From 6069cf949bc0994f733581eb75cd5b83e117b6e4 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Tue, 11 Mar 2025 19:05:28 +0100
Subject: [PATCH] ES256K1 is disabled by default for compatibility. It can be
 enabled via Pico Commissioner.

Fixes #109.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 pico-keys-sdk                   | 2 +-
 src/fido/cbor_get_info.c        | 7 ++++++-
 src/fido/cbor_make_credential.c | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/pico-keys-sdk b/pico-keys-sdk
index 2c3fe5b..7191cda 160000
--- a/pico-keys-sdk
+++ b/pico-keys-sdk
@@ -1 +1 @@
-Subproject commit 2c3fe5bebf6cf6a9a5fb9c685aa744529c8548cb
+Subproject commit 7191cda6d330ceb474769edbf56c80c598018082
diff --git a/src/fido/cbor_get_info.c b/src/fido/cbor_get_info.c
index bd554bb..b6e277a 100644
--- a/src/fido/cbor_get_info.c
+++ b/src/fido/cbor_get_info.c
@@ -102,6 +102,9 @@ int cbor_get_info() {
 #ifdef MBEDTLS_EDDSA_C
     curves++;
 #endif
+    if (phy_data.enabled_curves & PHY_CURVE_SECP256K1) {
+        curves++;
+    }
     CBOR_CHECK(cbor_encoder_create_array(&mapEncoder, &arrayEncoder, curves));
     CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256, &arrayEncoder, &mapEncoder2));
 #ifdef MBEDTLS_EDDSA_C
@@ -109,7 +112,9 @@ int cbor_get_info() {
 #endif
     CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES384, &arrayEncoder, &mapEncoder2));
     CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES512, &arrayEncoder, &mapEncoder2));
-    CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256K, &arrayEncoder, &mapEncoder2));
+    if (!phy_data.enabled_curves_present || (phy_data.enabled_curves & PHY_CURVE_SECP256K1)) {
+        CBOR_CHECK(COSE_public_key(FIDO2_ALG_ES256K, &arrayEncoder, &mapEncoder2));
+    }
 
     CBOR_CHECK(cbor_encoder_close_container(&mapEncoder, &arrayEncoder));
 
diff --git a/src/fido/cbor_make_credential.c b/src/fido/cbor_make_credential.c
index b3ad957..34eb30b 100644
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@@ -217,7 +217,7 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
                 curve = FIDO2_CURVE_P521;
             }
         }
-        else if (pubKeyCredParams[i].alg == FIDO2_ALG_ES256K) {
+        else if (pubKeyCredParams[i].alg == FIDO2_ALG_ES256K && (phy_data.enabled_curves & PHY_CURVE_SECP256K1)) {
             if (curve <= 0) {
                 curve = FIDO2_CURVE_P256K1;
             }