Upgrade to v6.4

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
Take led_driver on build.
2025-02-19 19:18:02 +01:00 · 2025-02-19 19:14:07 +01:00 · 2025-02-19 19:13:36 +01:00 · 2025-02-19 19:13:18 +01:00 · 2025-02-19 12:14:47 +01:00 · 2025-02-19 12:13:58 +01:00
33 changed files with 244 additions and 354 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,10 +13,10 @@ name: "CodeQL"

 on:
  push:
-    branches: [ "master", "development", "development-eddsa" ]
+    branches: [ "master", "development" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [ "master", "development", "development-eddsa" ]
+    branches: [ "master", "development" ]
  schedule:
    - cron: '23 5 * * 4'
  workflow_dispatch:
@@ -36,7 +36,7 @@ jobs:
        language: [ 'cpp', 'python' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-        mode: [ 'pico', 'local' ]
+        mode: [ 'pico', 'esp32', 'local' ]

    steps:
    - name: Checkout repository
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -25,6 +25,7 @@ jobs:
        run: |
           ./workflows/autobuild.sh pico
           ./build_pico_hsm.sh
+           ./workflows/autobuild.sh esp32
      - name: Update nightly release
        uses: pyTooling/Actions/releaser@main
        with:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -13,10 +13,10 @@ name: "Emulation and test"

 on:
  push:
-    branches: [ "master", "development", "development-eddsa" ]
+    branches: [ "master", "development" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [ "master", "development", "development-eddsa" ]
+    branches: [ "master", "development" ]
  schedule:
    - cron: '23 5 * * 4'
  workflow_dispatch:
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -22,6 +22,7 @@ if(ESP_PLATFORM)
    include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 else()
    if(NOT ENABLE_EMULATION)
+        set(PICO_USE_FASTEST_SUPPORTED_CLOCK 1)
        include(pico_sdk_import.cmake)
    endif()

@@ -80,7 +81,7 @@ set(USB_ITF_CCID 1)
 set(USB_ITF_WCID 1)
 include(pico-keys-sdk/pico_keys_sdk_import.cmake)

-SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h")
+SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/hsm/version.h" 1)

 if(ESP_PLATFORM)
    project(pico_hsm)
@@ -125,5 +126,7 @@ if(NOT ESP_PLATFORM)
            )
        endif(APPLE)
        target_link_libraries(pico_hsm PRIVATE pthread m)
+    else()
+        pico_add_extra_outputs(${CMAKE_PROJECT_NAME})
    endif()
 endif()
--- a/build_pico_hsm.sh
+++ b/build_pico_hsm.sh
@@ -1,7 +1,7 @@
 #!/bin/bash

 VERSION_MAJOR="5"
-VERSION_MINOR="0-eddsa1"
+VERSION_MINOR="4"
 SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
 #if ! [[ -z "${GITHUB_SHA}" ]]; then
 #    SUFFIX="${SUFFIX}.${GITHUB_SHA}"
@@ -11,98 +11,13 @@ rm -rf release/*
 mkdir -p build_release
 mkdir -p release
 cd build_release
-
-for board in 0xcb_helios \
-    adafruit_feather_rp2040_usb_host \
-    adafruit_feather_rp2040 \
-    adafruit_itsybitsy_rp2040 \
-    adafruit_kb2040 \
-    adafruit_macropad_rp2040 \
-    adafruit_qtpy_rp2040 \
-    adafruit_trinkey_qt2040 \
-    amethyst_fpga \
-    archi \
-    arduino_nano_rp2040_connect \
-    cytron_maker_pi_rp2040 \
-    datanoisetv_rp2040_dsp \
-    eetree_gamekit_rp2040 \
-    garatronic_pybstick26_rp2040 \
-    gen4_rp2350_24 \
-    gen4_rp2350_24ct \
-    gen4_rp2350_24t \
-    gen4_rp2350_28 \
-    gen4_rp2350_28ct \
-    gen4_rp2350_28t \
-    gen4_rp2350_32 \
-    gen4_rp2350_32ct \
-    gen4_rp2350_32t \
-    gen4_rp2350_35 \
-    gen4_rp2350_35ct \
-    gen4_rp2350_35t \
-    hellbender_2350A_devboard \
-    ilabs_challenger_rp2350_bconnect \
-    ilabs_challenger_rp2350_wifi_ble \
-    ilabs_opendec02 \
-    melopero_perpetuo_rp2350_lora \
-    melopero_shake_rp2040 \
-    metrotech_xerxes_rp2040 \
-    net8086_usb_interposer \
-    nullbits_bit_c_pro \
-    phyx_rick_tny_rp2350 \
-    pi-plates_micropi \
-    pico \
-    pico_w \
-    pico2 \
-    pimoroni_badger2040 \
-    pimoroni_interstate75 \
-    pimoroni_keybow2040 \
-    pimoroni_motor2040 \
-    pimoroni_pga2040 \
-    pimoroni_pga2350 \
-    pimoroni_pico_plus2_rp2350 \
-    pimoroni_picolipo_4mb \
-    pimoroni_picolipo_16mb \
-    pimoroni_picosystem \
-    pimoroni_plasma2040 \
-    pimoroni_plasma2350 \
-    pimoroni_servo2040 \
-    pimoroni_tiny2040 \
-    pimoroni_tiny2040_2mb \
-    pimoroni_tiny2350 \
-    pololu_3pi_2040_robot \
-    pololu_zumo_2040_robot \
-    seeed_xiao_rp2040 \
-    seeed_xiao_rp2350 \
-    solderparty_rp2040_stamp \
-    solderparty_rp2040_stamp_carrier \
-    solderparty_rp2040_stamp_round_carrier \
-    solderparty_rp2350_stamp_xl \
-    solderparty_rp2350_stamp \
-    sparkfun_micromod \
-    sparkfun_promicro \
-    sparkfun_promicro_rp2350 \
-    sparkfun_thingplus \
-    switchscience_picossci2_conta_base \
-    switchscience_picossci2_dev_board \
-    switchscience_picossci2_micro \
-    switchscience_picossci2_rp2350_breakout \
-    switchscience_picossci2_tiny \
-    tinycircuits_thumby_color_rp2350 \
-    vgaboard \
-    waveshare_rp2040_lcd_0.96 \
-    waveshare_rp2040_lcd_1.28 \
-    waveshare_rp2040_one \
-    waveshare_rp2040_plus_4mb \
-    waveshare_rp2040_plus_16mb \
-    waveshare_rp2040_zero \
-    weact_studio_rp2040_2mb \
-    weact_studio_rp2040_4mb \
-    weact_studio_rp2040_8mb \
-    weact_studio_rp2040_16mb \
-    wiznet_w5100s_evb_pico
+PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}"
+board_dir=${PICO_SDK_PATH}/src/boards/include/boards
+for board in "$board_dir"/*
 do
+    board_name="$(basename -- $board .h)"
    rm -rf *
-    PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board
+    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name
    make -j`nproc`
-    mv pico_hsm.uf2 ../release/pico_hsm_$board-$SUFFIX.uf2
+    mv pico_hsm.uf2 ../release/pico_hsm_$board_name-$SUFFIX.uf2
 done
--- a/2
+++ b/2
--- a/sdkconfig.defaults
+++ b/sdkconfig.defaults
@@ -3,6 +3,9 @@
 #
 IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=y

+CONFIG_TINYUSB=y
+CONFIG_TINYUSB_TASK_STACK_SIZE=16384
+
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
 CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@@ -143,10 +143,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
        mbedtls_md_update(&md_ctx, input, input_len);

        //TODO: be careful with architecture little vs. big
-        counter_buf[0] = (uint8_t) ((counter >> 24) & 0xff);
-        counter_buf[1] = (uint8_t) ((counter >> 16) & 0xff);
-        counter_buf[2] = (uint8_t) ((counter >> 8) & 0xff);
-        counter_buf[3] = (uint8_t) ((counter >> 0) & 0xff);
+        put_uint32_t_be(counter, counter_buf);

        mbedtls_md_update(&md_ctx, counter_buf, 4);

