From b5174d64af1829b907412fa1092e9910fbcd8cf7 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 14 Aug 2023 02:45:16 +0200 Subject: [PATCH 01/30] Using SDK with EdDSA support. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 4cfbc19..167bd9b 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 4cfbc19aa7df0c22d738e6567b62745358af2aaa +Subproject commit 167bd9bc1f89c6a33e75e579d1dec00b0348bba1 From 32c8bc4a24704fec1d17d9cf42f4f12c5461e47a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 16 Aug 2023 15:05:46 +0200 Subject: [PATCH 02/30] Enable EdDSA for curves Ed25519 and Ed448 in config file. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 167bd9b..e5a98ea 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 167bd9bc1f89c6a33e75e579d1dec00b0348bba1 +Subproject commit e5a98ea9bf9fe62fcea6a54b55bd8580f8b73867 From 22d879368391de0b2a3c3059557f01cfd3bbb1f6 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 22 Aug 2023 15:29:26 +0200 Subject: [PATCH 03/30] Add fix in EdDSA. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index e5a98ea..5ec98c8 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit e5a98ea9bf9fe62fcea6a54b55bd8580f8b73867 +Subproject commit 5ec98c84aa8aa8aec4dda6d609fcca1d57d1eb3a From faef2dc278f893d5edb80bafa8f1bf70eaf05762 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 22 Aug 2023 17:10:03 +0200 Subject: [PATCH 04/30] Added support for EdDSA signature. Signed-off-by: Pol Henarejos --- src/hsm/cmd_derive_asym.c | 18 +++++++++--------- src/hsm/cmd_general_authenticate.c | 12 ++++++------ src/hsm/cmd_key_wrap.c | 10 +++++----- src/hsm/cmd_signature.c | 23 +++++++++++++++-------- src/hsm/cvc.c | 12 ++++++------ src/hsm/sc_hsm.c | 27 +++++++++++++++++++++++---- src/hsm/sc_hsm.h | 3 ++- 7 files changed, 66 insertions(+), 39 deletions(-) diff --git a/src/hsm/cmd_derive_asym.c b/src/hsm/cmd_derive_asym.c index 700a5f1..25f1af8 100644 --- a/src/hsm/cmd_derive_asym.c +++ b/src/hsm/cmd_derive_asym.c @@ -53,13 +53,13 @@ int cmd_derive_asym() { return SW_WRONG_LENGTH(); } if (apdu.data[0] == ALGO_EC_DERIVE) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); int r; - r = load_private_key_ecdsa(&ctx, fkey); + r = load_private_key_ec(&ctx, fkey); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r == CCID_VERIFICATION_FAILED) { return SW_SECURE_MESSAGE_EXEC_ERROR(); } @@ -70,7 +70,7 @@ int cmd_derive_asym() { mbedtls_mpi_init(&nd); r = mbedtls_mpi_read_binary(&a, apdu.data + 1, apdu.nc - 1); if (r != 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); mbedtls_mpi_free(&a); mbedtls_mpi_free(&nd); return SW_DATA_INVALID(); @@ -78,22 +78,22 @@ int cmd_derive_asym() { r = mbedtls_mpi_add_mod(&ctx.grp, &nd, &ctx.d, &a); mbedtls_mpi_free(&a); if (r != 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); mbedtls_mpi_free(&nd); return SW_EXEC_ERROR(); } r = mbedtls_mpi_copy(&ctx.d, &nd); mbedtls_mpi_free(&nd); if (r != 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } r = store_keys(&ctx, HSM_KEY_EC, dest_id); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); } else { return SW_WRONG_DATA(); diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c index af41cb0..d2db187 100644 --- a/src/hsm/cmd_general_authenticate.c +++ b/src/hsm/cmd_general_authenticate.c @@ -43,11 +43,11 @@ int cmd_general_authenticate() { if (!fkey) { return SW_EXEC_ERROR(); } - mbedtls_ecdsa_context ectx; - mbedtls_ecdsa_init(&ectx); - r = load_private_key_ecdsa(&ectx, fkey); + mbedtls_ecp_keypair ectx; + mbedtls_ecp_keypair_init(&ectx); + r = load_private_key_ecdh(&ectx, fkey); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); return SW_EXEC_ERROR(); } mbedtls_ecdh_context ctx; @@ -55,12 +55,12 @@ int cmd_general_authenticate() { mbedtls_ecp_group_id gid = MBEDTLS_ECP_DP_SECP256R1; r = mbedtls_ecdh_setup(&ctx, gid); if (r != 0) { - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); mbedtls_ecdh_free(&ctx); return SW_DATA_INVALID(); } r = mbedtls_mpi_copy(&ctx.ctx.mbed_ecdh.d, &ectx.d); - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); if (r != 0) { mbedtls_ecdh_free(&ctx); return