From a2611fb0130d946deedf7d63c9283baae16e194f Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 12 Feb 2019 18:45:01 -0500 Subject: [PATCH] run python black --- tools/convert_log_to_c.py | 26 +-- tools/ctap_test.py | 472 +++++++++++++++++++------------------- tools/http2udb.py | 44 ++-- tools/nfcmon.py | 6 +- tools/solotool.py | 331 +++++++++++++------------- 5 files changed, 431 insertions(+), 448 deletions(-) diff --git a/tools/convert_log_to_c.py b/tools/convert_log_to_c.py index 5d6d2fa..18976e6 100755 --- a/tools/convert_log_to_c.py +++ b/tools/convert_log_to_c.py @@ -1,26 +1,6 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- # -# Copyright (C) 2018 SoloKeys, Inc. -# -# This file is part of Solo. -# -# Solo is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Solo is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Solo. If not, see -# -# This code is available under licenses for commercial use. -# Please contact SoloKeys for more information. -# import sys from sys import argv @@ -34,7 +14,7 @@ nums = [] for x in log: parse = [] - for i in x.split(' '): + for i in x.split(" "): try: n = int(i, 16) parse.append(n) @@ -48,9 +28,9 @@ for x in log: hexlines = [] for l in nums: - s = '' + s = "" for x in l: - s += '\\x%02x' % x + s += "\\x%02x" % x hexlines.append(s) for x in hexlines: diff --git a/tools/ctap_test.py b/tools/ctap_test.py index 4b74aff..7c71147 100755 --- a/tools/ctap_test.py +++ b/tools/ctap_test.py @@ -50,14 +50,14 @@ class Packet(object): class Tester: def __init__(self,): - self.origin = 'https://examplo.org' - self.host = 'examplo.org' + self.origin = "https://examplo.org" + self.host = "examplo.org" def find_device(self,): print(list(CtapHidDevice.list_devices())) dev = next(CtapHidDevice.list_devices(), None) if not dev: - raise RuntimeError('No FIDO device found') + raise RuntimeError("No FIDO device found") self.dev = dev self.client = Fido2Client(dev, self.origin) self.ctap = self.client.ctap2 @@ -66,23 +66,23 @@ class Tester: # cmd,resp = self.recv_raw() def send_data(self, cmd, data): - if type(data) != type(b''): - data = struct.pack('%dB' % len(data), *[ord(x) for x in data]) + if type(data) != type(b""): + data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) with Timeout(1.0) as event: return self.dev.call(cmd, data, event) def send_raw(self, data, cid=None): if cid is None: cid = self.dev._dev.cid - elif type(cid) != type(b''): - cid = struct.pack('%dB' % len(cid), *[ord(x) for x in cid]) - if type(data) != type(b''): - data = struct.pack('%dB' % len(data), *[ord(x) for x in data]) + elif type(cid) != type(b""): + cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid]) + if type(data) != type(b""): + data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) data = cid + data l = len(data) if l != 64: - pad = '\x00' * (64 - l) - pad = struct.pack('%dB' % len(pad), *[ord(x) for x in pad]) + pad = "\x00" * (64 - l) + pad = struct.pack("%dB" % len(pad), *[ord(x) for x in pad]) data = data + pad data = list(data) assert len(data) == 64 @@ -92,8 +92,8 @@ class Tester: return self.dev._dev.cid def set_cid(self, cid): - if type(cid) not in [type(b''), type(bytearray())]: - cid = struct.pack('%dB' % len(cid), *[ord(x) for x in cid]) + if type(cid) not in [type(b""), type(bytearray())]: + cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid]) self.dev._dev.cid = cid def recv_raw(self,): @@ -107,7 +107,7 @@ class Tester: if data[0] != 0: raise CtapError(data[0]) elif data[0] != err: - raise ValueError('Unexpected error: %02x' % data[0]) + raise ValueError("Unexpected error: %02x" % data[0]) def test_long_ping(self): amt = 1000 @@ -120,48 +120,48 @@ class Tester: # if (delt < 140 ): # raise RuntimeError('Fob is too fast (%d ms)' % delt) if delt > 555 * (amt / 1000): - raise RuntimeError('Fob is too slow (%d ms)' % delt) + raise RuntimeError("Fob is too slow (%d ms)" % delt) if r != pingdata: - raise ValueError('Ping data not echo\'d') - print('1000 byte ping time: %s ms' % delt) + raise ValueError("Ping data not echo'd") + print("1000 byte ping time: %s ms" % delt) except CtapError as e: - print('7609 byte Ping failed:', e) - raise RuntimeError('ping failed') - print('PASS: 7609 byte ping') + print("7609 byte Ping failed:", e) + raise RuntimeError("ping failed") + print("PASS: 7609 byte ping") # sys.flush(sys.sto) sys.stdout.flush() def test_hid(self, check_timeouts=False): if check_timeouts: - print('Test idle') + print("Test idle") try: cmd, resp = self.recv_raw() except socket.timeout: - print('Pass: Idle') + print("Pass: Idle") - print('Test init') - r = self.send_data(CTAPHID.INIT, '\x11\x11\x11\x11\x11\x11\x11\x11') + print("Test init") + r = self.send_data(CTAPHID.INIT, "\x11\x11\x11\x11\x11\x11\x11\x11") pingdata = os.urandom(100) try: r = self.send_data(CTAPHID.PING, pingdata) if r != pingdata: - raise ValueError('Ping data not echo\'d') + raise ValueError("Ping data not echo'd") except CtapError as e: - print('100 byte Ping failed:', e) - raise RuntimeError('ping failed') - print('PASS: 100 byte ping') + print("100 byte Ping failed:", e) + raise RuntimeError("ping failed") + print("PASS: 100 byte ping") self.test_long_ping() try: - r = self.send_data(CTAPHID.WINK, '') + r = self.send_data(CTAPHID.WINK, "") print(hexlify(r)) # assert(len(r) == 0) except CtapError as e: - print('wink failed:', e) - raise RuntimeError('wink failed') - print('PASS: wink') + print("wink failed:", e) + raise RuntimeError("wink failed") + print("PASS: wink") # try: # r = self.send_data(CTAPHID.WINK, 'we9gofrei8g') @@ -171,87 +171,87 @@ class Tester: # print('PASS: malformed wink') try: - r = self.send_data(CTAPHID.CBOR, '') + r = self.send_data(CTAPHID.CBOR, "") if len(r) > 1 or r[0] == 0: - raise RuntimeError('Cbor is supposed to have payload') + raise RuntimeError("Cbor is supposed to have payload") except CtapError as e: assert e.code == CtapError.ERR.INVALID_LENGTH - print('PASS: no data cbor') + print("PASS: no data cbor") try: - r = self.send_data(CTAPHID.MSG, '') + r = self.send_data(CTAPHID.MSG, "") print(hexlify(r)) if len(r) > 2: - raise RuntimeError('MSG is supposed to have payload') + raise RuntimeError("MSG is supposed to have payload") except CtapError as e: assert e.code == CtapError.ERR.INVALID_LENGTH - print('PASS: no data msg') + print("PASS: no data msg") try: - r = self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') + r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") except CtapError as e: - raise RuntimeError('resync fail: ', e) - print('PASS: resync') + raise RuntimeError("resync fail: ", e) + print("PASS: resync") try: - r = self.send_data(0x66, '') - raise RuntimeError('Invalid command did not return error') + r = self.send_data(0x66, "") + raise RuntimeError("Invalid command did not return error") except CtapError as e: assert e.code == CtapError.ERR.INVALID_COMMAND - print('PASS: invalid HID command') + print("PASS: invalid HID command") - print('Sending packet with too large of a length.') - self.send_raw('\x81\x1d\xba\x00') + print("Sending packet with too large of a length.") + self.send_raw("\x81\x1d\xba\x00") cmd, resp = self.recv_raw() self.check_error(resp, CtapError.ERR.INVALID_LENGTH) - print('PASS: invalid length') + print("PASS: invalid length") - r = self.send_data(CTAPHID.PING, '\x44' * 200) - print('Sending packets that skip a sequence number.') - self.send_raw('\x81\x04\x90') - self.send_raw('\x00') - self.send_raw('\x01') + r = self.send_data(CTAPHID.PING, "\x44" * 