Upgrading to version 2.0.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
low_flash_available() should be called outside.
2026-05-31 10:31:23 +02:00 · 2022-06-06 00:11:24 +02:00 · 2022-06-03 20:11:14 +02:00 · 2022-06-03 16:04:31 +02:00 · 2022-06-03 11:16:25 +02:00 · 2022-06-01 12:57:24 +02:00
24 changed files with 5067 additions and 1428 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,3 @@
 [submodule "mbedtls"]
 	path = mbedtls
 	url = https://github.com/ARMmbed/mbedtls
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,20 +36,20 @@ if (NOT DEFINED USB_PID)
    set(USB_PID 0xFCFD)
 endif()
 add_definitions(-DUSB_PID=${USB_PID})
 configure_file(${CMAKE_CURRENT_LIST_DIR}/config/mbedtls_config.h ${CMAKE_CURRENT_LIST_DIR}/mbedtls/include/mbedtls COPYONLY)
 set_source_files_properties(
        ${CMAKE_CURRENT_LIST_DIR}/OpenSC/src/libopensc/ctx.c
        PROPERTIES COMPILE_DEFINITIONS "PACKAGE_VERSION=\"0.22.0\";OPENSC_CONF_PATH=\".\"" 
        )
 target_sources(pico_ccid PUBLIC
-        ${CMAKE_CURRENT_LIST_DIR}/src/ccid/ccid2040.c
+        ${CMAKE_CURRENT_LIST_DIR}/src/usb/usb.c
        ${CMAKE_CURRENT_LIST_DIR}/src/usb/usb_descriptors.c
        ${CMAKE_CURRENT_LIST_DIR}/src/ccid/ccid2040.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fs/file.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fs/flash.c
        ${CMAKE_CURRENT_LIST_DIR}/src/fs/low_flash.c
        ${CMAKE_CURRENT_LIST_DIR}/src/rng/random.c
        ${CMAKE_CURRENT_LIST_DIR}/src/rng/neug.c
        ${CMAKE_CURRENT_LIST_DIR}/src/ccid/eac.c
        ${CMAKE_CURRENT_LIST_DIR}/src/ccid/crypto_utils.c
        ${CMAKE_CURRENT_LIST_DIR}/src/ccid/asn1.c
        )
 target_include_directories(pico_ccid PUBLIC
@@ -57,10 +57,15 @@ target_include_directories(pico_ccid PUBLIC
        ${CMAKE_CURRENT_LIST_DIR}/src/ccid
        ${CMAKE_CURRENT_LIST_DIR}/src/rng
        ${CMAKE_CURRENT_LIST_DIR}/src/usb
        ${CMAKE_CURRENT_LIST_DIR}/mbedtls/include
        ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library
        )
-        
+
 target_compile_options(pico_ccid PUBLIC
    -Wall
    -Werror
 )
 pico_add_extra_outputs(pico_ccid)
-#target_compile_definitions(pico_ccid PRIVATE MBEDTLS_ECDSA_DETERMINISTIC=1)
+target_link_libraries(pico_ccid PRIVATE pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
 target_link_libraries(pico_ccid PRIVATE pico_stdlib tinyusb_device tinyusb_board pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc)
--- a/config/mbedtls_config.h
+++ b/config/mbedtls_config.h
--- a/1
+++ b/1
--- a/src/ccid/asn1.c
+++ b/src/ccid/asn1.c
@@ -0,0 +1,91 @@
 /* 
 * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "asn1.h"
 size_t asn1_len_tag(uint16_t tag, size_t len) {
    size_t ret = 1+format_tlv_len(len, NULL)+len;
    if (tag > 0x00ff)
        return ret+1;
    return ret;
 }
 int format_tlv_len(size_t len, uint8_t *out) {
    if (len < 128) {
        if (out)
            *out = len;
        return 1;
    }
    else if (len < 256) {
        if (out) {
            *out++ = 0x81;
            *out++ = len;
        }
        return 2;
    }
    else {
        if (out) {
            *out++ = 0x82;
            *out++ = (len >> 8) & 0xff;
            *out++ = len & 0xff;
        }
        return 3;
    }
    return 0;
 }
 int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint16_t *tag, size_t *tag_len, uint8_t **data) {
    if (!p)
        return 0;
    if (!*p)
        *p = (uint8_t *)cdata;
    if (*p-cdata >= cdata_len)
        return 0;
    uint16_t tg = 0x0;
    size_t tgl = 0;
    tg = *(*p)++;
    if ((tg & 0x1f) == 0x1f) {
        tg <<= 8;
        tg |= *(*p)++;
    }    
    tgl = *(*p)++;
    if (tgl == 0x82) {
        tgl = *(*p)++ << 8;
        tgl |= *(*p)++;
    }
    else if (tgl == 0x81) {
        tgl = *(*p)++;
    }
    if (tag)
        *tag = tg;
    if (tag_len)
        *tag_len = tgl;
    if (data)
        *data = *p;
    *p = *p+tgl;
    return 1;
 }
 bool asn1_find_tag(const uint8_t *data, size_t data_len, uint16_t itag, size_t *tag_len, uint8_t **tag_data) {
    uint16_t tag = 0x0;
    uint8_t *p = NULL;
    while (walk_tlv(data, data_len, &p, &tag, tag_len, tag_data)) {
        if (itag == tag)
            return true;
    }
    return false;
 }
--- a/src/ccid/asn1.h
+++ b/src/ccid/asn1.h
@@ -0,0 +1,29 @@
 /* 
 * This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _ASN1_H_
 #define _ASN1_H_
 #include <stdlib.h>
 #include "pico/stdlib.h"
 extern int walk_tlv(const uint8_t *cdata, size_t cdata_len, uint8_t **p, uint16_t *tag, size_t *tag_len, uint8_t **data);
 extern int format_tlv_len(size_t len, uint8_t *out);
 extern bool asn1_find_tag(const uint8_t *data, size_t data_len, uint16_t itag, size_t *tag_len, uint8_t **tag_data);
 extern size_t asn1_len_tag(uint16_t tag, size_t len);
 #endif
--- a/src/ccid/ccid2040.c
+++ b/src/ccid/ccid2040.c
--- a/src/ccid/ccid2040.h
+++ b/src/ccid/ccid2040.h
@@ -18,11 +18,10 @@
 #ifndef _CCID2040_H_
 #define _CCID2040_H_
 #include "ccid.h"
 #include "tusb.h"
 #include "file.h"
 #include "pico/unique_id.h"
 #include "pico/util/queue.h"
 #include <string.h> 
 #define USB_REQ_CCID        0xA1
@@ -40,7 +39,7 @@ extern const uint8_t historical_bytes[];
 #define DEBUG_PAYLOAD(p,s) { \
    printf("Payload %s (%d bytes):\r\n", #p,s);\
    for (int i = 0; i < s; i += 16) {\
-        printf("%07Xh : ",i+p);\
+        printf("%07Xh : ",(unsigned int)(i+p));\
        for (int j = 0; j < 16; j++) {\
            if (j < s-i) printf("%02X ",(p)[i+j]);\
            else printf("   ");\
@@ -54,20 +53,16 @@ extern const uint8_t historical_bytes[];
        } printf("\r\n"); \
    }
 struct apdu {
-  uint8_t seq;
+    uint8_t *header;
-
+    uint32_t nc;
-  /* command APDU */
+    uint32_t ne;
-  uint8_t *cmd_apdu_head;	/* CLS INS P1 P2 [ internal Lc ] */
+    uint8_t *data;
-  uint8_t *cmd_apdu_data;
+    uint16_t sw;
-  size_t cmd_apdu_data_len;	/* Nc, calculated by Lc field */
+    uint8_t *rdata;
-  size_t expected_res_size;	/* Ne, calculated by Le field */
+    uint16_t rlen;
-
+} __packed;
  /* response APDU */
  uint16_t sw;
  uint16_t res_apdu_data_len;
  uint8_t *res_apdu_data;
 };
 #define MAX_CMD_APDU_DATA_SIZE (24+4+512*4)
 #define MAX_RES_APDU_DATA_SIZE (5+9+512*4)
@@ -87,11 +82,8 @@ struct apdu {
 #define EV_VERIFY_CMD_AVAILABLE   2
 #define EV_CMD_AVAILABLE          4
 #define EV_EXIT                   8
-#define EV_BUTTON_PRESSED        16
+#define EV_BUTTON_TIMEOUT        16
-
+#define EV_BUTTON_PRESSED        32
 //Variables set by core1
 extern queue_t *ccid_comm;
 extern queue_t *card_comm;
 enum ccid_state {
    CCID_STATE_NOCARD,		/* No card available */
@@ -106,13 +98,13 @@ enum ccid_state {
    CCID_STATE_EXEC_REQUESTED,	/* Exec requested */
 };
-#define CLA(a) a.cmd_apdu_head[0]
+#define CLA(a) a.header[0]
-#define INS(a) a.cmd_apdu_head[1]
+#define INS(a) a.header[1]
-#define P1(a) a.cmd_apdu_head[2]
+#define P1(a) a.header[2]
-#define P2(a) a.cmd_apdu_head[3]
+#define P2(a) a.header[3]
-#define res_APDU apdu.res_apdu_data
+#define res_APDU apdu.rdata
-#define res_APDU_size apdu.res_apdu_data_len
+#define res_APDU_size apdu.rlen
 extern struct apdu apdu;
@@ -130,6 +122,11 @@ static inline const void put_uint16_t(uint16_t n, uint8_t *b) {
    *b = n & 0xff;
 }
 extern const uint8_t *ccid_atr;
 extern queue_t ccid_to_card_q;
 extern queue_t card_to_ccid_q;
 #ifdef DEBUG
 void stdout_init (void);
--- a/src/ccid/ccid_version.h
+++ b/src/ccid/ccid_version.h
@@ -18,10 +18,10 @@
 #ifndef __VERSION_H_
 #define __VERSION_H_
-#define HSM_VERSION 0x010C
+#define CCID_VERSION 0x0200
-#define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff)
+#define CCID_VERSION_MAJOR ((CCID_VERSION >> 8) & 0xff)
-#define HSM_VERSION_MINOR (HSM_VERSION & 0xff)
+#define CCID_VERSION_MINOR (CCID_VERSION & 0xff)
 #endif
--- a/src/ccid/crypto_utils.c
+++ b/src/ccid/crypto_utils.c
@@ -0,0 +1,146 @@
 /* 
 * This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #include <pico/unique_id.h>
 #include "mbedtls/md.h"
 #include "mbedtls/sha256.h"
 #include "mbedtls/aes.h"
 #include "crypto_utils.h"
 #include "ccid2040.h"
 void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]) {
    uint8_t o1[32];
    hash_multi(pin, len, o1);
    for (int i = 0; i < sizeof(o1); i++)
        o1[i] ^= pin[i%len];
    hash_multi(o1, sizeof(o1), output);
 }
 void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]) {
    mbedtls_sha256_context ctx;
    mbedtls_sha256_init(&ctx);
    int iters = 256;
    pico_unique_board_id_t unique_id;
    pico_get_unique_board_id(&unique_id);
    mbedtls_sha256_starts (&ctx, 0);
    mbedtls_sha256_update (&ctx, unique_id.id, sizeof(unique_id.id));
    while (iters > len)
    {
        mbedtls_sha256_update (&ctx, input, len);
        iters -= len;
    }
    if (iters > 0) // remaining iterations
        mbedtls_sha256_update (&ctx, input, iters);
    mbedtls_sha256_finish (&ctx, output);
