Version 4.0 EdDSA 1

This release brings EdDSA to version 4.0.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v4.0...v4.0-eddsa1

Version 4.0

This major release includes several enhancements, with the most important: support for ESP32-S3 boards!

New

• It supports ESP32-S3 boards. Apart from Raspberry Pico boards, Pico HSM can also be flashed onto ESP32-S3 boards, which add natively secure boot and flash encryption.
• VID & PID can be changed on-the-fly with pico-hsm-tool.py.
• pico-hsm-tool.py implements a rescue Pico HSM, which is able to communicate with a Pico HSM not recognized by OS due to bad VID & PID values.
• Added support for Web CCID interface.
• Added support for AES-ECB, AES-CBC with custom IV, AES-OFB, AES-CFB, AES-GCM, AES-CCM, AES-CTR and AES-XTS.
• Added support for CMAC.
• Added support for APDU chaining.

Enhancements

• Added support for OpenSC 0.25.1
• Added -DVIDPID=value flag to build with known VID/PID from known vendors.
• Added keygen command to pico-hsm-tool.py for X25519 and X448 key generation.
• Enable/disable Web CCID interface on-the-fly.
• Added support for EF.DIR AID list.

Changes

• MbedTLS 3.6
• Pull request #40 : Enable/disable BOOTSEL button only by clicking the button.
• ASN.1 parsing and structs.
• New DKEK return format.
• Increased memory pages for handling more files at same time.

Bugfixes

• Fix #43 : listing keys if multiple of 12.
• Fix Windows emulation.
• Fix CVC outer signature length.
• Fix LE computation with wrapped APDU (secure channel).
• Fix asymmetric key exchange.
• Fix byte override with chained response APDU.
• Fix SM wrap for large response APDU (secure channel).
• Fix ATR overwrite.
• Fix PRKD on key unwrap.
• Fix Apple emulation.
• Fix chained responses.
• Fix read binary permissions.
• Fix EF.DIR type identification.

What's Changed

• Security fix for issue 39 by @fastchain in #40
• Fix for multiples of 64 bytes on cmd_list_keys by @al-heisner in #43

New Contributors

• @fastchain made their first contribution in #40
• @al-heisner made their first contribution in #43

Full Changelog: v3.6...v4.0

Version 3.6

This release includes new features:

New

• 4 new supported boards.
• AES algorithms: ECB, CBC with custom IV, OFB, CFB, XTS, CTR, CCM and GCM.
• mbedTLS 3.5
• BIP and SLIP to support crypto wallets. It supports infinite hierarchical deterministic (HD) key derivation.
• Added support for asymmetric and symmetric (SLIP-0021) deterministic derivations.
• Added support for HD symmetric ciphering.
• Added EdDSA support (see separate branch and releases).
• Added support for Ed25519 and Ed448 (see separate branch and releases).
• Added --silent flag to pico-hsm tool initialization.

Enhancements

• Self-signed CVC during the first initialization.
• Added DV to PUK store.
• CVCA is also uploaded for improve PKA.
• Added support for TokenInfo and StaticTokenInfo files.
• Added PKA tests.
• Added XKEK tests.
• Added key domain tests.
• Added DKEK import in key domain tests.
• If public point is not found, it is automatically calculated.
• Added counters, algorithms and key domain in key generation tests.
• Added key wrapping and unwrapping tests.
• Check bad tag in Chachapoly.
• Added Chachapoly tests.
• Added PRKD for AES too.
• Added AES EXT tests.
• Added AES XTS with and without IV.
• Added BIP and SLIP tests.
• Added HD signature tests.
• Added HD symmetric ciphering tests.
• Added PKCS11 tests.
• Added PKCS11-tool tests.
• Added support for Pico W leds.

Changes

• If no key domain is specified, 0 is used by default.
• If a key does not belong to any key domain, it cannot be wrapped.
• PRKD is generated at every import (it can be replaced afterwards).
• Signatures are allowed using key device.
• Accept arbitrary SO-PIN length on reset retry.
• New format for applet selection.
• User must log in after DKEK import.
• Pico HSM SDK is renamed to Pico Keys SDK.
• If an applet is not selected, it returns NOT_FOUND on every command.

