Create CHANGELOG.md

2019-02-17 16:16:29 -05:00
8 changed files with 23 additions and 40 deletions
--- a/2
+++ b/2
@ -80,7 +80,7 @@ docker-build:
 	docker build -t $(DOCKER_IMAGE) .
 	docker run --rm -v "$(CURDIR)/builds:/builds" \
 				    -v "$(CURDIR)/in-docker-build.sh:/in-docker-build.sh" \
-				    $(DOCKER_IMAGE) "./in-docker-build.sh" $(SOLO_VERSIONISH)
+				    $(DOCKER_IMAGE) /in-docker-build.sh $(SOLO_VERSIONISH)

 CPPCHECK_FLAGS=--quiet --error-exitcode=2

--- a/1
+++ b/1
@ -1 +0,0 @@
-1.1.1
--- a/docs/solo/udev.md
+++ b/docs/solo/udev.md
@ -1,16 +1,13 @@
 # tl;dr

-Create a file like [`/etc/udev/rules.d/99-solo.rules`](https://github.com/solokeys/solo/blob/master/99-solo.rules), for instance the following rules should cover access in all cases:
+Create [`/etc/udev/rules.d/99-solo.rules`](https://github.com/solokeys/solo/blob/master/99-solo.rules) and add the following (which assumes your user is in group `plugdev`):

 ```
-# Solo bootloader + firmware
-ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", GROUP="plugdev"
-
-# ST DFU bootloader
-ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess", GROUP="plugdev"
+# Solo
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess", GROUP="plugdev", SYMLINK+="solokey"

 # U2F Zero
-ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev"
+KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", SYMLINK+="u2fzero"
 ```

 Then run
--- a/fido2/extensions/extensions.c
+++ b/fido2/extensions/extensions.c
@ -118,7 +118,7 @@ int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len)
        {
            if ( ! is_extension_request((uint8_t *) &auth->kh, auth->khl))     // Pin requests
            {
-                rcode = U2F_SW_WRONG_DATA;
+                rcode = U2F_SW_WRONG_PAYLOAD;
                printf1(TAG_EXT, "Ignoring U2F auth request\n");
                dump_hex1(TAG_EXT, (uint8_t *) &auth->kh, auth->khl);
                goto end;
--- a/fido2/u2f.c
+++ b/fido2/u2f.c
@ -196,7 +196,6 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c

    if (control == U2F_AUTHENTICATE_CHECK)
    {
-        printf1(TAG_U2F, "CHECK-ONLY\r\n");
        if (u2f_appid_eq(&req->kh, req->app) == 0)
        {
            return U2F_SW_CONDITIONS_NOT_SATISFIED;
@ -214,7 +213,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c

        )
    {
-        return U2F_SW_WRONG_DATA;
+        return U2F_SW_WRONG_PAYLOAD;
    }


--- a/fido2/u2f.h
+++ b/fido2/u2f.h
@ -42,11 +42,12 @@

 // Command status responses
 #define U2F_SW_NO_ERROR                     0x9000
+#define U2F_SW_WRONG_DATA                   0x6984
 #define U2F_SW_CONDITIONS_NOT_SATISFIED     0x6985
 #define U2F_SW_INS_NOT_SUPPORTED            0x6d00
 #define U2F_SW_WRONG_LENGTH                 0x6700
 #define U2F_SW_CLASS_NOT_SUPPORTED          0x6E00
-#define U2F_SW_WRONG_DATA                   0x6a80
+#define U2F_SW_WRONG_PAYLOAD                0x6a80
 #define U2F_SW_INSUFFICIENT_MEMORY          0x9210

 // Delay in milliseconds to wait for user input
--- a/in-docker-build.sh
+++ b/in-docker-build.sh
@ -5,7 +5,7 @@ version=${1:-master}
 export PREFIX=/opt/gcc-arm-none-eabi-8-2018-q4-major/bin/

 cd /solo/targets/stm32l432
-git fetch --tags
+git fetch
 git checkout ${version}
 version=$(git describe)