    mbedtls_sha256_free (&ctx);
 }
 void hash256(const uint8_t *input, size_t len, uint8_t output[32]) {
    mbedtls_sha256_context ctx;
    mbedtls_sha256_init(&ctx);
    mbedtls_sha256_starts (&ctx, 0);
    mbedtls_sha256_update (&ctx, input, len);
    mbedtls_sha256_finish (&ctx, output);
    mbedtls_sha256_free (&ctx);
 }
 void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output) {
    mbedtls_md_context_t ctx;
    mbedtls_md_init(&ctx);
    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md);
    mbedtls_md_setup(&ctx, md_info, 0);
    mbedtls_md_starts(&ctx);
    mbedtls_md_update(&ctx, input, len);
    mbedtls_md_finish(&ctx, output);
    mbedtls_md_free(&ctx);   
 }
 int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len) {
    mbedtls_aes_context aes;
    mbedtls_aes_init(&aes);
    uint8_t tmp_iv[IV_SIZE];
    size_t iv_offset = 0;
    memset(tmp_iv, 0, IV_SIZE);
    if (iv)
        memcpy(tmp_iv, iv, IV_SIZE);
    int r = mbedtls_aes_setkey_enc(&aes, key, key_size);
    if (r != 0)
        return CCID_EXEC_ERROR;
    if (mode == HSM_AES_MODE_CBC)
        return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, len, tmp_iv, data, data);
    return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, len, &iv_offset, tmp_iv, data, data);
 }
 int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len) {
    mbedtls_aes_context aes;
    mbedtls_aes_init(&aes);
    uint8_t tmp_iv[IV_SIZE];
    size_t iv_offset = 0;
    memset(tmp_iv, 0, IV_SIZE);
    if (iv)
        memcpy(tmp_iv, iv, IV_SIZE);
    int r = mbedtls_aes_setkey_dec(&aes, key, key_size);
    if (r != 0)
        return CCID_EXEC_ERROR;
    if (mode == HSM_AES_MODE_CBC)
        return mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_DECRYPT, len, tmp_iv, data, data);
    r = mbedtls_aes_setkey_enc(&aes, key, key_size); //CFB requires set_enc instead set_dec
    return mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_DECRYPT, len, &iv_offset, tmp_iv, data, data);
 }
 int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
    return aes_encrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
 }
 int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len) {
    return aes_decrypt(key, iv, 256, HSM_AES_MODE_CFB, data, len);
 }
 struct lv_data {
    unsigned char *value;
    uint8_t len;
 };
 struct ec_curve_mbed_id {
    struct lv_data curve;
    mbedtls_ecp_group_id id;
 };
 struct ec_curve_mbed_id ec_curves_mbed[] = {
    {   { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 24}, MBEDTLS_ECP_DP_SECP192R1 },
    {   { (unsigned char *) "\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 32}, MBEDTLS_ECP_DP_SECP256R1 },
    {   { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF", 48}, MBEDTLS_ECP_DP_SECP384R1 },
    {   { (unsigned char *) "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 66}, MBEDTLS_ECP_DP_SECP521R1 },
    {   { (unsigned char *) "\xA9\xFB\x57\xDB\xA1\xEE\xA9\xBC\x3E\x66\x0A\x90\x9D\x83\x8D\x72\x6E\x3B\xF6\x23\xD5\x26\x20\x28\x20\x13\x48\x1D\x1F\x6E\x53\x77", 32}, MBEDTLS_ECP_DP_BP256R1 },
    {   { (unsigned char *) "\x8C\xB9\x1E\x82\xA3\x38\x6D\x28\x0F\x5D\x6F\x7E\x50\xE6\x41\xDF\x15\x2F\x71\x09\xED\x54\x56\xB4\x12\xB1\xDA\x19\x7F\xB7\x11\x23\xAC\xD3\xA7\x29\x90\x1D\x1A\x71\x87\x47\x00\x13\x31\x07\xEC\x53", 48}, MBEDTLS_ECP_DP_BP384R1 },
    {   { (unsigned char *) "\xAA\xDD\x9D\xB8\xDB\xE9\xC4\x8B\x3F\xD4\xE6\xAE\x33\xC9\xFC\x07\xCB\x30\x8D\xB3\xB3\xC9\xD2\x0E\xD6\x63\x9C\xCA\x70\x33\x08\x71\x7D\x4D\x9B\x00\x9B\xC6\x68\x42\xAE\xCD\xA1\x2A\xE6\xA3\x80\xE6\x28\x81\xFF\x2F\x2D\x82\xC6\x85\x28\xAA\x60\x56\x58\x3A\x48\xF3", 64}, MBEDTLS_ECP_DP_BP512R1 },
    {   { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xEE\x37", 24}, MBEDTLS_ECP_DP_SECP192K1 },
    {   { (unsigned char *) "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFC\x2F", 32}, MBEDTLS_ECP_DP_SECP256K1 },
    {   { NULL, 0 }, MBEDTLS_ECP_DP_NONE }
 };
 mbedtls_ecp_group_id ec_get_curve_from_prime(const uint8_t *prime, size_t prime_len) {
    for (struct ec_curve_mbed_id *ec = ec_curves_mbed; ec->id != MBEDTLS_ECP_DP_NONE; ec++) {
        if (prime_len == ec->curve.len && memcmp(prime, ec->curve.value, prime_len) == 0) {
            return ec->id;
        }
    }
    return MBEDTLS_ECP_DP_NONE;
 }
--- a/src/ccid/crypto_utils.h
+++ b/src/ccid/crypto_utils.h
@@ -0,0 +1,48 @@
 /* 
 * This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _CRYPTO_UTILS_H_
 #define _CRYPTO_UTILS_H_
 #include "stdlib.h"
 #include "pico/stdlib.h"
 #include "mbedtls/ecp.h"
 #include "mbedtls/md.h"
 #define HSM_KEY_RSA                 0x1
 #define HSM_KEY_EC                  0x10
 #define HSM_KEY_AES                 0x100
 #define HSM_KEY_AES_128             0x300
 #define HSM_KEY_AES_192             0x500
 #define HSM_KEY_AES_256             0x900
 #define HSM_AES_MODE_CBC            1
 #define HSM_AES_MODE_CFB            2
 #define IV_SIZE 16
 extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]);
 extern void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]);
 extern void hash256(const uint8_t *input, size_t len, uint8_t output[32]);
 extern void generic_hash(mbedtls_md_type_t md, const uint8_t *input, size_t len, uint8_t *output);
 extern int aes_encrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len);
 extern int aes_decrypt(const uint8_t *key, const uint8_t *iv, int key_size, int mode, uint8_t *data, int len);
 extern int aes_encrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len);
 extern int aes_decrypt_cfb_256(const uint8_t *key, const uint8_t *iv, uint8_t *data, int len);
 extern mbedtls_ecp_group_id ec_get_curve_from_prime(const uint8_t *prime, size_t prime_len);
 #endif
--- a/src/ccid/eac.c
+++ b/src/ccid/eac.c
@@ -0,0 +1,275 @@
 /* 
 * This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "eac.h"
 #include "crypto_utils.h"
 #include "random.h"
 #include "mbedtls/cmac.h"
 #include "asn1.h"
 static uint8_t nonce[8];
 static uint8_t sm_kmac[16];
 static uint8_t sm_kenc[16];
 static MSE_protocol sm_protocol = MSE_NONE;
 static mbedtls_mpi sm_mSSC;
 static uint8_t sm_blocksize = 0;
 static uint8_t sm_iv[16];
 size_t sm_session_pin_len = 0;
 uint8_t sm_session_pin[16];
 bool is_secured_apdu() {
    return (CLA(apdu) & 0xC);
 }
 void sm_derive_key(const uint8_t *input, size_t input_len, uint8_t counter, const uint8_t *nonce, size_t nonce_len, uint8_t *out) {
    uint8_t *b = (uint8_t *)calloc(1, input_len+nonce_len+4);
    if (input)
        memcpy(b, input, input_len);
    if (nonce)
        memcpy(b+input_len, nonce, nonce_len);
    b[input_len+nonce_len+3] = counter;
    uint8_t digest[20];
    generic_hash(MBEDTLS_MD_SHA1, b, input_len+nonce_len+4, digest);
    memcpy(out, digest, 16);
    free(b);
 }
 void sm_derive_all_keys(const uint8_t *derived, size_t derived_len) {
    memcpy(nonce, random_bytes_get(8), 8);
    sm_derive_key(derived, derived_len, 1, nonce, sizeof(nonce), sm_kenc);
    sm_derive_key(derived, derived_len, 2, nonce, sizeof(nonce), sm_kmac);
    mbedtls_mpi_init(&sm_mSSC);
    mbedtls_mpi_grow(&sm_mSSC, sm_blocksize);
    mbedtls_mpi_lset(&sm_mSSC, 0);
    memset(sm_iv, 0, sizeof(sm_iv));
    sm_session_pin_len = 0;
 }
 void sm_set_protocol(MSE_protocol proto) {
    sm_protocol = proto;
    if (proto == MSE_AES)
        sm_blocksize = 16;
    else if (proto == MSE_3DES)
        sm_blocksize = 8;
 }
 MSE_protocol sm_get_protocol() {
    return sm_protocol;
 }
 uint8_t *sm_get_nonce() {
    return nonce;
 }
 int sm_sign(uint8_t *in, size_t in_len, uint8_t *out) {
    return mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB), sm_kmac, 128, in, in_len, out);
 }
 int sm_unwrap() {
    uint8_t sm_indicator = (CLA(apdu) >> 2) & 0x3;
    if (sm_indicator == 0)
        return CCID_OK;
    int r = sm_verify();
    if (r != CCID_OK)
        return r;
    int le = sm_get_le();
    if (le >= 0)
        apdu.ne = le;
    uint8_t *body = NULL;
    size_t body_size = 0;
    bool is87 = false;
    uint16_t tag = 0x0;
    uint8_t *tag_data = NULL, *p = NULL;
    size_t tag_len = 0;    
    while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
        if (tag == 0x87 || tag == 0x85) {
            body = tag_data;
            body_size = tag_len;
            if (tag == 0x87) {
                is87 = true;
                body_size--;
            }
        }
    }
    if (!body)
        return CCID_WRONG_DATA;
    if (is87 && *body++ != 0x1) {
        return CCID_WRONG_PADDING;
    }
    sm_update_iv();
    aes_decrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, body, body_size);
    memmove(apdu.data, body, body_size);
    apdu.nc = sm_remove_padding(apdu.data, body_size);
    DEBUG_PAYLOAD(apdu.data, (int)apdu.nc);
    return CCID_OK;
 }
 int sm_wrap() {
    uint8_t sm_indicator = (CLA(apdu) >> 2) & 0x3;
    if (sm_indicator == 0)
        return CCID_OK;
    uint8_t input[1024];
