kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'bugfix' into develop

Browse Source
This commit is contained in:
Jean-Michel Picod
2021-04-13 15:04:58 +02:00
parent 78b7767682 2957c800cd
commit e9c66a2764
5 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@@ -25,13 +25,15 @@ few limitations:
### FIDO2 ### FIDO2
The stable branch implements the published The stable branch implements the published
[CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html), [CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html)
but our implementation was not reviewed nor officially tested and doesn't claim and is FIDO certified.
to be FIDO Certified. It already contains some preview features of 2.1, that you
can try by adding the flag `--ctap2.1` to the deploy command. <img alt="FIDO2 certified L1" src="docs/img/FIDO2_Certified_L1.png" width="200px">
The develop branch offers only the
[CTAP2.1 specifications](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html). It already contains some preview features of 2.1, that you can try by adding the
The new features of 2.1 are currently work in progress. flag `--ctap2.1` to the deploy command. The full
[CTAP2.1 specification](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html)
is work in progress in the develop branch and is tested less thoroughly.
### Cryptography ### Cryptography

BIN
docs/FIDO2 Certificate Google FIDO20020210209001.pdf Normal file
View File

Binary file not shown.

BIN
docs/img/FIDO2_Certified_L1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

2
setup.sh
View File

@@ -46,4 +46,4 @@ mkdir -p elf2tab
cargo install elf2tab --version 0.6.0 --root elf2tab/ cargo install elf2tab --version 0.6.0 --root elf2tab/
# Install python dependencies to factory configure OpenSK (crypto, JTAG lockdown) # Install python dependencies to factory configure OpenSK (crypto, JTAG lockdown)
pip3 install --user --upgrade colorama tqdm cryptography fido2 pip3 install --user --upgrade colorama tqdm cryptography "fido2>=0.9.1"

8
tools/configure.py
View File

@@ -64,8 +64,7 @@ def info(msg):
def get_opensk_devices(batch_mode): def get_opensk_devices(batch_mode):
devices = [] devices = []
for dev in hid.CtapHidDevice.list_devices(): for dev in hid.CtapHidDevice.list_devices():
if (dev.descriptor["vendor_id"], if (dev.descriptor.vid, dev.descriptor.pid) == OPENSK_VID_PID:
dev.descriptor["product_id"]) == OPENSK_VID_PID:
if dev.capabilities & hid.CAPABILITY.CBOR: if dev.capabilities & hid.CAPABILITY.CBOR:
if batch_mode: if batch_mode:
devices.append(ctap2.CTAP2(dev)) devices.append(ctap2.CTAP2(dev))
@@ -138,10 +137,9 @@ def main(args):
if authenticator.device.capabilities & hid.CAPABILITY.WINK: if authenticator.device.capabilities & hid.CAPABILITY.WINK:
authenticator.device.wink() authenticator.device.wink()
aaguid = uuid.UUID(bytes=authenticator.get_info().aaguid) aaguid = uuid.UUID(bytes=authenticator.get_info().aaguid)
info(("Programming device {} AAGUID {} ({}). " info("Programming OpenSK device AAGUID {} ({}).".format(
"Please touch the device to confirm...").format(
authenticator.device.descriptor.get("product_string", "Unknown"),
aaguid, authenticator.device)) aaguid, authenticator.device))
info("Please touch the device to confirm...")
try: try:
result = authenticator.send_cbor( result = authenticator.send_cbor(
OPENSK_VENDOR_CONFIGURE, OPENSK_VENDOR_CONFIGURE,