OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

Overview

OpenSK logo

markdownlint pylint Cargo check Cargo format Coverage Status

OpenSK

This repository contains a Rust implementation of a FIDO2 authenticator.

We developed this as a Tock OS application and it has been successfully tested on the following boards:

Disclaimer

This project is proof-of-concept and a research platform. It is NOT meant for a daily usage. It's still under development and as such comes with a few limitations:

FIDO2

The stable branch implements the published CTAP2.0 specifications and is FIDO certified.

FIDO2 certified L1

It already contains some preview features of 2.1, that you can try by adding the flag --ctap2.1 to the deploy command. The full CTAP2.1 specification is work in progress in the develop branch and is tested less thoroughly.

Cryptography

We're currently still in the process on making the ARM® CryptoCell-310 embedded in the Nordic nRF52840 chip work to get hardware-accelerated cryptography. In the meantime we implemented the required cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust as a placeholder. Those implementations are research-quality code and haven't been reviewed. They don't provide constant-time guarantees and are not designed to be resistant against side-channel attacks.

Installation

For a more detailed guide, please refer to our installation guide.

  1. If you just cloned this repository, run the following script (Note: you only need to do this once):

    ./setup.sh
  2. Next step is to install Tock OS as well as the OpenSK application on your board. Run:

    # Nordic nRF52840-DK board
    ./deploy.py --board=nrf52840dk --opensk
    # Nordic nRF52840-Dongle
    ./deploy.py --board=nrf52840_dongle --opensk
  3. Finally you need to inject the cryptographic material if you enabled batch attestation or CTAP1/U2F compatibility (which is the case by default):

    ./tools/configure.py \
        --certificate=crypto_data/opensk_cert.pem \
        --private-key=crypto_data/opensk.key
  4. On Linux, you may want to avoid the need for root privileges to interact with the key. For that purpose we provide a udev rule file that can be installed with the following command:

    sudo cp rules.d/55-opensk.rules /etc/udev/rules.d/ &&
    sudo udevadm control --reload

Customization

If you build your own security key, depending on the hardware you use, there are a few things you can personalize:

  1. If you have multiple buttons, choose the buttons responsible for user presence in main.rs.
  2. Decide whether you want to use batch attestation. There is a boolean flag in ctap/mod.rs. It is mandatory for U2F, and you can create your own self-signed certificate. The flag is used for FIDO2 and has some privacy implications. Please check WebAuthn for more information.
  3. Decide whether you want to use signature counters. Currently, only global signature counters are implemented, as they are the default option for U2F. The flag in ctap/mod.rs only turns them off for FIDO2. The most privacy preserving solution is individual or no signature counters. Again, please check WebAuthn for documentation.
  4. Depending on your available flash storage, choose an appropriate maximum number of supported residential keys and number of pages in ctap/storage.rs.
  5. Change the default level for the credProtect extension in ctap/mod.rs. When changing the default, resident credentials become undiscoverable without user verification. This helps privacy, but can make usage less comfortable for credentials that need less protection.
  6. Increase the default minimum length for PINs in ctap/storage.rs. The current minimum is 4. Values from 4 to 63 are allowed. Requiring longer PINs can help establish trust between users and relying parties. It makes user verification harder to break, but less convenient. NIST recommends at least 6-digit PINs in section 5.1.9.1: https://pages.nist.gov/800-63-3/sp800-63b.html You can add relying parties to the list of readers of the minimum PIN length.

3D printed enclosure

To protect and carry your key, we partnered with a professional designer and we are providing a custom enclosure that can be printed on both professional 3D printers and hobbyist models.

All the required files can be downloaded from Thingiverse including the STEP file, allowing you to easily make the modifications you need to further customize it.

Development and testing

Printing panic messages to the console

By default, libtock-rs blinks some LEDs when the userspace application panicks. This is not always convenient as the panic message is lost. In order to enable a custom panic handler that first writes the panic message via Tock's console driver, before faulting the app, you can use the --panic-console flag of the deploy.py script.