@@ -413,13 +410,7 @@ int cmd_cipher_sym() {
            size_t olen = 0;
            mbedtls_asn1_buf params =
                {.p = aad.data, .len = aad.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
-            int r = mbedtls_pkcs5_pbes2_ext(&params,
-                                        algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT,
-                                        kdata,
-                                        key_size,
-                                        enc.data,
-                                        enc.len,
-                                        res_APDU, 4096, &olen);
+            int r = mbedtls_pkcs5_pbes2_ext(&params, algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT, kdata, key_size, enc.data, enc.len, res_APDU, MAX_APDU_DATA, &olen);
            mbedtls_platform_zeroize(kdata, sizeof(kdata));
            if (r != 0) {
                return SW_WRONG_DATA();
--- a/src/hsm/cmd_delete_file.c
+++ b/src/hsm/cmd_delete_file.c
@@ -30,7 +30,7 @@ int cmd_delete_file() {
        }
    }
    else {
-        uint16_t fid = (apdu.data[0] << 8) | apdu.data[1];
+        uint16_t fid = get_uint16_t_be(apdu.data);
        if (!(ef = search_file(fid))) {
            return SW_FILE_NOT_FOUND();
        }
--- a/src/hsm/cmd_derive_asym.c
+++ b/src/hsm/cmd_derive_asym.c
@@ -52,13 +52,13 @@ int cmd_derive_asym() {
        return SW_WRONG_LENGTH();
    }
    if (apdu.data[0] == ALGO_EC_DERIVE) {
-        mbedtls_ecp_keypair ctx;
-        mbedtls_ecp_keypair_init(&ctx);
+        mbedtls_ecdsa_context ctx;
+        mbedtls_ecdsa_init(&ctx);

        int r;
-        r = load_private_key_ec(&ctx, fkey);
+        r = load_private_key_ecdsa(&ctx, fkey);
        if (r != PICOKEY_OK) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            if (r == PICOKEY_VERIFICATION_FAILED) {
                return SW_SECURE_MESSAGE_EXEC_ERROR();
            }
@@ -69,7 +69,7 @@ int cmd_derive_asym() {
        mbedtls_mpi_init(&nd);
        r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1);
        if (r != 0) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            mbedtls_mpi_free(&a);
            mbedtls_mpi_free(&nd);
            return SW_DATA_INVALID();
@@ -77,22 +77,22 @@ int cmd_derive_asym() {
        r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a);
        mbedtls_mpi_free(&a);
        if (r != 0) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            mbedtls_mpi_free(&nd);
            return SW_EXEC_ERROR();
        }
        r = mbedtls_mpi_copy(&ctx.d, &nd);
        mbedtls_mpi_free(&nd);
        if (r != 0) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
        r = store_keys(&ctx, PICO_KEYS_KEY_EC, dest_id);
        if (r != PICOKEY_OK) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
-        mbedtls_ecp_keypair_free(&ctx);
+        mbedtls_ecdsa_free(&ctx);
    }
    else {
        return SW_WRONG_DATA();
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -19,6 +19,7 @@
 #include "mbedtls/ecdh.h"
 #ifdef PICO_PLATFORM
 #include "pico/aon_timer.h"
+#include "hardware/watchdog.h"
 #else
 #include <sys/time.h>
 #include <time.h>
@@ -35,17 +36,20 @@
 #define CMD_DATETIME 0xA
 #define CMD_DYNOPS 0x6
 #define CMD_SECURE_LOCK 0x3A
+#define CMD_REBOOT 0xFB
 #define SECURE_LOCK_KEY_AGREEMENT 0x1
 #define SECURE_LOCK_ENABLE 0x2
 #define SECURE_LOCK_MASK 0x3
 #define SECURE_LOCK_DISABLE 0x4
 #define CMD_PHY 0x1B
 #define CMD_OTP 0x4C
+#define CMD_MEMORY 0x5

 int cmd_extras() {
+    int cmd = P1(apdu);
 #ifndef ENABLE_EMULATION
    // Only allow change PHY without PIN
-    if (!isUserAuthenticated && P1(apdu) != 0x1B) {
+    if (!isUserAuthenticated && cmd != CMD_PHY && cmd != CMD_MEMORY) {
        return SW_SECURITY_STATUS_NOT_SATISFIED();
    }
 #endif
@@ -53,7 +57,7 @@ int cmd_extras() {
    if (wait_button_pressed() == true) {
        return SW_SECURE_MESSAGE_EXEC_ERROR();
    }
-    if (P1(apdu) == CMD_DATETIME) { //datetime operations
+    if (cmd == CMD_DATETIME) { //datetime operations
        if (P2(apdu) != 0x0) {
            return SW_INCORRECT_P1P2();
        }
@@ -66,8 +70,7 @@ int cmd_extras() {
            gettimeofday(&tv, NULL);
 #endif
            struct tm *tm = localtime(&tv.tv_sec);
-            res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
-            res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
+            res_APDU_size += put_uint16_t_be(tm->tm_year + 1900, res_APDU);
            res_APDU[res_APDU_size++] = tm->tm_mon;
            res_APDU[res_APDU_size++] = tm->tm_mday;
            res_APDU[res_APDU_size++] = tm->tm_wday;
@@ -80,7 +83,7 @@ int cmd_extras() {
                return SW_WRONG_LENGTH();
            }
            struct tm tm;
-            tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
+            tm.tm_year = get_uint16_t_be(apdu.data) - 1900;
            tm.tm_mon = apdu.data[2];
            tm.tm_mday = apdu.data[3];
            tm.tm_wday = apdu.data[4];
@@ -97,7 +100,7 @@ int cmd_extras() {
 #endif
        }
    }
-    else if (P1(apdu) == CMD_DYNOPS) {   //dynamic options
+    else if (cmd == CMD_DYNOPS) {   //dynamic options
        if (P2(apdu) != 0x0) {
            return SW_INCORRECT_P1P2();
        }
@@ -106,8 +109,7 @@ int cmd_extras() {
        }
        uint16_t opts = get_device_options();
        if (apdu.nc == 0) {
-            res_APDU[res_APDU_size++] = opts >> 8;
-            res_APDU[res_APDU_size++] = opts & 0xff;
+            res_APDU_size += put_uint16_t_be(opts, res_APDU);
        }
        else {
            uint8_t newopts[] = { apdu.data[0], (opts & 0xff) };
@@ -116,7 +118,7 @@ int cmd_extras() {
            low_flash_available();
        }
    }
-    else if (P1(apdu) == CMD_SECURE_LOCK) {   // secure lock
+    else if (cmd == CMD_SECURE_LOCK) {   // secure lock
        if (apdu.nc == 0) {
            return SW_WRONG_LENGTH();
        }
@@ -148,7 +150,7 @@ int cmd_extras() {
                return SW_EXEC_ERROR();
            }