200) + print("Sending packets that skip a sequence number.") + self.send_raw("\x81\x04\x90") + self.send_raw("\x00") + self.send_raw("\x01") # skip 2 - self.send_raw('\x03') + self.send_raw("\x03") cmd, resp = self.recv_raw() self.check_error(resp, CtapError.ERR.INVALID_SEQ) if check_timeouts: cmd, resp = self.recv_raw() assert cmd == 0xBF # timeout - print('PASS: invalid sequence') + print("PASS: invalid sequence") - print('Resync and send ping') + print("Resync and send ping") try: - r = self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') + r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") pingdata = os.urandom(100) r = self.send_data(CTAPHID.PING, pingdata) if r != pingdata: - raise ValueError('Ping data not echo\'d') + raise ValueError("Ping data not echo'd") except CtapError as e: - raise RuntimeError('resync fail: ', e) - print('PASS: resync and ping') + raise RuntimeError("resync fail: ", e) + print("PASS: resync and ping") - print('Send ping and abort it') - self.send_raw('\x81\x04\x00') - self.send_raw('\x00') - self.send_raw('\x01') + print("Send ping and abort it") + self.send_raw("\x81\x04\x00") + self.send_raw("\x00") + self.send_raw("\x01") try: - r = self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') + r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") except CtapError as e: - raise RuntimeError('resync fail: ', e) - print('PASS: interrupt ping with resync') + raise RuntimeError("resync fail: ", e) + print("PASS: interrupt ping with resync") - print('Send ping and abort it with different cid, expect timeout') + print("Send ping and abort it with different cid, expect timeout") oldcid = self.cid() - newcid = '\x11\x22\x33\x44' - self.send_raw('\x81\x10\x00') - self.send_raw('\x00') - self.send_raw('\x01') + newcid = "\x11\x22\x33\x44" + self.send_raw("\x81\x10\x00") + self.send_raw("\x00") + self.send_raw("\x01") self.set_cid(newcid) self.send_raw( - '\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88' + "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88" ) # init from different cid - print('wait for init response') + print("wait for init response") cmd, r = self.recv_raw() # init response assert cmd == 0x86 self.set_cid(oldcid) @@ -260,51 +260,51 @@ class Tester: cmd, r = self.recv_raw() # timeout response assert cmd == 0xBF - print('PASS: resync and timeout') + print("PASS: resync and timeout") - print('Test timeout') - self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') + print("Test timeout") + self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") t1 = time.time() * 1000 - self.send_raw('\x81\x04\x00') - self.send_raw('\x00') - self.send_raw('\x01') + self.send_raw("\x81\x04\x00") + self.send_raw("\x00") + self.send_raw("\x01") cmd, r = self.recv_raw() # timeout response t2 = time.time() * 1000 delt = t2 - t1 assert cmd == 0xBF assert r[0] == CtapError.ERR.TIMEOUT assert delt < 1000 and delt > 400 - print('Pass timeout') + print("Pass timeout") - print('Test not cont') - self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') - self.send_raw('\x81\x04\x00') - self.send_raw('\x00') - self.send_raw('\x01') - self.send_raw('\x81\x10\x00') # init packet + print("Test not cont") + self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") + self.send_raw("\x81\x04\x00") + self.send_raw("\x00") + self.send_raw("\x01") + self.send_raw("\x81\x10\x00") # init packet cmd, r = self.recv_raw() # timeout response assert cmd == 0xBF assert r[0] == CtapError.ERR.INVALID_SEQ - print('PASS: Test not cont') + print("PASS: Test not cont") if check_timeouts: - print('Check random cont ignored') - self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') - self.send_raw('\x01\x10\x00') + print("Check random cont ignored") + self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") + self.send_raw("\x01\x10\x00") try: cmd, r = self.recv_raw() # timeout response except socket.timeout: pass - print('PASS: random cont') + print("PASS: random cont") - print('Check busy') + print("Check busy") t1 = time.time() * 1000 - self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') + self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") oldcid = self.cid() - newcid = '\x11\x22\x33\x44' - self.send_raw('\x81\x04\x00') + newcid = "\x11\x22\x33\x44" + self.send_raw("\x81\x04\x00") self.set_cid(newcid) - self.send_raw('\x81\x04\x00') + self.send_raw("\x81\x04\x00") cmd, r = self.recv_raw() # busy response t2 = time.time() * 1000 assert t2 - t1 < 100 @@ -315,25 +315,25 @@ class Tester: cmd, r = self.recv_raw() # timeout response assert cmd == 0xBF assert r[0] == CtapError.ERR.TIMEOUT - print('PASS: busy') + print("PASS: busy") - print('Check busy interleaved') - cid1 = '\x11\x22\x33\x44' - cid2 = '\x01\x22\x33\x44' + print("Check busy interleaved") + cid1 = "\x11\x22\x33\x44" + cid2 = "\x01\x22\x33\x44" self.set_cid(cid2) - self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') + self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") self.set_cid(cid1) - self.send_data(CTAPHID.INIT, '\x11\x22\x33\x44\x55\x66\x77\x88') - self.send_raw('\x81\x00\x63') # echo 99 bytes first channel + self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88") + self.send_raw("\x81\x00\x63") # echo 99 bytes first channel self.set_cid(cid2) # send ping on 2nd channel - self.send_raw('\x81\x00\x63') - self.send_raw('\x00') + self.send_raw("\x81\x00\x63") + self.send_raw("\x00") cmd, r = self.recv_raw() # busy response self.set_cid(cid1) # finish 1st channel ping - self.send_raw('\x00') + self.send_raw("\x00") self.set_cid(cid2) @@ -349,35 +349,35 @@ class Tester: cmd, r = self.recv_raw() # timeout assert cmd == 0xBF assert r[0] == CtapError.ERR.TIMEOUT - print('PASS: busy interleaved') + print("PASS: busy interleaved") if check_timeouts: - print('Test idle, wait for timeout') + print("Test idle, wait for timeout") sys.stdout.flush() try: cmd, resp = self.recv_raw() except socket.timeout: - print('Pass: Idle') + print("Pass: Idle") - print('Test cid 0 is invalid') - self.set_cid('\x00\x00\x00\x00') + print("Test cid 0 is invalid") + self.set_cid("\x00\x00\x00\x00") self.send_raw( - '\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88', cid='\x00\x00\x00\x00' + "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\x00\x00\x00\x00" ) cmd, r = self.recv_raw() # timeout assert cmd == 0xBF assert r[0] == CtapError.ERR.INVALID_CHANNEL - print('Pass: cid 0') + print("Pass: cid 0") - print('Test invalid broadcast cid use') - self.set_cid('\xff\xff\xff\xff') + print("Test invalid broadcast cid use") + self.set_cid("\xff\xff\xff\xff") self.send_raw( - '\x81\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88', cid='\xff\xff\xff\xff' + "\x81\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\xff\xff\xff\xff" ) cmd, r = self.recv_raw() # timeout assert cmd == 0xBF assert r[0] == CtapError.ERR.INVALID_CHANNEL - print('Pass: cid broadcast') + print("Pass: cid broadcast") def test_u2f(self,): pass @@ -385,46 +385,46 @@ class Tester: def test_fido2_simple(self, pin_token=None): creds = [] exclude_list = [] - rp = {'id': self.host, 'name': 'ExaRP'} - user = {'id': b'usee_od', 'name': 'AB User'} - challenge = 'Y2hhbGxlbmdl' + rp = {"id": self.host, "name": "ExaRP"} + user = {"id": b"usee_od", "name": "AB User"} + challenge = "Y2hhbGxlbmdl" PIN = pin_token - fake_id1 = array.array('B', [randint(0, 255) for i in range(0, 150)]).tobytes() - fake_id2 = array.array('B', [randint(0, 255) for i in range(0, 73)]).tobytes() + fake_id1 = array.array("B", [randint(0, 255) for i in range(0, 150)]).tobytes() + fake_id2 = array.array("B", [randint(0, 255) for i in range(0, 73)]).tobytes() - exclude_list.append({'id': fake_id1, 'type': 'public-key'}) - exclude_list.append({'id': fake_id2, 'type': 'public-key'}) + exclude_list.append({"id": fake_id1, "type": "public-key"}) + exclude_list.append({"id": fake_id2, "type": "public-key"}) - print('MC') + print("MC") t1 = time.time() * 1000 attest, data = self.client.make_credential( rp, user, challenge, pin=PIN, exclude_list=[] ) t2 = time.time() * 1000 attest.verify(data.hash) - print('Register valid (%d ms)' % (t2 - t1)) + print("Register valid (%d ms)" % (t2 - t1)) cred = attest.auth_data.credential_data creds.append(cred) - allow_list = [{'id': creds[0].credential_id, 'type': 'public-key'}] + allow_list = [{"id": creds[0].credential_id, "type": "public-key"}] t1 = time.time() * 1000 assertions, client_data = self.client.get_assertion( - rp['id'], challenge, allow_list, pin=PIN + rp["id"], challenge, allow_list, pin=PIN ) t2 = time.time() * 1000 assertions[0].verify(client_data.hash, creds[0].public_key) - print('Assertion valid (%d ms)' % (t2 - t1)) + print("Assertion valid (%d ms)" % (t2 - t1)) def test_fido2_brute_force(self): creds = [] exclude_list = [] - rp = {'id': self.host, 'name': 'ExaRP'} - user = {'id': b'usee_od', 'name': 'AB User'} + rp = {"id": self.host, "name": "ExaRP"} + user = {"id": b"usee_od", "name": "AB User"} PIN = None - abc = 'abcdefghijklnmopqrstuvwxyz' + abc = "abcdefghijklnmopqrstuvwxyz" abc += abc.upper() self.ctap.reset() @@ -432,17 +432,17 @@ class Tester: for i in range(0, 2048 ** 2): creds = [] - challenge = ''.join([abc[randint(0, len(abc) - 1)] for x in range(0, 32)]) + challenge = "".join([abc[randint(0, len(abc) - 1)] for x in range(0, 32)]) fake_id1 = array.array( - 'B', [randint(0, 255) for i in range(0, 150)] + "B", [randint(0, 255) for i in range(0, 150)] ).tostring() fake_id2 = array.array( - 'B', [randint(0, 255) for i in range(0, 73)] + "B", [randint(0, 255) for i in range(0, 73)] ).tostring() - exclude_list.append({'id': fake_id1, 'type': 'public-key'}) - exclude_list.append({'id': fake_id2, 'type': 'public-key'}) + exclude_list.append({"id": fake_id1, "type": "public-key"}) + exclude_list.append({"id": fake_id2, "type": "public-key"}) # for i in range(0,2048**2): for i in range(0, 1): @@ -453,7 +453,7 @@ class Tester: print(attest.auth_data.counter) t2 = time.time() * 1000 attest.verify(data.hash) - print('Register valid (%d ms)' % (t2 - t1)) + print("Register valid (%d ms)" % (t2 - t1)) sys.stdout.flush() cred = attest.auth_data.credential_data @@ -461,39 +461,39 @@ class Tester: # for i in range(0,2048**2): for i in range(0, 1): - allow_list = [{'id': creds[0].credential_id, 'type': 'public-key'}] + allow_list = [{"id": creds[0].credential_id, "type": "public-key"}] t1 = time.time() * 1000 assertions, client_data = self.client.get_assertion( - rp['id'], challenge, allow_list, pin=PIN + rp["id"], challenge, allow_list, pin=PIN ) t2 = time.time() * 1000 assertions[0].verify(client_data.hash, creds[0].public_key) print(assertions[0].auth_data.counter) - print('Assertion valid (%d ms)' % (t2 - t1)) + print("Assertion valid (%d ms)" % (t2 - t1)) sys.stdout.flush() def test_fido2(self): def test(self, pincode=None): creds = [] exclude_list = [] - rp = {'id': self.host, 'name': 'ExaRP'} - user = {'id': b'usee_od', 'name': 'AB User'} - challenge = 'Y2hhbGxlbmdl' + rp = {"id": self.host, "name": "ExaRP"} + user = {"id": b"usee_od", "name": "AB User"} + challenge = "Y2hhbGxlbmdl" PIN = pincode fake_id1 = array.array( - 'B', [randint(0, 255) for i in range(0, 150)] + "B", [randint(0, 255) for i in range(0, 150)] ).tostring() fake_id2 = array.array( - 'B', [randint(0, 255) for i in range(0, 73)] + "B", [randint(0, 255) for i in range(0, 73)] ).tostring() - exclude_list.append({'id': fake_id1, 'type': 'public-key'}) - exclude_list.append({'id': fake_id2, 'type': 'public-key'}) + exclude_list.append({"id": fake_id1, "type": "public-key"}) + exclude_list.append({"id": fake_id2, "type": "public-key"}) # test make credential - print('make 3 credentials') + print("make 3 credentials") for i in range(0, 3): attest, data = self.client.make_credential( rp, user, challenge, pin=PIN, exclude_list=[] @@ -502,149 +502,149 @@ class Tester: cred = attest.auth_data.credential_data creds.append(cred) print(cred) - print('PASS') + print("PASS") if PIN is not None: - print('make credential with wrong pin code') + print("make credential with wrong pin code") try: attest, data = self.client.make_credential( - rp, user, challenge, pin=PIN + ' ', exclude_list=[] + rp, user, challenge, pin=PIN + " ", exclude_list=[] ) except CtapError as e: assert e.code == CtapError.ERR.PIN_INVALID except ClientError as e: assert e.cause.code == CtapError.ERR.PIN_INVALID - print('PASS') + print("PASS") - print('make credential with exclude list') + print("make credential with exclude list") attest, data = self.client.make_credential( rp, user, challenge, pin=PIN, exclude_list=exclude_list ) attest.verify(data.hash) cred = attest.auth_data.credential_data creds.append(cred) - print('PASS') + print("PASS") - print('make credential with exclude list including real credential') - real_excl = [{'id': cred.credential_id, 'type': 'public-key'}] + print("make credential with exclude list including real credential") + real_excl = [{"id": cred.credential_id, "type": "public-key"}] try: attest, data = self.client.make_credential( rp, user, challenge, pin=PIN, exclude_list=exclude_list + real_excl ) - raise RuntimeError('Exclude list did not return expected error') + raise RuntimeError("Exclude list did not return expected error") except CtapError as e: assert e.code == CtapError.ERR.CREDENTIAL_EXCLUDED except ClientError as e: assert e.cause.code == CtapError.ERR.CREDENTIAL_EXCLUDED - print('PASS') + print("PASS") for i, x in enumerate(creds): - print('get assertion %d' % i) - allow_list = [{'id': x.credential_id, 'type': 'public-key'}] + print("get assertion %d" % i) + allow_list = [{"id": x.credential_id, "type": "public-key"}] assertions, client_data = self.client.get_assertion( - rp['id'], challenge, allow_list, pin=PIN + rp["id"], challenge, allow_list, pin=PIN ) assertions[0].verify(client_data.hash, x.public_key) - print('PASS') + print("PASS") if PIN is not None: - print('get assertion with wrong pin code') + print("get assertion with wrong pin code") try: assertions, client_data = self.client.get_assertion( - rp['id'], challenge, allow_list, pin=PIN + ' ' + rp["id"], challenge, allow_list, pin=PIN + " " ) except CtapError as e: assert e.code == CtapError.ERR.PIN_INVALID except ClientError as e: assert e.cause.code == CtapError.ERR.PIN_INVALID - print('PASS') + print("PASS") - print('get multiple assertions') - allow_list = [{'id': x.credential_id, 'type': 'public-key'} for x in creds] + print("get multiple assertions") + allow_list = [{"id": x.credential_id, "type": "public-key"} for x in creds] assertions, client_data = self.client.get_assertion( - rp['id'], challenge, allow_list, pin=PIN + rp["id"], challenge, allow_list, pin=PIN ) for ass, cred in zip(assertions, creds): i += 1 ass.verify(client_data.hash, cred.public_key) - print('%d verified' % i) - print('PASS') + print("%d verified" % i) + print("PASS") - print('Reset device') + print("Reset device") try: self.ctap.reset() except CtapError as e: - print('Warning, reset failed: ', e) + print("Warning, reset failed: ", e) pass - print('PASS') + print("PASS") test(self, None) - print('Set a pin code') - PIN = '1122aabbwfg0h9g !