mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Merge pull request #33 from SoloKeysSec/fix-pc 

Fix pc
pull/37/head
Conor Patrick 2018-11-23 06:55:15 -05:00 zatwierdzone przez GitHub
rodzic feceeb0a22 296d2e6c74
commit 50f565895f
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
5 zmienionych plików z 68 dodań i 55 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

25
Makefile
Wyświetl plik

@ -34,13 +34,7 @@ CFLAGS += -DAES256=1
name = main
.PHONY: all
all: python-fido2 main
.PHONY: test
test:
$(MAKE) -C . main
$(MAKE) -C . testgcm
./testgcm
all: main
tinycbor/Makefile crypto/tiny-AES-c/aes.c:
git submodule update --init
@ -51,6 +45,9 @@ cbor: $(LIBCBOR)
$(LIBCBOR): tinycbor/Makefile
cd tinycbor/ && $(MAKE) clean && $(MAKE) -j8
test:
$(MAKE) -C . main
.PHONY: efm8prog
efm8prog:
cd './targets/efm8\Keil 8051 v9.53 - Debug' && $(MAKE) all
@ -70,13 +67,6 @@ efm32bootprog: efm32com
$(name): $(obj) $(LIBCBOR)
$(CC) $(LDFLAGS) -o $@ $(obj) $(LDFLAGS)
crypto/aes-gcm/aes_gcm.o:
$(CC) -c crypto/aes-gcm/aes_gcm.c $(CFLAGS) -DTEST -o crypto/aes-gcm/aes_gcm.o
testgcm: $(obj) $(LIBCBOR) crypto/aes-gcm/aes_gcm.o
$(CC) -c fido2/main.c $(CFLAGS) -DTEST -o fido2/main.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDFLAGS)
uECC.o: ./crypto/micro-ecc/uECC.c
$(CC) -c -o $@ $^ -O2 -fdata-sections -ffunction-sections -DuECC_PLATFORM=$(platform) -I./crypto/micro-ecc/
@ -94,10 +84,6 @@ venv:
virtualenv venv
./venv/bin/pip install wheel
.PHONY: python-fido2
python-fido2: venv
cd python-fido2/ && ../venv/bin/python setup.py install
venv/bin/mkdocs: venv
./venv/bin/pip install mkdocs mkdocs-material
@ -110,10 +96,9 @@ fido2-test:
./venv/bin/python tools/ctap_test.py
clean:
rm -f *.o main.exe main testgcm $(obj)
rm -f *.o main.exe main $(obj)
for f in crypto/tiny-AES-c/Makefile tinycbor/Makefile ; do \
if [ -f "$$f" ]; then \
(cd `dirname $$f` ; git checkout -- .) ;\
fi ;\
done
rm -rf venv

10
README.md
Wyświetl plik

@ -43,8 +43,6 @@ us by [signing up for our Kickstarter](https://solokeys.com/kickstarter). Our a
bulk order and provide open source security tokens for everyone that is interested. We will offer
"hackable" tokens that come with USB bootloaders and are reprogrammable.
[Sign up here](https://solokeys.com/kickstarter)!
# Setting up
@ -53,10 +51,8 @@ Clone solo and build it
```bash
git clone --recurse-submodules https://github.com/SoloKeysSec/solo
cd solo/
git submodules init
git submodules update
make all
```
@ -85,13 +81,13 @@ Run FIDO 2 / U2F application.
Run example client software. This runs through a registration and authentication.
```
./venv/bin/python python-fido2/examples/credential.py
python python-fido2/examples/credential.py
```
Run the FIDO2 tests.
Run our FIDO2 tests.
```
make fido2-test
python tools/ctap_test.py
```
Follow specifications to really dig in.

3
fido2/ctap.c
Wyświetl plik

@ -1368,13 +1368,11 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
length--;
uint8_t * buf = resp->data;
printf1(TAG_GREEN, "lastcmd0 = 0x%02x\r\n", getAssertionState.lastcmd);
cbor_encoder_init(&encoder, buf, resp->data_size, 0);
printf1(TAG_CTAP,"cbor input structure: %d bytes\n", length);
printf1(TAG_DUMP,"cbor req: "); dump_hex1(TAG_DUMP, pkt_raw, length);
printf1(TAG_GREEN, "lastcmd1 = 0x%02x\r\n", getAssertionState.lastcmd);
switch(cmd)
{
@ -1477,7 +1475,6 @@ uint8_t ctap_request(uint8_t * pkt_raw, int length, CTAP_RESPONSE * resp)
done:
device_set_status(CTAPHID_STATUS_IDLE);
getAssertionState.lastcmd = cmd;
printf1(TAG_GREEN, "lastcmd = 0x%02x\r\n", getAssertionState.lastcmd);
if (status != CTAP1_ERR_SUCCESS)
{

