Upgrade to v4.2

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
Upgrade Pico Keys SDK to v8.2
2026-01-05 19:53:41 +01:00 · 2026-01-05 19:52:56 +01:00 · 2026-01-05 19:41:02 +01:00 · 2025-12-29 20:37:17 +01:00 · 2025-12-29 20:16:44 +01:00 · 2025-12-27 22:04:37 +01:00
6 changed files with 51 additions and 32 deletions
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -34,7 +34,7 @@ jobs:
      - name: Delete private key
        run: rm private.pem
      - name: Update nightly release
-        uses: pyTooling/Actions/releaser@main
+        uses: pyTooling/Actions/releaser@v6.7.0
        with:
          tag: nightly-${{ matrix.refs }}
          rm: true
--- a/build_pico_openpgp.sh
+++ b/build_pico_openpgp.sh
@@ -1,48 +1,25 @@
 #!/bin/bash

 VERSION_MAJOR="4"
-VERSION_MINOR="0"
-NO_EDDSA=0
+VERSION_MINOR="2"
 SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}"
 #if ! [[ -z "${GITHUB_SHA}" ]]; then
 #    SUFFIX="${SUFFIX}.${GITHUB_SHA}"
 #fi

-if [[ $1 == "--no-eddsa" ]]; then
-    NO_EDDSA=1
-    echo "Skipping EDDSA build"
-fi
-
 mkdir -p build_release
 mkdir -p release
-mkdir -p release_eddsa
 rm -rf -- release/*
-if [[ $NO_EDDSA -eq 0 ]]; then
-    rm -rf -- release_eddsa/*
-fi
 cd build_release

 PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}"
 SECURE_BOOT_PKEY="${SECURE_BOOT_PKEY:-../../ec_private_key.pem}"
-board_dir=${PICO_SDK_PATH}/src/boards/include/boards
-for board in "$board_dir"/*
+boards=("pico" "pico2")
+
+for board_name in "${boards[@]}"
 do
-    board_name="$(basename -- "$board" .h)"
    rm -rf -- ./*
    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY}
    make -j`nproc`
    mv pico_openpgp.uf2 ../release/pico_openpgp_$board_name-$SUFFIX.uf2
 done
-
-# Build with EDDSA
-
-if [[ $NO_EDDSA -eq 0 ]]; then
-    for board in "$board_dir"/*
-    do
-        board_name="$(basename -- "$board" .h)"
-        rm -rf -- ./*
-        PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} -DENABLE_EDDSA=1
-        make -j`nproc`
-        mv pico_openpgp.uf2 ../release_eddsa/pico_openpgp_$board_name-$SUFFIX-eddsa1.uf2
-    done
-fi
--- a/2
+++ b/2
--- a/src/openpgp/cmd_get_data.c
+++ b/src/openpgp/cmd_get_data.c
@@ -18,6 +18,8 @@
 #include "openpgp.h"
 #include "asn1.h"

+extern bool is_gpg;
+
 int cmd_get_data() {
    if (apdu.nc > 0) {
        return SW_WRONG_LENGTH();
@@ -37,6 +39,9 @@ int cmd_get_data() {
        select_file(ef);
    }
    if (ef->data) {
+        if (fid == EF_PW_STATUS || fid == EF_HIST_BYTES || fid == EF_FULL_AID || fid == EF_SEC_TPL) {
+            is_gpg = true;
+        }
        uint16_t fids[] = { 1, fid };
        uint16_t data_len = parse_do(fids, 1);
        uint8_t *p = NULL;
@@ -58,8 +63,42 @@ int cmd_get_data() {
                res_APDU_size -= dec;
            }
        }
-        //if (apdu.ne > data_len)
-        //    apdu.ne = data_len;
+        if (is_gpg == false) {
+            uint8_t off = 2;
+            if (P1(apdu) > 0x0) {
+                off++;
+            }
+            if (data_len >= 128) {
+                off++;
+            }
+            if (data_len >= 256) {
+                off++;
+            }
+            memmove(res_APDU + off, res_APDU, data_len);
+            off = 0;
+            if (P1(apdu) > 0x0) {
+                res_APDU[off++] = P1(apdu);
+                res_APDU[off++] = P2(apdu);
+            }
+            else {
+                res_APDU[off++] = P2(apdu);
+            }
+            if (data_len >= 256) {
+                res_APDU[off++] = 0x82;
+                res_APDU[off++] = (data_len >> 8) & 0xff;
+                res_APDU[off++] = data_len & 0xff;
+            }
+            else if (data_len >= 128) {
+                res_APDU[off++] = 0x81;
+                res_APDU[off++] = data_len;
+            }
+            else {
+                res_APDU[off++] = data_len;
+            }
+            res_APDU_size += off;
+        }
+        // if (apdu.ne > data_len)
+        //     apdu.ne = data_len;
    }
    return SW_OK();
 }
--- a/src/openpgp/management.c
+++ b/src/openpgp/management.c
@@ -22,6 +22,8 @@
 #include "asn1.h"
 #include "management.h"

