From 6c85d57412749de0aa3b78dab9f821370822775f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 10:13:06 +0200 Subject: [PATCH 001/127] Added support for LED in Pico W. Fixed #17. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index a36a89c..10a9511 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit a36a89cc9555b9a9959218f011488c542aefc0b8 +Subproject commit 10a951135888c976369d101e36b771faab3dd469 -- 2.34.1 From b1c4ff877e2402fcedc6e034b8a0d6382c02b19b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 18 Sep 2023 10:39:21 +0200 Subject: [PATCH 002/127] Fix pico_w build. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 10a9511..a35ba06 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 10a951135888c976369d101e36b771faab3dd469 +Subproject commit a35ba063c4c8d04d81e794577029df8603cb5dcc -- 2.34.1 From c1fd5736f90dd9bbc999a192ce1d89bee8584ee5 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 28 Oct 2023 20:51:36 +0200 Subject: [PATCH 003/127] Update to latest HSM SDK changes. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index a35ba06..4f09254 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit a35ba063c4c8d04d81e794577029df8603cb5dcc +Subproject commit 4f0925420b896c247718471da39eb9ae1f86b145 -- 2.34.1 From 46ce9390bf4816b3d4132973273611ac1e77cba4 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 28 Oct 2023 20:52:07 +0200 Subject: [PATCH 004/127] Added backfall compatibility. Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index f9e9269..9483d44 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -25,6 +25,7 @@ #include "apdu.h" #include "management.h" #include "ctap2_cbor.h" +#include "version.h" const bool _btrue = true, _bfalse = false; @@ -40,6 +41,8 @@ int cbor_config(const uint8_t *data, size_t len); int cbor_vendor(const uint8_t *data, size_t len); int cbor_large_blobs(const uint8_t *data, size_t len); +extern int cmd_read_config(); + const uint8_t aaguid[16] = { 0x89, 0xFB, 0x94, 0xB7, 0x06, 0xC9, 0x36, 0x73, 0x9B, 0x7E, 0x30, 0x52, 0x6D, 0x96, 0x81, 0x45 }; // First 16 bytes of SHA256("Pico FIDO2") @@ -91,6 +94,12 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { else if (cmd == CTAP_VENDOR_CBOR) { return cbor_vendor(data, len); } + else if (cmd == 0xC2) { + if (cmd_read_config() == 0x9000) { + res_APDU_size -= 1; + return 0; + } + } } return CTAP1_ERR_INVALID_CMD; } -- 2.34.1 From c24be5a6319c98cc95ed410807d5c7679782cecf Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 28 Oct 2023 20:53:06 +0200 Subject: [PATCH 005/127] Adapted to new selection AID method. Signed-off-by: Pol Henarejos --- src/fido/cmd_register.c | 14 +++------ src/fido/fido.c | 22 +++++++------ src/fido/management.c | 22 ++++++------- src/fido/oath.c | 70 +++++++++++++++++++---------------------- src/fido/otp.c | 34 +++++++++----------- 5 files changed, 75 insertions(+), 87 deletions(-) diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 837cb90..877f5b0 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -32,18 +32,14 @@ const uint8_t u2f_aid[] = { int u2f_unload(); int u2f_process_apdu(); -app_t *u2f_select(app_t *a, const uint8_t *aid, uint8_t aid_len) { - if (!memcmp(aid, u2f_aid + 1, MIN(aid_len, u2f_aid[0])) && cap_supported(CAP_U2F)) { - a->aid = u2f_aid; - a->process_apdu = u2f_process_apdu; - a->unload = u2f_unload; - return a; - } - return NULL; +int u2f_select(app_t *a) { + a->process_apdu = u2f_process_apdu; + a->unload = u2f_unload; + return CCID_OK; } void __attribute__((constructor)) u2f_ctor() { - register_app(u2f_select); + register_app(u2f_select, u2f_aid); } int u2f_unload() { diff --git a/src/fido/fido.c b/src/fido/fido.c index dc70e86..32db925 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -33,6 +33,7 @@ #include #include "management.h" #include "ctap_hid.h" +#include "version.h" int fido_process_apdu(); int fido_unload(); @@ -53,27 +54,30 @@ const uint8_t atr_fido[] = { 0x75, 0x62, 0x69, 0x4b, 0x65, 0x79, 0x40 }; -app_t *fido_select(app_t *a, const uint8_t *aid, uint8_t aid_len) { - if (!memcmp(aid, fido_aid + 1, MIN(aid_len, fido_aid[0])) && cap_supported(CAP_FIDO2)) { - a->aid = fido_aid; - a->process_apdu = fido_process_apdu; - a->unload = fido_unload; - return a; - } - return NULL; +int fido_select(app_t *a) { + a->process_apdu = fido_process_apdu; + a->unload = fido_unload; + return CCID_OK; } void __attribute__((constructor)) fido_ctor() { #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) ccid_atr = atr_fido; #endif - register_app(fido_select); + register_app(fido_select, fido_aid); } int fido_unload() { return CCID_OK; } +uint8_t get_version_major() { + return PICO_FIDO_VERSION_MAJOR; +} +uint8_t get_version_minor() { + return PICO_FIDO_VERSION_MINOR; +} + mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { if (curve == FIDO2_CURVE_P256) { return MBEDTLS_ECP_DP_SECP256R1; diff --git a/src/fido/management.c b/src/fido/management.c index f2f8df7..5d4eefb 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -31,22 +31,18 @@ const uint8_t man_aid[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17 }; extern void scan_all(); -app_t *man_select(app_t *a, const uint8_t *aid, uint8_t aid_len) { - if (!memcmp(aid, man_aid + 1, MIN(aid_len, man_aid[0]))) { - a->aid = man_aid; - a->process_apdu = man_process_apdu; - a->unload = man_unload; - sprintf((char *) res_APDU, "%d.%d.0", PICO_FIDO_VERSION_MAJOR, PICO_FIDO_VERSION_MINOR); - res_APDU_size = strlen((char *) res_APDU); - apdu.ne = res_APDU_size; - scan_all(); - return a; - } - return NULL; +int man_select(app_t *a) { + a->process_apdu = man_process_apdu; + a->unload = man_unload; + sprintf((char *) res_APDU, "%d.%d.0", PICO_FIDO_VERSION_MAJOR, PICO_FIDO_VERSION_MINOR); + res_APDU_size = strlen((char *) res_APDU); + apdu.ne = res_APDU_size; + scan_all(); + return CCID_OK; } void __attribute__((constructor)) man_ctor() { - register_app(man_select); + register_app(man_select, man_aid); } int man_unload() { diff --git a/src/fido/oath.c b/src/fido/oath.c index e3d25bc..a0713c9 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -68,50 +68,46 @@ const uint8_t oath_aid[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x21, 0x01 }; -app_t *oath_select(app_t *a, const uint8_t *aid, uint8_t aid_len) { - if (!memcmp(aid, oath_aid + 1, MIN(aid_len, oath_aid[0])) && cap_supported(CAP_OATH)) { - a->aid = oath_aid; - a->process_apdu = oath_process_apdu; - a->unload = oath_unload; - res_APDU_size = 0; - res_APDU[res_APDU_size++] = TAG_T_VERSION; - res_APDU[res_APDU_size++] = 3; - res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MAJOR; - res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MINOR; - res_APDU[res_APDU_size++] = 0; - res_APDU[res_APDU_size++] = TAG_NAME; - res_APDU[res_APDU_size++] = 8; +int oath_select(app_t *a) { + a->process_apdu = oath_process_apdu; + a->unload = oath_unload; + res_APDU_size = 0; + res_APDU[res_APDU_size++] = TAG_T_VERSION; + res_APDU[res_APDU_size++] = 3; + res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MAJOR; + res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MINOR; + res_APDU[res_APDU_size++] = 0; + res_APDU[res_APDU_size++] = TAG_NAME; + res_APDU[res_APDU_size++] = 8; #ifndef ENABLE_EMULATION - pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size)); - res_APDU_size += 8; + pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size)); + res_APDU_size += 8; #else - memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8; + memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8; #endif - if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { - random_gen(NULL, challenge, sizeof(challenge)); - res_APDU[res_APDU_size++] = TAG_CHALLENGE; - res_APDU[res_APDU_size++] = sizeof(challenge); - memcpy(res_APDU + res_APDU_size, challenge, sizeof(challenge)); - res_APDU_size += sizeof(challenge); - } - file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); - if (file_has_data(ef_otp_pin)) { - const uint8_t *pin_data = file_get_data(ef_otp_pin); - res_APDU[res_APDU_size++] = TAG_PIN_COUNTER; - res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = *pin_data; - } - res_APDU[res_APDU_size++] = TAG_ALGO; - res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; - apdu.ne = res_APDU_size; - return a; + if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { + random_gen(NULL, challenge, sizeof(challenge)); + res_APDU[res_APDU_size++] = TAG_CHALLENGE; + res_APDU[res_APDU_size++] = sizeof(challenge); + memcpy(res_APDU + res_APDU_size, challenge, sizeof(challenge)); + res_APDU_size += sizeof(challenge); } - return NULL; + file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); + if (file_has_data(ef_otp_pin)) { + const uint8_t *pin_data = file_get_data(ef_otp_pin); + res_APDU[res_APDU_size++] = TAG_PIN_COUNTER; + res_APDU[res_APDU_size++] = 1; + res_APDU[res_APDU_size++] = *pin_data; + } + res_APDU[res_APDU_size++] = TAG_ALGO; + res_APDU[res_APDU_size++] = 1; + res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; + apdu.ne = res_APDU_size; + return CCID_OK; } void __attribute__((constructor)) oath_ctor() { - register_app(oath_select); + register_app(oath_select, oath_aid); } int oath_unload() { diff --git a/src/fido/otp.c b/src/fido/otp.c index a38c287..3bfce0d 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -116,25 +116,21 @@ const uint8_t otp_aid[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01 }; -app_t *otp_select(app_t *a, const uint8_t *aid, uint8_t aid_len) { - if (!memcmp(aid, otp_aid + 1, MIN(aid_len, otp_aid[0])) && cap_supported(CAP_OTP)) { - a->aid = otp_aid; - a->process_apdu = otp_process_apdu; - a->unload = otp_unload; - if (file_has_data(search_dynamic_file(EF_OTP_SLOT1)) || - file_has_data(search_dynamic_file(EF_OTP_SLOT2))) { - config_seq = 1; - } - else { - config_seq = 0; - } - otp_status(); - memmove(res_APDU, res_APDU + 1, 6); - res_APDU_size = 6; - apdu.ne = res_APDU_size; - return a; +int otp_select(app_t *a) { + a->process_apdu = otp_process_apdu; + a->unload = otp_unload; + if (file_has_data(search_dynamic_file(EF_OTP_SLOT1)) || + file_has_data(search_dynamic_file(EF_OTP_SLOT2))) { + config_seq = 1; } - return NULL; + else { + config_seq = 0; + } + otp_status(); + memmove(res_APDU, res_APDU + 1, 6); + res_APDU_size = 6; + apdu.ne = res_APDU_size; + return CCID_OK; } uint8_t modhex_tab[] = @@ -308,7 +304,7 @@ int otp_button_pressed(uint8_t slot) { } void __attribute__((constructor)) otp_ctor() { - register_app(otp_select); + register_app(otp_select, otp_aid); button_pressed_cb = otp_button_pressed; } -- 2.34.1 From da94a824877b46c2e4cc5c63a9375269a156075b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 28 Oct 2023 20:57:53 +0200 Subject: [PATCH 006/127] Fix AID selection. Signed-off-by: Pol Henarejos --- src/fido/cmd_register.c | 9 ++++-- src/fido/fido.c | 9 ++++-- src/fido/oath.c | 63 +++++++++++++++++++++-------------------- src/fido/otp.c | 29 ++++++++++--------- 4 files changed, 61 insertions(+), 49 deletions(-) diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 877f5b0..1be7e55 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -33,9 +33,12 @@ int u2f_unload(); int u2f_process_apdu(); int u2f_select(app_t *a) { - a->process_apdu = u2f_process_apdu; - a->unload = u2f_unload; - return CCID_OK; + if (cap_supported(CAP_U2F)) { + a->process_apdu = u2f_process_apdu; + a->unload = u2f_unload; + return CCID_OK; + } + return CCID_ERR_FILE_NOT_FOUND; } void __attribute__((constructor)) u2f_ctor() { diff --git a/src/fido/fido.c b/src/fido/fido.c index 32db925..4431136 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -55,9 +55,12 @@ const uint8_t atr_fido[] = { }; int fido_select(app_t *a) { - a->process_apdu = fido_process_apdu; - a->unload = fido_unload; - return CCID_OK; + if (cap_supported(CAP_FIDO2)) { + a->process_apdu = fido_process_apdu; + a->unload = fido_unload; + return CCID_OK; + } + return CCID_ERR_FILE_NOT_FOUND; } void __attribute__((constructor)) fido_ctor() { diff --git a/src/fido/oath.c b/src/fido/oath.c index a0713c9..0a9b9a3 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -69,41 +69,44 @@ const uint8_t oath_aid[] = { }; int oath_select(app_t *a) { - a->process_apdu = oath_process_apdu; - a->unload = oath_unload; - res_APDU_size = 0; - res_APDU[res_APDU_size++] = TAG_T_VERSION; - res_APDU[res_APDU_size++] = 3; - res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MAJOR; - res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MINOR; - res_APDU[res_APDU_size++] = 0; - res_APDU[res_APDU_size++] = TAG_NAME; - res_APDU[res_APDU_size++] = 8; + if (cap_supported(CAP_OATH)) { + a->process_apdu = oath_process_apdu; + a->unload = oath_unload; + res_APDU_size = 0; + res_APDU[res_APDU_size++] = TAG_T_VERSION; + res_APDU[res_APDU_size++] = 3; + res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MAJOR; + res_APDU[res_APDU_size++] = PICO_FIDO_VERSION_MINOR; + res_APDU[res_APDU_size++] = 0; + res_APDU[res_APDU_size++] = TAG_NAME; + res_APDU[res_APDU_size++] = 8; #ifndef ENABLE_EMULATION - pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size)); - res_APDU_size += 8; + pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size)); + res_APDU_size += 8; #else - memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8; + memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8; #endif - if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { - random_gen(NULL, challenge, sizeof(challenge)); - res_APDU[res_APDU_size++] = TAG_CHALLENGE; - res_APDU[res_APDU_size++] = sizeof(challenge); - memcpy(res_APDU + res_APDU_size, challenge, sizeof(challenge)); - res_APDU_size += sizeof(challenge); - } - file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); - if (file_has_data(ef_otp_pin)) { - const uint8_t *pin_data = file_get_data(ef_otp_pin); - res_APDU[res_APDU_size++] = TAG_PIN_COUNTER; + if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { + random_gen(NULL, challenge, sizeof(challenge)); + res_APDU[res_APDU_size++] = TAG_CHALLENGE; + res_APDU[res_APDU_size++] = sizeof(challenge); + memcpy(res_APDU + res_APDU_size, challenge, sizeof(challenge)); + res_APDU_size += sizeof(challenge); + } + file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); + if (file_has_data(ef_otp_pin)) { + const uint8_t *pin_data = file_get_data(ef_otp_pin); + res_APDU[res_APDU_size++] = TAG_PIN_COUNTER; + res_APDU[res_APDU_size++] = 1; + res_APDU[res_APDU_size++] = *pin_data; + } + res_APDU[res_APDU_size++] = TAG_ALGO; res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = *pin_data; + res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; + apdu.ne = res_APDU_size; + return CCID_OK; } - res_APDU[res_APDU_size++] = TAG_ALGO; - res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; - apdu.ne = res_APDU_size; - return CCID_OK; + return CCID_ERR_FILE_NOT_FOUND; } void __attribute__((constructor)) oath_ctor() { diff --git a/src/fido/otp.c b/src/fido/otp.c index 3bfce0d..7a8bfd3 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -117,20 +117,23 @@ const uint8_t otp_aid[] = { }; int otp_select(app_t *a) { - a->process_apdu = otp_process_apdu; - a->unload = otp_unload; - if (file_has_data(search_dynamic_file(EF_OTP_SLOT1)) || - file_has_data(search_dynamic_file(EF_OTP_SLOT2))) { - config_seq = 1; + if (cap_supported(CAP_OTP)) { + a->process_apdu = otp_process_apdu; + a->unload = otp_unload; + if (file_has_data(search_dynamic_file(EF_OTP_SLOT1)) || + file_has_data(search_dynamic_file(EF_OTP_SLOT2))) { + config_seq = 1; + } + else { + config_seq = 0; + } + otp_status(); + memmove(res_APDU, res_APDU + 1, 6); + res_APDU_size = 6; + apdu.ne = res_APDU_size; + return CCID_OK; } - else { - config_seq = 0; - } - otp_status(); - memmove(res_APDU, res_APDU + 1, 6); - res_APDU_size = 6; - apdu.ne = res_APDU_size; - return CCID_OK; + return CCID_ERR_FILE_NOT_FOUND; } uint8_t modhex_tab[] = -- 2.34.1 From 7bf26b28fcf14621f1613fb53734eadc10b4b89f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 30 Oct 2023 16:51:56 +0100 Subject: [PATCH 007/127] Fixed potential memory leak. Signed-off-by: Pol Henarejos --- src/fido/oath.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/fido/oath.c b/src/fido/oath.c index 0a9b9a3..d2615c7 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -454,6 +454,7 @@ int cmd_calculate_all() { if (asn1_find_tag(apdu.data, apdu.nc, TAG_CHALLENGE, &chal_len, &chal) == false) { return SW_INCORRECT_PARAMS(); } + res_APDU_size = 0; for (int i = 0; i < MAX_OATH_CRED; i++) { file_t *ef = search_dynamic_file(EF_OATH_CRED + i); if (file_has_data(ef)) { -- 2.34.1 From 0fd36806cced45b11c1ed36c14fc505cd8d3d171 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 31 Oct 2023 00:40:56 +0100 Subject: [PATCH 008/127] Fixed potential crash. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 4f09254..3182d1e 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 4f0925420b896c247718471da39eb9ae1f86b145 +Subproject commit 3182d1e2e66f860f3b8f50fc2d86b4903b4f3784 -- 2.34.1 From e5d1ef29a4335cd3fd483216772527cd16f32a8a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 31 Oct 2023 17:35:59 +0100 Subject: [PATCH 009/127] Fixed OTP read packet through HID interfaces. Fixes #19. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 3182d1e..d580194 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 3182d1e2e66f860f3b8f50fc2d86b4903b4f3784 +Subproject commit d58019403007d18ba10c0f490f0338747d577500 -- 2.34.1 From 365236854223394933dc213e011888be595bbe14 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 2 Nov 2023 09:32:19 +0100 Subject: [PATCH 010/127] Added Windows & Linux backend for backup/restore. Fixes #21 Signed-off-by: Pol Henarejos --- tools/pico-fido-tool.py | 32 +++++++++++++++++++-------- tools/secure_key/windows.py | 44 +++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 9 deletions(-) create mode 100644 tools/secure_key/windows.py diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 9971387..4123233 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -23,7 +23,6 @@ import sys import argparse import platform from binascii import hexlify -from words import words from threading import Event from typing import Mapping, Any, Optional, Callable import struct @@ -58,14 +57,6 @@ except: from enum import IntEnum from binascii import hexlify -if (platform.system() == 'Windows' or platform.system() == 'Linux'): - from secure_key import windows as skey -elif (platform.system() == 'Darwin'): - from secure_key import macos as skey -else: - print('ERROR: platform not supported') - sys.exit(-1) - def get_pki_data(url, data=None, method='GET'): user_agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; ' 'rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7' @@ -252,6 +243,14 @@ class Vendor: return self.ctap.vendor(cmd, sub_cmd, params, pin_uv_protocol, pin_uv_param) def backup_save(self, filename): + if (platform.system() == 'Windows' or platform.system() == 'Linux'): + from secure_key import windows as skey + elif (platform.system() == 'Darwin'): + from secure_key import macos as skey + else: + print('ERROR: platform not supported') + sys.exit(-1) + from words import words ret = self._call( Vendor.CMD.VENDOR_BACKUP, Vendor.SUBCMD.ENABLE, @@ -270,6 +269,14 @@ class Vendor: print(f'{(c+1):02d} - {words[coef]}') def backup_load(self, filename): + if (platform.system() == 'Windows' or platform.system() == 'Linux'): + from secure_key import windows as skey + elif (platform.system() == 'Darwin'): + from secure_key import macos as skey + else: + print('ERROR: platform not supported') + sys.exit(-1) + from words import words d = 0 if (d == 0): for c in range(24): @@ -349,6 +356,13 @@ class Vendor: ) def _get_key_device(self): + if (platform.system() == 'Windows' or platform.system() == 'Linux'): + from secure_key import windows as skey + elif (platform.system() == 'Darwin'): + from secure_key import macos as skey + else: + print('ERROR: platform not supported') + sys.exit(-1) return skey.get_secure_key() def get_skey(self): diff --git a/tools/secure_key/windows.py b/tools/secure_key/windows.py new file mode 100644 index 0000000..d1c5845 --- /dev/null +++ b/tools/secure_key/windows.py @@ -0,0 +1,44 @@ +import sys +import os +import base64 + +DOMAIN = "PicoKeys.com" +USERNAME = "Pico-Fido" + +try: + import keyring +except: + print('ERROR: keyring module not found! Install keyring package.\nTry with `pip install keyring`') + sys.exit(-1) + +try: + from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption, load_pem_private_key + from cryptography.hazmat.primitives.asymmetric import ec +except: + print('ERROR: cryptography module not found! Install cryptography package.\nTry with `pip install cryptography`') + sys.exit(-1) + + + +def generate_secure_key(): + pkey = ec.generate_private_key(ec.SECP256R1()) + set_secure_key(pkey) + return keyring.get_password(DOMAIN, USERNAME) + +def get_d(key): + return load_pem_private_key(key, password=None).private_numbers().private_value.to_bytes(32, 'big') + +def set_secure_key(pk): + try: + keyring.delete_password(DOMAIN, USERNAME) + except: + pass + keyring.set_password(DOMAIN, USERNAME, pk.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()).decode()) + +def get_secure_key(): + key = None + try: + key = keyring.get_password(DOMAIN, USERNAME) + except keyring.errors.KeyringError: + key = generate_secure_key() + return get_d(key.encode()) -- 2.34.1 From 8e36b4c379eebbbe25014855f9006c487fec99ec Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 2 Nov 2023 22:08:49 +0100 Subject: [PATCH 011/127] Added support for --pin flag. It loads Vendor/Ctap2Vendor with uv_token based on provided --pin. Signed-off-by: Pol Henarejos --- tools/pico-fido-tool.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 4123233..38336d0 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -32,7 +32,7 @@ from enum import IntEnum, unique try: from fido2.ctap2.config import Config - from fido2.ctap2 import Ctap2 + from fido2.ctap2 import Ctap2, ClientPin, PinProtocolV2 from fido2.hid import CtapHidDevice, CTAPHID from fido2.utils import bytes2int, int2bytes from fido2 import cbor @@ -221,7 +221,7 @@ class Vendor: self.__key_enc = None self.__iv = None - self.vcfg = VendorConfig(ctap) + self.vcfg = VendorConfig(ctap, pin_uv_protocol=pin_uv_protocol, pin_uv_token=pin_uv_token) def _call(self, cmd, sub_cmd, params=None): if params: @@ -395,6 +395,7 @@ class Vendor: def parse_args(): parser = argparse.ArgumentParser() subparser = parser.add_subparsers(title="commands", dest="command") + parser.add_argument('-p','--pin', help='Specify the PIN of the device.', required=True) parser_secure = subparser.add_parser('secure', help='Manages security of Pico Fido.') parser_secure.add_argument('subcommand', choices=['enable', 'disable', 'unlock'], help='Enables, disables or unlocks the security.') @@ -440,15 +441,17 @@ def attestation(vdr, args): vdr.upload_ea(cert.public_bytes(Encoding.DER)) def main(args): - print('Pico Fido Tool v1.4') + print('Pico Fido Tool v1.5') print('Author: Pol Henarejos') print('Report bugs to https://github.com/polhenarejos/pico-fido/issues') print('') print('') dev = next(CtapHidDevice.list_devices(), None) - - vdr = Vendor(Ctap2Vendor(dev)) + ctap = Ctap2Vendor(dev) + client_pin = ClientPin(ctap) + token = client_pin.get_pin_token(args.pin) + vdr = Vendor(ctap, pin_uv_protocol=PinProtocolV2(), pin_uv_token=token) if (args.command == 'secure'): secure(vdr, args) -- 2.34.1 From 65039c0959fd13b7d4e22f4fba89f553b64bbbbc Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 2 Nov 2023 22:13:45 +0100 Subject: [PATCH 012/127] Fixed AUT permission. Signed-off-by: Pol Henarejos --- tools/pico-fido-tool.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 38336d0..5b58911 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -90,7 +90,7 @@ class VendorConfig(Config): def enable_device_aut(self, ct): self._call( - Config.CMD.VENDOR_PROTOTYPE, + Config.CMD.CONFIG_VENDOR_PROTOTYPE, { VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_ENABLE, VendorConfig.PARAM.VENDOR_AUT_CT: ct @@ -99,7 +99,7 @@ class VendorConfig(Config): def disable_device_aut(self): self._call( - Config.CMD.VENDOR_PROTOTYPE, + Config.CMD.CONFIG_VENDOR_PROTOTYPE, { VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_DISABLE }, @@ -450,7 +450,7 @@ def main(args): dev = next(CtapHidDevice.list_devices(), None) ctap = Ctap2Vendor(dev) client_pin = ClientPin(ctap) - token = client_pin.get_pin_token(args.pin) + token = client_pin.get_pin_token(args.pin, permissions=ClientPin.PERMISSION.AUTHENTICATOR_CFG) vdr = Vendor(ctap, pin_uv_protocol=PinProtocolV2(), pin_uv_token=token) if (args.command == 'secure'): -- 2.34.1 From 421bea642167b16ee09e6efd3ab18820eeee2504 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 2 Nov 2023 22:14:42 +0100 Subject: [PATCH 013/127] python-fido2 has a bug which does not allow to use 0xff as ConfigVendorPrototype. It encodes an uint8_t to int8_t and thus, the command must be <= 0x7f. Fixes #22. Signed-off-by: Pol Henarejos --- src/fido/cbor_config.c | 4 ++-- tools/pico-fido-tool.py | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 88562d8..0d6aeb8 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -64,7 +64,7 @@ int cbor_config(const uint8_t *data, size_t len) { raw_subpara = (uint8_t *) cbor_value_get_next_byte(&_f1); CBOR_PARSE_MAP_START(_f1, 2) { - if (subcommand == 0xff) { + if (subcommand == 0x7f) { CBOR_FIELD_GET_UINT(subpara, 2); if (subpara == 0x01) { CBOR_FIELD_GET_UINT(vendorCommandId, 2); @@ -134,7 +134,7 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } - if (subcommand == 0xff) { + if (subcommand == 0x7f) { if (vendorCommandId == CTAP_CONFIG_AUT_DISABLE) { if (!file_has_data(ef_keydev_enc)) { CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 5b58911..a12bce1 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -81,6 +81,7 @@ class VendorConfig(Config): class CMD(IntEnum): CONFIG_AUT_ENABLE = 0x03e43f56b34285e2 CONFIG_AUT_DISABLE = 0x1831a40f04a25ed9 + CONFIG_VENDOR_PROTOTYPE = 0x7f class RESP(IntEnum): KEY_AGREEMENT = 0x01 @@ -90,7 +91,7 @@ class VendorConfig(Config): def enable_device_aut(self, ct): self._call( - Config.CMD.CONFIG_VENDOR_PROTOTYPE, + VendorConfig.CMD.CONFIG_VENDOR_PROTOTYPE, { VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_ENABLE, VendorConfig.PARAM.VENDOR_AUT_CT: ct @@ -99,7 +100,7 @@ class VendorConfig(Config): def disable_device_aut(self): self._call( - Config.CMD.CONFIG_VENDOR_PROTOTYPE, + VendorConfig.CMD.CONFIG_VENDOR_PROTOTYPE, { VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_AUT_DISABLE }, -- 2.34.1 From 5db1014850aa60921db489117eba8ccfcba43aac Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 11:48:32 +0100 Subject: [PATCH 014/127] Generate a secure key if it is not found. Should fix #23. Signed-off-by: Pol Henarejos --- tools/pico-fido-tool.py | 2 +- tools/secure_key/macos.py | 4 +++- tools/secure_key/windows.py | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index a12bce1..89d1615 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -442,7 +442,7 @@ def attestation(vdr, args): vdr.upload_ea(cert.public_bytes(Encoding.DER)) def main(args): - print('Pico Fido Tool v1.5') + print('Pico Fido Tool v1.6') print('Author: Pol Henarejos') print('Report bugs to https://github.com/polhenarejos/pico-fido/issues') print('') diff --git a/tools/secure_key/macos.py b/tools/secure_key/macos.py index 381ee21..1ccc1a4 100644 --- a/tools/secure_key/macos.py +++ b/tools/secure_key/macos.py @@ -51,7 +51,9 @@ def get_secure_key(): try: backend = get_backend(False) key = backend.get_password(DOMAIN, USERNAME)[0] - except keyring.errors.KeyringError: + if (key is None): + raise TypeError + except (keyring.errors.KeyringError, TypeError): try: key = generate_secure_key(False)[0] # It should be True, but secure enclave causes python segfault except keyring.errors.PasswordSetError: diff --git a/tools/secure_key/windows.py b/tools/secure_key/windows.py index d1c5845..844190a 100644 --- a/tools/secure_key/windows.py +++ b/tools/secure_key/windows.py @@ -1,6 +1,4 @@ import sys -import os -import base64 DOMAIN = "PicoKeys.com" USERNAME = "Pico-Fido" @@ -39,6 +37,8 @@ def get_secure_key(): key = None try: key = keyring.get_password(DOMAIN, USERNAME) - except keyring.errors.KeyringError: + if (key is None): + raise TypeError + except (keyring.errors.KeyringError, TypeError): key = generate_secure_key() return get_d(key.encode()) -- 2.34.1 From cb2744cab37bc845de9333434b6fcb618ba521e1 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 11:49:18 +0100 Subject: [PATCH 015/127] Move some OTP functions from HID to OTP. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) diff --git a/src/fido/otp.c b/src/fido/otp.c index 7a8bfd3..65f4bdb 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -111,6 +111,13 @@ uint16_t otp_status(); int otp_process_apdu(); int otp_unload(); +#ifndef ENABLE_EMULATION +extern int (*hid_set_report_cb)(uint8_t, uint8_t, hid_report_type_t, uint8_t const *, uint16_t); +extern uint16_t (*hid_get_report_cb)(uint8_t, uint8_t, hid_report_type_t, uint8_t *, uint16_t); +int otp_hid_set_report_cb(uint8_t, uint8_t, hid_report_type_t, uint8_t const *, uint16_t); +uint16_t otp_hid_get_report_cb(uint8_t, uint8_t, hid_report_type_t, uint8_t *, uint16_t); +#endif + const uint8_t otp_aid[] = { 7, 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01 @@ -168,6 +175,10 @@ void init_otp() { } scanned = true; low_flash_available(); +#ifndef ENABLE_EMULATION + hid_set_report_cb = otp_hid_set_report_cb; + hid_get_report_cb = otp_hid_get_report_cb; +#endif } } extern int calculate_oath(uint8_t truncate, @@ -175,6 +186,22 @@ extern int calculate_oath(uint8_t truncate, size_t key_len, const uint8_t *chal, size_t chal_len); + +uint16_t calculate_crc(const uint8_t *data, size_t data_len) { + uint16_t crc = 0xFFFF; + for (size_t idx = 0; idx < data_len; idx++) { + crc ^= data[idx]; + for (uint8_t i = 0; i < 8; i++) { + uint16_t j = crc & 0x1; + crc >>= 1; + if (j == 1) { + crc ^= 0x8408; + } + } + } + return crc & 0xFFFF; +} + #ifndef ENABLE_EMULATION static uint8_t session_counter[2] = { 0 }; #endif @@ -488,3 +515,112 @@ int otp_process_apdu() { } return SW_INS_NOT_SUPPORTED(); } + +#ifndef ENABLE_EMULATION + +uint8_t otp_frame_rx[70] = {0}; +uint8_t otp_frame_tx[70] = {0}; +uint8_t otp_exp_seq = 0, otp_curr_seq = 0; +uint8_t otp_header[4] = {0}; + +extern uint16_t *get_send_buffer_size(uint8_t itf); + +int otp_send_frame(uint8_t *frame, size_t frame_len) { + uint16_t crc = calculate_crc(frame, frame_len); + frame[frame_len] = ~crc & 0xff; + frame[frame_len + 1] = ~crc >> 8; + frame_len += 2; + *get_send_buffer_size(ITF_KEYBOARD) = frame_len; + otp_exp_seq = (frame_len / 7); + if (frame_len % 7) { + otp_exp_seq++; + } + otp_curr_seq = 0; + return 0; +} + +int otp_hid_set_report_cb(uint8_t itf, + uint8_t report_id, + hid_report_type_t report_type, + uint8_t const *buffer, + uint16_t bufsize) +{ + if (report_type == 3) { + DEBUG_PAYLOAD(buffer, bufsize); + if (itf == ITF_KEYBOARD && buffer[7] == 0xFF) { // reset + *get_send_buffer_size(ITF_KEYBOARD) = 0; + otp_curr_seq = otp_exp_seq = 0; + memset(otp_frame_tx, 0, sizeof(otp_frame_tx)); + } + else if (buffer[7] & 0x80) { // a frame + uint8_t rseq = buffer[7] & 0x1F; + if (rseq < 10) { + if (rseq == 0) { + memset(otp_frame_rx, 0, sizeof(otp_frame_rx)); + } + memcpy(otp_frame_rx + rseq * 7, buffer, 7); + if (rseq == 9) { + DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx)); + uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]); + uint8_t slot_id = otp_frame_rx[64]; + if (residual_crc == rcrc) { + apdu.data = otp_frame_rx; + apdu.nc = 64; + apdu.rdata = otp_frame_tx; + apdu.header[0] = 0; + apdu.header[1] = 0x01; + apdu.header[2] = slot_id; + apdu.header[3] = 0; + int ret = otp_process_apdu(); + if (ret == 0x9000 && res_APDU_size > 0) { + otp_send_frame(apdu.rdata, apdu.rlen); + } + } + else { + printf("[OTP] Bad CRC!\n"); + } + } + } + } + return 1; + } + return 0; +} + +uint16_t otp_hid_get_report_cb(uint8_t itf, + uint8_t report_id, + hid_report_type_t report_type, + uint8_t *buffer, + uint16_t reqlen) { + // TODO not Implemented + (void) itf; + (void) report_id; + (void) report_type; + (void) buffer; + (void) reqlen; + printf("get_report %d %d %d\n", itf, report_id, report_type); + DEBUG_PAYLOAD(buffer, reqlen); + uint16_t send_buffer_size = *get_send_buffer_size(ITF_KEYBOARD); + if (send_buffer_size > 0) { + uint8_t seq = otp_curr_seq++; + memset(buffer, 0, 8); + memcpy(buffer, otp_frame_tx + 7 * seq, MIN(7, send_buffer_size)); + buffer[7] = 0x40 | seq; + DEBUG_DATA(buffer, 8); + *get_send_buffer_size(ITF_KEYBOARD) -= MIN(7, send_buffer_size); + } + else if (otp_curr_seq == otp_exp_seq && otp_exp_seq > 0) { + memset(buffer, 0, 7); + buffer[7] = 0x40; + DEBUG_DATA(buffer,8); + otp_curr_seq = otp_exp_seq = 0; + } + else { + otp_status(); + memcpy(buffer, res_APDU, 7); + } + + return reqlen; +} + +#endif -- 2.34.1 From 440ec5c85420ea56e3c42ac927f66b3ff2378301 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 11:49:42 +0100 Subject: [PATCH 016/127] Update SDK to new otp. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index d580194..c9cb330 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit d58019403007d18ba10c0f490f0338747d577500 +Subproject commit c9cb330a07fa2bcd33a354d903aec86b0e08b145 -- 2.34.1 From 27b9e3954aa70237e5bfa55477ace0bd5b6b3e83 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 11:57:08 +0100 Subject: [PATCH 017/127] Use get_version_major and get_version_minor as pointers. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/fido/fido.c b/src/fido/fido.c index 4431136..be9c685 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -54,6 +54,13 @@ const uint8_t atr_fido[] = { 0x75, 0x62, 0x69, 0x4b, 0x65, 0x79, 0x40 }; +uint8_t fido_get_version_major() { + return PICO_FIDO_VERSION_MAJOR; +} +uint8_t fido_get_version_minor() { + return PICO_FIDO_VERSION_MINOR; +} + int fido_select(app_t *a) { if (cap_supported(CAP_FIDO2)) { a->process_apdu = fido_process_apdu; @@ -63,24 +70,22 @@ int fido_select(app_t *a) { return CCID_ERR_FILE_NOT_FOUND; } +extern uint8_t (*get_version_major)(); +extern uint8_t (*get_version_minor)(); + void __attribute__((constructor)) fido_ctor() { #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) ccid_atr = atr_fido; #endif register_app(fido_select, fido_aid); + get_version_major = fido_get_version_major; + get_version_minor = fido_get_version_minor; } int fido_unload() { return CCID_OK; } -uint8_t get_version_major() { - return PICO_FIDO_VERSION_MAJOR; -} -uint8_t get_version_minor() { - return PICO_FIDO_VERSION_MINOR; -} - mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { if (curve == FIDO2_CURVE_P256) { return MBEDTLS_ECP_DP_SECP256R1; -- 2.34.1 From 5c20909b03144153c00c8e0bea5860b7b2a405b6 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 13:01:10 +0100 Subject: [PATCH 018/127] Move some functions from HID to fido callbacks. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/fido/fido.c b/src/fido/fido.c index be9c685..b990b14 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -43,7 +43,7 @@ pinUvAuthToken_t paut = { 0 }; uint8_t keydev_dec[32]; bool has_keydev_dec = false; -const uint8_t fido_aid[] = { +const uint8_t _fido_aid[] = { 8, 0xA0, 0x00, 0x00, 0x06, 0x47, 0x2F, 0x00, 0x01 }; @@ -72,14 +72,24 @@ int fido_select(app_t *a) { extern uint8_t (*get_version_major)(); extern uint8_t (*get_version_minor)(); +extern const uint8_t *fido_aid; +extern void (*init_fido_cb)(); +extern void (*cbor_thread_func)(); +extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t); +extern void cbor_thread(); +extern int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len); void __attribute__((constructor)) fido_ctor() { #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) ccid_atr = atr_fido; #endif - register_app(fido_select, fido_aid); get_version_major = fido_get_version_major; get_version_minor = fido_get_version_minor; + fido_aid = _fido_aid; + init_fido_cb = init_fido; + cbor_thread_func = cbor_thread; + cbor_process_cb = cbor_process; + register_app(fido_select, fido_aid); } int fido_unload() { -- 2.34.1 From b493a81ddce0911165f529990440938f25c68287 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 14:27:57 +0100 Subject: [PATCH 019/127] Rename old pico-hsm-sdk to the new pico-keys-sdk. Signed-off-by: Pol Henarejos --- .gitmodules | 2 +- pico-hsm-sdk => pico-keys-sdk | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename pico-hsm-sdk => pico-keys-sdk (100%) diff --git a/.gitmodules b/.gitmodules index 6e06e69..5609c7f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "pico-hsm-sdk"] - path = pico-hsm-sdk + path = pico-keys-sdk url = ../pico-hsm-sdk diff --git a/pico-hsm-sdk b/pico-keys-sdk similarity index 100% rename from pico-hsm-sdk rename to pico-keys-sdk -- 2.34.1 From f8d4f1d02e860cc5dd77def8ad88505a22096200 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 14:28:09 +0100 Subject: [PATCH 020/127] Use new pico-keys-sdk submodule name. Signed-off-by: Pol Henarejos --- .gitmodules | 4 ++-- pico-keys-sdk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 5609c7f..852c02c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ -[submodule "pico-hsm-sdk"] +[submodule "pico-keys-sdk"] path = pico-keys-sdk - url = ../pico-hsm-sdk + url = https://github.com/polhenarejos/pico-keys-sdk diff --git a/pico-keys-sdk b/pico-keys-sdk index c9cb330..09276f7 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit c9cb330a07fa2bcd33a354d903aec86b0e08b145 +Subproject commit 09276f7117beb7a2f52e65cc601b9153e7b59ca1 -- 2.34.1 From d78d9d10aaf8fe2f0d29b54c05cf28005930a431 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 15:22:28 +0100 Subject: [PATCH 021/127] Use new names and defines. Signed-off-by: Pol Henarejos --- CMakeLists.txt | 4 ++-- src/fido/cbor_client_pin.c | 10 +++++----- src/fido/cbor_config.c | 2 +- src/fido/cbor_cred_mgmt.c | 2 +- src/fido/cbor_get_assertion.c | 2 +- src/fido/cbor_large_blobs.c | 2 +- src/fido/cbor_make_credential.c | 2 +- src/fido/cbor_vendor.c | 2 +- src/fido/cmd_authenticate.c | 2 +- src/fido/cmd_register.c | 2 +- src/fido/cmd_version.c | 2 +- src/fido/credential.c | 2 +- src/fido/fido.c | 2 +- src/fido/management.c | 2 +- src/fido/oath.c | 2 +- src/fido/otp.c | 2 +- 16 files changed, 21 insertions(+), 21 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8eee727..a5f60bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -109,7 +109,7 @@ set(SOURCES ${SOURCES} endif() set(USB_ITF_HID 1) -include(pico-hsm-sdk/pico_hsm_sdk_import.cmake) +include(pico-keys-sdk/pico_keys_sdk_import.cmake) set(INCLUDES ${INCLUDES} ${CMAKE_CURRENT_LIST_DIR}/src/fido @@ -147,5 +147,5 @@ target_compile_options(pico_fido PUBLIC endif (APPLE) else() pico_add_extra_outputs(pico_fido) -target_link_libraries(pico_fido PRIVATE pico_hsm_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) +target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) endif() diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index f47c09e..c7c13d8 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -31,7 +31,7 @@ #include "files.h" #include "random.h" #include "crypto_utils.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" uint32_t usage_timer = 0, initial_usage_time_limit = 0; @@ -181,12 +181,12 @@ int resetPinUvAuthToken() { int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_len, uint8_t *out) { if (protocol == 1) { memcpy(out, in, in_len); - return aes_encrypt(key, NULL, 32 * 8, HSM_AES_MODE_CBC, out, in_len); + return aes_encrypt(key, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len); } else if (protocol == 2) { random_gen(NULL, out, IV_SIZE); memcpy(out + IV_SIZE, in, in_len); - return aes_encrypt(key + 32, out, 32 * 8, HSM_AES_MODE_CBC, out + IV_SIZE, in_len); + return aes_encrypt(key + 32, out, 32 * 8, PICO_KEYS_AES_MODE_CBC, out + IV_SIZE, in_len); } return -1; @@ -195,11 +195,11 @@ int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_l int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_len, uint8_t *out) { if (protocol == 1) { memcpy(out, in, in_len); - return aes_decrypt(key, NULL, 32 * 8, HSM_AES_MODE_CBC, out, in_len); + return aes_decrypt(key, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len); } else if (protocol == 2) { memcpy(out, in + IV_SIZE, in_len); - return aes_decrypt(key + 32, in, 32 * 8, HSM_AES_MODE_CBC, out, in_len - IV_SIZE); + return aes_decrypt(key + 32, in, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len - IV_SIZE); } return -1; diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 0d6aeb8..4026cc7 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -22,7 +22,7 @@ #include "files.h" #include "apdu.h" #include "credential.h" -#include "hsm.h" +#include "pico_keys.h" #include "random.h" #include "mbedtls/ecdh.h" #include "mbedtls/chachapoly.h" diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index 7f5bf3f..68e95a8 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -22,7 +22,7 @@ #include "files.h" #include "apdu.h" #include "credential.h" -#include "hsm.h" +#include "pico_keys.h" uint8_t rp_counter = 1; uint8_t rp_total = 0; diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index 8dfb206..f3a2516 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -24,7 +24,7 @@ #include "fido.h" #include "files.h" #include "crypto_utils.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "cbor_make_credential.h" #include "credential.h" diff --git a/src/fido/cbor_large_blobs.c b/src/fido/cbor_large_blobs.c index 4948457..c3ebd70 100644 --- a/src/fido/cbor_large_blobs.c +++ b/src/fido/cbor_large_blobs.c @@ -21,7 +21,7 @@ #include "hid/ctap_hid.h" #include "files.h" #include "apdu.h" -#include "hsm.h" +#include "pico_keys.h" #include "mbedtls/sha256.h" static uint64_t expectedLength = 0, expectedNextOffset = 0; diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 832ee35..44a488f 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -25,7 +25,7 @@ #include "credential.h" #include "mbedtls/sha256.h" #include "random.h" -#include "hsm.h" +#include "pico_keys.h" int cbor_make_credential(const uint8_t *data, size_t len) { CborParser parser; diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index f76de3c..afe939b 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -21,7 +21,7 @@ #include "hid/ctap_hid.h" #include "files.h" #include "apdu.h" -#include "hsm.h" +#include "pico_keys.h" #include "random.h" #include "mbedtls/ecdh.h" #include "mbedtls/chachapoly.h" diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 3bea9e6..6f458d6 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -16,7 +16,7 @@ */ #include "fido.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "ctap.h" #include "random.h" diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 1be7e55..7962719 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -16,7 +16,7 @@ */ #include "fido.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "ctap.h" #include "random.h" diff --git a/src/fido/cmd_version.c b/src/fido/cmd_version.c index 6a3b132..7b0ff74 100644 --- a/src/fido/cmd_version.c +++ b/src/fido/cmd_version.c @@ -16,7 +16,7 @@ */ #include "apdu.h" -#include "hsm.h" +#include "pico_keys.h" int cmd_version() { memcpy(res_APDU, "U2F_V2", strlen("U2F_V2")); diff --git a/src/fido/credential.c b/src/fido/credential.c index 7e766c6..b43388b 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -26,7 +26,7 @@ #include "ctap.h" #include "random.h" #include "files.h" -#include "hsm.h" +#include "pico_keys.h" int credential_derive_chacha_key(uint8_t *outk); diff --git a/src/fido/fido.c b/src/fido/fido.c index b990b14..ab0cc1b 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -16,7 +16,7 @@ */ #include "fido.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "ctap.h" #include "files.h" diff --git a/src/fido/management.c b/src/fido/management.c index 5d4eefb..f835b73 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -16,7 +16,7 @@ */ #include "fido.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "version.h" #include "files.h" diff --git a/src/fido/oath.c b/src/fido/oath.c index d2615c7..cfeb390 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -16,7 +16,7 @@ */ #include "fido.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "files.h" #include "random.h" diff --git a/src/fido/otp.c b/src/fido/otp.c index 65f4bdb..9b31027 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -16,7 +16,7 @@ */ #include "fido.h" -#include "hsm.h" +#include "pico_keys.h" #include "apdu.h" #include "files.h" #include "random.h" -- 2.34.1 From ffb3beb84ab1cd1d8986c4d5f254de0e7c49d545 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 15:32:25 +0100 Subject: [PATCH 022/127] Fix build in emulation mode. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fido/fido.c b/src/fido/fido.c index ab0cc1b..d340f33 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -87,7 +87,9 @@ void __attribute__((constructor)) fido_ctor() { get_version_minor = fido_get_version_minor; fido_aid = _fido_aid; init_fido_cb = init_fido; +#ifndef ENABLE_EMULATION cbor_thread_func = cbor_thread; +#endif cbor_process_cb = cbor_process; register_app(fido_select, fido_aid); } -- 2.34.1 From 1ee86f8634a8f919f8e882e25eaadab071a767a3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 16 Nov 2023 20:12:01 +0100 Subject: [PATCH 023/127] Moving Pico Keys SDK pointer. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 09276f7..f0687c1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 09276f7117beb7a2f52e65cc601b9153e7b59ca1 +Subproject commit f0687c1ef392c2bcb293ea554f1dd8b784484922 -- 2.34.1 From 195096ad5205c28c4877e3cb52bd468235ef049a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 16 Nov 2023 20:12:48 +0100 Subject: [PATCH 024/127] otp must be initialized when selection fido or management applets. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 2 ++ src/fido/management.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/fido/fido.c b/src/fido/fido.c index d340f33..79a935d 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -398,8 +398,10 @@ void scan_all() { scan_files(); } +extern void init_otp(); void init_fido() { scan_all(); + init_otp(); } bool wait_button_pressed() { diff --git a/src/fido/management.c b/src/fido/management.c index f835b73..83cbd43 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -31,6 +31,7 @@ const uint8_t man_aid[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17 }; extern void scan_all(); +extern void init_otp(); int man_select(app_t *a) { a->process_apdu = man_process_apdu; a->unload = man_unload; @@ -38,6 +39,7 @@ int man_select(app_t *a) { res_APDU_size = strlen((char *) res_APDU); apdu.ne = res_APDU_size; scan_all(); + init_otp(); return CCID_OK; } -- 2.34.1 From 96de6efed6f981ade100a895d0ffc8325fa447e8 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 16 Nov 2023 20:16:23 +0100 Subject: [PATCH 025/127] OTP static passwords are 38 bytes length. A static password uses fixed, uid and key fields (sum 38). However, Yubikey sets short_ticket flag which implies the half of the password is sent. Fixes #29. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/fido/otp.c b/src/fido/otp.c index 9b31027..52f1f8b 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -270,10 +270,11 @@ int otp_button_pressed(uint8_t slot) { } } else if (otp_config->cfg_flags & SHORT_TICKET || otp_config->cfg_flags & STATIC_TICKET) { + uint8_t fixed_size = FIXED_SIZE + UID_SIZE + KEY_SIZE; if (otp_config->cfg_flags & SHORT_TICKET) { - otp_config->fixed_size /= 2; + fixed_size /= 2; } - add_keyboard_buffer(otp_config->fixed_data, otp_config->fixed_size, false); + add_keyboard_buffer(otp_config->fixed_data, fixed_size, false); if (otp_config->tkt_flags & APPEND_CR) { append_keyboard_buffer((const uint8_t *) "\x28", 1); } -- 2.34.1 From 1ce0d98c3497360f1acaefa83a0c0308f8e1c91f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 21 Nov 2023 11:42:27 +0100 Subject: [PATCH 026/127] OTP callbacks must be initialized on ctor. Fixes #30. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/fido/otp.c b/src/fido/otp.c index 52f1f8b..58b7e34 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -175,10 +175,6 @@ void init_otp() { } scanned = true; low_flash_available(); -#ifndef ENABLE_EMULATION - hid_set_report_cb = otp_hid_set_report_cb; - hid_get_report_cb = otp_hid_get_report_cb; -#endif } } extern int calculate_oath(uint8_t truncate, @@ -337,6 +333,10 @@ int otp_button_pressed(uint8_t slot) { void __attribute__((constructor)) otp_ctor() { register_app(otp_select, otp_aid); button_pressed_cb = otp_button_pressed; +#ifndef ENABLE_EMULATION + hid_set_report_cb = otp_hid_set_report_cb; + hid_get_report_cb = otp_hid_get_report_cb; +#endif } int otp_unload() { @@ -599,8 +599,6 @@ uint16_t otp_hid_get_report_cb(uint8_t itf, (void) report_type; (void) buffer; (void) reqlen; - printf("get_report %d %d %d\n", itf, report_id, report_type); - DEBUG_PAYLOAD(buffer, reqlen); uint16_t send_buffer_size = *get_send_buffer_size(ITF_KEYBOARD); if (send_buffer_size > 0) { uint8_t seq = otp_curr_seq++; -- 2.34.1 From e757ad294577e2688a53425f2c433b3175cd2322 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 21 Nov 2023 11:53:47 +0100 Subject: [PATCH 027/127] Removing SHORT_TICKET limitation. It is not used to return the half of ticket, but to combine with static to produce hex scancodes. Fixes #29. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/fido/otp.c b/src/fido/otp.c index 58b7e34..e37e779 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -267,8 +267,8 @@ int otp_button_pressed(uint8_t slot) { } else if (otp_config->cfg_flags & SHORT_TICKET || otp_config->cfg_flags & STATIC_TICKET) { uint8_t fixed_size = FIXED_SIZE + UID_SIZE + KEY_SIZE; - if (otp_config->cfg_flags & SHORT_TICKET) { - fixed_size /= 2; + if (otp_config->cfg_flags & SHORT_TICKET) { // Not clear which is the purpose of SHORT_TICKET + //fixed_size /= 2; } add_keyboard_buffer(otp_config->fixed_data, fixed_size, false); if (otp_config->tkt_flags & APPEND_CR) { -- 2.34.1 From 20a8ef08f06f067d816e8d5530538ebf72ade953 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 21 Nov 2023 12:01:47 +0100 Subject: [PATCH 028/127] Upgrade to version 5.8 Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 2 +- src/fido/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 1e51c67..04945c3 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="5" -VERSION_MINOR="6" +VERSION_MINOR="8" rm -rf release/* cd build_release diff --git a/src/fido/version.h b/src/fido/version.h index 721a0bf..789f039 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x0506 +#define PICO_FIDO_VERSION 0x0508 #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff) -- 2.34.1 From 7a71bf48fc7680c243ff53b9e206cf5d453ffa73 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 11 Dec 2023 18:13:32 +0100 Subject: [PATCH 029/127] Add -DVIDPID= to build a project with a known VID/PID. Supported values: NitroHSM, NitroFIDO2, NitroStart, NitroPro, Nitro3, Yubikey5, YubikeyNeo, YubiHSM, Gnuk, GnuPG Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index f0687c1..4d77ca7 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit f0687c1ef392c2bcb293ea554f1dd8b784484922 +Subproject commit 4d77ca7b75eff04bd401208054a83857844ecca4 -- 2.34.1 From 92d04f913198d7801625c927c0602b1952f18232 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 13 Mar 2024 18:34:14 +0100 Subject: [PATCH 030/127] Use new asn1 structs. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/files.c | 2 +- src/fido/management.c | 10 +- src/fido/oath.c | 236 +++++++++++++++++++++--------------------- 4 files changed, 125 insertions(+), 125 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 4d77ca7..e055d4c 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 4d77ca7b75eff04bd401208054a83857844ecca4 +Subproject commit e055d4cfc9df1a41585ac83d484b903088f3db13 diff --git a/src/fido/files.c b/src/fido/files.c index 121f76d..11573c5 100644 --- a/src/fido/files.c +++ b/src/fido/files.c @@ -49,7 +49,7 @@ file_t file_entries[] = { { .fid = EF_OTP_PIN, .parent = 0, .name = NULL, .