Fix minor typos

* Stylize "SoloKey"
* Spell out "receive" (since not explicitly used as CLI command)

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: [solokeys]

Dockerfile

@@ -24,7 +24,7 @@ RUN set -eux; \
 # Set Path for ARM compiler
 ENV PATH="$PATH:/opt/gcc-arm-none-eabi-8-2019-q3-update/bin"
 
-# Python3.7: for solo-python (merging etc.)
+# Python3.7: for solo1-cli (merging etc.)
 RUN set -eux; \
 	url="https://repo.anaconda.com/miniconda/Miniconda3-4.5.12-Linux-x86_64.sh"; \
 	wget -O miniconda.sh "$url"; \
@@ -38,8 +38,8 @@ RUN set -eux; \
 	rm miniconda.sh; \
   pip install -U pip
 
-# solo-python (Python3.7 script for merging etc.)
-RUN pip install -U solo-python
+# solo1-cli (Python3.7 script for merging etc.)
+RUN pip install -U solo1
 
 # Rust for salty
 ENV RUSTUP_HOME=/rust/rustup

README.md

@@ -63,9 +63,9 @@ git submodule update --init --recursive
 
 ## Installing the toolchain and applying updates
 
-In order to compile ARM code, you need the ARM compiler and other things like bundling bootloader and firmware require the [solo-python](https://github.com/solokeys/solo-python) python package. Check our [documentation](https://docs.solokeys.dev/) for details.
+In order to compile ARM code, you need the ARM compiler and other things like bundling bootloader and firmware require the [solo1](https://github.com/solokeys/solo1-cli) python package. Check our [documentation](https://docs.solokeys.dev/) for details.
 
-You can update your solokey after running `pip3 install solo-python` with `solo key update` for the latest version. To apply a custom image use `solo program bootloader <file>(.json|.hex)`.
+You can update your SoloKey after running `pip3 install solo1` with `solo1 key update` for the latest version. To apply a custom image use `solo1 program bootloader <file>(.json|.hex)`.
 
 ## Installing the toolkit and compiling in Docker
 Alternatively, you can use Docker to create a container with the toolchain.
@@ -103,8 +103,8 @@ cd ../..
 
 make venv
 source venv/bin/activate
-solo program aux enter-bootloader
-solo program bootloader targets/stm32l432/solo.hex
+solo1 program aux enter-bootloader
+solo1 program bootloader targets/stm32l432/solo.hex
 ```
 
 # Developing Solo (No Hardware Needed)
@@ -114,7 +114,7 @@ solo program bootloader targets/stm32l432/solo.hex
 1. Need libsodium.  On debian, install:
 
 ```
-sudo apt install libsodium-dev 
+sudo apt install libsodium-dev
 ```
 
 ## Building
@@ -127,7 +127,7 @@ cd solo
 make all
 ```
 
-This builds Solo as a standalone application. Solo application is set up to send and recv USB HID messages over UDP to ease development and reduce need for hardware.
+This builds Solo as a standalone application. Solo application is set up to send and receive USB HID messages over UDP to ease development and reduce need for hardware.
 
 Testing can be done using our fork of Yubico's client software, python-fido2. Our fork of python-fido2 has small changes to make it send USB HID over UDP to the authenticator application. You can install our fork by running the following:
 

SECURITY.md

@@ -2,16 +2,16 @@
 
 ## Supported Versions
 
-We fix security issues as soon as they are found, and release firmware updates.  
+We fix security issues as soon as they are found, and release firmware updates.
 Each such release is accompanied by release notes, see <https://github.com/solokeys/solo/releases>.
 
 The latest version can be determined using the file <https://github.com/solokeys/solo/blob/master/STABLE_VERSION>.
 
 To update your key:
 - either visit <https://update.solokeys.com>, or
-- use our commandline tool <https://github.com/solokeys/solo-python>:
+- use our commandline tool <https://github.com/solokeys/solo1-cli>:
 ```
-solo key update
+solo1 key update
 ```
 
 ## Reporting a Vulnerability

STABLE_VERSION

@@ -1 +1 @@
-4.1.1
+4.1.5

docs/application-ideas.md

@@ -139,7 +139,7 @@ Add following entry
 <br>
 
 Save the file and test it. <br>
-In case your Solo is not present, your password will be incrorrect. If Solo is plugged into your USB port, it will signal pressing the button and you will be able to login into Linux.
+In case your Solo is not present, your password will be incorrect. If Solo is plugged into your USB port, it will signal pressing the button and you will be able to login into Linux.
 