--- a/tools/ctap_test.py
+++ b/tools/ctap_test.py
@ -12,10 +12,6 @@
 # Script for testing correctness of CTAP2/CTAP1 security token

 from __future__ import print_function, absolute_import, unicode_literals
-import sys, os, time
-from random import randint
-from binascii import hexlify
-import array, struct, socket

 from fido2.hid import CtapHidDevice, CTAPHID
 from fido2.client import Fido2Client, ClientError
@ -24,10 +20,10 @@ from fido2.ctap1 import CTAP1
 from fido2.ctap2 import *
 from fido2.cose import *
 from fido2.utils import Timeout, sha256
-from fido2.attestation import Attestation
-
-from solo.fido2 import forceUDPBackend
-
+import sys, os, time
+from random import randint
+from binascii import hexlify
+import array, struct, socket

 # Set up a FIDO 2 client using the origin https://example.com

@ -39,11 +35,6 @@ def ForceU2F(client, device):
    client._do_get_assertion = client._ctap1_get_assertion


-def VerifyAttestation(attest, data):
-    verifier = Attestation.for_type(attest.fmt)
-    verifier().verify(attest.att_statement, attest.auth_data, data.hash)
-
-
 class Packet(object):
    def __init__(self, data):
        l = len(data)
@ -424,7 +415,7 @@ class Tester:
            rp, user, challenge, pin=PIN, exclude_list=[]
        )
        t2 = time.time() * 1000
-        VerifyAttestation(attest, data)
+        attest.verify(data.hash)
        print("Register valid (%d ms)" % (t2 - t1))

        cred = attest.auth_data.credential_data
@ -474,7 +465,7 @@ class Tester:
                )
                print(attest.auth_data.counter)
                t2 = time.time() * 1000
-                VerifyAttestation(attest, data)
+                attest.verify(data.hash)
                print("Register valid (%d ms)" % (t2 - t1))
            sys.stdout.flush()

@ -520,7 +511,7 @@ class Tester:
                attest, data = self.client.make_credential(
                    rp, user, challenge, pin=PIN, exclude_list=[]
                )
-                VerifyAttestation(attest, data)
+                attest.verify(data.hash)
                # verify endian-ness is correct
                assert attest.auth_data.counter < 0x10000
                cred = attest.auth_data.credential_data
@ -544,7 +535,7 @@ class Tester:
            attest, data = self.client.make_credential(
                rp, user, challenge, pin=PIN, exclude_list=exclude_list
            )
-            VerifyAttestation(attest, data)
+            attest.verify(data.hash)
            cred = attest.auth_data.credential_data
            creds.append(cred)
            print("PASS")
@ -674,7 +665,7 @@ class Tester:
            rp, user0, challenge, pin=PIN, exclude_list=[], rk=True
        )
        t2 = time.time() * 1000
-        VerifyAttestation(attest, data)
+        attest.verify(data.hash)
        creds.append(attest.auth_data.credential_data)
        print("Register valid (%d ms)" % (t2 - t1))

@ -696,7 +687,7 @@ class Tester:
                rp, users[i], challenge, pin=PIN, exclude_list=[], rk=True
            )
            t2 = time.time() * 1000
-            VerifyAttestation(attest, data)
+            attest.verify(data.hash)
            print("Register valid (%d ms)" % (t2 - t1))

            creds.append(attest.auth_data.credential_data)
@ -719,7 +710,7 @@ class Tester:
            rp, users[1], challenge, pin=PIN, exclude_list=[], rk=True
        )
        t2 = time.time() * 1000
-        VerifyAttestation(attest, data)
+        attest.verify(data.hash)
        creds = creds[:2] + creds[3:] + [attest.auth_data.credential_data]
        print("Register valid (%d ms)" % (t2 - t1))

@ -784,7 +775,7 @@ class Tester:
                    rp, user, challenge, pin=PIN, exclude_list=[], rk=True
                )
                t2 = time.time() * 1000
-                VerifyAttestation(attest, data)
+                attest.verify(data.hash)
                creds = [attest.auth_data.credential_data]
                print("Register valid (%d ms)" % (t2 - t1))

@ -834,10 +825,6 @@ def test_find_brute_force():


 if __name__ == "__main__":
-    if len(sys.argv) > 1 and sys.argv[1] == "sim":
-        print("Using UDP backend.")
-        forceUDPBackend()
-
    t = Tester()
    t.find_device()
    # t.test_hid()