docs: update .all-contributorsrc

docs: update README.md
Merge pull request #259 from solokeys/all-contributors/add-hughsie
2019-08-07 23:14:18 +00:00 · 2019-08-07 23:14:17 +00:00 · 2019-08-08 01:05:29 +02:00 · 2019-08-07 23:05:02 +00:00 · 2019-08-07 23:05:01 +00:00 · 2019-08-08 00:59:52 +02:00
34 changed files with 878 additions and 2153 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@ -0,0 +1,178 @@
+{
+  "files": [
+    "README.md"
+  ],
+  "imageSize": 100,
+  "commit": false,
+  "contributors": [
+    {
+      "login": "szszszsz",
+      "name": "Szczepan Zalega",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/17005426?v=4",
+      "profile": "https://github.com/szszszsz",
+      "contributions": [
+        "code",
+        "doc",
+        "ideas"
+      ]
+    },
+    {
+      "login": "Wesseldr",
+      "name": "Wessel dR",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/4012809?v=4",
+      "profile": "https://github.com/Wesseldr",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "agl",
+      "name": "Adam Langley",
+      "avatar_url": "https://avatars3.githubusercontent.com/u/21203?v=4",
+      "profile": "https://www.imperialviolet.org",
+      "contributions": [
+        "bug",
+        "code"
+      ]
+    },
+    {
+      "login": "merlokk",
+      "name": "Oleg Moiseenko",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/807634?v=4",
+      "profile": "http://www.lotteam.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "aseigler",
+      "name": "Alex Seigler",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/6605560?v=4",
+      "profile": "https://github.com/aseigler",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "dschuermann",
+      "name": "Dominik Schürmann",
+      "avatar_url": "https://avatars3.githubusercontent.com/u/321888?v=4",
+      "profile": "https://www.cotech.de/services/",
+      "contributions": [
+        "bug"
+      ]
+    },
+    {
+      "login": "ehershey",
+      "name": "Ernie Hershey",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/286008?v=4",
+      "profile": "https://github.com/ehershey",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "YakBizzarro",
+      "name": "Andrea Corna",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/767740?v=4",
+      "profile": "https://github.com/YakBizzarro",
+      "contributions": [
+        "infra"
+      ]
+    },
+    {
+      "login": "pjz",
+      "name": "Paul Jimenez",
+      "avatar_url": "https://avatars3.githubusercontent.com/u/11100?v=4",
+      "profile": "https://place.org/~pj/",
+      "contributions": [
+        "infra",
+        "code"
+      ]
+    },
+    {
+      "login": "yparitcher",
+      "name": "yparitcher",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/38916402?v=4",
+      "profile": "https://github.com/yparitcher",
+      "contributions": [
+        "ideas",
+        "maintenance"
+      ]
+    },
+    {
+      "login": "StoyanDimitrov",
+      "name": "StoyanDimitrov",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/10962709?v=4",
+      "profile": "https://github.com/StoyanDimitrov",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "alphathegeek",
+      "name": "alphathegeek",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/51253712?v=4",
+      "profile": "https://github.com/alphathegeek",
+      "contributions": [
+        "ideas"
+      ]
+    },
+    {
+      "login": "rgerganov",
+      "name": "Radoslav Gerganov",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/271616?v=4",
+      "profile": "https://xakcop.com",
+      "contributions": [
+        "ideas",
+        "code"
+      ]
+    },
+    {
+      "login": "manuel-domke",
+      "name": "Manuel Domke",
+      "avatar_url": "https://avatars3.githubusercontent.com/u/10274356?v=4",
+      "profile": "http://13-37.org",
+      "contributions": [
+        "ideas",
+        "code",
+        "business"
+      ]
+    },
+    {
+      "login": "esden",
+      "name": "Piotr Esden-Tempski",
+      "avatar_url": "https://avatars3.githubusercontent.com/u/17334?v=4",
+      "profile": "http://1bitsquared.com",
+      "contributions": [
+        "business"
+      ]
+    },
+    {
+      "login": "m3hm00d",
+      "name": "f.m3hm00d",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/42179593?v=4",
+      "profile": "https://github.com/m3hm00d",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "hughsie",
+      "name": "Richard Hughes",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/151380?v=4",
+      "profile": "http://blogs.gnome.org/hughsie/",
+      "contributions": [
+        "ideas",
+        "code",
+        "infra",
+        "tool"
+      ]
+    }
+  ],
+  "contributorsPerLine": 7,
+  "projectName": "solo",
+  "projectOwner": "solokeys",
+  "repoType": "github",
+  "repoHost": "https://github.com"
+}
--- a/.gitignore
+++ b/.gitignore
@ -83,3 +83,5 @@ targets/*/docs/
 main

 builds/*
+tools/testing/.idea/*
+tools/testing/tests/__pycache__/*
--- a/README.md
+++ b/README.md
@ -1,4 +1,5 @@
 [![License](https://img.shields.io/github/license/solokeys/solo.svg)](https://github.com/solokeys/solo/blob/master/LICENSE)
+[![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors)
 [![Build Status](https://travis-ci.com/solokeys/solo.svg?branch=master)](https://travis-ci.com/solokeys/solo)
 [![Discourse Users](https://img.shields.io/discourse/https/discourse.solokeys.com/users.svg)](https://discourse.solokeys.com)
 [![Keybase Chat](https://img.shields.io/badge/chat-on%20keybase-brightgreen.svg)](https://keybase.io/team/solokeys.public)
@ -94,10 +95,7 @@ Run the Solo application:
 ./main
 ```

-In another shell, you can run client software, for example our tests:
-```bash
-python tools/ctap_test.py sim fido2
-```
+In another shell, you can run our [test suite](https://github.com/solokeys/fido2-tests).

 You can find more details in our [documentation](https://docs.solokeys.io/solo/), including how to build on the the NUCLEO-L432KC development board.

@ -107,14 +105,46 @@ You can find more details in our [documentation](https://docs.solokeys.io/solo/)
 Check out our [official documentation](https://docs.solokeys.io/solo/).


-# Contributors
+# Contributors ✨

 Solo is an upgrade to [U2F Zero](https://github.com/conorpp/u2f-zero). It was born from Conor's passion for making secure hardware, and from our shared belief that security should be open to be trustworthy, in hardware like in software.

-Contributors are welcome. The ultimate goal is to have a FIDO2 security key supporting USB, NFC, and BLE interfaces, that can run on a variety of MCUs.
-
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
+The ultimate goal is to have a FIDO2 security key supporting USB, NFC, and BLE interfaces, that can run on a variety of MCUs.
 Look at the issues to see what is currently being worked on. Feel free to add issues as well.

+Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
+
+<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
+<!-- prettier-ignore -->
+<table>
+  <tr>
+    <td align="center"><a href="https://github.com/szszszsz"><img src="https://avatars0.githubusercontent.com/u/17005426?v=4" width="100px;" alt="Szczepan Zalega"/><br /><sub><b>Szczepan Zalega</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=szszszsz" title="Code">💻</a> <a href="https://github.com/solokeys/solo/commits?author=szszszsz" title="Documentation">📖</a> <a href="#ideas-szszszsz" title="Ideas, Planning, & Feedback">🤔</a></td>
+    <td align="center"><a href="https://github.com/Wesseldr"><img src="https://avatars1.githubusercontent.com/u/4012809?v=4" width="100px;" alt="Wessel dR"/><br /><sub><b>Wessel dR</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=Wesseldr" title="Documentation">📖</a></td>
+    <td align="center"><a href="https://www.imperialviolet.org"><img src="https://avatars3.githubusercontent.com/u/21203?v=4" width="100px;" alt="Adam Langley"/><br /><sub><b>Adam Langley</b></sub></a><br /><a href="https://github.com/solokeys/solo/issues?q=author%3Aagl" title="Bug reports">🐛</a> <a href="https://github.com/solokeys/solo/commits?author=agl" title="Code">💻</a></td>
+    <td align="center"><a href="http://www.lotteam.com"><img src="https://avatars2.githubusercontent.com/u/807634?v=4" width="100px;" alt="Oleg Moiseenko"/><br /><sub><b>Oleg Moiseenko</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=merlokk" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/aseigler"><img src="https://avatars1.githubusercontent.com/u/6605560?v=4" width="100px;" alt="Alex Seigler"/><br /><sub><b>Alex Seigler</b></sub></a><br /><a href="https://github.com/solokeys/solo/issues?q=author%3Aaseigler" title="Bug reports">🐛</a></td>
+    <td align="center"><a href="https://www.cotech.de/services/"><img src="https://avatars3.githubusercontent.com/u/321888?v=4" width="100px;" alt="Dominik Schürmann"/><br /><sub><b>Dominik Schürmann</b></sub></a><br /><a href="https://github.com/solokeys/solo/issues?q=author%3Adschuermann" title="Bug reports">🐛</a></td>
+    <td align="center"><a href="https://github.com/ehershey"><img src="https://avatars0.githubusercontent.com/u/286008?v=4" width="100px;" alt="Ernie Hershey"/><br /><sub><b>Ernie Hershey</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=ehershey" title="Documentation">📖</a></td>
+  </tr>
+  <tr>
+    <td align="center"><a href="https://github.com/YakBizzarro"><img src="https://avatars1.githubusercontent.com/u/767740?v=4" width="100px;" alt="Andrea Corna"/><br /><sub><b>Andrea Corna</b></sub></a><br /><a href="#infra-YakBizzarro" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a></td>
+    <td align="center"><a href="https://place.org/~pj/"><img src="https://avatars3.githubusercontent.com/u/11100?v=4" width="100px;" alt="Paul Jimenez"/><br /><sub><b>Paul Jimenez</b></sub></a><br /><a href="#infra-pjz" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/solokeys/solo/commits?author=pjz" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/yparitcher"><img src="https://avatars0.githubusercontent.com/u/38916402?v=4" width="100px;" alt="yparitcher"/><br /><sub><b>yparitcher</b></sub></a><br /><a href="#ideas-yparitcher" title="Ideas, Planning, & Feedback">🤔</a> <a href="#maintenance-yparitcher" title="Maintenance">🚧</a></td>
+    <td align="center"><a href="https://github.com/StoyanDimitrov"><img src="https://avatars1.githubusercontent.com/u/10962709?v=4" width="100px;" alt="StoyanDimitrov"/><br /><sub><b>StoyanDimitrov</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=StoyanDimitrov" title="Documentation">📖</a></td>
+    <td align="center"><a href="https://github.com/alphathegeek"><img src="https://avatars2.githubusercontent.com/u/51253712?v=4" width="100px;" alt="alphathegeek"/><br /><sub><b>alphathegeek</b></sub></a><br /><a href="#ideas-alphathegeek" title="Ideas, Planning, & Feedback">🤔</a></td>
+    <td align="center"><a href="https://xakcop.com"><img src="https://avatars2.githubusercontent.com/u/271616?v=4" width="100px;" alt="Radoslav Gerganov"/><br /><sub><b>Radoslav Gerganov</b></sub></a><br /><a href="#ideas-rgerganov" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=rgerganov" title="Code">💻</a></td>
+    <td align="center"><a href="http://13-37.org"><img src="https://avatars3.githubusercontent.com/u/10274356?v=4" width="100px;" alt="Manuel Domke"/><br /><sub><b>Manuel Domke</b></sub></a><br /><a href="#ideas-manuel-domke" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=manuel-domke" title="Code">💻</a> <a href="#business-manuel-domke" title="Business development">💼</a></td>
+  </tr>
+  <tr>
+    <td align="center"><a href="http://1bitsquared.com"><img src="https://avatars3.githubusercontent.com/u/17334?v=4" width="100px;" alt="Piotr Esden-Tempski"/><br /><sub><b>Piotr Esden-Tempski</b></sub></a><br /><a href="#business-esden" title="Business development">💼</a></td>
+    <td align="center"><a href="https://github.com/m3hm00d"><img src="https://avatars1.githubusercontent.com/u/42179593?v=4" width="100px;" alt="f.m3hm00d"/><br /><sub><b>f.m3hm00d</b></sub></a><br /><a href="https://github.com/solokeys/solo/commits?author=m3hm00d" title="Documentation">📖</a></td>
+    <td align="center"><a href="http://blogs.gnome.org/hughsie/"><img src="https://avatars0.githubusercontent.com/u/151380?v=4" width="100px;" alt="Richard Hughes"/><br /><sub><b>Richard Hughes</b></sub></a><br /><a href="#ideas-hughsie" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/solokeys/solo/commits?author=hughsie" title="Code">💻</a> <a href="#infra-hughsie" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#tool-hughsie" title="Tools">🔧</a></td>
+  </tr>
+</table>
+
+<!-- ALL-CONTRIBUTORS-LIST:END -->
+

 # License

@ -123,6 +153,8 @@ Solo is fully open source.
 All software, unless otherwise noted, is dual licensed under Apache 2.0 and MIT.
 You may use Solo software under the terms of either the Apache 2.0 license or MIT license.

+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
+
 All hardware, unless otherwise noted, is dual licensed under CERN and CC-BY-SA.
 You may use Solo hardware under the terms of either the CERN 2.1 license or CC-BY-SA 4.0 license.

@ -135,3 +167,4 @@ You may use Solo documentation under the terms of the CC-BY-SA 4.0 license
 # Where To Buy Solo

 You can buy Solo, Solo Tap, and Solo for Hackers at [solokeys.com](https://solokeys.com).
+
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+We fix security issues as soon as they are found, and release firmware updates.  
