stub pc build

take a lazy approach to key agreement generation to not hold up boot time for nfc
speed up public key derivation slightly for nfc
2019-08-20 21:31:02 +08:00 · 2019-08-20 21:27:52 +08:00 · 2019-08-20 21:06:37 +08:00 · 2019-08-20 20:28:38 +08:00 · 2019-08-20 20:23:18 +08:00 · 2019-08-19 22:33:32 +08:00
15 changed files with 412 additions and 136 deletions
--- a/README.md
+++ b/README.md
@ -1,24 +1,18 @@
-[![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE)
+**NEW!** We launched a new tiny security key called Somu, it's live on Crowd Supply and you can [pre-order it now](https://solokeys.com/somu)!
-[![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors)
+
-[![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo)
+[<img src="https://miro.medium.com/max/1400/1*PnzCPLqq_5nt1gjgSEY2LQ.png" width="600">](https://solokeys.com/somu)
-[![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com)
+
 Somu is the micro version of Solo. We were inspired to make a secure Tomu, so we took its tiny form factor, we added the secure microcontroller and firmware of Solo, et voilà! Here we have Somu.
 [![latest release](https://img.shields.io/github/release/solokeys/solo.svg)](https://update.solokeys.com/)
 [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)
-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo?ref=badge_shield)
+[![Build Status](https://travis-ci.com/solokeys/solo.svg?style=flat-square&branch=master)](https://travis-ci.com/solokeys/solo)
 [![latest release](https://img.shields.io/github/release/solokeys/solo.svg)](https://github.com/solokeys/solo/releases)
 [![commits since last release](https://img.shields.io/github/commits-since/solokeys/solo/latest.svg)](https://github.com/solokeys/solo/commits/master)
 [![last commit](https://img.shields.io/github/last-commit/solokeys/solo.svg)](https://github.com/solokeys/solo/commits/master)
 [![commit activity](https://img.shields.io/github/commit-activity/m/solokeys/solo.svg)](https://github.com/solokeys/solo/commits/master)
 [![contributors](https://img.shields.io/github/contributors/solokeys/solo.svg)](https://github.com/solokeys/solo/graphs/contributors)
 # Solo
 Solo is an open source security key, and you can get one at [solokeys.com](https://solokeys.com).
-Solo supports FIDO2 and U2F standards for strong two-factor authentication and password-less login, and it will protect you against phishing and other online attacks. With colored cases and multilingual guides we want to make secure login more personable and accessible to everyone around the globe.
+[<img src="https://static.solokeys.com/images/photos/hero-on-white-cropped.png" width="600">](https://solokeys.com)
-<img src="https://static.solokeys.com/images/photos/hero-on-white-cropped.png" width="600">
+Solo supports FIDO2 and U2F standards for strong two-factor authentication and password-less login, and it will protect you against phishing and other online attacks. With colored cases and multilingual guides we want to make secure login more personable and accessible to everyone around the globe.
 This repo contains the Solo firmware, including implementations of FIDO2 and U2F (CTAP2 and CTAP) over USB and NFC. The main implementation is for STM32L432, but it is easily portable.
@ -42,7 +36,7 @@ Solo for Hacker is a special version of Solo that let you customize its firmware
 Check out [solokeys.com](https://solokeys.com), for options on where to buy Solo.  Solo Hacker can be converted to a secure version, but normal Solo cannot be converted to a Hacker version.
-If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.io/solo/building/). We only support Python3.
+If you have a Solo for Hacker, here's how you can load your own code on it. You can find more details, including how to permanently lock it, in our [documentation](https://docs.solokeys.io/solo/building/). We support Python3.
 ```bash
 git clone --recurse-submodules https://github.com/solokeys/solo
@ -168,3 +162,19 @@ You may use Solo documentation under the terms of the CC-BY-SA 4.0 license
 You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solokeys.com).