# Example on Nordic nRF52840-DK board
./deploy.py --board=nrf52840dk --opensk --panic-console

Debugging memory allocations

You may want to track memory allocations to understand the heap usage of OpenSK. This can be useful if you plan to port it to a board with fewer available RAM for example. To do so, you can enable the --debug-allocations flag of the deploy.py script. This enables a custom (userspace) allocator that prints a message to the console for each allocation and deallocation operation.

The additional output looks like the following.

# Allocation of 256 byte(s), aligned on 1 byte(s). The allocated address is
# 0x2002401c. After this operation, 2 pointers have been allocated, totalling
# 384 bytes (the total heap usage may be larger, due to alignment and
# fragmentation of allocations within the heap).
alloc[256, 1] = 0x2002401c (2 ptrs, 384 bytes)
# Deallocation of 64 byte(s), aligned on 1 byte(s), from address 0x2002410c.
# After this operation, 1 pointers are allocated, totalling 512 bytes.
dealloc[64, 1] = 0x2002410c (1 ptrs, 512 bytes)

A tool is provided to analyze such reports, in tools/heapviz. This tool parses the console output, identifies the lines corresponding to (de)allocation operations, and first computes some statistics:

  • Address range used by the heap over this run of the program,
  • Peak heap usage (how many useful bytes are allocated),
  • Peak heap consumption (how many bytes are used by the heap, including unavailable bytes between allocated blocks, due to alignment constraints and memory fragmentation),
  • Fragmentation overhead (difference between heap consumption and usage).

Then, the heapviz tool displays an animated "movie" of the allocated bytes in heap memory. Each frame in this "movie" shows bytes that are currently allocated, that were allocated but are now freed, and that have never been allocated. A new frame is generated for each (de)allocation operation. This tool uses the ncurses library, that you may have to install beforehand.

You can control the tool with the following parameters:

  • --logfile (required) to provide the file which contains the console output to parse,
  • --fps (optional) to customize the number of frames per second in the movie animation.
cargo run --manifest-path tools/heapviz/Cargo.toml -- --logfile console.log --fps 50

Contributing

See Contributing.md.

Reporting a Vulnerability

See SECURITY.md.

Comments
  • Requests for USB dongle  without additional hardware.

    Requests for USB dongle without additional hardware.

    Very excited about yesterday's update。 I very much expect to get rid of the hardware (jlink) dependency。 I have one usb dongle (52840 dongle),and have a try with nrfutil.

    ./deploy.py --board=nrf52840_dongle --opensk --programmer=nordicdfu fatal: This board doesn't support flashing over DFU.

    then I checked deploy.py file.Then changed parameters: ./deploy.py --board=nrf52840_dongle_dfu --opensk --programmer=nordicdfu

    I see ,it needs nrfutil command with version 5.1. AttributeError: 'dict' object has no attribute 'iteritems'。

    Can you tell me if my operation is correct,and nrfutil's version.

    Thanks !

    Specifications

    • Version:
    • Platform: ubuntu 16.04 i686 ,python 3.5.
    opened by xaqfan 30
  • Cannot generate ssh keys with ed25519-sk

    Cannot generate ssh keys with ed25519-sk

    I'm trying to create ssh keys with ed25519-sk instead of ecdsa-sk but I receive this error: Key enrollment failed: requested feature not supported . This is my Openssh version: **OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k **

    I'm using a nrf52840 dongle with the last updates of the stable branch.

    Any idea why is this happening? Thanks in advance.

    enhancement 
    opened by gelintonx 28
  • Is there a way to store a key/secret in the dongle?

    Is there a way to store a key/secret in the dongle?

    Is there an API in the OpenSK that I can use to store a secret string mapped to a username and retrieve it later on?

