Merge branch 'master' into development

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

# Conflicts:
#	CMakeLists.txt
#	pico-keys-sdk

CMakeLists.txt

@@ -17,6 +17,9 @@
 
 cmake_minimum_required(VERSION 3.13)
 
+set(USB_VID 0x2E8A)
+set(USB_PID 0x10FD)
+
 if(ESP_PLATFORM)
     set(ENABLE_PQC 1)
     set(EXTRA_COMPONENT_DIRS pico-keys-sdk/config/esp32/components src/hsm)
@@ -81,7 +84,7 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c
 )
 
-SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h" 2)
+SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h" 3)
 
 if(ESP_PLATFORM)
     project(pico_hsm)

README.md

@@ -184,9 +184,9 @@ RP2350 and ESP32-S3 microcontrollers are equipped with advanced security feature
 
 If you own a Raspberry Pico (RP2040 or RP2350), go to [Download page](https://www.picokeys.com/getting-started/). If your board is mounted with the RP2040, then select Pico. If your board is mounted with the RP2350 or RP2354, select Pico2.
 
-Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [PicoKey App](https://www.picokeys.com/picokeyapp/ "PicoKey App").
+UF2 files are shiped with a VID/PID granted by RaspberryPi (2E8A:10FD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [PicoKey App](https://www.picokeys.com/picokeyapp/ "PicoKey App").
 
-You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
+You can use whatever VID/PID for internal purposes, but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
 
 Note that the [PicoKey App](https://www.picokeys.com/picokeyapp/ "PicoKey App") is the most recommended.
 

build_pico_hsm.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 VERSION_MAJOR="6"
-VERSION_MINOR="2"
+VERSION_MINOR="4"
 SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
 #if ! [[ -z "${GITHUB_SHA}" ]]; then
 #    SUFFIX="${SUFFIX}.${GITHUB_SHA}"

sdkconfig.defaults

@@ -9,6 +9,7 @@ CONFIG_TINYUSB_TASK_STACK_SIZE=16384
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
 CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
+CONFIG_PARTITION_TABLE_OFFSET=0x10000
 CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
 CONFIG_ESPTOOLPY_FLASHMODE_QIO=y
 CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y

src/hsm/kek.c

@@ -37,19 +37,6 @@ uint8_t mkek_mask[MKEK_KEY_SIZE];
 bool has_mkek_mask = false;
 uint8_t pending_save_dkek = 0xff;
 
-#define POLY 0xedb88320
-
-uint32_t crc32c(const uint8_t *buf, size_t len) {
-    uint32_t crc = 0xffffffff;
-    while (len--) {
-        crc ^= *buf++;
-        for (int k = 0; k < 8; k++) {
-            crc = (crc >> 1) ^ (POLY & (0 - (crc & 1)));
-        }
-    }
-    return ~crc;
-}
-
 void mkek_masked(uint8_t *mkek, const uint8_t *mask) {
     if (mask) {
         for (int i = 0; i < MKEK_KEY_SIZE; i++) {

src/hsm/version.h

@@ -18,7 +18,7 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_
 
-#define HSM_VERSION 0x0602
+#define HSM_VERSION 0x0604
 
 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
 #define HSM_VERSION_MINOR (HSM_VERSION & 0xff)