 <br/>
 <hr/>
 <br/>
 [![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE)
 [![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors)
 [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo)
 [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com)
 [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fsolokeys%2Fsolo?ref=badge_shield)
 [![latest release](https://img.shields.io/github/release/solokeys/solo.svg)](https://github.com/solokeys/solo/releases)
 [![commits since last release](https://img.shields.io/github/commits-since/solokeys/solo/latest.svg)](https://github.com/solokeys/solo/commits/master)
 [![last commit](https://img.shields.io/github/last-commit/solokeys/solo.svg)](https://github.com/solokeys/solo/commits/master)
 [![commit activity](https://img.shields.io/github/commit-activity/m/solokeys/solo.svg)](https://github.com/solokeys/solo/commits/master)
 [![contributors](https://img.shields.io/github/contributors/solokeys/solo.svg)](https://github.com/solokeys/solo/graphs/contributors)
--- a/docs/solo/bootloader-mode.md
+++ b/docs/solo/bootloader-mode.md
@ -0,0 +1,51 @@
 # Booting into bootloader mode
 You can put Solo into bootloader mode by holding down the button, and plugging in Solo.  After 2 seconds, bootloader mode will activate.
 You'll see a yellowish flashing light and you can let go of the button.
 Now Solo is ready to [accept firmware updates](/solo/signed-updates).  If the Solo is a secured model, it can only accept signed updates, typically in the `firmware-*.json` format.
 If Solo is running a hacker build, it can be put into bootloader mode on command.  This makes it easier for development.
 ```bash
 solo program aux enter-bootloader
 ```
 # The boot stages of Solo
 Solo has 3 boot stages.
 ## DFU
 The first stage is the DFU (Device Firmware Update) which is in a ROM on Solo.  It is baked into the chip and is not implemented by us.
 This is what allows the entire firmware of Solo to be programmed.  **It's not recommended to develop for Solo using the DFU because 
 if you program broken firmware, you could brick your device**.
 On hacker devices, you can boot into the DFU by holding down the button for 5 seconds, when Solo is already in bootloader mode.
 You can also run this command when Solo is in bootloader mode to put it in DFU mode.
 ```bash
 solo program aux enter-dfu
 ```
 Note it will stay in DFU mode until to tell it to boot again.  You can boot it again by running the following.
 ```bash
 solo program aux leave-dfu
 ```
 *Warning*: If you change the firmware to something broken, and you tell the DFU to boot it, you could brick your device.
 ## Solo Bootloader
 The next boot stage is the "Solo bootloader".  So when we say to put your Solo into bootloader mode, it is this stage.
 This bootloader is written by us and allows signed firmware updates to be written.  On Solo Hackers, there is no signature checking
 and will allow any firmware updates.
 It is safe to develop for Solo using our Solo bootloader.  If broken firmware is uploaded to the device, then the Solo
 bootloader can always be booted again by holding down the button when plugging in.
 ## Solo application
 This is what contains all the important functionality of Solo.  FIDO2, U2F, etc.  This is what Solo will boot to by default.
--- a/docs/solo/building.md
+++ b/docs/solo/building.md
@ -14,12 +14,6 @@ but be warned they might be out of date.  Typically it will be called `gcc-arm-n
 Install `solo-python` usually with `pip3 install solo-python`. The `solo` python application may also be used for [programming](#programming).
 To program your build, you'll need one of the following programs.
 -   [openocd](http://openocd.org)
 -   [stlink](https://github.com/texane/stlink)
 -   [STM32CubeProg](https://www.st.com/en/development-tools/stm32cubeprog.html)
 ## Obtain source code and solo tool
 Source code can be downloaded from:
@ -54,7 +48,7 @@ enabled, like being able to jump to the bootloader on command.  It then merges b
 and solo builds into the same binary.  I.e. it combines `bootloader.hex` and `solo.hex`
 into `all.hex`.
