build standalone

Link to renewed GPG key.

Makefile

@@ -103,6 +103,7 @@ uncached-docker-build-toolchain:
 docker-build-all:
 	docker run --rm -v "$(CURDIR)/builds:/builds" \
 					-v "$(CURDIR):/solo" \
+					-u $(shell id -u ${USER}):$(shell id -g ${USER}) \
 				    $(DOCKER_TOOLCHAIN_IMAGE) "solo/in-docker-build.sh" ${SOLO_VERSION_FULL}
 
 CPPCHECK_FLAGS=--quiet --error-exitcode=2

README.md

@@ -30,7 +30,7 @@ Solo for Hacker is a special version of Solo that let you customize its firmware
 
 Check out [solokeys.com](https://solokeys.com), for options on where to buy Solo.  Solo Hacker can be converted to a secure version, but normal Solo cannot be converted to a Hacker version.
 
-If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.io/solo/building/). We support Python3.
+If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.dev/building/). We support Python3.
 
 For example, if you want to turn off any blue light emission, you can edit [`led_rgb()`](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/app.h#L48) and change `LED_INIT_VALUE`
 to be a different hex color.
@@ -61,9 +61,11 @@ git checkout ${VERSION_TO_BUILD}
 git submodule update --init --recursive
 ```
 
-## Installing the toolchain
+## Installing the toolchain and applying updates
 
-In order to compile ARM code, you need the ARM compiler and other things like bundling bootloader and firmware require the `solo-python` python package. Check our [documentation](https://docs.solokeys.io/solo/) for details
+In order to compile ARM code, you need the ARM compiler and other things like bundling bootloader and firmware require the [solo-python](https://github.com/solokeys/solo-python) python package. Check our [documentation](https://docs.solokeys.dev/) for details.
+
+You can update your solokey after running `pip3 install solo-python` with `solo key update` for the latest version. To apply a custom image use `solo program bootloader <file>(.json|.hex)`.
 
 ## Installing the toolkit and compiling in Docker
 Alternatively, you can use Docker to create a container with the toolchain.
@@ -120,12 +122,12 @@ Run the Solo application:
 
 In another shell, you can run our [test suite](https://github.com/solokeys/fido2-tests).
 
-You can find more details in our [documentation](https://docs.solokeys.io/solo/), including how to build on the the NUCLEO-L432KC development board.
+You can find more details in our [documentation](https://docs.solokeys.dev/), including how to build on the the NUCLEO-L432KC development board.
 
 
 # Documentation
 
-Check out our [official documentation](https://docs.solokeys.io/solo/).
+Check out our [official documentation](https://docs.solokeys.dev/).
 
 
 # Contributors ✨

SECURITY.md

@@ -21,7 +21,7 @@ To report vulnerabilities you have found:
 - preferably contact [@conor1](https://keybase.io/conor1), [@0x0ece](https://keybase.io/0x0ece) or [@nickray](https://keybase.io/nickray) via Keybase, or
 - send us e-mail using OpenPGP to [security@solokeys.com](mailto:security@solokeys.com).
 
-<https://keys.openpgp.org/vks/v1/by-fingerprint/85AFA2769F4381E5712C36A04DDFC46FEF1F7F3F>
+<https://keys.openpgp.org/vks/v1/by-fingerprint/BFA3F5387D025E8945CF907FC2F2505A63868DFA>
 
 We do not currently run a paid bug bounty program, but are happy to provide you with a bunch of Solo keys in recognition of your findings.
 

STABLE_VERSION

@@ -1 +1 @@
-3.0.0
+4.0.0

default.nix

@@ -0,0 +1,27 @@
+let
+  pkgs = import (fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/20.03.tar.gz"; sha256 = "0182ys095dfx02vl2a20j1hz92dx3mfgz2a6fhn31bqlp1wa8hlq"; }) { };
+  pyPackages = (python-packages: with python-packages; ([
+    solo-python
+    pytest
+  ] ++ (with builtins; map (d: getAttr d python-packages) (filter (d: stringLength d > 0) (pkgs.lib.splitString "\n" (builtins.readFile ./tools/requirements.txt))))));
+  python-with-my-packages = pkgs.python3.withPackages pyPackages;
+  src = with pkgs.lib; builtins.filterSource (path: type: !(hasSuffix path "hex" || hasSuffix path "sha256" || baseNameOf path == "result")) ./.;
+in
+with pkgs; stdenv.mkDerivation {
+  name = "solo";
+  outputs = [ "out" ];
+  inherit src;
+  buildInputs = [ src gnumake gcc gcc-arm-embedded-8 git python-with-my-packages ];
+  phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
+  installPhase = ''
+    mkdir -p $out/firmware $out/standalone/bin
+    make 
+    cp main $out/standalone/bin/
+    cd targets/stm32l432
+    make cbor
+    make build-hacker
+    cp *.hex *.sha256 *.elf cubeconfig_stm32l442.ioc $out/firmware/ 
+    ln -s ${src} $out/src
+  '';
+  keepDebugInfo = true;
+}

docs/_redirects

@@ -0,0 +1 @@
+/solo/* /:splat 302

docs/application-ideas.md

@@ -1,16 +1,23 @@
 # Using Solo for passwordless or second factor login on Linux 
 
-## Setup on Ubuntu 18.04
+## Setup on Ubuntu and Manjaro
 Before you can use Solo for passwordless or second factor login in your Linux system you have to install some packages.
  
-This was tested under **Linux Mint 19.2**.
+This was tested on **Linux Mint 19.3** and on **Manjaro 18.x**
 
 First you have to install PAM modules for u2f.
 
+**Ubuntu (Linux Mint):**
 ```
   sudo apt install libpam-u2f pamu2fcfg
 ```
 
+**Manjaro**
+```
+  pacman -Syu pam-u2f
+```
+
+
 ## Setting up key
 To use Solo as passwordless or second factor login, you have to setup your system with your Solo.
 First create a new folder named **Yubico** in your **.config** folder in your **home** directory
@@ -28,35 +35,57 @@ If you want to register an additional key use this command instead:
   pamu2fcfg >> ~/.config/Yubico/u2f_keys
 ```
 Now press the button on your Solo.
+<br>
+<br>
 
-
-If you can't generate your key (error message), you may add Yubico Team from PPA and install latest libpam-u2f and pamu2fcfg and try again.
+If you can't generate your key on **Ubuntu** (error message), you may add Yubico Team from PPA and install latest libpam-u2f and pamu2fcfg and try again.
 ```
   sudo add-apt-repository ppa:yubico/stable
   sudo apt-get update
   sudo apt-get upgrade
 ```
 
+**Manjaro** should work without problems.
+
 
 ## Login into Linux
 ### Passwordless
 To login passwordless into your Linux system, you have to edit the file **lightdm** (or **gdm** or which display manager you prefered).
-In case of lightdm:
+In case of lightdm and VIM as editor:
 
 ```
-sudo vim /etc/pam.d/lightdm
+  sudo vim /etc/pam.d/lightdm
 ```
-Now search following entry:
+
+**On Ubuntu:**<br>
+Search following entry:
 ```
-@include common-auth
+  @include common-auth
 ```
 and add
 ```
-auth    sufficient      pam_u2f.so
+  auth    sufficient      pam_u2f.so
 ```
-**before** @include common-auth.
+**before** *@include common-auth.*
+<br>
+<br>
 
-Save the file and test it.<br>
+**On Manjaro**<br>
+Search following enrty
+```
+  auth    include   system-login
+```
+
+and add
+```
+  auth    sufficient    pam_u2f.so
+```
+
+** before** *auth include system-login*.
+<br>
+<br>
+
+Now save the file and test it.<br>
 Insert Solo in your USB port and logout.
 Now you should be able to login into Linux without password, only with pressing your button on Solo and press enter.
 
@@ -65,7 +94,7 @@ Why **sufficient**? The difference between the keyword sufficient and required i
 
 The login mechanism can be also used for additional features like:
 
-:  - Login after screen timeout - edit /etc/pam.d/mate-screensaver (or kde-screensaver, ...)
+  - Login after screen timeout - edit /etc/pam.d/mate-screensaver (or kde-screensaver, ...)
   - Passwordless sudo - edit /etc/pam.d/sudo
 
 Check out your folder **/etc/pam.d/** and do some experiments.
@@ -78,17 +107,36 @@ The login passwordless won't make your system more secure, but maybe more comfor
 To use Solo as second factor, for login into your Linux system, is nearly the same.
 
 ```
-sudo vim /etc/pam.d/lightdm
+  sudo vim /etc/pam.d/lightdm
 ```
-Now search following entry:
+
+**On Ubuntu**<br>
+Search following entry:
 ```
-@include common-auth
+  @include common-auth
 ```
 and add
 ```
-auth    required      pam_u2f.so
+  auth    required      pam_u2f.so
 ```
-**after** @include common-auth.
+**after** *@include common-auth*.
+<br>
+<br>
+
+**On Manjaro**<br>
+Search following entry:
+```
+  auth   include    system-login
+```
+
+Add following entry
+```
+  auth    required    pam_u2f.so
+```
+
+**after** *auth include system-login*.
+<br>
+<br>
 
 Save the file and test it. <br>
 In case your Solo is not present, your password will be incrorrect. If Solo is plugged into your USB port, it will signal pressing the button and you will be able to login into Linux.

docs/bootloader-mode.md

@@ -10,7 +10,7 @@ If your Solo is a bit older (<=2.5.3) You can put Solo into bootloader mode by u
 Hold down button while plugging in Solo.  After 2 seconds, bootloader mode will activate.
 You'll see a yellowish flashing light and you can let go of the button.
 
-Now Solo is ready to [accept firmware updates](/solo/signed-updates).  If the Solo is a secured model, it can only accept signed updates, typically in the `firmware-*.json` format.
+Now Solo is ready to [accept firmware updates](/signed-updates).  If the Solo is a secured model, it can only accept signed updates, typically in the `firmware-*.json` format.
 
 # The boot stages of Solo
 

docs/building.md

@@ -104,9 +104,24 @@ solo mergehex bootloader.hex solo.hex bundle.hex
 
 `bundle.hex` is our complete firmware build.  Note it is in this step that you can
 include a custom attestation certificate or lock the device from debugging/DFU.
-By default the "hacker" attestation certifcate and key is used.
+By default the "hacker" attestation certifcate and key is used.  Use the `--lock` flag
+to make this permanent.
 
 ```
+solo mergehex  \
+    --attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
+    --attestation-cert attestation.der \
+    solo.hex \
+    bootloader.hex \
+    bundle.hex
+```
+
+**Warning**: If you use `--lock`, this will permanently lock the device to this new bootloader.  You
+won't be able to program the bootloader again or be able to connect a hardware debugger.
+The new bootloader may be able to accept (signed) updates still, depending on how you configured it.
+
+```
+# Permanent!
 solo mergehex  \
     --attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
     --attestation-cert attestation.der \
@@ -116,11 +131,7 @@ solo mergehex  \
     bundle.hex
 ```
 
-See [here for more information on custom attestation](/solo/customization/).
+See [here for more information on custom attestation](/customization/).
 
