Fix eddsa output folder.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

.github/workflows/nightly.yml

@@ -24,7 +24,7 @@ jobs:
           PICO_SDK_PATH: ../pico-sdk
         run: |
            ./workflows/autobuild.sh pico
-           ./build_pico_hsm.sh
+           ./build_pico_hsm.sh --no-eddsa
            ./workflows/autobuild.sh esp32
       - name: Update nightly release
         uses: pyTooling/Actions/releaser@main

build_pico_hsm.sh

@@ -1,23 +1,47 @@
 #!/bin/bash
 
 VERSION_MAJOR="5"
-VERSION_MINOR="4-eddsa1"
+VERSION_MINOR="6"
+NO_EDDSA=0
 SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
 #if ! [[ -z "${GITHUB_SHA}" ]]; then
 #    SUFFIX="${SUFFIX}.${GITHUB_SHA}"
 #fi
 
-rm -rf release/*
+if [[ $1 == "--no-eddsa" ]]; then
+    NO_EDDSA=1
+    echo "Skipping EDDSA build"
+fi
+
 mkdir -p build_release
 mkdir -p release
+mkdir -p release_eddsa
+rm -rf -- release/*
+if [[ $NO_EDDSA -eq 0 ]]; then
+    rm -rf -- release_eddsa/*
+fi
 cd build_release
+
 PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}"
 board_dir=${PICO_SDK_PATH}/src/boards/include/boards
 for board in "$board_dir"/*
 do
-    board_name="$(basename -- $board .h)"
+    board_name="$(basename -- "$board" .h)"
-    rm -rf *
+    rm -rf -- ./*
-    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name
+    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem
     make -j`nproc`
     mv pico_hsm.uf2 ../release/pico_hsm_$board_name-$SUFFIX.uf2
 done
+
+# Build with EDDSA
+
+if [[ $NO_EDDSA -eq 0 ]]; then
+    for board in "$board_dir"/*
+    do
+        board_name="$(basename -- "$board" .h)"
+        rm -rf -- ./*
+        PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem -DENABLE_EDDSA=1
+        make -j`nproc`
+        mv pico_hsm.uf2 ../release_eddsa/pico_hsm_$board_name-$SUFFIX-eddsa1.uf2
+    done
+fi

src/hsm/cmd_cipher_sym.c

@@ -655,7 +655,7 @@ int cmd_cipher_sym() {
                     secret[64] = { 0 };
             mbedtls_aes_init(&ctx);
             if (hd_keytype != 0x3) {
-                mbedtls_ecdsa_free(&hd_context);
+                mbedtls_ecp_keypair_free(&hd_context);
                 return SW_INCORRECT_PARAMS();
             }
             key_size = 32;
@@ -689,7 +689,7 @@ int cmd_cipher_sym() {
                 return SW_EXEC_ERROR();
             }
             res_APDU_size = enc.len;
-            mbedtls_ecdsa_free(&hd_context);
+            mbedtls_ecp_keypair_free(&hd_context);
             hd_keytype = 0;
         }
         else {

src/hsm/cmd_general_authenticate.c

@@ -22,6 +22,7 @@
 #include "oid.h"
 #include "eac.h"
 #include "files.h"
+#include "otp.h"
 
 int cmd_general_authenticate() {
     if (P1(apdu) == 0x0 && P2(apdu) == 0x0) {
@@ -54,6 +55,9 @@ int cmd_general_authenticate() {
             mbedtls_ecdh_context ctx;
             mbedtls_ecdh_init(&ctx);
             mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1;
+            if (otp_key_2) {
+                gid = MBEDTLS_ECP_DP_SECP256K1;
+            }
             r = mbedtls_ecdh_setup(&ctx, gid);
             if (r != 0) {
                 mbedtls_ecp_keypair_free(&ectx);

src/hsm/cmd_keypair_gen.c

@@ -83,12 +83,14 @@ int cmd_keypair_gen() {
                     if (asn1_find_tag(&ctxo, 0x83, &g) != true) {
                         return SW_WRONG_DATA();
                     }
+#ifdef MBEDTLS_EDDSA_C
                     if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g.data[0] != 9)) {
                         ec_id = MBEDTLS_ECP_DP_ED25519;
                     }
                     else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g.len != 56 || g.data[0] != 5)) {
                         ec_id = MBEDTLS_ECP_DP_ED448;
                     }
+#endif
                 }
                 printf("KEYPAIR ECC %d\r\n", ec_id);
                 mbedtls_ecdsa_context ecdsa;

src/hsm/cmd_signature.c

@@ -20,7 +20,9 @@
 #include "asn1.h"
 #include "mbedtls/oid.h"
 #include "random.h"
+#ifdef MBEDTLS_EDDSA_C
 #include "mbedtls/eddsa.h"
+#endif
 
