.len, + sig, + sizeof(sig), + &olen, + MBEDTLS_EDDSA_PURE, + NULL, + 0, + random_gen, + NULL); + } + if (ret != 0) { + CBOR_ERROR(CTAP2_ERR_PROCESSING); + } + mbedtls_ecp_keypair_free(&ekey); uint8_t largeBlobKey[32]; if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { diff --git a/src/fido/fido.c b/src/fido/fido.c index e86d7c6..22f1fb7 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -92,10 +92,16 @@ mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { else if (curve == FIDO2_CURVE_X448) { return MBEDTLS_ECP_DP_CURVE448; } + else if (curve == FIDO2_CURVE_ED25519) { + return MBEDTLS_ECP_DP_ED25519; + } + else if (curve == FIDO2_CURVE_ED448) { + return MBEDTLS_ECP_DP_ED448; + } return MBEDTLS_ECP_DP_NONE; } -int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecdsa_context *key) { +int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecp_keypair *key) { mbedtls_ecp_group_id mbedtls_curve = fido_curve_to_mbedtls(curve); if (mbedtls_curve == MBEDTLS_ECP_DP_NONE) { return CTAP2_ERR_UNSUPPORTED_ALGORITHM; @@ -152,7 +158,7 @@ int load_keydev(uint8_t *key) { return CCID_OK; } -int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_context *key) { +int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecp_keypair *key) { for (int i = 0; i < KEY_PATH_ENTRIES; i++) { uint32_t k = *(uint32_t *) &keyHandle[i * sizeof(uint32_t)]; if (!(k & 0x80000000)) { @@ -194,7 +200,7 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int curve, - mbedtls_ecdsa_context *key) { + mbedtls_ecp_keypair *key) { uint8_t outk[64] = { 0 }; int r = 0; memset(outk, 0, sizeof(outk)); diff --git a/src/fido/fido.h b/src/fido/fido.h index 06d547b..ac951ab 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -23,6 +23,7 @@ #endif #include "common.h" #include "mbedtls/ecdsa.h" +#include "mbedtls/eddsa.h" #ifndef ENABLE_EMULATION #include "ctap_hid.h" #else @@ -40,12 +41,12 @@ extern int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int, - mbedtls_ecdsa_context *key); -extern int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_context *); + mbedtls_ecp_keypair *key); +extern int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecp_keypair *); extern bool wait_button_pressed(); extern void init_fido(); extern mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve); -extern int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecdsa_context *key); +extern int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecp_keypair *key); extern int load_keydev(uint8_t *key); extern int encrypt(uint8_t protocol, const uint8_t *key, From 57bf97196ddaefab2025aa8b3a95e9134e538317 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 14:48:44 +0200 Subject: [PATCH 04/16] Updated readme. Signed-off-by: Pol Henarejos --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bd8bbd5..6a8b2db 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Pico FIDO has implemented the following features: - User Verification with PIN - Discoverable credentials - Credential management -- ECDSA authentication +- ECDSA and EDDSA authentication - App registration and login - Device selection - Support for vendor Config From 9f1e879efe2dec4a88329b47d7a281425ba9e2a3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 17:32:17 +0200 Subject: [PATCH 05/16] Fix OTP applet selection. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/otp.c b/src/fido/otp.c index eb12a31..2f25ee1 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -115,7 +115,7 @@ const uint8_t otp_aid[] = { }; app_t *otp_select(app_t *a, const uint8_t *aid, uint8_t aid_len) { - if (!memcmp(aid, otp_aid + 1, MIN(aid_len, otp_aid[0]) && cap_supported(CAP_OTP))) { + if (!memcmp(aid, otp_aid + 1, MIN(aid_len, otp_aid[0])) && cap_supported(CAP_OTP)) { a->aid = otp_aid; a->process_apdu = otp_process_apdu; a->unload = otp_unload; From 3a71275bc865147960ca4a8151f1e74383503325 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 18:06:29 +0200 Subject: [PATCH 06/16] Add EDDSA algorithm in get_info. Signed-off-by: Pol Henarejos --- src/fido/cbor_get_info.