-            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, 4096);
+            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, MAX_APDU_DATA);
            mbedtls_ecdh_free(&hkey);
            if (ret != 0) {
                return SW_EXEC_ERROR();
@@ -160,13 +162,12 @@ int cmd_extras() {
            if (mse.init == false) {
                return SW_COMMAND_NOT_ALLOWED();
            }
-
+            uint16_t opts = get_device_options();
            int ret = mse_decrypt_ct(apdu.data, apdu.nc);
            if (ret != 0) {
                return SW_WRONG_DATA();
            }
            if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_DISABLE) { // Enable
-                uint16_t opts = get_device_options();
                uint8_t newopts[] = { opts >> 8, (opts & 0xff) };
                if ((P2(apdu) == SECURE_LOCK_ENABLE && !(opts & HSM_OPT_SECURE_LOCK)) ||
                    (P2(apdu) == SECURE_LOCK_DISABLE && (opts & HSM_OPT_SECURE_LOCK))) {
@@ -194,14 +195,14 @@ int cmd_extras() {
                file_put_data(tf, newopts, sizeof(newopts));
                low_flash_available();
            }
-            else if (P2(apdu) == SECURE_LOCK_MASK) {
-                memcpy(mkek_mask, apdu.data, apdu.nc);
+            else if (P2(apdu) == SECURE_LOCK_MASK && (opts & HSM_OPT_SECURE_LOCK)) {
+                memcpy(mkek_mask, apdu.data, MKEK_KEY_SIZE);
                has_mkek_mask = true;
            }
        }
    }
 #ifndef ENABLE_EMULATION
-    else if (P1(apdu) == CMD_PHY) { // Set PHY
+    else if (cmd == CMD_PHY) { // Set PHY
        if (apdu.nc == 0) {
            if (file_has_data(ef_phy)) {
                res_APDU_size = file_get_size(ef_phy);
@@ -213,8 +214,8 @@ int cmd_extras() {
                if (apdu.nc != 4) {
                    return SW_WRONG_LENGTH();
                }
-                phy_data.vid = (apdu.data[0] << 8) | apdu.data[1];
-                phy_data.pid = (apdu.data[2] << 8) | apdu.data[3];
+                phy_data.vid = get_uint16_t_be(apdu.data);
+                phy_data.pid = get_uint16_t_be(apdu.data + 2);
                phy_data.vidpid_present = true;
            }
            else if (P2(apdu) == PHY_LED_GPIO) {
@@ -229,28 +230,23 @@ int cmd_extras() {
                if (apdu.nc != 2) {
                    return SW_WRONG_LENGTH();
                }
-                phy_data.opts = (apdu.data[0] << 8) | apdu.data[1];
+                phy_data.opts = get_uint16_t_be(apdu.data);
            }
            else {
                return SW_INCORRECT_P1P2();
            }
-            uint8_t tmp[PHY_MAX_SIZE];
-            uint16_t tmp_len = 0;
-            memset(tmp, 0, sizeof(tmp));
-            if (phy_serialize_data(&phy_data, tmp, &tmp_len) != PICOKEY_OK) {
+            if (phy_save() != PICOKEY_OK) {
                return SW_EXEC_ERROR();
            }
-            file_put_data(ef_phy, tmp, tmp_len);
-            low_flash_available();
        }
    }
 #endif
 #if PICO_RP2350
-    else if (P1(apdu) == CMD_OTP) {
+    else if (cmd == CMD_OTP) {
        if (apdu.nc < 2) {
            return SW_WRONG_LENGTH();
        }
-        uint16_t row = (apdu.data[0] << 8) | apdu.data[1];
+        uint16_t row = get_uint16_t_be(apdu.data);
        bool israw = P2(apdu) == 0x1;
        if (apdu.nc == 2) {
            if (row > 0xbf && row < 0xf48) {
@@ -288,6 +284,23 @@ int cmd_extras() {
        }
    }
 #endif
+#ifdef PICO_PLATFORM
+    else if (cmd == CMD_REBOOT) {
+        if (apdu.nc != 0) {
+            return SW_WRONG_LENGTH();
+        }
+        watchdog_reboot(0, 0, 100);
+    }
+#endif
+    else if (cmd == CMD_MEMORY) {
+        res_APDU_size = 0;
+        uint32_t free = flash_free_space(), total = flash_total_space(), used = flash_used_space(), nfiles = flash_num_files(), size = flash_size();
+        res_APDU_size += put_uint32_t_be(free, res_APDU + res_APDU_size);
+        res_APDU_size += put_uint32_t_be(used, res_APDU + res_APDU_size);
+        res_APDU_size += put_uint32_t_be(total, res_APDU + res_APDU_size);
+        res_APDU_size += put_uint32_t_be(nfiles, res_APDU + res_APDU_size);
+        res_APDU_size += put_uint32_t_be(size, res_APDU + res_APDU_size);
+    }
    else {
        return SW_INCORRECT_P1P2();
    }
--- a/src/hsm/cmd_general_authenticate.c
+++ b/src/hsm/cmd_general_authenticate.c
@@ -44,11 +44,11 @@ int cmd_general_authenticate() {
            if (!fkey) {
                return SW_EXEC_ERROR();
            }
-            mbedtls_ecp_keypair ectx;
-            mbedtls_ecp_keypair_init(&ectx);
-            r = load_private_key_ecdh(&ectx, fkey);
+            mbedtls_ecdsa_context ectx;
+            mbedtls_ecdsa_init(&ectx);
+            r = load_private_key_ecdsa(&ectx, fkey);
            if (r != PICOKEY_OK) {
-                mbedtls_ecp_keypair_free(&ectx);
+                mbedtls_ecdsa_free(&ectx);
                return SW_EXEC_ERROR();
            }
            mbedtls_ecdh_context ctx;
@@ -56,12 +56,12 @@ int cmd_general_authenticate() {
            mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1;
            r = mbedtls_ecdh_setup(&ctx, gid);
            if (r != 0) {
-                mbedtls_ecp_keypair_free(&ectx);
+                mbedtls_ecdsa_free(&ectx);
                mbedtls_ecdh_free(&ctx);
                return SW_DATA_INVALID();
            }
            r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d);
-            mbedtls_ecp_keypair_free(&ectx);
+            mbedtls_ecdsa_free(&ectx);
            if (r != 0) {
                mbedtls_ecdh_free(&ctx);
                return SW_DATA_INVALID();
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@@ -43,10 +43,14 @@ extern void reset_puk_store();
 int cmd_initialize() {
    if (apdu.nc > 0) {
        uint8_t mkek[MKEK_SIZE];
+        uint16_t opts = get_device_options();
+        if (opts & HSM_OPT_SECURE_LOCK && !has_mkek_mask) {
+            return SW_SECURITY_STATUS_NOT_SATISFIED();
+        }
        int ret_mkek = load_mkek(mkek); //Try loading MKEK with previous session
        initialize_flash(true);
        scan_all();
-        has_session_pin = has_session_sopin = false;
+        has_session_pin = has_session_sopin = has_mkek_mask = false;
        uint16_t tag = 0x0;
        uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL;
        uint16_t tag_len = 0;
@@ -206,7 +210,7 @@ int cmd_initialize() {
                return SW_EXEC_ERROR();
            }
            uint16_t ee_len = 0, term_len = 0;
-            if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
+            if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
                mbedtls_ecdsa_free(&ecdsa);
                return SW_EXEC_ERROR();
            }
@@ -218,7 +222,7 @@ int cmd_initialize() {
                return SW_EXEC_ERROR();
            }

-            if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, 4096 - ee_len, NULL, 0, true)) == 0) {
+            if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, MAX_APDU_DATA - ee_len, NULL, 0, true)) == 0) {
                mbedtls_ecdsa_free(&ecdsa);
                return SW_EXEC_ERROR();
            }
@@ -231,7 +235,7 @@ int cmd_initialize() {