    size_t input_len = 0;
    memset(input, 0, sizeof(input));
    mbedtls_mpi ssc;
    mbedtls_mpi_init(&ssc);
    mbedtls_mpi_add_int(&ssc, &sm_mSSC, 1);
    mbedtls_mpi_copy(&sm_mSSC, &ssc);
    int r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize);
    if (r != 0)
        return CCID_EXEC_ERROR;
    input_len += sm_blocksize;
    mbedtls_mpi_free(&ssc);
    if (res_APDU_size > 0) {
        res_APDU[res_APDU_size++] = 0x80;
        memset(res_APDU+res_APDU_size, 0, (sm_blocksize - (res_APDU_size%sm_blocksize)));
        res_APDU_size += (sm_blocksize - (res_APDU_size%sm_blocksize));
        DEBUG_PAYLOAD(res_APDU, res_APDU_size);
        sm_update_iv();
        aes_encrypt(sm_kenc, sm_iv, 128, HSM_AES_MODE_CBC, res_APDU, res_APDU_size);
        memmove(res_APDU+1, res_APDU, res_APDU_size);
        res_APDU[0] = 0x1;
        res_APDU_size++;
        if (res_APDU_size < 128) {
            memmove(res_APDU+2, res_APDU, res_APDU_size);
            res_APDU[1] = res_APDU_size;
            res_APDU_size += 2;
        }
        else if (res_APDU_size < 256) {
            memmove(res_APDU+3, res_APDU, res_APDU_size);
            res_APDU[1] = 0x81;
            res_APDU[2] = res_APDU_size;
            res_APDU_size += 3;
        }
        else {
            memmove(res_APDU+4, res_APDU, res_APDU_size);
            res_APDU[1] = 0x82;
            res_APDU[2] = res_APDU_size >> 8;
            res_APDU[3] = res_APDU_size & 0xff;
            res_APDU_size += 4;
        }
        res_APDU[0] = 0x87;
    }
    res_APDU[res_APDU_size++] = 0x99;
    res_APDU[res_APDU_size++] = 2;
    res_APDU[res_APDU_size++] = apdu.sw >> 8;
    res_APDU[res_APDU_size++] = apdu.sw & 0xff;
    memcpy(input+input_len, res_APDU, res_APDU_size);
    input_len += res_APDU_size;
    input[input_len++] = 0x80;
    input_len += (sm_blocksize - (input_len%sm_blocksize));
    r = sm_sign(input, input_len, res_APDU+res_APDU_size+2);
    res_APDU[res_APDU_size++] = 0x8E;
    res_APDU[res_APDU_size++] = 8;
    res_APDU_size += 8;
    if (apdu.ne > 0)
        apdu.ne = res_APDU_size;
    return CCID_OK;
 }
 int sm_get_le() {
    uint16_t tag = 0x0;
    uint8_t *tag_data = NULL, *p = NULL;
    size_t tag_len = 0;    
    while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
        if (tag == 0x97) {
            uint32_t le = 0;
            for (int t = 1; t <= tag_len; t++)
                le |= (*tag_data++) << (tag_len-t);
            return le;
        }
    }
    return -1;
 }
 void sm_update_iv() {
    uint8_t tmp_iv[16], sc_counter[16];
    memset(tmp_iv, 0, sizeof(tmp_iv)); //IV is always 0 for encryption of IV based on counter
    mbedtls_mpi_write_binary(&sm_mSSC, sc_counter, sizeof(sc_counter));
    aes_encrypt(sm_kenc, tmp_iv, 128, HSM_AES_MODE_CBC, sc_counter, sizeof(sc_counter));
    memcpy(sm_iv, sc_counter, sizeof(sc_counter));
 }
 int sm_verify() {
    uint8_t input[1024];
    memset(input, 0, sizeof(input));
    int input_len = 0, r = 0;
    bool add_header = (CLA(apdu) & 0xC) == 0xC;
    int data_len = (int)(apdu.nc/sm_blocksize)*sm_blocksize;
    if (data_len % sm_blocksize)
        data_len += sm_blocksize;
    if (data_len+(add_header ? sm_blocksize : 0) > 1024)
        return CCID_WRONG_LENGTH;
    mbedtls_mpi ssc;
    mbedtls_mpi_init(&ssc);
    mbedtls_mpi_add_int(&ssc, &sm_mSSC, 1);
    mbedtls_mpi_copy(&sm_mSSC, &ssc);
    r = mbedtls_mpi_write_binary(&ssc, input, sm_blocksize);
    input_len += sm_blocksize;
    mbedtls_mpi_free(&ssc);
    if (r != 0)
        return CCID_EXEC_ERROR;
    if (add_header) {
        input[input_len++] = CLA(apdu);
        input[input_len++] = INS(apdu);
        input[input_len++] = P1(apdu);
        input[input_len++] = P2(apdu);
        input[input_len++] = 0x80;
        input_len += sm_blocksize-5;
    }
    bool some_added = false;
    const uint8_t *mac = NULL;
    size_t mac_len = 0;
    uint16_t tag = 0x0;
    uint8_t *tag_data = NULL, *p = NULL;
    size_t tag_len = 0;    
    while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) {
        if (tag & 0x1) {
            input[input_len++] = tag;
            int tlen = format_tlv_len(tag_len, input+input_len);
            input_len += tlen;
            memcpy(input+input_len, tag_data, tag_len);
            input_len += tag_len;
            some_added = true;
        }
        if (tag == 0x8E) {
            mac = tag_data;
            mac_len = tag_len;
        }
    }
    if (!mac)
        return CCID_WRONG_DATA;
    if (some_added) {
        input[input_len++] = 0x80;
        input_len += (sm_blocksize - (input_len%sm_blocksize));
    }
    uint8_t signature[16];
    r = sm_sign(input, input_len, signature);
    if (r != 0)
        return CCID_EXEC_ERROR;
    if (memcmp(signature, mac, mac_len) == 0)
        return CCID_OK;
    return CCID_VERIFICATION_FAILED;
 }
 int sm_remove_padding(const uint8_t *data, size_t data_len) {
    int i = data_len-1;
    for (; i >= 0 && data[i] == 0; i--);
    if (i < 0 || data[i] != 0x80)
        return -1;
    return i;
 }
--- a/src/ccid/eac.h
+++ b/src/ccid/eac.h
@@ -0,0 +1,46 @@
 /* 
 * This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _EAC_H_
 #define _EAC_H_
 #include <stdlib.h>
 #include "pico/stdlib.h"
 #include "ccid2040.h"
 typedef enum MSE_protocol {
    MSE_AES = 0,
    MSE_3DES,
    MSE_NONE
 }MSE_protocol;
 extern void sm_derive_all_keys(const uint8_t *input, size_t input_len);
 extern void sm_set_protocol(MSE_protocol proto);
 extern MSE_protocol sm_get_protocol();
 extern uint8_t *sm_get_nonce();
 extern int sm_sign(uint8_t *in, size_t in_len, uint8_t *out);
 int sm_verify();
 void sm_update_iv();
 int sm_get_le();
 extern int sm_unwrap();
 int sm_remove_padding(const uint8_t *data, size_t data_len);
 extern int sm_wrap();
 extern bool is_secured_apdu();
 extern uint8_t sm_session_pin[16];
 extern size_t sm_session_pin_len;
 #endif
--- a/src/fs/file.c
+++ b/src/fs/file.c
@@ -16,13 +16,15 @@
 */
 #include "file.h"
 #include "tusb.h"
 #include "ccid2040.h"
 #include <string.h>
 #include <stdio.h>
 #include "asn1.h"
 extern const uintptr_t end_data_pool;
 extern const uintptr_t start_data_pool;
 extern int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len);
 extern int flash_write_data_to_file_offset(file_t *file, const uint8_t *data, uint16_t len, uint16_t offset);
 extern int flash_program_halfword (uintptr_t addr, uint16_t data);
 extern int flash_program_word (uintptr_t addr, uint32_t data);
 extern int flash_program_uintptr (uintptr_t addr, uintptr_t data);
@@ -34,11 +36,14 @@ extern uint8_t *flash_read(uintptr_t addr);
 extern void low_flash_available();
 //puts FCI in the RAPDU
-void process_fci(const file_t *pe) {
+void process_fci(const file_t *pe, int fmd) {
    uint8_t *p = res_APDU;
    uint8_t buf[64];
    res_APDU_size = 0;
-    res_APDU[res_APDU_size++] = 0x6f;
+    if (fmd) {
        res_APDU[res_APDU_size++] = 0x6f;
        res_APDU[res_APDU_size++] = 0x00; //computed later
    }
    res_APDU[res_APDU_size++] = 0x62;
    res_APDU[res_APDU_size++] = 0x00; //computed later
    res_APDU[res_APDU_size++] = 0x81;
@@ -73,10 +78,29 @@ void process_fci(const file_t *pe) {
    res_APDU[res_APDU_size++] = 2;
    put_uint16_t(pe->fid, res_APDU+res_APDU_size);
    res_APDU_size += 2;
    if (pe->name) {
        res_APDU[res_APDU_size++] = 0x84;
        res_APDU[res_APDU_size++] = MIN(pe->name[0],16);
        memcpy(res_APDU+res_APDU_size, pe->name+2, MIN(pe->name[0],16));
        res_APDU_size += MIN(pe->name[0],16);
    }
    memcpy(res_APDU+res_APDU_size, "\x8A\x01\x05", 3); //life-cycle (5 -> activated)
    res_APDU_size += 3;
    uint8_t *meta_data = NULL;
    uint8_t meta_size = meta_find(pe->fid, &meta_data);
    if (meta_size > 0 && meta_data != NULL) {
        res_APDU[res_APDU_size++] = 0xA5;
        res_APDU[res_APDU_size++] = 0x81;
        res_APDU[res_APDU_size++] = meta_size;
        memcpy(res_APDU+res_APDU_size,meta_data,meta_size);
        res_APDU_size += meta_size;
    }
    res_APDU[1] = res_APDU_size-2;
    if (fmd)
        res_APDU[3] = res_APDU_size-4;
 }
-#define MAX_DYNAMIC_FILES 64
+#define MAX_DYNAMIC_FILES 128
 uint16_t dynamic_files = 0;
 file_t dynamic_file[MAX_DYNAMIC_FILES];
@@ -96,7 +120,7 @@ file_t *get_parent(file_t *f) {
 file_t *search_by_name(uint8_t *name, uint16_t namelen) {
    for (file_t *p = file_entries; p != file_last; p++) {
-        if (p->name && *p->name == apdu.cmd_apdu_data_len && memcmp(p->name+1, name, namelen) == 0) {
+        if (p->name && *p->name == apdu.nc && memcmp(p->name+1, name, namelen) == 0) {
            return p;
        }
    }
@@ -160,9 +184,9 @@ bool authenticate_action(const file_t *ef, uint8_t op) {
        return true;
    else if (acl == 0xff)
        return false;
-    else if (acl == 0x90 || acl & 0x9F == 0x10) {
+    else if (acl == 0x90 || (acl & 0x9F) == 0x10) {
            // PIN required.