@#==' + print("Set a pin code") + PIN = "1122aabbwfg0h9g !@#==" self.client.pin_protocol.set_pin(PIN) - print('PASS') + print("PASS") - print('Illegally set pin code again') + print("Illegally set pin code again") try: self.client.pin_protocol.set_pin(PIN) except CtapError as e: assert e.code == CtapError.ERR.NOT_ALLOWED - print('PASS') + print("PASS") - print('Change pin code') - PIN2 = PIN + '_pin2' + print("Change pin code") + PIN2 = PIN + "_pin2" self.client.pin_protocol.change_pin(PIN, PIN2) PIN = PIN2 - print('PASS') + print("PASS") - print('Change pin code using wrong pin') + print("Change pin code using wrong pin") try: - self.client.pin_protocol.change_pin(PIN.replace('a', 'b'), '1234') + self.client.pin_protocol.change_pin(PIN.replace("a", "b"), "1234") except CtapError as e: assert e.code == CtapError.ERR.PIN_INVALID - print('PASS') + print("PASS") - print('MC using wrong pin') + print("MC using wrong pin") try: - self.test_fido2_simple('abcd3') + self.test_fido2_simple("abcd3") except ClientError as e: assert e.cause.code == CtapError.ERR.PIN_INVALID - print('PASS') + print("PASS") - print('get info') + print("get info") inf = self.ctap.get_info() - print('PASS') + print("PASS") self.test_fido2_simple(PIN) - print('Re-run make_credential and get_assertion tests with pin code') + print("Re-run make_credential and get_assertion tests with pin code") test(self, PIN) - print('Reset device') + print("Reset device") try: self.ctap.reset() except CtapError as e: - print('Warning, reset failed: ', e) - print('PASS') + print("Warning, reset failed: ", e) + print("PASS") def test_rk(self,): creds = [] - rp = {'id': self.host, 'name': 'ExaRP'} - user0 = {'id': b'first one', 'name': 'single User'} + rp = {"id": self.host, "name": "ExaRP"} + user0 = {"id": b"first one", "name": "single User"} users = [ - {'id': b'user' + os.urandom(16), 'name': 'AB User'} for i in range(0, 2) + {"id": b"user" + os.urandom(16), "name": "AB User"} for i in range(0, 2) ] - challenge = 'Y2hhbGxlbmdl' + challenge = "Y2hhbGxlbmdl" PIN = None - print('reset') + print("reset") self.ctap.reset() # if PIN: self.client.pin_protocol.set_pin(PIN) - print('registering 1 user with RK') + print("registering 1 user with RK") t1 = time.time() * 1000 attest, data = self.client.make_credential( rp, user0, challenge, pin=PIN, exclude_list=[], rk=True @@ -652,20 +652,20 @@ class Tester: t2 = time.time() * 1000 attest.verify(data.hash) creds.append(attest.auth_data.credential_data) - print('Register valid (%d ms)' % (t2 - t1)) + print("Register valid (%d ms)" % (t2 - t1)) - print('1 assertion') + print("1 assertion") t1 = time.time() * 1000 assertions, client_data = self.client.get_assertion( - rp['id'], challenge, pin=PIN + rp["id"], challenge, pin=PIN ) t2 = time.time() * 1000 assertions[0].verify(client_data.hash, creds[0].public_key) - print('Assertion valid (%d ms)' % (t2 - t1)) + print("Assertion valid (%d ms)" % (t2 - t1)) print(assertions[0], client_data) - print('registering %d users with RK' % len(users)) + print("registering %d users with RK" % len(users)) for i in range(0, len(users)): t1 = time.time() * 1000 attest, data = self.client.make_credential( @@ -673,22 +673,22 @@ class Tester: ) t2 = time.time() * 1000 attest.verify(data.hash) - print('Register valid (%d ms)' % (t2 - t1)) + print("Register valid (%d ms)" % (t2 - t1)) creds.append(attest.auth_data.credential_data) t1 = time.time() * 1000 assertions, client_data = self.client.get_assertion( - rp['id'], challenge, pin=PIN + rp["id"], challenge, pin=PIN ) t2 = time.time() * 1000 for x, y in zip(assertions, creds): x.verify(client_data.hash, y.public_key) - print('Assertion(s) valid (%d ms)' % (t2 - t1)) + print("Assertion(s) valid (%d ms)" % (t2 - t1)) - print('registering a duplicate user ') + print("registering a duplicate user ") t1 = time.time() * 1000 attest, data = self.client.make_credential( @@ -697,24 +697,24 @@ class Tester: t2 = time.time() * 1000 attest.verify(data.hash) creds = creds[:2] + creds[3:] + [attest.auth_data.credential_data] - print('Register valid (%d ms)' % (t2 - t1)) + print("Register valid (%d ms)" % (t2 - t1)) t1 = time.time() * 1000 assertions, client_data = self.client.get_assertion( - rp['id'], challenge, pin=PIN + rp["id"], challenge, pin=PIN ) t2 = time.time() * 1000 assert len(assertions) == len(users) + 1 for x, y in zip(assertions, creds): x.verify(client_data.hash, y.public_key) - print('Assertion(s) valid (%d ms)' % (t2 - t1)) + print("Assertion(s) valid (%d ms)" % (t2 - t1)) def test_responses(self,): - PIN = '1234' + PIN = "1234" RPID = self.host for dev in CtapHidDevice.list_devices(): - print('dev', dev) + print("dev", dev) client = Fido2Client(dev, RPID) ctap = client.ctap2 # ctap.reset() @@ -726,17 +726,17 @@ class Tester: inf = ctap.get_info() # print (inf) - print('versions: ', inf.versions) - print('aaguid: ', inf.aaguid) - print('rk: ', inf.options['rk']) - print('clientPin: ', inf.options['clientPin']) - print('max_message_size: ', inf.max_msg_size) + print("versions: ", inf.versions) + print("aaguid: ", inf.aaguid) + print("rk: ", inf.options["rk"]) + print("clientPin: ", inf.options["clientPin"]) + print("max_message_size: ", inf.max_msg_size) # rp = {'id': 'SelectDevice', 'name': 'SelectDevice'} - rp = {'id': RPID, 'name': 'ExaRP'} - user = {'id': os.urandom(10), 'name': 'SelectDevice'} - user = {'id': b'21first one', 'name': 'single User'} - challenge = 'Y2hhbGxlbmdl' + rp = {"id": RPID, "name": "ExaRP"} + user = {"id": os.urandom(10), "name": "SelectDevice"} + user = {"id": b"21first one", "name": "single User"} + challenge = "Y2hhbGxlbmdl" if 1: attest, data = client.make_credential( @@ -746,15 +746,15 @@ class Tester: cred = attest.auth_data.credential_data creds = [cred] - allow_list = [{'id': creds[0].credential_id, 'type': 'public-key'}] + allow_list = [{"id": creds[0].credential_id, "type": "public-key"}] allow_list = [] assertions, client_data = client.get_assertion( - rp['id'], challenge, pin=PIN + rp["id"], challenge, pin=PIN ) assertions[0].verify(client_data.hash, creds[0].public_key) if 0: - print('registering 1 user with RK') + print("registering 1 user with RK") t1 = time.time() * 1000 attest, data = client.make_credential( rp, user, challenge, pin=PIN, exclude_list=[], rk=True @@ -762,23 +762,23 @@ class Tester: t2 = time.time() * 1000 attest.verify(data.hash) creds = [attest.auth_data.credential_data] - print('Register valid (%d ms)' % (t2 - t1)) + print("Register valid (%d ms)" % (t2 - t1)) - print('1 assertion') + print("1 assertion") t1 = time.time() * 1000 assertions, client_data = client.get_assertion( - rp['id'], challenge, pin=PIN + rp["id"], challenge, pin=PIN ) t2 = time.time() * 1000 assertions[0].verify(client_data.hash, creds[0].public_key) - print('Assertion valid (%d ms)' % (t2 - t1)) + print("Assertion valid (%d ms)" % (t2 - t1)) # print('fmt:',attest.fmt) # print('rp_id_hash',attest.auth_data.rp_id_hash) # print('flags:', hex(attest.auth_data.flags)) # print('count:', hex(attest.auth_data.counter)) - print('flags MC:', attest.auth_data) - print('flags GA:', assertions[0].auth_data) + print("flags MC:", attest.auth_data) + print("flags GA:", assertions[0].auth_data) # print('cred_id:',attest.auth_data.credential_data.credential_id) # print('pubkey:',attest.auth_data.credential_data.public_key) # print('aaguid:',attest.auth_data.credential_data.aaguid) @@ -790,8 +790,8 @@ class Tester: # print('x5c:',attest.att_statement['x5c']) # print('data:',data) - print('assertion:', assertions[0]) - print('clientData:', client_data) + print("assertion:", assertions[0]) + print("clientData:", client_data) print() # break @@ -804,12 +804,12 @@ def test_find_brute_force(): t = Tester() t.find_device() t2 = time.time() * 1000 - print('connected %d (%d ms)' % (i, t2 - t1)) + print("connected %d (%d ms)" % (i, t2 - t1)) i += 1 time.sleep(0.01) -if __name__ == '__main__': +if __name__ == "__main__": t = Tester() t.find_device() # t.test_hid() diff --git a/tools/http2udb.py b/tools/http2udb.py index 86a3856..8e97ce1 100755 --- a/tools/http2udb.py +++ b/tools/http2udb.py @@ -24,7 +24,7 @@ from sign_firmware import * httpport = 8080 udpport = 8111 -HEX_FILE = '../efm32/GNU ARM v7.2.1 - Debug/EFM32.hex' +HEX_FILE = "../efm32/GNU ARM v7.2.1 - Debug/EFM32.hex" def ForceU2F(client, device): @@ -34,13 +34,13 @@ def ForceU2F(client, device): client._do_get_assertion = client._ctap1_get_assertion -if __name__ == '__main__': +if __name__ == "__main__": try: dev = next(CtapHidDevice.list_devices(), None) print(dev) if not dev: - raise RuntimeError('No FIDO device found') - client = Fido2Client(dev, 'https://example.com') + raise RuntimeError("No FIDO device found") + client = Fido2Client(dev, "https://example.com") ForceU2F(client, dev) ctap = client.ctap except Exception as e: @@ -50,8 +50,8 @@ if __name__ == '__main__': def write(data): msg = from_websafe(data) msg = base64.b64decode(msg) - chal = b'A' * 32 - appid = b'A' * 32 + chal = b"A" * 32 + appid = b"A" * 32 # print (msg) # print (msg.decode()) # print (str(msg)) @@ -80,40 +80,40 @@ def read(): class UDPBridge(BaseHTTPRequestHandler): def end_headers(self): - self.send_header('Access-Control-Allow-Origin', '*') + self.send_header("Access-Control-Allow-Origin", "*") BaseHTTPRequestHandler.end_headers(self) def do_POST(self): - content_len = int(self.headers.get('Content-Length', 0)) + content_len = int(self.headers.get("Content-Length", 0)) post_body = self.rfile.read(content_len) - data = json.loads(post_body)['data'] + data = json.loads(post_body)["data"] print(data) msg = from_websafe(data) msg = base64.b64decode(msg) chal = b"\xf6\xa2\x3c\xa4\x0a\xf9\xda\xd4\x5f\xdc\xba\x7d\xc9\xde\xcb\xed\xb5\x84\x64\x3a\x4c\x9f\x44\xc2\x04\xb0\x17\xd7\xf4\x3e\xe0\x3f" - appid = b'A' * 32 + appid = b"A" * 32 s = ctap.authenticate(chal, appid, msg) data = ( - struct.pack('B', s.user_presence) - + struct.pack('>L', s.counter) + struct.pack("B", s.user_presence) + + struct.pack(">L", s.counter) + s.signature ) - data = base64.b64encode(data).decode('ascii') + data = base64.b64encode(data).decode("ascii") data = to_websafe(data) - data = json.dumps({'data': data}) - data = data.encode('ascii') + data = json.dumps({"data": data}) + data = data.encode("ascii") self.send_response(200) - self.send_header('Content-type', 'text/json') + self.send_header("Content-type", "text/json") self.end_headers() self.wfile.write(data) def do_GET(self): self.send_response(200) - self.send_header('Content-type', 'text/json') + self.send_header("Content-type", "text/json") msg = get_firmware_object("signing_key.pem", HEX_FILE) @@ -123,19 +123,19 @@ class UDPBridge(BaseHTTPRequestHandler): try: - server = HTTPServer(('', httpport), UDPBridge) - print('Started httpserver on port ', httpport) + server = HTTPServer(("", httpport), UDPBridge) + print("Started httpserver on port ", httpport) server.socket = ssl.wrap_socket( server.socket, keyfile="../web/localhost.key", - certfile='../web/localhost.crt', + certfile="../web/localhost.crt", server_side=True, ) - print('Saving signed firmware to firmware.json') + print("Saving signed firmware to firmware.json") msg = get_firmware_object("signing_key.pem", HEX_FILE) - wfile = open('firmware.json', 'wb+') + wfile = open("firmware.json", "wb+") wfile.write(json.dumps(msg).encode()) wfile.close() diff --git a/tools/nfcmon.py b/tools/nfcmon.py index bf17286..76f32a8 100755 --- a/tools/nfcmon.py +++ b/tools/nfcmon.py @@ -22,9 +22,9 @@ for p in Chameleon.Device.listDevices(): if p: chameleon.connect(p) else: - raise RuntimeError('No chameleon mini connected') + raise RuntimeError("No chameleon mini connected") -chameleon.execCmd('LOGMODE=LIVE') +chameleon.execCmd("LOGMODE=LIVE") while 1: b = chameleon.read(1, 20) @@ -33,4 +33,4 @@ while 1: sys.stdout.write(h) sys.stdout.flush() -chameleon.execCmd('LOGMODE=NONE') +chameleon.execCmd("LOGMODE=NONE") diff --git a/tools/solotool.py b/tools/solotool.py index 4db5f8c..aafe5f5 100755 --- a/tools/solotool.py +++ b/tools/solotool.py @@ -39,27 +39,27 @@ import serial def to_websafe(data): - data = data.replace('+', '-') - data = data.replace('/', '_') - data = data.replace('=', '') + data = data.replace("+", "-") + data = data.replace("/", "_") + data = data.replace("=", "") return data def from_websafe(data): - data = data.replace('-', '+') - data = data.replace('_', '/') - return data + '=='[: (3 * len(data)) % 4] + data = data.replace("-", "+") + data = data.replace("_", "/") + return data + "=="[: (3 * len(data)) % 4] def get_firmware_object(sk_name, hex_file): from ecdsa import SigningKey, NIST256p sk = SigningKey.from_pem(open(sk_name).read()) - fw = open(hex_file, 'r').read() + fw = open(hex_file, "r").read() fw = base64.b64encode(fw.encode()) fw = to_websafe(fw.decode()) ih = IntelHex() - ih.fromfile(hex_file, format='hex') + ih.fromfile(hex_file, format="hex") # start of firmware and the size of the flash region allocated for it. # TODO put this somewhere else. START = ih.segments()[0][0] @@ -71,29 +71,31 @@ def get_firmware_object(sk_name, hex_file): im_size = END - START - print('im_size: ', im_size) - print('firmware_size: ', len(arr)) + print("im_size: ", im_size) + print("firmware_size: ", len(arr)) - byts = (arr).tobytes() if hasattr(arr, 'tobytes') else (arr).tostring() + byts = (arr).tobytes() if hasattr(arr, "tobytes") else (arr).tostring() h = sha256() h.update(byts) sig = binascii.unhexlify(h.hexdigest()) - print('hash', binascii.hexlify(sig)) + print("hash", binascii.hexlify(sig)) sig = sk.sign_digest(sig) - print('sig', binascii.hexlify(sig)) + print("sig", binascii.hexlify(sig)) sig = base64.b64encode(sig) sig = to_websafe(sig.decode()) # msg = {'data': read()} - msg = {'firmware': fw, 'signature': sig} + msg = {"firmware": fw, "signature": sig} return msg + class SoloExtension: - version= 0x14 + version = 0x14 rng = 0x15 + class SoloBootloader: write = 0x40 done = 0x41 @@ -109,13 +111,13 @@ class SoloBootloader: HIDCommandEnterSTBoot = 0x52 HIDCommandRNG = 0x60 - TAG = b'\x8C\x27\x90\xf6' + TAG = b"\x8C\x27\x90\xf6" class SoloClient: def __init__(self,): - self.origin = 'https://example.org' - self.host = 'example.org' + self.origin = "https://example.org" + self.host = "example.org" self.exchange = self.exchange_hid self.do_reboot = True @@ -139,52 +141,52 @@ class SoloClient: def find_device(self,): dev = next(CtapHidDevice.list_devices(), None) if not dev: - raise RuntimeError('No FIDO device found') + raise RuntimeError("No FIDO device found") self.dev = dev self.ctap1 = CTAP1(dev) self.ctap2 = CTAP2(dev) self.client = Fido2Client(dev, self.origin) if self.exchange == self.exchange_hid: - self.send_data_hid(CTAPHID.INIT, '\x11\x11\x11\x11\x11\x11\x11\x11') + self.send_data_hid(CTAPHID.INIT, "\x11\x11\x11\x11\x11\x11\x11\x11") @staticmethod - def format_request(cmd, addr=0, data=b'A' * 