From 728401b00fe10b1c43e91c122536812305d3b61f Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Tue, 1 Sep 2020 17:23:26 +0200 Subject: [PATCH 1/5] Bump elf2tab to 0.6.0 --- Cargo.toml | 2 +- deploy.py | 4 ++-- setup.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f3616f6..22252d0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,7 +30,7 @@ with_ctap1 = ["crypto/with_ctap1"] with_ctap2_1 = [] [dev-dependencies] -elf2tab = "0.4.0" +elf2tab = "0.6.0" enum-iterator = "0.6.0" [build-dependencies] diff --git a/deploy.py b/deploy.py index 55fd00d..6463d39 100755 --- a/deploy.py +++ b/deploy.py @@ -406,10 +406,10 @@ class OpenSKInstaller: self.args.application)) elf2tab_ver = self.checked_command_output(["elf2tab", "--version"]).split( "\n", maxsplit=1)[0] - if elf2tab_ver != "elf2tab 0.5.0": + if elf2tab_ver != "elf2tab 0.6.0": error( ("Detected unsupported elf2tab version {!a}. The following " - "commands may fail. Please use 0.5.0 instead.").format(elf2tab_ver)) + "commands may fail. Please use 0.6.0 instead.").format(elf2tab_ver)) os.makedirs(self.tab_folder, exist_ok=True) tab_filename = os.path.join(self.tab_folder, "{}.tab".format(self.args.application)) diff --git a/setup.sh b/setup.sh index ff77b6d..4047368 100755 --- a/setup.sh +++ b/setup.sh @@ -42,4 +42,4 @@ pip3 install --user --upgrade 'tockloader==1.5' six intelhex rustup target add thumbv7em-none-eabi # Install dependency to create applications. -cargo install elf2tab --version 0.5.0 +cargo install elf2tab --version 0.6.0 From 62c9cebb3efdd2780711c02b85a3d6ac7ac89bf1 Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Tue, 1 Sep 2020 17:23:43 +0200 Subject: [PATCH 2/5] Fix logic error with ctap2.1 --- deploy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.py b/deploy.py index 6463d39..8a58d96 100755 --- a/deploy.py +++ b/deploy.py @@ -839,7 +839,7 @@ if __name__ == "__main__": ) main_parser.add_argument( "--ctap2.1", - action=RemoveConstAction, + action="append_const", const="with_ctap2_1", dest="features", help=("Compiles the OpenSK application with backward compatible " From 34f3483f9ea7fc1dbaa5da0d4055504e7c54d19e Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Mon, 14 Sep 2020 14:03:57 +0200 Subject: [PATCH 3/5] Decoralate AAGUID and certificates --- Cargo.toml | 1 + build.rs | 11 ++++++++--- tools/gen_key_materials.sh | 12 ++++++++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 22252d0..a11d0f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,6 +35,7 @@ enum-iterator = "0.6.0" [build-dependencies] openssl = "0.10" +uuid = { version = "0.8", features = ["v4"] } [profile.dev] panic = "abort" diff --git a/build.rs b/build.rs index c8c9007..e9f2835 100644 --- a/build.rs +++ b/build.rs @@ -21,8 +21,10 @@ use openssl::pkey::PKey; use openssl::x509; use std::env; use std::fs::File; +use std::io::Read; use std::io::Write; use std::path::Path; +use uuid::Uuid; fn main() { println!("cargo:rerun-if-changed=crypto_data/opensk.key"); @@ -84,7 +86,10 @@ fn main() { cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap(); let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap(); - let mut serial = cert.serial_number().to_bn().unwrap().to_vec(); - serial.resize(16, 0); - aaguid_bin_file.write_all(&serial).unwrap(); + let mut aaguid_txt_file = File::open("crypto_data/aaguid.txt").unwrap(); + let mut content = String::new(); + aaguid_txt_file.read_to_string(&mut content).unwrap(); + content.truncate(36); + let aaguid = Uuid::parse_str(&content).unwrap(); + aaguid_bin_file.write_all(aaguid.as_bytes()).unwrap(); } diff --git a/tools/gen_key_materials.sh b/tools/gen_key_materials.sh index f8a7bca..d9aa432 100755 --- a/tools/gen_key_materials.sh +++ b/tools/gen_key_materials.sh @@ -14,6 +14,9 @@ # limitations under the License. generate_crypto_materials () { + # OpenSK AAGUID + local aaguid_file=crypto_data/aaguid.txt + # Root CA key pair and certificate local ca_priv_key=crypto_data/opensk_ca.key local ca_cert_name=crypto_data/opensk_ca @@ -49,7 +52,7 @@ generate_crypto_materials () { -new \ -key "${ca_priv_key}" \ -out "${ca_cert_name}.csr" \ - -subj "/CN=Google OpenSK CA" + -subj "/CN=OpenSK CA" "${openssl}" x509 \ -trustout \ -req \ @@ -72,7 +75,7 @@ generate_crypto_materials () { -new \ -key "${opensk_key}" \ -out "${opensk_cert_name}.csr" \ - -subj "/CN=Google OpenSK Hacker Edition" + -subj "/CN=OpenSK Hacker Edition" "${openssl}" x509 \ -req \ -days 3652 \ @@ -84,6 +87,11 @@ generate_crypto_materials () { -out "${opensk_cert_name}.pem" \ -sha256 fi + + if [ "${force_generate}" = "Y" -o ! -f "${aaguid_file}" ] + then + uuidgen > "${aaguid_file}" + fi } generate_crypto_materials "$1" From 4b4f3ccbfbf49f0593d82cc726598ebfb581269f Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Tue, 15 Sep 2020 11:29:03 +0200 Subject: [PATCH 4/5] Fix pylint error --- deploy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.py b/deploy.py index 8a58d96..421ead0 100755 --- a/deploy.py +++ b/deploy.py @@ -228,7 +228,7 @@ class RemoveConstAction(argparse.Action): required=False, help=None, metavar=None): - super(RemoveConstAction, self).__init__( + super().__init__( option_strings=option_strings, dest=dest, nargs=0, From aea26d9909a57c994719490aa47b6f988119fa9b Mon Sep 17 00:00:00 2001 From: Jean-Michel Picod Date: Wed, 16 Sep 2020 10:07:50 +0200 Subject: [PATCH 5/5] Add missing aaguid.txt for reproducibility --- reproducible/aaguid.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 reproducible/aaguid.txt diff --git a/reproducible/aaguid.txt b/reproducible/aaguid.txt new file mode 100644 index 0000000..05a9e52 --- /dev/null +++ b/reproducible/aaguid.txt @@ -0,0 +1 @@ +664d9f67-84a2-412a-9ff7-b4f7d8ee6d05