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 8812376..7c10f8d 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -90,7 +90,7 @@ int cbor_get_info() { CBOR_CHECK(cbor_encode_uint(&mapEncoder, MAX_CRED_ID_LENGTH)); // MAX_CRED_ID_MAX_LENGTH CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0A)); - CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 4)); + CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, 5)); CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES256)); @@ -99,6 +99,12 @@ int cbor_get_info() { CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2)); CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); + CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_EDDSA)); + CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); + CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); + CBOR_CHECK(cbor_encoder_close_container(&arrayEncoder, &mapEncoder2)); + CBOR_CHECK(cbor_encoder_create_map(&arrayEncoder, &mapEncoder2, 2)); + CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, -FIDO2_ALG_ES384)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "type")); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "public-key")); From 2f6e4d5568cf2f252422f63c62f875c4aedde29f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 17 Aug 2023 01:40:22 +0200 Subject: [PATCH 07/16] Upgraded COSE key functions to accept EDDSA. Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 3 +++ src/fido/fido.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index d8ece1d..b5d90e8 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -187,6 +187,9 @@ CborError COSE_key(mbedtls_ecp_keypair *key, CborEncoder *mapEncoderParent, Cbor else if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { alg = FIDO2_ALG_ECDH_ES_HKDF_256; } + else if (key->grp.id == MBEDTLS_ECP_DP_ED25519) { + alg = FIDO2_ALG_EDDSA; + } return COSE_key_params(crv, alg, &key->grp, &key->Q, mapEncoderParent, mapEncoder); } CborError COSE_key_shared(mbedtls_ecdh_context *key, CborEncoder *mapEncoderParent, CborEncoder *mapEncoder) { diff --git a/src/fido/fido.c b/src/fido/fido.c index 4ebe8a3..157e672 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -120,6 +120,12 @@ int mbedtls_curve_to_fido(mbedtls_ecp_group_id id) { else if (id == MBEDTLS_ECP_DP_CURVE448) { return FIDO2_CURVE_X448; } + else if (id == MBEDTLS_ECP_DP_ED25519) { + return FIDO2_CURVE_ED25519; + } + else if (id == MBEDTLS_ECP_DP_ED448) { + return FIDO2_CURVE_ED448; + } return 0; } From ad3b2bbe4b950f1540fbeab13f3175bc1f8bc8fc Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 13:07:52 +0200 Subject: [PATCH 08/16] Added EdDSA credential creation test. Signed-off-by: Pol Henarejos --- tests/pico-fido/test_020_register.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pico-fido/test_020_register.py b/tests/pico-fido/test_020_register.py index d5e876a..3ed9b55 100644 --- a/tests/pico-fido/test_020_register.py +++ b/tests/pico-fido/test_020_register.py @@ -121,7 +121,7 @@ def test_bad_type_pubKeyCredParams(device): device.doMC(key_params=["wrong"]) @pytest.mark.parametrize( - "alg", [ES256.ALGORITHM, ES384.ALGORITHM, ES512.ALGORITHM] + "alg", [ES256.ALGORITHM, ES384.ALGORITHM, ES512.ALGORITHM, EdDSA.ALGORITHM] ) def test_algorithms(device, info, alg): if ({'alg': alg, 'type': 'public-key'} in info.algorithms): From e18f841a34cbf244bf3f58419b5f9b4364bdc59a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 16:46:37 +0200 Subject: [PATCH 09/16] Fix Edwards load key. It did not compute the correct public point. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/fido/fido.c b/src/fido/fido.c index 932180f..fab4a5e 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -282,6 +282,9 @@ int derive_key(const uint8_t *app_id, if (r != 0) { return r; } + if (curve == MBEDTLS_ECP_DP_ED25519) { + return mbedtls_ecp_point_edwards(&key->grp, &key->Q, &key->d, random_gen, NULL); + } return mbedtls_ecp_mul(&key->grp, &key->Q, &key->d, &key->grp.G, random_gen, NULL); } mbedtls_platform_zeroize(outk, sizeof(outk)); From 7997eefdc8e31ee8db620c1cbb91df42732fac54 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 16:46:55 +0200 Subject: [PATCH 10/16] Fixed EdDSA signature encapsulation. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index c3a7058..5ec98c8 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit c3a70585c65a82b6b577d174e57b7fae434ee9eb +Subproject commit 5ec98c84aa8aa8aec4dda6d609fcca1d57d1eb3a From 8af7cac57ac192d7b5141e908cd9b38afa2d701c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 16:48:12 +0200 Subject: [PATCH 11/16] Added authentication tests with EdDSA. Signed-off-by: Pol Henarejos --- tests/pico-fido/test_020_register.py | 2 +- tests/pico-fido/test_021_authenticate.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/pico-fido/test_020_register.py b/tests/pico-fido/test_020_register.py index 78ac5d7..3ed9b55 100644 --- a/tests/pico-fido/test_020_register.py +++ b/tests/pico-fido/test_020_register.py @@ -19,7 +19,7 @@ from fido2.client import CtapError -from fido2.cose import ES256, ES384, ES512 +from fido2.cose import ES256, ES384, ES512, EdDSA import pytest diff --git a/tests/pico-fido/test_021_authenticate.py b/tests/pico-fido/test_021_authenticate.py index 9de69bf..a6ae95f 100644 --- a/tests/pico-fido/test_021_authenticate.py +++ b/tests/pico-fido/test_021_authenticate.py @@ -19,7 +19,7 @@ from fido2.client import CtapError -from fido2.cose import ES256, ES384, ES512 +from fido2.cose import ES256, ES384, ES512, EdDSA from utils import verify import pytest @@ -49,7 +49,7 @@ def test_empty_allowList(device): assert e.value.code == CtapError.ERR.NO_CREDENTIALS @pytest.mark.parametrize( - "alg", [ES256.ALGORITHM, ES384.ALGORITHM, ES512.ALGORITHM] + "alg", [ES256.ALGORITHM, ES384.ALGORITHM, ES512.ALGORITHM, EdDSA.ALGORITHM] ) def test_algorithms(device, info, alg): if ({'alg': alg, 'type': 'public-key'} in info.algorithms): From 95a9fe4214b6138e974375475d1c2ff8761a9e4e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 16:49:58 +0200 Subject: [PATCH 12/16] Added flow triggering for eddsa branch. Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b32ec43..acd5824 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ "main", "development" ] + branches: [ "main", "development", "eddsa" ] pull_request: # The branches below must be a subset of the branches above - branches: [ "main", "development" ] + branches: [ "main", "development", "eddsa" ] schedule: - cron: '23 5 * * 4' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 88a4cbf..3af55cf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,10 +13,10 @@ name: "Emulation and test" on: push: - branches: [ "main", "development" ] + branches: [ "main", "development", "eddsa" ] pull_request: # The branches below must be a subset of the branches above - branches: [ "main", "development" ] + branches: [ "main", "development", "eddsa" ] schedule: - cron: '23 5 * * 4' From abe91823c05bc4ee93d183288f264f04fa31814c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 17 Sep 2023 19:29:54 +0200 Subject: [PATCH 13/16] Build firmwares with -eddsa1 suffix. Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 1e51c67..d5a8743 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="5" -VERSION_MINOR="6" +VERSION_MINOR="6-eddsa1" rm -rf release/* cd build_release From 21035d649d89d11538a0455a38bdc21eebaa037a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 01:38:31 +0200 Subject: [PATCH 14/16] Upgrade to version 5.7 Signed-off-by: Pol Henarejos --- src/fido/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/version.h b/src/fido/version.h index 721a0bf..f226d38 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x0506 +#define PICO_FIDO_VERSION 0x0507 #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff) From 21765a6f104259269304a30740835d50c0773056 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 21 Nov 2023 13:10:58 +0100 Subject: [PATCH 15/16] Move pico-keys-sdk pointer. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index f0687c1..e5e2169 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit f0687c1ef392c2bcb293ea554f1dd8b784484922 +Subproject commit e5e2169a47371fc9d419c43d29de39bff3f32073 From 8aa9d1c5a325990a6c28670fdd348a16b75cd8db Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 21 Feb 2025 17:28:39 +0100 Subject: [PATCH 16/16] Fix cyw43 build. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 4120a8c..6ec374a 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 4120a8c1a61a0a63040a83522133a10cd9a75e5a +Subproject commit 6ec374a6ac53a4de34ed26ae19be126fe7c704e7