Upgrade to version 4.0.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

.github/workflows/codeql.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master", "development" ]
+    branches: [ "master", "development", "development-eddsa" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master", "development" ]
+    branches: [ "master", "development", "development-eddsa" ]
   schedule:
     - cron: '23 5 * * 4'
   workflow_dispatch:

.github/workflows/test.yml

@@ -13,10 +13,10 @@ name: "Emulation and test"
 
 on:
   push:
-    branches: [ "master", "development" ]
+    branches: [ "master", "development", "development-eddsa" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master", "development" ]
+    branches: [ "master", "development", "development-eddsa" ]
   schedule:
     - cron: '23 5 * * 4'
   workflow_dispatch:

CMakeLists.txt

@@ -20,6 +20,8 @@ cmake_minimum_required(VERSION 3.13)
 if(ESP_PLATFORM)
 set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+set(USB_ITF_CCID 1)
+set(USB_ITF_WCID 1)
 else()
 if(ENABLE_EMULATION)
 else()
@@ -102,30 +104,29 @@ if (NOT MSVC)
 endif()
 
 if(ENABLE_EMULATION)
-    if (NOT MSVC)
+if (NOT MSVC)
-    target_compile_options(pico_hsm PUBLIC
+target_compile_options(pico_hsm PUBLIC
-            -fdata-sections
+        -fdata-sections
-            -ffunction-sections
+        -ffunction-sections
-            )
-    endif()
-    if(APPLE)
-    target_link_options(pico_hsm PUBLIC
-            -Wl,-dead_strip
-            )
-    elseif(MSVC)
-        target_compile_options(pico_hsm PUBLIC
-            -WX
         )
+endif()
+if(APPLE)
+target_link_options(pico_hsm PUBLIC
+        -Wl,-dead_strip
+        )
+elseif(MSVC)
+    target_compile_options(pico_hsm PUBLIC
+        -WX
+    )
 
-        target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
+    target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
-    else()
-    target_link_options(pico_hsm PUBLIC
-            -Wl,--gc-sections
-            )
-    endif (APPLE)
-    target_link_libraries(pico_hsm PRIVATE pthread m)
 else()
-
+target_link_options(pico_hsm PUBLIC
-target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id pico_aon_timer tinyusb_device tinyusb_board)
+        -Wl,--gc-sections
+        )
+endif (APPLE)
+else()
+pico_add_extra_outputs(pico_hsm)
+target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
 endif()
 endif()

build_pico_hsm.sh

@@ -1,87 +1,45 @@
 #!/bin/bash
 
 VERSION_MAJOR="4"
-VERSION_MINOR="2"
+VERSION_MINOR="0-eddsa1"
 
