From 60d5222873b77abcee4b96e7c21c168bc8953f17 Mon Sep 17 00:00:00 2001 From: Paul Jimenez Date: Sat, 15 Sep 2018 17:40:33 -0400 Subject: [PATCH 1/5] Automate some building of the C library --- Makefile | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 04b4619..52815b8 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,8 @@ EFM32_DEBUGGER= -s 440083537 --device EFM32JG1B200F128GM32 src = $(wildcard pc/*.c) $(wildcard fido2/*.c) $(wildcard crypto/sha256/*.c) crypto/tiny-AES-c/aes.c obj = $(src:.c=.o) uECC.o -LDFLAGS = -Wl,--gc-sections ./tinycbor/lib/libtinycbor.a +LIBCBOR = tinycbor/lib/libtinycbor.a +LDFLAGS = -Wl,--gc-sections $(LIBCBOR) CFLAGS = -O2 -fdata-sections -ffunction-sections INCLUDES = -I./tinycbor/src -I./crypto/sha256 -I./crypto/micro-ecc/ -Icrypto/tiny-AES-c/ -I./fido2/ -I./pc -I./fido2/extensions @@ -24,11 +25,20 @@ CFLAGS += $(INCLUDES) name = main +.PHONY: all all: main -cbor: + +tinycbor/Makefile crypto/tiny-AES-c/aes.h: + git submodule update --init + +.PHONY: cbor +cbor: $(LIBCBOR) + +$(LIBCBOR): tinycbor/Makefile cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8 +.PHONY: test test: testgcm efm8prog: @@ -51,10 +61,19 @@ efm32bootprog: cd './targets/efm32boot/GNU ARM v7.2.1 - Debug' && $(MAKE) all commander flash './efm32boot/GNU ARM v7.2.1 - Debug/efm32boot.hex' $(EFM32_DEBUGGER) --masserase -$(name): $(obj) + +crypto/tiny-AES-c/aes.o: + if ! grep "^#define AES256" crypto/tiny-AES-c/aes.h ; then \ + echo "Fixing crypto/tiny-AES-c/aes.h" ;\ + sed -i 's/^#define AES1\/\/#define AES1; s/^\/*#define AES256/#define AES256/' crypto/tiny-AES-c/aes.h ;\ + fi + $(CC) $(CFLAGS) -c -o crypto/tiny-AES-c/aes.o crypto/tiny-AES-c/aes.c + + +$(name): $(obj) $(LIBCBOR) $(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS) -testgcm: $(obj) +testgcm: $(obj) $(LIBCBOR) $(CC) -c main.c $(CFLAGS) -DTEST -o main.o $(CC) -c crypto/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes_gcm.o $(CC) $(LDFLAGS) -o $@ $^ $(LDFLAGS) @@ -64,3 +83,9 @@ uECC.o: ./crypto/micro-ecc/uECC.c clean: rm -f *.o main.exe main $(obj) + for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \ + if [ -f "$$f" ]; then \ + (cd `dirname $$f` ; git co -- .) ;\ + fi ;\ + done + From 9e1bb6662a4762d474392c3d1dd78ef126814da7 Mon Sep 17 00:00:00 2001 From: Paul Jimenez Date: Tue, 18 Sep 2018 21:42:55 -0400 Subject: [PATCH 2/5] Automate python venv creation. Add convenient Makefile targets. --- .gitignore | 1 + Makefile | 36 +++++++++++++++++++++++++++++++++--- README.md | 34 ++++++++-------------------------- 3 files changed, 42 insertions(+), 29 deletions(-) diff --git a/.gitignore b/.gitignore index e47ce92..03744a0 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,4 @@ tools/python-fido2/* *.key site/ _site/ +venv/ diff --git a/Makefile b/Makefile index 52815b8..201aa7b 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ CFLAGS += $(INCLUDES) name = main .PHONY: all -all: main +all: python-fido2 main tinycbor/Makefile crypto/tiny-AES-c/aes.h: @@ -63,7 +63,7 @@ efm32bootprog: crypto/tiny-AES-c/aes.o: - if ! grep "^#define AES256" crypto/tiny-AES-c/aes.h ; then \ + if ! grep -q "^#define