clone/pico-fido
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-fido synced 2026-06-05 04:19:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
851 Commits 2 Branches 31 Tags
9ffcfb4bebc1304b9b4614b44ef86de637994f7f
Commit Graph

109 Commits

Author SHA1 Message Date
Pol Henarejos
3ccd6e827f Add cancel button event. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-06-01 01:43:25 +02:00
Pol Henarejos
6aa986ca06 Use ecp keypair calc public instead. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-05-01 21:01:45 +02:00
Pol Henarejos
342ae90df8 Upgrade PicoKeys SDK 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-05-01 18:30:19 +02:00
Pol Henarejos
b88e52971f Use device key encryption v2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-27 17:36:28 +01:00
Pol Henarejos
f658ef6eab Remove unused MKEK system. 
Since previous releases, DKEK is double-encrypted with AAD, with OTP and PIN derivation, making not necessary an additional MKEK.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-12 23:41:22 +01:00
Pol Henarejos
24978a5476 Apply strict build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-08 19:27:32 +01:00
Pol Henarejos
d8ccf9bd28 Add vendor Admin PIN. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-07 11:36:52 +01:00
Pol Henarejos
ac0462525a Fix curve25519 translation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-03 20:16:52 +01:00
Pol Henarejos
31a6315721 Transmit CBOR errors in SW x64 with CCID. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-26 17:22:00 +01:00
Pol Henarejos
18d68d7e05 Fix needs power cycle logic. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 00:57:31 +01:00
Pol Henarejos
c8d62de621 Add vendor commands via CCID 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 00:26:51 +01:00
Pol Henarejos
aa9df892d3 Revert "Move EDDSA to another branch." 
This reverts commit 1867f0330f.
 2025-12-11 15:41:47 +01:00
Pol Henarejos
7ac2ce30f0 Revert "Move other curves to another branch." 
This reverts commit 46720fb387.
 2025-12-11 15:40:16 +01:00
Pol Henarejos
46720fb387 Move other curves to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 18:52:13 +01:00
Pol Henarejos
1867f0330f Move EDDSA to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 15:56:31 +01:00
Pol Henarejos
a59cdef8e6 Merge branch 'main' into development 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

# Conflicts:
#	pico-keys-sdk
 2025-10-26 20:12:26 +01:00
Pol Henarejos
d4f2d04487 Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:10:06 +01:00
Pol Henarejos
6b93938040 Fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-12 18:56:14 +02:00
Pol Henarejos
898c88dc6d Migration to the new system of secure functions to derive keys based on OTP, if available, and pico_serial as a fallback. PIN is also an input vector, which defines a separated domain. 
PIN is used to derive encryption key, derive session key and derive verifier. From session key is derived encryption key. As a consequence, MKEK functionalities are not necessary anymore, since key device is handled by this new set directly. Some MKEK functions are left for compatibility purposes and for the silent migration to new format.  It also applies for double_hash_pin and hash_multi, which are deprecated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-08 00:33:23 +02:00
Pol Henarejos
eae22a97fb Fix conditional build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-23 17:17:01 +02:00
Pol Henarejos
665f029593 Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:41:55 +02:00
Pol Henarejos
b25e4bed6c Fix build for non-pico boards. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-22 23:35:55 +02:00
Pol Henarejos
48cc417546 Added support for Brainpool curves and Ed448. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-09-02 15:49:39 +02:00
Pol Henarejos
f7ba3eec38 Fix crash APDU with CBOR. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-29 01:19:54 +02:00
Pol Henarejos
73a7856866 Add support for persistentPinUvAuthToken. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-08-28 00:17:57 +02:00
Pol Henarejos
513642663b Move PRODUCT def to another file. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-05-24 14:49:15 +02:00
Pol Henarejos
e4ed703b6b Rename scan_files to scan_files_fido 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-05-24 14:25:33 +02:00
Pol Henarejos
b91ece8ec3 Add EDDSA support as a conditional build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-21 19:00:44 +01:00
Pol Henarejos
d6a060f214 Upgrade to v6.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-15 15:38:55 +01:00
Pol Henarejos
77dd1c4b98 Fix OTP/MKEK secure system. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-08 17:25:04 +01:00
Pol Henarejos
6a67800057 Add support for PIN hash storage and MKEK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-03 01:20:58 +01:00
Pol Henarejos
1f805b1df2 Use more uint16 funcs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-23 21:25:46 +01:00
Pol Henarejos
d5af2cd8ed Remove ENABLE_UP_BUTTON macro. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-25 12:59:25 +01:00
Pol Henarejos
c443dec4a0 Upgrade to version 6.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-10 01:50:22 +01:00
Pol Henarejos
730e76af75 Enable OTP master key for ESP32-S3. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-10 01:07:31 +01:00
Pol Henarejos
77c3568885 Add PICO_PRODUCT. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 00:23:04 +01:00
Pol Henarejos
3fad6baf89 Rename CCID_ code names to PICOKEY_ 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-05 18:21:42 +01:00
Pol Henarejos
c43006f8c2 Protect keydev if available (only for RP2350). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-12 19:01:04 +02:00
Pol Henarejos
8ae4ab5af4 Upgrade to version 5.12 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-02 20:21:58 +02:00
Pol Henarejos
902a988350 Fix memory cleanups. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-24 02:34:15 +02:00
Pol Henarejos
6c74db9763 Fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-23 13:17:51 +02:00
Pol Henarejos
f49833291f Major refactor of USB CCID and USB HID interfaces. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-23 10:04:00 +02:00
Pol Henarejos
8c1e002892 select_app now invokes U2F or FIDO depending on the message. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-20 14:29:25 +02:00
Pol Henarejos
d2c25b69bc Merge branch 'main' into eddsa 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-20 10:18:08 +02:00
Pol Henarejos
1b4dd9bed0 Fix ESP32 build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-18 23:53:18 +02:00
Pol Henarejos
e96da09a84 Fixes for mbedtls 3.6 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-07-20 20:04:48 +02:00
Pol Henarejos
1f0e1fb8f4 Use latest Pico Keys SDK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-05-05 00:58:51 +02:00
Pol Henarejos
eb2c92bc5c Merge branch 'development' into eddsa 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-21 13:01:10 +01:00
Pol Henarejos
195096ad52 otp must be initialized when selection fido or management applets. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-16 20:12:48 +01:00
Pol Henarejos
ffb3beb84a Fix build in emulation mode. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-11-06 15:32:25 +01:00