-        if(isUserAuthenticated) {
+        if (isUserAuthenticated) {
            return true;
        } 
        else {
@@ -172,15 +196,6 @@ bool authenticate_action(const file_t *ef, uint8_t op) {
    return false;
 }
 void initialize_chain(file_chain_t **chain) {
    file_chain_t *next;
    for (file_chain_t *f = *chain; f; f = next) {
        next = f->next;
        free(f);
    }
    *chain = NULL;
 }
 void initialize_flash(bool hard) {
    if (hard) {
        const uint8_t empty[8] = { 0 };
@@ -206,7 +221,6 @@ void scan_flash() {
    }
    printf("SCAN\r\n");
    uintptr_t base = flash_read_uintptr(end_data_pool);
    for (uintptr_t base = flash_read_uintptr(end_data_pool); base >= start_data_pool; base = flash_read_uintptr(base)) {
        if (base == 0x0) //all is empty
            break;
@@ -214,6 +228,9 @@ void scan_flash() {
        uint16_t fid = flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t));
        printf("[%x] scan fid %x, len %d\r\n",base,fid,flash_read_uint16(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t)));
        file_t *file = (file_t *)search_by_fid(fid, NULL, SPECIFY_EF);
        if (!file) {
            file = file_new(fid);
        }
        if (file) 
            file->data = (uint8_t *)(base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t));
        if (flash_read_uintptr(base) == 0x0) {
@@ -232,6 +249,18 @@ uint8_t file_read_uint8(const uint8_t *addr) {
    return flash_read_uint8((uintptr_t)addr);
 }
 uint8_t *file_get_data(const file_t *tf) {
    if (!tf || !tf->data)
        return NULL;
    return file_read(tf->data+sizeof(uint16_t));
 }
 uint16_t file_get_size(const file_t *tf) {
    if (!tf || !tf->data)
        return 0;
    return file_read_uint16(tf->data);
 }
 file_t *search_dynamic_file(uint16_t fid) {
    for (int i = 0; i < dynamic_files; i++) {
        if (dynamic_file[i].fid == fid)
@@ -273,22 +302,114 @@ file_t *file_new(uint16_t fid) {
    //memset((uint8_t *)f->acl, 0x90, sizeof(f->acl));
    return f;
 }
-
+int meta_find(uint16_t fid, uint8_t **out) {
-file_chain_t *add_file_to_chain(file_t *file, file_chain_t **chain) {
+    file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
-    if (search_file_chain(file->fid, *chain))
+    if (!ef)
-        return NULL;
+        return CCID_ERR_FILE_NOT_FOUND;
-    file_chain_t *fc = (file_chain_t *)malloc(sizeof(file_chain_t));
+    uint16_t tag = 0x0;
-    fc->file = file;
+    uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
-    fc->next = *chain;
+    size_t tag_len = 0, data_len = file_get_size(ef);
-    *chain = fc;
+    while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
-    return fc;
+        if (tag_len < 2)
-}
+            continue;
-
+        uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
-file_t *search_file_chain(uint16_t fid, file_chain_t *chain) {
+        if (cfid == fid) {
-    for (file_chain_t *fc = chain; fc; fc = fc->next) {
+            if (out)
-        if (fid == fc->file->fid) {
+                *out = tag_data+2;
-            return fc->file;
+            return tag_len-2;
        }
    }
-    return NULL;
+    return 0;
-}
+}
 int meta_delete(uint16_t fid) {
    file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
    if (!ef)
        return CCID_ERR_FILE_NOT_FOUND;
    uint16_t tag = 0x0;
    uint8_t *tag_data = NULL, *p = NULL, *data = file_get_data(ef);
    size_t tag_len = 0, data_len = file_get_size(ef);
    uint8_t *fdata = NULL;
    while (walk_tlv(data, data_len, &p, &tag, &tag_len, &tag_data)) {
        uint8_t *tpos = p-tag_len-format_tlv_len(tag_len, NULL)-1;
        if (tag_len < 2)
            continue;
        uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
        if (cfid == fid) {
            size_t new_len = data_len-1-tag_len-format_tlv_len(tag_len, NULL);
            fdata = (uint8_t *)calloc(1, new_len);
            if (tpos > data) {
                memcpy(fdata, data, tpos-data);
            }
            if (data+data_len > p) {
                memcpy(fdata+(tpos-data), p, data+data_len-p);
            }
            int r = flash_write_data_to_file(ef, fdata, new_len);
            free(fdata);
            if (r != CCID_OK)
                return CCID_EXEC_ERROR;
            low_flash_available();
            break;
        }
    }
    return CCID_OK;
 }
 int meta_add(uint16_t fid, const uint8_t *data, uint16_t len) {
    int r;
    file_t *ef = search_by_fid(EF_META, NULL, SPECIFY_EF);
    if (!ef)
        return CCID_ERR_FILE_NOT_FOUND;
    uint16_t ef_size = file_get_size(ef);
    uint8_t *fdata = (uint8_t *)calloc(1, ef_size);
    memcpy(fdata, file_get_data(ef), ef_size);
    uint16_t tag = 0x0;
    uint8_t *tag_data = NULL, *p = NULL;
    size_t tag_len = 0;
    while (walk_tlv(fdata, ef_size, &p, &tag, &tag_len, &tag_data)) {
        if (tag_len < 2)
            continue;
        uint16_t cfid = (tag_data[0] << 8 | tag_data[1]);
        if (cfid == fid) {
            if (tag_len-2 == len) { //an update
                memcpy(p-tag_len+2, data, len);
                r = flash_write_data_to_file(ef, fdata, ef_size);
                free(fdata);
                if (r != CCID_OK)
                    return CCID_EXEC_ERROR;
                return CCID_OK;
            }
            else { //needs reallocation
                uint8_t *tpos = p-asn1_len_tag(tag, tag_len);
                memmove(tpos, p, fdata+ef_size-p);
                tpos += fdata+ef_size-p;
                uintptr_t meta_offset = tpos-fdata;
                ef_size += len - (tag_len-2);
                if (len > tag_len-2)
                    fdata = (uint8_t *)realloc(fdata, ef_size);
                uint8_t *f = fdata+meta_offset;
                *f++ = fid & 0xff;
                f += format_tlv_len(len+2, f);
                *f++ = fid >> 8;
                *f++ = fid & 0xff;
                memcpy(f, data, len);
                r = flash_write_data_to_file(ef, fdata, ef_size);
                free(fdata);
                if (r != CCID_OK)
                    return CCID_EXEC_ERROR;
                return CCID_OK;
            }
        }
    }
    fdata = (uint8_t *)realloc(fdata, ef_size+asn1_len_tag(fid & 0x1f, len+2));
    uint8_t *f = fdata+ef_size;
    *f++ = fid & 0x1f;
    f += format_tlv_len(len+2, f);
    *f++ = fid >> 8;
    *f++ = fid & 0xff;
    memcpy(f, data, len);
    r = flash_write_data_to_file(ef, fdata, ef_size+asn1_len_tag(fid & 0x1f, len+2));
    free(fdata);
    if (r != CCID_OK)
        return CCID_EXEC_ERROR;
    return CCID_OK;
 }
--- a/src/fs/file.h
+++ b/src/fs/file.h
@@ -53,14 +53,13 @@
 #define SPECIFY_DF 0x2
 #define SPECIFY_ANY 0x3
 #define EF_DKEK     0x108F
 #define EF_PRKDFS   0x6040
 #define EF_PUKDFS   0x6041
 #define EF_CDFS     0x6042
 #define EF_AODFS    0x6043
 #define EF_DODFS    0x6044
 #define EF_SKDFS    0x6045
-#define EF_DEVOPS   0x100E
+#define EF_META     0xE010
 #define MAX_DEPTH 4
@@ -75,12 +74,6 @@ typedef struct file
    const uint8_t acl[7];
 } __attribute__((packed)) file_t;
 typedef struct file_chain
 {
    file_t *file;
    struct file_chain *next;
 } file_chain_t;
 extern file_t *currentEF;
 extern file_t *currentDF;
 extern const file_t *selected_applet;
@@ -99,7 +92,7 @@ extern file_t *search_by_fid(const uint16_t fid, const file_t *parent, const uin
 extern file_t *search_by_name(uint8_t *name, uint16_t namelen);
 extern file_t *search_by_path(const uint8_t *pe_path, uint8_t pathlen, const file_t *parent);
 extern bool authenticate_action(const file_t *ef, uint8_t op);
-extern void process_fci(const file_t *pe);
+extern void process_fci(const file_t *pe, int fmd);
 extern void scan_flash();
 extern void initialize_flash(bool);
@@ -108,6 +101,8 @@ extern file_t file_entries[];
 extern uint8_t *file_read(const uint8_t *addr);
 extern uint16_t file_read_uint16(const uint8_t *addr);