AES256" crypto/tiny-AES-c/aes.h ; then \ echo "Fixing crypto/tiny-AES-c/aes.h" ;\ sed -i 's/^#define AES1\/\/#define AES1; s/^\/*#define AES256/#define AES256/' crypto/tiny-AES-c/aes.h ;\ fi @@ -81,11 +81,41 @@ testgcm: $(obj) $(LIBCBOR) uECC.o: ./crypto/micro-ecc/uECC.c $(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(platform) -I./crypto/micro-ecc/ + +# python virtualenv + +venv: + @if ! which virtualenv >/dev/null ; then \ + echo "ERR: Sorry, no python virtualenv found. Please consider installing " ;\ + echo " it via something like:" ;\ + echo " sudo apt install python-virtualenv" ;\ + echo " or maybe:" ;\ + echo " pip install virtualenv" ;\ + fi + virtualenv venv + ./venv/bin/pip install wheel + +.PHONY: python-fido2 +python-fido2: venv + cd python-fido2/ && ../venv/bin/python setup.py install + +venv/bin/mkdocs: venv + ./venv/bin/pip install mkdocs mkdocs-material + +.PHONY: docsrv +docsrv: venv/bin/mkdocs + ./venv/bin/mkdocs serve + +.PHONY: fido2-test +fido2-test: + ./venv/bin/python tools/ctap_test.py + clean: rm -f *.o main.exe main $(obj) for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \ if [ -f "$$f" ]; then \ - (cd `dirname $$f` ; git co -- .) ;\ + (cd `dirname $$f` ; git checkout -- .) ;\ fi ;\ done + rm -rf venv diff --git a/README.md b/README.md index 26cf1ab..4385773 100644 --- a/README.md +++ b/README.md @@ -39,39 +39,22 @@ bulk order and provide open source security tokens for everyone that is interest # Setting up -Clone and Compile CBOR library and FIDO 2 client library. +Clone solo and build it ```bash git clone https://github.com/SoloKeysSec/solo cd solo/ -git submodule update --init - -cd tinycbor && make -cd .. - -cd python-fido2/ -python setup.py install +make all ``` +This builds our FIDO 2.0 and the U2F authenticator, as well as making a virtualenv in venv/ +that has our python-fido2 fork installed. + Note that our python-fido2 fork will only connect to the software FIDO2 application, not a hardware authenticator. Install Yubico's fork to do that. -Open `crypto/tiny-AES-c/aes.h` in a text editor and make sure AES256 is selected as follows. - -``` -//#define AES128 1 -//#define AES192 1 -#define AES256 1 -``` - -Now compile FIDO 2.0 and U2F authenticator. - -```bash -make -``` - # Testing and development The application is set up to send and recv USB HID messages over UDP to ease @@ -90,13 +73,13 @@ Run FIDO 2 / U2F application. Run example client software. This runs through a registration and authentication. ``` -python python-fido2/examples/credential.py +./venv/bin/python python-fido2/examples/credential.py ``` Run the FIDO2 tests. ``` -python tools/ctap_test.py +make fido2-test ``` Follow specifications to really dig in. @@ -142,8 +125,7 @@ for each interface. Look at the issues to see what is currently being worked on. Feel free to add issues as well. -This is an upgrade to [U2F -Zero](https://github.com/conorpp/u2f-zero). +This is an upgrade to [U2F Zero](https://github.com/conorpp/u2f-zero). # License From f429d6798e893fac3cd423157b39f9e5e661a7da Mon Sep 17 00:00:00 2001 From: Paul Jimenez Date: Tue, 16 Oct 2018 23:23:59 -0400 Subject: [PATCH 3/5] use CFLAGS