Fixes

• PUK initialization.
• PUK reset.
• PUK enabling.
• PUK status.
• PUK authentication.
• ECDH zeroing.
• Potential crash on deleting file.
• Return error when non-initialized key domain is deleted.
• Before wrapping, check DKEK is configured correctly.
• Check key domain reinitialization.
• Key domain check.
• Wrapping EC points.
• Race condition.
• Fixed #22.
• Chachapoly encryption.
• Overflow when importing AES XTS key.
• Fix key size of terminal CVC.
• PRKD for AES.
• AES EXT encoding.
• AES XTS call.
• Return error on reading binary with bad offset.
• Memory free on error for BIP & SLIP command.
• Deriving nodes with retries.
• AES derivation (HKDF).
• Get RTC with pico-hsm tool.
• Fix G point CVC export.
• Sending binary files when ne=0.
• File chunking.
• Key domain deletion.
• DKEK import when user is not logged.
• Potential freeze.

Version 3.6 EdDSA 1

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Version 3.4

This is maintenance release.

It includes the following enhancements:

Enhancements

• Improved interface with Windows. It includes CCID GET, SET and RESET USB commands.

• Added automatized test suite for CI/CD which enables fast finding bugs.

• Added support for RSA-PKCSv15-SHA224, RSA-PKCSv15-SHA384 and RSA-PKCSv15-SHA512.

• Added support for RSA-PSS-SHA224, RSA-PSS-SHA384 and RSA-PSS-SHA512.

• Upgraded to MbedTLS v3.3.0.

• Upgraded to Pico SDK v1.5.

and the following fixes:

Fixes

• Fixed HMAC calculation.
• Fixed return code on key domain deletion.
• Fixed return code for existing key domain.
• Fixed shared secret return.
• Fixed EE_CERTIFICATE creation on key import.
• Added safety checks on key import.
• Fixed EC public key calculation on key import.
• Fixed asymmetric decryption with OAEP. It supports SHA-256.
• List PRKD if exist.
• Fixed signature calculation for secp521r1.
• Fixed ECDSA-SHA384 and ECDSA-SHA512.
• Fixed large key export.
• Fixed DKEK import.
• Fixed twice DKEK import.
• Fixed credentials permission on DKEK import.

Version 3.2

This release adds the following enhancements:

Enhancements

• Secure lock and unlock to protect the master key from low entropy PIN numbers.
• Added support for ChaChaPoly.
• Added support for Curve25519 and Curve448.
• Added symmetric derivation.
• Added support for HKDF.
• Added support for PBKDF2.
• Added support for X963KDF.
• Added support for HMAC with SHA-1 and SHA-2 families.
• Added support for SO-PIN change.

Bug fixes

And the following bug fixes:

• Bad cofactor return with CVC.
• Bad CVC construction if self-signature fails.
• Bad CVC for Koblitz curves.
• Bug on keypair generation when Ne=0.
• Bug on memory free when keypair generation for ECC.
• Bug when secure message cannot processed.
• Bug with general authentication with AES.
• Bug when multiple card off are sent.
• Bug when no ASN1 tag is found.
• Bug when +2 chunks are chained.
• Bug with secure channel without payload.

What's Changed

• Small fixes by @rrottmann in #10

Full Changelog: v3.0...v3.2

Version 3.0

This is a major release.

New tool: pico-hsm-tool.py

It initializes the Pico HSM device and manages multiple options:

• First time of usage, the device must be initialized with this tool to upload the signed device certificate, attestated by an external PKI.
• It performs a report to attestate any key of the device, imported or generated inside.
• It sets and gets the datetime for Real Time Clock operations.
• It allows to modify dynamic options, like enable/disable press-to-confirm button or internal key usage counter for every key.