 rm -rf release/*
 cd build_release
 
-for board in 0xcb_helios \
+for board in adafruit_feather_rp2040 \
-    adafruit_feather_rp2040_usb_host \
-    adafruit_feather_rp2040 \
     adafruit_itsybitsy_rp2040 \
     adafruit_kb2040 \
     adafruit_macropad_rp2040 \
     adafruit_qtpy_rp2040 \
     adafruit_trinkey_qt2040 \
-    amethyst_fpga \
-    archi \
     arduino_nano_rp2040_connect \
-    cytron_maker_pi_rp2040 \
     datanoisetv_rp2040_dsp \
     eetree_gamekit_rp2040 \
     garatronic_pybstick26_rp2040 \
-    gen4_rp2350_24 \
-    gen4_rp2350_24ct \
-    gen4_rp2350_24t \
-    gen4_rp2350_28 \
-    gen4_rp2350_28ct \
-    gen4_rp2350_28t \
-    gen4_rp2350_32 \
-    gen4_rp2350_32ct \
-    gen4_rp2350_32t \
-    gen4_rp2350_35 \
-    gen4_rp2350_35ct \
-    gen4_rp2350_35t \
-    hellbender_2350A_devboard \
-    ilabs_challenger_rp2350_bconnect \
-    ilabs_challenger_rp2350_wifi_ble \
-    ilabs_opendec02 \
-    melopero_perpetuo_rp2350_lora \
     melopero_shake_rp2040 \
-    metrotech_xerxes_rp2040 \
-    net8086_usb_interposer \
     nullbits_bit_c_pro \
-    phyx_rick_tny_rp2350 \
-    pi-plates_micropi \
     pico \
     pico_w \
-    pico2 \
     pimoroni_badger2040 \
     pimoroni_interstate75 \
     pimoroni_keybow2040 \
     pimoroni_motor2040 \
     pimoroni_pga2040 \
-    pimoroni_pga2350 \
-    pimoroni_pico_plus2_rp2350 \
     pimoroni_picolipo_4mb \
     pimoroni_picolipo_16mb \
     pimoroni_picosystem \
     pimoroni_plasma2040 \
-    pimoroni_plasma2350 \
     pimoroni_servo2040 \
     pimoroni_tiny2040 \
     pimoroni_tiny2040_2mb \
-    pimoroni_tiny2350 \
     pololu_3pi_2040_robot \
-    pololu_zumo_2040_robot \
     seeed_xiao_rp2040 \
-    seeed_xiao_rp2350 \
     solderparty_rp2040_stamp \
     solderparty_rp2040_stamp_carrier \
     solderparty_rp2040_stamp_round_carrier \
-    solderparty_rp2350_stamp_xl \
-    solderparty_rp2350_stamp \
     sparkfun_micromod \
     sparkfun_promicro \
-    sparkfun_promicro_rp2350 \
     sparkfun_thingplus \
-    switchscience_picossci2_conta_base \
-    switchscience_picossci2_dev_board \
-    switchscience_picossci2_micro \
-    switchscience_picossci2_rp2350_breakout \
-    switchscience_picossci2_tiny \
-    tinycircuits_thumby_color_rp2350 \
     vgaboard \
     waveshare_rp2040_lcd_0.96 \
     waveshare_rp2040_lcd_1.28 \
@@ -89,10 +47,6 @@ for board in 0xcb_helios \
     waveshare_rp2040_plus_4mb \
     waveshare_rp2040_plus_16mb \
     waveshare_rp2040_zero \
-    weact_studio_rp2040_2mb \
-    weact_studio_rp2040_4mb \
-    weact_studio_rp2040_8mb \
-    weact_studio_rp2040_16mb \
     wiznet_w5100s_evb_pico
 do
     rm -rf *

sdkconfig.defaults

@@ -1,11 +1,13 @@
 # This file was generated using idf.py save-defconfig. It can be edited manually.
 # Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration
 #
-IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=y
+IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1
+
+CONFIG_TINYUSB=y
 
 CONFIG_PARTITION_TABLE_CUSTOM=y
-CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv"
-CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv"
 CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
 CONFIG_WL_SECTOR_SIZE_512=y
 CONFIG_WL_SECTOR_MODE_PERF=y
@@ -28,7 +30,7 @@ CONFIG_MBEDTLS_TLS_DISABLED=y
 # CONFIG_ESP_WIFI_ENABLED is not set
 # CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
 # CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT is not set
-# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
+# CONFIG_WPA_MBEDTLS_CRYPTO is not set
 # CONFIG_MBEDTLS_PSK_MODES is not set
 # CONFIG_MBEDTLS_KEY_EXCHANGE_RSA is not set
 # CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE is not set
@@ -43,8 +45,8 @@ CONFIG_MBEDTLS_TLS_DISABLED=y
 # CONFIG_MBEDTLS_SSL_ALPN is not set
 # CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
 # CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
-# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set
-# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set
 # CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
 # CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
 

src/hsm/cmd_cipher_sym.c

@@ -664,7 +664,6 @@ int cmd_cipher_sym() {
                     secret[64] = { 0 };
             mbedtls_aes_init(&ctx);
             if (hd_keytype != 0x3) {
-                mbedtls_ecdsa_free(&hd_context);
                 return SW_INCORRECT_PARAMS();
             }
             key_size = 32;

src/hsm/cmd_derive_asym.c

@@ -52,13 +52,13 @@ int cmd_derive_asym() {
         return SW_WRONG_LENGTH();
     }
     if (apdu.data[0] == ALGO_EC_DERIVE) {
-        mbedtls_ecdsa_context ctx;
+        mbedtls_ecp_keypair ctx;
-        mbedtls_ecdsa_init(&ctx);
+        mbedtls_ecp_keypair_init(&ctx);
 