 extern mbedtls_ecp_keypair hd_context;
 extern uint8_t hd_keytype;
@@ -274,10 +276,13 @@ int cmd_signature() {
         }
         size_t olen = 0;
         uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
+#ifdef MBEDTLS_EDDSA_C
         if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
             r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
         }
-        else {
+        else
+#endif
+        {
             r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
                                               &olen, random_gen, NULL);
         }
@@ -293,23 +298,23 @@ int cmd_signature() {
         size_t olen = 0;
         uint8_t buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
         if (hd_context.grp.id == MBEDTLS_ECP_DP_NONE) {
-            mbedtls_ecdsa_free(&hd_context);
+            mbedtls_ecp_keypair_free(&hd_context);
             return SW_CONDITIONS_NOT_SATISFIED();
         }
         if (hd_keytype != 0x1 && hd_keytype != 0x2) {
-            mbedtls_ecdsa_free(&hd_context);
+            mbedtls_ecp_keypair_free(&hd_context);
             return SW_INCORRECT_PARAMS();
         }
         md = MBEDTLS_MD_SHA256;
         if (mbedtls_ecdsa_write_signature(&hd_context, md, apdu.data, apdu.nc, buf,
                                           MBEDTLS_ECDSA_MAX_LEN,
                                           &olen, random_gen, NULL) != 0) {
-            mbedtls_ecdsa_free(&hd_context);
+            mbedtls_ecp_keypair_free(&hd_context);
             return SW_EXEC_ERROR();
         }
         memcpy(res_APDU, buf, olen);
         res_APDU_size = (uint16_t)olen;
-        mbedtls_ecdsa_free(&hd_context);
+        mbedtls_ecp_keypair_free(&hd_context);
         hd_keytype = 0;
     }
     else {

src/hsm/cmd_verify.c

@@ -59,8 +59,5 @@ int cmd_verify() {
         }
         return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_sopin));
     }
-    else if (p2 == 0x85) {
-        return SW_OK();
-    }
     return SW_REFERENCE_NOT_FOUND();
 }

src/hsm/cvc.c

@@ -26,7 +26,9 @@
 #include "oid.h"
 #include "mbedtls/md.h"
 #include "files.h"
+#ifdef MBEDTLS_EDDSA_C
 #include "mbedtls/eddsa.h"
+#endif
 
 extern const uint8_t *dev_name;
 extern uint16_t dev_name_len;
@@ -89,7 +91,11 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uin
     uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size);
     uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa));
     uint16_t tot_len = 0, tot_data_len = 0;
-    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
+    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY
+#ifdef MBEDTLS_EDDSA_C
+     || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS
+#endif
+    ) {
         tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size;
         oid = oid_ri;
     }
@@ -110,7 +116,11 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uin
     //oid
     *p++ = 0x6; p += format_tlv_len(sizeof(oid_ecdsa), p); memcpy(p, oid, sizeof(oid_ecdsa));
     p += sizeof(oid_ecdsa);
-    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
+    if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY
+#ifdef MBEDTLS_EDDSA_C
+    || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS
+#endif
+    ) {
         //p
         *p++ = 0x81; p += format_tlv_len((uint16_t)p_size, p); mbedtls_mpi_write_binary(&ecdsa->grp.P, p, p_size);
         p += p_size;
@@ -297,10 +307,13 @@ uint16_t asn1_cvc_cert(void *rsa_ecdsa,
         mbedtls_ecp_keypair *ecdsa = (mbedtls_ecp_keypair *) rsa_ecdsa;
         mbedtls_mpi_init(&r);
         mbedtls_mpi_init(&s);
+#ifdef MBEDTLS_EDDSA_C
         if (ecdsa->grp.id == MBEDTLS_ECP_DP_ED25519 || ecdsa->grp.id == MBEDTLS_ECP_DP_ED448) {
             ret = mbedtls_eddsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, body, body_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
         }
-        else {
+        else
+#endif
+        {
             ret = mbedtls_ecdsa_sign(&ecdsa->grp, &r, &s, &ecdsa->d, hsh, sizeof(hsh), random_gen, NULL);
         }
         if (ret == 0) {
@@ -359,10 +372,13 @@ uint16_t asn1_cvc_aut(void *rsa_ecdsa,
     mbedtls_mpi r, s;
     mbedtls_mpi_init(&r);
     mbedtls_mpi_init(&s);
+#ifdef MBEDTLS_EDDSA_C
     if (ectx.grp.id == MBEDTLS_ECP_DP_ED25519 || ectx.grp.id == MBEDTLS_ECP_DP_ED448) {
         ret = mbedtls_eddsa_sign(&ectx.grp, &r, &s, &ectx.d, body, cvcert_size + outcar_size, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
     }
-    else {
+    else
+#endif
+    {
         uint8_t hsh[32];
         hash256(body, cvcert_size + outcar_size, hsh);
         ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL);

src/hsm/kek.c

@@ -664,12 +664,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
 
         //G
         len = get_uint16_t_be(kb + ofs);
+#ifdef MBEDTLS_EDDSA_C
         if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) {
             ec_id = MBEDTLS_ECP_DP_ED25519;
         }
         else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) {
             ec_id = MBEDTLS_ECP_DP_ED448;
         }
+#endif
         ofs += len + 2;
 
