Upgrade to v3.2.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

.github/workflows/codeql.yml

@@ -35,6 +35,7 @@ jobs:
         language: [ 'cpp', 'python' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+        mode: [ 'pico', 'esp32', 'local' ]
 
     steps:
     - name: Checkout repository
@@ -66,7 +67,7 @@ jobs:
 
     - run: |
        echo "Run, Build Application using script"
-       ./workflows/autobuild.sh
+       ./workflows/autobuild.sh ${{ matrix.mode }}
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2

.github/workflows/nightly.yml

@@ -0,0 +1,35 @@
+name: "Nightly deploy"
+
+on:
+  schedule:
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+jobs:
+  nightly:
+    name: Deploy nightly
+    strategy:
+      fail-fast: false
+      matrix:
+        refs: [main]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ matrix.refs }}
+          submodules: 'recursive'
+      - name : Build
+        env:
+          PICO_SDK_PATH: ../pico-sdk
+        run: |
+           ./workflows/autobuild.sh pico
+           ./build_pico_openpgp.sh
+           ./workflows/autobuild.sh esp32
+      - name: Update nightly release
+        uses: pyTooling/Actions/releaser@main
+        with:
+          tag: nightly-${{ matrix.refs }}
+          rm: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+          files: release/*.*

CMakeLists.txt

@@ -17,8 +17,11 @@
 
 cmake_minimum_required(VERSION 3.13)
 
-if(ENABLE_EMULATION)
+if(ESP_PLATFORM)
+    set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
+    include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 else()
+    if(NOT ENABLE_EMULATION)
         include(pico_sdk_import.cmake)
     endif()
 
@@ -27,54 +30,94 @@ project(pico_openpgp C CXX ASM)
     set(CMAKE_C_STANDARD 11)
     set(CMAKE_CXX_STANDARD 17)
 
-if(ENABLE_EMULATION)
+    if(NOT ENABLE_EMULATION)
-else()
         pico_sdk_init()
     endif()
 
+    if(NOT DEFINED __FOR_CI)
+        set(__FOR_CI 0)
+    endif()
+    if(__FOR_CI)
+        add_definitions(-D__FOR_CI)
+    endif()
+
     add_executable(pico_openpgp)
+endif()
 
 set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/piv.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/management.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_select.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_get_data.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_verify.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_put_data.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_select_data.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_import_data.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_version.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_change_pin.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_mse.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_internal_aut.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_challenge.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_activate_file.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_terminate_df.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_pso.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_keypair_gen.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/cmd_reset_retry.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/do.c
 )
 
+set(USB_ITF_CCID 1)
+set(USB_ITF_WCID 1)
+include(pico-keys-sdk/pico_keys_sdk_import.cmake)
+
+SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/openpgp/version.h" 1)
+
+if(ESP_PLATFORM)
+    project(pico_openpgp)
+endif()
+
 set(INCLUDES ${INCLUDES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp
 )
-
+if(NOT ESP_PLATFORM)
-set(USB_ITF_CCID 1)
-include(pico-keys-sdk/pico_keys_sdk_import.cmake)
-
     target_sources(pico_openpgp PUBLIC ${SOURCES})
     target_include_directories(pico_openpgp PUBLIC ${INCLUDES})
 
     target_compile_options(pico_openpgp PUBLIC
         -Wall
+    )
+    if(NOT MSVC)
+        target_compile_options(pico_openpgp PUBLIC
             -Werror
         )
+    endif()
 
     if(ENABLE_EMULATION)
-
+        if(NOT MSVC)
             target_compile_options(pico_openpgp PUBLIC
                 -fdata-sections
                 -ffunction-sections
             )
+        endif()
         if(APPLE)
             target_link_options(pico_openpgp PUBLIC
                 -Wl,-dead_strip
             )
+        elseif(MSVC)
+            target_compile_options(pico_openpgp PUBLIC
+                -WX
+            )
+
+            target_link_libraries(pico_openpgp PUBLIC wsock32 ws2_32 Bcrypt)
         else()
             target_link_options(pico_openpgp PUBLIC
                 -Wl,--gc-sections
             )
         endif(APPLE)
+        target_link_libraries(pico_openpgp PRIVATE pthread m)
     else()
-
+        pico_add_extra_outputs(${CMAKE_PROJECT_NAME})
-pico_add_extra_outputs(pico_openpgp)
+    endif()
-
-#target_compile_definitions(pico_openpgp PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
-
-target_link_libraries(pico_openpgp PRIVATE pico_keys_sdk pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
 endif()

README.md

@@ -1,5 +1,5 @@
 # Pico OpenPGP
-This project aims at transforming your Raspberry Pico into a Smart Card with an OpenPGP applet integrated. The Pico works as a reader with an embedded OpenPGP card, like a USB card.
+This project aims at transforming your Raspberry Pico or ESP32 microcontroller into a Smart Card with an OpenPGP applet integrated. The Pico works as a reader with an embedded OpenPGP card, like a USB card.
 
 OpenPGP cards are used to manage PGP keys and do cryptographic operations, such as keypair generation, signing and asymmetric deciphering. Pico OpenPGP follows the [**OpenPGP 3.4.1** specifications](https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.4.pdf "**OpenPGP 3.4.1** specifications"), available at [GnuPG](http://gnupg.org "GnuPG").
 
@@ -29,6 +29,10 @@ Pico OpenPGP has implemented the following features:
 - AES key generation.
 - AES ciphering and deciphering.
 - Cardholder certificates support.
+- Secure Boot and Secure Lock in RP2350 and ESP32-S3 MCUs.
+- One Time Programming to store the master key that encrypts all resident keys and seeds.
+- Rescue interface to allow recovery of the device if it becomes unresponsive or undetectable.
+- LED customization with Pico Commissioner.
 
 All these features are compliant with the specification. Therefore, if you detect some behaviour that is not expected or it does not follow the rules of specs, please open an issue.
 
@@ -47,44 +51,71 @@ As a consequence, Pico OpenPGP is designed from zero. Well, not strictly from ze
 Whilst Gnuk is OpenPGP 2.0 with small set of enhancements, Pico OpenPGP aims at being OpenPGP 3.4 compliant, with new features (not present in Gnuk), such as Manage Security Environment (MSE) or UIF.
 
 ## Security considerations
-All secret keys (asymmetric and symmetric) are stored encrypted in the flash memory of the Raspberry Pico. DEK is used as a 256 bit AES key to protect private and secret keys. Keys are never stored in RAM except for signature and decryption operations and only during the process. All keys (including DEK) are loaded and cleared every time to avoid potential security flaws.
+All secret keys (asymmetric and symmetric) are stored encrypted in the flash memory of the Raspberry Pico using a Device Encyrption Key (DEK). DEK is a 256 bit AES key used to protect private and secret keys. Keys are never stored in RAM except for signature and decryption operations and only during the process. All keys (including DEK) are loaded and cleared every time to avoid potential security flaws.
 
-At the same time, DEK is encrypted with doubled salted and hashed PIN. Also, the PIN is hashed in memory during the session. Hence, PIN is never stored in plain text neither in flash nor in memory. Note that PIN is conveyed from the host to the Pico in plain text if no secure channel is provided.
+At the same time, DEK is encrypted with doubled salted and hashed PIN. For RP2350 and ESP32-S3 microcontrollers it is masked by a secure device 32 bytes key. Also, the PIN is hashed in memory during the session. Hence, PIN is never stored in plain text neither in flash nor in memory. Note that PIN is conveyed from the host to the Pico in plain text if no secure channel is provided.
 
 If the Pico is stolen the contents of private and secret keys cannot be read without the PIN, even if the flash memory is dumped.
 
+### RP2350 and ESP32-S3
+RP2350 and ESP32-S3 microcontrollers are equipped with advanced security features, including Secure Boot and Secure Lock, ensuring that firmware integrity and authenticity are tightly controlled. Both devices support the storage of the Device Encryption Key (DEK) in an OTP (One-Time Programmable) memory region, making it permanently inaccessible for external access or tampering. This secure, non-volatile region guarantees that critical security keys are embedded into the hardware, preventing unauthorized access and supporting robust defenses against code injection or firmware modification. Together, Secure Boot and Secure Lock enforce firmware authentication, while the DEK in OTP memory solidifies the foundation for secure operations.
+
+### Secure Boot
+Secure Boot is a security feature that ensures that only trusted firmware, verified through digital signatures, can be loaded onto the device during the boot process. Once enabled, Secure Boot checks every piece of firmware against a cryptographic signature before execution, rejecting any unauthorized or modified code. This prevents malicious firmware from compromising the device’s operation and integrity. With Secure Boot activated, only firmware versions signed by a trusted authority, such as the device manufacturer, will be accepted, ensuring the device remains protected from unauthorized software modifications. **This is irreversible. Once enabled, it CANNOT be disabled.**
+
+**IMPORTANT:** For users wishing to develop and compile custom firmware, a private-public key pair is essential. Activating Secure Boot requires users to generate and manage their own unique private-public key pair. The public key from this pair must be embedded into the device to validate all firmware. Firmware will not boot without a proper digital signature from this key pair. This means that users must sign all future firmware versions with their private key and embed the public key in the device to ensure compatibility.
+
+### Secure Lock
+Secure Lock builds on Secure Boot by imposing an even stricter security model. Once activated, Secure Lock prevents any further installation of new boot keys, effectively locking the device to only run firmware that is authorized by the device's primary vendor—in this case, Pico Keys. In addition to preventing additional keys, Secure Lock disables debugging interfaces and puts additional safeguards in place to resist tampering and intrusion attempts. This ensures that the device operates exclusively with the original vendor’s firmware and resists unauthorized access, making it highly secure against external threats. **This is irreversible. Once enabled, it CANNOT be disabled.**
+
+**IMPORTANT:** Activating Secure Lock not only enables Secure Boot but also invalidates all keys except the official Pico Key. This means that only firmware signed by Pico Key will be recognized, and custom code will no longer be allowed. Once enabled, the Pico Key device will run solely on the official firmware available on the website, with no option for generating or compiling new code for the device.
+
 ## Download
-Please, go to the [Release page](https://github.com/polhenarejos/pico-openpgp/releases "Release page"))  and download the UF2 file for your board.
+**If you own an ESP32-S3 board, go to [ESP32 Flasher](https://www.picokeys.com/esp32-flasher/) for flashing your Pico OpenPGP.**
 
-Please, go to the Release page and download the UF2 file for your board.
+If you own a Raspberry Pico (RP2040 or RP2350), go to [Download page](https://www.picokeys.com/getting-started/), select your vendor and model and download the proper firmware; or go to [Release page](https://www.github.com/polhenarejos/pico-openpgp/releases/) and download the UF2 file for your board.
 
-Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you are planning to use it with OpenSC or similar, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Patcher tool](https://www.picokeys.com/pico-patcher/).
+Note that UF2 files are shiped with a dummy VID/PID to avoid license issues (FEFF:FCFD). If you plan to use it with OpenSC or similar tools, you should modify Info.plist of CCID driver to add these VID/PID or use the [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner").
-
-Alternatively you can use the legacy VID/PID patcher as follows:
-`./patch_vidpid.sh VID:PID input_hsm_file.uf2 output_hsm_file.uf2`
 
 You can use whatever VID/PID (i.e., 234b:0000 from FISJ), but remember that you are not authorized to distribute the binary with a VID/PID that you do not own.
 
-Note that the pure-browser option [Pico Patcher tool](https://www.picokeys.com/pico-patcher/) is the most recommended. 
+Note that the pure-browser option [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") is the most recommended.
 
-## Build
+## Build for Raspberry Pico
 Before building, ensure you have installed the toolchain for the Pico and the Pico SDK is properly located in your drive.
-
+```
 git clone https://github.com/polhenarejos/pico-openpgp
+git submodule update --init --recursive
 cd pico-openpgp
 mkdir build
 cd build
 PICO_SDK_PATH=/path/to/pico-sdk cmake .. -DPICO_BOARD=board_type -DUSB_VID=0x1234 -DUSB_PID=0x5678
 make
+```
+Note that `PICO_BOARD`, `USB_VID` and `USB_PID` are optional. If not provided, `pico` board and VID/PID `FEFF:FCFD` will be used.
 
-Note that PICO_BOARD, USB_VID and USB_PID are optional. If not provided, pico board and VID/PID FEFF:FCFD will be used.
+Additionally, you can pass the `VIDPID=value` parameter to build the firmware with a known VID/PID. The supported values are:
 
-After make ends, the binary file pico_openpgp.uf2 will be generated. Put your pico board into loading mode, by pushing BOOTSEL button while pluging on, and copy the UF2 to the new fresh usb mass storage Pico device. Once copied, the pico mass storage will be disconnected automatically and the pico board will reset with the new firmware. A blinking led will indicate the device is ready to work.
+- `NitroHSM`
+- `NitroFIDO2`
+- `NitroStart`
+- `NitroPro`
+- `Nitro3`
+- `Yubikey5`
+- `YubikeyNeo`
+- `YubiHSM`
+- `Gnuk`
+- `GnuPG`
+
+After running `make`, the binary file `pico_openpgp.uf2` will be generated. To load this onto your Pico board:
+
+1. Put the Pico board into loading mode by holding the `BOOTSEL` button while plugging it in.
+2. Copy the `pico_openpgp.uf2` file to the new USB mass storage device that appears.
+3. Once the file is copied, the Pico mass storage device will automatically disconnect, and the Pico board will reset with the new firmware.
+4. A blinking LED will indicate that the device is ready to work.
 