         int r;
-        r = load_private_key_ecdsa(&ctx, fkey);
+        r = load_private_key_ec(&ctx, fkey);
         if (r != CCID_OK) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             if (r == CCID_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
@@ -69,7 +69,7 @@ int cmd_derive_asym() {
         mbedtls_mpi_init(&nd);
         r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1);
         if (r != 0) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             mbedtls_mpi_free(&a);
             mbedtls_mpi_free(&nd);
             return SW_DATA_INVALID();
@@ -77,22 +77,22 @@ int cmd_derive_asym() {
         r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a);
         mbedtls_mpi_free(&a);
         if (r != 0) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             mbedtls_mpi_free(&nd);
             return SW_EXEC_ERROR();
         }
         r = mbedtls_mpi_copy(&ctx.d, &nd);
         mbedtls_mpi_free(&nd);
         if (r != 0) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             return SW_EXEC_ERROR();
         }
         r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
         if (r != CCID_OK) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             return SW_EXEC_ERROR();
         }
-        mbedtls_ecdsa_free(&ctx);
+        mbedtls_ecp_keypair_free(&ctx);
     }
     else {
         return SW_WRONG_DATA();

src/hsm/cmd_extras.c

@@ -17,8 +17,8 @@
 
 #include "sc_hsm.h"
 #include "mbedtls/ecdh.h"
-#ifdef PICO_PLATFORM
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
-#include "pico/aon_timer.h"
+#include "hardware/rtc.h"
 #else
 #include <sys/time.h>
 #include <time.h>
@@ -45,14 +45,24 @@ int cmd_extras() {
             return SW_INCORRECT_P1P2();
         }
         if (apdu.nc == 0) {
-#ifdef PICO_PLATFORM
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
-            struct timespec tv;
+            datetime_t dt;
-            aon_timer_get_time(&tv);
+            if (!rtc_get_datetime(&dt)) {
+                return SW_EXEC_ERROR();
+            }
+            res_APDU[res_APDU_size++] = dt.year >> 8;
+            res_APDU[res_APDU_size++] = dt.year & 0xff;
+            res_APDU[res_APDU_size++] = dt.month;
+            res_APDU[res_APDU_size++] = dt.day;
+            res_APDU[res_APDU_size++] = dt.dotw;
+            res_APDU[res_APDU_size++] = dt.hour;
+            res_APDU[res_APDU_size++] = dt.min;
+            res_APDU[res_APDU_size++] = dt.sec;
 #else
             struct timeval tv;
+            struct tm *tm;
             gettimeofday(&tv, NULL);
-#endif
+            tm = localtime(&tv.tv_sec);
-            struct tm *tm = localtime(&tv.tv_sec);
             res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
             res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
             res_APDU[res_APDU_size++] = tm->tm_mon;
@@ -61,12 +71,27 @@ int cmd_extras() {
             res_APDU[res_APDU_size++] = tm->tm_hour;
             res_APDU[res_APDU_size++] = tm->tm_min;
             res_APDU[res_APDU_size++] = tm->tm_sec;
+#endif
         }
         else {
             if (apdu.nc != 8) {
                 return SW_WRONG_LENGTH();
             }
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
+            datetime_t dt;
+            dt.year = (apdu.data[0] << 8) | (apdu.data[1]);
+            dt.month = apdu.data[2];
+            dt.day = apdu.data[3];
+            dt.dotw = apdu.data[4];
+            dt.hour = apdu.data[5];
+            dt.min = apdu.data[6];
+            dt.sec = apdu.data[7];
+            if (!rtc_set_datetime(&dt)) {
+                return SW_WRONG_DATA();
+            }
+#else
             struct tm tm;
+            struct timeval tv;
             tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
             tm.tm_mon = apdu.data[2];
             tm.tm_mday = apdu.data[3];
@@ -74,12 +99,7 @@ int cmd_extras() {
             tm.tm_hour = apdu.data[5];
             tm.tm_min = apdu.data[6];
             tm.tm_sec = apdu.data[7];
-            time_t tv_sec = mktime(&tm);
+            tv.tv_sec = mktime(&tm);
-#ifdef PICO_PLATFORM
-            struct timespec tv = {.tv_sec = tv_sec, .tv_nsec = 0};
-            aon_timer_set_time(&tv);
-#else
-            struct timeval tv = {.tv_sec = tv_sec, .tv_usec = 0};
             settimeofday(&tv, NULL);
 #endif
         }
@@ -111,9 +131,16 @@ int cmd_extras() {
             mbedtls_ecdh_context hkey;
             mbedtls_ecdh_init(&hkey);
             mbedtls_ecdh_setup(&hkey, MBEDTLS_ECP_DP_SECP256R1);
-            int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.d, &hkey.ctx.mbed_ecdh.Q, random_gen, NULL);
+            int ret = mbedtls_ecdh_gen_public(&hkey.ctx.mbed_ecdh.grp,
+                                              &hkey.ctx.mbed_ecdh.d,
+                                              &hkey.ctx.mbed_ecdh.Q,
+                                              random_gen,
+                                              NULL);
             mbedtls_mpi_lset(&hkey.ctx.mbed_ecdh.Qp.Z, 1);
-            ret = mbedtls_ecp_point_read_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Qp, apdu.data, apdu.nc);
+            ret = mbedtls_ecp_point_read_binary(&hkey.ctx.mbed_ecdh.grp,
+                                                &hkey.ctx.mbed_ecdh.Qp,
+                                                apdu.data,
+                                                apdu.nc);
             if (ret != 0) {
                 mbedtls_ecdh_free(&hkey);
                 return SW_WRONG_DATA();
@@ -122,20 +149,38 @@ int cmd_extras() {
 