+Each such release is accompanied by release notes, see <https://github.com/solokeys/solo/releases>.
+
+The latest version can be determined using the file <https://github.com/solokeys/solo/blob/master/STABLE_VERSION>.
+
+To update your key:
+- either visit <https://update.solokeys.com>, or
+- use our commandline tool <https://github.com/solokeys/solo-python>:
+```
+solo key update [--secure|--hacker]
+```
+
+## Reporting a Vulnerability
+
+To report vulnerabilities you have found:
+
+- preferably contact [@conor1](https://keybase.io/conor1), [@0x0ece](https://keybase.io/0x0ece) or [@nickray](https://keybase.io/nickray) via Keybase, or
+- send us e-mail using OpenPGP to [security@solokeys.com](mailto:security@solokeys.com).
+
+<https://keys.openpgp.org/vks/v1/by-fingerprint/85AFA2769F4381E5712C36A04DDFC46FEF1F7F3F>
+
+We do not currently run a paid bug bounty program, but are happy to provide you with a bunch of Solo keys in recognition of your findings.
+
+## Mailing List
+
+Join our release notification mailing list to be informed about each release:
+
+https://sendy.solokeys.com/subscription?f=9MLIqMDmox1Ucz89C892Kq09IqYMM7OB8UrBrkvtTkDI763QF3L5PMYlRhlVNo2AI892mO
--- a/2
+++ b/2
@ -1 +1 @@
-2.2.2
+2.4.2
--- a/docs/solo/building.md
+++ b/docs/solo/building.md
@ -1,22 +1,40 @@
+# Building solo
+
 To build, develop and debug the firmware for the STM32L432.  This will work
 for Solo Hacker, the Nucleo development board, or your own homemade Solo.

 There exists a development board [NUCLEO-L432KC](https://www.st.com/en/evaluation-tools/nucleo-l432kc.html) you can use;  The board does contain a debugger, so all you need is a USB cable (and some [udev](/udev) [rules](https://rust-embedded.github.io/book/intro/install/linux.html#udev-rules)).

-# Prerequisites
+## Prerequisites

 Install the [latest ARM compiler toolchain](https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads) for your system.  We recommend getting the latest compilers from ARM.

 You can also install the ARM toolchain  using a package manager like `apt-get` or `pacman`,
 but be warned they might be out of date.  Typically it will be called `gcc-arm-none-eabi binutils-arm-none-eabi`.

+Install `solo-python` usually with `pip3 install solo-python`. The `solo` python application may also be used for [programming](#programming).
+
 To program your build, you'll need one of the following programs.

- [openocd](http://openocd.org)
- [stlink](https://github.com/texane/stlink)
- [STM32CubeProg](https://www.st.com/en/development-tools/stm32cubeprog.html)
+-   [openocd](http://openocd.org)
+-   [stlink](https://github.com/texane/stlink)
+-   [STM32CubeProg](https://www.st.com/en/development-tools/stm32cubeprog.html)

-# Compilation
+## Obtain source code and solo tool
+
+Source code can be downloaded from:
+
+-   [github releases list](https://github.com/solokeys/solo/releases)
+-   [github repository](https://github.com/solokeys/solo)
+
+**solo** tool can be downloaded from:
+
+-   from python programs [repository](https://pypi.org/project/solo-python/) `pip install solo-python`
+-   from installing prerequisites `pip3 install -r tools/requirements.txt`
+-   github repository: [repository](https://github.com/solokeys/solo-python)
+-   installation python enviroment witn command `make venv` from root directory of source code
+
+## Compilation

 Enter the `stm32l4xx` target directory.

@ -80,8 +98,7 @@ make build-release-locked

 Programming `all.hex` will cause the device to permanently lock itself.

-
-# Programming
+## Programming

 It's recommended to test a debug/hacker build first to make sure Solo is working as expected.
 Then you can switch to a locked down build, which cannot be reprogrammed as easily (or not at all!).
@ -95,7 +112,7 @@ pip3 install -r tools/requirements.txt

 If you're on Windows, you must also install [libusb](https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/1.2.6.0/).

-## Pre-programmed Solo Hacker
+### Pre-programmed Solo Hacker

 If your Solo device is already programmed (it flashes green when powered), we recommend
 programming it using the Solo bootloader.
@ -118,7 +135,7 @@ If something bad happens, you can always boot the Solo bootloader by doing the f
 If you hold the button for an additional 5 seconds, it will boot to the ST DFU (device firmware update).
 Don't use the ST DFU unless you know what you're doing.

-## ST USB DFU
+### ST USB DFU

 If your Solo has never been programmed, it will boot the ST USB DFU.  The LED is turned
 off and it enumerates as "STM BOOTLOADER".
@ -136,7 +153,7 @@ Make sure to program `all.hex`, as this contains both the bootloader and the Sol

 If all goes well, you should see a slow-flashing green light.

-##  Solo Hacker vs Solo
+### Solo Hacker vs Solo

 A Solo hacker device doesn't need to be in bootloader mode to be programmed, it will automatically switch.

@ -144,7 +161,7 @@ Solo (locked) needs the button to be held down when plugged in to boot to the bo

 A locked Solo will only accept signed updates.

-## Signed updates
+### Signed updates

 If this is not a device with a hacker build, you can only program signed updates.

@ -162,7 +179,7 @@ solo sign /path/to/signing-key.pem /path/to/solo.hex /output-path/to/firmware.js
 If your Solo isn't locked, you can always reprogram it using a debugger connected directly
 to the token.

-# Permanently locking the device
+## Permanently locking the device

 If you plan to be using your Solo for real, you should lock it permanently.  This prevents
 someone from connecting a debugger to your token and stealing credentials.
--- a/docs/solo/images/conforms.PNG
+++ b/docs/solo/images/conforms.PNG
--- a/docs/solo/images/solo_conforms.PNG
+++ b/docs/solo/images/solo_conforms.PNG
--- a/docs/solo/nucleo32-board.md
+++ b/docs/solo/nucleo32-board.md
@ -0,0 +1,251 @@
+# Nucleo32 board preparation
+
+Additional steps are required to run the firmware on the Nucleo32 board.
+
+## USB-A cable
+
+Board does not provide an USB cable / socket for the target MCU communication.
+Own provided USB plug has to be connected in the following way:
+
+| PIN / Arduino PIN | MCU leg | USB wire color | Signal |
+| ----------------- | ------- | -------------- | ------ |
+| D10 / PA11        | 21      | white          | D-     |
+| D2 / PA12         | 22      | green          | D+     |
+| GND (near D2)     | ------- | black          | GND    |
+| **not connected** | ------- | red            | 5V     |
+
+Each USB plug pin should be connected via the wire in a color defined by the standard. It might be confirmed with a
+multimeter for additional safety. USB plug description:
+
+| PIN | USB wire color | Signal |
+| --- | -------------- | ------ |
+| 4   | black          | GND    |
+| 3   | green          | D+     |
+| 2   | white          | D-     |
+| 1   | red            | 5V     |
+
+See this [USB plug] image, and Wikipedia's [USB plug description].
+
+Plug in [USB-A_schematic.pdf] has wrong wire order, registered as [solo-hw#1].
+
+The power is taken from the debugger / board (unless the board is configured in another way).
+Make sure 5V is not connected, and is covered from contacting with the board elements.
+
+Based on [USB-A_schematic.pdf].
+
+## Firmware modification
+
+Following patch has to be applied to skip the user presence confirmation, for tests. Might be applied at a later stage.
+
+```text
+diff --git a/targets/stm32l432/src/app.h b/targets/stm32l432/src/app.h
+index c14a7ed..c89c3b5 100644
+--- a/targets/stm32l432/src/app.h
+++ b/targets/stm32l432/src/app.h
+@@ -71,6 +71,6 @@ void hw_init(void);
+ #define SOLO_BUTTON_PIN         LL_GPIO_PIN_0
+
+ #define SKIP_BUTTON_CHECK_WITH_DELAY        0
+-#define SKIP_BUTTON_CHECK_FAST              0
+#define SKIP_BUTTON_CHECK_FAST              1
+
+ #endif
+```
+
+It is possible to provide a button and connect it to the MCU pins, as instructed in [USB-A_schematic.pdf]&#x3A;
+
+```text
+PA0 / pin 6 --> button --> GND
+```
+
+In that case the mentioned patch would not be required.
+
+## Development environment setup
+
+Environment: Fedora 29 x64, Linux 4.19.9
+
+See <https://docs.solokeys.io/solo/building/> for the original guide. Here details not included there will be covered.
+
+### Install ARM tools
+
+1.  Download current [ARM tools] package: [gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2].
+
+2.  Extract the archive.
+
+3.  Add full path to the `./bin` directory as first entry to the `$PATH` variable,
+    as in `~/gcc-arm/gcc-arm-none-eabi-8-2018-q4-major/bin/:$PATH`.
+
+### Install flashing software
+
+ST provides a CLI flashing tool - `STM32_Programmer_CLI`. It can be downloaded directly from the vendor's site:
+1\. Go to [download site URL](https://www.st.com/content/st_com/en/products/development-tools/software-development-tools/stm32-software-development-tools/stm32-programmers/stm32cubeprog.html),
+go to bottom page and from STM32CubeProg row select Download button.
+2\. Unzip contents of the archive.
+3\. Run \*Linux setup
+4\. In installation directory go to ./bin - there the ./STM32_Programmer_CLI is located
+5\. Add symlink to the STM32 CLI binary to .local/bin. Make sure the latter it is in $PATH.
+
+If you're on OsX and installed the STM32CubeProg, you need to add the following to your path:
+
+```bash
+# ~/.bash_profile
+export PATH="/Applications/STMicroelectronics/STM32Cube/STM32CubeProgrammer/STM32CubeProgrammer.app/Contents/MacOs/bin/":$PATH
+```
+
+## Building and flashing
+
+### Building
+
+Please follow <https://docs.solokeys.io/solo/building/>, as the build way changes rapidly.
+Currently (8.1.19) to build the firmware, following lines should be executed
+
+```bash
+# while in the main project directory
+cd targets/stm32l432
+make cbor
+make build-hacker DEBUG=1
+```
+
+Note: `DEBUG=2` stops the device initialization, until a serial client will be attached to its virtual port.
+Do not use it, if you do not plan to do so.
+
+### Flashing via the Makefile command
+
+```bash
+# while in the main project directory
+# create Python virtual environment with required packages, and activate
+make env3
+. env3/bin/activate
+# Run flashing
+cd ./targets/stm32l432
+make flash
+ # which runs:
+ # flash: solo.hex bootloader.hex
+ #	python merge_hex.py solo.hex bootloader.hex all.hex (intelhex library required)
+ #	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
+ #	STM32_Programmer_CLI -c port=SWD -halt  -d all.hex -rst
+```
+
+### Manual flashing
+
+In case you already have a firmware to flash (named `all.hex`), please run the following:
+
+```bash
+STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
+STM32_Programmer_CLI -c port=SWD -halt  -d all.hex -rst
+```
+
+## Testing
+
+### Internal
+
+Project-provided tests.
+
+#### Simulated device
+
+A simulated device is provided to test the HID layer.
+
+##### Build
+
+```bash
+make clean
+cd tinycbor
+make
+cd ..
+make env2
+```
+
+##### Execution
+
+```bash
+# run simulated device (will create a network UDP server)
+./main
+# run test 1
+./env2/bin/python tools/ctap_test.py
+# run test 2 (or other files in the examples directory)
+./env2/bin/python python-fido2/examples/credential.py
+```
+
+#### Real device
+
+```bash
+# while in the main project directory
+# not passing as of 8.1.19, due to test solution issues
+make fido2-test
+```
+
+### External
+
+#### FIDO2 test sites
+
+1.  <https://webauthn.bin.coffee/>
+2.  <https://github.com/apowers313/fido2-server-demo/>
+3.  <https://webauthn.org/>
+
+#### U2F test sites
+
+1.  <https://u2f.bin.coffee/>
+2.  <https://demo.yubico.com/u2f>
+
+#### FIDO2 standalone clients
+
+1.  <https://github.com/Nitrokey/u2f-ref-code>
+2.  <https://github.com/Yubico/libfido2>
+3.  <https://github.com/Yubico/python-fido2>
+4.  <https://github.com/google/pyu2f>
+
+## USB serial console reading
+
+Device opens an USB-emulated serial port to output its messages. While Nucleo board offers such already,
+the Solo device provides its own.
+
+-   Provided Python tool
+
+```bash
+python3 ../../tools/solotool.py monitor /dev/solokey-serial
+```
+
+-   External application
+
+```bash
+sudo picocom -b 115200 /dev/solokey-serial
+```
+
+where `/dev/solokey-serial` is an udev symlink to `/dev/ttyACM1`.
+
+## Other
+
+### Dumping firmware
+
+Size is calculated using bash arithmetic.
