diff --git a/Cargo.toml b/Cargo.toml index f3616f6..a11d0f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,11 +30,12 @@ with_ctap1 = ["crypto/with_ctap1"] with_ctap2_1 = [] [dev-dependencies] -elf2tab = "0.4.0" +elf2tab = "0.6.0" enum-iterator = "0.6.0" [build-dependencies] openssl = "0.10" +uuid = { version = "0.8", features = ["v4"] } [profile.dev] panic = "abort" diff --git a/build.rs b/build.rs index c8c9007..e9f2835 100644 --- a/build.rs +++ b/build.rs @@ -21,8 +21,10 @@ use openssl::pkey::PKey; use openssl::x509; use std::env; use std::fs::File; +use std::io::Read; use std::io::Write; use std::path::Path; +use uuid::Uuid; fn main() { println!("cargo:rerun-if-changed=crypto_data/opensk.key"); @@ -84,7 +86,10 @@ fn main() { cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap(); let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap(); - let mut serial = cert.serial_number().to_bn().unwrap().to_vec(); - serial.resize(16, 0); - aaguid_bin_file.write_all(&serial).unwrap(); + let mut aaguid_txt_file = File::open("crypto_data/aaguid.txt").unwrap(); + let mut content = String::new(); + aaguid_txt_file.read_to_string(&mut content).unwrap(); + content.truncate(36); + let aaguid = Uuid::parse_str(&content).unwrap(); + aaguid_bin_file.write_all(aaguid.as_bytes()).unwrap(); } diff --git a/deploy.py b/deploy.py index 55fd00d..421ead0 100755 --- a/deploy.py +++ b/deploy.py @@ -228,7 +228,7 @@ class RemoveConstAction(argparse.Action): required=False, help=None, metavar=None): - super(RemoveConstAction, self).__init__( + super().__init__( option_strings=option_strings, dest=dest, nargs=0, @@ -406,10 +406,10 @@ class OpenSKInstaller: self.args.application)) elf2tab_ver = self.checked_command_output(["elf2tab", "--version"]).split( "\n", maxsplit=1)[0] - if elf2tab_ver != "elf2tab 0.5.0": + if elf2tab_ver != "elf2tab 0.6.0": error( ("Detected unsupported elf2tab version {!a}. The following " - "commands may fail. Please use 0.5.0 instead.").format(elf2tab_ver)) + "commands may fail. Please use 0.6.0 instead.").format(elf2tab_ver)) os.makedirs(self.tab_folder, exist_ok=True) tab_filename = os.path.join(self.tab_folder, "{}.tab".format(self.args.application)) @@ -839,7 +839,7 @@ if __name__ == "__main__": ) main_parser.add_argument( "--ctap2.1", - action=RemoveConstAction, + action="append_const", const="with_ctap2_1", dest="features", help=("Compiles the OpenSK application with backward compatible " diff --git a/reproducible/aaguid.txt b/reproducible/aaguid.txt new file mode 100644 index 0000000..05a9e52 --- /dev/null +++ b/reproducible/aaguid.txt @@ -0,0 +1 @@ +664d9f67-84a2-412a-9ff7-b4f7d8ee6d05 diff --git a/setup.sh b/setup.sh index ff77b6d..4047368 100755 --- a/setup.sh +++ b/setup.sh @@ -42,4 +42,4 @@ pip3 install --user --upgrade 'tockloader==1.5' six intelhex rustup target add thumbv7em-none-eabi # Install dependency to create applications. -cargo install elf2tab --version 0.5.0 +cargo install elf2tab --version 0.6.0 diff --git a/tools/gen_key_materials.sh b/tools/gen_key_materials.sh index f8a7bca..d9aa432 100755 --- a/tools/gen_key_materials.sh +++ b/tools/gen_key_materials.sh @@ -14,6 +14,9 @@ # limitations under the License. generate_crypto_materials () { + # OpenSK AAGUID + local aaguid_file=crypto_data/aaguid.txt + # Root CA key pair and certificate local ca_priv_key=crypto_data/opensk_ca.key local ca_cert_name=crypto_data/opensk_ca @@ -49,7 +52,7 @@ generate_crypto_materials () { -new \ -key "${ca_priv_key}" \ -out "${ca_cert_name}.csr" \ - -subj "/CN=Google OpenSK CA" + -subj "/CN=OpenSK CA" "${openssl}" x509 \ -trustout \ -req \ @@ -72,7 +75,7 @@ generate_crypto_materials () { -new \ -key "${opensk_key}" \ -out "${opensk_cert_name}.csr" \ - -subj "/CN=Google OpenSK Hacker Edition" + -subj "/CN=OpenSK Hacker Edition" "${openssl}" x509 \ -req \ -days 3652 \ @@ -84,6 +87,11 @@ generate_crypto_materials () { -out "${opensk_cert_name}.pem" \ -sha256 fi + + if [ "${force_generate}" = "Y" -o ! -f "${aaguid_file}" ] + then + uuidgen > "${aaguid_file}" + fi } generate_crypto_materials "$1"