 Why **required**? If you choose the option **sufficent** your Solo is optional. You could also login without second factor if your Solo is not connected.
 

docs/bootloader-mode.md

@@ -7,7 +7,7 @@ solo program aux enter-bootloader
 ```
 
 If your Solo is a bit older (<=2.5.3) You can put Solo into bootloader mode by using the button method:
-Hold down button while plugging in Solo.  After 2 seconds, bootloader mode will activate.
+Hold down button first and keep pressed, then plug in Solo.  After 2 seconds, bootloader mode will activate.
 You'll see a yellowish flashing light and you can let go of the button.
 
 Now Solo is ready to [accept firmware updates](/signed-updates).  If the Solo is a secured model, it can only accept signed updates, typically in the `firmware-*.json` format.

docs/building.md

@@ -12,7 +12,7 @@ Install the [latest ARM compiler toolchain](https://developer.arm.com/open-sourc
 You can also install the ARM toolchain  using a package manager like `apt-get` or `pacman`,
 but be warned they might be out of date.  Typically it will be called `gcc-arm-none-eabi binutils-arm-none-eabi`.
 
-Install `solo-python` usually with `pip3 install solo-python`. The `solo` python application may also be used for [programming](#programming).
+Install `solo1` usually with `pip3 install solo1`. The `solo` python application may also be used for [programming](#programming).
 
 ## Obtain source code and solo tool
 
@@ -23,10 +23,10 @@ Source code can be downloaded from:
 
 **solo** tool can be downloaded from:
 
--   from python programs [repository](https://pypi.org/project/solo-python/) `pip install solo-python`
+-   from python programs [repository](https://pypi.org/project/solo1/) `pip install solo1`
 -   from installing prerequisites `pip3 install -r tools/requirements.txt`
--   github repository: [repository](https://github.com/solokeys/solo-python)
--   installation python enviroment with command `make venv` from root directory of source code
+-   github repository: [repository](https://github.com/solokeys/solo1-cli)
+-   installation python environment with command `make venv` from root directory of source code
 
 ## Compilation
 
@@ -75,7 +75,7 @@ We recommend using our `solo` tool as a serial emulator since it will automatica
 reconnect each time you program Solo.
 
 ```
-solo monitor <serial-port>
+solo1 monitor <serial-port>
 ```
 
 #### Linux Users:
@@ -99,7 +99,7 @@ make bootloader-nonverifying
 This outputs `bootloader.hex`.  We can then merge the bootloader and application.
 
 ```
-solo mergehex bootloader.hex solo.hex bundle.hex
+solo1 mergehex bootloader.hex solo.hex bundle.hex
 ```
 
 `bundle.hex` is our complete firmware build.  Note it is in this step that you can
@@ -108,7 +108,7 @@ By default the "hacker" attestation certifcate and key is used.  Use the `--lock
 to make this permanent.
 
 ```
-solo mergehex  \
+solo1 mergehex  \
     --attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
     --attestation-cert attestation.der \
     solo.hex \
@@ -122,7 +122,7 @@ The new bootloader may be able to accept (signed) updates still, depending on ho
 
 ```
 # Permanent!
-solo mergehex  \
+solo1 mergehex  \
     --attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
     --attestation-cert attestation.der \
     --lock \

docs/nucleo32-board.md

@@ -33,6 +33,11 @@ Make sure 5V is not connected, and is covered from contacting with the board ele
 
 Based on [USB-A_schematic.pdf].
 
+## Nucleo board connection illustration
+The picture below shows the connection to Nucleo board. If you want to power the Nucleo board over USB connection, you have to add **USB 5V** to **VIN** Pin. In this case you couldn't use the ST-Link for powering the Nucleo board.
+
+<img src="../images/nucleo_board_connection.png" title="Nucleo Board Connection" />
+
 ## Firmware modification
 
 Following patch has to be applied to skip the user presence confirmation, for tests. Might be applied at a later stage.
@@ -98,6 +103,26 @@ If you're on MacOS X and installed the STM32CubeProg, you need to add the follow
 export PATH="/Applications/STMicroelectronics/STM32Cube/STM32CubeProgrammer/STM32CubeProgrammer.app/Contents/MacOs/bin/":$PATH
 ```
 