SW_DATA_INVALID(); diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index d9cbf8f..581a718 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -71,18 +71,18 @@ int cmd_key_wrap() { mbedtls_rsa_free(&ctx); } else if (*dprkd == P15_KEYTYPE_ECC) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); - r = load_private_key_ecdsa(&ctx, ef); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); + r = load_private_key_ec(&ctx, ef); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r == CCID_VERIFICATION_FAILED) { return SW_SECURE_MESSAGE_EXEC_ERROR(); } return SW_EXEC_ERROR(); } r = dkek_encode_key(kdom, &ctx, HSM_KEY_EC, res_APDU, &wrap_len, meta_tag, tag_len); - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); } else if (*dprkd == P15_KEYTYPE_AES) { uint8_t kdata[64]; //maximum AES key size diff --git a/src/hsm/cmd_signature.c b/src/hsm/cmd_signature.c index 30f0344..16b4c57 100644 --- a/src/hsm/cmd_signature.c +++ b/src/hsm/cmd_signature.c @@ -20,6 +20,7 @@ #include "asn1.h" #include "mbedtls/oid.h" #include "random.h" +#include "mbedtls/eddsa.h" extern mbedtls_ecp_keypair hd_context; extern uint8_t hd_keytype; @@ -233,8 +234,8 @@ int cmd_signature() { mbedtls_rsa_free(&ctx); } else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); md = MBEDTLS_MD_SHA256; if (p2 == ALGO_EC_RAW) { if (apdu.nc == 32) { @@ -268,9 +269,9 @@ int cmd_signature() { else if (p2 == ALGO_EC_SHA512) { md = MBEDTLS_MD_SHA512; } - int r = load_private_key_ecdsa(&ctx, fkey); + int r = load_private_key_ec(&ctx, fkey); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r == CCID_VERIFICATION_FAILED) { return SW_SECURE_MESSAGE_EXEC_ERROR(); } @@ -278,14 +279,20 @@ int cmd_signature() { } size_t olen = 0; uint8_t buf[MBEDTLS_ECDSA_MAX_LEN]; - if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN, - &olen, random_gen, NULL) != 0) { - mbedtls_ecdsa_free(&ctx); + if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) { + r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL); + } + else { + r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN, + &olen, random_gen, NULL); + } + if (r != 0) { + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } memcpy(res_APDU, buf, olen); res_APDU_size = olen; - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); } else if (p2 == ALGO_HD) { size_t olen = 0; diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index c91c4b4..2c6ad77 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -72,7 +72,7 @@ const uint8_t *pointA[] = { "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC", }; -size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, size_t buf_len) { +size_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, size_t buf_len) { uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN]; const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 }; size_t p_size = mbedtls_mpi_size(&ecdsa->grp.P), a_size = mbedtls_mpi_size(&ecdsa->grp.A); @@ -324,10 +324,10 @@ size_t asn1_cvc_aut(void *rsa_ecdsa, if (!fkey) { return 0; } - mbedtls_ecdsa_context ectx; - mbedtls_ecdsa_init(&ectx); - if (load_private_key_ecdsa(&ectx, fkey) != CCID_OK) { - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair ectx; + mbedtls_ecp_keypair_init(&ectx); + if (load_private_key_ec(&ectx, fkey) != CCID_OK) { + mbedtls_ecp_keypair_free(&ectx); return 0; } int ret = 0, key_size = 2 * mbedtls_mpi_size(&ectx.d); @@ -354,7 +354,7 @@ size_t asn1_cvc_aut(void *rsa_ecdsa, mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); ret = mbedtls_ecdsa_sign(&ectx.grp, &r, &s, &ectx.d, hsh, sizeof(hsh), random_gen, NULL); - mbedtls_ecdsa_free(&ectx); + mbedtls_ecp_keypair_free(&ectx); if (ret != 0) { mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index b0751cd..35eb399 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -623,7 +623,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) { return CCID_OK; } -int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { +int load_private_key_ec_purpose(mbedtls_ecp_keypair *ctx, file_t *fkey, bool sign) { if (wait_button_pressed() == true) { // timeout return CCID_VERIFICATION_FAILED; } @@ -635,20 +635,39 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { return CCID_EXEC_ERROR; } mbedtls_ecp_group_id gid = kdata[0]; + if (sign == true) { + if (gid == MBEDTLS_ECP_DP_CURVE25519) { + gid = MBEDTLS_ECP_DP_ED25519; + } + else if (gid == MBEDTLS_ECP_DP_CURVE448) { + gid = MBEDTLS_ECP_DP_ED448; + } + } int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1); if (r != 0) { mbedtls_platform_zeroize(kdata, sizeof(kdata)); - mbedtls_ecdsa_free(ctx); + mbedtls_ecp_keypair_free(ctx); return CCID_EXEC_ERROR; } mbedtls_platform_zeroize(kdata, sizeof(kdata)); - r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL); + if (gid == MBEDTLS_ECP_DP_ED25519 || gid == MBEDTLS_ECP_DP_ED448) { + r = mbedtls_ecp_point_edwards(&ctx->grp, &ctx->Q, &ctx->d, random_gen, NULL); + } + else { + r = mbedtls_ecp_mul(&ctx->grp, &ctx->Q, &ctx->d, &ctx->grp.G, random_gen, NULL); + } if (r != 0) { - mbedtls_ecdsa_free(ctx); + mbedtls_ecp_keypair_free(ctx); return CCID_EXEC_ERROR; } return CCID_OK; } +int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) { + return load_private_key_ec_purpose(ctx, fkey, true); +} +int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) { + return load_private_key_ec_purpose(ctx, fkey, false); +} #define INS_VERIFY 0x20 #define INS_MSE 0x22 diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h index e80de37..5a9fcc6 100644 --- a/src/hsm/sc_hsm.h +++ b/src/hsm/sc_hsm.h @@ -118,7 +118,8 @@ extern int delete_file(file_t *ef); extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len); extern bool key_has_purpose(file_t *ef, uint8_t purpose); extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey); -extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey); +extern int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey); +extern int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey); extern bool wait_button_pressed(); extern int store_keys(void *key_ctx, int type, uint8_t key_id); extern int find_and_store_meta_key(uint8_t key_id); From 5df4e62f81cc64d686a160975fabfa8f08aebe63 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 22 Aug 2023 17:20:11 +0200 Subject: [PATCH 05/30] Revert previous fix. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 5ec98c8..9838333 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 5ec98c84aa8aa8aec4dda6d609fcca1d57d1eb3a +Subproject commit 9838333e59df66d2fe8925d33fbc80166c1b8180 From 5bdba8e1e8a620891ff58bae3157cf38e894d75e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 22 Aug 2023 17:20:56 +0200 Subject: [PATCH 06/30] Move to ecp_keypair instead of ecdsa. Signed-off-by: Pol Henarejos --- src/hsm/cmd_key_unwrap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index bfbae74..a67ec36 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -58,22 +58,22 @@ int cmd_key_unwrap() { prkd_len = asn1_build_prkd_ecc(NULL, 0, NULL, 0, key_size * 8, prkd_buf, sizeof(prkd_buf)); } else if (key_type & HSM_KEY_EC) { - mbedtls_ecdsa_context ctx; - mbedtls_ecdsa_init(&ctx); + mbedtls_ecp_keypair ctx; + mbedtls_ecp_keypair_init(&ctx); do { r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len); } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS); if (r != CCID_OK) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } r = store_keys(&ctx, HSM_KEY_EC, key_id); if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } int key_size = ctx.grp.nbits; - mbedtls_ecdsa_free(&ctx); + mbedtls_ecp_keypair_free(&ctx); if (r != CCID_OK) { return SW_EXEC_ERROR(); } From e67a7091ffbc36e39337ddd8d8cc5a4013fd6d7b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:04:45 +0200 Subject: [PATCH 07/30] Add support for Edwards key generation. Signed-off-by: Pol Henarejos --- src/hsm/cmd_keypair_gen.