to define AES256 for tiny-AES-c instead of mucking with aes.h --- Makefile | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 201aa7b..7debe98 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,8 @@ CFLAGS = -O2 -fdata-sections -ffunction-sections INCLUDES = -I./tinycbor/src -I./crypto/sha256 -I./crypto/micro-ecc/ -Icrypto/tiny-AES-c/ -I./fido2/ -I./pc -I./fido2/extensions CFLAGS += $(INCLUDES) +# for crypto/tiny-AES-c +CFLAGS += -DAES256=1 name = main @@ -29,7 +31,7 @@ name = main all: python-fido2 main -tinycbor/Makefile crypto/tiny-AES-c/aes.h: +tinycbor/Makefile crypto/tiny-AES-c/aes.c: git submodule update --init .PHONY: cbor @@ -61,15 +63,6 @@ efm32bootprog: cd './targets/efm32boot/GNU ARM v7.2.1 - Debug' && $(MAKE) all commander flash './efm32boot/GNU ARM v7.2.1 - Debug/efm32boot.hex' $(EFM32_DEBUGGER) --masserase - -crypto/tiny-AES-c/aes.o: - if ! grep -q "^#define AES256" crypto/tiny-AES-c/aes.h ; then \ - echo "Fixing crypto/tiny-AES-c/aes.h" ;\ - sed -i 's/^#define AES1\/\/#define AES1; s/^\/*#define AES256/#define AES256/' crypto/tiny-AES-c/aes.h ;\ - fi - $(CC) $(CFLAGS) -c -o crypto/tiny-AES-c/aes.o crypto/tiny-AES-c/aes.c - - $(name): $(obj) $(LIBCBOR) $(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS) From 25b5091a2cbe75834b46767d14ae909ca53ffe34 Mon Sep 17 00:00:00 2001 From: Paul Jimenez Date: Tue, 16 Oct 2018 23:31:24 -0400 Subject: [PATCH 4/5] document docsrv target --- docs/documenting.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/documenting.md b/docs/documenting.md index 9f6d0cc..012d8d1 100644 --- a/docs/documenting.md +++ b/docs/documenting.md @@ -2,8 +2,6 @@ Documentation of the `master` branch is deployed to Netlify automatically. To host or develop locally: -- install python3 and pip -- `pip install mkdocs mkdocs-material` -- `mkdocs serve` and visit [localhost:8000](http://localhost:8000). +- `make docsrv` and visit [localhost:8000](http://localhost:8000). The file `runtime.txt` is necessary to tell Netlify to use Python3. From c3702b9a2911c06d302a8527de29ab0681c797f2 Mon Sep 17 00:00:00 2001 From: Paul Jimenez Date: Wed, 17 Oct 2018 00:50:40 -0400 Subject: [PATCH 5/5] fix testgcm target --- Makefile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 7debe98..12d00f6 100644 --- a/Makefile +++ b/Makefile @@ -66,9 +66,11 @@ efm32bootprog: $(name): $(obj) $(LIBCBOR) $(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS) -testgcm: $(obj) $(LIBCBOR) - $(CC) -c main.c $(CFLAGS) -DTEST -o main.o - $(CC) -c crypto/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes_gcm.o +crypto/aes-gcm/aes_gcm.o: + $(CC) -c crypto/aes-gcm/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes-gcm/aes_gcm.o + +testgcm: $(obj) $(LIBCBOR) crypto/aes-gcm/aes_gcm.o + $(CC) -c fido2/main.c $(CFLAGS) -DTEST -o fido2/main.o $(CC) $(LDFLAGS) -o $@ $^ $(LDFLAGS) uECC.o: ./crypto/micro-ecc/uECC.c @@ -104,7 +106,7 @@ fido2-test: ./venv/bin/python tools/ctap_test.py clean: - rm -f *.o main.exe main $(obj) + rm -f *.o main.exe main testgcm $(obj) for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \ if [ -f "$$f" ]; then \ (cd `dirname $$f` ; git checkout -- .) ;\