-If you're just planning to do development, please don't try to reprogram the bootloader,
+If you're just planning to do development, **please don't try to reprogram the bootloader**,
 as this can be risky if done often.  Just use `solo.hex`.
 ### Building with debug messages
@ -86,6 +80,8 @@ solo monitor <serial-port>
 ### Building a Solo release
 To build Solo
 If you want to build a release of Solo, we recommend trying a Hacker build first
 just to make sure that it's working.  Otherwise it may not be as easy or possible to
 fix any mistakes.
@ -96,105 +92,13 @@ If you're ready to program a full release, run this recipe to build.
 make build-release-locked
 ```
-Programming `all.hex` will cause the device to permanently lock itself.
+This outputs bootloader.hex, solo.hex, and the combined all.hex.
-## Programming
+Programming `all.hex` will cause the device to permanently lock itself.  This means debuggers cannot be used and signature checking
 will be enforced on all future updates.
-It's recommended to test a debug/hacker build first to make sure Solo is working as expected.
+Note if you program a secured `solo.hex` file onto a Solo Hacker, it will lock the flash, but the bootloader
-Then you can switch to a locked down build, which cannot be reprogrammed as easily (or not at all!).
+will still accept unsigned firmware updates.  So you can switch it back to being a hacker, but you will
 not be able to replace the unlocked bootloader anymore, since the permanently locked flash also disables the DFU.
 [Read more on Solo's boot stages](/solo/bootloader-mode).
 We recommend using our `solo` tool to manage programming.  It is cross platform.  First you must
 install the prerequisites:
 ```
 pip3 install -r tools/requirements.txt
 ```
 If you're on Windows, you must also install [libusb](https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/1.2.6.0/).
 ### Pre-programmed Solo Hacker
 If your Solo device is already programmed (it flashes green when powered), we recommend
 programming it using the Solo bootloader.
 ```
 solo program aux enter-bootloader
 solo program bootloader solo.hex
 ```
 Make sure to program `solo.hex` and not `all.hex`.  Nothing bad would happen, but you'd
 see errors.
 If something bad happens, you can always boot the Solo bootloader by doing the following.
 1. Unplug device.
 2. Hold down button.
 3. Plug in device while holding down button.
 4. Wait about 2 seconds for flashing yellow light.  Release button.
 If you hold the button for an additional 5 seconds, it will boot to the ST DFU (device firmware update).
 Don't use the ST DFU unless you know what you're doing.
 ### ST USB DFU
 If your Solo has never been programmed, it will boot the ST USB DFU.  The LED is turned
 off and it enumerates as "STM BOOTLOADER".
 You can program it by running the following.
 ```
 solo program aux enter-bootloader
 solo program aux enter-dfu
 # powercycle key
 solo program dfu all.hex
 ```
 Make sure to program `all.hex`, as this contains both the bootloader and the Solo application.
 If all goes well, you should see a slow-flashing green light.
 ### Solo Hacker vs Solo
 A Solo hacker device doesn't need to be in bootloader mode to be programmed, it will automatically switch.
 Solo (locked) needs the button to be held down when plugged in to boot to the bootloader.
 A locked Solo will only accept signed updates.
 ### Signed updates
 If this is not a device with a hacker build, you can only program signed updates.
 ```
 solo program bootloader /path/to/firmware.json
 ```
 If you've provisioned the Solo bootloader with your own secp256r1 public key, you can sign your
 firmware by running the following command.
 ```
 solo sign /path/to/signing-key.pem /path/to/solo.hex /output-path/to/firmware.json
 ```
 If your Solo isn't locked, you can always reprogram it using a debugger connected directly
 to the token.
 ## Permanently locking the device
 If you plan to be using your Solo for real, you should lock it permanently.  This prevents
 someone from connecting a debugger to your token and stealing credentials.
 To do this, build the locked release firmware.
 ```
 make build-release-locked
 ```
 Now when you program `all.hex`, the device will lock itself when it first boots.  You can only update it
 with signed updates.