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index 638b950..48e87ee 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -86,10 +86,23 @@ int cmd_keypair_gen() { return SW_WRONG_DATA(); } mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime, prime_len); - printf("KEYPAIR ECC %d\r\n", ec_id); if (ec_id == MBEDTLS_ECP_DP_NONE) { return SW_FUNC_NOT_SUPPORTED(); } + if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) { + size_t g_len = 0; + uint8_t *g = NULL; + if (asn1_find_tag(p, tout, 0x83, &g_len, &g) != true) { + return SW_WRONG_DATA(); + } + if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g[0] != 9)) { + ec_id = MBEDTLS_ECP_DP_ED25519; + } + else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g_len != 56 || g[0] != 5)) { + ec_id = MBEDTLS_ECP_DP_ED448; + } + } + printf("KEYPAIR ECC %d\r\n", ec_id); mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init(&ecdsa); uint8_t index = 0; From 9f49a144acb04b829c94c24e05a916e39565452a Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:05:11 +0200 Subject: [PATCH 08/30] Add support for Edwards key import. Signed-off-by: Pol Henarejos --- src/hsm/kek.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 8b797ed..7506247 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -695,7 +695,14 @@ int dkek_decode_key(uint8_t id, len = get_uint16_t(kb, ofs); ofs += len + 2; //G - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t(kb, ofs); + if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && kb[ofs + 2] != 0x09) { + ec_id = MBEDTLS_ECP_DP_ED25519; + } + else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (len != 56 || kb[ofs + 2] != 0x05)) { + ec_id = MBEDTLS_ECP_DP_ED448; + } + ofs += len + 2; //d len = get_uint16_t(kb, ofs); ofs += 2; @@ -710,7 +717,12 @@ int dkek_decode_key(uint8_t id, len = get_uint16_t(kb, ofs); ofs += 2; r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len); if (r != 0) { - r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL); + if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) { + r = mbedtls_ecp_point_edwards(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, random_gen, NULL); + } + else { + r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL); + } if (r != 0) { mbedtls_ecdsa_free(ecdsa); return CCID_EXEC_ERROR; From 10a47f9177a0abd5941bea39bd97d2a3f82d1671 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:05:34 +0200 Subject: [PATCH 09/30] Uniform ec key loading. Signed-off-by: Pol Henarejos --- src/hsm/sc_hsm.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index 35eb399..3de630b 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -623,7 +623,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) { return CCID_OK; } -int load_private_key_ec_purpose(mbedtls_ecp_keypair *ctx, file_t *fkey, bool sign) { +int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) { if (wait_button_pressed() == true) { // timeout return CCID_VERIFICATION_FAILED; } @@ -635,14 +635,6 @@ int load_private_key_ec_purpose(mbedtls_ecp_keypair *ctx, file_t *fkey, bool sig return CCID_EXEC_ERROR; } mbedtls_ecp_group_id gid = kdata[0]; - if (sign == true) { - if (gid == MBEDTLS_ECP_DP_CURVE25519) { - gid = MBEDTLS_ECP_DP_ED25519; - } - else if (gid == MBEDTLS_ECP_DP_CURVE448) { - gid = MBEDTLS_ECP_DP_ED448; - } - } int r = mbedtls_ecp_read_key(gid, ctx, kdata + 1, key_size - 1); if (r != 0) { mbedtls_platform_zeroize(kdata, sizeof(kdata)); @@ -662,11 +654,8 @@ int load_private_key_ec_purpose(mbedtls_ecp_keypair *ctx, file_t *fkey, bool sig } return CCID_OK; } -int load_private_key_ec(mbedtls_ecp_keypair *ctx, file_t *fkey) { - return load_private_key_ec_purpose(ctx, fkey, true); -} int load_private_key_ecdh(mbedtls_ecp_keypair *ctx, file_t *fkey) { - return load_private_key_ec_purpose(ctx, fkey, false); + return load_private_key_ec(ctx, fkey); } #define INS_VERIFY 0x20 From e3a773d145f76244547a266e12ea4f11d5db7f1d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:05:43 +0200 Subject: [PATCH 10/30] Add edwards key generation test. Signed-off-by: Pol Henarejos --- tests/pico-hsm/test_020_keypair_gen.