 extern uint8_t file_read_uint8(const uint8_t *addr);
 extern uint8_t *file_get_data(const file_t *tf);
 extern uint16_t file_get_size(const file_t *tf);
 extern file_t *file_new(uint16_t);
 file_t *get_parent(file_t *f);
@@ -116,9 +111,11 @@ extern file_t dynamic_file[];
 extern file_t *search_dynamic_file(uint16_t);
 extern int delete_dynamic_file(file_t *f);
 extern file_chain_t *add_file_to_chain(file_t *file, file_chain_t **chain);
 extern file_t *search_file_chain(uint16_t fid, file_chain_t *chain);
 extern bool isUserAuthenticated;
 extern int meta_find(uint16_t, uint8_t **out);
 extern int meta_delete(uint16_t fid);
 extern int meta_add(uint16_t fid, const uint8_t *data, uint16_t len);
 #endif
--- a/src/fs/flash.c
+++ b/src/fs/flash.c
@@ -22,7 +22,6 @@
 #include "pico/stdlib.h"
 #include "hardware/flash.h"
 #include "ccid2040.h"
 #include "tusb.h"
 #include "file.h"
 /*
@@ -80,7 +79,7 @@ uintptr_t allocate_free_addr(uint16_t size) {
            return 0x0;
        }
        //we check if |base-(next_addr+size_next_addr)| > |base-potential_addr| only if fid != 1xxx (not size blocked)
-        else if (addr_alg <= potential_addr && base-(next_base+flash_read_uint16(next_base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))+2*sizeof(uint16_t)+2*sizeof(uintptr_t)) > base-potential_addr && flash_read_uint16(next_base+sizeof(uintptr_t)) & 0x1000 != 0x1000) {
+        else if (addr_alg <= potential_addr && base-(next_base+flash_read_uint16(next_base+sizeof(uintptr_t)+sizeof(uintptr_t)+sizeof(uint16_t))+2*sizeof(uint16_t)+2*sizeof(uintptr_t)) > base-potential_addr && (flash_read_uint16(next_base+sizeof(uintptr_t)) & 0x1000) != 0x1000) {
            flash_program_uintptr(potential_addr, next_base);
            flash_program_uintptr(potential_addr+sizeof(uintptr_t), base);
            flash_program_uintptr(base, potential_addr);
@@ -103,23 +102,32 @@ int flash_clear_file(file_t *file) {
    return CCID_OK;
 }
-int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
+int flash_write_data_to_file_offset(file_t *file, const uint8_t *data, uint16_t len, uint16_t offset) {
    if (!file)
        return CCID_ERR_NULL_PARAM;
-    if (len > FLASH_SECTOR_SIZE)
+    uint16_t size_file_flash = file->data ? flash_read_uint16((uintptr_t)file->data) : 0;
    uint8_t *old_data = NULL;
    if (offset+len > FLASH_SECTOR_SIZE || offset > size_file_flash)
        return CCID_ERR_NO_MEMORY;
    if (file->data) { //already in flash
-        uint16_t size_file_flash = flash_read_uint16((uintptr_t)file->data);
+        if (offset+len <= size_file_flash) { //it fits, no need to move it
-        if (len <= size_file_flash) { //it fits, no need to move it
+            flash_program_halfword((uintptr_t)file->data, offset+len);
            flash_program_halfword((uintptr_t)file->data, len);
            if (data)
-                flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len);
+                flash_program_block((uintptr_t)file->data+sizeof(uint16_t)+offset, data, len);
            return CCID_OK;
        }
        else { //we clear the old file
            flash_clear_file(file);
            if (offset > 0) {
                old_data = (uint8_t *)calloc(1, offset+len);
                memcpy(old_data, file->data+sizeof(uint16_t), offset);
                memcpy(old_data+offset, data, len);
                len = offset+len;
                data = old_data;
            }
        }
    }
    uintptr_t new_addr = allocate_free_addr(len);
    //printf("na %x\r\n",new_addr);
    if (new_addr == 0x0) 
@@ -129,5 +137,10 @@ int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
    flash_program_halfword((uintptr_t)file->data, len);
    if (data)
        flash_program_block((uintptr_t)file->data+sizeof(uint16_t), data, len);
    if (old_data)
        free(old_data);
    return CCID_OK;
 }
 int flash_write_data_to_file(file_t *file, const uint8_t *data, uint16_t len) {
    return flash_write_data_to_file_offset(file, data, len, 0);
 }
--- a/src/fs/low_flash.c
+++ b/src/fs/low_flash.c
@@ -138,7 +138,6 @@ page_flash_t *find_free_page(uintptr_t addr) {
 }
 int flash_program_block(uintptr_t addr, const uint8_t *data, size_t len) {
    uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
    page_flash_t *p = NULL;
    if (!data || len == 0)
@@ -213,7 +212,6 @@ uint8_t flash_read_uint8(uintptr_t addr) {
 }
 int flash_erase_page (uintptr_t addr, size_t page_size) {
    uintptr_t addr_alg = addr & -FLASH_SECTOR_SIZE;
    page_flash_t *p = NULL;
    mutex_enter_blocking(&mtx_flash);
--- a/src/rng/neug.c
+++ b/src/rng/neug.c
@@ -27,9 +27,14 @@
 #include "hardware/structs/rosc.h"
 #include "hardware/gpio.h"
 #include "hardware/adc.h"
 #include "bsp/board.h"
 #include "pico/unique_id.h"
 #include "pico/time.h"
 static inline uint32_t board_millis(void)
 {
    return to_ms_since_boot(get_absolute_time());
 }
 void adc_start() {
    adc_init();
    adc_gpio_init(27);
@@ -139,9 +144,7 @@ void *neug_task() {
 void neug_init(uint32_t *buf, uint8_t size) {
    pico_unique_board_id_t unique_id;
    pico_get_unique_board_id(&unique_id);
    const uint32_t *u = (const uint32_t *)unique_id.id;
    struct rng_rb *rb = &the_ring_buffer;
    int i;
    rb_init(rb, buf, size);
--- a/src/usb/ccid.h
+++ b/src/usb/ccid.h
@@ -1,73 +0,0 @@
 /* 
 * This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _CCID_H_
 #define _CCID_H_
 struct ccid_class_descriptor {
 	uint8_t  bLength;
 	uint8_t  bDescriptorType;
 	uint16_t bcdCCID;
 	uint8_t  bMaxSlotIndex;
 	uint8_t  bVoltageSupport;
 	uint32_t dwProtocols;
 	uint32_t dwDefaultClock;
 	uint32_t dwMaximumClock;
 	uint8_t  bNumClockSupport;
 	uint32_t dwDataRate;
 	uint32_t dwMaxDataRate;
 	uint8_t  bNumDataRatesSupported;
 	uint32_t dwMaxIFSD;
 	uint32_t dwSynchProtocols;
 	uint32_t dwMechanical;
 	uint32_t dwFeatures;
 	uint32_t dwMaxCCIDMessageLength;
 	uint8_t  bClassGetResponse;
 	uint8_t  bclassEnvelope;
 	uint16_t wLcdLayout;
 	uint8_t  bPINSupport;
 	uint8_t  bMaxCCIDBusySlots;
 } __attribute__ ((__packed__));
 static const struct ccid_class_descriptor desc_ccid = {
    .bLength                = sizeof(struct ccid_class_descriptor),
    .bDescriptorType        = 0x21,
    .bcdCCID                = (0x0110),
    .bMaxSlotIndex          = 0,
    .bVoltageSupport        = 0x01,  // 5.0V
    .dwProtocols            = (
                              0x01|  // T=0
                              0x02), // T=1
    .dwDefaultClock         = (0xDFC),
    .dwMaximumClock         = (0xDFC),
    .bNumClockSupport       = 0,
    .dwDataRate             = (0x2580),
    .dwMaxDataRate          = (0x2580),
    .bNumDataRatesSupported = 0,
    .dwMaxIFSD              = (0xFE), // IFSD is handled by the real reader driver
    .dwSynchProtocols       = (0),
    .dwMechanical           = (0),
    .dwFeatures             = 0x40840, //USB-ICC, short & extended APDU
    .dwMaxCCIDMessageLength = 65544+10,
    .bClassGetResponse      = 0xFF,
    .bclassEnvelope         = 0xFF,
    .wLcdLayout             = 0x0,
    .bPINSupport            = 0x0,
    .bMaxCCIDBusySlots      = 0x01,
 };
 #endif
--- a/src/usb/tusb_config.h
+++ b/src/usb/tusb_config.h
@@ -106,9 +106,8 @@
 #define CFG_TUD_VENDOR_RX_BUFSIZE (TUD_OPT_HIGH_SPEED ? 512 : 64)
 #define CFG_TUD_VENDOR_TX_BUFSIZE (TUD_OPT_HIGH_SPEED ? 512 : 64)
-
+    
 #include "pico/types.h"
 static inline uint16_t tu_u32_high16(uint32_t ui32) { return (uint16_t) (ui32 >> 16); }
 static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 & 0x0000ffffu); }
@@ -117,3 +116,4 @@ static inline uint16_t tu_u32_low16 (uint32_t ui32) { return (uint16_t) (ui32 &
 #endif
 #endif /* _TUSB_CONFIG_H_ */
--- a/src/usb/usb.c
+++ b/src/usb/usb.c
@@ -0,0 +1,217 @@
 /* 
 * This file is part of the Pico CCID distribution (https://github.com/polhenarejos/pico-ccid).