-If you use `--lock`, this will permanently lock the device to this new bootloader.  You
-won't be able to program the bootloader again or be able to connect a hardware debugger.
-The new bootloader may be able to accept (signed) updates still, depending on how you configured it.
-
-To learn more about normal updates or a "full" update, you should [read more on Solo's boot stages](/solo/bootloader-mode).
+To learn more about normal updates or a "full" update, you should [read more on Solo's boot stages](/bootloader-mode).
 

docs/customization.md

@@ -19,7 +19,7 @@ and program it.
 ### Creating your attestation key pair
 
 Since we are generating keys, it's important to use a good entropy source.
-You can use the [True RNG on your Solo](/solo/solo-extras) to generate some good random numbers.
+You can use the [True RNG on your Solo](/solo-extras) to generate some good random numbers.
 
 ```
 # Run for 1 second, then hit control-c
@@ -45,7 +45,7 @@ email=example@example.com
 openssl ecparam -genkey -name "$curve" -out root_key.pem -rand seed.bin
 
 # generate a "signing request"
-openssl req -new -key root_key.pem -out root_key.pem.csr  -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
+openssl req -new -key root_key.pem -out root_key.pem.csr  -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=$CN/emailAddress=$email"
 
 # self sign the request
 openssl x509 -trustout -req -days 18250  -in root_key.pem.csr -signkey root_key.pem -out root_cert.pem -sha256
@@ -74,7 +74,7 @@ Note you must use a prime256v1 curve for this step, and you must leave the unit/
 country=US
 state=Maine
 organization=OpenSourceSecurity
-unit="Authenticator Attestation"
+unit="Authenticator Attestation"    # MUST KEEP THIS AS "Authenticator Attestation" for FIDO2.
 CN=example.com
 email=example@example.com
 
@@ -82,7 +82,7 @@ email=example@example.com
 openssl ecparam -genkey -name "$curve" -out device_key.pem -rand seed.bin
 
 # generate a "signing request"
-openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
+openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=$CN/emailAddress=$email"
 
 # sign the request
 openssl x509 -req -days 18250  -in device_key.pem.csr -extfile v3.ext -CA root_cert.pem -CAkey root_key.pem -set_serial 01 -out device_cert.pem -sha256
@@ -114,12 +114,12 @@ If the checks succeed, you are ready to program the device attestation key and c
 
 ### Programming an attestation key and certificate
 
-First, [Build your solo application and bootloader](/solo/building).
+First, [Build your solo application and bootloader](/building).
 
 Print your attestation key in a hex string format.  Using our utility script:
 
 ```
-python tools/print_x_y.py device_key.pem
+python3 tools/gencert/print_x_y.py device_key.pem
 ```
 
 Merge the `bootloader.hex`, `solo.hex`, attestion key, and certificate into one firmware file.
@@ -134,7 +134,9 @@ solo mergehex  \
     bundle.hex
 ```
 
+**Warning**: Using the `--lock` flag prevents the DFU from being accessed on the device again.  It's recommended to try first without the `--lock` flag to make sure it works.
+
 Now you have a newly created `bundle.hex` file with a custom attestation key and cert.  You can [program this `bundle.hex` file
-with Solo in DFU mode](/solo/programming#procedure).
+with Solo in DFU mode](/programming#procedure).
 
 Are you interested in customizing in bulk?  Contact hello@solokeys.com and we can help.

docs/nucleo32-board.md

@@ -64,7 +64,7 @@ In that case the mentioned patch would not be required.
 
 Environment: Fedora 29 x64, Linux 4.19.9
 
-See <https://docs.solokeys.io/solo/building/> for the original guide. Here details not included there will be covered.
+See <https://docs.solokeys.dev/building/> for the original guide. Here details not included there will be covered.
 
 ### Install ARM tools Linux
 
@@ -102,7 +102,7 @@ export PATH="/Applications/STMicroelectronics/STM32Cube/STM32CubeProgrammer/STM3
 
 ### Building
 
-Please follow <https://docs.solokeys.io/solo/building/>, as the build way changes rapidly.
+Please follow <https://docs.solokeys.dev/building/>, as the build way changes rapidly.
 Currently (8.1.19) to build the firmware, following lines should be executed
 
 ```bash

docs/programming.md

@@ -13,7 +13,7 @@ pip3 install solo-python
 ## Updating the firmware
 
 If you just want to update the firmware, you can run one of the following commands.
-Make sure your key [is in bootloader mode](/solo/bootloader-mode#solo-bootloader) first.
+Make sure your key [is in bootloader mode](/bootloader-mode#solo-bootloader) first.
 
