Conor Patrick
a72f0ede05
take a lazy approach to key agreement generation to not hold up boot time for nfc
2019-08-21 12:06:06 +08:00
Conor Patrick
adcbd3aeb8
speed up public key derivation slightly for nfc
2019-08-21 12:06:06 +08:00
Conor Patrick
b706cc30b0
for now, always gen key agreement
2019-08-21 12:06:06 +08:00
Szczepan Zalega
a5877f518f
Additional assertions and reordering
2019-08-20 12:42:46 +02:00
Szczepan Zalega
5a0cc0d02c
Version used STATE data structures
2019-08-20 11:57:32 +02:00
Szczepan Zalega
b452e3dfe4
Correct doc
2019-08-20 11:47:14 +02:00
Szczepan Zalega
8e3753e711
Add initial STATE migration code (2)
2019-08-20 11:34:51 +02:00
Szczepan Zalega
816ca21f08
Correct writing salted hash
...
pinHashEnc is 16 bytes, which is too small to store sha256 result.
2019-08-20 11:34:48 +02:00
Szczepan Zalega
6c60a37e8a
Add initial STATE migration code
2019-08-20 11:34:45 +02:00
Szczepan Zalega
bac576f3a0
Make the state structure backward-compatible. Add version.
2019-08-20 11:34:39 +02:00
Szczepan Zalega
6e637299e5
Add missing declaration, and comment out wallet message
2019-08-20 11:34:35 +02:00
Szczepan Zalega
43b3e93854
Modify state struct
2019-08-20 11:34:32 +02:00
Szczepan Zalega
5a448d636c
Add comments
2019-08-20 11:34:29 +02:00
Szczepan Zalega
7be0553377
Replace FIDO2 PIN storage with its hash
2019-08-20 11:34:26 +02:00
Conor Patrick
690d7c716a
move CTAPHID_STATUS_PROCESSING to after UP
2019-07-29 12:39:59 -04:00
Conor Patrick
78e3b291c2
make sure device status is set in all user presence tests
2019-07-28 22:10:56 -04:00
Conor Patrick
b47854c335
use error code PIN_AUTH_INVALID
2019-07-28 21:41:11 -04:00
Conor Patrick
f17faca689
use correct size for auth_data for signature
2019-07-26 23:53:20 -04:00
Conor Patrick
df2cff2350
patch hmac final to use correct key
2019-07-26 23:49:55 -04:00
merlokk
24a006068d
fix extended apdu decode
2019-07-05 12:25:46 +03:00
merlokk
315b6564ab
u2f works with extended apdu and now user presence not needs if request come from nfc and power from usb
2019-07-04 23:12:31 +03:00
merlokk
f2ebaf6abe
invalid cla and r-block works
2019-07-04 19:14:26 +03:00
merlokk
4845d2c172
fix 14443 apdu decode and select
2019-07-04 17:52:00 +03:00
merlokk
26bc8a2889
apdu decoding works
2019-07-04 17:27:03 +03:00
merlokk
a51c9192b1
add apdu_decode
2019-07-04 16:27:33 +03:00
Conor Patrick
bddd60c080
use persisted key info
2019-05-27 13:54:29 -04:00
Conor Patrick
31328fe7e7
dont fail when public key type is too large
2019-05-18 14:34:54 -04:00
Conor Patrick
e1474e8e8e
fix potential memory leaks
2019-05-13 15:32:04 -04:00
Conor Patrick
0f50ae7d63
change u2f to return early if button not immediately pressed
2019-05-10 15:56:52 -04:00
Conor Patrick
e105afd647
fix build
2019-05-09 17:51:41 -04:00
Conor Patrick
9fb02d4da3
add UP wait HID messages to U2F for windows
2019-05-09 17:46:01 -04:00
Conor Patrick
e402d36bf1
fix user presence skipping for nfc
2019-05-09 17:26:28 -04:00
Conor Patrick
84740f3d6a
changes to make firmware interop on all hw models
2019-05-09 16:01:07 -04:00
Conor Patrick
60e3d01e0d
refactor
2019-05-09 02:44:04 -04:00
Conor Patrick
6ae1cd3865
remove not-useful logs
2019-04-24 18:36:36 -04:00
Conor Patrick
ec98af115f
restore button in ctap_make_auth_data
2019-04-24 16:54:26 -04:00
Conor Patrick
437f691d12
Update solo.c
2019-04-24 16:41:22 -04:00
Conor Patrick
813eb97d2f
reuse memory for allow_list of creds
2019-04-24 11:45:30 -04:00
Conor Patrick
b0baace2e7
move custom credid to different location
2019-04-24 00:15:32 -04:00
Conor Patrick
1fab0b8f1f
add wallet api in as compile option
2019-04-23 21:57:50 -04:00
Conor Patrick
ce96fffddd
add info to authData for ext reqs
2019-04-23 21:57:27 -04:00
Conor Patrick
8fc0da7934
move args to device_init
2019-04-23 21:12:40 -04:00
Conor Patrick
494e856198
Merge pull request #131 from rgerganov/hidg
...
