dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity
800 Commits 2 Branches 30 Tags
804ee68e86755c7b6e67fd612161c1f41a28d54a
Commit Graph

39 Commits

Author SHA1 Message Date
Pol Henarejos
65194e3775 Remove debug. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-09 20:13:04 +01:00
Pol Henarejos
a59cdef8e6 Merge branch 'main' into development 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

# Conflicts:
#	pico-keys-sdk
 2025-10-26 20:12:26 +01:00
Pol Henarejos
d4f2d04487 Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:10:06 +01:00
Pol Henarejos
898c88dc6d Migration to the new system of secure functions to derive keys based on OTP, if available, and pico_serial as a fallback. PIN is also an input vector, which defines a separated domain. 
PIN is used to derive encryption key, derive session key and derive verifier. From session key is derived encryption key. As a consequence, MKEK functionalities are not necessary anymore, since key device is handled by this new set directly. Some MKEK functions are left for compatibility purposes and for the silent migration to new format.  It also applies for double_hash_pin and hash_multi, which are deprecated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-08 00:33:23 +02:00
Pol Henarejos
6c85421eca Using new PIN format. 
Now, PIN uses OTP as a seed to avoid memory dumps, when available (RP2350 / ESP32).

Related with #187.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-28 20:28:04 +02:00
Pol Henarejos
665f029593 Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:41:55 +02:00
Pol Henarejos
b25e4bed6c Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:35:55 +02:00
Pol Henarejos
73a7856866 Add support for persistentPinUvAuthToken. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 00:17:57 +02:00
Pol Henarejos
6a67800057 Add support for PIN hash storage and MKEK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-03 01:20:58 +01:00
Pol Henarejos
6c74db9763 Fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-23 13:17:51 +02:00
Pol Henarejos
f49833291f Major refactor of USB CCID and USB HID interfaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-23 10:04:00 +02:00
Pol Henarejos
163e936231 Fix potential bug in CBOR encoding. 
It happen if a keepalive packet is sent in the middle of an encoding.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-18 23:59:52 +02:00
Pol Henarejos
1b4dd9bed0 Fix ESP32 build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-18 23:53:18 +02:00
Pol Henarejos
1f0e1fb8f4 Use latest Pico Keys SDK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-05-05 00:58:51 +02:00
Pol Henarejos
d78d9d10aa Use new names and defines. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 15:22:28 +01:00
Pol Henarejos
4c3042a8bf Added function for reading COSE keys. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-17 01:30:49 +02:00
Pol Henarejos
b7ceec8d49 Using COSE keys write functions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-08-17 01:19:45 +02:00
Pol Henarejos
8b2be54ede Update code style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-03-04 14:05:30 +01:00
Pol Henarejos
4f33d999e3 Adjusting code to work with the emulated interface. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-01-09 18:07:41 +01:00
Pol Henarejos
81d3da2645 Activating LBW permission. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-14 23:51:17 +01:00
Pol Henarejos
2cf211cbd0 Fix clearing token rp link. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-09 16:27:41 +01:00
Pol Henarejos
71c0e865dc Fixed RP attachment to token. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:27:12 +01:00
Pol Henarejos
052ff2d60a Fix requesting a UV token. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:02:53 +01:00
Pol Henarejos
8b70c864a4 Added support for enterprise attestation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 17:39:21 +01:00
Pol Henarejos
d45fa9aae0 Added support for setMinPinLength. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 17:01:18 +01:00
Pol Henarejos
23c7e16e6e Fix counting PIN retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 16:42:49 +01:00
Pol Henarejos
04868f2d7b Added permissions support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 13:00:28 +01:00
Pol Henarejos
4425722a71 Adding support for CBOR CONFIG. 
This first support includes a vendor command for encrypting the key device with external key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-17 17:37:39 +02:00
Pol Henarejos
7c271fc4f3 Fix counting mismatches. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-04 16:58:33 +02:00
Pol Henarejos
c2e16fda41 Fix change pin for protocol v2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-04 00:00:03 +02:00
Pol Henarejos
f84d36b1da Add return error when no pin is set on getUVToken. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-03 17:47:27 +02:00
Pol Henarejos
a294840425 Make more easy encryption/decryption with ProtocolV2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-03 16:09:59 +02:00
Pol Henarejos
ad07052e6a PIN protocol 2 fixes. 
Tested with Webauthn.io

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-27 22:09:46 +02:00
Pol Henarejos
2d5fffedb9 Fix resetting pin mismatches. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 19:24:28 +02:00
Pol Henarejos
864965c1fe Fix verying when no paut is in use. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-22 09:59:17 +02:00
Pol Henarejos
08c3c3344c Moving up and uv flags to paut. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-21 00:00:25 +02:00
Pol Henarejos
3dc7af05c1 More fixes. 2022-09-20 15:07:48 +02:00
Pol Henarejos
a3c60f762d Reorganizing core0/core1 split. 
Now CBOR and APDU (i.e., intensive processing) areas are executed on core1, while core0 is dedicated for hardware tasks (usb, button, led, etc.).
 2022-09-20 14:39:59 +02:00
Pol Henarejos
f439b85de7 clientPIN passes the first test. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-09-20 11:38:59 +02:00