shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Merge pull request #33 from SoloKeysSec/fix-pc

Browse Source 
Fix pc
This commit is contained in:
Conor Patrick 2018-11-23 06:55:15 -05:00 committed by GitHub
commit 50f565895f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 68 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Makefile
View File

@ -34,13 +34,7 @@ CFLAGS += -DAES256=1
name = main name = main
.PHONY: all .PHONY: all
all: python-fido2 main all: main
.PHONY: test
test:
$(MAKE) -C . main
$(MAKE) -C . testgcm
./testgcm
tinycbor/Makefile crypto/tiny-AES-c/aes.c: tinycbor/Makefile crypto/tiny-AES-c/aes.c:
git submodule update --init git submodule update --init
@ -51,6 +45,9 @@ cbor: $(LIBCBOR)
$(LIBCBOR): tinycbor/Makefile $(LIBCBOR): tinycbor/Makefile
cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8 cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8
test:
$(MAKE) -C . main
.PHONY: efm8prog .PHONY: efm8prog
efm8prog: efm8prog:
cd './targets/efm8\Keil 8051 v9.53 - Debug' && $(MAKE) all cd './targets/efm8\Keil 8051 v9.53 - Debug' && $(MAKE) all
@ -70,13 +67,6 @@ efm32bootprog: efm32com
$(name): $(obj) $(LIBCBOR) $(name): $(obj) $(LIBCBOR)
$(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS) $(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS)
crypto/aes-gcm/aes_gcm.o:
$(CC) -c crypto/aes-gcm/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes-gcm/aes_gcm.o
testgcm: $(obj) $(LIBCBOR) crypto/aes-gcm/aes_gcm.o
$(CC) -c fido2/main.c $(CFLAGS) -DTEST -o fido2/main.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDFLAGS)
uECC.o: ./crypto/micro-ecc/uECC.c uECC.o: ./crypto/micro-ecc/uECC.c
$(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(platform) -I./crypto/micro-ecc/ $(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(platform) -I./crypto/micro-ecc/
@ -94,10 +84,6 @@ venv:
virtualenv venv virtualenv venv
./venv/bin/pip install wheel ./venv/bin/pip install wheel
.PHONY: python-fido2
python-fido2: venv
cd python-fido2/ && ../venv/bin/python setup.py install
venv/bin/mkdocs: venv venv/bin/mkdocs: venv
./venv/bin/pip install mkdocs mkdocs-material ./venv/bin/pip install mkdocs mkdocs-material
@ -110,10 +96,9 @@ fido2-test:
./venv/bin/python tools/ctap_test.py ./venv/bin/python tools/ctap_test.py
clean: clean:
rm -f *.o main.exe main testgcm $(obj) rm -f *.o main.exe main $(obj)
for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \ for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \
if [ -f "$$f" ]; then \ if [ -f "$$f" ]; then \
(cd `dirname $$f` ; git checkout -- .) ;\ (cd `dirname $$f` ; git checkout -- .) ;\
fi ;\ fi ;\
done done
rm -rf venv

12
README.md
View File

@ -43,8 +43,6 @@ us by [signing up for our Kickstarter](https://solokeys.com/kickstarter). Our a
bulk order and provide open source security tokens for everyone that is interested. We will offer bulk order and provide open source security tokens for everyone that is interested. We will offer
"hackable" tokens that come with USB bootloaders and are reprogrammable. "hackable" tokens that come with USB bootloaders and are reprogrammable.
[Sign up here](https://solokeys.com/kickstarter)!
# Setting up # Setting up
@ -53,10 +51,8 @@ Clone solo and build it
```bash ```bash
git clone --recurse-submodules https://github.com/SoloKeysSec/solo git clone --recurse-submodules https://github.com/SoloKeysSec/solo
cd solo/ cd solo/
git submodules init git submodules init
git submodules update git submodules update
make all make all
``` ```
@ -72,7 +68,7 @@ not a hardware authenticator. Install Yubico's fork to do that.
The application is set up to send and recv USB HID messages over UDP to ease The application is set up to send and recv USB HID messages over UDP to ease
development and reduce need for hardware. development and reduce need for hardware.
Testing can be done using our fork of Yubico's client software, `python-fido2`. Testing can be done using our fork of Yubico's client software, `python-fido2`.
Our fork of `python-fido2` has small changes to make it send Our fork of `python-fido2` has small changes to make it send
USB HID over UDP to the authenticator application. USB HID over UDP to the authenticator application.
@ -85,13 +81,13 @@ Run FIDO 2 / U2F application.
Run example client software. This runs through a registration and authentication. Run example client software. This runs through a registration and authentication.
``` ```
./venv/bin/python python-fido2/examples/credential.py python python-fido2/examples/credential.py
``` ```
Run the FIDO2 tests. Run our FIDO2 tests.
``` ```
make fido2-test python tools/ctap_test.py
``` ```
Follow specifications to really dig in. Follow specifications to really dig in.