+bool is_gpg = true;
+
 int man_process_apdu();
 int man_unload();

@@ -39,6 +41,7 @@ int man_select(app_t *a, uint8_t force) {
    res_APDU_size = strlen((char *) res_APDU);
    apdu.ne = res_APDU_size;
    init_piv();
+    is_gpg = false;
    return PICOKEY_OK;
 }

--- a/src/openpgp/version.h
+++ b/src/openpgp/version.h
@@ -29,7 +29,7 @@
 #define PIV_VERSION_MINOR (PIV_VERSION & 0xff)


-#define PIPGP_VERSION 0x0400
+#define PIPGP_VERSION 0x0402

 #define PIPGP_VERSION_MAJOR ((PIPGP_VERSION >> 8) & 0xff)
 #define PIPGP_VERSION_MINOR (PIPGP_VERSION & 0xff)
Author	SHA1	Message	Date
Pol Henarejos	822038aba2	Upgrade to v4.2 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2026-01-05 19:53:41 +01:00
Pol Henarejos	70b5e35bde	Upgrade Pico Keys SDK to v8.2 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2026-01-05 19:52:56 +01:00
Pol Henarejos	4638a1c926	Disable button press by default since LED may not be properly configured until it is commissioned. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2026-01-05 19:41:02 +01:00
Pol Henarejos	b6366ef1c0	Fix build. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-29 20:37:17 +01:00
Pol Henarejos	d4d8ad86d5	Blink led three times to acknowledge proper commissioning. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-29 20:16:44 +01:00
Pol Henarejos	c51d3e7d5e	Fix pimoroni led Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-27 22:04:37 +01:00
Pol Henarejos	757d163ce9	Move pointer Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-27 16:03:19 +01:00
Pol Henarejos	2513608ba9	Releaser is available up to 6.7.0 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-26 19:53:32 +01:00
Pol Henarejos	3710146074	Build only necessary boards Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-11 20:03:50 +01:00
Pol Henarejos	5462458622	Update pointer Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-11 19:37:06 +01:00
Pol Henarejos	353471c599	Revert "Move EDDSA to another branch." This reverts commit `b1421e176b`.	2025-12-11 19:36:39 +01:00
Pol Henarejos	b2538cf2b6	Revert "Move Secure Boot to another branch." This reverts commit `e136bb26e3`.	2025-12-11 19:36:33 +01:00
Pol Henarejos	e136bb26e3	Move Secure Boot to another branch. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-09 21:40:02 +01:00
Pol Henarejos	b1421e176b	Move EDDSA to another branch. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-09 16:07:34 +01:00
Pol Henarejos	2a14c771cb	Move is_gpg flag for fido2. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-07 20:35:08 +01:00
Pol Henarejos	90e77f7c61	Yubico and GnuPG interpretate the standard in different ways. While Yubico follows strictly the spec and expects the TAG encapsulating the output of GET_DATA, GnuPG expects consecutive DO in the response. A possible workaround is to detect whether sub-DO are called (GnuPG) or management AID is called (Yubico). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2025-12-05 19:11:21 +01:00