Merge bugfix into stable (#324)

* Add Feitian OpenSK USB Dongle (#257)

Co-authored-by: superskybird <skybird.le@gmail.com>

* Fix `config.py` tool according to the new API of fido2 python package (#284)

* Fix fido2 API update.

Since fido2 0.8.1 the device descriptor moved to NamedTuple, breaking
our configuration tool.
Code is now updated accordingly and the setup script ensure we're
using the correct version for fido2 package.

* Make Yapf happy

* Fix missing update for fido2 0.9.1

Also split the comment into 2 lines so that the touch is not hidden
at the end of the screen.

* adds README changes, logo and certificate (#285)

* Fix broken parsing. (#317)

* Fix broken parsing.

By setting the default value before pre-parsing we ensure that the item
can't be None. As an extra safety the custom action also checks for
None.

Co-authored-by: Geoffrey <geoffrey@ftsafe.com>
Co-authored-by: superskybird <skybird.le@gmail.com>
Co-authored-by: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>

README.md

@@ -24,15 +24,16 @@ few limitations:
 
 ### FIDO2
 
-Although we tested and implemented our firmware based on the published
-[CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html),
-our implementation was not reviewed nor officially tested and doesn't claim to
-be FIDO Certified.
-We started adding features of the upcoming next version of the
-[CTAP2.1 specifications](https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html).
-The development is currently between 2.0 and 2.1, with updates hidden behind
-a feature flag.
-Please add the flag `--ctap2.1` to the deploy command to include them.
+The stable branch implements the published
+[CTAP2.0 specifications](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html)
+and is FIDO certified.
+
+<img alt="FIDO2 certified L1" src="docs/img/FIDO2_Certified_L1.png" width="200px">
+
+It already contains some preview features of 2.1, that you can try by adding the
+flag `--ctap2.1` to the deploy command. The full
+[CTAP2.1 specification](https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html)
+is work in progress in the develop branch and is tested less thoroughly.
 
 ### Cryptography
 

deploy.py

@@ -243,6 +243,8 @@ class RemoveConstAction(argparse.Action):
     # https://github.com/python/cpython/blob/master/Lib/argparse.py#L138-L147
     # https://github.com/python/cpython/blob/master/Lib/argparse.py#L1028-L1052
     items = getattr(namespace, self.dest, [])
+    if items is None:
+      items = []
     if isinstance(items, list):
       items = items[:]
     else:
@@ -916,6 +918,8 @@ if __name__ == "__main__":
       help=("When set, the output of elf2tab is appended to this file."),
   )
 
+  main_parser.set_defaults(features=["with_ctap1"])
+
   # Start parsing to know if we're going to list things or not.
   partial_args, _ = main_parser.parse_known_args()
 
@@ -977,6 +981,4 @@ if __name__ == "__main__":
       help=("Compiles and installs the nfct_test example that tests the "
             "NFC driver."))
 
-  main_parser.set_defaults(features=["with_ctap1"])
-
   main(main_parser.parse_args())

docs/install.md

@@ -17,6 +17,7 @@ You will need one the following supported boards:
 *   [Nordic nRF52840 Dongle](https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle)
     to have a more practical form factor.
 *   [Makerdiary nRF52840-MDK USB dongle](https://wiki.makerdiary.com/nrf52840-mdk/).
+*   [Feitian OpenSK dongle](https://feitiantech.github.io/OpenSK_USB/).
 
 In the case of the Nordic USB dongle, you may also need the following extra
 hardware:

setup.sh

@@ -46,4 +46,4 @@ mkdir -p elf2tab
 cargo install elf2tab --version 0.6.0 --root elf2tab/
 
 # Install python dependencies to factory configure OpenSK (crypto, JTAG lockdown)
-pip3 install --user --upgrade colorama tqdm cryptography fido2
+pip3 install --user --upgrade colorama tqdm cryptography "fido2>=0.9.1"

tools/configure.py

@@ -64,8 +64,7 @@ def info(msg):
 def get_opensk_devices(batch_mode):
   devices = []
   for dev in hid.CtapHidDevice.list_devices():
-    if (dev.descriptor["vendor_id"],
-        dev.descriptor["product_id"]) == OPENSK_VID_PID:
+    if (dev.descriptor.vid, dev.descriptor.pid) == OPENSK_VID_PID:
       if dev.capabilities & hid.CAPABILITY.CBOR:
         if batch_mode:
           devices.append(ctap2.CTAP2(dev))
@@ -108,7 +107,7 @@ def main(args):
 
     cert = x509.load_pem_x509_certificate(args.certificate.read())
     # Some sanity/validity checks
-    now = datetime.datetime.now()
+    now = datetime.datetime.utcnow()
     if cert.not_valid_before > now:
       fatal("Certificate validity starts in the future.")
     if cert.not_valid_after <= now:
@@ -138,10 +137,9 @@ def main(args):
     if authenticator.device.capabilities & hid.CAPABILITY.WINK:
       authenticator.device.wink()
     aaguid = uuid.UUID(bytes=authenticator.get_info().aaguid)
-    info(("Programming device {} AAGUID {} ({}). "
-          "Please touch the device to confirm...").format(
-              authenticator.device.descriptor.get("product_string", "Unknown"),
-              aaguid, authenticator.device))
+    info("Programming OpenSK device AAGUID {} ({}).".format(
+        aaguid, authenticator.device))
+    info("Please touch the device to confirm...")
     try:
       result = authenticator.send_cbor(
           OPENSK_VENDOR_CONFIGURE,