Fix led for pimoroni boards.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

CMakeLists.txt

@@ -17,66 +17,86 @@
 
  cmake_minimum_required(VERSION 3.16)
 
-if(ESP_PLATFORM)
+ if(ESP_PLATFORM)
-set(EXTRA_COMPONENT_DIRS src)
+    set(EXTRA_COMPONENT_DIRS src)
-include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+    include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-set(USB_ITF_CCID 1)
-#set(USB_ITF_HID 1)
-include(pico_keys_sdk_import.cmake)
-project(pico_keys_sdk)
 else()
+    if(NOT ENABLE_EMULATION)
+        set(PICO_USE_FASTEST_SUPPORTED_CLOCK 1)
+        include(pico_sdk_import.cmake)
+    endif()
 
- if(ENABLE_EMULATION)
+    project(picokey C CXX ASM)
- else()
- include(pico_sdk_import.cmake)
- endif()
 
- project(pico_keys C CXX ASM)
+    set(CMAKE_C_STANDARD 11)
+    set(CMAKE_CXX_STANDARD 17)
 
- set(CMAKE_C_STANDARD 11)
+    if(NOT DEFINED __FOR_CI)
- set(CMAKE_CXX_STANDARD 17)
+        set(__FOR_CI 0)
+    endif()
+    if(__FOR_CI)
+        add_definitions(-D__FOR_CI)
+    endif()
 
- if(ENABLE_EMULATION)
+    add_executable(picokey)
-  else()
+endif()
- pico_sdk_init()
- endif()
-
- if (NOT DEFINED __FOR_CI)
-     set(__FOR_CI 0)
- endif()
- if (__FOR_CI)
-     add_definitions(-D__FOR_CI)
- endif()
 
 set(USB_ITF_CCID 1)
-set(USB_ITF_HID 1)
+set(USB_ITF_WCID 1)
+include(cmake/version.cmake)
 include(pico_keys_sdk_import.cmake)
-
+if(NOT ESP_PLATFORM)
-add_executable(pico_keys_sdk_exe)
+    set(SOURCES ${PICO_KEYS_SOURCES})
-
+endif()
-target_compile_options(pico_keys_sdk_exe PUBLIC
+set(SOURCES ${SOURCES}
-    -Wall
+    ${CMAKE_CURRENT_LIST_DIR}/src/fs/files.c
-    -Werror
+    ${CMAKE_CURRENT_LIST_DIR}/src/version.c
 )
 
-if(ENABLE_EMULATION)
+SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/pico_keys_version.h" 2)
-target_compile_options(pico_keys_sdk_exe PUBLIC
-        -fdata-sections
-        -ffunction-sections
-        )
-if(APPLE)
-target_link_options(pico_keys_sdk_exe PUBLIC
-        -Wl,-dead_strip
-        )
-else()
-target_link_options(pico_keys_sdk_exe PUBLIC
-        -Wl,--gc-sections
-        )
-endif (APPLE)
-else()
-pico_add_extra_outputs(pico_keys_sdk_exe)
 
-target_link_libraries(pico_keys_sdk_exe PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
+if(ESP_PLATFORM)
+    project(picokey)
 endif()
 
+if(NOT ESP_PLATFORM)
+    target_sources(picokey PUBLIC ${SOURCES})
+    target_include_directories(picokey PUBLIC ${INCLUDES})
+
+    target_compile_options(picokey PUBLIC
+        -Wall
+    )
+    if(NOT MSVC)
+        target_compile_options(picokey PUBLIC
+            -Werror
+        )
+    endif()
+
+    if(ENABLE_EMULATION)
+        if(NOT MSVC)
+            target_compile_options(picokey PUBLIC
+                -fdata-sections
+                -ffunction-sections
+            )
+        endif()
+        if(APPLE)
+            target_link_options(picokey PUBLIC
+                -Wl,-dead_strip
+            )
+        elseif(MSVC)
+            target_compile_options(picokey PUBLIC
+                -WX
+            )
+
+            target_link_libraries(picokey PUBLIC wsock32 ws2_32 Bcrypt)
+        else()
+            target_link_options(picokey PUBLIC
+                -Wl,--gc-sections
+            )
+        endif(APPLE)
+        target_link_libraries(picokey PRIVATE pthread m)
+    else()
+        pico_add_extra_outputs(${CMAKE_PROJECT_NAME})
+    endif()
 endif()
+

cmake/version.cmake

@@ -33,7 +33,7 @@ macro(HEX2DEC VAR VAL)
     endwhile()
 endmacro(HEX2DEC)
 