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } }, - { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, + { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL, .ef_structure = 0, .acl = { 0 } } //end }; diff --git a/src/fido/management.c b/src/fido/management.c index 83cbd43..fb305c8 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -54,10 +54,12 @@ int man_unload() { bool cap_supported(uint16_t cap) { file_t *ef = search_dynamic_file(EF_DEV_CONF); if (file_has_data(ef)) { - uint16_t tag = 0x0, data_len = file_get_size(ef); - uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef); - size_t tag_len = 0; - while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) { + uint16_t tag = 0x0; + uint8_t *tag_data = NULL, *p = NULL; + uint16_t tag_len = 0; + asn1_ctx_t ctxi; + asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); + while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) { if (tag == TAG_USB_ENABLED) { uint16_t ecaps = tag_data[0]; if (tag_len == 2) { diff --git a/src/fido/oath.c b/src/fido/oath.c index cfeb390..c2e942a 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -118,14 +118,11 @@ int oath_unload() { } file_t *find_oath_cred(const uint8_t *name, size_t name_len) { - size_t ef_tag_len = 0; - uint8_t *ef_tag_data = NULL; for (int i = 0; i < MAX_OATH_CRED; i++) { file_t *ef = search_dynamic_file(EF_OATH_CRED + i); - if (file_has_data(ef) && - asn1_find_tag(file_get_data(ef), file_get_size(ef), TAG_NAME, &ef_tag_len, - &ef_tag_data) == true && ef_tag_len == name_len && - memcmp(ef_tag_data, name, name_len) == 0) { + asn1_ctx_t ctxi, ef_tag = { 0 }; + asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); + if (file_has_data(ef) && asn1_find_tag(&ctxi, TAG_NAME, &ef_tag) == true && ef_tag.len == name_len && memcmp(ef_tag.data, name, name_len) == 0) { return ef; } } @@ -136,30 +133,30 @@ int cmd_put() { if (validated == false) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - size_t key_len = 0, imf_len = 0, name_len = 0; - uint8_t *key = NULL, *imf = NULL, *name = NULL; - if (asn1_find_tag(apdu.data, apdu.nc, TAG_KEY, &key_len, &key) == false) { + asn1_ctx_t ctxi, key = { 0 }, name = { 0 }, imf = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_NAME, &name_len, &name) == false) { + if (asn1_find_tag(&ctxi, TAG_NAME, &name) == false) { return SW_INCORRECT_PARAMS(); } - if ((key[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { - if (asn1_find_tag(apdu.data, apdu.nc, TAG_IMF, &imf_len, &imf) == false) { + if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { + if (asn1_find_tag(&ctxi, TAG_IMF, &imf) == false) { memcpy(apdu.data + apdu.nc, "\x7a\x08\x00\x00\x00\x00\x00\x00\x00\x00", 10); apdu.nc += 10; } else { //prepend zero-valued bytes - if (imf_len < 8) { - memmove(imf + (8 - imf_len), imf, imf_len); - memset(imf, 0, 8 - imf_len); - *(imf - 1) = 8; - apdu.nc += (8 - imf_len); + if (imf.len < 8) { + memmove(imf.data + (8 - imf.len), imf.data, imf.len); + memset(imf.data, 0, 8 - imf.len); + *(imf.data - 1) = 8; + apdu.nc += (8 - imf.len); } } } - file_t *ef = find_oath_cred(name, name_len); + file_t *ef = find_oath_cred(name.data, name.len); if (file_has_data(ef)) { flash_write_data_to_file(ef, apdu.data, apdu.nc); low_flash_available(); @@ -181,13 +178,13 @@ int cmd_put() { int cmd_delete() { - size_t tag_len = 0; - uint8_t *tag_data = NULL; if (validated == false) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_NAME, &tag_len, &tag_data) == true) { - file_t *ef = find_oath_cred(tag_data, tag_len); + asn1_ctx_t ctxi, ctxo = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_NAME, &ctxo) == true) { + file_t *ef = find_oath_cred(ctxo.data, ctxo.len); if (ef) { delete_file(ef); return SW_OK(); @@ -219,38 +216,38 @@ int cmd_set_code() { validated = true; return SW_OK(); } - size_t key_len = 0, chal_len = 0, resp_len = 0; - uint8_t *key = NULL, *chal = NULL, *resp = NULL; - if (asn1_find_tag(apdu.data, apdu.nc, TAG_KEY, &key_len, &key) == false) { + asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, resp = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } - if (key_len == 0) { + if (key.len == 0) { delete_file(search_dynamic_file(EF_OATH_CODE)); validated = true; return SW_OK(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_CHALLENGE, &chal_len, &chal) == false) { + if (asn1_find_tag(&ctxi, TAG_CHALLENGE, &chal) == false) { return SW_INCORRECT_PARAMS(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_RESPONSE, &resp_len, &resp) == false) { + if (asn1_find_tag(&ctxi, TAG_RESPONSE, &resp) == false) { return SW_INCORRECT_PARAMS(); } - const mbedtls_md_info_t *md_info = get_oath_md_info(key[0]); + const mbedtls_md_info_t *md_info = get_oath_md_info(key.data[0]); if (md_info == NULL) { return SW_INCORRECT_PARAMS(); } uint8_t hmac[64]; - int r = mbedtls_md_hmac(md_info, key + 1, key_len - 1, chal, chal_len, hmac); + int r = mbedtls_md_hmac(md_info, key.data + 1, key.len - 1, chal.data, chal.len, hmac); if (r != 0) { return SW_EXEC_ERROR(); } - if (memcmp(hmac, resp, resp_len) != 0) { + if (memcmp(hmac, resp.data, resp.len) != 0) { return SW_DATA_INVALID(); } random_gen(NULL, challenge, sizeof(challenge)); file_t *ef = file_new(EF_OATH_CODE); - flash_write_data_to_file(ef, key, key_len); + flash_write_data_to_file(ef, key.data, key.len); low_flash_available(); validated = false; return SW_OK(); @@ -274,23 +271,19 @@ int cmd_reset() { } int cmd_list() { - size_t name_len = 0, key_len = 0; - uint8_t *name = NULL, *key = NULL; if (validated == false) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } for (int i = 0; i < MAX_OATH_CRED; i++) { file_t *ef = search_dynamic_file(EF_OATH_CRED + i); if (file_has_data(ef)) { - uint8_t *data = file_get_data(ef); - size_t data_len = file_get_size(ef); - if (asn1_find_tag(data, data_len, TAG_NAME, &name_len, - &name) == true && - asn1_find_tag(data, data_len, TAG_KEY, &key_len, &key) == true) { + asn1_ctx_t ctxi, key = { 0 }, name = { 0 }; + asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); + if (asn1_find_tag(&ctxi, TAG_NAME, &name) == true && asn1_find_tag(&ctxi, TAG_KEY, &key) == true) { res_APDU[res_APDU_size++] = TAG_NAME_LIST; - res_APDU[res_APDU_size++] = name_len + 1; - res_APDU[res_APDU_size++] = key[0]; - memcpy(res_APDU + res_APDU_size, name, name_len); res_APDU_size += name_len; + res_APDU[res_APDU_size++] = name.len + 1; + res_APDU[res_APDU_size++] = key.data[0]; + memcpy(res_APDU + res_APDU_size, name.data, name.len); res_APDU_size += name.len; } } } @@ -299,12 +292,12 @@ int cmd_list() { } int cmd_validate() { - size_t chal_len = 0, resp_len = 0, key_len = 0; - uint8_t *chal = NULL, *resp = NULL, *key = NULL; - if (asn1_find_tag(apdu.data, apdu.nc, TAG_CHALLENGE, &chal_len, &chal) == false) { + asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, resp = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_CHALLENGE, &chal) == false) { return SW_INCORRECT_PARAMS(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_RESPONSE, &resp_len, &resp) == false) { + if (asn1_find_tag(&ctxi, TAG_RESPONSE, &resp) == false) { return SW_INCORRECT_PARAMS(); } file_t *ef = search_dynamic_file(EF_OATH_CODE); @@ -312,21 +305,21 @@ int cmd_validate() { validated = true; return SW_DATA_INVALID(); } - key = file_get_data(ef); - key_len = file_get_size(ef); - const mbedtls_md_info_t *md_info = get_oath_md_info(key[0]); + key.data = file_get_data(ef); + key.len = file_get_size(ef); + const mbedtls_md_info_t *md_info = get_oath_md_info(key.data[0]); if (md_info == NULL) { return SW_INCORRECT_PARAMS(); } uint8_t hmac[64]; - int ret = mbedtls_md_hmac(md_info, key + 1, key_len - 1, challenge, sizeof(challenge), hmac); + int ret = mbedtls_md_hmac(md_info, key.data + 1, key.len - 1, challenge, sizeof(challenge), hmac); if (ret != 0) { return SW_EXEC_ERROR(); } - if (memcmp(hmac, resp, resp_len) != 0) { + if (memcmp(hmac, resp.data, resp.len) != 0) { return SW_DATA_INVALID(); } - ret = mbedtls_md_hmac(md_info, key + 1, key_len - 1, chal, chal_len, hmac); + ret = mbedtls_md_hmac(md_info, key.data + 1, key.len - 1, chal.data, chal.len, hmac); if (ret != 0) { return SW_EXEC_ERROR(); } @@ -373,67 +366,69 @@ int calculate_oath(uint8_t truncate, } int cmd_calculate() { - size_t chal_len = 0, name_len = 0, key_len = 0; - uint8_t *chal = NULL, *name = NULL, *key = NULL; if (P2(apdu) != 0x0 && P2(apdu) != 0x1) { return SW_INCORRECT_P1P2(); } if (validated == false) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_CHALLENGE, &chal_len, &chal) == false) { + asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, name = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_CHALLENGE, &chal) == false) { return SW_INCORRECT_PARAMS(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_NAME, &name_len, &name) == false) { + if (asn1_find_tag(&ctxi, TAG_NAME, &name) == false) { return SW_INCORRECT_PARAMS(); } - file_t *ef = find_oath_cred(name, name_len); + file_t *ef = find_oath_cred(name.data, name.len); if (file_has_data(ef) == false) { return SW_DATA_INVALID(); } - - if (asn1_find_tag(file_get_data(ef), file_get_size(ef), TAG_KEY, &key_len, &key) == false) { + asn1_ctx_t ctxe; + asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); + if (asn1_find_tag(&ctxe, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } - if ((key[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { - if (asn1_find_tag(file_get_data(ef), file_get_size(ef), TAG_IMF, &chal_len, - &chal) == false) { + if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { + if (asn1_find_tag(&ctxe, TAG_IMF, &chal) == false) { return SW_INCORRECT_PARAMS(); } } res_APDU[res_APDU_size++] = TAG_RESPONSE + P2(apdu); - int ret = calculate_oath(P2(apdu), key, key_len, chal, chal_len); + int ret = calculate_oath(P2(apdu), key.data, key.len, chal.data, chal.len); if (ret != CCID_OK) { return SW_EXEC_ERROR(); } - if ((key[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { + if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { uint64_t v = - ((uint64_t) chal[0] << + ((uint64_t) chal.data[0] << 56) | - ((uint64_t) chal[1] << + ((uint64_t) chal.data[1] << 48) | - ((uint64_t) chal[2] << + ((uint64_t) chal.data[2] << 40) | - ((uint64_t) chal[3] << + ((uint64_t) chal.data[3] << 32) | - ((uint64_t) chal[4] << - 24) | ((uint64_t) chal[5] << 16) | ((uint64_t) chal[6] << 8) | (uint64_t) chal[7]; + ((uint64_t) chal.data[4] << + 24) | ((uint64_t) chal.data[5] << 16) | ((uint64_t) chal.data[6] << 8) | (uint64_t) chal.data[7]; size_t ef_size = file_get_size(ef); v++; uint8_t *tmp = (uint8_t *) calloc(1, ef_size); memcpy(tmp, file_get_data(ef), ef_size); - asn1_find_tag(tmp, ef_size, TAG_IMF, &chal_len, &chal); - chal[0] = v >> 56; - chal[1] = v >> 48; - chal[2] = v >> 40; - chal[3] = v >> 32; - chal[4] = v >> 24; - chal[5] = v >> 16; - chal[6] = v >> 8; - chal[7] = v & 0xff; + asn1_ctx_t ctxt; + asn1_ctx_init(tmp, ef_size, &ctxt); + asn1_find_tag(&ctxt, TAG_IMF, &chal); + chal.data[0] = v >> 56; + chal.data[1] = v >> 48; + chal.data[2] = v >> 40; + chal.data[3] = v >> 32; + chal.data[4] = v >> 24; + chal.data[5] = v >> 16; + chal.data[6] = v >> 8; + chal.data[7] = v & 0xff; flash_write_data_to_file(ef, tmp, ef_size); low_flash_available(); free(tmp); @@ -443,15 +438,15 @@ int cmd_calculate() { } int cmd_calculate_all() { - size_t chal_len = 0, name_len = 0, key_len = 0, prop_len = 0; - uint8_t *chal = NULL, *name = NULL, *key = NULL, *prop = NULL; + asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, name = { 0 }, prop = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); if (P2(apdu) != 0x0 && P2(apdu) != 0x1) { return SW_INCORRECT_P1P2(); } if (validated == false) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_CHALLENGE, &chal_len, &chal) == false) { + if (asn1_find_tag(&ctxi, TAG_CHALLENGE, &chal) == false) { return SW_INCORRECT_PARAMS(); } res_APDU_size = 0; @@ -460,31 +455,30 @@ int cmd_calculate_all() { if (file_has_data(ef)) { const uint8_t *ef_data = file_get_data(ef); size_t ef_len = file_get_size(ef); - if (asn1_find_tag(ef_data, ef_len, TAG_NAME, &name_len, - &name) == false || - asn1_find_tag(ef_data, ef_len, TAG_KEY, &key_len, &key) == false) { + asn1_ctx_t ctxe; + asn1_ctx_init((uint8_t *)ef_data, ef_len, &ctxe); + if (asn1_find_tag(&ctxe, TAG_NAME, &name) == false || asn1_find_tag(&ctxe, TAG_KEY, &key) == false) { continue; } res_APDU[res_APDU_size++] = TAG_NAME; - res_APDU[res_APDU_size++] = name_len; - memcpy(res_APDU + res_APDU_size, name, name_len); res_APDU_size += name_len; - if ((key[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { + res_APDU[res_APDU_size++] = name.len; + memcpy(res_APDU + res_APDU_size, name.data, name.len); res_APDU_size += name.len; + if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { res_APDU[res_APDU_size++] = TAG_NO_RESPONSE; res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = key[1]; + res_APDU[res_APDU_size++] = key.data[1]; } - else if (asn1_find_tag(ef_data, ef_len, TAG_PROPERTY, &prop_len, - &prop) == true && (prop[0] & PROP_TOUCH)) { + else if (asn1_find_tag(&ctxe, TAG_PROPERTY, &prop) == true && (prop.data[0] & PROP_TOUCH)) { res_APDU[res_APDU_size++] = TAG_TOUCH_RESPONSE; res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = key[1]; + res_APDU[res_APDU_size++] = key.data[1]; } else { res_APDU[res_APDU_size++] = TAG_RESPONSE + P2(apdu); - int ret = calculate_oath(P2(apdu), key, key_len, chal, chal_len); + int ret = calculate_oath(P2(apdu), key.data, key.len, chal.data, chal.len); if (ret != CCID_OK) { res_APDU[res_APDU_size++] = 1; - res_APDU[res_APDU_size++] = key[1]; + res_APDU[res_APDU_size++] = key.data[1]; } } } @@ -498,57 +492,60 @@ int cmd_send_remaining() { } int cmd_set_otp_pin() { - size_t pw_len = 0; - uint8_t *pw = NULL, hsh[33] = { 0 }; + uint8_t hsh[33] = { 0 }; file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); if (file_has_data(ef_otp_pin)) { return SW_CONDITIONS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_PASSWORD, &pw_len, &pw) == false) { + asn1_ctx_t ctxi, pw = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_PASSWORD, &pw) == false) { return SW_INCORRECT_PARAMS(); } hsh[0] = MAX_OTP_COUNTER; - double_hash_pin(pw, pw_len, hsh + 1); + double_hash_pin(pw.data, pw.len, hsh + 1); flash_write_data_to_file(ef_otp_pin, hsh, sizeof(hsh)); low_flash_available(); return SW_OK(); } int cmd_change_otp_pin() { - size_t pw_len = 0, new_pw_len = 0; - uint8_t *pw = NULL, *new_pw = NULL, hsh[33] = { 0 }; + uint8_t hsh[33] = { 0 }; file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); if (!file_has_data(ef_otp_pin)) { return SW_CONDITIONS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_PASSWORD, &pw_len, &pw) == false) { + asn1_ctx_t ctxi, pw = { 0 }, new_pw = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_PASSWORD, &pw) == false) { return SW_INCORRECT_PARAMS(); } - double_hash_pin(pw, pw_len, hsh + 1); + double_hash_pin(pw.data, pw.len, hsh + 1); if (memcmp(file_get_data(ef_otp_pin) + 1, hsh + 1, 32) != 0) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_NEW_PASSWORD, &new_pw_len, &new_pw) == false) { + if (asn1_find_tag(&ctxi, TAG_NEW_PASSWORD, &new_pw) == false) { return SW_INCORRECT_PARAMS(); } hsh[0] = MAX_OTP_COUNTER; - double_hash_pin(new_pw, new_pw_len, hsh + 1); + double_hash_pin(new_pw.data, new_pw.len, hsh + 1); flash_write_data_to_file(ef_otp_pin, hsh, sizeof(hsh)); low_flash_available(); return SW_OK(); } int cmd_verify_otp_pin() { - size_t pw_len = 0; - uint8_t *pw = NULL, hsh[33] = { 0 }, data_hsh[33]; + uint8_t hsh[33] = { 0 }, data_hsh[33]; file_t *ef_otp_pin = search_by_fid(EF_OTP_PIN, NULL, SPECIFY_EF); if (!file_has_data(ef_otp_pin)) { return SW_CONDITIONS_NOT_SATISFIED(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_PASSWORD, &pw_len, &pw) == false) { + asn1_ctx_t ctxi, pw = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + if (asn1_find_tag(&ctxi, TAG_PASSWORD, &pw) == false) { return SW_INCORRECT_PARAMS(); } - double_hash_pin(pw, pw_len, hsh + 1); + double_hash_pin(pw.data, pw.len, hsh + 1); memcpy(data_hsh, file_get_data(ef_otp_pin), sizeof(data_hsh)); if (data_hsh[0] == 0 || memcmp(data_hsh + 1, hsh + 1, 32) != 0) { if (data_hsh[0] > 0) { @@ -567,32 +564,33 @@ int cmd_verify_otp_pin() { } int cmd_verify_hotp() { - size_t key_len = 0, chal_len = 0, name_len = 0, code_len = 0; - uint8_t *key = NULL, *chal = NULL, *name = NULL, *code = NULL; + asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, name = { 0 }, code = { 0 }; + asn1_ctx_init(apdu.data, apdu.nc, &ctxi); uint32_t code_int = 0; - if (asn1_find_tag(apdu.data, apdu.nc, TAG_NAME, &name_len, &name) == false) { + if (asn1_find_tag(&ctxi, TAG_NAME, &name) == false) { return SW_INCORRECT_PARAMS(); } - file_t *ef = find_oath_cred(name, name_len); + file_t *ef = find_oath_cred(name.data, name.len); if (file_has_data(ef) == false) { return SW_DATA_INVALID(); } - if (asn1_find_tag(file_get_data(ef), file_get_size(ef), TAG_KEY, &key_len, &key) == false) { + asn1_ctx_t ctxe; + asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxe); + if (asn1_find_tag(&ctxe, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } - if ((key[0] & OATH_TYPE_MASK) != OATH_TYPE_HOTP) { + if ((key.data[0] & OATH_TYPE_MASK) != OATH_TYPE_HOTP) { return SW_DATA_INVALID(); } - if (asn1_find_tag(file_get_data(ef), file_get_size(ef), TAG_IMF, &chal_len, - &chal) == false) { + if (asn1_find_tag(&ctxe, TAG_IMF, &chal) == false) { return SW_INCORRECT_PARAMS(); } - if (asn1_find_tag(apdu.data, apdu.nc, TAG_RESPONSE, &code_len, &code) == true) { - code_int = (code[0] << 24) | (code[1] << 16) | (code[2] << 8) | code[3]; + if (asn1_find_tag(&ctxi, TAG_RESPONSE, &code) == true) { + code_int = (code.data[0] << 24) | (code.data[1] << 16) | (code.data[2] << 8) | code.data[3]; } - int ret = calculate_oath(0x01, key, key_len, chal, chal_len); + int ret = calculate_oath(0x01, key.data, key.len, chal.data, chal.len); if (ret != CCID_OK) { return SW_EXEC_ERROR(); } -- 2.34.1 From 82ed96b2e2ab096277cda6796a59b4045a165209 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 13 Mar 2024 21:22:05 +0100 Subject: [PATCH 031/127] Fix asn1 struct initialization. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index e055d4c..151ae5f 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit e055d4cfc9df1a41585ac83d484b903088f3db13 +Subproject commit 151ae5fae4c5815042fce5d5cbcc06d76561dc9c -- 2.34.1 From f3f34cf66b19ba4c809f1b2e031ea5500e07700b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 13 Mar 2024 22:06:00 +0100 Subject: [PATCH 032/127] Fix oath crash. Signed-off-by: Pol Henarejos --- src/fido/oath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/oath.c b/src/fido/oath.c index c2e942a..75c1ae7 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -385,7 +385,7 @@ int cmd_calculate() { return SW_DATA_INVALID(); } asn1_ctx_t ctxe; - asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); + asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxe); if (asn1_find_tag(&ctxe, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } -- 2.34.1 From c6c4b24910bace1417144ac385465c2b4ca3e8b0 Mon Sep 17 00:00:00 2001 From: zxkmm Date: Wed, 27 Mar 2024 11:12:02 +0800 Subject: [PATCH 033/127] submodule --- .gitmodules | 3 +++ pico-sdk | 1 + 2 files changed, 4 insertions(+) create mode 160000 pico-sdk diff --git a/.gitmodules b/.gitmodules index 852c02c..bbac78c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "pico-keys-sdk"] path = pico-keys-sdk url = https://github.com/polhenarejos/pico-keys-sdk +[submodule "pico-sdk"] + path = pico-sdk + url = https://github.com/raspberrypi/pico-sdk.git diff --git a/pico-sdk b/pico-sdk new file mode 160000 index 0000000..6a7db34 --- /dev/null +++ b/pico-sdk @@ -0,0 +1 @@ +Subproject commit 6a7db34ff63345a7badec79ebea3aaef1712f374 -- 2.34.1 From 0701c0841eed652c14065ff524b22db19bc3dcc3 Mon Sep 17 00:00:00 2001 From: zxkmm Date: Wed, 27 Mar 2024 11:13:15 +0800 Subject: [PATCH 034/127] gitkeep --- build_release/.gitkeep | 0 release/.gitkeep | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 build_release/.gitkeep create mode 100644 release/.gitkeep diff --git a/build_release/.gitkeep b/build_release/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/release/.gitkeep b/release/.gitkeep new file mode 100644 index 0000000..e69de29 -- 2.34.1 From 037dee389132d5fd4cd96ae5bab42c0f6656ca19 Mon Sep 17 00:00:00 2001 From: zxkmm Date: Wed, 27 Mar 2024 11:16:02 +0800 Subject: [PATCH 035/127] build script --- build_pico_fido.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 04945c3..234882a 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -50,7 +50,9 @@ for board in adafruit_feather_rp2040 \ wiznet_w5100s_evb_pico do rm -rf * - PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board + # PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board + PICO_SDK_PATH=../pico-sdk cmake .. -DPICO_BOARD=$board + make -kj20 mv pico_fido.uf2 ../release/pico_fido_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2 -- 2.34.1 From 69e250921f35d5785b3511071bef232118532e8f Mon Sep 17 00:00:00 2001 From: zxkmm Date: Wed, 27 Mar 2024 11:16:56 +0800 Subject: [PATCH 036/127] gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cd93c2c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +release +build_release -- 2.34.1 From 1f0e1fb8f4d723d859626dd80bf5245d5cc73fd0 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 5 May 2024 00:58:51 +0200 Subject: [PATCH 037/127] Use latest Pico Keys SDK. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_client_pin.c | 16 ++++++++-------- src/fido/cbor_config.c | 12 ++++++------ src/fido/cbor_cred_mgmt.c | 2 +- src/fido/cbor_get_assertion.c | 2 +- src/fido/cbor_large_blobs.c | 2 +- src/fido/cbor_make_credential.c | 2 +- src/fido/cbor_vendor.c | 8 ++++---- src/fido/cmd_authenticate.c | 2 +- src/fido/credential.c | 6 +++--- src/fido/fido.c | 12 ++++++------ src/fido/management.c | 2 +- src/fido/oath.c | 16 ++++++++-------- src/fido/otp.c | 14 +++++++------- 14 files changed, 49 insertions(+), 49 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 151ae5f..88071e1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 151ae5fae4c5815042fce5d5cbcc06d76561dc9c +Subproject commit 88071e117222bbc3ab018bc45f6d691a4fcf78f3 diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index c7c13d8..0e3d6e9 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -169,7 +169,7 @@ int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret) { int resetPinUvAuthToken() { uint8_t t[32]; random_gen(NULL, t, sizeof(t)); - flash_write_data_to_file(ef_authtoken, t, sizeof(t)); + file_put_data(ef_authtoken, t, sizeof(t)); paut.permissions = 0; paut.data = file_get_data(ef_authtoken); paut.len = file_get_size(ef_authtoken); @@ -417,7 +417,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { hsh[0] = MAX_PIN_RETRIES; hsh[1] = pin_len; mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, hsh + 2); - flash_write_data_to_file(ef_pin, hsh, 2 + 16); + file_put_data(ef_pin, hsh, 2 + 16); low_flash_available(); goto err; //No return } @@ -464,7 +464,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { uint8_t pin_data[18]; memcpy(pin_data, file_get_data(ef_pin), 18); pin_data[0] -= 1; - flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data)); + file_put_data(ef_pin, pin_data, sizeof(pin_data)); low_flash_available(); uint8_t retries = pin_data[0]; uint8_t paddedNewPin[64]; @@ -489,7 +489,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } } pin_data[0] = MAX_PIN_RETRIES; - flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data)); + file_put_data(ef_pin, pin_data, sizeof(pin_data)); low_flash_available(); new_pin_mismatches = 0; ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin); @@ -520,12 +520,12 @@ int cbor_client_pin(const uint8_t *data, size_t len) { memcmp(hsh + 2, file_get_data(ef_pin) + 2, 16) == 0) { CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION); } - flash_write_data_to_file(ef_pin, hsh, 2 + 16); + file_put_data(ef_pin, hsh, 2 + 16); if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) { uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(ef_minpin)); memcpy(tmp, file_get_data(ef_minpin), file_get_size(ef_minpin)); tmp[1] = 0; - flash_write_data_to_file(ef_minpin, tmp, file_get_size(ef_minpin)); + file_put_data(ef_minpin, tmp, file_get_size(ef_minpin)); free(tmp); } low_flash_available(); @@ -573,7 +573,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { uint8_t pin_data[18]; memcpy(pin_data, file_get_data(ef_pin), 18); pin_data[0] -= 1; - flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data)); + file_put_data(ef_pin, pin_data, sizeof(pin_data)); low_flash_available(); uint8_t retries = pin_data[0]; uint8_t paddedNewPin[64], poff = (pinUvAuthProtocol - 1) * IV_SIZE; @@ -599,7 +599,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } pin_data[0] = MAX_PIN_RETRIES; new_pin_mismatches = 0; - flash_write_data_to_file(ef_pin, pin_data, sizeof(pin_data)); + file_put_data(ef_pin, pin_data, sizeof(pin_data)); low_flash_available(); file_t *ef_minpin = search_by_fid(EF_MINPINLEN, NULL, SPECIFY_EF); if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) { diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 4026cc7..b8cb73f 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -142,9 +142,9 @@ int cbor_config(const uint8_t *data, size_t len) { if (has_keydev_dec == false) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } - flash_write_data_to_file(ef_keydev, keydev_dec, sizeof(keydev_dec)); + file_put_data(ef_keydev, keydev_dec, sizeof(keydev_dec)); mbedtls_platform_zeroize(keydev_dec, sizeof(keydev_dec)); - flash_write_data_to_file(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes + file_put_data(ef_keydev_enc, NULL, 0); // Set ef to 0 bytes low_flash_available(); } else if (vendorCommandId == CTAP_CONFIG_AUT_ENABLE) { @@ -178,10 +178,10 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - flash_write_data_to_file(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc)); + file_put_data(ef_keydev_enc, key_dev_enc, sizeof(key_dev_enc)); mbedtls_platform_zeroize(key_dev_enc, sizeof(key_dev_enc)); - flash_write_data_to_file(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0 - flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes + file_put_data(ef_keydev, key_dev_enc, file_get_size(ef_keydev)); // Overwrite ef with 0 + file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes low_flash_available(); } else { @@ -216,7 +216,7 @@ int cbor_config(const uint8_t *data, size_t len) { data + 2 + m * 32, 0); } - flash_write_data_to_file(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32); + file_put_data(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32); low_flash_available(); goto err; //No return } diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index 68e95a8..f5b9fdd 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -380,7 +380,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { delete_file(rp_ef); } else { - flash_write_data_to_file(rp_ef, rp_data, file_get_size(rp_ef)); + file_put_data(rp_ef, rp_data, file_get_size(rp_ef)); } free(rp_data); break; diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index f3a2516..87c6363 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -640,7 +640,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); ctr++; - flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); + file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); low_flash_available(); err: CBOR_FREE_BYTE_STRING(clientDataHash); diff --git a/src/fido/cbor_large_blobs.c b/src/fido/cbor_large_blobs.c index c3ebd70..432464d 100644 --- a/src/fido/cbor_large_blobs.c +++ b/src/fido/cbor_large_blobs.c @@ -155,7 +155,7 @@ int cbor_large_blobs(const uint8_t *data, size_t len) { if (expectedLength > 17 && memcmp(sha, temp_lba + expectedLength - 16, 16) != 0) { CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE); } - flash_write_data_to_file(ef_largeblob, temp_lba, expectedLength); + file_put_data(ef_largeblob, temp_lba, expectedLength); low_flash_available(); } goto err; diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 44a488f..614ae5a 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -518,7 +518,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } } ctr++; - flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); + file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); low_flash_available(); err: CBOR_FREE_BYTE_STRING(clientDataHash); diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index afe939b..d1b6f54 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -121,9 +121,9 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } uint8_t zeros[32]; memset(zeros, 0, sizeof(zeros)); - flash_write_data_to_file(ef_keydev_enc, vendorParam.data, vendorParam.len); - flash_write_data_to_file(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0 - flash_write_data_to_file(ef_keydev, NULL, 0); // Set ef to 0 bytes + file_put_data(ef_keydev_enc, vendorParam.data, vendorParam.len); + file_put_data(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0 + file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes low_flash_available(); goto err; } @@ -306,7 +306,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } file_t *ef_ee_ea = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF); if (ef_ee_ea) { - flash_write_data_to_file(ef_ee_ea, vendorParam.data, vendorParam.len); + file_put_data(ef_ee_ea, vendorParam.data, vendorParam.len); } low_flash_available(); goto err; diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 6f458d6..b3c7f9d 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -97,7 +97,7 @@ int cmd_authenticate() { res_APDU_size = 1 + 4 + olen; ctr++; - flash_write_data_to_file(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); + file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); low_flash_available(); return SW_OK(); } diff --git a/src/fido/credential.c b/src/fido/credential.c index b43388b..ea44ebb 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -306,7 +306,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * memcpy(data, rp_id_hash, 32); memcpy(data + 32, cred_id, cred_id_len); file_t *ef = file_new(EF_CRED + sloti); - flash_write_data_to_file(ef, data, cred_id_len + 32); + file_put_data(ef, data, cred_id_len + 32); free(data); if (new_record == true) { //increase rps @@ -332,7 +332,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * data = (uint8_t *) calloc(1, file_get_size(ef)); memcpy(data, file_get_data(ef), file_get_size(ef)); data[0] += 1; - flash_write_data_to_file(ef, data, file_get_size(ef)); + file_put_data(ef, data, file_get_size(ef)); free(data); } else { @@ -341,7 +341,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * data[0] = 1; memcpy(data + 1, rp_id_hash, 32); memcpy(data + 1 + 32, cred.rpId.data, cred.rpId.len); - flash_write_data_to_file(ef, data, 1 + 32 + cred.rpId.len); + file_put_data(ef, data, 1 + 32 + cred.rpId.len); free(data); } } diff --git a/src/fido/fido.c b/src/fido/fido.c index 79a935d..e1ffbdb 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -317,7 +317,7 @@ int scan_files() { uint8_t kdata[32]; int key_size = mbedtls_mpi_size(&ecdsa.d); mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size); - ret = flash_write_data_to_file(ef_keydev, kdata, key_size); + ret = file_put_data(ef_keydev, kdata, key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); if (ret != CCID_OK) { @@ -353,7 +353,7 @@ int scan_files() { if (ret <= 0) { return ret; } - flash_write_data_to_file(ef_certdev, cert + sizeof(cert) - ret, ret); + file_put_data(ef_certdev, cert + sizeof(cert) - ret, ret); } } else { @@ -363,7 +363,7 @@ int scan_files() { if (ef_counter) { if (!file_has_data(ef_counter)) { uint32_t v = 0; - flash_write_data_to_file(ef_counter, (uint8_t *) &v, sizeof(v)); + file_put_data(ef_counter, (uint8_t *) &v, sizeof(v)); } } else { @@ -375,7 +375,7 @@ int scan_files() { if (!file_has_data(ef_authtoken)) { uint8_t t[32]; random_gen(NULL, t, sizeof(t)); - flash_write_data_to_file(ef_authtoken, t, sizeof(t)); + file_put_data(ef_authtoken, t, sizeof(t)); } paut.data = file_get_data(ef_authtoken); paut.len = file_get_size(ef_authtoken); @@ -385,7 +385,7 @@ int scan_files() { } ef_largeblob = search_by_fid(EF_LARGEBLOB, NULL, SPECIFY_EF); if (!file_has_data(ef_largeblob)) { - flash_write_data_to_file(ef_largeblob, + file_put_data(ef_largeblob, (const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c", 17); } @@ -447,7 +447,7 @@ uint8_t get_opts() { void set_opts(uint8_t opts) { file_t *ef = search_by_fid(EF_OPTS, NULL, SPECIFY_EF); - flash_write_data_to_file(ef, &opts, sizeof(uint8_t)); + file_put_data(ef, &opts, sizeof(uint8_t)); low_flash_available(); } diff --git a/src/fido/management.c b/src/fido/management.c index fb305c8..f7590d0 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -130,7 +130,7 @@ int cmd_write_config() { return SW_WRONG_DATA(); } file_t *ef = file_new(EF_DEV_CONF); - flash_write_data_to_file(ef, apdu.data + 1, apdu.nc - 1); + file_put_data(ef, apdu.data + 1, apdu.nc - 1); low_flash_available(); return SW_OK(); } diff --git a/src/fido/oath.c b/src/fido/oath.c index 75c1ae7..03ee790 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -158,7 +158,7 @@ int cmd_put() { } file_t *ef = find_oath_cred(name.data, name.len); if (file_has_data(ef)) { - flash_write_data_to_file(ef, apdu.data, apdu.nc); + file_put_data(ef, apdu.data, apdu.nc); low_flash_available(); } else { @@ -166,7 +166,7 @@ int cmd_put() { file_t *ef = search_dynamic_file(EF_OATH_CRED + i); if (!file_has_data(ef)) { ef = file_new(EF_OATH_CRED + i); - flash_write_data_to_file(ef, apdu.data, apdu.nc); + file_put_data(ef, apdu.data, apdu.nc); low_flash_available(); return SW_OK(); } @@ -247,7 +247,7 @@ int cmd_set_code() { } random_gen(NULL, challenge, sizeof(challenge)); file_t *ef = file_new(EF_OATH_CODE); - flash_write_data_to_file(ef, key.data, key.len); + file_put_data(ef, key.data, key.len); low_flash_available(); validated = false; return SW_OK(); @@ -429,7 +429,7 @@ int cmd_calculate() { chal.data[5] = v >> 16; chal.data[6] = v >> 8; chal.data[7] = v & 0xff; - flash_write_data_to_file(ef, tmp, ef_size); + file_put_data(ef, tmp, ef_size); low_flash_available(); free(tmp); } @@ -504,7 +504,7 @@ int cmd_set_otp_pin() { } hsh[0] = MAX_OTP_COUNTER; double_hash_pin(pw.data, pw.len, hsh + 1); - flash_write_data_to_file(ef_otp_pin, hsh, sizeof(hsh)); + file_put_data(ef_otp_pin, hsh, sizeof(hsh)); low_flash_available(); return SW_OK(); } @@ -529,7 +529,7 @@ int cmd_change_otp_pin() { } hsh[0] = MAX_OTP_COUNTER; double_hash_pin(new_pw.data, new_pw.len, hsh + 1); - flash_write_data_to_file(ef_otp_pin, hsh, sizeof(hsh)); + file_put_data(ef_otp_pin, hsh, sizeof(hsh)); low_flash_available(); return SW_OK(); } @@ -551,13 +551,13 @@ int cmd_verify_otp_pin() { if (data_hsh[0] > 0) { data_hsh[0] -= 1; } - flash_write_data_to_file(ef_otp_pin, data_hsh, sizeof(data_hsh)); + file_put_data(ef_otp_pin, data_hsh, sizeof(data_hsh)); low_flash_available(); validated = false; return SW_SECURITY_STATUS_NOT_SATISFIED(); } data_hsh[0] = MAX_OTP_COUNTER; - flash_write_data_to_file(ef_otp_pin, data_hsh, sizeof(data_hsh)); + file_put_data(ef_otp_pin, data_hsh, sizeof(data_hsh)); low_flash_available(); validated = true; return SW_OK(); diff --git a/src/fido/otp.c b/src/fido/otp.c index e37e779..7d5be77 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -169,7 +169,7 @@ void init_otp() { memcpy(new_data, data, sizeof(new_data)); new_data[otp_config_size] = counter >> 8; new_data[otp_config_size + 1] = counter & 0xff; - flash_write_data_to_file(ef, new_data, sizeof(new_data)); + file_put_data(ef, new_data, sizeof(new_data)); } } } @@ -258,7 +258,7 @@ int otp_button_pressed(uint8_t slot) { uint8_t new_otp_config[otp_config_size + sizeof(new_chal)]; memcpy(new_otp_config, otp_config, otp_config_size); memcpy(new_otp_config + otp_config_size, new_chal, sizeof(new_chal)); - flash_write_data_to_file(ef, new_otp_config, sizeof(new_otp_config)); + file_put_data(ef, new_otp_config, sizeof(new_otp_config)); low_flash_available(); } if (otp_config->tkt_flags & APPEND_CR) { @@ -322,7 +322,7 @@ int otp_button_pressed(uint8_t slot) { memcpy(new_data, data, sizeof(new_data)); new_data[otp_config_size] = counter >> 8; new_data[otp_config_size + 1] = counter & 0xff; - flash_write_data_to_file(ef, new_data, sizeof(new_data)); + file_put_data(ef, new_data, sizeof(new_data)); low_flash_available(); } } @@ -387,7 +387,7 @@ int cmd_otp() { return SW_WRONG_DATA(); } memset(apdu.data + otp_config_size, 0, 8); // Add 8 bytes extra - flash_write_data_to_file(ef, apdu.data, otp_config_size + 8); + file_put_data(ef, apdu.data, otp_config_size + 8); low_flash_available(); config_seq++; return otp_status(); @@ -420,7 +420,7 @@ int cmd_otp() { (odata->tkt_flags & TKTFLAG_UPDATE_MASK); odata->cfg_flags = (otpc->cfg_flags & ~CFGFLAG_UPDATE_MASK) | (odata->cfg_flags & CFGFLAG_UPDATE_MASK); - flash_write_data_to_file(ef, apdu.data, otp_config_size); + file_put_data(ef, apdu.data, otp_config_size); low_flash_available(); } } @@ -434,13 +434,13 @@ int cmd_otp() { ef1_data = true; } if (file_has_data(ef2)) { - flash_write_data_to_file(ef1, file_get_data(ef2), file_get_size(ef2)); + file_put_data(ef1, file_get_data(ef2), file_get_size(ef2)); } else { delete_file(ef1); } if (ef1_data) { - flash_write_data_to_file(ef2, tmp, sizeof(tmp)); + file_put_data(ef2, tmp, sizeof(tmp)); } else { delete_file(ef2); -- 2.34.1 From b0b0187919409858e0d03bfca59cd40bd0e769a1 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 7 Jun 2024 20:57:21 +0200 Subject: [PATCH 038/127] Fix cleared permissions on make credential when UP is not present. Following 14.1, flags shall be cleared only when UP == true. Signed-off-by: Pol Henarejos --- src/fido/cbor_make_credential.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 614ae5a..4de194a 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -313,9 +313,11 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } } flags |= FIDO2_AUT_FLAG_UP; - clearUserPresentFlag(); - clearUserVerifiedFlag(); - clearPinUvAuthTokenPermissionsExceptLbw(); + if (options.up == ptrue) { + clearUserPresentFlag(); + clearUserVerifiedFlag(); + clearPinUvAuthTokenPermissionsExceptLbw(); + } } const known_app_t *ka = find_app_by_rp_id_hash(rp_id_hash); -- 2.34.1 From 54bbc0e9ea83510bcdf48e3fc61c21180a1882fe Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 30 Jun 2024 00:31:29 +0200 Subject: [PATCH 039/127] Fix return value when bad key type is provided. Fixes #47. Signed-off-by: Pol Henarejos --- src/fido/cbor_make_credential.c | 6 +++--- tests/pico-fido/test_020_register.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 4de194a..33ccc98 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -225,9 +225,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (pubKeyCredParams[i].alg <= FIDO2_ALG_RS256 && pubKeyCredParams[i].alg >= FIDO2_ALG_RS512) { // pass } - else { - CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE); - } + //else { + // CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE); + //} if (curve > 0 && alg == 0) { alg = pubKeyCredParams[i].alg; } diff --git a/tests/pico-fido/test_020_register.py b/tests/pico-fido/test_020_register.py index 378a13e..3a80e7d 100644 --- a/tests/pico-fido/test_020_register.py +++ b/tests/pico-fido/test_020_register.py @@ -151,7 +151,7 @@ def test_unsupported_algorithm(device): with pytest.raises(CtapError) as e: device.doMC(key_params=[{"alg": 1337, "type": "public-key"}]) - assert e.value.code == CtapError.ERR.CBOR_UNEXPECTED_TYPE + assert e.value.code == CtapError.ERR.UNSUPPORTED_ALGORITHM def test_exclude_list(resetdevice): resetdevice.doMC(exclude_list=[{"id": b"1234", "type": "rot13"}]) -- 2.34.1 From d5fe405a878075162afe2449325cffcface7b5da Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 30 Jun 2024 00:32:40 +0200 Subject: [PATCH 040/127] Fix test bad pub type. Signed-off-by: Pol Henarejos --- tests/pico-fido/test_020_register.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/pico-fido/test_020_register.py b/tests/pico-fido/test_020_register.py index 3a80e7d..bbb2dd1 100644 --- a/tests/pico-fido/test_020_register.py +++ b/tests/pico-fido/test_020_register.py @@ -147,6 +147,8 @@ def test_bad_type_pubKeyCredParams_alg(device): with pytest.raises(CtapError) as e: device.doMC(key_params=[{"alg": "7", "type": "public-key"}]) + assert e.value.code == CtapError.ERR.CBOR_UNEXPECTED_TYPE + def test_unsupported_algorithm(device): with pytest.raises(CtapError) as e: device.doMC(key_params=[{"alg": 1337, "type": "public-key"}]) -- 2.34.1 From 6fe16a63e490dbb5f8150bf7e8bd2e2939ab6b3d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 20 Jul 2024 20:04:41 +0200 Subject: [PATCH 041/127] Upgrade Pico Keys SDK Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 88071e1..f4ad8e1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 88071e117222bbc3ab018bc45f6d691a4fcf78f3 +Subproject commit f4ad8e1af2e2657f3900f1e01db031d7d73d623b -- 2.34.1 From e96da09a844be4785152861bcb305b454cb1524e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 20 Jul 2024 20:04:48 +0200 Subject: [PATCH 042/127] Fixes for mbedtls 3.6 Signed-off-by: Pol Henarejos --- src/fido/fido.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/fido/fido.c b/src/fido/fido.c index e1ffbdb..1adf712 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -215,7 +215,8 @@ int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_con } } uint8_t hmac[32], d[32]; - int ret = mbedtls_ecp_write_key(key, d, sizeof(d)); + size_t olen = 0; + int ret = mbedtls_ecp_write_key_ext(key, &olen, d, sizeof(d)); if (key == NULL) { mbedtls_ecdsa_free(&ctx); } -- 2.34.1 From f21e2030939e01076d8445d38d74bdc1659d4f10 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 20 Jul 2024 20:05:00 +0200 Subject: [PATCH 043/127] Fix compilation Signed-off-by: Pol Henarejos --- src/fido/otp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/fido/otp.c b/src/fido/otp.c index 7d5be77..daee316 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -23,6 +23,7 @@ #include "version.h" #include "asn1.h" #include "hid/ctap_hid.h" +#include "usb.h" #ifndef ENABLE_EMULATION #include "bsp/board.h" #endif -- 2.34.1 From 69ec24209527a2ba0cad3f14989b92dea8f4ed14 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 20 Jul 2024 20:28:09 +0200 Subject: [PATCH 044/127] Update README. Signed-off-by: Pol Henarejos --- README.md | 75 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index e9b5963..cc97fae 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Pico FIDO -This project aims at transforming your Raspberry Pico into a FIDO key integrated. The Pico works as a FIDO key, like a normal USB key for authentication. +This project transforms your Raspberry Pi Pico into an integrated FIDO key, functioning like a standard USB key for authentication. ## Features -Pico FIDO has implemented the following features: +Pico FIDO includes the following features: - CTAP 2.1 / CTAP 1 - WebAuthn @@ -10,16 +10,16 @@ Pico FIDO has implemented the following features: - HMAC-Secret extension - CredProtect extension - User presence enforcement through physical button -- User Verification with PIN +- User verification with PIN - Discoverable credentials - Credential management - ECDSA authentication -- Authentication with SECP256R1, SECP384R1, SECP521R1 and SECP256K1 curves. +- Support for SECP256R1, SECP384R1, SECP521R1, and SECP256K1 curves - App registration and login - Device selection -- Support for vendor Config +- Support for vendor configuration - Backup with 24 words -- Secure lock to protect the device from flash dumpings +- Secure lock to protect the device from flash dumps - Permissions support (MC, GA, CM, ACFG, LBW) - Authenticator configuration - minPinLength extension @@ -27,50 +27,54 @@ Pico FIDO has implemented the following features: - Enterprise attestation - credBlobs extension - largeBlobKey extension -- largeBlobs support (2048 bytes máx.) +- Large blobs support (2048 bytes max) - OATH (based on YKOATH protocol specification) - TOTP / HOTP - Yubikey OTP - Challenge-response generation - Emulated keyboard interface -- Button press generates an OTP that is written directly is it was typed +- Button press generates an OTP that is directly typed - Yubico YKMAN compatible - Nitrokey nitropy and nitroapp compatible -All these features are compliant with the specification. Therefore, if you detect some behaviour that is not expected or it does not follow the rules of specs, please open an issue. +All features comply with the specifications. If you encounter unexpected behavior or deviations from the specifications, please open an issue. -## Security considerations -Pico FIDO is an open platform so be careful. The contents in the flash memory may be easily dumpled and obtain the private/master keys. Therefore, it is not possible to encrypt the content. At least, one key (the master, the supreme key) must be stored in clear text. +## Security Considerations -If the Pico is stolen the contents of private and secret keys can be read. +Pico FIDO is an open platform, so exercise caution. The flash memory contents can be easily dumped, potentially revealing private/master keys. It is not feasible to encrypt the content, meaning at least one key (the master key) must be stored in clear text. + +If the Pico is stolen, the private and secret keys can be accessed. ## Download -Please, go to the [Release page](https://github.com/polhenarejos/pico-fido/releases "Release page") and download the UF2 file for your board. +Please visit the [Release page](https://github.com/polhenarejos/pico-fido/releases "Release page") to download the UF2 file for your board. -Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you are planning to use it with OpenSC or similar, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/). +Note that UF2 files are shipped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar software, you will need to modify the Info.plist of the CCID driver to add these VID/PID values or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/). -Alternatively you can use the legacy VID/PID patcher as follows: -`./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2` +Alternatively, you can use the legacy VID/PID patcher with the following command: +```sh +./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2 +``` +You can use any VID/PID (e.g., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own. -You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own. - -Note that the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is the most recommended. +For ease of use, the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is highly recommended. ## Build -Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive. +Before building, ensure you have installed the toolchain for the Pico and that the Pico SDK is properly located on your drive. - git clone https://github.com/polhenarejos/pico-fido - cd pico-fido - mkdir build - cd build - PICO_SDK_PATH=/path/to/pico-sdk cmake .. -DPICO_BOARD=board_type -DUSB_VID=0x1234 -DUSB_PID=0x5678 - make +```sh +git clone https://github.com/polhenarejos/pico-fido +cd pico-fido +mkdir build +cd build +PICO_SDK_PATH=/path/to/pico-sdk cmake .. -DPICO_BOARD=board_type -DUSB_VID=0x1234 -DUSB_PID=0x5678 +make +``` -Note that PICO_BOARD, USB_VID and USB_PID are optional. If not provided, pico board and VID/PID FEFF:FCFD will be used. +Note that `PICO_BOARD`, `USB_VID`, and `USB_PID` are optional. If not provided, the default Pico board and VID/PID `FEFF:FCFD` will be used. -After make ends, the binary file pico_fido.uf2 will be generated. Put your pico board into loading mode, by pushing BOOTSEL button while pluging on, and copy the UF2 to the new fresh usb mass storage Pico device. Once copied, the pico mass storage will be disconnected automatically and the pico board will reset with the new firmware. A blinking led will indicate the device is ready to work. +After `make` finishes, the binary file `pico_fido.uf2` will be generated. Put your Pico board into loading mode by holding the BOOTSEL button while plugging it in, then copy the UF2 file to the new USB mass storage Pico device. Once copied, the Pico mass storage will disconnect automatically, and the Pico board will reset with the new firmware. A blinking LED will indicate that the device is ready to work. -**Remark:** Pico Fido uses HID interface and thus, VID/PID values are irrelevant in terms of operativity. You can safely use any arbitrary value or the default ones. +**Remark:** Pico FIDO uses the HID interface, so VID/PID values are irrelevant in terms of operativity. You can safely use any arbitrary values or the default ones. ## Led blink Pico FIDO uses the led to indicate the current status. Four states are available: @@ -96,20 +100,21 @@ While processing, the Pico FIDO is busy and cannot receive additional commands u ## Driver -Pico FIDO uses the `HID` driver, present in all OS. It should be detected by all OS and browser/applications, like normal USB FIDO keys. +Pico FIDO uses the `HID` driver, which is present in all operating systems. It should be detected by all OS and browser/applications just like normal USB FIDO keys. ## Tests -Tests can be found at `tests` folder. It is based on [FIDO2 tests](https://github.com/solokeys/fido2-tests "FIDO2 tests") from Solokeys, but adapted to [python-fido2](https://github.com/Yubico/python-fido2 "python-fido2") v1.0 package, which is a major refactor from previous 0.8 version and includes latests improvements from CTAP 2.1. +Tests can be found in the `tests` folder. They are based on [FIDO2 tests](https://github.com/solokeys/fido2-tests "FIDO2 tests") from Solokeys but adapted to the [python-fido2](https://github.com/Yubico/python-fido2 "python-fido2") v1.0 package, which is a major refactor from the previous 0.8 version and includes the latest improvements from CTAP 2.1. -All tests can be run by +To run all tests, use: -``` +```sh pytest ``` -or by selecting a subset with `-k ` flag: -``` +To run a subset of tests, use the `-k ` flag: + +```sh pytest -k test_credprotect ``` -- 2.34.1 From 5b95e35ca9a38798cc0a90e9e295b2cba0a4c2a5 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 20 Jul 2024 20:29:40 +0200 Subject: [PATCH 045/127] Upgrade to version 5.10 Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 2 +- src/fido/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 04945c3..ed77b99 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="5" -VERSION_MINOR="8" +VERSION_MINOR="10" rm -rf release/* cd build_release diff --git a/src/fido/version.h b/src/fido/version.h index 789f039..d700cdf 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x0508 +#define PICO_FIDO_VERSION 0x050A #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff) -- 2.34.1 From 1b4dd9bed09452cc5fc201a5e4c879a01f943504 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 18 Aug 2024 23:53:18 +0200 Subject: [PATCH 046/127] Fix ESP32 build. Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 7 +++- src/fido/cbor_client_pin.c | 6 ++- src/fido/cbor_get_assertion.c | 2 +- src/fido/cbor_reset.c | 5 ++- src/fido/cbor_vendor.c | 18 +------- src/fido/cmd_register.c | 2 +- src/fido/credential.c | 2 +- src/fido/ctap2_cbor.h | 4 ++ src/fido/fido.c | 17 ++++---- src/fido/fido.h | 9 +++- src/fido/management.c | 6 +-- src/fido/management.h | 2 +- src/fido/oath.c | 9 +--- src/fido/otp.c | 79 +++++++++++++++++------------------ 14 files changed, 83 insertions(+), 85 deletions(-) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index 9483d44..3dd7fc1 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -15,7 +15,7 @@ * along with this program. If not, see . */ -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif #include "hid/ctap_hid.h" @@ -130,6 +130,9 @@ void cbor_thread() { uint32_t flag = EV_EXEC_FINISHED; queue_add_blocking(&card_to_usb_q, &flag); } +#ifdef ESP_PLATFORM + vTaskDelete(NULL); +#endif } #endif @@ -139,7 +142,7 @@ int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) { cmd = last_cmd; res_APDU = ctap_resp->init.data + 1; res_APDU_size = 0; - return 1; + return 2; // CBOR processing } CborError COSE_key_params(int crv, diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index 0e3d6e9..2d324da 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -15,7 +15,11 @@ * along with this program. If not, see . */ +#ifndef ESP_PLATFORM #include "common.h" +#else +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif #include "mbedtls/ecp.h" #include "mbedtls/ecdh.h" #include "mbedtls/sha256.h" @@ -23,7 +27,7 @@ #include "cbor.h" #include "ctap.h" #include "ctap2_cbor.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "hid/ctap_hid.h" diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index 87c6363..aa22e3b 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -17,7 +17,7 @@ #include "cbor.h" #include "ctap.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "hid/ctap_hid.h" diff --git a/src/fido/cbor_reset.c b/src/fido/cbor_reset.c index 62b17a9..b3a07d5 100644 --- a/src/fido/cbor_reset.c +++ b/src/fido/cbor_reset.c @@ -18,9 +18,12 @@ #include "file.h" #include "fido.h" #include "ctap.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif +#ifdef ESP_PLATFORM +#include "esp_compat.h" +#endif extern void scan_all(); diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index d1b6f54..3b78c01 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -256,27 +256,11 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { mbedtls_ecdsa_free(&ekey); CBOR_ERROR(CTAP2_ERR_PROCESSING); } -#ifndef ENABLE_EMULATION - pico_unique_board_id_t rpiid; - pico_get_unique_board_id(&rpiid); -#else - struct { - uint8_t id[8]; - } rpiid = { 0 }; -#endif mbedtls_x509write_csr ctx; mbedtls_x509write_csr_init(&ctx); snprintf((char *) buffer, sizeof(buffer), - "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %02x%02x%02x%02x%02x%02x%02x%02x", - rpiid.id[0], - rpiid.id[1], - rpiid.id[2], - rpiid.id[3], - rpiid.id[4], - rpiid.id[5], - rpiid.id[6], - rpiid.id[7]); + "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %s", pico_serial_str); mbedtls_x509write_csr_set_subject_name(&ctx, (char *) buffer); mbedtls_pk_context key; mbedtls_pk_init(&key); diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 7962719..237f70f 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -41,7 +41,7 @@ int u2f_select(app_t *a) { return CCID_ERR_FILE_NOT_FOUND; } -void __attribute__((constructor)) u2f_ctor() { +INITIALIZER ( u2f_ctor ) { register_app(u2f_select, u2f_aid); } diff --git a/src/fido/credential.c b/src/fido/credential.c index ea44ebb..f1f1994 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -18,7 +18,7 @@ #include "mbedtls/chachapoly.h" #include "mbedtls/sha256.h" #include "credential.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "hid/ctap_hid.h" diff --git a/src/fido/ctap2_cbor.h b/src/fido/ctap2_cbor.h index 9a8c8d1..84723da 100644 --- a/src/fido/ctap2_cbor.h +++ b/src/fido/ctap2_cbor.h @@ -19,7 +19,11 @@ #define _CTAP2_CBOR_H_ #include "cbor.h" +#ifndef ESP_PLATFORM #include "common.h" +#else +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif #include "mbedtls/ecp.h" #include "mbedtls/ecdh.h" diff --git a/src/fido/fido.c b/src/fido/fido.c index 1adf712..3f772cf 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -27,12 +27,12 @@ #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) #include "ccid/ccid.h" #endif -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include #include "management.h" -#include "ctap_hid.h" +#include "hid/ctap_hid.h" #include "version.h" int fido_process_apdu(); @@ -79,7 +79,7 @@ extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t); extern void cbor_thread(); extern int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len); -void __attribute__((constructor)) fido_ctor() { +INITIALIZER ( fido_ctor ) { #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) ccid_atr = atr_fido; #endif @@ -315,9 +315,12 @@ int scan_files() { mbedtls_ecdsa_free(&ecdsa); return ret; } - uint8_t kdata[32]; - int key_size = mbedtls_mpi_size(&ecdsa.d); - mbedtls_mpi_write_binary(&ecdsa.d, kdata, key_size); + uint8_t kdata[64]; + size_t key_size = 0; + ret = mbedtls_ecp_write_key_ext(&ecdsa, &key_size, kdata, sizeof(kdata)); + if (ret != CCID_OK) { + return ret; + } ret = file_put_data(ef_keydev, kdata, key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); @@ -333,7 +336,7 @@ int scan_files() { ef_certdev = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF); if (ef_certdev) { if (!file_has_data(ef_certdev)) { - uint8_t cert[4096]; + uint8_t cert[2048]; mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, diff --git a/src/fido/fido.h b/src/fido/fido.h index f12dc5d..aab14e8 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -18,13 +18,18 @@ #ifndef _FIDO_H_ #define _FIDO_H_ -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif +#ifndef ESP_PLATFORM #include "common.h" +#else +#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#endif + #include "mbedtls/ecdsa.h" #ifndef ENABLE_EMULATION -#include "ctap_hid.h" +#include "hid/ctap_hid.h" #else #include #endif diff --git a/src/fido/management.c b/src/fido/management.c index f7590d0..26ae35e 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -43,7 +43,7 @@ int man_select(app_t *a) { return CCID_OK; } -void __attribute__((constructor)) man_ctor() { +INITIALIZER ( man_ctor ) { register_app(man_select, man_aid); } @@ -82,9 +82,7 @@ int man_get_config() { res_APDU[res_APDU_size++] = CAP_OTP | CAP_U2F | CAP_OATH; res_APDU[res_APDU_size++] = TAG_SERIAL; res_APDU[res_APDU_size++] = 4; -#ifndef ENABLE_EMULATION - pico_get_unique_board_id_string((char *) res_APDU + res_APDU_size, 4); -#endif + memcpy(res_APDU + res_APDU_size, pico_serial.id, 4); res_APDU_size += 4; res_APDU[res_APDU_size++] = TAG_FORM_FACTOR; res_APDU[res_APDU_size++] = 1; diff --git a/src/fido/management.h b/src/fido/management.h index 6a5ff0d..a8a6331 100644 --- a/src/fido/management.h +++ b/src/fido/management.h @@ -19,7 +19,7 @@ #define _MANAGEMENT_H_ #include -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif diff --git a/src/fido/oath.c b/src/fido/oath.c index 03ee790..3bf212f 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -80,12 +80,7 @@ int oath_select(app_t *a) { res_APDU[res_APDU_size++] = 0; res_APDU[res_APDU_size++] = TAG_NAME; res_APDU[res_APDU_size++] = 8; -#ifndef ENABLE_EMULATION - pico_get_unique_board_id((pico_unique_board_id_t *) (res_APDU + res_APDU_size)); - res_APDU_size += 8; -#else - memset(res_APDU + res_APDU_size, 0, 8); res_APDU_size += 8; -#endif + memcpy(res_APDU + res_APDU_size, pico_serial_str, 8); if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { random_gen(NULL, challenge, sizeof(challenge)); res_APDU[res_APDU_size++] = TAG_CHALLENGE; @@ -109,7 +104,7 @@ int oath_select(app_t *a) { return CCID_ERR_FILE_NOT_FOUND; } -void __attribute__((constructor)) oath_ctor() { +INITIALIZER ( oath_ctor ) { register_app(oath_select, oath_aid); } diff --git a/src/fido/otp.c b/src/fido/otp.c index daee316..4198ac4 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -24,11 +24,12 @@ #include "asn1.h" #include "hid/ctap_hid.h" #include "usb.h" -#ifndef ENABLE_EMULATION +#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "bsp/board.h" #endif #include "mbedtls/aes.h" #include "management.h" +#include "tusb.h" #define FIXED_SIZE 16 #define KEY_SIZE 16 @@ -331,7 +332,7 @@ int otp_button_pressed(uint8_t slot) { return 0; } -void __attribute__((constructor)) otp_ctor() { +INITIALIZER( otp_ctor ) { register_app(otp_select, otp_aid); button_pressed_cb = otp_button_pressed; #ifndef ENABLE_EMULATION @@ -449,9 +450,7 @@ int cmd_otp() { low_flash_available(); } else if (p1 == 0x10) { -#ifndef ENABLE_EMULATION - pico_get_unique_board_id_string((char *) res_APDU, 4); -#endif + memcpy(res_APDU, pico_serial.id, 4); res_APDU_size = 4; } else if (p1 == 0x13) { @@ -479,9 +478,7 @@ int cmd_otp() { else if (p1 == 0x20 || p1 == 0x28) { uint8_t challenge[16]; memcpy(challenge, apdu.data, 6); -#ifndef ENABLE_EMULATION - pico_get_unique_board_id_string((char *) challenge + 6, 10); -#endif + memcpy(challenge + 6, pico_serial_str, 10); mbedtls_aes_context ctx; mbedtls_aes_init(&ctx); mbedtls_aes_setkey_enc(&ctx, otp_config->aes_key, 128); @@ -547,39 +544,41 @@ int otp_hid_set_report_cb(uint8_t itf, uint8_t const *buffer, uint16_t bufsize) { - if (report_type == 3) { - DEBUG_PAYLOAD(buffer, bufsize); - if (itf == ITF_KEYBOARD && buffer[7] == 0xFF) { // reset - *get_send_buffer_size(ITF_KEYBOARD) = 0; - otp_curr_seq = otp_exp_seq = 0; - memset(otp_frame_tx, 0, sizeof(otp_frame_tx)); - } - else if (buffer[7] & 0x80) { // a frame - uint8_t rseq = buffer[7] & 0x1F; - if (rseq < 10) { - if (rseq == 0) { - memset(otp_frame_rx, 0, sizeof(otp_frame_rx)); - } - memcpy(otp_frame_rx + rseq * 7, buffer, 7); - if (rseq == 9) { - DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx)); - uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]); - uint8_t slot_id = otp_frame_rx[64]; - if (residual_crc == rcrc) { - apdu.data = otp_frame_rx; - apdu.nc = 64; - apdu.rdata = otp_frame_tx; - apdu.header[0] = 0; - apdu.header[1] = 0x01; - apdu.header[2] = slot_id; - apdu.header[3] = 0; - int ret = otp_process_apdu(); - if (ret == 0x9000 && res_APDU_size > 0) { - otp_send_frame(apdu.rdata, apdu.rlen); - } + if (itf == ITF_KEYBOARD) { + if (report_type == 3) { + DEBUG_PAYLOAD(buffer, bufsize); + if (buffer[7] == 0xFF) { // reset + *get_send_buffer_size(ITF_KEYBOARD) = 0; + otp_curr_seq = otp_exp_seq = 0; + memset(otp_frame_tx, 0, sizeof(otp_frame_tx)); + } + else if (buffer[7] & 0x80) { // a frame + uint8_t rseq = buffer[7] & 0x1F; + if (rseq < 10) { + if (rseq == 0) { + memset(otp_frame_rx, 0, sizeof(otp_frame_rx)); } - else { - printf("[OTP] Bad CRC!