    If not, can I exploit the FIDO register call to store a secret string mapped to a username? Is there any field in the FIDO2 protocol that is stored on the authenticator and is returned during authentication? I need it for the research prototype, so any hack/ideas would help.

    question 
    opened by tarun14110 20
  • OpenSK does not work properly on Microsoft Edge

    OpenSK does not work properly on Microsoft Edge

    Expected Behavior

    I can register the OpenSK key on my Google account

    Actual Behavior

    When I try to register the OpenSK key on my Google account, it gets stuck on the confirmation page Here are the logs:

    two-step-verification?rapt=***:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
    two-step-verification?rapt=***:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
    two-step-verification?rapt=***:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
    two-step-verification?rapt=***:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
    

    Steps to Reproduce the Problem

    1. Flash the OpenSK firmware to nRF52840-Dongle
    2. Open https://myaccount.google.com/signinoptions/two-step-verification on Microsoft Edge
    3. Click "Add security key", and click "Next"
    4. Tap the button on the OpenSK key

    Specifications

    • Version: latest stable
    • Platform: Windows
    opened by ghost 18
  • Add Feitian USB Dongle

    Add Feitian USB Dongle

    Feitian created an hardware dongle according to nRF52840 design, please refer to https://feitiantech.github.io/OpenSK_USB/hardware/ . There is no need to change anything to Google OpenSK source code, download the OpenSK firmware to Feitian Dongle, and it can work.

    documentation cla: yes 
    opened by geofli 18
  • nRF52840 USB dongle can not work with source code from stable and develop branches

    nRF52840 USB dongle can not work with source code from stable and develop branches

    Expected Behavior

    nRF52840 USB dongle should work with source code on stable branch or develop branch

    Actual Behavior

    Neither stable nor develop branch work.

    Following below steps

    1. ./reset.sh
    2. ./setup.sh
    3. ./deploy.py --board=nrf52840_dongle_dfu --opensk --programmer=nordicdfu
    Have switched nrf52840 usb dongle to bootloader mode.
    4. ./tools/configure.py \
        --certificate=crypto_data/opensk_cert.pem \
        --private-key=crypto_data/opensk.key
    

    If I use source code from stable branch, step 4 reports error 0xF2.

    info: Private key is valid.
    info: Certificate is valid.
    DEBUG:fido2.hid.macos:Found CTAP device: 4295020873
    DEBUG:fido2.hid:SEND: ffffffff8600084859dd5c0a590e2f
    DEBUG:fido2.hid:RECV: ffffffff8600114859dd5c0a590e2f00000001020100000500000000000000000000000000000000000000000000000000000000000000000000000000000000
    DEBUG:fido2.hid:SEND: 0000000190000104
    DEBUG:fido2.hid:RECV: 00000001900001f20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Traceback (most recent call last):
      File "./tools/configure.py", line 204, in <module>
        main(parser.parse_args())
      File "./tools/configure.py", line 134, in main
        for authenticator in tqdm(get_opensk_devices(args.batch)):
      File "./tools/configure.py", line 72, in get_opensk_devices
        return [ctap2.CTAP2(dev)]
      File "/Users/gaofeng/.pyenv/versions/3.8.8/lib/python3.8/site-packages/fido2/ctap2/base.py", line 643, in __init__
        self._info = self.get_info()
      File "/Users/gaofeng/.pyenv/versions/3.8.8/lib/python3.8/site-packages/fido2/ctap2/base.py", line 695, in get_info
        return self.send_cbor(Ctap2.CMD.GET_INFO, parse=Info)
      File "/Users/gaofeng/.pyenv/versions/3.8.8/lib/python3.8/site-packages/fido2/ctap2/base.py", line 675, in send_cbor
        raise CtapError(status)
    fido2.ctap.CtapError: CTAP error: 0xF2 - UNKNOWN
    

    If I checkout code to develop branch, after step 3, nrf52840 usb dongle behaves like

    https://user-images.githubusercontent.com/10238809/126742034-fdf49cec-d0c0-4173-aeb3-64b33207f636.mp4

    Even if I perform ./deploy.py --board=nrf52840_dongle_dfu --erase_storage --programmer=nordicdfu before step 3, behavior is same.

    What's the matter?