+### Adding udev rules Linux
+
+On Linux it might be necessary to install udev rules for **ST-Link V2**.<br>
+In case you couldn't download your programm to you Nucleoboard you should add the rules for ST-Link.
+
+Add following file:<br>
+***/etc/udev/rules.d/49-stlinkv2-1.rules*** with this content.
+
+```
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374a", \
+    MODE:="0666", \
+    SYMLINK+="stlinkv2-1_%n"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", \
+    MODE:="0666", \
+    SYMLINK+="stlinkv2-1_%n"
+```
+
+After logout and new login, the ST-Link should work.
+
 ## Building and flashing
 
 ### Building

docs/programming.md

@@ -7,7 +7,7 @@ This page documents how to update or program your Solo.
 To program Solo, you'll likely only need to use our Solo tool.
 
 ```python
-pip3 install solo-python
+pip3 install solo1
 ```
 
 ## Updating the firmware
@@ -15,13 +15,13 @@ pip3 install solo-python
 If you just want to update the firmware, you can run:
 
 ```bash
-solo key update
+solo1 key update
 ```
 
 You can manually install the [latest release](https://github.com/solokeys/solo/releases), or use a build that you made.
 
 ```bash
-solo program bootloader <firmware.hex | firmware.json>
+solo1 program bootloader <firmware.hex | firmware.json>
 ```
 
 Note you won't be able to use `all.hex` or the `bundle-*.hex` builds, as these include the solo bootloader.  You shouldn't
@@ -54,16 +54,16 @@ concern with using our default attestation key, aside from a small privacy impli
 1. Boot into DFU mode.
 
         # Enter Solo bootloader
-        solo program aux enter-bootloader
+        solo1 program aux enter-bootloader
 
         # Enter DFU
-        solo program aux enter-dfu
+        solo1 program aux enter-dfu
 
     The device should be turned off.
 
 2. Program the device
 
-        solo program dfu <bundle-secure-non-solokeys.hex | bundle.hex>
+        solo1 program dfu <bundle-secure-non-solokeys.hex | bundle.hex>
 
     Double check you programmed it with bootloader + application (or just bootloader).
     If you messed it up, simply don't do the next step and repeat this step correctly.
@@ -73,7 +73,7 @@ concern with using our default attestation key, aside from a small privacy impli
     Once Solo boots a secure build, it will lock the flash permantly from debugger access.  Also the bootloader
     will only accept signed firmware updates.
 
-        solo program aux leave-dfu
+        solo1 program aux leave-dfu
 
 If you are having problems with solo tool and DFU mode, you could alternatively try booting into DFU
 by holding down the button while Solo is in bootloader mode.  Then try another programming tool that works
@@ -84,7 +84,7 @@ with ST DFU:
 * stlink
 
 Windows users need to install [libusb](https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/1.2.6.0/)
-for solo-python to work with Solo's DFU.
+for solo1 to work with Solo's DFU.
 
 
 ## Programming a Solo that hasn't been programmed
@@ -93,13 +93,13 @@ A Solo that hasn't been programmed will boot into DFU mode.  You can program
 it by following a bootloader, or combined bootloader + application.
 
 ```
-solo program dfu <bundle-*.hex | all.hex>
+solo1 program dfu <bundle-*.hex | all.hex>
 ```
 
 Then boot the device.  Make sure it has a bootloader to boot to.
 
 ```
-solo program aux leave-dfu
+solo1 program aux leave-dfu
 ```
 
 ## Disable signed firmware updates
@@ -108,7 +108,7 @@ If you'd like to also permanently disable signed updates, plug in your programme
 
 ```bash
 # WARNING: No more signed updates.
-solo program disable-bootloader
+solo1 program disable-bootloader
 ```
 
 You won't be able to update to any new releases.

docs/solo-extras.md

@@ -6,14 +6,14 @@ Solo contains a True Random Number Generator (TRNG).  A TRNG is a hardware based
 that leverages natural phenomenon to generate random numbers, which can be better than a traditional
 RNG that has state and updates deterministically using cryptographic methods.
 