 ```bash
 solo key update <--secure | --hacker>
@@ -26,19 +26,23 @@ solo program bootloader <firmware.hex | firmware.json>
 ```
 
 Note you won't be able to use `all.hex` or the `bundle-*.hex` builds, as these include the solo bootloader.  You shouldn't
-risk changing the Solo bootloader unless you want to make it a secure device, or [make other customizations](/solo/customization/).
+risk changing the Solo bootloader unless you want to make it a secure device, or [make other customizations](/customization/).
 
 ## Updating a Hacker to a Secure Solo
 
-Updating a hacker to be a secure build overwrites the [Solo bootloader](/solo/bootloader-mode#solo-bootloader).
+Updating a hacker to be a secure build overwrites the [Solo bootloader](/bootloader-mode#solo-bootloader).
 So it's important to not mess this up or you may brick your device.
 
 You can use a firmware build from the [latest release](https://github.com/solokeys/solo/releases) or use
 a build that you made yourself.
 
-You need to use a firmware file that has the combined bootloader and application (or at the very least just the bootloader).
-This means using the `bundle-*.hex` file or the `bundle.hex` from your build.  If you overwrite the Solo flash with a missing bootloader,
-it will be bricked.
+You need to use a firmware file that has the combined bootloader, application, and attestation key pair (bootloader + firmware + key).
+This means using the `bundle-*.hex` file or the `bundle.hex` from your build.
+
+#### *Warning*
+
+* **Any DFU update erases everything! If you overwrite the Solo flash with a missing bootloader, it will be bricked.**
+* **If you program bootloader and firmware with no attestation, you will run into FIDO registration issues.**
 
 We provide two types of bundled builds.  The `bundle-hacker-*.hex` build is the hacker build.  If you update with this,
 you will update the bootloader and application, but nothing will be secured.  The `bundle-secure-non-solokeys.hex`

docs/repo-readme.md

@@ -0,0 +1 @@
+../README.md

docs/solo/repo-readme.md

@@ -1 +0,0 @@
-../../README.md

docs/tutorial-getting-started.md

@@ -0,0 +1,219 @@
+# Tutorial: Getting started with the solo hacker
+
+This is small guide to let you get started with the solo hacker key. In the end you will have set up everything you need and changed the LED from green to red.
+
+## Some additional ressources
+
+This tutorial will take you through all the necessary steps needed to install and get the solo key running. Before we start, I will just list you additional ressources, which might have important information for you:
+
+* [The git repository](https://github.com/solokeys/solo): Here you will find all the code and a quick readme.
+* [The Documenation](https://docs.solokeys.io/solo/building/): The official documentation. Especially the [build instructions](https://docs.solokeys.io/solo/building/) are worth a look, if you got stuck.
+
+## Getting the prerequisites
+
+There are two main tools you will need to work on your solo hacker:
+
+* ARM Compiler tool chain
+* Solo python tool
+
+The ARM Compiler is used to compile your C-code to a hex file, which can then be deployed onto your solo hacker. The solo tool helps with deploying, updating etc. of the solo hacker. It is a python3 tool. So make sure, that you got Python3 installed on your system \([pip](https://pip.pypa.io/en/stable/) might also come in handy\).  
+  
+Besides that, you will also need to get the [solo code](https://github.com/solokeys/solo).
+
+### Get the code
+
+The codebase for the solo hacker and other solo keys, can be found at this [git repository](https://github.com/solokeys/solo). So just clone this into your development folder. Make sure, that all the submodules are loaded by using the following command. I forgot to get all the submoules at my first try and the make command failed \(I got an error message telling me, that no solo.elf target can be found\).
+
+```bash
+git clone --recurse-submodules https://github.com/solokeys/solo
+```
+
+### Getting the ARM Compiler tool chain
+
+Download the Compiler tool chain for your system [here](https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads). After you have downloaded it, you will have to unzip it and add the path to the installation folder.   
+  
+**Readme**  
+There is a readme.txt __ in _gcc-arm-none-eabi-x-yyyy-dd-major/share/doc/gcc-arm-none-eabi_. It contains installation guides for Linux, Windows and Mac.   
+  
+**Installation**  
+As I used Mac, I will guide you through the installation using MacOS. If you have unpacked the folder already, you can skip the first step.
+
+```bash
+#Unzip the tarball
+cd $install_dir && tar xjf gcc-arm-none-eabi-*-yyyymmdd-mac.tar.bz2
+
+#Set path
+export PATH=$PATH:$install_dir/gcc-arm-none-eabi-*/bin
+
+#Test if it works
+arm-none-eabi-gcc
+```
+
+If everything worked your output should like this:
+
+```bash
+arm-none-eabi-gcc: fatal error: no input files
+compilation terminated.
+```
+
+### Getting the solo tool
+
+There are several ways, which are listed at the [build instructions](https://docs.solokeys.io/solo/building/). If you are familiar with pip, just use this.
+
+```bash
+pip install solo-python
+
+#Or
+pip3 install solo-python
+```
+
+**Install all other requirements**
+
+To do this either do it in the virtual env or directly on your machine. The requirements can be found in the source folder in requirements.txt.
+
+```bash
+#Move to source folder
+cd solo
+
+#Install requirements, use pip3 otherwise
+pip install -r solo/tools/requirements.txt
+```
+
+## Let's get a red light blinking
+
+You will find the code for the key in _/solo/targets/stm32l432_ \(The target might have another id for you, so just use that id\). The LED colors can be found in [_/solo/targets/stm32l432 /src/app.h_](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/app.h)_._ To change the color we will just have to change the hex-value. Out of the box it should look like this:
+
+```c
+//                          0xRRGGBB
+#define LED_INIT_VALUE          0x000800
+#define LED_WINK_VALUE          0x000010
+#define LED_MAX_SCALER          15
+#define LED_MIN_SCALER          1
+```
+
+_LED\_INIT\_VALUE_ is the color, that the LED shows whenever it is plugged in. It normally is a green light. So let's change it to red:
+
+```c
+//                          0xRRGGBB
+#define LED_INIT_VALUE          0xFF0800
+#define LED_WINK_VALUE          0x000010
+#define LED_MAX_SCALER          15
+#define LED_MIN_SCALER          1
+```
+
+_LED\_WINK\_VALUE_ is the color, which is shown, whenever the bottom is pressed. It normally is a blue tone, but let's change it to a yellow:
+
+```c
+//                          0xRRGGBB
+#define LED_INIT_VALUE          0xFF0800
+#define LED_WINK_VALUE          0xFFFF00
+#define LED_MAX_SCALER          15
+#define LED_MIN_SCALER          1
+```
+
+Save the file and then let's try to get the code onto the stick.
+
+## Move code to solo hacker
+
+First we have to build cbor. To do this change into the target folder and use the corresponding command.
+
+```bash
+#Change into correct directory
+cd solo/targets/stm32l432/
+
+#Make cbor
+make cbor
+```
+
+You should also make sure to check, that your key has the newest solo firmware installed. To check the firmware on the device, use this command:
+
+```bash
+solo key version
+```
+
+To update to the newest version, use this command:
+
+```bash
+solo key version
+```
+
+**Note:** Sometimes the connection between Mac and key seemed to be broken and you might get an error stating: _No solo found_. Just unplug the key and plug it back in.
+
+### General deployment cycle
+
+In general we will always have to go through these steps:
+
+* Compile code and generate new firmware
+* Change device into bootloader mode
+* Deploy code to device
+
+#### Compile code
+
+To compile the code, we will again have to change into our target directory:
+
+```bash
+#Change into correct directory
+cd solo/targets/stm32l432/
+```
+
+It is important to choose the correct build target. Most explanations focus on the build of the firmware and use:
+
+```bash
+make firmware
+```
+
+As we are using the solo hacker, we will need to use:
+
+```bash
+make build-hacker
+```
+
+This will generate a file _solo.hex_, which has the compiled code on it. If you later need to change the bootloader itself, please refer to [the documentation](https://docs.solokeys.io/solo/building/).
+
+#### Deploy code
+
+To deploy the code make sure you are back at the source root. 
+
+```bash
+cd ../..
+```
+
+First we will have to change into bootload modus:
+
+```bash
+solo program aux enter-bootloader
+```
+
+This is needed to be able to load the new firmware on the device. If we forget this step, the solo tool will do it for us in the next step.
+
+This is the moment of truth. We delete the old firmware and deploy the new one with the changed LED lights to the solo key. For this step we will also stay in the source root.
+
+```bash
+solo program bootloader targets/stm32l432/solo.hex
+```
+
+If there is another hex-File, that you want to load, you can just exchange the last argument.  
+  
+And that's it, now your LED should be red.  
+  
+To summarize, here are again the steps to update your solo:
+
+1. Change code
+2. Run these commands
+
+```bash
+#Change into correct directory
+cd solo/targets/stm32l432/
+
+#Compile code
+make build-hacker
+
+#Change to root
+cd ../..
+
+#Enter bootload mode
+solo program aux enter-bootloader
+
+#Deploy code
+solo program bootloader targets/stm32l432/solo.hex
+```

docs/tutorial-writing-extensions.md

@@ -0,0 +1,205 @@
+# Tutorial: Writing an extension for the solo stick
+A short overview about, where and how you should implement your extension into the solo stick code base. In this tutorial we will add a small extension, that will engage in a "ping"-"pong" exchange.
+
+## Make it visible
+We need to make it visible, that the key now supports a new extension.
+This is done in the function _ctap_get_info_ in [ctap.c](https://github.com/solokeys/solo/blob/master/fido2/ctap.c). This function creates a map with all the information about the solo key. You should therefore add your extension identifier here, too.
+```c
+uint8_t ctap_get_info(CborEncoder * encoder){
+//[...]
+    ret = cbor_encode_uint(&map, RESP_extensions);
+    check_ret(ret);
+    {
+        ret = cbor_encoder_create_array(&map, &array, 3);
+        check_ret(ret);
+        {
+            ret = cbor_encode_text_stringz(&array, "hmac-secret");
+            check_ret(ret);
+
+            ret = cbor_encode_text_stringz(&array, "credProtect");
+            check_ret(ret);
+
+            //Add it here
+        }
+        ret = cbor_encoder_close_container(&map, &array);
+        check_ret(ret);
+    }
+//[...]
+}
+```
+After you have added your identifier it should look similiar to this:
+```c
+uint8_t ctap_get_info(CborEncoder * encoder){
+//[...]
+    ret = cbor_encode_uint(&map, RESP_extensions);
+    check_ret(ret);
+    {
+        ret = cbor_encoder_create_array(&map, &array, 3); //This number should reflect the number of supported extensions
+        check_ret(ret);
+        {
+            ret = cbor_encode_text_stringz(&array, "hmac-secret");
+            check_ret(ret);
+
+            ret = cbor_encode_text_stringz(&array, "credProtect");
+            check_ret(ret);
+
+            //Add it here
+            ret = cbor_encode_text_stringz(&array, "ping-pong");
+            check_ret(ret);
+        }
+        ret = cbor_encoder_close_container(&map, &array);
+        check_ret(ret);
+    }
+//[...]
+}
+
+```
+Important: make sure to change the size of the created array to the correct number of elements.
+
+## Let's get our extension parsed
+As with all incoming messages, the extension has to be parsed and depending on the incoming message the reply has to be constructed. For this the function _ctap_parse_extensions_ in [ctap_parse.c](https://github.com/solokeys/solo/blob/master/fido2/ctap_parse.c) is used.
+In this function the extension identifier is checked. So, if we want to add our ping-pong extension, we need to compare the incoming identifier to our identifier "ping-pong".
+```c
+uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext){
+//[...]
+
+                if (strncmp(key, "hmac-secret",11) == 0){
+                    //[...]
+                }else if (strncmp(key, "credProtect",11) == 0) {
+                    //[...]
+                else if (strncmp(key, "ping-pong",9) == 0) {
+                    //Logic should be placed here
+                }
+//[...]
+}
+```
+What happens then, depends on your extension. You should make sure, to check incoming values for correctness, though. As hmac-secret and credProtect are already implemented, you could have a look at their implementations for a kind of guideline.
+At this stage we can use the extension struct, which can be found in [ctap.h](https://github.com/solokeys/solo/blob/master/fido2/ctap.h). 
+```c
+typedef struct
+{
+    uint8_t hmac_secret_present;
+    CTAP_hmac_secret hmac_secret;
+
+    uint32_t cred_protect;
+} CTAP_extensions;
+```
+This struct already contains important values for the other extensions, so we are going to add two for our extension. The first "ping_pong_present" should indicate if the key received a message with a ping-pong extension. The response should then contain the correct response.
+```c
+typedef struct
+{
+    uint8_t hmac_secret_present;
+    CTAP_hmac_secret hmac_secret;
+
+    uint32_t cred_protect;
+
+    uint8_t ping_pong_present;
+    char  ping_pong_response[4];
+} CTAP_extensions;
+```
+Now we have to parse our message accordingly.
+```c
+uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext){
+//[...]
+
+                if (strncmp(key, "hmac-secret",11) == 0){
+                    //[...]
+                }else if (strncmp(key, "credProtect",11) == 0) {
+                    //[...]
+                else if (strncmp(key, "ping-pong",9) == 0) {
+                    if (cbor_value_get_type(&map) == CborTextStringType)
+                    {   
+                        //Cop incoming message
+                        uint8_t txt[5];
+                        sz = sizeof(txt);
+                        ret = cbor_value_copy_text_string(&map, (char *)txt, &sz, NULL);
+                        check_ret(ret);
+
+                        if(strcmp((const char*)txt, "ping") == 0) {
+                                ext->ping_pong_present = 0x01;
+                                strcpy((char *)ext->ping_pong_response, "pong");
+                        }else if(strcmp((const char*)txt, "pong") == 0) {
+                                ext->ping_pong_present = 0x01;
+                                strcpy((char *)ext->ping_pong_response, "ping");
+                        }else{
+                            printf2(TAG_ERR, "Wrong parameter requested. Got %s.\r\n", txt);
+                            return CTAP2_ERR_INVALID_OPTION;
+                        }
+                    }else{
+                        printf1(TAG_RED, "warning: ping-pong request ignored for being wrong type\r\n");
+                    }
+                }
+//[...]
+}
+```
+Here we are doing the following:
+1. Check if we got a message with either "ping" or "pong" 
+2. Set the correct value, to note, that we received a message using the ping-pong extension
+3. Set the correct response ("pong" for "ping" and vice versa)
+
+
+## Create a reply
+Now, that we have parsed the correct message, we have to construct the correct reply. That is done in the function _ctap_make_extensions_ in [ctap.c](https://github.com/solokeys/solo/blob/master/fido2/ctap.c). We will use the before filled _CTAP_extensions_ in here.
+We have to do two things here: 
+1. Check, if a message using the ping-pong extension
+2. Set the correct response according to our parsed incoming message
+```c
+static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf, unsigned int * ext_encoder_buf_size){
+    //[...]
+   
+    if (ext->hmac_secret_present == EXT_HMAC_SECRET_PARSED)
+    {
+        //[...]
+    }
+    else if (ext->hmac_secret_present == EXT_HMAC_SECRET_REQUESTED)
+    {
+        //[...]
+    }
+    if (ext->cred_protect != EXT_CRED_PROTECT_INVALID) {
+        //[...]
+    }
+
+    if(ext->ping_pong_present){
+        extensions_used += 1;
+        ping_pong_is_valid = 1;
+    }
+
+    if (extensions_used > 0)
+    {
+        //[...]
+            if (hmac_secret_output_is_valid) {
+                {
+                    //[...]
+                }
+            }
+            if (hmac_secret_requested_is_valid) {
+                {   
+                    //[...]
+                }
+            }
+            if (cred_protect_is_valid) {
+                {   
+                    //[...]
+                }
+            }
+             if (ping_pong_is_valid) {
+                {   
+                    ret = cbor_encode_text_stringz(&extension_output_map, "ping-pong");
+                    check_ret(ret);
+
+                    //Set the response message
+                    ret = cbor_encode_text_stringz(&extension_output_map, (const char*)ext->ping_pong_response);
+                    check_ret(ret);
+                }
+            }
+        //[...]
+    }
+    //[...]
+}
+```
+
+## Recap
+To create a new extension, you would have to take the following three steps:
+- Make sure, that the new extension will be made visible through a call of get_info
+- Parse incoming messages correctly
+- Construct the correct reply

docs/udev.md

@@ -4,17 +4,12 @@ On Linux, by default USB dongles can't be accessed by users, for security reason
 
 For some users, things will work automatically:
 
+  - Recent Linux distributions (such as Ubuntu Focal, Fedora 32, [Arch Linux](https://wiki.archlinux.org/index.php/Solo)) with systemd 244 or higher automatically detect FIDO devices (check with `systemctl --version`)
   - Fedora seems to use a ["universal" udev rule for FIDO devices](https://github.com/amluto/u2f-hidraw-policy)
   - Our udev rule made it into [libu2f-host](https://github.com/Yubico/libu2f-host/) v1.1.10
-  - Arch Linux [has this package](https://www.archlinux.org/packages/community/x86_64/libu2f-host/)
   - [Debian sid](https://packages.debian.org/sid/libu2f-udev) and [Ubuntu Eon](https://packages.ubuntu.com/eoan/libu2f-udev) can use the `libu2f-udev` package
-  - Debian Buster and Ubuntu Disco still distribute v1.1.10, so need the manual rule
   - FreeBSD has support in [u2f-devd](https://github.com/solokeys/solo/issues/144#issuecomment-500216020)
 
-There is hope that `udev` itself will adopt the Fedora approach (which is to check for HID usage page `F1D0`, and avoids manually whitelisting each U2F/FIDO2 key): <https://github.com/systemd/systemd/issues/11996>.
-
-Further progress is tracked in: <https://github.com/solokeys/solo/issues/144>.
-
 If you still need to setup a rule, a simple way to do it is:
 