 ## Operation time
 ### Keypair generation
-Generating EC keys is almost instant. RSA keypair generation takes some time, specially for 3072 and 4096 bits.
-### Keypair generation
 Generating EC keys is almost instant. RSA keypair generation takes some time, specially for `3072` and `4096` bits.
 
 | RSA key length (bits) | Average time (seconds) |
@@ -135,7 +166,9 @@ Pico OpenPGP relies on PKCS#15 structure to store and manipulate the internal fi
 The way to communicate is exactly the same as with other cards, such as OpenPGP or similar.
 
 ### Important
-OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a pair of VID/PID of supported readers. In order to be detectable, you must patch the UF2 binary (if you just downloaded from the [Release section](https://github.com/polhenarejos/pico-openpgp/releases "Release section")) or configure the project with the proper VID/PID with `USB_VID` and `USB_PID` parameters in `CMake` (see [Build section](#build "Build section")). Note that you cannot distribute the patched/compiled binary if you do not own the VID/PID or have an explicit authorization.
+OpenSC relies on PCSC driver, which reads a list (`Info.plist`) that contains a pair of VID/PID of supported readers. In order to be detectable, you have several options:
+- Use the pure-browser online [Pico Commissioner](https://www.picokeys.com/pico-commissioner/ "Pico Commissioner") that commissions the Pico Key on-the-fly without external tools.
+- Build and configure the project with the proper VID/PID with `USB_VID` and `USB_PID` parameters in `CMake` (see [Build section](#build "Build section")). Note that you cannot distribute the patched/compiled binary if you do not own the VID/PID or have an explicit authorization.
 
 ## Credits
 Pico OpenPGP uses the following libraries or portion of code:

VERSION

@@ -1 +1 @@
-Version=2.0
+Version=3.2

build_pico_openpgp.sh

@@ -1,45 +1,93 @@
 #!/bin/bash
 
-VERSION_MAJOR="2"
+VERSION_MAJOR="3"
-VERSION_MINOR="0"
+VERSION_MINOR="2"
+SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
+#if ! [[ -z "${GITHUB_SHA}" ]]; then
+#    SUFFIX="${SUFFIX}.${GITHUB_SHA}"
+#fi
 
 rm -rf release/*
+mkdir -p build_release
+mkdir -p release
 cd build_release
 
-for board in adafruit_feather_rp2040 \
+for board in 0xcb_helios \
+    adafruit_feather_rp2040_usb_host \
+    adafruit_feather_rp2040 \
     adafruit_itsybitsy_rp2040 \
     adafruit_kb2040 \
     adafruit_macropad_rp2040 \
     adafruit_qtpy_rp2040 \
     adafruit_trinkey_qt2040 \
+    amethyst_fpga \
+    archi \
     arduino_nano_rp2040_connect \
+    cytron_maker_pi_rp2040 \
     datanoisetv_rp2040_dsp \
     eetree_gamekit_rp2040 \
     garatronic_pybstick26_rp2040 \
+    gen4_rp2350_24 \
+    gen4_rp2350_24ct \
+    gen4_rp2350_24t \
+    gen4_rp2350_28 \
+    gen4_rp2350_28ct \
+    gen4_rp2350_28t \
+    gen4_rp2350_32 \
+    gen4_rp2350_32ct \
+    gen4_rp2350_32t \
+    gen4_rp2350_35 \
+    gen4_rp2350_35ct \
+    gen4_rp2350_35t \
+    hellbender_2350A_devboard \
+    ilabs_challenger_rp2350_bconnect \
+    ilabs_challenger_rp2350_wifi_ble \
+    ilabs_opendec02 \
+    melopero_perpetuo_rp2350_lora \
     melopero_shake_rp2040 \
+    metrotech_xerxes_rp2040 \
+    net8086_usb_interposer \
     nullbits_bit_c_pro \
+    phyx_rick_tny_rp2350 \
+    pi-plates_micropi \
     pico \
     pico_w \
+    pico2 \
     pimoroni_badger2040 \
     pimoroni_interstate75 \
     pimoroni_keybow2040 \
     pimoroni_motor2040 \
     pimoroni_pga2040 \
+    pimoroni_pga2350 \
+    pimoroni_pico_plus2_rp2350 \
     pimoroni_picolipo_4mb \
     pimoroni_picolipo_16mb \
     pimoroni_picosystem \
     pimoroni_plasma2040 \
+    pimoroni_plasma2350 \
     pimoroni_servo2040 \
     pimoroni_tiny2040 \
     pimoroni_tiny2040_2mb \
+    pimoroni_tiny2350 \
     pololu_3pi_2040_robot \
+    pololu_zumo_2040_robot \
     seeed_xiao_rp2040 \
+    seeed_xiao_rp2350 \
     solderparty_rp2040_stamp \
     solderparty_rp2040_stamp_carrier \
     solderparty_rp2040_stamp_round_carrier \
+    solderparty_rp2350_stamp_xl \
+    solderparty_rp2350_stamp \
     sparkfun_micromod \
     sparkfun_promicro \
+    sparkfun_promicro_rp2350 \
     sparkfun_thingplus \
+    switchscience_picossci2_conta_base \
+    switchscience_picossci2_dev_board \
+    switchscience_picossci2_micro \
+    switchscience_picossci2_rp2350_breakout \
+    switchscience_picossci2_tiny \
+    tinycircuits_thumby_color_rp2350 \
     vgaboard \
     waveshare_rp2040_lcd_0.96 \
     waveshare_rp2040_lcd_1.28 \
@@ -47,11 +95,14 @@ for board in adafruit_feather_rp2040 \
     waveshare_rp2040_plus_4mb \
     waveshare_rp2040_plus_16mb \
     waveshare_rp2040_zero \
+    weact_studio_rp2040_2mb \
+    weact_studio_rp2040_4mb \
+    weact_studio_rp2040_8mb \
+    weact_studio_rp2040_16mb \
     wiznet_w5100s_evb_pico
 do
     rm -rf *
-    PICO_SDK_PATH=../../pico-sdk cmake .. -DPICO_BOARD=$board
+    PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}" cmake .. -DPICO_BOARD=$board
-    make -kj20
+    make -j`nproc`
-    mv pico_openpgp.uf2 ../release/pico_openpgp_$board-$VERSION_MAJOR.$VERSION_MINOR.uf2
+    mv pico_openpgp.uf2 ../release/pico_openpgp_$board-$SUFFIX.uf2
-
 done

patch_vidpid.sh

@@ -17,7 +17,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 
-VERSION_MAJOR="4" #Version of Pico CCID Core
+VERSION_MAJOR="5" #Version of Pico Keys SDK
 VERSION_MINOR="0"
 
 echo "----------------------------"

pico_sdk_import.cmake

@@ -18,9 +18,20 @@ if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_P
     message("Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')")
 endif ()
 
+if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_TAG} AND (NOT PICO_SDK_FETCH_FROM_GIT_TAG))
+    set(PICO_SDK_FETCH_FROM_GIT_TAG $ENV{PICO_SDK_FETCH_FROM_GIT_TAG})
+    message("Using PICO_SDK_FETCH_FROM_GIT_TAG from environment ('${PICO_SDK_FETCH_FROM_GIT_TAG}')")
+endif ()
+
+if (PICO_SDK_FETCH_FROM_GIT AND NOT PICO_SDK_FETCH_FROM_GIT_TAG)
+  set(PICO_SDK_FETCH_FROM_GIT_TAG "master")
+  message("Using master as default value for PICO_SDK_FETCH_FROM_GIT_TAG")
+endif()
+
 set(PICO_SDK_PATH "${PICO_SDK_PATH}" CACHE PATH "Path to the Raspberry Pi Pico SDK")
 set(PICO_SDK_FETCH_FROM_GIT "${PICO_SDK_FETCH_FROM_GIT}" CACHE BOOL "Set to ON to fetch copy of SDK from git if not otherwise locatable")
 set(PICO_SDK_FETCH_FROM_GIT_PATH "${PICO_SDK_FETCH_FROM_GIT_PATH}" CACHE FILEPATH "location to download SDK")
+set(PICO_SDK_FETCH_FROM_GIT_TAG "${PICO_SDK_FETCH_FROM_GIT_TAG}" CACHE FILEPATH "release tag for SDK")
 
 if (NOT PICO_SDK_PATH)
     if (PICO_SDK_FETCH_FROM_GIT)
@@ -29,11 +40,22 @@ if (NOT PICO_SDK_PATH)
         if (PICO_SDK_FETCH_FROM_GIT_PATH)
             get_filename_component(FETCHCONTENT_BASE_DIR "${PICO_SDK_FETCH_FROM_GIT_PATH}" REALPATH BASE_DIR "${CMAKE_SOURCE_DIR}")
         endif ()
+        # GIT_SUBMODULES_RECURSE was added in 3.17
+        if (${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.17.0")
             FetchContent_Declare(
                     pico_sdk
                     GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
-                GIT_TAG master
+                    GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
+                    GIT_SUBMODULES_RECURSE FALSE
             )
+        else ()
+            FetchContent_Declare(
+                    pico_sdk
+                    GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk
+                    GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG}
+            )
+        endif ()
+
         if (NOT pico_sdk)
             message("Downloading Raspberry Pi Pico SDK")
             FetchContent_Populate(pico_sdk)

sdkconfig.defaults

@@ -0,0 +1,56 @@
+# This file was generated using idf.py save-defconfig. It can be edited manually.
+# Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration
+#
+IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1
+
+CONFIG_TINYUSB=y
+CONFIG_TINYUSB_TASK_STACK_SIZE=16384
+
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/config/esp32/partitions.csv"
+CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
+CONFIG_WL_SECTOR_SIZE_512=y
+CONFIG_WL_SECTOR_MODE_PERF=y
+COMPILER_OPTIMIZATION="Performance"
+
+CONFIG_MBEDTLS_CMAC_C=y
+CONFIG_MBEDTLS_CHACHA20_C=y
+CONFIG_MBEDTLS_POLY1305_C=y
+CONFIG_MBEDTLS_CHACHAPOLY_C=y
+CONFIG_MBEDTLS_HKDF_C=y
+CONFIG_MBEDTLS_HARDWARE_ECC=y
+CONFIG_MBEDTLS_HARDWARE_GCM=y
+CONFIG_MBEDTLS_DES_C=y
+# CONFIG_MBEDTLS_HARDWARE_MPI is not set
+CONFIG_MBEDTLS_HARDWARE_SHA=y
+CONFIG_MBEDTLS_HARDWARE_AES=y
+# CONFIG_MBEDTLS_ROM_MD5 is not set
+CONFIG_MBEDTLS_SHA512_C=y
+CONFIG_MBEDTLS_TLS_DISABLED=y
+# CONFIG_MBEDTLS_TLS_ENABLED is not set
+# CONFIG_ESP_TLS_USE_DS_PERIPHERAL is not set
+# CONFIG_ESP_WIFI_ENABLED is not set
+# CONFIG_ESP_WIFI_MBEDTLS_CRYPTO is not set
+# CONFIG_ESP_WIFI_MBEDTLS_TLS_CLIENT is not set
+# CONFIG_WPA_MBEDTLS_CRYPTO is not set
+# CONFIG_MBEDTLS_PSK_MODES is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_RSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA is not set
+# CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA is not set
+# CONFIG_MBEDTLS_SSL_RENEGOTIATION is not set
+# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1 is not set
+# CONFIG_MBEDTLS_SSL_PROTO_DTLS is not set
+# CONFIG_MBEDTLS_SSL_ALPN is not set
+# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS is not set
+# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP32_WIFI_ENABLE_WPA3_OWE_STA is not set
+# CONFIG_ESP_WIFI_ENABLE_WPA3_SAE is not set
+# CONFIG_ESP_WIFI_ENABLE_WPA3_OWE_STA is not set
+
+CONFIG_ESP_COREDUMP_ENABLE_TO_UART=y

src/openpgp/CMakeLists.txt

@@ -0,0 +1,6 @@
+idf_component_register(
+    SRCS ${SOURCES}
+    INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb
+    REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse
+)
+idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)

src/openpgp/cmd_activate_file.c

@@ -0,0 +1,22 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_activate_file() {
+    return SW_OK();
+}

src/openpgp/cmd_challenge.c

@@ -0,0 +1,29 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "random.h"
+
+int cmd_challenge() {
+    uint8_t *rb = (uint8_t *) random_bytes_get(apdu.ne);
+    if (!rb) {
+        return SW_WRONG_LENGTH();
+    }
+    memcpy(res_APDU, rb, apdu.ne);
+    res_APDU_size = apdu.ne;
+    return SW_OK();
+}