16): - arr = b'\x00' * 9 - addr = struct.pack('H', len(data)) + def format_request(cmd, addr=0, data=b"A" * 16): + arr = b"\x00" * 9 + addr = struct.pack("H", len(data)) return cmd + addr[:3] + SoloBootloader.TAG + length + data def send_only_hid(self, cmd, data): - if type(data) != type(b''): - data = struct.pack('%dB' % len(data), *[ord(x) for x in data]) + if type(data) != type(b""): + data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) self.dev._dev.InternalSend(0x80 | cmd, bytearray(data)) def send_data_hid(self, cmd, data): - if type(data) != type(b''): - data = struct.pack('%dB' % len(data), *[ord(x) for x in data]) + if type(data) != type(b""): + data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) with Timeout(1.0) as event: return self.dev.call(cmd, data, event) - def exchange_hid(self, cmd, addr=0, data=b'A' * 16): + def exchange_hid(self, cmd, addr=0, data=b"A" * 16): req = SoloClient.format_request(cmd, addr, data) data = self.send_data_hid(SoloBootloader.HIDCommandBoot, req) ret = data[0] if ret != CtapError.ERR.SUCCESS: - str = '' + str = "" if ret == CtapError.ERR.NOT_ALLOWED: - str = 'Out of bounds write' - raise RuntimeError('Device returned non-success code %02x: %s' % (ret, str)) + str = "Out of bounds write" + raise RuntimeError("Device returned non-success code %02x: %s" % (ret, str)) return data[1:] - def exchange_u2f(self, cmd, addr=0, data=b'A' * 16): - appid = b'A' * 32 - chal = b'B' * 32 + def exchange_u2f(self, cmd, addr=0, data=b"A" * 16): + appid = b"A" * 32 + chal = b"B" * 32 req = SoloClient.format_request(cmd, addr, data) @@ -192,28 +194,28 @@ class SoloClient: ret = res.signature[0] if ret != CtapError.ERR.SUCCESS: - str = '' + str = "" if ret == CtapError.ERR.NOT_ALLOWED: - str = 'Out of bounds write' - raise RuntimeError('Device returned non-success code %02x: %s' % (ret, str)) + str = "Out of bounds write" + raise RuntimeError("Device returned non-success code %02x: %s" % (ret, str)) return res.signature[1:] def bootloader_version(self,): data = self.exchange(SoloBootloader.version) if len(data) > 2: - return (data[0],data[1],data[2]) + return (data[0], data[1], data[2]) return data[0] def solo_version(self,): data = self.exchange_u2f(SoloExtension.version) - return (data[0],data[1],data[2]) + return (data[0], data[1], data[2]) def write_flash(self, addr, data): self.exchange(SoloBootloader.write, addr, data) def get_rng(self, num=0): - ret = self.send_data_hid(SoloBootloader.HIDCommandRNG, struct.pack('B', num)) + ret = self.send_data_hid(SoloBootloader.HIDCommandRNG, struct.pack("B", num)) return ret def verify_flash(self, sig): @@ -225,34 +227,27 @@ class SoloClient: self.exchange(SoloBootloader.done, 0, sig) def wink(self,): - self.send_data_hid(CTAPHID.WINK, b'') + self.send_data_hid(CTAPHID.WINK, b"") def reset(self,): self.ctap2.reset() def make_credential(self,): - rp = {'id': self.host, 'name': 'example site'} - user = {'id': b'abcdef', 'name': 'example user'} - challenge = 'Y2hhbGxlbmdl' - attest, data = self.client.make_credential( - rp, user, challenge, exclude_list=[] - ) + rp = {"id": self.host, "name": "example site"} + user = {"id": b"abcdef", "name": "example user"} + challenge = "Y2hhbGxlbmdl" + attest, data = self.client.make_credential(rp, user, challenge, exclude_list=[]) try: attest.verify(data.hash) except AttributeError: verifier = Attestation.for_type(attest.fmt) - verifier().verify( - attest.att_statement, - attest.auth_data, - data.hash - ) - print('Register valid') - x5c = attest.att_statement['x5c'][0] + verifier().verify(attest.att_statement, attest.auth_data, data.hash) + print("Register valid") + x5c = attest.att_statement["x5c"][0] cert = x509.load_der_x509_certificate(x5c, default_backend()) return cert - def enter_solo_bootloader(self,): """ If solo is configured as solo hacker or something similar, @@ -260,8 +255,8 @@ class SoloClient: so it can be reprogrammed """ if self.exchange != self.exchange_hid: - self.send_data_hid(CTAPHID.INIT, '\x11\x11\x11\x11\x11\x11\x11\x11') - self.send_data_hid(SoloBootloader.HIDCommandEnterBoot, '') + self.send_data_hid(CTAPHID.INIT, "\x11\x11\x11\x11\x11\x11\x11\x11") + self.send_data_hid(SoloBootloader.HIDCommandEnterBoot, "") def is_solo_bootloader(self,): try: @@ -286,7 +281,7 @@ class SoloClient: req = SoloClient.format_request(SoloBootloader.st_dfu) self.send_only_hid(SoloBootloader.HIDCommandBoot, req) else: - self.send_only_hid(SoloBootloader.HIDCommandEnterSTBoot, '') + self.send_only_hid(SoloBootloader.HIDCommandEnterSTBoot, "") def disable_solo_bootloader(self,): """ @@ -295,10 +290,10 @@ class SoloClient: If you've started from a solo hacker, make you you've programmed a final/production build! """ ret = self.exchange( - SoloBootloader.disable, 0, b'\xcd\xde\xba\xaa' + SoloBootloader.disable, 0, b"\xcd\xde\xba\xaa" ) # magic number if ret[0] != CtapError.ERR.SUCCESS: - print('Failed to disable bootloader') + print("Failed to disable bootloader") return False time.sleep(0.1) self.exchange(SoloBootloader.do_reboot) @@ -306,22 +301,22 @@ class SoloClient: def program_file(self, name): - if name.lower().endswith('.json'): - data = json.loads(open(name, 'r').read()) - fw = base64.b64decode(from_websafe(data['firmware']).encode()) - sig = base64.b64decode(from_websafe(data['signature']).encode()) + if name.lower().endswith(".json"): + data = json.loads(open(name, "r").read()) + fw = base64.b64decode(from_websafe(data["firmware"]).encode()) + sig = base64.b64decode(from_websafe(data["signature"]).encode()) ih = IntelHex() tmp = tempfile.NamedTemporaryFile(delete=False) tmp.write(fw) tmp.seek(0) tmp.close() - ih.fromfile(tmp.name, format='hex') + ih.fromfile(tmp.name, format="hex") else: - if not name.lower().endswith('.hex'): + if not name.lower().endswith(".hex"): print('Warning, assuming "%s" is an Intel Hex file.' % name) sig = None ih = IntelHex() - ih.fromfile(name, format='hex') + ih.fromfile(name, format="hex") if self.exchange == self.exchange_hid: chunk = 2048 @@ -332,7 +327,7 @@ class SoloClient: size = seg[1] - seg[0] total = 0 t1 = time.time() * 1000 - print('erasing...') + print("erasing...") for i in range(seg[0], seg[1], chunk): s = i e = min(i + chunk, seg[1]) @@ -340,17 +335,17 @@ class SoloClient: self.write_flash(i, data) total += chunk progress = total / float(size) * 100 - sys.stdout.write('downloading %.2f%%...\r' % progress) - sys.stdout.write('downloaded 100% \r\n') + sys.stdout.write("downloading %.2f%%...