+
+```bash
+STM32_Programmer_CLI -c port=SWD -halt  -u 0x0 $((256*1024)) current.hex
+```
+
+### Software reset
+
+```bash
+STM32_Programmer_CLI -c port=SWD  -rst
+```
+
+### Installing required Python packages
+
+Client script requires some Python packages, which could be easily installed locally to the project
+via the Makefile command. It is sufficient to run:
+
+```bash
+make env3
+```
+
+[solo-hw#1]: https://github.com/solokeys/solo-hw/issues/1
+
+[usb plug]: https://upload.wikimedia.org/wikipedia/commons/thumb/6/67/USB.svg/1200px-USB.svg.png
+
+[usb plug description]: https://en.wikipedia.org/wiki/USB#Receptacle_(socket)_identification
+
+[usb-a_schematic.pdf]: https://github.com/solokeys/solo-hw/releases/download/1.2/USB-A_schematic.pdf
+
+[arm tools]: https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads
+
+[gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2]: https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2?revision=d830f9dd-cd4f-406d-8672-cca9210dd220?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,8-2018-q4-major
--- a/fido2/apdu.c
+++ b/fido2/apdu.c
@ -0,0 +1,122 @@
+// Copyright 2019 SoloKeys Developers
+//
+// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
+// http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
+// http://opensource.org/licenses/MIT>, at your option. This file may not be
+// copied, modified, or distributed except according to those terms.
+
+// iso7816:2013. 5.3.2 Decoding conventions for command bodies
+
+#include "apdu.h"
+
+int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu) 
+{
+    EXT_APDU_HEADER *hapdu = (EXT_APDU_HEADER *)data;
+    
+    apdu->cla = hapdu->cla;
+    apdu->ins = hapdu->ins;
+    apdu->p1 = hapdu->p1;
+    apdu->p2 = hapdu->p2;
+    
+    apdu->lc = 0;
+    apdu->data = NULL;
+    apdu->le = 0;
+    apdu->extended_apdu = false;
+    apdu->case_type = 0x00;
+    
+    uint8_t b0 = hapdu->lc[0];
+    
+    // case 1
+    if (len == 4)
+    {
+        apdu->case_type = 0x01;
+    }
+    
+     // case 2S (Le)
+    if (len == 5)
+    {
+        apdu->case_type = 0x02;
+        apdu->le = b0;
+        if (!apdu->le)
+            apdu->le = 0x100;
+    }
+   
+    // case 3S (Lc + data)
+    if (len == 5U + b0 && b0 != 0)
+    {
+        apdu->case_type = 0x03;
+        apdu->lc = b0;
+    }
+    
+    // case 4S (Lc + data + Le)
+    if (len == 5U + b0 + 1U && b0 != 0)
+    {
+        apdu->case_type = 0x04;
+        apdu->lc = b0;
+        apdu->le = data[len - 1];
+        if (!apdu->le)
+            apdu->le = 0x100;
+    }
+    
+    // extended length apdu
+    if (len >= 7 && b0 == 0)
+    {
+        uint16_t extlen = (hapdu->lc[1] << 8) + hapdu->lc[2];
+        
+         // case 2E (Le) - extended
+        if (len == 7)
+        {
+            apdu->case_type = 0x12;
+            apdu->extended_apdu = true;
+            apdu->le = extlen;
+            if (!apdu->le)
+                apdu->le = 0x10000;
+        }
+        
+       // case 3E (Lc + data) - extended
+       if (len == 7U + extlen)
+        {
+            apdu->case_type = 0x13;
+            apdu->extended_apdu = true;
+            apdu->lc = extlen;
+        }
+
+       // case 4E (Lc + data + Le) - extended 2-byte Le
+       if (len == 7U + extlen + 2U)
+        {
+            apdu->case_type = 0x14;
+            apdu->extended_apdu = true;
+            apdu->lc = extlen;
+            apdu->le = (data[len - 2] << 8) + data[len - 1];
+        if (!apdu->le)
+            apdu->le = 0x10000;
+        }
+
+       // case 4E (Lc + data + Le) - extended 3-byte Le
+       if (len == 7U + extlen + 3U && data[len - 3] == 0)
+        {
+            apdu->case_type = 0x24;
+            apdu->extended_apdu = true;
+            apdu->lc = extlen;
+            apdu->le = (data[len - 2] << 8) + data[len - 1];
+        if (!apdu->le)
+            apdu->le = 0x10000;
+        }
+    }
+    
+    if (!apdu->case_type)
+        return 1;
+    
+    if (apdu->lc)
+    {
+        if (apdu->extended_apdu)
+        {
+            apdu->data = data + 7;
+        } else {
+            apdu->data = data + 5;
+        }
+        
+    }   
+    
+    return 0;
+}
--- a/fido2/apdu.h
+++ b/fido2/apdu.h
@ -2,6 +2,8 @@
 #define _APDU_H_

 #include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>

 typedef struct
 {
@ -12,6 +14,30 @@ typedef struct
    uint8_t lc;
 } __attribute__((packed)) APDU_HEADER;

+typedef struct
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint8_t lc[3];
+} __attribute__((packed)) EXT_APDU_HEADER;
+
+typedef struct
+{
+    uint8_t cla;
+    uint8_t ins;
+    uint8_t p1;
+    uint8_t p2;
+    uint16_t lc;
+    uint8_t *data;
+    uint32_t le;
+    bool extended_apdu;
+    uint8_t case_type;
+} __attribute__((packed)) APDU_STRUCT;
+
+extern int apdu_decode(uint8_t *data, size_t len, APDU_STRUCT *apdu);
+
 #define APDU_FIDO_U2F_REGISTER        0x01
 #define APDU_FIDO_U2F_AUTHENTICATE    0x02
 #define APDU_FIDO_U2F_VERSION         0x03
@ -25,6 +51,7 @@ typedef struct
 #define SW_COND_USE_NOT_SATISFIED     0x6985
 #define SW_FILE_NOT_FOUND             0x6a82
 #define SW_INS_INVALID                0x6d00  // Instruction code not supported or invalid
+#define SW_CLA_INVALID                0x6e00  
 #define SW_INTERNAL_EXCEPTION         0x6f00

 #endif //_APDU_H_
--- a/fido2/crypto.h
+++ b/fido2/crypto.h
@ -38,6 +38,7 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui
 void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey);
 void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret);

+#define CRYPTO_TRANSPORT_KEY2            ((uint8_t*)2)
 #define CRYPTO_TRANSPORT_KEY            ((uint8_t*)1)
 #define CRYPTO_MASTER_KEY               ((uint8_t*)0)

--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@ -355,9 +355,9 @@ static int ctap_make_extensions(CTAP_extensions * ext, uint8_t * ext_encoder_buf
        }

        // Generate credRandom
-        crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY, 0, credRandom);
+        crypto_sha256_hmac_init(CRYPTO_TRANSPORT_KEY2, 0, credRandom);
        crypto_sha256_update((uint8_t*)&ext->hmac_secret.credential->id, sizeof(CredentialId));
-        crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY, 0, credRandom);
+        crypto_sha256_hmac_final(CRYPTO_TRANSPORT_KEY2, 0, credRandom);

        // Decrypt saltEnc
        crypto_aes256_init(shared_secret, NULL);
@ -432,6 +432,12 @@ static unsigned int get_credential_id_size(CTAP_credentialDescriptor * cred)
    return sizeof(CredentialId);
 }

+static int ctap2_user_presence_test()
+{
+    device_set_status(CTAPHID_STATUS_UPNEEDED);
+    return ctap_user_presence_test(CTAP2_UP_DELAY_MS);
+}
+
 static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * auth_data_buf, uint32_t * len, CTAP_credInfo * credInfo)
 {
    CborEncoder cose_key;
@ -459,11 +465,9 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au

    count = auth_data_update_count(&authData->head);

-    device_set_status(CTAPHID_STATUS_UPNEEDED);
-
    int but;

-    but = ctap_user_presence_test(CTAP2_UP_DELAY_MS);
+    but = ctap2_user_presence_test(CTAP2_UP_DELAY_MS);

    if (!but)
    {
@ -473,6 +477,7 @@ static int ctap_make_auth_data(struct rpId * rp, CborEncoder * map, uint8_t * au
    {
        return CTAP2_ERR_KEEPALIVE_CANCEL;
    }
+    
    device_set_status(CTAPHID_STATUS_PROCESSING);

    authData->head.flags = (but << 0);
@ -605,7 +610,6 @@ int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHa
    crypto_sha256_final(hashbuf);

    crypto_ecc256_sign(hashbuf, 32, sigbuf);
-
    return ctap_encode_der_sig(sigbuf,sigder);
 }

@ -701,11 +705,11 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
    }
    if (MC.pinAuthEmpty)
    {
-        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+        if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
        {
                return CTAP2_ERR_OPERATION_DENIED;
        }
-        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
+        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
    }
    if ((MC.paramsParsed & MC_requiredMask) != MC_requiredMask)
    {
@ -1056,7 +1060,7 @@ uint8_t ctap_end_get_assertion(CborEncoder * map, CTAP_credentialDescriptor * cr
    else
 #endif
    {
-        sigder_sz = ctap_calculate_signature(auth_data_buf, sizeof(CTAP_authDataHeader), clientDataHash, auth_data_buf, sigbuf, sigder);
+        sigder_sz = ctap_calculate_signature(auth_data_buf, auth_data_buf_sz, clientDataHash, auth_data_buf, sigbuf, sigder);
    }

    {
@ -1137,11 +1141,11 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)

    if (GA.pinAuthEmpty)
    {
-        if (!ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+        if (!ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
        {
                return CTAP2_ERR_OPERATION_DENIED;
        }
-        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_INVALID : CTAP2_ERR_PIN_NOT_SET;
+        return ctap_is_pin_set() == 1 ? CTAP2_ERR_PIN_AUTH_INVALID : CTAP2_ERR_PIN_NOT_SET;
    }
    if (GA.pinAuthPresent)
    {
@ -1604,7 +1608,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
    switch(cmd)
    {
        case CTAP_MAKE_CREDENTIAL:
-            device_set_status(CTAPHID_STATUS_PROCESSING);
            printf1(TAG_CTAP,"CTAP_MAKE_CREDENTIAL\n");
            timestamp();
            status = ctap_make_credential(&encoder, pkt_raw, length);
@ -1615,7 +1618,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)

            break;
        case CTAP_GET_ASSERTION:
-            device_set_status(CTAPHID_STATUS_PROCESSING);
            printf1(TAG_CTAP,"CTAP_GET_ASSERTION\n");
            timestamp();
            status = ctap_get_assertion(&encoder, pkt_raw, length);
@ -1647,7 +1649,7 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
            break;
        case CTAP_RESET:
            printf1(TAG_CTAP,"CTAP_RESET\n");
-            if (ctap_user_presence_test(CTAP2_UP_DELAY_MS))
+            if (ctap2_user_presence_test(CTAP2_UP_DELAY_MS))
            {
                ctap_reset();
            }
@ -1987,5 +1989,5 @@ void ctap_reset()
    memset(PIN_CODE_HASH,0,sizeof(PIN_CODE_HASH));
    ctap_reset_key_agreement();

-    crypto_reset_master_secret();
+    crypto_load_master_secret(STATE.key_space);
 }
--- a/fido2/ctap_parse.c
+++ b/fido2/ctap_parse.c
@ -929,7 +929,15 @@ uint8_t parse_credential_descriptor(CborValue * arr, CTAP_credentialDescriptor *

    buflen = sizeof(type);
    ret = cbor_value_copy_text_string(&val, type, &buflen, NULL);
-    check_ret(ret);
+    if (ret == CborErrorOutOfMemory)
+    {
+        cred->type = PUB_KEY_CRED_UNKNOWN;
+    }
+    else
+    {
+        check_ret(ret);
+    }
+

    if (strncmp(type, "public-key",11) == 0)
    {
--- a/fido2/device.h
+++ b/fido2/device.h
@ -105,6 +105,8 @@ void device_set_clock_rate(DEVICE_CLOCK_RATE param);
 #define NFC_IS_AVAILABLE 2
 int device_is_nfc();

+void request_from_nfc(bool request_active);
+
 void device_init_button();

 #endif
--- a/fido2/u2f.c
+++ b/fido2/u2f.c
@ -113,14 +113,14 @@ end:
    printf1(TAG_U2F,"u2f resp: "); dump_hex1(TAG_U2F, _u2f_resp->data, _u2f_resp->length);
 }

-void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp)
+void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONSE * resp)
 {
-	if (len < 5 || !req)
+	if (!header)
 		return;

-    uint32_t alen = req[4];
-
-	u2f_request_ex((APDU_HEADER *)req, &req[5], alen, resp);
+    request_from_nfc(true);  // disable presence test
+	u2f_request_ex((APDU_HEADER *)header, data, datalen, resp);
+    request_from_nfc(false); // enable presence test
 }

 void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp)
--- a/fido2/u2f.h
+++ b/fido2/u2f.h
@ -101,7 +101,7 @@ void u2f_request(struct u2f_request_apdu* req, CTAP_RESPONSE * resp);
 // u2f_request send a U2F message to NFC protocol
 // @req data with iso7816 apdu message
 // @len data length
-void u2f_request_nfc(uint8_t * req, int len, CTAP_RESPONSE * resp);
+void u2f_request_nfc(uint8_t * header, uint8_t * data, int datalen, CTAP_RESPONSE * resp);

 int8_t u2f_authenticate_credential(struct u2f_key_handle * kh, uint8_t * appid);

--- a/metadata/Solo-FIDO2-CTAP2-Authenticator.json
+++ b/metadata/Solo-FIDO2-CTAP2-Authenticator.json
@ -20,6 +20,9 @@
    ],
    "userVerificationDetails": [
        [
+            {
+                "userVerification": 1
+            },
            {
                "userVerification": 4
            }
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -11,6 +11,7 @@ nav:
    - FIDO2 Implementation: solo/fido2-impl.md
    - Metadata Statements: solo/metadata-statements.md
    - Build instructions: solo/building.md
+    - Running on Nucleo32 board: solo/nucleo32-board.md
    - Signed update process: solo/signed-updates.md
    - Code documentation: solo/code-overview.md
    - Contributing Code: solo/contributing.md
--- a/targets/stm32l432/build/application.mk
+++ b/targets/stm32l432/build/application.mk
@ -7,7 +7,7 @@ SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
 SRC += $(DRIVER_LIBS) $(USB_LIB)

 # FIDO2 lib
-SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
+SRC += ../../fido2/apdu.c ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
 SRC += ../../fido2/stubs.c ../../fido2/log.c  ../../fido2/ctaphid.c  ../../fido2/ctap.c
 SRC += ../../fido2/ctap_parse.c ../../fido2/main.c
 SRC += ../../fido2/extensions/extensions.c ../../fido2/extensions/solo.c
--- a/targets/stm32l432/lib/usbd/usbd_hid.c
+++ b/targets/stm32l432/lib/usbd/usbd_hid.c
@ -342,6 +342,7 @@ static uint8_t  USBD_HID_Setup (USBD_HandleTypeDef *pdev,
  uint8_t *pbuf = NULL;
  uint16_t status_info = 0U;
  USBD_StatusTypeDef ret = USBD_OK;
+  req->wLength = req->wLength & 0x7f;

  switch (req->bmRequest & USB_REQ_TYPE_MASK)
  {
@ -386,6 +387,7 @@ static uint8_t  USBD_HID_Setup (USBD_HandleTypeDef *pdev,
      break;

    case USB_REQ_GET_DESCRIPTOR:
+      req->wLength = req->wLength & 0x7f;
      if(req->wValue >> 8 == HID_REPORT_DESC)
      {
        len = MIN(HID_FIDO_REPORT_DESC_SIZE , req->wLength);
--- a/targets/stm32l432/src/app.h
+++ b/targets/stm32l432/src/app.h
@ -31,7 +31,7 @@
 // #define DISABLE_CTAPHID_WINK
 // #define DISABLE_CTAPHID_CBOR

-#define ENABLE_SERIAL_PRINTING
+// #define ENABLE_SERIAL_PRINTING

 #if defined(SOLO_HACKER)
 #define SOLO_PRODUCT_NAME "Solo Hacker " SOLO_VERSION
--- a/targets/stm32l432/src/crypto.c
+++ b/targets/stm32l432/src/crypto.c
@ -157,6 +157,11 @@ void crypto_sha256_hmac_final(uint8_t * key, uint32_t klen, uint8_t * hmac)
        key = master_secret;
        klen = sizeof(master_secret)/2;
    }
+    else if (key == CRYPTO_TRANSPORT_KEY2)
+    {
+        key = transport_secret;
+        klen = 32;
+    }


    if(klen > 64)
--- a/targets/stm32l432/src/device.c
+++ b/targets/stm32l432/src/device.c
@ -43,6 +43,7 @@ uint32_t __last_update = 0;
 extern PCD_HandleTypeDef hpcd;
 static int _NFC_status = 0;
 static bool isLowFreq = 0;
+static bool _RequestComeFromNFC = false;

 // #define IS_BUTTON_PRESSED()         (0  == (LL_GPIO_ReadInputPort(SOLO_BUTTON_PORT) & SOLO_BUTTON_PIN))
 static int is_physical_button_pressed()
@ -57,6 +58,10 @@ static int is_touch_button_pressed()

 int (*IS_BUTTON_PRESSED)() = is_physical_button_pressed;

+void request_from_nfc(bool request_active) {
+    _RequestComeFromNFC = request_active;
+}
+
 // Timer6 overflow handler.  happens every ~90ms.