             uint8_t buf[MBEDTLS_ECP_MAX_BYTES];
             size_t olen = 0;
-            ret = mbedtls_ecdh_calc_secret(&hkey, &olen, buf, MBEDTLS_ECP_MAX_BYTES, random_gen, NULL);
+            ret = mbedtls_ecdh_calc_secret(&hkey,
+                                           &olen,
+                                           buf,
+                                           MBEDTLS_ECP_MAX_BYTES,
+                                           random_gen,
+                                           NULL);
             if (ret != 0) {
                 mbedtls_ecdh_free(&hkey);
                 mbedtls_platform_zeroize(buf, sizeof(buf));
                 return SW_WRONG_DATA();
             }
-            ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, buf, olen, mse.Qpt, sizeof(mse.Qpt), mse.key_enc, sizeof(mse.key_enc));
+            ret = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+                               NULL,
+                               0,
+                               buf,
+                               olen,
+                               mse.Qpt,
+                               sizeof(mse.Qpt),
+                               mse.key_enc,
+                               sizeof(mse.key_enc));
             mbedtls_platform_zeroize(buf, sizeof(buf));
             if (ret != 0) {
                 mbedtls_ecdh_free(&hkey);
                 return SW_EXEC_ERROR();
             }
 
-            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, 4096);
+            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp,
+                                                 &hkey.ctx.mbed_ecdh.Q,
+                                                 MBEDTLS_ECP_PF_UNCOMPRESSED,
+                                                 &olen,
+                                                 res_APDU,
+                                                 4096);
             mbedtls_ecdh_free(&hkey);
             if (ret != 0) {
                 return SW_EXEC_ERROR();

src/hsm/cmd_general_authenticate.c

@@ -44,11 +44,11 @@ int cmd_general_authenticate() {
             if (!fkey) {
                 return SW_EXEC_ERROR();
             }
-            mbedtls_ecdsa_context ectx;
+            mbedtls_ecp_keypair ectx;
-            mbedtls_ecdsa_init(&ectx);
+            mbedtls_ecp_keypair_init(&ectx);
-            r = load_private_key_ecdsa(&ectx, fkey);
+            r = load_private_key_ecdh(&ectx, fkey);
             if (r != CCID_OK) {
-                mbedtls_ecdsa_free(&ectx);
+                mbedtls_ecp_keypair_free(&ectx);
                 return SW_EXEC_ERROR();
             }
             mbedtls_ecdh_context ctx;
@@ -56,12 +56,12 @@ int cmd_general_authenticate() {
             mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1;
             r = mbedtls_ecdh_setup(&ctx, gid);
             if (r != 0) {
-                mbedtls_ecdsa_free(&ectx);
+                mbedtls_ecp_keypair_free(&ectx);
                 mbedtls_ecdh_free(&ctx);
                 return SW_DATA_INVALID();
             }
             r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d);
-            mbedtls_ecdsa_free(&ectx);
+            mbedtls_ecp_keypair_free(&ectx);
             if (r != 0) {
                 mbedtls_ecdh_free(&ctx);
                 return SW_DATA_INVALID();