src/openpgp/cmd_change_pin.c

@@ -0,0 +1,69 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "otp.h"
+
+int cmd_change_pin() {
+    if (P1(apdu) != 0x0) {
+        return SW_WRONG_P1P2();
+    }
+    uint16_t fid = 0x1000 | P2(apdu);
+    file_t *pw;
+    if (!(pw = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    uint8_t pin_len = file_get_data(pw)[0];
+    uint16_t r = 0;
+    if ((r = load_dek()) != PICOKEY_OK) {
+        return SW_EXEC_ERROR();
+    }
+
+    if (otp_key_1) {
+        for (int i = 0; i < 32; i++) {
+            dek[IV_SIZE + i] ^= otp_key_1[i];
+        }
+    }
+    r = check_pin(pw, apdu.data, pin_len);
+    if (r != 0x9000) {
+        return r;
+    }
+    uint8_t dhash[33];
+    dhash[0] = apdu.nc - pin_len;
+    double_hash_pin(apdu.data + pin_len, apdu.nc - pin_len, dhash + 1);
+    file_put_data(pw, dhash, sizeof(dhash));
+
+    file_t *tf = search_by_fid(EF_DEK, NULL, SPECIFY_EF);
+    if (!tf) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    uint8_t def[IV_SIZE + 32 + 32 + 32 + 32] = {0};
+    memcpy(def, file_get_data(tf), file_get_size(tf));
+    if (P2(apdu) == 0x81) {
+        hash_multi(apdu.data + pin_len, apdu.nc - pin_len, session_pw1);
+        memcpy(def + IV_SIZE, dek + IV_SIZE, 32);
+        aes_encrypt_cfb_256(session_pw1, def, def + IV_SIZE, 32);
+    }
+    else if (P2(apdu) == 0x83) {
+        hash_multi(apdu.data + pin_len, apdu.nc - pin_len, session_pw3);
+        memcpy(def + IV_SIZE + 32 + 32, dek + IV_SIZE, 32);
+        aes_encrypt_cfb_256(session_pw3, def, def + IV_SIZE + 32 + 32, 32);
+    }
+    file_put_data(tf, def, sizeof(def));
+    low_flash_available();
+    return SW_OK();
+}

src/openpgp/cmd_get_data.c

@@ -0,0 +1,91 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "asn1.h"
+
+int cmd_get_data() {
+    if (apdu.nc > 0) {
+        return SW_WRONG_LENGTH();
+    }
+    uint16_t fid = (P1(apdu) << 8) | P2(apdu);
+    file_t *ef;
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!authenticate_action(ef, ACL_OP_READ_SEARCH)) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    if (currentEF && (currentEF->fid & 0x1FF0) == (fid & 0x1FF0)) { //previously selected
+        ef = currentEF;
+    }
+    else {
+        select_file(ef);
+    }
+    if (ef->data) {
+        uint16_t fids[] = { 1, fid };
+        uint16_t data_len = parse_do(fids, 1);
+        uint8_t *p = NULL;
+        uint16_t tg = 0;
+        uint16_t tg_len = 0;
+        asn1_ctx_t ctxi;
+        asn1_ctx_init(res_APDU, data_len, &ctxi);
+        if (walk_tlv(&ctxi, &p, &tg, &tg_len, NULL)) {
+            uint8_t dec = 2;
+            if ((tg & 0x1f) == 0x1f) {
+                dec++;
+            }
+            if ((res_APDU[dec - 1] & 0xF0) == 0x80) {
+                dec += (res_APDU[dec - 1] & 0x0F);
+            }
+            if (tg_len + dec == data_len) {
+                memmove(res_APDU, res_APDU + dec, data_len - dec);
+                data_len -= dec;
+                res_APDU_size -= dec;
+            }
+        }
+        //if (apdu.ne > data_len)
+        //    apdu.ne = data_len;
+    }
+    return SW_OK();
+}
+
+int cmd_get_next_data() {
+    file_t *ef = NULL;
+    if (apdu.nc > 0) {
+        return SW_WRONG_LENGTH();
+    }
+    if (!currentEF) {
+        return SW_RECORD_NOT_FOUND();
+    }
+    uint16_t fid = (P1(apdu) << 8) | P2(apdu);
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!authenticate_action(ef, ACL_OP_UPDATE_ERASE)) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    if ((currentEF->fid & 0x1FF0) != (fid & 0x1FF0)) {
+        return SW_WRONG_P1P2();
+    }
+    fid = currentEF->fid + 1; //curentEF contains private DO. so, we select the next one
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    select_file(ef);
+    return cmd_get_data();
+}

src/openpgp/cmd_import_data.c

@@ -0,0 +1,208 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef ESP_PLATFORM
+#include "esp_compat.h"
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#else
+#include "common.h"
+#endif
+#include "openpgp.h"
+#include "random.h"
+#include "do.h"
+
+uint16_t tag_len(uint8_t **data) {
+    size_t len = *(*data)++;
+    if (len == 0x82) {
+        len = *(*data)++ << 8;
+        len |= *(*data)++;
+    }
+    else if (len == 0x81) {
+        len = *(*data)++;
+    }
+    return len;
+}
+
+int cmd_import_data() {
+    file_t *ef = NULL;
+    uint16_t fid = 0x0;
+    if (P1(apdu) != 0x3F || P2(apdu) != 0xFF) {
+        return SW_WRONG_P1P2();
+    }
+    if (apdu.nc < 5) {
+        return SW_WRONG_LENGTH();
+    }
+    uint8_t *start = apdu.data;
+    if (*start++ != 0x4D) {
+        return SW_WRONG_DATA();
+    }
+    uint16_t tgl = tag_len(&start);
+    if (*start != 0xB6 && *start != 0xB8 && *start != 0xA4) {
+        return SW_WRONG_DATA();
+    }
+    if (*start == 0xB6) {
+        fid = EF_PK_SIG;
+    }
+    else if (*start == 0xB8) {
+        fid = EF_PK_DEC;
+    }
+    else if (*start == 0xA4) {
+        fid = EF_PK_AUT;
+    }
+    else {
+        return SW_WRONG_DATA();
+    }
+    start++;
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!authenticate_action(ef, ACL_OP_UPDATE_ERASE)) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    start += (*start + 1);
+    if (*start++ != 0x7F || *start++ != 0x48) {
+        return SW_WRONG_DATA();
+    }
+    tgl = tag_len(&start);
+    uint8_t *end = start + tgl, *p[9] = { 0 };
+    uint16_t len[9] = { 0 };
+    while (start < end) {
+        uint8_t tag = *start++;
+        if ((tag >= 0x91 && tag <= 0x97) || tag == 0x99) {
+            len[tag - 0x91] = tag_len(&start);
+        }
+        else {
+            return SW_WRONG_DATA();
+        }
+    }
+    if (*start++ != 0x5F || *start++ != 0x48) {
+        return SW_WRONG_DATA();
+    }
+    tgl = tag_len(&start);
+    end = start + tgl;
+    for (int t = 0; start < end && t < 9; t++) {
+        if (len[t] > 0) {
+            p[t] = start;
+            start += len[t];
+        }
+    }
+
+    file_t *algo_ef = search_by_fid(fid - 0x0010, NULL, SPECIFY_EF);
+    if (!algo_ef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    const uint8_t *algo = algorithm_attr_rsa2k + 1;
+    uint16_t algo_len = algorithm_attr_rsa2k[0];
+    if (algo_ef && algo_ef->data) {
+        algo = file_get_data(algo_ef);
+        algo_len = file_get_size(algo_ef);
+    }
+    int r = 0;
+    if (algo[0] == ALGO_RSA) {
+        mbedtls_rsa_context rsa;
+        if (p[0] == NULL || len[0] == 0 || p[1] == NULL || len[1] == 0 || p[2] == NULL ||
+            len[2] == 0) {
+            return SW_WRONG_DATA();
+        }
+        mbedtls_rsa_init(&rsa);
+        r = mbedtls_mpi_read_binary(&rsa.E, p[0], len[0]);
+        if (r != 0) {
+            mbedtls_rsa_free(&rsa);
+            return SW_EXEC_ERROR();
+        }
+        r = mbedtls_mpi_read_binary(&rsa.P, p[1], len[1]);
+        if (r != 0) {
+            mbedtls_rsa_free(&rsa);
+            return SW_EXEC_ERROR();
+        }
+        r = mbedtls_mpi_read_binary(&rsa.Q, p[2], len[2]);
+        if (r != 0) {
+            mbedtls_rsa_free(&rsa);
+            return SW_EXEC_ERROR();
+        }
+        r = mbedtls_rsa_import(&rsa, NULL, &rsa.P, &rsa.Q, NULL, &rsa.E);
+        if (r != 0) {
+            mbedtls_rsa_free(&rsa);
+            return SW_EXEC_ERROR();
+        }
+        r = mbedtls_rsa_complete(&rsa);
+        if (r != 0) {
+            mbedtls_rsa_free(&rsa);
+            return SW_EXEC_ERROR();
+        }
+        r = mbedtls_rsa_check_privkey(&rsa);
+        if (r != 0) {
+            mbedtls_rsa_free(&rsa);
+            return SW_EXEC_ERROR();
+        }
+        r = store_keys(&rsa, ALGO_RSA, fid, true);
+        make_rsa_response(&rsa);
+        mbedtls_rsa_free(&rsa);
+        if (r != PICOKEY_OK) {
+            return SW_EXEC_ERROR();
+        }
+    }
+    else if (algo[0] == ALGO_ECDSA || algo[0] == ALGO_ECDH) {
+        mbedtls_ecdsa_context ecdsa;
+        if (p[1] == NULL || len[1] == 0) {
+            return SW_WRONG_DATA();
+        }
+        mbedtls_ecp_group_id gid = get_ec_group_id_from_attr(algo + 1, algo_len - 1);
+        if (gid == MBEDTLS_ECP_DP_NONE) {
+            return SW_FUNC_NOT_SUPPORTED();
+        }
+        mbedtls_ecdsa_init(&ecdsa);
+        if (gid == MBEDTLS_ECP_DP_CURVE25519) {
+            mbedtls_ecp_group_load(&ecdsa.grp, gid);
+            r = mbedtls_mpi_read_binary(&ecdsa.d, p[1], len[1]);
+        }
+        else {
+            r = mbedtls_ecp_read_key(gid, &ecdsa, p[1], len[1]);
+        }
+        if (r != 0) {
+            mbedtls_ecdsa_free(&ecdsa);
+            return SW_EXEC_ERROR();
+        }
+        r = mbedtls_ecp_mul(&ecdsa.grp, &ecdsa.Q, &ecdsa.d, &ecdsa.grp.G, random_gen, NULL);
+        if (r != 0) {
+            mbedtls_ecdsa_free(&ecdsa);
+            return SW_EXEC_ERROR();
+        }
+        r = store_keys(&ecdsa, ALGO_ECDSA, fid, true);
+        make_ecdsa_response(&ecdsa);
+        mbedtls_ecdsa_free(&ecdsa);
+        if (r != PICOKEY_OK) {
+            return SW_EXEC_ERROR();
+        }
+    }
+    else {
+        return SW_FUNC_NOT_SUPPORTED();
+    }
+    if (fid == EF_PK_SIG) {
+        reset_sig_count();
+    }
+    file_t *pbef = search_by_fid(fid + 3, NULL, SPECIFY_EF);
+    if (!pbef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    r = file_put_data(pbef, res_APDU, res_APDU_size);
+    if (r != PICOKEY_OK) {
+        return SW_EXEC_ERROR();
+    }
+    res_APDU_size = 0; //make_*_response sets a response. we need to overwrite
+    return SW_OK();
+}

src/openpgp/cmd_internal_aut.c

@@ -0,0 +1,77 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "do.h"
+
+int cmd_internal_aut() {
+    if (P1(apdu) != 0x00 || P2(apdu) != 0x00) {
+        return SW_WRONG_P1P2();
+    }
+    if (!has_pw3 && !has_pw2) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    file_t *algo_ef = search_by_fid(algo_aut, NULL, SPECIFY_EF);
+    if (!algo_ef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    const uint8_t *algo = algorithm_attr_rsa2k + 1;
+    if (algo_ef && algo_ef->data) {
+        algo = file_get_data(algo_ef);
+    }
+    file_t *ef = search_by_fid(pk_aut, NULL, SPECIFY_EF);
+    if (!ef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (wait_button_pressed(EF_UIF_AUT) == true) {
+        return SW_SECURE_MESSAGE_EXEC_ERROR();
+    }
+    int r = PICOKEY_OK;
+    if (algo[0] == ALGO_RSA) {
+        mbedtls_rsa_context ctx;
+        mbedtls_rsa_init(&ctx);
+        r = load_private_key_rsa(&ctx, ef, true);
+        if (r != PICOKEY_OK) {
+            mbedtls_rsa_free(&ctx);
+            return SW_EXEC_ERROR();
+        }
+        size_t olen = 0;
+        r = rsa_sign(&ctx, apdu.data, apdu.nc, res_APDU, &olen);
+        mbedtls_rsa_free(&ctx);
+        if (r != 0) {
+            return SW_EXEC_ERROR();
+        }
+        res_APDU_size = olen;
+    }
+    else if (algo[0] == ALGO_ECDH || algo[0] == ALGO_ECDSA) {
+        mbedtls_ecdsa_context ctx;
+        mbedtls_ecdsa_init(&ctx);
+        r = load_private_key_ecdsa(&ctx, ef, true);
+        if (r != PICOKEY_OK) {
+            mbedtls_ecdsa_free(&ctx);
+            return SW_EXEC_ERROR();
+        }
+        size_t olen = 0;
+        r = ecdsa_sign(&ctx, apdu.data, apdu.nc, res_APDU, &olen);
+        mbedtls_ecdsa_free(&ctx);
+        if (r != 0) {
+            return SW_EXEC_ERROR();
+        }
+        res_APDU_size = olen;
+    }
+    return SW_OK();
+}