 ```

fido2/ctap.h

@@ -16,12 +16,11 @@
 #define CTAP_CLIENT_PIN             0x06
 #define CTAP_RESET                  0x07
 #define GET_NEXT_ASSERTION          0x08
+#define CTAP_CBOR_CRED_MGMT         0x0A
 #define CTAP_VENDOR_FIRST           0x40
+#define CTAP_CBOR_CRED_MGMT_PRE     0x41
 #define CTAP_VENDOR_LAST            0xBF
 
-// AAGUID For Solo
-#define CTAP_AAGUID                 ((uint8_t*)"\x88\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79")
-
 #define MC_clientDataHash         0x01
 #define MC_rp                     0x02
 #define MC_user                   0x03
@@ -40,6 +39,19 @@
 #define GA_pinAuth                0x06
 #define GA_pinProtocol            0x07
 
+#define CM_cmd                    0x01
+    #define CM_cmdMetadata        0x01
+    #define CM_cmdRPBegin         0x02
+    #define CM_cmdRPNext          0x03
+    #define CM_cmdRKBegin         0x04
+    #define CM_cmdRKNext          0x05
+    #define CM_cmdRKDelete        0x06
+#define CM_subCommandParams       0x02
+    #define CM_subCommandRpId     0x01
+    #define CM_subCommandCred     0x02
+#define CM_pinProtocol            0x03
+#define CM_pinAuth                0x04
+
 #define CP_pinProtocol            0x01
 #define CP_subCommand             0x02
     #define CP_cmdGetRetries      0x01
@@ -61,6 +73,11 @@
 #define EXT_HMAC_SECRET_REQUESTED   0x01
 #define EXT_HMAC_SECRET_PARSED      0x02
 
+#define EXT_CRED_PROTECT_INVALID                0x00
+#define EXT_CRED_PROTECT_OPTIONAL               0x01
+#define EXT_CRED_PROTECT_OPTIONAL_WITH_CREDID   0x02
+#define EXT_CRED_PROTECT_REQUIRED               0x03
+
 #define RESP_versions               0x1
 #define RESP_extensions             0x2
 #define RESP_aaguid                 0x3
@@ -144,16 +161,29 @@ typedef struct
 
 typedef struct {
     uint8_t tag[CREDENTIAL_TAG_SIZE];
-    uint8_t nonce[CREDENTIAL_NONCE_SIZE];
+    union {
+        uint8_t nonce[CREDENTIAL_NONCE_SIZE];
+        struct {
+            uint8_t _pad[CREDENTIAL_NONCE_SIZE - 4];
+            uint32_t value;
+        }__attribute__((packed)) metadata;
+    }__attribute__((packed)) entropy;
     uint8_t rpIdHash[32];
     uint32_t count;
 }__attribute__((packed)) CredentialId;
 
-struct Credential {
+struct  __attribute__((packed)) Credential {
     CredentialId id;
     CTAP_userEntity user;
 };
-typedef struct Credential CTAP_residentKey;
+typedef struct {
+    CredentialId id;
+    CTAP_userEntity user;
+
+    // Maximum amount of "extra" space in resident key.
+    uint8_t rpId[48];
+    uint8_t rpIdSize;
+} __attribute__((packed)) CTAP_residentKey;
 
 typedef struct
 {
@@ -220,6 +250,7 @@ typedef struct
 {
     uint8_t hmac_secret_present;
     CTAP_hmac_secret hmac_secret;
+    uint32_t cred_protect;
 } CTAP_extensions;
 
 typedef struct
@@ -288,6 +319,26 @@ typedef struct
 
 } CTAP_getAssertion;
 
+typedef struct
+{
+    int cmd;
+    struct {
+        uint8_t rpIdHash[32];
+        CTAP_credentialDescriptor credentialDescriptor;
+    } subCommandParams;
+
+    struct {
+        uint8_t cmd;
+        uint8_t subCommandParamsCborCopy[sizeof(CTAP_credentialDescriptor) + 16];
+    } hashed;
+    uint32_t subCommandParamsCborSize;
+
+    uint8_t pinAuth[16];
+    uint8_t pinAuthPresent;
+    int pinProtocol;
+} CTAP_credMgmt;
+
+
 typedef struct
 {
     int pinProtocol;
@@ -306,7 +357,12 @@ typedef struct
 
 
 struct _getAssertionState {
-    CTAP_authDataHeader authData;
+    // Room for both authData struct and extensions
+    struct {
+        CTAP_authDataHeader authData;
+        uint8_t extensions[80];
+    } __attribute__((packed)) buf;
+    CTAP_extensions extensions;
     uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
     CTAP_credentialDescriptor creds[ALLOW_LIST_MAX_SIZE];
     uint8_t lastcmd;

fido2/ctap_parse.c

@@ -666,8 +666,8 @@ uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
         if (ret == CborErrorOutOfMemory)
         {
             printf2(TAG_ERR,"Error, rp map key is too large. Ignoring.\n");
-            cbor_value_advance(&map);
-            cbor_value_advance(&map);
+            check_ret( cbor_value_advance(&map) );
+            check_ret( cbor_value_advance(&map) );
             continue;
         }
         check_ret(ret);
@@ -698,6 +698,14 @@ uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
                 printf1(TAG_RED, "warning: hmac_secret request ignored for being wrong type\r\n");
             }
         }
+        else if (strncmp(key, "credProtect",11) == 0) {
+            if (cbor_value_get_type(&map) == CborIntegerType) {
+                ret = cbor_value_get_int(&map, (int*)&ext->cred_protect);
+                check_ret(ret);
+            } else {
+                printf1(TAG_RED, "warning: credProtect request ignored for being wrong type\r\n");
+            }
+        }
 
         ret = cbor_value_advance(&map);
         check_ret(ret);
@@ -871,7 +879,7 @@ uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encod
         {
             return ret;
         }
-        cbor_value_advance(&map);
+        ret = cbor_value_advance(&map);
         check_ret(ret);
     }
 
@@ -999,6 +1007,163 @@ uint8_t parse_allow_list(CTAP_getAssertion * GA, CborValue * it)
     return 0;
 }
 
