solo1/README.md

# Solo

This is the source code for Solo.  Solo is a security key that implements FIDO2/U2F and supports USB, NFC, and extensions.  Extensions
include SSH, GPG, and cryptocurrency.  Solo is a work in progress.

![](https://i.imgur.com/O7qPR3o.png)
![](https://i.imgur.com/vwFbsQW.png?1)

The Solo FIDO2/U2F code base is designed to be easily ported to different embedded systems.
Right now, it has been ported to the NRF52840 and EFM32J.  Soon to be supported is the SAM L11.

No hardware is needed for development.  You can run and extend the FIDO2 code base
using just your PC.

# Security

Solo is based on the SAM L11 secure microcontroller.  It offers the following security features.

- True random number generation to guarantee random keys.
- Side channel resistant RAM and AES for physically secure key derivation.
- ARM TrustZone to provide security isolation for master key.
- Scrambled key storage to prevent invasive flash readout methods.
- Secure boot to ensure application integrity.

The SAM L11 is one of the best chips for this application in terms of security,
when considering the NDA-free market.

The firmware can be readout using a debugger to verify that a Solo is running
the code posted publicly.  The secret information is of course inaccessible.

# How do I get one?

We are still working on open sourcing an implementation that anyone can cheaply
build and program, just like with U2F Zero.  This will be released soon.  It will be easy to solder :)

In the meantime, you can port the code to your favorite microcontroller, or support
us by signing up for our Kickstarter.  Our aim is to crowdfund enough to make an economic
bulk order and provide open source security tokens for everyone that is interested.  We will offer 
"hackable" tokens that come with USB bootloaders and are reprogrammable.

[Sign up here](https://solokeys.com/)!


# Setting up

Clone and Compile CBOR library and FIDO 2 client library.

```bash
git clone https://github.com/conorpp/u2f-one
cd u2f-one/
git submodule update --init

cd tinycbor && make
cd ..

cd python-fido2/
python setup.py install

```

Note that our python-fido2 fork will only connect to the software FIDO2 application,
not a hardware authenticator.  Install Yubico's fork to do that.


Open `crypto/tiny-AES-c/aes.h` in a text editor and make sure AES256 is selected as follows.

```
//#define AES128 1
//#define AES192 1
#define AES256 1
```

Now compile FIDO 2.0 and U2F authenticator.

```bash
make
```

# Testing and development

The application is set up to send and recv USB HID messages over UDP to ease
development and reduce need for hardware.

Testing can be done using Yubico's client software.  Note that the client
software is also a work in progress and the [FIDO 2.0
specification](https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html)
is ultimate.  Some small changes to Yubico's Client software make it send
USB HID over UDP to the authenticator application.

Run FIDO 2 / U2F application.

```bash
./main
```

Run example client software.  This runs through a registration and authentication.

```
python python-fido2/examples/credential.py
```

Run the FIDO2 tests.

```
python tools/ctap_test.py
```

Follow specifications to really dig in.

[https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html](https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html)

## Extensions

Extensions can be added to FIDO2/U2F to support things like SSH, GPG, and cryptocurrency.
Right now, an experimental cryptocurrency extension can be found in `fido2/extensions` and `web/index.html`.
More documentation to come.

## Porting

The main code base is in `fido2/`.  See `targets/nrf52840`, `targets/efm32/src`, and `pc/`
for examples of FIDO2/U2F ports.  In essence, you need to reimplement `device.c`.
More documentation to come.

# Contributors

Contributors are welcome.  The ultimate goal is to have a FIDO 2 hardware token
capable of USB, Bluetooth, and NFC interfaces.  There could be multiple tokens
for each interface.  [Hardware is still being decided
    on](https://github.com/conorpp/u2f-zero/issues/76).
    
Look at the issues to see what is currently being worked on.  Feel free to add issues as well.

This is an upgrade to [U2F
Zero](https://github.com/conorpp/u2f-zero).
update readme 2018-09-04 23:40:43 +00:00			`# Solo`
add readme 2018-04-28 18:15:41 +00:00
Update README.md 2018-09-13 03:35:02 +00:00			`This is the source code for Solo. Solo is a security key that implements FIDO2/U2F and supports USB, NFC, and extensions. Extensions`
			`include SSH, GPG, and cryptocurrency. Solo is a work in progress.`

			`![](https://i.imgur.com/O7qPR3o.png)`
			`![](https://i.imgur.com/vwFbsQW.png?1)`

			`The Solo FIDO2/U2F code base is designed to be easily ported to different embedded systems.`
			`Right now, it has been ported to the NRF52840 and EFM32J. Soon to be supported is the SAM L11.`

			`No hardware is needed for development. You can run and extend the FIDO2 code base`
			`using just your PC.`

			`# Security`

			`Solo is based on the SAM L11 secure microcontroller. It offers the following security features.`