src/hsm/cmd_key_domain.c

@@ -52,9 +52,6 @@ int cmd_key_domain() {
     if (tf_kd_size == 0) {
         return SW_WRONG_P1P2();
     }
-    if (2 * p2 >= tf_kd_size) {
-        return SW_INCORRECT_P1P2();
-    }
     uint8_t *kdata = file_get_data(tf_kd), dkeks = kdata ? kdata[2 * p2] : 0,
             current_dkeks = kdata ? kdata[2 * p2 + 1] : 0;
     if (p1 == 0x0) { //dkek import
@@ -93,6 +90,9 @@ int cmd_key_domain() {
         }
         else {
             file_t *tf = search_file(EF_XKEK + p2);
+            if (2 * p2 >= tf_kd_size) {
+                return SW_INCORRECT_P1P2();
+            }
             if (current_dkeks == 0xff && !file_has_data(tf)) { //XKEK have always 0xff
                 return SW_REFERENCE_NOT_FOUND();
             }

src/hsm/cmd_key_unwrap.c

@@ -67,21 +67,21 @@ int cmd_key_unwrap() {
         }
     }
     else if (key_type & PICO_KEYS_KEY_EC) {
-        mbedtls_ecdsa_context ctx;
+        mbedtls_ecp_keypair ctx;
-        mbedtls_ecdsa_init(&ctx);
+        mbedtls_ecp_keypair_init(&ctx);
         do {
             r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
         } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
         if (r != CCID_OK) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             return SW_EXEC_ERROR();
         }
         r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
         if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             return SW_EXEC_ERROR();
         }
-        mbedtls_ecdsa_free(&ctx);
+        mbedtls_ecp_keypair_free(&ctx);
         if (r != CCID_OK) {
             return SW_EXEC_ERROR();
         }

src/hsm/cmd_key_wrap.c

@@ -71,18 +71,18 @@ int cmd_key_wrap() {
         mbedtls_rsa_free(&ctx);
     }
     else if (*dprkd == P15_KEYTYPE_ECC) {
-        mbedtls_ecdsa_context ctx;
+        mbedtls_ecp_keypair ctx;
-        mbedtls_ecdsa_init(&ctx);
+        mbedtls_ecp_keypair_init(&ctx);
-        r = load_private_key_ecdsa(&ctx, ef);
+        r = load_private_key_ec(&ctx, ef);
         if (r != CCID_OK) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             if (r == CCID_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
             return SW_EXEC_ERROR();
         }
         r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
-        mbedtls_ecdsa_free(&ctx);
+        mbedtls_ecp_keypair_free(&ctx);
     }
     else if (*dprkd == P15_KEYTYPE_AES) {
         uint8_t kdata_aes[64]; //maximum AES key size

src/hsm/cmd_keypair_gen.c

@@ -79,6 +79,19 @@ int cmd_keypair_gen() {
                 if (ec_id == MBEDTLS_ECP_DP_NONE) {
                     return SW_FUNC_NOT_SUPPORTED();
                 }
+                if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) {
+                    asn1_ctx_t g = { 0 };
+                    if (asn1_find_tag(&ctxo, 0x83, &g) != true) {
+                        return SW_WRONG_DATA();
+                    }
+                    if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g.data[0] != 9)) {
+                        ec_id = MBEDTLS_ECP_DP_ED25519;
+                    }
+                    else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g.len != 56 || g.data[0] != 5)) {
+                        ec_id = MBEDTLS_ECP_DP_ED448;
+                    }
+                }
+                printf("KEYPAIR ECC %d\r\n", ec_id);
                 mbedtls_ecdsa_context ecdsa;
                 mbedtls_ecdsa_init(&ecdsa);
                 uint8_t index = 0;