+static uint8_t parse_cred_mgmt_subcommandparams(CborValue * val, CTAP_credMgmt * CM)
+{
+    size_t map_length;
+    int key;
+    int ret;
+    unsigned int i;
+    CborValue map;
+    size_t sz = 32;
+
+    if (cbor_value_get_type(val) != CborMapType)
+    {
+        printf2(TAG_ERR,"error, wrong type\n");
+        return CTAP2_ERR_INVALID_CBOR_TYPE;
+    }
+
+
+    ret = cbor_value_enter_container(val,&map);
+    check_ret(ret);
+    
+    const uint8_t * start_byte = cbor_value_get_next_byte(&map) - 1;
+
+    ret = cbor_value_get_map_length(val, &map_length);
+    check_ret(ret);
+
+    for (i = 0; i < map_length; i++)
+    {
+        if (cbor_value_get_type(&map) != CborIntegerType)
+        {
+            printf2(TAG_ERR,"Error, expecting integer type for map key, got %s\n", cbor_value_get_type_string(&map));
+            return CTAP2_ERR_INVALID_CBOR_TYPE;
+        }
+        ret = cbor_value_get_int(&map, &key);
+        check_ret(ret);
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+        switch(key)
+        {
+            case CM_subCommandRpId:
+                ret = cbor_value_copy_byte_string(&map, CM->subCommandParams.rpIdHash, &sz, NULL);
+                if (ret == CborErrorOutOfMemory)
+                {
+                    printf2(TAG_ERR,"Error, map key is too large\n");
+                    return CTAP2_ERR_LIMIT_EXCEEDED;
+                }
+                check_ret(ret);
+                break;
+            case CM_subCommandCred:
+                ret = parse_credential_descriptor(&map, &CM->subCommandParams.credentialDescriptor);
+                check_ret(ret);;
+                break;
+        }
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+    }
+
+    const uint8_t * end_byte = cbor_value_get_next_byte(&map);
+
+    uint32_t length = (uint32_t)end_byte - (uint32_t)start_byte;
+    if (length > sizeof(CM->hashed.subCommandParamsCborCopy))
+    {
+        return CTAP2_ERR_LIMIT_EXCEEDED;
+    }
+    // Copy the details that were hashed so they can be verified later.
+    memmove(CM->hashed.subCommandParamsCborCopy, start_byte, length);
+    CM->subCommandParamsCborSize = length;
+
+    return 0;
+}
+
+uint8_t ctap_parse_cred_mgmt(CTAP_credMgmt * CM, uint8_t * request, int length)
+{
+    int ret;
+    unsigned int i;
+    int key;
+    size_t map_length;
+    CborParser parser;
+    CborValue it,map;
+
+    memset(CM, 0, sizeof(CTAP_credMgmt));
+    ret = cbor_parser_init(request, length, CborValidateCanonicalFormat, &parser, &it);
+    check_ret(ret);
+
+    CborType type = cbor_value_get_type(&it);
+    if (type != CborMapType)
+    {
+        printf2(TAG_ERR,"Error, expecting cbor map\n");
+        return CTAP2_ERR_INVALID_CBOR_TYPE;
+    }
+
+
+    ret = cbor_value_enter_container(&it,&map);
+    check_ret(ret);
+
+    ret = cbor_value_get_map_length(&it, &map_length);
+    check_ret(ret);
+
+    printf1(TAG_PARSE, "CM map has %d elements\n", map_length);
+
+    for (i = 0; i < map_length; i++)
+    {
+        type = cbor_value_get_type(&map);
+        if (type != CborIntegerType)
+        {
+            printf2(TAG_ERR,"Error, expecting int for map key\n");
+            return CTAP2_ERR_INVALID_CBOR_TYPE;
+        }
+        ret = cbor_value_get_int_checked(&map, &key);
+        check_ret(ret);
+
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+
+        switch(key)
+        {
+            case CM_cmd:
+                printf1(TAG_PARSE, "CM_cmd\n");
+                if (cbor_value_get_type(&map) == CborIntegerType)
+                {
+                    ret = cbor_value_get_int_checked(&map, &CM->cmd);
+                    check_ret(ret);
+                    CM->hashed.cmd = CM->cmd;
+                }
+                else
+                {
+                    return CTAP2_ERR_INVALID_CBOR_TYPE;
+                }
+                break;
+            case CM_subCommandParams:
+                printf1(TAG_PARSE, "CM_subCommandParams\n");
+                ret = parse_cred_mgmt_subcommandparams(&map, CM);
+                check_ret(ret);
+                break;
+            case CM_pinProtocol:
+                printf1(TAG_PARSE, "CM_pinProtocol\n");
+                if (cbor_value_get_type(&map) == CborIntegerType)
+                {
+                    ret = cbor_value_get_int_checked(&map, &CM->pinProtocol);
+                    check_ret(ret);
+                }
+                else
+                {
+                    return CTAP2_ERR_INVALID_CBOR_TYPE;
+                }
+                break;
+            case CM_pinAuth:
+                printf1(TAG_PARSE, "CM_pinAuth\n");
+                ret = parse_fixed_byte_string(&map, CM->pinAuth, 16);
+                check_retr(ret);
+                CM->pinAuthPresent = 1;
+                break;
+        }
+        ret = cbor_value_advance(&map);
+        check_ret(ret);
+    }
+
+    return 0;
+}
 
 uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length)
 {
@@ -1132,7 +1297,7 @@ uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int
             return ret;
         }
 
-        cbor_value_advance(&map);
+        ret = cbor_value_advance(&map);
         check_ret(ret);
     }
 
@@ -1353,11 +1518,21 @@ uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length
                 break;
             case CP_getKeyAgreement:
                 printf1(TAG_CP,"CP_getKeyAgreement\n");
+                if (cbor_value_get_type(&map) != CborBooleanType)
+                {
+                    printf2(TAG_ERR,"Error, expecting cbor boolean\n");
+                    return CTAP2_ERR_INVALID_CBOR_TYPE;
+                }
                 ret = cbor_value_get_boolean(&map, &CP->getKeyAgreement);
                 check_ret(ret);
                 break;
             case CP_getRetries:
                 printf1(TAG_CP,"CP_getRetries\n");
+                if (cbor_value_get_type(&map) != CborBooleanType)
+                {
+                    printf2(TAG_ERR,"Error, expecting cbor boolean\n");
+                    return CTAP2_ERR_INVALID_CBOR_TYPE;
+                }
                 ret = cbor_value_get_boolean(&map, &CP->getRetries);
                 check_ret(ret);
                 break;

fido2/ctap_parse.h

@@ -35,6 +35,7 @@ uint8_t parse_cose_key(CborValue * it, COSE_key * cose);
 
 uint8_t ctap_parse_make_credential(CTAP_makeCredential * MC, CborEncoder * encoder, uint8_t * request, int length);
 uint8_t ctap_parse_get_assertion(CTAP_getAssertion * GA, uint8_t * request, int length);
+uint8_t ctap_parse_cred_mgmt(CTAP_credMgmt * CM, uint8_t * request, int length);
 uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length);
 uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor * cred);
 

fido2/ctaphid.c

@@ -542,6 +542,9 @@ extern void _check_ret(CborError ret, int line, const char * filename);
 
 uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb);
 
+
+extern void solo_lock_if_not_already();
+
 uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
 {
     uint8_t cmd = 0;
@@ -635,6 +638,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
             status = ctap_request(ctap_buffer, len, &ctap_resp);
 
             wb.bcnt = (ctap_resp.length+1);
+            wb.cid = cid;
+            wb.cmd = cmd;
+
 
 
             timestamp();
@@ -665,6 +671,9 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
             u2f_request((struct u2f_request_apdu*)ctap_buffer, &ctap_resp);
 
             wb.bcnt = (ctap_resp.length);
+            wb.cid = cid;
+            wb.cmd = cmd;
+
 
             ctaphid_write(&wb, ctap_resp.data, ctap_resp.length);
             ctaphid_write(&wb, NULL, 0);
@@ -725,6 +734,11 @@ uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE
             ctaphid_write(wb, NULL, 0);
             return 1;
 #endif
+#if defined(SOLO)
+        case CTAPHID_REBOOT:
+            device_reboot();
+            return 1;
+#endif
 
 #if !defined(IS_BOOTLOADER)
         case CTAPHID_GETRNG:
@@ -756,34 +770,51 @@ uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE
             return 1;
         break;
 
+        // Remove on next release
+#if !defined(IS_BOOTLOADER) && defined(SOLO)
+        case 0x99:
+            solo_lock_if_not_already();
+            wb->bcnt = 0;
+            ctaphid_write(wb, NULL, 0);
+            return 1;
+        break;
+#endif
+
 #if !defined(IS_BOOTLOADER) && (defined(SOLO_EXPERIMENTAL))
         case CTAPHID_LOADKEY:
             /**
              * Load external key.  Useful for enabling backups.
-             * bytes:            4                   96
-             * payload: | counter_increase (BE) | master_key |
+             * bytes:                   4                     4                      96
+             * payload:  version [maj rev patch RFU]| counter_replacement (BE) | master_key |
              * 
              * Counter should be increased by a large amount, e.g. (0x10000000)
              * to outdo any previously lost/broken keys.
             */
             printf1(TAG_HID,"CTAPHID_LOADKEY\n");
-            if (len != 100)
+            if (len != 104)
             {
                 printf2(TAG_ERR,"Error, invalid length.\n");
                 ctaphid_send_error(wb->cid, CTAP1_ERR_INVALID_LENGTH);
                 return 1;
             }
+            param = ctap_buffer[0] << 16;
+            param |= ctap_buffer[1] << 8;
+            param |= ctap_buffer[2] << 0;
+            if (param != 0){
+                ctaphid_send_error(wb->cid, CTAP2_ERR_UNSUPPORTED_OPTION);
+                return 1;
+            }
 
             // Ask for THREE button presses
             if (ctap_user_presence_test(8000) > 0)
-                if (ctap_user_presence_test(8000) > 0)
-                    if (ctap_user_presence_test(8000) > 0)
+                if (ctap_user_presence_test(2000) > 0)
+                    if (ctap_user_presence_test(2000) > 0)
                     {
-                        ctap_load_external_keys(ctap_buffer + 4);
-                        param = ctap_buffer[3];
-                        param |= ctap_buffer[2] << 8;
-                        param |= ctap_buffer[1] << 16;
-                        param |= ctap_buffer[0] << 24;
+                        ctap_load_external_keys(ctap_buffer + 8);
+                        param = ctap_buffer[7];
+                        param |= ctap_buffer[6] << 8;
+                        param |= ctap_buffer[5] << 16;
+                        param |= ctap_buffer[4] << 24;
                         ctap_atomic_count(param);
 
                         wb->bcnt = 0;

fido2/ctaphid.h

@@ -27,6 +27,7 @@
 #define CTAPHID_BOOT            (TYPE_INIT | 0x50)
 #define CTAPHID_ENTERBOOT       (TYPE_INIT | 0x51)
 #define CTAPHID_ENTERSTBOOT     (TYPE_INIT | 0x52)
+#define CTAPHID_REBOOT          (TYPE_INIT | 0x53)
 #define CTAPHID_GETRNG          (TYPE_INIT | 0x60)
 #define CTAPHID_GETVERSION      (TYPE_INIT | 0x61)
 #define CTAPHID_LOADKEY         (TYPE_INIT | 0x62)

fido2/device.c

@@ -59,7 +59,10 @@ static uint8_t _attestation_cert_der[] =
 "\x06\xf1\xe3\xab\x16\x21\x8e\xd8\xc0\x14\xaf\x09\x4f\x5b\x73\xef\x5e\x9e\x4b\xe7"
 "\x35\xeb\xdd\x9b\x6d\x8f\x7d\xf3\xc4\x3a\xd7";
 
-__attribute__((weak)) const uint8_t * attestation_cert_der = _attestation_cert_der;
+
+__attribute__((weak)) void device_attestation_read_cert_der(uint8_t * dst){
+    memmove(dst, _attestation_cert_der, device_attestation_cert_der_get_size());
+}
 
 __attribute__((weak)) uint8_t * device_get_attestation_key(){
     static uint8_t attestation_key[] = 
@@ -182,6 +185,22 @@ __attribute__((weak)) void ctap_store_rk(int index, CTAP_residentKey * rk)
 
 }
 
+__attribute__((weak)) void ctap_delete_rk(int index)
+{
+    CTAP_residentKey rk;
+    memset(&rk, 0xff, sizeof(CTAP_residentKey));
+
+    if (index < RK_NUM)
+    {
+        memmove(RK_STORE.rks + index, &rk, sizeof(CTAP_residentKey));
+    }
+    else
+    {
+        printf1(TAG_ERR,"Out of bounds for delete_rk\r\n");
+    }
+
+}
+
 __attribute__((weak)) void ctap_load_rk(int index, CTAP_residentKey * rk)
 {
     memmove(rk, RK_STORE.rks + index, sizeof(CTAP_residentKey));
@@ -199,3 +218,8 @@ __attribute__((weak)) void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
     }
 }
 
