mirror
/
u2f-zero
kopia lustrzana https://github.com/conorpp/u2f-zero
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Merge branch 'master' of github.com:conorpp/u2f-zero

vtcsec_summit
Conor 2016-04-02 01:32:39 -04:00
rodzic 3ea019f5ae 6a20646538
commit 0e5d6453ce
3 zmienionych plików z 37 dodań i 34 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

44
README.md
Wyświetl plik

@ -3,6 +3,7 @@
U2F Zero
========
![](http://i.imgur.com/ZSk2AW3.jpg)
Overview
=======
@ -23,6 +24,29 @@ The device also has an RGB LED for status indication and a button to receive use
USB pins are exposed copper zones on the PCB. A 2mm thick PCB is recommended for best fit but 1.6 mm will work as well.
## Random number generation
The ATECC508A has a tamper resistent, [cryptographically secure
random number generator](https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator)
(CSPRNG) that implements [CTR_DRBG](https://en.wikipedia.org/wiki/NIST_SP_800-90A).
It's used internally for key generation and signing but it's also exposed to the user because
a good source of entropy can be useful.
Generate random numbers from the device:
```bash
cd tools/u2f_zero_client
./client.py rng # output randomness at about 1400 bytes/s
```
Update the seed with user supplied data:
```bash
cd tools/u2f_zero_client
cat /dev/random | ./client.py seed # update seed at about 410 bytes/s
```
Firmware
========
@ -83,26 +107,6 @@ U2F layer:
* u2f.h
* u2f-atecc.c // device specific implementation
## Random number generation
U2F Zero has a [true random number generator](https://en.wikipedia.org/wiki/Hardware_random_number_generator)
(TRNG). It's used internally
for key generating and signing but it's also exposed to the user for other use cases because
a good source of entropy can be useful.
Generate random numbers from the device:
```python
cd tools/u2f_zero_client
./client.py rng # output randomness at about 1400 bytes/s
```
Update the seed with user supplied data:
```python
cd tools/u2f_zero_client
cat /dev/random | ./client.py seed # update seed at about 410 bytes/s
```
## Build a U2F Zero token yourself

14
tools/gencert/ca/Makefile
Wyświetl plik

@ -1,14 +0,0 @@
keyname=key.pem
certname=cert.pem
curve=prime256v1
ca:
# generate EC private key
openssl ecparam -genkey -name $(curve) -out $(keyname)
# generate a "signing request"
openssl req -new -key $(keyname) -out $(keyname).csr
# self sign the request
openssl x509 -req -in $(keyname).csr -signkey $(keyname) -out $(certname)

13
tools/gencert/ca/genca.sh 100755
Wyświetl plik

@ -0,0 +1,13 @@
#!/bin/bash
keyname=key.pem
certname=cert.pem
curve=prime256v1
# generate EC private key
openssl ecparam -genkey -name "$curve" -out "$keyname"
# generate a "signing request"
openssl req -new -key "$keyname" -out "$keyname".csr
# self sign the request
openssl x509 -req -in "$keyname".csr -signkey "$keyname" -out "$certname"