			`- True random number generation to guarantee random keys.`
			`- Side channel resistant RAM and AES for physically secure key derivation.`
			`- ARM TrustZone to provide security isolation for master key.`
			`- Scrambled key storage to prevent invasive flash readout methods.`
			`- Secure boot to ensure application integrity.`

			`The SAM L11 is one of the best chips for this application in terms of security,`
			`when considering the NDA-free market.`
add readme 2018-04-28 18:15:41 +00:00
Update README.md 2018-09-13 03:36:55 +00:00			`The firmware can be readout using a debugger to verify that a Solo is running`
			`the code posted publicly. The secret information is of course inaccessible.`
add readme 2018-04-28 18:15:41 +00:00
Update README.md 2018-09-13 03:44:57 +00:00			`# How do I get one?`

			`We are still working on open sourcing an implementation that anyone can cheaply`
Update README.md 2018-09-13 03:47:40 +00:00			`build and program, just like with U2F Zero. This will be released soon. It will be easy to solder :)`
Update README.md 2018-09-13 03:44:57 +00:00
			`In the meantime, you can port the code to your favorite microcontroller, or support`
			`us by signing up for our Kickstarter. Our aim is to crowdfund enough to make an economic`
			`bulk order and provide open source security tokens for everyone that is interested. We will offer`
			`"hackable" tokens that come with USB bootloaders and are reprogrammable.`

			`[Sign up here](https://solokeys.com/)!`


add readme 2018-04-28 18:15:41 +00:00			`# Setting up`

			`Clone and Compile CBOR library and FIDO 2 client library.`

			```bash
			`git clone https://github.com/conorpp/u2f-one`
			`cd u2f-one/`
			`git submodule update --init`

			`cd tinycbor && make`
			`cd ..`

			`cd python-fido2/`
			`python setup.py install`
pass ctap tests on PC 2018-09-05 02:11:21 +00:00
			```

Update README.md 2018-09-13 03:35:02 +00:00			`Note that our python-fido2 fork will only connect to the software FIDO2 application,`
			`not a hardware authenticator. Install Yubico's fork to do that.`


pass ctap tests on PC 2018-09-05 02:11:21 +00:00			Open `crypto/tiny-AES-c/aes.h` in a text editor and make sure AES256 is selected as follows.

			```
			`//#define AES128 1`
			`//#define AES192 1`
			`#define AES256 1`
add readme 2018-04-28 18:15:41 +00:00			```

			`Now compile FIDO 2.0 and U2F authenticator.`

			```bash
			`make`
			```

			`# Testing and development`

			`The application is set up to send and recv USB HID messages over UDP to ease`
			`development and reduce need for hardware.`

			`Testing can be done using Yubico's client software. Note that the client`
			`software is also a work in progress and the [FIDO 2.0`
			`specification](https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html)`
			`is ultimate. Some small changes to Yubico's Client software make it send`
			`USB HID over UDP to the authenticator application.`

			`Run FIDO 2 / U2F application.`

			```bash
			`./main`
			```

Update README.md 2018-09-13 03:35:02 +00:00			`Run example client software. This runs through a registration and authentication.`
add readme 2018-04-28 18:15:41 +00:00
			```
			`python python-fido2/examples/credential.py`
			```

Update README.md 2018-09-13 03:35:02 +00:00			`Run the FIDO2 tests.`

			```
			`python tools/ctap_test.py`
			```

			`Follow specifications to really dig in.`
add readme 2018-04-28 18:15:41 +00:00
			`[https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html](https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html)`

Update README.md 2018-09-13 03:35:02 +00:00			`## Extensions`

			`Extensions can be added to FIDO2/U2F to support things like SSH, GPG, and cryptocurrency.`
			Right now, an experimental cryptocurrency extension can be found in `fido2/extensions` and `web/index.html`.
			`More documentation to come.`

			`## Porting`

			The main code base is in `fido2/`. See `targets/nrf52840`, `targets/efm32/src`, and `pc/`
			for examples of FIDO2/U2F ports. In essence, you need to reimplement `device.c`.
			`More documentation to come.`

add readme 2018-04-28 18:15:41 +00:00			`# Contributors`

			`Contributors are welcome. The ultimate goal is to have a FIDO 2 hardware token`
			`capable of USB, Bluetooth, and NFC interfaces. There could be multiple tokens`
			`for each interface. [Hardware is still being decided`
			`on](https://github.com/conorpp/u2f-zero/issues/76).`
Update README.md 2018-09-13 03:35:02 +00:00
			`Look at the issues to see what is currently being worked on. Feel free to add issues as well.`
add readme 2018-04-28 18:15:41 +00:00
			`This is an upgrade to [U2F`
Update README.md 2018-09-13 03:35:02 +00:00			`Zero](https://github.com/conorpp/u2f-zero).`
add readme 2018-04-28 18:15:41 +00:00