dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity
753 Commits 2 Branches 30 Tags
4bcbf7f9a92bb09b795b7ab092c40aa7dc772793
Commit Graph

753 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pol Henarejos
4bcbf7f9a9 Merge branch 'development' 2025-10-27 09:30:13 +01:00
Pol Henarejos
cf0686f857 Add template for pull requests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-27 08:57:59 +01:00
Pol Henarejos
c54a6fa6fe Add CONTRIBUTING 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-27 08:53:08 +01:00
Pol Henarejos
8b08618875 Update license models and add ENTERPRISE.md 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:45:37 +01:00
Pol Henarejos
a59cdef8e6 Merge branch 'main' into development 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

# Conflicts:
#	pico-keys-sdk
 2025-10-26 20:12:26 +01:00
Pol Henarejos
d4f2d04487 Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:10:06 +01:00
Pol Henarejos
6b93938040 Fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-12 18:56:14 +02:00
Pol Henarejos
898c88dc6d Migration to the new system of secure functions to derive keys based on OTP, if available, and pico_serial as a fallback. PIN is also an input vector, which defines a separated domain. 
PIN is used to derive encryption key, derive session key and derive verifier. From session key is derived encryption key. As a consequence, MKEK functionalities are not necessary anymore, since key device is handled by this new set directly. Some MKEK functions are left for compatibility purposes and for the silent migration to new format.  It also applies for double_hash_pin and hash_multi, which are deprecated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-08 00:33:23 +02:00
Pol Henarejos
51c13b0f0b Add memory leak checker. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-07 23:41:58 +02:00
Pol Henarejos
d424f0dea7 Add sanity check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-07 21:11:50 +02:00
Pol Henarejos
de1bf3d2d4 Add OTP security enhancements. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-06 14:22:23 +02:00
Pol Henarejos
85423fed85 Using new PIN format. 
Now, PIN uses OTP as a seed to avoid memory dumps, when available (RP2350 / ESP32).

Related with #187.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-28 20:29:06 +02:00
Pol Henarejos
6c85421eca Using new PIN format. 
Now, PIN uses OTP as a seed to avoid memory dumps, when available (RP2350 / ESP32).

Related with #187.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-28 20:28:04 +02:00
Pol Henarejos
3e9d1a4eb4 Fix silent authentication with resident keys. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-28 00:05:25 +02:00
Pol Henarejos
c6dba5df43 Fix silent authentication with new resident key system. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-27 23:52:08 +02:00
Pol Henarejos
eae22a97fb Fix conditional build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-23 17:17:01 +02:00
Pol Henarejos
1b8ee2fc87 Fix missing files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-23 17:03:53 +02:00
Pol Henarejos
7d97b21ca4 Update Pico Keys SDK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-23 17:00:10 +02:00
Pol Henarejos
665f029593 Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:41:55 +02:00
Pol Henarejos
78de56f0a9 Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:36:05 +02:00
Pol Henarejos
b25e4bed6c Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:35:55 +02:00
Pol Henarejos
56b6b4a8b9 Vendor Config cmds have to be < 0x8000000000000000 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-21 01:23:02 +02:00
Pol Henarejos
9b254a0738 Add support to PIN POLICY URL via VendorConfig. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 19:20:20 +02:00
Pol Henarejos
e4f8caa1ba Add VendorConfig upload EA command to get_info(). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 18:20:36 +02:00
Pol Henarejos
7e720e8c23 Enable enterprise attestation through VendorConfig. 
Add a subcommand to enable through pico-tool.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:56:02 +02:00
Pol Henarejos
b3b3a5eecc Add other PHY commands to get_info(). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:23:45 +02:00
Pol Henarejos
bf484d8663 Use internal macro. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:16:14 +02:00
Pol Henarejos
6b636d0bf4 Fix CMD_CONFIG with VendorCmd. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:13:44 +02:00
Pol Henarejos
54fb02995f Add 4 pseudorandom bytes to allow indexing used by some RP entities. 
Fixes #185

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 11:31:45 +02:00
Pol Henarejos
56d5c61044 Add compatibility of old resident key system with the new one. 
Related to #184.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-06 19:14:27 +02:00
Pol Henarejos
1ac628d241 Major refactor on resident keys. 
Now, credential ids have shorter and fixed length (40) to avoid issues with some servers, which have maximum credential id length constraints.

Fixes #184

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-04 21:57:53 +02:00
Pol Henarejos
48cc417546 Added support for Brainpool curves and Ed448. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-02 15:49:39 +02:00
Pol Henarejos
2919b37e9c Fix descriptor description when there are disabled interfaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-02 01:20:15 +02:00
Pol Henarejos
6836ffaf02 Add dummy led driver to avoid crashes in case a non-supported board is built. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 22:02:13 +02:00
Pol Henarejos
d1c61536e0 Add support for dynamic led driver. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 21:28:09 +02:00
Pol Henarejos
351242d377 Fix build for ESP. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 21:27:53 +02:00
Pol Henarejos
3fe3a9d2ec Fix build for emulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 20:50:44 +02:00
Pol Henarejos
35a043f261 Fix automatic build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 20:41:23 +02:00
Pol Henarejos
44c5ad4adb Some VIDs do not support VENDOR_CONFIG values. 
Fixes #172.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 20:38:07 +02:00
Pol Henarejos
a5fd31a5d6 Upgrade to bookworm CI for fido2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:32:22 +02:00
Pol Henarejos
fdf97f5469 Upgrade tests to python-fido2 v2.0.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:20:31 +02:00
Pol Henarejos
d30ebde4f0 Upgrade tinycbor to 0.6.1 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:20:12 +02:00
Pol Henarejos
f7ba3eec38 Fix crash APDU with CBOR. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:19:54 +02:00
Pol Henarejos
66ecd6a7fc Fix uint16 endianness that affected chained RAPDU. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:17:40 +02:00
Pol Henarejos
d1dccf3762 Merge branch 'main' into development 2025-08-28 15:09:40 +02:00
Pol Henarejos
292a9e8d8a Add support for hmac-secret-mc extension. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 01:04:09 +02:00
Pol Henarejos
73a7856866 Add support for persistentPinUvAuthToken. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 00:17:57 +02:00
Pol Henarejos
2b640a5c36 Add support for FIDO 2.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-27 12:51:34 +02:00
Pol Henarejos
bf1072781b Fix build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-25 01:42:24 +02:00
Pol Henarejos
81e03cefda Fix for rp2350 build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-25 01:39:41 +02:00