src/hsm/cmd_signature.c

@@ -20,6 +20,7 @@
 #include "asn1.h"
 #include "mbedtls/oid.h"
 #include "random.h"
+#include "mbedtls/eddsa.h"
 
 extern mbedtls_ecp_keypair hd_context;
 extern uint8_t hd_keytype;
@@ -228,8 +229,8 @@ int cmd_signature() {
         mbedtls_rsa_free(&ctx);
     }
     else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) {
-        mbedtls_ecdsa_context ctx;
+        mbedtls_ecp_keypair ctx;
-        mbedtls_ecdsa_init(&ctx);
+        mbedtls_ecp_keypair_init(&ctx);
         md = MBEDTLS_MD_SHA256;
         if (p2 == ALGO_EC_RAW) {
             if (apdu.nc == 32) {
@@ -263,9 +264,9 @@ int cmd_signature() {
         else if (p2 == ALGO_EC_SHA512) {
             md = MBEDTLS_MD_SHA512;
         }
-        int r = load_private_key_ecdsa(&ctx, fkey);
+        int r = load_private_key_ec(&ctx, fkey);
         if (r != CCID_OK) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
             if (r == CCID_VERIFICATION_FAILED) {
                 return SW_SECURE_MESSAGE_EXEC_ERROR();
             }
@@ -273,24 +274,28 @@ int cmd_signature() {
         }
         size_t olen = 0;
         uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
-        if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
+        if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
-                                          &olen, random_gen, NULL) != 0) {
+            r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
-            mbedtls_ecdsa_free(&ctx);
+        }
+        else {
+            r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
+                                              &olen, random_gen, NULL);
+        }
+        if (r != 0) {
+            mbedtls_ecp_keypair_free(&ctx);
             return SW_EXEC_ERROR();
         }
         memcpy(res_APDU, buf, olen);
         res_APDU_size = (uint16_t)olen;
-        mbedtls_ecdsa_free(&ctx);
+        mbedtls_ecp_keypair_free(&ctx);
     }
     else if (p2 == ALGO_HD) {
         size_t olen = 0;
-        uint8_t buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
+        uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
         if (hd_context.grp.id == MBEDTLS_ECP_DP_NONE) {
-            mbedtls_ecdsa_free(&hd_context);
             return SW_CONDITIONS_NOT_SATISFIED();
         }
         if (hd_keytype != 0x1 && hd_keytype != 0x2) {
-            mbedtls_ecdsa_free(&hd_context);
             return SW_INCORRECT_PARAMS();
         }
         md = MBEDTLS_MD_SHA256;

src/hsm/cvc.c

@@ -26,6 +26,7 @@
 #include "oid.h"
 #include "mbedtls/md.h"
 #include "files.h"
+#include "mbedtls/eddsa.h"
 
 extern const uint8_t *dev_name;
 extern uint16_t dev_name_len;
@@ -71,7 +72,7 @@ const uint8_t *pointA[] = {
     "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC",
 };
 
-uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, uint16_t buf_len) {
+uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uint16_t buf_len) {
     uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN];
     const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 };
     const uint8_t oid_ri[]    = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 };
@@ -88,7 +89,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, u
     uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size);
     uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
     uint16_t tot_len = 0, tot_data_len = 0;
-    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
         tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
         oid = oid_ri;
     }
@@ -109,7 +110,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, u
     //oid
     *p++ = 0x6; p += format_tlv_len(sizeof(oid_ecdsa), p); memcpy(p, oid, sizeof(oid_ecdsa));
     p += sizeof(oid_ecdsa);
-    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
+    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
         //p
         *p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
         p += p_size;
@@ -293,11 +294,15 @@ uint16_t asn1_cvc_cert(void *rsa_ecdsa,
     else if (key_type & PICO_KEYS_KEY_EC) {
         mbedtls_mpi r, s;
         int ret = 0;
-        mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
+        mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
         mbedtls_mpi_init(&r);
         mbedtls_mpi_init(&s);
-        ret =
+        if (ecdsa->grp.id == MBEDTLS_ECP_DP_ED25519 || ecdsa->grp.id == MBEDTLS_ECP_DP_ED448) {
-            mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
+            ret = mbedtls_eddsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, body, body_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
+        }
+        else {
+            ret = mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
+        }
         if (ret == 0) {
             mbedtls_mpi_write_binary(&r, p, key_size / 2); p += key_size / 2;
             mbedtls_mpi_write_binary(&s, p, key_size / 2); p += key_size / 2;
@@ -326,10 +331,10 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
     if (!fkey) {
         return 0;
     }
-    mbedtls_ecdsa_context ectx;
+    mbedtls_ecp_keypair ectx;
-    mbedtls_ecdsa_init(&ectx);
+    mbedtls_ecp_keypair_init(&ectx);
-    if (load_private_key_ecdsa(&ectx, fkey) != CCID_OK) {
+    if (load_private_key_ec(&ectx, fkey) != CCID_OK) {
-        mbedtls_ecdsa_free(&ectx);
+        mbedtls_ecp_keypair_free(&ectx);
         return 0;
     }
     int ret = 0;
@@ -349,15 +354,20 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
     p += asn1_cvc_cert(rsa_ecdsa, key_type, p, cvcert_size, ext, ext_len, false);
     //outcar
     *p++ = 0x42; p += format_tlv_len(outcar_len, p); memcpy(p, outcar, outcar_len); p += outcar_len;
-    uint8_t hsh[32];
     memcpy(p, "\x5f\x37", 2); p += 2;
     p += format_tlv_len(key_size, p);
-    hash256(body, cvcert_size + outcar_size, hsh);
     mbedtls_mpi r, s;
     mbedtls_mpi_init(&r);
     mbedtls_mpi_init(&s);
-    ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
+    if (ectx.grp.id == MBEDTLS_ECP_DP_ED25519 || ectx.grp.id == MBEDTLS_ECP_DP_ED448) {
-    mbedtls_ecdsa_free(&ectx);
+        ret = mbedtls_eddsa_sign(&ectx.grp, &r, &s, &ectx.d, body, cvcert_size + outcar_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
+    }
+    else {
+        uint8_t hsh[32];
+        hash256(body, cvcert_size + outcar_size, hsh);
+        ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
+    }
+    mbedtls_ecp_keypair_free(&ectx);
     if (ret != 0) {
         mbedtls_mpi_free(&r);
         mbedtls_mpi_free(&s);

src/hsm/kek.c

@@ -695,7 +695,14 @@ int dkek_decode_key(uint8_t id,
         len = get_uint16_t(kb, ofs); ofs += len + 2;
 
         //G
-        len = get_uint16_t(kb, ofs); ofs += len + 2;
+        len = get_uint16_t(kb, ofs);
+        if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) {
+            ec_id = MBEDTLS_ECP_DP_ED25519;
+        }
+        else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) {
+            ec_id = MBEDTLS_ECP_DP_ED448;
+        }
+        ofs += len + 2;
 
         //d
         len = get_uint16_t(kb, ofs); ofs += 2;
@@ -710,7 +717,12 @@ int dkek_decode_key(uint8_t id,
         len = get_uint16_t(kb, ofs); ofs += 2;
         r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
         if (r != 0) {
-            r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
+            if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
+                r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL);
+            }
+            else {
+                r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
+            }
             if (r != 0) {
                 mbedtls_ecdsa_free(ecdsa);
                 return CCID_EXEC_ERROR;

src/hsm/sc_hsm.c

@@ -80,8 +80,7 @@ extern int cmd_bip_slip();
 
 extern const uint8_t *ccid_atr;
 
-int sc_hsm_select_aid(app_t *a, uint8_t force) {
+int sc_hsm_select_aid(app_t *a) {
-    (void) force;
     a->process_apdu = sc_hsm_process_apdu;
     a->unload = sc_hsm_unload;
     init_sc_hsm();
@@ -272,6 +271,8 @@ uint16_t get_device_options() {
     return 0x0;
 }
 
+extern uint32_t board_button_read(void);
+
 bool wait_button_pressed() {
     uint32_t val = EV_PRESS_BUTTON;
 #ifndef ENABLE_EMULATION
@@ -664,7 +665,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
     return CCID_OK;
 }
 