-macro(SET_VERSION MAJOR MINOR FILE)
+macro(SET_VERSION MAJOR MINOR FILE ROLLBACK)
     file(READ ${FILE} ver)
     string(REGEX MATCHALL "0x([0-9A-F])([0-9A-F])([0-9A-F])([0-9A-F])" _ ${ver})
     string(CONCAT ver_major ${CMAKE_MATCH_1}${CMAKE_MATCH_2})
@@ -42,8 +42,13 @@ macro(SET_VERSION MAJOR MINOR FILE)
     HEX2DEC(ver_minor ${ver_minor})
     message(STATUS "Found version:\t\t ${ver_major}.${ver_minor}")
     if(PICO_PLATFORM)
-        pico_set_binary_version(${CMAKE_PROJECT_NAME} MAJOR ${ver_major} MINOR ${ver_minor})
+        if (PICO_RP2350 AND SECURE_BOOT_PKEY)
+            message(STATUS "Setting rollback version:\t ${ROLLBACK}")
+            pico_set_binary_version(${CMAKE_PROJECT_NAME} MAJOR ${ver_major} MINOR ${ver_minor} ROLLBACK ${ROLLBACK})
+        else()
+            pico_set_binary_version(${CMAKE_PROJECT_NAME} MAJOR ${ver_major} MINOR ${ver_minor})
+        endif()
     endif()
-    SET(${MAJOR} ${ver_major})
+    set(${MAJOR} ${ver_major})
-    SET(${MINOR} ${ver_minor})
+    set(${MINOR} ${ver_minor})
 endmacro(SET_VERSION)

pico_keys_sdk_import.cmake

@@ -15,7 +15,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 
-include(pico-keys-sdk/cmake/version.cmake)
+include(pico-keys-sdk/cmake/version.cmake OPTIONAL)
 
 option(VIDPID "Set specific VID/PID from a known platform {NitroHSM, NitroFIDO2, NitroStart, NitroPro, Nitro3, Yubikey5, YubikeyNeo, YubiHSM, Gnuk, GnuPG}" "None")
 
@@ -109,6 +109,8 @@ endif()
 message(STATUS "USB VID/PID:\t\t\t ${USB_VID}:${USB_PID}")
 
 if(NOT ESP_PLATFORM)
+    set(NEED_UPDATE OFF)
+
     option(ENABLE_EDDSA "Enable/disable EdDSA support" OFF)
     if(ENABLE_EDDSA)
         message(STATUS "EdDSA support:\t\t enabled")
@@ -117,49 +119,69 @@ if(NOT ESP_PLATFORM)
     endif(ENABLE_EDDSA)
 
     set(MBEDTLS_PATH "${CMAKE_SOURCE_DIR}/pico-keys-sdk/mbedtls")
-
-    if(ENABLE_EDDSA)
-        set(MBEDTLS_ORIGIN "https://github.com/polhenarejos/mbedtls.git")
-        set(MBEDTLS_REF "mbedtls-3.6-eddsa")
-        add_definitions(-DMBEDTLS_ECP_DP_ED25519_ENABLED=1 -DMBEDTLS_ECP_DP_ED448_ENABLED=1 -DMBEDTLS_EDDSA_C=1 -DMBEDTLS_SHA3_C=1)
-    else()
-        set(MBEDTLS_ORIGIN "https://github.com/Mbed-TLS/mbedtls.git")
-        set(MBEDTLS_REF "v3.6.5")
-    endif()
-
     execute_process(
         COMMAND git config --global --add safe.directory ${MBEDTLS_PATH}
         WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
         OUTPUT_QUIET ERROR_QUIET
     )
 
-    execute_process(
+    if(ENABLE_EDDSA)
-        COMMAND git -C ${MBEDTLS_PATH} submodule update --init --recursive pico-keys-sdk
+        set(MBEDTLS_ORIGIN "https://github.com/polhenarejos/mbedtls.git")
-        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+        set(MBEDTLS_REF "mbedtls-3.6-eddsa")
-        OUTPUT_QUIET ERROR_QUIET
-    )
 
