Merge pull request #33 from SoloKeysSec/fix-pc

Fix pc

Makefile

@@ -34,13 +34,7 @@ CFLAGS += -DAES256=1
 name = main
 
 .PHONY: all
-all: python-fido2 main
-
-.PHONY: test
-test:
-	$(MAKE) -C . main
-	$(MAKE) -C . testgcm
-	./testgcm
+all: main
 
 tinycbor/Makefile crypto/tiny-AES-c/aes.c:
 	git submodule update --init
@@ -51,6 +45,9 @@ cbor: $(LIBCBOR)
 $(LIBCBOR): tinycbor/Makefile
 	cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8
 
+test:
+	$(MAKE) -C . main
+
 .PHONY: efm8prog
 efm8prog:
 	cd './targets/efm8\Keil 8051 v9.53 - Debug' && $(MAKE) all
@@ -70,13 +67,6 @@ efm32bootprog: efm32com
 $(name): $(obj) $(LIBCBOR)
 	$(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS)
 
-crypto/aes-gcm/aes_gcm.o:
-	$(CC) -c crypto/aes-gcm/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes-gcm/aes_gcm.o
-
-testgcm: $(obj) $(LIBCBOR) crypto/aes-gcm/aes_gcm.o
-	$(CC) -c fido2/main.c $(CFLAGS) -DTEST -o fido2/main.o
-	$(CC) $(LDFLAGS) -o $@ $^ $(LDFLAGS)
-
 uECC.o: ./crypto/micro-ecc/uECC.c
 	$(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(platform) -I./crypto/micro-ecc/
 
@@ -94,10 +84,6 @@ venv:
 	virtualenv venv
 	./venv/bin/pip install wheel
 
-.PHONY: python-fido2
-python-fido2: venv
-	cd python-fido2/ && ../venv/bin/python setup.py install
-
 venv/bin/mkdocs: venv
 	./venv/bin/pip install mkdocs mkdocs-material
 
@@ -110,10 +96,9 @@ fido2-test:
 	./venv/bin/python tools/ctap_test.py
 
 clean:
-	rm -f *.o main.exe main testgcm $(obj)
+	rm -f *.o main.exe main $(obj)
 	for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \
 	    if [ -f "$$f" ]; then \
 	    	(cd `dirname $$f` ; git checkout -- .) ;\
 	    fi ;\
 	done
-	rm -rf venv

README.md

@@ -43,8 +43,6 @@ us by [signing up for our Kickstarter](https://solokeys.com/kickstarter).  Our a
 bulk order and provide open source security tokens for everyone that is interested.  We will offer 
 "hackable" tokens that come with USB bootloaders and are reprogrammable.
 
-[Sign up here](https://solokeys.com/kickstarter)!
-
 
 # Setting up
 
@@ -53,10 +51,8 @@ Clone solo and build it
 ```bash
 git clone --recurse-submodules https://github.com/SoloKeysSec/solo
 cd solo/
-
 git submodules init
 git submodules update
-
 make all
 ```
 
@@ -72,7 +68,7 @@ not a hardware authenticator.  Install Yubico's fork to do that.
 The application is set up to send and recv USB HID messages over UDP to ease
 development and reduce need for hardware.
 
-Testing can be done using our fork of Yubico's client software, `python-fido2`.  
+Testing can be done using our fork of Yubico's client software, `python-fido2`.
 Our fork of `python-fido2` has small changes to make it send
 USB HID over UDP to the authenticator application.
 
@@ -85,13 +81,13 @@ Run FIDO 2 / U2F application.
 Run example client software.  This runs through a registration and authentication.
 
 ```
-./venv/bin/python python-fido2/examples/credential.py
+python python-fido2/examples/credential.py
 ```
 
-Run the FIDO2 tests.
+Run our FIDO2 tests.
 
 ```
-make fido2-test
+python tools/ctap_test.py
 ```
 
 Follow specifications to really dig in.

fido2/ctap.c

@@ -1368,13 +1368,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
     length--;
 
     uint8_t * buf = resp->data;
-    printf1(TAG_GREEN, "lastcmd0 = 0x%02x\r\n", getAssertionState.lastcmd);
 
     cbor_encoder_init(&encoder, buf, resp->data_size, 0);
 
     printf1(TAG_CTAP,"cbor input structure: %d bytes\n", length);
     printf1(TAG_DUMP,"cbor req: "); dump_hex1(TAG_DUMP, pkt_raw, length);
-    printf1(TAG_GREEN, "lastcmd1 = 0x%02x\r\n", getAssertionState.lastcmd);
 
     switch(cmd)
     {
@@ -1477,7 +1475,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
 done:
     device_set_status(CTAPHID_STATUS_IDLE);
     getAssertionState.lastcmd = cmd;
-    printf1(TAG_GREEN, "lastcmd = 0x%02x\r\n", getAssertionState.lastcmd);
 
     if (status != CTAP1_ERR_SUCCESS)
     {

pc/device.c

@@ -14,10 +14,23 @@
 #include "cbor.h"
 #include "util.h"
 #include "log.h"
+#include "ctaphid.h"
 
 
 void authenticator_initialize();
 