 * Copyright (c) 2022 Pol Henarejos.
 * 
 * This program is free software: you can redistribute it and/or modify  
 * it under the terms of the GNU General Public License as published by  
 * the Free Software Foundation, version 3.
 *
 * This program is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "pico/unique_id.h"
 #include "ccid_version.h"
 #include <stdio.h>
 // Pico
 #include "pico/stdlib.h"
 #include "tusb.h"
 #include "device/usbd_pvt.h"
 #include "usb_descriptors.h"
 // For memcpy
 #include <string.h>
 #include <stdlib.h>
 // Device specific functions
 static uint8_t rx_buffer[4096], tx_buffer[4096];
 static uint16_t w_offset = 0, r_offset = 0;
 static uint8_t itf_num;
 static uint16_t w_len = 0, tx_r_offset = 0;
 uint32_t usb_write_offset(uint16_t len, uint16_t offset) {
    uint8_t pkt_max = 64;
    if (len > sizeof(tx_buffer))
        len = sizeof(tx_buffer);
    w_len = len;
    tx_r_offset = offset;
    tud_vendor_write(tx_buffer+offset, MIN(len, pkt_max));
    w_len -= MIN(len, pkt_max);
    tx_r_offset += MIN(len, pkt_max);
    return MIN(w_len, pkt_max);
 }
 uint32_t usb_write_flush() {
    if (w_len > 0 && tud_vendor_write_available() > 0) {
        //printf("w_len %d %d %ld\r\n",w_len,tx_r_offset,tud_vendor_write_available());
        tud_vendor_write(tx_buffer+tx_r_offset, MIN(w_len, 64));
        tx_r_offset += MIN(w_len, 64);
        w_len -= MIN(w_len, 64);
    }
    return w_len;
 }
 uint32_t usb_write(uint16_t len) {
    return usb_write_offset(len, 0);
 }
 uint16_t usb_read_available() {
    return w_offset - r_offset;
 }
 uint16_t usb_write_available() {
    return w_len > 0;
 }
 uint8_t *usb_get_rx() {
    return rx_buffer;
 }
 uint8_t *usb_get_tx() {
    return tx_buffer;
 }
 void usb_clear_rx() {
    w_offset = r_offset = 0;
 }
 uint16_t usb_read(uint8_t *buffer, size_t buffer_size) {
    uint16_t size = MIN(buffer_size, w_offset-r_offset);
    if (size > 0) {
        memcpy(buffer, rx_buffer+r_offset, size);
        r_offset += size;
        if (r_offset == w_offset) {
            r_offset = w_offset = 0;
        }            
        return size;
    }
    return 0;
 }
 void tud_vendor_rx_cb(uint8_t itf) {
    (void) itf;
    uint32_t len = tud_vendor_available();
    uint16_t size = MIN(sizeof(rx_buffer)-w_offset, len);
    if (size > 0) {
        size = tud_vendor_read(rx_buffer+w_offset, size);
        w_offset += size;
    }
 }
 void tud_vendor_tx_cb(uint8_t itf, uint32_t sent_bytes) {
    //printf("written %ld\n",sent_bytes);
    usb_write_flush();
 }
 #ifndef USB_VID
 #define USB_VID   0xFEFF
 #endif
 #ifndef USB_PID
 #define USB_PID   0xFCFD
 #endif
 #define USB_BCD   0x0200
 #define USB_CONFIG_ATT_ONE TU_BIT(7)
 #define	MAX_USB_POWER		1
 static void ccid_init_cb(void) {
    TU_LOG1("-------- CCID INIT\r\n");
    vendord_init();
    //ccid_notify_slot_change(c);
 }
 static void ccid_reset_cb(uint8_t rhport) {
    TU_LOG1("-------- CCID RESET\r\n");
    itf_num = 0;
    vendord_reset(rhport);
 }
 static uint16_t ccid_open(uint8_t rhport, tusb_desc_interface_t const *itf_desc, uint16_t max_len) {
    uint8_t *itf_vendor = (uint8_t *)malloc(sizeof(uint8_t)*max_len);
    TU_LOG1("-------- CCID OPEN\r\n");
    TU_VERIFY(itf_desc->bInterfaceClass == TUSB_CLASS_SMART_CARD && itf_desc->bInterfaceSubClass == 0 && itf_desc->bInterfaceProtocol == 0, 0);
    //vendord_open expects a CLASS_VENDOR interface class
    memcpy(itf_vendor, itf_desc, sizeof(uint8_t)*max_len);
    ((tusb_desc_interface_t *)itf_vendor)->bInterfaceClass = TUSB_CLASS_VENDOR_SPECIFIC;
    vendord_open(rhport, (tusb_desc_interface_t *)itf_vendor, max_len);
    free(itf_vendor);
    uint16_t const drv_len = sizeof(tusb_desc_interface_t) + sizeof(struct ccid_class_descriptor) + 2*sizeof(tusb_desc_endpoint_t);
    TU_VERIFY(max_len >= drv_len, 0);
    itf_num = itf_desc->bInterfaceNumber;
    return drv_len;
 }
 // Support for parameterized reset via vendor interface control request
 static bool ccid_control_xfer_cb(uint8_t __unused rhport, uint8_t stage, tusb_control_request_t const * request) {
    // nothing to do with DATA & ACK stage
    TU_LOG2("-------- CCID CTRL XFER\r\n");
    if (stage != CONTROL_STAGE_SETUP) return true;
    if (request->wIndex == itf_num)
    {
        TU_LOG2("-------- bmRequestType %x, bRequest %x, wValue %x, wLength %x\r\n",request->bmRequestType,request->bRequest, request->wValue, request->wLength);
 /*
 #if PICO_STDIO_USB_RESET_INTERFACE_SUPPORT_RESET_TO_BOOTSEL
        if (request->bRequest == RESET_REQUEST_BOOTSEL) {
 #ifdef PICO_STDIO_USB_RESET_BOOTSEL_ACTIVITY_LED
            uint gpio_mask = 1u << PICO_STDIO_USB_RESET_BOOTSEL_ACTIVITY_LED;
 #else
            uint gpio_mask = 0u;
 #endif
 #if !PICO_STDIO_USB_RESET_BOOTSEL_FIXED_ACTIVITY_LED
            if (request->wValue & 0x100) {
                gpio_mask = 1u << (request->wValue >> 9u);
            }
 #endif
            reset_usb_boot(gpio_mask, (request->wValue & 0x7f) | PICO_STDIO_USB_RESET_BOOTSEL_INTERFACE_DISABLE_MASK);
            // does not return, otherwise we'd return true
        }
 #endif
 #if PICO_STDIO_USB_RESET_INTERFACE_SUPPORT_RESET_TO_FLASH_BOOT
        if (request->bRequest == RESET_REQUEST_FLASH) {
            watchdog_reboot(0, 0, PICO_STDIO_USB_RESET_RESET_TO_FLASH_DELAY_MS);
            return true;
        }
 #endif
 */
        return true;
    }
    return false;
 }
 static bool ccid_xfer_cb(uint8_t rhport, uint8_t ep_addr, xfer_result_t result, uint32_t xferred_bytes) {
    //printf("------ CALLED XFER_CB\r\n");
    return vendord_xfer_cb(rhport, ep_addr, result, xferred_bytes);
    //return true;
 }
 static const usbd_class_driver_t ccid_driver = {
 #if CFG_TUSB_DEBUG >= 2
    .name = "CCID",
 #endif
    .init             = ccid_init_cb,
    .reset            = ccid_reset_cb,
    .open             = ccid_open,
    .control_xfer_cb  = ccid_control_xfer_cb,
    .xfer_cb          = ccid_xfer_cb,
    .sof              = NULL
 };
 // Implement callback to add our custom driver
 usbd_class_driver_t const *usbd_app_driver_get_cb(uint8_t *driver_count) {
    *driver_count = 1;
    return &ccid_driver;
 }
--- a/src/usb/usb_common.h
+++ b/src/usb/usb_common.h
@@ -0,0 +1,325 @@
 /*
 * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
 #ifndef _USB_COMMON_H
 #define _USB_COMMON_H
 #include "pico/types.h"
 #include "hardware/structs/usb.h"
 // bmRequestType bit definitions
 #define USB_REQ_TYPE_STANDARD 0x00u
 #define USB_REQ_TYPE_TYPE_MASK 0x60u
 #define USB_REQ_TYPE_TYPE_CLASS 0x20u
 #define USB_REQ_TYPE_TYPE_VENDOR 0x40u
 #define USB_REQ_TYPE_RECIPIENT_MASK 0x1fu
 #define USB_REQ_TYPE_RECIPIENT_DEVICE 0x00u
 #define USB_REQ_TYPE_RECIPIENT_INTERFACE 0x01u
 #define USB_REQ_TYPE_RECIPIENT_ENDPOINT 0x02u
 #define USB_DIR_OUT 0x00u
 #define USB_DIR_IN 0x80u
 #define USB_TRANSFER_TYPE_CONTROL 0x0
 #define USB_TRANSFER_TYPE_ISOCHRONOUS 0x1
 #define USB_TRANSFER_TYPE_BULK 0x2
 #define USB_TRANSFER_TYPE_INTERRUPT 0x3
 #define USB_TRANSFER_TYPE_BITS 0x3
 // Descriptor types
 #define USB_DT_DEVICE 0x01
 #define USB_DT_CONFIG 0x02
 #define USB_DT_STRING 0x03
 #define USB_DT_INTERFACE 0x04
 #define USB_DT_ENDPOINT 0x05
 #define USB_REQUEST_GET_STATUS 0x0
 #define USB_REQUEST_CLEAR_FEATURE 0x01
 #define USB_REQUEST_SET_FEATURE 0x03
 #define USB_REQUEST_SET_ADDRESS 0x05
 #define USB_REQUEST_GET_DESCRIPTOR 0x06
 #define USB_REQUEST_SET_DESCRIPTOR 0x07
 #define USB_REQUEST_GET_CONFIGURATION 0x08
 #define USB_REQUEST_SET_CONFIGURATION 0x09
 #define USB_REQUEST_GET_INTERFACE 0x0a
 #define USB_REQUEST_SET_INTERFACE 0x0b
 #define USB_REQUEST_SYNC_FRAME 0x0c
 #define USB_REQUEST_MSC_GET_MAX_LUN 0xfe
 #define USB_REQUEST_MSC_RESET 0xff
 #define USB_FEAT_ENDPOINT_HALT            0x00
 #define USB_FEAT_DEVICE_REMOTE_WAKEUP   0x01
 #define USB_FEAT_TEST_MODE                0x02
 #define USB_DESCRIPTOR_TYPE_ENDPOINT 0x05
 struct usb_setup_packet {
    uint8_t bmRequestType;
    uint8_t bRequest;
    uint16_t wValue;
    uint16_t wIndex;
    uint16_t wLength;
 } __packed;
 struct usb_descriptor {
    uint8_t bLength;
    uint8_t bDescriptorType;
 };
 struct usb_device_descriptor {
    uint8_t bLength;
    uint8_t bDescriptorType;
    uint16_t bcdUSB;
    uint8_t bDeviceClass;
    uint8_t bDeviceSubClass;
    uint8_t bDeviceProtocol;
    uint8_t bMaxPacketSize0;
    uint16_t idVendor;