+__attribute__((weak)) void device_read_aaguid(uint8_t * dst){
+    uint8_t * aaguid = (uint8_t *)"\x00\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79";
+    memmove(dst, aaguid, 16);
+}
+

fido2/device.h

@@ -140,6 +140,13 @@ uint32_t ctap_rk_size();
 */
 void ctap_store_rk(int index,CTAP_residentKey * rk);
 
+/** Delete a resident key from an index.
+ * @param index to delete resident key from.  Has no effect if no RK exists at index.
+ * 
+ * *Optional*, if not implemented, operates on non-persistant RK's.
+*/
+void ctap_delete_rk(int index);
+
 /** Read a resident key from an index into memory
  * @param index to read resident key from.
  * @param rk pointer to resident key structure to write into with RK.
@@ -199,13 +206,21 @@ int device_is_nfc();
 */
 uint8_t * device_get_attestation_key();
 
-/** Pointer to a ASN.1/DER encoded byte array of the attestation certificate.
+/** Read the device's attestation certificate into buffer @dst.
+ * @param dst the destination to write the certificate.
+ * 
+ * The size of the certificate can be retrieved using `device_attestation_cert_der_get_size()`.
 */
-extern const uint8_t * attestation_cert_der;
+void device_attestation_read_cert_der(uint8_t * dst);
 
 /** Returns the size in bytes of attestation_cert_der.
  * @return number of bytes in attestation_cert_der, not including any C string null byte.
 */
 uint16_t device_attestation_cert_der_get_size();
 
+/** Read the device's 16 byte AAGUID into a buffer.
+ * @param dst buffer to write 16 byte AAGUID into.
+ * */
+void device_read_aaguid(uint8_t * dst);
+
 #endif

fido2/log.c

@@ -51,6 +51,7 @@ struct logtag tagtable[] = {
     {TAG_NFC,"NFC"},
     {TAG_NFC_APDU, "NAPDU"},
     {TAG_CCID, "CCID"},
+    {TAG_CM, "CRED_MGMT"},
 };
 
 

fido2/log.h

@@ -48,6 +48,7 @@ typedef enum
     TAG_NFC      = (1 << 19),
     TAG_NFC_APDU = (1 << 20),
     TAG_CCID     = (1 << 21),
+    TAG_CM       = (1 << 22),
 
     TAG_NO_TAG   = (1UL << 30),
     TAG_FILENO   = (1UL << 31)

fido2/u2f.c

@@ -204,7 +204,7 @@ int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t key_handl
             printf1(TAG_U2F, "APPID does not match rpIdHash.\n");
             return 0;
         }
-        make_auth_tag(appid, cred->nonce, cred->count, tag);
+        make_auth_tag(appid, (uint8_t*)&cred->entropy, cred->count, tag);
 
         if (memcmp(cred->tag, tag, CREDENTIAL_TAG_SIZE) == 0){
             return 1;
@@ -299,7 +299,7 @@ static int16_t u2f_authenticate(struct u2f_authenticate_request * req, uint8_t c
 static int16_t u2f_register(struct u2f_register_request * req)
 {
     uint8_t i[] = {0x0,U2F_EC_FMT_UNCOMPRESSED};
-
+    uint8_t cert[1024];
     struct u2f_key_handle key_handle;
     uint8_t pubkey[64];
     uint8_t hash[32];
@@ -308,6 +308,11 @@ static int16_t u2f_register(struct u2f_register_request * req)
 
     const uint16_t attest_size = device_attestation_cert_der_get_size();
 
+    if (attest_size > sizeof(cert)){
+        printf2(TAG_ERR,"Certificate is too large for buffer\r\n");
+        return U2F_SW_INSUFFICIENT_MEMORY;
+    }
+
 	if ( ! ctap_user_presence_test(750))
 	{
 		return U2F_SW_CONDITIONS_NOT_SATISFIED;
@@ -341,7 +346,8 @@ static int16_t u2f_register(struct u2f_register_request * req)
     u2f_response_writeback(i,1);
     u2f_response_writeback((uint8_t*)&key_handle,U2F_KEY_HANDLE_SIZE);
 
-    u2f_response_writeback(attestation_cert_der,attest_size);
+    device_attestation_read_cert_der(cert);
+    u2f_response_writeback(cert,attest_size);
 
     dump_signature_der(sig);
 

fido2/version.c

@@ -1,12 +1,17 @@
 #include "version.h"
+#include "app.h"
 
+const version_t firmware_version 
+#ifdef SOLO
+__attribute__ ((section (".flag"))) __attribute__ ((__used__)) 
+#endif
+    =  {
+      .major = SOLO_VERSION_MAJ,
+      .minor = SOLO_VERSION_MIN,
+      .patch = SOLO_VERSION_PATCH,
+      .reserved = 0
+    };
 
-const version_t firmware_version __attribute__ ((section (".flag"))) __attribute__ ((__used__)) =  {
-  .major = SOLO_VERSION_MAJ,
-  .minor = SOLO_VERSION_MIN,
-  .patch = SOLO_VERSION_PATCH,
-  .reserved = 0
-};
 
 // from tinycbor, for a quick static_assert
 #include <compilersupport_p.h>

metadata/Solo-FIDO2-CTAP2-Authenticator.json

@@ -15,8 +15,7 @@
     "authenticationAlgorithm": 1,
     "publicKeyAlgAndEncoding": 260,
     "attestationTypes": [
-        15879,
-        15880
+        15879
     ],
     "userVerificationDetails": [
         [

mkdocs.yml

@@ -1,34 +1,36 @@
 site_name: Solo Technical Documentation
 site_author: SoloKeys
 site_description: 'Documentation for the SoloKeys solo software'
-site_url: 'https://docs.solokeys.io/solo/'
+site_url: 'https://docs.solokeys.dev/'
 repo_url: 'https://github.com/solokeys/solo'
 repo_name: 'solokeys/solo'
 copyright: 'Copyright © 2018 - 2019 SoloKeys'
 
 nav:
-    - Home: solo/index.md
-    - FIDO2 Implementation: solo/fido2-impl.md
-    - Metadata Statements: solo/metadata-statements.md
-    - Build instructions: solo/building.md
-    - Programming instructions: solo/programming.md
-    - Bootloader mode: solo/bootloader-mode.md
-    - Customization: solo/customization.md
-    - Solo Extras: solo/solo-extras.md
-    - Application Ideas: solo/application-ideas.md
-    - Running on Nucleo32 board: solo/nucleo32-board.md
-    - Signed update process: solo/signed-updates.md
-    - Usage and Porting guide: solo/porting.md
-    - Code documentation: solo/code-overview.md
-    - Contributing Code: solo/contributing.md
-    - Contributing Docs: solo/documenting.md
-    - udev Rules: solo/udev.md
-    - About: solo/repo-readme.md
+    - Home: index.md
+    - FIDO2 Implementation: fido2-impl.md
+    - Metadata Statements: metadata-statements.md
+    - Build instructions: building.md
+    - Programming instructions: programming.md
+    - Bootloader mode: bootloader-mode.md
+    - Customization: customization.md
+    - Solo Extras: solo-extras.md
+    - Application Ideas: application-ideas.md
+    - Running on Nucleo32 board: nucleo32-board.md
+    - Signed update process: signed-updates.md
+    - Usage and Porting guide: porting.md
+    - Tutorial – Getting Started: tutorial-getting-started.md
+    - Tutorial - Writing extensions: tutorial-writing-extensions.md
+    - Code documentation: code-overview.md
+    - Contributing Code: contributing.md
+    - Contributing Docs: documenting.md
+    - udev Rules: udev.md
+    - About: repo-readme.md
 
 theme:
   name: material
-  logo: 'solo/images/logo.svg'
-  favicon: 'solo/images/favicon.ico'
+  logo: 'images/logo.svg'
+  favicon: 'images/favicon.ico'
 
 markdown_extensions:
   - markdown_include.include

pc/device.c

@@ -449,6 +449,12 @@ void ctap_store_rk(int index, CTAP_residentKey * rk)
 
 }
 
+void ctap_delete_rk(int index)
+{
+    CTAP_residentKey rk;
+    memset(&rk, 0xff, sizeof(CTAP_residentKey));
+    memmove(RK_STORE.rks + index, &rk, sizeof(CTAP_residentKey));
+}
 
 void ctap_load_rk(int index, CTAP_residentKey * rk)
 {

shell.nix

@@ -0,0 +1,13 @@
+let
+  nixpkgs_tar = fetchTarball { url = "https://github.com/NixOS/nixpkgs/archive/20.03.tar.gz"; sha256 = "0182ys095dfx02vl2a20j1hz92dx3mfgz2a6fhn31bqlp1wa8hlq"; };
+  pkgs = import "${nixpkgs_tar}" {};
+  pyPackages = (python-packages: with python-packages; ([
+    solo-python pytest
+  ] ++ (with builtins; map (d: getAttr d python-packages) (filter (d: stringLength d > 0) (pkgs.lib.splitString "\n" (builtins.readFile ./tools/requirements.txt))))));
+  python-with-my-packages = pkgs.python3.withPackages pyPackages;
+in
+with pkgs;
+stdenv.mkDerivation {
+  name = "solo";
+  buildInputs = [ gnumake gcc gcc-arm-embedded-8 python-with-my-packages ];
+}

targets/stm32l432/README.md

@@ -1,4 +1,4 @@
 # STM32L432 Solo
 
-Check out our [official documentation](https://docs.solokeys.io/solo/building/)
+Check out our [official documentation](https://docs.solokeys.dev/building/)
 for instructions on building and programming!

targets/stm32l432/bootloader/bootloader.c

@@ -50,12 +50,15 @@ typedef struct {
     uint8_t payload[255 - 10];
 } __attribute__((packed)) BootloaderReq;
 
+uint8_t * last_written_app_address = 0;
+
 /**
  * Erase all application pages. **APPLICATION_END_PAGE excluded**.
  */
 static void erase_application()
 {
     int page;
+    last_written_app_address = (uint8_t*) 0;
     for(page = APPLICATION_START_PAGE; page < APPLICATION_END_PAGE; page++)
     {
         flash_erase_page(page);
@@ -106,17 +109,20 @@ int is_bootloader_disabled()
     uint32_t * auth = (uint32_t *)(AUTH_WORD_ADDR+4);
     return *auth == 0;
 }
-uint8_t * last_written_app_address;
 
