Merge pull request #147 from jmichelp/master

Few fixes/improvements

Cargo.toml

@@ -30,11 +30,12 @@ with_ctap1 = ["crypto/with_ctap1"]
 with_ctap2_1 = []
 
 [dev-dependencies]
-elf2tab = "0.4.0"
+elf2tab = "0.6.0"
 enum-iterator = "0.6.0"
 
 [build-dependencies]
 openssl = "0.10"
+uuid = { version = "0.8", features = ["v4"] }
 
 [profile.dev]
 panic = "abort"

build.rs

@@ -21,8 +21,10 @@ use openssl::pkey::PKey;
 use openssl::x509;
 use std::env;
 use std::fs::File;
+use std::io::Read;
 use std::io::Write;
 use std::path::Path;
+use uuid::Uuid;
 
 fn main() {
     println!("cargo:rerun-if-changed=crypto_data/opensk.key");
@@ -84,7 +86,10 @@ fn main() {
     cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap();
 
     let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap();
-    let mut serial = cert.serial_number().to_bn().unwrap().to_vec();
+    let mut aaguid_txt_file = File::open("crypto_data/aaguid.txt").unwrap();
-    serial.resize(16, 0);
+    let mut content = String::new();
-    aaguid_bin_file.write_all(&serial).unwrap();
+    aaguid_txt_file.read_to_string(&mut content).unwrap();
+    content.truncate(36);
+    let aaguid = Uuid::parse_str(&content).unwrap();
+    aaguid_bin_file.write_all(aaguid.as_bytes()).unwrap();
 }

deploy.py

@@ -228,7 +228,7 @@ class RemoveConstAction(argparse.Action):
                required=False,
                help=None,
                metavar=None):
-    super(RemoveConstAction, self).__init__(
+    super().__init__(
         option_strings=option_strings,
         dest=dest,
         nargs=0,
@@ -406,10 +406,10 @@ class OpenSKInstaller:
         self.args.application))
     elf2tab_ver = self.checked_command_output(["elf2tab", "--version"]).split(
         "\n", maxsplit=1)[0]
-    if elf2tab_ver != "elf2tab 0.5.0":
+    if elf2tab_ver != "elf2tab 0.6.0":
       error(
           ("Detected unsupported elf2tab version {!a}. The following "
-           "commands may fail. Please use 0.5.0 instead.").format(elf2tab_ver))
+           "commands may fail. Please use 0.6.0 instead.").format(elf2tab_ver))
     os.makedirs(self.tab_folder, exist_ok=True)
     tab_filename = os.path.join(self.tab_folder,
                                 "{}.tab".format(self.args.application))
@@ -839,7 +839,7 @@ if __name__ == "__main__":
   )
   main_parser.add_argument(
       "--ctap2.1",
-      action=RemoveConstAction,
+      action="append_const",
       const="with_ctap2_1",
       dest="features",
       help=("Compiles the OpenSK application with backward compatible "

reproducible/aaguid.txt

@@ -0,0 +1 @@
+664d9f67-84a2-412a-9ff7-b4f7d8ee6d05

setup.sh

@@ -42,4 +42,4 @@ pip3 install --user --upgrade 'tockloader==1.5' six intelhex
 rustup target add thumbv7em-none-eabi
 
 # Install dependency to create applications.
-cargo install elf2tab --version 0.5.0
+cargo install elf2tab --version 0.6.0

tools/gen_key_materials.sh

@@ -14,6 +14,9 @@
 # limitations under the License.
 
 generate_crypto_materials () {
+  # OpenSK AAGUID
+  local aaguid_file=crypto_data/aaguid.txt
+
   # Root CA key pair and certificate
   local ca_priv_key=crypto_data/opensk_ca.key
   local ca_cert_name=crypto_data/opensk_ca
@@ -49,7 +52,7 @@ generate_crypto_materials () {
       -new \
       -key "${ca_priv_key}" \
       -out "${ca_cert_name}.csr" \
-      -subj "/CN=Google OpenSK CA"
+      -subj "/CN=OpenSK CA"
     "${openssl}" x509 \
       -trustout \
       -req \
@@ -72,7 +75,7 @@ generate_crypto_materials () {
       -new \
       -key "${opensk_key}" \
       -out "${opensk_cert_name}.csr" \
-      -subj "/CN=Google OpenSK Hacker Edition"
+      -subj "/CN=OpenSK Hacker Edition"
     "${openssl}" x509 \
       -req \
       -days 3652 \
@@ -84,6 +87,11 @@ generate_crypto_materials () {
       -out "${opensk_cert_name}.pem" \
       -sha256
   fi
+
+  if [ "${force_generate}" = "Y" -o ! -f "${aaguid_file}" ]
+  then
+    uuidgen > "${aaguid_file}"
+  fi
 }
 
 generate_crypto_materials "$1"