-
Version 3.6 Stable
released this
2023-11-07 00:58:32 +08:00 | 347 commits to master since this releaseThis release includes new features:
New
- 4 new supported boards.
- AES algorithms: ECB, CBC with custom IV, OFB, CFB, XTS, CTR, CCM and GCM.
- mbedTLS 3.5
- BIP and SLIP to support crypto wallets. It supports infinite hierarchical deterministic (HD) key derivation.
- Added support for asymmetric and symmetric (SLIP-0021) deterministic derivations.
- Added support for HD symmetric ciphering.
- Added EdDSA support (see separate branch and releases).
- Added support for Ed25519 and Ed448 (see separate branch and releases).
- Added
--silentflag to pico-hsm tool initialization.
Enhancements
- Self-signed CVC during the first initialization.
- Added DV to PUK store.
- CVCA is also uploaded for improve PKA.
- Added support for TokenInfo and StaticTokenInfo files.
- Added PKA tests.
- Added XKEK tests.
- Added key domain tests.
- Added DKEK import in key domain tests.
- If public point is not found, it is automatically calculated.
- Added counters, algorithms and key domain in key generation tests.
- Added key wrapping and unwrapping tests.
- Check bad tag in Chachapoly.
- Added Chachapoly tests.
- Added PRKD for AES too.
- Added AES EXT tests.
- Added AES XTS with and without IV.
- Added BIP and SLIP tests.
- Added HD signature tests.
- Added HD symmetric ciphering tests.
- Added PKCS11 tests.
- Added PKCS11-tool tests.
- Added support for Pico W leds.
Changes
- If no key domain is specified,
0is used by default. - If a key does not belong to any key domain, it cannot be wrapped.
- PRKD is generated at every import (it can be replaced afterwards).
- Signatures are allowed using key device.
- Accept arbitrary SO-PIN length on reset retry.
- New format for applet selection.
- User must log in after DKEK import.
- Pico HSM SDK is renamed to Pico Keys SDK.
- If an applet is not selected, it returns NOT_FOUND on every command.
Fixes
- PUK initialization.
- PUK reset.
- PUK enabling.
- PUK status.
- PUK authentication.
- ECDH zeroing.
- Potential crash on deleting file.
- Return error when non-initialized key domain is deleted.
- Before wrapping, check DKEK is configured correctly.
- Check key domain reinitialization.
- Key domain check.
- Wrapping EC points.
- Race condition.
- Fixed #22.
- Chachapoly encryption.
- Overflow when importing AES XTS key.
- Fix key size of terminal CVC.
- PRKD for AES.
- AES EXT encoding.
- AES XTS call.
- Return error on reading binary with bad offset.
- Memory free on error for BIP & SLIP command.
- Deriving nodes with retries.
- AES derivation (HKDF).
- Get RTC with pico-hsm tool.
- Fix G point CVC export.
- Sending binary files when
ne=0. - File chunking.
- Key domain deletion.
- DKEK import when user is not logged.
- Potential freeze.
Downloads