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pico-hsm/test_020_keypair_gen.py b/tests/pico-hsm/test_020_keypair_gen.py index dcceaa8..d8edb73 100644 --- a/tests/pico-hsm/test_020_keypair_gen.py +++ b/tests/pico-hsm/test_020_keypair_gen.py @@ -24,7 +24,7 @@ def test_gen_initialize(device): device.initialize() @pytest.mark.parametrize( - "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448'] + "curve", ['secp192r1', 'secp256r1', 'secp384r1', 'secp521r1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'secp192k1', 'secp256k1', 'curve25519', 'curve448', 'ed25519', 'ed448'] ) def test_gen_ecc(device, curve): keyid = device.key_generation(KeyType.ECC, curve) From b0057bc3fe335a37791f6c964e2c0c1db767eb2f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:05:52 +0200 Subject: [PATCH 11/30] Add edwards key import test. Signed-off-by: Pol Henarejos --- tests/pico-hsm/test_021_key_import.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/pico-hsm/test_021_key_import.py b/tests/pico-hsm/test_021_key_import.py index 1eca43b..5b175be 100644 --- a/tests/pico-hsm/test_021_key_import.py +++ b/tests/pico-hsm/test_021_key_import.py @@ -21,7 +21,7 @@ import pytest import hashlib import os from picohsm import DOPrefixes -from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448 +from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448, ed25519, ed448 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat from picohsm.const import DEFAULT_RETRIES, DEFAULT_DKEK_SHARES from const import DEFAULT_DKEK @@ -70,6 +70,17 @@ def test_import_montgomery(device, curve): device.delete_file(DOPrefixes.KEY_PREFIX, keyid) device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid) +@pytest.mark.parametrize( + "curve", [ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey] +) +def test_import_edwards(device, curve): + pkey = curve.generate() + keyid = device.import_key(pkey) + pubkey = device.public_key(keyid, param=curve) + assert(pubkey.public_bytes(Encoding.Raw, PublicFormat.Raw) == pkey.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)) + device.delete_file(DOPrefixes.KEY_PREFIX, keyid) + device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX, keyid) + @pytest.mark.parametrize( "size", [128, 192, 256] ) From 6699913eff144defdf186c4fbe880589f1a3c624 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:06:02 +0200 Subject: [PATCH 12/30] Add edwards signature test. Signed-off-by: Pol Henarejos --- tests/pico-hsm/test_030_signature.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/pico-hsm/test_030_signature.py b/tests/pico-hsm/test_030_signature.py index 23fb71f..b8a4388 100644 --- a/tests/pico-hsm/test_030_signature.py +++ b/tests/pico-hsm/test_030_signature.py @@ -55,3 +55,13 @@ def test_signature_rsa(device, modulus, scheme): device.delete_file(DOPrefixes.KEY_PREFIX, keyid) device.verify(pubkey, data, signature, scheme) +@pytest.mark.parametrize( + "curve", ['ed25519', 'ed448'] +) +def test_signature_edwards(device, curve): + keyid = device.key_generation(KeyType.ECC, curve) + pubkey = device.public_key(keyid=keyid) + signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data) + device.delete_file(DOPrefixes.KEY_PREFIX, keyid) + print(hexlify(data)) + device.verify(pubkey, data, signature) From 447d223de4a8c8352bb1d7657444647af8292908 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:12:34 +0200 Subject: [PATCH 13/30] Fix mbedtls ed448 bugs. Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-hsm-sdk b/pico-hsm-sdk index 9838333..7944076 160000 --- a/pico-hsm-sdk +++ b/pico-hsm-sdk @@ -1 +1 @@ -Subproject commit 9838333e59df66d2fe8925d33fbc80166c1b8180 +Subproject commit 794407686ad0f9c5935806ae66a95c8b43c6cb8f From 2c4be41ecf40bd8c99b088ccec55da1b788973bd Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:12:40 +0200 Subject: [PATCH 14/30] Remove print. Signed-off-by: Pol Henarejos --- tests/pico-hsm/test_030_signature.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/pico-hsm/test_030_signature.py b/tests/pico-hsm/test_030_signature.py index b8a4388..4b44ade 100644 --- a/tests/pico-hsm/test_030_signature.py +++ b/tests/pico-hsm/test_030_signature.py @@ -63,5 +63,4 @@ def test_signature_edwards(device, curve): pubkey = device.public_key(keyid=keyid) signature = device.sign(keyid=keyid, scheme=Algorithm.ALGO_EC_RAW, data=data) device.delete_file(DOPrefixes.KEY_PREFIX, keyid) - print(hexlify(data)) device.verify(pubkey, data, signature) From b94810d31dced06ac74929ff4a7eb6b1aeba087e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 24 Aug 2023 16:17:06 +0200 Subject: [PATCH 15/30] Added triggers to development-eddsa branch. Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9d8fa1c..f994b4e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ "master", "development" ] + branches: [ "master", "development", "development-eddsa" ] pull_request: # The branches below must be a subset of the branches above - branches: [ "master", "development" ] + branches: [ "master", "development", "development-eddsa" ] schedule: - cron: '23 5 * * 4' workflow_dispatch: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4c55029..30fa93a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,10 +13,10 @@ name: "Emulation and test" on: push: - branches: [ "master", "development" ] + branches: [ "master", "development", "development-eddsa" ] pull_request: # The branches below must be a subset of the branches above - branches: [ "master", "development" ] + branches: [ "master", "development", "development-eddsa" ] schedule: - cron: '23 5 * * 4' workflow_dispatch: From ff74d6306e6f6eb39ba92b9594ba2838af2a4770 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 23:27:02 +0100 Subject: [PATCH 16/30] mbedtls 3.5 Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index f0687c1..0a2151a 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit f0687c1ef392c2bcb293ea554f1dd8b784484922 +Subproject commit 0a2151ae2e25c94a0e33ad2d61bc5f60387a307b From 6ec5235cc389cecb89eb2dac7a0f2b7bf383e4e0 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 23:38:33 +0100 Subject: [PATCH 17/30] Upgrade Pico Keys SDK and mbedtls 3.5 Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 0a2151a..e5e2169 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 0a2151ae2e25c94a0e33ad2d61bc5f60387a307b +Subproject commit e5e2169a47371fc9d419c43d29de39bff3f32073 From 0ac71f2fff94e66a878fdcd4cc8eac069fd6c86f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 23:47:21 +0100 Subject: [PATCH 18/30] Removed old SDK Signed-off-by: Pol Henarejos --- pico-hsm-sdk | 1 - 1 file changed, 1 deletion(-) delete mode 160000 pico-hsm-sdk diff --git a/pico-hsm-sdk b/pico-hsm-sdk deleted file mode 160000 index 7944076..0000000 --- a/pico-hsm-sdk +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 794407686ad0f9c5935806ae66a95c8b43c6cb8f From fb5be153ed819905bfb1d9f60e0a3ce43ba1ea2e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 6 Nov 2023 23:51:15 +0100 Subject: [PATCH 19/30] Fix merge. Signed-off-by: Pol Henarejos --- src/hsm/cmd_key_unwrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index 4f28c96..6ed048a 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -68,7 +68,7 @@ int cmd_key_unwrap() { return SW_EXEC_ERROR(); } r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id); - if ((res_APDU_size = asn1_cvc_aut(&ctx, HSM_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { + if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { mbedtls_ecp_keypair_free(&ctx); return SW_EXEC_ERROR(); } From 9258c9ff70b26345a21fe9e579f870054c8bac41 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 14 Aug 2024 15:32:09 +0200 Subject: [PATCH 20/30] Fix merge. Signed-off-by: Pol Henarejos --- src/hsm/cmd_keypair_gen.c | 9 ++++----- src/hsm/cvc.c | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index 536123d..c76ae51 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -80,15 +80,14 @@ int cmd_keypair_gen() { return SW_FUNC_NOT_SUPPORTED(); } if (ec_id == MBEDTLS_ECP_DP_CURVE25519 || ec_id == MBEDTLS_ECP_DP_CURVE448) { - size_t g_len = 0; - uint8_t *g = NULL; - if (asn1_find_tag(p, tout, 0x83, &g_len, &g) != true) { + asn1_ctx_t g = { 0 }; + if (asn1_find_tag(&ctxo, 0x83, &g) != true) { return SW_WRONG_DATA(); } - if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g[0] != 9)) { + if (ec_id == MBEDTLS_ECP_DP_CURVE25519 && (g.data[0] != 9)) { ec_id = MBEDTLS_ECP_DP_ED25519; } - else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g_len != 56 || g[0] != 5)) { + else if (ec_id == MBEDTLS_ECP_DP_CURVE448 && (g.len != 56 || g.data[0] != 5)) { ec_id = MBEDTLS_ECP_DP_ED448; } } diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index 3e815ea..17790d8 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -89,7 +89,7 @@ uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecp_keypair *ecdsa, uint8_t *buf, uin uint16_t ctot_size = asn1_len_tag(0x87, (uint16_t)c_size); uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa)); uint16_t tot_len = 0, tot_data_len = 0; - if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS { + if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY || mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_EDWARDS) { tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size; oid = oid_ri; } From e7080d6f8255163a900b54d9fb6277388f433f5b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 14 Aug 2024 15:32:22 +0200 Subject: [PATCH 21/30] Upgrade to MbedTLS 3.6 with EdDSA. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index ded76d1..a507697 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit ded76d1de7f94bbee939e801362d2864785a7675 +Subproject commit a507697a3a9c39a33f2f8b542bb6470493f8bcc2 From d44b780970958cc9431b8abe531a03389cf10a54 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 14 Aug 2024 16:57:33 +0200 Subject: [PATCH 22/30] Fix PSA_CRYPTO_CONFIG. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index a507697..b945ae4 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit a507697a3a9c39a33f2f8b542bb6470493f8bcc2 +Subproject commit b945ae4f0ea203d079d723223864e9f17fedd6a5 From 7493f9eb3ec0202e0dc9d8c7f8cca5dc5e5148ff Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Thu, 15 Aug 2024 00:03:56 +0200 Subject: [PATCH 23/30] Upgrade to version 4.0. Signed-off-by: Pol Henarejos --- build_pico_hsm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_pico_hsm.sh b/build_pico_hsm.sh index b190c3e..529e49d 100755 --- a/build_pico_hsm.sh +++ b/build_pico_hsm.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="4" -VERSION_MINOR="0" +VERSION_MINOR="0-eddsa1" rm -rf release/* cd build_release From f4502793706c4e635cec6195de350859b0e3724d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 3 Sep 2024 11:50:46 +0200 Subject: [PATCH 24/30] Add support for Edwards curves generation. Fixes #51 Signed-off-by: Pol Henarejos --- tools/pico-hsm-tool.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/pico-hsm-tool.py b/tools/pico-hsm-tool.py index 762481c..f5f1249 100644 --- a/tools/pico-hsm-tool.py +++ b/tools/pico-hsm-tool.py @@ -134,6 +134,8 @@ def parse_args(): parser_keygen_aes.add_argument('--size', help='Specifies the size of AES key [128, 192 or 256]',choices=[128, 192, 256], default=128, type=int) parser_keygen_x25519 = subparser_keygen.add_parser('x25519', help='Generates a private X25519 keypair.') parser_keygen_x448 = subparser_keygen.add_parser('x448', help='Generates a private X448 keypair.') + parser_keygen_x25519 = subparser_keygen.add_parser('ed25519', help='Generates a private Ed25519 keypair.') + parser_keygen_x448 = subparser_keygen.add_parser('ed448', help='Generates a private Ed448 keypair.') args = parser.parse_args() return args @@ -447,8 +449,10 @@ def cipher(picohsm, args): def keygen(picohsm, args): if (args.subcommand == 'aes'): ret = picohsm.key_generation(KeyType.AES, param=args.size) - elif (args.subcommand in ['x25519', 'x448']): - curve = 'curve' + args.subcommand[1:] + elif (args.subcommand in ['x25519', 'x448', 'ed25519', 'ed448']): + curve = args.subcommand + if (args.subcommand in ['x25519', 'x448']): + curve = 'curve' + args.subcommand[1:] ret = picohsm.key_generation(KeyType.ECC, curve) print('Key generated successfully.') print(f'Key ID: {ret}') @@ -472,7 +476,7 @@ def phy(picohsm, args): print('Command executed successfully. Please, restart your Pico Key.') def main(args): - sys.stderr.buffer.write(b'Pico HSM Tool v1.14\n') + sys.stderr.buffer.write(b'Pico HSM Tool v1.16\n') sys.stderr.buffer.write(b'Author: Pol Henarejos\n') sys.stderr.buffer.write(b'Report bugs to https://github.com/polhenarejos/pico-hsm/issues\n') sys.stderr.buffer.write(b'\n\n') From f992a04142f9dd739d886c2d141fc8eae023742e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 9 Nov 2024 18:45:05 +0100 Subject: [PATCH 25/30] Fix eddsa signature. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 15cfa48..1d86efa 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 15cfa48ef96ca563b9200d4c2285b99e5d6d2ed2 +Subproject commit 1d86efa33bf1b3c118947eac14280f9953a49bc9 From 5535f3ec106271b162e96bdafe2b62f391c3020c Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 9 Nov 2024 18:47:41 +0100 Subject: [PATCH 26/30] No esp32 in eddsa workflows. Signed-off-by: Pol Henarejos --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2b59367..c846265 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: language: [ 'cpp', 'python' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - mode: [ 'pico', 'esp32', 'local' ] + mode: [ 'pico', 'local' ] steps: - name: Checkout repository From 92fe26c1e18434d46dddbc67f21394235d4f97ca Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 19 Feb 2025 19:18:02 +0100 Subject: [PATCH 27/30] Upgrade to v6.4 Signed-off-by: Pol Henarejos --- build_pico_hsm.sh | 2 +- src/hsm/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build_pico_hsm.sh b/build_pico_hsm.sh index d06d189..cc04b15 100755 --- a/build_pico_hsm.sh +++ b/build_pico_hsm.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="5" -VERSION_MINOR="2" +VERSION_MINOR="4" SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" #if ! [[ -z "${GITHUB_SHA}" ]]; then # SUFFIX="${SUFFIX}.${GITHUB_SHA}" diff --git a/src/hsm/version.h b/src/hsm/version.h index 615e7ea..1d32f94 100644 --- a/src/hsm/version.h +++ b/src/hsm/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define HSM_VERSION 0x0502 +#define HSM_VERSION 0x0504 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff) #define HSM_VERSION_MINOR (HSM_VERSION & 0xff) From ef71ec6a29894180630276798f400373cfcd73e7 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 19 Feb 2025 19:18:02 +0100 Subject: [PATCH 28/30] Upgrade to v5.4 Signed-off-by: Pol Henarejos --- build_pico_hsm.sh | 2 +- src/hsm/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build_pico_hsm.sh b/build_pico_hsm.sh index d06d189..cc04b15 100755 --- a/build_pico_hsm.sh +++ b/build_pico_hsm.sh @@ -1,7 +1,7 @@ #!/bin/bash VERSION_MAJOR="5" -VERSION_MINOR="2" +VERSION_MINOR="4" SUFFIX="${VERSION_MAJOR}.${VERSION_MINOR}" #if ! [[ -z "${GITHUB_SHA}" ]]; then # SUFFIX="${SUFFIX}.${GITHUB_SHA}" diff --git a/src/hsm/version.h b/src/hsm/version.h index 615e7ea..1d32f94 100644 --- a/src/hsm/version.h +++ b/src/hsm/version.h @@ -18,7 +18,7 @@ #ifndef __VERSION_H_ #define __VERSION_H_ -#define HSM_VERSION 0x0502 +#define HSM_VERSION 0x0504 #define HSM_VERSION_MAJOR ((HSM_VERSION >> 8) & 0xff) #define HSM_VERSION_MINOR (HSM_VERSION & 0xff) From 26f9e0dd540a890376b9fd74be00ec71c0f76b23 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 21 Feb 2025 18:02:42 +0100 Subject: [PATCH 29/30] Fix cyw43 build. Signed-off-by: Pol Henarejos --- pico-keys-sdk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pico-keys-sdk b/pico-keys-sdk index 4120a8c..6ec374a 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit 4120a8c1a61a0a63040a83522133a10cd9a75e5a +Subproject commit 6ec374a6ac53a4de34ed26ae19be126fe7c704e7 From c58823f9ef701bc7c1db0f8bacc7641605e8cf4b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 21 Feb 2025 20:22:07 +0100 Subject: [PATCH 30/30] Build tests for EDDSA. Signed-off-by: Pol Henarejos --- tests/build-in-docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/build-in-docker.sh b/tests/build-in-docker.sh index 8a42b51..04d4785 100755 --- a/tests/build-in-docker.sh +++ b/tests/build-in-docker.sh @@ -4,7 +4,7 @@ source tests/docker_env.sh build_image #run_in_docker rm -rf CMakeFiles run_in_docker mkdir -p build_in_docker -run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 -D__FOR_CI=1 .. +run_in_docker -w "$PWD/build_in_docker" cmake -DENABLE_EMULATION=1 -D__FOR_CI=1 -DENABLE_EDDSA=1 .. run_in_docker -w "$PWD/build_in_docker" make -j ${NUM_PROC} docker create --name temp_container pico-hsm-test:bullseye docker cp $PWD/build_in_docker/pico_hsm temp_container:/pico_hsm