    Steps to Reproduce the Problem

    1. ./reset.sh
    2. ./setup.sh
    3. ./deploy.py --board=nrf52840_dongle_dfu --opensk --programmer=nordicdfu
    Have switched nrf52840 usb dongle to bootloader mode.
    4. ./tools/configure.py \
        --certificate=crypto_data/opensk_cert.pem \
        --private-key=crypto_data/opensk.key
    

    on either stable or develop branch.

    bug 
    opened by geofli 16
  • lost access to bootloader on makerdiary nRF52840 MDK USB Dongle after flash

    lost access to bootloader on makerdiary nRF52840 MDK USB Dongle after flash

    Expected Behavior

    Holding button while plugging to computer enter UF2 flash mode ( ie presenting a mass storage device to the host )

    Actual Behavior

    Holding button while plugging to computer does nothing

    Steps to Reproduce the Problem

    1. generate firmware with ./deploy.py --board=nrf52840_mdk_dfu --programmer=none --opensk
    2. convert hex file to uf2 with uf2conv.py firmware.hex -c -f 0xADA52840
    3. flash by copying the resulting uf2 file to the mass storage device presented.

    Specifications

    • Version: b0c1b73897816edb757a163943f7b36a55f76a19
    • Platform: linux

    Comments/Questions

    Apologies if I missed something, I chose nrf52840_mdk_dfu as the board since it was the only one mentioning mdk and I tried before nrf52840_dongle but the button was not recognized ( I was able though to enter UF2 mode with that firmware flashed ).

    The dongle works perfectly as is, webauthn.io test is successful. I just can't set it back to bootloader mode to flash or update something else. Just want to confirm I need a debugger probe at that point to be able to update opensk and/or change the firmware running at that point. Thank you in advance for your pointers.

    opened by gled-rs 14
  • Failed to load

    Failed to load "resident" ssh key generated by OpenSK device

    Expected Behavior

      After successfully generating the residential ssh keys by ssh-keygen -t ecdsa-sk -O resident, the private key should can be load to another computer via the OpenSK devices by ssh-add -K, but it failed to load.

    Actual Behavior

      Generation step on residental key seems to be successful, but when I tried to load the key to anthoer PC, by pluging in the OpenSK device and ssh-add -K, it shows Enter PIN for authenticator: Provider "internal" returned failure -1 Unable to load resident keys: invalid format   (the PIN was set correctly.)   After enable verbose mode by ssh-add -K -v, it shows Enter PIN for authenticator: debug1: start_helper: starting /usr/lib/ssh/ssh-sk-helper debug1: sshsk_load_resident: provider "internal", have-pin debug1: sk_probe: 1 device(s) detected debug1: sk_probe: selecting sk by touch debug1: ssh_sk_load_resident_keys: trying /dev/hidraw5 debug1: check_sk_options: option uv is unknown debug1: read_rks: get metadata for /dev/hidraw5 failed: FIDO_ERR_MISSING_PARAMETER debug1: ssh_sk_load_resident_keys: read_rks failed for /dev/hidraw5 Provider "internal" returned failure -1 debug1: ssh-sk-helper: sshsk_load_resident failed: invalid format debug1: main: reply len 8 debug1: client_converse: helper returned error -4 Unable to load resident keys: invalid format   which makes me confused.

    Steps to Reproduce the Problem

    1. Generate a pair of residental ssh key by ssh-keygen -t ecdsa-sk -O resident.
    2. Plug the OpenSK device to another PC.
    3. Try to load the key generated to that PC ssh-add -K -v

    Specifications

    • Device: Nordic nRF52840 Dongle
    • Version: c6d3f51 of develop branch
    • Platform: Arch Linux

      I would appreciate it if you could do me a favour to solve that problem. Looking forward to your reply on your earliest convenience.

    opened by JunASAKA 13
  • Support ed25519 crypto algorithm

    Support ed25519 crypto algorithm

    Fixes #335

    This PR uses external ed25519-dalek crate for crypto implementation, which lead to several changes I'd like to get feedback on:

    1. ed25519-dalek requires Rust 2021. For that, I've made some changes to third-party/libtock-rs submodule, which are commited in https://github.com/egor-duda/libtock-rs/tree/ed25519. They change rust-toolchain channel to nightly-2021-10-21 and update asm code to use numbered labels due to enabled #[deny(named_asm_labels)].
    2. This change also causes new warnings about llvm_asm! macro being deprecated, and I don't know ARM assembly that well to be able to properly migrate from llvm_asm! to asm!. As a temporary workaround, I've removed -D warnings in deploy.py
    3. Crypto structs in ed25519-dalek do not implement Clone and Eq, so instead of deriving those traits for PrivateKey, I've implemented them explicitly. Not sure if that is correct way to do that.