-You can easily access the TRNG stream on Solo using our python tool [`solo-python`](https://github.com/solokeys/solo-python).
+You can easily access the TRNG stream on Solo using our python tool [`solo1`](https://github.com/solokeys/solo1-cli).
 
 ```
-solo key rng raw > random.bin
+solo1 key rng raw > random.bin
 ```
 
 Or you can seed the state of the RNG on your kernel (`/dev/random`).
 
 ```
-solo key rng feedkernel
+solo1 key rng feedkernel
 ```

docs/tutorial-getting-started.md

@@ -16,8 +16,8 @@ There are two main tools you will need to work on your solo hacker:
 * ARM Compiler tool chain
 * Solo python tool
 
-The ARM Compiler is used to compile your C-code to a hex file, which can then be deployed onto your solo hacker. The solo tool helps with deploying, updating etc. of the solo hacker. It is a python3 tool. So make sure, that you got Python3 installed on your system \([pip](https://pip.pypa.io/en/stable/) might also come in handy\).  
-  
+The ARM Compiler is used to compile your C-code to a hex file, which can then be deployed onto your solo hacker. The solo tool helps with deploying, updating etc. of the solo hacker. It is a python3 tool. So make sure, that you got Python3 installed on your system \([pip](https://pip.pypa.io/en/stable/) might also come in handy\).
+
 Besides that, you will also need to get the [solo code](https://github.com/solokeys/solo).
 
 ### Get the code
@@ -30,12 +30,12 @@ git clone --recurse-submodules https://github.com/solokeys/solo
 
 ### Getting the ARM Compiler tool chain
 
-Download the Compiler tool chain for your system [here](https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads). After you have downloaded it, you will have to unzip it and add the path to the installation folder.   
-  
-**Readme**  
-There is a readme.txt __ in _gcc-arm-none-eabi-x-yyyy-dd-major/share/doc/gcc-arm-none-eabi_. It contains installation guides for Linux, Windows and Mac.   
-  
-**Installation**  
+Download the Compiler tool chain for your system [here](https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads). After you have downloaded it, you will have to unzip it and add the path to the installation folder.
+
+**Readme**
+There is a readme.txt __ in _gcc-arm-none-eabi-x-yyyy-dd-major/share/doc/gcc-arm-none-eabi_. It contains installation guides for Linux, Windows and Mac.
+
+**Installation**
 As I used Mac, I will guide you through the installation using MacOS. If you have unpacked the folder already, you can skip the first step.
 
 ```bash
@@ -61,10 +61,10 @@ compilation terminated.
 There are several ways, which are listed at the [build instructions](https://docs.solokeys.io/solo/building/). If you are familiar with pip, just use this.
 
 ```bash
-pip install solo-python
+pip install solo1
 
 #Or
-pip3 install solo-python
+pip3 install solo1
 ```
 
 **Install all other requirements**
@@ -128,13 +128,13 @@ make cbor
 You should also make sure to check, that your key has the newest solo firmware installed. To check the firmware on the device, use this command:
 
 ```bash
-solo key version
+solo1 key version
 ```
 
 To update to the newest version, use this command:
 
 ```bash
-solo key update
+solo1 key update
 ```
 
 **Note:** Sometimes the connection between Mac and key seemed to be broken and you might get an error stating: _No solo found_. Just unplug the key and plug it back in.
@@ -172,7 +172,7 @@ This will generate a file _solo.hex_, which has the compiled code on it. If you
 
 #### Deploy code
 
-To deploy the code make sure you are back at the source root. 
+To deploy the code make sure you are back at the source root.
 
 ```bash
 cd ../..
@@ -181,7 +181,7 @@ cd ../..
 First we will have to change into bootload modus:
 
 ```bash
-solo program aux enter-bootloader
+solo1 program aux enter-bootloader
 ```
 
 This is needed to be able to load the new firmware on the device. If we forget this step, the solo tool will do it for us in the next step.
@@ -189,13 +189,13 @@ This is needed to be able to load the new firmware on the device. If we forget t
 This is the moment of truth. We delete the old firmware and deploy the new one with the changed LED lights to the solo key. For this step we will also stay in the source root.
 
 ```bash
-solo program bootloader targets/stm32l432/solo.hex
+solo1 program bootloader targets/stm32l432/solo.hex
 ```
 
