From ff682d6b5e532e084ea6ea729dc0b61cb7e0483b Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Nov 2018 11:50:51 -0500 Subject: [PATCH 1/4] remove debug statements --- fido2/ctap.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index f43e73c..8ac0a7a 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1368,13 +1368,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) length--; uint8_t * buf = resp->data; - printf1(TAG_GREEN, "lastcmd0 = 0x%02x\r\n", getAssertionState.lastcmd); cbor_encoder_init(&encoder, buf, resp->data_size, 0); printf1(TAG_CTAP,"cbor input structure: %d bytes\n", length); printf1(TAG_DUMP,"cbor req: "); dump_hex1(TAG_DUMP, pkt_raw, length); - printf1(TAG_GREEN, "lastcmd1 = 0x%02x\r\n", getAssertionState.lastcmd); switch(cmd) { @@ -1477,7 +1475,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp) done: device_set_status(CTAPHID_STATUS_IDLE); getAssertionState.lastcmd = cmd; - printf1(TAG_GREEN, "lastcmd = 0x%02x\r\n", getAssertionState.lastcmd); if (status != CTAP1_ERR_SUCCESS) { From eb4a29edc6df7eded990648036ba33c3bd8d9b95 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Nov 2018 11:51:11 -0500 Subject: [PATCH 2/4] update pc build --- pc/device.c | 52 +++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/pc/device.c b/pc/device.c index fb4d3dc..94d47a0 100644 --- a/pc/device.c +++ b/pc/device.c @@ -14,10 +14,23 @@ #include "cbor.h" #include "util.h" #include "log.h" +#include "ctaphid.h" void authenticator_initialize(); +uint32_t __device_status = 0; +void device_set_status(int status) +{ + if (status != CTAPHID_STATUS_IDLE && __device_status != status) + { + ctaphid_update_status(status); + } + __device_status = status; +} + + + int udp_server() { int fd; @@ -211,15 +224,12 @@ int ctap_generate_rng(uint8_t * dst, size_t num) perror("fopen"); exit(1); } - ret = fread(dst, 1, num, urand); - fclose(urand); - - if (ret != num) + if (fread(dst, 1, num, urand) != num) { - perror("fwrite"); - exit(1); + perror("fread"); } - /*memset(dst,0xaa,num);*/ + + fclose(urand); return 1; } @@ -410,7 +420,31 @@ void authenticator_initialize() } } -void manage_device() +void device_manage() { - + } + +void ctap_reset_rk() +{ +} + +uint32_t ctap_rk_size() +{ + printf("Warning: rk not implemented\n"); + return 0; +} +void ctap_store_rk(int index,CTAP_residentKey * rk) +{ + printf("Warning: rk not implemented\n"); +} +void ctap_load_rk(int index,CTAP_residentKey * rk) +{ + printf("Warning: rk not implemented\n"); +} +void ctap_overwrite_rk(int index,CTAP_residentKey * rk) +{ + printf("Warning: rk not implemented\n"); +} + + From d402df42e2219db8860167adc5b5857abbba0cd7 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Nov 2018 11:51:38 -0500 Subject: [PATCH 3/4] remove un-used recipes --- Makefile | 25 +++++-------------------- README.md | 12 ++++-------- 2 files changed, 9 insertions(+), 28 deletions(-) diff --git a/Makefile b/Makefile index c01b08f..54b292a 100644 --- a/Makefile +++ b/Makefile @@ -34,13 +34,7 @@ CFLAGS += -DAES256=1 name = main .PHONY: all -all: python-fido2 main - -.PHONY: test -test: - $(MAKE) -C . main - $(MAKE) -C . testgcm - ./testgcm +all: main tinycbor/Makefile crypto/tiny-AES-c/aes.c: git submodule update --init @@ -51,6 +45,9 @@ cbor: $(LIBCBOR) $(LIBCBOR): tinycbor/Makefile cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8 +test: + $(MAKE) -C . main + .PHONY: efm8prog efm8prog: cd './targets/efm8\Keil 8051 v9.53 - Debug' && $(MAKE) all @@ -70,13 +67,6 @@ efm32bootprog: efm32com $(name): $(obj) $(LIBCBOR) $(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS) -crypto/aes-gcm/aes_gcm.o: - $(CC) -c crypto/aes-gcm/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes-gcm/aes_gcm.o - -testgcm: $(obj) $(LIBCBOR) crypto/aes-gcm/aes_gcm.o - $(CC) -c fido2/main.c $(CFLAGS) -DTEST -o fido2/main.o - $(CC) $(LDFLAGS) -o $@ $^ $(LDFLAGS) - uECC.o: ./crypto/micro-ecc/uECC.c $(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(platform) -I./crypto/micro-ecc/ @@ -94,10 +84,6 @@ venv: virtualenv venv ./venv/bin/pip install wheel -.PHONY: python-fido2 -python-fido2: venv - cd python-fido2/ && ../venv/bin/python setup.py install - venv/bin/mkdocs: venv ./venv/bin/pip install mkdocs mkdocs-material @@ -110,10 +96,9 @@ fido2-test: ./venv/bin/python tools/ctap_test.py clean: - rm -f *.o main.exe main testgcm $(obj) + rm -f *.o main.exe main $(obj) for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \ if [ -f "$$f" ]; then \ (cd `dirname $$f` ; git checkout -- .) ;\ fi ;\ done - rm -rf venv diff --git a/README.md b/README.md index 2465d31..2b051b4 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,6 @@ us by [signing up for our Kickstarter](https://solokeys.com/kickstarter). Our a bulk order and provide open source security tokens for everyone that is interested. We will offer "hackable" tokens that come with USB bootloaders and are reprogrammable. -[Sign up here](https://solokeys.com/kickstarter)! - # Setting up @@ -53,10 +51,8 @@ Clone solo and build it ```bash git clone --recurse-submodules https://github.com/SoloKeysSec/solo cd solo/ - git submodules init git submodules update - make all ``` @@ -72,7 +68,7 @@ not a hardware authenticator. Install Yubico's fork to do that. The application is set up to send and recv USB HID messages over UDP to ease development and reduce need for hardware. -Testing can be done using our fork of Yubico's client software, `python-fido2`. +Testing can be done using our fork of Yubico's client software, `python-fido2`. Our fork of `python-fido2` has small changes to make it send USB HID over UDP to the authenticator application. @@ -85,13 +81,13 @@ Run FIDO 2 / U2F application. Run example client software. This runs through a registration and authentication. ``` -./venv/bin/python python-fido2/examples/credential.py +python python-fido2/examples/credential.py ``` -Run the FIDO2 tests. +Run our FIDO2 tests. ``` -make fido2-test +python tools/ctap_test.py ``` Follow specifications to really dig in. From 296d2e6c747b375a1bcd348b2b606dc43196f8a9 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Fri, 23 Nov 2018 11:51:54 -0500 Subject: [PATCH 4/4] fix issues with tests --- tools/ctap_test.py | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/tools/ctap_test.py b/tools/ctap_test.py index 4011032..76f981f 100644 --- a/tools/ctap_test.py +++ b/tools/ctap_test.py @@ -59,6 +59,7 @@ class Packet(object): class Tester(): def __init__(self,): self.origin = 'https://examplo.org' + self.host = 'examplo.org' def find_device(self,): print (list(CtapHidDevice.list_devices())) @@ -390,17 +391,18 @@ class Tester(): def test_fido2_simple(self, pin_token=None): creds = [] exclude_list = [] - rp = {'id': self.origin, 'name': 'ExaRP'} + rp = {'id': self.host, 'name': 'ExaRP'} user = {'id': b'usee_od', 'name': 'AB User'} challenge = 'Y2hhbGxlbmdl' PIN = pin_token - fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring() - fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring() + fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tobytes() + fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tobytes() exclude_list.append({'id': fake_id1, 'type': 'public-key'}) exclude_list.append({'id': fake_id2, 'type': 'public-key'}) + print('MC') t1 = time.time() * 1000 attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = []) t2 = time.time() * 1000 @@ -421,7 +423,7 @@ class Tester(): def test_fido2_brute_force(self): creds = [] exclude_list = [] - rp = {'id': 'examplo.org', 'name': 'ExaRP'} + rp = {'id': self.host, 'name': 'ExaRP'} user = {'id': b'usee_od', 'name': 'AB User'} PIN = None abc = 'abcdefghijklnmopqrstuvwxyz' @@ -471,7 +473,7 @@ class Tester(): def test(self,pincode=None): creds = [] exclude_list = [] - rp = {'id': 'examplo.org', 'name': 'ExaRP'} + rp = {'id': self.host, 'name': 'ExaRP'} user = {'id': b'usee_od', 'name': 'AB User'} challenge = 'Y2hhbGxlbmdl' PIN = pincode @@ -587,15 +589,14 @@ class Tester(): print('MC using wrong pin') try: self.test_fido2_simple('abcd3'); - except CtapError as e: - assert(e.code == CtapError.ERR.PIN_INVALID) except ClientError as e: assert(e.cause.code == CtapError.ERR.PIN_INVALID) print('PASS') - print('Reboot device and hit enter') - input() - self.find_device() + print('get info') + inf = self.ctap.get_info() + print('PASS') + self.test_fido2_simple(PIN); print('Re-run make_credential and get_assertion tests with pin code') @@ -610,7 +611,7 @@ class Tester(): def test_rk(self, ): creds = [] - rp = {'id': 'examplo.org', 'name': 'ExaRP'} + rp = {'id': self.host, 'name': 'ExaRP'} user0 = {'id': b'first one', 'name': 'single User'} users = [{'id': b'user' + os.urandom(16), 'name': 'AB User'} for i in range(0,2)] @@ -681,7 +682,7 @@ class Tester(): def test_responses(self,): PIN = '1234' - RPID = 'examplo2.org' + RPID = self.host for dev in (CtapHidDevice.list_devices()): print('dev',dev) client = Fido2Client(dev, RPID) @@ -776,12 +777,12 @@ def test_find_brute_force(): if __name__ == '__main__': t = Tester() - #t.find_device() + t.find_device() # t.test_hid() # t.test_long_ping() - #t.test_fido2() + t.test_fido2() #t.test_rk() - t.test_responses() + #t.test_responses() # test_find_brute_force() #t.test_fido2_simple() #t.test_fido2_brute_force()