\n"); + memcpy(otp_frame_rx + rseq * 7, buffer, 7); + if (rseq == 9) { + DEBUG_DATA(otp_frame_rx, sizeof(otp_frame_rx)); + uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]); + uint8_t slot_id = otp_frame_rx[64]; + if (residual_crc == rcrc) { + apdu.data = otp_frame_rx; + apdu.nc = 64; + apdu.rdata = otp_frame_tx; + apdu.header[0] = 0; + apdu.header[1] = 0x01; + apdu.header[2] = slot_id; + apdu.header[3] = 0; + int ret = otp_process_apdu(); + if (ret == 0x9000 && res_APDU_size > 0) { + otp_send_frame(apdu.rdata, apdu.rlen); + } + } + else { + printf("[OTP] Bad CRC!\n"); + } } } } -- 2.34.1 From 163e936231032d6389158788fe62483e30bdfcb9 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 18 Aug 2024 23:59:52 +0200 Subject: [PATCH 047/127] Fix potential bug in CBOR encoding. It happen if a keepalive packet is sent in the middle of an encoding. Signed-off-by: Pol Henarejos --- src/fido/cbor_client_pin.c | 4 ++-- src/fido/cbor_config.c | 4 ++-- src/fido/cbor_cred_mgmt.c | 4 ++-- src/fido/cbor_get_assertion.c | 4 ++-- src/fido/cbor_get_info.c | 2 +- src/fido/cbor_large_blobs.c | 2 +- src/fido/cbor_make_credential.c | 4 ++-- src/fido/cbor_vendor.c | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index 2d324da..4c8a3a9 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -336,7 +336,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } CBOR_PARSE_MAP_END(map, 1); - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); if (subcommand == 0x0) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } @@ -632,7 +632,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); CBOR_FREE_BYTE_STRING(newPinEnc); diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index b8cb73f..4886bc0 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -106,7 +106,7 @@ int cbor_config(const uint8_t *data, size_t len) { } CBOR_PARSE_MAP_END(map, 1); - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); if (pinUvAuthParam.present == false) { CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED); @@ -228,7 +228,7 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index f5b9fdd..16416dc 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -120,7 +120,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } } - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); if (subcommand == 0x01) { if (verify(pinUvAuthProtocol, paut.data, (const uint8_t *) "\x01", 1, pinUvAuthParam.data) != CborNoError) { @@ -442,7 +442,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_NO_CREDENTIALS); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index aa22e3b..b1c8728 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -585,7 +585,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) { lfields++; } - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); @@ -638,7 +638,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey)); CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); ctr++; file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); low_flash_available(); diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 0864725..38cbf8d 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -26,7 +26,7 @@ int cbor_get_info() { CborEncoder encoder, mapEncoder, arrayEncoder, mapEncoder2; CborError error = CborNoError; - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 15)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); diff --git a/src/fido/cbor_large_blobs.c b/src/fido/cbor_large_blobs.c index 432464d..9f65e37 100644 --- a/src/fido/cbor_large_blobs.c +++ b/src/fido/cbor_large_blobs.c @@ -79,7 +79,7 @@ int cbor_large_blobs(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); if (get > 0) { if (length != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 33ccc98..176843b 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -468,7 +468,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } } - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, extensions.largeBlobKey == ptrue && options.rk == ptrue ? 5 : 4)); @@ -512,7 +512,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey)); CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); if (options.rk == ptrue) { if (credential_store(cred_id, cred_id_len, rp_id_hash) != 0) { diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index 3b78c01..01b0bdb 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -101,7 +101,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } CBOR_PARSE_MAP_END(map, 1); - cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); if (cmd == CTAP_VENDOR_BACKUP) { if (vendorCmd == 0x01) { @@ -300,7 +300,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); -- 2.34.1 From 0c5280e12aa1bff44fd69af5fa59a55dd7fae01b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 19 Aug 2024 00:08:31 +0200 Subject: [PATCH 048/127] Add support to ESP32 build. Signed-off-by: Pol Henarejos --- CMakeLists.txt | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a5f60bc..d0b67bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -17,6 +17,11 @@ cmake_minimum_required(VERSION 3.13) +if(ESP_PLATFORM) +set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src) +include($ENV{IDF_PATH}/tools/cmake/project.cmake) +else() + if(ENABLE_EMULATION) else() include(pico_sdk_import.cmake) @@ -33,7 +38,7 @@ pico_sdk_init() endif() add_executable(pico_fido) - +endif() option(ENABLE_UP_BUTTON "Enable/disable user presence button" ON) if(ENABLE_UP_BUTTON) add_definitions(-DENABLE_UP_BUTTON=1) @@ -110,11 +115,13 @@ endif() set(USB_ITF_HID 1) include(pico-keys-sdk/pico_keys_sdk_import.cmake) - +if(ESP_PLATFORM) + project(pico_fido) +endif() set(INCLUDES ${INCLUDES} ${CMAKE_CURRENT_LIST_DIR}/src/fido ) - +if(NOT ESP_PLATFORM) target_sources(pico_fido PUBLIC ${SOURCES}) target_include_directories(pico_fido PUBLIC ${INCLUDES}) @@ -149,3 +156,4 @@ else() pico_add_extra_outputs(pico_fido) target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) endif() +endif() -- 2.34.1 From af4eb075c77bf15bd358d3dcf0d41e3a2c92b460 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 19 Aug 2024 00:09:05 +0200 Subject: [PATCH 049/127] Add HID/CCID fixes for ESP32. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index f4ad8e1..93c491d 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit f4ad8e1af2e2657f3900f1e01db031d7d73d623b +Subproject commit 93c491d72c6576bde99f00beefe04a0a5061f733 -- 2.34.1 From d7d75caecf10b9151cf5db48c019043b466321d4 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 19 Aug 2024 13:11:48 +0200 Subject: [PATCH 050/127] Fix OATH selection. Signed-off-by: Pol Henarejos --- src/fido/oath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/oath.c b/src/fido/oath.c index 3bf212f..0a5d681 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -80,7 +80,7 @@ int oath_select(app_t *a) { res_APDU[res_APDU_size++] = 0; res_APDU[res_APDU_size++] = TAG_NAME; res_APDU[res_APDU_size++] = 8; - memcpy(res_APDU + res_APDU_size, pico_serial_str, 8); + memcpy(res_APDU + res_APDU_size, pico_serial_str, 8); res_APDU_size += 8; if (file_has_data(search_dynamic_file(EF_OATH_CODE)) == true) { random_gen(NULL, challenge, sizeof(challenge)); res_APDU[res_APDU_size++] = TAG_CHALLENGE; -- 2.34.1 From a9799dc77ffda0d77d58ae3dad79fc482e64b664 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 19 Aug 2024 13:12:04 +0200 Subject: [PATCH 051/127] Fix CBOR error. Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index 3dd7fc1..c1ee944 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -122,7 +122,7 @@ void cbor_thread() { } else { res_APDU[0] = apdu.sw; - apdu.sw = 0; + //apdu.sw = 0; } finished_data_size = res_APDU_size + 1; -- 2.34.1 From ed12d6f8e9465764be2397c83c2cc848e2fa03f9 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 19 Aug 2024 13:18:03 +0200 Subject: [PATCH 052/127] Fix emulation build. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fido/otp.c b/src/fido/otp.c index 4198ac4..29b03d2 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -29,7 +29,9 @@ #endif #include "mbedtls/aes.h" #include "management.h" +#ifndef ENABLE_EMULATION #include "tusb.h" +#endif #define FIXED_SIZE 16 #define KEY_SIZE 16 -- 2.34.1 From 910fb66f3c8d199f453a753c8a7ac357727615a2 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 19 Aug 2024 16:45:11 +0200 Subject: [PATCH 053/127] Fix keepalive Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 93c491d..d379a39 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 93c491d72c6576bde99f00beefe04a0a5061f733 +Subproject commit d379a39bd699a679e2f5e5605af95922dc35576f -- 2.34.1 From a0d9ad7a3a057d0064fae832b967eaaa5497f399 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 20 Aug 2024 12:43:15 +0200 Subject: [PATCH 054/127] Increase vStack depending on the number of interfaces. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index d379a39..c1571c0 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit d379a39bd699a679e2f5e5605af95922dc35576f +Subproject commit c1571c02f8280d8b58d8bb1c7023e45ec3a56a40 -- 2.34.1 From 8d49ed5ffccf8c80fc271b2ff633077d788c83e6 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 20 Aug 2024 14:28:09 +0200 Subject: [PATCH 055/127] Fix potential crash invoking OTP. Signed-off-by: Pol Henarejos --- src/fido/otp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/fido/otp.c b/src/fido/otp.c index 29b03d2..6a8fea7 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -566,6 +566,8 @@ int otp_hid_set_report_cb(uint8_t itf, uint16_t residual_crc = calculate_crc(otp_frame_rx, 64), rcrc = (otp_frame_rx[66] << 8 | otp_frame_rx[65]); uint8_t slot_id = otp_frame_rx[64]; if (residual_crc == rcrc) { + uint8_t hdr[5]; + apdu.header = hdr; apdu.data = otp_frame_rx; apdu.nc = 64; apdu.rdata = otp_frame_tx; @@ -617,8 +619,8 @@ uint16_t otp_hid_get_report_cb(uint8_t itf, otp_curr_seq = otp_exp_seq = 0; } else { + res_APDU = buffer; otp_status(); - memcpy(buffer, res_APDU, 7); } return reqlen; -- 2.34.1 From 8c1e0028920f693ba78dbe5e682a57c1758e1622 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 20 Aug 2024 14:29:25 +0200 Subject: [PATCH 056/127] select_app now invokes U2F or FIDO depending on the message. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/fido.c | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index c1571c0..38f0e2c 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit c1571c02f8280d8b58d8bb1c7023e45ec3a56a40 +Subproject commit 38f0e2cc3a783674f9e4951ffc11d9520601407e diff --git a/src/fido/fido.c b/src/fido/fido.c index 3f772cf..9a6ab85 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -43,7 +43,7 @@ pinUvAuthToken_t paut = { 0 }; uint8_t keydev_dec[32]; bool has_keydev_dec = false; -const uint8_t _fido_aid[] = { +const uint8_t fido_aid[] = { 8, 0xA0, 0x00, 0x00, 0x06, 0x47, 0x2F, 0x00, 0x01 }; @@ -72,7 +72,6 @@ int fido_select(app_t *a) { extern uint8_t (*get_version_major)(); extern uint8_t (*get_version_minor)(); -extern const uint8_t *fido_aid; extern void (*init_fido_cb)(); extern void (*cbor_thread_func)(); extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t); @@ -85,7 +84,6 @@ INITIALIZER ( fido_ctor ) { #endif get_version_major = fido_get_version_major; get_version_minor = fido_get_version_minor; - fido_aid = _fido_aid; init_fido_cb = init_fido; #ifndef ENABLE_EMULATION cbor_thread_func = cbor_thread; @@ -162,7 +160,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe mbedtls_x509write_crt_set_validity(&ctx, "20220901000000", "20720831235959"); mbedtls_x509write_crt_set_issuer_name(&ctx, "C=ES,O=Pico HSM,CN=Pico FIDO"); mbedtls_x509write_crt_set_subject_name(&ctx, "C=ES,O=Pico HSM,CN=Pico FIDO"); - uint8_t serial[20]; + uint8_t serial[16]; random_gen(NULL, serial, sizeof(serial)); mbedtls_x509write_crt_set_serial_raw(&ctx, serial, sizeof(serial)); mbedtls_pk_context key; -- 2.34.1 From f49833291fe88413a6435104bf26f08c3645a517 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 23 Aug 2024 10:04:00 +0200 Subject: [PATCH 057/127] Major refactor of USB CCID and USB HID interfaces. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor.c | 5 ++-- src/fido/cbor_client_pin.c | 8 +++--- src/fido/cbor_config.c | 4 +-- src/fido/cbor_cred_mgmt.c | 4 +-- src/fido/cbor_get_assertion.c | 4 +-- src/fido/cbor_get_info.c | 4 +-- src/fido/cbor_large_blobs.c | 4 +-- src/fido/cbor_make_credential.c | 4 +-- src/fido/cbor_vendor.c | 4 +-- src/fido/cmd_register.c | 3 +- src/fido/fido.c | 51 ++++++--------------------------- src/fido/management.c | 8 ++++-- src/fido/oath.c | 3 +- src/fido/otp.c | 3 +- 15 files changed, 41 insertions(+), 70 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 38f0e2c..fa62921 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 38f0e2cc3a783674f9e4951ffc11d9520601407e +Subproject commit fa6292118d32990be0bcfc8cb60bbbecaa99b57a diff --git a/src/fido/cbor.c b/src/fido/cbor.c index c1ee944..e70e355 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -58,7 +58,6 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { DEBUG_DATA(data + 1, len - 1); } if (cap_supported(CAP_FIDO2)) { - driver_prepare_response_hid(); if (cmd == CTAPHID_CBOR) { if (data[0] == CTAP_MAKE_CREDENTIAL) { return cbor_make_credential(data + 1, len - 1); @@ -96,6 +95,7 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { } else if (cmd == 0xC2) { if (cmd_read_config() == 0x9000) { + memmove(res_APDU-1, res_APDU, res_APDU_size); res_APDU_size -= 1; return 0; } @@ -106,14 +106,12 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { #ifndef ENABLE_EMULATION void cbor_thread() { - card_init_core1(); while (1) { uint32_t m; queue_remove_blocking(&usb_to_card_q, &m); if (m == EV_EXIT) { - break; } apdu.sw = cbor_parse(cmd, cbor_data, cbor_len); @@ -140,6 +138,7 @@ int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) { cbor_data = data; cbor_len = len; cmd = last_cmd; + ctap_resp->init.data[0] = 0; res_APDU = ctap_resp->init.data + 1; res_APDU_size = 0; return 2; // CBOR processing diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index 4c8a3a9..1988e6f 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -202,7 +202,7 @@ int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_l return aes_decrypt(key, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len); } else if (protocol == 2) { - memcpy(out, in + IV_SIZE, in_len); + memcpy(out, in + IV_SIZE, in_len - IV_SIZE); return aes_decrypt(key + 32, in, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len - IV_SIZE); } @@ -336,7 +336,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } CBOR_PARSE_MAP_END(map, 1); - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); if (subcommand == 0x0) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } @@ -516,7 +516,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { if (pin_len < minPin) { CBOR_ERROR(CTAP2_ERR_PIN_POLICY_VIOLATION); } - uint8_t hsh[33]; + uint8_t hsh[34]; hsh[0] = MAX_PIN_RETRIES; hsh[1] = pin_len; mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), paddedNewPin, pin_len, hsh + 2); @@ -632,7 +632,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); CBOR_FREE_BYTE_STRING(newPinEnc); diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 4886bc0..e17124d 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -106,7 +106,7 @@ int cbor_config(const uint8_t *data, size_t len) { } CBOR_PARSE_MAP_END(map, 1); - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); if (pinUvAuthParam.present == false) { CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED); @@ -228,7 +228,7 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index 16416dc..a98cd53 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -120,7 +120,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } } - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); if (subcommand == 0x01) { if (verify(pinUvAuthProtocol, paut.data, (const uint8_t *) "\x01", 1, pinUvAuthParam.data) != CborNoError) { @@ -442,7 +442,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_NO_CREDENTIALS); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index b1c8728..8d7e035 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -585,7 +585,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) { lfields++; } - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, lfields)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); @@ -638,7 +638,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey)); CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); ctr++; file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); low_flash_available(); diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 38cbf8d..424fe4b 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -26,7 +26,7 @@ int cbor_get_info() { CborEncoder encoder, mapEncoder, arrayEncoder, mapEncoder2; CborError error = CborNoError; - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 15)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); @@ -133,6 +133,6 @@ err: if (error != CborNoError) { return -CTAP2_ERR_INVALID_CBOR; } - res_APDU_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + res_APDU_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); return 0; } diff --git a/src/fido/cbor_large_blobs.c b/src/fido/cbor_large_blobs.c index 9f65e37..c8e2a48 100644 --- a/src/fido/cbor_large_blobs.c +++ b/src/fido/cbor_large_blobs.c @@ -79,7 +79,7 @@ int cbor_large_blobs(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); if (get > 0) { if (length != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -168,6 +168,6 @@ err: if (error != CborNoError) { return -CTAP2_ERR_INVALID_CBOR; } - res_APDU_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + res_APDU_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); return 0; } diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 176843b..cda98fb 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -468,7 +468,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } } - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, extensions.largeBlobKey == ptrue && options.rk == ptrue ? 5 : 4)); @@ -512,7 +512,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey)); CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); if (options.rk == ptrue) { if (credential_store(cred_id, cred_id_len, rp_id_hash) != 0) { diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index 01b0bdb..e746b80 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -101,7 +101,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } CBOR_PARSE_MAP_END(map, 1); - cbor_encoder_init(&encoder, res_APDU + 1, CTAP_MAX_PACKET_SIZE, 0); + cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); if (cmd == CTAP_VENDOR_BACKUP) { if (vendorCmd == 0x01) { @@ -300,7 +300,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, res_APDU + 1); + resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 237f70f..66629ee 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -32,7 +32,8 @@ const uint8_t u2f_aid[] = { int u2f_unload(); int u2f_process_apdu(); -int u2f_select(app_t *a) { +int u2f_select(app_t *a, uint8_t force) { + (void) force; if (cap_supported(CAP_U2F)) { a->process_apdu = u2f_process_apdu; a->unload = u2f_unload; diff --git a/src/fido/fido.c b/src/fido/fido.c index 9a6ab85..63ed4f0 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -61,7 +61,8 @@ uint8_t fido_get_version_minor() { return PICO_FIDO_VERSION_MINOR; } -int fido_select(app_t *a) { +int fido_select(app_t *a, uint8_t force) { + (void) force; if (cap_supported(CAP_FIDO2)) { a->process_apdu = fido_process_apdu; a->unload = fido_unload; @@ -72,11 +73,6 @@ int fido_select(app_t *a) { extern uint8_t (*get_version_major)(); extern uint8_t (*get_version_minor)(); -extern void (*init_fido_cb)(); -extern void (*cbor_thread_func)(); -extern int (*cbor_process_cb)(uint8_t, const uint8_t *, size_t); -extern void cbor_thread(); -extern int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len); INITIALIZER ( fido_ctor ) { #if defined(USB_ITF_CCID) || defined(ENABLE_EMULATION) @@ -84,11 +80,6 @@ INITIALIZER ( fido_ctor ) { #endif get_version_major = fido_get_version_major; get_version_minor = fido_get_version_minor; - init_fido_cb = init_fido; -#ifndef ENABLE_EMULATION - cbor_thread_func = cbor_thread; -#endif - cbor_process_cb = cbor_process; register_app(fido_select, fido_aid); } @@ -224,26 +215,17 @@ int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_con uint8_t key_base[CTAP_APPID_SIZE + KEY_PATH_LEN]; memcpy(key_base, appId, CTAP_APPID_SIZE); memcpy(key_base + CTAP_APPID_SIZE, keyHandle, KEY_PATH_LEN); - ret = - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - d, - 32, - key_base, - sizeof(key_base), - hmac); + ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), d, 32, key_base, sizeof(key_base), hmac); mbedtls_platform_zeroize(d, sizeof(d)); return memcmp(keyHandle + KEY_PATH_LEN, hmac, sizeof(hmac)); } -int derive_key(const uint8_t *app_id, - bool new_key, - uint8_t *key_handle, - int curve, - mbedtls_ecdsa_context *key) { +int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int curve, mbedtls_ecdsa_context *key) { uint8_t outk[67] = { 0 }; //SECP521R1 key is 66 bytes length int r = 0; memset(outk, 0, sizeof(outk)); if ((r = load_keydev(outk)) != CCID_OK) { + printf("Error loading keydev: %d\n", r); return r; } const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); @@ -254,15 +236,7 @@ int derive_key(const uint8_t *app_id, val |= 0x80000000; memcpy(&key_handle[i * sizeof(uint32_t)], &val, sizeof(uint32_t)); } - r = mbedtls_hkdf(md_info, - &key_handle[i * sizeof(uint32_t)], - sizeof(uint32_t), - outk, - 32, - outk + 32, - 32, - outk, - sizeof(outk)); + r = mbedtls_hkdf(md_info, &key_handle[i * sizeof(uint32_t)], sizeof(uint32_t), outk, 32, outk + 32, 32, outk, sizeof(outk)); if (r != 0) { mbedtls_platform_zeroize(outk, sizeof(outk)); return r; @@ -272,9 +246,7 @@ int derive_key(const uint8_t *app_id, uint8_t key_base[CTAP_APPID_SIZE + KEY_PATH_LEN]; memcpy(key_base, app_id, CTAP_APPID_SIZE); memcpy(key_base + CTAP_APPID_SIZE, key_handle, KEY_PATH_LEN); - if ((r = - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, key_base, - sizeof(key_base), key_handle + 32)) != 0) { + if ((r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, key_base, sizeof(key_base), key_handle + 32)) != 0) { mbedtls_platform_zeroize(outk, sizeof(outk)); return r; } @@ -337,10 +309,7 @@ int scan_files() { uint8_t cert[2048]; mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); - int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, - &key, - file_get_data(ef_keydev), - file_get_size(ef_keydev)); + int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, file_get_data(ef_keydev), file_get_size(ef_keydev)); if (ret != 0) { mbedtls_ecdsa_free(&key); return ret; @@ -387,9 +356,7 @@ int scan_files() { } ef_largeblob = search_by_fid(EF_LARGEBLOB, NULL, SPECIFY_EF); if (!file_has_data(ef_largeblob)) { - file_put_data(ef_largeblob, - (const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c", - 17); + file_put_data(ef_largeblob, (const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c", 17); } low_flash_available(); return CCID_OK; diff --git a/src/fido/management.c b/src/fido/management.c index 26ae35e..3c94c1c 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -32,14 +32,16 @@ const uint8_t man_aid[] = { }; extern void scan_all(); extern void init_otp(); -int man_select(app_t *a) { +int man_select(app_t *a, uint8_t force) { a->process_apdu = man_process_apdu; a->unload = man_unload; sprintf((char *) res_APDU, "%d.%d.0", PICO_FIDO_VERSION_MAJOR, PICO_FIDO_VERSION_MINOR); res_APDU_size = strlen((char *) res_APDU); apdu.ne = res_APDU_size; - scan_all(); - init_otp(); + if (force) { + scan_all(); + init_otp(); + } return CCID_OK; } diff --git a/src/fido/oath.c b/src/fido/oath.c index 0a5d681..098bfa2 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -68,7 +68,8 @@ const uint8_t oath_aid[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x21, 0x01 }; -int oath_select(app_t *a) { +int oath_select(app_t *a, uint8_t force) { + (void) force; if (cap_supported(CAP_OATH)) { a->process_apdu = oath_process_apdu; a->unload = oath_unload; diff --git a/src/fido/otp.c b/src/fido/otp.c index 6a8fea7..1c41e99 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -127,7 +127,8 @@ const uint8_t otp_aid[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01 }; -int otp_select(app_t *a) { +int otp_select(app_t *a, uint8_t force) { + (void) force; if (cap_supported(CAP_OTP)) { a->process_apdu = otp_process_apdu; a->unload = otp_unload; -- 2.34.1 From dac64071342266fc5f09bfa8ded2183e47da6d9a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 23 Aug 2024 13:17:29 +0200 Subject: [PATCH 058/127] Fix windows build. Signed-off-by: Pol Henarejos --- CMakeLists.txt | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d0b67bc..08ed5cd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -127,31 +127,37 @@ target_include_directories(pico_fido PUBLIC ${INCLUDES}) target_compile_options(pico_fido PUBLIC -Wall + ) +if (NOT MSVC) +target_compile_options(pico_fido PUBLIC -Werror ) + string(FIND ${CMAKE_C_COMPILER} ":" COMPILER_COLON) if (${COMPILER_COLON} GREATER_EQUAL 0) target_compile_options(pico_fido PUBLIC -Wno-error=use-after-free ) endif() +endif(NOT MSVC) if(ENABLE_EMULATION) - -target_compile_options(pico_fido PUBLIC - -fdata-sections - -ffunction-sections - ) - if(APPLE) - target_link_options(pico_fido PUBLIC - -Wl,-dead_strip - ) - else() - target_link_options(pico_fido PUBLIC - -Wl,--gc-sections - ) - target_link_libraries(pico_fido PRIVATE m) - endif (APPLE) + if(NOT MSVC) + target_compile_options(pico_fido PUBLIC + -fdata-sections + -ffunction-sections + ) + endif(NOT MSVC) + if(APPLE) + target_link_options(pico_fido PUBLIC + -Wl,-dead_strip + ) + else() + target_link_options(pico_fido PUBLIC + -Wl,--gc-sections + ) + target_link_libraries(pico_fido PRIVATE m) + endif (APPLE) else() pico_add_extra_outputs(pico_fido) target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) -- 2.34.1 From 6c74db9763352fa29d15de73a9a4fcc0e94314ac Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 23 Aug 2024 13:17:51 +0200 Subject: [PATCH 059/127] Fix warnings. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor.c | 32 +++--------- src/fido/cbor_client_pin.c | 49 ++++++++--------- src/fido/cbor_config.c | 43 ++++++--------- src/fido/cbor_cred_mgmt.c | 72 ++++++++++--------------- src/fido/cbor_get_assertion.c | 93 ++++++++++----------------------- src/fido/cbor_get_info.c | 2 +- src/fido/cbor_large_blobs.c | 15 +++--- src/fido/cbor_make_credential.c | 70 +++++++++---------------- src/fido/cbor_vendor.c | 20 ++----- src/fido/cmd_authenticate.c | 23 +++----- src/fido/cmd_register.c | 42 ++++----------- src/fido/cmd_version.c | 2 +- src/fido/credential.c | 17 +++--- src/fido/ctap.h | 7 --- src/fido/fido.c | 6 +-- src/fido/fido.h | 18 ++----- src/fido/management.c | 6 +-- src/fido/oath.c | 93 ++++++++++++++++----------------- src/fido/otp.c | 11 ++-- 20 files changed, 225 insertions(+), 398 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index fa62921..65fea84 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit fa6292118d32990be0bcfc8cb60bbbecaa99b57a +Subproject commit 65fea84df165b14a4657cc87e43aeac637dea89e diff --git a/src/fido/cbor.c b/src/fido/cbor.c index e70e355..36d44dd 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -43,12 +43,11 @@ int cbor_large_blobs(const uint8_t *data, size_t len); extern int cmd_read_config(); -const uint8_t aaguid[16] = -{ 0x89, 0xFB, 0x94, 0xB7, 0x06, 0xC9, 0x36, 0x73, 0x9B, 0x7E, 0x30, 0x52, 0x6D, 0x96, 0x81, 0x45 }; // First 16 bytes of SHA256("Pico FIDO2") +const uint8_t aaguid[16] = { 0x89, 0xFB, 0x94, 0xB7, 0x06, 0xC9, 0x36, 0x73, 0x9B, 0x7E, 0x30, 0x52, 0x6D, 0x96, 0x81, 0x45 }; // First 16 bytes of SHA256("Pico FIDO2") const uint8_t *cbor_data = NULL; size_t cbor_len = 0; -uint8_t cmd = 0; +uint8_t cbor_cmd = 0; int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { if (len == 0 && cmd == CTAPHID_CBOR) { @@ -105,7 +104,7 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { } #ifndef ENABLE_EMULATION -void cbor_thread() { +void cbor_thread(void) { card_init_core1(); while (1) { uint32_t m; @@ -114,7 +113,7 @@ void cbor_thread() { if (m == EV_EXIT) { break; } - apdu.sw = cbor_parse(cmd, cbor_data, cbor_len); + apdu.sw = cbor_parse(cbor_cmd, cbor_data, cbor_len); if (apdu.sw == 0) { DEBUG_DATA(res_APDU + 1, res_APDU_size); } @@ -137,19 +136,14 @@ void cbor_thread() { int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) { cbor_data = data; cbor_len = len; - cmd = last_cmd; + cbor_cmd = last_cmd; ctap_resp->init.data[0] = 0; res_APDU = ctap_resp->init.data + 1; res_APDU_size = 0; return 2; // CBOR processing } -CborError COSE_key_params(int crv, - int alg, - mbedtls_ecp_group *grp, - mbedtls_ecp_point *Q, - CborEncoder *mapEncoderParent, - CborEncoder *mapEncoder) { +CborError COSE_key_params(int crv, int alg, mbedtls_ecp_group *grp, mbedtls_ecp_point *Q, CborEncoder *mapEncoderParent, CborEncoder *mapEncoder) { CborError error = CborNoError; int kty = 1; if (crv == FIDO2_CURVE_P256 || crv == FIDO2_CURVE_P384 || crv == FIDO2_CURVE_P521 || @@ -216,12 +210,7 @@ CborError COSE_key_shared(mbedtls_ecdh_context *key, CborEncoder *mapEncoderParent, CborEncoder *mapEncoder) { int crv = mbedtls_curve_to_fido(key->ctx.mbed_ecdh.grp.id), alg = FIDO2_ALG_ECDH_ES_HKDF_256; - return COSE_key_params(crv, - alg, - &key->ctx.mbed_ecdh.grp, - &key->ctx.mbed_ecdh.Q, - mapEncoderParent, - mapEncoder); + return COSE_key_params(crv, alg, &key->ctx.mbed_ecdh.grp, &key->ctx.mbed_ecdh.Q, mapEncoderParent, mapEncoder); } CborError COSE_public_key(int alg, CborEncoder *mapEncoderParent, CborEncoder *mapEncoder) { CborError error = CborNoError; @@ -234,12 +223,7 @@ CborError COSE_public_key(int alg, CborEncoder *mapEncoderParent, CborEncoder *m err: return error; } -CborError COSE_read_key(CborValue *f, - int64_t *kty, - int64_t *alg, - int64_t *crv, - CborByteString *kax, - CborByteString *kay) { +CborError COSE_read_key(CborValue *f, int64_t *kty, int64_t *alg, int64_t *crv, CborByteString *kax, CborByteString *kay) { int64_t kkey = 0; CborError error = CborNoError; CBOR_PARSE_MAP_START(*f, 0) diff --git a/src/fido/cbor_client_pin.c b/src/fido/cbor_client_pin.c index 1988e6f..d0adfa9 100644 --- a/src/fido/cbor_client_pin.c +++ b/src/fido/cbor_client_pin.c @@ -182,7 +182,7 @@ int resetPinUvAuthToken() { return 0; } -int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_len, uint8_t *out) { +int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out) { if (protocol == 1) { memcpy(out, in, in_len); return aes_encrypt(key, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len); @@ -196,7 +196,7 @@ int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_l return -1; } -int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, size_t in_len, uint8_t *out) { +int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out) { if (protocol == 1) { memcpy(out, in, in_len); return aes_decrypt(key, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, out, in_len); @@ -232,12 +232,11 @@ int authenticate(uint8_t protocol, return 0; } -int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, size_t len, uint8_t *sign) { +int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, uint16_t len, uint8_t *sign) { uint8_t hmac[32]; //if (paut.in_use == false) // return -2; - int ret = - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac); + int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), key, 32, data, len, hmac); if (ret != 0) { return ret; } @@ -386,18 +385,17 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } uint8_t sharedSecret[64]; - int ret = ecdh(pinUvAuthProtocol, &hkey.ctx.mbed_ecdh.Qp, sharedSecret); + int ret = ecdh((uint8_t)pinUvAuthProtocol, &hkey.ctx.mbed_ecdh.Qp, sharedSecret); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - if (verify(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, - pinUvAuthParam.data) != 0) { + if (verify((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, pinUvAuthParam.data) != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } uint8_t paddedNewPin[64]; - ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin); + ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin); mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); if (ret != 0) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); @@ -452,7 +450,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } uint8_t sharedSecret[64]; - int ret = ecdh(pinUvAuthProtocol, &hkey.ctx.mbed_ecdh.Qp, sharedSecret); + int ret = ecdh((uint8_t)pinUvAuthProtocol, &hkey.ctx.mbed_ecdh.Qp, sharedSecret); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -460,8 +458,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { uint8_t tmp[80 + 32]; memcpy(tmp, newPinEnc.data, newPinEnc.len); memcpy(tmp + newPinEnc.len, pinHashEnc.data, pinHashEnc.len); - if (verify(pinUvAuthProtocol, sharedSecret, tmp, newPinEnc.len + pinHashEnc.len, - pinUvAuthParam.data) != 0) { + if (verify((uint8_t)pinUvAuthProtocol, sharedSecret, tmp, (uint16_t)(newPinEnc.len + pinHashEnc.len), pinUvAuthParam.data) != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } @@ -472,8 +469,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { low_flash_available(); uint8_t retries = pin_data[0]; uint8_t paddedNewPin[64]; - ret = - decrypt(pinUvAuthProtocol, sharedSecret, pinHashEnc.data, pinHashEnc.len, paddedNewPin); + ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, pinHashEnc.data, (uint16_t)pinHashEnc.len, paddedNewPin); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); @@ -496,7 +492,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { file_put_data(ef_pin, pin_data, sizeof(pin_data)); low_flash_available(); new_pin_mismatches = 0; - ret = decrypt(pinUvAuthProtocol, sharedSecret, newPinEnc.data, newPinEnc.len, paddedNewPin); + ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, newPinEnc.data, (uint16_t)newPinEnc.len, paddedNewPin); mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); if (ret != 0) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); @@ -526,11 +522,11 @@ int cbor_client_pin(const uint8_t *data, size_t len) { } file_put_data(ef_pin, hsh, 2 + 16); if (file_has_data(ef_minpin) && file_get_data(ef_minpin)[1] == 1) { - uint8_t *tmp = (uint8_t *) calloc(1, file_get_size(ef_minpin)); - memcpy(tmp, file_get_data(ef_minpin), file_get_size(ef_minpin)); - tmp[1] = 0; - file_put_data(ef_minpin, tmp, file_get_size(ef_minpin)); - free(tmp); + uint8_t *tmpf = (uint8_t *) calloc(1, file_get_size(ef_minpin)); + memcpy(tmpf, file_get_data(ef_minpin), file_get_size(ef_minpin)); + tmpf[1] = 0; + file_put_data(ef_minpin, tmpf, file_get_size(ef_minpin)); + free(tmpf); } low_flash_available(); resetPinUvAuthToken(); @@ -569,7 +565,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } uint8_t sharedSecret[64]; - int ret = ecdh(pinUvAuthProtocol, &hkey.ctx.mbed_ecdh.Qp, sharedSecret); + int ret = ecdh((uint8_t)pinUvAuthProtocol, &hkey.ctx.mbed_ecdh.Qp, sharedSecret); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -580,9 +576,8 @@ int cbor_client_pin(const uint8_t *data, size_t len) { file_put_data(ef_pin, pin_data, sizeof(pin_data)); low_flash_available(); uint8_t retries = pin_data[0]; - uint8_t paddedNewPin[64], poff = (pinUvAuthProtocol - 1) * IV_SIZE; - ret = - decrypt(pinUvAuthProtocol, sharedSecret, pinHashEnc.data, pinHashEnc.len, paddedNewPin); + uint8_t paddedNewPin[64], poff = ((uint8_t)pinUvAuthProtocol - 1) * IV_SIZE; + ret = decrypt((uint8_t)pinUvAuthProtocol, sharedSecret, pinHashEnc.data, (uint16_t)pinHashEnc.len, paddedNewPin); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); @@ -614,7 +609,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { if (subcommand == 0x05) { permissions = CTAP_PERMISSION_MC | CTAP_PERMISSION_GA; } - paut.permissions = permissions; + paut.permissions = (uint8_t)permissions; if (rpId.present == true) { mbedtls_sha256((uint8_t *) rpId.data, rpId.len, paut.rp_id_hash, 0); paut.has_rp_id = true; @@ -623,7 +618,7 @@ int cbor_client_pin(const uint8_t *data, size_t len) { paut.has_rp_id = false; } uint8_t pinUvAuthToken_enc[32 + IV_SIZE]; - encrypt(pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc); + encrypt((uint8_t)pinUvAuthProtocol, sharedSecret, paut.data, 32, pinUvAuthToken_enc); CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x02)); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, pinUvAuthToken_enc, 32 + poff)); @@ -646,6 +641,6 @@ err: } return error; } - res_APDU_size = resp_size; + res_APDU_size = (uint16_t)resp_size; return 0; } diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index e17124d..85eeeb4 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -39,7 +39,8 @@ int cbor_config(const uint8_t *data, size_t len) { CborByteString pinUvAuthParam = { 0 }, vendorAutCt = { 0 }; CborCharString minPinLengthRPIDs[32] = { 0 }; size_t resp_size = 0, raw_subpara_len = 0, minPinLengthRPIDs_len = 0; - CborEncoder encoder, mapEncoder; + CborEncoder encoder; + //CborEncoder mapEncoder; uint8_t *raw_subpara = NULL; const bool *forceChangePin = NULL; @@ -118,13 +119,9 @@ int cbor_config(const uint8_t *data, size_t len) { uint8_t *verify_payload = (uint8_t *) calloc(1, 32 + 1 + 1 + raw_subpara_len); memset(verify_payload, 0xff, 32); verify_payload[32] = 0x0d; - verify_payload[33] = subcommand; + verify_payload[33] = (uint8_t)subcommand; memcpy(verify_payload + 34, raw_subpara, raw_subpara_len); - error = verify(pinUvAuthProtocol, - paut.data, - verify_payload, - 32 + 1 + 1 + raw_subpara_len, - pinUvAuthParam.data); + error = verify((uint8_t)pinUvAuthProtocol, paut.data, verify_payload, (uint16_t)(32 + 1 + 1 + raw_subpara_len), pinUvAuthParam.data); free(verify_payload); if (error != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); @@ -165,14 +162,7 @@ int cbor_config(const uint8_t *data, size_t len) { random_gen(NULL, key_dev_enc, 12); mbedtls_chachapoly_init(&chatx); mbedtls_chachapoly_setkey(&chatx, vendorAutCt.data); - ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, - file_get_size(ef_keydev), - key_dev_enc, - NULL, - 0, - file_get_data(ef_keydev), - key_dev_enc + 12, - key_dev_enc + 12 + file_get_size(ef_keydev)); + ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, file_get_size(ef_keydev), key_dev_enc, NULL, 0, file_get_data(ef_keydev), key_dev_enc + 12, key_dev_enc + 12 + file_get_size(ef_keydev)); mbedtls_chachapoly_free(&chatx); if (ret != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -207,16 +197,13 @@ int cbor_config(const uint8_t *data, size_t len) { if (file_has_data(ef_pin) && file_get_data(ef_pin)[1] < newMinPinLength) { forceChangePin = ptrue; } - uint8_t *data = (uint8_t *) calloc(1, 2 + minPinLengthRPIDs_len * 32); - data[0] = newMinPinLength; - data[1] = forceChangePin == ptrue ? 1 : 0; - for (int m = 0; m < minPinLengthRPIDs_len; m++) { - mbedtls_sha256((uint8_t *) minPinLengthRPIDs[m].data, - minPinLengthRPIDs[m].len, - data + 2 + m * 32, - 0); + uint8_t *dataf = (uint8_t *) calloc(1, 2 + minPinLengthRPIDs_len * 32); + dataf[0] = (uint8_t)newMinPinLength; + dataf[1] = forceChangePin == ptrue ? 1 : 0; + for (size_t m = 0; m < minPinLengthRPIDs_len; m++) { + mbedtls_sha256((uint8_t *) minPinLengthRPIDs[m].data, minPinLengthRPIDs[m].len, dataf + 2 + m * 32, 0); } - file_put_data(ef_minpin, data, 2 + minPinLengthRPIDs_len * 32); + file_put_data(ef_minpin, dataf, (uint16_t)(2 + minPinLengthRPIDs_len * 32)); low_flash_available(); goto err; //No return } @@ -227,13 +214,13 @@ int cbor_config(const uint8_t *data, size_t len) { else { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } - CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); - resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + //CBOR_CHECK(cbor_encoder_close_container(&encoder, &mapEncoder)); + //resp_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); err: CBOR_FREE_BYTE_STRING(pinUvAuthParam); CBOR_FREE_BYTE_STRING(vendorAutCt); - for (int i = 0; i < minPinLengthRPIDs_len; i++) { + for (size_t i = 0; i < minPinLengthRPIDs_len; i++) { CBOR_FREE_BYTE_STRING(minPinLengthRPIDs[i]); } @@ -243,6 +230,6 @@ err: } return error; } - res_APDU_size = resp_size; + res_APDU_size = (uint16_t)resp_size; return 0; } diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index a98cd53..a9eb0d0 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -122,8 +122,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); if (subcommand == 0x01) { - if (verify(pinUvAuthProtocol, paut.data, (const uint8_t *) "\x01", 1, - pinUvAuthParam.data) != CborNoError) { + if (verify((uint8_t)pinUvAuthProtocol, paut.data, (const uint8_t *) "\x01", 1, pinUvAuthParam.data) != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } if (is_preview == false && @@ -132,7 +131,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } uint8_t existing = 0; for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { - if (file_has_data(search_dynamic_file(EF_CRED + i))) { + if (file_has_data(search_dynamic_file((uint16_t)(EF_CRED + i)))) { existing++; } } @@ -145,12 +144,10 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { else if (subcommand == 0x02 || subcommand == 0x03) { file_t *rp_ef = NULL; if (subcommand == 0x02) { - if (verify(pinUvAuthProtocol, paut.data, (const uint8_t *) "\x02", 1, - pinUvAuthParam.data) != CborNoError) { + if (verify((uint8_t)pinUvAuthProtocol, paut.data, (const uint8_t *) "\x02", 1, pinUvAuthParam.data) != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } - if (is_preview == false && - (!(paut.permissions & CTAP_PERMISSION_CM) || paut.has_rp_id == true)) { + if (is_preview == false && (!(paut.permissions & CTAP_PERMISSION_CM) || paut.has_rp_id == true)) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } rp_counter = 1; @@ -163,7 +160,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } uint8_t skip = 0; for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { - file_t *tef = search_dynamic_file(EF_RP + i); + file_t *tef = search_dynamic_file((uint16_t)(EF_RP + i)); if (file_has_data(tef) && *file_get_data(tef) > 0) { if (++skip == rp_counter) { if (rp_ef == NULL) { @@ -202,8 +199,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } if (subcommand == 0x04) { *(raw_subpara - 1) = 0x04; - if (verify(pinUvAuthProtocol, paut.data, raw_subpara - 1, raw_subpara_len + 1, - pinUvAuthParam.data) != CborNoError) { + if (verify((uint8_t)pinUvAuthProtocol, paut.data, raw_subpara - 1, (uint16_t)(raw_subpara_len + 1), pinUvAuthParam.data) != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } if (is_preview == false && @@ -223,7 +219,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { file_t *cred_ef = NULL; uint8_t skip = 0; for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { - file_t *tef = search_dynamic_file(EF_CRED + i); + file_t *tef = search_dynamic_file((uint16_t)(EF_CRED + i)); if (file_has_data(tef) && memcmp(file_get_data(tef), rpIdHash.data, 32) == 0) { if (++skip == cred_counter) { if (cred_ef == NULL) { @@ -243,14 +239,13 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } Credential cred = { 0 }; - if (credential_load(file_get_data(cred_ef) + 32, file_get_size(cred_ef) - 32, rpIdHash.data, - &cred) != 0) { + if (credential_load(file_get_data(cred_ef) + 32, file_get_size(cred_ef) - 32, rpIdHash.data, &cred) != 0) { CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); } mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); - if (fido_load_key(cred.curve, cred.id.data, &key) != 0) { + if (fido_load_key((int)cred.curve, cred.id.data, &key) != 0) { credential_free(&cred); mbedtls_ecdsa_free(&key); CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); @@ -290,13 +285,11 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { } if (cred.userName.present == true) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "name")); - CBOR_CHECK(cbor_encode_text_string(&mapEncoder2, cred.userName.data, - cred.userName.len)); + CBOR_CHECK(cbor_encode_text_string(&mapEncoder2, cred.userName.data, cred.userName.len)); } if (cred.userDisplayName.present == true) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "displayName")); - CBOR_CHECK(cbor_encode_text_string(&mapEncoder2, cred.userDisplayName.data, - cred.userDisplayName.len)); + CBOR_CHECK(cbor_encode_text_string(&mapEncoder2, cred.userDisplayName.data, cred.userDisplayName.len)); } CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); @@ -331,13 +324,11 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_PROCESSING); } CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0B)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, - sizeof(largeBlobKey))); + CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, largeBlobKey, sizeof(largeBlobKey))); mbedtls_platform_zeroize(largeBlobKey, sizeof(largeBlobKey)); } CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0C)); - CBOR_CHECK(cbor_encode_boolean(&mapEncoder, - cred.extensions.thirdPartyPayment == ptrue)); + CBOR_CHECK(cbor_encode_boolean(&mapEncoder, cred.extensions.thirdPartyPayment == ptrue)); } else { CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x0C)); @@ -351,8 +342,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } *(raw_subpara - 1) = 0x06; - if (verify(pinUvAuthProtocol, paut.data, raw_subpara - 1, raw_subpara_len + 1, - pinUvAuthParam.data) != CborNoError) { + if (verify((uint8_t)pinUvAuthProtocol, paut.data, raw_subpara - 1, (uint16_t)(raw_subpara_len + 1), pinUvAuthParam.data) != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } if (is_preview == false && @@ -361,18 +351,15 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { - file_t *ef = search_dynamic_file(EF_CRED + i); - if (file_has_data(ef) && - memcmp(file_get_data(ef) + 32, credentialId.id.data, - MIN(file_get_size(ef) - 32, credentialId.id.len)) == 0) { + file_t *ef = search_dynamic_file((uint16_t)(EF_CRED + i)); + if (file_has_data(ef) && memcmp(file_get_data(ef) + 32, credentialId.id.data, MIN(file_get_size(ef) - 32, credentialId.id.len)) == 0) { uint8_t *rp_id_hash = file_get_data(ef); if (delete_file(ef) != 0) { CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); } for (int j = 0; j < MAX_RESIDENT_CREDENTIALS; j++) { - file_t *rp_ef = search_dynamic_file(EF_RP + j); - if (file_has_data(rp_ef) && - memcmp(file_get_data(rp_ef) + 1, rp_id_hash, 32) == 0) { + file_t *rp_ef = search_dynamic_file((uint16_t)(EF_RP + j)); + if (file_has_data(rp_ef) && memcmp(file_get_data(rp_ef) + 1, rp_id_hash, 32) == 0) { uint8_t *rp_data = (uint8_t *) calloc(1, file_get_size(rp_ef)); memcpy(rp_data, file_get_data(rp_ef), file_get_size(rp_ef)); rp_data[0] -= 1; @@ -397,8 +384,7 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } *(raw_subpara - 1) = 0x07; - if (verify(pinUvAuthProtocol, paut.data, raw_subpara - 1, raw_subpara_len + 1, - pinUvAuthParam.data) != CborNoError) { + if (verify((uint8_t)pinUvAuthProtocol, paut.data, raw_subpara - 1, (uint16_t)(raw_subpara_len + 1), pinUvAuthParam.data) != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } if (is_preview == false && @@ -407,18 +393,14 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { - file_t *ef = search_dynamic_file(EF_CRED + i); - if (file_has_data(ef) && - memcmp(file_get_data(ef) + 32, credentialId.id.data, - MIN(file_get_size(ef) - 32, credentialId.id.len)) == 0) { + file_t *ef = search_dynamic_file((uint16_t)(EF_CRED + i)); + if (file_has_data(ef) && memcmp(file_get_data(ef) + 32, credentialId.id.data, MIN(file_get_size(ef) - 32, credentialId.id.len)) == 0) { Credential cred = { 0 }; uint8_t *rp_id_hash = file_get_data(ef); - if (credential_load(rp_id_hash + 32, file_get_size(ef) - 32, rp_id_hash, - &cred) != 0) { + if (credential_load(rp_id_hash + 32, file_get_size(ef) - 32, rp_id_hash, &cred) != 0) { CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); } - if (memcmp(user.id.data, cred.userId.data, - MIN(user.id.len, cred.userId.len)) != 0) { + if (memcmp(user.id.data, cred.userId.data, MIN(user.id.len, cred.userId.len)) != 0) { credential_free(&cred); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } @@ -426,8 +408,8 @@ int cbor_cred_mgmt(const uint8_t *data, size_t len) { size_t newcred_len = 0; if (credential_create(&cred.rpId, &cred.userId, &user.parent.name, &user.displayName, &cred.opts, &cred.extensions, - cred.use_sign_count, cred.alg, - cred.curve, newcred, &newcred_len) != 0) { + cred.use_sign_count, (int)cred.alg, + (int)cred.curve, newcred, &newcred_len) != 0) { credential_free(&cred); CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); } @@ -453,7 +435,7 @@ err: CBOR_FREE_BYTE_STRING(user.displayName); CBOR_FREE_BYTE_STRING(user.parent.name); CBOR_FREE_BYTE_STRING(credentialId.type); - for (int n = 0; n < credentialId.transports_len; n++) { + for (size_t n = 0; n < credentialId.transports_len; n++) { CBOR_FREE_BYTE_STRING(credentialId.transports[n]); } if (error != CborNoError) { @@ -462,6 +444,6 @@ err: } return error; } - res_APDU_size = resp_size; + res_APDU_size = (uint16_t)resp_size; return 0; } diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index 8d7e035..eae636e 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -43,6 +43,8 @@ uint8_t *datax = NULL; size_t lenx = 0; int cbor_get_next_assertion(const uint8_t *data, size_t len) { + (void) data; + (void) len; CborError error = CborNoError; if (credentialCounter >= numberOfCredentialsx) { CBOR_ERROR(CTAP2_ERR_NOT_ALLOWED); @@ -250,11 +252,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } if (pinUvAuthParam.present == true) { //6.1 - int ret = verify(pinUvAuthProtocol, - paut.data, - clientDataHash.data, - clientDataHash.len, - pinUvAuthParam.data); + int ret = verify((uint8_t)pinUvAuthProtocol, paut.data, clientDataHash.data, (uint16_t)clientDataHash.len, pinUvAuthParam.data); if (ret != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } @@ -282,15 +280,14 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } if (allowList_len > 0) { - for (int e = 0; e < allowList_len; e++) { + for (size_t e = 0; e < allowList_len; e++) { if (allowList[e].type.present == false || allowList[e].id.present == false) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } if (strcmp(allowList[e].type.data, "public-key") != 0) { continue; } - if (credential_load(allowList[e].id.data, allowList[e].id.len, rp_id_hash, - &creds[creds_len]) != 0) { + if (credential_load(allowList[e].id.data, allowList[e].id.len, rp_id_hash, &creds[creds_len]) != 0) { CBOR_FREE_BYTE_STRING(allowList[e].id); credential_free(&creds[creds_len]); } @@ -300,17 +297,12 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } } else { - for (int i = 0; - i < MAX_RESIDENT_CREDENTIALS && creds_len < MAX_CREDENTIAL_COUNT_IN_LIST; - i++) { - file_t *ef = search_dynamic_file(EF_CRED + i); + for (int i = 0; i < MAX_RESIDENT_CREDENTIALS && creds_len < MAX_CREDENTIAL_COUNT_IN_LIST; i++) { + file_t *ef = search_dynamic_file((uint16_t)(EF_CRED + i)); if (!file_has_data(ef) || memcmp(file_get_data(ef), rp_id_hash, 32) != 0) { continue; } - int ret = credential_load(file_get_data(ef) + 32, - file_get_size(ef) - 32, - rp_id_hash, - &creds[creds_len]); + int ret = credential_load(file_get_data(ef) + 32, file_get_size(ef) - 32, rp_id_hash, &creds[creds_len]); if (ret != 0) { credential_free(&creds[creds_len]); } @@ -320,11 +312,10 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } resident = true; } - for (int i = 0; i < creds_len; i++) { + for (size_t i = 0; i < creds_len; i++) { if (creds[i].present == true) { if (creds[i].extensions.present == true) { - if (creds[i].extensions.credProtect == CRED_PROT_UV_REQUIRED && - !(flags & FIDO2_AUT_FLAG_UV)) { + if (creds[i].extensions.credProtect == CRED_PROT_UV_REQUIRED && !(flags & FIDO2_AUT_FLAG_UV)) { credential_free(&creds[i]); } else if (creds[i].extensions.credProtect == CRED_PROT_UV_OPTIONAL_WITH_LIST && @@ -408,7 +399,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } mbedtls_ecdsa_context ekey; mbedtls_ecdsa_init(&ekey); - int ret = fido_load_key(selcred->curve, selcred->id.data, &ekey); + int ret = fido_load_key((int)selcred->curve, selcred->id.data, &ekey); if (ret != 0) { if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) { mbedtls_ecdsa_free(&ekey); @@ -468,23 +459,18 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { mbedtls_ecp_point_free(&Qp); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - int ret = ecdh(hmacSecretPinUvAuthProtocol, &Qp, sharedSecret); + ret = ecdh((uint8_t)hmacSecretPinUvAuthProtocol, &Qp, sharedSecret); mbedtls_ecp_point_free(&Qp); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - if (verify(hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, salt_enc.len, - salt_auth.data) != 0) { + if (verify((uint8_t)hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, (uint16_t)salt_enc.len, salt_auth.data) != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_EXTENSION_FIRST); } - uint8_t salt_dec[64], poff = (hmacSecretPinUvAuthProtocol - 1) * IV_SIZE; - ret = decrypt(hmacSecretPinUvAuthProtocol, - sharedSecret, - salt_enc.data, - salt_enc.len, - salt_dec); + uint8_t salt_dec[64], poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE; + ret = decrypt((uint8_t)hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, (uint16_t)salt_enc.len, salt_dec); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -502,21 +488,11 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { crd = cred_random; } uint8_t out1[64], hmac_res[80]; - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - crd, - 32, - salt_dec, - 32, - out1); - if (salt_enc.len == 64 + poff) { - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - crd, - 32, - salt_dec + 32, - 32, - out1 + 32); + mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec, 32, out1); + if ((uint8_t)salt_enc.len == 64 + poff) { + mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec + 32, 32, out1 + 32); } - encrypt(hmacSecretPinUvAuthProtocol, sharedSecret, out1, salt_enc.len - poff, hmac_res); + encrypt((uint8_t)hmacSecretPinUvAuthProtocol, sharedSecret, out1, (uint16_t)(salt_enc.len - poff), hmac_res); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, hmac_res, salt_enc.len)); } if (extensions.thirdPartyPayment != NULL) { @@ -541,12 +517,12 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { uint8_t *pa = aut_data; memcpy(pa, rp_id_hash, 32); pa += 32; *pa++ = flags; - *pa++ = ctr >> 24; - *pa++ = ctr >> 16; - *pa++ = ctr >> 8; - *pa++ = ctr & 0xff; + *pa++ = (ctr >> 24) & 0xFF; + *pa++ = (ctr >> 16) & 0xFF; + *pa++ = (ctr >> 8) & 0xFF; + *pa++ = ctr & 0xFF; memcpy(pa, ext, ext_len); pa += ext_len; - if (pa - aut_data != aut_data_len) { + if ((size_t)(pa - aut_data) != aut_data_len) { CBOR_ERROR(CTAP1_ERR_OTHER); } @@ -559,20 +535,9 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } - ret = mbedtls_md(md, - aut_data, - aut_data_len + clientDataHash.len, - hash); + ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash); size_t olen = 0; - ret = mbedtls_ecdsa_write_signature(&ekey, - mbedtls_md_get_type(md), - hash, - mbedtls_md_get_size(md), - sig, - sizeof(sig), - &olen, - random_gen, - NULL); + ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); mbedtls_ecdsa_free(&ekey); uint8_t lfields = 3; @@ -652,10 +617,10 @@ err: } } - for (int m = 0; m < allowList_len; m++) { + for (size_t m = 0; m < allowList_len; m++) { CBOR_FREE_BYTE_STRING(allowList[m].type); CBOR_FREE_BYTE_STRING(allowList[m].id); - for (int n = 0; n < allowList[m].transports_len; n++) { + for (size_t n = 0; n < allowList[m].transports_len; n++) { CBOR_FREE_BYTE_STRING(allowList[m].transports[n]); } } @@ -668,6 +633,6 @@ err: } return error; } - res_APDU_size = resp_size; + res_APDU_size = (uint16_t)resp_size; return 0; } diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c index 424fe4b..ecdafe1 100644 --- a/src/fido/cbor_get_info.c +++ b/src/fido/cbor_get_info.c @@ -133,6 +133,6 @@ err: if (error != CborNoError) { return -CTAP2_ERR_INVALID_CBOR; } - res_APDU_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + res_APDU_size = (uint16_t)cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); return 0; } diff --git a/src/fido/cbor_large_blobs.c b/src/fido/cbor_large_blobs.c index c8e2a48..25ab8e1 100644 --- a/src/fido/cbor_large_blobs.c +++ b/src/fido/cbor_large_blobs.c @@ -129,13 +129,12 @@ int cbor_large_blobs(const uint8_t *data, size_t len) { uint8_t verify_data[70] = { 0 }; memset(verify_data, 0xff, 32); verify_data[32] = 0x0C; - verify_data[34] = offset & 0xff; - verify_data[35] = offset >> 8; - verify_data[36] = offset >> 16; - verify_data[37] = offset >> 24; + verify_data[34] = offset & 0xFF; + verify_data[35] = (offset >> 8) & 0xFF; + verify_data[36] = (offset >> 16) & 0xFF; + verify_data[37] = (offset >> 24) & 0xFF; mbedtls_sha256(set.data, set.len, verify_data + 38, 0); - if (verify(pinUvAuthProtocol, paut.data, verify_data, sizeof(verify_data), - pinUvAuthParam.data) != 0) { + if (verify((uint8_t)pinUvAuthProtocol, paut.data, verify_data, (uint16_t)sizeof(verify_data), pinUvAuthParam.data) != 0) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } if (!