 void TIM6_DAC_IRQHandler()
 {
@ -491,7 +496,7 @@ static int handle_packets()
 int ctap_user_presence_test(uint32_t up_delay)
 {
    int ret;
-    if (device_is_nfc() == NFC_IS_ACTIVE)
+    if (device_is_nfc() == NFC_IS_ACTIVE || _RequestComeFromNFC)
    {
        return 1;
    }
--- a/targets/stm32l432/src/nfc.c
+++ b/targets/stm32l432/src/nfc.c
@ -14,6 +14,16 @@

 #define IS_IRQ_ACTIVE()         (1  == (LL_GPIO_ReadInputPort(SOLO_AMS_IRQ_PORT) & SOLO_AMS_IRQ_PIN))

+uint8_t p14443_block_offset(uint8_t pcb) {
+    uint8_t offset = 1;
+    // NAD following
+    if (pcb & 0x04) offset++;
+    // CID following
+    if (pcb & 0x08) offset++;
+    
+    return offset;
+}
+
 // Capability container
 const CAPABILITY_CONTAINER NFC_CC = {
    .cclen_hi = 0x00, .cclen_lo = 0x0f,
@ -112,6 +122,7 @@ bool ams_receive_with_timeout(uint32_t timeout_ms, uint8_t * data, int maxlen, i
 	while (tstart + timeout_ms > millis())
 	{
 		uint8_t int0 = ams_read_reg(AMS_REG_INT0);
+		if (int0) process_int0(int0);
 		uint8_t buffer_status2 = ams_read_reg(AMS_REG_BUF2);

        if (buffer_status2 && (int0 & AMS_INT_RXE))
@ -161,14 +172,18 @@ bool nfc_write_response_ex(uint8_t req0, uint8_t * data, uint8_t len, uint16_t r
 	if (len > 32 - 3)
 		return false;

-	res[0] = NFC_CMD_IBLOCK | (req0 & 3);
+	res[0] = NFC_CMD_IBLOCK | (req0 & 0x0f);
+    res[1] = 0;
+    res[2] = 0;
+
+    uint8_t block_offset = p14443_block_offset(req0);

 	if (len && data)
-		memcpy(&res[1], data, len);
+		memcpy(&res[block_offset], data, len);

-	res[len + 1] = resp >> 8;
-	res[len + 2] = resp & 0xff;
-	nfc_write_frame(res, 3 + len);
+	res[len + block_offset + 0] = resp >> 8;
+	res[len + block_offset + 1] = resp & 0xff;
+	nfc_write_frame(res, block_offset + len + 2);

 	return true;
 }
@ -182,21 +197,24 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len)
 {
    uint8_t res[32 + 2];
 	int sendlen = 0;
-	uint8_t iBlock = NFC_CMD_IBLOCK | (req0 & 3);
+	uint8_t iBlock = NFC_CMD_IBLOCK | (req0 & 0x0f);
+    uint8_t block_offset = p14443_block_offset(req0);

 	if (len <= 31)
 	{
 		uint8_t res[32] = {0};
-		res[0] = iBlock;
+        res[0] = iBlock;
 		if (len && data)
-			memcpy(&res[1], data, len);
-		nfc_write_frame(res, len + 1);
+			memcpy(&res[block_offset], data, len);
+		nfc_write_frame(res, len + block_offset);
 	} else {
 		do {
 			// transmit I block
-			int vlen = MIN(31, len - sendlen);
-			res[0] = iBlock;
-			memcpy(&res[1], &data[sendlen], vlen);
+			int vlen = MIN(32 - block_offset, len - sendlen);
+            res[0] = iBlock;
+            res[1] = 0;
+            res[2] = 0;
+			memcpy(&res[block_offset], &data[sendlen], vlen);

 			// if not a last block
 			if (vlen + sendlen < len)
@ -205,7 +223,7 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len)
 			}

 			// send data
-			nfc_write_frame(res, vlen + 1);
+			nfc_write_frame(res, vlen + block_offset);
 			sendlen += vlen;

 			// wait for transmit (32 bytes aprox 2,5ms)
@ -226,9 +244,10 @@ void nfc_write_response_chaining(uint8_t req0, uint8_t * data, int len)
 					break;
 				}

-				if (reclen != 1)
+                uint8_t rblock_offset = p14443_block_offset(recbuf[0]);
+				if (reclen != rblock_offset)
 				{
-					printf1(TAG_NFC, "R block length error. len: %d. %d/%d \r\n", reclen,sendlen,len);
+					printf1(TAG_NFC, "R block length error. len: %d. %d/%d \r\n", reclen, sendlen, len);
                    dump_hex1(TAG_NFC, recbuf, reclen);
 					break;
 				}
@ -371,39 +390,72 @@ int answer_rats(uint8_t parameter)


    nfc_write_frame(res, sizeof(res));
-	ams_wait_for_tx(10);
+	if (!ams_wait_for_tx(10))
+	{
+		printf1(TAG_NFC, "RATS TX timeout.\r\n");
+		ams_write_command(AMS_CMD_DEFAULT);
+		return 1;
+	}


    return 0;
 }

-void rblock_acknowledge()
+void rblock_acknowledge(uint8_t req0, bool ack)
 {
-    uint8_t buf[32];
+    uint8_t buf[32] = {0};
+
+    uint8_t block_offset = p14443_block_offset(req0);
    NFC_STATE.block_num = !NFC_STATE.block_num;
-    buf[0] = NFC_CMD_RBLOCK | NFC_STATE.block_num;
-    nfc_write_frame(buf,1);
+
+    buf[0] = NFC_CMD_RBLOCK | (req0 & 0x0f);
+    if (ack)
+        buf[0] |= NFC_CMD_RBLOCK_ACK;
+
+    nfc_write_frame(buf, block_offset);
+}
+
+// international AID = RID:PIX
+// RID length == 5 bytes
+// usually aid length must be between 5 and 16 bytes
+int applet_cmp(uint8_t * aid, int len, uint8_t * const_aid, int const_len)
+{
+    if (len > const_len)
+        return 10;
+    
+    // if international AID
+    if ((const_aid[0] & 0xf0) == 0xa0)
+    {
+        if (len < 5)
+            return 11;
+        return memcmp(aid, const_aid, MIN(len, const_len));
+    } else {
+        if (len != const_len)
+            return 11;
+        
+        return memcmp(aid, const_aid, const_len);
+    }
 }

 // Selects application.  Returns 1 if success, 0 otherwise
 int select_applet(uint8_t * aid, int len)
 {
-    if (memcmp(aid,AID_FIDO,sizeof(AID_FIDO)) == 0)
+    if (applet_cmp(aid, len, (uint8_t *)AID_FIDO, sizeof(AID_FIDO) - 1) == 0)
    {
        NFC_STATE.selected_applet = APP_FIDO;
        return APP_FIDO;
    }
-    else if (memcmp(aid,AID_NDEF_TYPE_4,sizeof(AID_NDEF_TYPE_4)) == 0)
+    else if (applet_cmp(aid, len, (uint8_t *)AID_NDEF_TYPE_4, sizeof(AID_NDEF_TYPE_4) - 1) == 0)
    {
        NFC_STATE.selected_applet = APP_NDEF_TYPE_4;
        return APP_NDEF_TYPE_4;
    }
-    else if (memcmp(aid,AID_CAPABILITY_CONTAINER,sizeof(AID_CAPABILITY_CONTAINER)) == 0)
+    else if (applet_cmp(aid, len, (uint8_t *)AID_CAPABILITY_CONTAINER, sizeof(AID_CAPABILITY_CONTAINER) - 1) == 0)
    {
        NFC_STATE.selected_applet = APP_CAPABILITY_CONTAINER;
        return APP_CAPABILITY_CONTAINER;
    }
-    else if (memcmp(aid,AID_NDEF_TAG,sizeof(AID_NDEF_TAG)) == 0)
+    else if (applet_cmp(aid, len, (uint8_t *)AID_NDEF_TAG, sizeof(AID_NDEF_TAG) - 1) == 0)
    {
        NFC_STATE.selected_applet = APP_NDEF_TAG;
        return APP_NDEF_TAG;
@ -413,25 +465,36 @@ int select_applet(uint8_t * aid, int len)

 void nfc_process_iblock(uint8_t * buf, int len)
 {
-    APDU_HEADER * apdu = (APDU_HEADER *)(buf + 1);
-    uint8_t * payload = buf + 1 + 5;
-    uint8_t plen = apdu->lc;
    int selected;
    CTAP_RESPONSE ctap_resp;
    int status;
-
+    uint16_t reslen;
+    
    printf1(TAG_NFC,"Iblock: ");
 	dump_hex1(TAG_NFC, buf, len);

+    uint8_t block_offset = p14443_block_offset(buf[0]);
+
+    APDU_STRUCT apdu;
+    if (apdu_decode(buf + block_offset, len - block_offset, &apdu)) {
+        printf1(TAG_NFC,"apdu decode error\r\n");
+        nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED);
+        return;
+    }
+    printf1(TAG_NFC,"apdu ok. %scase=%02x cla=%02x ins=%02x p1=%02x p2=%02x lc=%d le=%d\r\n", 
+        apdu.extended_apdu ? "[e]":"", apdu.case_type, apdu.cla, apdu.ins, apdu.p1, apdu.p2, apdu.lc, apdu.le);
+
+    // check CLA
+    if (apdu.cla != 0x00 && apdu.cla != 0x80) {
+        printf1(TAG_NFC, "Unknown CLA %02x\r\n", apdu.cla);
+        nfc_write_response(buf[0], SW_CLA_INVALID);
+        return;
+    }
+    
    // TODO this needs to be organized better
-    switch(apdu->ins)
+    switch(apdu.ins)
    {
        case APDU_INS_SELECT:
-            if (plen > len - 6)
-            {
-                printf1(TAG_ERR, "Truncating APDU length %d\r\n", apdu->lc);
-                plen = len-6;
-            }
            // if (apdu->p1 == 0 && apdu->p2 == 0x0c)
            // {
            //     printf1(TAG_NFC,"Select NDEF\r\n");
@ -446,14 +509,9 @@ void nfc_process_iblock(uint8_t * buf, int len)
            // }
            // else
            {
-                selected = select_applet(payload, plen);
+                selected = select_applet(apdu.data, apdu.lc);
                if (selected == APP_FIDO)
                {
-                    // block = buf[0] & 1;
-                    // block = NFC_STATE.block_num;
-                    // block = !block;
-                    // NFC_STATE.block_num = block;
-                    // NFC_STATE.block_num = block;
 					nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
 					printf1(TAG_NFC, "FIDO applet selected.\r\n");
               }
@ -465,7 +523,7 @@ void nfc_process_iblock(uint8_t * buf, int len)
                else
                {
 					nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
-                    printf1(TAG_NFC, "NOT selected\r\n"); dump_hex1(TAG_NFC,payload, plen);
+                    printf1(TAG_NFC, "NOT selected "); dump_hex1(TAG_NFC, apdu.data, apdu.lc);
                }
            }
        break;
@ -478,7 +536,8 @@ void nfc_process_iblock(uint8_t * buf, int len)

 			printf1(TAG_NFC, "U2F GetVersion command.\r\n");

-			nfc_write_response_ex(buf[0], (uint8_t *)"U2F_V2", 6, SW_SUCCESS);
+			u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
+            nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length);
        break;

        case APDU_FIDO_U2F_REGISTER:
@ -489,9 +548,9 @@ void nfc_process_iblock(uint8_t * buf, int len)

 			printf1(TAG_NFC, "U2F Register command.\r\n");

-			if (plen != 64)
+			if (apdu.lc != 64)
 			{