            const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
                          *label = (const uint8_t *) "ESPICOHSMTR";
-            uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, 4096);
+            uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, MAX_APDU_DATA);
            fpk = search_file(EF_PRKD_DEV);
            ret = file_put_data(fpk, res_APDU, prkd_len);
        }
@@ -243,10 +247,7 @@ int cmd_initialize() {
    }
    else {   //free memory bytes request
        int heap_left = heapLeft();
-        res_APDU[0] = ((heap_left >> 24) & 0xff);
-        res_APDU[1] = ((heap_left >> 16) & 0xff);
-        res_APDU[2] = ((heap_left >> 8) & 0xff);
-        res_APDU[3] = ((heap_left >> 0) & 0xff);
+        res_APDU_size += put_uint32_t_be(heap_left, res_APDU);
        res_APDU[4] = 0;
        res_APDU[5] = HSM_VERSION_MAJOR;
        res_APDU[6] = HSM_VERSION_MINOR;
--- a/src/hsm/cmd_key_unwrap.c
+++ b/src/hsm/cmd_key_unwrap.c
@@ -57,7 +57,7 @@ int cmd_key_unwrap() {
            return SW_EXEC_ERROR();
        }
        r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
-        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
+        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
            mbedtls_rsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
@@ -67,21 +67,21 @@ int cmd_key_unwrap() {
        }
    }
    else if (key_type & PICO_KEYS_KEY_EC) {
-        mbedtls_ecp_keypair ctx;
-        mbedtls_ecp_keypair_init(&ctx);
+        mbedtls_ecdsa_context ctx;
+        mbedtls_ecdsa_init(&ctx);
        do {
            r = dkek_decode_key((uint8_t)++kdom, &ctx, data, data_len, NULL, &allowed, &allowed_len);
        } while ((r == PICOKEY_ERR_FILE_NOT_FOUND || r == PICOKEY_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS);
        if (r != PICOKEY_OK) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
        r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
-        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
-            mbedtls_ecp_keypair_free(&ctx);
+        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
+            mbedtls_ecdsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
-        mbedtls_ecp_keypair_free(&ctx);
+        mbedtls_ecdsa_free(&ctx);
        if (r != PICOKEY_OK) {
            return SW_EXEC_ERROR();
        }
--- a/src/hsm/cmd_key_wrap.c
+++ b/src/hsm/cmd_key_wrap.c
@@ -71,18 +71,18 @@ int cmd_key_wrap() {
        mbedtls_rsa_free(&ctx);
    }
    else if (*dprkd == P15_KEYTYPE_ECC) {
-        mbedtls_ecp_keypair ctx;
-        mbedtls_ecp_keypair_init(&ctx);
-        r = load_private_key_ec(&ctx, ef);
+        mbedtls_ecdsa_context ctx;
+        mbedtls_ecdsa_init(&ctx);
+        r = load_private_key_ecdsa(&ctx, ef);
        if (r != PICOKEY_OK) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            if (r == PICOKEY_VERIFICATION_FAILED) {
                return SW_SECURE_MESSAGE_EXEC_ERROR();
            }
            return SW_EXEC_ERROR();
        }
        r = dkek_encode_key(kdom, &ctx, PICO_KEYS_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len);
-        mbedtls_ecp_keypair_free(&ctx);
+        mbedtls_ecdsa_free(&ctx);
    }
    else if (*dprkd == P15_KEYTYPE_AES) {
        uint8_t kdata_aes[64]; //maximum AES key size
--- a/src/hsm/cmd_keypair_gen.c
+++ b/src/hsm/cmd_keypair_gen.c
@@ -58,8 +58,7 @@ int cmd_keypair_gen() {
                    mbedtls_rsa_free(&rsa);
                    return SW_EXEC_ERROR();
                }
-                if ((res_APDU_size =
-                         (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
+                if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
                    return SW_EXEC_ERROR();
                }
                ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
@@ -79,19 +78,6 @@ int cmd_keypair_gen() {
                if (ec_id == MBEDTLS_ECP_DP_NONE) {
                    return SW_FUNC_NOT_SUPPORTED();
                }
-                if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) {
-                    asn1_ctx_t g = { 0 };
-                    if (asn1_find_tag(&ctxo, 0x83, &g) != true) {
-                        return SW_WRONG_DATA();
-                    }
-                    if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g.data[0] != 9)) {
-                        ec_id = MBEDTLS_ECP_DP_ED25519;
-                    }
-                    else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g.len != 56 || g.data[0] != 5)) {
-                        ec_id = MBEDTLS_ECP_DP_ED448;
-                    }
-                }
-                printf("KEYPAIR ECC %d\r\n", ec_id);
                mbedtls_ecdsa_context ecdsa;
                mbedtls_ecdsa_init(&ecdsa);
                uint8_t index = 0;
@@ -131,8 +117,7 @@ int cmd_keypair_gen() {
                        }
                    }
                }
-                if ((res_APDU_size =
-                         (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
+                if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, ext.data, ext.len)) == 0) {
                    if (ext.data) {
                        free(ext.data);
                    }
--- a/src/hsm/cmd_list_keys.c
+++ b/src/hsm/cmd_list_keys.c
@@ -22,12 +22,10 @@ int cmd_list_keys() {
    /* First we send DEV private key */
    /* Both below conditions should be always TRUE */
    if (search_file(EF_PRKD_DEV)) {
-        res_APDU[res_APDU_size++] = EF_PRKD_DEV >> 8;
-        res_APDU[res_APDU_size++] = EF_PRKD_DEV & 0xff;
+        res_APDU_size += put_uint16_t_be(EF_PRKD_DEV, res_APDU + res_APDU_size);
    }
    if (search_file(EF_KEY_DEV)) {
-        res_APDU[res_APDU_size++] = EF_KEY_DEV >> 8;
-        res_APDU[res_APDU_size++] = EF_KEY_DEV & 0xff;
+        res_APDU_size += put_uint16_t_be(EF_KEY_DEV, res_APDU + res_APDU_size);
    }
    //first CC
    for (int i = 0; i < dynamic_files; i++) {
--- a/src/hsm/cmd_read_binary.c
+++ b/src/hsm/cmd_read_binary.c
@@ -30,7 +30,7 @@ int cmd_read_binary() {
            offset = p2;
        }
        else {
-            offset = make_uint16_t(p1, p2) & 0x7fff;
+            offset = make_uint16_t_be(p1, p2) & 0x7fff;
            ef = currentEF;
        }
    }
@@ -41,7 +41,7 @@ int cmd_read_binary() {
            }
        }
        else {
-            uint16_t file_id = make_uint16_t(p1, p2); // & 0x7fff;
+            uint16_t file_id = make_uint16_t_be(p1, p2); // & 0x7fff;
            if (file_id == 0x0) {
                ef = currentEF;
            }
--- a/src/hsm/cmd_select.c
+++ b/src/hsm/cmd_select.c
@@ -48,7 +48,7 @@ int cmd_select() {
    //}

    if (apdu.nc == 2) {
-        fid = get_uint16_t(apdu.data, 0);
+        fid = get_uint16_t_be(apdu.data);
    }

    //if ((fid & 0xff00) == (KEY_PREFIX << 8))
@@ -119,8 +119,7 @@ int cmd_select() {
            res_APDU[res_APDU_size++] = 0x85;
            res_APDU[res_APDU_size++] = 5;
            uint16_t opts = get_device_options();
-            res_APDU[res_APDU_size++] = opts >> 8;
-            res_APDU[res_APDU_size++] = opts & 0xff;
+            res_APDU_size += put_uint16_t_be(opts, res_APDU + res_APDU_size);
            res_APDU[res_APDU_size++] = 0xFF;
            res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR;
            res_APDU[res_APDU_size++] = HSM_VERSION_MINOR;
--- a/src/hsm/cmd_signature.c
+++ b/src/hsm/cmd_signature.c
@@ -20,7 +20,6 @@
 #include "asn1.h"
 #include "mbedtls/oid.h"
 #include "random.h"
-#include "mbedtls/eddsa.h"

 extern mbedtls_ecp_keypair hd_context;
 extern uint8_t hd_keytype;
@@ -229,8 +228,8 @@ int cmd_signature() {
        mbedtls_rsa_free(&ctx);
    }
    else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) {
-        mbedtls_ecp_keypair ctx;
-        mbedtls_ecp_keypair_init(&ctx);
+        mbedtls_ecdsa_context ctx;
+        mbedtls_ecdsa_init(&ctx);
        md = MBEDTLS_MD_SHA256;
        if (p2 == ALGO_EC_RAW) {
            if (apdu.nc == 32) {
@@ -264,9 +263,9 @@ int cmd_signature() {
        else if (p2 == ALGO_EC_SHA512) {
            md = MBEDTLS_MD_SHA512;
        }
-        int r = load_private_key_ec(&ctx, fkey);
+        int r = load_private_key_ecdsa(&ctx, fkey);
        if (r != PICOKEY_OK) {
-            mbedtls_ecp_keypair_free(&ctx);
+            mbedtls_ecdsa_free(&ctx);
            if (r == PICOKEY_VERIFICATION_FAILED) {
                return SW_SECURE_MESSAGE_EXEC_ERROR();
            }
@@ -274,20 +273,14 @@ int cmd_signature() {
        }
        size_t olen = 0;
        uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
-        if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
-            r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
-        }
-        else {
-            r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
-                                              &olen, random_gen, NULL);
-        }
-        if (r != 0) {
-            mbedtls_ecp_keypair_free(&ctx);
+        if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
+                                          &olen, random_gen, NULL) != 0) {
+            mbedtls_ecdsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
        memcpy(res_APDU, buf, olen);
        res_APDU_size = (uint16_t)olen;
-        mbedtls_ecp_keypair_free(&ctx);
+        mbedtls_ecdsa_free(&ctx);
    }
    else if (p2 == ALGO_HD) {
        size_t olen = 0;
--- a/src/hsm/cvc.c
+++ b/src/hsm/cvc.c
@@ -26,7 +26,6 @@
 #include "oid.h"
 #include "mbedtls/md.h"
 #include "files.h"
-#include "mbedtls/eddsa.h"

 extern const uint8_t *dev_name;
 extern uint16_t dev_name_len;
@@ -72,7 +71,7 @@ const uint8_t *pointA[] = {
    "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC",
 };

-uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uint16_t buf_len) {
+uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, uint16_t buf_len) {
    uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN];
    const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 };
    const uint8_t oid_ri[]    = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 };
@@ -89,7 +88,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uin
    uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size);
    uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
    uint16_t tot_len = 0, tot_data_len = 0;
-    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
+    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
        tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
        oid = oid_ri;
    }
@@ -110,7 +109,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uin
    //oid
    *p++ = 0x6; p += format_tlv_len(sizeof(oid_ecdsa), p); memcpy(p, oid, sizeof(oid_ecdsa));
    p += sizeof(oid_ecdsa);
-    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
+    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
        //p
        *p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
        p += p_size;
@@ -294,15 +293,11 @@ uint16_t asn1_cvc_cert(void *rsa_ecdsa,
    else if (key_type & PICO_KEYS_KEY_EC) {
        mbedtls_mpi r, s;
        int ret = 0;
-        mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
+        mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) rsa_ecdsa;
        mbedtls_mpi_init(&r);
        mbedtls_mpi_init(&s);
-        if (ecdsa->grp.id == MBEDTLS_ECP_DP_ED25519 || ecdsa->grp.id == MBEDTLS_ECP_DP_ED448) {
-            ret = mbedtls_eddsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, body, body_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
-        }
-        else {
-            ret = mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
-        }
+        ret =
+            mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
        if (ret == 0) {
            mbedtls_mpi_write_binary(&r, p, key_size / 2); p += key_size / 2;
            mbedtls_mpi_write_binary(&s, p, key_size / 2); p += key_size / 2;
@@ -331,10 +326,10 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
    if (!fkey) {
        return 0;
    }
-    mbedtls_ecp_keypair ectx;
-    mbedtls_ecp_keypair_init(&ectx);
-    if (load_private_key_ec(&ectx, fkey) != PICOKEY_OK) {
-        mbedtls_ecp_keypair_free(&ectx);
+    mbedtls_ecdsa_context ectx;
+    mbedtls_ecdsa_init(&ectx);
+    if (load_private_key_ecdsa(&ectx, fkey) != PICOKEY_OK) {
+        mbedtls_ecdsa_free(&ectx);
        return 0;
    }
    int ret = 0;
@@ -354,20 +349,15 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
    p += asn1_cvc_cert(rsa_ecdsa, key_type, p, cvcert_size, ext, ext_len, false);
    //outcar
    *p++ = 0x42; p += format_tlv_len(outcar_len, p); memcpy(p, outcar, outcar_len); p += outcar_len;
+    uint8_t hsh[32];
    memcpy(p, "\x5f\x37", 2); p += 2;
    p += format_tlv_len(key_size, p);
+    hash256(body, cvcert_size + outcar_size, hsh);
    mbedtls_mpi r, s;
    mbedtls_mpi_init(&r);
    mbedtls_mpi_init(&s);
-    if (ectx.grp.id == MBEDTLS_ECP_DP_ED25519 || ectx.grp.id == MBEDTLS_ECP_DP_ED448) {
-        ret = mbedtls_eddsa_sign(&ectx.grp, &r, &s, &ectx.d, body, cvcert_size + outcar_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
-    }
-    else {
-        uint8_t hsh[32];
-        hash256(body, cvcert_size + outcar_size, hsh);
-        ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
-    }
-    mbedtls_ecp_keypair_free(&ectx);
+    ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);
+    mbedtls_ecdsa_free(&ectx);
    if (ret != 0) {
        mbedtls_mpi_free(&r);
        mbedtls_mpi_free(&s);
@@ -431,8 +421,7 @@ uint16_t asn1_build_cert_description(const uint8_t *label,
    p += format_tlv_len(asn1_len_tag(0x4, sizeof(uint16_t)), p);
    *p++ = 0x4;
    p += format_tlv_len(sizeof(uint16_t), p);
-    *p++ = fid >> 8;
-    *p++ = fid & 0xff;
+    put_uint16_t_be(fid, p); p += sizeof(uint16_t);
    return (uint16_t)(p - buf);
 }

@@ -508,8 +497,7 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label,
        p += format_tlv_len(asn1_len_tag(0x2, 2), p);
        *p++ = 0x2;
        p += format_tlv_len(2, p);
-        *p++ = (keysize >> 8) & 0xff;
-        *p++ = keysize & 0xff;
+        p += put_uint16_t_be(keysize, p);
    }

    //Seq 4
@@ -528,8 +516,7 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label,
    if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) {
        *p++ = 0x2;
        p += format_tlv_len(2, p);
-        *p++ = (keysize >> 8) & 0xff;
-        *p++ = keysize & 0xff;
+        p += put_uint16_t_be(keysize, p);
    }
    return (uint16_t)(p - buf);
 }
--- a/src/hsm/files.c
+++ b/src/hsm/files.c
@@ -61,7 +61,7 @@ file_t file_entries[] = {
               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } },                                                                                                            //retries PIN (SOPIN)
    /* 15 */ { .fid = EF_DEVOPS, .parent = 5, .name = NULL,
-               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH, .data = NULL,
+               .type = FILE_TYPE_INTERNAL_EF | FILE_DATA_FLASH | FILE_PERSISTENT, .data = NULL,
               .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0xff } },                                                                                                            //Device options
    /* 16 */ { .fid = EF_PRKDFS, .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF,
               .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } },                                                                           //EF.PrKDFs
--- a/src/hsm/kek.c
+++ b/src/hsm/kek.c
@@ -50,6 +50,14 @@ uint32_t crc32c(const uint8_t *buf, size_t len) {
    return ~crc;
 }

+void mkek_masked(uint8_t *mkek, const uint8_t *mask) {
+    if (mask) {
+        for (int i = 0; i < MKEK_KEY_SIZE; i++) {
+            MKEK_KEY(mkek)[i] ^= mask[i];
+        }
+    }
+}
+
 int load_mkek(uint8_t *mkek) {
    if (has_session_pin == false && has_session_sopin == false) {
        return PICOKEY_NO_LOGIN;
@@ -73,6 +81,10 @@ int load_mkek(uint8_t *mkek) {
        return PICOKEY_EXEC_ERROR;
    }

+    if (has_mkek_mask) {
+        mkek_masked(mkek, mkek_mask);
+    }
+
    int ret = aes_decrypt_cfb_256(pin, MKEK_IV(mkek), MKEK_KEY(mkek), MKEK_KEY_SIZE + MKEK_KEY_CS_SIZE);
    if (ret != 0) {
        return PICOKEY_EXEC_ERROR;
@@ -80,11 +92,8 @@ int load_mkek(uint8_t *mkek) {
    if (crc32c(MKEK_KEY(mkek), MKEK_KEY_SIZE) != *(uint32_t *) MKEK_CHECKSUM(mkek)) {
        return PICOKEY_WRONG_DKEK;
    }
-    if (has_mkek_mask || otp_key_1) {
-        const uint8_t *mask = otp_key_1 ? otp_key_1 : mkek_mask;
-        for (int i = 0; i < MKEK_KEY_SIZE; i++) {
-            MKEK_KEY(mkek)[i] ^= mask[i];
-        }
+    if (otp_key_1) {
+        mkek_masked(mkek, otp_key_1);
    }
    return PICOKEY_OK;
 }
@@ -125,6 +134,9 @@ int store_mkek(const uint8_t *mkek) {
    else {
        memcpy(tmp_mkek, mkek, MKEK_SIZE);
    }
+    if (otp_key_1) {
+        mkek_masked(tmp_mkek, otp_key_1);
+    }
    *(uint32_t *) MKEK_CHECKSUM(tmp_mkek) = crc32c(MKEK_KEY(tmp_mkek), MKEK_KEY_SIZE);
    if (has_session_pin) {
        uint8_t tmp_mkek_pin[MKEK_SIZE];
@@ -319,7 +331,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
            return PICOKEY_WRONG_LENGTH;
        }

-        put_uint16_t(kb_len, kb + 8);
+        put_uint16_t_be(kb_len, kb + 8);
        memcpy(kb + 10, key_ctx, kb_len);
        kb_len += 2;

@@ -332,15 +344,15 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
        }
        mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
        kb_len = 0;
-        put_uint16_t((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len);

-        put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D));
        kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D);
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N));
        kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N);
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E));
        kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E);

@@ -353,32 +365,32 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
        }
        mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx;
        kb_len = 0;
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2;
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len);
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A));
        kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A);
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B));
        kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B);
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P));
        kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P);
-        put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N));
        kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N);

        size_t olen = 0;
        mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
-        put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
-        kb_len += 2 + (uint16_t)olen;
+        kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
+        kb_len += (uint16_t)olen;

-        put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2;
+        kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len);
        mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d));
        kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d);

        mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2);
-        put_uint16_t((uint16_t)olen, kb + 8 + kb_len);
-        kb_len += 2 + (uint16_t)olen;
+        kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len);
+        kb_len += (uint16_t)olen;

        algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03";
        algo_len = 12;
@@ -409,7 +421,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1
    }

    if (allowed && allowed_len > 0) {
-        put_uint16_t(allowed_len, out + *out_len); *out_len += 2;
+        *out_len += put_uint16_t_be(allowed_len, out + *out_len);
        memcpy(out + *out_len, allowed, allowed_len);
        *out_len += allowed_len;
    }
@@ -517,21 +529,21 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
    uint16_t ofs = 9;

    //OID
-    uint16_t len = get_uint16_t(in, ofs);
+    uint16_t len = get_uint16_t_be(in + ofs);
    ofs += len + 2;

    //Allowed algorithms
-    len = get_uint16_t(in, ofs);
+    len = get_uint16_t_be(in + ofs);
    *allowed = (uint8_t *) (in + ofs + 2);
    *allowed_len = len;
    ofs += len + 2;

    //Access conditions
-    len = get_uint16_t(in, ofs);
+    len = get_uint16_t_be(in + ofs);
    ofs += len + 2;

    //Key OID
-    len = get_uint16_t(in, ofs);
+    len = get_uint16_t_be(in + ofs);
    ofs += len + 2;

    if ((in_len - 16 - ofs) % 16 != 0) {
@@ -545,7 +557,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
        return r;
    }