src/openpgp/cmd_keypair_gen.c

@@ -0,0 +1,138 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "do.h"
+#include "random.h"
+
+int cmd_keypair_gen() {
+    if (P2(apdu) != 0x0) {
+        return SW_INCORRECT_P1P2();
+    }
+    if (apdu.nc != 2 && apdu.nc != 5) {
+        return SW_WRONG_LENGTH();
+    }
+    if (!has_pw3 && P1(apdu) == 0x80) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+
+    uint16_t fid = 0x0;
+    int r = PICOKEY_OK;
+    if (apdu.data[0] == 0xB6) {
+        fid = EF_PK_SIG;
+    }
+    else if (apdu.data[0] == 0xB8) {
+        fid = EF_PK_DEC;
+    }
+    else if (apdu.data[0] == 0xA4) {
+        fid = EF_PK_AUT;
+    }
+    else {
+        return SW_WRONG_DATA();
+    }
+
+    file_t *algo_ef = search_by_fid(fid - 0x0010, NULL, SPECIFY_EF);
+    if (!algo_ef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    const uint8_t *algo = algorithm_attr_rsa2k + 1;
+    uint16_t algo_len = algorithm_attr_rsa2k[0];
+    if (algo_ef && algo_ef->data) {
+        algo = file_get_data(algo_ef);
+        algo_len = file_get_size(algo_ef);
+    }
+    if (P1(apdu) == 0x80) { //generate
+        if (algo[0] == ALGO_RSA) {
+            int exponent = 65537, nlen = (algo[1] << 8) | algo[2];
+            printf("KEYPAIR RSA %d\r\n", nlen);
+            //if (nlen != 2048 && nlen != 4096)
+            //    return SW_FUNC_NOT_SUPPORTED();
+            mbedtls_rsa_context rsa;
+            mbedtls_rsa_init(&rsa);
+            uint8_t index = 0;
+            r = mbedtls_rsa_gen_key(&rsa, random_gen, &index, nlen, exponent);
+            if (r != 0) {
+                mbedtls_rsa_free(&rsa);
+                return SW_EXEC_ERROR();
+            }
+            r = store_keys(&rsa, ALGO_RSA, fid, true);
+            make_rsa_response(&rsa);
+            mbedtls_rsa_free(&rsa);
+            if (r != PICOKEY_OK) {
+                return SW_EXEC_ERROR();
+            }
+        }
+        else if (algo[0] == ALGO_ECDH || algo[0] == ALGO_ECDSA) {
+            printf("KEYPAIR ECDSA\r\n");
+            mbedtls_ecp_group_id gid = get_ec_group_id_from_attr(algo + 1, algo_len - 1);
+            if (gid == MBEDTLS_ECP_DP_NONE) {
+                return SW_FUNC_NOT_SUPPORTED();
+            }
+            mbedtls_ecdsa_context ecdsa;
+            mbedtls_ecdsa_init(&ecdsa);
+            uint8_t index = 0;
+            r = mbedtls_ecdsa_genkey(&ecdsa, gid, random_gen, &index);
+            if (r != 0) {
+                mbedtls_ecdsa_free(&ecdsa);
+                return SW_EXEC_ERROR();
+            }
+            r = store_keys(&ecdsa, algo[0], fid, true);
+            make_ecdsa_response(&ecdsa);
+            mbedtls_ecdsa_free(&ecdsa);
+            if (r != PICOKEY_OK) {
+                return SW_EXEC_ERROR();
+            }
+        }
+        else {
+            return SW_FUNC_NOT_SUPPORTED();
+        }
+        file_t *pbef = search_by_fid(fid + 3, NULL, SPECIFY_EF);
+        if (!pbef) {
+            return SW_REFERENCE_NOT_FOUND();
+        }
+        r = file_put_data(pbef, res_APDU, res_APDU_size);
+        if (r != PICOKEY_OK) {
+            return SW_EXEC_ERROR();
+        }
+        if (fid == EF_PK_SIG) {
+            reset_sig_count();
+        }
+        else if (fid == EF_PK_DEC) {
+            // OpenPGP does not allow generating AES keys. So, we generate a new one when gen for DEC is called.
+            // It is a 256 AES key by default.
+            uint8_t aes_key[32]; //maximum AES key size
+            uint8_t key_size = 32;
+            memcpy(aes_key, random_bytes_get(key_size), key_size);
+            r = store_keys(aes_key, ALGO_AES_256, EF_AES_KEY, true);
+            /* if storing the key fails, we silently continue */
+            //if (r != PICOKEY_OK)
+            //    return SW_EXEC_ERROR();
+        }
+        low_flash_available();
+        return SW_OK();
+    }
+    else if (P1(apdu) == 0x81) { //read
+        file_t *ef = search_by_fid(fid + 3, NULL, SPECIFY_EF);
+        if (!ef || !ef->data) {
+            return SW_REFERENCE_NOT_FOUND();
+        }
+        res_APDU_size = file_get_size(ef);
+        memcpy(res_APDU, file_get_data(ef), res_APDU_size);
+        return SW_OK();
+    }
+    return SW_INCORRECT_P1P2();
+}

src/openpgp/cmd_mse.c

@@ -0,0 +1,49 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_mse() {
+    if (P1(apdu) != 0x41 || (P2(apdu) != 0xA4 && P2(apdu) != 0xB8)) {
+        return SW_WRONG_P1P2();
+    }
+    if (apdu.data[0] != 0x83 || apdu.data[1] != 0x1 ||
+        (apdu.data[2] != 0x2 && apdu.data[2] != 0x3)) {
+        return SW_WRONG_DATA();
+    }
+    if (P2(apdu) == 0xA4) {
+        if (apdu.data[2] == 0x2) {
+            algo_dec = EF_ALGO_PRIV2;
+            pk_dec = EF_PK_DEC;
+        }
+        else if (apdu.data[2] == 0x3) {
+            algo_dec = EF_ALGO_PRIV3;
+            pk_dec = EF_PK_AUT;
+        }
+    }
+    else if (P2(apdu) == 0xB8) {
+        if (apdu.data[2] == 0x2) {
+            algo_aut = EF_ALGO_PRIV2;
+            pk_aut = EF_PK_DEC;
+        }
+        else if (apdu.data[2] == 0x3) {
+            algo_aut = EF_ALGO_PRIV3;
+            pk_aut = EF_PK_AUT;
+        }
+    }
+    return SW_OK();
+}

src/openpgp/cmd_pso.c

@@ -0,0 +1,213 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef ESP_PLATFORM
+#include "esp_compat.h"
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#else
+#include "common.h"
+#endif
+#include "openpgp.h"
+#include "do.h"
+#include "random.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/asn1.h"
+
+int cmd_pso() {
+    uint16_t algo_fid = 0x0, pk_fid = 0x0;
+    bool is_aes = false;
+    if (P1(apdu) == 0x9E && P2(apdu) == 0x9A) {
+        if (!has_pw3 && !has_pw1) {
+            return SW_SECURITY_STATUS_NOT_SATISFIED();
+        }
+        algo_fid = EF_ALGO_PRIV1;
+        pk_fid = EF_PK_SIG;
+    }
+    else if (P1(apdu) == 0x80 && P2(apdu) == 0x86) {
+        if (!has_pw3 && !has_pw2) {
+            return SW_SECURITY_STATUS_NOT_SATISFIED();
+        }
+        algo_fid = algo_dec;
+        pk_fid = pk_dec;
+    }
+    else {
+        return SW_INCORRECT_P1P2();
+    }
+    file_t *algo_ef = search_by_fid(algo_fid, NULL, SPECIFY_EF);
+    if (!algo_ef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    const uint8_t *algo = algorithm_attr_rsa2k + 1;
+    if (algo_ef && algo_ef->data) {
+        algo = file_get_data(algo_ef);
+    }
+    if (apdu.data[0] == 0x2) { //AES PSO?
+        if (((apdu.nc - 1) % 16 == 0 && P1(apdu) == 0x80 && P2(apdu) == 0x86) ||
+            (apdu.nc % 16 == 0 && P1(apdu) == 0x86 && P2(apdu) == 0x80)) {
+            pk_fid = EF_AES_KEY;
+            is_aes = true;
+        }
+    }
+    file_t *ef = search_by_fid(pk_fid, NULL, SPECIFY_EF);
+    if (!ef) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (wait_button_pressed(pk_fid == EF_PK_SIG ? EF_UIF_SIG : EF_UIF_DEC) == true) {
+        return SW_SECURE_MESSAGE_EXEC_ERROR();
+    }
+    int r = PICOKEY_OK;
+    int key_size = file_get_size(ef);
+    if (is_aes) {
+        uint8_t aes_key[32];
+        r = load_aes_key(aes_key, ef);
+        if (r != PICOKEY_OK) {
+            memset(aes_key, 0, sizeof(aes_key));
+            return SW_EXEC_ERROR();
+        }
+        if (P1(apdu) == 0x80 && P2(apdu) == 0x86) { //decipher
+            r = aes_decrypt(aes_key, NULL, key_size, PICO_KEYS_AES_MODE_CBC, apdu.data + 1, apdu.nc - 1);
+            memset(aes_key, 0, sizeof(aes_key));
+            if (r != PICOKEY_OK) {
+                return SW_EXEC_ERROR();
+            }
+            memcpy(res_APDU, apdu.data + 1, apdu.nc - 1);
+            res_APDU_size = apdu.nc - 1;
+        }
+        else if (P1(apdu) == 0x86 && P2(apdu) == 0x80) { //encipher
+            r = aes_encrypt(aes_key, NULL, key_size, PICO_KEYS_AES_MODE_CBC, apdu.data, apdu.nc);
+            memset(aes_key, 0, sizeof(aes_key));
+            if (r != PICOKEY_OK) {
+                return SW_EXEC_ERROR();
+            }
+            res_APDU[0] = 0x2;
+            memcpy(res_APDU + 1, apdu.data, apdu.nc);
+            res_APDU_size = apdu.nc + 1;
+        }
+        return SW_OK();
+    }
+    if (algo[0] == ALGO_RSA) {
+        mbedtls_rsa_context ctx;
+        mbedtls_rsa_init(&ctx);
+        r = load_private_key_rsa(&ctx, ef, true);
+        if (r != PICOKEY_OK) {
+            mbedtls_rsa_free(&ctx);
+            return SW_EXEC_ERROR();
+        }
+        if (P1(apdu) == 0x9E && P2(apdu) == 0x9A) {
+            size_t olen = 0;
+            r = rsa_sign(&ctx, apdu.data, apdu.nc, res_APDU, &olen);
+            mbedtls_rsa_free(&ctx);
+            if (r != 0) {
+                return SW_EXEC_ERROR();
+            }
+            res_APDU_size = olen;
+            //apdu.ne = key_size;
+            inc_sig_count();
+        }
+        else if (P1(apdu) == 0x80 && P2(apdu) == 0x86) {
+            if (apdu.nc < key_size) { //needs padding
+                memset(apdu.data + apdu.nc, 0, key_size - apdu.nc);
+            }
+            size_t olen = 0;
+            r = mbedtls_rsa_pkcs1_decrypt(&ctx,
+                                          random_gen,
+                                          NULL,
+                                          &olen,
+                                          apdu.data + 1,
+                                          res_APDU,
+                                          key_size);
+            mbedtls_rsa_free(&ctx);
+            if (r != 0) {
+                return SW_EXEC_ERROR();
+            }
+            res_APDU_size = olen;
+        }
+    }
+    else if (algo[0] == ALGO_ECDH || algo[0] == ALGO_ECDSA) {
+        if (P1(apdu) == 0x9E && P2(apdu) == 0x9A) {
+            mbedtls_ecdsa_context ctx;
+            mbedtls_ecdsa_init(&ctx);
+            r = load_private_key_ecdsa(&ctx, ef, true);
+            if (r != PICOKEY_OK) {
+                mbedtls_ecdsa_free(&ctx);
+                return SW_EXEC_ERROR();
+            }
+            size_t olen = 0;
+            r = ecdsa_sign(&ctx, apdu.data, apdu.nc, res_APDU, &olen);
+            mbedtls_ecdsa_free(&ctx);
+            if (r != 0) {
+                return SW_EXEC_ERROR();
+            }
+            res_APDU_size = olen;
+            inc_sig_count();
+        }
+        else if (P1(apdu) == 0x80 && P2(apdu) == 0x86) {
+            mbedtls_ecdh_context ctx;
+            uint8_t kdata[67];
+            uint8_t *data = apdu.data, *end = data + apdu.nc;
+            size_t len = 0;
+            if (mbedtls_asn1_get_tag(&data, end, &len, 0xA6) != 0) {
+                return SW_WRONG_DATA();
+            }
+            if (*data++ != 0x7f) {
+                return SW_WRONG_DATA();
+            }
+            if (mbedtls_asn1_get_tag(&data, end, &len,
+                                     0x49) != 0 ||
+                mbedtls_asn1_get_tag(&data, end, &len, 0x86) != 0) {
+                return SW_WRONG_DATA();
+            }
+            //if (len != 2*key_size-1)
+            //    return SW_WRONG_LENGTH();
+            memcpy(kdata, file_get_data(ef), key_size);
+            if (dek_decrypt(kdata, key_size) != 0) {
+                return SW_EXEC_ERROR();
+            }
+            mbedtls_ecdh_init(&ctx);
+            mbedtls_ecp_group_id gid = kdata[0];
+            r = mbedtls_ecdh_setup(&ctx, gid);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_DATA_INVALID();
+            }
+            r = mbedtls_ecp_read_key(gid, (mbedtls_ecdsa_context *)&ctx.ctx.mbed_ecdh, kdata + 1, key_size - 1);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_DATA_INVALID();
+            }
+            r = mbedtls_ecdh_read_public(&ctx, data - 1, len + 1);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_DATA_INVALID();
+            }
+            size_t olen = 0;
+            r = mbedtls_ecdh_calc_secret(&ctx,
+                                         &olen,
+                                         res_APDU,
+                                         MBEDTLS_ECP_MAX_BYTES,
+                                         random_gen,
+                                         NULL);
+            if (r != 0) {
+                mbedtls_ecdh_free(&ctx);
+                return SW_EXEC_ERROR();
+            }
+            res_APDU_size = olen;
+            mbedtls_ecdh_free(&ctx);
+        }
+    }
+    return SW_OK();
+}