(paut.permissions & CTAP_PERMISSION_LBW)) { @@ -155,7 +154,7 @@ int cbor_large_blobs(const uint8_t *data, size_t len) { if (expectedLength > 17 && memcmp(sha, temp_lba + expectedLength - 16, 16) != 0) { CBOR_ERROR(CTAP2_ERR_INTEGRITY_FAILURE); } - file_put_data(ef_largeblob, temp_lba, expectedLength); + file_put_data(ef_largeblob, temp_lba, (uint16_t)expectedLength); low_flash_available(); } goto err; @@ -168,6 +167,6 @@ err: if (error != CborNoError) { return -CTAP2_ERR_INVALID_CBOR; } - res_APDU_size = cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); + res_APDU_size = (uint16_t)cbor_encoder_get_buffer_size(&encoder, ctap_resp->init.data + 1); return 0; } diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index cda98fb..b6788d7 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -192,7 +192,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } - for (int i = 0; i < pubKeyCredParams_len; i++) { + for (unsigned int i = 0; i < pubKeyCredParams_len; i++) { if (pubKeyCredParams[i].type.present == false) { CBOR_ERROR(CTAP2_ERR_INVALID_CBOR); } @@ -229,7 +229,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { // CBOR_ERROR(CTAP2_ERR_CBOR_UNEXPECTED_TYPE); //} if (curve > 0 && alg == 0) { - alg = pubKeyCredParams[i].alg; + alg = (int)pubKeyCredParams[i].alg; } } if (curve <= 0) { @@ -259,11 +259,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { //Unfinished. See 6.1.2.9 } if (pinUvAuthParam.present == true) { //11.1 - int ret = verify(pinUvAuthProtocol, - paut.data, - clientDataHash.data, - clientDataHash.len, - pinUvAuthParam.data); + int ret = verify((uint8_t)pinUvAuthProtocol, paut.data, clientDataHash.data, (uint16_t)clientDataHash.len, pinUvAuthParam.data); if (ret != CborNoError) { CBOR_ERROR(CTAP2_ERR_PIN_AUTH_INVALID); } @@ -283,11 +279,11 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } } - for (int e = 0; e < excludeList_len; e++) { //12.1 + for (size_t e = 0; e < excludeList_len; e++) { //12.1 if (excludeList[e].type.present == false || excludeList[e].id.present == false) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } - if (strcmp(excludeList[e].type.data, "public-key") != 0) { + if (strcmp(excludeList[e].type.data, (char *)"public-key") != 0) { continue; } Credential ecred; @@ -412,17 +408,17 @@ int cbor_make_credential(const uint8_t *data, size_t len) { uint8_t *pa = aut_data; memcpy(pa, rp_id_hash, 32); pa += 32; *pa++ = flags; - *pa++ = ctr >> 24; - *pa++ = ctr >> 16; - *pa++ = ctr >> 8; - *pa++ = ctr & 0xff; + *pa++ = (ctr >> 24) & 0xFF; + *pa++ = (ctr >> 16) & 0xFF; + *pa++ = (ctr >> 8) & 0xFF; + *pa++ = ctr & 0xFF; memcpy(pa, aaguid, 16); pa += 16; - *pa++ = cred_id_len >> 8; - *pa++ = cred_id_len & 0xff; - memcpy(pa, cred_id, cred_id_len); pa += cred_id_len; - memcpy(pa, cbor_buf, rs); pa += rs; - memcpy(pa, ext, ext_len); pa += ext_len; - if (pa - aut_data != aut_data_len) { + *pa++ = ((uint16_t)cred_id_len >> 8) & 0xFF; + *pa++ = (uint16_t)cred_id_len & 0xFF; + memcpy(pa, cred_id, cred_id_len); pa += (uint16_t)cred_id_len; + memcpy(pa, cbor_buf, rs); pa += (uint16_t)rs; + memcpy(pa, ext, ext_len); pa += (uint16_t)ext_len; + if ((size_t)(pa - aut_data) != aut_data_len) { mbedtls_ecdsa_free(&ekey); CBOR_ERROR(CTAP1_ERR_OTHER); } @@ -436,10 +432,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } - ret = mbedtls_md(md, - aut_data, - aut_data_len + clientDataHash.len, - hash); + ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash); bool self_attestation = true; if (enterpriseAttestation == 2 || (ka && ka->use_self_attestation == pfalse)) { @@ -449,15 +442,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); self_attestation = false; } - ret = mbedtls_ecdsa_write_signature(&ekey, - mbedtls_md_get_type(md), - hash, - mbedtls_md_get_size(md), - sig, - sizeof(sig), - &olen, - random_gen, - NULL); + ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); mbedtls_ecdsa_free(&ekey); uint8_t largeBlobKey[32]; @@ -469,9 +454,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } cbor_encoder_init(&encoder, ctap_resp->init.data + 1, CTAP_MAX_CBOR_PAYLOAD, 0); - CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, - extensions.largeBlobKey == ptrue && - options.rk == ptrue ? 5 : 4)); + CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, extensions.largeBlobKey == ptrue && options.rk == ptrue ? 5 : 4)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "packed")); @@ -479,11 +462,9 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, aut_data, aut_data_len)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x03)); - CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, - self_attestation == false || is_nitrokey ? 3 : 2)); + CBOR_CHECK(cbor_encoder_create_map(&mapEncoder, &mapEncoder2, self_attestation == false || is_nitrokey ? 3 : 2)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "alg")); - CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, - self_attestation || is_nitrokey ? -alg : -FIDO2_ALG_ES256)); + CBOR_CHECK(cbor_encode_negative_int(&mapEncoder2, self_attestation || is_nitrokey ? -alg : -FIDO2_ALG_ES256)); CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "sig")); CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, sig, olen)); if (self_attestation == false || is_nitrokey) { @@ -497,8 +478,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "x5c")); CBOR_CHECK(cbor_encoder_create_array(&mapEncoder2, &arrEncoder, 1)); - CBOR_CHECK(cbor_encode_byte_string(&arrEncoder, file_get_data(ef_cert), - file_get_size(ef_cert))); + CBOR_CHECK(cbor_encode_byte_string(&arrEncoder, file_get_data(ef_cert), file_get_size(ef_cert))); CBOR_CHECK(cbor_encoder_close_container(&mapEncoder2, &arrEncoder)); } CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &mapEncoder2)); @@ -530,14 +510,14 @@ err: CBOR_FREE_BYTE_STRING(user.id); CBOR_FREE_BYTE_STRING(user.displayName); CBOR_FREE_BYTE_STRING(user.parent.name); - for (int n = 0; n < pubKeyCredParams_len; n++) { + for (size_t n = 0; n < pubKeyCredParams_len; n++) { CBOR_FREE_BYTE_STRING(pubKeyCredParams[n].type); } - for (int m = 0; m < excludeList_len; m++) { + for (size_t m = 0; m < excludeList_len; m++) { CBOR_FREE_BYTE_STRING(excludeList[m].type); CBOR_FREE_BYTE_STRING(excludeList[m].id); - for (int n = 0; n < excludeList[m].transports_len; n++) { + for (size_t n = 0; n < excludeList[m].transports_len; n++) { CBOR_FREE_BYTE_STRING(excludeList[m].transports[n]); } } @@ -550,6 +530,6 @@ err: } return error; } - res_APDU_size = resp_size; + res_APDU_size = (uint16_t)resp_size; return 0; } diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index e746b80..3e99c92 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -121,7 +121,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } uint8_t zeros[32]; memset(zeros, 0, sizeof(zeros)); - file_put_data(ef_keydev_enc, vendorParam.data, vendorParam.len); + file_put_data(ef_keydev_enc, vendorParam.data, (uint16_t)vendorParam.len); file_put_data(ef_keydev, zeros, file_get_size(ef_keydev)); // Overwrite ef with 0 file_put_data(ef_keydev, NULL, 0); // Set ef to 0 bytes low_flash_available(); @@ -223,14 +223,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { size_t keyenc_len = file_get_size(ef_keydev_enc); mbedtls_chachapoly_init(&chatx); mbedtls_chachapoly_setkey(&chatx, vendorParam.data); - ret = mbedtls_chachapoly_auth_decrypt(&chatx, - sizeof(keydev_dec), - keyenc, - NULL, - 0, - keyenc + keyenc_len - 16, - keyenc + 12, - keydev_dec); + ret = mbedtls_chachapoly_auth_decrypt(&chatx, sizeof(keydev_dec), keyenc, NULL, 0, keyenc + keyenc_len - 16, keyenc + 12, keydev_dec); mbedtls_chachapoly_free(&chatx); if (ret != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -243,10 +236,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { uint8_t buffer[1024]; mbedtls_ecdsa_context ekey; mbedtls_ecdsa_init(&ekey); - int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, - &ekey, - file_get_data(ef_keydev), - file_get_size(ef_keydev)); + int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), file_get_size(ef_keydev)); if (ret != 0) { mbedtls_ecdsa_free(&ekey); CBOR_ERROR(CTAP2_ERR_PROCESSING); @@ -290,7 +280,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } file_t *ef_ee_ea = search_by_fid(EF_EE_DEV_EA, NULL, SPECIFY_EF); if (ef_ee_ea) { - file_put_data(ef_ee_ea, vendorParam.data, vendorParam.len); + file_put_data(ef_ee_ea, vendorParam.data, (uint16_t)vendorParam.len); } low_flash_available(); goto err; @@ -312,7 +302,7 @@ err: } return error; } - res_APDU_size = resp_size; + res_APDU_size = (uint16_t)resp_size; return 0; } diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index b3c7f9d..67f6a29 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -65,36 +65,27 @@ int cmd_authenticate() { resp->flags = 0; resp->flags |= P1(apdu) == CTAP_AUTH_ENFORCE ? CTAP_AUTH_FLAG_TUP : 0x0; uint32_t ctr = get_sign_counter(); - resp->ctr[0] = ctr >> 24; - resp->ctr[1] = ctr >> 16; - resp->ctr[2] = ctr >> 8; - resp->ctr[3] = ctr & 0xff; + resp->ctr[0] = (ctr >> 24) & 0xFF; + resp->ctr[1] = (ctr >> 16) & 0xFF; + resp->ctr[2] = (ctr >> 8) & 0xFF; + resp->ctr[3] = ctr & 0xFF; uint8_t hash[32], sig_base[CTAP_APPID_SIZE + 1 + 4 + CTAP_CHAL_SIZE]; memcpy(sig_base, req->appId, CTAP_APPID_SIZE); memcpy(sig_base + CTAP_APPID_SIZE, &resp->flags, sizeof(uint8_t)); memcpy(sig_base + CTAP_APPID_SIZE + 1, resp->ctr, 4); memcpy(sig_base + CTAP_APPID_SIZE + 1 + 4, req->chal, CTAP_CHAL_SIZE); - ret = - mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), sig_base, sizeof(sig_base), hash); + ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), sig_base, sizeof(sig_base), hash); if (ret != 0) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } size_t olen = 0; - ret = mbedtls_ecdsa_write_signature(&key, - MBEDTLS_MD_SHA256, - hash, - 32, - (uint8_t *) resp->sig, - CTAP_MAX_EC_SIG_SIZE, - &olen, - random_gen, - NULL); + ret = mbedtls_ecdsa_write_signature(&key, MBEDTLS_MD_SHA256, hash, 32, (uint8_t *) resp->sig, CTAP_MAX_EC_SIG_SIZE, &olen, random_gen, NULL); mbedtls_ecdsa_free(&key); if (ret != 0) { return SW_EXEC_ERROR(); } - res_APDU_size = 1 + 4 + olen; + res_APDU_size = 1 + 4 + (uint16_t)olen; ctr++; file_put_data(ef_counter, (uint8_t *) &ctr, sizeof(ctr)); diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 66629ee..325508c 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -50,9 +50,7 @@ int u2f_unload() { return CCID_OK; } -const uint8_t *bogus_firefox = - (const uint8_t *) - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +const uint8_t *bogus_firefox = (const uint8_t *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; const uint8_t *bogus_chrome = (const uint8_t *) "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; extern int ctap_error(uint8_t error); @@ -84,33 +82,20 @@ int cmd_register() { return SW_EXEC_ERROR(); } size_t olen = 0; - ret = - mbedtls_ecp_point_write_binary(&key.grp, - &key.Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &olen, - (uint8_t *) &resp->pubKey, - CTAP_EC_POINT_SIZE); + ret = mbedtls_ecp_point_write_binary(&key.grp, &key.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, (uint8_t *) &resp->pubKey, CTAP_EC_POINT_SIZE); mbedtls_ecdsa_free(&key); if (ret != 0) { return SW_EXEC_ERROR(); } - size_t ef_certdev_size = file_get_size(ef_certdev); + uint16_t ef_certdev_size = file_get_size(ef_certdev); memcpy(resp->keyHandleCertSig + KEY_HANDLE_LEN, file_get_data(ef_certdev), ef_certdev_size); - uint8_t hash[32], - sign_base[1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE + KEY_HANDLE_LEN + CTAP_EC_POINT_SIZE]; + uint8_t hash[32], sign_base[1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE + KEY_HANDLE_LEN + CTAP_EC_POINT_SIZE]; sign_base[0] = CTAP_REGISTER_HASH_ID; memcpy(sign_base + 1, req->appId, CTAP_APPID_SIZE); memcpy(sign_base + 1 + CTAP_APPID_SIZE, req->chal, CTAP_CHAL_SIZE); - memcpy(sign_base + 1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE, resp->keyHandleCertSig, - KEY_HANDLE_LEN); - memcpy(sign_base + 1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE + KEY_HANDLE_LEN, - (uint8_t *) &resp->pubKey, - CTAP_EC_POINT_SIZE); - ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - sign_base, - sizeof(sign_base), - hash); + memcpy(sign_base + 1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE, resp->keyHandleCertSig, KEY_HANDLE_LEN); + memcpy(sign_base + 1 + CTAP_APPID_SIZE + CTAP_CHAL_SIZE + KEY_HANDLE_LEN, (uint8_t *) &resp->pubKey, CTAP_EC_POINT_SIZE); + ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), sign_base, sizeof(sign_base), hash); if (ret != 0) { return SW_EXEC_ERROR(); } @@ -120,21 +105,12 @@ int cmd_register() { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } - ret = mbedtls_ecdsa_write_signature(&key, - MBEDTLS_MD_SHA256, - hash, - 32, - (uint8_t *) resp->keyHandleCertSig + KEY_HANDLE_LEN + ef_certdev_size, - CTAP_MAX_EC_SIG_SIZE, - &olen, - random_gen, - NULL); + ret = mbedtls_ecdsa_write_signature(&key,MBEDTLS_MD_SHA256, hash, 32, (uint8_t *) resp->keyHandleCertSig + KEY_HANDLE_LEN + ef_certdev_size, CTAP_MAX_EC_SIG_SIZE, &olen, random_gen, NULL); mbedtls_ecdsa_free(&key); if (ret != 0) { return SW_EXEC_ERROR(); } - res_APDU_size = sizeof(CTAP_REGISTER_RESP) - sizeof(resp->keyHandleCertSig) + KEY_HANDLE_LEN + - ef_certdev_size + olen; + res_APDU_size = sizeof(CTAP_REGISTER_RESP) - sizeof(resp->keyHandleCertSig) + KEY_HANDLE_LEN + ef_certdev_size + (uint16_t)olen; return SW_OK(); } diff --git a/src/fido/cmd_version.c b/src/fido/cmd_version.c index 7b0ff74..5e66b34 100644 --- a/src/fido/cmd_version.c +++ b/src/fido/cmd_version.c @@ -20,6 +20,6 @@ int cmd_version() { memcpy(res_APDU, "U2F_V2", strlen("U2F_V2")); - res_APDU_size = strlen("U2F_V2"); + res_APDU_size = (uint16_t)strlen("U2F_V2"); return SW_OK(); } diff --git a/src/fido/credential.c b/src/fido/credential.c index f1f1994..f5fcabe 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -273,7 +273,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * credential_free(&cred); return ret; } - for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { + for (uint16_t i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { file_t *ef = search_dynamic_file(EF_CRED + i); Credential rcred = { 0 }; if (!file_has_data(ef)) { @@ -290,8 +290,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * credential_free(&rcred); continue; } - if (memcmp(rcred.userId.data, cred.userId.data, - MIN(rcred.userId.len, cred.userId.len)) == 0) { + if (memcmp(rcred.userId.data, cred.userId.data, MIN(rcred.userId.len, cred.userId.len)) == 0) { sloti = i; credential_free(&rcred); new_record = false; @@ -305,13 +304,13 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * uint8_t *data = (uint8_t *) calloc(1, cred_id_len + 32); memcpy(data, rp_id_hash, 32); memcpy(data + 32, cred_id, cred_id_len); - file_t *ef = file_new(EF_CRED + sloti); - file_put_data(ef, data, cred_id_len + 32); + file_t *ef = file_new((uint16_t)(EF_CRED + sloti)); + file_put_data(ef, data, (uint16_t)cred_id_len + 32); free(data); if (new_record == true) { //increase rps sloti = -1; - for (int i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { + for (uint16_t i = 0; i < MAX_RESIDENT_CREDENTIALS; i++) { ef = search_dynamic_file(EF_RP + i); if (!file_has_data(ef)) { if (sloti == -1) { @@ -327,7 +326,7 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * if (sloti == -1) { return -1; } - ef = search_dynamic_file(EF_RP + sloti); + ef = search_dynamic_file((uint16_t)(EF_RP + sloti)); if (file_has_data(ef)) { data = (uint8_t *) calloc(1, file_get_size(ef)); memcpy(data, file_get_data(ef), file_get_size(ef)); @@ -336,12 +335,12 @@ int credential_store(const uint8_t *cred_id, size_t cred_id_len, const uint8_t * free(data); } else { - ef = file_new(EF_RP + sloti); + ef = file_new((uint16_t)(EF_RP + sloti)); data = (uint8_t *) calloc(1, 1 + 32 + cred.rpId.len); data[0] = 1; memcpy(data + 1, rp_id_hash, 32); memcpy(data + 1 + 32, cred.rpId.data, cred.rpId.len); - file_put_data(ef, data, 1 + 32 + cred.rpId.len); + file_put_data(ef, data, (uint16_t)(1 + 32 + cred.rpId.len)); free(data); } } diff --git a/src/fido/ctap.h b/src/fido/ctap.h index a82c608..79d00f6 100644 --- a/src/fido/ctap.h +++ b/src/fido/ctap.h @@ -18,16 +18,9 @@ #ifndef _CTAP_H_ #define _CTAP_H_ -#ifdef _MSC_VER // Windows -typedef unsigned char uint8_t; -typedef unsigned short uint16_t; -typedef unsigned int uint32_t; -typedef unsigned long int uint64_t; -#else #include #include #include -#endif #ifdef __cplusplus extern "C" { diff --git a/src/fido/fido.c b/src/fido/fido.c index 63ed4f0..0865e26 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -260,7 +260,7 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int cur if (cinfo->bit_size % 8 != 0) { outk[0] >>= 8 - (cinfo->bit_size % 8); } - r = mbedtls_ecp_read_key(curve, key, outk, ceil((float) cinfo->bit_size / 8)); + r = mbedtls_ecp_read_key(curve, key, outk, (size_t)ceil((float) cinfo->bit_size / 8)); mbedtls_platform_zeroize(outk, sizeof(outk)); if (r != 0) { return r; @@ -291,7 +291,7 @@ int scan_files() { if (ret != CCID_OK) { return ret; } - ret = file_put_data(ef_keydev, kdata, key_size); + ret = file_put_data(ef_keydev, kdata, (uint16_t)key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); if (ret != CCID_OK) { @@ -324,7 +324,7 @@ int scan_files() { if (ret <= 0) { return ret; } - file_put_data(ef_certdev, cert + sizeof(cert) - ret, ret); + file_put_data(ef_certdev, cert + sizeof(cert) - ret, (uint16_t)ret); } } else { diff --git a/src/fido/fido.h b/src/fido/fido.h index aab14e8..a27f2b0 100644 --- a/src/fido/fido.h +++ b/src/fido/fido.h @@ -53,16 +53,8 @@ extern mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve); extern int mbedtls_curve_to_fido(mbedtls_ecp_group_id id); extern int fido_load_key(int curve, const uint8_t *cred_id, mbedtls_ecdsa_context *key); extern int load_keydev(uint8_t *key); -extern int encrypt(uint8_t protocol, - const uint8_t *key, - const uint8_t *in, - size_t in_len, - uint8_t *out); -extern int decrypt(uint8_t protocol, - const uint8_t *key, - const uint8_t *in, - size_t in_len, - uint8_t *out); +extern int encrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out); +extern int decrypt(uint8_t protocol, const uint8_t *key, const uint8_t *in, uint16_t in_len, uint8_t *out); extern int ecdh(uint8_t protocol, const mbedtls_ecp_point *Q, uint8_t *sharedSecret); #define FIDO2_ALG_ES256 -7 //ECDSA-SHA256 P256 @@ -136,10 +128,6 @@ typedef struct pinUvAuthToken { extern uint32_t user_present_time_limit; extern pinUvAuthToken_t paut; -extern int verify(uint8_t protocol, - const uint8_t *key, - const uint8_t *data, - size_t len, - uint8_t *sign); +extern int verify(uint8_t protocol, const uint8_t *key, const uint8_t *data, uint16_t len, uint8_t *sign); #endif //_FIDO_H diff --git a/src/fido/management.c b/src/fido/management.c index 3c94c1c..57cd47c 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -36,7 +36,7 @@ int man_select(app_t *a, uint8_t force) { a->process_apdu = man_process_apdu; a->unload = man_unload; sprintf((char *) res_APDU, "%d.%d.0", PICO_FIDO_VERSION_MAJOR, PICO_FIDO_VERSION_MINOR); - res_APDU_size = strlen((char *) res_APDU); + res_APDU_size = (uint16_t)strlen((char *) res_APDU); apdu.ne = res_APDU_size; if (force) { scan_all(); @@ -116,7 +116,7 @@ int man_get_config() { memcpy(res_APDU + res_APDU_size, file_get_data(ef), file_get_size(ef)); res_APDU_size += file_get_size(ef); } - res_APDU[0] = res_APDU_size - 1; + res_APDU[0] = (uint8_t)(res_APDU_size - 1); return 0; } @@ -130,7 +130,7 @@ int cmd_write_config() { return SW_WRONG_DATA(); } file_t *ef = file_new(EF_DEV_CONF); - file_put_data(ef, apdu.data + 1, apdu.nc - 1); + file_put_data(ef, apdu.data + 1, (uint16_t)(apdu.nc - 1)); low_flash_available(); return SW_OK(); } diff --git a/src/fido/oath.c b/src/fido/oath.c index 098bfa2..b0c7cc4 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -115,7 +115,7 @@ int oath_unload() { file_t *find_oath_cred(const uint8_t *name, size_t name_len) { for (int i = 0; i < MAX_OATH_CRED; i++) { - file_t *ef = search_dynamic_file(EF_OATH_CRED + i); + file_t *ef = search_dynamic_file((uint16_t)(EF_OATH_CRED + i)); asn1_ctx_t ctxi, ef_tag = { 0 }; asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); if (file_has_data(ef) && asn1_find_tag(&ctxi, TAG_NAME, &ef_tag) == true && ef_tag.len == name_len && memcmp(ef_tag.data, name, name_len) == 0) { @@ -130,7 +130,7 @@ int cmd_put() { return SW_SECURITY_STATUS_NOT_SATISFIED(); } asn1_ctx_t ctxi, key = { 0 }, name = { 0 }, imf = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } @@ -154,15 +154,15 @@ int cmd_put() { } file_t *ef = find_oath_cred(name.data, name.len); if (file_has_data(ef)) { - file_put_data(ef, apdu.data, apdu.nc); + file_put_data(ef, apdu.data, (uint16_t)apdu.nc); low_flash_available(); } else { for (int i = 0; i < MAX_OATH_CRED; i++) { - file_t *ef = search_dynamic_file(EF_OATH_CRED + i); - if (!file_has_data(ef)) { - ef = file_new(EF_OATH_CRED + i); - file_put_data(ef, apdu.data, apdu.nc); + file_t *tef = search_dynamic_file((uint16_t)(EF_OATH_CRED + i)); + if (!file_has_data(tef)) { + tef = file_new((uint16_t)(EF_OATH_CRED + i)); + file_put_data(tef, apdu.data, (uint16_t)apdu.nc); low_flash_available(); return SW_OK(); } @@ -178,7 +178,7 @@ int cmd_delete() { return SW_SECURITY_STATUS_NOT_SATISFIED(); } asn1_ctx_t ctxi, ctxo = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_NAME, &ctxo) == true) { file_t *ef = find_oath_cred(ctxo.data, ctxo.len); if (ef) { @@ -213,7 +213,7 @@ int cmd_set_code() { return SW_OK(); } asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, resp = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_KEY, &key) == false) { return SW_INCORRECT_PARAMS(); } @@ -254,7 +254,7 @@ int cmd_reset() { return SW_INCORRECT_P1P2(); } for (int i = 0; i < MAX_OATH_CRED; i++) { - file_t *ef = search_dynamic_file(EF_OATH_CRED + i); + file_t *ef = search_dynamic_file((uint16_t)(EF_OATH_CRED + i)); if (file_has_data(ef)) { delete_file(ef); } @@ -271,13 +271,13 @@ int cmd_list() { return SW_SECURITY_STATUS_NOT_SATISFIED(); } for (int i = 0; i < MAX_OATH_CRED; i++) { - file_t *ef = search_dynamic_file(EF_OATH_CRED + i); + file_t *ef = search_dynamic_file((uint16_t)(EF_OATH_CRED + i)); if (file_has_data(ef)) { asn1_ctx_t ctxi, key = { 0 }, name = { 0 }; asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi); if (asn1_find_tag(&ctxi, TAG_NAME, &name) == true && asn1_find_tag(&ctxi, TAG_KEY, &key) == true) { res_APDU[res_APDU_size++] = TAG_NAME_LIST; - res_APDU[res_APDU_size++] = name.len + 1; + res_APDU[res_APDU_size++] = (uint8_t)(name.len + 1); res_APDU[res_APDU_size++] = key.data[0]; memcpy(res_APDU + res_APDU_size, name.data, name.len); res_APDU_size += name.len; } @@ -289,7 +289,7 @@ int cmd_list() { int cmd_validate() { asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, resp = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_CHALLENGE, &chal) == false) { return SW_INCORRECT_PARAMS(); } @@ -328,11 +328,7 @@ int cmd_validate() { return SW_OK(); } -int calculate_oath(uint8_t truncate, - const uint8_t *key, - size_t key_len, - const uint8_t *chal, - size_t chal_len) { +int calculate_oath(uint8_t truncate, const uint8_t *key, size_t key_len, const uint8_t *chal, size_t chal_len) { const mbedtls_md_info_t *md_info = get_oath_md_info(key[0]); if (md_info == NULL) { return SW_INCORRECT_PARAMS(); @@ -353,9 +349,9 @@ int calculate_oath(uint8_t truncate, res_APDU[res_APDU_size++] = hmac[offset + 3]; } else { - res_APDU[res_APDU_size++] = hmac_size + 1; + res_APDU[res_APDU_size++] = (uint8_t)(hmac_size + 1); res_APDU[res_APDU_size++] = key[1]; - memcpy(res_APDU + res_APDU_size, hmac, hmac_size); res_APDU_size += hmac_size; + memcpy(res_APDU + res_APDU_size, hmac, hmac_size); res_APDU_size += (uint16_t)hmac_size; } apdu.ne = res_APDU_size; return CCID_OK; @@ -369,7 +365,7 @@ int cmd_calculate() { return SW_SECURITY_STATUS_NOT_SATISFIED(); } asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, name = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_CHALLENGE, &chal) == false) { return SW_INCORRECT_PARAMS(); } @@ -400,32 +396,30 @@ int cmd_calculate() { } if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { uint64_t v = - ((uint64_t) chal.data[0] << - 56) | - ((uint64_t) chal.data[1] << - 48) | - ((uint64_t) chal.data[2] << - 40) | - ((uint64_t) chal.data[3] << - 32) | - ((uint64_t) chal.data[4] << - 24) | ((uint64_t) chal.data[5] << 16) | ((uint64_t) chal.data[6] << 8) | (uint64_t) chal.data[7]; + ((uint64_t) chal.data[0] << 56) | + ((uint64_t) chal.data[1] << 48) | + ((uint64_t) chal.data[2] << 40) | + ((uint64_t) chal.data[3] << 32) | + ((uint64_t) chal.data[4] << 24) | + ((uint64_t) chal.data[5] << 16) | + ((uint64_t) chal.data[6] << 8) | + (uint64_t) chal.data[7]; size_t ef_size = file_get_size(ef); v++; uint8_t *tmp = (uint8_t *) calloc(1, ef_size); memcpy(tmp, file_get_data(ef), ef_size); asn1_ctx_t ctxt; - asn1_ctx_init(tmp, ef_size, &ctxt); + asn1_ctx_init(tmp, (uint16_t)ef_size, &ctxt); asn1_find_tag(&ctxt, TAG_IMF, &chal); - chal.data[0] = v >> 56; - chal.data[1] = v >> 48; - chal.data[2] = v >> 40; - chal.data[3] = v >> 32; - chal.data[4] = v >> 24; - chal.data[5] = v >> 16; - chal.data[6] = v >> 8; + chal.data[0] = (v >> 56) & 0xFF; + chal.data[1] = (v >> 48) & 0xFF; + chal.data[2] = (v >> 40) & 0xFF; + chal.data[3] = (v >> 32) & 0xFF; + chal.data[4] = (v >> 24) & 0xFF; + chal.data[5] = (v >> 16) & 0xFF; + chal.data[6] = (v >> 8) & 0xFF; chal.data[7] = v & 0xff; - file_put_data(ef, tmp, ef_size); + file_put_data(ef, tmp, (uint16_t)ef_size); low_flash_available(); free(tmp); } @@ -435,7 +429,7 @@ int cmd_calculate() { int cmd_calculate_all() { asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, name = { 0 }, prop = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (P2(apdu) != 0x0 && P2(apdu) != 0x1) { return SW_INCORRECT_P1P2(); } @@ -447,17 +441,17 @@ int cmd_calculate_all() { } res_APDU_size = 0; for (int i = 0; i < MAX_OATH_CRED; i++) { - file_t *ef = search_dynamic_file(EF_OATH_CRED + i); + file_t *ef = search_dynamic_file((uint16_t)(EF_OATH_CRED + i)); if (file_has_data(ef)) { const uint8_t *ef_data = file_get_data(ef); size_t ef_len = file_get_size(ef); asn1_ctx_t ctxe; - asn1_ctx_init((uint8_t *)ef_data, ef_len, &ctxe); + asn1_ctx_init((uint8_t *)ef_data, (uint16_t)ef_len, &ctxe); if (asn1_find_tag(&ctxe, TAG_NAME, &name) == false || asn1_find_tag(&ctxe, TAG_KEY, &key) == false) { continue; } res_APDU[res_APDU_size++] = TAG_NAME; - res_APDU[res_APDU_size++] = name.len; + res_APDU[res_APDU_size++] = (uint8_t)name.len; memcpy(res_APDU + res_APDU_size, name.data, name.len); res_APDU_size += name.len; if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { res_APDU[res_APDU_size++] = TAG_NO_RESPONSE; @@ -494,7 +488,7 @@ int cmd_set_otp_pin() { return SW_CONDITIONS_NOT_SATISFIED(); } asn1_ctx_t ctxi, pw = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_PASSWORD, &pw) == false) { return SW_INCORRECT_PARAMS(); } @@ -512,7 +506,7 @@ int cmd_change_otp_pin() { return SW_CONDITIONS_NOT_SATISFIED(); } asn1_ctx_t ctxi, pw = { 0 }, new_pw = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_PASSWORD, &pw) == false) { return SW_INCORRECT_PARAMS(); } @@ -537,7 +531,7 @@ int cmd_verify_otp_pin() { return SW_CONDITIONS_NOT_SATISFIED(); } asn1_ctx_t ctxi, pw = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); if (asn1_find_tag(&ctxi, TAG_PASSWORD, &pw) == false) { return SW_INCORRECT_PARAMS(); } @@ -561,7 +555,7 @@ int cmd_verify_otp_pin() { int cmd_verify_hotp() { asn1_ctx_t ctxi, key = { 0 }, chal = { 0 }, name = { 0 }, code = { 0 }; - asn1_ctx_init(apdu.data, apdu.nc, &ctxi); + asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi); uint32_t code_int = 0; if (asn1_find_tag(&ctxi, TAG_NAME, &name) == false) { return SW_INCORRECT_PARAMS(); @@ -600,7 +594,8 @@ int cmd_verify_hotp() { if (res_int != code_int) { return SW_WRONG_DATA(); } - res_APDU_size = apdu.ne = 0; + res_APDU_size = 0; + apdu.ne = 0; return SW_OK(); } diff --git a/src/fido/otp.c b/src/fido/otp.c index 1c41e99..67089b5 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -96,6 +96,7 @@ static uint8_t config_seq = { 1 }; +PACK( typedef struct otp_config { uint8_t fixed_data[FIXED_SIZE]; uint8_t uid[UID_SIZE]; @@ -107,9 +108,9 @@ typedef struct otp_config { uint8_t cfg_flags; uint8_t rfu[2]; uint16_t crc; -} __attribute__((packed)) otp_config_t; +}) otp_config_t; -static const size_t otp_config_size = sizeof(otp_config_t); +#define otp_config_size sizeof(otp_config_t) uint16_t otp_status(); int otp_process_apdu(); @@ -151,7 +152,7 @@ int otp_select(app_t *a, uint8_t force) { uint8_t modhex_tab[] = { 'c', 'b', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'n', 'r', 't', 'u', 'v' }; int encode_modhex(const uint8_t *in, size_t len, uint8_t *out) { - for (int l = 0; l < len; l++) { + for (size_t l = 0; l < len; l++) { *out++ = modhex_tab[in[l] >> 4]; *out++ = modhex_tab[in[l] & 0xf]; } @@ -162,7 +163,7 @@ extern void scan_all(); void init_otp() { if (scanned == false) { scan_all(); - for (int i = 0; i < 2; i++) { + for (uint8_t i = 0; i < 2; i++) { file_t *ef = search_dynamic_file(EF_OTP_SLOT1 + i); uint8_t *data = file_get_data(ef); otp_config_t *otp_config = (otp_config_t *) data; @@ -331,6 +332,8 @@ int otp_button_pressed(uint8_t slot) { low_flash_available(); } } +#else + (void) slot; #endif return 0; } -- 2.34.1 From cffa8e29ff5ec439ff5790961178cc563c8416a3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 23 Aug 2024 14:24:03 +0200 Subject: [PATCH 060/127] Fix windows build. Signed-off-by: Pol Henarejos --- CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 08ed5cd..11ffd5a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -156,7 +156,6 @@ if(ENABLE_EMULATION) target_link_options(pico_fido PUBLIC -Wl,--gc-sections ) - target_link_libraries(pico_fido PRIVATE m) endif (APPLE) else() pico_add_extra_outputs(pico_fido) -- 2.34.1 From 5e86745672344744dc6556a19677457609c03bf7 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 23 Aug 2024 15:23:10 +0200 Subject: [PATCH 061/127] Add missing files for ESP32. Signed-off-by: Pol Henarejos --- sdkconfig | 2243 +++++++++++++++++++++++++++++++++++++++ src/fido/CMakeLists.txt | 6 + 2 files changed, 2249 insertions(+) create mode 100644 sdkconfig create mode 100644 src/fido/CMakeLists.txt diff --git a/sdkconfig b/sdkconfig new file mode 100644 index 0000000..13ea585 --- /dev/null +++ b/sdkconfig @@ -0,0 +1,2243 @@ +# +# Automatically generated file. DO NOT EDIT. +# Espressif IoT Development Framework (ESP-IDF) 5.3.0 Project Configuration +# +CONFIG_SOC_MPU_MIN_REGION_SIZE=0x20000000 +CONFIG_SOC_MPU_REGIONS_MAX_NUM=8 +CONFIG_SOC_ADC_SUPPORTED=y +CONFIG_SOC_UART_SUPPORTED=y +CONFIG_SOC_PCNT_SUPPORTED=y +CONFIG_SOC_PHY_SUPPORTED=y +CONFIG_SOC_WIFI_SUPPORTED=y +CONFIG_SOC_TWAI_SUPPORTED=y +CONFIG_SOC_GDMA_SUPPORTED=y +CONFIG_SOC_AHB_GDMA_SUPPORTED=y +CONFIG_SOC_GPTIMER_SUPPORTED=y +CONFIG_SOC_LCDCAM_SUPPORTED=y +CONFIG_SOC_MCPWM_SUPPORTED=y +CONFIG_SOC_DEDICATED_GPIO_SUPPORTED=y +CONFIG_SOC_CACHE_SUPPORT_WRAP=y +CONFIG_SOC_ULP_SUPPORTED=y +CONFIG_SOC_ULP_FSM_SUPPORTED=y +CONFIG_SOC_RISCV_COPROC_SUPPORTED=y +CONFIG_SOC_BT_SUPPORTED=y +CONFIG_SOC_USB_OTG_SUPPORTED=y +CONFIG_SOC_USB_SERIAL_JTAG_SUPPORTED=y +CONFIG_SOC_CCOMP_TIMER_SUPPORTED=y +CONFIG_SOC_ASYNC_MEMCPY_SUPPORTED=y +CONFIG_SOC_SUPPORTS_SECURE_DL_MODE=y +CONFIG_SOC_EFUSE_KEY_PURPOSE_FIELD=y +CONFIG_SOC_EFUSE_SUPPORTED=y +CONFIG_SOC_SDMMC_HOST_SUPPORTED=y +CONFIG_SOC_RTC_FAST_MEM_SUPPORTED=y +CONFIG_SOC_RTC_SLOW_MEM_SUPPORTED=y +CONFIG_SOC_RTC_MEM_SUPPORTED=y +CONFIG_SOC_PSRAM_DMA_CAPABLE=y +CONFIG_SOC_XT_WDT_SUPPORTED=y +CONFIG_SOC_I2S_SUPPORTED=y +CONFIG_SOC_RMT_SUPPORTED=y +CONFIG_SOC_SDM_SUPPORTED=y +CONFIG_SOC_GPSPI_SUPPORTED=y +CONFIG_SOC_LEDC_SUPPORTED=y +CONFIG_SOC_I2C_SUPPORTED=y +CONFIG_SOC_SYSTIMER_SUPPORTED=y +CONFIG_SOC_SUPPORT_COEXISTENCE=y +CONFIG_SOC_TEMP_SENSOR_SUPPORTED=y +CONFIG_SOC_AES_SUPPORTED=y +CONFIG_SOC_MPI_SUPPORTED=y +CONFIG_SOC_SHA_SUPPORTED=y +CONFIG_SOC_HMAC_SUPPORTED=y +CONFIG_SOC_DIG_SIGN_SUPPORTED=y +CONFIG_SOC_FLASH_ENC_SUPPORTED=y +CONFIG_SOC_SECURE_BOOT_SUPPORTED=y +CONFIG_SOC_MEMPROT_SUPPORTED=y +CONFIG_SOC_TOUCH_SENSOR_SUPPORTED=y +CONFIG_SOC_BOD_SUPPORTED=y +CONFIG_SOC_CLK_TREE_SUPPORTED=y +CONFIG_SOC_MPU_SUPPORTED=y +CONFIG_SOC_WDT_SUPPORTED=y +CONFIG_SOC_SPI_FLASH_SUPPORTED=y +CONFIG_SOC_RNG_SUPPORTED=y +CONFIG_SOC_LIGHT_SLEEP_SUPPORTED=y +CONFIG_SOC_DEEP_SLEEP_SUPPORTED=y +CONFIG_SOC_LP_PERIPH_SHARE_INTERRUPT=y +CONFIG_SOC_PM_SUPPORTED=y +CONFIG_SOC_XTAL_SUPPORT_40M=y +CONFIG_SOC_APPCPU_HAS_CLOCK_GATING_BUG=y +CONFIG_SOC_ADC_RTC_CTRL_SUPPORTED=y +CONFIG_SOC_ADC_DIG_CTRL_SUPPORTED=y +CONFIG_SOC_ADC_ARBITER_SUPPORTED=y +CONFIG_SOC_ADC_DIG_IIR_FILTER_SUPPORTED=y +CONFIG_SOC_ADC_MONITOR_SUPPORTED=y +CONFIG_SOC_ADC_DMA_SUPPORTED=y +CONFIG_SOC_ADC_PERIPH_NUM=2 +CONFIG_SOC_ADC_MAX_CHANNEL_NUM=10 +CONFIG_SOC_ADC_ATTEN_NUM=4 +CONFIG_SOC_ADC_DIGI_CONTROLLER_NUM=2 +CONFIG_SOC_ADC_PATT_LEN_MAX=24 +CONFIG_SOC_ADC_DIGI_MIN_BITWIDTH=12 +CONFIG_SOC_ADC_DIGI_MAX_BITWIDTH=12 +CONFIG_SOC_ADC_DIGI_RESULT_BYTES=4 +CONFIG_SOC_ADC_DIGI_DATA_BYTES_PER_CONV=4 +CONFIG_SOC_ADC_DIGI_IIR_FILTER_NUM=2 +CONFIG_SOC_ADC_DIGI_MONITOR_NUM=2 +CONFIG_SOC_ADC_SAMPLE_FREQ_THRES_HIGH=83333 +CONFIG_SOC_ADC_SAMPLE_FREQ_THRES_LOW=611 +CONFIG_SOC_ADC_RTC_MIN_BITWIDTH=12 +CONFIG_SOC_ADC_RTC_MAX_BITWIDTH=12 +CONFIG_SOC_ADC_CALIBRATION_V1_SUPPORTED=y +CONFIG_SOC_ADC_SELF_HW_CALI_SUPPORTED=y +CONFIG_SOC_ADC_SHARED_POWER=y +CONFIG_SOC_APB_BACKUP_DMA=y +CONFIG_SOC_BROWNOUT_RESET_SUPPORTED=y +CONFIG_SOC_CACHE_WRITEBACK_SUPPORTED=y +CONFIG_SOC_CACHE_FREEZE_SUPPORTED=y +CONFIG_SOC_CPU_CORES_NUM=2 +CONFIG_SOC_CPU_INTR_NUM=32 +CONFIG_SOC_CPU_HAS_FPU=y +CONFIG_SOC_HP_CPU_HAS_MULTIPLE_CORES=y +CONFIG_SOC_CPU_BREAKPOINTS_NUM=2 +CONFIG_SOC_CPU_WATCHPOINTS_NUM=2 +CONFIG_SOC_CPU_WATCHPOINT_MAX_REGION_SIZE=64 +CONFIG_SOC_DS_SIGNATURE_MAX_BIT_LEN=4096 +CONFIG_SOC_DS_KEY_PARAM_MD_IV_LENGTH=16 +CONFIG_SOC_DS_KEY_CHECK_MAX_WAIT_US=1100 +CONFIG_SOC_AHB_GDMA_VERSION=1 +CONFIG_SOC_GDMA_NUM_GROUPS_MAX=1 +CONFIG_SOC_GDMA_PAIRS_PER_GROUP=5 +CONFIG_SOC_GDMA_PAIRS_PER_GROUP_MAX=5 +CONFIG_SOC_AHB_GDMA_SUPPORT_PSRAM=y +CONFIG_SOC_GPIO_PORT=1 +CONFIG_SOC_GPIO_PIN_COUNT=49 +CONFIG_SOC_GPIO_SUPPORT_PIN_GLITCH_FILTER=y +CONFIG_SOC_GPIO_FILTER_CLK_SUPPORT_APB=y +CONFIG_SOC_GPIO_SUPPORT_RTC_INDEPENDENT=y +CONFIG_SOC_GPIO_SUPPORT_FORCE_HOLD=y +CONFIG_SOC_GPIO_VALID_GPIO_MASK=0x1FFFFFFFFFFFF +CONFIG_SOC_GPIO_IN_RANGE_MAX=48 +CONFIG_SOC_GPIO_OUT_RANGE_MAX=48 +CONFIG_SOC_GPIO_VALID_DIGITAL_IO_PAD_MASK=0x0001FFFFFC000000 +CONFIG_SOC_GPIO_CLOCKOUT_BY_IO_MUX=y +CONFIG_SOC_GPIO_CLOCKOUT_CHANNEL_NUM=3 +CONFIG_SOC_DEDIC_GPIO_OUT_CHANNELS_NUM=8 +CONFIG_SOC_DEDIC_GPIO_IN_CHANNELS_NUM=8 +CONFIG_SOC_DEDIC_GPIO_OUT_AUTO_ENABLE=y +CONFIG_SOC_I2C_NUM=2 +CONFIG_SOC_HP_I2C_NUM=2 +CONFIG_SOC_I2C_FIFO_LEN=32 +CONFIG_SOC_I2C_CMD_REG_NUM=8 +CONFIG_SOC_I2C_SUPPORT_SLAVE=y +CONFIG_SOC_I2C_SUPPORT_HW_CLR_BUS=y +CONFIG_SOC_I2C_SUPPORT_XTAL=y +CONFIG_SOC_I2C_SUPPORT_RTC=y +CONFIG_SOC_I2C_SUPPORT_10BIT_ADDR=y +CONFIG_SOC_I2C_SLAVE_SUPPORT_BROADCAST=y +CONFIG_SOC_I2C_SLAVE_SUPPORT_I2CRAM_ACCESS=y +CONFIG_SOC_I2S_NUM=2 +CONFIG_SOC_I2S_HW_VERSION_2=y +CONFIG_SOC_I2S_SUPPORTS_XTAL=y +CONFIG_SOC_I2S_SUPPORTS_PLL_F160M=y +CONFIG_SOC_I2S_SUPPORTS_PCM=y +CONFIG_SOC_I2S_SUPPORTS_PDM=y +CONFIG_SOC_I2S_SUPPORTS_PDM_TX=y +CONFIG_SOC_I2S_PDM_MAX_TX_LINES=2 +CONFIG_SOC_I2S_SUPPORTS_PDM_RX=y +CONFIG_SOC_I2S_PDM_MAX_RX_LINES=4 +CONFIG_SOC_I2S_SUPPORTS_TDM=y +CONFIG_SOC_LEDC_SUPPORT_APB_CLOCK=y +CONFIG_SOC_LEDC_SUPPORT_XTAL_CLOCK=y +CONFIG_SOC_LEDC_CHANNEL_NUM=8 +CONFIG_SOC_LEDC_TIMER_BIT_WIDTH=14 +CONFIG_SOC_LEDC_SUPPORT_FADE_STOP=y +CONFIG_SOC_MCPWM_GROUPS=2 +CONFIG_SOC_MCPWM_TIMERS_PER_GROUP=3 +CONFIG_SOC_MCPWM_OPERATORS_PER_GROUP=3 +CONFIG_SOC_MCPWM_COMPARATORS_PER_OPERATOR=2 +CONFIG_SOC_MCPWM_GENERATORS_PER_OPERATOR=2 +CONFIG_SOC_MCPWM_TRIGGERS_PER_OPERATOR=2 +CONFIG_SOC_MCPWM_GPIO_FAULTS_PER_GROUP=3 +CONFIG_SOC_MCPWM_CAPTURE_TIMERS_PER_GROUP=y +CONFIG_SOC_MCPWM_CAPTURE_CHANNELS_PER_TIMER=3 +CONFIG_SOC_MCPWM_GPIO_SYNCHROS_PER_GROUP=3 +CONFIG_SOC_MCPWM_SWSYNC_CAN_PROPAGATE=y +CONFIG_SOC_MMU_LINEAR_ADDRESS_REGION_NUM=1 +CONFIG_SOC_MMU_PERIPH_NUM=1 +CONFIG_SOC_PCNT_GROUPS=1 +CONFIG_SOC_PCNT_UNITS_PER_GROUP=4 +CONFIG_SOC_PCNT_CHANNELS_PER_UNIT=2 +CONFIG_SOC_PCNT_THRES_POINT_PER_UNIT=2 +CONFIG_SOC_RMT_GROUPS=1 +CONFIG_SOC_RMT_TX_CANDIDATES_PER_GROUP=4 +CONFIG_SOC_RMT_RX_CANDIDATES_PER_GROUP=4 +CONFIG_SOC_RMT_CHANNELS_PER_GROUP=8 +CONFIG_SOC_RMT_MEM_WORDS_PER_CHANNEL=48 +CONFIG_SOC_RMT_SUPPORT_RX_PINGPONG=y +CONFIG_SOC_RMT_SUPPORT_RX_DEMODULATION=y +CONFIG_SOC_RMT_SUPPORT_TX_ASYNC_STOP=y +CONFIG_SOC_RMT_SUPPORT_TX_LOOP_COUNT=y +CONFIG_SOC_RMT_SUPPORT_TX_LOOP_AUTO_STOP=y +CONFIG_SOC_RMT_SUPPORT_TX_SYNCHRO=y +CONFIG_SOC_RMT_SUPPORT_TX_CARRIER_DATA_ONLY=y +CONFIG_SOC_RMT_SUPPORT_XTAL=y +CONFIG_SOC_RMT_SUPPORT_RC_FAST=y +CONFIG_SOC_RMT_SUPPORT_APB=y +CONFIG_SOC_RMT_SUPPORT_DMA=y +CONFIG_SOC_LCD_I80_SUPPORTED=y +CONFIG_SOC_LCD_RGB_SUPPORTED=y +CONFIG_SOC_LCD_I80_BUSES=1 +CONFIG_SOC_LCD_RGB_PANELS=1 +CONFIG_SOC_LCD_I80_BUS_WIDTH=16 +CONFIG_SOC_LCD_RGB_DATA_WIDTH=16 +CONFIG_SOC_LCD_SUPPORT_RGB_YUV_CONV=y +CONFIG_SOC_RTC_CNTL_CPU_PD_DMA_BUS_WIDTH=128 +CONFIG_SOC_RTC_CNTL_CPU_PD_REG_FILE_NUM=549 +CONFIG_SOC_RTC_CNTL_TAGMEM_PD_DMA_BUS_WIDTH=128 +CONFIG_SOC_RTCIO_PIN_COUNT=22 +CONFIG_SOC_RTCIO_INPUT_OUTPUT_SUPPORTED=y +CONFIG_SOC_RTCIO_HOLD_SUPPORTED=y +CONFIG_SOC_RTCIO_WAKE_SUPPORTED=y +CONFIG_SOC_SDM_GROUPS=y +CONFIG_SOC_SDM_CHANNELS_PER_GROUP=8 +CONFIG_SOC_SDM_CLK_SUPPORT_APB=y +CONFIG_SOC_SPI_PERIPH_NUM=3 +CONFIG_SOC_SPI_MAX_CS_NUM=6 +CONFIG_SOC_SPI_MAXIMUM_BUFFER_SIZE=64 +CONFIG_SOC_SPI_SUPPORT_DDRCLK=y +CONFIG_SOC_SPI_SLAVE_SUPPORT_SEG_TRANS=y +CONFIG_SOC_SPI_SUPPORT_CD_SIG=y +CONFIG_SOC_SPI_SUPPORT_CONTINUOUS_TRANS=y +CONFIG_SOC_SPI_SUPPORT_SLAVE_HD_VER2=y +CONFIG_SOC_SPI_SUPPORT_CLK_APB=y +CONFIG_SOC_SPI_SUPPORT_CLK_XTAL=y +CONFIG_SOC_SPI_PERIPH_SUPPORT_CONTROL_DUMMY_OUT=y +CONFIG_SOC_MEMSPI_IS_INDEPENDENT=y +CONFIG_SOC_SPI_MAX_PRE_DIVIDER=16 +CONFIG_SOC_SPI_SUPPORT_OCT=y +CONFIG_SOC_SPI_SCT_SUPPORTED=y +CONFIG_SOC_SPI_SCT_REG_NUM=14 +CONFIG_SOC_SPI_SCT_BUFFER_NUM_MAX=y +CONFIG_SOC_SPI_SCT_CONF_BITLEN_MAX=0x3FFFA +CONFIG_SOC_MEMSPI_SRC_FREQ_120M=y +CONFIG_SOC_MEMSPI_SRC_FREQ_80M_SUPPORTED=y +CONFIG_SOC_MEMSPI_SRC_FREQ_40M_SUPPORTED=y +CONFIG_SOC_MEMSPI_SRC_FREQ_20M_SUPPORTED=y +CONFIG_SOC_SPIRAM_SUPPORTED=y +CONFIG_SOC_SPIRAM_XIP_SUPPORTED=y +CONFIG_SOC_SYSTIMER_COUNTER_NUM=2 +CONFIG_SOC_SYSTIMER_ALARM_NUM=3 +CONFIG_SOC_SYSTIMER_BIT_WIDTH_LO=32 +CONFIG_SOC_SYSTIMER_BIT_WIDTH_HI=20 +CONFIG_SOC_SYSTIMER_FIXED_DIVIDER=y +CONFIG_SOC_SYSTIMER_INT_LEVEL=y +CONFIG_SOC_SYSTIMER_ALARM_MISS_COMPENSATE=y +CONFIG_SOC_TIMER_GROUPS=2 +CONFIG_SOC_TIMER_GROUP_TIMERS_PER_GROUP=2 +CONFIG_SOC_TIMER_GROUP_COUNTER_BIT_WIDTH=54 +CONFIG_SOC_TIMER_GROUP_SUPPORT_XTAL=y +CONFIG_SOC_TIMER_GROUP_SUPPORT_APB=y +CONFIG_SOC_TIMER_GROUP_TOTAL_TIMERS=4 +CONFIG_SOC_TOUCH_SENSOR_VERSION=2 +CONFIG_SOC_TOUCH_SENSOR_NUM=15 +CONFIG_SOC_TOUCH_PROXIMITY_CHANNEL_NUM=3 +CONFIG_SOC_TOUCH_PROXIMITY_MEAS_DONE_SUPPORTED=y +CONFIG_SOC_TOUCH_SAMPLER_NUM=1 +CONFIG_SOC_TWAI_CONTROLLER_NUM=1 +CONFIG_SOC_TWAI_CLK_SUPPORT_APB=y +CONFIG_SOC_TWAI_BRP_MIN=2 +CONFIG_SOC_TWAI_BRP_MAX=16384 +CONFIG_SOC_TWAI_SUPPORTS_RX_STATUS=y +CONFIG_SOC_UART_NUM=3 +CONFIG_SOC_UART_HP_NUM=3 +CONFIG_SOC_UART_FIFO_LEN=128 +CONFIG_SOC_UART_BITRATE_MAX=5000000 +CONFIG_SOC_UART_SUPPORT_FSM_TX_WAIT_SEND=y +CONFIG_SOC_UART_SUPPORT_WAKEUP_INT=y +CONFIG_SOC_UART_SUPPORT_APB_CLK=y +CONFIG_SOC_UART_SUPPORT_RTC_CLK=y +CONFIG_SOC_UART_SUPPORT_XTAL_CLK=y +CONFIG_SOC_USB_OTG_PERIPH_NUM=1 +CONFIG_SOC_SHA_DMA_MAX_BUFFER_SIZE=3968 +CONFIG_SOC_SHA_SUPPORT_DMA=y +CONFIG_SOC_SHA_SUPPORT_RESUME=y +CONFIG_SOC_SHA_GDMA=y +CONFIG_SOC_SHA_SUPPORT_SHA1=y +CONFIG_SOC_SHA_SUPPORT_SHA224=y +CONFIG_SOC_SHA_SUPPORT_SHA256=y +CONFIG_SOC_SHA_SUPPORT_SHA384=y +CONFIG_SOC_SHA_SUPPORT_SHA512=y +CONFIG_SOC_SHA_SUPPORT_SHA512_224=y +CONFIG_SOC_SHA_SUPPORT_SHA512_256=y +CONFIG_SOC_SHA_SUPPORT_SHA512_T=y +CONFIG_SOC_MPI_MEM_BLOCKS_NUM=4 +CONFIG_SOC_MPI_OPERATIONS_NUM=3 +CONFIG_SOC_RSA_MAX_BIT_LEN=4096 +CONFIG_SOC_AES_SUPPORT_DMA=y +CONFIG_SOC_AES_GDMA=y +CONFIG_SOC_AES_SUPPORT_AES_128=y +CONFIG_SOC_AES_SUPPORT_AES_256=y +CONFIG_SOC_PM_SUPPORT_EXT0_WAKEUP=y +CONFIG_SOC_PM_SUPPORT_EXT1_WAKEUP=y +CONFIG_SOC_PM_SUPPORT_EXT_WAKEUP=y +CONFIG_SOC_PM_SUPPORT_WIFI_WAKEUP=y +CONFIG_SOC_PM_SUPPORT_BT_WAKEUP=y +CONFIG_SOC_PM_SUPPORT_TOUCH_SENSOR_WAKEUP=y +CONFIG_SOC_PM_SUPPORT_CPU_PD=y +CONFIG_SOC_PM_SUPPORT_TAGMEM_PD=y +CONFIG_SOC_PM_SUPPORT_RTC_PERIPH_PD=y +CONFIG_SOC_PM_SUPPORT_RC_FAST_PD=y +CONFIG_SOC_PM_SUPPORT_VDDSDIO_PD=y +CONFIG_SOC_PM_SUPPORT_MAC_BB_PD=y +CONFIG_SOC_PM_SUPPORT_MODEM_PD=y +CONFIG_SOC_CONFIGURABLE_VDDSDIO_SUPPORTED=y +CONFIG_SOC_PM_SUPPORT_DEEPSLEEP_CHECK_STUB_ONLY=y +CONFIG_SOC_PM_CPU_RETENTION_BY_RTCCNTL=y +CONFIG_SOC_PM_MODEM_RETENTION_BY_BACKUPDMA=y +CONFIG_SOC_CLK_RC_FAST_D256_SUPPORTED=y +CONFIG_SOC_RTC_SLOW_CLK_SUPPORT_RC_FAST_D256=y +CONFIG_SOC_CLK_RC_FAST_SUPPORT_CALIBRATION=y +CONFIG_SOC_CLK_XTAL32K_SUPPORTED=y +CONFIG_SOC_EFUSE_DIS_DOWNLOAD_ICACHE=y +CONFIG_SOC_EFUSE_DIS_DOWNLOAD_DCACHE=y +CONFIG_SOC_EFUSE_HARD_DIS_JTAG=y +CONFIG_SOC_EFUSE_DIS_USB_JTAG=y +CONFIG_SOC_EFUSE_SOFT_DIS_JTAG=y +CONFIG_SOC_EFUSE_DIS_DIRECT_BOOT=y +CONFIG_SOC_EFUSE_DIS_ICACHE=y +CONFIG_SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK=y +CONFIG_SOC_SECURE_BOOT_V2_RSA=y +CONFIG_SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS=3 +CONFIG_SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS=y +CONFIG_SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY=y +CONFIG_SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX=64 +CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES=y +CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS=y +CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128=y +CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_256=y +CONFIG_SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE=16 +CONFIG_SOC_MEMPROT_MEM_ALIGN_SIZE=256 +CONFIG_SOC_PHY_DIG_REGS_MEM_SIZE=21 +CONFIG_SOC_MAC_BB_PD_MEM_SIZE=192 +CONFIG_SOC_WIFI_LIGHT_SLEEP_CLK_WIDTH=12 +CONFIG_SOC_SPI_MEM_SUPPORT_AUTO_WAIT_IDLE=y +CONFIG_SOC_SPI_MEM_SUPPORT_AUTO_SUSPEND=y +CONFIG_SOC_SPI_MEM_SUPPORT_AUTO_RESUME=y +CONFIG_SOC_SPI_MEM_SUPPORT_SW_SUSPEND=y +CONFIG_SOC_SPI_MEM_SUPPORT_OPI_MODE=y +CONFIG_SOC_SPI_MEM_SUPPORT_TIMING_TUNING=y +CONFIG_SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE=y +CONFIG_SOC_SPI_MEM_SUPPORT_WRAP=y +CONFIG_SOC_MEMSPI_TIMING_TUNING_BY_MSPI_DELAY=y +CONFIG_SOC_MEMSPI_CORE_CLK_SHARED_WITH_PSRAM=y +CONFIG_SOC_COEX_HW_PTI=y +CONFIG_SOC_EXTERNAL_COEX_LEADER_TX_LINE=y +CONFIG_SOC_SDMMC_USE_GPIO_MATRIX=y +CONFIG_SOC_SDMMC_NUM_SLOTS=2 +CONFIG_SOC_SDMMC_SUPPORT_XTAL_CLOCK=y +CONFIG_SOC_SDMMC_DELAY_PHASE_NUM=4 +CONFIG_SOC_TEMPERATURE_SENSOR_SUPPORT_FAST_RC=y +CONFIG_SOC_WIFI_HW_TSF=y +CONFIG_SOC_WIFI_FTM_SUPPORT=y +CONFIG_SOC_WIFI_GCMP_SUPPORT=y +CONFIG_SOC_WIFI_WAPI_SUPPORT=y +CONFIG_SOC_WIFI_CSI_SUPPORT=y +CONFIG_SOC_WIFI_MESH_SUPPORT=y +CONFIG_SOC_WIFI_SUPPORT_VARIABLE_BEACON_WINDOW=y +CONFIG_SOC_WIFI_PHY_NEEDS_USB_WORKAROUND=y +CONFIG_SOC_BLE_SUPPORTED=y +CONFIG_SOC_BLE_MESH_SUPPORTED=y +CONFIG_SOC_BLE_50_SUPPORTED=y +CONFIG_SOC_BLE_DEVICE_PRIVACY_SUPPORTED=y +CONFIG_SOC_BLUFI_SUPPORTED=y +CONFIG_SOC_ULP_HAS_ADC=y +CONFIG_SOC_PHY_COMBO_MODULE=y +CONFIG_IDF_CMAKE=y +CONFIG_IDF_TOOLCHAIN="gcc" +CONFIG_IDF_TARGET_ARCH_XTENSA=y +CONFIG_IDF_TARGET_ARCH="xtensa" +CONFIG_IDF_TARGET="esp32s3" +CONFIG_IDF_INIT_VERSION="5.3.0" +CONFIG_IDF_TARGET_ESP32S3=y +CONFIG_IDF_FIRMWARE_CHIP_ID=0x0009 + +# +# Build type +# +CONFIG_APP_BUILD_TYPE_APP_2NDBOOT=y +# CONFIG_APP_BUILD_TYPE_RAM is not set +CONFIG_APP_BUILD_GENERATE_BINARIES=y +CONFIG_APP_BUILD_BOOTLOADER=y +CONFIG_APP_BUILD_USE_FLASH_SECTIONS=y +# CONFIG_APP_REPRODUCIBLE_BUILD is not set +# CONFIG_APP_NO_BLOBS is not set +# end of Build type + +# +# Bootloader config +# + +# +# Bootloader manager +# +CONFIG_BOOTLOADER_COMPILE_TIME_DATE=y +CONFIG_BOOTLOADER_PROJECT_VER=1 +# end of Bootloader manager + +CONFIG_BOOTLOADER_OFFSET_IN_FLASH=0x0 +CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y +# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_DEBUG is not set +# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_NONE is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_NONE is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_ERROR is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_WARN is not set +CONFIG_BOOTLOADER_LOG_LEVEL_INFO=y +# CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG is not set +# CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE is not set +CONFIG_BOOTLOADER_LOG_LEVEL=3 + +# +# Serial Flash Configurations +# +# CONFIG_BOOTLOADER_FLASH_DC_AWARE is not set +CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT=y +# end of Serial Flash Configurations + +CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y +# CONFIG_BOOTLOADER_FACTORY_RESET is not set +# CONFIG_BOOTLOADER_APP_TEST is not set +CONFIG_BOOTLOADER_REGION_PROTECTION_ENABLE=y +CONFIG_BOOTLOADER_WDT_ENABLE=y +# CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE is not set +CONFIG_BOOTLOADER_WDT_TIME_MS=9000 +# CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE is not set +# CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP is not set +# CONFIG_BOOTLOADER_SKIP_VALIDATE_ON_POWER_ON is not set +# CONFIG_BOOTLOADER_SKIP_VALIDATE_ALWAYS is not set +CONFIG_BOOTLOADER_RESERVE_RTC_SIZE=0 +# CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC is not set +# end of Bootloader config + +# +# Security features +# +CONFIG_SECURE_BOOT_V2_RSA_SUPPORTED=y +CONFIG_SECURE_BOOT_V2_PREFERRED=y +# CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is not set +# CONFIG_SECURE_BOOT is not set +# CONFIG_SECURE_FLASH_ENC_ENABLED is not set +CONFIG_SECURE_ROM_DL_MODE_ENABLED=y +# end of Security features + +# +# Application manager +# +CONFIG_APP_COMPILE_TIME_DATE=y +# CONFIG_APP_EXCLUDE_PROJECT_VER_VAR is not set +# CONFIG_APP_EXCLUDE_PROJECT_NAME_VAR is not set +# CONFIG_APP_PROJECT_VER_FROM_CONFIG is not set +CONFIG_APP_RETRIEVE_LEN_ELF_SHA=9 +# end of Application manager + +CONFIG_ESP_ROM_HAS_CRC_LE=y +CONFIG_ESP_ROM_HAS_CRC_BE=y +CONFIG_ESP_ROM_HAS_MZ_CRC32=y +CONFIG_ESP_ROM_HAS_JPEG_DECODE=y +CONFIG_ESP_ROM_UART_CLK_IS_XTAL=y +CONFIG_ESP_ROM_HAS_RETARGETABLE_LOCKING=y +CONFIG_ESP_ROM_USB_OTG_NUM=3 +CONFIG_ESP_ROM_USB_SERIAL_DEVICE_NUM=4 +CONFIG_ESP_ROM_HAS_ERASE_0_REGION_BUG=y +CONFIG_ESP_ROM_HAS_ENCRYPTED_WRITES_USING_LEGACY_DRV=y +CONFIG_ESP_ROM_GET_CLK_FREQ=y +CONFIG_ESP_ROM_HAS_HAL_WDT=y +CONFIG_ESP_ROM_NEEDS_SWSETUP_WORKAROUND=y +CONFIG_ESP_ROM_HAS_LAYOUT_TABLE=y +CONFIG_ESP_ROM_HAS_SPI_FLASH=y +CONFIG_ESP_ROM_HAS_ETS_PRINTF_BUG=y +CONFIG_ESP_ROM_HAS_NEWLIB=y +CONFIG_ESP_ROM_HAS_NEWLIB_NANO_FORMAT=y +CONFIG_ESP_ROM_HAS_NEWLIB_32BIT_TIME=y +CONFIG_ESP_ROM_NEEDS_SET_CACHE_MMU_SIZE=y +CONFIG_ESP_ROM_RAM_APP_NEEDS_MMU_INIT=y +CONFIG_ESP_ROM_HAS_FLASH_COUNT_PAGES_BUG=y +CONFIG_ESP_ROM_HAS_CACHE_SUSPEND_WAITI_BUG=y +CONFIG_ESP_ROM_HAS_CACHE_WRITEBACK_BUG=y +CONFIG_ESP_ROM_HAS_SW_FLOAT=y +CONFIG_ESP_ROM_HAS_VERSION=y +CONFIG_ESP_ROM_SUPPORT_DEEP_SLEEP_WAKEUP_STUB=y + +# +# Boot ROM Behavior +# +CONFIG_BOOT_ROM_LOG_ALWAYS_ON=y +# CONFIG_BOOT_ROM_LOG_ALWAYS_OFF is not set +# CONFIG_BOOT_ROM_LOG_ON_GPIO_HIGH is not set +# CONFIG_BOOT_ROM_LOG_ON_GPIO_LOW is not set +# end of Boot ROM Behavior + +# +# Serial flasher config +# +# CONFIG_ESPTOOLPY_NO_STUB is not set +# CONFIG_ESPTOOLPY_OCT_FLASH is not set +CONFIG_ESPTOOLPY_FLASH_MODE_AUTO_DETECT=y +# CONFIG_ESPTOOLPY_FLASHMODE_QIO is not set +# CONFIG_ESPTOOLPY_FLASHMODE_QOUT is not set +CONFIG_ESPTOOLPY_FLASHMODE_DIO=y +# CONFIG_ESPTOOLPY_FLASHMODE_DOUT is not set +CONFIG_ESPTOOLPY_FLASH_SAMPLE_MODE_STR=y +CONFIG_ESPTOOLPY_FLASHMODE="dio" +# CONFIG_ESPTOOLPY_FLASHFREQ_120M is not set +CONFIG_ESPTOOLPY_FLASHFREQ_80M=y +# CONFIG_ESPTOOLPY_FLASHFREQ_40M is not set +# CONFIG_ESPTOOLPY_FLASHFREQ_20M is not set +CONFIG_ESPTOOLPY_FLASHFREQ_80M_DEFAULT=y +CONFIG_ESPTOOLPY_FLASHFREQ="80m" +# CONFIG_ESPTOOLPY_FLASHSIZE_1MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_2MB is not set +CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y +# CONFIG_ESPTOOLPY_FLASHSIZE_8MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_16MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_32MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_64MB is not set +# CONFIG_ESPTOOLPY_FLASHSIZE_128MB is not set +CONFIG_ESPTOOLPY_FLASHSIZE="4MB" +# CONFIG_ESPTOOLPY_HEADER_FLASHSIZE_UPDATE is not set +CONFIG_ESPTOOLPY_BEFORE_RESET=y +# CONFIG_ESPTOOLPY_BEFORE_NORESET is not set +CONFIG_ESPTOOLPY_BEFORE="default_reset" +CONFIG_ESPTOOLPY_AFTER_RESET=y +# CONFIG_ESPTOOLPY_AFTER_NORESET is not set +CONFIG_ESPTOOLPY_AFTER="hard_reset" +CONFIG_ESPTOOLPY_MONITOR_BAUD=115200 +# end of Serial flasher config + +# +# Partition Table +# +# CONFIG_PARTITION_TABLE_SINGLE_APP is not set +# CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE is not set +# CONFIG_PARTITION_TABLE_TWO_OTA is not set +CONFIG_PARTITION_TABLE_CUSTOM=y +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv" +CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv" +CONFIG_PARTITION_TABLE_OFFSET=0x8000 +CONFIG_PARTITION_TABLE_MD5=y +# end of Partition Table + +# +# Compiler options +# +CONFIG_COMPILER_OPTIMIZATION_DEBUG=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set +CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y +CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set +CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +CONFIG_COMPILER_STACK_CHECK_MODE_NONE=y +# CONFIG_COMPILER_STACK_CHECK_MODE_NORM is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DISABLE_GCC13_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +CONFIG_COMPILER_RT_LIB_GCCLIB=y +CONFIG_COMPILER_RT_LIB_NAME="gcc" +# CONFIG_COMPILER_ORPHAN_SECTIONS_WARNING is not set +CONFIG_COMPILER_ORPHAN_SECTIONS_PLACE=y +# end of Compiler options + +# +# Component config +# + +# +# Application Level Tracing +# +# CONFIG_APPTRACE_DEST_JTAG is not set +CONFIG_APPTRACE_DEST_NONE=y +# CONFIG_APPTRACE_DEST_UART1 is not set +# CONFIG_APPTRACE_DEST_UART2 is not set +# CONFIG_APPTRACE_DEST_USB_CDC is not set +CONFIG_APPTRACE_DEST_UART_NONE=y +CONFIG_APPTRACE_UART_TASK_PRIO=1 +CONFIG_APPTRACE_LOCK_ENABLE=y +# end of Application Level Tracing + +# +# Bluetooth +# +# CONFIG_BT_ENABLED is not set +CONFIG_BT_ALARM_MAX_NUM=50 +# end of Bluetooth + +# +# Console Library +# +# CONFIG_CONSOLE_SORTED_HELP is not set +# end of Console Library + +# +# Driver Configurations +# + +# +# TWAI Configuration +# +# CONFIG_TWAI_ISR_IN_IRAM is not set +CONFIG_TWAI_ERRATA_FIX_LISTEN_ONLY_DOM=y +# end of TWAI Configuration + +# +# Legacy ADC Driver Configuration +# +# CONFIG_ADC_SUPPRESS_DEPRECATE_WARN is not set + +# +# Legacy ADC Calibration Configuration +# +# CONFIG_ADC_CALI_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy ADC Calibration Configuration +# end of Legacy ADC Driver Configuration + +# +# Legacy MCPWM Driver Configurations +# +# CONFIG_MCPWM_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy MCPWM Driver Configurations + +# +# Legacy Timer Group Driver Configurations +# +# CONFIG_GPTIMER_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy Timer Group Driver Configurations + +# +# Legacy RMT Driver Configurations +# +# CONFIG_RMT_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy RMT Driver Configurations + +# +# Legacy I2S Driver Configurations +# +# CONFIG_I2S_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy I2S Driver Configurations + +# +# Legacy PCNT Driver Configurations +# +# CONFIG_PCNT_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy PCNT Driver Configurations + +# +# Legacy SDM Driver Configurations +# +# CONFIG_SDM_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy SDM Driver Configurations + +# +# Legacy Temperature Sensor Driver Configurations +# +# CONFIG_TEMP_SENSOR_SUPPRESS_DEPRECATE_WARN is not set +# end of Legacy Temperature Sensor Driver Configurations +# end of Driver Configurations + +# +# eFuse Bit Manager +# +# CONFIG_EFUSE_CUSTOM_TABLE is not set +# CONFIG_EFUSE_VIRTUAL is not set +CONFIG_EFUSE_MAX_BLK_LEN=256 +# end of eFuse Bit Manager + +# +# ESP-TLS +# +CONFIG_ESP_TLS_USING_MBEDTLS=y +# CONFIG_ESP_TLS_USE_DS_PERIPHERAL is not set +# CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK is not set +# CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL is not set +# CONFIG_ESP_TLS_PSK_VERIFICATION is not set +# CONFIG_ESP_TLS_INSECURE is not set +# end of ESP-TLS + +# +# ADC and ADC Calibration +# +# CONFIG_ADC_ONESHOT_CTRL_FUNC_IN_IRAM is not set +# CONFIG_ADC_CONTINUOUS_ISR_IRAM_SAFE is not set +# CONFIG_ADC_CONTINUOUS_FORCE_USE_ADC2_ON_C3_S3 is not set +# CONFIG_ADC_ENABLE_DEBUG_LOG is not set +# end of ADC and ADC Calibration + +# +# Wireless Coexistence +# +CONFIG_ESP_COEX_ENABLED=y +# CONFIG_ESP_COEX_EXTERNAL_COEXIST_ENABLE is not set +# end of Wireless Coexistence + +# +# Common ESP-related +# +CONFIG_ESP_ERR_TO_NAME_LOOKUP=y +# end of Common ESP-related + +# +# ESP-Driver:GPIO Configurations +# +# CONFIG_GPIO_CTRL_FUNC_IN_IRAM is not set +# end of ESP-Driver:GPIO Configurations + +# +# ESP-Driver:GPTimer Configurations +# +CONFIG_GPTIMER_ISR_HANDLER_IN_IRAM=y +# CONFIG_GPTIMER_CTRL_FUNC_IN_IRAM is not set +# CONFIG_GPTIMER_ISR_IRAM_SAFE is not set +# CONFIG_GPTIMER_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:GPTimer Configurations + +# +# ESP-Driver:I2C Configurations +# +# CONFIG_I2C_ISR_IRAM_SAFE is not set +# CONFIG_I2C_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:I2C Configurations + +# +# ESP-Driver:I2S Configurations +# +# CONFIG_I2S_ISR_IRAM_SAFE is not set +# CONFIG_I2S_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:I2S Configurations + +# +# ESP-Driver:LEDC Configurations +# +# CONFIG_LEDC_CTRL_FUNC_IN_IRAM is not set +# end of ESP-Driver:LEDC Configurations + +# +# ESP-Driver:MCPWM Configurations +# +# CONFIG_MCPWM_ISR_IRAM_SAFE is not set +# CONFIG_MCPWM_CTRL_FUNC_IN_IRAM is not set +# CONFIG_MCPWM_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:MCPWM Configurations + +# +# ESP-Driver:PCNT Configurations +# +# CONFIG_PCNT_CTRL_FUNC_IN_IRAM is not set +# CONFIG_PCNT_ISR_IRAM_SAFE is not set +# CONFIG_PCNT_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:PCNT Configurations + +# +# ESP-Driver:RMT Configurations +# +# CONFIG_RMT_ISR_IRAM_SAFE is not set +# CONFIG_RMT_RECV_FUNC_IN_IRAM is not set +# CONFIG_RMT_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:RMT Configurations + +# +# ESP-Driver:Sigma Delta Modulator Configurations +# +# CONFIG_SDM_CTRL_FUNC_IN_IRAM is not set +# CONFIG_SDM_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:Sigma Delta Modulator Configurations + +# +# ESP-Driver:SPI Configurations +# +# CONFIG_SPI_MASTER_IN_IRAM is not set +CONFIG_SPI_MASTER_ISR_IN_IRAM=y +# CONFIG_SPI_SLAVE_IN_IRAM is not set +CONFIG_SPI_SLAVE_ISR_IN_IRAM=y +# end of ESP-Driver:SPI Configurations + +# +# ESP-Driver:Temperature Sensor Configurations +# +# CONFIG_TEMP_SENSOR_ENABLE_DEBUG_LOG is not set +# end of ESP-Driver:Temperature Sensor Configurations + +# +# ESP-Driver:UART Configurations +# +# CONFIG_UART_ISR_IN_IRAM is not set +# end of ESP-Driver:UART Configurations + +# +# ESP-Driver:USB Serial/JTAG Configuration +# +CONFIG_USJ_ENABLE_USB_SERIAL_JTAG=y +# end of ESP-Driver:USB Serial/JTAG Configuration + +# +# Ethernet +# +CONFIG_ETH_ENABLED=y +CONFIG_ETH_USE_SPI_ETHERNET=y +# CONFIG_ETH_SPI_ETHERNET_DM9051 is not set +# CONFIG_ETH_SPI_ETHERNET_W5500 is not set +# CONFIG_ETH_SPI_ETHERNET_KSZ8851SNL is not set +# CONFIG_ETH_USE_OPENETH is not set +# CONFIG_ETH_TRANSMIT_MUTEX is not set +# end of Ethernet + +# +# Event Loop Library +# +# CONFIG_ESP_EVENT_LOOP_PROFILING is not set +CONFIG_ESP_EVENT_POST_FROM_ISR=y +CONFIG_ESP_EVENT_POST_FROM_IRAM_ISR=y +# end of Event Loop Library + +# +# GDB Stub +# +CONFIG_ESP_GDBSTUB_ENABLED=y +# CONFIG_ESP_SYSTEM_GDBSTUB_RUNTIME is not set +CONFIG_ESP_GDBSTUB_SUPPORT_TASKS=y +CONFIG_ESP_GDBSTUB_MAX_TASKS=32 +# end of GDB Stub + +# +# ESP HTTP client +# +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=y +# CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH is not set +# CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH is not set +# CONFIG_ESP_HTTP_CLIENT_ENABLE_CUSTOM_TRANSPORT is not set +# end of ESP HTTP client + +# +# HTTP Server +# +CONFIG_HTTPD_MAX_REQ_HDR_LEN=512 +CONFIG_HTTPD_MAX_URI_LEN=512 +CONFIG_HTTPD_ERR_RESP_NO_DELAY=y +CONFIG_HTTPD_PURGE_BUF_LEN=32 +# CONFIG_HTTPD_LOG_PURGE_DATA is not set +# CONFIG_HTTPD_WS_SUPPORT is not set +# CONFIG_HTTPD_QUEUE_WORK_BLOCKING is not set +# end of HTTP Server + +# +# ESP HTTPS OTA +# +# CONFIG_ESP_HTTPS_OTA_DECRYPT_CB is not set +# CONFIG_ESP_HTTPS_OTA_ALLOW_HTTP is not set +# end of ESP HTTPS OTA + +# +# ESP HTTPS server +# +# end of ESP HTTPS server + +# +# Hardware Settings +# + +# +# Chip revision +# +CONFIG_ESP32S3_REV_MIN_0=y +# CONFIG_ESP32S3_REV_MIN_1 is not set +# CONFIG_ESP32S3_REV_MIN_2 is not set +CONFIG_ESP32S3_REV_MIN_FULL=0 +CONFIG_ESP_REV_MIN_FULL=0 + +# +# Maximum Supported ESP32-S3 Revision (Rev v0.99) +# +CONFIG_ESP32S3_REV_MAX_FULL=99 +CONFIG_ESP_REV_MAX_FULL=99 +# end of Chip revision + +# +# MAC Config +# +CONFIG_ESP_MAC_ADDR_UNIVERSE_WIFI_STA=y +CONFIG_ESP_MAC_ADDR_UNIVERSE_WIFI_AP=y +CONFIG_ESP_MAC_ADDR_UNIVERSE_BT=y +CONFIG_ESP_MAC_ADDR_UNIVERSE_ETH=y +CONFIG_ESP_MAC_UNIVERSAL_MAC_ADDRESSES_FOUR=y +CONFIG_ESP_MAC_UNIVERSAL_MAC_ADDRESSES=4 +# CONFIG_ESP32S3_UNIVERSAL_MAC_ADDRESSES_TWO is not set +CONFIG_ESP32S3_UNIVERSAL_MAC_ADDRESSES_FOUR=y +CONFIG_ESP32S3_UNIVERSAL_MAC_ADDRESSES=4 +# CONFIG_ESP_MAC_USE_CUSTOM_MAC_AS_BASE_MAC is not set +# end of MAC Config + +# +# Sleep Config +# +# CONFIG_ESP_SLEEP_POWER_DOWN_FLASH is not set +CONFIG_ESP_SLEEP_FLASH_LEAKAGE_WORKAROUND=y +CONFIG_ESP_SLEEP_MSPI_NEED_ALL_IO_PU=y +CONFIG_ESP_SLEEP_RTC_BUS_ISO_WORKAROUND=y +CONFIG_ESP_SLEEP_GPIO_RESET_WORKAROUND=y +CONFIG_ESP_SLEEP_WAIT_FLASH_READY_EXTRA_DELAY=2000 +# CONFIG_ESP_SLEEP_CACHE_SAFE_ASSERTION is not set +# CONFIG_ESP_SLEEP_DEBUG is not set +CONFIG_ESP_SLEEP_GPIO_ENABLE_INTERNAL_RESISTORS=y +# end of Sleep Config + +# +# RTC Clock Config +# +CONFIG_RTC_CLK_SRC_INT_RC=y +# CONFIG_RTC_CLK_SRC_EXT_CRYS is not set +# CONFIG_RTC_CLK_SRC_EXT_OSC is not set +# CONFIG_RTC_CLK_SRC_INT_8MD256 is not set +CONFIG_RTC_CLK_CAL_CYCLES=1024 +# end of RTC Clock Config + +# +# Peripheral Control +# +CONFIG_PERIPH_CTRL_FUNC_IN_IRAM=y +# end of Peripheral Control + +# +# GDMA Configurations +# +CONFIG_GDMA_CTRL_FUNC_IN_IRAM=y +# CONFIG_GDMA_ISR_IRAM_SAFE is not set +# CONFIG_GDMA_ENABLE_DEBUG_LOG is not set +# end of GDMA Configurations + +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_40=y +CONFIG_XTAL_FREQ=40 +# end of Main XTAL Config + +CONFIG_ESP_SPI_BUS_LOCK_ISR_FUNCS_IN_IRAM=y +# end of Hardware Settings + +# +# LCD and Touch Panel +# + +# +# LCD Touch Drivers are maintained in the IDF Component Registry +# + +# +# LCD Peripheral Configuration +# +CONFIG_LCD_PANEL_IO_FORMAT_BUF_SIZE=32 +# CONFIG_LCD_ENABLE_DEBUG_LOG is not set +# CONFIG_LCD_RGB_ISR_IRAM_SAFE is not set +# CONFIG_LCD_RGB_RESTART_IN_VSYNC is not set +# end of LCD Peripheral Configuration +# end of LCD and Touch Panel + +# +# ESP NETIF Adapter +# +CONFIG_ESP_NETIF_IP_LOST_TIMER_INTERVAL=120 +CONFIG_ESP_NETIF_TCPIP_LWIP=y +# CONFIG_ESP_NETIF_LOOPBACK is not set +CONFIG_ESP_NETIF_USES_TCPIP_WITH_BSD_API=y +# CONFIG_ESP_NETIF_RECEIVE_REPORT_ERRORS is not set +# CONFIG_ESP_NETIF_L2_TAP is not set +# CONFIG_ESP_NETIF_BRIDGE_EN is not set +# end of ESP NETIF Adapter + +# +# Partition API Configuration +# +# end of Partition API Configuration + +# +# PHY +# +CONFIG_ESP_PHY_ENABLED=y +CONFIG_ESP_PHY_CALIBRATION_AND_DATA_STORAGE=y +# CONFIG_ESP_PHY_INIT_DATA_IN_PARTITION is not set +CONFIG_ESP_PHY_MAX_WIFI_TX_POWER=20 +CONFIG_ESP_PHY_MAX_TX_POWER=20 +# CONFIG_ESP_PHY_REDUCE_TX_POWER is not set +CONFIG_ESP_PHY_ENABLE_USB=y +# CONFIG_ESP_PHY_ENABLE_CERT_TEST is not set +CONFIG_ESP_PHY_RF_CAL_PARTIAL=y +# CONFIG_ESP_PHY_RF_CAL_NONE is not set +# CONFIG_ESP_PHY_RF_CAL_FULL is not set +CONFIG_ESP_PHY_CALIBRATION_MODE=0 +# CONFIG_ESP_PHY_PLL_TRACK_DEBUG is not set +# end of PHY + +# +# Power Management +# +# CONFIG_PM_ENABLE is not set +CONFIG_PM_POWER_DOWN_CPU_IN_LIGHT_SLEEP=y +CONFIG_PM_RESTORE_CACHE_TAGMEM_AFTER_LIGHT_SLEEP=y +# end of Power Management + +# +# ESP PSRAM +# +# CONFIG_SPIRAM is not set +# end of ESP PSRAM + +# +# ESP Ringbuf +# +# CONFIG_RINGBUF_PLACE_FUNCTIONS_INTO_FLASH is not set +# end of ESP Ringbuf + +# +# ESP System Settings +# +# CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80 is not set +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160=y +# CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240 is not set +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ=160 + +# +# Cache config +# +CONFIG_ESP32S3_INSTRUCTION_CACHE_16KB=y +# CONFIG_ESP32S3_INSTRUCTION_CACHE_32KB is not set +CONFIG_ESP32S3_INSTRUCTION_CACHE_SIZE=0x4000 +# CONFIG_ESP32S3_INSTRUCTION_CACHE_4WAYS is not set +CONFIG_ESP32S3_INSTRUCTION_CACHE_8WAYS=y +CONFIG_ESP32S3_ICACHE_ASSOCIATED_WAYS=8 +# CONFIG_ESP32S3_INSTRUCTION_CACHE_LINE_16B is not set +CONFIG_ESP32S3_INSTRUCTION_CACHE_LINE_32B=y +CONFIG_ESP32S3_INSTRUCTION_CACHE_LINE_SIZE=32 +# CONFIG_ESP32S3_DATA_CACHE_16KB is not set +CONFIG_ESP32S3_DATA_CACHE_32KB=y +# CONFIG_ESP32S3_DATA_CACHE_64KB is not set +CONFIG_ESP32S3_DATA_CACHE_SIZE=0x8000 +# CONFIG_ESP32S3_DATA_CACHE_4WAYS is not set +CONFIG_ESP32S3_DATA_CACHE_8WAYS=y +CONFIG_ESP32S3_DCACHE_ASSOCIATED_WAYS=8 +# CONFIG_ESP32S3_DATA_CACHE_LINE_16B is not set +CONFIG_ESP32S3_DATA_CACHE_LINE_32B=y +# CONFIG_ESP32S3_DATA_CACHE_LINE_64B is not set +CONFIG_ESP32S3_DATA_CACHE_LINE_SIZE=32 +# end of Cache config + +# +# Memory +# +# CONFIG_ESP32S3_RTCDATA_IN_FAST_MEM is not set +# CONFIG_ESP32S3_USE_FIXED_STATIC_RAM_SIZE is not set +# end of Memory + +# +# Trace memory +# +# CONFIG_ESP32S3_TRAX is not set +CONFIG_ESP32S3_TRACEMEM_RESERVE_DRAM=0x0 +# end of Trace memory + +# CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT is not set +CONFIG_ESP_SYSTEM_PANIC_PRINT_REBOOT=y +# CONFIG_ESP_SYSTEM_PANIC_SILENT_REBOOT is not set +# CONFIG_ESP_SYSTEM_PANIC_GDBSTUB is not set +CONFIG_ESP_SYSTEM_PANIC_REBOOT_DELAY_SECONDS=0 +CONFIG_ESP_SYSTEM_RTC_FAST_MEM_AS_HEAP_DEPCHECK=y +CONFIG_ESP_SYSTEM_ALLOW_RTC_FAST_MEM_AS_HEAP=y + +# +# Memory protection +# +CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y +CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=y +# end of Memory protection + +CONFIG_ESP_SYSTEM_EVENT_QUEUE_SIZE=32 +CONFIG_ESP_SYSTEM_EVENT_TASK_STACK_SIZE=2304 +CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584 +CONFIG_ESP_MAIN_TASK_AFFINITY_CPU0=y +# CONFIG_ESP_MAIN_TASK_AFFINITY_CPU1 is not set +# CONFIG_ESP_MAIN_TASK_AFFINITY_NO_AFFINITY is not set +CONFIG_ESP_MAIN_TASK_AFFINITY=0x0 +CONFIG_ESP_MINIMAL_SHARED_STACK_SIZE=2048 +CONFIG_ESP_CONSOLE_UART_DEFAULT=y +# CONFIG_ESP_CONSOLE_USB_CDC is not set +# CONFIG_ESP_CONSOLE_USB_SERIAL_JTAG is not set +# CONFIG_ESP_CONSOLE_UART_CUSTOM is not set +# CONFIG_ESP_CONSOLE_NONE is not set +# CONFIG_ESP_CONSOLE_SECONDARY_NONE is not set +CONFIG_ESP_CONSOLE_SECONDARY_USB_SERIAL_JTAG=y +CONFIG_ESP_CONSOLE_USB_SERIAL_JTAG_ENABLED=y +CONFIG_ESP_CONSOLE_UART=y +CONFIG_ESP_CONSOLE_UART_NUM=0 +CONFIG_ESP_CONSOLE_ROM_SERIAL_PORT_NUM=0 +CONFIG_ESP_CONSOLE_UART_BAUDRATE=115200 +CONFIG_ESP_INT_WDT=y +CONFIG_ESP_INT_WDT_TIMEOUT_MS=300 +CONFIG_ESP_INT_WDT_CHECK_CPU1=y +CONFIG_ESP_TASK_WDT_EN=y +CONFIG_ESP_TASK_WDT_INIT=y +# CONFIG_ESP_TASK_WDT_PANIC is not set +CONFIG_ESP_TASK_WDT_TIMEOUT_S=5 +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=y +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=y +# CONFIG_ESP_PANIC_HANDLER_IRAM is not set +# CONFIG_ESP_DEBUG_STUBS_ENABLE is not set +CONFIG_ESP_DEBUG_OCDAWARE=y +CONFIG_ESP_SYSTEM_CHECK_INT_LEVEL_4=y + +# +# Brownout Detector +# +CONFIG_ESP_BROWNOUT_DET=y +CONFIG_ESP_BROWNOUT_DET_LVL_SEL_7=y +# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_6 is not set +# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_5 is not set +# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_4 is not set +# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_3 is not set +# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_2 is not set +# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_1 is not set +CONFIG_ESP_BROWNOUT_DET_LVL=7 +# end of Brownout Detector + +CONFIG_ESP_SYSTEM_BROWNOUT_INTR=y +CONFIG_ESP_SYSTEM_BBPLL_RECALIB=y +# end of ESP System Settings + +# +# IPC (Inter-Processor Call) +# +CONFIG_ESP_IPC_TASK_STACK_SIZE=1280 +CONFIG_ESP_IPC_USES_CALLERS_PRIORITY=y +CONFIG_ESP_IPC_ISR_ENABLE=y +# end of IPC (Inter-Processor Call) + +# +# ESP Timer (High Resolution Timer) +# +# CONFIG_ESP_TIMER_PROFILING is not set +CONFIG_ESP_TIME_FUNCS_USE_RTC_TIMER=y +CONFIG_ESP_TIME_FUNCS_USE_ESP_TIMER=y +CONFIG_ESP_TIMER_TASK_STACK_SIZE=3584 +CONFIG_ESP_TIMER_INTERRUPT_LEVEL=1 +# CONFIG_ESP_TIMER_SHOW_EXPERIMENTAL is not set +CONFIG_ESP_TIMER_TASK_AFFINITY=0x0 +CONFIG_ESP_TIMER_TASK_AFFINITY_CPU0=y +CONFIG_ESP_TIMER_ISR_AFFINITY_CPU0=y +# CONFIG_ESP_TIMER_SUPPORTS_ISR_DISPATCH_METHOD is not set +CONFIG_ESP_TIMER_IMPL_SYSTIMER=y +# end of ESP Timer (High Resolution Timer) + +# +# Wi-Fi +# +CONFIG_ESP_WIFI_ENABLED=y +CONFIG_ESP_WIFI_STATIC_RX_BUFFER_NUM=10 +CONFIG_ESP_WIFI_DYNAMIC_RX_BUFFER_NUM=32 +# CONFIG_ESP_WIFI_STATIC_TX_BUFFER is not set +CONFIG_ESP_WIFI_DYNAMIC_TX_BUFFER=y +CONFIG_ESP_WIFI_TX_BUFFER_TYPE=1 +CONFIG_ESP_WIFI_DYNAMIC_TX_BUFFER_NUM=32 +CONFIG_ESP_WIFI_STATIC_RX_MGMT_BUFFER=y +# CONFIG_ESP_WIFI_DYNAMIC_RX_MGMT_BUFFER is not set +CONFIG_ESP_WIFI_DYNAMIC_RX_MGMT_BUF=0 +CONFIG_ESP_WIFI_RX_MGMT_BUF_NUM_DEF=5 +# CONFIG_ESP_WIFI_CSI_ENABLED is not set +CONFIG_ESP_WIFI_AMPDU_TX_ENABLED=y +CONFIG_ESP_WIFI_TX_BA_WIN=6 +CONFIG_ESP_WIFI_AMPDU_RX_ENABLED=y +CONFIG_ESP_WIFI_RX_BA_WIN=6 +CONFIG_ESP_WIFI_NVS_ENABLED=y +CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_0=y +# CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_1 is not set +CONFIG_ESP_WIFI_SOFTAP_BEACON_MAX_LEN=752 +CONFIG_ESP_WIFI_MGMT_SBUF_NUM=32 +CONFIG_ESP_WIFI_IRAM_OPT=y +# CONFIG_ESP_WIFI_EXTRA_IRAM_OPT is not set +CONFIG_ESP_WIFI_RX_IRAM_OPT=y +# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set +# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set +# CONFIG_ESP_WIFI_SLP_IRAM_OPT is not set +CONFIG_ESP_WIFI_SLP_DEFAULT_MIN_ACTIVE_TIME=50 +CONFIG_ESP_WIFI_SLP_DEFAULT_MAX_ACTIVE_TIME=10 +CONFIG_ESP_WIFI_SLP_DEFAULT_WAIT_BROADCAST_DATA_TIME=15 +# CONFIG_ESP_WIFI_FTM_ENABLE is not set +CONFIG_ESP_WIFI_STA_DISCONNECTED_PM_ENABLE=y +# CONFIG_ESP_WIFI_GCMP_SUPPORT is not set +CONFIG_ESP_WIFI_GMAC_SUPPORT=y +CONFIG_ESP_WIFI_SOFTAP_SUPPORT=y +# CONFIG_ESP_WIFI_SLP_BEACON_LOST_OPT is not set +CONFIG_ESP_WIFI_ESPNOW_MAX_ENCRYPT_NUM=7 +# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set +# CONFIG_ESP_WIFI_WAPI_PSK is not set +# CONFIG_ESP_WIFI_SUITE_B_192 is not set +# CONFIG_ESP_WIFI_11KV_SUPPORT is not set +# CONFIG_ESP_WIFI_MBO_SUPPORT is not set +# CONFIG_ESP_WIFI_DPP_SUPPORT is not set +# CONFIG_ESP_WIFI_11R_SUPPORT is not set +# CONFIG_ESP_WIFI_WPS_SOFTAP_REGISTRAR is not set + +# +# WPS Configuration Options +# +# CONFIG_ESP_WIFI_WPS_STRICT is not set +# CONFIG_ESP_WIFI_WPS_PASSPHRASE is not set +# end of WPS Configuration Options + +# CONFIG_ESP_WIFI_DEBUG_PRINT is not set +# CONFIG_ESP_WIFI_TESTING_OPTIONS is not set +CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT=y +# CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER is not set +# end of Wi-Fi + +# +# Core dump +# +# CONFIG_ESP_COREDUMP_ENABLE_TO_FLASH is not set +CONFIG_ESP_COREDUMP_ENABLE_TO_UART=y +# CONFIG_ESP_COREDUMP_ENABLE_TO_NONE is not set +# CONFIG_ESP_COREDUMP_DATA_FORMAT_BIN is not set +CONFIG_ESP_COREDUMP_DATA_FORMAT_ELF=y +CONFIG_ESP_COREDUMP_CHECKSUM_CRC32=y +# CONFIG_ESP_COREDUMP_CHECKSUM_SHA256 is not set +CONFIG_ESP_COREDUMP_ENABLE=y +CONFIG_ESP_COREDUMP_LOGS=y +CONFIG_ESP_COREDUMP_MAX_TASKS_NUM=64 +CONFIG_ESP_COREDUMP_UART_DELAY=0 +CONFIG_ESP_COREDUMP_STACK_SIZE=0 +CONFIG_ESP_COREDUMP_DECODE_INFO=y +# CONFIG_ESP_COREDUMP_DECODE_DISABLE is not set +CONFIG_ESP_COREDUMP_DECODE="info" +# end of Core dump + +# +# FAT Filesystem support +# +CONFIG_FATFS_VOLUME_COUNT=2 +CONFIG_FATFS_LFN_NONE=y +# CONFIG_FATFS_LFN_HEAP is not set +# CONFIG_FATFS_LFN_STACK is not set +# CONFIG_FATFS_SECTOR_512 is not set +CONFIG_FATFS_SECTOR_4096=y +# CONFIG_FATFS_CODEPAGE_DYNAMIC is not set +CONFIG_FATFS_CODEPAGE_437=y +# CONFIG_FATFS_CODEPAGE_720 is not set +# CONFIG_FATFS_CODEPAGE_737 is not set +# CONFIG_FATFS_CODEPAGE_771 is not set +# CONFIG_FATFS_CODEPAGE_775 is not set +# CONFIG_FATFS_CODEPAGE_850 is not set +# CONFIG_FATFS_CODEPAGE_852 is not set +# CONFIG_FATFS_CODEPAGE_855 is not set +# CONFIG_FATFS_CODEPAGE_857 is not set +# CONFIG_FATFS_CODEPAGE_860 is not set +# CONFIG_FATFS_CODEPAGE_861 is not set +# CONFIG_FATFS_CODEPAGE_862 is not set +# CONFIG_FATFS_CODEPAGE_863 is not set +# CONFIG_FATFS_CODEPAGE_864 is not set +# CONFIG_FATFS_CODEPAGE_865 is not set +# CONFIG_FATFS_CODEPAGE_866 is not set +# CONFIG_FATFS_CODEPAGE_869 is not set +# CONFIG_FATFS_CODEPAGE_932 is not set +# CONFIG_FATFS_CODEPAGE_936 is not set +# CONFIG_FATFS_CODEPAGE_949 is not set +# CONFIG_FATFS_CODEPAGE_950 is not set +CONFIG_FATFS_CODEPAGE=437 +CONFIG_FATFS_FS_LOCK=0 +CONFIG_FATFS_TIMEOUT_MS=10000 +CONFIG_FATFS_PER_FILE_CACHE=y +# CONFIG_FATFS_USE_FASTSEEK is not set +CONFIG_FATFS_VFS_FSTAT_BLKSIZE=0 +# CONFIG_FATFS_IMMEDIATE_FSYNC is not set +# CONFIG_FATFS_USE_LABEL is not set +CONFIG_FATFS_LINK_LOCK=y +# end of FAT Filesystem support + +# +# FreeRTOS +# + +# +# Kernel +# +# CONFIG_FREERTOS_SMP is not set +# CONFIG_FREERTOS_UNICORE is not set +CONFIG_FREERTOS_HZ=100 +# CONFIG_FREERTOS_CHECK_STACKOVERFLOW_NONE is not set +# CONFIG_FREERTOS_CHECK_STACKOVERFLOW_PTRVAL is not set +CONFIG_FREERTOS_CHECK_STACKOVERFLOW_CANARY=y +CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS=1 +CONFIG_FREERTOS_IDLE_TASK_STACKSIZE=1536 +# CONFIG_FREERTOS_USE_IDLE_HOOK is not set +# CONFIG_FREERTOS_USE_TICK_HOOK is not set +CONFIG_FREERTOS_MAX_TASK_NAME_LEN=16 +# CONFIG_FREERTOS_ENABLE_BACKWARD_COMPATIBILITY is not set +CONFIG_FREERTOS_TIMER_SERVICE_TASK_NAME="Tmr Svc" +# CONFIG_FREERTOS_TIMER_TASK_AFFINITY_CPU0 is not set +# CONFIG_FREERTOS_TIMER_TASK_AFFINITY_CPU1 is not set +CONFIG_FREERTOS_TIMER_TASK_NO_AFFINITY=y +CONFIG_FREERTOS_TIMER_SERVICE_TASK_CORE_AFFINITY=0x7FFFFFFF +CONFIG_FREERTOS_TIMER_TASK_PRIORITY=1 +CONFIG_FREERTOS_TIMER_TASK_STACK_DEPTH=2048 +CONFIG_FREERTOS_TIMER_QUEUE_LENGTH=10 +CONFIG_FREERTOS_QUEUE_REGISTRY_SIZE=0 +CONFIG_FREERTOS_TASK_NOTIFICATION_ARRAY_ENTRIES=1 +# CONFIG_FREERTOS_USE_TRACE_FACILITY is not set +# CONFIG_FREERTOS_USE_LIST_DATA_INTEGRITY_CHECK_BYTES is not set +# CONFIG_FREERTOS_GENERATE_RUN_TIME_STATS is not set +# CONFIG_FREERTOS_USE_APPLICATION_TASK_TAG is not set +# end of Kernel + +# +# Port +# +CONFIG_FREERTOS_TASK_FUNCTION_WRAPPER=y +# CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK is not set +CONFIG_FREERTOS_TLSP_DELETION_CALLBACKS=y +# CONFIG_FREERTOS_TASK_PRE_DELETION_HOOK is not set +# CONFIG_FREERTOS_ENABLE_STATIC_TASK_CLEAN_UP is not set +CONFIG_FREERTOS_CHECK_MUTEX_GIVEN_BY_OWNER=y +CONFIG_FREERTOS_ISR_STACKSIZE=2096 +CONFIG_FREERTOS_INTERRUPT_BACKTRACE=y +CONFIG_FREERTOS_TICK_SUPPORT_SYSTIMER=y +CONFIG_FREERTOS_CORETIMER_SYSTIMER_LVL1=y +# CONFIG_FREERTOS_CORETIMER_SYSTIMER_LVL3 is not set +CONFIG_FREERTOS_SYSTICK_USES_SYSTIMER=y +# CONFIG_FREERTOS_PLACE_FUNCTIONS_INTO_FLASH is not set +# CONFIG_FREERTOS_CHECK_PORT_CRITICAL_COMPLIANCE is not set +# end of Port + +CONFIG_FREERTOS_PORT=y +CONFIG_FREERTOS_NO_AFFINITY=0x7FFFFFFF +CONFIG_FREERTOS_SUPPORT_STATIC_ALLOCATION=y +CONFIG_FREERTOS_DEBUG_OCDAWARE=y +CONFIG_FREERTOS_ENABLE_TASK_SNAPSHOT=y +CONFIG_FREERTOS_PLACE_SNAPSHOT_FUNS_INTO_FLASH=y +CONFIG_FREERTOS_NUMBER_OF_CORES=2 +# end of FreeRTOS + +# +# Hardware Abstraction Layer (HAL) and Low Level (LL) +# +CONFIG_HAL_ASSERTION_EQUALS_SYSTEM=y +# CONFIG_HAL_ASSERTION_DISABLE is not set +# CONFIG_HAL_ASSERTION_SILENT is not set +# CONFIG_HAL_ASSERTION_ENABLE is not set +CONFIG_HAL_DEFAULT_ASSERTION_LEVEL=2 +CONFIG_HAL_WDT_USE_ROM_IMPL=y +CONFIG_HAL_SPI_MASTER_FUNC_IN_IRAM=y +CONFIG_HAL_SPI_SLAVE_FUNC_IN_IRAM=y +# end of Hardware Abstraction Layer (HAL) and Low Level (LL) + +# +# Heap memory debugging +# +CONFIG_HEAP_POISONING_DISABLED=y +# CONFIG_HEAP_POISONING_LIGHT is not set +# CONFIG_HEAP_POISONING_COMPREHENSIVE is not set +CONFIG_HEAP_TRACING_OFF=y +# CONFIG_HEAP_TRACING_STANDALONE is not set +# CONFIG_HEAP_TRACING_TOHOST is not set +# CONFIG_HEAP_USE_HOOKS is not set +# CONFIG_HEAP_TASK_TRACKING is not set +# CONFIG_HEAP_ABORT_WHEN_ALLOCATION_FAILS is not set +# CONFIG_HEAP_PLACE_FUNCTION_INTO_FLASH is not set +# end of Heap memory debugging + +# +# Log output +# +# CONFIG_LOG_DEFAULT_LEVEL_NONE is not set +# CONFIG_LOG_DEFAULT_LEVEL_ERROR is not set +# CONFIG_LOG_DEFAULT_LEVEL_WARN is not set +CONFIG_LOG_DEFAULT_LEVEL_INFO=y +# CONFIG_LOG_DEFAULT_LEVEL_DEBUG is not set +# CONFIG_LOG_DEFAULT_LEVEL_VERBOSE is not set +CONFIG_LOG_DEFAULT_LEVEL=3 +CONFIG_LOG_MAXIMUM_EQUALS_DEFAULT=y +# CONFIG_LOG_MAXIMUM_LEVEL_DEBUG is not set +# CONFIG_LOG_MAXIMUM_LEVEL_VERBOSE is not set +CONFIG_LOG_MAXIMUM_LEVEL=3 +# CONFIG_LOG_MASTER_LEVEL is not set +CONFIG_LOG_COLORS=y +CONFIG_LOG_TIMESTAMP_SOURCE_RTOS=y +# CONFIG_LOG_TIMESTAMP_SOURCE_SYSTEM is not set +# end of Log output + +# +# LWIP +# +CONFIG_LWIP_ENABLE=y +CONFIG_LWIP_LOCAL_HOSTNAME="espressif" +# CONFIG_LWIP_NETIF_API is not set +CONFIG_LWIP_TCPIP_TASK_PRIO=18 +# CONFIG_LWIP_TCPIP_CORE_LOCKING is not set +# CONFIG_LWIP_CHECK_THREAD_SAFETY is not set +CONFIG_LWIP_DNS_SUPPORT_MDNS_QUERIES=y +# CONFIG_LWIP_L2_TO_L3_COPY is not set +# CONFIG_LWIP_IRAM_OPTIMIZATION is not set +# CONFIG_LWIP_EXTRA_IRAM_OPTIMIZATION is not set +CONFIG_LWIP_TIMERS_ONDEMAND=y +CONFIG_LWIP_ND6=y +# CONFIG_LWIP_FORCE_ROUTER_FORWARDING is not set +CONFIG_LWIP_MAX_SOCKETS=10 +# CONFIG_LWIP_USE_ONLY_LWIP_SELECT is not set +# CONFIG_LWIP_SO_LINGER is not set +CONFIG_LWIP_SO_REUSE=y +CONFIG_LWIP_SO_REUSE_RXTOALL=y +# CONFIG_LWIP_SO_RCVBUF is not set +# CONFIG_LWIP_NETBUF_RECVINFO is not set +CONFIG_LWIP_IP_DEFAULT_TTL=64 +CONFIG_LWIP_IP4_FRAG=y +CONFIG_LWIP_IP6_FRAG=y +# CONFIG_LWIP_IP4_REASSEMBLY is not set +# CONFIG_LWIP_IP6_REASSEMBLY is not set +CONFIG_LWIP_IP_REASS_MAX_PBUFS=10 +# CONFIG_LWIP_IP_FORWARD is not set +# CONFIG_LWIP_STATS is not set +CONFIG_LWIP_ESP_GRATUITOUS_ARP=y +CONFIG_LWIP_GARP_TMR_INTERVAL=60 +CONFIG_LWIP_ESP_MLDV6_REPORT=y +CONFIG_LWIP_MLDV6_TMR_INTERVAL=40 +CONFIG_LWIP_TCPIP_RECVMBOX_SIZE=32 +CONFIG_LWIP_DHCP_DOES_ARP_CHECK=y +# CONFIG_LWIP_DHCP_DISABLE_CLIENT_ID is not set +CONFIG_LWIP_DHCP_DISABLE_VENDOR_CLASS_ID=y +# CONFIG_LWIP_DHCP_RESTORE_LAST_IP is not set +CONFIG_LWIP_DHCP_OPTIONS_LEN=68 +CONFIG_LWIP_NUM_NETIF_CLIENT_DATA=0 +CONFIG_LWIP_DHCP_COARSE_TIMER_SECS=1 + +# +# DHCP server +# +CONFIG_LWIP_DHCPS=y +CONFIG_LWIP_DHCPS_LEASE_UNIT=60 +CONFIG_LWIP_DHCPS_MAX_STATION_NUM=8 +CONFIG_LWIP_DHCPS_STATIC_ENTRIES=y +# end of DHCP server + +# CONFIG_LWIP_AUTOIP is not set +CONFIG_LWIP_IPV4=y +CONFIG_LWIP_IPV6=y +# CONFIG_LWIP_IPV6_AUTOCONFIG is not set +CONFIG_LWIP_IPV6_NUM_ADDRESSES=3 +# CONFIG_LWIP_IPV6_FORWARD is not set +# CONFIG_LWIP_NETIF_STATUS_CALLBACK is not set +CONFIG_LWIP_NETIF_LOOPBACK=y +CONFIG_LWIP_LOOPBACK_MAX_PBUFS=8 + +# +# TCP +# +CONFIG_LWIP_MAX_ACTIVE_TCP=16 +CONFIG_LWIP_MAX_LISTENING_TCP=16 +CONFIG_LWIP_TCP_HIGH_SPEED_RETRANSMISSION=y +CONFIG_LWIP_TCP_MAXRTX=12 +CONFIG_LWIP_TCP_SYNMAXRTX=12 +CONFIG_LWIP_TCP_MSS=1440 +CONFIG_LWIP_TCP_TMR_INTERVAL=250 +CONFIG_LWIP_TCP_MSL=60000 +CONFIG_LWIP_TCP_FIN_WAIT_TIMEOUT=20000 +CONFIG_LWIP_TCP_SND_BUF_DEFAULT=5760 +CONFIG_LWIP_TCP_WND_DEFAULT=5760 +CONFIG_LWIP_TCP_RECVMBOX_SIZE=6 +CONFIG_LWIP_TCP_ACCEPTMBOX_SIZE=6 +CONFIG_LWIP_TCP_QUEUE_OOSEQ=y +CONFIG_LWIP_TCP_OOSEQ_TIMEOUT=6 +CONFIG_LWIP_TCP_OOSEQ_MAX_PBUFS=4 +# CONFIG_LWIP_TCP_SACK_OUT is not set +CONFIG_LWIP_TCP_OVERSIZE_MSS=y +# CONFIG_LWIP_TCP_OVERSIZE_QUARTER_MSS is not set +# CONFIG_LWIP_TCP_OVERSIZE_DISABLE is not set +CONFIG_LWIP_TCP_RTO_TIME=1500 +# end of TCP + +# +# UDP +# +CONFIG_LWIP_MAX_UDP_PCBS=16 +CONFIG_LWIP_UDP_RECVMBOX_SIZE=6 +# end of UDP + +# +# Checksums +# +# CONFIG_LWIP_CHECKSUM_CHECK_IP is not set +# CONFIG_LWIP_CHECKSUM_CHECK_UDP is not set +CONFIG_LWIP_CHECKSUM_CHECK_ICMP=y +# end of Checksums + +CONFIG_LWIP_TCPIP_TASK_STACK_SIZE=3072 +CONFIG_LWIP_TCPIP_TASK_AFFINITY_NO_AFFINITY=y +# CONFIG_LWIP_TCPIP_TASK_AFFINITY_CPU0 is not set +# CONFIG_LWIP_TCPIP_TASK_AFFINITY_CPU1 is not set +CONFIG_LWIP_TCPIP_TASK_AFFINITY=0x7FFFFFFF +# CONFIG_LWIP_PPP_SUPPORT is not set +CONFIG_LWIP_IPV6_MEMP_NUM_ND6_QUEUE=3 +CONFIG_LWIP_IPV6_ND6_NUM_NEIGHBORS=5 +# CONFIG_LWIP_SLIP_SUPPORT is not set + +# +# ICMP +# +CONFIG_LWIP_ICMP=y +# CONFIG_LWIP_MULTICAST_PING is not set +# CONFIG_LWIP_BROADCAST_PING is not set +# end of ICMP + +# +# LWIP RAW API +# +CONFIG_LWIP_MAX_RAW_PCBS=16 +# end of LWIP RAW API + +# +# SNTP +# +CONFIG_LWIP_SNTP_MAX_SERVERS=1 +# CONFIG_LWIP_DHCP_GET_NTP_SRV is not set +CONFIG_LWIP_SNTP_UPDATE_DELAY=3600000 +CONFIG_LWIP_SNTP_STARTUP_DELAY=y +CONFIG_LWIP_SNTP_MAXIMUM_STARTUP_DELAY=5000 +# end of SNTP + +# +# DNS +# +CONFIG_LWIP_DNS_MAX_SERVERS=3 +# CONFIG_LWIP_FALLBACK_DNS_SERVER_SUPPORT is not set +# end of DNS + +CONFIG_LWIP_BRIDGEIF_MAX_PORTS=7 +CONFIG_LWIP_ESP_LWIP_ASSERT=y + +# +# Hooks +# +# CONFIG_LWIP_HOOK_TCP_ISN_NONE is not set +CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT=y +# CONFIG_LWIP_HOOK_TCP_ISN_CUSTOM is not set +CONFIG_LWIP_HOOK_IP6_ROUTE_NONE=y +# CONFIG_LWIP_HOOK_IP6_ROUTE_DEFAULT is not set +# CONFIG_LWIP_HOOK_IP6_ROUTE_CUSTOM is not set +CONFIG_LWIP_HOOK_ND6_GET_GW_NONE=y +# CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT is not set +# CONFIG_LWIP_HOOK_ND6_GET_GW_CUSTOM is not set +CONFIG_LWIP_HOOK_IP6_SELECT_SRC_ADDR_NONE=y +# CONFIG_LWIP_HOOK_IP6_SELECT_SRC_ADDR_DEFAULT is not set +# CONFIG_LWIP_HOOK_IP6_SELECT_SRC_ADDR_CUSTOM is not set +CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_NONE=y +# CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_DEFAULT is not set +# CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_CUSTOM is not set +CONFIG_LWIP_HOOK_IP6_INPUT_NONE=y +# CONFIG_LWIP_HOOK_IP6_INPUT_DEFAULT is not set +# CONFIG_LWIP_HOOK_IP6_INPUT_CUSTOM is not set +# end of Hooks + +# CONFIG_LWIP_DEBUG is not set +# end of LWIP + +# +# mbedTLS +# +CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y +# CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC is not set +# CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC is not set +CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y +CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384 +CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096 +# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set +# CONFIG_MBEDTLS_DEBUG is not set + +# +# mbedTLS v3.x related +# +# CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is not set +# CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK is not set +# CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION is not set +CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y +CONFIG_MBEDTLS_PKCS7_C=y +# end of mbedTLS v3.x related + +# +# Certificate Bundle +# +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y +# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set +# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE is not set +# CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set +# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEPRECATED_LIST is not set +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_MAX_CERTS=200 +# end of Certificate Bundle + +# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set +CONFIG_MBEDTLS_CMAC_C=y +CONFIG_MBEDTLS_HARDWARE_AES=y +CONFIG_MBEDTLS_AES_USE_INTERRUPT=y +CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL=0 +CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=y +# CONFIG_MBEDTLS_HARDWARE_MPI is not set +CONFIG_MBEDTLS_HARDWARE_SHA=y +# CONFIG_MBEDTLS_ROM_MD5 is not set +# CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN is not set +# CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY is not set +CONFIG_MBEDTLS_HAVE_TIME=y +# CONFIG_MBEDTLS_PLATFORM_TIME_ALT is not set +# CONFIG_MBEDTLS_HAVE_TIME_DATE is not set +CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y +CONFIG_MBEDTLS_SHA512_C=y +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT is not set +# CONFIG_MBEDTLS_TLS_SERVER_ONLY is not set +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY is not set +CONFIG_MBEDTLS_TLS_DISABLED=y + +# +# Symmetric Ciphers +# +CONFIG_MBEDTLS_AES_C=y +# CONFIG_MBEDTLS_CAMELLIA_C is not set +# CONFIG_MBEDTLS_DES_C is not set +# CONFIG_MBEDTLS_BLOWFISH_C is not set +# CONFIG_MBEDTLS_XTEA_C is not set +CONFIG_MBEDTLS_CCM_C=y +CONFIG_MBEDTLS_GCM_C=y +# CONFIG_MBEDTLS_NIST_KW_C is not set +# end of Symmetric Ciphers + +# CONFIG_MBEDTLS_RIPEMD160_C is not set + +# +# Certificates +# +CONFIG_MBEDTLS_PEM_PARSE_C=y +CONFIG_MBEDTLS_PEM_WRITE_C=y +CONFIG_MBEDTLS_X509_CRL_PARSE_C=y +CONFIG_MBEDTLS_X509_CSR_PARSE_C=y +# end of Certificates + +CONFIG_MBEDTLS_ECP_C=y +# CONFIG_MBEDTLS_DHM_C is not set +CONFIG_MBEDTLS_ECDH_C=y +CONFIG_MBEDTLS_ECDSA_C=y +# CONFIG_MBEDTLS_ECJPAKE_C is not set +CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y +CONFIG_MBEDTLS_ECP_NIST_OPTIM=y +CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y +CONFIG_MBEDTLS_POLY1305_C=y +CONFIG_MBEDTLS_CHACHA20_C=y +CONFIG_MBEDTLS_CHACHAPOLY_C=y +CONFIG_MBEDTLS_HKDF_C=y +# CONFIG_MBEDTLS_THREADING_C is not set +CONFIG_MBEDTLS_ERROR_STRINGS=y +# end of mbedTLS + +# +# ESP-MQTT Configurations +# +CONFIG_MQTT_PROTOCOL_311=y +# CONFIG_MQTT_PROTOCOL_5 is not set +CONFIG_MQTT_TRANSPORT_SSL=y +CONFIG_MQTT_TRANSPORT_WEBSOCKET=y +CONFIG_MQTT_TRANSPORT_WEBSOCKET_SECURE=y +# CONFIG_MQTT_MSG_ID_INCREMENTAL is not set +# CONFIG_MQTT_SKIP_PUBLISH_IF_DISCONNECTED is not set +# CONFIG_MQTT_REPORT_DELETED_MESSAGES is not set +# CONFIG_MQTT_USE_CUSTOM_CONFIG is not set +# CONFIG_MQTT_TASK_CORE_SELECTION_ENABLED is not set +# CONFIG_MQTT_CUSTOM_OUTBOX is not set +# end of ESP-MQTT Configurations + +# +# Newlib +# +CONFIG_NEWLIB_STDOUT_LINE_ENDING_CRLF=y +# CONFIG_NEWLIB_STDOUT_LINE_ENDING_LF is not set +# CONFIG_NEWLIB_STDOUT_LINE_ENDING_CR is not set +# CONFIG_NEWLIB_STDIN_LINE_ENDING_CRLF is not set +# CONFIG_NEWLIB_STDIN_LINE_ENDING_LF is not set +CONFIG_NEWLIB_STDIN_LINE_ENDING_CR=y +# CONFIG_NEWLIB_NANO_FORMAT is not set +CONFIG_NEWLIB_TIME_SYSCALL_USE_RTC_HRT=y +# CONFIG_NEWLIB_TIME_SYSCALL_USE_RTC is not set +# CONFIG_NEWLIB_TIME_SYSCALL_USE_HRT is not set +# CONFIG_NEWLIB_TIME_SYSCALL_USE_NONE is not set +# end of Newlib + +# +# NVS +# +# CONFIG_NVS_ENCRYPTION is not set +# CONFIG_NVS_ASSERT_ERROR_CHECK is not set +# CONFIG_NVS_LEGACY_DUP_KEYS_COMPATIBILITY is not set +# end of NVS + +# +# OpenThread +# +# CONFIG_OPENTHREAD_ENABLED is not set + +# +# Thread Operational Dataset +# +CONFIG_OPENTHREAD_NETWORK_NAME="OpenThread-ESP" +CONFIG_OPENTHREAD_MESH_LOCAL_PREFIX="fd00:db8:a0:0::/64" +CONFIG_OPENTHREAD_NETWORK_CHANNEL=15 +CONFIG_OPENTHREAD_NETWORK_PANID=0x1234 +CONFIG_OPENTHREAD_NETWORK_EXTPANID="dead00beef00cafe" +CONFIG_OPENTHREAD_NETWORK_MASTERKEY="00112233445566778899aabbccddeeff" +CONFIG_OPENTHREAD_NETWORK_PSKC="104810e2315100afd6bc9215a6bfac53" +# end of Thread Operational Dataset + +CONFIG_OPENTHREAD_XTAL_ACCURACY=130 +# CONFIG_OPENTHREAD_SPINEL_ONLY is not set +CONFIG_OPENTHREAD_RX_ON_WHEN_IDLE=y + +# +# Thread Address Query Config +# +# end of Thread Address Query Config +# end of OpenThread + +# +# Protocomm +# +CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0=y +CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1=y +CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2=y +# end of Protocomm + +# +# PThreads +# +CONFIG_PTHREAD_TASK_PRIO_DEFAULT=5 +CONFIG_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072 +CONFIG_PTHREAD_STACK_MIN=768 +CONFIG_PTHREAD_DEFAULT_CORE_NO_AFFINITY=y +# CONFIG_PTHREAD_DEFAULT_CORE_0 is not set +# CONFIG_PTHREAD_DEFAULT_CORE_1 is not set +CONFIG_PTHREAD_TASK_CORE_DEFAULT=-1 +CONFIG_PTHREAD_TASK_NAME_DEFAULT="pthread" +# end of PThreads + +# +# MMU Config +# +CONFIG_MMU_PAGE_SIZE_64KB=y +CONFIG_MMU_PAGE_MODE="64KB" +CONFIG_MMU_PAGE_SIZE=0x10000 +# end of MMU Config + +# +# Main Flash configuration +# + +# +# SPI Flash behavior when brownout +# +CONFIG_SPI_FLASH_BROWNOUT_RESET_XMC=y +CONFIG_SPI_FLASH_BROWNOUT_RESET=y +# end of SPI Flash behavior when brownout + +# +# Optional and Experimental Features (READ DOCS FIRST) +# + +# +# Features here require specific hardware (READ DOCS FIRST!) +# +# CONFIG_SPI_FLASH_HPM_ENA is not set +CONFIG_SPI_FLASH_HPM_AUTO=y +# CONFIG_SPI_FLASH_HPM_DIS is not set +CONFIG_SPI_FLASH_HPM_ON=y +CONFIG_SPI_FLASH_HPM_DC_AUTO=y +# CONFIG_SPI_FLASH_HPM_DC_DISABLE is not set +CONFIG_SPI_FLASH_SUSPEND_QVL_SUPPORTED=y +# CONFIG_SPI_FLASH_AUTO_SUSPEND is not set +CONFIG_SPI_FLASH_SUSPEND_TSUS_VAL_US=50 +# end of Optional and Experimental Features (READ DOCS FIRST) +# end of Main Flash configuration + +# +# SPI Flash driver +# +# CONFIG_SPI_FLASH_VERIFY_WRITE is not set +# CONFIG_SPI_FLASH_ENABLE_COUNTERS is not set +CONFIG_SPI_FLASH_ROM_DRIVER_PATCH=y +# CONFIG_SPI_FLASH_ROM_IMPL is not set +CONFIG_SPI_FLASH_DANGEROUS_WRITE_ABORTS=y +# CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS is not set +# CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED is not set +# CONFIG_SPI_FLASH_BYPASS_BLOCK_ERASE is not set +CONFIG_SPI_FLASH_YIELD_DURING_ERASE=y +CONFIG_SPI_FLASH_ERASE_YIELD_DURATION_MS=20 +CONFIG_SPI_FLASH_ERASE_YIELD_TICKS=1 +CONFIG_SPI_FLASH_WRITE_CHUNK_SIZE=8192 +# CONFIG_SPI_FLASH_SIZE_OVERRIDE is not set +# CONFIG_SPI_FLASH_CHECK_ERASE_TIMEOUT_DISABLED is not set +# CONFIG_SPI_FLASH_OVERRIDE_CHIP_DRIVER_LIST is not set + +# +# Auto-detect flash chips +# +CONFIG_SPI_FLASH_VENDOR_XMC_SUPPORTED=y +CONFIG_SPI_FLASH_VENDOR_GD_SUPPORTED=y +CONFIG_SPI_FLASH_VENDOR_ISSI_SUPPORTED=y +CONFIG_SPI_FLASH_VENDOR_MXIC_SUPPORTED=y +CONFIG_SPI_FLASH_VENDOR_WINBOND_SUPPORTED=y +CONFIG_SPI_FLASH_VENDOR_BOYA_SUPPORTED=y +CONFIG_SPI_FLASH_VENDOR_TH_SUPPORTED=y +CONFIG_SPI_FLASH_SUPPORT_ISSI_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_MXIC_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_GD_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_WINBOND_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_TH_CHIP=y +CONFIG_SPI_FLASH_SUPPORT_MXIC_OPI_CHIP=y +# end of Auto-detect flash chips + +CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE=y +# end of SPI Flash driver + +# +# SPIFFS Configuration +# +CONFIG_SPIFFS_MAX_PARTITIONS=3 + +# +# SPIFFS Cache Configuration +# +CONFIG_SPIFFS_CACHE=y +CONFIG_SPIFFS_CACHE_WR=y +# CONFIG_SPIFFS_CACHE_STATS is not set +# end of SPIFFS Cache Configuration + +CONFIG_SPIFFS_PAGE_CHECK=y +CONFIG_SPIFFS_GC_MAX_RUNS=10 +# CONFIG_SPIFFS_GC_STATS is not set +CONFIG_SPIFFS_PAGE_SIZE=256 +CONFIG_SPIFFS_OBJ_NAME_LEN=32 +# CONFIG_SPIFFS_FOLLOW_SYMLINKS is not set +CONFIG_SPIFFS_USE_MAGIC=y +CONFIG_SPIFFS_USE_MAGIC_LENGTH=y +CONFIG_SPIFFS_META_LENGTH=4 +CONFIG_SPIFFS_USE_MTIME=y + +# +# Debug Configuration +# +# CONFIG_SPIFFS_DBG is not set +# CONFIG_SPIFFS_API_DBG is not set +# CONFIG_SPIFFS_GC_DBG is not set +# CONFIG_SPIFFS_CACHE_DBG is not set +# CONFIG_SPIFFS_CHECK_DBG is not set +# CONFIG_SPIFFS_TEST_VISUALISATION is not set +# end of Debug Configuration +# end of SPIFFS Configuration + +# +# TCP Transport +# + +# +# Websocket +# +CONFIG_WS_TRANSPORT=y +CONFIG_WS_BUFFER_SIZE=1024 +# CONFIG_WS_DYNAMIC_BUFFER is not set +# end of Websocket +# end of TCP Transport + +# +# Ultra Low Power (ULP) Co-processor +# +# CONFIG_ULP_COPROC_ENABLED is not set + +# +# ULP Debugging Options +# +# end of ULP Debugging Options +# end of Ultra Low Power (ULP) Co-processor + +# +# Unity unit testing library +# +CONFIG_UNITY_ENABLE_FLOAT=y +CONFIG_UNITY_ENABLE_DOUBLE=y +# CONFIG_UNITY_ENABLE_64BIT is not set +# CONFIG_UNITY_ENABLE_COLOR is not set +CONFIG_UNITY_ENABLE_IDF_TEST_RUNNER=y +# CONFIG_UNITY_ENABLE_FIXTURE is not set +# CONFIG_UNITY_ENABLE_BACKTRACE_ON_FAIL is not set +# end of Unity unit testing library + +# +# USB-OTG +# +CONFIG_USB_HOST_CONTROL_TRANSFER_MAX_SIZE=256 +CONFIG_USB_HOST_HW_BUFFER_BIAS_BALANCED=y +# CONFIG_USB_HOST_HW_BUFFER_BIAS_IN is not set +# CONFIG_USB_HOST_HW_BUFFER_BIAS_PERIODIC_OUT is not set + +# +# Root Hub configuration +# +CONFIG_USB_HOST_DEBOUNCE_DELAY_MS=250 +CONFIG_USB_HOST_RESET_HOLD_MS=30 +CONFIG_USB_HOST_RESET_RECOVERY_MS=30 +CONFIG_USB_HOST_SET_ADDR_RECOVERY_MS=10 +# end of Root Hub configuration + +# CONFIG_USB_HOST_ENABLE_ENUM_FILTER_CALLBACK is not set +CONFIG_USB_OTG_SUPPORTED=y +# end of USB-OTG + +# +# Virtual file system +# +CONFIG_VFS_SUPPORT_IO=y +CONFIG_VFS_SUPPORT_DIR=y +CONFIG_VFS_SUPPORT_SELECT=y +CONFIG_VFS_SUPPRESS_SELECT_DEBUG_OUTPUT=y +# CONFIG_VFS_SELECT_IN_RAM is not set +CONFIG_VFS_SUPPORT_TERMIOS=y +CONFIG_VFS_MAX_COUNT=8 + +# +# Host File System I/O (Semihosting) +# +CONFIG_VFS_SEMIHOSTFS_MAX_MOUNT_POINTS=1 +# end of Host File System I/O (Semihosting) +# end of Virtual file system + +# +# Wear Levelling +# +CONFIG_WL_SECTOR_SIZE_512=y +# CONFIG_WL_SECTOR_SIZE_4096 is not set +CONFIG_WL_SECTOR_SIZE=512 +CONFIG_WL_SECTOR_MODE_PERF=y +# CONFIG_WL_SECTOR_MODE_SAFE is not set +CONFIG_WL_SECTOR_MODE=0 +# end of Wear Levelling + +# +# Wi-Fi Provisioning Manager +# +CONFIG_WIFI_PROV_SCAN_MAX_ENTRIES=16 +CONFIG_WIFI_PROV_AUTOSTOP_TIMEOUT=30 +# CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION is not set +CONFIG_WIFI_PROV_STA_ALL_CHANNEL_SCAN=y +# CONFIG_WIFI_PROV_STA_FAST_SCAN is not set +# end of Wi-Fi Provisioning Manager + +# +# TinyUSB Stack +# +CONFIG_TINYUSB_DEBUG_LEVEL=1 + +# +# TinyUSB task configuration +# +# CONFIG_TINYUSB_NO_DEFAULT_TASK is not set +CONFIG_TINYUSB_TASK_PRIORITY=5 +CONFIG_TINYUSB_TASK_STACK_SIZE=4096 +CONFIG_TINYUSB_TASK_AFFINITY_NO_AFFINITY=y +# CONFIG_TINYUSB_TASK_AFFINITY_CPU0 is not set +# CONFIG_TINYUSB_TASK_AFFINITY_CPU1 is not set +CONFIG_TINYUSB_TASK_AFFINITY=0x7FFFFFFF +# CONFIG_TINYUSB_INIT_IN_DEFAULT_TASK is not set +# end of TinyUSB task configuration + +# +# Descriptor configuration +# + +# +# You can provide your custom descriptors via tinyusb_driver_install() +# +CONFIG_TINYUSB_DESC_USE_ESPRESSIF_VID=y +CONFIG_TINYUSB_DESC_USE_DEFAULT_PID=y +CONFIG_TINYUSB_DESC_BCD_DEVICE=0x0100 +CONFIG_TINYUSB_DESC_MANUFACTURER_STRING="Espressif Systems" +CONFIG_TINYUSB_DESC_PRODUCT_STRING="Espressif Device" +CONFIG_TINYUSB_DESC_SERIAL_STRING="123456" +# end of Descriptor configuration + +# +# Massive Storage Class (MSC) +# +# CONFIG_TINYUSB_MSC_ENABLED is not set +# end of Massive Storage Class (MSC) + +# +# Communication Device Class (CDC) +# +# CONFIG_TINYUSB_CDC_ENABLED is not set +# end of Communication Device Class (CDC) + +# +# Musical Instrument Digital Interface (MIDI) +# +CONFIG_TINYUSB_MIDI_COUNT=0 +# end of Musical Instrument Digital Interface (MIDI) + +# +# Human Interface Device Class (HID) +# +CONFIG_TINYUSB_HID_COUNT=0 +# end of Human Interface Device Class (HID) + +# +# Device Firmware Upgrade (DFU) +# +# CONFIG_TINYUSB_DFU_MODE_DFU is not set +# CONFIG_TINYUSB_DFU_MODE_DFU_RUNTIME is not set +CONFIG_TINYUSB_DFU_MODE_NONE=y +# end of Device Firmware Upgrade (DFU) + +# +# Bluetooth Host Class (BTH) +# +# CONFIG_TINYUSB_BTH_ENABLED is not set +# end of Bluetooth Host Class (BTH) + +# +# Network driver (ECM/NCM/RNDIS) +# +# CONFIG_TINYUSB_NET_MODE_ECM_RNDIS is not set +# CONFIG_TINYUSB_NET_MODE_NCM is not set +CONFIG_TINYUSB_NET_MODE_NONE=y +# end of Network driver (ECM/NCM/RNDIS) +# end of TinyUSB Stack +# end of Component config + +# CONFIG_IDF_EXPERIMENTAL_FEATURES is not set + +# Deprecated options for backward compatibility +# CONFIG_APP_BUILD_TYPE_ELF_RAM is not set +# CONFIG_NO_BLOBS is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_NONE is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_ERROR is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_WARN is not set +CONFIG_LOG_BOOTLOADER_LEVEL_INFO=y +# CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set +# CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set +CONFIG_LOG_BOOTLOADER_LEVEL=3 +# CONFIG_APP_ROLLBACK_ENABLE is not set +# CONFIG_FLASH_ENCRYPTION_ENABLED is not set +# CONFIG_FLASHMODE_QIO is not set +# CONFIG_FLASHMODE_QOUT is not set +CONFIG_FLASHMODE_DIO=y +# CONFIG_FLASHMODE_DOUT is not set +CONFIG_MONITOR_BAUD=115200 +CONFIG_OPTIMIZATION_LEVEL_DEBUG=y +CONFIG_COMPILER_OPTIMIZATION_LEVEL_DEBUG=y +CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_OPTIMIZATION_LEVEL_RELEASE is not set +# CONFIG_COMPILER_OPTIMIZATION_LEVEL_RELEASE is not set +CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED=y +# CONFIG_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED is not set +CONFIG_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_CXX_EXCEPTIONS is not set +CONFIG_STACK_CHECK_NONE=y +# CONFIG_STACK_CHECK_NORM is not set +# CONFIG_STACK_CHECK_STRONG is not set +# CONFIG_STACK_CHECK_ALL is not set +# CONFIG_WARN_WRITE_STRINGS is not set +# CONFIG_ESP32_APPTRACE_DEST_TRAX is not set +CONFIG_ESP32_APPTRACE_DEST_NONE=y +CONFIG_ESP32_APPTRACE_LOCK_ENABLE=y +# CONFIG_EXTERNAL_COEX_ENABLE is not set +# CONFIG_ESP_WIFI_EXTERNAL_COEXIST_ENABLE is not set +# CONFIG_MCPWM_ISR_IN_IRAM is not set +# CONFIG_EVENT_LOOP_PROFILING is not set +CONFIG_POST_EVENTS_FROM_ISR=y +CONFIG_POST_EVENTS_FROM_IRAM_ISR=y +CONFIG_GDBSTUB_SUPPORT_TASKS=y +CONFIG_GDBSTUB_MAX_TASKS=32 +# CONFIG_OTA_ALLOW_HTTP is not set +# CONFIG_ESP_SYSTEM_PD_FLASH is not set +CONFIG_ESP32S3_DEEP_SLEEP_WAKEUP_DELAY=2000 +CONFIG_ESP_SLEEP_DEEP_SLEEP_WAKEUP_DELAY=2000 +CONFIG_ESP32S3_RTC_CLK_SRC_INT_RC=y +# CONFIG_ESP32S3_RTC_CLK_SRC_EXT_CRYS is not set +# CONFIG_ESP32S3_RTC_CLK_SRC_EXT_OSC is not set +# CONFIG_ESP32S3_RTC_CLK_SRC_INT_8MD256 is not set +CONFIG_ESP32S3_RTC_CLK_CAL_CYCLES=1024 +CONFIG_ESP32_PHY_CALIBRATION_AND_DATA_STORAGE=y +# CONFIG_ESP32_PHY_INIT_DATA_IN_PARTITION is not set +CONFIG_ESP32_PHY_MAX_WIFI_TX_POWER=20 +CONFIG_ESP32_PHY_MAX_TX_POWER=20 +# CONFIG_REDUCE_PHY_TX_POWER is not set +# CONFIG_ESP32_REDUCE_PHY_TX_POWER is not set +CONFIG_ESP_SYSTEM_PM_POWER_DOWN_CPU=y +CONFIG_PM_POWER_DOWN_TAGMEM_IN_LIGHT_SLEEP=y +# CONFIG_ESP32S3_SPIRAM_SUPPORT is not set +# CONFIG_ESP32S3_DEFAULT_CPU_FREQ_80 is not set +CONFIG_ESP32S3_DEFAULT_CPU_FREQ_160=y +# CONFIG_ESP32S3_DEFAULT_CPU_FREQ_240 is not set +CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ=160 +CONFIG_SYSTEM_EVENT_QUEUE_SIZE=32 +CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE=2304 +CONFIG_MAIN_TASK_STACK_SIZE=3584 +CONFIG_CONSOLE_UART_DEFAULT=y +# CONFIG_CONSOLE_UART_CUSTOM is not set +# CONFIG_CONSOLE_UART_NONE is not set +# CONFIG_ESP_CONSOLE_UART_NONE is not set +CONFIG_CONSOLE_UART=y +CONFIG_CONSOLE_UART_NUM=0 +CONFIG_CONSOLE_UART_BAUDRATE=115200 +CONFIG_INT_WDT=y +CONFIG_INT_WDT_TIMEOUT_MS=300 +CONFIG_INT_WDT_CHECK_CPU1=y +CONFIG_TASK_WDT=y +CONFIG_ESP_TASK_WDT=y +# CONFIG_TASK_WDT_PANIC is not set +CONFIG_TASK_WDT_TIMEOUT_S=5 +CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=y +CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1=y +# CONFIG_ESP32_DEBUG_STUBS_ENABLE is not set +CONFIG_ESP32S3_DEBUG_OCDAWARE=y +CONFIG_BROWNOUT_DET=y +CONFIG_ESP32S3_BROWNOUT_DET=y +CONFIG_ESP32S3_BROWNOUT_DET=y +CONFIG_BROWNOUT_DET_LVL_SEL_7=y +CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_7=y +# CONFIG_BROWNOUT_DET_LVL_SEL_6 is not set +# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_6 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_5 is not set +# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_5 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_4 is not set +# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_4 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_3 is not set +# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_3 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_2 is not set +# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_2 is not set +# CONFIG_BROWNOUT_DET_LVL_SEL_1 is not set +# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_1 is not set +CONFIG_BROWNOUT_DET_LVL=7 +CONFIG_ESP32S3_BROWNOUT_DET_LVL=7 +CONFIG_IPC_TASK_STACK_SIZE=1280 +CONFIG_TIMER_TASK_STACK_SIZE=3584 +CONFIG_ESP32_WIFI_ENABLED=y +CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM=10 +CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM=32 +# CONFIG_ESP32_WIFI_STATIC_TX_BUFFER is not set +CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER=y +CONFIG_ESP32_WIFI_TX_BUFFER_TYPE=1 +CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM=32 +# CONFIG_ESP32_WIFI_CSI_ENABLED is not set +CONFIG_ESP32_WIFI_AMPDU_TX_ENABLED=y +CONFIG_ESP32_WIFI_TX_BA_WIN=6 +CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED=y +CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED=y +CONFIG_ESP32_WIFI_RX_BA_WIN=6 +CONFIG_ESP32_WIFI_RX_BA_WIN=6 +CONFIG_ESP32_WIFI_NVS_ENABLED=y +CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_0=y +# CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_1 is not set +CONFIG_ESP32_WIFI_SOFTAP_BEACON_MAX_LEN=752 +CONFIG_ESP32_WIFI_MGMT_SBUF_NUM=32 +CONFIG_ESP32_WIFI_IRAM_OPT=y +CONFIG_ESP32_WIFI_RX_IRAM_OPT=y +# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set +# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set +# CONFIG_WPA_MBEDTLS_CRYPTO is not set +# CONFIG_WPA_WAPI_PSK is not set +# CONFIG_WPA_SUITE_B_192 is not set +# CONFIG_WPA_11KV_SUPPORT is not set +# CONFIG_WPA_MBO_SUPPORT is not set +# CONFIG_WPA_DPP_SUPPORT is not set +# CONFIG_WPA_11R_SUPPORT is not set +# CONFIG_WPA_WPS_SOFTAP_REGISTRAR is not set +# CONFIG_WPA_WPS_STRICT is not set +# CONFIG_WPA_DEBUG_PRINT is not set +# CONFIG_WPA_TESTING_OPTIONS is not set +# CONFIG_ESP32_ENABLE_COREDUMP_TO_FLASH is not set +CONFIG_ESP32_ENABLE_COREDUMP_TO_UART=y +# CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE is not set +# CONFIG_ESP32_COREDUMP_DATA_FORMAT_BIN is not set +CONFIG_ESP32_COREDUMP_DATA_FORMAT_ELF=y +CONFIG_ESP32_COREDUMP_CHECKSUM_CRC32=y +# CONFIG_ESP32_COREDUMP_CHECKSUM_SHA256 is not set +CONFIG_ESP32_ENABLE_COREDUMP=y +CONFIG_ESP32_CORE_DUMP_MAX_TASKS_NUM=64 +CONFIG_ESP32_CORE_DUMP_UART_DELAY=0 +CONFIG_ESP32_CORE_DUMP_STACK_SIZE=0 +CONFIG_ESP32_CORE_DUMP_DECODE_INFO=y +# CONFIG_ESP32_CORE_DUMP_DECODE_DISABLE is not set +CONFIG_ESP32_CORE_DUMP_DECODE="info" +CONFIG_TIMER_TASK_PRIORITY=1 +CONFIG_TIMER_TASK_STACK_DEPTH=2048 +CONFIG_TIMER_QUEUE_LENGTH=10 +# CONFIG_ENABLE_STATIC_TASK_CLEAN_UP_HOOK is not set +# CONFIG_HAL_ASSERTION_SILIENT is not set +# CONFIG_L2_TO_L3_COPY is not set +CONFIG_ESP_GRATUITOUS_ARP=y +CONFIG_GARP_TMR_INTERVAL=60 +CONFIG_TCPIP_RECVMBOX_SIZE=32 +CONFIG_TCP_MAXRTX=12 +CONFIG_TCP_SYNMAXRTX=12 +CONFIG_TCP_MSS=1440 +CONFIG_TCP_MSL=60000 +CONFIG_TCP_SND_BUF_DEFAULT=5760 +CONFIG_TCP_WND_DEFAULT=5760 +CONFIG_TCP_RECVMBOX_SIZE=6 +CONFIG_TCP_QUEUE_OOSEQ=y +CONFIG_TCP_OVERSIZE_MSS=y +# CONFIG_TCP_OVERSIZE_QUARTER_MSS is not set +# CONFIG_TCP_OVERSIZE_DISABLE is not set +CONFIG_UDP_RECVMBOX_SIZE=6 +CONFIG_TCPIP_TASK_STACK_SIZE=3072 +CONFIG_TCPIP_TASK_AFFINITY_NO_AFFINITY=y +# CONFIG_TCPIP_TASK_AFFINITY_CPU0 is not set +# CONFIG_TCPIP_TASK_AFFINITY_CPU1 is not set +CONFIG_TCPIP_TASK_AFFINITY=0x7FFFFFFF +# CONFIG_PPP_SUPPORT is not set +CONFIG_ESP32S3_TIME_SYSCALL_USE_RTC_SYSTIMER=y +CONFIG_ESP32S3_TIME_SYSCALL_USE_RTC_FRC1=y +# CONFIG_ESP32S3_TIME_SYSCALL_USE_RTC is not set +# CONFIG_ESP32S3_TIME_SYSCALL_USE_SYSTIMER is not set +# CONFIG_ESP32S3_TIME_SYSCALL_USE_FRC1 is not set +# CONFIG_ESP32S3_TIME_SYSCALL_USE_NONE is not set +CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT=5 +CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072 +CONFIG_ESP32_PTHREAD_STACK_MIN=768 +CONFIG_ESP32_DEFAULT_PTHREAD_CORE_NO_AFFINITY=y +# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_0 is not set +# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_1 is not set +CONFIG_ESP32_PTHREAD_TASK_CORE_DEFAULT=-1 +CONFIG_ESP32_PTHREAD_TASK_NAME_DEFAULT="pthread" +CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS=y +# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_FAILS is not set +# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ALLOWED is not set +CONFIG_SUPPRESS_SELECT_DEBUG_OUTPUT=y +CONFIG_SUPPORT_TERMIOS=y +CONFIG_SEMIHOSTFS_MAX_MOUNT_POINTS=1 +# End of deprecated options diff --git a/src/fido/CMakeLists.txt b/src/fido/CMakeLists.txt new file mode 100644 index 0000000..170af33 --- /dev/null +++ b/src/fido/CMakeLists.txt @@ -0,0 +1,6 @@ +idf_component_register( + SRCS ${SOURCES} + INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb ../../pico-keys-sdk/tinycbor/src + REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse +) +idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON) -- 2.34.1 From 5568aa7b69c3843323676bd0e9c40c70946e746b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 23 Aug 2024 19:25:20 +0200 Subject: [PATCH 062/127] Fixed thread synchronization. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 65fea84..7a88a2b 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 65fea84df165b14a4657cc87e43aeac637dea89e +Subproject commit 7a88a2b8e74780e3d5f5a48fb5d5705fbff2d940 diff --git a/src/fido/cbor.c b/src/fido/cbor.c index 36d44dd..74c5822 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -103,12 +103,13 @@ int cbor_parse(uint8_t cmd, const uint8_t *data, size_t len) { return CTAP1_ERR_INVALID_CMD; } -#ifndef ENABLE_EMULATION void cbor_thread(void) { card_init_core1(); while (1) { uint32_t m; queue_remove_blocking(&usb_to_card_q, &m); + uint32_t flag = m + 1; + queue_add_blocking(&card_to_usb_q, &flag); if (m == EV_EXIT) { break; @@ -124,14 +125,13 @@ void cbor_thread(void) { finished_data_size = res_APDU_size + 1; - uint32_t flag = EV_EXEC_FINISHED; + flag = EV_EXEC_FINISHED; queue_add_blocking(&card_to_usb_q, &flag); } #ifdef ESP_PLATFORM vTaskDelete(NULL); #endif } -#endif int cbor_process(uint8_t last_cmd, const uint8_t *data, size_t len) { cbor_data = data; -- 2.34.1 From 6256a9547d0108321e0a279a23d408c665a05688 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 24 Aug 2024 00:11:40 +0200 Subject: [PATCH 063/127] Fix build emulation Signed-off-by: Pol Henarejos --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 11ffd5a..5bfde7a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -157,6 +157,7 @@ if(ENABLE_EMULATION) -Wl,--gc-sections ) endif (APPLE) + target_link_libraries(pico_fido PRIVATE pthread m) else() pico_add_extra_outputs(pico_fido) target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) -- 2.34.1 From 902a9883509bb5432a87072ed8141d05d91c22a3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 24 Aug 2024 02:34:15 +0200 Subject: [PATCH 064/127] Fix memory cleanups. Signed-off-by: Pol Henarejos --- src/fido/cbor_config.c | 1 + src/fido/cbor_cred_mgmt.c | 1 + src/fido/cbor_get_assertion.c | 27 ++++++++++++++++----------- src/fido/cbor_make_credential.c | 9 +++++++-- src/fido/cmd_authenticate.c | 1 + src/fido/credential.c | 30 ++++++++---------------------- src/fido/fido.c | 3 ++- 7 files changed, 36 insertions(+), 36 deletions(-) diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 85eeeb4..d12b11a 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -205,6 +205,7 @@ int cbor_config(const uint8_t *data, size_t len) { } file_put_data(ef_minpin, dataf, (uint16_t)(2 + minPinLengthRPIDs_len * 32)); low_flash_available(); + free(dataf); goto err; //No return } else if (subcommand == 0x01) { diff --git a/src/fido/cbor_cred_mgmt.c b/src/fido/cbor_cred_mgmt.c index a9eb0d0..b079258 100644 --- a/src/fido/cbor_cred_mgmt.c +++ b/src/fido/cbor_cred_mgmt.c @@ -435,6 +435,7 @@ err: CBOR_FREE_BYTE_STRING(user.displayName); CBOR_FREE_BYTE_STRING(user.parent.name); CBOR_FREE_BYTE_STRING(credentialId.type); + CBOR_FREE_BYTE_STRING(credentialId.id); for (size_t n = 0; n < credentialId.transports_len; n++) { CBOR_FREE_BYTE_STRING(credentialId.transports[n]); } diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index eae636e..db1f126 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -397,16 +397,8 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { flags = flagsx; selcred = &credsx[credentialCounter]; } - mbedtls_ecdsa_context ekey; - mbedtls_ecdsa_init(&ekey); - int ret = fido_load_key((int)selcred->curve, selcred->id.data, &ekey); - if (ret != 0) { - if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) { - mbedtls_ecdsa_free(&ekey); - CBOR_ERROR(CTAP1_ERR_OTHER); - } - } + int ret = 0; uint8_t largeBlobKey[32]; if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) { ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey); @@ -529,6 +521,15 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { memcpy(pa, clientDataHash.data, clientDataHash.len); uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN]; const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + mbedtls_ecdsa_context ekey; + mbedtls_ecdsa_init(&ekey); + ret = fido_load_key((int)selcred->curve, selcred->id.data, &ekey); + if (ret != 0) { + if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) { + mbedtls_ecdsa_free(&ekey); + CBOR_ERROR(CTAP1_ERR_OTHER); + } + } if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); } @@ -611,16 +612,20 @@ err: CBOR_FREE_BYTE_STRING(clientDataHash); CBOR_FREE_BYTE_STRING(pinUvAuthParam); CBOR_FREE_BYTE_STRING(rpId); + CBOR_FREE_BYTE_STRING(kax); + CBOR_FREE_BYTE_STRING(kay); + CBOR_FREE_BYTE_STRING(salt_enc); + CBOR_FREE_BYTE_STRING(salt_auth); if (asserted == false) { for (int i = 0; i < MAX_CREDENTIAL_COUNT_IN_LIST; i++) { credential_free(&creds[i]); } } - for (size_t m = 0; m < allowList_len; m++) { + for (size_t m = 0; m < MAX_CREDENTIAL_COUNT_IN_LIST; m++) { CBOR_FREE_BYTE_STRING(allowList[m].type); CBOR_FREE_BYTE_STRING(allowList[m].id); - for (size_t n = 0; n < allowList[m].transports_len; n++) { + for (size_t n = 0; n < 8; n++) { CBOR_FREE_BYTE_STRING(allowList[m].transports[n]); } } diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index b6788d7..effa18f 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -291,8 +291,10 @@ int cbor_make_credential(const uint8_t *data, size_t len) { &ecred) == 0 && (ecred.extensions.credProtect != CRED_PROT_UV_REQUIRED || (flags & FIDO2_AUT_FLAG_UV))) { + credential_free(&ecred); CBOR_ERROR(CTAP2_ERR_CREDENTIAL_EXCLUDED); } + credential_free(&ecred); } if (extensions.largeBlobKey == pfalse || @@ -510,11 +512,14 @@ err: CBOR_FREE_BYTE_STRING(user.id); CBOR_FREE_BYTE_STRING(user.displayName); CBOR_FREE_BYTE_STRING(user.parent.name); - for (size_t n = 0; n < pubKeyCredParams_len; n++) { + if (extensions.present == true) { + CBOR_FREE_BYTE_STRING(extensions.credBlob); + } + for (size_t n = 0; n < MAX_CREDENTIAL_COUNT_IN_LIST; n++) { CBOR_FREE_BYTE_STRING(pubKeyCredParams[n].type); } - for (size_t m = 0; m < excludeList_len; m++) { + for (size_t m = 0; m < MAX_CREDENTIAL_COUNT_IN_LIST; m++) { CBOR_FREE_BYTE_STRING(excludeList[m].type); CBOR_FREE_BYTE_STRING(excludeList[m].id); for (size_t n = 0; n < excludeList[m].transports_len; n++) { diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 67f6a29..81e71a4 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -50,6 +50,7 @@ int cmd_authenticate() { ret = derive_key(req->appId, false, req->keyHandle, MBEDTLS_ECP_DP_SECP256R1, &key); if (verify_key(req->appId, req->keyHandle, &key) != 0) { mbedtls_ecdsa_free(&key); + free(tmp_kh); return SW_INCORRECT_PARAMS(); } } diff --git a/src/fido/credential.c b/src/fido/credential.c index f5fcabe..ea878d5 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -41,14 +41,7 @@ int credential_verify(uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id mbedtls_chachapoly_context chatx; mbedtls_chachapoly_init(&chatx); mbedtls_chachapoly_setkey(&chatx, key); - int ret = mbedtls_chachapoly_auth_decrypt(&chatx, - cred_id_len - (4 + 12 + 16), - iv, - rp_id_hash, - 32, - tag, - cipher, - cipher); + int ret = mbedtls_chachapoly_auth_decrypt(&chatx, cred_id_len - (4 + 12 + 16), iv, rp_id_hash, 32, tag, cipher, cipher); mbedtls_chachapoly_free(&chatx); return ret; } @@ -83,8 +76,7 @@ int credential_create(CborCharString *rpId, if (extensions->credBlob.present == true && extensions->credBlob.len < MAX_CREDBLOB_LENGTH) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "credBlob")); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, extensions->credBlob.data, - extensions->credBlob.len)); + CBOR_CHECK(cbor_encode_byte_string(&mapEncoder2, extensions->credBlob.data, extensions->credBlob.len)); } if (extensions->credProtect != 0) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder2, "credProtect")); @@ -130,11 +122,7 @@ int credential_create(CborCharString *rpId, mbedtls_chachapoly_context chatx; mbedtls_chachapoly_init(&chatx); mbedtls_chachapoly_setkey(&chatx, key); - int ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, - rs, - iv, - rp_id_hash, - 32, + int ret = mbedtls_chachapoly_encrypt_and_tag(&chatx, rs, iv, rp_id_hash, 32, cred_id + 4 + 12, cred_id + 4 + 12, cred_id + 4 + 12 + rs); @@ -155,10 +143,7 @@ err: return 0; } -int credential_load(const uint8_t *cred_id, - size_t cred_id_len, - const uint8_t *rp_id_hash, - Credential *cred) { +int credential_load(const uint8_t *cred_id, size_t cred_id_len, const uint8_t *rp_id_hash, Credential *cred) { int ret = 0; CborError error = CborNoError; uint8_t *copy_cred_id = (uint8_t *) calloc(1, cred_id_len); @@ -205,9 +190,7 @@ int credential_load(const uint8_t *cred_id, CBOR_FIELD_KEY_TEXT_VAL_UINT(2, "credProtect", cred->extensions.credProtect); CBOR_FIELD_KEY_TEXT_VAL_BYTES(2, "credBlob", cred->extensions.credBlob); CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "largeBlobKey", cred->extensions.largeBlobKey); - CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, - "thirdPartyPayment", - cred->extensions.thirdPartyPayment); + CBOR_FIELD_KEY_TEXT_VAL_BOOL(2, "thirdPartyPayment", cred->extensions.thirdPartyPayment); CBOR_ADVANCE(2); } CBOR_PARSE_MAP_END(_f1, 2); @@ -258,6 +241,9 @@ void credential_free(Credential *cred) { CBOR_FREE_BYTE_STRING(cred->userName); CBOR_FREE_BYTE_STRING(cred->userDisplayName); CBOR_FREE_BYTE_STRING(cred->id); + if (cred->extensions.present) { + CBOR_FREE_BYTE_STRING(cred->extensions.credBlob); + } cred->present = false; cred->extensions.present = false; cred->opts.present = false; diff --git a/src/fido/fido.c b/src/fido/fido.c index 0865e26..7ac7e4e 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -168,6 +168,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN); int ret = mbedtls_x509write_crt_der(&ctx, buffer, buffer_size, random_gen, NULL); + mbedtls_x509write_crt_free(&ctx); /* pk cannot be freed, as it is freed later */ //mbedtls_pk_free(&key); return ret; @@ -206,7 +207,7 @@ int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_con uint8_t hmac[32], d[32]; size_t olen = 0; int ret = mbedtls_ecp_write_key_ext(key, &olen, d, sizeof(d)); - if (key == NULL) { + if (key == &ctx) { mbedtls_ecdsa_free(&ctx); } if (ret != 0) { -- 2.34.1 From 5a31405244dad9eed5f818cbc42ff2425d8aef55 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 25 Aug 2024 00:10:23 +0200 Subject: [PATCH 065/127] Improving tests Signed-off-by: Pol Henarejos --- tests/pico-fido/test_020_register.py | 2 ++ tests/pico-fido/test_035_hmac_secret.py | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/pico-fido/test_020_register.py b/tests/pico-fido/test_020_register.py index bbb2dd1..78377d8 100644 --- a/tests/pico-fido/test_020_register.py +++ b/tests/pico-fido/test_020_register.py @@ -20,6 +20,8 @@ from fido2.client import CtapError from fido2.cose import ES256, ES384, ES512 +import fido2.features +fido2.features.webauthn_json_mapping.enabled = False from utils import ES256K import pytest diff --git a/tests/pico-fido/test_035_hmac_secret.py b/tests/pico-fido/test_035_hmac_secret.py index 8a2d619..ed2861c 100644 --- a/tests/pico-fido/test_035_hmac_secret.py +++ b/tests/pico-fido/test_035_hmac_secret.py @@ -69,12 +69,12 @@ def test_hmac_secret_entropy(device, MCHmacSecret, hmac, salts #print(shannon_entropy(auth.authenticator_data.extensions['hmac-secret'])) if len(salts) == 1: - assert shannon_entropy(auth.authenticator_data.extensions['hmac-secret']) > 4.6 - assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.6 + assert shannon_entropy(auth.authenticator_data.extensions['hmac-secret']) > 4.5 + assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.5 if len(salts) == 2: assert shannon_entropy(auth.authenticator_data.extensions['hmac-secret']) > 5.4 - assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.6 - assert shannon_entropy(ext["hmacGetSecret"]['output2']) > 4.6 + assert shannon_entropy(ext["hmacGetSecret"]['output1']) > 4.5 + assert shannon_entropy(ext["hmacGetSecret"]['output2']) > 4.5 def get_output(device, MCHmacSecret, hmac, salts): hout = {'salt1':salts[0]} -- 2.34.1 From 8ba9116454597dc4e4d4c2872aac13a95df9a9a2 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 25 Aug 2024 01:30:54 +0200 Subject: [PATCH 066/127] Fix test Signed-off-by: Pol Henarejos --- tests/pico-fido/test_055_hid.