-				printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", plen);
+				printf1(TAG_NFC, "U2F Register request length error. len=%d.\r\n", apdu.lc);
 				nfc_write_response(buf[0], SW_WRONG_LENGTH);
 				return;
 			}
@ -502,20 +561,16 @@ void nfc_process_iblock(uint8_t * buf, int len)
 			// WTX_on(WTX_TIME_DEFAULT);
            // SystemClock_Config_LF32();
            // delay(300);
-            if (device_is_nfc()) device_set_clock_rate(DEVICE_LOW_POWER_FAST);;
-			u2f_request_nfc(&buf[1], len, &ctap_resp);
-            if (device_is_nfc())  device_set_clock_rate(DEVICE_LOW_POWER_IDLE);;
+            if (device_is_nfc() == NFC_IS_ACTIVE) device_set_clock_rate(DEVICE_LOW_POWER_FAST);
+			u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
+            if (device_is_nfc() == NFC_IS_ACTIVE)  device_set_clock_rate(DEVICE_LOW_POWER_IDLE);
 			// if (!WTX_off())
 			// 	return;

+			printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
            printf1(TAG_NFC,"U2F Register P2 took %d\r\n", timestamp());
            nfc_write_response_chaining(buf[0], ctap_resp.data, ctap_resp.length);

-			// printf1(TAG_NFC, "U2F resp len: %d\r\n", ctap_resp.length);
-
-
-
-
            printf1(TAG_NFC,"U2F Register answered %d (took %d)\r\n", millis(), timestamp());
       break;

@ -527,17 +582,17 @@ void nfc_process_iblock(uint8_t * buf, int len)

 			printf1(TAG_NFC, "U2F Authenticate command.\r\n");

-			if (plen != 64 + 1 + buf[6 + 64])
+			if (apdu.lc != 64 + 1 + apdu.data[64])
 			{
 				delay(5);
-				printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", plen, buf[6 + 64]);
+				printf1(TAG_NFC, "U2F Authenticate request length error. len=%d keyhlen=%d.\r\n", apdu.lc, apdu.data[64]);
 				nfc_write_response(buf[0], SW_WRONG_LENGTH);
 				return;
 			}

 			timestamp();
 			// WTX_on(WTX_TIME_DEFAULT);
-			u2f_request_nfc(&buf[1], len, &ctap_resp);
+			u2f_request_nfc(&buf[block_offset], apdu.data, apdu.lc, &ctap_resp);
 			// if (!WTX_off())
 			// 	return;

@ -550,14 +605,16 @@ void nfc_process_iblock(uint8_t * buf, int len)
        case APDU_FIDO_NFCCTAP_MSG:
 			if (NFC_STATE.selected_applet != APP_FIDO) {
 				nfc_write_response(buf[0], SW_INS_INVALID);
-				break;
+				return;
 			}

 			printf1(TAG_NFC, "FIDO2 CTAP message. %d\r\n", timestamp());

 			WTX_on(WTX_TIME_DEFAULT);
+            request_from_nfc(true);
            ctap_response_init(&ctap_resp);
-            status = ctap_request(payload, plen, &ctap_resp);
+            status = ctap_request(apdu.data, apdu.lc, &ctap_resp);
+            request_from_nfc(false);
 			if (!WTX_off())
 				return;

@ -580,44 +637,37 @@ void nfc_process_iblock(uint8_t * buf, int len)
        break;

        case APDU_INS_READ_BINARY:
-
-
+            // response length
+            reslen = apdu.le & 0xffff; 
            switch(NFC_STATE.selected_applet)
            {
                case APP_CAPABILITY_CONTAINER:
                    printf1(TAG_NFC,"APP_CAPABILITY_CONTAINER\r\n");
-                    if (plen > 15)
-                    {
-                        printf1(TAG_ERR, "Truncating requested CC length %d\r\n", apdu->lc);
-                        plen = 15;
-                    }
-                    nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, plen, SW_SUCCESS);
+                    if (reslen == 0 || reslen > sizeof(NFC_CC))
+                        reslen = sizeof(NFC_CC);
+                    nfc_write_response_ex(buf[0], (uint8_t *)&NFC_CC, reslen, SW_SUCCESS);
                    ams_wait_for_tx(10);
                break;
                case APP_NDEF_TAG:
                    printf1(TAG_NFC,"APP_NDEF_TAG\r\n");
-                    if (plen > (sizeof(NDEF_SAMPLE) -  1))
-                    {
-                        printf1(TAG_ERR, "Truncating requested CC length %d\r\n", apdu->lc);
-                        plen = sizeof(NDEF_SAMPLE) -  1;
-                    }
-                    nfc_write_response_ex(buf[0], NDEF_SAMPLE, plen, SW_SUCCESS);
+                    if (reslen == 0 || reslen > sizeof(NDEF_SAMPLE) - 1)
+                        reslen = sizeof(NDEF_SAMPLE) - 1;
+                    nfc_write_response_ex(buf[0], NDEF_SAMPLE, reslen, SW_SUCCESS);
                    ams_wait_for_tx(10);
                break;
                default:
+                    nfc_write_response(buf[0], SW_FILE_NOT_FOUND);
                    printf1(TAG_ERR, "No binary applet selected!\r\n");
                    return;
                break;
            }
-
        break;
+        
        default:
-            printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu->ins);
+            printf1(TAG_NFC, "Unknown INS %02x\r\n", apdu.ins);
 			nfc_write_response(buf[0], SW_INS_INVALID);
        break;
    }
-
-
 }

 static uint8_t ibuf[1024];
@ -631,7 +681,7 @@ void clear_ibuf()

 void nfc_process_block(uint8_t * buf, unsigned int len)
 {
-
+    printf1(TAG_NFC, "-----\r\n");
 	if (!len)
 		return;

@ -641,6 +691,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
    }
    else if (IS_IBLOCK(buf[0]))
    {
+        uint8_t block_offset = p14443_block_offset(buf[0]);
 		if (buf[0] & 0x10)
 		{
 			printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining blen=%d len=%d\r\n", ibuflen, len);
@ -654,27 +705,27 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
 			printf1(TAG_NFC_APDU,"i> ");
 			dump_hex1(TAG_NFC_APDU, buf, len);

-			if (len)
+			if (len > block_offset)
 			{
-				memcpy(&ibuf[ibuflen], &buf[1], len - 1);
-				ibuflen += len - 1;
+				memcpy(&ibuf[ibuflen], &buf[block_offset], len - block_offset);
+				ibuflen += len - block_offset;
 			}

 			// send R block
-			uint8_t rb = NFC_CMD_RBLOCK | NFC_CMD_RBLOCK_ACK | (buf[0] & 3);
-			nfc_write_frame(&rb, 1);
+            rblock_acknowledge(buf[0], true);
 		} else {
 			if (ibuflen)
 			{
-				if (len)
+				if (len > block_offset)
 				{
-					memcpy(&ibuf[ibuflen], &buf[1], len - 1);
-					ibuflen += len - 1;
+					memcpy(&ibuf[ibuflen], &buf[block_offset], len - block_offset);
+					ibuflen += len - block_offset;
 				}

-				memmove(&ibuf[1], ibuf, ibuflen);
-				ibuf[0] = buf[0];
-				ibuflen++;
+                // add last chaining to top of the block
+				memmove(&ibuf[block_offset], ibuf, ibuflen);
+				memmove(ibuf, buf, block_offset);
+				ibuflen += block_offset;

 				printf1(TAG_NFC_APDU, "NFC_CMD_IBLOCK chaining last block. blen=%d len=%d\r\n", ibuflen, len);

@ -683,7 +734,6 @@ void nfc_process_block(uint8_t * buf, unsigned int len)

 				nfc_process_iblock(ibuf, ibuflen);
 			} else {
-				// printf1(TAG_NFC, "NFC_CMD_IBLOCK\r\n");
 				nfc_process_iblock(buf, len);
 			}
 			clear_ibuf();
@ -691,7 +741,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
    }
    else if (IS_RBLOCK(buf[0]))
    {
-        rblock_acknowledge();
+        rblock_acknowledge(buf[0], false);
        printf1(TAG_NFC, "NFC_CMD_RBLOCK\r\n");
    }
    else if (IS_SBLOCK(buf[0]))
@ -710,6 +760,7 @@ void nfc_process_block(uint8_t * buf, unsigned int len)
        else
        {
            printf1(TAG_NFC, "NFC_CMD_SBLOCK, Unknown. len[%d]\r\n", len);
+            nfc_write_response(buf[0], SW_COND_USE_NOT_SATISFIED);
        }
        dump_hex1(TAG_NFC, buf, len);
    }
--- a/targets/stm32l432/src/nfc.h
+++ b/targets/stm32l432/src/nfc.h
@ -40,6 +40,8 @@ typedef struct
 #define NFC_CMD_SBLOCK                0xc0
 #define IS_SBLOCK(x)                  ( (((x) & 0xc0) == NFC_CMD_SBLOCK) && (((x) & 0x02) == 0x02) )

+extern uint8_t p14443_block_offset(uint8_t pcb);
+
 #define NFC_SBLOCK_DESELECT           0x30
 #define NFC_SBLOCK_WTX                0x30

--- a/tools/testing/main.py
+++ b/tools/testing/main.py
@ -1,58 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-# Copyright 2019 SoloKeys Developers
-#
-# Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
-# http://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
-# http://opensource.org/licenses/MIT>, at your option. This file may not be
-# copied, modified, or distributed except according to those terms.
-#
-
-# Script for testing correctness of CTAP2/CTAP1 security token
-
-import sys
-
-from solo.fido2 import force_udp_backend
-from tests import Tester, FIDO2Tests, U2FTests, HIDTests, SoloTests
-
-
-if __name__ == "__main__":
-    if len(sys.argv) < 2:
-        print("Usage: %s [sim] <[u2f]|[fido2]|[rk]|[hid]|[ping]>")
-        sys.exit(0)
-
-    t = Tester()
-    t.set_user_count(3)
-
-    if "sim" in sys.argv:
-        print("Using UDP backend.")
-        force_udp_backend()
-        t.set_sim(True)
-        t.set_user_count(10)
-
-    t.find_device()
-
-    if "solo" in sys.argv:
-        SoloTests(t).run()
-
-    if "u2f" in sys.argv:
-        U2FTests(t).run()
-
-    if "fido2" in sys.argv:
-        # t.test_fido2()
-        FIDO2Tests(t).run()
-
-    # hid tests are a bit invasive and should be done last
-    if "hid" in sys.argv:
-        HIDTests(t).run()
-
-    if "bootloader" in sys.argv:
-        if t.is_sim:
-            raise RuntimeError("Cannot test bootloader in simulation yet.")