src/openpgp/cmd_put_data.c

@@ -0,0 +1,74 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_put_data() {
+    uint16_t fid = (P1(apdu) << 8) | P2(apdu);
+    file_t *ef;
+    if (fid == EF_RESET_CODE) {
+        fid = EF_RC;
+    }
+    else if (fid == EF_ALGO_SIG || fid == EF_ALGO_DEC || fid == EF_ALGO_AUT) {
+        fid |= 0x1000;
+    }
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!authenticate_action(ef, ACL_OP_UPDATE_ERASE)) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    if (fid == EF_PW_STATUS) {
+        fid = EF_PW_PRIV;
+        apdu.nc = 4; //we silently ommit the reset parameters
+    }
+    if (currentEF && (currentEF->fid & 0x1FF0) == (fid & 0x1FF0)) { //previously selected
+        ef = currentEF;
+    }
+    if (apdu.nc > 0 && (ef->type & FILE_DATA_FLASH)) {
+        int r = 0;
+        if (fid == EF_RC) {
+            has_rc = false;
+            if ((r = load_dek()) != PICOKEY_OK) {
+                return SW_EXEC_ERROR();
+            }
+            uint8_t dhash[33];
+            dhash[0] = apdu.nc;
+            double_hash_pin(apdu.data, apdu.nc, dhash + 1);
+            r = file_put_data(ef, dhash, sizeof(dhash));
+
+            file_t *tf = search_by_fid(EF_DEK, NULL, SPECIFY_EF);
+            if (!tf) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+            uint8_t def[IV_SIZE + 32 + 32 + 32 + 32];
+            memcpy(def, file_get_data(tf), file_get_size(tf));
+            hash_multi(apdu.data, apdu.nc, session_rc);
+            memcpy(def + IV_SIZE + 32, dek + IV_SIZE, 32);
+            aes_encrypt_cfb_256(session_rc, def, def + IV_SIZE + 32, 32);
+            r = file_put_data(tf, def, sizeof(def));
+        }
+        else {
+            r = file_put_data(ef, apdu.data, apdu.nc);
+        }
+        if (r != PICOKEY_OK) {
+            return SW_MEMORY_FAILURE();
+        }
+        low_flash_available();
+    }
+    return SW_OK();
+}

src/openpgp/cmd_reset_retry.c

@@ -0,0 +1,80 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_reset_retry() {
+    if (P2(apdu) != 0x81) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (P1(apdu) == 0x0 || P1(apdu) == 0x2) {
+        int newpin_len = 0;
+        file_t *pw = NULL;
+        has_pw1 = false;
+        if (!(pw = search_by_fid(EF_PW1, NULL, SPECIFY_EF))) {
+            return SW_REFERENCE_NOT_FOUND();
+        }
+        if (P1(apdu) == 0x0) {
+            file_t *rc;
+            if (!(rc = search_by_fid(EF_RC, NULL, SPECIFY_EF))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+            uint8_t pin_len = file_get_data(rc)[0];
+            if (apdu.nc <= pin_len) {
+                return SW_WRONG_LENGTH();
+            }
+            uint16_t r = check_pin(rc, apdu.data, pin_len);
+            if (r != 0x9000) {
+                return r;
+            }
+            newpin_len = apdu.nc - pin_len;
+            has_rc = true;
+            hash_multi(apdu.data, pin_len, session_rc);
+        }
+        else if (P1(apdu) == 0x2) {
+            if (!has_pw3) {
+                return SW_CONDITIONS_NOT_SATISFIED();
+            }
+            newpin_len = apdu.nc;
+        }
+        int r = 0;
+        if ((r = load_dek()) != PICOKEY_OK) {
+            return SW_EXEC_ERROR();
+        }
+        file_t *tf = search_by_fid(EF_DEK, NULL, SPECIFY_EF);
+        if (!tf) {
+            return SW_REFERENCE_NOT_FOUND();
+        }
+        uint8_t def[IV_SIZE + 32 + 32 + 32 + 32];
+        memcpy(def, file_get_data(tf), file_get_size(tf));
+        hash_multi(apdu.data + (apdu.nc - newpin_len), newpin_len, session_pw1);
+        memcpy(def + IV_SIZE, dek + IV_SIZE, 32);
+        aes_encrypt_cfb_256(session_pw1, def, def + IV_SIZE, 32);
+        r = file_put_data(tf, def, sizeof(def));
+
+        uint8_t dhash[33];
+        dhash[0] = newpin_len;
+        double_hash_pin(apdu.data + (apdu.nc - newpin_len), newpin_len, dhash + 1);
+        file_put_data(pw, dhash, sizeof(dhash));
+        if (pin_reset_retries(pw, true) != PICOKEY_OK) {
+            return SW_MEMORY_FAILURE();
+        }
+        low_flash_available();
+        return SW_OK();
+    }
+    return SW_INCORRECT_P1P2();
+}

src/openpgp/cmd_select.c

@@ -0,0 +1,86 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_select() {
+    uint8_t p1 = P1(apdu);
+    uint8_t p2 = P2(apdu);
+    file_t *pe = NULL;
+    uint16_t fid = 0x0;
+
+    if (apdu.nc >= 2) {
+        fid = get_uint16_t_be(apdu.data);
+    }
+
+    if (!pe) {
+        if (p1 == 0x0) { //Select MF, DF or EF - File identifier or absent
+            if (apdu.nc == 0) {
+                pe = (file_t *) MF;
+                //ac_fini();
+            }
+            else if (apdu.nc == 2) {
+                if (!(pe = search_by_fid(fid, NULL, SPECIFY_ANY))) {
+                    return SW_REFERENCE_NOT_FOUND();
+                }
+            }
+        }
+        else if (p1 == 0x01) { //Select child DF - DF identifier
+            if (!(pe = search_by_fid(fid, currentDF, SPECIFY_DF))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+        }
+        else if (p1 == 0x02) { //Select EF under the current DF - EF identifier
+            if (!(pe = search_by_fid(fid, currentDF, SPECIFY_EF))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+        }
+        else if (p1 == 0x03) { //Select parent DF of the current DF - Absent
+            if (apdu.nc != 0) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+        }
+        else if (p1 == 0x04) { //Select by DF name - e.g., [truncated] application identifier
+            if (!(pe = search_by_name(apdu.data, apdu.nc))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+            if (card_terminated) {
+                return set_res_sw(0x62, 0x85);
+            }
+        }
+        else if (p1 == 0x08) { //Select from the MF - Path without the MF identifier
+            if (!(pe = search_by_path(apdu.data, apdu.nc, MF))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+        }
+        else if (p1 == 0x09) { //Select from the current DF - Path without the current DF identifier
+            if (!(pe = search_by_path(apdu.data, apdu.nc, currentDF))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+        }
+    }
+    if ((p2 & 0xfc) == 0x00 || (p2 & 0xfc) == 0x04) {
+        if ((p2 & 0xfc) == 0x04) {
+            process_fci(pe, 0);
+        }
+    }
+    else {
+        return SW_INCORRECT_P1P2();
+    }
+    select_file(pe);
+    return SW_OK();
+}

src/openpgp/cmd_select_data.c

@@ -0,0 +1,54 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_select_data() {
+    file_t *ef = NULL;
+    uint16_t fid = 0x0;
+    if (P2(apdu) != 0x4) {
+        return SW_WRONG_P1P2();
+    }
+    if (apdu.data[0] != 0x60) {
+        return SW_WRONG_DATA();
+    }
+    if (apdu.nc != apdu.data[1] + 2 || apdu.nc < 5) {
+        return SW_WRONG_LENGTH();
+    }
+    if (apdu.data[2] != 0x5C) {
+        return SW_WRONG_DATA();
+    }
+    if (apdu.data[3] == 2) {
+        fid = (apdu.data[4] << 8) | apdu.data[5];
+    }
+    else {
+        fid = apdu.data[4];
+    }
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!authenticate_action(ef, ACL_OP_UPDATE_ERASE)) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    fid &= ~0x6000; //Now get private DO
+    fid += P1(apdu);
+    if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    select_file(ef);
+    return SW_OK();
+}

src/openpgp/cmd_terminate_df.c

@@ -0,0 +1,37 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_terminate_df() {
+    if (P1(apdu) != 0x0 || P2(apdu) != 0x0) {
+        return SW_INCORRECT_P1P2();
+    }
+    file_t *retries;
+    if (!(retries = search_by_fid(EF_PW_PRIV, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!has_pw3 && *(file_get_data(retries) + 6) > 0) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+    if (apdu.nc != 0) {
+        return SW_WRONG_LENGTH();
+    }
+    initialize_flash(true);
+    scan_files();
+    return SW_OK();
+}

src/openpgp/cmd_verify.c

@@ -0,0 +1,67 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+
+int cmd_verify() {
+    uint8_t p1 = P1(apdu);
+    uint8_t p2 = P2(apdu);
+
+    if (p1 == 0xFF) {
+        if (apdu.nc != 0) {
+            return SW_WRONG_DATA();
+        }
+        if (p2 == 0x81) {
+            has_pw1 = false;
+        }
+        else if (p2 == 0x82) {
+            has_pw2 = false;
+        }
+        else if (p2 == 0x83) {
+            has_pw3 = false;
+        }
+        return SW_OK();
+    }
+    else if (p1 != 0x0 || (p2 & 0x60) != 0x0) {
+        return SW_WRONG_P1P2();
+    }
+    uint16_t fid = 0x1000 | p2;
+    if (fid == EF_RC && apdu.nc > 0) {
+        fid = EF_PW1;
+    }
+    file_t *pw, *pw_status;
+    if (!(pw = search_by_fid(fid, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (!(pw_status = search_by_fid(EF_PW_PRIV, NULL, SPECIFY_EF))) {
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (file_get_data(pw)[0] == 0) { //not initialized
+        return SW_REFERENCE_NOT_FOUND();
+    }
+    if (apdu.nc > 0) {
+        return check_pin(pw, apdu.data, apdu.nc);
+    }
+    uint8_t retries = *(file_get_data(pw_status) + 3 + (fid & 0xf));
+    if (retries == 0) {
+        return SW_PIN_BLOCKED();
+    }
+    if ((p2 == 0x81 && has_pw1) || (p2 == 0x82 && has_pw2) || (p2 == 0x83 && has_pw3)) {
+        return SW_OK();
+    }
+    return set_res_sw(0x63, 0xc0 | retries);
+}

src/openpgp/cmd_version.c

@@ -0,0 +1,26 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "version.h"
+
+int cmd_version() {
+    res_APDU[res_APDU_size++] = PIPGP_VERSION_MAJOR;
+    res_APDU[res_APDU_size++] = PIPGP_VERSION_MINOR;
+    res_APDU[res_APDU_size++] = 0x0;
+    return SW_OK();
+}