-    int key_size = get_uint16_t(kb, 8);
+    int key_size = get_uint16_t_be(kb + 8);
    if (key_size_out) {
        *key_size_out = key_size;
    }
@@ -554,14 +566,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
        mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx;
        mbedtls_rsa_init(rsa);
        if (key_type == 5) {
-            len = get_uint16_t(kb, ofs); ofs += 2;
+            len = get_uint16_t_be(kb + ofs); ofs += 2;
            r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len;
            if (r != 0) {
                mbedtls_rsa_free(rsa);
                return PICOKEY_WRONG_DATA;
            }

-            len = get_uint16_t(kb, ofs); ofs += 2;
+            len = get_uint16_t_be(kb + ofs); ofs += 2;
            r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len;
            if (r != 0) {
                mbedtls_rsa_free(rsa);
@@ -570,12 +582,12 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
        }
        else if (key_type == 6) {
            //DP-1
-            len = get_uint16_t(kb, ofs); ofs += len + 2;
+            len = get_uint16_t_be(kb + ofs); ofs += len + 2;

            //DQ-1
-            len = get_uint16_t(kb, ofs); ofs += len + 2;
+            len = get_uint16_t_be(kb + ofs); ofs += len + 2;

-            len = get_uint16_t(kb, ofs); ofs += 2;
+            len = get_uint16_t_be(kb + ofs); ofs += 2;
            r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len;
            if (r != 0) {
                mbedtls_rsa_free(rsa);
@@ -583,19 +595,19 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
            }

            //PQ
-            len = get_uint16_t(kb, ofs); ofs += len + 2;
+            len = get_uint16_t_be(kb + ofs); ofs += len + 2;

-            len = get_uint16_t(kb, ofs); ofs += 2;
+            len = get_uint16_t_be(kb + ofs); ofs += 2;
            r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len;
            if (r != 0) {
                mbedtls_rsa_free(rsa);
                return PICOKEY_WRONG_DATA;
            }
            //N
-            len = get_uint16_t(kb, ofs); ofs += len + 2;
+            len = get_uint16_t_be(kb + ofs); ofs += len + 2;
        }

-        len = get_uint16_t(kb, ofs); ofs += 2;
+        len = get_uint16_t_be(kb + ofs); ofs += 2;
        r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len;
        if (r != 0) {
            mbedtls_rsa_free(rsa);
@@ -633,13 +645,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
        mbedtls_ecdsa_init(ecdsa);

        //A
-        len = get_uint16_t(kb, ofs); ofs += len + 2;
+        len = get_uint16_t_be(kb + ofs); ofs += len + 2;

        //B
-        len = get_uint16_t(kb, ofs); ofs += len + 2;
+        len = get_uint16_t_be(kb + ofs); ofs += len + 2;

        //P
-        len = get_uint16_t(kb, ofs); ofs += 2;
+        len = get_uint16_t_be(kb + ofs); ofs += 2;
        mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len);
        if (ec_id == MBEDTLS_ECP_DP_NONE) {
            mbedtls_ecdsa_free(ecdsa);
@@ -648,20 +660,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
        ofs += len;

        //N
-        len = get_uint16_t(kb, ofs); ofs += len + 2;
+        len = get_uint16_t_be(kb + ofs); ofs += len + 2;

        //G
-        len = get_uint16_t(kb, ofs);
-        if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) {
-            ec_id = MBEDTLS_ECP_DP_ED25519;
-        }
-        else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) {
-            ec_id = MBEDTLS_ECP_DP_ED448;
-        }
-        ofs += len + 2;
+        len = get_uint16_t_be(kb + ofs); ofs += len + 2;

        //d
-        len = get_uint16_t(kb, ofs); ofs += 2;
+        len = get_uint16_t_be(kb + ofs); ofs += 2;
        r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len);
        if (r != 0) {
            mbedtls_ecdsa_free(ecdsa);
@@ -670,15 +675,10 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
        ofs += len;

        //Q
-        len = get_uint16_t(kb, ofs); ofs += 2;
+        len = get_uint16_t_be(kb + ofs); ofs += 2;
        r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
        if (r != 0) {
-            if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
-                r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL);
-            }
-            else {
-                r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
-            }
+            r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
            if (r != 0) {
                mbedtls_ecdsa_free(ecdsa);
                return PICOKEY_EXEC_ERROR;
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -269,7 +269,7 @@ int sc_hsm_unload() {
 uint16_t get_device_options() {
    file_t *ef = search_file(EF_DEVOPS);
    if (file_has_data(ef)) {
-        return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1);
+        return get_uint16_t_be(file_get_data(ef));
    }
    return 0x0;
 }
@@ -462,7 +462,7 @@ uint32_t get_key_counter(file_t *fkey) {
    uint16_t tag_len = 0;
    const uint8_t *meta_tag = get_meta_tag(fkey, 0x90, &tag_len);
    if (meta_tag) {
-        return (meta_tag[0] << 24) | (meta_tag[1] << 16) | (meta_tag[2] << 8) | meta_tag[3];
+        return get_uint32_t_be(meta_tag);
    }
    return 0xffffffff;
 }
@@ -498,14 +498,9 @@ uint32_t decrement_key_counter(file_t *fkey) {
        asn1_ctx_init(meta_data, meta_size, &ctxi);
        while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
            if (tag == 0x90) { // ofset tag
-                uint32_t val =
-                    (tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3];
+                uint32_t val = get_uint32_t_be(tag_data);
                val--;
-                tag_data[0] = (val >> 24) & 0xff;
-                tag_data[1] = (val >> 16) & 0xff;
-                tag_data[2] = (val >> 8) & 0xff;
-                tag_data[3] = val & 0xff;
-
+                put_uint32_t_be(val, tag_data);
                int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size);
                free(cmeta);
                if (r != 0) {
@@ -666,7 +661,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) {
    return PICOKEY_OK;
 }

-int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
+int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) {
    if (wait_button_pressed() == true) { // timeout
        return PICOKEY_VERIFICATION_FAILED;
    }
@@ -681,25 +676,17 @@ int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
    int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1);
    if (r != 0) {
        mbedtls_platform_zeroize(kdata, sizeof(kdata));
-        mbedtls_ecp_keypair_free(ctx);
+        mbedtls_ecdsa_free(ctx);
        return PICOKEY_EXEC_ERROR;
    }
    mbedtls_platform_zeroize(kdata, sizeof(kdata));
-    if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
-        r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
-    }
-    else {
-        r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
-    }
+    r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
    if (r != 0) {
-        mbedtls_ecp_keypair_free(ctx);
+        mbedtls_ecdsa_free(ctx);
        return PICOKEY_EXEC_ERROR;
    }
    return PICOKEY_OK;
 }
-int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) {
-    return load_private_key_ec(ctx, fkey);
-}

 #define INS_VERIFY                  0x20
 #define INS_MSE                     0x22
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@@ -32,6 +32,9 @@
 #include "file.h"
 #include "apdu.h"
 #include "pico_keys.h"
+#include "usb.h"
+
+#define MAX_APDU_DATA (USB_BUFFER_SIZE - 20)

 extern const uint8_t sc_hsm_aid[];

@@ -120,8 +123,7 @@ extern int delete_file(file_t *ef);
 extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len);
 extern bool key_has_purpose(file_t *ef, uint8_t purpose);
 extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey);
-extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey);
-extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey);
+extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);
 extern bool wait_button_pressed();
 extern int store_keys(void *key_ctx, int type, uint8_t key_id);
 extern int find_and_store_meta_key(uint8_t key_id);
--- a/src/hsm/version.h
+++ b/src/hsm/version.h
@@ -18,7 +18,7 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_

-#define HSM_VERSION 0x0500
+#define HSM_VERSION 0x0504

 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
 #define HSM_VERSION_MINOR (HSM_VERSION & 0xff)
--- a/tests/memory.tar.gz
+++ b/tests/memory.tar.gz
--- a/tests/pico-hsm/test_020_keypair_gen.py
+++ b/tests/pico-hsm/test_020_keypair_gen.py
@@ -24,7 +24,7 @@ def test_gen_initialize(device):
    device.initialize()

@pytest.mark.parametrize(
-    "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448']
+    "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448']
 )
 def test_gen_ecc(device, curve):
    keyid = device.key_generation(KeyType.ECC, curve)
--- a/tests/pico-hsm/test_021_key_import.py
+++ b/tests/pico-hsm/test_021_key_import.py
@@ -21,7 +21,7 @@ import pytest
 import hashlib
 import os
 from picohsm import DOPrefixes
-from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448, ed25519, ed448
+from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448
 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
 from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES
 from const import DEFAULT_DKEK
@@ -70,17 +70,6 @@ def test_import_montgomery(device, curve):
    device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
    device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)

