dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity
809 Commits 2 Branches 30 Tags
bc6ebdd069e2e4fc6efa7a2afaf4a1bc1bb55a82
Commit Graph

450 Commits

Author SHA1 Message Date
Pol Henarejos
bc6ebdd069 Upgrade to new layout 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 12:09:42 +01:00
Pol Henarejos
18d68d7e05 Fix needs power cycle logic. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 00:57:31 +01:00
Pol Henarejos
c8d62de621 Add vendor commands via CCID 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 00:26:51 +01:00
Pol Henarejos
60165c21ca Fix vendor keydev loading 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 00:26:27 +01:00
Pol Henarejos
55a60f8875 Fix power_cycle behavior 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 00:26:13 +01:00
Pol Henarejos
7ed90007ef Add support for slots 3 & 4 in OTP. 
Both slots are activated by clicking three or four times the BOOTSEL button.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-19 16:37:19 +01:00
Pol Henarejos
804ee68e86 Remove non-standard MAKE CREDENTIAL step. 
It may collide with other userName and the purpose is achieved cleaner via Rescue interface.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-08 10:46:51 +01:00
Pol Henarejos
81d97f1a18 Upgrade to v7.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-05 19:56:09 +01:00
Pol Henarejos
5fc84d7097 Reset internal state of GA to avoid phantom requests on GNA. 
When a previous GA had more than 1 credential, it stored the full list in the internal state. Later, if a GA had only 1 credential, subsequent GNA returned older state of previous non-related GA.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-05 12:36:44 +01:00
Pol Henarejos
ac7e34522a Fixed resident credential storage when two userId have the same prefix. 
Added a specific test for this case.

Fixes #241.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-05 12:34:04 +01:00
Pol Henarejos
aa9df892d3 Revert "Move EDDSA to another branch." 
This reverts commit 1867f0330f.
 2025-12-11 15:41:47 +01:00
Pol Henarejos
7ac2ce30f0 Revert "Move other curves to another branch." 
This reverts commit 46720fb387.
 2025-12-11 15:40:16 +01:00
Pol Henarejos
e86862033c Revert "Move enterprise attestation to another branch." 
This reverts commit 1d21d93b74.
 2025-12-11 15:40:10 +01:00
Pol Henarejos
1d21d93b74 Move enterprise attestation to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 21:39:10 +01:00
Pol Henarejos
46720fb387 Move other curves to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 18:52:13 +01:00
Pol Henarejos
1867f0330f Move EDDSA to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 15:56:31 +01:00
Pol Henarejos
bb542e3b83 Add is_gpg flag for fido2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-07 20:34:42 +01:00
Pol Henarejos
abcfe6e87b Upgrade to v7.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-01 17:17:17 +01:00
Pol Henarejos
dc572bcc81 Add versions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-15 20:18:08 +01:00
Pol Henarejos
0d89a21be7 Fix if/else logic. Fixes #199. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-09 20:13:45 +01:00
Pol Henarejos
65194e3775 Remove debug. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-09 20:13:04 +01:00
Pol Henarejos
b0180711e7 Fix build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-28 09:36:55 +01:00
Pol Henarejos
a59cdef8e6 Merge branch 'main' into development 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

# Conflicts:
#	pico-keys-sdk
 2025-10-26 20:12:26 +01:00
Pol Henarejos
d4f2d04487 Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:10:06 +01:00
Pol Henarejos
6b93938040 Fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-12 18:56:14 +02:00
Pol Henarejos
898c88dc6d Migration to the new system of secure functions to derive keys based on OTP, if available, and pico_serial as a fallback. PIN is also an input vector, which defines a separated domain. 
PIN is used to derive encryption key, derive session key and derive verifier. From session key is derived encryption key. As a consequence, MKEK functionalities are not necessary anymore, since key device is handled by this new set directly. Some MKEK functions are left for compatibility purposes and for the silent migration to new format.  It also applies for double_hash_pin and hash_multi, which are deprecated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-08 00:33:23 +02:00
Pol Henarejos
d424f0dea7 Add sanity check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-07 21:11:50 +02:00
Pol Henarejos
6c85421eca Using new PIN format. 
Now, PIN uses OTP as a seed to avoid memory dumps, when available (RP2350 / ESP32).

Related with #187.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-28 20:28:04 +02:00
Pol Henarejos
3e9d1a4eb4 Fix silent authentication with resident keys. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-28 00:05:25 +02:00
Pol Henarejos
c6dba5df43 Fix silent authentication with new resident key system. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-27 23:52:08 +02:00
Pol Henarejos
eae22a97fb Fix conditional build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-23 17:17:01 +02:00
Pol Henarejos
665f029593 Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:41:55 +02:00
Pol Henarejos
b25e4bed6c Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:35:55 +02:00
Pol Henarejos
56b6b4a8b9 Vendor Config cmds have to be < 0x8000000000000000 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-21 01:23:02 +02:00
Pol Henarejos
9b254a0738 Add support to PIN POLICY URL via VendorConfig. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 19:20:20 +02:00
Pol Henarejos
e4f8caa1ba Add VendorConfig upload EA command to get_info(). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 18:20:36 +02:00
Pol Henarejos
7e720e8c23 Enable enterprise attestation through VendorConfig. 
Add a subcommand to enable through pico-tool.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:56:02 +02:00
Pol Henarejos
b3b3a5eecc Add other PHY commands to get_info(). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:23:45 +02:00
Pol Henarejos
6b636d0bf4 Fix CMD_CONFIG with VendorCmd. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:13:44 +02:00
Pol Henarejos
54fb02995f Add 4 pseudorandom bytes to allow indexing used by some RP entities. 
Fixes #185

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 11:31:45 +02:00
Pol Henarejos
56d5c61044 Add compatibility of old resident key system with the new one. 
Related to #184.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-06 19:14:27 +02:00
Pol Henarejos
1ac628d241 Major refactor on resident keys. 
Now, credential ids have shorter and fixed length (40) to avoid issues with some servers, which have maximum credential id length constraints.

Fixes #184

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-04 21:57:53 +02:00
Pol Henarejos
48cc417546 Added support for Brainpool curves and Ed448. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-02 15:49:39 +02:00
Pol Henarejos
351242d377 Fix build for ESP. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 21:27:53 +02:00
Pol Henarejos
3fe3a9d2ec Fix build for emulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 20:50:44 +02:00
Pol Henarejos
35a043f261 Fix automatic build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 20:41:23 +02:00
Pol Henarejos
44c5ad4adb Some VIDs do not support VENDOR_CONFIG values. 
Fixes #172.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-01 20:38:07 +02:00
Pol Henarejos
f7ba3eec38 Fix crash APDU with CBOR. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:19:54 +02:00
Pol Henarejos
292a9e8d8a Add support for hmac-secret-mc extension. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 01:04:09 +02:00
Pol Henarejos
73a7856866 Add support for persistentPinUvAuthToken. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 00:17:57 +02:00