From 05fe0596ef004313e166b1e2f900e9af351dd26c Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Thu, 11 Dec 2025 15:42:30 +0100
Subject: [PATCH] Revert "Move EDDSA to another branch."

This reverts commit 09ec0767b6a3bd79b2a176fb468e97d9fde28449.
---
 mbedtls                    |   2 +-
 pico_keys_sdk_import.cmake | 112 +++++++++++++++++++++++++++++++++++++
 2 files changed, 113 insertions(+), 1 deletion(-)

diff --git a/mbedtls b/mbedtls
index e185d7f..107ea89 160000
--- a/mbedtls
+++ b/mbedtls
@@ -1 +1 @@
-Subproject commit e185d7fd85499c8ce5ca2a54f5cf8fe7dbe3f8df
+Subproject commit 107ea89daaefb9867ea9121002fbbdf926780e98
diff --git a/pico_keys_sdk_import.cmake b/pico_keys_sdk_import.cmake
index b91a366..fc6ea6b 100644
--- a/pico_keys_sdk_import.cmake
+++ b/pico_keys_sdk_import.cmake
@@ -108,6 +108,111 @@ endif()
 
 message(STATUS "USB VID/PID:\t\t\t ${USB_VID}:${USB_PID}")
 
+if(NOT ESP_PLATFORM)
+    set(NEED_UPDATE OFF)
+
+    option(ENABLE_EDDSA "Enable/disable EdDSA support" OFF)
+    if(ENABLE_EDDSA)
+        message(STATUS "EdDSA support:\t\t enabled")
+    else()
+        message(STATUS "EdDSA support:\t\t disabled")
+    endif(ENABLE_EDDSA)
+
+    set(MBEDTLS_PATH "${CMAKE_SOURCE_DIR}/pico-keys-sdk/mbedtls")
+    execute_process(
+        COMMAND git config --global --add safe.directory ${MBEDTLS_PATH}
+        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+        OUTPUT_QUIET ERROR_QUIET
+    )
+
+    if(ENABLE_EDDSA)
+        set(MBEDTLS_ORIGIN "https://github.com/polhenarejos/mbedtls.git")
+        set(MBEDTLS_REF "mbedtls-3.6-eddsa")
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} symbolic-ref --quiet --short HEAD
+            OUTPUT_VARIABLE CURRENT_BRANCH
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            RESULT_VARIABLE BRANCH_ERR
+        )
+
+        message(STATUS "Current branch for mbedTLS: ${CURRENT_BRANCH}")
+        message(STATUS "Target branch for mbedTLS:  ${MBEDTLS_REF}")
+
+        if(NOT BRANCH_ERR EQUAL 0 OR NOT "${CURRENT_BRANCH}" STREQUAL "${MBEDTLS_REF}")
+            set(NEED_UPDATE ON)
+        else()
+            set(NEED_UPDATE OFF)
+        endif()
+
+        add_definitions(-DMBEDTLS_ECP_DP_ED25519_ENABLED=1 -DMBEDTLS_ECP_DP_ED448_ENABLED=1 -DMBEDTLS_EDDSA_C=1 -DMBEDTLS_SHA3_C=1)
+
+    else()
+        set(MBEDTLS_ORIGIN "https://github.com/Mbed-TLS/mbedtls.git")
+        set(MBEDTLS_REF "v3.6.5")
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} describe --tags --exact-match
+            OUTPUT_VARIABLE CURRENT_TAG
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            RESULT_VARIABLE TAG_ERR
+        )
+
+        message(STATUS "Current tag for mbedTLS: ${CURRENT_TAG}")
+        message(STATUS "Target tag for mbedTLS:  ${MBEDTLS_REF}")
+
+        if(NOT TAG_ERR EQUAL 0 OR NOT "${CURRENT_TAG}" STREQUAL "${MBEDTLS_REF}")
+            set(NEED_UPDATE ON)
+        else()
+            set(NEED_UPDATE OFF)
+        endif()
+
+    endif()
+
+    if(NEED_UPDATE)
+        message(STATUS "Updating mbedTLS source code...")
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} submodule update --init --recursive --remote pico-keys-sdk
+            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+            OUTPUT_QUIET ERROR_QUIET
+        )
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} remote set-url origin ${MBEDTLS_ORIGIN}
+            OUTPUT_QUIET ERROR_QUIET
+        )
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} fetch origin +refs/heads/*:refs/remotes/origin/* --tags --force
+            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+            OUTPUT_QUIET ERROR_QUIET
+        )
+
+        execute_process(
+            COMMAND rm -rf ${MBEDTLS_PATH}/framework
+            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+            OUTPUT_QUIET ERROR_QUIET
+        )
+
+        if(ENABLE_EDDSA)
+            execute_process(
+                COMMAND git -C ${MBEDTLS_PATH} checkout -B ${MBEDTLS_REF} --track origin/${MBEDTLS_REF}
+                WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+                OUTPUT_QUIET ERROR_QUIET
+            )
+        else()
+            execute_process(
+                COMMAND git -C ${MBEDTLS_PATH} checkout ${MBEDTLS_REF}
+                WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+                OUTPUT_QUIET ERROR_QUIET
+            )
+        endif()
+    else()
+        message(STATUS "mbedTLS source code is up to date.")
+    endif()
+endif(NOT ESP_PLATFORM)
+
 set(MBEDTLS_SOURCES
     ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/aes.c
     ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/asn1parse.c
@@ -148,6 +253,13 @@ set(MBEDTLS_SOURCES
     ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/pkwrite.c
 )
 
+if (ENABLE_EDDSA)
+    set(MBEDTLS_SOURCES ${MBEDTLS_SOURCES}
+        ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/eddsa.c
+        ${CMAKE_CURRENT_LIST_DIR}/mbedtls/library/sha3.c
+    )
+endif()
+
 set(PICO_KEYS_SOURCES ${PICO_KEYS_SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/src/main.c
     ${CMAKE_CURRENT_LIST_DIR}/src/usb/usb.c