-@pytest.mark.parametrize(
-    "curve", [ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey]
-)
-def test_import_edwards(device, curve):
-    pkey = curve.generate()
-    keyid = device.import_key(pkey)
-    pubkey = device.public_key(keyid, param=curve)
-    assert(pubkey.public_bytes(Encoding.Raw, PublicFormat.Raw) == pkey.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
-    device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
-    device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid)
-
@pytest.mark.parametrize(
    "size", [128, 192, 256]
 )
--- a/tests/pico-hsm/test_030_signature.py
+++ b/tests/pico-hsm/test_030_signature.py
@@ -55,12 +55,3 @@ def test_signature_rsa(device, modulus, scheme):
    device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
    device.verify(pubkey, data, signature, scheme)

-@pytest.mark.parametrize(
-    "curve", ['ed25519', 'ed448']
-)
-def test_signature_edwards(device, curve):
-    keyid = device.key_generation(KeyType.ECC, curve)
-    pubkey = device.public_key(keyid=keyid)
-    signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data)
-    device.delete_file(DOPrefixes.KEY_PREFIX, keyid)
-    device.verify(pubkey, data, signature)
--- a/tests/pico-hsm/test_090_xkek.py
+++ b/tests/pico-hsm/test_090_xkek.py
@@ -27,7 +27,7 @@ from cvc import oid
 from cryptography.hazmat.primitives.asymmetric import ec
 from picohsm import DOPrefixes, APDUResponse, SWCodes

-KDM = unhexlify(b'30820420060b2b0601040181c31f0402016181ed7f2181e97f4e81a25f290100421045535049434f48534d434130303030317f494f060a04007f0007020202020386410421ee4a21c16a10f737f12e78e5091b266612038cdabebb722b15bf6d41b877fbf64d9ab69c39b9831b1ae00bef2a4e81976f7688d45189bb232a24703d8a96a55f201045535049434f48534d445630303030317f4c12060904007f000703010202530580000000005f25060202000801085f24060203000601045f37403f75c08fffc9186b56e6147199e82bfc327ceef72495bc567961cd54d702f13e3c2766fcd1d11bd6a9d1f4a229b76b248ceb9af88d59a74d0ab149448705159b6281e97f2181e57f4e819e5f290100421045535049434f48534d445630303030317f494f060a04007f00070202020203864104c8561b41e54fea81bb80dd4a6d537e7c3904344e8ca90bc5f668111811e02c8d5d51ca93ca89558f2a8a9cbb147434e3441ec174505ff980fd7a7106286196915f201045535049434f48534d54524a444736387f4c0e060904007f0007030102025301005f25060203000300065f24060204000300055f3740983de63d0975b715ebd8a93cb38fa9638882c8b7064d51a6facabed693b92edc098e458b713203413ef6de0958c44772cbdbc264205c7b1bdb8b4fcb2516437f638201f1678201ed7f218201937f4e82014b5f290100421045535049434f48534d54524a444736387f4982011d060a04007f000702020202038120a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e537782207d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9832026dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b68441048bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f0469978520a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a78641048b1f450912a2e4d428b7eefc5fa05618a9ef295e90009a61cbb0970181b333474ea94f94cde5a11aba0589e85d4225002789ff1cdcf25756f059647b49fc2a158701015f201045535049434f48534d54524a444736385f3740372407c20de7257c89dae1e6606c8a046ca65efaa010c0a22b75c402ee243de51f5f1507457193679ed9db4fbbfe8efb9d695b684492b665ad8ba98c1f84ea38421045535049434f48534d54524a444736385f374098718e2e14a44386b689b71a101530316b65ab49a91bab0dd56099c5161ecb8aadff6cf27449f94034e58b7306f01e6ffa2766a2f5bb1281e12e5f1f9174733454400cf8926ca5bec9a91bcd47bf391c15d94ef6e3243d5fd1fffeaafd586766bc3221eafd808f17f8450f238cc1fe7ab1854443db31d622f53a2b3fdb3ad750d5ce')
+KDM = unhexlify(b'30820420060B2B0601040181C31F0402016181ED7F2181E97F4E81A25F290100421045535049434F48534D434130303030317F494F060A04007F0007020202020386410421EE4A21C16A10F737F12E78E5091B266612038CDABEBB722B15BF6D41B877FBF64D9AB69C39B9831B1AE00BEF2A4E81976F7688D45189BB232A24703D8A96A55F201045535049434F48534D445630303030317F4C12060904007F000703010202530580000000005F25060202000801085F24060203000601045F37403F75C08FFFC9186B56E6147199E82BFC327CEEF72495BC567961CD54D702F13E3C2766FCD1D11BD6A9D1F4A229B76B248CEB9AF88D59A74D0AB149448705159B6281E97F2181E57F4E819E5F290100421045535049434F48534D445630303030317F494F060A04007F000702020202038641043359F5234CE62E0EB80460046D8FD1AAE018CC8B9E687B40AA2C047E352409B45153D1AD888E4E7E780A3B1FA8C69CA8998BD271C8849137149142E96816A5A45F201045535049434F48534D54524A5A58314A7F4C0E060904007F0007030102025301005F25060205000100085F24060206000100085F374016F155B01CDE7FB902C8A631FCB6938458CB570EAB088DEFE1FFACD3AEFF069020256EECCF8E962461534ED682DB87BB9801E25556F87BF524385C536D19A7D1638201F1678201ED7F218201937F4E82014B5F290100421045535049434F48534D54524A5A58314A7F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A786410443F0BAB3EB271E1B762BDB81C2CC10C21CF9E8A73241B86C9552614A8842DA00A556C20BC4250C275981FE196F8D2E8766DE06C609BA07AC3E6E1468EAC451408701015F201045535049434F48534D54524A5A58314A5F37402E79A552EA5ABE1B4244841CC55515F31CACFE9B3E0A3FC3FC178DFD5ED6ADC67E03FCC65C24A8A65658768A1A522F372E9897B87058E453A647FC58E089D30D421045535049434F48534D54524A5A58314A5F37400B54434EF57C6DD55D26B44F63940E9F15C10FBC8FC013528F76ACF917D74EF41D635D630F778862ADBD3EE8574F4ABC28B9A6044DFCB9C30D83C1A4DBE6437054400964DBAED86825DBA4E5BCEFF66DAF5739A71D4B2677FB1F53ABA23B3D1D1A686A06478C3CF7FF797FE7C8A4D090D881319BD15AABE709D3EA74A48C88E4387F')

 def test_initialize(device):
    device.initialize(key_domains=1)
--- a/tools/pico-hsm-tool.py
+++ b/tools/pico-hsm-tool.py
@@ -141,8 +141,6 @@ def parse_args():
    parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]', choices=[128, 192, 256], default=128, type=int)
    parser_keygen_x25519 = subparser_keygen.add_parser('x25519', help='Generates a private X25519 keypair.')
    parser_keygen_x448 = subparser_keygen.add_parser('x448', help='Generates a private X448 keypair.')
-    parser_keygen_x25519 = subparser_keygen.add_parser('ed25519', help='Generates a private Ed25519 keypair.')
-    parser_keygen_x448 = subparser_keygen.add_parser('ed448', help='Generates a private Ed448 keypair.')

    parser_otp = subparser.add_parser('otp', help='Read/write OTP values.')
    parser_otp.add_argument('subcommand', choices=['read', 'write', 'secure_boot'], help='Read, write or enable Secure Boot', nargs='?')
@@ -151,6 +149,10 @@ def parse_args():
    parser_otp.add_argument('--lock', help='Lock & protect (no other firmwares can be loaded)', action='store_true')
    parser_otp.add_argument('--index', help='Bootkey index [0-3]', type=int, default=0, choices=[0, 1, 2, 3])

+    parser_reboot = subparser.add_parser('reboot', help='Reboots the Pico HSM.')
+
+    parser_memory = subparser.add_parser('memory', help='Get memory usage.')
+
    args = parser.parse_args()
    return args

@@ -369,7 +371,7 @@ class SecureLock:

    def disable_device_aut(self):
        ct = self.get_skey()
-        self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x04, p3=list(ct))
+        self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x04, data=list(ct))

 def secure(picohsm, args):
    slck = SecureLock(picohsm)
@@ -467,10 +469,8 @@ def cipher(picohsm, args):
 def keygen(picohsm, args):
    if (args.subcommand == 'aes'):
        ret = picohsm.key_generation(KeyType.AES, param=args.size)
-    elif (args.subcommand in ['x25519', 'x448', 'ed25519', 'ed448']):
-        curve = args.subcommand
-        if (args.subcommand in ['x25519', 'x448']):
-            curve = 'curve' + args.subcommand[1:]
+    elif (args.subcommand in ['x25519', 'x448']):
+        curve = 'curve' + args.subcommand[1:]
        ret = picohsm.key_generation(KeyType.ECC, curve)
    print('Key generated successfully.')
    print(f'Key ID: {ret}')
@@ -511,8 +511,20 @@ def otp(picohsm, args):
    elif (args.subcommand == 'secure_boot'):
        picohsm.secure_boot(BOOTKEY, bootkey_index=args.index, lock=args.lock)