-    execute_process(
+        execute_process(
-        COMMAND git -C ${MBEDTLS_PATH} remote get-url origin
+            COMMAND git -C ${MBEDTLS_PATH} symbolic-ref --quiet --short HEAD
-        OUTPUT_VARIABLE CURRENT_ORIGIN
+            OUTPUT_VARIABLE CURRENT_BRANCH
-        OUTPUT_STRIP_TRAILING_WHITESPACE
+            OUTPUT_STRIP_TRAILING_WHITESPACE
-    )
+            RESULT_VARIABLE BRANCH_ERR
+        )
+
+        message(STATUS "Current branch for mbedTLS: ${CURRENT_BRANCH}")
+        message(STATUS "Target branch for mbedTLS:  ${MBEDTLS_REF}")
+
+        if(NOT BRANCH_ERR EQUAL 0 OR NOT "${CURRENT_BRANCH}" STREQUAL "${MBEDTLS_REF}")
+            set(NEED_UPDATE ON)
+        else()
+            set(NEED_UPDATE OFF)
+        endif()
+
+        add_definitions(-DMBEDTLS_ECP_DP_ED25519_ENABLED=1 -DMBEDTLS_ECP_DP_ED448_ENABLED=1 -DMBEDTLS_EDDSA_C=1 -DMBEDTLS_SHA3_C=1)
+
+    else()
+        set(MBEDTLS_ORIGIN "https://github.com/Mbed-TLS/mbedtls.git")
+        set(MBEDTLS_REF "v3.6.5")
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} describe --tags --exact-match
+            OUTPUT_VARIABLE CURRENT_TAG
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+            RESULT_VARIABLE TAG_ERR
+        )
+
+        message(STATUS "Current tag for mbedTLS: ${CURRENT_TAG}")
+        message(STATUS "Target tag for mbedTLS:  ${MBEDTLS_REF}")
+
+        if(NOT TAG_ERR EQUAL 0 OR NOT "${CURRENT_TAG}" STREQUAL "${MBEDTLS_REF}")
+            set(NEED_UPDATE ON)
+        else()
+            set(NEED_UPDATE OFF)
+        endif()
+
+    endif()
+
+    if(NEED_UPDATE)
+        message(STATUS "Updating mbedTLS source code...")
+
+        execute_process(
+            COMMAND git -C ${MBEDTLS_PATH} submodule update --init --recursive --remote pico-keys-sdk
+            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+            OUTPUT_QUIET ERROR_QUIET
+        )
 
-    if(NOT "${CURRENT_ORIGIN}" STREQUAL "${MBEDTLS_ORIGIN}")
         execute_process(
             COMMAND git -C ${MBEDTLS_PATH} remote set-url origin ${MBEDTLS_ORIGIN}
             OUTPUT_QUIET ERROR_QUIET
         )
-    endif()
-
-    execute_process(
-        COMMAND git -C ${MBEDTLS_PATH} rev-parse --verify ${MBEDTLS_REF}
-        OUTPUT_VARIABLE CURRENT_REF
-        OUTPUT_STRIP_TRAILING_WHITESPACE
-        RESULT_VARIABLE REF_EXISTS
-    )
-
-    if(NOT REF_EXISTS EQUAL 0 OR NOT CURRENT_REF STREQUAL "${MBEDTLS_REF}")
 
         execute_process(
             COMMAND git -C ${MBEDTLS_PATH} fetch origin +refs/heads/*:refs/remotes/origin/* --tags --force
@@ -186,8 +208,9 @@ if(NOT ESP_PLATFORM)
                 OUTPUT_QUIET ERROR_QUIET
             )
         endif()
+    else()
+        message(STATUS "mbedTLS source code is up to date.")
     endif()
-
 endif(NOT ESP_PLATFORM)
 
 set(MBEDTLS_SOURCES

src/CMakeLists.txt

@@ -3,3 +3,4 @@ idf_component_register(
     INCLUDE_DIRS . fs rng usb led ../tinycbor/src
     REQUIRES bootloader_support esp_partition esp_tinyusb efuse mbedtls
 )
+idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)

src/fs/files.c

@@ -0,0 +1,28 @@
+/*
+ * This file is part of the Pico Keys SDK distribution (https://github.com/polhenarejos/pico-keys-sdk).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include "file.h"
+
+file_t file_entries[] = {
+    /*  0 */ { .fid = 0x3f00, .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL,
+               .ef_structure = 0, .acl = { 0 } },                                                                                    // MF
+    /*  1 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL,
+               .ef_structure = 0, .acl = { 0 } }                                                                                     //end
+};
+
+const file_t *MF = &file_entries[0];
+const file_t *file_last = &file_entries[sizeof(file_entries) / sizeof(file_t) - 1];