-int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
+int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
     if (wait_button_pressed() == true) { // timeout
         return CCID_VERIFICATION_FAILED;
     }
@@ -679,17 +680,25 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
     int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
     if (r != 0) {
         mbedtls_platform_zeroize(kdata, sizeof(kdata));
-        mbedtls_ecdsa_free(ctx);
+        mbedtls_ecp_keypair_free(ctx);
         return CCID_EXEC_ERROR;
     }
     mbedtls_platform_zeroize(kdata, sizeof(kdata));
-    r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
+    if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
+        r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
+    }
+    else {
+        r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
+    }
     if (r != 0) {
-        mbedtls_ecdsa_free(ctx);
+        mbedtls_ecp_keypair_free(ctx);
         return CCID_EXEC_ERROR;
     }
     return CCID_OK;
 }
+int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
+    return load_private_key_ec(ctx, fkey);
+}
 
 #define INS_VERIFY                  0x20
 #define INS_MSE                     0x22

src/hsm/sc_hsm.h

@@ -120,7 +120,8 @@ extern int delete_file(file_t *ef);
 extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len);
 extern bool key_has_purpose(file_t *ef, uint8_t purpose);
 extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
-extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);
+extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey);
+extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey);
 extern bool wait_button_pressed();
 extern int store_keys(void *key_ctx, int type, uint8_t key_id);
 extern int find_and_store_meta_key(uint8_t key_id);

src/hsm/version.h

@@ -18,7 +18,7 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_
 
-#define HSM_VERSION 0x0402
+#define HSM_VERSION 0x0400
 
 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
 #define HSM_VERSION_MINOR (HSM_VERSION & 0xff)

tests/pico-hsm/test_020_keypair_gen.py

@@ -24,7 +24,7 @@ def test_gen_initialize(device):
     device.initialize()
 
 @pytest.mark.parametrize(
-    "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448']
+    "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448']
 )
 def test_gen_ecc(device, curve):
     keyid = device.key_generation(KeyType.ECC, curve)

tests/pico-hsm/test_021_key_import.py

@@ -21,7 +21,7 @@ import pytest
 import hashlib
 import os
 from picohsm import DOPrefixes
-from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448
+from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448, ed25519, ed448
 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
 from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
 from const import DEFAULT_DKEK
@@ -70,6 +70,17 @@ def test_import_montgomery(device, curve):
     device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
     device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
 
+@pytest.mark.parametrize(
+    "curve", [ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey]
+)
+def test_import_edwards(device, curve):
+    pkey = curve.generate()
+    keyid = device.import_key(pkey)
+    pubkey = device.public_key(keyid, param=curve)
+    assert(pubkey.public_bytes(Encoding.Raw, PublicFormat.Raw) == pkey.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
+    device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
+    device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
+
 @pytest.mark.parametrize(
     "size", [128, 192, 256]
 )

tests/pico-hsm/test_030_signature.py

@@ -55,3 +55,12 @@ def test_signature_rsa(device, modulus, scheme):
     device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
     device.verify(pubkey, data, signature, scheme)
 
+@pytest.mark.parametrize(
+    "curve", ['ed25519', 'ed448']
+)
+def test_signature_edwards(device, curve):
+    keyid = device.key_generation(KeyType.ECC, curve)
+    pubkey = device.public_key(keyid=keyid)
+    signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data)
+    device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
+    device.verify(pubkey, data, signature)

tools/pico-hsm-tool.py

@@ -131,7 +131,7 @@ def parse_args():
     parser_keygen = subparser.add_parser('keygen', help='Generates private keypair or secret key.')
     subparser_keygen = parser_keygen.add_subparsers(title='commands', dest='subcommand', required=True)
     parser_keygen_aes = subparser_keygen.add_parser('aes', help='Generates an AES key.')
-    parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]',choices=[128, 192, 256], default=128, type=int)
+    parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]',choices=[128, 192, 256], default=128)
     parser_keygen_x25519 = subparser_keygen.add_parser('x25519', help='Generates a private X25519 keypair.')
     parser_keygen_x448 = subparser_keygen.add_parser('x448', help='Generates a private X448 keypair.')