    uint16_t idProduct;
    uint16_t bcdDevice;
    uint8_t iManufacturer;
    uint8_t iProduct;
    uint8_t iSerialNumber;
    uint8_t bNumConfigurations;
 } __packed;
 struct usb_configuration_descriptor {
    uint8_t bLength;
    uint8_t bDescriptorType;
    uint16_t wTotalLength;
    uint8_t bNumInterfaces;
    uint8_t bConfigurationValue;
    uint8_t iConfiguration;
    uint8_t bmAttributes;
    uint8_t bMaxPower;
 } __packed;
 struct usb_interface_descriptor {
    uint8_t bLength;
    uint8_t bDescriptorType;
    uint8_t bInterfaceNumber;
    uint8_t bAlternateSetting;
    uint8_t bNumEndpoints;
    uint8_t bInterfaceClass;
    uint8_t bInterfaceSubClass;
    uint8_t bInterfaceProtocol;
    uint8_t iInterface;
 } __packed;
 struct usb_endpoint_descriptor {
    uint8_t bLength;
    uint8_t bDescriptorType;
    uint8_t bEndpointAddress;
    uint8_t bmAttributes;
    uint16_t wMaxPacketSize;
    uint8_t bInterval;
 } __packed;
 struct usb_endpoint_descriptor_long {
    uint8_t bLength;
    uint8_t bDescriptorType;
    uint8_t bEndpointAddress;
    uint8_t bmAttributes;
    uint16_t wMaxPacketSize;
    uint8_t bInterval;
    uint8_t bRefresh;
    uint8_t bSyncAddr;
 } __attribute__((packed));
 struct ccid_class_descriptor {
 	uint8_t  bLength;
 	uint8_t  bDescriptorType;
 	uint16_t bcdCCID;
 	uint8_t  bMaxSlotIndex;
 	uint8_t  bVoltageSupport;
 	uint32_t dwProtocols;
 	uint32_t dwDefaultClock;
 	uint32_t dwMaximumClock;
 	uint8_t  bNumClockSupport;
 	uint32_t dwDataRate;
 	uint32_t dwMaxDataRate;
 	uint8_t  bNumDataRatesSupported;
 	uint32_t dwMaxIFSD;
 	uint32_t dwSynchProtocols;
 	uint32_t dwMechanical;
 	uint32_t dwFeatures;
 	uint32_t dwMaxCCIDMessageLength;
 	uint8_t  bClassGetResponse;
 	uint8_t  bclassEnvelope;
 	uint16_t wLcdLayout;
 	uint8_t  bPINSupport;
 	uint8_t  bMaxCCIDBusySlots;
 } __attribute__ ((__packed__));
 static const struct ccid_class_descriptor ccid_desc = {
    .bLength                = sizeof(struct ccid_class_descriptor),
    .bDescriptorType        = 0x21,
    .bcdCCID                = (0x0110),
    .bMaxSlotIndex          = 0,
    .bVoltageSupport        = 0x01,  // 5.0V
    .dwProtocols            = (
                              0x01|  // T=0
                              0x02), // T=1
    .dwDefaultClock         = (0xDFC),
    .dwMaximumClock         = (0xDFC),
    .bNumClockSupport       = 0,
    .dwDataRate             = (0x2580),
    .dwMaxDataRate          = (0x2580),
    .bNumDataRatesSupported = 0,
    .dwMaxIFSD              = (0xFE), // IFSD is handled by the real reader driver
    .dwSynchProtocols       = (0),
    .dwMechanical           = (0),
    .dwFeatures             = 0x40840, //USB-ICC, short & extended APDU
    .dwMaxCCIDMessageLength = 65544+10,
    .bClassGetResponse      = 0xFF,
    .bclassEnvelope         = 0xFF,
    .wLcdLayout             = 0x0,
    .bPINSupport            = 0x0,
    .bMaxCCIDBusySlots      = 0x01,
 };
 // Struct in which we keep the endpoint configuration
 typedef void (*usb_ep_handler)(uint8_t *buf, uint16_t len);
 struct usb_endpoint_configuration {
    const struct usb_endpoint_descriptor *descriptor;
    usb_ep_handler handler;
    // Pointers to endpoint + buffer control registers
    // in the USB controller DPSRAM
    volatile uint32_t *endpoint_control;
    volatile uint32_t *buffer_control;
    volatile uint8_t *data_buffer;
    // Toggle after each packet (unless replying to a SETUP)
    uint8_t next_pid;
 };
 // Struct in which we keep the device configuration
 struct usb_device_configuration {
    const struct usb_device_descriptor *device_descriptor;
    const struct usb_interface_descriptor *interface_descriptor;
    const struct usb_configuration_descriptor *config_descriptor;
    const struct ccid_class_descriptor *ccid_descriptor;
    const unsigned char *lang_descriptor;
    const unsigned char **descriptor_strings;
    // USB num endpoints is 16
    struct usb_endpoint_configuration endpoints[USB_NUM_ENDPOINTS];
 };
 #define EP0_IN_ADDR  (USB_DIR_IN  | 0)
 #define EP0_OUT_ADDR (USB_DIR_OUT | 0)
 #define EP1_OUT_ADDR (USB_DIR_OUT | 1)
 #define EP2_IN_ADDR  (USB_DIR_IN  | 2)
 // EP0 IN and OUT
 static const struct usb_endpoint_descriptor ep0_out = {
        .bLength          = sizeof(struct usb_endpoint_descriptor),
        .bDescriptorType  = USB_DT_ENDPOINT,
        .bEndpointAddress = EP0_OUT_ADDR, // EP number 0, OUT from host (rx to device)
        .bmAttributes     = USB_TRANSFER_TYPE_CONTROL,
        .wMaxPacketSize   = 64,
        .bInterval        = 0
 };
 static const struct usb_endpoint_descriptor ep0_in = {
        .bLength          = sizeof(struct usb_endpoint_descriptor),
        .bDescriptorType  = USB_DT_ENDPOINT,
        .bEndpointAddress = EP0_IN_ADDR, // EP number 0, OUT from host (rx to device)
        .bmAttributes     = USB_TRANSFER_TYPE_CONTROL,
        .wMaxPacketSize   = 64,
        .bInterval        = 0
 };
 // Descriptors
 static const struct usb_device_descriptor device_descriptor = {
        .bLength         = sizeof(struct usb_device_descriptor),
        .bDescriptorType = USB_DT_DEVICE,
        .bcdUSB          = 0x0200, // USB 1.1 device
        .bDeviceClass    = 0,      // Specified in interface descriptor
        .bDeviceSubClass = 0,      // No subclass
        .bDeviceProtocol = 0,      // No protocol
        .bMaxPacketSize0 = 64,     // Max packet size for ep0
        .idVendor        = 0x20a0, // Your vendor id
        .idProduct       = 0x4230, // Your product ID
        .bcdDevice       = 0x0101,      // No device revision number
        .iManufacturer   = 1,      // Manufacturer string index
        .iProduct        = 2,      // Product string index
        .iSerialNumber   = 3,      // No serial number
        .bNumConfigurations = 1    // One configuration
 };
 static const struct usb_interface_descriptor interface_descriptor = {
        .bLength            = sizeof(struct usb_interface_descriptor),
        .bDescriptorType    = USB_DT_INTERFACE,
        .bInterfaceNumber   = 0,
        .bAlternateSetting  = 0,
        .bNumEndpoints      = 2,    // Interface has 2 endpoints
        .bInterfaceClass    = 0x0b, // Vendor specific endpoint
        .bInterfaceSubClass = 0,
        .bInterfaceProtocol = 0,
        .iInterface         = 5
 };
 static const struct usb_endpoint_descriptor ep1_out = {
        .bLength          = sizeof(struct usb_endpoint_descriptor),
        .bDescriptorType  = USB_DT_ENDPOINT,
        .bEndpointAddress = EP1_OUT_ADDR, // EP number 1, OUT from host (rx to device)
        .bmAttributes     = USB_TRANSFER_TYPE_BULK,
        .wMaxPacketSize   = 64,
        .bInterval        = 0
 };
 static const struct usb_endpoint_descriptor ep2_in = {
        .bLength          = sizeof(struct usb_endpoint_descriptor),
        .bDescriptorType  = USB_DT_ENDPOINT,
        .bEndpointAddress = EP2_IN_ADDR, // EP number 2, IN from host (tx from device)
        .bmAttributes     = USB_TRANSFER_TYPE_BULK,
        .wMaxPacketSize   = 64,
        .bInterval        = 0
 };
 static const struct usb_configuration_descriptor config_descriptor = {
        .bLength         = sizeof(struct usb_configuration_descriptor),
        .bDescriptorType = USB_DT_CONFIG,
        .wTotalLength    = (sizeof(config_descriptor) +
                            sizeof(interface_descriptor) +
                            sizeof(ccid_desc) +
                            sizeof(ep1_out) +
                            sizeof(ep2_in)),
        .bNumInterfaces  = 1,
        .bConfigurationValue = 1, // Configuration 1
        .iConfiguration = 4,      // No string
        .bmAttributes = 0xa0,     // attributes: self powered, no remote wakeup
        .bMaxPower = 0x32         // 100ma
 };
 static const unsigned char lang_descriptor[] = {
        4,         // bLength
        0x03,      // bDescriptorType == String Descriptor
        0x09, 0x04 // language id = us english
 };
 #define USB_REQ_CCID        0xA1
 extern uint16_t usb_read(uint8_t *buffer, size_t buffer_size);
 extern uint16_t usb_read_available();
 extern uint32_t usb_write_offset(uint16_t size, uint16_t offset);
 extern uint32_t usb_write(uint16_t size);
 extern bool usb_is_configured();
 extern void usb_init();
 extern uint8_t *usb_get_rx();
 extern uint32_t usb_send_tx_buffer();
 extern uint8_t *usb_get_tx();