src/fs/otp.c

@@ -327,6 +327,7 @@ void init_otp_files() {
         if (ret != 0) {
             printf("Error writing OTP key 2 [%d]\n", ret);
         }
+        mbedtls_platform_zeroize(pkey, sizeof(pkey));
 #ifdef PICO_RP2350
         otp_chaff(OTP_KEY_2, 32);
 #endif

src/idf_component.yml

@@ -1,5 +1,5 @@
 ## IDF Component Manager Manifest File
 dependencies:
-  espressif/esp_tinyusb: "^1.7.2"
+  espressif/esp_tinyusb: "^1.7.6"
   #espressif/tinyusb: "^0.15.0"
   zorxx/neopixel: "^1.0.4"

src/led/led_pico.c

@@ -18,9 +18,9 @@
 #include "pico_keys.h"
 
 #ifdef PICO_DEFAULT_LED_PIN
-uint8_t gpio = PICO_DEFAULT_LED_PIN;
+static uint8_t gpio = PICO_DEFAULT_LED_PIN;
 #else
-uint8_t gpio = 0;
+static uint8_t gpio = 0;
 #endif
 
 #ifdef PICO_PLATFORM

src/led/led_pimoroni.c

@@ -18,18 +18,10 @@
 #include "pico_keys.h"
 
 #ifdef PICO_PLATFORM
-#ifdef PIMORONI_TINY2040
+#ifdef PICO_DEFAULT_LED_PIN
-#define LED_R_PIN TINY2040_LED_R_PIN
+static uint8_t gpio = PICO_DEFAULT_LED_PIN;
-#define LED_G_PIN TINY2040_LED_G_PIN
-#define LED_B_PIN TINY2040_LED_B_PIN
-#elif defined(PIMORONI_TINY2350)
-#define LED_R_PIN TINY2350_LED_R_PIN
-#define LED_G_PIN TINY2350_LED_G_PIN
-#define LED_B_PIN TINY2350_LED_B_PIN
 #else
-#define LED_R_PIN 0
+static uint8_t gpio = 0;
-#define LED_G_PIN 0
-#define LED_B_PIN 0
 #endif
 
 uint8_t pixel[][3] = {
@@ -44,21 +36,24 @@ uint8_t pixel[][3] = {
 };
 
 void led_driver_init_pimoroni() {
-    gpio_init(LED_R_PIN);
+    if (phy_data.led_gpio_present) {
-    gpio_set_dir(LED_R_PIN, GPIO_OUT);
+        gpio = phy_data.led_gpio;
-    gpio_init(LED_G_PIN);
+    }
-    gpio_set_dir(LED_G_PIN, GPIO_OUT);
+    gpio_init(gpio-1);
-    gpio_init(LED_B_PIN);
+    gpio_set_dir(gpio-1, GPIO_OUT);
-    gpio_set_dir(LED_B_PIN, GPIO_OUT);
+    gpio_init(gpio);
+    gpio_set_dir(gpio, GPIO_OUT);
+    gpio_init(gpio+1);
+    gpio_set_dir(gpio+1, GPIO_OUT);
 }
 
 void led_driver_color_pimoroni(uint8_t color, uint32_t led_brightness, float progress) {
     if (progress < 0.5) {
         color = LED_COLOR_OFF;
     }
-    gpio_put(LED_R_PIN, pixel[color][0]);
+    gpio_put(gpio-1, pixel[color][0]);
-    gpio_put(LED_G_PIN, pixel[color][1]);
+    gpio_put(gpio, pixel[color][1]);
-    gpio_put(LED_B_PIN, pixel[color][2]);
+    gpio_put(gpio+1, pixel[color][2]);
 }
 
 led_driver_t led_driver_pimoroni = {

src/main.c

@@ -58,7 +58,7 @@ const uint8_t *ccid_atr = NULL;
 
 bool app_exists(const uint8_t *aid, size_t aid_len) {
     for (int a = 0; a < num_apps; a++) {
-        if (apps[a].aid[0] == aid_len && !memcmp(apps[a].aid + 1, aid, MIN(aid_len, apps[a].aid[0]))) {
+        if (aid_len >= apps[a].aid[0] && !memcmp(apps[a].aid + 1, aid, apps[a].aid[0])) {
             return true;
         }
     }
@@ -79,14 +79,14 @@ int register_app(int (*select_aid)(app_t *, uint8_t), const uint8_t *aid) {
 }
 