 If you'd like to also permanently disable signed updates, plug in your programmed Solo and run the following:
 ```
 # WARNING: No more signed updates.
 solo program disable-bootloader
 ```
--- a/docs/solo/customization.md
+++ b/docs/solo/customization.md
@ -0,0 +1,141 @@
 # Customization
 If you are interested in customizing parts of your Solo, and you have a Solo Hacker, this page is for you.
 ## Custom Attestation key
 The attestation key is used in the FIDO2 *makeCredential* or U2F *register* requests.  It signs
 newly generated credentials.  The certificate associated with the attestation key is output with newly created credentials.
 Platforms or services can use the attestation feature to enforce specific authenticators to be used.
 This is typically a use case for organizations and isn't seen in the wild for consumer use cases.
 Attestation keys are typically the same for at least 100K units of a particular authenticator model.
 This is so they don't contribute a significant fingerprint that platforms could use to identify the user.
 If you don't want to use the default attestation key that Solo builds with, you can create your own
 and program it.
 ### Creating your attestation key pair
 Since we are generating keys, it's important to use a good entropy source.
 You can use the [True RNG on your Solo](/solo/solo-extras) to generate some good random numbers.
 ```
 # Run for 1 second, then hit control-c
 solo key rng raw > seed.bin
 ```
 First we will create a self signed key pair that acts as the root of trust.  This
 won't go on the authenticator, but will sign the keypair that does.
 Please change the root certification information as needed.  You may change the ECC curve.
 ```
 curve=prime256v1
 country=US
 state=Maine
 organization=OpenSourceSecurity
 unit="Root CA"
 CN=example.com
 email=example@example.com
 # generate EC private key
 openssl ecparam -genkey -name "$curve" -out root_key.pem -rand seed.bin
 # generate a "signing request"
 openssl req -new -key root_key.pem -out root_key.pem.csr  -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
 # self sign the request
 openssl x509 -trustout -req -days 18250  -in root_key.pem.csr -signkey root_key.pem -out root_cert.pem -sha256
 # convert to smaller size format DER
 openssl  x509 -in root_cert.pem -outform der -out root_cert.der
 # print out information and verify
 openssl x509 -in root_cert.pem -text -noout
 ```
 You need to create a extended certificate for the device certificate to work with FIDO2.  You need to create this
 file, `v3.ext`, and add these options to it.
 ```
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 ```
 Now to generate & sign the attestation key pair that will go on your device, or maybe 100,000 devices :).
 Note you must use a prime256v1 curve for this step, and you must leave the unit/OU as "Authenticator Attestation".
 ```
 country=US
 state=Maine
 organization=OpenSourceSecurity
 unit="Authenticator Attestation"
 CN=example.com
 email=example@example.com
 # generate EC private key
 openssl ecparam -genkey -name "$curve" -out device_key.pem -rand seed.bin
 # generate a "signing request"
 openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
 # sign the request
 openssl x509 -req -days 18250  -in device_key.pem.csr -extfile v3.ext -CA root_cert.pem -CAkey root_key.pem -set_serial 01 -out device_cert.pem -sha256
 # convert to smaller size format DER
 openssl  x509 -in device_cert.pem  -outform der -out device_cert.der
 # Verify the device certificate details
 openssl x509 -in device_cert.pem -text -noout
 ```
 Let's verify that the attestation key and certificate are valid, and that they can be verified with the root key pair.
 ```
 echo 'challenge $RANDOM' > chal.txt
 # check that they are valid key pairs
 openssl dgst -sha256 -sign device_key.pem -out sig.txt chal.txt
 openssl dgst -sha256 -verify  <(openssl x509 -in device_cert.pem  -pubkey -noout)  -signature sig.txt chal.txt
 openssl dgst -sha256 -sign "root_key.pem" -out sig.txt chal.txt
 openssl dgst -sha256 -verify  <(openssl x509 -in root_cert.pem  -pubkey -noout)  -signature sig.txt chal.txt
 # Check they are a chain
 openssl verify -verbose -CAfile "root_cert.pem" "device_cert.pem"
 ```
 If the checks succeed, you are ready to program the device attestation key and certificate.