-        # print("Put device in bootloader mode and then hit enter")
-        # input()
-        # t.test_bootloader()
-
-    # t.test_responses()
-    # t.test_fido2_brute_force()
--- a/tools/testing/tests/init.py
+++ b/tools/testing/tests/init.py
@ -1,11 +0,0 @@
-from . import fido2
-from . import hid
-from . import solo
-from . import u2f
-from . import tester
-
-FIDO2Tests = fido2.FIDO2Tests
-HIDTests = hid.HIDTests
-U2FTests = u2f.U2FTests
-SoloTests = solo.SoloTests
-Tester = tester.Tester
--- a/tools/testing/tests/fido2.py
+++ b/tools/testing/tests/fido2.py
--- a/tools/testing/tests/hid.py
+++ b/tools/testing/tests/hid.py
@ -1,252 +0,0 @@
-import sys, os, time
-from binascii import hexlify
-
-from fido2.hid import CTAPHID
-from fido2.ctap import CtapError
-
-from .tester import Tester, Test
-
-
-class HIDTests(Tester):
-    def __init__(self, tester=None):
-        super().__init__(tester)
-        self.check_timeouts = False
-
-    def set_check_timeouts(self, en):
-        self.check_timeouts = en
-
-    def run(self,):
-        self.test_long_ping()
-        self.test_hid(self.check_timeouts)
-
-    def test_long_ping(self):
-        amt = 1000
-        pingdata = os.urandom(amt)
-        with Test("Send %d byte ping" % amt):
-            try:
-                t1 = time.time() * 1000
-                r = self.send_data(CTAPHID.PING, pingdata)
-                t2 = time.time() * 1000
-                delt = t2 - t1
-                # if (delt < 140 ):
-                # raise RuntimeError('Fob is too fast (%d ms)' % delt)
-                if delt > 555 * (amt / 1000):
-                    raise RuntimeError("Fob is too slow (%d ms)" % delt)
-                if r != pingdata:
-                    raise ValueError("Ping data not echo'd")
-            except CtapError:
-                raise RuntimeError("ping failed")
-
-        sys.stdout.flush()
-
-    def test_hid(self, check_timeouts=False):
-        if check_timeouts:
-            with Test("idle"):
-                try:
-                    cmd, resp = self.recv_raw()
-                except socket.timeout:
-                    pass
-
-        with Test("init"):
-            r = self.send_data(CTAPHID.INIT, "\x11\x11\x11\x11\x11\x11\x11\x11")
-
-        with Test("100 byte ping"):
-            pingdata = os.urandom(100)
-            try:
-                r = self.send_data(CTAPHID.PING, pingdata)
-                if r != pingdata:
-                    raise ValueError("Ping data not echo'd")
-            except CtapError as e:
-                print("100 byte Ping failed:", e)
-                raise RuntimeError("ping failed")
-
-        self.test_long_ping()
-
-        with Test("Wink"):
-            r = self.send_data(CTAPHID.WINK, "")
-
-        with Test("CBOR msg with no data"):
-            try:
-                r = self.send_data(CTAPHID.CBOR, "")
-                if len(r) > 1 or r[0] == 0:
-                    raise RuntimeError("Cbor is supposed to have payload")
-            except CtapError as e:
-                assert e.code == CtapError.ERR.INVALID_LENGTH
-
-        with Test("No data in U2F msg"):
-            try:
-                r = self.send_data(CTAPHID.MSG, "")
-                print(hexlify(r))
-                if len(r) > 2:
-                    raise RuntimeError("MSG is supposed to have payload")
-            except CtapError as e:
-                assert e.code == CtapError.ERR.INVALID_LENGTH
-
-        with Test("Use init command to resync"):
-            r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-
-        with Test("Invalid HID command"):
-            try:
-                r = self.send_data(0x66, "")
-                raise RuntimeError("Invalid command did not return error")
-            except CtapError as e:
-                assert e.code == CtapError.ERR.INVALID_COMMAND
-
-        with Test("Sending packet with too large of a length."):
-            self.send_raw("\x81\x1d\xba\x00")
-            cmd, resp = self.recv_raw()
-            Tester.check_error(resp, CtapError.ERR.INVALID_LENGTH)
-
-        r = self.send_data(CTAPHID.PING, "\x44" * 200)
-        with Test("Sending packets that skip a sequence number."):
-            self.send_raw("\x81\x04\x90")
-            self.send_raw("\x00")
-            self.send_raw("\x01")
-            # skip 2
-            self.send_raw("\x03")
-            cmd, resp = self.recv_raw()
-            Tester.check_error(resp, CtapError.ERR.INVALID_SEQ)
-
-        with Test("Resync and send ping"):
-            try:
-                r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-                pingdata = os.urandom(100)
-                r = self.send_data(CTAPHID.PING, pingdata)
-                if r != pingdata:
-                    raise ValueError("Ping data not echo'd")
-            except CtapError as e:
-                raise RuntimeError("resync fail: ", e)
-
-        with Test("Send ping and abort it"):
-            self.send_raw("\x81\x04\x00")
-            self.send_raw("\x00")
-            self.send_raw("\x01")
-            try:
-                r = self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            except CtapError as e:
-                raise RuntimeError("resync fail: ", e)
-
-        with Test("Send ping and abort it with different cid, expect timeout"):
-            oldcid = self.cid()
-            newcid = "\x11\x22\x33\x44"
-            self.send_raw("\x81\x10\x00")
-            self.send_raw("\x00")
-            self.send_raw("\x01")
-            self.set_cid(newcid)
-            self.send_raw(
-                "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88"
-            )  # init from different cid
-            print("wait for init response")
-            cmd, r = self.recv_raw()  # init response
-            assert cmd == 0x86
-            self.set_cid(oldcid)
-            if check_timeouts:
-                # print('wait for timeout')
-                cmd, r = self.recv_raw()  # timeout response
-                assert cmd == 0xBF
-
-        with Test("Test timeout"):
-            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            t1 = time.time() * 1000
-            self.send_raw("\x81\x04\x00")
-            self.send_raw("\x00")
-            self.send_raw("\x01")
-            cmd, r = self.recv_raw()  # timeout response
-            t2 = time.time() * 1000
-            delt = t2 - t1
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.TIMEOUT
-            assert delt < 1000 and delt > 400
-
-        with Test("Test not cont"):
-            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            self.send_raw("\x81\x04\x00")
-            self.send_raw("\x00")
-            self.send_raw("\x01")
-            self.send_raw("\x81\x10\x00")  # init packet
-            cmd, r = self.recv_raw()  # timeout response
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.INVALID_SEQ
-
-        if check_timeouts:
-            with Test("Check random cont ignored"):
-                self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-                self.send_raw("\x01\x10\x00")
-                try:
-                    cmd, r = self.recv_raw()  # timeout response
-                except socket.timeout:
-                    pass
-
-        with Test("Check busy"):
-            t1 = time.time() * 1000
-            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            oldcid = self.cid()
-            newcid = "\x11\x22\x33\x44"
-            self.send_raw("\x81\x04\x00")
-            self.set_cid(newcid)
-            self.send_raw("\x81\x04\x00")
-            cmd, r = self.recv_raw()  # busy response
-            t2 = time.time() * 1000
-            assert t2 - t1 < 100
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.CHANNEL_BUSY
-
-            self.set_cid(oldcid)
-            cmd, r = self.recv_raw()  # timeout response
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.TIMEOUT
-
-        with Test("Check busy interleaved"):
-            cid1 = "\x11\x22\x33\x44"
-            cid2 = "\x01\x22\x33\x44"
-            self.set_cid(cid2)
-            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            self.set_cid(cid1)
-            self.send_data(CTAPHID.INIT, "\x11\x22\x33\x44\x55\x66\x77\x88")
-            self.send_raw("\x81\x00\x63")  # echo 99 bytes first channel
-
-            self.set_cid(cid2)  # send ping on 2nd channel
-            self.send_raw("\x81\x00\x63")
-            Tester.delay(0.1)
-            self.send_raw("\x00")
-
-            cmd, r = self.recv_raw()  # busy response
-
-            self.set_cid(cid1)  # finish 1st channel ping
-            self.send_raw("\x00")
-
-            self.set_cid(cid2)
-
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.CHANNEL_BUSY
-
-            self.set_cid(cid1)
-            cmd, r = self.recv_raw()  # ping response
-            assert cmd == 0x81
-            assert len(r) == 0x63
-
-        if check_timeouts:
-            with Test("Test idle, wait for timeout"):
-                sys.stdout.flush()
-                try:
-                    cmd, resp = self.recv_raw()
-                except socket.timeout:
-                    pass
-
-        with Test("Test cid 0 is invalid"):
-            self.set_cid("\x00\x00\x00\x00")
-            self.send_raw(
-                "\x86\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\x00\x00\x00\x00"
-            )
-            cmd, r = self.recv_raw()  # timeout
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.INVALID_CHANNEL
-
-        with Test("Test invalid broadcast cid use"):
-            self.set_cid("\xff\xff\xff\xff")
-            self.send_raw(
-                "\x81\x00\x08\x11\x22\x33\x44\x55\x66\x77\x88", cid="\xff\xff\xff\xff"
-            )
-            cmd, r = self.recv_raw()  # timeout
-            assert cmd == 0xBF
-            assert r[0] == CtapError.ERR.INVALID_CHANNEL
--- a/tools/testing/tests/solo.py
+++ b/tools/testing/tests/solo.py
@ -1,83 +0,0 @@
-from solo.client import SoloClient
-from solo.commands import SoloExtension
-
-from fido2.ctap1 import ApduError
-from fido2.utils import sha256
-
-from .util import shannon_entropy
-from .tester import Tester, Test
-
-
-class SoloTests(Tester):
-    def __init__(self, tester=None):
-        super().__init__(tester)
-
-    def run(self,):
-        self.test_solo()
-
-    def test_solo(self,):
-        """
-        Solo specific tests
-        """
-        # RNG command
-        sc = SoloClient()
-        sc.find_device(self.dev)
-        sc.use_u2f()
-        memmap = (0x08005000, 0x08005000 + 198 * 1024 - 8)
-
-        total = 1024 * 16
-        with Test("Gathering %d random bytes..." % total):
-            entropy = b""
-            while len(entropy) < total:
-                entropy += sc.get_rng()
-
-        with Test("Test entropy is close to perfect"):
-            s = shannon_entropy(entropy)
-            assert s > 7.98
-        print("Entropy is %.5f bits per byte." % s)
-
-        with Test("Test Solo version command"):
-            assert len(sc.solo_version()) == 3
-
-        with Test("Test bootloader is not active"):
-            try:
-                sc.write_flash(memmap[0], b"1234")
-            except ApduError:
-                pass
-
-        sc.exchange = sc.exchange_fido2
-
-        req = SoloClient.format_request(SoloExtension.version, 0, b"A" * 16)
-        a = sc.ctap2.get_assertion(
-            sc.host, b"B" * 32, [{"id": req, "type": "public-key"}]
-        )
-
-        with Test("Test custom command returned valid assertion"):
-            assert a.auth_data.rp_id_hash == sha256(sc.host.encode("utf8"))
-            assert a.credential["id"] == req
-            assert (a.auth_data.flags & 0x5) == 0x5
-
-        with Test("Test Solo version and random commands with fido2 layer"):
-            assert len(sc.solo_version()) == 3
-            sc.get_rng()
-
-    def test_bootloader(self,):
-        sc = SoloClient()
-        sc.find_device(self.dev)
-        sc.use_u2f()
-
-        memmap = (0x08005000, 0x08005000 + 198 * 1024 - 8)
-        data = b"A" * 64
-
-        with Test("Test version command"):
-            assert len(sc.bootloader_version()) == 3
-
-        with Test("Test write command"):
-            sc.write_flash(memmap[0], data)
-
-        for addr in (memmap[0] - 8, memmap[0] - 4, memmap[1], memmap[1] - 8):
-            with Test("Test out of bounds write command at 0x%04x" % addr):
-                try:
-                    sc.write_flash(addr, data)
-                except CtapError as e:
-                    assert e.code == CtapError.ERR.NOT_ALLOWED
--- a/tools/testing/tests/tester.py
+++ b/tools/testing/tests/tester.py
@ -1,204 +0,0 @@
-import time, struct
-
-from fido2.hid import CtapHidDevice
-from fido2.client import Fido2Client
-from fido2.ctap1 import CTAP1
-from fido2.utils import Timeout
-
-from fido2.ctap import CtapError
-
-
-def ForceU2F(client, device):
-    client.ctap = CTAP1(device)
-    client.pin_protocol = None
-    client._do_make_credential = client._ctap1_make_credential
-    client._do_get_assertion = client._ctap1_get_assertion
-
-
-class Packet(object):
-    def __init__(self, data):
-        self.data = data
-
-    def ToWireFormat(self,):
-        return self.data
-
-    @staticmethod
-    def FromWireFormat(pkt_size, data):
-        return Packet(data)
-
-
-class Test:
-    def __init__(self, msg, catch=None):
-        self.msg = msg
-        self.catch = catch
-
-    def __enter__(self,):
-        print(self.msg)
-
-    def __exit__(self, a, b, c):
-        if self.catch is None:
-            print("Pass")
-        elif isinstance(b, self.catch):
-            print("Pass")
-            return b
-        else:
-            raise RuntimeError(f"Expected exception {self.catch} did not occur.")
-
-
-class Tester:
-    def __init__(self, tester=None):
-        self.origin = "https://examplo.org"
-        self.host = "examplo.org"
-        self.user_count = 10
-        self.is_sim = False
-        if tester:
-            self.initFromTester(tester)
-
-    def initFromTester(self, tester):
-        self.user_count = tester.user_count
-        self.is_sim = tester.is_sim
-        self.dev = tester.dev
-        self.ctap = tester.ctap
-        self.ctap1 = tester.ctap1
-        self.client = tester.client
-
-    def find_device(self,):
-        print(list(CtapHidDevice.list_devices()))
-        dev = next(CtapHidDevice.list_devices(), None)
-        if not dev:
-            raise RuntimeError("No FIDO device found")
-        self.dev = dev
-        self.client = Fido2Client(dev, self.origin)
-        self.ctap = self.client.ctap2
-        self.ctap1 = CTAP1(dev)
-
-        # consume timeout error
-        # cmd,resp = self.recv_raw()
-
-    def set_user_count(self, count):
-        self.user_count = count
-
-    def set_sim(self, b):
-        self.is_sim = b
-
-    def reboot(self,):
-        if self.is_sim:
-            print("Sending restart command...")