src/openpgp/do.c

@@ -0,0 +1,386 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "openpgp.h"
+#include "asn1.h"
+
+int parse_do(uint16_t *fids, int mode) {
+    int len = 0;
+    file_t *ef;
+    for (int i = 0; i < fids[0]; i++) {
+        if ((ef = search_by_fid(fids[i + 1], NULL, SPECIFY_EF))) {
+            uint16_t data_len;
+            if ((ef->type & FILE_DATA_FUNC) == FILE_DATA_FUNC) {
+                data_len = ((int (*)(const file_t *, int))(ef->data))((const file_t *) ef, mode);
+            }
+            else {
+                if (ef->data) {
+                    data_len = file_get_size(ef);
+                }
+                else {
+                    data_len = 0;
+                }
+                if (mode == 1) {
+                    if (fids[0] > 1 && res_APDU_size > 0) {
+                        if (fids[i + 1] < 0x0100) {
+                            res_APDU[res_APDU_size++] = fids[i + 1] & 0xff;
+                        }
+                        else {
+                            res_APDU[res_APDU_size++] = fids[i + 1] >> 8;
+                            res_APDU[res_APDU_size++] = fids[i + 1] & 0xff;
+                        }
+                        res_APDU_size += format_tlv_len(data_len, res_APDU + res_APDU_size);
+                    }
+                    if (ef->data) {
+                        memcpy(res_APDU + res_APDU_size, file_get_data(ef), data_len);
+                    }
+                    res_APDU_size += data_len;
+                }
+            }
+            len += data_len;
+        }
+    }
+    return len;
+}
+
+int parse_trium(uint16_t fid, uint8_t num, size_t size) {
+    for (uint8_t i = 0; i < num; i++) {
+        file_t *ef;
+        if ((ef = search_by_fid(fid + i, NULL, SPECIFY_EF)) && ef->data) {
+            uint16_t data_len = file_get_size(ef);
+            memcpy(res_APDU + res_APDU_size, file_get_data(ef), data_len);
+            res_APDU_size += data_len;
+        }
+        else {
+            memset(res_APDU + res_APDU_size, 0, size);
+            res_APDU_size += size;
+        }
+    }
+    return num * size;
+}
+
+int parse_ch_data(const file_t *f, int mode) {
+    uint16_t fids[] = {
+        3,
+        EF_CH_NAME, EF_LANG_PREF, EF_SEX,
+    };
+    res_APDU[res_APDU_size++] = EF_CH_DATA & 0xff;
+    res_APDU[res_APDU_size++] = 0x82;
+    uint8_t *lp = res_APDU + res_APDU_size;
+    res_APDU_size += 2;
+    parse_do(fids, mode);
+    uint16_t lpdif = res_APDU + res_APDU_size - lp - 2;
+    *lp++ = lpdif >> 8;
+    *lp++ = lpdif & 0xff;
+    return lpdif + 4;
+}
+
+int parse_sec_tpl(const file_t *f, int mode) {
+    res_APDU[res_APDU_size++] = EF_SEC_TPL & 0xff;
+    res_APDU[res_APDU_size++] = 5;
+    file_t *ef = search_by_fid(EF_SIG_COUNT, NULL, SPECIFY_ANY);
+    if (ef && ef->data) {
+        res_APDU[res_APDU_size++] = EF_SIG_COUNT & 0xff;
+        res_APDU[res_APDU_size++] = 3;
+        memcpy(res_APDU + res_APDU_size, file_get_data(ef), 3);
+        res_APDU_size += 3;
+    }
+    return 5 + 2;
+}
+
+int parse_ch_cert(const file_t *f, int mode) {
+    return 0;
+}
+
+int parse_fp(const file_t *f, int mode) {
+    res_APDU[res_APDU_size++] = EF_FP & 0xff;
+    res_APDU[res_APDU_size++] = 60;
+    return parse_trium(EF_FP_SIG, 3, 20) + 2;
+}
+
+int parse_cafp(const file_t *f, int mode) {
+    res_APDU[res_APDU_size++] = EF_CA_FP & 0xff;
+    res_APDU[res_APDU_size++] = 60;
+    return parse_trium(EF_FP_CA1, 3, 20) + 2;
+}
+
+int parse_ts(const file_t *f, int mode) {
+    res_APDU[res_APDU_size++] = EF_TS_ALL & 0xff;
+    res_APDU[res_APDU_size++] = 12;
+    return parse_trium(EF_TS_SIG, 3, 4) + 2;
+}
+
+int parse_keyinfo(const file_t *f, int mode) {
+    int init_len = res_APDU_size;
+    if (res_APDU_size > 0) {
+        res_APDU[res_APDU_size++] = EF_KEY_INFO & 0xff;
+        res_APDU[res_APDU_size++] = 6;
+    }
+    file_t *ef = search_by_fid(EF_PK_SIG, NULL, SPECIFY_ANY);
+    res_APDU[res_APDU_size++] = 0x00;
+    if (ef && ef->data) {
+        res_APDU[res_APDU_size++] = 0x01;
+    }
+    else {
+        res_APDU[res_APDU_size++] = 0x00;
+    }
+
+    ef = search_by_fid(EF_PK_DEC, NULL, SPECIFY_ANY);
+    res_APDU[res_APDU_size++] = 0x01;
+    if (ef && ef->data) {
+        res_APDU[res_APDU_size++] = 0x01;
+    }
+    else {
+        res_APDU[res_APDU_size++] = 0x00;
+    }
+
+    ef = search_by_fid(EF_PK_AUT, NULL, SPECIFY_ANY);
+    res_APDU[res_APDU_size++] = 0x02;
+    if (ef && ef->data) {
+        res_APDU[res_APDU_size++] = 0x01;
+    }
+    else {
+        res_APDU[res_APDU_size++] = 0x00;
+    }
+    return res_APDU_size - init_len;
+}
+
+int parse_pw_status(const file_t *f, int mode) {
+    file_t *ef;
+    int init_len = res_APDU_size;
+    if (res_APDU_size > 0) {
+        res_APDU[res_APDU_size++] = EF_PW_STATUS & 0xff;
+        res_APDU[res_APDU_size++] = 7;
+    }
+    ef = search_by_fid(EF_PW_PRIV, NULL, SPECIFY_ANY);
+    if (ef && ef->data) {
+        memcpy(res_APDU + res_APDU_size, file_get_data(ef), 7);
+        res_APDU_size += 7;
+    }
+    return res_APDU_size - init_len;
+}
+
+#define ALGO_RSA_1K     0
+#define ALGO_RSA_2k     1
+#define ALGO_RSA_3K     2
+#define ALGO_RSA_4K     3
+#define ALGO_X448       4
+#define ALGO_P256K1     5
+#define ALGO_P256R1     6
+#define ALGO_P384R1     7
+#define ALGO_P521R1     8
+#define ALGO_BP256R1    9
+#define ALGO_BP384R1    10
+#define ALGO_BP512R1    11
+#define ALGO_CV22519    12
+
+const uint8_t algorithm_attr_x448[] = {
+    4,
+    ALGO_ECDH,
+    /* OID of X448 */
+    0x2b, 0x65, 0x6f
+};
+
+const uint8_t algorithm_attr_rsa1k[] = {
+    6,
+    ALGO_RSA,
+    0x04, 0x00,       /* Length modulus (in bit): 1024 */
+    0x00, 0x20,       /* Length exponent (in bit): 32  */
+    0x00          /* 0: Acceptable format is: P and Q */
+};
+
+const uint8_t algorithm_attr_rsa2k[] = {
+    6,
+    ALGO_RSA,
+    0x08, 0x00,       /* Length modulus (in bit): 2048 */
+    0x00, 0x20,       /* Length exponent (in bit): 32  */
+    0x00          /* 0: Acceptable format is: P and Q */
+};
+
+const uint8_t algorithm_attr_rsa3k[] = {
+    6,
+    ALGO_RSA,
+    0x0C, 0x00,       /* Length modulus (in bit): 3072 */
+    0x00, 0x20,       /* Length exponent (in bit): 32  */
+    0x00          /* 0: Acceptable format is: P and Q */
+};
+
+const uint8_t algorithm_attr_rsa4k[] = {
+    6,
+    ALGO_RSA,
+    0x10, 0x00,       /* Length modulus (in bit): 4096 */
+    0x00, 0x20,       /* Length exponent (in bit): 32  */
+    0x00          /* 0: Acceptable format is: P and Q */
+};
+
+const uint8_t algorithm_attr_p256k1[] = {
+    6,
+    ALGO_ECDSA,
+    0x2b, 0x81, 0x04, 0x00, 0x0a
+};
+
+const uint8_t algorithm_attr_p256r1[] = {
+    9,
+    ALGO_ECDSA,
+    0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07
+};
+
+const uint8_t algorithm_attr_p384r1[] = {
+    6,
+    ALGO_ECDSA,
+    0x2B, 0x81, 0x04, 0x00, 0x22
+};
+
+const uint8_t algorithm_attr_p521r1[] = {
+    6,
+    ALGO_ECDSA,
+    0x2B, 0x81, 0x04, 0x00, 0x23
+};
+
+const uint8_t algorithm_attr_bp256r1[] = {
+    10,
+    ALGO_ECDSA,
+    0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07
+};
+
+const uint8_t algorithm_attr_bp384r1[] = {
+    10,
+    ALGO_ECDSA,
+    0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B
+};
+
+const uint8_t algorithm_attr_bp512r1[] = {
+    10,
+    ALGO_ECDSA,
+    0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D
+};
+
+const uint8_t algorithm_attr_cv25519[] = {
+    11,
+    ALGO_ECDH,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01
+};
+
+int parse_algo(const uint8_t *algo, uint16_t tag) {
+    res_APDU[res_APDU_size++] = tag & 0xff;
+    memcpy(res_APDU + res_APDU_size, algo, algo[0] + 1);
+    res_APDU_size += algo[0] + 1;
+    return algo[0] + 2;
+}
+
+int parse_algoinfo(const file_t *f, int mode) {
+    int datalen = 0;
+    if (f->fid == EF_ALGO_INFO) {
+        res_APDU[res_APDU_size++] = EF_ALGO_INFO & 0xff;
+        res_APDU[res_APDU_size++] = 0x82;
+        uint8_t *lp = res_APDU + res_APDU_size;
+        res_APDU_size += 2;
+        datalen += parse_algo(algorithm_attr_rsa1k, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_rsa2k, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_rsa3k, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_rsa4k, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_p256k1, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_p256r1, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_p384r1, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_p521r1, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_SIG);
+        datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_SIG);
+
+        datalen += parse_algo(algorithm_attr_rsa1k, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_rsa2k, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_rsa3k, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_rsa4k, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_p256k1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_p256r1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_p384r1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_p521r1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_cv25519, EF_ALGO_DEC);
+        datalen += parse_algo(algorithm_attr_x448, EF_ALGO_DEC);
+
+        datalen += parse_algo(algorithm_attr_rsa1k, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_rsa2k, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_rsa3k, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_rsa4k, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_p256k1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_p256r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_p384r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_p521r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_bp256r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_bp384r1, EF_ALGO_AUT);
+        datalen += parse_algo(algorithm_attr_bp512r1, EF_ALGO_AUT);
+        uint16_t lpdif = res_APDU + res_APDU_size - lp - 2;
+        *lp++ = lpdif >> 8;
+        *lp++ = lpdif & 0xff;
+        datalen = lpdif + 4;
+    }
+    else if (f->fid == EF_ALGO_SIG || f->fid == EF_ALGO_DEC || f->fid == EF_ALGO_AUT) {
+        uint16_t fid = 0x1000 | f->fid;
+        file_t *ef;
+        if (!(ef = search_by_fid(fid, NULL, SPECIFY_EF)) || !ef->data) {
+            datalen += parse_algo(algorithm_attr_rsa2k, f->fid);
+        }
+        else {
+            uint16_t len = file_get_size(ef);
+            if (res_APDU_size > 0) {
+                res_APDU[res_APDU_size++] = f->fid & 0xff;
+                res_APDU[res_APDU_size++] = len & 0xff;
+                datalen += 2;
+            }
+            memcpy(res_APDU + res_APDU_size, file_get_data(ef), len);
+            res_APDU_size += len;
+            datalen += len;
+        }
+    }
+    return datalen;
+}
+
+int parse_app_data(const file_t *f, int mode) {
+    uint16_t fids[] = {
+        6,
+        EF_FULL_AID, EF_HIST_BYTES, EF_EXLEN_INFO, EF_GFM, EF_DISCRETE_DO, EF_KEY_INFO
+    };
+    res_APDU[res_APDU_size++] = EF_APP_DATA & 0xff;
+    res_APDU[res_APDU_size++] = 0x82;
+    uint8_t *lp = res_APDU + res_APDU_size;
+    res_APDU_size += 2;
+    parse_do(fids, mode);
+    uint16_t lpdif = res_APDU + res_APDU_size - lp - 2;
+    *lp++ = lpdif >> 8;
+    *lp++ = lpdif & 0xff;
+    return lpdif + 4;
+}
+
+int parse_discrete_do(const file_t *f, int mode) {
+    uint16_t fids[] = {
+        11,
+        EF_EXT_CAP, EF_ALGO_SIG, EF_ALGO_DEC, EF_ALGO_AUT, EF_PW_STATUS, EF_FP, EF_CA_FP, EF_TS_ALL,
+        EF_UIF_SIG, EF_UIF_DEC, EF_UIF_AUT
+    };
+    res_APDU[res_APDU_size++] = EF_DISCRETE_DO & 0xff;
+    res_APDU[res_APDU_size++] = 0x82;
+    uint8_t *lp = res_APDU + res_APDU_size;
+    res_APDU_size += 2;
+    parse_do(fids, mode);
+    uint16_t lpdif = res_APDU + res_APDU_size - lp - 2;
+    *lp++ = lpdif >> 8;
+    *lp++ = lpdif & 0xff;
+    return lpdif + 4;
+}

src/openpgp/do.h

@@ -0,0 +1,28 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+extern const uint8_t algorithm_attr_p256k1[];
+extern const uint8_t algorithm_attr_p256r1[];
+extern const uint8_t algorithm_attr_p384r1[];
+extern const uint8_t algorithm_attr_p521r1[];
+extern const uint8_t algorithm_attr_bp256r1[];
+extern const uint8_t algorithm_attr_bp384r1[];
+extern const uint8_t algorithm_attr_bp512r1[];
+extern const uint8_t algorithm_attr_cv25519[];
+extern const uint8_t algorithm_attr_x448[];
+extern const uint8_t algorithm_attr_rsa2k[];
+extern const uint8_t algorithm_attr_rsa4096[];

src/openpgp/files.h

@@ -161,4 +161,6 @@
 #define EF_PIV_RETIRED19 0xc11f
 #define EF_PIV_RETIRED20 0xc120
 
