mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-04-17 21:58:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
1228 commits 2 branches 33 tags 3.1 MiB
Commit graph

500 commits

Author SHA1 Message Date
Pol Henarejos
504bb0fc05
Remove debugs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-27 17:20:56 +01:00
Pol Henarejos
254159d44d
Allow access to EE_DEV. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-20 01:19:53 +01:00
Pol Henarejos
75c56bb2c7
Migrate PIN and MKEK to new system. 
This new system is more robust, with derived keys by context and safe in case of flash/ram dumps.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-20 01:19:35 +01:00
Pol Henarejos
1f96fe619b
Fix bounds on update ef. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 17:42:25 +01:00
Pol Henarejos
3af776ec26
Removed unused functions in extras. 
Some of them are transfered to rescue interfaces. Others, like OTP, are supressed for security.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 16:57:49 +01:00
Pol Henarejos
54cba3efdf
Remove session pin. 
It is intended for bio features, not supported by Pico HSM.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 16:40:08 +01:00
Pol Henarejos
1ced9f6267
Check bounds on update ef. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 16:04:20 +01:00
Pol Henarejos
c14a12d9d1
Set ACL for all registers. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 16:03:39 +01:00
Pol Henarejos
bbbf28cb42
Fix ACL for static files. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 14:26:43 +01:00
Pol Henarejos
db9d6ef2f5
Do not allow reading private objects if not authenticated. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-18 13:21:14 +01:00
Pol Henarejos
839fb431c4
Add strict build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-09 11:02:47 +01:00
Pol Henarejos
7e651c78e3
Upgrade to v6.4
Some checks failed
CodeQL / Analyze (push) Has been cancelled
Emulation and test / build (push) Has been cancelled
Emulation and test / test (pkcs11) (push) Has been cancelled
Emulation and test / test (pytest) (push) Has been cancelled
Emulation and test / test (sc-hsm-pkcs11) (push) Has been cancelled
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-02-01 20:34:41 +01:00
Pol Henarejos
0b18ab5e3d
Upgrade to Pico Keys SDK 8.5 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-29 16:12:41 +01:00
Pol Henarejos
ed980c3093
Use new layout 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-22 11:59:46 +01:00
Pol Henarejos
380ff7afa4
Upgrade to v6.2
Some checks are pending
CodeQL / Analyze (push) Waiting to run
Emulation and test / build (push) Waiting to run
Emulation and test / test (pkcs11) (push) Blocked by required conditions
Emulation and test / test (pytest) (push) Blocked by required conditions
Emulation and test / test (sc-hsm-pkcs11) (push) Blocked by required conditions
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-01-05 19:54:07 +01:00
Pol Henarejos
629f14ab0d
Revert "Move EDDSA to another branch." 
This reverts commit a0faf5308e.
 2025-12-11 19:35:27 +01:00
Pol Henarejos
82f4b2201c
Remove printf 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 21:38:15 +01:00
Pol Henarejos
a0faf5308e
Move EDDSA to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 15:49:20 +01:00
Pol Henarejos
b5b5ccd53c
Upgrade to v6.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-01 17:21:26 +01:00
Pol Henarejos
c4a1cf32e5
Add Pico Version Major 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-18 01:05:40 +01:00
Pol Henarejos
dba614ed36
Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:18:45 +01:00
Pol Henarejos
f0f8e4382a
Fix cross build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-06-22 20:33:06 +02:00
Pol Henarejos
dce4e304bc
Upgrade to v5.6 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-04-10 18:41:31 +02:00
Pol Henarejos
7c1ef56799
Fix ne parameter when secure message protocol is used. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-04-07 01:27:57 +02:00
Pol Henarejos
4b59bd6481
0x85 and 0x86 should return not found to avoid authentication path. 
Fixes #81 and #84.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-04-07 01:27:21 +02:00
Pol Henarejos
9b1dceb8da
Use K1 curve for general authentication. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-04-07 01:24:22 +02:00
Pol Henarejos
21b6a7782a
Add EdDSA support as a conditional build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-21 20:20:43 +01:00
Pol Henarejos
ef71ec6a29
Upgrade to v5.4 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-20 18:10:49 +01:00
Pol Henarejos
17ca65a41b
Upgrade to v5.4 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-19 20:21:57 +01:00
Pol Henarejos
92fe26c1e1
Upgrade to v6.4 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-02-19 19:18:02 +01:00
Pol Henarejos
747e5fbe86
Added phy_save() and phy_load() to save and load PHY. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-29 17:09:29 +01:00
Pol Henarejos
4c636e0ce5
Upgrade to v5.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-15 13:07:35 +01:00
Pol Henarejos
297f2e6228
Upgrade to v5.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-15 12:06:00 +01:00
Pol Henarejos
f0a9d03ca8
Fix storing MKEK in devices with OTP_1 available. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-08 14:38:02 +01:00
Pol Henarejos
c6b03e54ca
Fix TX/RX buffers to align them with USB buffers and avoid overflows. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-24 02:06:15 +01:00
Pol Henarejos
991f5fc960
More uint funcs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-23 21:41:40 +01:00
Pol Henarejos
6d516b1b78
Use BE/LE functions for packing uint16. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-23 21:01:12 +01:00
Pol Henarejos
73232b6de4
Add LE/BE functions for uint16, 32 and 64. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-23 20:39:03 +01:00
Pol Henarejos
d56b540324
Add support for displaying memory usage. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-23 20:24:10 +01:00
Pol Henarejos
3d960b931a
Fix MKEK masking order. Fixes #69. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:26:47 +01:00
Pol Henarejos
ff7ef56cda
Dev options file must be persistent, since it manipulates MKEK which is in turn persistent. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:25:19 +01:00
Pol Henarejos
320455815f
Only allow initialize if secure lock is disabled or has mkek mask. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:24:35 +01:00
Pol Henarejos
859dec7e4a
Accept mkek mask only if secure lock is enabled. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:23:51 +01:00
Pol Henarejos
f88aad1e2c
Fixed buffer overflow when unlocking the device. 
Fixes #68.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-03 08:36:05 +01:00
Pol Henarejos
866aac8fe3
Add reboot extra command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-27 21:48:04 +01:00
Pol Henarejos
bb45c9b3a8
Merge branch 'master' into development-eddsa 2024-11-12 20:10:07 +01:00
Pol Henarejos
1ea0a91ba8
Fix initialization when initializing a RP2350 board for first time. 
Fixes #60.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-12 19:25:22 +01:00
Pol Henarejos
d858a1e1d5
Upgrade to v5.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 18:10:56 +01:00
Pol Henarejos
b7c6ca58d0
Upgrade to v5.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 15:47:40 +01:00
Pol Henarejos
4ec1d4d891
Fix initialization and terminal certificate generation. 
Fixes #59.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 17:52:13 +01:00