-            self.send_magic_reboot()
-            Tester.delay(0.25)
-        else:
-            print("Please reboot authentictor and hit enter")
-            input()
-            self.find_device()
-
-    def send_data(self, cmd, data):
-        if not isinstance(data, bytes):
-            data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
-        with Timeout(1.0) as event:
-            return self.dev.call(cmd, data, event)
-
-    def send_raw(self, data, cid=None):
-        if cid is None:
-            cid = self.dev._dev.cid
-        elif not isinstance(cid, bytes):
-            cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid])
-        if not isinstance(data, bytes):
-            data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
-        data = cid + data
-        l = len(data)
-        if l != 64:
-            pad = "\x00" * (64 - l)
-            pad = struct.pack("%dB" % len(pad), *[ord(x) for x in pad])
-            data = data + pad
-        data = list(data)
-        assert len(data) == 64
-        self.dev._dev.InternalSendPacket(Packet(data))
-
-    def send_magic_reboot(self,):
-        """
-        For use in simulation and testing.  Random bytes that authentictor should detect
-        and then restart itself.
-        """
-        magic_cmd = (
-            b"\xac\x10\x52\xca\x95\xe5\x69\xde\x69\xe0\x2e\xbf"
-            + b"\xf3\x33\x48\x5f\x13\xf9\xb2\xda\x34\xc5\xa8\xa3"
-            + b"\x40\x52\x66\x97\xa9\xab\x2e\x0b\x39\x4d\x8d\x04"
-            + b"\x97\x3c\x13\x40\x05\xbe\x1a\x01\x40\xbf\xf6\x04"
-            + b"\x5b\xb2\x6e\xb7\x7a\x73\xea\xa4\x78\x13\xf6\xb4"
-            + b"\x9a\x72\x50\xdc"
-        )
-        self.dev._dev.InternalSendPacket(Packet(magic_cmd))
-
-    def cid(self,):
-        return self.dev._dev.cid
-
-    def set_cid(self, cid):
-        if not isinstance(cid, (bytes, bytearray)):
-            cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid])
-        self.dev._dev.cid = cid
-
-    def recv_raw(self,):
-        with Timeout(1.0):
-            cmd, payload = self.dev._dev.InternalRecv()
-        return cmd, payload
-
-    def check_error(data, err=None):
-        assert len(data) == 1
-        if err is None:
-            if data[0] != 0:
-                raise CtapError(data[0])
-        elif data[0] != err:
-            raise ValueError("Unexpected error: %02x" % data[0])
-
-    def testFunc(self, func, test, *args, **kwargs):
-        with Test(test):
-            res = None
-            expectedError = kwargs.get("expectedError", None)
-            otherArgs = kwargs.get("other", {})
-            try:
-                res = func(*args, **otherArgs)
-                if expectedError != CtapError.ERR.SUCCESS:
-                    raise RuntimeError("Expected error to occur for test: %s" % test)
-            except CtapError as e:
-                if expectedError is not None:
-                    cond = e.code != expectedError
-                    if isinstance(expectedError, list):
-                        cond = e.code not in expectedError
-                    else:
-                        expectedError = [expectedError]
-                    if cond:
-                        raise RuntimeError(
-                            f"Got error code {hex(e.code)}, expected {[hex(x) for x in expectedError]}"
-                        )
-                else:
-                    print(e)
-        return res
-
-    def testReset(self,):
-        print("Resetting Authenticator...")
-        try:
-            self.ctap.reset()
-        except CtapError:
-            # Some authenticators need a power cycle
-            print("You must power cycle authentictor.  Hit enter when done.")
-            input()
-            time.sleep(0.2)
-            self.find_device()
-            self.ctap.reset()
-
-    def testMC(self, test, *args, **kwargs):
-        return self.testFunc(self.ctap.make_credential, test, *args, **kwargs)
-
-    def testGA(self, test, *args, **kwargs):
-        return self.testFunc(self.ctap.get_assertion, test, *args, **kwargs)
-
-    def testCP(self, test, *args, **kwargs):
-        return self.testFunc(self.ctap.client_pin, test, *args, **kwargs)
-
-    def testPP(self, test, *args, **kwargs):
-        return self.testFunc(
-            self.client.pin_protocol.get_pin_token, test, *args, **kwargs
-        )
-
-    def delay(secs):
-        time.sleep(secs)
--- a/tools/testing/tests/u2f.py
+++ b/tools/testing/tests/u2f.py
@ -1,121 +0,0 @@
-from fido2.ctap1 import CTAP1, ApduError, APDU
-from fido2.utils import sha256
-from fido2.client import _call_polling
-
-from .tester import Tester, Test
-
-
-class U2FTests(Tester):
-    def __init__(self, tester=None):
-        super().__init__(tester)
-
-    def run(self,):
-        self.test_u2f()
-
-    def register(self, chal, appid):
-        reg_data = _call_polling(0.25, None, None, self.ctap1.register, chal, appid)
-        return reg_data
-
-    def authenticate(self, chal, appid, key_handle, check_only=False):
-        auth_data = _call_polling(
-            0.25,
-            None,
-            None,
-            self.ctap1.authenticate,
-            chal,
-            appid,
-            key_handle,
-            check_only=check_only,
-        )
-        return auth_data
-
-    def test_u2f(self,):
-        chal = sha256(b"AAA")
-        appid = sha256(b"BBB")
-        lastc = 0
-
-        regs = []
-
-        with Test("Check version"):
-            assert self.ctap1.get_version() == "U2F_V2"
-
-        with Test("Check bad INS"):
-            try:
-                self.ctap1.send_apdu(0, 0, 0, 0, b"")
-            except ApduError as e:
-                assert e.code == 0x6D00
-
-        with Test("Check bad CLA"):
-            try:
-                self.ctap1.send_apdu(1, CTAP1.INS.VERSION, 0, 0, b"abc")
-            except ApduError as e:
-                assert e.code == 0x6E00
-
-        for i in range(0, self.user_count):
-            with Test(
-                "U2F reg + auth %d/%d (count: %02x)" % (i + 1, self.user_count, lastc)
-            ):
-                reg = self.register(chal, appid)
-                reg.verify(appid, chal)
-                auth = self.authenticate(chal, appid, reg.key_handle)
-                auth.verify(appid, chal, reg.public_key)
-
-                regs.append(reg)
-                # check endianness
-                if lastc:
-                    assert (auth.counter - lastc) < 10
-                lastc = auth.counter
-                if lastc > 0x80000000:
-                    print("WARNING: counter is unusually high: %04x" % lastc)
-                    assert 0
-
-        for i in range(0, self.user_count):
-            with Test(
-                "Checking previous registration %d/%d" % (i + 1, self.user_count)
-            ):
-                auth = self.authenticate(chal, appid, regs[i].key_handle)
-                auth.verify(appid, chal, regs[i].public_key)
-
-        print("Check that all previous credentials are registered...")
-        for i in range(0, self.user_count):
-            with Test("Check that previous credential %d is registered" % i):
-                try:
-                    auth = self.ctap1.authenticate(
-                        chal, appid, regs[i].key_handle, check_only=True
-                    )
-                except ApduError as e:
-                    # Indicates that key handle is registered
-                    assert e.code == APDU.USE_NOT_SATISFIED
-
-        with Test("Check an incorrect key handle is not registered"):
-            kh = bytearray(regs[0].key_handle)
-            kh[0] = kh[0] ^ (0x40)
-            try:
-                self.ctap1.authenticate(chal, appid, kh, check_only=True)
-                assert 0
-            except ApduError as e:
-                assert e.code == APDU.WRONG_DATA
-
-        with Test("Try to sign with incorrect key handle"):
-            try:
-                self.ctap1.authenticate(chal, appid, kh)
-                assert 0
-            except ApduError as e:
-                assert e.code == APDU.WRONG_DATA
-
-        with Test("Try to sign using an incorrect keyhandle length"):
-            try:
-                kh = regs[0].key_handle
-                self.ctap1.authenticate(chal, appid, kh[: len(kh) // 2])
-                assert 0
-            except ApduError as e:
-                assert e.code == APDU.WRONG_DATA
-
-        with Test("Try to sign using an incorrect appid"):
-            badid = bytearray(appid)
-            badid[0] = badid[0] ^ (0x40)
-            try:
-                auth = self.ctap1.authenticate(chal, badid, regs[0].key_handle)
-                assert 0
-            except ApduError as e:
-                assert e.code == APDU.WRONG_DATA
--- a/tools/testing/tests/util.py
+++ b/tools/testing/tests/util.py
@ -1,12 +0,0 @@
-import math
-
-
-def shannon_entropy(data):
-    s = 0.0
-    total = len(data)
-    for x in range(0, 256):
-        freq = data.count(x)
-        p = freq / total
-        if p > 0:
-            s -= p * math.log2(p)
-    return s
Author	SHA1	Message	Date
allcontributors[bot]	e1528cb248	docs: update .all-contributorsrc	2019-08-07 23:14:18 +00:00
allcontributors[bot]	e0955c190e	docs: update README.md	2019-08-07 23:14:17 +00:00
Nicolas Stalder	ef1e9bc1a1	Merge pull request #259 from solokeys/all-contributors/add-hughsie docs: add hughsie as a contributor	2019-08-08 01:05:29 +02:00
allcontributors[bot]	f6c7dbdbdd	docs: update .all-contributorsrc	2019-08-07 23:05:02 +00:00
allcontributors[bot]	ea1969ca94	docs: update README.md	2019-08-07 23:05:01 +00:00
Nicolas Stalder	c14bc76ddf	Merge pull request #258 from solokeys/all-contributors/add-m3hm00d docs: add m3hm00d as a contributor	2019-08-08 00:59:52 +02:00
allcontributors[bot]	f7fd30b9ae	docs: update .all-contributorsrc	2019-08-07 22:59:27 +00:00
allcontributors[bot]	11763b6502	docs: update README.md	2019-08-07 22:59:26 +00:00
Nicolas Stalder	ae5d341c72	Merge pull request #255 from solokeys/all-contributors/add-rgerganov docs: add rgerganov as a contributor	2019-08-08 00:57:23 +02:00
Nicolas Stalder	afed99bae9	Merge branch 'master' into all-contributors/add-rgerganov	2019-08-08 00:57:16 +02:00
Nicolas Stalder	d6078ce015	Merge pull request #257 from solokeys/all-contributors/add-esden docs: add esden as a contributor	2019-08-08 00:55:01 +02:00
allcontributors[bot]	d630254224	docs: update .all-contributorsrc	2019-08-07 22:53:47 +00:00
allcontributors[bot]	b2ac7b5479	docs: update README.md	2019-08-07 22:53:46 +00:00
Nicolas Stalder	c050b82210	editing fail	2019-08-08 00:53:23 +02:00
Nicolas Stalder	ba8119b370	Merge pull request #256 from solokeys/all-contributors/add-manuel-domke docs: add manuel-domke as a contributor	2019-08-08 00:51:24 +02:00
Nicolas Stalder	d350f9a638	Update .all-contributorsrc	2019-08-08 00:50:53 +02:00
allcontributors[bot]	53275e0182	docs: update .all-contributorsrc	2019-08-07 22:49:29 +00:00
allcontributors[bot]	2e14ac5b11	docs: update README.md	2019-08-07 22:49:28 +00:00
allcontributors[bot]	a760bed29f	docs: update .all-contributorsrc	2019-08-07 22:45:57 +00:00
allcontributors[bot]	e854184a11	docs: update README.md	2019-08-07 22:45:56 +00:00
Nicolas Stalder	87c2076107	Merge pull request #254 from solokeys/all-contributors/add-alphathegeek docs: add alphathegeek as a contributor	2019-08-08 00:44:46 +02:00
allcontributors[bot]	9be192b82f	docs: update .all-contributorsrc	2019-08-07 22:44:17 +00:00
