Arduino/pico-fido
1
0
Fork 1
mirror of https://github.com/polhenarejos/pico-fido.git synced 2025-12-29 12:52:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
417 Commits 2 Branches 28 Tags
cb2744cab37bc845de9333434b6fcb618ba521e1
Commit Graph

417 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pol Henarejos
3f1aba889e Adding algorithms to get info. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-01 20:13:28 +01:00
Pol Henarejos
58fbea8929 Added a flag (--filename) to upload an enterprise attestation certificate. 
If this flag is not provided, an enteprise attestation certificate is automatically requested and uploaded.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-01 19:30:00 +01:00
Pol Henarejos
8bf53a6497 Return EA certificate if present. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-01 19:22:05 +01:00
Pol Henarejos
c89b044825 Added a subcommand to upload an enterprise certificate for enterprise attestation. 
If present, when requested enterpriseAttestation==2 for MC, this certificate is returned in the x5c field. If not present, a batch attestation is returned.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-01 19:21:45 +01:00
Pol Henarejos
004073c3dd Adding FID for Enterprise certificate. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-12-01 19:20:19 +01:00
Pol Henarejos
bae8450a8d Added first step to Enterprise Attestation. 
Once enabled, it allows to generate a CSR in the device, which is sent to our PKI. If valid, it returns a signed certificate by an intermediate CA that will be used for attestation.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-30 23:41:05 +01:00
Pol Henarejos
a355f87f82 Fix freeing memory on x509. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-30 23:37:34 +01:00
Pol Henarejos
b023668788 Moving pointer of HSM SDK (again). 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:55:51 +01:00
Pol Henarejos
1b6d1e4b7f Moving pointer of HSM SDK. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:52:05 +01:00
Pol Henarejos
3bea6adf7a Fix requesting CM permission in credMgmt preview. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:50:23 +01:00
Pol Henarejos
54c2df3570 Fix cred RP enumeration return value. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:41:51 +01:00
Pol Henarejos
ae42e28384 Added support for credMgmt preview, despite this info is not broadcasted. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:27:52 +01:00
Pol Henarejos
71c0e865dc Fixed RP attachment to token. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
v2.8 		2022-11-28 18:27:12 +01:00
Pol Henarejos
052ff2d60a Fix requesting a UV token. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 18:02:53 +01:00
Pol Henarejos
8b70c864a4 Added support for enterprise attestation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-28 17:39:21 +01:00
Pol Henarejos
765db0e98b Update README.md 
Added new features for version 2.6.
 2022-11-24 15:35:34 +01:00
Pol Henarejos
6b2e95deb0 Adding support for minPinLength extension. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 19:11:03 +01:00
Pol Henarejos
d45fa9aae0 Added support for setMinPinLength. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 17:01:18 +01:00
Pol Henarejos
23c7e16e6e Fix counting PIN retries. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 16:42:49 +01:00
Pol Henarejos
5923f435fe Add support for authenticatorConfig verification. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 15:24:09 +01:00
Pol Henarejos
04868f2d7b Added permissions support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-23 13:00:28 +01:00
Pol Henarejos
54c0769dbd Upgrading to version 2.4 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
v2.4 		2022-11-15 12:12:06 +01:00
Pol Henarejos
0bbcba2f60 Upgrade to version 2.4 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-15 11:59:46 +01:00
Pol Henarejos
723648173d Update README.md 2022-11-15 11:59:06 +01:00
Pol Henarejos
e6c128fe0d Linux uses the generic interface. Needs deep testing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-07 13:15:24 +01:00
Pol Henarejos
2174b516c3 Using ecdh interface from mbedtls. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-11-07 13:15:09 +01:00
Pol Henarejos
4577e4430c Moving AUT UNLOCK to Vendor command instead of using VendorConfig. 
To do this a MSE command is added, to manage a secure environment. It performs a ephemeral ECDH exchange to derive a shared secret that will be used by vendor commands to convey ciphered data.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-30 00:47:50 +02:00
Pol Henarejos
9a8f4c0f4d Moving to last pico-hsm-sdk to support Vendor command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-29 19:41:28 +02:00
Pol Henarejos
e21d985344 Adding support for specific vendor HID command (0x41). 
It is a self implementation, based on CBOR command.
data[0] conveys the command and the contents mapped in CBOR encoding.
The map uses the authConfig template, where the fist item in the map is the subcommand (enable/disable at this moment), the second is a map of the parameters, the third and fourth are the pinUvParam and pinUvProtocol.

With this format only a single vendor HID command is necessary (0x41), which will be used for all my own commands, by using the command id in data[0] like with CBOR.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-29 19:41:00 +02:00
Pol Henarejos
43cd8869f9 Adding support for backup. 
Now it is possible to backup and restore the internal keys to recover a pico fido. The process is splitted in two parts: a list of 24 words and a file, which stores the security key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-28 00:31:50 +02:00
Pol Henarejos
a42131876f Adding disable secure key. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-27 20:11:12 +02:00
Pol Henarejos
e1f4e3035d Adding first backend, for macOS. 
In macOS, a SECP256R1 key is generated locally and stored in the keyring.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-27 19:02:03 +02:00
Pol Henarejos
71ecb23af6 Adding support for disabling secure aut. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-24 00:04:55 +02:00
Pol Henarejos
8c21a2bbcd Adding command line parsing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-23 23:24:35 +02:00
Pol Henarejos
53cc16ab6d Preliminar test tool for device lock/unlock 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-19 18:33:11 +02:00
Pol Henarejos
f213854f8b Added unlock config command to unlock the device at every boot with an external key. 
Signed-off-by: trocotronic <trocotronic@redyc.com>
 2022-10-19 16:46:32 +02:00
Pol Henarejos
2c125e76eb Add ef of keydev encrypted. 
Signed-off-by: trocotronic <trocotronic@redyc.com>
 2022-10-19 16:46:31 +02:00
Pol Henarejos
19d8f16056 Clean struct before return. 
Signed-off-by: trocotronic <trocotronic@redyc.com>
 2022-10-19 16:46:31 +02:00
Pol Henarejos
40065217fd Add a config command to unlock. 
Signed-off-by: trocotronic <trocotronic@redyc.com>
 2022-10-19 16:46:31 +02:00
Pol Henarejos
32c938674a Adding pico-fido-tool for enabling some configs. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-17 17:37:54 +02:00
Pol Henarejos
4425722a71 Adding support for CBOR CONFIG. 
This first support includes a vendor command for encrypting the key device with external key.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-17 17:37:39 +02:00
Pol Henarejos
69eef7651c Adding EF_KEY_DEV_ENC. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-17 17:35:57 +02:00
Pol Henarejos
7f97ea4f24 Updating readme 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
v2.2 		2022-10-05 12:56:50 +02:00
Pol Henarejos
467523769e Upgrading version to v2.2. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-05 11:09:36 +02:00
Pol Henarejos
2d295d0d98 Fix severe bug zeroing outside memory. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-05 11:09:03 +02:00
Pol Henarejos
0758644583 Fix generic build 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-05 11:01:54 +02:00
Pol Henarejos
c3a5b8e708 Adding building script 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-05 06:55:32 +02:00
Pol Henarejos
b134d261ae Adding hid tests. They worked... meh 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-04 20:02:36 +02:00
Pol Henarejos
4f93b984cd Adding U2F tests. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-04 19:38:07 +02:00
Pol Henarejos
ea0547ef49 Adding tests for credProtect. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2022-10-04 17:29:47 +02:00