mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność
1 221 Commity
52 Gałęzie
34 Tagi
4,6 MiB
Wykres commitów

36 Commity (fe24b9edd12692ff67c67855fefadb3259d9ad56)

Autor SHA1 Wiadomość Data
Enrik Berkhan fe24b9edd1 POC: add ed25519 support based on libsodium (PC) or salty (solo). 
For now:

- libsodium(-dev) is expected to be preinstalled on build system for PC
build
 2020-10-17 14:40:41 +02:00
Radoslav Gerganov f002d08071 Add support for the security manager in Google Chrome 
This patch fixes the following issues to make Google Chrome happy:
1. Adds CTAP_CBOR_CRED_MGMT(0x0A) which is an alias to CTAP_CBOR_CRED_MGMT_PRE(0x41)
2. Returns success instead of NO_CREDENTIALS when there are no RKs
3. Skip the "icon" property if it's empty

Tested with Google Chrome Version 80.0.3987.149
 2020-03-27 00:22:28 -04:00
Conor Patrick 3b42289cce add rpId to RK's, fix counting of unique RP's 2020-03-25 14:57:39 -04:00
Conor Patrick 682a443f4e refactor credMgmt to parse as subCommandParams, and get ready for delete command 2020-03-25 14:57:39 -04:00
Conor Patrick 3a70ee0ec6 refactor authData and extension handling to work for getNextAssertion 2020-03-25 14:57:39 -04:00
Conor Patrick 97eb6bba8a bug fix 2020-03-25 14:57:39 -04:00
Conor Patrick 4831410111 add credProtect extension 2020-03-25 14:57:39 -04:00
Radoslav Gerganov 79b43a90fd Implement commands for management of resident keys 
Implement command 0x41 which is used by OpenSSH for reading RKs. It has
the following subcommands:
 * CMD_CRED_METADATA - get number of saved/remaining RKs
 * CMD_RP_BEGIN/CMD_RP_NEXT - iterate over the saved RPs
 * CMD_RK_BEGIN/CMD_RK_NEXT - iterate over the RKs for a given RP

Fixes issue #374 and issue #314
 2020-03-21 11:59:22 -04:00
Conor Patrick 1d59bbfdd4 support different aaguid's in cert for different solo models 2019-12-01 18:09:08 -05:00
Conor Patrick 0ebe0ff502 add ctap function to overwrite key bytes 2019-10-08 13:42:37 -04:00
Conor Patrick a9bbdee35b
Merge branch 'master' into remove-pin-storage 2019-09-02 21:45:21 +08:00
Conor Patrick 3b53537077 refactor fido2 user presence handling & increase timeout to 29s 2019-08-23 13:19:28 +08:00
Szczepan Zalega 6e637299e5
Add missing declaration, and comment out wallet message 2019-08-20 11:34:35 +02:00
Conor Patrick 0f50ae7d63 change u2f to return early if button not immediately pressed 2019-05-10 15:56:52 -04:00
Conor Patrick 813eb97d2f reuse memory for allow_list of creds 2019-04-24 11:45:30 -04:00
Conor Patrick b0baace2e7 move custom credid to different location 2019-04-24 00:15:32 -04:00
Adam Langley a5f794c0ff Handle empty pinAuth fields. 
CTAP2 specifies that an empty pinAuth field is special: it indicates
that the device should block for touch, i.e. it's just a way of letting
a user select from multiple authenticators[1].

This change handles empty pinAuth fields in GetAssertion and
MakeCredential commands.

[1] https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential
 2019-04-20 16:26:32 -07:00
Conor Patrick 44fa3bbb8e Add checks to use U2F key if necessary 2019-04-13 22:37:31 -04:00
Conor Patrick 074225d87a hmac-secret fully functional 2019-03-20 20:03:12 -04:00
Conor Patrick bb9b2ea9d4 validate saltAuth 2019-03-20 18:10:52 -04:00
Conor Patrick e8d5bc5829 refactor ctap_make_auth_data arguments 2019-03-20 17:43:50 -04:00
Conor Patrick ce3ad0e56f bugfix 2019-03-20 16:51:58 -04:00
Conor Patrick 00d86379e5 parse full hmac-secret 2019-03-20 16:21:21 -04:00
Conor Patrick 821880a8d6 parse extension info in MC 2019-03-20 15:45:10 -04:00
Conor Patrick ed676151f1 update license to apache2 + mit 2019-02-12 17:18:17 -05:00
Szczepan Zalega 449faea7d3
Fix buffer overread in ctap_encode_der_sig() 
Take into account leading zeroes in the size to copy, for both R and S
ingredients of the signature.
Issue was occuring only in cases, when there was a leading zero for the
S part.

Refactor ctap_encode_der_sig():
- add in_ and out_ prefixes to the function arguments
- mark pointers const
- clear out buffer

Tested via simulated device on:
- Fedora 29
- gcc (GCC) 8.2.1 20181215 (Red Hat 8.2.1-6)
- libasan 8.2.1 / 6.fc29
(same machine, as in the related issue description)
by running ctap_test() Python test in a loop for 20 minutes (dev's
counter 400k+). Earlier issue was occuring in first minutes.

Tested on Nucleo32 board, by running the ctap_test() 20 times.

Fixes https://github.com/solokeys/solo/issues/94

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
 2019-02-02 18:33:10 +01:00
Emanuele Cesena bbc61d5743 New README and license 2018-12-16 16:19:40 -08:00
Conor Patrick feceeb0a22 passing certification and interop with rk 2018-11-18 11:15:00 -08:00
Conor Patrick fc8bc892c1 add initial resident key support 2018-11-18 11:15:00 -08:00
Conor Patrick 693bac9c15 increase max msg size 2018-11-18 11:15:00 -08:00
Conor Patrick 2fd96f8e4b pass fido2 tests 2018-10-28 16:30:55 -04:00
Conor Patrick 476178b3d3 use MIT license 2018-09-13 17:58:34 -04:00
Conor Patrick eaa7e15499 all core functionality *works* 2018-07-11 21:55:20 -04:00
Conor Patrick 156dc3163a complete pin support 2018-07-10 19:16:41 -04:00
Conor Patrick b9220defcc pin auth working 2018-07-08 22:36:16 -04:00
Conor Patrick fb9a592d50 move things around and add efm8 and efm32 builds 2018-06-27 21:39:19 -04:00