allcontributors[bot]	e95233bb5f	docs: update README.md	2019-08-07 22:44:16 +00:00
Nicolas Stalder	2a2145b7f2	Merge pull request #253 from solokeys/all-contributors/add-StoyanDimitrov docs: add StoyanDimitrov as a contributor	2019-08-08 00:43:09 +02:00
allcontributors[bot]	7cfd0ccb19	docs: update .all-contributorsrc	2019-08-07 22:42:57 +00:00
allcontributors[bot]	7d84caa754	docs: update README.md	2019-08-07 22:42:56 +00:00
Nicolas Stalder	f7dd595d84	Merge pull request #252 from solokeys/all-contributors/add-yparitcher docs: add yparitcher as a contributor	2019-08-08 00:42:34 +02:00
allcontributors[bot]	04570aaf15	docs: update .all-contributorsrc	2019-08-07 22:42:17 +00:00
allcontributors[bot]	1a3aad9761	docs: update README.md	2019-08-07 22:42:16 +00:00
Nicolas Stalder	9545dacc5d	Merge pull request #251 from solokeys/all-contributors/add-pjz docs: add pjz as a contributor	2019-08-08 00:41:00 +02:00
allcontributors[bot]	b5e592adc9	docs: update .all-contributorsrc	2019-08-07 22:40:47 +00:00
allcontributors[bot]	1cd6692246	docs: update README.md	2019-08-07 22:40:46 +00:00
Nicolas Stalder	17884505b4	Merge pull request #250 from solokeys/all-contributors/add-YakBizzarro docs: add YakBizzarro as a contributor	2019-08-08 00:38:06 +02:00
allcontributors[bot]	c2312fa69a	docs: update .all-contributorsrc	2019-08-07 22:37:54 +00:00
allcontributors[bot]	832f06b6b4	docs: update README.md	2019-08-07 22:37:53 +00:00
Nicolas Stalder	4ab5477f96	Merge pull request #249 from solokeys/all-contributors/add-ehershey docs: add ehershey as a contributor	2019-08-08 00:36:13 +02:00
allcontributors[bot]	434f2f89ec	docs: update .all-contributorsrc	2019-08-07 22:35:54 +00:00
allcontributors[bot]	9174c00abf	docs: update README.md	2019-08-07 22:35:53 +00:00
Nicolas Stalder	46111e27e3	Merge pull request #248 from solokeys/all-contributors/add-dschuermann docs: add dschuermann as a contributor	2019-08-08 00:33:51 +02:00
allcontributors[bot]	763995763f	docs: update .all-contributorsrc	2019-08-07 22:33:40 +00:00
allcontributors[bot]	4f317863e9	docs: update README.md	2019-08-07 22:33:39 +00:00
Nicolas Stalder	8f9aeebb9b	Merge pull request #247 from solokeys/all-contributors/add-aseigler docs: add aseigler as a contributor	2019-08-08 00:32:18 +02:00
allcontributors[bot]	86c6b3cbc8	docs: update .all-contributorsrc	2019-08-07 22:32:05 +00:00
allcontributors[bot]	a53dfb2812	docs: update README.md	2019-08-07 22:32:05 +00:00
Nicolas Stalder	04d6cffcb6	Merge pull request #246 from solokeys/all-contributors/add-agl docs: add agl as a contributor	2019-08-08 00:29:03 +02:00
Nicolas Stalder	76e46605e3	Merge branch 'master' into all-contributors/add-agl	2019-08-08 00:28:36 +02:00
Nicolas Stalder	dc94e73c62	Merge pull request #245 from solokeys/all-contributors/add-merlokk docs: add merlokk as a contributor	2019-08-08 00:26:09 +02:00
allcontributors[bot]	018311cfab	docs: update .all-contributorsrc	2019-08-07 22:24:54 +00:00
allcontributors[bot]	c37638d4cb	docs: update README.md	2019-08-07 22:24:53 +00:00
allcontributors[bot]	81a67eda24	docs: update .all-contributorsrc	2019-08-07 22:23:26 +00:00
allcontributors[bot]	70c176e9ef	docs: update README.md	2019-08-07 22:23:25 +00:00
Nicolas Stalder	7e39425e98	Merge pull request #243 from solokeys/all-contributors/add-Wesseldr docs: add Wesseldr as a contributor	2019-08-07 23:59:00 +02:00
allcontributors[bot]	25bf9d8e54	docs: update .all-contributorsrc	2019-08-07 21:58:17 +00:00
allcontributors[bot]	2e67a5f772	docs: update README.md	2019-08-07 21:58:16 +00:00
Nicolas Stalder	66befb96b8	Clarify that code contributions are assumed to be dual-licensed	2019-08-07 23:55:44 +02:00
Nicolas Stalder	257f6d1ed5	Merge pull request #242 from solokeys/all-contributors/add-szszszsz docs: add szszszsz as a contributor	2019-08-07 23:54:17 +02:00
Nicolas Stalder	b4b59a6d4d	Merge all-contributors with existing Contributors section	2019-08-07 23:52:52 +02:00
allcontributors[bot]	c18a08b14b	docs: create .all-contributorsrc	2019-08-07 21:26:37 +00:00
allcontributors[bot]	c249148d80	docs: update README.md	2019-08-07 21:26:36 +00:00
Nicolas Stalder	4e3420f19f	Merge pull request #236 from Wesseldr/patch-3 Cleaned nucleo32-board.md	2019-08-06 13:48:00 +02:00
Wessel dR	6b8e575fac	Merge branch 'master' into patch-3	2019-08-06 13:43:13 +02:00
Nicolas Stalder	28788d1eeb	Merge pull request #237 from solokeys/remove_tests Remove tests	2019-08-06 13:22:29 +02:00
Nicolas Stalder	1ee031ae9c	Merge pull request #65 from Nitrokey/docs-nucleo32-board Describe running Solo on the Nucleo board	2019-08-06 13:20:19 +02:00
Wessel de Roode	6dfe42e486	All cleaned up now ?	2019-08-06 13:11:51 +02:00
Wessel de Roode	29b2032dae	fixing final-definitions and misc	2019-08-06 13:06:06 +02:00
Conor Patrick	f9f1e96c73	Update README.md	2019-08-06 18:54:57 +08:00
Conor Patrick	e2738d11d3	remove tests	2019-08-06 18:50:05 +08:00
Wessel dR	a8c7c43e14	Cleaned nucleo32-board.md The original pull request #65 was not completely compliant. hopefully this one is.	2019-08-06 12:40:05 +02:00
Wessel dR	db479850a6	OsX path for STM32_Programmer_CLI Added how to add the STM32_Programmer_CLI to your OsX path Fixes https://github.com/Nitrokey/nitrokey-fido2-firmware/pull/20	2019-08-05 16:06:20 +02:00
Wessel dR	09d450ed02	Little typo Fixes https://github.com/Nitrokey/nitrokey-fido2-firmware/pull/19	2019-08-05 16:04:19 +02:00
Szczepan Zalega	be37ed46f7	Add instruction for manual flashing of the Nucleo board Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>	2019-08-05 16:00:30 +02:00
Szczepan Zalega	420d052ac9	Describe running Solo on the Nucleo32 board Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>	2019-08-05 16:00:27 +02:00
Nicolas Stalder	3698c942a2	Merge pull request #233 from solokeys/bump Update STABLE_VERSION	2019-07-29 22:40:20 +02:00
Conor Patrick	17a170bb90	Update STABLE_VERSION	2019-07-29 14:58:30 -04:00
Conor Patrick	d4e61421b6	Merge pull request #232 from solokeys/windows_hello_error_codes Windows hello response codes	2019-07-29 14:09:48 -04:00
Conor Patrick	690d7c716a	move CTAPHID_STATUS_PROCESSING to after UP	2019-07-29 12:39:59 -04:00
Conor Patrick	78e3b291c2	make sure device status is set in all user presence tests	2019-07-28 22:10:56 -04:00
Conor Patrick	b47854c335	use error code PIN_AUTH_INVALID	2019-07-28 21:41:11 -04:00
Conor Patrick	2af747ddaa	Merge pull request #229 from solokeys/fix-hmac-secret Fix hmac secret	2019-07-27 12:49:30 -04:00
Conor Patrick	9ead11de8d	Merge pull request #224 from solokeys/fault_tolerance limit length of wLength	2019-07-27 12:47:28 -04:00
Conor Patrick	f17faca689	use correct size for auth_data for signature	2019-07-26 23:53:20 -04:00
Conor Patrick	ca66b6e43b	verify signature for hmac-secret	2019-07-26 23:51:39 -04:00
Conor Patrick	1cd1b3c295	check attestation signature on all MC requests	2019-07-26 23:50:23 -04:00
Conor Patrick	df2cff2350	patch hmac final to use correct key	2019-07-26 23:49:55 -04:00
Conor Patrick	f5d50e001d	test assertions work post reboot	2019-07-26 19:00:07 -04:00
Nicolas Stalder	235785b225	Bump stable version to 2.4.0	2019-07-17 23:42:56 +02:00
Conor Patrick	303c42901a	limit length of wLength	2019-07-15 11:32:02 -04:00
Conor Patrick	df2f950e69	Merge pull request #217 from merlokk/extapdu Extended length apdu, iso14443 chaining and select	2019-07-08 22:03:02 -04:00
Conor Patrick	10bf4242e1	fail with more import related info	2019-07-08 21:54:48 -04:00
Conor Patrick	9e95b0075c	default no serial printing	2019-07-08 21:54:36 -04:00
Conor Patrick	ddbe31776c	Merge pull request #220 from merlokk/obt_src added text how to obtain source code	2019-07-08 21:22:48 -04:00
merlokk	645ca6a5a0	add 3-space list	2019-07-08 18:12:28 +03:00
merlokk	15fc39faed	added text how to obtain source code	2019-07-08 17:58:57 +03:00
merlokk	a1eedc0048	small fix	2019-07-06 13:09:19 +03:00
merlokk	89e00482e4	some improvements	2019-07-06 12:52:23 +03:00
merlokk	533ce39237	fix nfc_cc length	2019-07-06 00:15:21 +03:00
Conor Patrick	63ee003535	Merge pull request #202 from winksaville/patch-1 Update building.md	2019-07-05 10:29:40 -04:00
merlokk	fa9408d5d6	fix u2f tests	2019-07-05 12:39:32 +03:00
merlokk	ed9689435d	APDU_FIDO_U2F_VERSION	2019-07-05 12:33:23 +03:00
merlokk	24a006068d	fix extended apdu decode	2019-07-05 12:25:46 +03:00
merlokk	315b6564ab	u2f works with extended apdu and now user presence not needs if request come from nfc and power from usb	2019-07-04 23:12:31 +03:00
merlokk	4d9285085f	fix tests	2019-07-04 20:42:24 +03:00
merlokk	2272e69e15	fix tests	2019-07-04 20:14:24 +03:00
merlokk	151e1d0e9b	fix some errors in tests	2019-07-04 20:09:47 +03:00
merlokk	d1df8b8b77	u2f authenticate fix	2019-07-04 19:54:00 +03:00
merlokk	cb76c34ed2	fix addressing	2019-07-04 19:45:09 +03:00
merlokk	f2ebaf6abe	invalid cla and r-block works	2019-07-04 19:14:26 +03:00
merlokk	4845d2c172	fix 14443 apdu decode and select	2019-07-04 17:52:00 +03:00
merlokk	75b1d9cd01	offset calc refactoring	2019-07-04 17:38:34 +03:00
merlokk	26bc8a2889	apdu decoding works	2019-07-04 17:27:03 +03:00
merlokk	88a8eba424	gitignore	2019-07-04 16:32:11 +03:00
merlokk	d2c85881e6	applet selection and apdu check	2019-07-04 16:29:30 +03:00
merlokk	236498ee03	add make	2019-07-04 16:27:57 +03:00
merlokk	a51c9192b1	add apdu_decode	2019-07-04 16:27:33 +03:00
merlokk	4dc6bcf771	apdu decode sketch	2019-07-03 23:01:37 +03:00
merlokk	cce81b23d9	Merge branch 'master' of https://github.com/merlokk/solo into extapdu	2019-07-03 22:59:41 +03:00
merlokk	8c2e2386a9	fix `NFC applet selection does not work correctly` #213	2019-07-03 20:35:50 +03:00
Conor Patrick	c783a1442a	Merge pull request #215 from merlokk/nfc-testing Nfc testing	2019-07-03 11:37:19 -04:00
merlokk	b61e5db736	style	2019-07-03 17:57:27 +03:00
merlokk	b41cd5d5b8	add nfc test force flag	2019-07-03 17:54:53 +03:00
merlokk	b42e990f67	format fix	2019-07-03 01:39:38 +03:00
merlokk	ff53bb1e32	fix style	2019-07-03 01:16:55 +03:00
merlokk	2d72e02051	remove unused lib	2019-07-03 01:03:34 +03:00
merlokk	91c77da179	cbor.loads changed to cbor.decode_from	2019-07-03 00:43:51 +03:00
merlokk	795cf5c4a1	selecting NFC key works	2019-07-02 19:55:04 +03:00
merlokk	d1722b85af	add library not found error	2019-07-02 19:45:46 +03:00
merlokk	2c500fe25a	check pyscard module first	2019-06-28 12:32:52 +03:00
merlokk	751b2fd69c	add nfc device search	2019-06-28 12:16:59 +03:00
Nicolas Stalder	c2216929a9	Create SECURITY.md	2019-06-14 00:19:14 +02:00
Wink Saville	3f225f362f	Update building.md Adding `solo` as a prerequesite, it's required by `make build-hacker` to merge the hex files.	2019-05-29 15:11:18 -07:00
Conor Patrick	dd4ff920ad	Merge pull request #200 from solokeys/persistedkey use persisted key info	2019-05-28 18:36:50 -04:00
Conor Patrick	bddd60c080	use persisted key info	2019-05-27 13:54:29 -04:00
Conor Patrick	5f878ff022	Merge pull request #196 from solokeys/fido2-conformance Fido2 conformance	2019-05-19 12:24:36 -04:00
Conor Patrick	14f91a6e15	add screenshots of tests passing	2019-05-19 12:24:15 -04:00
Conor Patrick	cd29a0e0fe	python black	2019-05-18 21:11:22 -04:00
Conor Patrick	46b7f9a778	add UP as UV method for when PIN is not set	2019-05-18 14:35:30 -04:00
Conor Patrick	31328fe7e7	dont fail when public key type is too large	2019-05-18 14:34:54 -04:00
Nicolas Stalder	035b1a8632	Merge pull request #195 from solokeys/bump_2.3.0 Update STABLE_VERSION	2019-05-13 23:11:33 +02:00
Conor Patrick	b1563dbe94	Update STABLE_VERSION	2019-05-13 16:43:14 -04:00
Conor Patrick	2a9e3ac576	Merge pull request #194 from solokeys/sanitize fix potential memory leaks	2019-05-13 16:10:42 -04:00
 @ -1 +1 @@
 .2.2
 .4.2