50
pc/device.c
Wyświetl plik

@ -14,10 +14,23 @@
#include "cbor.h"
#include "util.h"
#include "log.h"
#include "ctaphid.h"
void authenticator_initialize();
uint32_t __device_status = 0;
void device_set_status(int status)
{
if (status != CTAPHID_STATUS_IDLE && __device_status != status)
{
ctaphid_update_status(status);
}
__device_status = status;
}
int udp_server()
{
int fd;
@ -211,15 +224,12 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
perror("fopen");
exit(1);
}
ret = fread(dst, 1, num, urand);
fclose(urand);
if (ret != num)
if (fread(dst, 1, num, urand) != num)
{
perror("fwrite");
exit(1);
perror("fread");
}
/*memset(dst,0xaa,num);*/
fclose(urand);
return 1;
}
@ -410,7 +420,31 @@ void authenticator_initialize()
}
}
void manage_device()
void device_manage()
{
}
void ctap_reset_rk()
{
}
uint32_t ctap_rk_size()
{
printf("Warning: rk not implemented\n");
return 0;
}
void ctap_store_rk(int index,CTAP_residentKey * rk)
{
printf("Warning: rk not implemented\n");
}
void ctap_load_rk(int index,CTAP_residentKey * rk)
{
printf("Warning: rk not implemented\n");
}
void ctap_overwrite_rk(int index,CTAP_residentKey * rk)
{
printf("Warning: rk not implemented\n");
}

31
tools/ctap_test.py
Wyświetl plik

@ -59,6 +59,7 @@ class Packet(object):
class Tester():
def __init__(self,):
self.origin = 'https://examplo.org'
self.host = 'examplo.org'
def find_device(self,):
print (list(CtapHidDevice.list_devices()))
@ -390,17 +391,18 @@ class Tester():
def test_fido2_simple(self, pin_token=None):
creds = []
exclude_list = []
rp = {'id': self.origin, 'name': 'ExaRP'}
rp = {'id': self.host, 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'}
challenge = 'Y2hhbGxlbmdl'
PIN = pin_token
fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tostring()
fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tostring()
fake_id1 = array.array('B',[randint(0,255) for i in range(0,150)]).tobytes()
fake_id2 = array.array('B',[randint(0,255) for i in range(0,73)]).tobytes()
exclude_list.append({'id': fake_id1, 'type': 'public-key'})
exclude_list.append({'id': fake_id2, 'type': 'public-key'})
print('MC')
t1 = time.time() * 1000
attest, data = self.client.make_credential(rp, user, challenge, pin = PIN, exclude_list = [])
t2 = time.time() * 1000
@ -421,7 +423,7 @@ class Tester():
def test_fido2_brute_force(self):
creds = []
exclude_list = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'}
rp = {'id': self.host, 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'}
PIN = None
abc = 'abcdefghijklnmopqrstuvwxyz'
@ -471,7 +473,7 @@ class Tester():
def test(self,pincode=None):
creds = []
exclude_list = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'}
rp = {'id': self.host, 'name': 'ExaRP'}
user = {'id': b'usee_od', 'name': 'AB User'}
challenge = 'Y2hhbGxlbmdl'
PIN = pincode
@ -587,15 +589,14 @@ class Tester():
print('MC using wrong pin')
try:
self.test_fido2_simple('abcd3');
except CtapError as e:
assert(e.code == CtapError.ERR.PIN_INVALID)
except ClientError as e:
assert(e.cause.code == CtapError.ERR.PIN_INVALID)
print('PASS')
print('Reboot device and hit enter')
input()
self.find_device()
print('get info')
inf = self.ctap.get_info()
print('PASS')
self.test_fido2_simple(PIN);
print('Re-run make_credential and get_assertion tests with pin code')
@ -610,7 +611,7 @@ class Tester():
def test_rk(self, ):
creds = []
rp = {'id': 'examplo.org', 'name': 'ExaRP'}
rp = {'id': self.host, 'name': 'ExaRP'}
user0 = {'id': b'first one', 'name': 'single User'}
users = [{'id': b'user' + os.urandom(16), 'name': 'AB User'} for i in range(0,2)]
@ -681,7 +682,7 @@ class Tester():
def test_responses(self,):
PIN = '1234'
RPID = 'examplo2.org'
RPID = self.host
for dev in (CtapHidDevice.list_devices()):
print('dev',dev)
client = Fido2Client(dev, RPID)
@ -776,12 +777,12 @@ def test_find_brute_force():
if __name__ == '__main__':
t = Tester()
#t.find_device()
t.find_device()
# t.test_hid()
# t.test_long_ping()
#t.test_fido2()
t.test_fido2()
#t.test_rk()
t.test_responses()
#t.test_responses()
# test_find_brute_force()
#t.test_fido2_simple()
#t.test_fido2_brute_force()