3
fido2/ctap.c
View File

@ -1368,13 +1368,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
length--; length--;
uint8_t * buf = resp->data; uint8_t * buf = resp->data;
printf1(TAG_GREEN, "lastcmd0 = 0x%02x\r\n", getAssertionState.lastcmd);
cbor_encoder_init(&encoder, buf, resp->data_size, 0); cbor_encoder_init(&encoder, buf, resp->data_size, 0);
printf1(TAG_CTAP,"cbor input structure: %d bytes\n", length); printf1(TAG_CTAP,"cbor input structure: %d bytes\n", length);
printf1(TAG_DUMP,"cbor req: "); dump_hex1(TAG_DUMP, pkt_raw, length); printf1(TAG_DUMP,"cbor req: "); dump_hex1(TAG_DUMP, pkt_raw, length);
printf1(TAG_GREEN, "lastcmd1 = 0x%02x\r\n", getAssertionState.lastcmd);
switch(cmd) switch(cmd)
{ {
@ -1477,7 +1475,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
done: done:
device_set_status(CTAPHID_STATUS_IDLE); device_set_status(CTAPHID_STATUS_IDLE);
getAssertionState.lastcmd = cmd; getAssertionState.lastcmd = cmd;
printf1(TAG_GREEN, "lastcmd = 0x%02x\r\n", getAssertionState.lastcmd);
if (status != CTAP1_ERR_SUCCESS) if (status != CTAP1_ERR_SUCCESS)
{ {

52
pc/device.c
View File

@ -14,10 +14,23 @@
#include "cbor.h" #include "cbor.h"
#include "util.h" #include "util.h"
#include "log.h" #include "log.h"
#include "ctaphid.h"
void authenticator_initialize(); void authenticator_initialize();
uint32_t __device_status = 0;
void device_set_status(int status)
{
if (status != CTAPHID_STATUS_IDLE && __device_status != status)
{
ctaphid_update_status(status);
}
__device_status = status;
}
int udp_server() int udp_server()
{ {
int fd; int fd;
@ -211,15 +224,12 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
perror("fopen"); perror("fopen");
exit(1); exit(1);
} }
ret = fread(dst, 1, num, urand); if (fread(dst, 1, num, urand) != num)
fclose(urand);
if (ret != num)
{ {
perror("fwrite"); perror("fread");
exit(1);
} }
/*memset(dst,0xaa,num);*/
fclose(urand);
return 1; return 1;
} }
@ -410,7 +420,31 @@ void authenticator_initialize()
} }
} }
void manage_device() void device_manage()
{ {
} }
void ctap_reset_rk()
{
}
uint32_t ctap_rk_size()
{
printf("Warning: rk not implemented\n");
return 0;
}
void ctap_store_rk(int index,CTAP_residentKey * rk)
{
printf("Warning: rk not implemented\n");
}
void ctap_load_rk(int index,CTAP_residentKey * rk)
{
printf("Warning: rk not implemented\n");
}
void ctap_overwrite_rk(int index,CTAP_residentKey * rk)
{
printf("Warning: rk not implemented\n");
}