 ### Programming an attestation key and certificate
 Convert the DER format of the device attestation certificate to "C" bytes using our utility script.  You may first need to
 first install prerequisite python modules (pip install -r tools/requirements.txt).
 ```
 python tools/gencert/cbytes.py device_cert.der
 ```
 Copy the byte string portion into the [`attestation.c` source file of Solo](https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/attestation.c).  Overwrite the development or "default" certificate that is already there.
 Now [build the Solo firmware](/solo/building), either a secure or hacker build.  You will need to produce a bootloader.hex file and a solo.hex file.
 Print your attestation key in a hex string format.
 ```
 python tools/print_x_y.py device_key.pem
 ```
 Merge the bootloader.hex, solo.hex, and attestion key into one firmware file.
 ```
 solo mergehex --attestation-key <attestation-key-hex-string> bootloader.hex solo.hex all.hex
 ```
 Now you have a newly create `all.hex` file with a custom attestation key.  You can [program this all.hex file
 with Solo in DFU mode](/solo/programming#procedure).
--- a/docs/solo/programming.md
+++ b/docs/solo/programming.md
@ -0,0 +1,113 @@
 # Programming
 This page documents how to update or program your Solo.
 ## Prerequisites
 To program Solo, you'll likely only need to use our Solo tool.
 ```python
 pip3 install solo-python
 ```
 ## Updating the firmware
 If you just want to update the firmware, you can run one of the following commands.
 Make sure your key [is in bootloader mode](/solo/bootloader-mode#solo-bootloader) first.
 ```bash
 solo key update <--secure | --hacker>
 ```
 You can manually install the [latest release](https://github.com/solokeys/solo/releases), or use a build that you made.
 ```bash
 # If it's a hacker, it will automatically boot into bootloader mode.
 solo program bootloader <firmware.hex | firmware.json>
 ```
 Note you won't be able to use `all.hex` or the `bundle-*.hex` builds, as these include the solo bootloader.  You shouldn't
 risk changing the Solo bootloader unless you want to make it a secure device, or [make other customizations]().
 ## Updating a Hacker to a Secure Solo
 Updating a hacker to be a secure build overwrites the [Solo bootloader](/solo/bootloader-mode#solo-bootloader).
 So it's important to not mess this up or you may brick your device.
 You can use a firmware build from the [latest release](https://github.com/solokeys/solo/releases) or use
 a build that you made yourself.
 You need to use a firmware file that has the combined bootloader and application (or at the very least just the bootloader).
 This means using the `bundle-*.hex` file or the `all.hex` from your build.  If you overwrite the Solo flash with a missing bootloader,
 it will be bricked.
 We provide two types of bundled builds.  The `bundle-hacker-*.hex` build is the hacker build.  If you update with this,
 you will update the bootloader and application, but nothing will be secured.  The `bundle-secure-non-solokeys.hex`
 is a secured build that will lock your device and it will behave just like a Secure Solo.  The main difference is that
 it uses a "default" attestation key in the device, rather than the SoloKeys attestation key.  There is no security
 concern with using our default attestation key, aside from a privacy implication that services can distinguish it from Solo Secure.
 ### Procedure
 1. Boot into DFU mode.
        # Enter Solo bootloader
        solo program aux enter-bootloader
        # Enter DFU
        solo program aux enter-dfu
    The device should be turned off.
 2. Program the device
        solo program dfu <bundle-secure-non-solokeys.hex | all.hex>
    Double check you programmed it with bootloader + application (or just bootloader).
    If you messed it up, simply don't do the next step and repeat this step correctly.