    I've added --with-ed25519 option to deploy.py, and tested on nrf52840_dongle with openssh (ssh-keygen -t ed25519-sk) with PIN both enabled and disabled. I'm not sure is there is some webauthn test site which allows selecting specific crypto algorithm, would appreciate any pointers.

    opened by egor-duda 12
  • Should clear all credentials/PIN after flashing the new firmware?

    Should clear all credentials/PIN after flashing the new firmware?

    Currently, after you flash a new firmware to OpenSK, existing PIN/credentials (resident or non-resident) are still valid, you can still use them to authenticate to online services.

    Should OpenSK clear all existing Credentials(resident or non-resident), PIN and other security parameters if it has been updated to the new firmware?

    question 
    opened by geofli 12
  • OpenSK firmware can not work well with nRF52840 dongle after 2e419fe77b37255778fe13166cdc891caee3b334

    OpenSK firmware can not work well with nRF52840 dongle after 2e419fe77b37255778fe13166cdc891caee3b334

    Expected Behavior

    Before (include) 2e419fe77b37255778fe13166cdc891caee3b334, when insert nRF52840 USB dongle to USB port, LEDs are off. When receiving CTAP2/U2F command, LEDs will blink and wait for user presence. After user press the button, it response correctly.

    Actual Behavior

    Now (after 2e419fe77b37255778fe13166cdc891caee3b334), after insert to USB port, LEDs are blinking even if it is in idle. OpenSK does not work after user presses button.

    Steps to Reproduce the Problem

    1. Download firmware to nRF52840 dongle as usual.
    2. Replug it to USB port, take a look at the LED status, they are blinking, different from before.
    3. Test it on https://webauthn.io/ or other test website.
    4. Make credential and press button.

    I tested source code from 752bf47ed5caa2265e1d3884a40798fd7a2e95d6 to latest. It has same behavior.

    bug 
    opened by geofli 12
  • Easier porting to other architectures

    Easier porting to other architectures

    Despite I know ESP32-C3/C2 is magnitude slower than nRF52840, but I want to port this there. Right now OpenSK seems like very centric to nRF52840, but I guess this can be traded with time. There is one thing about ESP32-C3/C2 though, that they don't have official atomic support, and I believe changing it to use atomic_polyfill can have some, say like timing consequences. Wonder if we can make something relaxed so we can port things easier?

    opened by stevefan1999-personal 3
  • RUSTSEC-2022-0063: Multiple vulnerabilities resulting in out-of-bounds writes

    RUSTSEC-2022-0063: Multiple vulnerabilities resulting in out-of-bounds writes

    Multiple vulnerabilities resulting in out-of-bounds writes

    | Details | | | ------------------- | ---------------------------------------------- | | Package | linked_list_allocator | | Version | 0.8.11 | | URL | https://github.com/advisories/GHSA-xg8p-34w2-j49j | | Date | 2022-09-07 | | Patched versions | >=0.10.2 |

    • The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of::&lt;usize&gt; because of metadata write operations.
    • When calling Heap::extend with a size smaller than two usizes (e.g., 16 on x86_64), the size was erroneously rounded up to the minimum size, which could result in an out-of-bounds write.
    • Calling Heap::extend on an empty heap tried to construct a heap starting at address 0, which is also an out-of-bounds write.
      • One specific way to trigger this accidentally is to call Heap::new (or a similar constructor) with a heap size that is smaller than two usizes. This was treated as an empty heap as well.
    • Calling Heap::extend on a heap whose size is not a multiple of the size of two usizes resulted in unaligned writes. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • Pinned rust toolchain (nightly-2021-03-25) from libtock-rs causes linking errors on aarch64-apple-darwin

    Pinned rust toolchain (nightly-2021-03-25) from libtock-rs causes linking errors on aarch64-apple-darwin

    Expected Behavior

    Compiling OpenSK should work fine on platforms like aarch64-apple-darwin (e.g. with cargo build --features std)

    Actual Behavior

    Compiling with the pinned toolchain from libtock-rs causes linking errors on aarch64-apple-darwin. I assume that rust support for apple silicon chips was not ready yet at this point.