+#define EF_DEV_CONF     0x1122
+
 #endif

src/openpgp/management.c

@@ -0,0 +1,153 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "pico_keys.h"
+#include "apdu.h"
+#include "version.h"
+#include "files.h"
+#include "asn1.h"
+#include "management.h"
+
+int man_process_apdu();
+int man_unload();
+
+const uint8_t man_aid[] = {
+    8,
+    0xa0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17
+};
+
+extern void init_piv();
+int man_select(app_t *a, uint8_t force) {
+    (void) force;
+    a->process_apdu = man_process_apdu;
+    a->unload = man_unload;
+    sprintf((char *) res_APDU, "%d.%d.0", PIV_VERSION_MAJOR, PIV_VERSION_MINOR);
+    res_APDU_size = strlen((char *) res_APDU);
+    apdu.ne = res_APDU_size;
+    init_piv();
+    return PICOKEY_OK;
+}
+
+INITIALIZER( man_ctor ) {
+    register_app(man_select, man_aid);
+}
+
+int man_unload() {
+    return PICOKEY_OK;
+}
+
+bool cap_supported(uint16_t cap) {
+    file_t *ef = search_dynamic_file(EF_DEV_CONF);
+    if (file_has_data(ef)) {
+        uint16_t tag = 0x0;
+        uint8_t *tag_data = NULL, *p = NULL;
+        uint16_t tag_len = 0;
+        asn1_ctx_t ctxi;
+        asn1_ctx_init(file_get_data(ef), file_get_size(ef), &ctxi);
+        while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
+            if (tag == TAG_USB_ENABLED) {
+                uint16_t ecaps = tag_data[0];
+                if (tag_len == 2) {
+                    ecaps = (tag_data[0] << 8) | tag_data[1];
+                }
+                return ecaps & cap;
+            }
+        }
+    }
+    return true;
+}
+
+int man_get_config() {
+    file_t *ef = search_dynamic_file(EF_DEV_CONF);
+    res_APDU_size = 0;
+    res_APDU[res_APDU_size++] = 0; // Overall length. Filled later
+    res_APDU[res_APDU_size++] = TAG_USB_SUPPORTED;
+    res_APDU[res_APDU_size++] = 1;
+    res_APDU[res_APDU_size++] = CAP_PIV | CAP_OPENPGP;
+    res_APDU[res_APDU_size++] = TAG_SERIAL;
+    res_APDU[res_APDU_size++] = 4;
+    memcpy(res_APDU + res_APDU_size, pico_serial.id, 4);
+    res_APDU_size += 4;
+    res_APDU[res_APDU_size++] = TAG_FORM_FACTOR;
+    res_APDU[res_APDU_size++] = 1;
+    res_APDU[res_APDU_size++] = 0x01;
+    res_APDU[res_APDU_size++] = TAG_VERSION;
+    res_APDU[res_APDU_size++] = 3;
+    res_APDU[res_APDU_size++] = PIV_VERSION_MAJOR;
+    res_APDU[res_APDU_size++] = PIV_VERSION_MINOR;
+    res_APDU[res_APDU_size++] = 0;
+    res_APDU[res_APDU_size++] = TAG_NFC_SUPPORTED;
+    res_APDU[res_APDU_size++] = 1;
+    res_APDU[res_APDU_size++] = 0x00;
+    if (!file_has_data(ef)) {
+        res_APDU[res_APDU_size++] = TAG_USB_ENABLED;
+        res_APDU[res_APDU_size++] = 1;
+        res_APDU[res_APDU_size++] = CAP_PIV | CAP_OPENPGP;
+        res_APDU[res_APDU_size++] = TAG_DEVICE_FLAGS;
+        res_APDU[res_APDU_size++] = 1;
+        res_APDU[res_APDU_size++] = FLAG_EJECT;
+        res_APDU[res_APDU_size++] = TAG_CONFIG_LOCK;
+        res_APDU[res_APDU_size++] = 1;
+        res_APDU[res_APDU_size++] = 0x00;
+        res_APDU[res_APDU_size++] = TAG_NFC_ENABLED;
+        res_APDU[res_APDU_size++] = 1;
+        res_APDU[res_APDU_size++] = 0x00;
+    }
+    else {
+        memcpy(res_APDU + res_APDU_size, file_get_data(ef), file_get_size(ef));
+        res_APDU_size += file_get_size(ef);
+    }
+    res_APDU[0] = res_APDU_size - 1;
+    return 0;
+}
+
+int cmd_read_config() {
+    man_get_config();
+    return SW_OK();
+}
+
+int cmd_write_config() {
+    if (apdu.data[0] != apdu.nc - 1) {
+        return SW_WRONG_DATA();
+    }
+    file_t *ef = file_new(EF_DEV_CONF);
+    file_put_data(ef, apdu.data + 1, apdu.nc - 1);
+    low_flash_available();
+    return SW_OK();
+}
+
+#define INS_READ_CONFIG             0x1D
+#define INS_WRITE_CONFIG            0x1C
+
+static const cmd_t cmds[] = {
+    { INS_READ_CONFIG, cmd_read_config },
+    { INS_WRITE_CONFIG, cmd_write_config },
+    { 0x00, 0x0 }
+};
+
+int man_process_apdu() {
+    if (CLA(apdu) != 0x00) {
+        return SW_CLA_NOT_SUPPORTED();
+    }
+    for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {
+        if (cmd->ins == INS(apdu)) {
+            int r = cmd->cmd_handler();
+            return r;
+        }
+    }
+    return SW_INS_NOT_SUPPORTED();
+}

src/openpgp/management.h

@@ -0,0 +1,55 @@
+/*
+ * This file is part of the Pico OpenPGP distribution (https://github.com/polhenarejos/pico-openpgp).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _MANAGEMENT_H_
+#define _MANAGEMENT_H_
+
+#include <stdlib.h>
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
+#include "pico/stdlib.h"
+#endif
+
+#define TAG_USB_SUPPORTED 0x01
+#define TAG_SERIAL 0x02
+#define TAG_USB_ENABLED 0x03
+#define TAG_FORM_FACTOR 0x04
+#define TAG_VERSION 0x05
+#define TAG_AUTO_EJECT_TIMEOUT 0x06
+#define TAG_CHALRESP_TIMEOUT 0x07
+#define TAG_DEVICE_FLAGS 0x08
+#define TAG_APP_VERSIONS 0x09
+#define TAG_CONFIG_LOCK 0x0A
+#define TAG_UNLOCK 0x0B
+#define TAG_REBOOT 0x0C
+#define TAG_NFC_SUPPORTED 0x0D
+#define TAG_NFC_ENABLED 0x0E
+
+#define CAP_OTP 0x01
+#define CAP_U2F 0x02
+#define CAP_FIDO2 0x200
+#define CAP_OATH 0x20
+#define CAP_PIV 0x10
+#define CAP_OPENPGP 0x08
+#define CAP_HSMAUTH 0x100
+
+#define FLAG_REMOTE_WAKEUP 0x40
+#define FLAG_EJECT 0x80
+
+extern bool cap_supported(uint16_t cap);
+extern int man_get_config();
+
+#endif //_MANAGEMENT_H

src/openpgp/openpgp.h

@@ -19,7 +19,7 @@
 #define __OPENPGP_H_
 
 #include "stdlib.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include <pico/stdlib.h>
 #endif
 
@@ -27,9 +27,17 @@
 #include "apdu.h"
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
+#include "crypto_utils.h"
+#include "files.h"
 
 extern bool has_pw1;
+extern bool has_pw2;
 extern bool has_pw3;
+extern bool has_rc;
+extern uint8_t session_pw1[32];
+extern uint8_t session_rc[32];
+extern uint8_t session_pw3[32];
+extern uint8_t dek[IV_SIZE + 32];
 
 extern int store_keys(void *key_ctx, int type, uint16_t key_id, bool use_kek);
 extern void make_rsa_response(mbedtls_rsa_context *rsa);
@@ -56,4 +64,18 @@ extern int pin_reset_retries(const file_t *pin, bool force);
 #define ALGO_AES_192    0x72
 #define ALGO_AES_256    0x74
 
+extern void select_file(file_t *pe);
+extern int parse_do(uint16_t *fids, int mode);
+extern int load_dek();
+extern int check_pin(const file_t *pin, const uint8_t *data, size_t len);
+extern mbedtls_ecp_group_id get_ec_group_id_from_attr(const uint8_t *algo, size_t algo_len);
+extern int reset_sig_count();
+extern uint16_t algo_dec, algo_aut, pk_dec, pk_aut;
+extern bool wait_button_pressed(uint16_t fid);
+extern void scan_files();
+extern int load_aes_key(uint8_t *aes_key, file_t *fkey);
+extern int inc_sig_count();
+extern int dek_encrypt(uint8_t *data, size_t len);
+extern int dek_decrypt(uint8_t *data, size_t len);
+
 #endif

src/openpgp/piv.c

@@ -15,7 +15,12 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
+#ifdef ESP_PLATFORM
+#include "esp_compat.h"
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#else
 #include "common.h"
+#endif
 #include "files.h"
 #include "apdu.h"
 #include "pico_keys.h"
@@ -23,9 +28,6 @@
 #include "eac.h"
 #include "crypto_utils.h"
 #include "version.h"
-#ifndef ENABLE_EMULATION
-#include "pico/unique_id.h"
-#endif
 #include "asn1.h"
 #include "mbedtls/aes.h"
 #include "mbedtls/des.h"
@@ -70,10 +72,6 @@ uint8_t yk_aid[] = {
     8,
     0xA0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x1, 0x1
 };
-uint8_t mgmt_aid[] = {
-    8,
-    0xA0, 0x00, 0x00, 0x05, 0x27, 0x47, 0x11, 0x17
-};
 
 bool has_pwpiv = false;
 uint8_t session_pwpiv[32];
@@ -81,14 +79,8 @@ uint8_t session_pwpiv[32];
 int piv_process_apdu();
 
 static int get_serial() {
-#ifndef ENABLE_EMULATION
+    uint32_t serial = (pico_serial.id[0] & 0x7F) << 24 | pico_serial.id[1] << 16 | pico_serial.id[2] << 8 | pico_serial.id[3];
-    pico_unique_board_id_t unique_id;
-    pico_get_unique_board_id(&unique_id);
-    uint32_t serial = (unique_id.id[0] & 0x7F) << 24 | unique_id.id[1] << 16 | unique_id.id[2] << 8 | unique_id.id[3];
     return serial;
-#else
-    return 0;
-#endif
 }
 
 static int x509_create_cert(void *pk_ctx, uint8_t algo, uint8_t slot, bool attestation, uint8_t *buffer, size_t buffer_size) {
@@ -169,10 +161,11 @@ static int x509_create_cert(void *pk_ctx, uint8_t algo, uint8_t slot, bool attes
     if (attestation) {
         mbedtls_ecdsa_free(&actx);
     }
+    mbedtls_x509write_crt_free(&ctx);
     return ret;
 }
 
-static void scan_files() {
+static void scan_files_piv() {
     scan_flash();
     file_t *ef = search_by_fid(EF_PIV_KEY_CARDMGM, NULL, SPECIFY_EF);
     if ((ef = search_by_fid(EF_PW_PRIV, NULL, SPECIFY_ANY))) {
@@ -271,13 +264,13 @@ static void scan_files() {
 }
 
 void init_piv() {
-    scan_files();
+    scan_files_piv();
     has_pwpiv = false;
     // cmd_select();
 }
 
 int piv_unload() {
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
 void select_piv_aid() {
@@ -307,18 +300,18 @@ void select_piv_aid() {
     res_APDU[res_APDU_size++] = 0x00;
 }
 
-int piv_select_aid(app_t *a) {
+int piv_select_aid(app_t *a, uint8_t force) {
+    (void) force;
     a->process_apdu = piv_process_apdu;
     a->unload = piv_unload;
     init_piv();
     select_piv_aid();
-    return CCID_OK;
+    return PICOKEY_OK;
 }
 