Add support for hidg devices on Linux
2019-04-23 20:22:33 -04:00
Conor Patrick
eab8b81c95
include nfc in user presence test
2019-04-23 14:05:18 -04:00
Adam Langley
73f538dd0e
Fix COSE type of key-agreement keys.
...
The key-agreement keys in the PIN protocol use COSE type -25. I'm not
sure if that's written down anywhere, but it's what everything else does
and it's an ECDH type rather than an ECDSA type.
2019-04-20 16:45:04 -07:00
Adam Langley
a5f794c0ff
Handle empty pinAuth fields.
...
CTAP2 specifies that an empty pinAuth field is special: it indicates
that the device should block for touch, i.e. it's just a way of letting
a user select from multiple authenticators[1].
This change handles empty pinAuth fields in GetAssertion and
MakeCredential commands.
[1] https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential
2019-04-20 16:26:32 -07:00
Radoslav Gerganov
955d4f76ef
Add support for hidg devices on Linux
...
There is a HID gadget driver on Linux which provides emulation of USB
HID devices. This could be very useful for testing the Solo firmware
without actual hardware, using only a Linux box.
This patch adds a command line argument which specifies whether the
existing UDP backing should be used or the new one which reads and
writes to /dev/hidg0.
Testing done:
1. Created HID device with configfs
2. Started "./main -b hidg" as root
3. Successfully executed Webauthn registration and authentication on
the same Linux machine
Closes : #122
2019-04-16 10:54:46 +03:00
Conor Patrick
9bb706987f
solo ext bugfix
2019-04-13 22:42:05 -04:00
Conor Patrick
44fa3bbb8e
Add checks to use U2F key if necessary
2019-04-13 22:37:31 -04:00
Conor Patrick
7068be9cd5
reorder options
2019-04-10 13:13:38 -04:00
Conor Patrick
5fc8d214fd
remove add_user param
2019-04-10 12:47:23 -04:00
Conor Patrick
5f49f4680e
re-order items in get_assertion response
2019-04-10 12:22:35 -04:00
Conor Patrick
4cc72bcd97
rearrange cbor encoding order in make_credential and get_info
2019-04-10 12:11:31 -04:00
Conor Patrick
89769ecc18
fix u2f counter for real
2019-03-31 23:29:00 -04:00
Conor Patrick
893d4131b2
change how pin is enforced for GA
2019-03-26 19:00:12 -04:00
Conor Patrick
a1a75e4ab5
check errors
2019-03-21 12:47:15 -04:00
Conor Patrick
d68011ef04
remove warnings
2019-03-21 00:01:37 -04:00
Conor Patrick
02e83073e0
add hmac-secret to reg response
2019-03-20 23:58:42 -04:00
Conor Patrick
3a48756f96
remove extra layer of map
2019-03-20 23:40:58 -04:00
Conor Patrick
946e932b1e
refactor to use less ram
2019-03-20 23:28:45 -04:00
Conor Patrick
142d4002e5
remove warning, reduce memory
2019-03-20 23:14:17 -04:00
Conor Patrick
2d233f164e
small bug fixes
2019-03-20 21:03:03 -04:00
Conor Patrick
b62e9906c7
make new function
2019-03-20 20:13:16 -04:00
Conor Patrick
074225d87a
hmac-secret fully functional
2019-03-20 20:03:12 -04:00
Conor Patrick
bb9b2ea9d4
validate saltAuth
2019-03-20 18:10:52 -04:00
Conor Patrick
e8d5bc5829
refactor ctap_make_auth_data arguments
2019-03-20 17:43:50 -04:00
Conor Patrick
ce3ad0e56f
bugfix
2019-03-20 16:51:58 -04:00
Conor Patrick
00d86379e5
parse full hmac-secret
2019-03-20 16:21:21 -04:00
Conor Patrick
821880a8d6
parse extension info in MC
2019-03-20 15:45:10 -04:00
Conor Patrick
5cb81c753d
Add version/extensions to PC build
2019-03-06 14:05:44 -05:00
Conor Patrick
195dc2a8ae
use 0x7f as upper counter byte
2019-03-04 02:36:47 -05:00
Conor Patrick
1507758ad1
bring pc crypto impl up to date
2019-03-02 23:10:43 -05:00
Conor Patrick
afc85e0d2e
update log message
2019-03-02 22:40:27 -05:00
Conor Patrick
dc946f5b35
centralize reset key agreement
2019-03-02 19:38:27 -05:00
Conor Patrick
e31e703afd
minor improvements
2019-03-01 23:42:22 -05:00
Conor Patrick
a265da09fb
Update u2f.c
2019-03-01 22:00:17 -05:00
Conor Patrick
32f2436380
Merge pull request #120 from nickray/sha512
...