 #include "version.h"
 bool is_firmware_version_newer_or_equal()
 {
 
+    if (last_written_app_address == 0) {
+        return false;
+    }
+
     printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
           current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved,
           current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved
           );
-  volatile version_t * new_version = ((volatile version_t *) last_written_app_address);
+  volatile version_t * new_version = ((volatile version_t *) (last_written_app_address-8+4));
   printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
           new_version->major, new_version->minor, new_version->patch, new_version->reserved,
           new_version->major, new_version->minor, new_version->patch, new_version->reserved
@@ -170,6 +176,7 @@ int bootloader_bridge(int klen, uint8_t * keyh)
     uint32_t addr = ((*((uint32_t*)req->addr)) & 0xffffff) | 0x8000000;
 
     uint32_t * ptr = (uint32_t *)addr;
+    uint32_t current_address;
 
     switch(req->op){
         case BootWrite:
@@ -196,9 +203,16 @@ int bootloader_bridge(int klen, uint8_t * keyh)
                 printf2(TAG_ERR, "Error, boot check bypassed\n");
                 exit(1);
             }
+            current_address = addr + len;
+            if (current_address < (uint32_t) last_written_app_address) {
+                printf2(TAG_ERR, "Error, only ascending writes allowed.\n");
+                has_erased = 0;
+                return CTAP2_ERR_NOT_ALLOWED;
+            }
+            last_written_app_address = (uint8_t*) current_address;
+
             // Do the actual write
             flash_write((uint32_t)ptr,req->payload, len);
-            last_written_app_address = (uint8_t *)ptr + len - 8 + 4;
             break;
         case BootDone:
             // Writing to flash finished. Request code validation.

targets/stm32l432/build/application.mk

@@ -84,4 +84,5 @@ cbor:
 	cd ../../tinycbor/ && make clean
 	cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
 LDFLAGS="$(LDFLAGS_LIB)" \
-CFLAGS="$(CFLAGS) -Os"
+CFLAGS="$(CFLAGS) -Os  -DCBOR_PARSER_MAX_RECURSIONS=3"
+

targets/stm32l432/linker/stm32l4xx.ld

@@ -61,7 +61,7 @@ SECTIONS
         *(.data*)
         . = ALIGN(8);
         _edata = .;
-    } >ram AT> flash
+    } >sram2 AT> flash
 
     .flag :
     {

targets/stm32l432/src/attestation.c

@@ -5,12 +5,16 @@
 // http://opensource.org/licenses/MIT>, at your option. This file may not be
 // copied, modified, or distributed except according to those terms.
 #include <stdint.h>
+#include <string.h>
 #include "crypto.h"
 #include "memory_layout.h"
+#include "device.h"
+#include "sense.h"
+#include "log.h"
 
 
 const uint8_t attestation_solo_cert_der[] =
-"\x30\x82\x02\xe1\x30\x82\x02\x88\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
+"\x30\x82\x03\x03\x30\x82\x02\xaa\xa0\x03\x02\x01\x02\x02\x01\x01\x30\x0a\x06\x08"
 "\x2a\x86\x48\xce\x3d\x04\x03\x02\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55\x04\x06"
 "\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79\x6c"
 "\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53\x6f\x6c\x6f\x20\x4b"
@@ -18,36 +22,37 @@ const uint8_t attestation_solo_cert_der[] =
 "\x41\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65\x79\x73"
 "\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16"
 "\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63\x6f\x6d\x30"
-"\x20\x17\x0d\x31\x38\x31\x31\x31\x31\x31\x32\x35\x32\x30\x30\x5a\x18\x0f\x32\x30"
-"\x36\x38\x31\x30\x32\x39\x31\x32\x35\x32\x30\x30\x5a\x30\x81\x92\x31\x0b\x30\x09"
+"\x20\x17\x0d\x31\x39\x31\x32\x30\x31\x31\x39\x32\x33\x34\x39\x5a\x18\x0f\x32\x30"
+"\x36\x39\x31\x31\x31\x38\x31\x39\x32\x33\x34\x39\x5a\x30\x81\x91\x31\x0b\x30\x09"
 "\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08"
-"\x4d\x61\x72\x79\x6c\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53"
-"\x6f\x6c\x6f\x20\x4b\x65\x79\x73\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x0c\x19\x41"
-"\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72\x20\x41\x74\x74\x65\x73\x74\x61"
-"\x74\x69\x6f\x6e\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b"
-"\x65\x79\x73\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01"
-"\x09\x01\x16\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63"
-"\x6f\x6d\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
-"\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x22\xfe\x0f\xb5\x2a\x78\xbe\xc6\x45\x37\x1a"
-"\x28\xa7\x57\x43\x49\xa4\x6f\x85\x4d\xca\x4e\x25\x1c\x9f\x75\x30\x3d\xbf\x10\xd5"
-"\xd2\xd2\x0b\xb9\x69\x2c\xdd\xb2\x5c\x14\xd8\x39\x85\x12\xf6\x23\xee\x91\xba\xc6"
-"\xac\xff\x4a\x1a\x27\xef\xe0\xc1\x54\x3f\xd4\xd9\xc5\xa3\x81\xdc\x30\x81\xd9\x30"
-"\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3b\xe6\xd2\xc0\x6f\xf2\xe7\xb0\x7c\x9d"
-"\x9e\x28\xc0\x20\xb0\x0d\x07\xc8\x15\xc8\x30\x81\x9f\x06\x03\x55\x1d\x23\x04\x81"
-"\x97\x30\x81\x94\xa1\x81\x86\xa4\x81\x83\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55"
-"\x04\x06\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72"
-"\x79\x6c\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53\x6f\x6c\x6f"
-"\x20\x4b\x65\x79\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x0c\x07\x52\x6f\x6f\x74"
-"\x20\x43\x41\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65"
+"\x4d\x61\x72\x79\x6c\x61\x6e\x64\x31\x11\x30\x0f\x06\x03\x55\x04\x0a\x0c\x08\x53"
+"\x6f\x6c\x6f\x4b\x65\x79\x73\x31\x22\x30\x20\x06\x03\x55\x04\x0b\x0c\x19\x41\x75"
+"\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x6f\x72\x20\x41\x74\x74\x65\x73\x74\x61\x74"
+"\x69\x6f\x6e\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65"
 "\x79\x73\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09"
 "\x01\x16\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63\x6f"
-"\x6d\x82\x09\x00\xc4\x47\x63\x92\x8f\xf4\xbe\x8c\x30\x09\x06\x03\x55\x1d\x13\x04"
-"\x02\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x04\xf0\x30\x0a\x06\x08"
-"\x2a\x86\x48\xce\x3d\x04\x03\x02\x03\x47\x00\x30\x44\x02\x20\x71\x10\x46\x2c\xf5"
-"\x16\x18\x97\x55\xca\x64\x50\x3b\x69\xb2\xdf\x17\x71\xab\xad\x8e\xc0\xd6\xa6\x07"
-"\x3d\x66\x8a\x3b\xbb\xfe\x61\x02\x20\x1e\x82\xef\xeb\x5e\x4e\x3a\x00\x84\x64\xd2"
-"\xf8\x84\xc3\x78\x35\x93\x63\x81\x2e\xbe\xa6\x12\x32\x6e\x29\x90\xc8\x91\x4b\x71"
-"\x52"
+"\x6d\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce"
+"\x3d\x03\x01\x07\x03\x42\x00\x04\x22\xfe\x0f\xb5\x2a\x78\xbe\xc6\x45\x37\x1a\x28"
+"\xa7\x57\x43\x49\xa4\x6f\x85\x4d\xca\x4e\x25\x1c\x9f\x75\x30\x3d\xbf\x10\xd5\xd2"
+"\xd2\x0b\xb9\x69\x2c\xdd\xb2\x5c\x14\xd8\x39\x85\x12\xf6\x23\xee\x91\xba\xc6\xac"
+"\xff\x4a\x1a\x27\xef\xe0\xc1\x54\x3f\xd4\xd9\xc5\xa3\x81\xff\x30\x81\xfc\x30\x1d"
+"\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x3b\xe6\xd2\xc0\x6f\xf2\xe7\xb0\x7c\x9d\x9e"
+"\x28\xc0\x20\xb0\x0d\x07\xc8\x15\xc8\x30\x81\x9f\x06\x03\x55\x1d\x23\x04\x81\x97"
+"\x30\x81\x94\xa1\x81\x86\xa4\x81\x83\x30\x81\x80\x31\x0b\x30\x09\x06\x03\x55\x04"
+"\x06\x13\x02\x55\x53\x31\x11\x30\x0f\x06\x03\x55\x04\x08\x0c\x08\x4d\x61\x72\x79"
+"\x6c\x61\x6e\x64\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x0c\x09\x53\x6f\x6c\x6f\x20"
+"\x4b\x65\x79\x73\x31\x10\x30\x0e\x06\x03\x55\x04\x0b\x0c\x07\x52\x6f\x6f\x74\x20"
+"\x43\x41\x31\x15\x30\x13\x06\x03\x55\x04\x03\x0c\x0c\x73\x6f\x6c\x6f\x6b\x65\x79"
+"\x73\x2e\x63\x6f\x6d\x31\x21\x30\x1f\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01"
+"\x16\x12\x68\x65\x6c\x6c\x6f\x40\x73\x6f\x6c\x6f\x6b\x65\x79\x73\x2e\x63\x6f\x6d"
+"\x82\x09\x00\xc4\x47\x63\x92\x8f\xf4\xbe\x8c\x30\x09\x06\x03\x55\x1d\x13\x04\x02"
+"\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x04\xf0\x30\x21\x06\x0b\x2b"
+"\x06\x01\x04\x01\x82\xe5\x1c\x01\x01\x04\x04\x12\x04\x10\x88\x76\x63\x1b\xd4\xa0"
+"\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79\x30\x0a\x06\x08\x2a\x86\x48\xce\x3d\x04"
+"\x03\x02\x03\x47\x00\x30\x44\x02\x20\x4d\xea\x09\x15\x6c\x86\x48\x57\x2a\xa8\x8d"
+"\x87\xc3\xfa\xb6\x6b\x29\x9b\xfb\x8b\x4d\x4d\x29\x77\x5b\xa1\x04\x4c\x7f\x12\x8d"
+"\x71\x02\x20\x47\x4c\x3d\xb2\xa1\x74\xe3\x9c\xfe\xe1\x23\xbf\xec\x47\x96\xf4\xe5"
+"\x9b\x65\x76\xac\xc8\x69\x1d\xe2\x74\xff\x4e\xa4\xcf\x02\x6d"
 ;
 
 const uint8_t attestation_hacker_cert_der[] =
@@ -95,7 +100,6 @@ const uint8_t attestation_hacker_cert_der[] =
 const uint16_t attestation_solo_cert_der_size = sizeof(attestation_solo_cert_der)-1;
 const uint16_t attestation_hacker_cert_der_size = sizeof(attestation_hacker_cert_der)-1;
 