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/pico-fido/test_055_hid.py b/tests/pico-fido/test_055_hid.py index 1f38d99..e8b4702 100644 --- a/tests/pico-fido/test_055_hid.py +++ b/tests/pico-fido/test_055_hid.py @@ -196,16 +196,13 @@ class TestHID(object): device.set_cid(cid2) # send ping on 2nd channel device.send_raw("\x81\x00\x39") - time.sleep(0.1) - device.send_raw("\x00") - cmd, r = device.recv_raw() # busy response + time.sleep(0.1) + device.set_cid(cid1) # finish 1st channel ping device.send_raw("\x00") - device.set_cid(cid2) - assert cmd == 0xBF assert r[0] == CtapError.ERR.CHANNEL_BUSY @@ -213,9 +210,11 @@ class TestHID(object): cmd, r = device.recv_raw() # ping response assert cmd == 0x81 assert len(r) == 0x39 + cmd, r = device.recv_raw() # ping response def test_cid_0(self, device): device.reset() + time.sleep(0.1) device.set_cid(b"\x00\x00\x00\x00") device.send_raw( "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\x00\x00\x00\x00" -- 2.34.1 From f234b0dc266b2717cc67b3771f606d99b82e9cff Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 25 Aug 2024 01:31:19 +0200 Subject: [PATCH 067/127] Fix emulation run Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 7a88a2b..ac2a6c1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 7a88a2b8e74780e3d5f5a48fb5d5705fbff2d940 +Subproject commit ac2a6c10521367a850668e427afce087251ed1d1 -- 2.34.1 From 02556fcde1592d73a16c646f93dad21910e9b218 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 25 Aug 2024 20:21:43 +0200 Subject: [PATCH 068/127] Fix buffer initialization. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_get_assertion.c | 30 ++++++++++++++++++++---------- src/fido/cbor_make_credential.c | 12 ++++++------ src/fido/ctap2_cbor.h | 2 +- 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index ac2a6c1..956f476 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit ac2a6c10521367a850668e427afce087251ed1d1 +Subproject commit 956f476872e25603ee063b776e3da280670cb15e diff --git a/src/fido/cbor_get_assertion.c b/src/fido/cbor_get_assertion.c index db1f126..22854d7 100644 --- a/src/fido/cbor_get_assertion.c +++ b/src/fido/cbor_get_assertion.c @@ -203,7 +203,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } uint8_t flags = 0; - uint8_t rp_id_hash[32]; + uint8_t rp_id_hash[32] = {0}; mbedtls_sha256((uint8_t *) rpId.data, rpId.len, rp_id_hash, 0); bool resident = false; @@ -323,11 +323,21 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { credential_free(&creds[i]); } else { - creds[numberOfCredentials++] = creds[i]; + if (numberOfCredentials != i) { + creds[numberOfCredentials++] = creds[i]; + } + else { + numberOfCredentials++; + } } } else { - creds[numberOfCredentials++] = creds[i]; + if (numberOfCredentials != i) { + creds[numberOfCredentials++] = creds[i]; + } + else { + numberOfCredentials++; + } } } } @@ -399,7 +409,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } int ret = 0; - uint8_t largeBlobKey[32]; + uint8_t largeBlobKey[32] = {0}; if (extensions.largeBlobKey == ptrue && selcred->extensions.largeBlobKey == ptrue) { ret = credential_derive_large_blob_key(selcred->id.data, selcred->id.len, largeBlobKey); if (ret != 0) { @@ -408,7 +418,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } size_t ext_len = 0; - uint8_t ext[512]; + uint8_t ext[512] = {0}; if (extensions.present == true) { cbor_encoder_init(&encoder, ext, sizeof(ext), 0); int l = 0; @@ -439,7 +449,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "hmac-secret")); - uint8_t sharedSecret[64]; + uint8_t sharedSecret[64] = {0}; mbedtls_ecp_point Qp; mbedtls_ecp_point_init(&Qp); mbedtls_mpi_lset(&Qp.Z, 1); @@ -461,13 +471,13 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP2_ERR_EXTENSION_FIRST); } - uint8_t salt_dec[64], poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE; + uint8_t salt_dec[64] = {0}, poff = ((uint8_t)hmacSecretPinUvAuthProtocol - 1) * IV_SIZE; ret = decrypt((uint8_t)hmacSecretPinUvAuthProtocol, sharedSecret, salt_enc.data, (uint16_t)salt_enc.len, salt_dec); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - uint8_t cred_random[64], *crd = NULL; + uint8_t cred_random[64] = {0}, *crd = NULL; ret = credential_derive_hmac_key(selcred->id.data, selcred->id.len, cred_random); if (ret != 0) { mbedtls_platform_zeroize(sharedSecret, sizeof(sharedSecret)); @@ -479,7 +489,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { else { crd = cred_random; } - uint8_t out1[64], hmac_res[80]; + uint8_t out1[64] = {0}, hmac_res[80] = {0}; mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec, 32, out1); if ((uint8_t)salt_enc.len == 64 + poff) { mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), crd, 32, salt_dec + 32, 32, out1 + 32); @@ -519,7 +529,7 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) { } memcpy(pa, clientDataHash.data, clientDataHash.len); - uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN]; + uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0}; const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); mbedtls_ecdsa_context ekey; mbedtls_ecdsa_init(&ekey); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index effa18f..2a99b08 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -162,7 +162,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_PARSE_MAP_END(map, 1); uint8_t flags = FIDO2_AUT_FLAG_AT; - uint8_t rp_id_hash[32]; + uint8_t rp_id_hash[32] = {0}; mbedtls_sha256((uint8_t *) rp.id.data, rp.id.len, rp_id_hash, 0); if (pinUvAuthParam.present == true) { @@ -320,7 +320,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { const known_app_t *ka = find_app_by_rp_id_hash(rp_id_hash); - uint8_t cred_id[MAX_CRED_ID_LENGTH]; + uint8_t cred_id[MAX_CRED_ID_LENGTH] = {0}; size_t cred_id_len = 0; CBOR_CHECK(credential_create(&rp.id, &user.id, &user.parent.name, &user.displayName, &options, @@ -331,7 +331,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { flags |= FIDO2_AUT_FLAG_UV; } size_t ext_len = 0; - uint8_t ext[512]; + uint8_t ext[512] = {0}; CborEncoder encoder, mapEncoder, mapEncoder2; if (extensions.present == true) { cbor_encoder_init(&encoder, ext, sizeof(ext), 0); @@ -400,7 +400,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } size_t olen = 0; uint32_t ctr = get_sign_counter(); - uint8_t cbor_buf[1024]; + uint8_t cbor_buf[1024] = {0}; cbor_encoder_init(&encoder, cbor_buf, sizeof(cbor_buf), 0); CBOR_CHECK(COSE_key(&ekey, &encoder, &mapEncoder)); size_t rs = cbor_encoder_get_buffer_size(&encoder, cbor_buf); @@ -426,7 +426,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { } memcpy(pa, clientDataHash.data, clientDataHash.len); - uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN]; + uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0}; const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) { md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); @@ -447,7 +447,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); mbedtls_ecdsa_free(&ekey); - uint8_t largeBlobKey[32]; + uint8_t largeBlobKey[32] = {0}; if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { ret = credential_derive_large_blob_key(cred_id, cred_id_len, largeBlobKey); if (ret != 0) { diff --git a/src/fido/ctap2_cbor.h b/src/fido/ctap2_cbor.h index 84723da..abcc695 100644 --- a/src/fido/ctap2_cbor.h +++ b/src/fido/ctap2_cbor.h @@ -159,7 +159,7 @@ typedef struct CborCharString { #define CBOR_FIELD_GET_KEY_TEXT(_n) \ CBOR_ASSERT(cbor_value_is_text_string(&(_f##_n)) == true); \ - char _fd##_n[64]; \ + char _fd##_n[64] = {0}; \ size_t _fdl##_n = sizeof(_fd##_n); \ CBOR_CHECK(cbor_value_copy_text_string(&(_f##_n), _fd##_n, &_fdl##_n, &(_f##_n))) -- 2.34.1 From b77277b72e21738833a240958df29069133d64b8 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 29 Aug 2024 16:57:59 +0200 Subject: [PATCH 069/127] Add RP2350 support. Signed-off-by: Pol Henarejos --- CMakeLists.txt | 3 +-- pico-keys-sdk | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5bfde7a..89f4936 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -159,7 +159,6 @@ if(ENABLE_EMULATION) endif (APPLE) target_link_libraries(pico_fido PRIVATE pthread m) else() -pico_add_extra_outputs(pico_fido) -target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) +target_link_libraries(pico_fido PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id pico_aon_timer tinyusb_device tinyusb_board) endif() endif() diff --git a/pico-keys-sdk b/pico-keys-sdk index 956f476..4cf8d77 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 956f476872e25603ee063b776e3da280670cb15e +Subproject commit 4cf8d7760946162f63ade189140fa71f3e35d2a1 -- 2.34.1 From 4f787eaabac509e876cff85fd692cc17cdafaa17 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 30 Aug 2024 00:34:14 +0200 Subject: [PATCH 070/127] Fix otp in Pico Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 4cf8d77..f8c4106 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 4cf8d7760946162f63ade189140fa71f3e35d2a1 +Subproject commit f8c4106367052c59717f6bac81b70e716a2ea25c -- 2.34.1 From c1e985c9afbba500f73161fc875fc0df288d2e25 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 30 Aug 2024 12:42:33 +0200 Subject: [PATCH 071/127] Use mutex/semaphores for emulation, like in Pico and ESP. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index f8c4106..3235cd8 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit f8c4106367052c59717f6bac81b70e716a2ea25c +Subproject commit 3235cd8595366881ad6c317a007b78a64c87c824 -- 2.34.1 From de1c50db4f344a4d3cb562e073f59611a2b91dcf Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 30 Aug 2024 14:47:22 +0200 Subject: [PATCH 072/127] Replace sdkconfig Signed-off-by: Pol Henarejos --- sdkconfig | 2243 -------------------------------------------- sdkconfig.defaults | 53 ++ 2 files changed, 53 insertions(+), 2243 deletions(-) delete mode 100644 sdkconfig create mode 100644 sdkconfig.defaults diff --git a/sdkconfig b/sdkconfig deleted file mode 100644 index 13ea585..0000000 --- a/sdkconfig +++ /dev/null @@ -1,2243 +0,0 @@ -# -# Automatically generated file. DO NOT EDIT. -# Espressif IoT Development Framework (ESP-IDF) 5.3.0 Project Configuration -# -CONFIG_SOC_MPU_MIN_REGION_SIZE=0x20000000 -CONFIG_SOC_MPU_REGIONS_MAX_NUM=8 -CONFIG_SOC_ADC_SUPPORTED=y -CONFIG_SOC_UART_SUPPORTED=y -CONFIG_SOC_PCNT_SUPPORTED=y -CONFIG_SOC_PHY_SUPPORTED=y -CONFIG_SOC_WIFI_SUPPORTED=y -CONFIG_SOC_TWAI_SUPPORTED=y -CONFIG_SOC_GDMA_SUPPORTED=y -CONFIG_SOC_AHB_GDMA_SUPPORTED=y -CONFIG_SOC_GPTIMER_SUPPORTED=y -CONFIG_SOC_LCDCAM_SUPPORTED=y -CONFIG_SOC_MCPWM_SUPPORTED=y -CONFIG_SOC_DEDICATED_GPIO_SUPPORTED=y -CONFIG_SOC_CACHE_SUPPORT_WRAP=y -CONFIG_SOC_ULP_SUPPORTED=y -CONFIG_SOC_ULP_FSM_SUPPORTED=y -CONFIG_SOC_RISCV_COPROC_SUPPORTED=y -CONFIG_SOC_BT_SUPPORTED=y -CONFIG_SOC_USB_OTG_SUPPORTED=y -CONFIG_SOC_USB_SERIAL_JTAG_SUPPORTED=y -CONFIG_SOC_CCOMP_TIMER_SUPPORTED=y -CONFIG_SOC_ASYNC_MEMCPY_SUPPORTED=y -CONFIG_SOC_SUPPORTS_SECURE_DL_MODE=y -CONFIG_SOC_EFUSE_KEY_PURPOSE_FIELD=y -CONFIG_SOC_EFUSE_SUPPORTED=y -CONFIG_SOC_SDMMC_HOST_SUPPORTED=y -CONFIG_SOC_RTC_FAST_MEM_SUPPORTED=y -CONFIG_SOC_RTC_SLOW_MEM_SUPPORTED=y -CONFIG_SOC_RTC_MEM_SUPPORTED=y -CONFIG_SOC_PSRAM_DMA_CAPABLE=y -CONFIG_SOC_XT_WDT_SUPPORTED=y -CONFIG_SOC_I2S_SUPPORTED=y -CONFIG_SOC_RMT_SUPPORTED=y -CONFIG_SOC_SDM_SUPPORTED=y -CONFIG_SOC_GPSPI_SUPPORTED=y -CONFIG_SOC_LEDC_SUPPORTED=y -CONFIG_SOC_I2C_SUPPORTED=y -CONFIG_SOC_SYSTIMER_SUPPORTED=y -CONFIG_SOC_SUPPORT_COEXISTENCE=y -CONFIG_SOC_TEMP_SENSOR_SUPPORTED=y -CONFIG_SOC_AES_SUPPORTED=y -CONFIG_SOC_MPI_SUPPORTED=y -CONFIG_SOC_SHA_SUPPORTED=y -CONFIG_SOC_HMAC_SUPPORTED=y -CONFIG_SOC_DIG_SIGN_SUPPORTED=y -CONFIG_SOC_FLASH_ENC_SUPPORTED=y -CONFIG_SOC_SECURE_BOOT_SUPPORTED=y -CONFIG_SOC_MEMPROT_SUPPORTED=y -CONFIG_SOC_TOUCH_SENSOR_SUPPORTED=y -CONFIG_SOC_BOD_SUPPORTED=y -CONFIG_SOC_CLK_TREE_SUPPORTED=y -CONFIG_SOC_MPU_SUPPORTED=y -CONFIG_SOC_WDT_SUPPORTED=y -CONFIG_SOC_SPI_FLASH_SUPPORTED=y -CONFIG_SOC_RNG_SUPPORTED=y -CONFIG_SOC_LIGHT_SLEEP_SUPPORTED=y -CONFIG_SOC_DEEP_SLEEP_SUPPORTED=y -CONFIG_SOC_LP_PERIPH_SHARE_INTERRUPT=y -CONFIG_SOC_PM_SUPPORTED=y -CONFIG_SOC_XTAL_SUPPORT_40M=y -CONFIG_SOC_APPCPU_HAS_CLOCK_GATING_BUG=y -CONFIG_SOC_ADC_RTC_CTRL_SUPPORTED=y -CONFIG_SOC_ADC_DIG_CTRL_SUPPORTED=y -CONFIG_SOC_ADC_ARBITER_SUPPORTED=y -CONFIG_SOC_ADC_DIG_IIR_FILTER_SUPPORTED=y -CONFIG_SOC_ADC_MONITOR_SUPPORTED=y -CONFIG_SOC_ADC_DMA_SUPPORTED=y -CONFIG_SOC_ADC_PERIPH_NUM=2 -CONFIG_SOC_ADC_MAX_CHANNEL_NUM=10 -CONFIG_SOC_ADC_ATTEN_NUM=4 -CONFIG_SOC_ADC_DIGI_CONTROLLER_NUM=2 -CONFIG_SOC_ADC_PATT_LEN_MAX=24 -CONFIG_SOC_ADC_DIGI_MIN_BITWIDTH=12 -CONFIG_SOC_ADC_DIGI_MAX_BITWIDTH=12 -CONFIG_SOC_ADC_DIGI_RESULT_BYTES=4 -CONFIG_SOC_ADC_DIGI_DATA_BYTES_PER_CONV=4 -CONFIG_SOC_ADC_DIGI_IIR_FILTER_NUM=2 -CONFIG_SOC_ADC_DIGI_MONITOR_NUM=2 -CONFIG_SOC_ADC_SAMPLE_FREQ_THRES_HIGH=83333 -CONFIG_SOC_ADC_SAMPLE_FREQ_THRES_LOW=611 -CONFIG_SOC_ADC_RTC_MIN_BITWIDTH=12 -CONFIG_SOC_ADC_RTC_MAX_BITWIDTH=12 -CONFIG_SOC_ADC_CALIBRATION_V1_SUPPORTED=y -CONFIG_SOC_ADC_SELF_HW_CALI_SUPPORTED=y -CONFIG_SOC_ADC_SHARED_POWER=y -CONFIG_SOC_APB_BACKUP_DMA=y -CONFIG_SOC_BROWNOUT_RESET_SUPPORTED=y -CONFIG_SOC_CACHE_WRITEBACK_SUPPORTED=y -CONFIG_SOC_CACHE_FREEZE_SUPPORTED=y -CONFIG_SOC_CPU_CORES_NUM=2 -CONFIG_SOC_CPU_INTR_NUM=32 -CONFIG_SOC_CPU_HAS_FPU=y -CONFIG_SOC_HP_CPU_HAS_MULTIPLE_CORES=y -CONFIG_SOC_CPU_BREAKPOINTS_NUM=2 -CONFIG_SOC_CPU_WATCHPOINTS_NUM=2 -CONFIG_SOC_CPU_WATCHPOINT_MAX_REGION_SIZE=64 -CONFIG_SOC_DS_SIGNATURE_MAX_BIT_LEN=4096 -CONFIG_SOC_DS_KEY_PARAM_MD_IV_LENGTH=16 -CONFIG_SOC_DS_KEY_CHECK_MAX_WAIT_US=1100 -CONFIG_SOC_AHB_GDMA_VERSION=1 -CONFIG_SOC_GDMA_NUM_GROUPS_MAX=1 -CONFIG_SOC_GDMA_PAIRS_PER_GROUP=5 -CONFIG_SOC_GDMA_PAIRS_PER_GROUP_MAX=5 -CONFIG_SOC_AHB_GDMA_SUPPORT_PSRAM=y -CONFIG_SOC_GPIO_PORT=1 -CONFIG_SOC_GPIO_PIN_COUNT=49 -CONFIG_SOC_GPIO_SUPPORT_PIN_GLITCH_FILTER=y -CONFIG_SOC_GPIO_FILTER_CLK_SUPPORT_APB=y -CONFIG_SOC_GPIO_SUPPORT_RTC_INDEPENDENT=y -CONFIG_SOC_GPIO_SUPPORT_FORCE_HOLD=y -CONFIG_SOC_GPIO_VALID_GPIO_MASK=0x1FFFFFFFFFFFF -CONFIG_SOC_GPIO_IN_RANGE_MAX=48 -CONFIG_SOC_GPIO_OUT_RANGE_MAX=48 -CONFIG_SOC_GPIO_VALID_DIGITAL_IO_PAD_MASK=0x0001FFFFFC000000 -CONFIG_SOC_GPIO_CLOCKOUT_BY_IO_MUX=y -CONFIG_SOC_GPIO_CLOCKOUT_CHANNEL_NUM=3 -CONFIG_SOC_DEDIC_GPIO_OUT_CHANNELS_NUM=8 -CONFIG_SOC_DEDIC_GPIO_IN_CHANNELS_NUM=8 -CONFIG_SOC_DEDIC_GPIO_OUT_AUTO_ENABLE=y -CONFIG_SOC_I2C_NUM=2 -CONFIG_SOC_HP_I2C_NUM=2 -CONFIG_SOC_I2C_FIFO_LEN=32 -CONFIG_SOC_I2C_CMD_REG_NUM=8 -CONFIG_SOC_I2C_SUPPORT_SLAVE=y -CONFIG_SOC_I2C_SUPPORT_HW_CLR_BUS=y -CONFIG_SOC_I2C_SUPPORT_XTAL=y -CONFIG_SOC_I2C_SUPPORT_RTC=y -CONFIG_SOC_I2C_SUPPORT_10BIT_ADDR=y -CONFIG_SOC_I2C_SLAVE_SUPPORT_BROADCAST=y -CONFIG_SOC_I2C_SLAVE_SUPPORT_I2CRAM_ACCESS=y -CONFIG_SOC_I2S_NUM=2 -CONFIG_SOC_I2S_HW_VERSION_2=y -CONFIG_SOC_I2S_SUPPORTS_XTAL=y -CONFIG_SOC_I2S_SUPPORTS_PLL_F160M=y -CONFIG_SOC_I2S_SUPPORTS_PCM=y -CONFIG_SOC_I2S_SUPPORTS_PDM=y -CONFIG_SOC_I2S_SUPPORTS_PDM_TX=y -CONFIG_SOC_I2S_PDM_MAX_TX_LINES=2 -CONFIG_SOC_I2S_SUPPORTS_PDM_RX=y -CONFIG_SOC_I2S_PDM_MAX_RX_LINES=4 -CONFIG_SOC_I2S_SUPPORTS_TDM=y -CONFIG_SOC_LEDC_SUPPORT_APB_CLOCK=y -CONFIG_SOC_LEDC_SUPPORT_XTAL_CLOCK=y -CONFIG_SOC_LEDC_CHANNEL_NUM=8 -CONFIG_SOC_LEDC_TIMER_BIT_WIDTH=14 -CONFIG_SOC_LEDC_SUPPORT_FADE_STOP=y -CONFIG_SOC_MCPWM_GROUPS=2 -CONFIG_SOC_MCPWM_TIMERS_PER_GROUP=3 -CONFIG_SOC_MCPWM_OPERATORS_PER_GROUP=3 -CONFIG_SOC_MCPWM_COMPARATORS_PER_OPERATOR=2 -CONFIG_SOC_MCPWM_GENERATORS_PER_OPERATOR=2 -CONFIG_SOC_MCPWM_TRIGGERS_PER_OPERATOR=2 -CONFIG_SOC_MCPWM_GPIO_FAULTS_PER_GROUP=3 -CONFIG_SOC_MCPWM_CAPTURE_TIMERS_PER_GROUP=y -CONFIG_SOC_MCPWM_CAPTURE_CHANNELS_PER_TIMER=3 -CONFIG_SOC_MCPWM_GPIO_SYNCHROS_PER_GROUP=3 -CONFIG_SOC_MCPWM_SWSYNC_CAN_PROPAGATE=y -CONFIG_SOC_MMU_LINEAR_ADDRESS_REGION_NUM=1 -CONFIG_SOC_MMU_PERIPH_NUM=1 -CONFIG_SOC_PCNT_GROUPS=1 -CONFIG_SOC_PCNT_UNITS_PER_GROUP=4 -CONFIG_SOC_PCNT_CHANNELS_PER_UNIT=2 -CONFIG_SOC_PCNT_THRES_POINT_PER_UNIT=2 -CONFIG_SOC_RMT_GROUPS=1 -CONFIG_SOC_RMT_TX_CANDIDATES_PER_GROUP=4 -CONFIG_SOC_RMT_RX_CANDIDATES_PER_GROUP=4 -CONFIG_SOC_RMT_CHANNELS_PER_GROUP=8 -CONFIG_SOC_RMT_MEM_WORDS_PER_CHANNEL=48 -CONFIG_SOC_RMT_SUPPORT_RX_PINGPONG=y -CONFIG_SOC_RMT_SUPPORT_RX_DEMODULATION=y -CONFIG_SOC_RMT_SUPPORT_TX_ASYNC_STOP=y -CONFIG_SOC_RMT_SUPPORT_TX_LOOP_COUNT=y -CONFIG_SOC_RMT_SUPPORT_TX_LOOP_AUTO_STOP=y -CONFIG_SOC_RMT_SUPPORT_TX_SYNCHRO=y -CONFIG_SOC_RMT_SUPPORT_TX_CARRIER_DATA_ONLY=y -CONFIG_SOC_RMT_SUPPORT_XTAL=y -CONFIG_SOC_RMT_SUPPORT_RC_FAST=y -CONFIG_SOC_RMT_SUPPORT_APB=y -CONFIG_SOC_RMT_SUPPORT_DMA=y -CONFIG_SOC_LCD_I80_SUPPORTED=y -CONFIG_SOC_LCD_RGB_SUPPORTED=y -CONFIG_SOC_LCD_I80_BUSES=1 -CONFIG_SOC_LCD_RGB_PANELS=1 -CONFIG_SOC_LCD_I80_BUS_WIDTH=16 -CONFIG_SOC_LCD_RGB_DATA_WIDTH=16 -CONFIG_SOC_LCD_SUPPORT_RGB_YUV_CONV=y -CONFIG_SOC_RTC_CNTL_CPU_PD_DMA_BUS_WIDTH=128 -CONFIG_SOC_RTC_CNTL_CPU_PD_REG_FILE_NUM=549 -CONFIG_SOC_RTC_CNTL_TAGMEM_PD_DMA_BUS_WIDTH=128 -CONFIG_SOC_RTCIO_PIN_COUNT=22 -CONFIG_SOC_RTCIO_INPUT_OUTPUT_SUPPORTED=y -CONFIG_SOC_RTCIO_HOLD_SUPPORTED=y -CONFIG_SOC_RTCIO_WAKE_SUPPORTED=y -CONFIG_SOC_SDM_GROUPS=y -CONFIG_SOC_SDM_CHANNELS_PER_GROUP=8 -CONFIG_SOC_SDM_CLK_SUPPORT_APB=y -CONFIG_SOC_SPI_PERIPH_NUM=3 -CONFIG_SOC_SPI_MAX_CS_NUM=6 -CONFIG_SOC_SPI_MAXIMUM_BUFFER_SIZE=64 -CONFIG_SOC_SPI_SUPPORT_DDRCLK=y -CONFIG_SOC_SPI_SLAVE_SUPPORT_SEG_TRANS=y -CONFIG_SOC_SPI_SUPPORT_CD_SIG=y -CONFIG_SOC_SPI_SUPPORT_CONTINUOUS_TRANS=y -CONFIG_SOC_SPI_SUPPORT_SLAVE_HD_VER2=y -CONFIG_SOC_SPI_SUPPORT_CLK_APB=y -CONFIG_SOC_SPI_SUPPORT_CLK_XTAL=y -CONFIG_SOC_SPI_PERIPH_SUPPORT_CONTROL_DUMMY_OUT=y -CONFIG_SOC_MEMSPI_IS_INDEPENDENT=y -CONFIG_SOC_SPI_MAX_PRE_DIVIDER=16 -CONFIG_SOC_SPI_SUPPORT_OCT=y -CONFIG_SOC_SPI_SCT_SUPPORTED=y -CONFIG_SOC_SPI_SCT_REG_NUM=14 -CONFIG_SOC_SPI_SCT_BUFFER_NUM_MAX=y -CONFIG_SOC_SPI_SCT_CONF_BITLEN_MAX=0x3FFFA -CONFIG_SOC_MEMSPI_SRC_FREQ_120M=y -CONFIG_SOC_MEMSPI_SRC_FREQ_80M_SUPPORTED=y -CONFIG_SOC_MEMSPI_SRC_FREQ_40M_SUPPORTED=y -CONFIG_SOC_MEMSPI_SRC_FREQ_20M_SUPPORTED=y -CONFIG_SOC_SPIRAM_SUPPORTED=y -CONFIG_SOC_SPIRAM_XIP_SUPPORTED=y -CONFIG_SOC_SYSTIMER_COUNTER_NUM=2 -CONFIG_SOC_SYSTIMER_ALARM_NUM=3 -CONFIG_SOC_SYSTIMER_BIT_WIDTH_LO=32 -CONFIG_SOC_SYSTIMER_BIT_WIDTH_HI=20 -CONFIG_SOC_SYSTIMER_FIXED_DIVIDER=y -CONFIG_SOC_SYSTIMER_INT_LEVEL=y -CONFIG_SOC_SYSTIMER_ALARM_MISS_COMPENSATE=y -CONFIG_SOC_TIMER_GROUPS=2 -CONFIG_SOC_TIMER_GROUP_TIMERS_PER_GROUP=2 -CONFIG_SOC_TIMER_GROUP_COUNTER_BIT_WIDTH=54 -CONFIG_SOC_TIMER_GROUP_SUPPORT_XTAL=y -CONFIG_SOC_TIMER_GROUP_SUPPORT_APB=y -CONFIG_SOC_TIMER_GROUP_TOTAL_TIMERS=4 -CONFIG_SOC_TOUCH_SENSOR_VERSION=2 -CONFIG_SOC_TOUCH_SENSOR_NUM=15 -CONFIG_SOC_TOUCH_PROXIMITY_CHANNEL_NUM=3 -CONFIG_SOC_TOUCH_PROXIMITY_MEAS_DONE_SUPPORTED=y -CONFIG_SOC_TOUCH_SAMPLER_NUM=1 -CONFIG_SOC_TWAI_CONTROLLER_NUM=1 -CONFIG_SOC_TWAI_CLK_SUPPORT_APB=y -CONFIG_SOC_TWAI_BRP_MIN=2 -CONFIG_SOC_TWAI_BRP_MAX=16384 -CONFIG_SOC_TWAI_SUPPORTS_RX_STATUS=y -CONFIG_SOC_UART_NUM=3 -CONFIG_SOC_UART_HP_NUM=3 -CONFIG_SOC_UART_FIFO_LEN=128 -CONFIG_SOC_UART_BITRATE_MAX=5000000 -CONFIG_SOC_UART_SUPPORT_FSM_TX_WAIT_SEND=y -CONFIG_SOC_UART_SUPPORT_WAKEUP_INT=y -CONFIG_SOC_UART_SUPPORT_APB_CLK=y -CONFIG_SOC_UART_SUPPORT_RTC_CLK=y -CONFIG_SOC_UART_SUPPORT_XTAL_CLK=y -CONFIG_SOC_USB_OTG_PERIPH_NUM=1 -CONFIG_SOC_SHA_DMA_MAX_BUFFER_SIZE=3968 -CONFIG_SOC_SHA_SUPPORT_DMA=y -CONFIG_SOC_SHA_SUPPORT_RESUME=y -CONFIG_SOC_SHA_GDMA=y -CONFIG_SOC_SHA_SUPPORT_SHA1=y -CONFIG_SOC_SHA_SUPPORT_SHA224=y -CONFIG_SOC_SHA_SUPPORT_SHA256=y -CONFIG_SOC_SHA_SUPPORT_SHA384=y -CONFIG_SOC_SHA_SUPPORT_SHA512=y -CONFIG_SOC_SHA_SUPPORT_SHA512_224=y -CONFIG_SOC_SHA_SUPPORT_SHA512_256=y -CONFIG_SOC_SHA_SUPPORT_SHA512_T=y -CONFIG_SOC_MPI_MEM_BLOCKS_NUM=4 -CONFIG_SOC_MPI_OPERATIONS_NUM=3 -CONFIG_SOC_RSA_MAX_BIT_LEN=4096 -CONFIG_SOC_AES_SUPPORT_DMA=y -CONFIG_SOC_AES_GDMA=y -CONFIG_SOC_AES_SUPPORT_AES_128=y -CONFIG_SOC_AES_SUPPORT_AES_256=y -CONFIG_SOC_PM_SUPPORT_EXT0_WAKEUP=y -CONFIG_SOC_PM_SUPPORT_EXT1_WAKEUP=y -CONFIG_SOC_PM_SUPPORT_EXT_WAKEUP=y -CONFIG_SOC_PM_SUPPORT_WIFI_WAKEUP=y -CONFIG_SOC_PM_SUPPORT_BT_WAKEUP=y -CONFIG_SOC_PM_SUPPORT_TOUCH_SENSOR_WAKEUP=y -CONFIG_SOC_PM_SUPPORT_CPU_PD=y -CONFIG_SOC_PM_SUPPORT_TAGMEM_PD=y -CONFIG_SOC_PM_SUPPORT_RTC_PERIPH_PD=y -CONFIG_SOC_PM_SUPPORT_RC_FAST_PD=y -CONFIG_SOC_PM_SUPPORT_VDDSDIO_PD=y -CONFIG_SOC_PM_SUPPORT_MAC_BB_PD=y -CONFIG_SOC_PM_SUPPORT_MODEM_PD=y -CONFIG_SOC_CONFIGURABLE_VDDSDIO_SUPPORTED=y -CONFIG_SOC_PM_SUPPORT_DEEPSLEEP_CHECK_STUB_ONLY=y -CONFIG_SOC_PM_CPU_RETENTION_BY_RTCCNTL=y -CONFIG_SOC_PM_MODEM_RETENTION_BY_BACKUPDMA=y -CONFIG_SOC_CLK_RC_FAST_D256_SUPPORTED=y -CONFIG_SOC_RTC_SLOW_CLK_SUPPORT_RC_FAST_D256=y -CONFIG_SOC_CLK_RC_FAST_SUPPORT_CALIBRATION=y -CONFIG_SOC_CLK_XTAL32K_SUPPORTED=y -CONFIG_SOC_EFUSE_DIS_DOWNLOAD_ICACHE=y -CONFIG_SOC_EFUSE_DIS_DOWNLOAD_DCACHE=y -CONFIG_SOC_EFUSE_HARD_DIS_JTAG=y -CONFIG_SOC_EFUSE_DIS_USB_JTAG=y -CONFIG_SOC_EFUSE_SOFT_DIS_JTAG=y -CONFIG_SOC_EFUSE_DIS_DIRECT_BOOT=y -CONFIG_SOC_EFUSE_DIS_ICACHE=y -CONFIG_SOC_EFUSE_BLOCK9_KEY_PURPOSE_QUIRK=y -CONFIG_SOC_SECURE_BOOT_V2_RSA=y -CONFIG_SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS=3 -CONFIG_SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS=y -CONFIG_SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY=y -CONFIG_SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX=64 -CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES=y -CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_OPTIONS=y -CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128=y -CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_256=y -CONFIG_SOC_MEMPROT_CPU_PREFETCH_PAD_SIZE=16 -CONFIG_SOC_MEMPROT_MEM_ALIGN_SIZE=256 -CONFIG_SOC_PHY_DIG_REGS_MEM_SIZE=21 -CONFIG_SOC_MAC_BB_PD_MEM_SIZE=192 -CONFIG_SOC_WIFI_LIGHT_SLEEP_CLK_WIDTH=12 -CONFIG_SOC_SPI_MEM_SUPPORT_AUTO_WAIT_IDLE=y -CONFIG_SOC_SPI_MEM_SUPPORT_AUTO_SUSPEND=y -CONFIG_SOC_SPI_MEM_SUPPORT_AUTO_RESUME=y -CONFIG_SOC_SPI_MEM_SUPPORT_SW_SUSPEND=y -CONFIG_SOC_SPI_MEM_SUPPORT_OPI_MODE=y -CONFIG_SOC_SPI_MEM_SUPPORT_TIMING_TUNING=y -CONFIG_SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE=y -CONFIG_SOC_SPI_MEM_SUPPORT_WRAP=y -CONFIG_SOC_MEMSPI_TIMING_TUNING_BY_MSPI_DELAY=y -CONFIG_SOC_MEMSPI_CORE_CLK_SHARED_WITH_PSRAM=y -CONFIG_SOC_COEX_HW_PTI=y -CONFIG_SOC_EXTERNAL_COEX_LEADER_TX_LINE=y -CONFIG_SOC_SDMMC_USE_GPIO_MATRIX=y -CONFIG_SOC_SDMMC_NUM_SLOTS=2 -CONFIG_SOC_SDMMC_SUPPORT_XTAL_CLOCK=y -CONFIG_SOC_SDMMC_DELAY_PHASE_NUM=4 -CONFIG_SOC_TEMPERATURE_SENSOR_SUPPORT_FAST_RC=y -CONFIG_SOC_WIFI_HW_TSF=y -CONFIG_SOC_WIFI_FTM_SUPPORT=y -CONFIG_SOC_WIFI_GCMP_SUPPORT=y -CONFIG_SOC_WIFI_WAPI_SUPPORT=y -CONFIG_SOC_WIFI_CSI_SUPPORT=y -CONFIG_SOC_WIFI_MESH_SUPPORT=y -CONFIG_SOC_WIFI_SUPPORT_VARIABLE_BEACON_WINDOW=y -CONFIG_SOC_WIFI_PHY_NEEDS_USB_WORKAROUND=y -CONFIG_SOC_BLE_SUPPORTED=y -CONFIG_SOC_BLE_MESH_SUPPORTED=y -CONFIG_SOC_BLE_50_SUPPORTED=y -CONFIG_SOC_BLE_DEVICE_PRIVACY_SUPPORTED=y -CONFIG_SOC_BLUFI_SUPPORTED=y -CONFIG_SOC_ULP_HAS_ADC=y -CONFIG_SOC_PHY_COMBO_MODULE=y -CONFIG_IDF_CMAKE=y -CONFIG_IDF_TOOLCHAIN="gcc" -CONFIG_IDF_TARGET_ARCH_XTENSA=y -CONFIG_IDF_TARGET_ARCH="xtensa" -CONFIG_IDF_TARGET="esp32s3" -CONFIG_IDF_INIT_VERSION="5.3.0" -CONFIG_IDF_TARGET_ESP32S3=y -CONFIG_IDF_FIRMWARE_CHIP_ID=0x0009 - -# -# Build type -# -CONFIG_APP_BUILD_TYPE_APP_2NDBOOT=y -# CONFIG_APP_BUILD_TYPE_RAM is not set -CONFIG_APP_BUILD_GENERATE_BINARIES=y -CONFIG_APP_BUILD_BOOTLOADER=y -CONFIG_APP_BUILD_USE_FLASH_SECTIONS=y -# CONFIG_APP_REPRODUCIBLE_BUILD is not set -# CONFIG_APP_NO_BLOBS is not set -# end of Build type - -# -# Bootloader config -# - -# -# Bootloader manager -# -CONFIG_BOOTLOADER_COMPILE_TIME_DATE=y -CONFIG_BOOTLOADER_PROJECT_VER=1 -# end of Bootloader manager - -CONFIG_BOOTLOADER_OFFSET_IN_FLASH=0x0 -CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y -# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_DEBUG is not set -# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_PERF is not set -# CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_NONE is not set -# CONFIG_BOOTLOADER_LOG_LEVEL_NONE is not set -# CONFIG_BOOTLOADER_LOG_LEVEL_ERROR is not set -# CONFIG_BOOTLOADER_LOG_LEVEL_WARN is not set -CONFIG_BOOTLOADER_LOG_LEVEL_INFO=y -# CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG is not set -# CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE is not set -CONFIG_BOOTLOADER_LOG_LEVEL=3 - -# -# Serial Flash Configurations -# -# CONFIG_BOOTLOADER_FLASH_DC_AWARE is not set -CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT=y -# end of Serial Flash Configurations - -CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y -# CONFIG_BOOTLOADER_FACTORY_RESET is not set -# CONFIG_BOOTLOADER_APP_TEST is not set -CONFIG_BOOTLOADER_REGION_PROTECTION_ENABLE=y -CONFIG_BOOTLOADER_WDT_ENABLE=y -# CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE is not set -CONFIG_BOOTLOADER_WDT_TIME_MS=9000 -# CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE is not set -# CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP is not set -# CONFIG_BOOTLOADER_SKIP_VALIDATE_ON_POWER_ON is not set -# CONFIG_BOOTLOADER_SKIP_VALIDATE_ALWAYS is not set -CONFIG_BOOTLOADER_RESERVE_RTC_SIZE=0 -# CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC is not set -# end of Bootloader config - -# -# Security features -# -CONFIG_SECURE_BOOT_V2_RSA_SUPPORTED=y -CONFIG_SECURE_BOOT_V2_PREFERRED=y -# CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT is not set -# CONFIG_SECURE_BOOT is not set -# CONFIG_SECURE_FLASH_ENC_ENABLED is not set -CONFIG_SECURE_ROM_DL_MODE_ENABLED=y -# end of Security features - -# -# Application manager -# -CONFIG_APP_COMPILE_TIME_DATE=y -# CONFIG_APP_EXCLUDE_PROJECT_VER_VAR is not set -# CONFIG_APP_EXCLUDE_PROJECT_NAME_VAR is not set -# CONFIG_APP_PROJECT_VER_FROM_CONFIG is not set -CONFIG_APP_RETRIEVE_LEN_ELF_SHA=9 -# end of Application manager - -CONFIG_ESP_ROM_HAS_CRC_LE=y -CONFIG_ESP_ROM_HAS_CRC_BE=y -CONFIG_ESP_ROM_HAS_MZ_CRC32=y -CONFIG_ESP_ROM_HAS_JPEG_DECODE=y -CONFIG_ESP_ROM_UART_CLK_IS_XTAL=y -CONFIG_ESP_ROM_HAS_RETARGETABLE_LOCKING=y -CONFIG_ESP_ROM_USB_OTG_NUM=3 -CONFIG_ESP_ROM_USB_SERIAL_DEVICE_NUM=4 -CONFIG_ESP_ROM_HAS_ERASE_0_REGION_BUG=y -CONFIG_ESP_ROM_HAS_ENCRYPTED_WRITES_USING_LEGACY_DRV=y -CONFIG_ESP_ROM_GET_CLK_FREQ=y -CONFIG_ESP_ROM_HAS_HAL_WDT=y -CONFIG_ESP_ROM_NEEDS_SWSETUP_WORKAROUND=y -CONFIG_ESP_ROM_HAS_LAYOUT_TABLE=y -CONFIG_ESP_ROM_HAS_SPI_FLASH=y -CONFIG_ESP_ROM_HAS_ETS_PRINTF_BUG=y -CONFIG_ESP_ROM_HAS_NEWLIB=y -CONFIG_ESP_ROM_HAS_NEWLIB_NANO_FORMAT=y -CONFIG_ESP_ROM_HAS_NEWLIB_32BIT_TIME=y -CONFIG_ESP_ROM_NEEDS_SET_CACHE_MMU_SIZE=y -CONFIG_ESP_ROM_RAM_APP_NEEDS_MMU_INIT=y -CONFIG_ESP_ROM_HAS_FLASH_COUNT_PAGES_BUG=y -CONFIG_ESP_ROM_HAS_CACHE_SUSPEND_WAITI_BUG=y -CONFIG_ESP_ROM_HAS_CACHE_WRITEBACK_BUG=y -CONFIG_ESP_ROM_HAS_SW_FLOAT=y -CONFIG_ESP_ROM_HAS_VERSION=y -CONFIG_ESP_ROM_SUPPORT_DEEP_SLEEP_WAKEUP_STUB=y - -# -# Boot ROM Behavior -# -CONFIG_BOOT_ROM_LOG_ALWAYS_ON=y -# CONFIG_BOOT_ROM_LOG_ALWAYS_OFF is not set -# CONFIG_BOOT_ROM_LOG_ON_GPIO_HIGH is not set -# CONFIG_BOOT_ROM_LOG_ON_GPIO_LOW is not set -# end of Boot ROM Behavior - -# -# Serial flasher config -# -# CONFIG_ESPTOOLPY_NO_STUB is not set -# CONFIG_ESPTOOLPY_OCT_FLASH is not set -CONFIG_ESPTOOLPY_FLASH_MODE_AUTO_DETECT=y -# CONFIG_ESPTOOLPY_FLASHMODE_QIO is not set -# CONFIG_ESPTOOLPY_FLASHMODE_QOUT is not set -CONFIG_ESPTOOLPY_FLASHMODE_DIO=y -# CONFIG_ESPTOOLPY_FLASHMODE_DOUT is not set -CONFIG_ESPTOOLPY_FLASH_SAMPLE_MODE_STR=y -CONFIG_ESPTOOLPY_FLASHMODE="dio" -# CONFIG_ESPTOOLPY_FLASHFREQ_120M is not set -CONFIG_ESPTOOLPY_FLASHFREQ_80M=y -# CONFIG_ESPTOOLPY_FLASHFREQ_40M is not set -# CONFIG_ESPTOOLPY_FLASHFREQ_20M is not set -CONFIG_ESPTOOLPY_FLASHFREQ_80M_DEFAULT=y -CONFIG_ESPTOOLPY_FLASHFREQ="80m" -# CONFIG_ESPTOOLPY_FLASHSIZE_1MB is not set -# CONFIG_ESPTOOLPY_FLASHSIZE_2MB is not set -CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y -# CONFIG_ESPTOOLPY_FLASHSIZE_8MB is not set -# CONFIG_ESPTOOLPY_FLASHSIZE_16MB is not set -# CONFIG_ESPTOOLPY_FLASHSIZE_32MB is not set -# CONFIG_ESPTOOLPY_FLASHSIZE_64MB is not set -# CONFIG_ESPTOOLPY_FLASHSIZE_128MB is not set -CONFIG_ESPTOOLPY_FLASHSIZE="4MB" -# CONFIG_ESPTOOLPY_HEADER_FLASHSIZE_UPDATE is not set -CONFIG_ESPTOOLPY_BEFORE_RESET=y -# CONFIG_ESPTOOLPY_BEFORE_NORESET is not set -CONFIG_ESPTOOLPY_BEFORE="default_reset" -CONFIG_ESPTOOLPY_AFTER_RESET=y -# CONFIG_ESPTOOLPY_AFTER_NORESET is not set -CONFIG_ESPTOOLPY_AFTER="hard_reset" -CONFIG_ESPTOOLPY_MONITOR_BAUD=115200 -# end of Serial flasher config - -# -# Partition Table -# -# CONFIG_PARTITION_TABLE_SINGLE_APP is not set -# CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE is not set -# CONFIG_PARTITION_TABLE_TWO_OTA is not set -CONFIG_PARTITION_TABLE_CUSTOM=y -CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv" -CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv" -CONFIG_PARTITION_TABLE_OFFSET=0x8000 -CONFIG_PARTITION_TABLE_MD5=y -# end of Partition Table - -# -# Compiler options -# -CONFIG_COMPILER_OPTIMIZATION_DEBUG=y -# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set -# CONFIG_COMPILER_OPTIMIZATION_PERF is not set -# CONFIG_COMPILER_OPTIMIZATION_NONE is not set -CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y -# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set -# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set -CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y -CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 -# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set -CONFIG_COMPILER_HIDE_PATHS_MACROS=y -# CONFIG_COMPILER_CXX_EXCEPTIONS is not set -# CONFIG_COMPILER_CXX_RTTI is not set -CONFIG_COMPILER_STACK_CHECK_MODE_NONE=y -# CONFIG_COMPILER_STACK_CHECK_MODE_NORM is not set -# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set -# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set -# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set -# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set -# CONFIG_COMPILER_DISABLE_GCC13_WARNINGS is not set -# CONFIG_COMPILER_DUMP_RTL_FILES is not set -CONFIG_COMPILER_RT_LIB_GCCLIB=y -CONFIG_COMPILER_RT_LIB_NAME="gcc" -# CONFIG_COMPILER_ORPHAN_SECTIONS_WARNING is not set -CONFIG_COMPILER_ORPHAN_SECTIONS_PLACE=y -# end of Compiler options - -# -# Component config -# - -# -# Application Level Tracing -# -# CONFIG_APPTRACE_DEST_JTAG is not set -CONFIG_APPTRACE_DEST_NONE=y -# CONFIG_APPTRACE_DEST_UART1 is not set -# CONFIG_APPTRACE_DEST_UART2 is not set -# CONFIG_APPTRACE_DEST_USB_CDC is not set -CONFIG_APPTRACE_DEST_UART_NONE=y -CONFIG_APPTRACE_UART_TASK_PRIO=1 -CONFIG_APPTRACE_LOCK_ENABLE=y -# end of Application Level Tracing - -# -# Bluetooth -# -# CONFIG_BT_ENABLED is not set -CONFIG_BT_ALARM_MAX_NUM=50 -# end of Bluetooth - -# -# Console Library -# -# CONFIG_CONSOLE_SORTED_HELP is not set -# end of Console Library - -# -# Driver Configurations -# - -# -# TWAI Configuration -# -# CONFIG_TWAI_ISR_IN_IRAM is not set -CONFIG_TWAI_ERRATA_FIX_LISTEN_ONLY_DOM=y -# end of TWAI Configuration - -# -# Legacy ADC Driver Configuration -# -# CONFIG_ADC_SUPPRESS_DEPRECATE_WARN is not set - -# -# Legacy ADC Calibration Configuration -# -# CONFIG_ADC_CALI_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy ADC Calibration Configuration -# end of Legacy ADC Driver Configuration - -# -# Legacy MCPWM Driver Configurations -# -# CONFIG_MCPWM_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy MCPWM Driver Configurations - -# -# Legacy Timer Group Driver Configurations -# -# CONFIG_GPTIMER_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy Timer Group Driver Configurations - -# -# Legacy RMT Driver Configurations -# -# CONFIG_RMT_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy RMT Driver Configurations - -# -# Legacy I2S Driver Configurations -# -# CONFIG_I2S_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy I2S Driver Configurations - -# -# Legacy PCNT Driver Configurations -# -# CONFIG_PCNT_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy PCNT Driver Configurations - -# -# Legacy SDM Driver Configurations -# -# CONFIG_SDM_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy SDM Driver Configurations - -# -# Legacy Temperature Sensor Driver Configurations -# -# CONFIG_TEMP_SENSOR_SUPPRESS_DEPRECATE_WARN is not set -# end of Legacy Temperature Sensor Driver Configurations -# end of Driver Configurations - -# -# eFuse Bit Manager -# -# CONFIG_EFUSE_CUSTOM_TABLE is not set -# CONFIG_EFUSE_VIRTUAL is not set -CONFIG_EFUSE_MAX_BLK_LEN=256 -# end of eFuse Bit Manager - -# -# ESP-TLS -# -CONFIG_ESP_TLS_USING_MBEDTLS=y -# CONFIG_ESP_TLS_USE_DS_PERIPHERAL is not set -# CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK is not set -# CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL is not set -# CONFIG_ESP_TLS_PSK_VERIFICATION is not set -# CONFIG_ESP_TLS_INSECURE is not set -# end of ESP-TLS - -# -# ADC and ADC Calibration -# -# CONFIG_ADC_ONESHOT_CTRL_FUNC_IN_IRAM is not set -# CONFIG_ADC_CONTINUOUS_ISR_IRAM_SAFE is not set -# CONFIG_ADC_CONTINUOUS_FORCE_USE_ADC2_ON_C3_S3 is not set -# CONFIG_ADC_ENABLE_DEBUG_LOG is not set -# end of ADC and ADC Calibration - -# -# Wireless Coexistence -# -CONFIG_ESP_COEX_ENABLED=y -# CONFIG_ESP_COEX_EXTERNAL_COEXIST_ENABLE is not set -# end of Wireless Coexistence - -# -# Common ESP-related -# -CONFIG_ESP_ERR_TO_NAME_LOOKUP=y -# end of Common ESP-related - -# -# ESP-Driver:GPIO Configurations -# -# CONFIG_GPIO_CTRL_FUNC_IN_IRAM is not set -# end of ESP-Driver:GPIO Configurations - -# -# ESP-Driver:GPTimer Configurations -# -CONFIG_GPTIMER_ISR_HANDLER_IN_IRAM=y -# CONFIG_GPTIMER_CTRL_FUNC_IN_IRAM is not set -# CONFIG_GPTIMER_ISR_IRAM_SAFE is not set -# CONFIG_GPTIMER_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:GPTimer Configurations - -# -# ESP-Driver:I2C Configurations -# -# CONFIG_I2C_ISR_IRAM_SAFE is not set -# CONFIG_I2C_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:I2C Configurations - -# -# ESP-Driver:I2S Configurations -# -# CONFIG_I2S_ISR_IRAM_SAFE is not set -# CONFIG_I2S_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:I2S Configurations - -# -# ESP-Driver:LEDC Configurations -# -# CONFIG_LEDC_CTRL_FUNC_IN_IRAM is not set -# end of ESP-Driver:LEDC Configurations - -# -# ESP-Driver:MCPWM Configurations -# -# CONFIG_MCPWM_ISR_IRAM_SAFE is not set -# CONFIG_MCPWM_CTRL_FUNC_IN_IRAM is not set -# CONFIG_MCPWM_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:MCPWM Configurations - -# -# ESP-Driver:PCNT Configurations -# -# CONFIG_PCNT_CTRL_FUNC_IN_IRAM is not set -# CONFIG_PCNT_ISR_IRAM_SAFE is not set -# CONFIG_PCNT_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:PCNT Configurations - -# -# ESP-Driver:RMT Configurations -# -# CONFIG_RMT_ISR_IRAM_SAFE is not set -# CONFIG_RMT_RECV_FUNC_IN_IRAM is not set -# CONFIG_RMT_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:RMT Configurations - -# -# ESP-Driver:Sigma Delta Modulator Configurations -# -# CONFIG_SDM_CTRL_FUNC_IN_IRAM is not set -# CONFIG_SDM_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:Sigma Delta Modulator Configurations - -# -# ESP-Driver:SPI Configurations -# -# CONFIG_SPI_MASTER_IN_IRAM is not set -CONFIG_SPI_MASTER_ISR_IN_IRAM=y -# CONFIG_SPI_SLAVE_IN_IRAM is not set -CONFIG_SPI_SLAVE_ISR_IN_IRAM=y -# end of ESP-Driver:SPI Configurations - -# -# ESP-Driver:Temperature Sensor Configurations -# -# CONFIG_TEMP_SENSOR_ENABLE_DEBUG_LOG is not set -# end of ESP-Driver:Temperature Sensor Configurations - -# -# ESP-Driver:UART Configurations -# -# CONFIG_UART_ISR_IN_IRAM is not set -# end of ESP-Driver:UART Configurations - -# -# ESP-Driver:USB Serial/JTAG Configuration -# -CONFIG_USJ_ENABLE_USB_SERIAL_JTAG=y -# end of ESP-Driver:USB Serial/JTAG Configuration - -# -# Ethernet -# -CONFIG_ETH_ENABLED=y -CONFIG_ETH_USE_SPI_ETHERNET=y -# CONFIG_ETH_SPI_ETHERNET_DM9051 is not set -# CONFIG_ETH_SPI_ETHERNET_W5500 is not set -# CONFIG_ETH_SPI_ETHERNET_KSZ8851SNL is not set -# CONFIG_ETH_USE_OPENETH is not set -# CONFIG_ETH_TRANSMIT_MUTEX is not set -# end of Ethernet - -# -# Event Loop Library -# -# CONFIG_ESP_EVENT_LOOP_PROFILING is not set -CONFIG_ESP_EVENT_POST_FROM_ISR=y -CONFIG_ESP_EVENT_POST_FROM_IRAM_ISR=y -# end of Event Loop Library - -# -# GDB Stub -# -CONFIG_ESP_GDBSTUB_ENABLED=y -# CONFIG_ESP_SYSTEM_GDBSTUB_RUNTIME is not set -CONFIG_ESP_GDBSTUB_SUPPORT_TASKS=y -CONFIG_ESP_GDBSTUB_MAX_TASKS=32 -# end of GDB Stub - -# -# ESP HTTP client -# -CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=y -# CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH is not set -# CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH is not set -# CONFIG_ESP_HTTP_CLIENT_ENABLE_CUSTOM_TRANSPORT is not set -# end of ESP HTTP client - -# -# HTTP Server -# -CONFIG_HTTPD_MAX_REQ_HDR_LEN=512 -CONFIG_HTTPD_MAX_URI_LEN=512 -CONFIG_HTTPD_ERR_RESP_NO_DELAY=y -CONFIG_HTTPD_PURGE_BUF_LEN=32 -# CONFIG_HTTPD_LOG_PURGE_DATA is not set -# CONFIG_HTTPD_WS_SUPPORT is not set -# CONFIG_HTTPD_QUEUE_WORK_BLOCKING is not set -# end of HTTP Server - -# -# ESP HTTPS OTA -# -# CONFIG_ESP_HTTPS_OTA_DECRYPT_CB is not set -# CONFIG_ESP_HTTPS_OTA_ALLOW_HTTP is not set -# end of ESP HTTPS OTA - -# -# ESP HTTPS server -# -# end of ESP HTTPS server - -# -# Hardware Settings -# - -# -# Chip revision -# -CONFIG_ESP32S3_REV_MIN_0=y -# CONFIG_ESP32S3_REV_MIN_1 is not set -# CONFIG_ESP32S3_REV_MIN_2 is not set -CONFIG_ESP32S3_REV_MIN_FULL=0 -CONFIG_ESP_REV_MIN_FULL=0 - -# -# Maximum Supported ESP32-S3 Revision (Rev v0.99) -# -CONFIG_ESP32S3_REV_MAX_FULL=99 -CONFIG_ESP_REV_MAX_FULL=99 -# end of Chip revision - -# -# MAC Config -# -CONFIG_ESP_MAC_ADDR_UNIVERSE_WIFI_STA=y -CONFIG_ESP_MAC_ADDR_UNIVERSE_WIFI_AP=y -CONFIG_ESP_MAC_ADDR_UNIVERSE_BT=y -CONFIG_ESP_MAC_ADDR_UNIVERSE_ETH=y -CONFIG_ESP_MAC_UNIVERSAL_MAC_ADDRESSES_FOUR=y -CONFIG_ESP_MAC_UNIVERSAL_MAC_ADDRESSES=4 -# CONFIG_ESP32S3_UNIVERSAL_MAC_ADDRESSES_TWO is not set -CONFIG_ESP32S3_UNIVERSAL_MAC_ADDRESSES_FOUR=y -CONFIG_ESP32S3_UNIVERSAL_MAC_ADDRESSES=4 -# CONFIG_ESP_MAC_USE_CUSTOM_MAC_AS_BASE_MAC is not set -# end of MAC Config - -# -# Sleep Config -# -# CONFIG_ESP_SLEEP_POWER_DOWN_FLASH is not set -CONFIG_ESP_SLEEP_FLASH_LEAKAGE_WORKAROUND=y -CONFIG_ESP_SLEEP_MSPI_NEED_ALL_IO_PU=y -CONFIG_ESP_SLEEP_RTC_BUS_ISO_WORKAROUND=y -CONFIG_ESP_SLEEP_GPIO_RESET_WORKAROUND=y -CONFIG_ESP_SLEEP_WAIT_FLASH_READY_EXTRA_DELAY=2000 -# CONFIG_ESP_SLEEP_CACHE_SAFE_ASSERTION is not set -# CONFIG_ESP_SLEEP_DEBUG is not set -CONFIG_ESP_SLEEP_GPIO_ENABLE_INTERNAL_RESISTORS=y -# end of Sleep Config - -# -# RTC Clock Config -# -CONFIG_RTC_CLK_SRC_INT_RC=y -# CONFIG_RTC_CLK_SRC_EXT_CRYS is not set -# CONFIG_RTC_CLK_SRC_EXT_OSC is not set -# CONFIG_RTC_CLK_SRC_INT_8MD256 is not set -CONFIG_RTC_CLK_CAL_CYCLES=1024 -# end of RTC Clock Config - -# -# Peripheral Control -# -CONFIG_PERIPH_CTRL_FUNC_IN_IRAM=y -# end of Peripheral Control - -# -# GDMA Configurations -# -CONFIG_GDMA_CTRL_FUNC_IN_IRAM=y -# CONFIG_GDMA_ISR_IRAM_SAFE is not set -# CONFIG_GDMA_ENABLE_DEBUG_LOG is not set -# end of GDMA Configurations - -# -# Main XTAL Config -# -CONFIG_XTAL_FREQ_40=y -CONFIG_XTAL_FREQ=40 -# end of Main XTAL Config - -CONFIG_ESP_SPI_BUS_LOCK_ISR_FUNCS_IN_IRAM=y -# end of Hardware Settings - -# -# LCD and Touch Panel -# - -# -# LCD Touch Drivers are maintained in the IDF Component Registry -# - -# -# LCD Peripheral Configuration -# -CONFIG_LCD_PANEL_IO_FORMAT_BUF_SIZE=32 -# CONFIG_LCD_ENABLE_DEBUG_LOG is not set -# CONFIG_LCD_RGB_ISR_IRAM_SAFE is not set -# CONFIG_LCD_RGB_RESTART_IN_VSYNC is not set -# end of LCD Peripheral Configuration -# end of LCD and Touch Panel - -# -# ESP NETIF Adapter -# -CONFIG_ESP_NETIF_IP_LOST_TIMER_INTERVAL=120 -CONFIG_ESP_NETIF_TCPIP_LWIP=y -# CONFIG_ESP_NETIF_LOOPBACK is not set -CONFIG_ESP_NETIF_USES_TCPIP_WITH_BSD_API=y -# CONFIG_ESP_NETIF_RECEIVE_REPORT_ERRORS is not set -# CONFIG_ESP_NETIF_L2_TAP is not set -# CONFIG_ESP_NETIF_BRIDGE_EN is not set -# end of ESP NETIF Adapter - -# -# Partition API Configuration -# -# end of Partition API Configuration - -# -# PHY -# -CONFIG_ESP_PHY_ENABLED=y -CONFIG_ESP_PHY_CALIBRATION_AND_DATA_STORAGE=y -# CONFIG_ESP_PHY_INIT_DATA_IN_PARTITION is not set -CONFIG_ESP_PHY_MAX_WIFI_TX_POWER=20 -CONFIG_ESP_PHY_MAX_TX_POWER=20 -# CONFIG_ESP_PHY_REDUCE_TX_POWER is not set -CONFIG_ESP_PHY_ENABLE_USB=y -# CONFIG_ESP_PHY_ENABLE_CERT_TEST is not set -CONFIG_ESP_PHY_RF_CAL_PARTIAL=y -# CONFIG_ESP_PHY_RF_CAL_NONE is not set -# CONFIG_ESP_PHY_RF_CAL_FULL is not set -CONFIG_ESP_PHY_CALIBRATION_MODE=0 -# CONFIG_ESP_PHY_PLL_TRACK_DEBUG is not set -# end of PHY - -# -# Power Management -# -# CONFIG_PM_ENABLE is not set -CONFIG_PM_POWER_DOWN_CPU_IN_LIGHT_SLEEP=y -CONFIG_PM_RESTORE_CACHE_TAGMEM_AFTER_LIGHT_SLEEP=y -# end of Power Management - -# -# ESP PSRAM -# -# CONFIG_SPIRAM is not set -# end of ESP PSRAM - -# -# ESP Ringbuf -# -# CONFIG_RINGBUF_PLACE_FUNCTIONS_INTO_FLASH is not set -# end of ESP Ringbuf - -# -# ESP System Settings -# -# CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80 is not set -CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160=y -# CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240 is not set -CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ=160 - -# -# Cache config -# -CONFIG_ESP32S3_INSTRUCTION_CACHE_16KB=y -# CONFIG_ESP32S3_INSTRUCTION_CACHE_32KB is not set -CONFIG_ESP32S3_INSTRUCTION_CACHE_SIZE=0x4000 -# CONFIG_ESP32S3_INSTRUCTION_CACHE_4WAYS is not set -CONFIG_ESP32S3_INSTRUCTION_CACHE_8WAYS=y -CONFIG_ESP32S3_ICACHE_ASSOCIATED_WAYS=8 -# CONFIG_ESP32S3_INSTRUCTION_CACHE_LINE_16B is not set -CONFIG_ESP32S3_INSTRUCTION_CACHE_LINE_32B=y -CONFIG_ESP32S3_INSTRUCTION_CACHE_LINE_SIZE=32 -# CONFIG_ESP32S3_DATA_CACHE_16KB is not set -CONFIG_ESP32S3_DATA_CACHE_32KB=y -# CONFIG_ESP32S3_DATA_CACHE_64KB is not set -CONFIG_ESP32S3_DATA_CACHE_SIZE=0x8000 -# CONFIG_ESP32S3_DATA_CACHE_4WAYS is not set -CONFIG_ESP32S3_DATA_CACHE_8WAYS=y -CONFIG_ESP32S3_DCACHE_ASSOCIATED_WAYS=8 -# CONFIG_ESP32S3_DATA_CACHE_LINE_16B is not set -CONFIG_ESP32S3_DATA_CACHE_LINE_32B=y -# CONFIG_ESP32S3_DATA_CACHE_LINE_64B is not set -CONFIG_ESP32S3_DATA_CACHE_LINE_SIZE=32 -# end of Cache config - -# -# Memory -# -# CONFIG_ESP32S3_RTCDATA_IN_FAST_MEM is not set -# CONFIG_ESP32S3_USE_FIXED_STATIC_RAM_SIZE is not set -# end of Memory - -# -# Trace memory -# -# CONFIG_ESP32S3_TRAX is not set -CONFIG_ESP32S3_TRACEMEM_RESERVE_DRAM=0x0 -# end of Trace memory - -# CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT is not set -CONFIG_ESP_SYSTEM_PANIC_PRINT_REBOOT=y -# CONFIG_ESP_SYSTEM_PANIC_SILENT_REBOOT is not set -# CONFIG_ESP_SYSTEM_PANIC_GDBSTUB is not set -CONFIG_ESP_SYSTEM_PANIC_REBOOT_DELAY_SECONDS=0 -CONFIG_ESP_SYSTEM_RTC_FAST_MEM_AS_HEAP_DEPCHECK=y -CONFIG_ESP_SYSTEM_ALLOW_RTC_FAST_MEM_AS_HEAP=y - -# -# Memory protection -# -CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=y -CONFIG_ESP_SYSTEM_MEMPROT_FEATURE_LOCK=y -# end of Memory protection - -CONFIG_ESP_SYSTEM_EVENT_QUEUE_SIZE=32 -CONFIG_ESP_SYSTEM_EVENT_TASK_STACK_SIZE=2304 -CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584 -CONFIG_ESP_MAIN_TASK_AFFINITY_CPU0=y -# CONFIG_ESP_MAIN_TASK_AFFINITY_CPU1 is not set -# CONFIG_ESP_MAIN_TASK_AFFINITY_NO_AFFINITY is not set -CONFIG_ESP_MAIN_TASK_AFFINITY=0x0 -CONFIG_ESP_MINIMAL_SHARED_STACK_SIZE=2048 -CONFIG_ESP_CONSOLE_UART_DEFAULT=y -# CONFIG_ESP_CONSOLE_USB_CDC is not set -# CONFIG_ESP_CONSOLE_USB_SERIAL_JTAG is not set -# CONFIG_ESP_CONSOLE_UART_CUSTOM is not set -# CONFIG_ESP_CONSOLE_NONE is not set -# CONFIG_ESP_CONSOLE_SECONDARY_NONE is not set -CONFIG_ESP_CONSOLE_SECONDARY_USB_SERIAL_JTAG=y -CONFIG_ESP_CONSOLE_USB_SERIAL_JTAG_ENABLED=y -CONFIG_ESP_CONSOLE_UART=y -CONFIG_ESP_CONSOLE_UART_NUM=0 -CONFIG_ESP_CONSOLE_ROM_SERIAL_PORT_NUM=0 -CONFIG_ESP_CONSOLE_UART_BAUDRATE=115200 -CONFIG_ESP_INT_WDT=y -CONFIG_ESP_INT_WDT_TIMEOUT_MS=300 -CONFIG_ESP_INT_WDT_CHECK_CPU1=y -CONFIG_ESP_TASK_WDT_EN=y -CONFIG_ESP_TASK_WDT_INIT=y -# CONFIG_ESP_TASK_WDT_PANIC is not set -CONFIG_ESP_TASK_WDT_TIMEOUT_S=5 -CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=y -CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=y -# CONFIG_ESP_PANIC_HANDLER_IRAM is not set -# CONFIG_ESP_DEBUG_STUBS_ENABLE is not set -CONFIG_ESP_DEBUG_OCDAWARE=y -CONFIG_ESP_SYSTEM_CHECK_INT_LEVEL_4=y - -# -# Brownout Detector -# -CONFIG_ESP_BROWNOUT_DET=y -CONFIG_ESP_BROWNOUT_DET_LVL_SEL_7=y -# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_6 is not set -# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_5 is not set -# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_4 is not set -# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_3 is not set -# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_2 is not set -# CONFIG_ESP_BROWNOUT_DET_LVL_SEL_1 is not set -CONFIG_ESP_BROWNOUT_DET_LVL=7 -# end of Brownout Detector - -CONFIG_ESP_SYSTEM_BROWNOUT_INTR=y -CONFIG_ESP_SYSTEM_BBPLL_RECALIB=y -# end of ESP System Settings - -# -# IPC (Inter-Processor Call) -# -CONFIG_ESP_IPC_TASK_STACK_SIZE=1280 -CONFIG_ESP_IPC_USES_CALLERS_PRIORITY=y -CONFIG_ESP_IPC_ISR_ENABLE=y -# end of IPC (Inter-Processor Call) - -# -# ESP Timer (High Resolution Timer) -# -# CONFIG_ESP_TIMER_PROFILING is not set -CONFIG_ESP_TIME_FUNCS_USE_RTC_TIMER=y -CONFIG_ESP_TIME_FUNCS_USE_ESP_TIMER=y -CONFIG_ESP_TIMER_TASK_STACK_SIZE=3584 -CONFIG_ESP_TIMER_INTERRUPT_LEVEL=1 -# CONFIG_ESP_TIMER_SHOW_EXPERIMENTAL is not set -CONFIG_ESP_TIMER_TASK_AFFINITY=0x0 -CONFIG_ESP_TIMER_TASK_AFFINITY_CPU0=y -CONFIG_ESP_TIMER_ISR_AFFINITY_CPU0=y -# CONFIG_ESP_TIMER_SUPPORTS_ISR_DISPATCH_METHOD is not set -CONFIG_ESP_TIMER_IMPL_SYSTIMER=y -# end of ESP Timer (High Resolution Timer) - -# -# Wi-Fi -# -CONFIG_ESP_WIFI_ENABLED=y -CONFIG_ESP_WIFI_STATIC_RX_BUFFER_NUM=10 -CONFIG_ESP_WIFI_DYNAMIC_RX_BUFFER_NUM=32 -# CONFIG_ESP_WIFI_STATIC_TX_BUFFER is not set -CONFIG_ESP_WIFI_DYNAMIC_TX_BUFFER=y -CONFIG_ESP_WIFI_TX_BUFFER_TYPE=1 -CONFIG_ESP_WIFI_DYNAMIC_TX_BUFFER_NUM=32 -CONFIG_ESP_WIFI_STATIC_RX_MGMT_BUFFER=y -# CONFIG_ESP_WIFI_DYNAMIC_RX_MGMT_BUFFER is not set -CONFIG_ESP_WIFI_DYNAMIC_RX_MGMT_BUF=0 -CONFIG_ESP_WIFI_RX_MGMT_BUF_NUM_DEF=5 -# CONFIG_ESP_WIFI_CSI_ENABLED is not set -CONFIG_ESP_WIFI_AMPDU_TX_ENABLED=y -CONFIG_ESP_WIFI_TX_BA_WIN=6 -CONFIG_ESP_WIFI_AMPDU_RX_ENABLED=y -CONFIG_ESP_WIFI_RX_BA_WIN=6 -CONFIG_ESP_WIFI_NVS_ENABLED=y -CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_0=y -# CONFIG_ESP_WIFI_TASK_PINNED_TO_CORE_1 is not set -CONFIG_ESP_WIFI_SOFTAP_BEACON_MAX_LEN=752 -CONFIG_ESP_WIFI_MGMT_SBUF_NUM=32 -CONFIG_ESP_WIFI_IRAM_OPT=y -# CONFIG_ESP_WIFI_EXTRA_IRAM_OPT is not set -CONFIG_ESP_WIFI_RX_IRAM_OPT=y -# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set -# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set -# CONFIG_ESP_WIFI_SLP_IRAM_OPT is not set -CONFIG_ESP_WIFI_SLP_DEFAULT_MIN_ACTIVE_TIME=50 -CONFIG_ESP_WIFI_SLP_DEFAULT_MAX_ACTIVE_TIME=10 -CONFIG_ESP_WIFI_SLP_DEFAULT_WAIT_BROADCAST_DATA_TIME=15 -# CONFIG_ESP_WIFI_FTM_ENABLE is not set -CONFIG_ESP_WIFI_STA_DISCONNECTED_PM_ENABLE=y -# CONFIG_ESP_WIFI_GCMP_SUPPORT is not set -CONFIG_ESP_WIFI_GMAC_SUPPORT=y -CONFIG_ESP_WIFI_SOFTAP_SUPPORT=y -# CONFIG_ESP_WIFI_SLP_BEACON_LOST_OPT is not set -CONFIG_ESP_WIFI_ESPNOW_MAX_ENCRYPT_NUM=7 -# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set -# CONFIG_ESP_WIFI_WAPI_PSK is not set -# CONFIG_ESP_WIFI_SUITE_B_192 is not set -# CONFIG_ESP_WIFI_11KV_SUPPORT is not set -# CONFIG_ESP_WIFI_MBO_SUPPORT is not set -# CONFIG_ESP_WIFI_DPP_SUPPORT is not set -# CONFIG_ESP_WIFI_11R_SUPPORT is not set -# CONFIG_ESP_WIFI_WPS_SOFTAP_REGISTRAR is not set - -# -# WPS Configuration Options -# -# CONFIG_ESP_WIFI_WPS_STRICT is not set -# CONFIG_ESP_WIFI_WPS_PASSPHRASE is not set -# end of WPS Configuration Options - -# CONFIG_ESP_WIFI_DEBUG_PRINT is not set -# CONFIG_ESP_WIFI_TESTING_OPTIONS is not set -CONFIG_ESP_WIFI_ENTERPRISE_SUPPORT=y -# CONFIG_ESP_WIFI_ENT_FREE_DYNAMIC_BUFFER is not set -# end of Wi-Fi - -# -# Core dump -# -# CONFIG_ESP_COREDUMP_ENABLE_TO_FLASH is not set -CONFIG_ESP_COREDUMP_ENABLE_TO_UART=y -# CONFIG_ESP_COREDUMP_ENABLE_TO_NONE is not set -# CONFIG_ESP_COREDUMP_DATA_FORMAT_BIN is not set -CONFIG_ESP_COREDUMP_DATA_FORMAT_ELF=y -CONFIG_ESP_COREDUMP_CHECKSUM_CRC32=y -# CONFIG_ESP_COREDUMP_CHECKSUM_SHA256 is not set -CONFIG_ESP_COREDUMP_ENABLE=y -CONFIG_ESP_COREDUMP_LOGS=y -CONFIG_ESP_COREDUMP_MAX_TASKS_NUM=64 -CONFIG_ESP_COREDUMP_UART_DELAY=0 -CONFIG_ESP_COREDUMP_STACK_SIZE=0 -CONFIG_ESP_COREDUMP_DECODE_INFO=y -# CONFIG_ESP_COREDUMP_DECODE_DISABLE is not set -CONFIG_ESP_COREDUMP_DECODE="info" -# end of Core dump - -# -# FAT Filesystem support -# -CONFIG_FATFS_VOLUME_COUNT=2 -CONFIG_FATFS_LFN_NONE=y -# CONFIG_FATFS_LFN_HEAP is not set -# CONFIG_FATFS_LFN_STACK is not set -# CONFIG_FATFS_SECTOR_512 is not set -CONFIG_FATFS_SECTOR_4096=y -# CONFIG_FATFS_CODEPAGE_DYNAMIC is not set -CONFIG_FATFS_CODEPAGE_437=y -# CONFIG_FATFS_CODEPAGE_720 is not set -# CONFIG_FATFS_CODEPAGE_737 is not set -# CONFIG_FATFS_CODEPAGE_771 is not set -# CONFIG_FATFS_CODEPAGE_775 is not set -# CONFIG_FATFS_CODEPAGE_850 is not set -# CONFIG_FATFS_CODEPAGE_852 is not set -# CONFIG_FATFS_CODEPAGE_855 is not set -# CONFIG_FATFS_CODEPAGE_857 is not set -# CONFIG_FATFS_CODEPAGE_860 is not set -# CONFIG_FATFS_CODEPAGE_861 is not set -# CONFIG_FATFS_CODEPAGE_862 is not set -# CONFIG_FATFS_CODEPAGE_863 is not set -# CONFIG_FATFS_CODEPAGE_864 is not set -# CONFIG_FATFS_CODEPAGE_865 is not set -# CONFIG_FATFS_CODEPAGE_866 is not set -# CONFIG_FATFS_CODEPAGE_869 is not set -# CONFIG_FATFS_CODEPAGE_932 is not set -# CONFIG_FATFS_CODEPAGE_936 is not set -# CONFIG_FATFS_CODEPAGE_949 is not set -# CONFIG_FATFS_CODEPAGE_950 is not set -CONFIG_FATFS_CODEPAGE=437 -CONFIG_FATFS_FS_LOCK=0 -CONFIG_FATFS_TIMEOUT_MS=10000 -CONFIG_FATFS_PER_FILE_CACHE=y -# CONFIG_FATFS_USE_FASTSEEK is not set -CONFIG_FATFS_VFS_FSTAT_BLKSIZE=0 -# CONFIG_FATFS_IMMEDIATE_FSYNC is not set -# CONFIG_FATFS_USE_LABEL is not set -CONFIG_FATFS_LINK_LOCK=y -# end of FAT Filesystem support - -# -# FreeRTOS -# - -# -# Kernel -# -# CONFIG_FREERTOS_SMP is not set -# CONFIG_FREERTOS_UNICORE is not set -CONFIG_FREERTOS_HZ=100 -# CONFIG_FREERTOS_CHECK_STACKOVERFLOW_NONE is not set -# CONFIG_FREERTOS_CHECK_STACKOVERFLOW_PTRVAL is not set -CONFIG_FREERTOS_CHECK_STACKOVERFLOW_CANARY=y -CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS=1 -CONFIG_FREERTOS_IDLE_TASK_STACKSIZE=1536 -# CONFIG_FREERTOS_USE_IDLE_HOOK is not set -# CONFIG_FREERTOS_USE_TICK_HOOK is not set -CONFIG_FREERTOS_MAX_TASK_NAME_LEN=16 -# CONFIG_FREERTOS_ENABLE_BACKWARD_COMPATIBILITY is not set -CONFIG_FREERTOS_TIMER_SERVICE_TASK_NAME="Tmr Svc" -# CONFIG_FREERTOS_TIMER_TASK_AFFINITY_CPU0 is not set -# CONFIG_FREERTOS_TIMER_TASK_AFFINITY_CPU1 is not set -CONFIG_FREERTOS_TIMER_TASK_NO_AFFINITY=y -CONFIG_FREERTOS_TIMER_SERVICE_TASK_CORE_AFFINITY=0x7FFFFFFF -CONFIG_FREERTOS_TIMER_TASK_PRIORITY=1 -CONFIG_FREERTOS_TIMER_TASK_STACK_DEPTH=2048 -CONFIG_FREERTOS_TIMER_QUEUE_LENGTH=10 -CONFIG_FREERTOS_QUEUE_REGISTRY_SIZE=0 -CONFIG_FREERTOS_TASK_NOTIFICATION_ARRAY_ENTRIES=1 -# CONFIG_FREERTOS_USE_TRACE_FACILITY is not set -# CONFIG_FREERTOS_USE_LIST_DATA_INTEGRITY_CHECK_BYTES is not set -# CONFIG_FREERTOS_GENERATE_RUN_TIME_STATS is not set -# CONFIG_FREERTOS_USE_APPLICATION_TASK_TAG is not set -# end of Kernel - -# -# Port -# -CONFIG_FREERTOS_TASK_FUNCTION_WRAPPER=y -# CONFIG_FREERTOS_WATCHPOINT_END_OF_STACK is not set -CONFIG_FREERTOS_TLSP_DELETION_CALLBACKS=y -# CONFIG_FREERTOS_TASK_PRE_DELETION_HOOK is not set -# CONFIG_FREERTOS_ENABLE_STATIC_TASK_CLEAN_UP is not set -CONFIG_FREERTOS_CHECK_MUTEX_GIVEN_BY_OWNER=y -CONFIG_FREERTOS_ISR_STACKSIZE=2096 -CONFIG_FREERTOS_INTERRUPT_BACKTRACE=y -CONFIG_FREERTOS_TICK_SUPPORT_SYSTIMER=y -CONFIG_FREERTOS_CORETIMER_SYSTIMER_LVL1=y -# CONFIG_FREERTOS_CORETIMER_SYSTIMER_LVL3 is not set -CONFIG_FREERTOS_SYSTICK_USES_SYSTIMER=y -# CONFIG_FREERTOS_PLACE_FUNCTIONS_INTO_FLASH is not set -# CONFIG_FREERTOS_CHECK_PORT_CRITICAL_COMPLIANCE is not set -# end of Port - -CONFIG_FREERTOS_PORT=y -CONFIG_FREERTOS_NO_AFFINITY=0x7FFFFFFF -CONFIG_FREERTOS_SUPPORT_STATIC_ALLOCATION=y -CONFIG_FREERTOS_DEBUG_OCDAWARE=y -CONFIG_FREERTOS_ENABLE_TASK_SNAPSHOT=y -CONFIG_FREERTOS_PLACE_SNAPSHOT_FUNS_INTO_FLASH=y -CONFIG_FREERTOS_NUMBER_OF_CORES=2 -# end of FreeRTOS - -# -# Hardware Abstraction Layer (HAL) and Low Level (LL) -# -CONFIG_HAL_ASSERTION_EQUALS_SYSTEM=y -# CONFIG_HAL_ASSERTION_DISABLE is not set -# CONFIG_HAL_ASSERTION_SILENT is not set -# CONFIG_HAL_ASSERTION_ENABLE is not set -CONFIG_HAL_DEFAULT_ASSERTION_LEVEL=2 -CONFIG_HAL_WDT_USE_ROM_IMPL=y -CONFIG_HAL_SPI_MASTER_FUNC_IN_IRAM=y -CONFIG_HAL_SPI_SLAVE_FUNC_IN_IRAM=y -# end of Hardware Abstraction Layer (HAL) and Low Level (LL) - -# -# Heap memory debugging -# -CONFIG_HEAP_POISONING_DISABLED=y -# CONFIG_HEAP_POISONING_LIGHT is not set -# CONFIG_HEAP_POISONING_COMPREHENSIVE is not set -CONFIG_HEAP_TRACING_OFF=y -# CONFIG_HEAP_TRACING_STANDALONE is not set -# CONFIG_HEAP_TRACING_TOHOST is not set -# CONFIG_HEAP_USE_HOOKS is not set -# CONFIG_HEAP_TASK_TRACKING is not set -# CONFIG_HEAP_ABORT_WHEN_ALLOCATION_FAILS is not set -# CONFIG_HEAP_PLACE_FUNCTION_INTO_FLASH is not set -# end of Heap memory debugging - -# -# Log output -# -# CONFIG_LOG_DEFAULT_LEVEL_NONE is not set -# CONFIG_LOG_DEFAULT_LEVEL_ERROR is not set -# CONFIG_LOG_DEFAULT_LEVEL_WARN is not set -CONFIG_LOG_DEFAULT_LEVEL_INFO=y -# CONFIG_LOG_DEFAULT_LEVEL_DEBUG is not set -# CONFIG_LOG_DEFAULT_LEVEL_VERBOSE is not set -CONFIG_LOG_DEFAULT_LEVEL=3 -CONFIG_LOG_MAXIMUM_EQUALS_DEFAULT=y -# CONFIG_LOG_MAXIMUM_LEVEL_DEBUG is not set -# CONFIG_LOG_MAXIMUM_LEVEL_VERBOSE is not set -CONFIG_LOG_MAXIMUM_LEVEL=3 -# CONFIG_LOG_MASTER_LEVEL is not set -CONFIG_LOG_COLORS=y -CONFIG_LOG_TIMESTAMP_SOURCE_RTOS=y -# CONFIG_LOG_TIMESTAMP_SOURCE_SYSTEM is not set -# end of Log output - -# -# LWIP -# -CONFIG_LWIP_ENABLE=y -CONFIG_LWIP_LOCAL_HOSTNAME="espressif" -# CONFIG_LWIP_NETIF_API is not set -CONFIG_LWIP_TCPIP_TASK_PRIO=18 -# CONFIG_LWIP_TCPIP_CORE_LOCKING is not set -# CONFIG_LWIP_CHECK_THREAD_SAFETY is not set -CONFIG_LWIP_DNS_SUPPORT_MDNS_QUERIES=y -# CONFIG_LWIP_L2_TO_L3_COPY is not set -# CONFIG_LWIP_IRAM_OPTIMIZATION is not set -# CONFIG_LWIP_EXTRA_IRAM_OPTIMIZATION is not set -CONFIG_LWIP_TIMERS_ONDEMAND=y -CONFIG_LWIP_ND6=y -# CONFIG_LWIP_FORCE_ROUTER_FORWARDING is not set -CONFIG_LWIP_MAX_SOCKETS=10 -# CONFIG_LWIP_USE_ONLY_LWIP_SELECT is not set -# CONFIG_LWIP_SO_LINGER is not set -CONFIG_LWIP_SO_REUSE=y -CONFIG_LWIP_SO_REUSE_RXTOALL=y -# CONFIG_LWIP_SO_RCVBUF is not set -# CONFIG_LWIP_NETBUF_RECVINFO is not set -CONFIG_LWIP_IP_DEFAULT_TTL=64 -CONFIG_LWIP_IP4_FRAG=y -CONFIG_LWIP_IP6_FRAG=y -# CONFIG_LWIP_IP4_REASSEMBLY is not set -# CONFIG_LWIP_IP6_REASSEMBLY is not set -CONFIG_LWIP_IP_REASS_MAX_PBUFS=10 -# CONFIG_LWIP_IP_FORWARD is not set -# CONFIG_LWIP_STATS is not set -CONFIG_LWIP_ESP_GRATUITOUS_ARP=y -CONFIG_LWIP_GARP_TMR_INTERVAL=60 -CONFIG_LWIP_ESP_MLDV6_REPORT=y -CONFIG_LWIP_MLDV6_TMR_INTERVAL=40 -CONFIG_LWIP_TCPIP_RECVMBOX_SIZE=32 -CONFIG_LWIP_DHCP_DOES_ARP_CHECK=y -# CONFIG_LWIP_DHCP_DISABLE_CLIENT_ID is not set -CONFIG_LWIP_DHCP_DISABLE_VENDOR_CLASS_ID=y -# CONFIG_LWIP_DHCP_RESTORE_LAST_IP is not set -CONFIG_LWIP_DHCP_OPTIONS_LEN=68 -CONFIG_LWIP_NUM_NETIF_CLIENT_DATA=0 -CONFIG_LWIP_DHCP_COARSE_TIMER_SECS=1 - -# -# DHCP server -# -CONFIG_LWIP_DHCPS=y -CONFIG_LWIP_DHCPS_LEASE_UNIT=60 -CONFIG_LWIP_DHCPS_MAX_STATION_NUM=8 -CONFIG_LWIP_DHCPS_STATIC_ENTRIES=y -# end of DHCP server - -# CONFIG_LWIP_AUTOIP is not set -CONFIG_LWIP_IPV4=y -CONFIG_LWIP_IPV6=y -# CONFIG_LWIP_IPV6_AUTOCONFIG is not set -CONFIG_LWIP_IPV6_NUM_ADDRESSES=3 -# CONFIG_LWIP_IPV6_FORWARD is not set -# CONFIG_LWIP_NETIF_STATUS_CALLBACK is not set -CONFIG_LWIP_NETIF_LOOPBACK=y -CONFIG_LWIP_LOOPBACK_MAX_PBUFS=8 - -# -# TCP -# -CONFIG_LWIP_MAX_ACTIVE_TCP=16 -CONFIG_LWIP_MAX_LISTENING_TCP=16 -CONFIG_LWIP_TCP_HIGH_SPEED_RETRANSMISSION=y -CONFIG_LWIP_TCP_MAXRTX=12 -CONFIG_LWIP_TCP_SYNMAXRTX=12 -CONFIG_LWIP_TCP_MSS=1440 -CONFIG_LWIP_TCP_TMR_INTERVAL=250 -CONFIG_LWIP_TCP_MSL=60000 -CONFIG_LWIP_TCP_FIN_WAIT_TIMEOUT=20000 -CONFIG_LWIP_TCP_SND_BUF_DEFAULT=5760 -CONFIG_LWIP_TCP_WND_DEFAULT=5760 -CONFIG_LWIP_TCP_RECVMBOX_SIZE=6 -CONFIG_LWIP_TCP_ACCEPTMBOX_SIZE=6 -CONFIG_LWIP_TCP_QUEUE_OOSEQ=y -CONFIG_LWIP_TCP_OOSEQ_TIMEOUT=6 -CONFIG_LWIP_TCP_OOSEQ_MAX_PBUFS=4 -# CONFIG_LWIP_TCP_SACK_OUT is not set -CONFIG_LWIP_TCP_OVERSIZE_MSS=y -# CONFIG_LWIP_TCP_OVERSIZE_QUARTER_MSS is not set -# CONFIG_LWIP_TCP_OVERSIZE_DISABLE is not set -CONFIG_LWIP_TCP_RTO_TIME=1500 -# end of TCP - -# -# UDP -# -CONFIG_LWIP_MAX_UDP_PCBS=16 -CONFIG_LWIP_UDP_RECVMBOX_SIZE=6 -# end of UDP - -# -# Checksums -# -# CONFIG_LWIP_CHECKSUM_CHECK_IP is not set -# CONFIG_LWIP_CHECKSUM_CHECK_UDP is not set -CONFIG_LWIP_CHECKSUM_CHECK_ICMP=y -# end of Checksums - -CONFIG_LWIP_TCPIP_TASK_STACK_SIZE=3072 -CONFIG_LWIP_TCPIP_TASK_AFFINITY_NO_AFFINITY=y -# CONFIG_LWIP_TCPIP_TASK_AFFINITY_CPU0 is not set -# CONFIG_LWIP_TCPIP_TASK_AFFINITY_CPU1 is not