-void __attribute__((constructor)) piv_ctor() {
+INITIALIZER( piv_ctor ) {
     register_app(piv_select_aid, piv_aid);
     register_app(piv_select_aid, yk_aid);
-    register_app(piv_select_aid, mgmt_aid);
 }
 
 static int cmd_version() {
@@ -404,7 +397,7 @@ static int cmd_get_data() {
         fid |= apdu.data[2 + lt];
     }
     if ((fid & 0xFFFF00) != 0x5FC100 && (fid & 0xFFFF) != EF_PIV_BITGT && (fid & 0xFFFF) != EF_PIV_DISCOVERY && (fid & 0xFFFF) != EF_PIV_ATTESTATION) {
-        return SW_REFERENCE_NOT_FOUND();
+        return SW_FILE_NOT_FOUND();
     }
     file_t *ef = NULL;
     if ((ef = search_by_fid((uint16_t)(fid & 0xFFFF), NULL, SPECIFY_EF))) {
@@ -451,7 +444,7 @@ static int cmd_get_metadata() {
     }
     file_t *ef_key = search_by_fid(key_ref, NULL, SPECIFY_EF);
     if (!file_has_data(ef_key)) {
-        return SW_MEMORY_FAILURE();
+        return SW_REFERENCE_NOT_FOUND();
     }
     if (key_ref != EF_PIV_PIN && key_ref != EF_PIV_PUK) {
         int meta_len = 0;
@@ -470,17 +463,19 @@ static int cmd_get_metadata() {
         res_APDU[res_APDU_size++] = meta[3];
         if (meta[0] == PIV_ALGO_RSA1024 || meta[0] == PIV_ALGO_RSA2048 || meta[0] == PIV_ALGO_RSA3072 || meta[0] == PIV_ALGO_RSA4096 || meta[0] == PIV_ALGO_ECCP256 || meta[0] == PIV_ALGO_ECCP384) {
             res_APDU[res_APDU_size++] = 0x4;
+            res_APDU[res_APDU_size++] = 0; // Filled later
+            uint8_t *pk = &res_APDU[res_APDU_size];
             if (meta[0] == PIV_ALGO_RSA1024 || meta[0] == PIV_ALGO_RSA2048 || meta[0] == PIV_ALGO_RSA3072 || meta[0] == PIV_ALGO_RSA4096) {
                 mbedtls_rsa_context ctx;
                 mbedtls_rsa_init(&ctx);
                 int r = load_private_key_rsa(&ctx, ef_key, false);
-                if (r != CCID_OK) {
+                if (r != PICOKEY_OK) {
                     mbedtls_rsa_free(&ctx);
                     return SW_EXEC_ERROR();
                 }
                 res_APDU[res_APDU_size++] = 0x81;
                 res_APDU[res_APDU_size++] = 0x82;
-                put_uint16_t(mbedtls_mpi_size(&ctx.N), res_APDU + res_APDU_size); res_APDU_size += 2;
+                put_uint16_t_be(mbedtls_mpi_size(&ctx.N), res_APDU + res_APDU_size); res_APDU_size += 2;
                 mbedtls_mpi_write_binary(&ctx.N, res_APDU + res_APDU_size, mbedtls_mpi_size(&ctx.N));
                 res_APDU_size += mbedtls_mpi_size(&ctx.N);
                 res_APDU[res_APDU_size++] = 0x82;
@@ -493,7 +488,7 @@ static int cmd_get_metadata() {
                 mbedtls_ecdsa_context ctx;
                 mbedtls_ecdsa_init(&ctx);
                 int r = load_private_key_ecdsa(&ctx, ef_key, false);
-                if (r != CCID_OK) {
+                if (r != PICOKEY_OK) {
                     mbedtls_ecdsa_free(&ctx);
                     return SW_EXEC_ERROR();
                 }
@@ -509,9 +504,26 @@ static int cmd_get_metadata() {
                 memcpy(res_APDU + res_APDU_size, pt, plen);
                 res_APDU_size += plen;
             }
+            uint16_t pk_len = res_APDU_size - (pk - res_APDU);
+            if (pk_len > 255) {
+                memmove(pk + 2, pk, pk_len);
+                pk[-1] = 0x82;
+                pk[0] = pk_len >> 8;
+                pk[1] = pk_len & 0xff;
+                res_APDU_size += 2;
+            }
+            else if (pk_len > 127) {
+                memmove(pk + 1, pk, pk_len);
+                pk[-1] = 0x81;
+                pk[0] = pk_len;
+                res_APDU_size += 1;
+            }
+            else {
+                pk[-1] = pk_len;
             }
         }
-    if (key_ref == EF_PIV_PIN || key_ref == EF_PIV_PUK || key_ref == EF_PIV_KEY_MANAGEMENT) {
+    }
+    if (key_ref == EF_PIV_PIN || key_ref == EF_PIV_PUK || key_ref == EF_PIV_KEY_CARDMGM) {
         uint8_t dhash[32];
         int32_t eq = false;
         if (key_ref == EF_PIV_PIN) {
@@ -522,7 +534,7 @@ static int cmd_get_metadata() {
             double_hash_pin((const uint8_t *)"\x31\x32\x33\x34\x35\x36\x37\x38", 8, dhash);
             eq = memcmp(dhash, file_get_data(ef_key) + 1, file_get_size(ef_key) - 1);
         }
-        else if (key_ref == EF_PIV_KEY_MANAGEMENT) {
+        else if (key_ref == EF_PIV_KEY_CARDMGM) {
             eq = memcmp("\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08", file_get_data(ef_key), file_get_size(ef_key));
         }
         res_APDU[res_APDU_size++] = 0x5;
@@ -534,8 +546,13 @@ static int cmd_get_metadata() {
                 return SW_REFERENCE_NOT_FOUND();
             }
             uint8_t retries = *(file_get_data(pw_status) + 3 + (key_ref & 0xf));
+            if (!(pw_status = search_by_fid(EF_PW_RETRIES, NULL, SPECIFY_EF))) {
+                return SW_REFERENCE_NOT_FOUND();
+            }
+            uint8_t total = *(file_get_data(pw_status) + (key_ref & 0xf));
             res_APDU[res_APDU_size++] = 0x6;
-            res_APDU[res_APDU_size++] = 1;
+            res_APDU[res_APDU_size++] = 2;
+            res_APDU[res_APDU_size++] = total;
             res_APDU[res_APDU_size++] = retries;
         }
     }
@@ -673,7 +690,7 @@ static int cmd_authenticate() {
                 mbedtls_rsa_context ctx;
                 mbedtls_rsa_init(&ctx);
                 int r = load_private_key_rsa(&ctx, ef_key, false);
-                if (r != CCID_OK) {
+                if (r != PICOKEY_OK) {
                     mbedtls_rsa_free(&ctx);
                     return SW_EXEC_ERROR();
                 }
@@ -707,7 +724,7 @@ static int cmd_authenticate() {
                 mbedtls_ecdsa_context ctx;
                 mbedtls_ecdsa_init(&ctx);
                 int r = load_private_key_ecdsa(&ctx, ef_key, false);
-                if (r != CCID_OK) {
+                if (r != PICOKEY_OK) {
                     mbedtls_ecdsa_free(&ctx);
                     return SW_EXEC_ERROR();
                 }
@@ -888,7 +905,7 @@ static int cmd_asym_keygen() {
         file_put_data(ef, cert + sizeof(cert) - r, r);
         r = store_keys(&rsa, ALGO_RSA, key_ref == 0x93 ? EF_PIV_KEY_RETIRED18 : key_ref, false);
         mbedtls_rsa_free(&rsa);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
     }
@@ -909,7 +926,7 @@ static int cmd_asym_keygen() {
         file_put_data(ef, cert + sizeof(cert) - r, r);
         r = store_keys(&ecdsa, ALGO_ECDSA, key_ref == 0x93 ? EF_PIV_KEY_RETIRED18 : key_ref, false);
         mbedtls_ecdsa_free(&ecdsa);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             return SW_EXEC_ERROR();
         }
     }
@@ -928,7 +945,7 @@ static int cmd_asym_keygen() {
     return SW_OK();
 }
 
-int cmd_put_data() {
+static int cmd_put_data() {
     if (P1(apdu) != 0x3F || P2(apdu) != 0xFF) {
         return SW_INCORRECT_P1P2();
     }
@@ -1138,7 +1155,7 @@ static int cmd_attestation() {
         mbedtls_rsa_context ctx;
         mbedtls_rsa_init(&ctx);
         r = load_private_key_rsa(&ctx, ef_key, false);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_rsa_free(&ctx);
             return SW_EXEC_ERROR();
         }
@@ -1149,7 +1166,7 @@ static int cmd_attestation() {
         mbedtls_ecdsa_context ctx;
         mbedtls_ecdsa_init(&ctx);
         r = load_private_key_ecdsa(&ctx, ef_key, false);
-        if (r != CCID_OK) {
+        if (r != PICOKEY_OK) {
             mbedtls_ecdsa_free(&ctx);
             return SW_EXEC_ERROR();
         }

src/openpgp/version.h

@@ -23,15 +23,15 @@
 #define OPGP_VERSION_MAJOR ((OPGP_VERSION >> 8) & 0xff)
 #define OPGP_VERSION_MINOR (OPGP_VERSION & 0xff)
 
-
-#define PIPGP_VERSION 0x0200
-
-#define PIPGP_VERSION_MAJOR ((PIPGP_VERSION >> 8) & 0xff)
-#define PIPGP_VERSION_MINOR (PIPGP_VERSION & 0xff)
-
 #define PIV_VERSION 0x0507
 
 #define PIV_VERSION_MAJOR ((PIV_VERSION >> 8) & 0xff)
 #define PIV_VERSION_MINOR (PIV_VERSION & 0xff)
 
+
+#define PIPGP_VERSION 0x0302
+
+#define PIPGP_VERSION_MAJOR ((PIPGP_VERSION >> 8) & 0xff)
+#define PIPGP_VERSION_MINOR (PIPGP_VERSION & 0xff)
+
 #endif

tests/docker/bullseye/Dockerfile

@@ -0,0 +1,43 @@
+FROM debian:bullseye
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt update && apt upgrade -y
+RUN apt install -y apt-utils
+RUN apt autoremove -y
+RUN rm -rf /var/cache/apt/archives/*
+RUN apt install -y libccid \
+    libpcsclite-dev \
+    git \
+    autoconf \
+    pkg-config \
+    libtool \
+    help2man \
+    automake \
+    gcc \
+    make \
+    build-essential \
+    opensc \
+    python3 \
+    python3-pip \
+    swig \
+    cmake \
+    vsmartcard-vpcd \
+    libgcrypt-dev \
+    libssl-dev \
+    check \
+    gengetopt \
+    && rm -rf /var/lib/apt/lists/*
+RUN pip3 install pytest pycvc cryptography pyscard
+RUN git clone https://github.com/Yubico/yubico-piv-tool
+WORKDIR /yubico-piv-tool
+RUN git checkout tags/yubico-piv-tool-2.5.1
+ADD tests/docker/jammy/yubico-piv-tool.patch /yubico-piv-tool/yubico-piv-tool.patch
+RUN git apply yubico-piv-tool.patch
+RUN mkdir build
+WORKDIR /yubico-piv-tool/build
+RUN cmake .. -DENABLE_HARDWARE_TESTS=1
+RUN make -j`nproc`
+RUN make install
+WORKDIR /
+RUN ldconfig

tests/docker_env.sh

@@ -46,7 +46,7 @@
 
 
 # default values, can be overridden by the environment
-: ${MBEDTLS_DOCKER_GUEST:=jammy}
+: ${MBEDTLS_DOCKER_GUEST:=bullseye}
 
 
 DOCKER_IMAGE_TAG="pico-openpgp-test:${MBEDTLS_DOCKER_GUEST}"

workflows/autobuild.sh

@@ -2,12 +2,43 @@
 
 git submodule update --init --recursive
 sudo apt update
+
+if [[ $1 == "pico" ]]; then
 sudo apt install -y cmake gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib
 git clone https://github.com/raspberrypi/pico-sdk
 cd pico-sdk
 git submodule update --init
 cd ..
+git clone https://github.com/raspberrypi/picotool
+cd picotool
+git submodule update --init
 mkdir build
 cd build
+cmake -DPICO_SDK_PATH=../../pico-sdk ..
+make -j`nproc`
+sudo make install
+cd ../..
+mkdir build_pico
+cd build_pico
 cmake -DPICO_SDK_PATH=../pico-sdk ..
 make
+cd ..
+elif [[ $1 == "esp32" ]]; then
+sudo apt install -y git wget flex bison gperf python3 python3-pip python3-venv cmake ninja-build ccache libffi-dev libssl-dev dfu-util libusb-1.0-0
+git clone --recursive https://github.com/espressif/esp-idf.git
+cd esp-idf
+./install.sh esp32s3
+. ./export.sh
+cd ..
+idf.py set-target esp32s3
+idf.py all
+mkdir -p release
+cd build
+esptool.py --chip ESP32-S3 merge_bin -o ../release/pico_openpgp_esp32-s3.bin @flash_args
+cd ..
+else
+mkdir build
+cd build
+cmake -DENABLE_EMULATION=1 ..
+make
+fi