-const uint8_t * attestation_cert_der = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert;
 
 uint8_t * device_get_attestation_key(){
     flash_attestation_page * page =(flash_attestation_page *)ATTESTATION_PAGE_ADDR;
@@ -106,3 +110,22 @@ uint16_t device_attestation_cert_der_get_size(){
     uint16_t sz = (uint16_t)((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert_size;
     return sz;
 }
+
+void device_attestation_read_cert_der(uint8_t * dst){
+    const uint8_t * der = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->attestation_cert;
+    uint16_t sz = device_attestation_cert_der_get_size();
+    memmove(dst, der, sz);
+
+    // Overwrite respective x509 fields if Tap or Somu.
+    if (memcmp(dst + 0x2c6, "\xea\x09\x15\x6c\x86\x48\x57\x2a\xa8\x8d", 10) == 0){
+        if (device_is_nfc()){
+            dst[0x2a2] = 0x89;//tap aaguid byte
+            memmove(dst + 0xac, "\x34\x33\x38\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x34\x33\x38", 20);//tap-id
+            memmove(dst + 0x2c5, "\x6d\x7b\x41\x2b\xff\x57\xf0\x03\xbd\x5b\x39\x4a\xf7\xa9\x2d\x6d\xcb\x9e\x2d\x88\xbf\xb3\x93\xc5\x66\x3b\xd1\xbc\x34\xfa\x5c\x4c\x02\x20\x59\x01\x49\x39\x1b\xb7\xa9\x1c\xed\x49\x78\x4f\x92\xa9\x61\x14\xa5\x6e\x96\x3f\x29\x02\x93\xe0\x5d\xe2\x75\xd0\x60\xd9\x74\xc2", 66);//tap-sig 
+        } else if (tsc_sensor_exists()) {
+            dst[0x2a2] = 0x98;//somu aaguid byte
+            memmove(dst + 0xac, "\x35\x30\x32\x5a\x18\x0f\x32\x30\x36\x39\x31\x31\x31\x38\x31\x39\x32\x35\x30\x32", 20);//somu-id
+            memmove(dst + 0x2c5, "\x4d\x08\xc8\x9d\xc4\x50\x49\x70\x48\x4d\xd0\x12\xd9\x7c\x62\x5e\x6b\xd3\x84\xd5\x36\x42\xfe\x86\x8e\x7a\x23\x59\xa0\x20\xf0\xc5\x02\x20\x5f\x70\x93\x61\x5a\xe4\x20\xcf\xb9\x8a\xf5\xdd\x87\xd0\x48\x6d\x7d\x59\xef\x9e\x0e\x11\xa3\x8e\xf7\xe3\xe2\xf5\x35\x37\x99\x1a", 66);//somu-sig
+        }
+    }
+}

targets/stm32l432/src/device.c

@@ -199,6 +199,20 @@ int solo_is_locked(){
     return tag == ATTESTATION_CONFIGURED_TAG && (device_settings & SOLO_FLAG_LOCKED) != 0;
 }
 
+// Locks solo flash from debugging.  Locks on next reboot.
+// This should be removed in next Solo release.
+void solo_lock_if_not_already() {
+    uint8_t buf[2048];
+
+    memmove(buf, (uint8_t*)ATTESTATION_PAGE_ADDR, 2048);
+
+    ((flash_attestation_page *)buf)->device_settings |= SOLO_FLAG_LOCKED;
+
+    flash_erase_page(ATTESTATION_PAGE);
+
+    flash_write(ATTESTATION_PAGE_ADDR, buf, 2048);
+}
+
 /** device_migrate
  * Depending on version of device, migrates:
  * * Moves attestation certificate to data segment. 
@@ -563,7 +577,11 @@ uint32_t ctap_atomic_count(uint32_t amount)
         return lastc;
     }
 
-    lastc += amount;
+    if (amount > 256){
+        lastc = amount;
+    } else {
+        lastc += amount;
+    }
 
     if (lastc/256 > erases)
     {
@@ -772,33 +790,28 @@ uint32_t ctap_rk_size(void)
 
 void ctap_store_rk(int index,CTAP_residentKey * rk)
 {
-    int page_offset = (sizeof(CTAP_residentKey) * index) / PAGE_SIZE;
-    uint32_t addr = flash_addr(page_offset + RK_START_PAGE) + ((sizeof(CTAP_residentKey)*index) % PAGE_SIZE);
+    ctap_overwrite_rk(index, rk);
+}
 
-    printf1(TAG_GREEN, "storing RK %d @ %04x\r\n", index,addr);
-
-    if (page_offset < RK_NUM_PAGES)
-    {
-        flash_write(addr, (uint8_t*)rk, sizeof(CTAP_residentKey));
-        //dump_hex1(TAG_GREEN,rk,sizeof(CTAP_residentKey));
-    }
-    else
-    {
-        printf2(TAG_ERR,"Out of bounds reading index %d for rk\n", index);
-    }
+void ctap_delete_rk(int index)
+{
+    CTAP_residentKey rk;
+    memset(&rk, 0xff, sizeof(CTAP_residentKey));
+    ctap_overwrite_rk(index, &rk);
 }
 
 void ctap_load_rk(int index,CTAP_residentKey * rk)
 {
-    int page_offset = (sizeof(CTAP_residentKey) * index) / PAGE_SIZE;
-    uint32_t addr = flash_addr(page_offset + RK_START_PAGE) + ((sizeof(CTAP_residentKey)*index) % PAGE_SIZE);
+    int byte_offset_into_page = (sizeof(CTAP_residentKey) * (index % (PAGE_SIZE/sizeof(CTAP_residentKey))));
+    int page_offset = (index)/(PAGE_SIZE/sizeof(CTAP_residentKey));
+
+    uint32_t addr = flash_addr(page_offset + RK_START_PAGE) + byte_offset_into_page;
 
     printf1(TAG_GREEN, "reading RK %d @ %04x\r\n", index, addr);
     if (page_offset < RK_NUM_PAGES)
     {
         uint32_t * ptr = (uint32_t *)addr;
         memmove((uint8_t*)rk,ptr,sizeof(CTAP_residentKey));
-        //dump_hex1(TAG_GREEN,rk,sizeof(CTAP_residentKey));
     }
     else
     {
@@ -809,22 +822,28 @@ void ctap_load_rk(int index,CTAP_residentKey * rk)
 void ctap_overwrite_rk(int index,CTAP_residentKey * rk)
 {
     uint8_t tmppage[PAGE_SIZE];
-    int page_offset = (sizeof(CTAP_residentKey) * index) / PAGE_SIZE;
-    int page = page_offset + RK_START_PAGE;
 
-    printf1(TAG_GREEN, "overwriting RK %d\r\n", index);
+    int byte_offset_into_page = (sizeof(CTAP_residentKey) * (index % (PAGE_SIZE/sizeof(CTAP_residentKey))));
+    int page_offset = (index)/(PAGE_SIZE/sizeof(CTAP_residentKey));
+
+    printf1(TAG_GREEN, "overwriting RK %d @ page %d @ addr 0x%08x-0x%08x\r\n", 
+        index, RK_START_PAGE + page_offset, 
+        flash_addr(RK_START_PAGE + page_offset) + byte_offset_into_page, 
+        flash_addr(RK_START_PAGE + page_offset) + byte_offset_into_page + sizeof(CTAP_residentKey) 
+        );
     if (page_offset < RK_NUM_PAGES)
     {
-        memmove(tmppage, (uint8_t*)flash_addr(page), PAGE_SIZE);
+        memmove(tmppage, (uint8_t*)flash_addr(RK_START_PAGE + page_offset), PAGE_SIZE);
 
-        memmove(tmppage + (sizeof(CTAP_residentKey) * index) % PAGE_SIZE, rk, sizeof(CTAP_residentKey));
-        flash_erase_page(page);
-        flash_write(flash_addr(page), tmppage, PAGE_SIZE);
+        memmove(tmppage + byte_offset_into_page, rk, sizeof(CTAP_residentKey));
+        flash_erase_page(RK_START_PAGE + page_offset);
+        flash_write(flash_addr(RK_START_PAGE + page_offset), tmppage, PAGE_SIZE);
     }
     else
     {
         printf2(TAG_ERR,"Out of bounds reading index %d for rk\n", index);
     }
+    printf1(TAG_GREEN, "4\r\n");
 }
 
 void boot_st_bootloader(void)
@@ -859,6 +878,17 @@ void boot_solo_bootloader(void)
 
 }
 
+void device_read_aaguid(uint8_t * dst){
+    uint8_t * aaguid = (uint8_t *)"\x88\x76\x63\x1b\xd4\xa0\x42\x7f\x57\x73\x0e\xc7\x1c\x9e\x02\x79";
+    memmove(dst, aaguid, 16);
+    if (device_is_nfc()){
+        dst[0] = 0x89;
+    }
+    else if (tsc_sensor_exists()){
+        dst[0] = 0x98;
+    }
+    dump_hex1(TAG_GREEN,dst, 16);
+}
 
 
 void _Error_Handler(char *file, int line)

targets/stm32l432/src/init.c

@@ -146,12 +146,14 @@ void device_set_clock_rate(DEVICE_CLOCK_RATE param)
         case DEVICE_LOW_POWER_IDLE:
             SET_CLOCK_RATE0();
         break;
+#if !defined(IS_BOOTLOADER)
         case DEVICE_LOW_POWER_FAST:
             SET_CLOCK_RATE1();
         break;
         case DEVICE_FAST:
             SET_CLOCK_RATE2();
         break;
+#endif
     }
 }
 

targets/stm32l432/src/memory_layout.h

@@ -67,7 +67,7 @@ typedef struct flash_memory_st flash_memory_st;
 #include <assert.h>
 static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
 
-#define ATTESTATION_CONFIGURED_TAG      0xaa551e78
+#define ATTESTATION_CONFIGURED_TAG      0xaa551e79
 
 struct flash_attestation_page{
   uint8_t attestation_key[32];

tools/requirements.txt

@@ -1,5 +1,4 @@
 ecdsa
-fido2
 intelhex
 pyserial
 solo-python