SHA512 (via Cifra)
2019-03-01 21:44:13 -05:00
Conor Patrick
7255c4f8db
Merge pull request #121 from solokeys/nfc
...
Nfc
2019-03-01 21:43:12 -05:00
Conor Patrick
4e215db42a
start from 0
2019-02-28 23:13:12 -05:00
Nicolas Stalder
0865f2a660
do not probe bootloader
2019-02-27 03:18:12 +01:00
Nicolas Stalder
5e70c11b54
Hide onboard crypto tests behind a reserved ctaphid command
2019-02-27 02:58:56 +01:00
Conor Patrick
46ada5a8b9
WRONG_DATA apdu error code fix
2019-02-26 20:34:07 -05:00
Conor Patrick
14974e0ebe
fix compile issues
2019-02-26 15:30:57 -05:00
Conor Patrick
e8d0ad5e7c
autodetect passive nfc operation or usb operation
2019-02-26 15:04:23 -05:00
Conor Patrick
347d0942b1
refactor fromNFC
2019-02-26 14:07:27 -05:00
Conor Patrick
ff0d42c8d5
refactor clock rates, fix warnings
2019-02-26 13:56:06 -05:00
Nicolas Stalder
a6673b0917
Use our cifra fork, rename command, keep room for sha256
2019-02-26 19:52:59 +01:00
Nicolas Stalder
0c296bba30
First go at using cifra for SHA512
2019-02-26 19:52:59 +01:00
Conor Patrick
57930aaa13
fix compilation errors
2019-02-26 13:27:25 -05:00
Conor Patrick
1a6895ca25
merge
2019-02-26 13:10:16 -05:00
Conor Patrick
54b7f42056
passive operation works as is (refactor needed)
2019-02-26 01:19:35 -05:00
Conor Patrick
46d7be865d
fix upper byte U2F for backwards compatibility
2019-02-17 15:33:24 -05:00
Conor Patrick
3fed8cebdf
reduce RNG to 71
2019-02-14 18:01:23 -05:00
Conor Patrick
99f09790f1
deterministic
2019-02-14 16:03:19 -05:00
Conor Patrick
6745c9a0cb
bugfix/skip-auth for fido2 extension
2019-02-14 15:53:02 -05:00
Conor Patrick
0651316da5
catch U2F check by extension
2019-02-14 15:16:13 -05:00
Conor Patrick
f48becc6dc
bridge extension to fido2 interface
2019-02-14 15:15:58 -05:00
Conor Patrick
85c58e9d5b
TAG_EXT typo
2019-02-14 15:15:24 -05:00
Nicolas Stalder
8386ae56d2
Cleanup makefile, minor typos
2019-02-13 03:25:12 +01:00
Conor Patrick
d38d3a8342
Merge pull request #108 from yparitcher/f2ext_fixes
...
fix typo
2019-02-12 20:55:15 -05:00
Conor Patrick
c482d6cc74
typo
2019-02-12 20:52:03 -05:00
yparitcher
2cb96cb793
fix typo
2019-02-12 20:47:28 -05:00
Conor Patrick
831976f3a2
replace macros with DEBUG_LEVEL aware timestamp function
2019-02-12 20:28:48 -05:00
yparitcher
1dd835d698
add -Wextra: further code cleanup
...
please fix Wno-unused-parameter -Wno-missing-field-initializers in the future
2019-02-12 18:22:03 -05:00
yparitcher
400b37a96a
clean up build: GCC warnings
2019-02-12 18:19:38 -05:00
Conor Patrick
894f6f7ee1
Merge branch 'master' into license-change
2019-02-12 17:47:28 -05:00
Conor Patrick
ed676151f1
update license to apache2 + mit
2019-02-12 17:18:17 -05:00
Conor Patrick
6c23532f08
use 3-byte version
2019-02-12 16:37:32 -05:00
Conor Patrick
ba4f9ed7ae
bug fix
2019-02-12 15:00:01 -05:00
Conor Patrick
eb2d377ffb
add extension to solo to get version and RNG
2019-02-12 14:00:05 -05:00
Conor Patrick
2893cd7ce3
move inits to device_init
2019-02-11 22:00:18 -05:00
Conor Patrick
e230a9464e
enable ctap from usb
2019-02-07 20:09:13 -05:00
Conor Patrick
342af18b1f
initialize ctap
2019-02-07 20:09:00 -05:00
Oleg Moiseenko
32400c8d09
Merge branch 'nfc' into nfc2
2019-02-07 14:49:47 +02:00
merlokk
bc1bb3509f
move APDU dumps to separate log channel
2019-02-06 19:21:06 +02:00
merlokk
375db69e3a
fido2 works
2019-02-06 19:06:49 +02:00
Szczepan Zalega
449faea7d3
Fix buffer overread in ctap_encode_der_sig()
...