Internal security refactoring

Previously, the device used the PIN to encrypt safely the stored private and secret keys. However, with the addition of PKA, which does not use PIN, the internal keys were vulnerable, as they were not encrypted with a random passphrase. To solve it, a new method is added.
When the device is initialized with pico-hsm-tool, a unique device certificate is uploaded based on an internal device key (key id 0). This initial key is used to attestate the rest of the keys generated by the user and all of them are encrypted safely with a PIN provided during the initialization.
After this first initialization, the device can also be reinitialized to enable other advanced features, such as PKA.

XKEK

XKEK is a new way to exchange secret and private keys between two Pico HSM devices, in a more sophisticated and secure way. Previously, with DKEK, the keys were exported and encrypted with a secret, shared between all the participations. However, it may break the security is the secret is compromised.

With XKEK, the Pico HSM creates a secure zone (named key domain), where a certificate from a specific Pico HSM device is imported. Then, all keys generated and exported from/to this domain are tied to these Pico HSM devices. These keys cannot leave the domain without creating another domain. Definitively XKEK adds a more robust and secure way to exchange keys.

MKEK

A Master Key Encryption Key (MKEK) is added to the device. This MKEK is generated the first time is initialized and is encrypted with a PIN. MKEK is used to encrypt all generated keys, keeping them safe from unauthorized memory dumps. Though a Pico HSM is an open hardware platform that can be examined by an attacker and dump its flash memory, all keys are encrypted with the MKEK, which is in turn encrypted with PIN.

Other enhancements:

• Upgraded to Pico SDK 1.4
• Added ECDH algorithms for XKEK
• Added key usage counter to link a usage counter for every generated key. It can be used to audit a particular key.
• Using mbedtls_zeroize to zeroing memory zones.
• Device key uses SECP256R1 key.
• Removed 3DES support as it is considered insecure.
• Added a persistent memory zone, which survives after multiple reinitializations.
• Upgraded to Mbedtls 3.2.1

Bug fixes:

• CVC are self-signed (chr=car) by default.
• Fix DKEK status report on multiple boots.
• Fix DKEK deletion.
• Fix wrap/unwrap keys with specific allowed algorithms.
• Fix VID/PID patcher.
• Fix session with SO-PIN.
• Fix changing SO-PIN.

Version 2.6

This release introduces key purposes. When creating a new secret/private key, it can be attached to a particular purpose (sign, checksum, decryption, wrap, etc.). If an algorithm is called to a particular key without the respective purpose, an exception will be thrown.

It also contains some enhancements on setting PKA with PIN jointly (extremely recommended).

Enhancements:

• Added key purposes.
• Added support for PKA and PIN jointly.
• Disabled debug, which boosts the speed.
• Upgraded to PICO SDK v1.4 and added new boards.
• Bugfixes.

Full Changelog: v2.4...v2.6

Version 2.4

This release contains a major enhancement: Public Key Authentication (PKA). This mechanism replaces the need of using a PIN. Instead, it uses a private/public key pairs from another trusted device (a Pico HSM or Pico OpenPGP).

Enhancements:

• Added Public Key Authentication.
• Cache and storage of 3rd-party public keys.
• Improved interoperability between multiple Pico HSM devices.
• Added PSO command.
• Bugfixes.

Full Changelog: v2.2...v2.4

Version 2.2

This version implements a new CCID stack to reduce the original file size by a 30%. It implements only those features that are used by the Pico HSM. In parallel, MbedTLS is also reconfigured to enable only the required algorithms.

Version 2.2 has the following enhancements:

• Key domains: it supports up to 16 different key domains, with their own DKEK and private/secret keys. Key domains can be used with SCS3 tool.
• Key usage counter: when the counter is enabled, the key can be used only n times before being disabled. It allows to limit the use of a key and perform and audit of its usage. The counter is reduced by 1 every time the key is used for signing, decrypting or deriving.
• Optional key usage counter for all keys: when enabled, all generated keys are attached to a counter with the initial value of 2^32-1 (FFFFFFFEh) to track its usage.
• PIN DKEK is encrypted with a random IV.
• DKEK consistency with internal CRC.
• Removed dependency with Gnuk and OpenSC.
• Many fixes.

Full Changelog: v2.0...v2.2