\r" % progress) + sys.stdout.write("downloaded 100% \r\n") t2 = time.time() * 1000 - print('time: %.2f s' % ((t2 - t1) / 1000.0)) + print("time: %.2f s" % ((t2 - t1) / 1000.0)) - print('Verifying...') + print("Verifying...") if self.do_reboot: if sig is not None: self.verify_flash(sig) else: - self.verify_flash(b'A' * 64) + self.verify_flash(b"A" * 64) class DFU: @@ -431,14 +426,14 @@ class DFUDevice: devs = usb.core.find(idVendor=0x0483, idProduct=0xDF11, find_all=1) for x in devs: if ser == (usb.util.get_string(x, x.iSerialNumber)): - print('connecting to ', ser) + print("connecting to ", ser) self.dev = x break else: self.dev = usb.core.find(idVendor=0x0483, idProduct=0xDF11) if self.dev is None: - raise RuntimeError('No ST DFU devices found.') + raise RuntimeError("No ST DFU devices found.") self.dev.set_configuration() for cfg in self.dev: @@ -449,7 +444,7 @@ class DFUDevice: self.intNum = intf.bInterfaceNumber return self.dev - raise RuntimeError('No ST DFU alternate-%d found.' % altsetting) + raise RuntimeError("No ST DFU alternate-%d found." % altsetting) def init(self,): if self.state() == DFU.state.ERROR: @@ -510,7 +505,7 @@ class DFUDevice: self.clear_status() self.clear_status() if self.state() not in (DFU.state.IDLE, DFU.state.DOWNLOAD_IDLE): - raise RuntimeError('DFU device not in correct state for writing memory.') + raise RuntimeError("DFU device not in correct state for writing memory.") oldaddr = addr addr = DFUDevice.addr2block(addr, len(data)) @@ -527,7 +522,7 @@ class DFUDevice: self.clear_status() self.clear_status() if self.state() not in (DFU.state.IDLE, DFU.state.UPLOAD_IDLE): - raise RuntimeError('DFU device not in correct state for reading memory.') + raise RuntimeError("DFU device not in correct state for reading memory.") return self.upload(addr, size) @@ -542,7 +537,7 @@ class DFUDevice: self.clear_status() self.clear_status() if self.state() not in (DFU.state.IDLE, DFU.state.DOWNLOAD_IDLE): - raise RuntimeError('DFU device not in correct state for detaching.') + raise RuntimeError("DFU device not in correct state for detaching.") # self.set_addr(0x08000000) # self.block_on_state(DFU.state.DOWNLOAD_BUSY) # assert(DFU.state.DOWNLOAD_IDLE == self.state()) @@ -572,15 +567,15 @@ def attempt_to_boot_bootloader(p): except CtapError as e: if e.code == CtapError.ERR.INVALID_COMMAND: print( - 'Solo appears to not be a solo hacker. Try holding down the button for 2 while you plug token in.' + "Solo appears to not be a solo hacker. Try holding down the button for 2 while you plug token in." ) sys.exit(1) else: raise (e) - print('Solo rebooted. Reconnecting...') + print("Solo rebooted. Reconnecting...") time.sleep(0.500) if not attempt_to_find_device(p): - raise RuntimeError('Failed to reconnect!') + raise RuntimeError("Failed to reconnect!") def solo_main(): @@ -588,11 +583,19 @@ def solo_main(): parser.add_argument( "--rng", action="store_true", - help='Continuously dump random numbers generated from Solo.', + help="Continuously dump random numbers generated from Solo.", + ) + parser.add_argument("--wink", action="store_true", help="HID Wink command.") + parser.add_argument( + "--reset", + action="store_true", + help="Issue a FIDO2 reset command. Warning: your credentials will be lost.", + ) + parser.add_argument( + "--verify-solo", + action="store_true", + help="Verify that the Solo firmware is from SoloKeys. Check firmware version.", ) - parser.add_argument("--wink", action="store_true", help='HID Wink command.') - parser.add_argument("--reset", action="store_true", help='Issue a FIDO2 reset command. Warning: your credentials will be lost.') - parser.add_argument("--verify-solo", action="store_true", help='Verify that the Solo firmware is from SoloKeys. Check firmware version.') args = parser.parse_args() p = SoloClient() @@ -614,26 +617,26 @@ def solo_main(): if args.verify_solo: cert = p.make_credential() - solo_fingerprint = b'r\xd5\x831&\xac\xfc\xe9\xa8\xe8&`\x18\xe6AI4\xc8\xbeJ\xb8h_\x91\xb0\x99!\x13\xbb\xd42\x95' + solo_fingerprint = b"r\xd5\x831&\xac\xfc\xe9\xa8\xe8&`\x18\xe6AI4\xc8\xbeJ\xb8h_\x91\xb0\x99!\x13\xbb\xd42\x95" hacker_fingerprint = b"\xd0ml\xcb\xda}\xe5j\x16'\xc2\xa7\x89\x9c5\xa2\xa3\x16\xc8Q\xb3j\xd8\xed~\xd7\x84y\xbbx~\xf7" - if (cert.fingerprint(hashes.SHA256()) == solo_fingerprint): - print('Valid SOLO firmware from SoloKeys') - elif (cert.fingerprint(hashes.SHA256()) == hacker_fingerprint): - print('Valid HACKER firmware') + if cert.fingerprint(hashes.SHA256()) == solo_fingerprint: + print("Valid SOLO firmware from SoloKeys") + elif cert.fingerprint(hashes.SHA256()) == hacker_fingerprint: + print("Valid HACKER firmware") else: - print('Unknown fingerprint! ', cert.fingerprint(hashes.SHA256())) + print("Unknown fingerprint! ", cert.fingerprint(hashes.SHA256())) try: v = p.solo_version() - print('Version: ', v) + print("Version: ", v) except ApduError: - print('Firmware is out of date.') + print("Firmware is out of date.") def asked_for_help(): for i, v in enumerate(sys.argv): - if v == '-h' or v == '--help': + if v == "-h" or v == "--help": return True return False @@ -668,9 +671,9 @@ def monitor_main(): try: d = ser.read(1) except serial.SerialException: - print('reconnecting...') + print("reconnecting...") ser = reconnect() - print('done') + print("done") sys.stdout.buffer.write(d) sys.stdout.flush() @@ -695,26 +698,26 @@ def genkey_main(): if len(sys.argv) > 2: seed = sys.argv[2] - print('using input seed file ', seed) - rng = open(seed, 'rb').read() + print("using input seed file ", seed) + rng = open(seed, "rb").read() secexp = randrange_from_seed__trytryagain(rng, NIST256p.order) sk = SigningKey.from_secret_exponent(secexp, curve=NIST256p) else: sk = SigningKey.generate(curve=NIST256p) sk_name = sys.argv[1] - print('Signing key for signing device firmware: ' + sk_name) - open(sk_name, 'wb+').write(sk.to_pem()) + print("Signing key for signing device firmware: " + sk_name) + open(sk_name, "wb+").write(sk.to_pem()) vk = sk.get_verifying_key() - print('Public key in various formats:') + print("Public key in various formats:") print() print([c for c in vk.to_string()]) print() - print(''.join(['%02x' % c for c in vk.to_string()])) + print("".join(["%02x" % c for c in vk.to_string()])) print() - print('"\\x' + '\\x'.join(['%02x' % c for c in vk.to_string()]) + '"') + print('"\\x' + "\\x".join(["%02x" % c for c in vk.to_string()]) + '"') print() @@ -722,20 +725,20 @@ def sign_main(): if asked_for_help() or len(sys.argv) != 4: print( - 'Signs a firmware hex file, outputs a .json file that can be used for signed update.' + "Signs a firmware hex file, outputs a .json file that can be used for signed update." ) - print('usage: %s [-h]' % sys.argv[0]) + print("usage: %s [-h]" % sys.argv[0]) print() sys.exit(1) msg = get_firmware_object(sys.argv[1], sys.argv[2]) - print('Saving signed firmware to', sys.argv[3]) - wfile = open(sys.argv[3], 'wb+') + print("Saving signed firmware to", sys.argv[3]) + wfile = open(sys.argv[3], "wb+") wfile.write(json.dumps(msg).encode()) wfile.close() def use_dfu(args): - fw = args.__dict__['[firmware]'] + fw = args.__dict__["[firmware]"] for i in range(0, 8): dfu = DFUDevice() @@ -746,15 +749,15 @@ def use_dfu(args): dfu = None if dfu is None: - print('No STU DFU device found. ') + print("No STU DFU device found. ") if args.dfu_serial: - print('Serial number used: ', args.dfu_serial) + print("Serial number used: ", args.dfu_serial) sys.exit(1) dfu.init() if fw: ih = IntelHex() - ih.fromfile(fw, format='hex') + ih.fromfile(fw, format="hex") chunk = 2048 seg = ih.segments()[0] @@ -762,11 +765,11 @@ def use_dfu(args): total = 0 t1 = time.time() * 1000 - print('erasing...') + print("erasing...") try: dfu.mass_erase() except usb.core.USBError: - dfu.write_page(0x08000000 + 2048 * 10, 'ZZFF' * (2048 // 4)) + dfu.write_page(0x08000000 + 2048 * 10, "ZZFF" * (2048 // 4)) dfu.mass_erase() page = 0 @@ -780,7 +783,7 @@ def use_dfu(args): progress = total / float(size) * 100 sys.stdout.write( - 'downloading %.2f%% %08x - %08x ... \r' + "downloading %.2f%% %08x - %08x ... \r" % (progress, i, i + page) ) # time.sleep(0.100) @@ -789,8 +792,8 @@ def use_dfu(args): # print(dfu.read_mem(i,16)) t2 = time.time() * 1000 print() - print('time: %d ms' % (t2 - t1)) - print('verifying...') + print("time: %d ms" % (t2 - t1)) + print("verifying...") progress = 0 for start, end in ih.segments(): for i in range(start, end, chunk): @@ -799,13 +802,13 @@ def use_dfu(args): total += chunk progress = total / float(size) * 100 sys.stdout.write( - 'reading %.2f%% %08x - %08x ... \r' + "reading %.2f%% %08x - %08x ... \r" % (progress, i, i + page) ) if (end - start) == chunk: assert data1 == data2 print() - print('firmware readback verified.') + print("firmware readback verified.") if args.detach: dfu.detach() @@ -815,71 +818,71 @@ def programmer_main(): parser = argparse.ArgumentParser() parser.add_argument( "[firmware]", - nargs='?', - default='', - help='firmware file. Either a JSON or hex file. JSON file contains signature while hex does not.', + nargs="?", + default="", + help="firmware file. Either a JSON or hex file. JSON file contains signature while hex does not.", ) parser.add_argument( "--use-hid", action="store_true", - help='Programs using custom HID command (default). Quicker than using U2F authenticate which is what a browser has to use.', + help="Programs using custom HID command (default). Quicker than using U2F authenticate which is what a browser has to use.", ) parser.add_argument( "--use-u2f", action="store_true", - help='Programs using U2F authenticate. This is what a web application will use.', + help="Programs using U2F authenticate. This is what a web application will use.", ) parser.add_argument( "--no-reset", action="store_true", - help='Don\'t reset after writing firmware. Stay in bootloader mode.', + help="Don't reset after writing firmware. Stay in bootloader mode.", ) parser.add_argument( "--reset-only", action="store_true", - help='Don\'t write anything, try to boot without a signature.', + help="Don't write anything, try to boot without a signature.", ) parser.add_argument( - "--reboot", action="store_true", help='Tell bootloader to reboot.' + "--reboot", action="store_true", help="Tell bootloader to reboot." ) parser.add_argument( "--enter-bootloader", action="store_true", - help='Don\'t write anything, try to enter bootloader. Typically only supported by Solo Hacker builds.', + help="Don't write anything, try to enter bootloader. Typically only supported by Solo Hacker builds.", ) parser.add_argument( "--st-dfu", action="store_true", - help='Don\'t write anything, try to enter ST DFU. Warning, you could brick your Solo if you overwrite everything. You should reprogram the option bytes just to be safe (boot to Solo bootloader first, then run this command).', + help="Don't write anything, try to enter ST DFU. Warning, you could brick your Solo if you overwrite everything. You should reprogram the option bytes just to be safe (boot to Solo bootloader first, then run this command).", ) parser.add_argument( "--disable", action="store_true", - help='Disable the Solo bootloader. Cannot be undone. No future updates can be applied.', + help="Disable the Solo bootloader. Cannot be undone. No future updates can be applied.", ) parser.add_argument( "--detach", action="store_true", - help='Detach from ST DFU and boot from main flash. Must be in DFU mode.', + help="Detach from ST DFU and boot from main flash. Must be in DFU mode.", ) parser.add_argument( "--dfu-serial", - default='', - help='Specify a serial number for a specific DFU device to connect to.', + default="", + help="Specify a serial number for a specific DFU device to connect to.", ) parser.add_argument( - "--use-dfu", action="store_true", help='Boot to ST-DFU before continuing.' + "--use-dfu", action="store_true", help="Boot to ST-DFU before continuing." ) args = parser.parse_args() - fw = args.__dict__['[firmware]'] + fw = args.__dict__["[firmware]"] p = SoloClient() try: p.find_device() if args.use_dfu: - print('entering dfu..') + print("entering dfu..") try: attempt_to_boot_bootloader(p) p.enter_st_dfu() @@ -887,7 +890,7 @@ def programmer_main(): # already in DFU mode? pass except RuntimeError: - print('No Solo device detected.') + print("No Solo device detected.") if fw or args.detach: use_dfu(args) sys.exit(0) @@ -905,7 +908,7 @@ def programmer_main(): p.set_reboot(False) if args.enter_bootloader: - print('Attempting to boot into bootloader mode...') + print("Attempting to boot into bootloader mode...") attempt_to_boot_bootloader(p) sys.exit(0) @@ -914,7 +917,7 @@ def programmer_main(): sys.exit(0) if args.st_dfu: - print('Sending command to boot into ST DFU...') + print("Sending command to boot into ST DFU...") p.enter_st_dfu() sys.exit(0) @@ -922,8 +925,8 @@ def programmer_main(): p.disable_solo_bootloader() sys.exit(0) - if fw == '' and not args.reset_only: - print('Need to supply firmware filename, or see help for more options.') + if fw == "" and not args.reset_only: + print("Need to supply firmware filename, or see help for more options.") parser.print_help() sys.exit(1) @@ -931,16 +934,16 @@ def programmer_main(): p.bootloader_version() except CtapError as e: if e.code == CtapError.ERR.INVALID_COMMAND: - print('Bootloader not active. Attempting to boot into bootloader mode...') + print("Bootloader not active. Attempting to boot into bootloader mode...") attempt_to_boot_bootloader(p) else: raise (e) except ApduError: - print('Bootloader not active. Attempting to boot into bootloader mode...') + print("Bootloader not active. Attempting to boot into bootloader mode...") attempt_to_boot_bootloader(p) if args.reset_only: - p.exchange(SoloBootloader.done, 0, b'A' * 64) + p.exchange(SoloBootloader.done, 0, b"A" * 64) else: p.program_file(fw) @@ -948,7 +951,7 @@ def programmer_main(): def main_mergehex(): if len(sys.argv) < 3: print( - 'usage: %s [...] [-s ] ' + "usage: %s [...] [-s ] " ) sys.exit(1) @@ -964,7 +967,7 @@ def main_mergehex(): # user supplied, optional for i, x in enumerate(args): - if x == '-s': + if x == "-s": secret_attestation_key = args[i + 1] args = args[:i] + args[i + 2 :] break @@ -977,8 +980,8 @@ def main_mergehex(): first = IntelHex(args[1]) for i in range(2, len(args) - 1): - print('merging %s with ' % (args[1]), args[i]) - first.merge(IntelHex(args[i]), overlap='replace') + print("merging %s with " % (args[1]), args[i]) + first.merge(IntelHex(args[i]), overlap="replace") first[flash_addr(APPLICATION_END_PAGE - 1)] = 0x41 first[flash_addr(APPLICATION_END_PAGE - 1) + 1] = 0x41 @@ -1004,19 +1007,19 @@ def main_mergehex(): for i, x in enumerate(key): first[ATTEST_ADDR + i] = x - first.tofile(args[len(args) - 1], format='hex') + first.tofile(args[len(args) - 1], format="hex") -if __name__ == '__main__': +if __name__ == "__main__": if sys.version_info[0] < 3: - print('Sorry, python3 is required.') + print("Sorry, python3 is required.") sys.exit(1) if len(sys.argv) < 2 or (len(sys.argv) == 2 and asked_for_help()): - print('Diverse command line tool for working with Solo') - print('usage: %s [options] [-h]' % sys.argv[0]) - print('commands: program, solo, monitor, sign, genkey, mergehex') + print("Diverse command line tool for working with Solo") + print("usage: %s [options] [-h]" % sys.argv[0]) + print("commands: program, solo, monitor, sign, genkey, mergehex") print( """ Examples: @@ -1039,19 +1042,19 @@ Examples: c = sys.argv[1] sys.argv = sys.argv[:1] + sys.argv[2:] - sys.argv[0] = sys.argv[0] + ' ' + c + sys.argv[0] = sys.argv[0] + " " + c - if c == 'program': + if c == "program": programmer_main() - elif c == 'solo': + elif c == "solo": solo_main() - elif c == 'monitor': + elif c == "monitor": monitor_main() - elif c == 'sign': + elif c == "sign": sign_main() - elif c == 'genkey': + elif c == "genkey": genkey_main() - elif c == 'mergehex': + elif c == "mergehex": main_mergehex() else: - print('invalid command: %s' % c) + print("invalid command: %s" % c)