dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity
809 Commits 2 Branches 30 Tags
bc6ebdd069e2e4fc6efa7a2afaf4a1bc1bb55a82
Commit Graph

28 Commits

Author SHA1 Message Date
Pol Henarejos
3f890757ac Not present 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 01:00:18 +01:00
Pol Henarejos
93bba4fb76 Moved to pypicofido. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-18 01:04:36 +01:00
Pol Henarejos
56b6b4a8b9 Vendor Config cmds have to be < 0x8000000000000000 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-21 01:23:02 +02:00
Pol Henarejos
9b254a0738 Add support to PIN POLICY URL via VendorConfig. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 19:20:20 +02:00
Pol Henarejos
7e720e8c23 Enable enterprise attestation through VendorConfig. 
Add a subcommand to enable through pico-tool.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:56:02 +02:00
Pol Henarejos
bf484d8663 Use internal macro. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:16:14 +02:00
Pol Henarejos
6b636d0bf4 Fix CMD_CONFIG with VendorCmd. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-11 12:13:44 +02:00
Pol Henarejos
b42a664ac6 Add support for displaying memory usage via "pico-fido-tool.py memory" command. 
Fixes #82.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-23 19:56:13 +01:00
Pol Henarejos
4ce6b2df5c Refactor PHY to support more flexible and scalable architecture. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-05 00:29:58 +01:00
Pol Henarejos
2d09a5c8e5 Added support to configure LED GPIO, LED brightness and LED dimming. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-27 20:56:33 +02:00
Pol Henarejos
39e2ff40c3 Add support for dynamic VIDPID via PHY. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-18 19:44:02 +02:00
Pol Henarejos
04238509ee Generate a secure key if it is not found. 
Should fix #23.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-21 12:02:31 +01:00
Pol Henarejos
85298062cd python-fido2 has a bug which does not allow to use 0xff as ConfigVendorPrototype. 
It encodes an uint8_t to int8_t and thus, the command must be <= 0x7f.

Fixes #22.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-21 12:02:31 +01:00
Pol Henarejos
0464ad8964 Fixed AUT permission. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-21 12:02:31 +01:00
Pol Henarejos
19197e54a8 Added support for --pin flag. 
It loads Vendor/Ctap2Vendor with uv_token based on provided --pin.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-21 12:02:31 +01:00
Pol Henarejos
01a6c9f77f Added Windows & Linux backend for backup/restore. 
Fixes #21

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-21 12:02:31 +01:00
Pol Henarejos
58fbea8929 Added a flag (--filename) to upload an enterprise attestation certificate. 
If this flag is not provided, an enteprise attestation certificate is automatically requested and uploaded.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-01 19:30:00 +01:00
Pol Henarejos
bae8450a8d Added first step to Enterprise Attestation. 
Once enabled, it allows to generate a CSR in the device, which is sent to our PKI. If valid, it returns a signed certificate by an intermediate CA that will be used for attestation.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-30 23:41:05 +01:00
Pol Henarejos
e6c128fe0d Linux uses the generic interface. Needs deep testing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-07 13:15:24 +01:00
Pol Henarejos
4577e4430c Moving AUT UNLOCK to Vendor command instead of using VendorConfig. 
To do this a MSE command is added, to manage a secure environment. It performs a ephemeral ECDH exchange to derive a shared secret that will be used by vendor commands to convey ciphered data.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-30 00:47:50 +02:00
Pol Henarejos
e21d985344 Adding support for specific vendor HID command (0x41). 
It is a self implementation, based on CBOR command.
data[0] conveys the command and the contents mapped in CBOR encoding.
The map uses the authConfig template, where the fist item in the map is the subcommand (enable/disable at this moment), the second is a map of the parameters, the third and fourth are the pinUvParam and pinUvProtocol.

With this format only a single vendor HID command is necessary (0x41), which will be used for all my own commands, by using the command id in data[0] like with CBOR.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-29 19:41:00 +02:00
Pol Henarejos
43cd8869f9 Adding support for backup. 
Now it is possible to backup and restore the internal keys to recover a pico fido. The process is splitted in two parts: a list of 24 words and a file, which stores the security key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-28 00:31:50 +02:00
Pol Henarejos
a42131876f Adding disable secure key. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-27 20:11:12 +02:00
Pol Henarejos
e1f4e3035d Adding first backend, for macOS. 
In macOS, a SECP256R1 key is generated locally and stored in the keyring.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-27 19:02:03 +02:00
Pol Henarejos
71ecb23af6 Adding support for disabling secure aut. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-24 00:04:55 +02:00
Pol Henarejos
8c21a2bbcd Adding command line parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-23 23:24:35 +02:00
Pol Henarejos
53cc16ab6d Preliminar test tool for device lock/unlock 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-19 18:33:11 +02:00
Pol Henarejos
32c938674a Adding pico-fido-tool for enabling some configs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-17 17:37:54 +02:00