 3. Boot the device
    Once Solo boots a secure build, it will lock the flash permantly from debugger access.  Also the bootloader
    will only accept signed firmware updates.
        solo program aux leave-dfu
 If you are having problems with solo tool and DFU mode, you could alternatively try booting into DFU
 by holding down the button while Solo is in bootloader mode.  Then try another programming tool that works
 with ST DFU:
 * STM32CubeProg
 * openocd
 * stlink
 Windows users need to install [libusb](https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/1.2.6.0/)
 for solo-python to work with Solo's DFU.
 ## Programming a Solo that hasn't been programmed
 A Solo that hasn't been programmed will boot into DFU mode.  You can program
 it by following a bootloader, or combined bootloader + application.
 ```
 solo program dfu <bundle-*.hex | all.hex>
 ```
 Then boot the device.  Make sure it has a bootloader to boot to.
 ```
 solo program aux leave-dfu
 ```
 ## Disable signed firmware updates
 If you'd like to also permanently disable signed updates, plug in your programmed Solo and run the following:
 ```bash
 # WARNING: No more signed updates.
 solo program disable-bootloader
 ```
 You won't be able to update to any new releases.
--- a/docs/solo/solo-extras.md
+++ b/docs/solo/solo-extras.md
@ -0,0 +1,19 @@
 # Solo Extras
 ## Random number generation
 Solo contains a True Random Number Generator (TRNG).  A TRNG is a hardware based mechanism
 that leverages natural phenomenon to generate random numbers, which is can be better than a traditional
 RNG that has state and updates deterministically using cryptographic methods.
 You can easily access the TRNG stream on Solo using our python tool [solo-python](https://github.com/solokeys/solo-python).
 ```
 solo key rng raw > random.bin
 ```
 Or you can seed the state of the RNG on your kernel (/dev/random).
 ```
 solo key rng feedkernel
 ```
--- a/fido2/crypto.c
+++ b/fido2/crypto.c
@ -262,6 +262,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
    memmove(y,pubkey+32,32);
 }
 void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
 {
    uECC_compute_public_key(privkey, pubkey, _es256_curve);
 }
 void crypto_load_external_key(uint8_t * key, int len)
 {
    _signing_key = key;
--- a/fido2/crypto.h
+++ b/fido2/crypto.h
@ -26,6 +26,7 @@ void crypto_sha512_final(uint8_t * hash);
 void crypto_ecc256_init();
 void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8_t * y);
 void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey);
 void crypto_ecc256_load_key(uint8_t * data, int len, uint8_t * data2, int len2);
 void crypto_ecc256_load_attestation_key();
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -256,7 +256,9 @@ static int ctap_generate_cose_key(CborEncoder * cose_key, uint8_t * hmac_input,
    switch(algtype)
    {
        case COSE_ALG_ES256:
            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
            crypto_ecc256_derive_public_key(hmac_input, len, x, y);
            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
            break;
        default:
            printf2(TAG_ERR,"Error, COSE alg %d not supported\n", algtype);
@ -1479,6 +1481,11 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length)
            ret = cbor_encode_int(&map, RESP_keyAgreement);