 int select_app(const uint8_t *aid, size_t aid_len) {
-    if (current_app && current_app->aid && current_app->aid[0] == aid_len && (current_app->aid + 1 == aid || !memcmp(current_app->aid + 1, aid, MIN(current_app->aid[0], aid_len)))) {
+    if (current_app && current_app->aid && (current_app->aid + 1 == aid || (aid_len >= current_app->aid[0] && !memcmp(current_app->aid + 1, aid, current_app->aid[0])))) {
         current_app->select_aid(current_app, 0);
         return PICOKEY_OK;
     }
     for (int a = 0; a < num_apps; a++) {
-        if (apps[a].aid[0] == aid_len && !memcmp(apps[a].aid + 1, aid, MIN(aid_len, apps[a].aid[0]))) {
+        if (aid_len >= apps[a].aid[0] && !memcmp(apps[a].aid + 1, aid, apps[a].aid[0])) {
             if (current_app) {
-                if (current_app->aid && !memcmp(current_app->aid + 1, aid, MIN(current_app->aid[0], aid_len))) {
+                if (current_app->aid && aid_len >= current_app->aid[0] && !memcmp(current_app->aid + 1, aid, current_app->aid[0])) {
                     current_app->select_aid(current_app, 1);
                     return PICOKEY_OK;
                 }

src/rescue.c

@@ -23,6 +23,9 @@
 #include "pico/bootrom.h"
 #include "hardware/watchdog.h"
 #endif
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/sha256.h"
+#include "random.h"
 
 int rescue_process_apdu();
 int rescue_unload();
@@ -54,6 +57,8 @@ int rescue_select(app_t *a, uint8_t force) {
     res_APDU[res_APDU_size++] = PICO_PRODUCT;
     res_APDU[res_APDU_size++] = PICO_VERSION_MAJOR;
     res_APDU[res_APDU_size++] = PICO_VERSION_MINOR;
+    memcpy(res_APDU + res_APDU_size, pico_serial.id, sizeof(pico_serial.id));
+    res_APDU_size += sizeof(pico_serial.id);
     apdu.ne = res_APDU_size;
     if (force) {
         scan_flash();
@@ -69,6 +74,89 @@ int rescue_unload() {
     return PICOKEY_OK;
 }
 
+int cmd_keydev_sign() {
+    uint8_t p1 = P1(apdu);
+    if (p1 == 0x01) {
+        if (apdu.nc != 32) {
+            return SW_WRONG_LENGTH();
+        }
+        if (!otp_key_2) {
+            return SW_INS_NOT_SUPPORTED();
+        }
+        mbedtls_ecdsa_context ecdsa;
+        mbedtls_ecdsa_init(&ecdsa);
+        int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256K1, &ecdsa, otp_key_2, 32);
+        if (ret != 0) {
+            mbedtls_ecdsa_free(&ecdsa);
+            return SW_EXEC_ERROR();
+        }
+        uint16_t key_size = 2 * (int)((mbedtls_ecp_curve_info_from_grp_id(MBEDTLS_ECP_DP_SECP256K1)->bit_size + 7) / 8);
+        mbedtls_mpi r, s;
+        mbedtls_mpi_init(&r);
+        mbedtls_mpi_init(&s);
+
+        ret = mbedtls_ecdsa_sign(&ecdsa.MBEDTLS_PRIVATE(grp), &r, &s, &ecdsa.MBEDTLS_PRIVATE(d), apdu.data, apdu.nc, random_gen, NULL);
+        if (ret != 0) {
+            mbedtls_ecdsa_free(&ecdsa);
+            mbedtls_mpi_free(&r);
+            mbedtls_mpi_free(&s);
+            return SW_EXEC_ERROR();
+        }
+
+        mbedtls_mpi_write_binary(&r, res_APDU, key_size / 2); res_APDU_size = key_size / 2;
+        mbedtls_mpi_write_binary(&s, res_APDU + res_APDU_size, key_size / 2); res_APDU_size += key_size / 2;
+        mbedtls_ecdsa_free(&ecdsa);
+        mbedtls_mpi_free(&r);
+        mbedtls_mpi_free(&s);
+    }
+    else if (p1 == 0x02) {
+        // Return public key
+        if (!otp_key_2) {
+            return SW_INS_NOT_SUPPORTED();
+        }
+        if (apdu.nc != 0) {
+            return SW_WRONG_LENGTH();
+        }
+        mbedtls_ecp_keypair ecp;
+        mbedtls_ecp_keypair_init(&ecp);
+        int ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256K1, &ecp, otp_key_2, 32);
+        if (ret != 0) {
+            mbedtls_ecp_keypair_free(&ecp);
+            return SW_EXEC_ERROR();
+        }
+        ret = mbedtls_ecp_mul(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), &ecp.MBEDTLS_PRIVATE(d), &ecp.MBEDTLS_PRIVATE(grp).G, random_gen, NULL);
+        if (ret != 0) {
+            mbedtls_ecp_keypair_free(&ecp);
+            return SW_EXEC_ERROR();
+        }
+        size_t olen = 0;
+        ret = mbedtls_ecp_point_write_binary(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, 4096);
+        if (ret != 0) {
+            mbedtls_ecp_keypair_free(&ecp);
+            return SW_EXEC_ERROR();
+        }
+        res_APDU_size = (uint16_t)olen;
+        mbedtls_ecp_keypair_free(&ecp);
+    }
+    else if (p1 == 0x03) {
+        // Upload device attestation certificate
+        if (apdu.nc == 0) {
+            return SW_WRONG_LENGTH();
+        }
+        file_t *ef_devcert = file_new(0x2F02); // EF_DEVCERT
+        if (!ef_devcert) {
+            return SW_FILE_NOT_FOUND();
+        }
+        file_put_data(ef_devcert, apdu.data, (uint16_t)apdu.nc);
+        res_APDU_size = 0;
+        low_flash_available();
+    }
+    else {
+        return SW_INCORRECT_P1P2();
+    }
+    return SW_OK();
+}
+
 int cmd_write() {
     if (apdu.nc < 2) {
         return SW_WRONG_LENGTH();
@@ -163,12 +251,14 @@ int cmd_reboot_bootsel() {
 }
 #endif
 