    Steps to Reproduce the Problem

    1. Run cargo build --features std on aarch64-apple-darwin and observe the following C++ linking errors (watch out, very long).

    Compiling libtock_core v0.1.0 (/Users/yk/Documents/Coding/opensk_fork/third_party/libtock-rs/core) error: linking with cc failed: exit status: 1 | = note: "cc" "-arch" "arm64" "-L" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.0.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.1.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.10.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.11.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.12.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.13.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.14.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.15.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.2.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.3.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.4.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.5.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.6.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.7.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.8.rcgu.o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.build_script_build.z8vntg2w-cgu.9.rcgu.o" "-o" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e" "/Users/yk/rust-artifacts/debug/build/proc-macro2-f3cf9a69785a363e/build_script_build-f3cf9a69785a363e.3hj9l8a3kvh4kb7e.rcgu.o" "-Wl,-dead_strip" "-nodefaultlibs" "-L" "/Users/yk/rust-artifacts/debug/deps" "-L" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libstd-c74e6b3de522962e.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libpanic_unwind-c93ea4d419dae922.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libobject-d002150646c82cc7.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libaddr2line-08d0962d65625914.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libgimli-19ddd96688ea0319.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libstd_detect-d8646d3f69dbb0b4.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc_demangle-53d2a1a1245eee83.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libhashbrown-66a22362d0e1778d.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc_std_workspace_alloc-ad006e595a77ae48.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libunwind-0d9b6902b79f5775.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libcfg_if-b94ae0abe03da051.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/liblibc-e1883bf629bf5f4b.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/liballoc-43a6bd8ab40401f6.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc_std_workspace_core-309925a076418223.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libcore-4ce201db55ae746f.rlib" "/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libcompiler_builtins-226f06aaeebfc929.rlib" "-lSystem" "-lresolv" "-lc" "-lm" "-liconv" = note: ld: in /Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libpanic_unwind-c93ea4d419dae922.rlib(lib.rmeta), archive member 'lib.rmeta' with length 35728 is not mach-o or llvm bitcode file '/Users/yk/.rustup/toolchains/nightly-2021-05-25-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/libpanic_unwind-c93ea4d419dae922.rlib' for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation)

    Possible Solution

    Updating the pinned nightly toolchain to a later version like 2021-06-25 and hence updating the specified submodule. With simple overwriting I found out that for example nightly 2021-05-25 does not seem to work yet but the June version one month later indeed does (meaning the above compile command passed without any errors).

    Since the toolchain is propagated through the libtock-rs version we need to be careful not break any (runtime) functionality with later versions.

    opened by L0g4n 2
  • APDU parser has multiple errors

    APDU parser has multiple errors

    I found a couple of bugs while reviewing the OpenSK APDU parser, because while writing a FIDO client library, I noticed many FIDO implementations have buggy ISO 7816 implementations. I haven't run this on "real hardware" to try it out properly.

    1. APDU parser does not handle extended form with Nc = 0 and Ne > 0 ("Case 2E"). It would error out with WRONG_LENGTH.

      Example request, where Nc = 0 and Ne = 0x1234:

      CLA INS P1 P2 0x00 0x12 0x34
      

      U2F GET_VERSION is impacted by this, other U2F commands and CTAP2 (over an ISO 7816 transport) always have command payloads.

      The parser appears to only handle "Case 2S" (short form Nc = 0 and Ne > 0), but supporting extended form is required for all transports, and supporting short form is only required over NFC.