            check_ret(ret);
            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
            crypto_ecc256_compute_public_key(KEY_AGREEMENT_PRIV, KEY_AGREEMENT_PUB);
            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
            ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256);
            check_retr(ret);
@ -1678,7 +1685,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        default:
            status = CTAP1_ERR_INVALID_COMMAND;
-            printf2(TAG_ERR,"error, invalid cmd\n");
+            printf2(TAG_ERR,"error, invalid cmd: %x\n", cmd);
    }
 done:
@ -1767,10 +1774,7 @@ void ctap_init()
        exit(1);
    }
-    if (device_is_nfc() != NFC_IS_ACTIVE)
+    ctap_reset_key_agreement();
    {
        ctap_reset_key_agreement();
    }
 #ifdef BRIDGE_TO_WALLET
    wallet_init();
@ -1969,7 +1973,7 @@ int8_t ctap_load_key(uint8_t index, uint8_t * key)
 static void ctap_reset_key_agreement()
 {
-    crypto_ecc256_make_key_pair(KEY_AGREEMENT_PUB, KEY_AGREEMENT_PRIV);
+    ctap_generate_rng(KEY_AGREEMENT_PRIV, sizeof(KEY_AGREEMENT_PRIV));
 }
 void ctap_reset()
--- a/in-docker-build.sh
+++ b/in-docker-build.sh
@ -38,6 +38,7 @@ build firmware hacker solo
 build firmware hacker-debug-1 solo
 build firmware hacker-debug-2 solo
 build firmware secure solo
 build firmware secure-non-solokeys solo
 pip install -U pip
 pip install -U solo-python
@ -49,3 +50,6 @@ bundle="bundle-hacker-debug-1-${version}"
 /opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-debug-1-${version}.hex ${bundle}.hex
 bundle="bundle-hacker-debug-2-${version}"
 /opt/conda/bin/solo mergehex bootloader-nonverifying-${version}.hex firmware-hacker-debug-2-${version}.hex ${bundle}.hex
 bundle="bundle-secure-non-solokeys-${version}"
 /opt/conda/bin/solo mergehex bootloader-verifying-${version}.hex firmware-secure-non-solokeys-${version}.hex ${bundle}.hex
 sha256sum ${bundle}.hex > ${bundle}.sha2
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -11,6 +11,10 @@ nav:
    - FIDO2 Implementation: solo/fido2-impl.md
    - Metadata Statements: solo/metadata-statements.md
    - Build instructions: solo/building.md
    - Programming instructions: solo/programming.md
    - Bootloader mode: solo/bootloader-mode.md
    - Customization: solo/customization.md
    - Solo Extras: solo/solo-extras.md
    - Running on Nucleo32 board: solo/nucleo32-board.md
    - Signed update process: solo/signed-updates.md
    - Code documentation: solo/code-overview.md
--- a/pc/device.c
+++ b/pc/device.c
@ -628,3 +628,8 @@ int device_is_nfc()
 {
    return 0;
 }
 void device_set_clock_rate(DEVICE_CLOCK_RATE param)
 {
 }
--- a/targets/stm32l432/Makefile
+++ b/targets/stm32l432/Makefile
@ -21,6 +21,9 @@ firmware-hacker-debug-1:
 firmware-hacker-debug-2:
 	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=2 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=0'
 firmware-secure-non-solokeys:
 	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DFLASH_ROP=2'
 firmware-secure:
 	$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DUSE_SOLOKEYS_CERT -DFLASH_ROP=2'
@ -59,7 +62,6 @@ boot-no-sig:
 build-release-locked: cbor clean2 boot-sig-checking clean all-locked
 	$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
 	rm -f solo.hex bootloader.hex  # don't program solo.hex ...