 extern void usb_clear_rx();
 extern bool usb_write_available();
 extern uint32_t usb_write_flush();
 #endif
--- a/src/usb/usb_descriptors.c
+++ b/src/usb/usb_descriptors.c
@@ -17,10 +17,8 @@
 #include "tusb.h"
 #include "usb_descriptors.h"
 #include "ccid.h"
 #include "pico/unique_id.h"
-#include "version.h"
+#include "ccid_version.h"
 #ifndef USB_VID
 #define USB_VID   0xFEFF
@@ -35,6 +33,32 @@
 #define	MAX_USB_POWER		1
 static const struct ccid_class_descriptor desc_ccid = {
    .bLength                = sizeof(struct ccid_class_descriptor),
    .bDescriptorType        = 0x21,
    .bcdCCID                = (0x0110),
    .bMaxSlotIndex          = 0,
    .bVoltageSupport        = 0x01,  // 5.0V
    .dwProtocols            = (
                              0x01|  // T=0
                              0x02), // T=1
    .dwDefaultClock         = (0xDFC),
    .dwMaximumClock         = (0xDFC),
    .bNumClockSupport       = 0,
    .dwDataRate             = (0x2580),
    .dwMaxDataRate          = (0x2580),
    .bNumDataRatesSupported = 0,
    .dwMaxIFSD              = (0xFE), // IFSD is handled by the real reader driver
    .dwSynchProtocols       = (0),
    .dwMechanical           = (0),
    .dwFeatures             = 0x40840, //USB-ICC, short & extended APDU
    .dwMaxCCIDMessageLength = 65544+10,
    .bClassGetResponse      = 0xFF,
    .bclassEnvelope         = 0xFF,
    .wLcdLayout             = 0x0,
    .bPINSupport            = 0x0,
    .bMaxCCIDBusySlots      = 0x01,
 };
 //--------------------------------------------------------------------+
 // Device Descriptors
@@ -52,7 +76,7 @@ tusb_desc_device_t const desc_device =
    .idVendor           = (USB_VID),
    .idProduct          = (USB_PID),
-    .bcdDevice          = HSM_VERSION,
+    .bcdDevice          = CCID_VERSION,
    .iManufacturer      = 1,
    .iProduct           = 2,
--- a/src/usb/usb_descriptors.h
+++ b/src/usb/usb_descriptors.h
@@ -18,12 +18,29 @@
 #ifndef USB_DESCRIPTORS_H_
 #define USB_DESCRIPTORS_H_
-enum
+struct ccid_class_descriptor {
-{
+	uint8_t  bLength;
-  VENDOR_REQUEST_WEBUSB = 1,
+	uint8_t  bDescriptorType;
-  VENDOR_REQUEST_MICROSOFT = 2
+	uint16_t bcdCCID;
-};
+	uint8_t  bMaxSlotIndex;
-
+	uint8_t  bVoltageSupport;
-extern uint8_t const desc_ms_os_20[];
+	uint32_t dwProtocols;
 	uint32_t dwDefaultClock;
 	uint32_t dwMaximumClock;
 	uint8_t  bNumClockSupport;
 	uint32_t dwDataRate;
 	uint32_t dwMaxDataRate;
 	uint8_t  bNumDataRatesSupported;
 	uint32_t dwMaxIFSD;
 	uint32_t dwSynchProtocols;
 	uint32_t dwMechanical;
 	uint32_t dwFeatures;
 	uint32_t dwMaxCCIDMessageLength;
 	uint8_t  bClassGetResponse;
 	uint8_t  bclassEnvelope;
 	uint16_t wLcdLayout;
 	uint8_t  bPINSupport;
 	uint8_t  bMaxCCIDBusySlots;
 } __attribute__ ((__packed__));
 #endif /* USB_DESCRIPTORS_H_ */
Author	SHA1	Message	Date
Pol Henarejos	2b8c23f593	Upgrading to version 2.0. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-06 00:11:24 +02:00
Pol Henarejos	9cfe762043	low_flash_available() should be called outside. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-03 20:11:14 +02:00
Pol Henarejos	07305e6fd7	Fix returning error message. If return code is not 0x9000, RAPDU is cleared. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-03 16:04:31 +02:00
Pol Henarejos	8bdcfa1041	Replacing with asn1 tag len function. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-06-03 11:16:25 +02:00
Pol Henarejos	7249fb129b	Using custom mbedtls configuration file. We disable lots of unwanted algorithms and suites and we only keep those are used.	2022-06-01 12:57:24 +02:00
Pol Henarejos	199095c204	Moving some ASN1 procedures to a separate file.	2022-06-01 09:45:27 +02:00
Pol Henarejos	67efd73a96	Not used anymore. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-31 20:38:43 +02:00
Pol Henarejos	fa4ecf658f	Implementing own functions for cvc manipulation. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-31 18:51:43 +02:00
Pol Henarejos	8d409023bf	Fix Ne value for legacy apdu.	2022-05-31 00:04:46 +02:00
Pol Henarejos	950e276ee8	Adding asn1_find_tag() for searching for a tag in a asn1 string.	2022-05-30 23:31:17 +02:00
Pol Henarejos	ef52ae37d3	Reorganizing usb layer.	2022-05-30 12:20:42 +02:00
Pol Henarejos	58e9e67ee5	Fix with data and extended length.	2022-05-30 00:51:36 +02:00
Pol Henarejos	acde4c54d5	Fix timeout.	2022-05-30 00:14:44 +02:00
Pol Henarejos	46603fa390	If the he packet is multiple 64 bytes, we trunk it. It is a weird bug that affects PHY of rp2040.	2022-05-29 03:34:22 +02:00
Pol Henarejos	8bb47e7979	Compilation fixes in debug mode	2022-05-29 03:33:40 +02:00
Pol Henarejos	e0bff38384	Moving again to TinyUSB	2022-05-29 01:52:44 +02:00
Pol Henarejos	152a2fa031	Fix warnings	2022-05-27 20:58:28 +02:00
Pol Henarejos	79878a76c2	More fixes	2022-05-27 09:04:08 +02:00
Pol Henarejos	da871e695e	More and more fixes.	2022-05-27 00:36:44 +02:00
Pol Henarejos	d4b0978d50	More fixes	2022-05-26 14:15:16 +02:00
Pol Henarejos	77ce276b59	First attempt to run away from tinyUSB to our code. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-26 00:03:38 +02:00
Pol Henarejos	56453b60d6	Added fmd flag to wrap FCP to include later the FMD. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 23:30:01 +02:00
Pol Henarejos	bd178c86e4	Added check. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 20:52:31 +02:00
Pol Henarejos	cd6a2dd4b5	Fix for new meta data. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 20:52:01 +02:00
Pol Henarejos	24502966ce	Fix finding meta_data. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 20:41:04 +02:00
Pol Henarejos	3431293d43	Optimized special case when new meta data length is the same. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 15:54:07 +02:00
Pol Henarejos	21f70601b4	Avoid unnecessary memcpy Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 15:20:59 +02:00
Pol Henarejos	c4e781103f	Fix with write offsets. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 14:43:08 +02:00
Pol Henarejos	6c90ce3361	Add meta functions for manipulating meta data. Added meta_add(), meta_delete() and meta_find(). It conveys this meta data throught tag A5 of FCP. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 14:42:54 +02:00
Pol Henarejos	1a58422cd8	flash_write_data_to_file() now accepts offset argument. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 14:28:30 +02:00
Pol Henarejos	5a30c7cbdc	format_tlv_len() accepts NULL argument. In that case, it returns the length of the length in bytes. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 14:27:49 +02:00
Pol Henarejos	5e2fc081f1	Added high level functions for reading file and returning file size. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-24 00:18:43 +02:00
Pol Henarejos	d19429cb84	Fix handling dynamic files. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-23 19:56:26 +02:00
Pol Henarejos	7ed4cb912e	These fids are propertary. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-23 14:43:09 +02:00
Pol Henarejos	efb6c8d8cd	Adding Life-cycle status to FCP. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-15 18:49:30 +02:00
Pol Henarejos	f7d30d7f4d	Adding FCP tag template. Some apps could require FMD tag. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-15 18:37:57 +02:00
Pol Henarejos	de39035d9f	FCI name (tag 84) has 16 bytes max length. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-15 18:34:00 +02:00
Pol Henarejos	ae935d19f8	Fix sending FCI name tag. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-15 18:33:14 +02:00
Pol Henarejos	de04dd6121	Should be with this values. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-05 22:27:01 +02:00
Pol Henarejos	9c5250f6ca	Adding timeout for press button of 15 secs. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-05 20:03:17 +02:00
Pol Henarejos	cddc3b2dec	Adding name to FCP Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-04-20 14:13:43 +02:00
Pol Henarejos	16f23dfa6c	Upgrading to v1.1.	2022-04-19 19:22:22 +02:00
Pol Henarejos	5e51c9a072	Renaming version file.	2022-04-19 19:13:58 +02:00
Pol Henarejos	7d4f9e4f1f	Adding EAC and some crypto functions. Adding MBEDTLS submodule to core.	2022-04-19 19:09:38 +02:00
Pol Henarejos	39efd9b170	Setting version of CCID core module.	2022-04-19 18:55:43 +02:00
Pol Henarejos	cffee4264a	Defining ATR not in the core.	2022-04-19 18:37:42 +02:00