dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity
753 Commits 2 Branches 30 Tags
4bcbf7f9a92bb09b795b7ab092c40aa7dc772793
Commit Graph

53 Commits

Author SHA1 Message Date
Pol Henarejos
a59cdef8e6 Merge branch 'main' into development 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

# Conflicts:
#	pico-keys-sdk
 2025-10-26 20:12:26 +01:00
Pol Henarejos
d4f2d04487 Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:10:06 +01:00
Pol Henarejos
898c88dc6d Migration to the new system of secure functions to derive keys based on OTP, if available, and pico_serial as a fallback. PIN is also an input vector, which defines a separated domain. 
PIN is used to derive encryption key, derive session key and derive verifier. From session key is derived encryption key. As a consequence, MKEK functionalities are not necessary anymore, since key device is handled by this new set directly. Some MKEK functions are left for compatibility purposes and for the silent migration to new format.  It also applies for double_hash_pin and hash_multi, which are deprecated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-08 00:33:23 +02:00
Pol Henarejos
665f029593 Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:41:55 +02:00
Pol Henarejos
b25e4bed6c Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:35:55 +02:00
Pol Henarejos
48cc417546 Added support for Brainpool curves and Ed448. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-02 15:49:39 +02:00
Pol Henarejos
73a7856866 Add support for persistentPinUvAuthToken. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 00:17:57 +02:00
Pol Henarejos
e4ed703b6b Rename scan_files to scan_files_fido 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-05-24 14:25:33 +02:00
Pol Henarejos
bdbdd92be8 Enable alwaysUv if pin is set and alwaysUv is a device options or there's current Uv in memory. It will force the prompt of a PIN. 
Fixes #113.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-24 12:02:03 +01:00
Pol Henarejos
b91ece8ec3 Add EDDSA support as a conditional build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-21 19:00:44 +01:00
Pol Henarejos
d6a060f214 Upgrade to v6.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-15 15:38:55 +01:00
Pol Henarejos
6a67800057 Add support for PIN hash storage and MKEK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-03 01:20:58 +01:00
Pol Henarejos
8ae4ab5af4 Upgrade to version 5.12 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-02 20:21:58 +02:00
Pol Henarejos
6c74db9763 Fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-23 13:17:51 +02:00
Pol Henarejos
d2c25b69bc Merge branch 'main' into eddsa 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-20 10:18:08 +02:00
Pol Henarejos
1b4dd9bed0 Fix ESP32 build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-18 23:53:18 +02:00
Pol Henarejos
7c5bab8b05 Merge branch 'development' into eddsa 2023-09-18 01:38:39 +02:00
Pol Henarejos
da7b918dc4 Added RS algorithms though are not supported. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-09-18 01:34:34 +02:00
Pol Henarejos
911dab031e Merge branch 'development' into eddsa 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-17 01:36:35 +02:00
Pol Henarejos
b2c4e0e1c1 Added curve to fido. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-17 01:19:13 +02:00
Pol Henarejos
e8c8ce4d15 Adding support for EdDSA with Ed25519 curve. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-16 14:47:34 +02:00
Pol Henarejos
8ffd1bfe38 Added support for ES256K algorithm. 
It uses secp256k1 curve with SHA-256.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-16 12:18:42 +02:00
Pol Henarejos
8b2be54ede Update code style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-03-04 14:05:30 +01:00
Pol Henarejos
4f33d999e3 Adjusting code to work with the emulated interface. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-01-09 18:07:41 +01:00
Pol Henarejos
b1fdb9b1d1 Cleaning unused includes. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-30 19:39:01 +01:00
Pol Henarejos
363ad1c9e2 No need to call distinguished functions on core0/core1. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-24 01:38:38 +01:00
Pol Henarejos
f39a51afca Add macro for large blob size. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-14 19:41:38 +01:00
Pol Henarejos
d7016f6065 Add MAX_MSG_SIZE in getInfo. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-07 17:01:01 +01:00
Pol Henarejos
4cb0af5045 Defining max length for credBlobs 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-07 15:48:46 +01:00
Pol Henarejos
8b70c864a4 Added support for enterprise attestation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 17:39:21 +01:00
Pol Henarejos
04868f2d7b Added permissions support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 13:00:28 +01:00
Pol Henarejos
2c4c618e3b Loading credential if it belongs to U2F. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-23 11:40:39 +02:00
Pol Henarejos
2d496fd8fc Random functions shall be called for each core, otherwise it will hung. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 20:18:05 +02:00
Pol Henarejos
cc373e3e7e Adding send_keepalive(). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 19:25:52 +02:00
Pol Henarejos
4ab898378a More fixes 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-21 16:30:49 +02:00
Pol Henarejos
99fc76a385 Finalizing get assertion. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-21 14:29:28 +02:00
Pol Henarejos
08c3c3344c Moving up and uv flags to paut. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-21 00:00:25 +02:00
Pol Henarejos
8a379d9702 Adding Credential manager. 
Also adding resident credentials.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-20 19:50:33 +02:00
Pol Henarejos
72ebb2b596 Adding Credential management. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-20 17:31:09 +02:00
Pol Henarejos
3dc7af05c1 More fixes. 2022-09-20 15:07:48 +02:00
Pol Henarejos
a3c60f762d Reorganizing core0/core1 split. 
Now CBOR and APDU (i.e., intensive processing) areas are executed on core1, while core0 is dedicated for hardware tasks (usb, button, led, etc.).
 2022-09-20 14:39:59 +02:00
Pol Henarejos
8feac76a73 If user has introduced PIN, it is verified. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-20 11:50:45 +02:00
Pol Henarejos
ee8f3a0965 Adding support for clientPIN. 
It does not pass the tests yet.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-19 17:20:52 +02:00
Pol Henarejos
5da2af2c34 Accepting curves for key_derivation as a parameter. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-16 00:49:59 +02:00
Pol Henarejos
3873303309 Refactor CTAP2 file structure. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-15 14:16:12 +02:00
Pol Henarejos
73f88b6882 Moving from U2F to CTAP1. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-08 17:35:56 +02:00
Pol Henarejos
694ab2cf87 Fix authentication key_path. 
Also adding key parameter for key derivation as optional.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-06 16:53:39 +02:00
Pol Henarejos
9bf20175be Adding routine for pressing button to test required user presence. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-06 16:24:21 +02:00
Pol Henarejos
cf68a6b61f Adding msg authenticate. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-05 16:48:18 +02:00
Pol Henarejos
ed0a798f63 Instead of generating a new keypair, all keys are derived from the master key. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-05 11:30:49 +02:00