Take into account leading zeroes in the size to copy, for both R and S
ingredients of the signature.
Issue was occuring only in cases, when there was a leading zero for the
S part.
Refactor ctap_encode_der_sig():
- add in_ and out_ prefixes to the function arguments
- mark pointers const
- clear out buffer
Tested via simulated device on:
- Fedora 29
- gcc (GCC) 8.2.1 20181215 (Red Hat 8.2.1-6)
- libasan 8.2.1 / 6.fc29
(same machine, as in the related issue description)
by running ctap_test() Python test in a loop for 20 minutes (dev's
counter 400k+). Earlier issue was occuring in first minutes.
Tested on Nucleo32 board, by running the ctap_test() 20 times.
Fixes https://github.com/solokeys/solo/issues/94
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
2019-02-02 18:33:10 +01:00
Conor Patrick
1b5e230d45
merge u2f endian fix
2019-02-02 00:32:36 -05:00
Conor Patrick
ee98340a03
temporarily remove prints at start
2019-02-02 00:24:42 -05:00
merlokk
f6e2bfa683
yubikey answers U2F_SW_WRONG_PAYLOAD instead of U2F_SW_WRONG_DATA
2019-02-01 20:06:19 +02:00
merlokk
5c8acdd666
fix u2f user presence check, added `dont-enforce-user-presence-and-sign`, fix counter
2019-02-01 20:00:13 +02:00
merlokk
cce25b2a1c
u2f auth works
2019-01-28 00:04:17 +02:00
merlokk
4c941997b4
check as3956 on startup
2019-01-27 23:35:20 +02:00
merlokk
2049020b92
refactoring
2019-01-27 11:44:33 +02:00
merlokk
3eddfbf8a9
u2f register works
2019-01-26 23:44:51 +02:00
Conor Patrick
302ce75ce6
responds to RATS correctly
2019-01-12 20:20:47 -05:00
Conor Patrick
62cd7cc728
enable energy harvesting and tunneling in eeprom
2019-01-12 16:20:11 -05:00
Conor Patrick
9ff52fcdb4
Update u2f.c
2019-01-08 21:37:15 -05:00
Conor Patrick
121070822f
Update main.c
2019-01-07 21:20:07 -05:00
Conor Patrick
78c40976c3
log interrupts and recv'd data
2019-01-07 21:19:45 -05:00
Conor Patrick
c330346c31
add nfc log tag
2019-01-07 18:29:38 -05:00
Conor Patrick
3d9dd08208
non-c99 compatibility
2019-01-05 19:42:28 -05:00
Emanuele Cesena
bbc61d5743
New README and license
2018-12-16 16:19:40 -08:00
Conor Patrick
5dd3355bd8
add wink command
2018-12-08 20:37:30 -05:00
Conor Patrick
15a1fb1e5b
fix pc build
2018-12-06 23:48:46 -05:00
Conor Patrick
1a07b4a73a
add rng command
2018-12-05 19:35:22 -05:00
Conor Patrick
5a636d1ebe
boot directly st bootlaoder
2018-12-04 19:14:11 -05:00
Conor Patrick
97b715881b
boot directly to solo bootloader for solo hacker
2018-12-04 01:30:53 -05:00
Conor Patrick
b0cc9cf582
program using just hid protocol, quicker
2018-12-04 00:15:58 -05:00
Conor Patrick
5a96e82f4d
python script for progamming via solo bootloader
2018-12-03 23:01:51 -05:00
Conor Patrick
9b4b18e1a4
more configurable led
2018-12-03 20:30:35 -05:00
Conor Patrick
e107a9aa86
refactor
2018-12-03 20:06:44 -05:00
Conor Patrick
aece05b2e8
remove dead code
2018-12-03 00:14:26 -05:00
Conor Patrick
eb39e0f2c4
reboot and pass tests
2018-12-03 00:01:41 -05:00
Conor Patrick
bfa2d2830d
signed update working
2018-12-02 23:31:34 -05:00
Conor Patrick
9ff5dc6373
bug fixes, now it boots application
2018-12-02 20:30:28 -05:00
Conor Patrick
ac7950f4c4
remove printf references, add bootloader script, merge hex files
2018-12-01 17:10:49 -05:00
Conor Patrick
93d4112bc3
bootloader compiles
2018-12-01 14:42:49 -05:00
Conor Patrick
ff682d6b5e
remove debug statements
2018-11-23 11:50:51 -05:00
Conor Patrick
feceeb0a22
passing certification and interop with rk
2018-11-18 11:15:00 -08:00