    2. APDU parser accepts malformed 3 byte Lc + 3 byte Le.

      Per ISO 7816-4:2005 Section 5.1 (Command-response pairs), when Nc > 0 and Ne > 0 and using extended form ("Case 4E"), the correct representation is:

      CLA INS P1 P2 0x00 {Nc as uint16_be} {command bytes} {Ne as uint16_be}
      

      The implementation here appears to also incorrectly accept malformed requests of the form:

      CLA INS P1 P2 0x00 {Nc as uint16_be} {command bytes} 0x00 {Ne as uint16_be}
      

      The only reason Le should be prefixed with 0x00 is if the Lc field is absent and Le is in extended form ("Case 2E").

      Accepting malformed requests can cause implementers "testing against OpenSK" to make mistakes which are only exposed when testing with another FIDO implementation which follows ISO 7816 correctly. I've already seen subtle differences in existing FIDO certified devices with malformed inputs.

    Note: "Case 2E", "Case 2S" and "Case 4E" references to ISO 7816-3:2006 section 12.1.3 (Decoding conventions for command APDUs); S = short form, E = extended form.

    Case | Command Data Field | Response Length Field | Total length ----- | ------ | ---- | ----- Case 1 | None | None | 4 bytes Case 2S | None | Present (1 byte) | 5 bytes Case 2E | None | Present (3 bytes) | 7 bytes Case 3S | Present (1 byte) | None | 5 + (command data length) bytes Case 3E | Present (3 bytes) | None | 7 + (command data length) bytes Case 4S | Present (1 byte) | Present (1 byte) | 6 + (command data length) bytes Case 4E | Present (3 bytes) | Present (2 bytes) | 9 + (command data length) bytes

    bug 
    opened by micolous 1
  • --debug output not printingon nrf52840dk

    --debug output not printingon nrf52840dk

    Hi,

    I am hoping to do some work based on OpenSK but am having some difficulty getting the debug printouts to work. Is there something that I am missing in this process?

    When I use an unmodified (non-opensk) version of tock, I am able to see the "Initialization complete. Entering main loop'" printout as well as extra printouts made by userspace apps (such as the libtock-c button-print example). Using OpenSK, when I do not have the OpenSK connected to my computer via the USB peripheral cable, I can see this message as well as an explicit print statement that I added in the main loop. When I have the USB peripheral cable connected, I cannot see any of these printouts.

    edit: I am now thinking that the issue may be just that pressing the reset button (even without the peripheral usb attached) stops the console writes from showing up. Is this expected behavior?

    Expected Behavior

    When I start a server in one terminal with:

    JLinkExe -device nrf52 -if swd -speed 1000 -autoconnect 1
    

    And a client in another with:

    JLinkRTTClient
    

    and then deploy opensk to my board with:

    ./deploy.py --board=nrf52840dk --opensk --debug --panic-console
    

    I see the Tock initialization printout and additional opensk debug output when going through an example setup flow.

    Actual Behavior

    There is no output in the RTT terminal beyond the following when the peripheral USB cable is connected and after pushing the reset button to connect:

    SEGGER J-Link V7.80b - Real time terminal output
    J-Link OB-nRF5340-NordicSemi compiled Dec  3 2021 15:46:49 V1.0, SN=1050271190
    Process: JLinkExe
    

    When the peripheral USB cable is not connected, I can see other outputs but cannot see debug print statements (though this could be because I am not able to initiate an authentication flow without the second USB connected)

    Steps to Reproduce the Problem

    As above.

    Specifications

    • Version: stable branch 1b70583
    • Platform: x1 carbon gen 6 running manjaro linux
    documentation 
    opened by bkettle 11
Releases(ctap2.0)
  • ctap2.0(Jun 23, 2021)

    Except for some bugfixes that we applied after and which don't alter the CTAP2 behavior, this is the firmware that we had certified by the FIDO Alliance running on the Nordic nRF52840 dongle board.

    Source code(tar.gz)
    Source code(zip)
Owner
Google
Google ❤️ Open Source
Google
A paseto implementation in rust.

Paseto Rust Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This is d

Instructure, Inc. 145 Nov 7, 2022
ROCCA cipher implementation for Rust.