set -CONFIG_LWIP_TCPIP_TASK_AFFINITY=0x7FFFFFFF -# CONFIG_LWIP_PPP_SUPPORT is not set -CONFIG_LWIP_IPV6_MEMP_NUM_ND6_QUEUE=3 -CONFIG_LWIP_IPV6_ND6_NUM_NEIGHBORS=5 -# CONFIG_LWIP_SLIP_SUPPORT is not set - -# -# ICMP -# -CONFIG_LWIP_ICMP=y -# CONFIG_LWIP_MULTICAST_PING is not set -# CONFIG_LWIP_BROADCAST_PING is not set -# end of ICMP - -# -# LWIP RAW API -# -CONFIG_LWIP_MAX_RAW_PCBS=16 -# end of LWIP RAW API - -# -# SNTP -# -CONFIG_LWIP_SNTP_MAX_SERVERS=1 -# CONFIG_LWIP_DHCP_GET_NTP_SRV is not set -CONFIG_LWIP_SNTP_UPDATE_DELAY=3600000 -CONFIG_LWIP_SNTP_STARTUP_DELAY=y -CONFIG_LWIP_SNTP_MAXIMUM_STARTUP_DELAY=5000 -# end of SNTP - -# -# DNS -# -CONFIG_LWIP_DNS_MAX_SERVERS=3 -# CONFIG_LWIP_FALLBACK_DNS_SERVER_SUPPORT is not set -# end of DNS - -CONFIG_LWIP_BRIDGEIF_MAX_PORTS=7 -CONFIG_LWIP_ESP_LWIP_ASSERT=y - -# -# Hooks -# -# CONFIG_LWIP_HOOK_TCP_ISN_NONE is not set -CONFIG_LWIP_HOOK_TCP_ISN_DEFAULT=y -# CONFIG_LWIP_HOOK_TCP_ISN_CUSTOM is not set -CONFIG_LWIP_HOOK_IP6_ROUTE_NONE=y -# CONFIG_LWIP_HOOK_IP6_ROUTE_DEFAULT is not set -# CONFIG_LWIP_HOOK_IP6_ROUTE_CUSTOM is not set -CONFIG_LWIP_HOOK_ND6_GET_GW_NONE=y -# CONFIG_LWIP_HOOK_ND6_GET_GW_DEFAULT is not set -# CONFIG_LWIP_HOOK_ND6_GET_GW_CUSTOM is not set -CONFIG_LWIP_HOOK_IP6_SELECT_SRC_ADDR_NONE=y -# CONFIG_LWIP_HOOK_IP6_SELECT_SRC_ADDR_DEFAULT is not set -# CONFIG_LWIP_HOOK_IP6_SELECT_SRC_ADDR_CUSTOM is not set -CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_NONE=y -# CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_DEFAULT is not set -# CONFIG_LWIP_HOOK_NETCONN_EXT_RESOLVE_CUSTOM is not set -CONFIG_LWIP_HOOK_IP6_INPUT_NONE=y -# CONFIG_LWIP_HOOK_IP6_INPUT_DEFAULT is not set -# CONFIG_LWIP_HOOK_IP6_INPUT_CUSTOM is not set -# end of Hooks - -# CONFIG_LWIP_DEBUG is not set -# end of LWIP - -# -# mbedTLS -# -CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC=y -# CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC is not set -# CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC is not set -CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y -CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384 -CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096 -# CONFIG_MBEDTLS_DYNAMIC_BUFFER is not set -# CONFIG_MBEDTLS_DEBUG is not set - -# -# mbedTLS v3.x related -# -# CONFIG_MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is not set -# CONFIG_MBEDTLS_X509_TRUSTED_CERT_CALLBACK is not set -# CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION is not set -CONFIG_MBEDTLS_SSL_KEEP_PEER_CERTIFICATE=y -CONFIG_MBEDTLS_PKCS7_C=y -# end of mbedTLS v3.x related - -# -# Certificate Bundle -# -CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y -CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y -# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set -# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE is not set -# CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set -# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEPRECATED_LIST is not set -CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_MAX_CERTS=200 -# end of Certificate Bundle - -# CONFIG_MBEDTLS_ECP_RESTARTABLE is not set -CONFIG_MBEDTLS_CMAC_C=y -CONFIG_MBEDTLS_HARDWARE_AES=y -CONFIG_MBEDTLS_AES_USE_INTERRUPT=y -CONFIG_MBEDTLS_AES_INTERRUPT_LEVEL=0 -CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER=y -# CONFIG_MBEDTLS_HARDWARE_MPI is not set -CONFIG_MBEDTLS_HARDWARE_SHA=y -# CONFIG_MBEDTLS_ROM_MD5 is not set -# CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN is not set -# CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY is not set -CONFIG_MBEDTLS_HAVE_TIME=y -# CONFIG_MBEDTLS_PLATFORM_TIME_ALT is not set -# CONFIG_MBEDTLS_HAVE_TIME_DATE is not set -CONFIG_MBEDTLS_ECDSA_DETERMINISTIC=y -CONFIG_MBEDTLS_SHA512_C=y -# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT is not set -# CONFIG_MBEDTLS_TLS_SERVER_ONLY is not set -# CONFIG_MBEDTLS_TLS_CLIENT_ONLY is not set -CONFIG_MBEDTLS_TLS_DISABLED=y - -# -# Symmetric Ciphers -# -CONFIG_MBEDTLS_AES_C=y -# CONFIG_MBEDTLS_CAMELLIA_C is not set -# CONFIG_MBEDTLS_DES_C is not set -# CONFIG_MBEDTLS_BLOWFISH_C is not set -# CONFIG_MBEDTLS_XTEA_C is not set -CONFIG_MBEDTLS_CCM_C=y -CONFIG_MBEDTLS_GCM_C=y -# CONFIG_MBEDTLS_NIST_KW_C is not set -# end of Symmetric Ciphers - -# CONFIG_MBEDTLS_RIPEMD160_C is not set - -# -# Certificates -# -CONFIG_MBEDTLS_PEM_PARSE_C=y -CONFIG_MBEDTLS_PEM_WRITE_C=y -CONFIG_MBEDTLS_X509_CRL_PARSE_C=y -CONFIG_MBEDTLS_X509_CSR_PARSE_C=y -# end of Certificates - -CONFIG_MBEDTLS_ECP_C=y -# CONFIG_MBEDTLS_DHM_C is not set -CONFIG_MBEDTLS_ECDH_C=y -CONFIG_MBEDTLS_ECDSA_C=y -# CONFIG_MBEDTLS_ECJPAKE_C is not set -CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=y -CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=y -CONFIG_MBEDTLS_ECP_NIST_OPTIM=y -CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM=y -CONFIG_MBEDTLS_POLY1305_C=y -CONFIG_MBEDTLS_CHACHA20_C=y -CONFIG_MBEDTLS_CHACHAPOLY_C=y -CONFIG_MBEDTLS_HKDF_C=y -# CONFIG_MBEDTLS_THREADING_C is not set -CONFIG_MBEDTLS_ERROR_STRINGS=y -# end of mbedTLS - -# -# ESP-MQTT Configurations -# -CONFIG_MQTT_PROTOCOL_311=y -# CONFIG_MQTT_PROTOCOL_5 is not set -CONFIG_MQTT_TRANSPORT_SSL=y -CONFIG_MQTT_TRANSPORT_WEBSOCKET=y -CONFIG_MQTT_TRANSPORT_WEBSOCKET_SECURE=y -# CONFIG_MQTT_MSG_ID_INCREMENTAL is not set -# CONFIG_MQTT_SKIP_PUBLISH_IF_DISCONNECTED is not set -# CONFIG_MQTT_REPORT_DELETED_MESSAGES is not set -# CONFIG_MQTT_USE_CUSTOM_CONFIG is not set -# CONFIG_MQTT_TASK_CORE_SELECTION_ENABLED is not set -# CONFIG_MQTT_CUSTOM_OUTBOX is not set -# end of ESP-MQTT Configurations - -# -# Newlib -# -CONFIG_NEWLIB_STDOUT_LINE_ENDING_CRLF=y -# CONFIG_NEWLIB_STDOUT_LINE_ENDING_LF is not set -# CONFIG_NEWLIB_STDOUT_LINE_ENDING_CR is not set -# CONFIG_NEWLIB_STDIN_LINE_ENDING_CRLF is not set -# CONFIG_NEWLIB_STDIN_LINE_ENDING_LF is not set -CONFIG_NEWLIB_STDIN_LINE_ENDING_CR=y -# CONFIG_NEWLIB_NANO_FORMAT is not set -CONFIG_NEWLIB_TIME_SYSCALL_USE_RTC_HRT=y -# CONFIG_NEWLIB_TIME_SYSCALL_USE_RTC is not set -# CONFIG_NEWLIB_TIME_SYSCALL_USE_HRT is not set -# CONFIG_NEWLIB_TIME_SYSCALL_USE_NONE is not set -# end of Newlib - -# -# NVS -# -# CONFIG_NVS_ENCRYPTION is not set -# CONFIG_NVS_ASSERT_ERROR_CHECK is not set -# CONFIG_NVS_LEGACY_DUP_KEYS_COMPATIBILITY is not set -# end of NVS - -# -# OpenThread -# -# CONFIG_OPENTHREAD_ENABLED is not set - -# -# Thread Operational Dataset -# -CONFIG_OPENTHREAD_NETWORK_NAME="OpenThread-ESP" -CONFIG_OPENTHREAD_MESH_LOCAL_PREFIX="fd00:db8:a0:0::/64" -CONFIG_OPENTHREAD_NETWORK_CHANNEL=15 -CONFIG_OPENTHREAD_NETWORK_PANID=0x1234 -CONFIG_OPENTHREAD_NETWORK_EXTPANID="dead00beef00cafe" -CONFIG_OPENTHREAD_NETWORK_MASTERKEY="00112233445566778899aabbccddeeff" -CONFIG_OPENTHREAD_NETWORK_PSKC="104810e2315100afd6bc9215a6bfac53" -# end of Thread Operational Dataset - -CONFIG_OPENTHREAD_XTAL_ACCURACY=130 -# CONFIG_OPENTHREAD_SPINEL_ONLY is not set -CONFIG_OPENTHREAD_RX_ON_WHEN_IDLE=y - -# -# Thread Address Query Config -# -# end of Thread Address Query Config -# end of OpenThread - -# -# Protocomm -# -CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0=y -CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1=y -CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2=y -# end of Protocomm - -# -# PThreads -# -CONFIG_PTHREAD_TASK_PRIO_DEFAULT=5 -CONFIG_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072 -CONFIG_PTHREAD_STACK_MIN=768 -CONFIG_PTHREAD_DEFAULT_CORE_NO_AFFINITY=y -# CONFIG_PTHREAD_DEFAULT_CORE_0 is not set -# CONFIG_PTHREAD_DEFAULT_CORE_1 is not set -CONFIG_PTHREAD_TASK_CORE_DEFAULT=-1 -CONFIG_PTHREAD_TASK_NAME_DEFAULT="pthread" -# end of PThreads - -# -# MMU Config -# -CONFIG_MMU_PAGE_SIZE_64KB=y -CONFIG_MMU_PAGE_MODE="64KB" -CONFIG_MMU_PAGE_SIZE=0x10000 -# end of MMU Config - -# -# Main Flash configuration -# - -# -# SPI Flash behavior when brownout -# -CONFIG_SPI_FLASH_BROWNOUT_RESET_XMC=y -CONFIG_SPI_FLASH_BROWNOUT_RESET=y -# end of SPI Flash behavior when brownout - -# -# Optional and Experimental Features (READ DOCS FIRST) -# - -# -# Features here require specific hardware (READ DOCS FIRST!) -# -# CONFIG_SPI_FLASH_HPM_ENA is not set -CONFIG_SPI_FLASH_HPM_AUTO=y -# CONFIG_SPI_FLASH_HPM_DIS is not set -CONFIG_SPI_FLASH_HPM_ON=y -CONFIG_SPI_FLASH_HPM_DC_AUTO=y -# CONFIG_SPI_FLASH_HPM_DC_DISABLE is not set -CONFIG_SPI_FLASH_SUSPEND_QVL_SUPPORTED=y -# CONFIG_SPI_FLASH_AUTO_SUSPEND is not set -CONFIG_SPI_FLASH_SUSPEND_TSUS_VAL_US=50 -# end of Optional and Experimental Features (READ DOCS FIRST) -# end of Main Flash configuration - -# -# SPI Flash driver -# -# CONFIG_SPI_FLASH_VERIFY_WRITE is not set -# CONFIG_SPI_FLASH_ENABLE_COUNTERS is not set -CONFIG_SPI_FLASH_ROM_DRIVER_PATCH=y -# CONFIG_SPI_FLASH_ROM_IMPL is not set -CONFIG_SPI_FLASH_DANGEROUS_WRITE_ABORTS=y -# CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS is not set -# CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED is not set -# CONFIG_SPI_FLASH_BYPASS_BLOCK_ERASE is not set -CONFIG_SPI_FLASH_YIELD_DURING_ERASE=y -CONFIG_SPI_FLASH_ERASE_YIELD_DURATION_MS=20 -CONFIG_SPI_FLASH_ERASE_YIELD_TICKS=1 -CONFIG_SPI_FLASH_WRITE_CHUNK_SIZE=8192 -# CONFIG_SPI_FLASH_SIZE_OVERRIDE is not set -# CONFIG_SPI_FLASH_CHECK_ERASE_TIMEOUT_DISABLED is not set -# CONFIG_SPI_FLASH_OVERRIDE_CHIP_DRIVER_LIST is not set - -# -# Auto-detect flash chips -# -CONFIG_SPI_FLASH_VENDOR_XMC_SUPPORTED=y -CONFIG_SPI_FLASH_VENDOR_GD_SUPPORTED=y -CONFIG_SPI_FLASH_VENDOR_ISSI_SUPPORTED=y -CONFIG_SPI_FLASH_VENDOR_MXIC_SUPPORTED=y -CONFIG_SPI_FLASH_VENDOR_WINBOND_SUPPORTED=y -CONFIG_SPI_FLASH_VENDOR_BOYA_SUPPORTED=y -CONFIG_SPI_FLASH_VENDOR_TH_SUPPORTED=y -CONFIG_SPI_FLASH_SUPPORT_ISSI_CHIP=y -CONFIG_SPI_FLASH_SUPPORT_MXIC_CHIP=y -CONFIG_SPI_FLASH_SUPPORT_GD_CHIP=y -CONFIG_SPI_FLASH_SUPPORT_WINBOND_CHIP=y -CONFIG_SPI_FLASH_SUPPORT_BOYA_CHIP=y -CONFIG_SPI_FLASH_SUPPORT_TH_CHIP=y -CONFIG_SPI_FLASH_SUPPORT_MXIC_OPI_CHIP=y -# end of Auto-detect flash chips - -CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE=y -# end of SPI Flash driver - -# -# SPIFFS Configuration -# -CONFIG_SPIFFS_MAX_PARTITIONS=3 - -# -# SPIFFS Cache Configuration -# -CONFIG_SPIFFS_CACHE=y -CONFIG_SPIFFS_CACHE_WR=y -# CONFIG_SPIFFS_CACHE_STATS is not set -# end of SPIFFS Cache Configuration - -CONFIG_SPIFFS_PAGE_CHECK=y -CONFIG_SPIFFS_GC_MAX_RUNS=10 -# CONFIG_SPIFFS_GC_STATS is not set -CONFIG_SPIFFS_PAGE_SIZE=256 -CONFIG_SPIFFS_OBJ_NAME_LEN=32 -# CONFIG_SPIFFS_FOLLOW_SYMLINKS is not set -CONFIG_SPIFFS_USE_MAGIC=y -CONFIG_SPIFFS_USE_MAGIC_LENGTH=y -CONFIG_SPIFFS_META_LENGTH=4 -CONFIG_SPIFFS_USE_MTIME=y - -# -# Debug Configuration -# -# CONFIG_SPIFFS_DBG is not set -# CONFIG_SPIFFS_API_DBG is not set -# CONFIG_SPIFFS_GC_DBG is not set -# CONFIG_SPIFFS_CACHE_DBG is not set -# CONFIG_SPIFFS_CHECK_DBG is not set -# CONFIG_SPIFFS_TEST_VISUALISATION is not set -# end of Debug Configuration -# end of SPIFFS Configuration - -# -# TCP Transport -# - -# -# Websocket -# -CONFIG_WS_TRANSPORT=y -CONFIG_WS_BUFFER_SIZE=1024 -# CONFIG_WS_DYNAMIC_BUFFER is not set -# end of Websocket -# end of TCP Transport - -# -# Ultra Low Power (ULP) Co-processor -# -# CONFIG_ULP_COPROC_ENABLED is not set - -# -# ULP Debugging Options -# -# end of ULP Debugging Options -# end of Ultra Low Power (ULP) Co-processor - -# -# Unity unit testing library -# -CONFIG_UNITY_ENABLE_FLOAT=y -CONFIG_UNITY_ENABLE_DOUBLE=y -# CONFIG_UNITY_ENABLE_64BIT is not set -# CONFIG_UNITY_ENABLE_COLOR is not set -CONFIG_UNITY_ENABLE_IDF_TEST_RUNNER=y -# CONFIG_UNITY_ENABLE_FIXTURE is not set -# CONFIG_UNITY_ENABLE_BACKTRACE_ON_FAIL is not set -# end of Unity unit testing library - -# -# USB-OTG -# -CONFIG_USB_HOST_CONTROL_TRANSFER_MAX_SIZE=256 -CONFIG_USB_HOST_HW_BUFFER_BIAS_BALANCED=y -# CONFIG_USB_HOST_HW_BUFFER_BIAS_IN is not set -# CONFIG_USB_HOST_HW_BUFFER_BIAS_PERIODIC_OUT is not set - -# -# Root Hub configuration -# -CONFIG_USB_HOST_DEBOUNCE_DELAY_MS=250 -CONFIG_USB_HOST_RESET_HOLD_MS=30 -CONFIG_USB_HOST_RESET_RECOVERY_MS=30 -CONFIG_USB_HOST_SET_ADDR_RECOVERY_MS=10 -# end of Root Hub configuration - -# CONFIG_USB_HOST_ENABLE_ENUM_FILTER_CALLBACK is not set -CONFIG_USB_OTG_SUPPORTED=y -# end of USB-OTG - -# -# Virtual file system -# -CONFIG_VFS_SUPPORT_IO=y -CONFIG_VFS_SUPPORT_DIR=y -CONFIG_VFS_SUPPORT_SELECT=y -CONFIG_VFS_SUPPRESS_SELECT_DEBUG_OUTPUT=y -# CONFIG_VFS_SELECT_IN_RAM is not set -CONFIG_VFS_SUPPORT_TERMIOS=y -CONFIG_VFS_MAX_COUNT=8 - -# -# Host File System I/O (Semihosting) -# -CONFIG_VFS_SEMIHOSTFS_MAX_MOUNT_POINTS=1 -# end of Host File System I/O (Semihosting) -# end of Virtual file system - -# -# Wear Levelling -# -CONFIG_WL_SECTOR_SIZE_512=y -# CONFIG_WL_SECTOR_SIZE_4096 is not set -CONFIG_WL_SECTOR_SIZE=512 -CONFIG_WL_SECTOR_MODE_PERF=y -# CONFIG_WL_SECTOR_MODE_SAFE is not set -CONFIG_WL_SECTOR_MODE=0 -# end of Wear Levelling - -# -# Wi-Fi Provisioning Manager -# -CONFIG_WIFI_PROV_SCAN_MAX_ENTRIES=16 -CONFIG_WIFI_PROV_AUTOSTOP_TIMEOUT=30 -# CONFIG_WIFI_PROV_BLE_FORCE_ENCRYPTION is not set -CONFIG_WIFI_PROV_STA_ALL_CHANNEL_SCAN=y -# CONFIG_WIFI_PROV_STA_FAST_SCAN is not set -# end of Wi-Fi Provisioning Manager - -# -# TinyUSB Stack -# -CONFIG_TINYUSB_DEBUG_LEVEL=1 - -# -# TinyUSB task configuration -# -# CONFIG_TINYUSB_NO_DEFAULT_TASK is not set -CONFIG_TINYUSB_TASK_PRIORITY=5 -CONFIG_TINYUSB_TASK_STACK_SIZE=4096 -CONFIG_TINYUSB_TASK_AFFINITY_NO_AFFINITY=y -# CONFIG_TINYUSB_TASK_AFFINITY_CPU0 is not set -# CONFIG_TINYUSB_TASK_AFFINITY_CPU1 is not set -CONFIG_TINYUSB_TASK_AFFINITY=0x7FFFFFFF -# CONFIG_TINYUSB_INIT_IN_DEFAULT_TASK is not set -# end of TinyUSB task configuration - -# -# Descriptor configuration -# - -# -# You can provide your custom descriptors via tinyusb_driver_install() -# -CONFIG_TINYUSB_DESC_USE_ESPRESSIF_VID=y -CONFIG_TINYUSB_DESC_USE_DEFAULT_PID=y -CONFIG_TINYUSB_DESC_BCD_DEVICE=0x0100 -CONFIG_TINYUSB_DESC_MANUFACTURER_STRING="Espressif Systems" -CONFIG_TINYUSB_DESC_PRODUCT_STRING="Espressif Device" -CONFIG_TINYUSB_DESC_SERIAL_STRING="123456" -# end of Descriptor configuration - -# -# Massive Storage Class (MSC) -# -# CONFIG_TINYUSB_MSC_ENABLED is not set -# end of Massive Storage Class (MSC) - -# -# Communication Device Class (CDC) -# -# CONFIG_TINYUSB_CDC_ENABLED is not set -# end of Communication Device Class (CDC) - -# -# Musical Instrument Digital Interface (MIDI) -# -CONFIG_TINYUSB_MIDI_COUNT=0 -# end of Musical Instrument Digital Interface (MIDI) - -# -# Human Interface Device Class (HID) -# -CONFIG_TINYUSB_HID_COUNT=0 -# end of Human Interface Device Class (HID) - -# -# Device Firmware Upgrade (DFU) -# -# CONFIG_TINYUSB_DFU_MODE_DFU is not set -# CONFIG_TINYUSB_DFU_MODE_DFU_RUNTIME is not set -CONFIG_TINYUSB_DFU_MODE_NONE=y -# end of Device Firmware Upgrade (DFU) - -# -# Bluetooth Host Class (BTH) -# -# CONFIG_TINYUSB_BTH_ENABLED is not set -# end of Bluetooth Host Class (BTH) - -# -# Network driver (ECM/NCM/RNDIS) -# -# CONFIG_TINYUSB_NET_MODE_ECM_RNDIS is not set -# CONFIG_TINYUSB_NET_MODE_NCM is not set -CONFIG_TINYUSB_NET_MODE_NONE=y -# end of Network driver (ECM/NCM/RNDIS) -# end of TinyUSB Stack -# end of Component config - -# CONFIG_IDF_EXPERIMENTAL_FEATURES is not set - -# Deprecated options for backward compatibility -# CONFIG_APP_BUILD_TYPE_ELF_RAM is not set -# CONFIG_NO_BLOBS is not set -# CONFIG_LOG_BOOTLOADER_LEVEL_NONE is not set -# CONFIG_LOG_BOOTLOADER_LEVEL_ERROR is not set -# CONFIG_LOG_BOOTLOADER_LEVEL_WARN is not set -CONFIG_LOG_BOOTLOADER_LEVEL_INFO=y -# CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set -# CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set -CONFIG_LOG_BOOTLOADER_LEVEL=3 -# CONFIG_APP_ROLLBACK_ENABLE is not set -# CONFIG_FLASH_ENCRYPTION_ENABLED is not set -# CONFIG_FLASHMODE_QIO is not set -# CONFIG_FLASHMODE_QOUT is not set -CONFIG_FLASHMODE_DIO=y -# CONFIG_FLASHMODE_DOUT is not set -CONFIG_MONITOR_BAUD=115200 -CONFIG_OPTIMIZATION_LEVEL_DEBUG=y -CONFIG_COMPILER_OPTIMIZATION_LEVEL_DEBUG=y -CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y -# CONFIG_OPTIMIZATION_LEVEL_RELEASE is not set -# CONFIG_COMPILER_OPTIMIZATION_LEVEL_RELEASE is not set -CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED=y -# CONFIG_OPTIMIZATION_ASSERTIONS_SILENT is not set -# CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED is not set -CONFIG_OPTIMIZATION_ASSERTION_LEVEL=2 -# CONFIG_CXX_EXCEPTIONS is not set -CONFIG_STACK_CHECK_NONE=y -# CONFIG_STACK_CHECK_NORM is not set -# CONFIG_STACK_CHECK_STRONG is not set -# CONFIG_STACK_CHECK_ALL is not set -# CONFIG_WARN_WRITE_STRINGS is not set -# CONFIG_ESP32_APPTRACE_DEST_TRAX is not set -CONFIG_ESP32_APPTRACE_DEST_NONE=y -CONFIG_ESP32_APPTRACE_LOCK_ENABLE=y -# CONFIG_EXTERNAL_COEX_ENABLE is not set -# CONFIG_ESP_WIFI_EXTERNAL_COEXIST_ENABLE is not set -# CONFIG_MCPWM_ISR_IN_IRAM is not set -# CONFIG_EVENT_LOOP_PROFILING is not set -CONFIG_POST_EVENTS_FROM_ISR=y -CONFIG_POST_EVENTS_FROM_IRAM_ISR=y -CONFIG_GDBSTUB_SUPPORT_TASKS=y -CONFIG_GDBSTUB_MAX_TASKS=32 -# CONFIG_OTA_ALLOW_HTTP is not set -# CONFIG_ESP_SYSTEM_PD_FLASH is not set -CONFIG_ESP32S3_DEEP_SLEEP_WAKEUP_DELAY=2000 -CONFIG_ESP_SLEEP_DEEP_SLEEP_WAKEUP_DELAY=2000 -CONFIG_ESP32S3_RTC_CLK_SRC_INT_RC=y -# CONFIG_ESP32S3_RTC_CLK_SRC_EXT_CRYS is not set -# CONFIG_ESP32S3_RTC_CLK_SRC_EXT_OSC is not set -# CONFIG_ESP32S3_RTC_CLK_SRC_INT_8MD256 is not set -CONFIG_ESP32S3_RTC_CLK_CAL_CYCLES=1024 -CONFIG_ESP32_PHY_CALIBRATION_AND_DATA_STORAGE=y -# CONFIG_ESP32_PHY_INIT_DATA_IN_PARTITION is not set -CONFIG_ESP32_PHY_MAX_WIFI_TX_POWER=20 -CONFIG_ESP32_PHY_MAX_TX_POWER=20 -# CONFIG_REDUCE_PHY_TX_POWER is not set -# CONFIG_ESP32_REDUCE_PHY_TX_POWER is not set -CONFIG_ESP_SYSTEM_PM_POWER_DOWN_CPU=y -CONFIG_PM_POWER_DOWN_TAGMEM_IN_LIGHT_SLEEP=y -# CONFIG_ESP32S3_SPIRAM_SUPPORT is not set -# CONFIG_ESP32S3_DEFAULT_CPU_FREQ_80 is not set -CONFIG_ESP32S3_DEFAULT_CPU_FREQ_160=y -# CONFIG_ESP32S3_DEFAULT_CPU_FREQ_240 is not set -CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ=160 -CONFIG_SYSTEM_EVENT_QUEUE_SIZE=32 -CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE=2304 -CONFIG_MAIN_TASK_STACK_SIZE=3584 -CONFIG_CONSOLE_UART_DEFAULT=y -# CONFIG_CONSOLE_UART_CUSTOM is not set -# CONFIG_CONSOLE_UART_NONE is not set -# CONFIG_ESP_CONSOLE_UART_NONE is not set -CONFIG_CONSOLE_UART=y -CONFIG_CONSOLE_UART_NUM=0 -CONFIG_CONSOLE_UART_BAUDRATE=115200 -CONFIG_INT_WDT=y -CONFIG_INT_WDT_TIMEOUT_MS=300 -CONFIG_INT_WDT_CHECK_CPU1=y -CONFIG_TASK_WDT=y -CONFIG_ESP_TASK_WDT=y -# CONFIG_TASK_WDT_PANIC is not set -CONFIG_TASK_WDT_TIMEOUT_S=5 -CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=y -CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1=y -# CONFIG_ESP32_DEBUG_STUBS_ENABLE is not set -CONFIG_ESP32S3_DEBUG_OCDAWARE=y -CONFIG_BROWNOUT_DET=y -CONFIG_ESP32S3_BROWNOUT_DET=y -CONFIG_ESP32S3_BROWNOUT_DET=y -CONFIG_BROWNOUT_DET_LVL_SEL_7=y -CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_7=y -# CONFIG_BROWNOUT_DET_LVL_SEL_6 is not set -# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_6 is not set -# CONFIG_BROWNOUT_DET_LVL_SEL_5 is not set -# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_5 is not set -# CONFIG_BROWNOUT_DET_LVL_SEL_4 is not set -# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_4 is not set -# CONFIG_BROWNOUT_DET_LVL_SEL_3 is not set -# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_3 is not set -# CONFIG_BROWNOUT_DET_LVL_SEL_2 is not set -# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_2 is not set -# CONFIG_BROWNOUT_DET_LVL_SEL_1 is not set -# CONFIG_ESP32S3_BROWNOUT_DET_LVL_SEL_1 is not set -CONFIG_BROWNOUT_DET_LVL=7 -CONFIG_ESP32S3_BROWNOUT_DET_LVL=7 -CONFIG_IPC_TASK_STACK_SIZE=1280 -CONFIG_TIMER_TASK_STACK_SIZE=3584 -CONFIG_ESP32_WIFI_ENABLED=y -CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM=10 -CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM=32 -# CONFIG_ESP32_WIFI_STATIC_TX_BUFFER is not set -CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER=y -CONFIG_ESP32_WIFI_TX_BUFFER_TYPE=1 -CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM=32 -# CONFIG_ESP32_WIFI_CSI_ENABLED is not set -CONFIG_ESP32_WIFI_AMPDU_TX_ENABLED=y -CONFIG_ESP32_WIFI_TX_BA_WIN=6 -CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED=y -CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED=y -CONFIG_ESP32_WIFI_RX_BA_WIN=6 -CONFIG_ESP32_WIFI_RX_BA_WIN=6 -CONFIG_ESP32_WIFI_NVS_ENABLED=y -CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_0=y -# CONFIG_ESP32_WIFI_TASK_PINNED_TO_CORE_1 is not set -CONFIG_ESP32_WIFI_SOFTAP_BEACON_MAX_LEN=752 -CONFIG_ESP32_WIFI_MGMT_SBUF_NUM=32 -CONFIG_ESP32_WIFI_IRAM_OPT=y -CONFIG_ESP32_WIFI_RX_IRAM_OPT=y -# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set -# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set -# CONFIG_WPA_MBEDTLS_CRYPTO is not set -# CONFIG_WPA_WAPI_PSK is not set -# CONFIG_WPA_SUITE_B_192 is not set -# CONFIG_WPA_11KV_SUPPORT is not set -# CONFIG_WPA_MBO_SUPPORT is not set -# CONFIG_WPA_DPP_SUPPORT is not set -# CONFIG_WPA_11R_SUPPORT is not set -# CONFIG_WPA_WPS_SOFTAP_REGISTRAR is not set -# CONFIG_WPA_WPS_STRICT is not set -# CONFIG_WPA_DEBUG_PRINT is not set -# CONFIG_WPA_TESTING_OPTIONS is not set -# CONFIG_ESP32_ENABLE_COREDUMP_TO_FLASH is not set -CONFIG_ESP32_ENABLE_COREDUMP_TO_UART=y -# CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE is not set -# CONFIG_ESP32_COREDUMP_DATA_FORMAT_BIN is not set -CONFIG_ESP32_COREDUMP_DATA_FORMAT_ELF=y -CONFIG_ESP32_COREDUMP_CHECKSUM_CRC32=y -# CONFIG_ESP32_COREDUMP_CHECKSUM_SHA256 is not set -CONFIG_ESP32_ENABLE_COREDUMP=y -CONFIG_ESP32_CORE_DUMP_MAX_TASKS_NUM=64 -CONFIG_ESP32_CORE_DUMP_UART_DELAY=0 -CONFIG_ESP32_CORE_DUMP_STACK_SIZE=0 -CONFIG_ESP32_CORE_DUMP_DECODE_INFO=y -# CONFIG_ESP32_CORE_DUMP_DECODE_DISABLE is not set -CONFIG_ESP32_CORE_DUMP_DECODE="info" -CONFIG_TIMER_TASK_PRIORITY=1 -CONFIG_TIMER_TASK_STACK_DEPTH=2048 -CONFIG_TIMER_QUEUE_LENGTH=10 -# CONFIG_ENABLE_STATIC_TASK_CLEAN_UP_HOOK is not set -# CONFIG_HAL_ASSERTION_SILIENT is not set -# CONFIG_L2_TO_L3_COPY is not set -CONFIG_ESP_GRATUITOUS_ARP=y -CONFIG_GARP_TMR_INTERVAL=60 -CONFIG_TCPIP_RECVMBOX_SIZE=32 -CONFIG_TCP_MAXRTX=12 -CONFIG_TCP_SYNMAXRTX=12 -CONFIG_TCP_MSS=1440 -CONFIG_TCP_MSL=60000 -CONFIG_TCP_SND_BUF_DEFAULT=5760 -CONFIG_TCP_WND_DEFAULT=5760 -CONFIG_TCP_RECVMBOX_SIZE=6 -CONFIG_TCP_QUEUE_OOSEQ=y -CONFIG_TCP_OVERSIZE_MSS=y -# CONFIG_TCP_OVERSIZE_QUARTER_MSS is not set -# CONFIG_TCP_OVERSIZE_DISABLE is not set -CONFIG_UDP_RECVMBOX_SIZE=6 -CONFIG_TCPIP_TASK_STACK_SIZE=3072 -CONFIG_TCPIP_TASK_AFFINITY_NO_AFFINITY=y -# CONFIG_TCPIP_TASK_AFFINITY_CPU0 is not set -# CONFIG_TCPIP_TASK_AFFINITY_CPU1 is not set -CONFIG_TCPIP_TASK_AFFINITY=0x7FFFFFFF -# CONFIG_PPP_SUPPORT is not set -CONFIG_ESP32S3_TIME_SYSCALL_USE_RTC_SYSTIMER=y -CONFIG_ESP32S3_TIME_SYSCALL_USE_RTC_FRC1=y -# CONFIG_ESP32S3_TIME_SYSCALL_USE_RTC is not set -# CONFIG_ESP32S3_TIME_SYSCALL_USE_SYSTIMER is not set -# CONFIG_ESP32S3_TIME_SYSCALL_USE_FRC1 is not set -# CONFIG_ESP32S3_TIME_SYSCALL_USE_NONE is not set -CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT=5 -CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072 -CONFIG_ESP32_PTHREAD_STACK_MIN=768 -CONFIG_ESP32_DEFAULT_PTHREAD_CORE_NO_AFFINITY=y -# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_0 is not set -# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_1 is not set -CONFIG_ESP32_PTHREAD_TASK_CORE_DEFAULT=-1 -CONFIG_ESP32_PTHREAD_TASK_NAME_DEFAULT="pthread" -CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS=y -# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_FAILS is not set -# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ALLOWED is not set -CONFIG_SUPPRESS_SELECT_DEBUG_OUTPUT=y -CONFIG_SUPPORT_TERMIOS=y -CONFIG_SEMIHOSTFS_MAX_MOUNT_POINTS=1 -# End of deprecated options diff --git a/sdkconfig.defaults b/sdkconfig.defaults new file mode 100644 index 0000000..1cb2487 --- /dev/null +++ b/sdkconfig.defaults @@ -0,0 +1,53 @@ +# This file was generated using idf.py save-defconfig. It can be edited manually. +# Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration +# +IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1 + +CONFIG_TINYUSB=y + +CONFIG_PARTITION_TABLE_CUSTOM=y +CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/config/esp32/partitions.csv" +CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv" +CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y +CONFIG_WL_SECTOR_SIZE_512=y +CONFIG_WL_SECTOR_MODE_PERF=y + +CONFIG_MBEDTLS_CMAC_C=y +CONFIG_MBEDTLS_CHACHA20_C=y +CONFIG_MBEDTLS_POLY1305_C=y +CONFIG_MBEDTLS_CHACHAPOLY_C=y +CONFIG_MBEDTLS_HKDF_C=y +CONFIG_MBEDTLS_HARDWARE_ECC=y +CONFIG_MBEDTLS_HARDWARE_GCM=y +# CONFIG_MBEDTLS_HARDWARE_MPI is not set +CONFIG_MBEDTLS_HARDWARE_SHA=y +CONFIG_MBEDTLS_HARDWARE_AES=y +# CONFIG_MBEDTLS_ROM_MD5 is not set +CONFIG_MBEDTLS_SHA512_C=y +CONFIG_MBEDTLS_TLS_DISABLED=y +# CONFIG_MBEDTLS_TLS_ENABLED is not set +# CONFIG_ESP_TLS_USE_DS_PERIPHERAL is not set +# CONFIG_ESP_WIFI_ENABLED is not set +# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set +# CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT is not set +# CONFIG_WPA_MBEDTLS_CRYPTO is not set +# CONFIG_MBEDTLS_PSK_MODES is not set +# CONFIG_MBEDTLS_KEY_EXCHANGE_RSA is not set +# CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE is not set +# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA is not set +# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA is not set +# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA is not set +# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA is not set +# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 is not set +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 is not set +# CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set +# CONFIG_MBEDTLS_SSL_ALPN is not set +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set +# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set +# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set +# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set +# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set + +CONFIG_ESP_COREDUMP_ENABLE_TO_UART=y -- 2.34.1 From 778c6b038affff0fd3e27c8283e43e5d9fe28b6a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 2 Sep 2024 09:48:27 +0200 Subject: [PATCH 073/127] Fix BOOT press with RP2350. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 3235cd8..9f65a2c 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 3235cd8595366881ad6c317a007b78a64c87c824 +Subproject commit 9f65a2cfa024b721a6b7c16863e00558ac1a6f88 -- 2.34.1 From 661442956dc6588f4d30e1c7e5537c7df49694d0 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 2 Sep 2024 12:02:42 +0200 Subject: [PATCH 074/127] Update readme to add Passkey term. Signed-off-by: Pol Henarejos --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index cc97fae..d2c43f4 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Pico FIDO -This project transforms your Raspberry Pi Pico into an integrated FIDO key, functioning like a standard USB key for authentication. +This project transforms your Raspberry Pi Pico into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication. ## Features Pico FIDO includes the following features: @@ -11,7 +11,7 @@ Pico FIDO includes the following features: - CredProtect extension - User presence enforcement through physical button - User verification with PIN -- Discoverable credentials +- Discoverable credentials (resident keys) - Credential management - ECDSA authentication - Support for SECP256R1, SECP384R1, SECP521R1, and SECP256K1 curves @@ -74,7 +74,7 @@ Note that `PICO_BOARD`, `USB_VID`, and `USB_PID` are optional. If not provided, After `make` finishes, the binary file `pico_fido.uf2` will be generated. Put your Pico board into loading mode by holding the BOOTSEL button while plugging it in, then copy the UF2 file to the new USB mass storage Pico device. Once copied, the Pico mass storage will disconnect automatically, and the Pico board will reset with the new firmware. A blinking LED will indicate that the device is ready to work. -**Remark:** Pico FIDO uses the HID interface, so VID/PID values are irrelevant in terms of operativity. You can safely use any arbitrary values or the default ones. +**Remark:** Pico FIDO uses the HID interface, so VID/PID values are irrelevant in terms of operativity. You can safely use any arbitrary values or the default ones. They are only necessary in case you need to use 3rd-party tools from other vendors. ## Led blink Pico FIDO uses the led to indicate the current status. Four states are available: -- 2.34.1 From 11c28adbb09ee10211ed0d093bdcc7f19f8fe6fd Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 2 Sep 2024 17:11:57 +0200 Subject: [PATCH 075/127] Add more boards with RP2350. Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 48 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index ed77b99..5ed699b 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -6,40 +6,82 @@ VERSION_MINOR="10" rm -rf release/* cd build_release -for board in adafruit_feather_rp2040 \ +for board in 0xcb_helios \ + adafruit_feather_rp2040_usb_host \ + adafruit_feather_rp2040 \ adafruit_itsybitsy_rp2040 \ adafruit_kb2040 \ adafruit_macropad_rp2040 \ adafruit_qtpy_rp2040 \ adafruit_trinkey_qt2040 \ + amethyst_fpga \ + archi \ arduino_nano_rp2040_connect \ + cytron_maker_pi_rp2040 \ datanoisetv_rp2040_dsp \ eetree_gamekit_rp2040 \ garatronic_pybstick26_rp2040 \ + gen4_rp2350_24 \ + gen4_rp2350_24ct \ + gen4_rp2350_24t \ + gen4_rp2350_28 \ + gen4_rp2350_28ct \ + gen4_rp2350_28t \ + gen4_rp2350_32 \ + gen4_rp2350_32ct \ + gen4_rp2350_32t \ + gen4_rp2350_35 \ + gen4_rp2350_35ct \ + gen4_rp2350_35t \ + hellbender_2350A_devboard \ + ilabs_challenger_rp2350_bconnect \ + ilabs_challenger_rp2350_wifi_ble \ + ilabs_opendec02 \ + melopero_perpetuo_rp2350_lora \ melopero_shake_rp2040 \ + metrotech_xerxes_rp2040 \ + net8086_usb_interposer \ nullbits_bit_c_pro \ + phyx_rick_tny_rp2350 \ + pi-plates_micropi \ pico \ pico_w \ + pico2 \ pimoroni_badger2040 \ pimoroni_interstate75 \ pimoroni_keybow2040 \ pimoroni_motor2040 \ pimoroni_pga2040 \ + pimoroni_pga2350 \ + pimoroni_pico_plus2_rp2350 \ pimoroni_picolipo_4mb \ pimoroni_picolipo_16mb \ pimoroni_picosystem \ pimoroni_plasma2040 \ + pimoroni_plasma2350 \ pimoroni_servo2040 \ pimoroni_tiny2040 \ pimoroni_tiny2040_2mb \ + pimoroni_tiny2350 \ pololu_3pi_2040_robot \ + pololu_zumo_2040_robot \ seeed_xiao_rp2040 \ + seeed_xiao_rp2350 \ solderparty_rp2040_stamp \ solderparty_rp2040_stamp_carrier \ solderparty_rp2040_stamp_round_carrier \ + solderparty_rp2350_stamp_xl \ + solderparty_rp2350_stamp \ sparkfun_micromod \ sparkfun_promicro \ + sparkfun_promicro_rp2350 \ sparkfun_thingplus \ + switchscience_picossci2_conta_base \ + switchscience_picossci2_dev_board \ + switchscience_picossci2_micro \ + switchscience_picossci2_rp2350_breakout \ + switchscience_picossci2_tiny \ + tinycircuits_thumby_color_rp2350 \ vgaboard \ waveshare_rp2040_lcd_0.96 \ waveshare_rp2040_lcd_1.28 \ @@ -47,6 +89,10 @@ for board in adafruit_feather_rp2040 \ waveshare_rp2040_plus_4mb \ waveshare_rp2040_plus_16mb \ waveshare_rp2040_zero \ + weact_studio_rp2040_2mb \ + weact_studio_rp2040_4mb \ + weact_studio_rp2040_8mb \ + weact_studio_rp2040_16mb \ wiznet_w5100s_evb_pico do rm -rf * -- 2.34.1 From 95cae29206a13b46024a42d767867170bbdfcd50 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 2 Sep 2024 17:12:11 +0200 Subject: [PATCH 076/127] Upgrade to version 5.12 Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 2 +- src/fido/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 5ed699b..332a14b 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="5" -VERSION_MINOR="10" +VERSION_MINOR="12" rm -rf release/* cd build_release diff --git a/src/fido/version.h b/src/fido/version.h index d700cdf..239abe6 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x050A +#define PICO_FIDO_VERSION 0x050C #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff) -- 2.34.1 From c43006f8c21a6ab67093b5f3ccfa0b778e6a695d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 12 Sep 2024 19:01:04 +0200 Subject: [PATCH 077/127] Protect keydev if available (only for RP2350). Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor.c | 1 + src/fido/cbor_make_credential.c | 7 ++++++- src/fido/cmd_register.c | 8 +++++++- src/fido/fido.c | 12 ++++++++++++ 5 files changed, 27 insertions(+), 3 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 9f65a2c..108cfec 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 9f65a2cfa024b721a6b7c16863e00558ac1a6f88 +Subproject commit 108cfec47c8b72472acbf6d3f8cc50260bfb09bd diff --git a/src/fido/cbor.c b/src/fido/cbor.c index 74c5822..cddde7e 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -15,6 +15,7 @@ * along with this program. If not, see . */ +#include "pico_keys.h" #if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM) #include "pico/stdlib.h" #endif diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 2a99b08..1c3f6e5 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -440,7 +440,12 @@ int cbor_make_credential(const uint8_t *data, size_t len) { if (enterpriseAttestation == 2 || (ka && ka->use_self_attestation == pfalse)) { mbedtls_ecdsa_free(&ekey); mbedtls_ecdsa_init(&ekey); - ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32); + uint8_t key[32] = {0}; + if (load_keydev(key) != 0) { + CBOR_ERROR(CTAP1_ERR_OTHER); + } + ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, key, 32); + mbedtls_platform_zeroize(key, sizeof(key)); md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); self_attestation = false; } diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index 325508c..e06df87 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -100,7 +100,13 @@ int cmd_register() { return SW_EXEC_ERROR(); } mbedtls_ecdsa_init(&key); - ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, file_get_data(ef_keydev), 32); + uint8_t key_dev[32] = {0}; + ret = load_keydev(key_dev); + if (ret != CCID_OK) { + return SW_EXEC_ERROR(); + } + ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, key_dev, 32); + mbedtls_platform_zeroize(key_dev, sizeof(key_dev)); if (ret != CCID_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); diff --git a/src/fido/fido.c b/src/fido/fido.c index 7ac7e4e..cac3d3e 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -34,6 +34,8 @@ #include "management.h" #include "hid/ctap_hid.h" #include "version.h" +#include "crypto_utils.h" +#include "otp.h" int fido_process_apdu(); int fido_unload(); @@ -178,12 +180,19 @@ int load_keydev(uint8_t *key) { if (has_keydev_dec == false && !file_has_data(ef_keydev)) { return CCID_ERR_MEMORY_FATAL; } + if (has_keydev_dec == true) { memcpy(key, keydev_dec, sizeof(keydev_dec)); } else { memcpy(key, file_get_data(ef_keydev), file_get_size(ef_keydev)); +#ifdef PICO_RP2350 + if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != CCID_OK) { + return CCID_EXEC_ERROR; + } +#endif } + //return mkek_decrypt(key, file_get_size(ef_keydev)); return CCID_OK; } @@ -292,6 +301,9 @@ int scan_files() { if (ret != CCID_OK) { return ret; } +#ifdef PICO_RP2350 + ret = aes_encrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, kdata, 32); +#endif ret = file_put_data(ef_keydev, kdata, (uint16_t)key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); -- 2.34.1 From ec612a451da5e8cbee61de866dd273f214e6cd5c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 13 Sep 2024 21:03:34 +0200 Subject: [PATCH 078/127] Fix ssh-keygen creation. Fixes #59 Signed-off-by: Pol Henarejos --- src/fido/cbor.c | 9 +++++++-- src/fido/cbor_make_credential.c | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/fido/cbor.c b/src/fido/cbor.c index cddde7e..68842b7 100644 --- a/src/fido/cbor.c +++ b/src/fido/cbor.c @@ -120,8 +120,13 @@ void cbor_thread(void) { DEBUG_DATA(res_APDU + 1, res_APDU_size); } else { - res_APDU[0] = apdu.sw; - //apdu.sw = 0; + if (apdu.sw >= CTAP1_ERR_INVALID_CHANNEL) { + res_APDU[-1] = apdu.sw; + apdu.sw = 0; + } + else { + res_APDU[0] = apdu.sw; + } } finished_data_size = res_APDU_size + 1; diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 1c3f6e5..e522d3f 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -45,7 +45,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CredExtensions extensions = { 0 }; //options.present = true; //options.up = ptrue; - //options.uv = pfalse; + options.uv = pfalse; //options.rk = pfalse; CBOR_CHECK(cbor_parser_init(data, len, 0, &parser, &map)); @@ -246,7 +246,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { //else if (options.up == NULL) //5.7 //rup = ptrue; } - if (pinUvAuthParam.present == false && options.uv != ptrue && file_has_data(ef_pin)) { //8.1 + if (pinUvAuthParam.present == false && options.uv == pfalse && file_has_data(ef_pin)) { //8.1 CBOR_ERROR(CTAP2_ERR_PUAT_REQUIRED); } if (enterpriseAttestation > 0) { -- 2.34.1 From 2fca44540aa753710045884ea1df17476fe9c055 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 13 Sep 2024 21:04:21 +0200 Subject: [PATCH 079/127] Add sha256 hardware accelerator. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 108cfec..1bf323c 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 108cfec47c8b72472acbf6d3f8cc50260bfb09bd +Subproject commit 1bf323c36789e7c1a9273ca7ae5f3ad221fcbef5 -- 2.34.1 From cf5dbc9ae511c1a8f685a6208947d74171bbaf5e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 18 Sep 2024 19:42:14 +0200 Subject: [PATCH 080/127] Add support for dynamic VIDPID via PHY. Signed-off-by: Pol Henarejos --- src/fido/cbor_config.c | 55 +++++++++++++++++++++++++++++++++++++++--- src/fido/cbor_vendor.c | 53 ++++++---------------------------------- src/fido/ctap.h | 2 ++ 3 files changed, 62 insertions(+), 48 deletions(-) diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index d12b11a..e29eb2b 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -27,6 +27,7 @@ #include "mbedtls/ecdh.h" #include "mbedtls/chachapoly.h" #include "mbedtls/sha256.h" +#include "file.h" extern uint8_t keydev_dec[32]; extern bool has_keydev_dec; @@ -35,7 +36,7 @@ int cbor_config(const uint8_t *data, size_t len) { CborParser parser; CborValue map; CborError error = CborNoError; - uint64_t subcommand = 0, pinUvAuthProtocol = 0, vendorCommandId = 0, newMinPinLength = 0; + uint64_t subcommand = 0, pinUvAuthProtocol = 0, vendorCommandId = 0, newMinPinLength = 0, vendorParam = 0; CborByteString pinUvAuthParam = { 0 }, vendorAutCt = { 0 }; CborCharString minPinLengthRPIDs[32] = { 0 }; size_t resp_size = 0, raw_subpara_len = 0, minPinLengthRPIDs_len = 0; @@ -65,7 +66,7 @@ int cbor_config(const uint8_t *data, size_t len) { raw_subpara = (uint8_t *) cbor_value_get_next_byte(&_f1); CBOR_PARSE_MAP_START(_f1, 2) { - if (subcommand == 0x7f) { + if (subcommand == 0x7f) { // Config Aut CBOR_FIELD_GET_UINT(subpara, 2); if (subpara == 0x01) { CBOR_FIELD_GET_UINT(vendorCommandId, 2); @@ -74,7 +75,7 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_FIELD_GET_BYTES(vendorAutCt, 2); } } - else if (subcommand == 0x03) { + else if (subcommand == 0x03) { // Extensions CBOR_FIELD_GET_UINT(subpara, 2); if (subpara == 0x01) { CBOR_FIELD_GET_UINT(newMinPinLength, 2); @@ -94,6 +95,15 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_FIELD_GET_BOOL(forceChangePin, 2); } } + else if (subcommand == 0x1B) { // PHY + CBOR_FIELD_GET_UINT(subpara, 2); + if (subpara == 0x01) { + CBOR_FIELD_GET_UINT(vendorCommandId, 2); + } + else if (subpara == 0x02) { + CBOR_FIELD_GET_UINT(vendorParam, 2); + } + } } CBOR_PARSE_MAP_END(_f1, 2); raw_subpara_len = cbor_value_get_next_byte(&_f1) - raw_subpara; @@ -212,6 +222,45 @@ int cbor_config(const uint8_t *data, size_t len) { set_opts(get_opts() | FIDO2_OPT_EA); goto err; } +#ifndef ENABLE_EMULATION + else if (subcommand == 0x1B) { + uint8_t tmp[PHY_MAX_SIZE]; + memset(tmp, 0, sizeof(tmp)); + uint16_t opts = 0; + if (file_has_data(ef_phy)) { + memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy))); + if (file_get_size(ef_phy) >= 8) { + opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1]; + } + } + if (vendorCommandId == CTAP_CONFIG_PHY_VIDPID) { + if (vendorParam != 0) { + uint8_t d[4] = { (vendorParam >> 24) & 0xFF, (vendorParam >> 16) & 0xFF, (vendorParam >> 8) & 0xFF, vendorParam & 0xFF }; + memcpy(tmp + PHY_VID, d, sizeof(d)); + opts |= PHY_OPT_VPID; + } + else { + CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); + } + } + else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) { + if (vendorParam != 0) { + uint16_t opt = (uint16_t)vendorParam; + opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK); + } + else { + CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); + } + } + else { + CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); + } + tmp[PHY_OPTS] = opts >> 8; + tmp[PHY_OPTS + 1] = opts & 0xff; + file_put_data(ef_phy, tmp, sizeof(tmp)); + low_flash_available(); + } +#endif else { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index 3e99c92..d2ef5f4 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -37,14 +37,7 @@ int mse_decrypt_ct(uint8_t *data, size_t len) { mbedtls_chachapoly_context chatx; mbedtls_chachapoly_init(&chatx); mbedtls_chachapoly_setkey(&chatx, mse.key_enc + 12); - int ret = mbedtls_chachapoly_auth_decrypt(&chatx, - len - 16, - mse.key_enc, - mse.Qpt, - 65, - data + len - 16, - data, - data); + int ret = mbedtls_chachapoly_auth_decrypt(&chatx, len - 16, mse.key_enc, mse.Qpt, 65, data + len - 16, data, data); mbedtls_chachapoly_free(&chatx); return ret; } @@ -112,8 +105,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1)); CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); - CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, file_get_data(ef_keydev_enc), - file_get_size(ef_keydev_enc))); + CBOR_CHECK(cbor_encode_byte_string(&mapEncoder, file_get_data(ef_keydev_enc), file_get_size(ef_keydev_enc))); } else if (vendorCmd == 0x02) { if (vendorParam.present == false) { @@ -140,11 +132,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { mbedtls_ecdh_context hkey; mbedtls_ecdh_init(&hkey); mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1); - int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, - &hkey.ctx.mbed_ecdh.d, - &hkey.ctx.mbed_ecdh.Q, - random_gen, - NULL); + int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL); mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1); if (ret != 0) { CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); @@ -160,37 +148,19 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { uint8_t buf[MBEDTLS_ECP_MAX_BYTES]; size_t olen = 0; - ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, - &hkey.ctx.mbed_ecdh.Qp, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &olen, - mse.Qpt, - sizeof(mse.Qpt)); + ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Qp, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, mse.Qpt,sizeof(mse.Qpt)); if (ret != 0) { mbedtls_ecdh_free(&hkey); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - ret = mbedtls_ecdh_calc_secret(&hkey, - &olen, - buf, - MBEDTLS_ECP_MAX_BYTES, - random_gen, - NULL); + ret = mbedtls_ecdh_calc_secret(&hkey, &olen, buf, MBEDTLS_ECP_MAX_BYTES, random_gen, NULL); if (ret != 0) { mbedtls_ecdh_free(&hkey); mbedtls_platform_zeroize(buf, sizeof(buf)); CBOR_ERROR(CTAP1_ERR_INVALID_PARAMETER); } - ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - NULL, - 0, - buf, - olen, - mse.Qpt, - sizeof(mse.Qpt), - mse.key_enc, - sizeof(mse.key_enc)); + ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, buf, olen, mse.Qpt, sizeof(mse.Qpt), mse.key_enc, sizeof(mse.key_enc)); mbedtls_platform_zeroize(buf, sizeof(buf)); if (ret != 0) { mbedtls_ecdh_free(&hkey); @@ -248,9 +218,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { } mbedtls_x509write_csr ctx; mbedtls_x509write_csr_init(&ctx); - snprintf((char *) buffer, - sizeof(buffer), - "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %s", pico_serial_str); + snprintf((char *) buffer, sizeof(buffer), "C=ES,O=Pico Keys,OU=Authenticator Attestation,CN=Pico Fido EE Serial %s", pico_serial_str); mbedtls_x509write_csr_set_subject_name(&ctx, (char *) buffer); mbedtls_pk_context key; mbedtls_pk_init(&key); @@ -258,12 +226,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { key.pk_ctx = &ekey; mbedtls_x509write_csr_set_key(&ctx, &key); mbedtls_x509write_csr_set_md_alg(&ctx, MBEDTLS_MD_SHA256); - mbedtls_x509write_csr_set_extension(&ctx, - "\x2B\x06\x01\x04\x01\x82\xE5\x1C\x01\x01\x04", - 0xB, - 0, - aaguid, - sizeof(aaguid)); + mbedtls_x509write_csr_set_extension(&ctx, "\x2B\x06\x01\x04\x01\x82\xE5\x1C\x01\x01\x04", 0xB, 0, aaguid, sizeof(aaguid)); ret = mbedtls_x509write_csr_der(&ctx, buffer, sizeof(buffer), random_gen, NULL); mbedtls_ecdsa_free(&ekey); if (ret <= 0) { diff --git a/src/fido/ctap.h b/src/fido/ctap.h index 79d00f6..1a82ade 100644 --- a/src/fido/ctap.h +++ b/src/fido/ctap.h @@ -114,6 +114,8 @@ typedef struct { #define CTAP_CONFIG_AUT_ENABLE 0x03e43f56b34285e2 #define CTAP_CONFIG_AUT_DISABLE 0x1831a40f04a25ed9 +#define CTAP_CONFIG_PHY_VIDPID 0x6fcb19b0cbe3acfa +#define CTAP_CONFIG_PHY_OPTS 0x969f3b09eceb805f #define CTAP_VENDOR_CBOR (CTAPHID_VENDOR_FIRST + 1) -- 2.34.1 From ffbe3fcbadbb16751979a45f7ea03804275c60cd Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 18 Sep 2024 19:43:54 +0200 Subject: [PATCH 081/127] Add OTP support and sha256 hardware acceleration. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 1bf323c..739e9f1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 1bf323c36789e7c1a9273ca7ae5f3ad221fcbef5 +Subproject commit 739e9f1b98c4f8aacedfa67a11df87d773ebf776 -- 2.34.1 From 39e2ff40c3fa03564efaad8caaf4f314fb2473a3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 18 Sep 2024 19:44:02 +0200 Subject: [PATCH 082/127] Add support for dynamic VIDPID via PHY. Signed-off-by: Pol Henarejos --- tools/pico-fido-tool.py | 43 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 89d1615..5cd8240 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -77,11 +77,15 @@ class VendorConfig(Config): class PARAM(IntEnum): VENDOR_COMMAND_ID = 0x01 VENDOR_AUT_CT = 0x02 + VENDOR_PARAM = 0x02 class CMD(IntEnum): - CONFIG_AUT_ENABLE = 0x03e43f56b34285e2 - CONFIG_AUT_DISABLE = 0x1831a40f04a25ed9 + CONFIG_AUT_ENABLE = 0x03e43f56b34285e2 + CONFIG_AUT_DISABLE = 0x1831a40f04a25ed9 CONFIG_VENDOR_PROTOTYPE = 0x7f + CONFIG_VENDOR_PHY = 0x1b + CONFIG_PHY_VIDPID = 0x6fcb19b0cbe3acfa + CONFIG_PHY_OPTS = 0x969f3b09eceb805f class RESP(IntEnum): KEY_AGREEMENT = 0x01 @@ -106,6 +110,15 @@ class VendorConfig(Config): }, ) + def vidpid(self, vid, pid): + self._call( + VendorConfig.CMD.CONFIG_VENDOR_PHY, + { + VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_VIDPID, + VendorConfig.PARAM.VENDOR_PARAM: (vid & 0xFFFF) << 16 | pid + }, + ) + class Ctap2Vendor(Ctap2): def __init__(self, device: CtapDevice, strict_cbor: bool = True): super().__init__(device=device, strict_cbor=strict_cbor) @@ -393,6 +406,9 @@ class Vendor: } ) + def vidpid(self, vid, pid): + return self.vcfg.vidpid(vid, pid) + def parse_args(): parser = argparse.ArgumentParser() subparser = parser.add_subparsers(title="commands", dest="command") @@ -408,6 +424,11 @@ def parse_args(): parser_attestation.add_argument('subcommand', choices=['csr']) parser_attestation.add_argument('--filename', help='Uploads the certificate filename to the device as enterprise attestation certificate. If not provided, it will generate an enterprise attestation certificate automatically.') + parser_phy = subparser.add_parser('phy', help='Set PHY options.') + subparser_phy = parser_phy.add_subparsers(title='commands', dest='subcommand', required=True) + parser_phy_vp = subparser_phy.add_parser('vidpid', help='Sets VID/PID. Use VID:PID format (e.g. 1234:5678)') + parser_phy_vp.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?') + args = parser.parse_args() return args @@ -441,8 +462,22 @@ def attestation(vdr, args): cert = x509.load_pem_x509_certificate(dataf) vdr.upload_ea(cert.public_bytes(Encoding.DER)) +def phy(vdr, args): + val = args.value if 'value' in args else None + if (val): + if (args.subcommand == 'vidpid'): + sp = val.split(':') + if (len(sp) != 2): + print('ERROR: VID/PID have wrong format. Use VID:PID format (e.g. 1234:5678)') + ret = vdr.vidpid(int(sp[0],16), int(sp[1],16)) + if (ret): + print(f'Current value: {hexlify(ret)}') + else: + print('Command executed successfully. Please, restart your Pico Key.') + + def main(args): - print('Pico Fido Tool v1.6') + print('Pico Fido Tool v1.8') print('Author: Pol Henarejos') print('Report bugs to https://github.com/polhenarejos/pico-fido/issues') print('') @@ -460,6 +495,8 @@ def main(args): backup(vdr, args) elif (args.command == 'attestation'): attestation(vdr, args) + elif (args.command == 'phy'): + phy(vdr, args) def run(): args = parse_args() -- 2.34.1 From 6f517e8fca3cd1871c228b675d40e0d6a117e522 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 18:26:04 +0200 Subject: [PATCH 083/127] Fix header in Linux. Fixes #63 Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 739e9f1..839e824 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 739e9f1b98c4f8aacedfa67a11df87d773ebf776 +Subproject commit 839e8244d95aeef8f83748f13a73781952185cca -- 2.34.1 From f276e993421667e51aa44d3fef5e0f5b13f9696b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 19:26:04 +0200 Subject: [PATCH 084/127] Add autobuild for ESP32 Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 1 + workflows/autobuild_esp32.sh | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 workflows/autobuild_esp32.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b32ec43..77a6674 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -67,6 +67,7 @@ jobs: - run: | echo "Run, Build Application using script" ./workflows/autobuild.sh + ./workflows/autobuild_esp32.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh new file mode 100644 index 0000000..11d8e29 --- /dev/null +++ b/workflows/autobuild_esp32.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +git submodule update --init --recursive +sudo apt update +sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib +git clone https://github.com/raspberrypi/pico-sdk +cd pico-sdk +git submodule update --init +cd .. +mkdir build +cd build +cmake -DPICO_SDK_PATH=../pico-sdk .. +make + +sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0 +git clone --recursive https://github.com/espressif/esp-idf.git +cd esp-idf +./install.sh esp32s3 +. ./export.sh +cd .. +mkdir build_esp +cd build_esp +idf.py all -- 2.34.1 From 38eca2fdd4fa27c0b4ee6a5112b597dbfa0e5156 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 19:30:03 +0200 Subject: [PATCH 085/127] Fix permissions. Signed-off-by: Pol Henarejos --- workflows/autobuild_esp32.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 workflows/autobuild_esp32.sh diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh old mode 100644 new mode 100755 -- 2.34.1 From e05115ffaca4fbbf3b3414b697be5c4a2ce3075b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 19:37:01 +0200 Subject: [PATCH 086/127] Fix autobuild for ESP32. Signed-off-by: Pol Henarejos --- workflows/autobuild_esp32.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh index 11d8e29..aba7c35 100755 --- a/workflows/autobuild_esp32.sh +++ b/workflows/autobuild_esp32.sh @@ -2,16 +2,6 @@ git submodule update --init --recursive sudo apt update -sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib -git clone https://github.com/raspberrypi/pico-sdk -cd pico-sdk -git submodule update --init -cd .. -mkdir build -cd build -cmake -DPICO_SDK_PATH=../pico-sdk .. -make - sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0 git clone --recursive https://github.com/espressif/esp-idf.git cd esp-idf -- 2.34.1 From e07b5194e350d97bc4e666279f2f384ea60d47fa Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 19:47:27 +0200 Subject: [PATCH 087/127] Fix again... Signed-off-by: Pol Henarejos --- workflows/autobuild_esp32.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh index aba7c35..1055d9e 100755 --- a/workflows/autobuild_esp32.sh +++ b/workflows/autobuild_esp32.sh @@ -8,6 +8,4 @@ cd esp-idf ./install.sh esp32s3 . ./export.sh cd .. -mkdir build_esp -cd build_esp idf.py all -- 2.34.1 From 7071949a1f919b2e2445957819e36da592bdb7b0 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 19:55:18 +0200 Subject: [PATCH 088/127] More fixes Signed-off-by: Pol Henarejos --- workflows/autobuild_esp32.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh index 1055d9e..7bcea55 100755 --- a/workflows/autobuild_esp32.sh +++ b/workflows/autobuild_esp32.sh @@ -8,4 +8,5 @@ cd esp-idf ./install.sh esp32s3 . ./export.sh cd .. +rm -rf build idf.py all -- 2.34.1 From 4fe1c0804c1fe95637a65d94a1c16fcfd4eead89 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 20:12:52 +0200 Subject: [PATCH 089/127] Add set target to ESP32-S3 Signed-off-by: Pol Henarejos --- workflows/autobuild_esp32.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh index 7bcea55..eb8e7b8 100755 --- a/workflows/autobuild_esp32.sh +++ b/workflows/autobuild_esp32.sh @@ -9,4 +9,5 @@ cd esp-idf . ./export.sh cd .. rm -rf build +idf.py set-target esp32s3 idf.py all -- 2.34.1 From f98df743f97c544264e6f0ec33bc7105b0540e7f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 19 Sep 2024 20:27:00 +0200 Subject: [PATCH 090/127] Upgrade CodeQL to v3 Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 4 ++-- workflows/autobuild.sh | 4 ++-- workflows/autobuild_esp32.sh | 1 - 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 77a6674..85212bc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -70,4 +70,4 @@ jobs: ./workflows/autobuild_esp32.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/workflows/autobuild.sh b/workflows/autobuild.sh index 09ef1c7..c128ad9 100755 --- a/workflows/autobuild.sh +++ b/workflows/autobuild.sh @@ -7,7 +7,7 @@ git clone https://github.com/raspberrypi/pico-sdk cd pico-sdk git submodule update --init cd .. -mkdir build -cd build +mkdir build_pico +cd build_pico cmake -DPICO_SDK_PATH=../pico-sdk .. make diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh index eb8e7b8..12c12c7 100755 --- a/workflows/autobuild_esp32.sh +++ b/workflows/autobuild_esp32.sh @@ -8,6 +8,5 @@ cd esp-idf ./install.sh esp32s3 . ./export.sh cd .. -rm -rf build idf.py set-target esp32s3 idf.py all -- 2.34.1 From 2e16036bb5f0189576a1afc060ce735e7fcc1c26 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 24 Sep 2024 00:44:58 +0200 Subject: [PATCH 091/127] Update pico_sdk_import Signed-off-by: Pol Henarejos --- pico_sdk_import.cmake | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/pico_sdk_import.cmake b/pico_sdk_import.cmake index 28efe9e..a0721d0 100644 --- a/pico_sdk_import.cmake +++ b/pico_sdk_import.cmake @@ -18,9 +18,20 @@ if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_P message("Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')") endif () +if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_TAG} AND (NOT PICO_SDK_FETCH_FROM_GIT_TAG)) + set(PICO_SDK_FETCH_FROM_GIT_TAG $ENV{PICO_SDK_FETCH_FROM_GIT_TAG}) + message("Using PICO_SDK_FETCH_FROM_GIT_TAG from environment ('${PICO_SDK_FETCH_FROM_GIT_TAG}')") +endif () + +if (PICO_SDK_FETCH_FROM_GIT AND NOT PICO_SDK_FETCH_FROM_GIT_TAG) + set(PICO_SDK_FETCH_FROM_GIT_TAG "master") + message("Using master as default value for PICO_SDK_FETCH_FROM_GIT_TAG") +endif() + set(PICO_SDK_PATH "${PICO_SDK_PATH}" CACHE PATH "Path to the Raspberry Pi Pico SDK") set(PICO_SDK_FETCH_FROM_GIT "${PICO_SDK_FETCH_FROM_GIT}" CACHE BOOL "Set to ON to fetch copy of SDK from git if not otherwise locatable") set(PICO_SDK_FETCH_FROM_GIT_PATH "${PICO_SDK_FETCH_FROM_GIT_PATH}" CACHE FILEPATH "location to download SDK") +set(PICO_SDK_FETCH_FROM_GIT_TAG "${PICO_SDK_FETCH_FROM_GIT_TAG}" CACHE FILEPATH "release tag for SDK") if (NOT PICO_SDK_PATH) if (PICO_SDK_FETCH_FROM_GIT) @@ -29,11 +40,22 @@ if (NOT PICO_SDK_PATH) if (PICO_SDK_FETCH_FROM_GIT_PATH) get_filename_component(FETCHCONTENT_BASE_DIR "${PICO_SDK_FETCH_FROM_GIT_PATH}" REALPATH BASE_DIR "${CMAKE_SOURCE_DIR}") endif () - FetchContent_Declare( - pico_sdk - GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk - GIT_TAG master - ) + # GIT_SUBMODULES_RECURSE was added in 3.17 + if (${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.17.0") + FetchContent_Declare( + pico_sdk + GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk + GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG} + GIT_SUBMODULES_RECURSE FALSE + ) + else () + FetchContent_Declare( + pico_sdk + GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk + GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG} + ) + endif () + if (NOT pico_sdk) message("Downloading Raspberry Pi Pico SDK") FetchContent_Populate(pico_sdk) -- 2.34.1 From 0e54998d584af3016f07034a851016bb6dde7128 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 11:09:13 +0200 Subject: [PATCH 092/127] Add nightly deploy workflow Signed-off-by: Pol Henarejos --- .github/workflows/nightly.yml | 37 +++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/nightly.yml diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 0000000..19fbc81 --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,37 @@ +name: "Nightly deploy" + +on: + push: + branches: [ "main", "development" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main", "development" ] + schedule: + - cron: '0 2 * * *' + workflow_dispatch: + +jobs: + nightly: + name: Deploy nightly + strategy: + fail-fast: false + matrix: + refs: [main, development] + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ matrix.refs }} + submodules: 'recursive' + - name : Build + run: | + ./workflows/autobuild.sh + ./build_pico_fido.sh + - name: Update nightly release + uses: pyTooling/Actions/releaser@main + with: + tag: nightly-${{ matrix.refs }} + rm: true + token: ${{ secrets.GITHUB_TOKEN }} + files: release/*.