+uint32_t __device_status = 0;
+void device_set_status(int status)
+{
+    if (status != CTAPHID_STATUS_IDLE && __device_status != status)
+    {
+        ctaphid_update_status(status);
+    }
+    __device_status = status;
+}
+
+
+
 int udp_server()
 {
     int fd;
@@ -211,15 +224,12 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
         perror("fopen");
         exit(1);
     }
-    ret = fread(dst, 1, num, urand);
-    fclose(urand);
-
-    if (ret != num)
+    if (fread(dst, 1, num, urand) != num)
     {
-        perror("fwrite");
-        exit(1);
+        perror("fread");
     }
-    /*memset(dst,0xaa,num);*/
+
+    fclose(urand);
 
     return 1;
 }
@@ -410,7 +420,31 @@ void authenticator_initialize()
     }
 }
 
-void manage_device()
+void device_manage()
 {
-    
+
 }
+
+void ctap_reset_rk()
+{
+}
+
+uint32_t ctap_rk_size()
+{
+    printf("Warning: rk not implemented\n");
+    return 0;
+}
+void ctap_store_rk(int index,CTAP_residentKey * rk)
+{
+    printf("Warning: rk not implemented\n");
+}
+void ctap_load_rk(int index,CTAP_residentKey * rk)
+{
+    printf("Warning: rk not implemented\n");
+}
+void ctap_overwrite_rk(int index,CTAP_residentKey * rk)
+{
+    printf("Warning: rk not implemented\n");
+}
+
+

tools/ctap_test.py

@@ -59,6 +59,7 @@ class Packet(object):
 class Tester():
     def __init__(self,):
         self.origin = 'https://examplo.org'
+        self.host = 'examplo.org'
 
     def find_device(self,):
         print (list(CtapHidDevice.list_devices()))
@@ -390,17 +391,18 @@ class Tester():
     def test_fido2_simple(self, pin_token=None):
         creds = []
         exclude_list = []
-        rp = {'id': self.origin, 'name': 'ExaRP'}
+        rp = {'id':  self.host, 'name': 'ExaRP'}
         user = {'id': b'usee_od', 'name': 'AB User'}
         challenge = 'Y2hhbGxlbmdl'
         PIN = pin_token
 
-        fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring()
-        fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring()
+        fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tobytes()
+        fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tobytes()
 
         exclude_list.append({'id': fake_id1, 'type': 'public-key'})
         exclude_list.append({'id': fake_id2, 'type': 'public-key'})
 
+        print('MC')
         t1 = time.time() * 1000
         attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
         t2 = time.time() * 1000
@@ -421,7 +423,7 @@ class Tester():
     def test_fido2_brute_force(self):
         creds = []
         exclude_list = []
-        rp = {'id': 'examplo.org', 'name': 'ExaRP'}
+        rp = {'id': self.host, 'name': 'ExaRP'}
         user = {'id': b'usee_od', 'name': 'AB User'}
         PIN = None
         abc = 'abcdefghijklnmopqrstuvwxyz'
@@ -471,7 +473,7 @@ class Tester():
         def test(self,pincode=None):
             creds = []
             exclude_list = []
-            rp = {'id': 'examplo.org', 'name': 'ExaRP'}
+            rp = {'id': self.host, 'name': 'ExaRP'}
             user = {'id': b'usee_od', 'name': 'AB User'}
             challenge = 'Y2hhbGxlbmdl'
             PIN = pincode
@@ -587,15 +589,14 @@ class Tester():
         print('MC using wrong pin')
         try:
             self.test_fido2_simple('abcd3');
-        except CtapError as e:
-            assert(e.code == CtapError.ERR.PIN_INVALID)
         except ClientError as e:
             assert(e.cause.code == CtapError.ERR.PIN_INVALID)
         print('PASS')
 
-        print('Reboot device and hit enter')
-        input()
-        self.find_device()
+        print('get info')
+        inf = self.ctap.get_info()
+        print('PASS')
+
         self.test_fido2_simple(PIN);
 
         print('Re-run make_credential and get_assertion tests with pin code')
@@ -610,7 +611,7 @@ class Tester():
 
     def test_rk(self, ):
         creds = []
-        rp = {'id': 'examplo.org', 'name': 'ExaRP'}
+        rp = {'id': self.host, 'name': 'ExaRP'}
         user0 = {'id': b'first one', 'name': 'single User'}
 
         users = [{'id': b'user' + os.urandom(16), 'name': 'AB User'} for i in range(0,2)]
@@ -681,7 +682,7 @@ class Tester():
 
     def test_responses(self,):
         PIN = '1234'
-        RPID = 'examplo2.org'
+        RPID = self.host
         for dev in (CtapHidDevice.list_devices()):
             print('dev',dev)
             client = Fido2Client(dev, RPID)
@@ -776,12 +777,12 @@ def test_find_brute_force():
 
 if __name__ == '__main__':
     t = Tester()
-    #t.find_device()
+    t.find_device()
     # t.test_hid()
     # t.test_long_ping()
-    #t.test_fido2()
+    t.test_fido2()
     #t.test_rk()
-    t.test_responses()
+    #t.test_responses()
     # test_find_brute_force()
     #t.test_fido2_simple()
     #t.test_fido2_brute_force()