ROCCA for Rust This is a Rust implementation of the ROCCA authenticated cipher, ported from the Zig implementation. ROCCA is key committing, has a 256

Frank Denis 6 Sep 30, 2022
RSA implementation in pure Rust

RSA A portable RSA implementation in pure Rust. ⚠️ WARNING: This crate has been audited by a 3rd party, but a full blog post with the results and the

Rust Crypto 346 Jan 4, 2023
SD-JWT Rust Reference Implementation

SD-JWT Rust Reference Implementation This is the reference implementation of the IETF SD-JWT specification written in Rust. Supported version: 6. Note

OpenWallet Foundation Labs 4 Dec 19, 2023
Fast, simple and REST compliant file-server with public/private key authentication written in Rust

stormi Stormi is a fast and simple file-server with public/private key authentication How does it work? Stormi accepts multipart/form-data form with m

Polygon 2 Dec 8, 2022
An implementation for an authentication API for Rocket applications.

rocket_auth rocket_auth provides a ready-to-use backend agnostic API for authentication management. For more information visit the documentation at ht

null 62 Dec 19, 2022
An implementation of webauthn components for Rustlang servers

Webauthn-rs Webauthn is a modern approach to hardware based authentication, consisting of a user with an authenticator device, a browser or client tha

Kanidm 232 Jan 8, 2023
A minimal jwt implementation for OIDC

Compact JWT Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are en

Kanidm 4 Dec 29, 2021
WebCipher - JWT encryption/decryption algorithms + a JWK Store implementation

webcipher provides JWT authentication utilities and storage mechanism for caching keys and optimizing decryption/encryption processes.

Wavy 1 May 1, 2022
A HTTP Filter checking for OIDC Authentication, made for Envoy Plugins, written in Rust

WASM OIDC Plugin A plugin for Envoy written in Rust. It is a HTTP Filter, that implements the OIDC Authorization Code Flow. Requests sent to the filte

Anton Engelhardt 5 Jul 7, 2023
Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes.

Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and a

Scott Lamb 3 Jun 10, 2022
Tools for manipulating JSON Web Tokens, JWS, JWE, and JWK in Rust

Rusty JWT Tools A collection of JWT utilities. This repository is part of the source code of Wire. You can find more information at wire.com or by con

Wire Swiss GmbH 4 Nov 22, 2022
A set of Rust libraries to interact with apple's private APIs and servers.

apple-private-apis A set of Rust libraries to interact with apple's private APIs and servers, made for use in SideInstaller. Library Description omnis

SideStore Team 4 Jan 25, 2023
Highly flexible library to manage and orchestrate JWT workflow

JWT Vault Highly flexible library to manage and orchestrate JWT workflow Examples | Website | Chat TODO Add more examples Improve coverage Features Ma

Saurav Gupta 65 Nov 8, 2022
A OAuth2 server library, for use in combination with actix or other frontends, featuring a set of configurable and pluggable backends.

oxide-auth A OAuth2 server library, for use in combination with common web servers, featuring a set of configurable and pluggable backends. About oxid

null 471 Dec 29, 2022
Decode, explore, and sign JWTs

JWT Explorer A utility for inspecting, modifying, and attacking JWTs. Supports Windows and Linux and probably also works on macOS but this has not bee

David Young 9 Nov 9, 2022
Simple backend app with Actix-web, JWT and MongoDB

Actix Web JWT Example Simple backend app with Actix-web, JWT and MongoDB (JWT Token, Protect Route, Login & Register) While developing the web service

Emre 124 Dec 31, 2022
Simple crate to login to Pinterest and get the cookies via Chromiumoxide to simulate a browser

Simple crate to login to Pinterest and get the cookies via Chromiumoxide to simulate a browser (open a real browser actually), to use the Pinterest API without needing a developer account or an API key or anything that costs money :).

Anas 3 Oct 5, 2023
JWT lib in rust

jsonwebtoken API documentation on docs.rs See JSON Web Tokens for more information on what JSON Web Tokens are. Installation Add the following to Carg

Vincent Prouillet 1.1k Jan 3, 2023