+#define INS_KEYDEV_SIGN      0x10
 #define INS_WRITE            0x1C
 #define INS_SECURE           0x1D
 #define INS_READ             0x1E
 #define INS_REBOOT_BOOTSEL   0x1F
 
 static const cmd_t cmds[] = {
+    { INS_KEYDEV_SIGN, cmd_keydev_sign },
     { INS_WRITE, cmd_write },
 #if defined(PICO_RP2350) || defined(ESP_PLATFORM)
     { INS_SECURE, cmd_secure },

src/usb/usb_descriptors.c

@@ -35,7 +35,7 @@
 #endif
 
 #if defined(PICO_PLATFORM) || defined(ESP_PLATFORM)
-#define USB_BCD   0x0200
+#define USB_BCD   0x0210
 #else
 #define USB_BCD   0x0110
 #endif
@@ -107,7 +107,7 @@ uint8_t const desc_hid_report_kb[] = {
 #endif
 
 enum {
-    EPNUM_DUMMY = 1,
+    EPNUM_DUMMY = 0,
 #ifdef USB_ITF_CCID
     EPNUM_CCID,
 #if TUSB_SMARTCARD_CCID_EPS == 3
@@ -136,7 +136,7 @@ enum {
 #if TUSB_SMARTCARD_CCID_EPS == 3
 #define TUD_SMARTCARD_DESCRIPTOR(_itf, _strix, _epout, _epin, _epint, _epsize) \
     TUD_SMARTCARD_DESCRIPTOR_2EP(_itf, _strix, _epout, _epin, _epsize), \
-    7, TUSB_DESC_ENDPOINT, _epint,  TUSB_XFER_INTERRUPT, U16_TO_U8S_LE(_epsize), 0
+    7, TUSB_DESC_ENDPOINT, _epint,  TUSB_XFER_INTERRUPT, U16_TO_U8S_LE(_epsize), 10
 #else
 #define TUD_SMARTCARD_DESCRIPTOR(_itf, _strix, _epout, _epin, _epint, _epsize) \
     TUD_SMARTCARD_DESCRIPTOR_2EP(_itf, _strix, _epout, _epin, _epsize)

src/version.c

@@ -0,0 +1,23 @@
+/*
+ * This file is part of the Pico Keys SDK distribution (https://github.com/polhenarejos/pico-keys-sdk).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include "pico_keys.h"
+#include "pico_keys_version.h"
+
+const uint8_t PICO_PRODUCT = 0;
+const uint8_t PICO_VERSION_MAJOR = PICO_KEYS_SDK_VERSION_MAJOR;
+const uint8_t PICO_VERSION_MINOR = PICO_KEYS_SDK_VERSION_MINOR;