31
tools/ctap_test.py
View File

@ -59,6 +59,7 @@ class Packet(object):
class Tester(): class Tester():
def __init__(self,): def __init__(self,):
self.origin = 'https://examplo.org' self.origin = 'https://examplo.org'
self.host = 'examplo.org'
def find_device(self,): def find_device(self,):
print (list(CtapHidDevice.list_devices())) print (list(CtapHidDevice.list_devices()))
@ -390,17 +391,18 @@ class Tester():
def test_fido2_simple(self, pin_token=None): def test_fido2_simple(self, pin_token=None):
creds = [] creds = []
exclude_list = [] exclude_list = []
rp = {'id': self.origin, 'name': 'ExaRP'} rp = {'id': self.host, 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'} user = {'id': b'usee_od', 'name': 'AB User'}
challenge = 'Y2hhbGxlbmdl' challenge = 'Y2hhbGxlbmdl'
PIN = pin_token PIN = pin_token
fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring() fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tobytes()
fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring() fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tobytes()
exclude_list.append({'id': fake_id1, 'type': 'public-key'}) exclude_list.append({'id': fake_id1, 'type': 'public-key'})
exclude_list.append({'id': fake_id2, 'type': 'public-key'}) exclude_list.append({'id': fake_id2, 'type': 'public-key'})
print('MC')
t1 = time.time() * 1000 t1 = time.time() * 1000
attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = []) attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
t2 = time.time() * 1000 t2 = time.time() * 1000
@ -421,7 +423,7 @@ class Tester():
def test_fido2_brute_force(self): def test_fido2_brute_force(self):
creds = [] creds = []
exclude_list = [] exclude_list = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'} rp = {'id': self.host, 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'} user = {'id': b'usee_od', 'name': 'AB User'}
PIN = None PIN = None
abc = 'abcdefghijklnmopqrstuvwxyz' abc = 'abcdefghijklnmopqrstuvwxyz'
@ -471,7 +473,7 @@ class Tester():
def test(self,pincode=None): def test(self,pincode=None):
creds = [] creds = []
exclude_list = [] exclude_list = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'} rp = {'id': self.host, 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'} user = {'id': b'usee_od', 'name': 'AB User'}
challenge = 'Y2hhbGxlbmdl' challenge = 'Y2hhbGxlbmdl'
PIN = pincode PIN = pincode
@ -587,15 +589,14 @@ class Tester():
print('MC using wrong pin') print('MC using wrong pin')
try: try:
self.test_fido2_simple('abcd3'); self.test_fido2_simple('abcd3');
except CtapError as e:
assert(e.code == CtapError.ERR.PIN_INVALID)
except ClientError as e: except ClientError as e:
assert(e.cause.code == CtapError.ERR.PIN_INVALID) assert(e.cause.code == CtapError.ERR.PIN_INVALID)
print('PASS') print('PASS')
print('Reboot device and hit enter') print('get info')
input() inf = self.ctap.get_info()
self.find_device() print('PASS')
self.test_fido2_simple(PIN); self.test_fido2_simple(PIN);
print('Re-run make_credential and get_assertion tests with pin code') print('Re-run make_credential and get_assertion tests with pin code')
@ -610,7 +611,7 @@ class Tester():
def test_rk(self, ): def test_rk(self, ):
creds = [] creds = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'} rp = {'id': self.host, 'name': 'ExaRP'}
user0 = {'id': b'first one', 'name': 'single User'} user0 = {'id': b'first one', 'name': 'single User'}
users = [{'id': b'user' + os.urandom(16), 'name': 'AB User'} for i in range(0,2)] users = [{'id': b'user' + os.urandom(16), 'name': 'AB User'} for i in range(0,2)]
@ -681,7 +682,7 @@ class Tester():
def test_responses(self,): def test_responses(self,):
PIN = '1234' PIN = '1234'
RPID = 'examplo2.org' RPID = self.host
for dev in (CtapHidDevice.list_devices()): for dev in (CtapHidDevice.list_devices()):
print('dev',dev) print('dev',dev)
client = Fido2Client(dev, RPID) client = Fido2Client(dev, RPID)
@ -776,12 +777,12 @@ def test_find_brute_force():
if __name__ == '__main__': if __name__ == '__main__':
t = Tester() t = Tester()
#t.find_device() t.find_device()
# t.test_hid() # t.test_hid()
# t.test_long_ping() # t.test_long_ping()
#t.test_fido2() t.test_fido2()
#t.test_rk() #t.test_rk()
t.test_responses() #t.test_responses()
# test_find_brute_force() # test_find_brute_force()
#t.test_fido2_simple() #t.test_fido2_simple()
#t.test_fido2_brute_force() #t.test_fido2_brute_force()