+def reboot(picohsm, args):
+    picohsm.reboot()
+
+def memory(picohsm, args):
+    mem = picohsm.memory()
+    print(f'Memory usage:')
+    print(f'\tFree: {mem["free"]/1024:.2f} kilobytes ({mem["free"]*100/mem["total"]:.2f}%)')
+    print(f'\tUsed: {mem["used"]/1024:.2f} kilobytes ({mem["used"]*100/mem["total"]:.2f}%)')
+    print(f'\tTotal: {mem["total"]/1024:.2f} kilobytes')
+    print(f'\tFlash size: {mem["size"]/1024:.2f} kilobytes')
+    print(f'\tFiles: {mem["files"]}')
+
 def main(args):
-    sys.stderr.buffer.write(b'Pico HSM Tool v2.0\n')
+    sys.stderr.buffer.write(b'Pico HSM Tool v2.2\n')
    sys.stderr.buffer.write(b'Author: Pol Henarejos\n')
    sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n')
    sys.stderr.buffer.write(b'\n\n')
@@ -541,6 +553,10 @@ def main(args):
        phy(picohsm, args)
    elif (args.command == 'otp'):
        otp(picohsm, args)
+    elif (args.command == 'reboot'):
+        reboot(picohsm, args)
+    elif (args.command == 'memory'):
+        memory(picohsm, args)

 def run():
    args = parse_args()
--- a/workflows/autobuild.sh
+++ b/workflows/autobuild.sh
@@ -7,6 +7,7 @@ if [[ $1 == "pico" ]]; then
 sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib
 git clone https://github.com/raspberrypi/pico-sdk
 cd pico-sdk
+git checkout tags/2.1.1
 git submodule update --init
 cd ..
 git clone https://github.com/raspberrypi/picotool
@@ -22,6 +23,7 @@ mkdir build_pico
 cd build_pico
 cmake -DPICO_SDK_PATH=../pico-sdk ..
 make
+cd ..
 elif [[ $1 == "esp32" ]]; then
 sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0
 git clone --recursive https://github.com/espressif/esp-idf.git
@@ -31,6 +33,20 @@ cd esp-idf
 cd ..
 idf.py set-target esp32s3
 idf.py all
+mkdir -p release
+cd build
+esptool.py --chip ESP32-S3 merge_bin -o ../release/pico_hsm_esp32-s3.bin @flash_args
+cd ..
+cd esp-idf
+./install.sh esp32s2
+. ./export.sh
+cd ..
+idf.py set-target esp32s2
+idf.py all
+mkdir -p release
+cd build
+esptool.py --chip ESP32-S2 merge_bin -o ../release/pico_hsm_esp32-s2.bin @flash_args
+cd ..
 else
 mkdir build
 cd build
Author	SHA1	Message	Date
Pol Henarejos	92fe26c1e1	Upgrade to v6.4 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-19 19:18:02 +01:00
Pol Henarejos	5c2dce9e52	Take led_driver on build. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-19 19:14:07 +01:00
Pol Henarejos	1cbcfce23f	Use all available boards. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-19 19:13:36 +01:00
Pol Henarejos	1f3cecea8b	Use fastest clk for rp2040. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-19 19:13:18 +01:00
Pol Henarejos	ac8d05b9e9	Add support for esp32s2 autobuild. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-19 12:14:47 +01:00
Pol Henarejos	e00e620264	Upgrade to Pico SDK 2.1.1 autobuild. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-19 12:13:58 +01:00
Pol Henarejos	64d8dafa2b	Fix multiple interfaces in older PCSC versions. Fixes #74 again. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-12 13:25:43 +01:00
Pol Henarejos	0f3bb8242c	Fix multiple interfaces in older PCSC versions. Fixes #74 again. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-02-12 13:25:07 +01:00
Pol Henarejos	747e5fbe86	Added phy_save() and phy_load() to save and load PHY. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-29 17:09:29 +01:00
Pol Henarejos	8eb4669c0f	Fixes #74 . LibCCID allows propietary class for CCID (ALLOW_PROPIETARY_CLASS in LibCCID). Then both interfaces are loaded but since both belong to same device, only the last is opened. We change maxSlot value even it breaks the ICCD spec to cause a timeout in LibCCID and deactivate WebCCID interface. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-17 20:56:11 +01:00
Pol Henarejos	297f2e6228	Upgrade to v5.2 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-15 12:06:00 +01:00
Pol Henarejos	12a26f8506	Merge branch 'development'	2025-01-15 12:04:47 +01:00
Pol Henarejos	45a96f8742	Add rollback version to 1. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-15 12:04:20 +01:00
Pol Henarejos	ca2e04af53	Update initial memory for tests and KDM Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-08 14:47:23 +01:00
Pol Henarejos	f0a9d03ca8	Fix storing MKEK in devices with OTP_1 available. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-08 14:38:02 +01:00
Pol Henarejos	2502f99aff	Add OTP for emulation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-01-08 13:26:08 +01:00
Pol Henarejos	71636f4d66	Use partition bounds if available. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-30 21:42:33 +01:00
Pol Henarejos	310bcb8092	Fix bin name. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-27 02:22:20 +01:00
Pol Henarejos	6c5735fc4b	Fix bin name. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-27 02:21:58 +01:00
Pol Henarejos	3430655897	Fix merge file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-27 02:09:16 +01:00
Pol Henarejos	3d9e806409	Fix merge file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-27 02:09:05 +01:00
Pol Henarejos	ff8b343df4	Auto generate an esp32-s3 firmware bin file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-27 02:08:30 +01:00
Pol Henarejos	0c6b0d295f	Auto generate an esp32-s3 firmware bin file. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-27 02:03:08 +01:00
Pol Henarejos	c6b03e54ca	Fix TX/RX buffers to align them with USB buffers and avoid overflows. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-24 02:06:15 +01:00
Pol Henarejos	991f5fc960	More uint funcs. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-23 21:41:40 +01:00
Pol Henarejos	6d516b1b78	Use BE/LE functions for packing uint16. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-23 21:01:12 +01:00
Pol Henarejos	2a3ac550ec	Pack file struct. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-23 20:40:11 +01:00
Pol Henarejos	73232b6de4	Add LE/BE functions for uint16, 32 and 64. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-23 20:39:03 +01:00
Pol Henarejos	d56b540324	Add support for displaying memory usage. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-23 20:24:10 +01:00
Pol Henarejos	74b635fa3c	Increase TinyUSB task stack size. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-23 20:12:15 +01:00
Pol Henarejos	07d9e225d2	Use PHY value for LED GPIO number. Fixes #71 . Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-16 13:12:11 +01:00
Pol Henarejos	3d960b931a	Fix MKEK masking order. Fixes #69 . Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-08 01:26:47 +01:00
Pol Henarejos	ff7ef56cda	Dev options file must be persistent, since it manipulates MKEK which is in turn persistent. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-08 01:25:19 +01:00
Pol Henarejos	320455815f	Only allow initialize if secure lock is disabled or has mkek mask. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-08 01:24:35 +01:00
Pol Henarejos	859dec7e4a	Accept mkek mask only if secure lock is enabled. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-08 01:23:51 +01:00
Pol Henarejos	053ccf4a89	Fix esp32 build. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-03 08:47:44 +01:00
Pol Henarejos	f88aad1e2c	Fixed buffer overflow when unlocking the device. Fixes #68. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-12-03 08:36:05 +01:00
Pol Henarejos	866aac8fe3	Add reboot extra command. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-27 21:48:04 +01:00
Pol Henarejos	a242a28394	Fix disable secure aut. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-27 16:11:18 +01:00
Pol Henarejos	c33ed9b968	Fix autobuild for Pico SDK 2.1.0 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-25 23:59:54 +01:00
Pol Henarejos	65a4474dec	Fix build for RP2350. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-25 23:46:12 +01:00
Pol Henarejos	e243def565	Add UP button timeout for PHY. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-25 15:24:27 +01:00
Pol Henarejos	78bc34827e	Autobuild for Pico SDK 2.0.0 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-25 13:13:31 +01:00
Pol Henarejos	a69cb8a95a	Add CCID SET_CLOCK_AND_FREQUENCY command for latest IFD. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2024-11-25 12:55:28 +01:00