-If there is another hex-File, that you want to load, you can just exchange the last argument.  
-  
-And that's it, now your LED should be red.  
-  
+If there is another hex-File, that you want to load, you can just exchange the last argument.
+
+And that's it, now your LED should be red.
+
 To summarize, here are again the steps to update your solo:
 
 1. Change code
@@ -212,8 +212,8 @@ make build-hacker
 cd ../..
 
 #Enter bootloader mode
-solo program aux enter-bootloader
+solo1 program aux enter-bootloader
 
 #Deploy code
-solo program bootloader targets/stm32l432/solo.hex
+solo1 program bootloader targets/stm32l432/solo.hex
 ```

docs/udev.md

@@ -4,7 +4,7 @@ On Linux, by default USB dongles can't be accessed by users, for security reason
 
 For some users, things will work automatically:
 
-  - Recent Linux distributions (such as Ubuntu Focal, Fedora 32, [Arch Linux](https://wiki.archlinux.org/index.php/Solo)) with systemd 244 or higher automatically detect FIDO devices (check with `systemctl --version`)
+  - Recent Linux distributions (such as Debian 11, Ubuntu Focal, Fedora 32, [Arch Linux](https://wiki.archlinux.org/index.php/Solo)) with systemd 244 or higher automatically detect FIDO devices (check with `systemctl --version`)
   - Fedora seems to use a ["universal" udev rule for FIDO devices](https://github.com/amluto/u2f-hidraw-policy)
   - Our udev rule made it into [libu2f-host](https://github.com/Yubico/libu2f-host/) v1.1.10
   - [Debian Buster](https://packages.ubuntu.com/buster/libu2f-udev) and [Ubuntu Groovy](https://packages.ubuntu.com/groovy/libu2f-udev) can use the `libu2f-udev` package

fido2/ctap.c

@@ -1144,7 +1144,8 @@ static int cred_cmp_func(const void * _a, const void * _b)
     return b->credential.id.count - a->credential.id.count;
 }
 
-static void add_existing_user_info(CTAP_credentialDescriptor * cred)
+// Return 1 if existing info found, 0 otherwise
+static int add_existing_user_info(CTAP_credentialDescriptor * cred)
 {
     CTAP_residentKey rk;
     int index = STATE.rk_stored;
@@ -1156,11 +1157,12 @@ static void add_existing_user_info(CTAP_credentialDescriptor * cred)
         {
             printf1(TAG_GREEN, "found rk match for allowList item (%d)\r\n", i);
             memmove(&cred->credential.user, &rk.user, sizeof(CTAP_userEntity));
-            return;
+            return 1;
         }
 
     }
     printf1(TAG_GREEN, "NO rk match for allowList item \r\n");
+    return 0;
 }
 
 // @return the number of valid credentials
@@ -1202,9 +1204,15 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
             }
             else
             {
-                // add user info if it exists
-                add_existing_user_info(&GA->creds[i]);
                 count++;
+                // add user info if it exists
+                if ( add_existing_user_info(&GA->creds[i]) ) {
+                    printf1(TAG_GREEN,"USER ID SIZE: %d\r\n", GA->creds[i].credential.user.id_size);
+                    // If RK matches credential in the allow_list, we should
+                    // only return one credential.
+                    GA->credLen = i+1;
+                    break;
+                }
             }
 
         }
@@ -1857,6 +1865,7 @@ uint8_t ctap_get_assertion(CborEncoder * encoder, uint8_t * request, int length)
        map_size += 1;
     }
 
+    printf1(TAG_GREEN,"2 USER ID SIZE: %d\r\n", GA.creds[0].credential.user.id_size);
 
     if (GA.creds[validCredCount - 1].credential.user.id_size)
     {

mkdocs.yml

@@ -4,7 +4,7 @@ site_description: 'Documentation for the SoloKeys solo software'
 site_url: 'https://docs.solokeys.dev/'
 repo_url: 'https://github.com/solokeys/solo'
 repo_name: 'solokeys/solo'
-copyright: 'Copyright © 2018 - 2019 SoloKeys'
+copyright: 'Copyright © 2018 - 2020 SoloKeys'
 
 nav:
     - Home: index.md

tools/requirements.txt

@@ -1,6 +1,6 @@
 ecdsa
 intelhex
 pyserial
-solo-python
 pyusb
+solo1
 wheel