* -- 2.34.1 From cbef14beec8c5d088ee73edd722e44c3c37ca265 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 11:09:34 +0200 Subject: [PATCH 093/127] Add manual trigger to workflows Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 1 + .github/workflows/test.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 85212bc..42c5133 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,6 +19,7 @@ on: branches: [ "main", "development" ] schedule: - cron: '23 5 * * 4' + workflow_dispatch: jobs: analyze: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 88a4cbf..0a55586 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,6 +19,7 @@ on: branches: [ "main", "development" ] schedule: - cron: '23 5 * * 4' + workflow_dispatch: jobs: build: -- 2.34.1 From 7bc4a703192363a082d038a696cd9001fa1fc430 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 11:20:43 +0200 Subject: [PATCH 094/127] Fix nightly build Signed-off-by: Pol Henarejos --- .github/workflows/nightly.yml | 7 ++----- build_pico_fido.sh | 4 +++- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 19fbc81..4ad3de3 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -1,11 +1,6 @@ name: "Nightly deploy" on: - push: - branches: [ "main", "development" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main", "development" ] schedule: - cron: '0 2 * * *' workflow_dispatch: @@ -25,6 +20,8 @@ jobs: ref: ${{ matrix.refs }} submodules: 'recursive' - name : Build + env: + PICO_SDK_PATH: ../pico-sdk run: | ./workflows/autobuild.sh ./build_pico_fido.sh diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 332a14b..b661942 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -4,6 +4,8 @@ VERSION_MAJOR="5" VERSION_MINOR="12" rm -rf release/* +mkdir -p build_release +mkdir -p release cd build_release for board in 0xcb_helios \ @@ -96,7 +98,7 @@ for board in 0xcb_helios \ wiznet_w5100s_evb_pico do rm -rf * - PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board + PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board make -kj20 mv pico_fido.uf2 ../release/pico_fido_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2 -- 2.34.1 From 24521dff4ba496900bb9011a3570f0cecbb6b5d5 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 11:25:21 +0200 Subject: [PATCH 095/127] Add nightly builds to main Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 6 ++++-- .github/workflows/nightly.yml | 34 ++++++++++++++++++++++++++++++++++ .github/workflows/test.yml | 1 + build_pico_fido.sh | 4 +++- 4 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/nightly.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b32ec43..42c5133 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,6 +19,7 @@ on: branches: [ "main", "development" ] schedule: - cron: '23 5 * * 4' + workflow_dispatch: jobs: analyze: @@ -42,7 +43,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -67,6 +68,7 @@ jobs: - run: | echo "Run, Build Application using script" ./workflows/autobuild.sh + ./workflows/autobuild_esp32.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 0000000..4ad3de3 --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,34 @@ +name: "Nightly deploy" + +on: + schedule: + - cron: '0 2 * * *' + workflow_dispatch: + +jobs: + nightly: + name: Deploy nightly + strategy: + fail-fast: false + matrix: + refs: [main, development] + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ matrix.refs }} + submodules: 'recursive' + - name : Build + env: + PICO_SDK_PATH: ../pico-sdk + run: | + ./workflows/autobuild.sh + ./build_pico_fido.sh + - name: Update nightly release + uses: pyTooling/Actions/releaser@main + with: + tag: nightly-${{ matrix.refs }} + rm: true + token: ${{ secrets.GITHUB_TOKEN }} + files: release/*.* diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 88a4cbf..0a55586 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,6 +19,7 @@ on: branches: [ "main", "development" ] schedule: - cron: '23 5 * * 4' + workflow_dispatch: jobs: build: diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 332a14b..b661942 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -4,6 +4,8 @@ VERSION_MAJOR="5" VERSION_MINOR="12" rm -rf release/* +mkdir -p build_release +mkdir -p release cd build_release for board in 0xcb_helios \ @@ -96,7 +98,7 @@ for board in 0xcb_helios \ wiznet_w5100s_evb_pico do rm -rf * - PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board + PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board make -kj20 mv pico_fido.uf2 ../release/pico_fido_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2 -- 2.34.1 From b2e45b0f7f495c5bb76e9521fd2363ca3e278d32 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 11:33:29 +0200 Subject: [PATCH 096/127] Fix build for boards with WS2812. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 839e824..30df1d9 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 839e8244d95aeef8f83748f13a73781952185cca +Subproject commit 30df1d9202c2b35dc0e0f0b51081b269ecff408f -- 2.34.1 From effb8e4063a656b78c8aeb334efd19a30f219c01 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 12:01:55 +0200 Subject: [PATCH 097/127] Fix build for WS2812 boards. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 30df1d9..86674fd 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 30df1d9202c2b35dc0e0f0b51081b269ecff408f +Subproject commit 86674fd6caaa40accf47f59db0df817d894aba11 -- 2.34.1 From 1f839c5f9943fe78f2b3c66a1eee2a4d6d2e6ab1 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 13:24:29 +0200 Subject: [PATCH 098/127] Append sha to nightly builds. Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index b661942..c74225e 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -2,6 +2,12 @@ VERSION_MAJOR="5" VERSION_MINOR="12" +SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" +if [[ -z "${GITHUB_SHA}" ]]; then +; +else + SUFFIX="${SUFFIX}.${GITHUB_SHA}" +fi rm -rf release/* mkdir -p build_release @@ -99,7 +105,6 @@ for board in 0xcb_helios \ do rm -rf * PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board - make -kj20 - mv pico_fido.uf2 ../release/pico_fido_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2 - + make -j`nproc` + mv pico_fido.uf2 ../release/pico_fido_$board-$SUFFIX.uf2 done -- 2.34.1 From ed560f10a43cbce1d04d83cfc6f025b78f86da5b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 13:24:44 +0200 Subject: [PATCH 099/127] Install picotool Signed-off-by: Pol Henarejos --- workflows/autobuild.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/workflows/autobuild.sh b/workflows/autobuild.sh index c128ad9..5130fa1 100755 --- a/workflows/autobuild.sh +++ b/workflows/autobuild.sh @@ -2,12 +2,21 @@ git submodule update --init --recursive sudo apt update -sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib +sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib build-essential pkg-config libusb-1.0-0-dev git clone https://github.com/raspberrypi/pico-sdk cd pico-sdk git submodule update --init cd .. +git clone https://github.com/raspberrypi/picotool +cd picotool +git submodule update --init lib/mbedtls +mkdir build +cd build +cmake .. +make -j`nproc` +sudo make install +cd ../.. mkdir build_pico cd build_pico cmake -DPICO_SDK_PATH=../pico-sdk .. -make +make -j`nproc` -- 2.34.1 From b9e791ca90e2e4c52d71f245a14773516d6fccca Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 13:49:20 +0200 Subject: [PATCH 100/127] Fix nightly build Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 4 +--- workflows/autobuild.sh | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index c74225e..4faa108 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -3,9 +3,7 @@ VERSION_MAJOR="5" VERSION_MINOR="12" SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" -if [[ -z "${GITHUB_SHA}" ]]; then -; -else +if ! [[ -z "${GITHUB_SHA}" ]]; then SUFFIX="${SUFFIX}.${GITHUB_SHA}" fi diff --git a/workflows/autobuild.sh b/workflows/autobuild.sh index 5130fa1..9cb1c3a 100755 --- a/workflows/autobuild.sh +++ b/workflows/autobuild.sh @@ -9,7 +9,7 @@ git submodule update --init cd .. git clone https://github.com/raspberrypi/picotool cd picotool -git submodule update --init lib/mbedtls +git submodule update --init mkdir build cd build cmake .. -- 2.34.1 From e2b06b908eeecf13ebb4fd5a4fffd2c378126ab7 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 15:16:57 +0200 Subject: [PATCH 101/127] Do not add SHA to filename, since it not will be able to rm. Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 6 +++--- workflows/autobuild.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 4faa108..8308979 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -3,9 +3,9 @@ VERSION_MAJOR="5" VERSION_MINOR="12" SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" -if ! [[ -z "${GITHUB_SHA}" ]]; then - SUFFIX="${SUFFIX}.${GITHUB_SHA}" -fi +#if ! [[ -z "${GITHUB_SHA}" ]]; then +# SUFFIX="${SUFFIX}.${GITHUB_SHA}" +#fi rm -rf release/* mkdir -p build_release diff --git a/workflows/autobuild.sh b/workflows/autobuild.sh index 9cb1c3a..b7d2e28 100755 --- a/workflows/autobuild.sh +++ b/workflows/autobuild.sh @@ -12,7 +12,7 @@ cd picotool git submodule update --init mkdir build cd build -cmake .. +cmake -DPICO_SDK_PATH=../pico-sdk .. make -j`nproc` sudo make install cd ../.. -- 2.34.1 From 623db840d3b3cdbd49c2773c127553a4d603b3b3 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 15:36:45 +0200 Subject: [PATCH 102/127] Fix autobuild picotool Signed-off-by: Pol Henarejos --- workflows/autobuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflows/autobuild.sh b/workflows/autobuild.sh index b7d2e28..b808bbd 100755 --- a/workflows/autobuild.sh +++ b/workflows/autobuild.sh @@ -12,7 +12,7 @@ cd picotool git submodule update --init mkdir build cd build -cmake -DPICO_SDK_PATH=../pico-sdk .. +cmake -DPICO_SDK_PATH=../../pico-sdk .. make -j`nproc` sudo make install cd ../.. -- 2.34.1 From 8838ac9e54e3887e6c32b67860ab42df7d03381c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 19:29:08 +0200 Subject: [PATCH 103/127] Improve led driver support. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 86674fd..15d81be 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 86674fd6caaa40accf47f59db0df817d894aba11 +Subproject commit 15d81be6ded2d26c5569961f48c7097edb4f6c0b -- 2.34.1 From aeea3c7183394c2f079e45a4fe288d3c60fad63b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 25 Sep 2024 19:40:29 +0200 Subject: [PATCH 104/127] Fix ESP & emulation build. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 15d81be..fe396bc 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 15d81be6ded2d26c5569961f48c7097edb4f6c0b +Subproject commit fe396bc5b8139df962186fb804c13b10eae13c3d -- 2.34.1 From 720c2e45f3cc6842497a8a8fbfa54fca54026b6e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 27 Sep 2024 20:21:03 +0200 Subject: [PATCH 105/127] Add support to LED_GPIO and LED_BTNESS vendor options. Signed-off-by: Pol Henarejos --- src/fido/cbor_config.c | 15 +++++++++++++++ src/fido/ctap.h | 2 ++ 2 files changed, 17 insertions(+) diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index e29eb2b..9a2ffb3 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -243,6 +243,21 @@ int cbor_config(const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } } + else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO || vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { + if (vendorParam != 0) { + if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) { + tmp[PHY_LED_GPIO] = (uint8_t)vendorParam; + opts |= PHY_OPT_GPIO; + } + else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { + tmp[PHY_LED_BTNESS] = (uint8_t)vendorParam; + opts |= PHY_OPT_BTNESS; + } + } + else { + CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); + } + } else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) { if (vendorParam != 0) { uint16_t opt = (uint16_t)vendorParam; diff --git a/src/fido/ctap.h b/src/fido/ctap.h index 1a82ade..28f6bb0 100644 --- a/src/fido/ctap.h +++ b/src/fido/ctap.h @@ -115,6 +115,8 @@ typedef struct { #define CTAP_CONFIG_AUT_ENABLE 0x03e43f56b34285e2 #define CTAP_CONFIG_AUT_DISABLE 0x1831a40f04a25ed9 #define CTAP_CONFIG_PHY_VIDPID 0x6fcb19b0cbe3acfa +#define CTAP_CONFIG_PHY_LED_GPIO 0x7b392a394de9f948 +#define CTAP_CONFIG_PHY_LED_BTNESS 0x76a85945985d02fd #define CTAP_CONFIG_PHY_OPTS 0x969f3b09eceb805f #define CTAP_VENDOR_CBOR (CTAPHID_VENDOR_FIRST + 1) -- 2.34.1 From 2d09a5c8e5c67bdf9524233dac9c1ff7264e8e03 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 27 Sep 2024 20:56:33 +0200 Subject: [PATCH 106/127] Added support to configure LED GPIO, LED brightness and LED dimming. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_config.c | 17 +++----- src/fido/cbor_vendor.c | 15 +++++++ src/fido/ctap.h | 1 + tools/pico-fido-tool.py | 87 ++++++++++++++++++++++++++++++++++++++++- 5 files changed, 109 insertions(+), 13 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index fe396bc..a816b6f 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit fe396bc5b8139df962186fb804c13b10eae13c3d +Subproject commit a816b6f747604c3430faadb66aefba067326f8ed diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 9a2ffb3..90311c3 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -244,18 +244,13 @@ int cbor_config(const uint8_t *data, size_t len) { } } else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO || vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { - if (vendorParam != 0) { - if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) { - tmp[PHY_LED_GPIO] = (uint8_t)vendorParam; - opts |= PHY_OPT_GPIO; - } - else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { - tmp[PHY_LED_BTNESS] = (uint8_t)vendorParam; - opts |= PHY_OPT_BTNESS; - } + if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) { + tmp[PHY_LED_GPIO] = (uint8_t)vendorParam; + opts |= PHY_OPT_GPIO; } - else { - CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); + else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { + tmp[PHY_LED_BTNESS] = (uint8_t)vendorParam; + opts |= PHY_OPT_BTNESS; } } else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) { diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index d2ef5f4..215056d 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -249,6 +249,21 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { goto err; } } + else if (cmd == CTAP_VENDOR_PHY_OPTS) { + if (vendorCmd == 0x01) { + uint16_t opts = 0; + if (file_has_data(ef_phy)) { + uint8_t *data = file_get_data(ef_phy); + opts = (data[PHY_OPTS] << 8) | data[PHY_OPTS+1]; + } + CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, 1)); + CBOR_CHECK(cbor_encode_uint(&mapEncoder, 0x01)); + CBOR_CHECK(cbor_encode_uint(&mapEncoder, opts)); + } + else { + CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); + } + } else { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } diff --git a/src/fido/ctap.h b/src/fido/ctap.h index 28f6bb0..6d22edf 100644 --- a/src/fido/ctap.h +++ b/src/fido/ctap.h @@ -125,6 +125,7 @@ typedef struct { #define CTAP_VENDOR_MSE 0x02 #define CTAP_VENDOR_UNLOCK 0x03 #define CTAP_VENDOR_EA 0x04 +#define CTAP_VENDOR_PHY_OPTS 0x05 #define CTAP_PERMISSION_MC 0x01 // MakeCredential #define CTAP_PERMISSION_GA 0x02 // GetAssertion diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 5cd8240..5d0d173 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -86,6 +86,8 @@ class VendorConfig(Config): CONFIG_VENDOR_PHY = 0x1b CONFIG_PHY_VIDPID = 0x6fcb19b0cbe3acfa CONFIG_PHY_OPTS = 0x969f3b09eceb805f + CONFIG_PHY_LED_GPIO = 0x7b392a394de9f948 + CONFIG_PHY_LED_BTNESS = 0x76a85945985d02fd class RESP(IntEnum): KEY_AGREEMENT = 0x01 @@ -119,6 +121,33 @@ class VendorConfig(Config): }, ) + def led_gpio(self, gpio): + self._call( + VendorConfig.CMD.CONFIG_VENDOR_PHY, + { + VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_LED_GPIO, + VendorConfig.PARAM.VENDOR_PARAM: gpio + }, + ) + + def led_brightness(self, brightness): + self._call( + VendorConfig.CMD.CONFIG_VENDOR_PHY, + { + VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_LED_BTNESS, + VendorConfig.PARAM.VENDOR_PARAM: brightness + }, + ) + + def phy_opts(self, opts): + self._call( + VendorConfig.CMD.CONFIG_VENDOR_PHY, + { + VendorConfig.PARAM.VENDOR_COMMAND_ID: VendorConfig.CMD.CONFIG_PHY_OPTS, + VendorConfig.PARAM.VENDOR_PARAM: opts + }, + ) + class Ctap2Vendor(Ctap2): def __init__(self, device: CtapDevice, strict_cbor: bool = True): super().__init__(device=device, strict_cbor=strict_cbor) @@ -203,6 +232,7 @@ class Vendor: VENDOR_MSE = 0x02 VENDOR_UNLOCK = 0x03 VENDOR_EA = 0x04 + VENDOR_PHY = 0x05 @unique class PARAM(IntEnum): @@ -220,6 +250,10 @@ class Vendor: PARAM = 0x01 COSE_KEY = 0x02 + class PHY_OPTS(IntEnum): + PHY_OPT_WCID = 0x1 + PHY_OPT_DIMM = 0x10 + def __init__( self, ctap: Ctap2Vendor, @@ -409,6 +443,38 @@ class Vendor: def vidpid(self, vid, pid): return self.vcfg.vidpid(vid, pid) + def led_gpio(self, gpio): + return self.vcfg.led_gpio(gpio) + + def led_brightness(self, brightness): + if (brightness > 15): + print('ERROR: Brightness must be between 0 and 15') + return + return self.vcfg.led_brightness(brightness) + + def led_dimmable(self, onoff): + opts = self.phy_opts() + if (onoff): + opts |= Vendor.PHY_OPTS.PHY_OPT_DIMM + else: + opts &= ~Vendor.PHY_OPTS.PHY_OPT_DIMM + print(f'opts: {opts}') + return self.vcfg.phy_opts(opts) + + def wcid(self, onoff): + opts = self.phy_opts() + if (onoff): + opts |= Vendor.PHY_OPTS.PHY_OPT_WCID + else: + opts &= ~Vendor.PHY_OPTS.PHY_OPT_WCID + return self.vcfg.phy_opts(opts) + + def phy_opts(self): + return self._call( + Vendor.CMD.VENDOR_PHY, + Vendor.SUBCMD.ENABLE, + )[Vendor.RESP.PARAM] + def parse_args(): parser = argparse.ArgumentParser() subparser = parser.add_subparsers(title="commands", dest="command") @@ -428,6 +494,14 @@ def parse_args(): subparser_phy = parser_phy.add_subparsers(title='commands', dest='subcommand', required=True) parser_phy_vp = subparser_phy.add_parser('vidpid', help='Sets VID/PID. Use VID:PID format (e.g. 1234:5678)') parser_phy_vp.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?') + parser_phy_ledn = subparser_phy.add_parser('led_gpio', help='Sets LED GPIO number.') + parser_phy_ledn.add_argument('value', help='Value of the PHY option.', metavar='VAL', nargs='?') + parser_phy_optwcid = subparser_phy.add_parser('wcid', help='Enable/Disable Web CCID interface.') + parser_phy_optwcid.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable Web CCID interface.', nargs='?') + parser_phy_ledbtness = subparser_phy.add_parser('led_brightness', help='Sets LED max. brightness.') + parser_phy_ledbtness.add_argument('value', help='Value of the max. brightness.', metavar='VAL', nargs='?') + parser_phy_optdimm = subparser_phy.add_parser('led_dimmable', help='Enable/Disable LED dimming.') + parser_phy_optdimm.add_argument('value', choices=['enable', 'disable'], help='Enable/Disable LED dimming.', nargs='?') args = parser.parse_args() return args @@ -469,7 +543,18 @@ def phy(vdr, args): sp = val.split(':') if (len(sp) != 2): print('ERROR: VID/PID have wrong format. Use VID:PID format (e.g. 1234:5678)') - ret = vdr.vidpid(int(sp[0],16), int(sp[1],16)) + ret = vdr.vidpid(int(sp[0],16), int(sp[1],16)) + elif (args.subcommand == 'led_gpio'): + val = int(val) + ret = vdr.led_gpio(val) + elif (args.subcommand == 'led_brightness'): + val = int(val) + ret = vdr.led_brightness(val) + elif (args.subcommand == 'led_dimmable'): + ret = vdr.led_dimmable(val == 'enable') + elif (args.subcommand == 'wcid'): + ret = vdr.wcid(val == 'enable') + if (ret): print(f'Current value: {hexlify(ret)}') else: -- 2.34.1 From dc07653ae753cb0c318df4e00c099da7e027019f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 27 Sep 2024 21:00:39 +0200 Subject: [PATCH 107/127] Fix emulation build. Signed-off-by: Pol Henarejos --- src/fido/cbor_vendor.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fido/cbor_vendor.c b/src/fido/cbor_vendor.c index 215056d..501a22e 100644 --- a/src/fido/cbor_vendor.c +++ b/src/fido/cbor_vendor.c @@ -249,6 +249,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { goto err; } } +#ifndef ENABLE_EMULATION else if (cmd == CTAP_VENDOR_PHY_OPTS) { if (vendorCmd == 0x01) { uint16_t opts = 0; @@ -264,6 +265,7 @@ int cbor_vendor_generic(uint8_t cmd, const uint8_t *data, size_t len) { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } } + #endif else { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } -- 2.34.1 From 53ed3a46c41912a302e238dcef680d3fad9c7f65 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 1 Oct 2024 09:34:22 +0200 Subject: [PATCH 108/127] Add autobuild for local. Harmonize with other repos. Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 4 ++-- workflows/autobuild.sh | 21 +++++++++++++++++++-- workflows/autobuild_esp32.sh | 12 ------------ 3 files changed, 21 insertions(+), 16 deletions(-) delete mode 100755 workflows/autobuild_esp32.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 42c5133..ba8d07f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,6 +36,7 @@ jobs: language: [ 'cpp', 'python' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + mode: [ 'pico', 'esp32', 'local' ] steps: - name: Checkout repository @@ -67,8 +68,7 @@ jobs: - run: | echo "Run, Build Application using script" - ./workflows/autobuild.sh - ./workflows/autobuild_esp32.sh + ./workflows/autobuild.sh ${{ matrix.mode }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 diff --git a/workflows/autobuild.sh b/workflows/autobuild.sh index b808bbd..d90e1a4 100755 --- a/workflows/autobuild.sh +++ b/workflows/autobuild.sh @@ -2,7 +2,9 @@ git submodule update --init --recursive sudo apt update -sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib build-essential pkg-config libusb-1.0-0-dev + +if [[ $1 == "pico" ]]; then +sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib git clone https://github.com/raspberrypi/pico-sdk cd pico-sdk git submodule update --init @@ -19,4 +21,19 @@ cd ../.. mkdir build_pico cd build_pico cmake -DPICO_SDK_PATH=../pico-sdk .. -make -j`nproc` +make +elif [[ $1 == "esp32" ]]; then +sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0 +git clone --recursive https://github.com/espressif/esp-idf.git +cd esp-idf +./install.sh esp32s3 +. ./export.sh +cd .. +idf.py set-target esp32s3 +idf.py all +else +mkdir build +cd build +cmake -DENABLE_EMULATION=1 .. +make +fi diff --git a/workflows/autobuild_esp32.sh b/workflows/autobuild_esp32.sh deleted file mode 100755 index 12c12c7..0000000 --- a/workflows/autobuild_esp32.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -git submodule update --init --recursive -sudo apt update -sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0 -git clone --recursive https://github.com/espressif/esp-idf.git -cd esp-idf -./install.sh esp32s3 -. ./export.sh -cd .. -idf.py set-target esp32s3 -idf.py all -- 2.34.1 From ef49560d0acbb93b763b98c8bd989d2306bc024e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 2 Oct 2024 11:55:34 +0200 Subject: [PATCH 109/127] Fix nightly build Signed-off-by: Pol Henarejos --- .github/workflows/nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 4ad3de3..7c15511 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -23,7 +23,7 @@ jobs: env: PICO_SDK_PATH: ../pico-sdk run: | - ./workflows/autobuild.sh + ./workflows/autobuild.sh pico ./build_pico_fido.sh - name: Update nightly release uses: pyTooling/Actions/releaser@main -- 2.34.1 From 3ce8496faa31fd2ad723fc12ed3dd3d9456ca170 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 4 Oct 2024 17:53:59 +0200 Subject: [PATCH 110/127] Update workflows. Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 1 - .github/workflows/nightly.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 42c5133..f3fc397 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,7 +68,6 @@ jobs: - run: | echo "Run, Build Application using script" ./workflows/autobuild.sh - ./workflows/autobuild_esp32.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 4ad3de3..7c15511 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -23,7 +23,7 @@ jobs: env: PICO_SDK_PATH: ../pico-sdk run: | - ./workflows/autobuild.sh + ./workflows/autobuild.sh pico ./build_pico_fido.sh - name: Update nightly release uses: pyTooling/Actions/releaser@main -- 2.34.1 From 0df1330f92a396bdc8883b4ee6b94afd9cd44e3f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 4 Nov 2024 18:25:42 +0100 Subject: [PATCH 111/127] Add support for commissioning. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_make_credential.c | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index a816b6f..6f7d92a 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit a816b6f747604c3430faadb66aefba067326f8ed +Subproject commit 6f7d92a5913d4a985cbaa71a0f74df04405ce162 diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index e522d3f..161fb7a 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -364,8 +364,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { CBOR_CHECK(cbor_encoder_create_map(&encoder, &mapEncoder, l)); if (extensions.credBlob.present == true) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credBlob")); - CBOR_CHECK(cbor_encode_boolean(&mapEncoder, - extensions.credBlob.len < MAX_CREDBLOB_LENGTH)); + CBOR_CHECK(cbor_encode_boolean(&mapEncoder, extensions.credBlob.len < MAX_CREDBLOB_LENGTH)); } if (extensions.credProtect != 0) { CBOR_CHECK(cbor_encode_text_stringz(&mapEncoder, "credProtect")); @@ -452,6 +451,21 @@ int cbor_make_credential(const uint8_t *data, size_t len) { ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL); mbedtls_ecdsa_free(&ekey); + if (user.id.len > 0 && user.parent.name.len > 0 && user.displayName.len > 0) { + if (memcmp(user.parent.name.data, "+pico", 5) == 0) { + options.rk = pfalse; +#ifndef ENABLE_EMULATION + uint8_t *p = (uint8_t *)user.parent.name.data + 5; + if (memcmp(p, "CommissionProfile", 17) == 0) { + ret = parse_phy_data(user.id.data, user.id.len); + } +#endif + if (ret != 0) { + CBOR_ERROR(CTAP2_ERR_PROCESSING); + } + } + } + uint8_t largeBlobKey[32] = {0}; if (extensions.largeBlobKey == ptrue && options.rk == ptrue) { ret = credential_derive_large_blob_key(cred_id, cred_id_len, largeBlobKey); -- 2.34.1 From e5910b1cbaeeaac35ebaf07126c3a4f86cddb15b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 00:29:32 +0100 Subject: [PATCH 112/127] Enable WCID by default. Signed-off-by: Pol Henarejos --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 89f4936..c89573a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -77,6 +77,7 @@ endif(ENABLE_OTP_APP) if(ENABLE_OTP_APP OR ENABLE_OATH_APP) set(USB_ITF_CCID 1) + set(USB_ITF_WCID 1) else() set(USB_ITF_CCID 0) endif() -- 2.34.1 From 4ce6b2df5c0ab20f6f32bb32ea06bcd617953000 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 00:29:58 +0100 Subject: [PATCH 113/127] Refactor PHY to support more flexible and scalable architecture. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_config.c | 36 ++++++++++++++------------------- src/fido/cbor_make_credential.c | 6 +++++- tools/pico-fido-tool.py | 2 +- 4 files changed, 22 insertions(+), 24 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 6f7d92a..e4a3124 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 6f7d92a5913d4a985cbaa71a0f74df04405ce162 +Subproject commit e4a3124876c19ada97332f4a242458878b595f05 diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index 90311c3..ede79a3 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -224,20 +224,11 @@ int cbor_config(const uint8_t *data, size_t len) { } #ifndef ENABLE_EMULATION else if (subcommand == 0x1B) { - uint8_t tmp[PHY_MAX_SIZE]; - memset(tmp, 0, sizeof(tmp)); - uint16_t opts = 0; - if (file_has_data(ef_phy)) { - memcpy(tmp, file_get_data(ef_phy), MIN(sizeof(tmp), file_get_size(ef_phy))); - if (file_get_size(ef_phy) >= 8) { - opts = (tmp[PHY_OPTS] << 8) | tmp[PHY_OPTS + 1]; - } - } if (vendorCommandId == CTAP_CONFIG_PHY_VIDPID) { if (vendorParam != 0) { - uint8_t d[4] = { (vendorParam >> 24) & 0xFF, (vendorParam >> 16) & 0xFF, (vendorParam >> 8) & 0xFF, vendorParam & 0xFF }; - memcpy(tmp + PHY_VID, d, sizeof(d)); - opts |= PHY_OPT_VPID; + phy_data.vid = (vendorParam >> 16) & 0xFFFF; + phy_data.pid = vendorParam & 0xFFFF; + phy_data.vidpid_present = true; } else { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); @@ -245,18 +236,17 @@ int cbor_config(const uint8_t *data, size_t len) { } else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO || vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) { - tmp[PHY_LED_GPIO] = (uint8_t)vendorParam; - opts |= PHY_OPT_GPIO; + phy_data.led_gpio = (uint8_t)vendorParam; + phy_data.led_gpio_present = true; } else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { - tmp[PHY_LED_BTNESS] = (uint8_t)vendorParam; - opts |= PHY_OPT_BTNESS; + phy_data.led_brightness = (uint8_t)vendorParam; + phy_data.led_brightness_present = true; } } else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) { if (vendorParam != 0) { - uint16_t opt = (uint16_t)vendorParam; - opts = (opts & ~PHY_OPT_MASK) | (opt & PHY_OPT_MASK); + phy_data.opts = (uint16_t)vendorParam; } else { CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); @@ -265,9 +255,13 @@ int cbor_config(const uint8_t *data, size_t len) { else { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); } - tmp[PHY_OPTS] = opts >> 8; - tmp[PHY_OPTS + 1] = opts & 0xff; - file_put_data(ef_phy, tmp, sizeof(tmp)); + uint8_t tmp[PHY_MAX_SIZE]; + uint16_t tmp_len = 0; + memset(tmp, 0, sizeof(tmp)); + if (phy_serialize_data(&phy_data, tmp, &tmp_len) != CCID_OK) { + CBOR_ERROR(CTAP2_ERR_PROCESSING); + } + file_put_data(ef_phy, tmp, tmp_len); low_flash_available(); } #endif diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index 161fb7a..ed1fddd 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -457,12 +457,16 @@ int cbor_make_credential(const uint8_t *data, size_t len) { #ifndef ENABLE_EMULATION uint8_t *p = (uint8_t *)user.parent.name.data + 5; if (memcmp(p, "CommissionProfile", 17) == 0) { - ret = parse_phy_data(user.id.data, user.id.len); + ret = phy_unserialize_data(user.id.data, user.id.len, &phy_data); + if (ret == CCID_OK) { + file_put_data(ef_phy, user.id.data, user.id.len); + } } #endif if (ret != 0) { CBOR_ERROR(CTAP2_ERR_PROCESSING); } + low_flash_available(); } } diff --git a/tools/pico-fido-tool.py b/tools/pico-fido-tool.py index 5d0d173..377e6b6 100644 --- a/tools/pico-fido-tool.py +++ b/tools/pico-fido-tool.py @@ -252,7 +252,7 @@ class Vendor: class PHY_OPTS(IntEnum): PHY_OPT_WCID = 0x1 - PHY_OPT_DIMM = 0x10 + PHY_OPT_DIMM = 0x2 def __init__( self, -- 2.34.1 From 1fbf3da4f513e5a69657eef2743dc3195345f9b4 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 09:43:07 +0100 Subject: [PATCH 114/127] Fix usb initialization for emulation. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index e4a3124..27a685b 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit e4a3124876c19ada97332f4a242458878b595f05 +Subproject commit 27a685b93181b66f56a3aa19aa666a69af838c5b -- 2.34.1 From df2977e6adfcccd68b77bc220632b692bba74d4e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 18:21:11 +0100 Subject: [PATCH 115/127] Add rescue app. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 27a685b..242e357 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 27a685b93181b66f56a3aa19aa666a69af838c5b +Subproject commit 242e357a7482573b565330356351b87811949c45 -- 2.34.1 From 3fad6baf89126c02b3688d92a21d29567ee80678 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 18:21:42 +0100 Subject: [PATCH 116/127] Rename CCID_ code names to PICOKEY_ Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- src/fido/cbor_config.c | 2 +- src/fido/cbor_make_credential.c | 2 +- src/fido/cmd_authenticate.c | 4 ++-- src/fido/cmd_register.c | 14 +++++++------- src/fido/fido.c | 22 +++++++++++----------- src/fido/management.c | 4 ++-- src/fido/oath.c | 16 ++++++++-------- src/fido/otp.c | 8 ++++---- 9 files changed, 37 insertions(+), 37 deletions(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 242e357..6625678 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 242e357a7482573b565330356351b87811949c45 +Subproject commit 6625678c3059554ef9fc38c1fd0ff16fa4dbad3e diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index ede79a3..cc44cfc 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -258,7 +258,7 @@ int cbor_config(const uint8_t *data, size_t len) { uint8_t tmp[PHY_MAX_SIZE]; uint16_t tmp_len = 0; memset(tmp, 0, sizeof(tmp)); - if (phy_serialize_data(&phy_data, tmp, &tmp_len) != CCID_OK) { + if (phy_serialize_data(&phy_data, tmp, &tmp_len) != PICOKEY_OK) { CBOR_ERROR(CTAP2_ERR_PROCESSING); } file_put_data(ef_phy, tmp, tmp_len); diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c index ed1fddd..5640b2f 100644 --- a/src/fido/cbor_make_credential.c +++ b/src/fido/cbor_make_credential.c @@ -458,7 +458,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) { uint8_t *p = (uint8_t *)user.parent.name.data + 5; if (memcmp(p, "CommissionProfile", 17) == 0) { ret = phy_unserialize_data(user.id.data, user.id.len, &phy_data); - if (ret == CCID_OK) { + if (ret == PICOKEY_OK) { file_put_data(ef_phy, user.id.data, user.id.len); } } diff --git a/src/fido/cmd_authenticate.c b/src/fido/cmd_authenticate.c index 81e71a4..aecf75b 100644 --- a/src/fido/cmd_authenticate.c +++ b/src/fido/cmd_authenticate.c @@ -26,7 +26,7 @@ int cmd_authenticate() { CTAP_AUTHENTICATE_REQ *req = (CTAP_AUTHENTICATE_REQ *) apdu.data; CTAP_AUTHENTICATE_RESP *resp = (CTAP_AUTHENTICATE_RESP *) res_APDU; - //if (scan_files(true) != CCID_OK) + //if (scan_files(true) != PICOKEY_OK) // return SW_EXEC_ERROR(); if (apdu.nc < CTAP_CHAL_SIZE + CTAP_APPID_SIZE + 1 + 1) { return SW_WRONG_DATA(); @@ -55,7 +55,7 @@ int cmd_authenticate() { } } free(tmp_kh); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } diff --git a/src/fido/cmd_register.c b/src/fido/cmd_register.c index e06df87..f62bf72 100644 --- a/src/fido/cmd_register.c +++ b/src/fido/cmd_register.c @@ -37,9 +37,9 @@ int u2f_select(app_t *a, uint8_t force) { if (cap_supported(CAP_U2F)) { a->process_apdu = u2f_process_apdu; a->unload = u2f_unload; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } INITIALIZER ( u2f_ctor ) { @@ -47,7 +47,7 @@ INITIALIZER ( u2f_ctor ) { } int u2f_unload() { - return CCID_OK; + return PICOKEY_OK; } const uint8_t *bogus_firefox = (const uint8_t *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; @@ -59,7 +59,7 @@ int cmd_register() { CTAP_REGISTER_RESP *resp = (CTAP_REGISTER_RESP *) res_APDU; resp->registerId = CTAP_REGISTER_ID; resp->keyHandleLen = KEY_HANDLE_LEN; - //if (scan_files(true) != CCID_OK) + //if (scan_files(true) != PICOKEY_OK) // return SW_EXEC_ERROR(); if (apdu.nc != CTAP_APPID_SIZE + CTAP_CHAL_SIZE) { return SW_WRONG_LENGTH(); @@ -77,7 +77,7 @@ int cmd_register() { mbedtls_ecdsa_context key; mbedtls_ecdsa_init(&key); int ret = derive_key(req->appId, true, resp->keyHandleCertSig, MBEDTLS_ECP_DP_SECP256R1, &key); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } @@ -102,12 +102,12 @@ int cmd_register() { mbedtls_ecdsa_init(&key); uint8_t key_dev[32] = {0}; ret = load_keydev(key_dev); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return SW_EXEC_ERROR(); } ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &key, key_dev, 32); mbedtls_platform_zeroize(key_dev, sizeof(key_dev)); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { mbedtls_ecdsa_free(&key); return SW_EXEC_ERROR(); } diff --git a/src/fido/fido.c b/src/fido/fido.c index cac3d3e..a929ae4 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -68,9 +68,9 @@ int fido_select(app_t *a, uint8_t force) { if (cap_supported(CAP_FIDO2)) { a->process_apdu = fido_process_apdu; a->unload = fido_unload; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } extern uint8_t (*get_version_major)(); @@ -86,7 +86,7 @@ INITIALIZER ( fido_ctor ) { } int fido_unload() { - return CCID_OK; + return PICOKEY_OK; } mbedtls_ecp_group_id fido_curve_to_mbedtls(int curve) { @@ -178,7 +178,7 @@ int x509_create_cert(mbedtls_ecdsa_context *ecdsa, uint8_t *buffer, size_t buffe int load_keydev(uint8_t *key) { if (has_keydev_dec == false && !file_has_data(ef_keydev)) { - return CCID_ERR_MEMORY_FATAL; + return PICOKEY_ERR_MEMORY_FATAL; } if (has_keydev_dec == true) { @@ -187,14 +187,14 @@ int load_keydev(uint8_t *key) { else { memcpy(key, file_get_data(ef_keydev), file_get_size(ef_keydev)); #ifdef PICO_RP2350 - if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != CCID_OK) { - return CCID_EXEC_ERROR; + if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != PICOKEY_OK) { + return PICOKEY_EXEC_ERROR; } #endif } //return mkek_decrypt(key, file_get_size(ef_keydev)); - return CCID_OK; + return PICOKEY_OK; } int verify_key(const uint8_t *appId, const uint8_t *keyHandle, mbedtls_ecdsa_context *key) { @@ -234,7 +234,7 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, int cur uint8_t outk[67] = { 0 }; //SECP521R1 key is 66 bytes length int r = 0; memset(outk, 0, sizeof(outk)); - if ((r = load_keydev(outk)) != CCID_OK) { + if ((r = load_keydev(outk)) != PICOKEY_OK) { printf("Error loading keydev: %d\n", r); return r; } @@ -298,7 +298,7 @@ int scan_files() { uint8_t kdata[64]; size_t key_size = 0; ret = mbedtls_ecp_write_key_ext(&ecdsa, &key_size, kdata, sizeof(kdata)); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return ret; } #ifdef PICO_RP2350 @@ -307,7 +307,7 @@ int scan_files() { ret = file_put_data(ef_keydev, kdata, (uint16_t)key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return ret; } printf(" done!\n"); @@ -372,7 +372,7 @@ int scan_files() { file_put_data(ef_largeblob, (const uint8_t *) "\x80\x76\xbe\x8b\x52\x8d\x00\x75\xf7\xaa\xe9\x8d\x6f\xa5\x7a\x6d\x3c", 17); } low_flash_available(); - return CCID_OK; + return PICOKEY_OK; } void scan_all() { diff --git a/src/fido/management.c b/src/fido/management.c index 57cd47c..1141658 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -42,7 +42,7 @@ int man_select(app_t *a, uint8_t force) { scan_all(); init_otp(); } - return CCID_OK; + return PICOKEY_OK; } INITIALIZER ( man_ctor ) { @@ -50,7 +50,7 @@ INITIALIZER ( man_ctor ) { } int man_unload() { - return CCID_OK; + return PICOKEY_OK; } bool cap_supported(uint16_t cap) { diff --git a/src/fido/oath.c b/src/fido/oath.c index b0c7cc4..8e396d1 100644 --- a/src/fido/oath.c +++ b/src/fido/oath.c @@ -100,9 +100,9 @@ int oath_select(app_t *a, uint8_t force) { res_APDU[res_APDU_size++] = 1; res_APDU[res_APDU_size++] = ALG_HMAC_SHA1; apdu.ne = res_APDU_size; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } INITIALIZER ( oath_ctor ) { @@ -110,7 +110,7 @@ INITIALIZER ( oath_ctor ) { } int oath_unload() { - return CCID_OK; + return PICOKEY_OK; } file_t *find_oath_cred(const uint8_t *name, size_t name_len) { @@ -337,7 +337,7 @@ int calculate_oath(uint8_t truncate, const uint8_t *key, size_t key_len, const u int r = mbedtls_md_hmac(md_info, key + 2, key_len - 2, chal, chal_len, hmac); size_t hmac_size = mbedtls_md_get_size(md_info); if (r != 0) { - return CCID_EXEC_ERROR; + return PICOKEY_EXEC_ERROR; } if (truncate == 0x01) { res_APDU[res_APDU_size++] = 4 + 1; @@ -354,7 +354,7 @@ int calculate_oath(uint8_t truncate, const uint8_t *key, size_t key_len, const u memcpy(res_APDU + res_APDU_size, hmac, hmac_size); res_APDU_size += (uint16_t)hmac_size; } apdu.ne = res_APDU_size; - return CCID_OK; + return PICOKEY_OK; } int cmd_calculate() { @@ -391,7 +391,7 @@ int cmd_calculate() { res_APDU[res_APDU_size++] = TAG_RESPONSE + P2(apdu); int ret = calculate_oath(P2(apdu), key.data, key.len, chal.data, chal.len); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return SW_EXEC_ERROR(); } if ((key.data[0] & OATH_TYPE_MASK) == OATH_TYPE_HOTP) { @@ -466,7 +466,7 @@ int cmd_calculate_all() { else { res_APDU[res_APDU_size++] = TAG_RESPONSE + P2(apdu); int ret = calculate_oath(P2(apdu), key.data, key.len, chal.data, chal.len); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { res_APDU[res_APDU_size++] = 1; res_APDU[res_APDU_size++] = key.data[1]; } @@ -581,7 +581,7 @@ int cmd_verify_hotp() { } int ret = calculate_oath(0x01, key.data, key.len, chal.data, chal.len); - if (ret != CCID_OK) { + if (ret != PICOKEY_OK) { return SW_EXEC_ERROR(); } uint32_t res_int = (res_APDU[2] << 24) | (res_APDU[3] << 16) | (res_APDU[4] << 8) | res_APDU[5]; diff --git a/src/fido/otp.c b/src/fido/otp.c index 67089b5..2970aeb 100644 --- a/src/fido/otp.c +++ b/src/fido/otp.c @@ -144,9 +144,9 @@ int otp_select(app_t *a, uint8_t force) { memmove(res_APDU, res_APDU + 1, 6); res_APDU_size = 6; apdu.ne = res_APDU_size; - return CCID_OK; + return PICOKEY_OK; } - return CCID_ERR_FILE_NOT_FOUND; + return PICOKEY_ERR_FILE_NOT_FOUND; } uint8_t modhex_tab[] = @@ -243,7 +243,7 @@ int otp_button_pressed(uint8_t slot) { { imf >> 56, imf >> 48, imf >> 40, imf >> 32, imf >> 24, imf >> 16, imf >> 8, imf & 0xff }; res_APDU_size = 0; int ret = calculate_oath(1, tmp_key, sizeof(tmp_key), chal, sizeof(chal)); - if (ret == CCID_OK) { + if (ret == PICOKEY_OK) { uint32_t base = otp_config->cfg_flags & OATH_HOTP8 ? 1e8 : 1e6; uint32_t number = (res_APDU[2] << 24) | (res_APDU[3] << 16) | (res_APDU[4] << 8) | res_APDU[5]; @@ -348,7 +348,7 @@ INITIALIZER( otp_ctor ) { } int otp_unload() { - return CCID_OK; + return PICOKEY_OK; } uint16_t otp_status() { -- 2.34.1 From bc0e022d859a7c42276e2ee6e598cada9bb29c8f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 18:37:11 +0100 Subject: [PATCH 117/127] Fix version header. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 6625678..e85d77c 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 6625678c3059554ef9fc38c1fd0ff16fa4dbad3e +Subproject commit e85d77c08437e7f2ba269dc91f796ad49df1f0f8 -- 2.34.1 From a68fbd65e92c748e11c0776a048134b72ef2a3bd Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 5 Nov 2024 18:57:28 +0100 Subject: [PATCH 118/127] Compact PHY config. Signed-off-by: Pol Henarejos --- src/fido/cbor_config.c | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/src/fido/cbor_config.c b/src/fido/cbor_config.c index cc44cfc..f443ea9 100644 --- a/src/fido/cbor_config.c +++ b/src/fido/cbor_config.c @@ -224,33 +224,24 @@ int cbor_config(const uint8_t *data, size_t len) { } #ifndef ENABLE_EMULATION else if (subcommand == 0x1B) { - if (vendorCommandId == CTAP_CONFIG_PHY_VIDPID) { - if (vendorParam != 0) { - phy_data.vid = (vendorParam >> 16) & 0xFFFF; - phy_data.pid = vendorParam & 0xFFFF; - phy_data.vidpid_present = true; - } - else { - CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); - } + if (vendorParam == 0) { + CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); } - else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO || vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { - if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) { - phy_data.led_gpio = (uint8_t)vendorParam; - phy_data.led_gpio_present = true; - } - else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { - phy_data.led_brightness = (uint8_t)vendorParam; - phy_data.led_brightness_present = true; - } + if (vendorCommandId == CTAP_CONFIG_PHY_VIDPID) { + phy_data.vid = (vendorParam >> 16) & 0xFFFF; + phy_data.pid = vendorParam & 0xFFFF; + phy_data.vidpid_present = true; + } + else if (vendorCommandId == CTAP_CONFIG_PHY_LED_GPIO) { + phy_data.led_gpio = (uint8_t)vendorParam; + phy_data.led_gpio_present = true; + } + else if (vendorCommandId == CTAP_CONFIG_PHY_LED_BTNESS) { + phy_data.led_brightness = (uint8_t)vendorParam; + phy_data.led_brightness_present = true; } else if (vendorCommandId == CTAP_CONFIG_PHY_OPTS) { - if (vendorParam != 0) { - phy_data.opts = (uint16_t)vendorParam; - } - else { - CBOR_ERROR(CTAP2_ERR_MISSING_PARAMETER); - } + phy_data.opts = (uint16_t)vendorParam; } else { CBOR_ERROR(CTAP2_ERR_UNSUPPORTED_OPTION); -- 2.34.1 From 78604f820d8c182f9715175f289906c38ec4905c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 6 Nov 2024 17:02:51 +0100 Subject: [PATCH 119/127] Always enable WCID interface. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index e85d77c..3dbf969 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit e85d77c08437e7f2ba269dc91f796ad49df1f0f8 +Subproject commit 3dbf969e12471b90e476051d8371fa96d353cd65 -- 2.34.1 From 244c18fb511ff1cf3b3e8bd2e5992959c2949680 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 6 Nov 2024 17:11:44 +0100 Subject: [PATCH 120/127] Fix esp32 build with wcid. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 3dbf969..5f27c0d 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 3dbf969e12471b90e476051d8371fa96d353cd65 +Subproject commit 5f27c0d75dd07ce0121ead6acefb225871862356 -- 2.34.1 From 3b43c5112b1fb868522c8e98735924f813d5115f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 8 Nov 2024 19:33:40 +0100 Subject: [PATCH 121/127] Add command to reset device via management app. Signed-off-by: Pol Henarejos --- src/fido/management.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/fido/management.c b/src/fido/management.c index 1141658..8c25a9c 100644 --- a/src/fido/management.c +++ b/src/fido/management.c @@ -135,12 +135,20 @@ int cmd_write_config() { return SW_OK(); } +extern int cbor_reset(); +int cmd_factory_reset() { + cbor_reset(); + return SW_OK(); +} + #define INS_READ_CONFIG 0x1D #define INS_WRITE_CONFIG 0x1C +#define INS_RESET 0x1E // Reset device static const cmd_t cmds[] = { { INS_READ_CONFIG, cmd_read_config }, { INS_WRITE_CONFIG, cmd_write_config }, + { INS_RESET, cmd_factory_reset }, { 0x00, 0x0 } }; -- 2.34.1 From 77c3568885ee2a336043184cbab088a49950a948 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 9 Nov 2024 00:23:04 +0100 Subject: [PATCH 122/127] Add PICO_PRODUCT. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fido/fido.c b/src/fido/fido.c index a929ae4..67a3a1e 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -40,6 +40,8 @@ int fido_process_apdu(); int fido_unload(); +uint8_t PICO_PRODUCT = 2; // Pico FIDO + pinUvAuthToken_t paut = { 0 }; uint8_t keydev_dec[32]; -- 2.34.1 From 646b423fe4f0b212c5f686ad660e1841189bac05 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 9 Nov 2024 00:24:47 +0100 Subject: [PATCH 123/127] Add compiler flags for optimized builds in ESP32. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- sdkconfig.defaults | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 5f27c0d..5bce3e4 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 5f27c0d75dd07ce0121ead6acefb225871862356 +Subproject commit 5bce3e4c838f424c8d17728814284352f1b53bff diff --git a/sdkconfig.defaults b/sdkconfig.defaults index 1cb2487..2014bb3 100644 --- a/sdkconfig.defaults +++ b/sdkconfig.defaults @@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv" CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_WL_SECTOR_SIZE_512=y CONFIG_WL_SECTOR_MODE_PERF=y +COMPILER_OPTIMIZATION="Performance" CONFIG_MBEDTLS_CMAC_C=y CONFIG_MBEDTLS_CHACHA20_C=y -- 2.34.1 From 4ecb325e07201eef3de7360ad7ddc3c078f4338d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 10 Nov 2024 00:50:27 +0100 Subject: [PATCH 124/127] Upgrade Pico Keys SDK v7.0 Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 5bce3e4..8c25e9b 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 5bce3e4c838f424c8d17728814284352f1b53bff +Subproject commit 8c25e9be87f5556738550d309358198163111420 -- 2.34.1 From 730e76af756e899775727583daba794fb9b09dcf Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 10 Nov 2024 01:07:31 +0100 Subject: [PATCH 125/127] Enable OTP master key for ESP32-S3. Signed-off-by: Pol Henarejos --- src/fido/fido.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/fido/fido.c b/src/fido/fido.c index 67a3a1e..e59d3c2 100644 --- a/src/fido/fido.c +++ b/src/fido/fido.c @@ -188,11 +188,9 @@ int load_keydev(uint8_t *key) { } else { memcpy(key, file_get_data(ef_keydev), file_get_size(ef_keydev)); -#ifdef PICO_RP2350 - if (aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != PICOKEY_OK) { + if (otp_key_1 && aes_decrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, key, 32) != PICOKEY_OK) { return PICOKEY_EXEC_ERROR; } -#endif } //return mkek_decrypt(key, file_get_size(ef_keydev)); @@ -303,9 +301,9 @@ int scan_files() { if (ret != PICOKEY_OK) { return ret; } -#ifdef PICO_RP2350 - ret = aes_encrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, kdata, 32); -#endif + if (otp_key_1) { + ret = aes_encrypt(otp_key_1, NULL, 32 * 8, PICO_KEYS_AES_MODE_CBC, kdata, 32); + } ret = file_put_data(ef_keydev, kdata, (uint16_t)key_size); mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_ecdsa_free(&ecdsa); -- 2.34.1 From 10c58b4be7c9c1eee512a2af415a9118c3409825 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 10 Nov 2024 01:20:52 +0100 Subject: [PATCH 126/127] Update README Signed-off-by: Pol Henarejos --- README.md | 51 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index d2c43f4..602182c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Pico FIDO -This project transforms your Raspberry Pi Pico into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication. +This project transforms your Raspberry Pi Pico or ESP32 microcontroller into an integrated FIDO Passkey, functioning like a standard USB Passkey for authentication. ## Features Pico FIDO includes the following features: @@ -30,51 +30,68 @@ Pico FIDO includes the following features: - Large blobs support (2048 bytes max) - OATH (based on YKOATH protocol specification) - TOTP / HOTP -- Yubikey OTP +- Yubikey One Time Password - Challenge-response generation - Emulated keyboard interface - Button press generates an OTP that is directly typed - Yubico YKMAN compatible - Nitrokey nitropy and nitroapp compatible +- Secure Boot and Secure Lock in RP2350 and ESP32-S3 MCUs +- One Time Programming to store the master key that encrypts all resident keys and seeds. +- Rescue interface to allow recovery of the device if it becomes unresponsive or undetectable. +- LED customization with Pico Commissioner. All features comply with the specifications. If you encounter unexpected behavior or deviations from the specifications, please open an issue. ## Security Considerations +Microcontrollers RP2350 and ESP32-S3 are designed to support secure environments when Secure Boot is enabled, and optionally, Secure Lock. These features allow a master key encryption key (MKEK) to be stored in a one-time programmable (OTP) memory region, which is inaccessible from outside secure code. This master key is then used to encrypt all private and secret keys on the device, protecting sensitive data from potential flash memory dumps. -Pico FIDO is an open platform, so exercise caution. The flash memory contents can be easily dumped, potentially revealing private/master keys. It is not feasible to encrypt the content, meaning at least one key (the master key) must be stored in clear text. - -If the Pico is stolen, the private and secret keys can be accessed. +**However**, the RP2040 microcontroller lacks this level of security hardware, meaning that it cannot provide the same protection. Data stored on its flash memory, including private or master keys, can be easily accessed or dumped, as encryption of the master key itself is not feasible. Consequently, if an RP2040 device is stolen, any stored private or secret keys may be exposed. ## Download -Please visit the [Release page](https://github.com/polhenarejos/pico-fido/releases "Release page") to download the UF2 file for your board. +**If you own an ESP32-S3 board, go to [ESP32 Flasher](https://www.picokeys.com/esp32-flasher/) for flashing your Pico FIDO.** -Note that UF2 files are shipped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar software, you will need to modify the Info.plist of the CCID driver to add these VID/PID values or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/). +If you own a Raspberry Pico (RP2040 or RP2350), go to [Download page](https://www.picokeys.com/getting-started/), select your vendor and model and download the proper firmware; or go to [Release page](https://www.github.com/polhenarejos/pico-fido/releases/) and download the UF2 file for your board. -Alternatively, you can use the legacy VID/PID patcher with the following command: -```sh -./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2 -``` -You can use any VID/PID (e.g., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own. +Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with other proprietary tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner"). -For ease of use, the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is highly recommended. +You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own. -## Build +Note that the pure-browser option [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") is the most recommended. + +## Build for Raspberry Pico Before building, ensure you have installed the toolchain for the Pico and that the Pico SDK is properly located on your drive. ```sh git clone https://github.com/polhenarejos/pico-fido +git submodule update --init --recursive cd pico-fido mkdir build cd build PICO_SDK_PATH=/path/to/pico-sdk cmake .. -DPICO_BOARD=board_type -DUSB_VID=0x1234 -DUSB_PID=0x5678 make ``` +Note that `PICO_BOARD`, `USB_VID` and `USB_PID` are optional. If not provided, `pico` board and VID/PID `FEFF:FCFD` will be used. -Note that `PICO_BOARD`, `USB_VID`, and `USB_PID` are optional. If not provided, the default Pico board and VID/PID `FEFF:FCFD` will be used. +Additionally, you can pass the `VIDPID=value` parameter to build the firmware with a known VID/PID. The supported values are: -After `make` finishes, the binary file `pico_fido.uf2` will be generated. Put your Pico board into loading mode by holding the BOOTSEL button while plugging it in, then copy the UF2 file to the new USB mass storage Pico device. Once copied, the Pico mass storage will disconnect automatically, and the Pico board will reset with the new firmware. A blinking LED will indicate that the device is ready to work. +- `NitroHSM` +- `NitroFIDO2` +- `NitroStart` +- `NitroPro` +- `Nitro3` +- `Yubikey5` +- `YubikeyNeo` +- `YubiHSM` +- `Gnuk` +- `GnuPG` -**Remark:** Pico FIDO uses the HID interface, so VID/PID values are irrelevant in terms of operativity. You can safely use any arbitrary values or the default ones. They are only necessary in case you need to use 3rd-party tools from other vendors. +After running `make`, the binary file `pico_fido.uf2` will be generated. To load this onto your Pico board: + +1. Put the Pico board into loading mode by holding the `BOOTSEL` button while plugging it in. +2. Copy the `pico_fido.uf2` file to the new USB mass storage device that appears. +3. Once the file is copied, the Pico mass storage device will automatically disconnect, and the Pico board will reset with the new firmware. +4. A blinking LED will indicate that the device is ready to work. ## Led blink Pico FIDO uses the led to indicate the current status. Four states are available: -- 2.34.1 From 7a59b518494d46e01dd768e5d9af4a9caaf3bd74 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sun, 10 Nov 2024 01:21:51 +0100 Subject: [PATCH 127/127] Upgrade to v6.0 Signed-off-by: Pol Henarejos --- build_pico_fido.sh | 4 ++-- src/fido/version.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build_pico_fido.sh b/build_pico_fido.sh index 8308979..6a952f2 100755 --- a/build_pico_fido.sh +++ b/build_pico_fido.sh @@ -1,7 +1,7 @@ #!/bin/bash -VERSION_MAJOR="5" -VERSION_MINOR="12" +VERSION_MAJOR="6" +VERSION_MINOR="0" SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" #if ! [[ -z "${GITHUB_SHA}" ]]; then # SUFFIX="${SUFFIX}.${GITHUB_SHA}" diff --git a/src/fido/version.h b/src/fido/version.h index 239abe6..97c8be1 100644 --- a/src/fido/version.h +++ b/src/fido/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define PICO_FIDO_VERSION 0x050C +#define PICO_FIDO_VERSION 0x0600 #define PICO_FIDO_VERSION_MAJOR ((PICO_FIDO_VERSION >> 8) & 0xff) #define PICO_FIDO_VERSION_MINOR (PICO_FIDO_VERSION & 0xff) -- 2.34.1