 build-release: cbor clean2 boot-sig-checking clean all
 	$(VENV) $(merge_hex) solo.hex bootloader.hex all.hex
--- a/targets/stm32l432/src/crypto.c
+++ b/targets/stm32l432/src/crypto.c
@ -282,6 +282,11 @@ void crypto_ecc256_derive_public_key(uint8_t * data, int len, uint8_t * x, uint8
    memmove(x,pubkey,32);
    memmove(y,pubkey+32,32);
 }
 void crypto_ecc256_compute_public_key(uint8_t * privkey, uint8_t * pubkey)
 {
    uECC_compute_public_key(privkey, pubkey, _es256_curve);
 }
 void crypto_load_external_key(uint8_t * key, int len)
 {
--- a/targets/stm32l432/src/nfc.c
+++ b/targets/stm32l432/src/nfc.c
@ -196,7 +196,14 @@ bool nfc_write_response_ex(uint8_t req0, uint8_t * data, uint8_t len, uint16_t r
 	res[len + block_offset + 0] = resp >> 8;
 	res[len + block_offset + 1] = resp & 0xff;
 	nfc_write_frame(res, block_offset + len + 2);
    if (!ams_wait_for_tx(1))
    {
        printf1(TAG_NFC, "TX resp timeout. len: %d \r\n", len);
        return false;
    }
 	return true;
 }
@ -482,9 +489,6 @@ void nfc_process_iblock(uint8_t * buf, int len)
    CTAP_RESPONSE ctap_resp;
    int status;
    uint16_t reslen;
    printf1(TAG_NFC,"Iblock: ");
 	dump_hex1(TAG_NFC, buf, len);
    uint8_t block_offset = p14443_block_offset(buf[0]);
@ -623,13 +627,13 @@ void nfc_process_iblock(uint8_t * buf, int len)
 			printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());
-			WTX_on(WTX_TIME_DEFAULT);
+			// WTX_on(WTX_TIME_DEFAULT);
            request_from_nfc(true);
            ctap_response_init(&ctap_resp);
            status = ctap_request(apdu.data, apdu.lc, &ctap_resp);
            request_from_nfc(false);
-			if (!WTX_off())
+			// if (!WTX_off())
-				return;
+			// 	return;
 			printf1(TAG_NFC, "CTAP resp: 0x%02x  len: %d\r\n", status, ctap_resp.length);
@ -681,6 +685,9 @@ void nfc_process_iblock(uint8_t * buf, int len)
 			nfc_write_response(buf[0], SW_INS_INVALID);
        break;
    }
    printf1(TAG_NFC,"prev.Iblock: ");
 	dump_hex1(TAG_NFC, buf, len);
 }
 static uint8_t ibuf[1024];
@ -852,6 +859,7 @@ int nfc_loop()
                printf1(TAG_NFC, "NFC_CMD_WUPA\r\n");
            break;
            case NFC_CMD_HLTA:
                ams_write_command(AMS_CMD_SLEEP);
                printf1(TAG_NFC, "HLTA/Halt\r\n");
            break;
            case NFC_CMD_RATS:
Author	SHA1	Message	Date
Conor Patrick	525ff0c5d6	stub pc build	2019-08-20 21:31:02 +08:00
Conor Patrick	79d986197b	take a lazy approach to key agreement generation to not hold up boot time for nfc	2019-08-20 21:27:52 +08:00
Conor Patrick	9045c0ca3e	speed up public key derivation slightly for nfc	2019-08-20 21:06:37 +08:00
Conor Patrick	508f2e1e1c	remove WTX, move debug log	2019-08-20 20:28:38 +08:00
Conor Patrick	6dfdf36654	for now, always gen key agreement	2019-08-20 20:23:18 +08:00
merlokk	095b08e3d9	add some stability in small responses	2019-08-19 22:33:32 +08:00
merlokk	89e021003a	small fix for HID readers	2019-08-19 22:33:32 +08:00
Emanuele Cesena	4f3d4b09eb	Update README.md	2019-08-16 17:22:46 -04:00
Nicolas Stalder	3f4843b03a	Merge pull request #270 from solokeys/bump_2.4.3 Update STABLE_VERSION	2019-08-16 21:07:59 +02:00
Conor Patrick	26af0c423e	Update solo-extras.md	2019-08-16 14:04:43 +08:00
Conor Patrick	19422d9daa	add info for rng use	2019-08-16 14:04:43 +08:00
Conor Patrick	b7a4cf001a	run through fixes	2019-08-16 14:04:43 +08:00
Conor Patrick	3927aec06d	dont remove solo.hex bootloader.hex	2019-08-16 14:04:43 +08:00
Conor Patrick	f5794481ae	initial draft	2019-08-16 14:04:43 +08:00
Conor Patrick	caac9d0cc1	add secure build that uses default attestation key	2019-08-16 14:04:43 +08:00