         //d
@@ -685,10 +687,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le
         len = get_uint16_t_be(kb + ofs); ofs += 2;
         r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len);
         if (r != 0) {
+#ifdef MBEDTLS_EDDSA_C
             if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) {
                 r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL);
             }
-            else {
+            else
+#endif
+            {
                 r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL);
             }
             if (r != 0) {

src/hsm/sc_hsm.c

@@ -680,10 +680,13 @@ int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) {
         return PICOKEY_EXEC_ERROR;
     }
     mbedtls_platform_zeroize(kdata, sizeof(kdata));
+#ifdef MBEDTLS_EDDSA_C
     if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) {
         r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL);
     }
-    else {
+    else
+#endif
+    {
         r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL);
     }
     if (r != 0) {
@@ -758,6 +761,7 @@ static const cmd_t cmds[] = {
 };
 
 int sc_hsm_process_apdu() {
+    uint32_t ne = apdu.ne;
     int r = sm_unwrap();
     if (r != PICOKEY_OK) {
         return SW_DATA_INVALID();
@@ -766,6 +770,9 @@ int sc_hsm_process_apdu() {
         if (cmd->ins == INS(apdu)) {
             int res = cmd->cmd_handler();
             sm_wrap();
+            if ((CLA(apdu) >> 2) & 0x3) {
+                apdu.ne = ne;
+            }
             return res;
         }
     }

src/hsm/version.h

@@ -18,7 +18,7 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_
 
-#define HSM_VERSION 0x0504
+#define HSM_VERSION 0x0506
 
 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
 #define HSM_VERSION_MINOR (HSM_VERSION & 0xff)

tests/build-in-docker.sh

@@ -4,7 +4,7 @@ source tests/docker_env.sh
 build_image
 #run_in_docker rm -rf CMakeFiles
 run_in_docker mkdir -p build_in_docker
-run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 -D__FOR_CI=1 ..
+run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 -D__FOR_CI=1 -DENABLE_EDDSA=1 ..
 run_in_docker -w "$PWD/build_in_docker" make -j ${NUM_PROC}
 docker create --name temp_container pico-hsm-test:bullseye
 docker cp $PWD/build_in_docker/pico_hsm temp_container:/pico_hsm

tools/pico-hsm-tool.py

@@ -67,6 +67,7 @@ def parse_args():
     subparser = parser.add_subparsers(title="commands", dest="command", required=True)
     parser_init = subparser.add_parser('initialize', help='Performs the first initialization of the Pico HSM.')
     parser.add_argument('--pin', help='PIN number')
+    parser.add_argument('--slot', help='Select specific slot', type=int, default=-1)
     parser_init.add_argument('--so-pin', help='SO-PIN number')
     parser_init.add_argument('--silent', help='Confirms initialization silently.', action='store_true')
     parser_init.add_argument('--no-dev-cert', help='Do not request a device certificate (it will use a self-signed certificate). Do not use if attestation is needed.', action='store_true', default=False)
@@ -233,7 +234,7 @@ def initialize(picohsm, args):
 
         pbk = base64.urlsafe_b64encode(Y)
         params = {'pubkey': pbk}
-        if (picohsm.platform in (Platform.RP2350, Platform.ESP32)):
+        if (picohsm.platform in (Platform.RP2350, Platform.ESP32, Platform.EMULATION)):
             params['curve'] = 'secp256k1'
         data = urllib.parse.urlencode(params).encode()
         j = get_pki_data('cvc', data=data)
@@ -528,13 +529,13 @@ def memory(picohsm, args):
     print(f'\tFiles: {mem["files"]}')
 
 def main(args):
-    sys.stderr.buffer.write(b'Pico HSM Tool v2.2\n')
+    sys.stderr.buffer.write(b'Pico HSM Tool v2.4\n')
     sys.stderr.buffer.write(b'Author: Pol Henarejos\n')
     sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n')
     sys.stderr.buffer.write(b'\n\n')
     sys.stderr.flush()
 
-    picohsm = PicoHSM(args.pin)
+    picohsm = PicoHSM(args.pin, slot=args.slot)
 
     # Following commands may raise APDU exception on error
     if (args.command == 'initialize'):