Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reverse HOTP #1

Closed
wants to merge 20 commits into from
Closed

Reverse HOTP #1

wants to merge 20 commits into from

Conversation

szszszsz
Copy link
Member

@szszszsz szszszsz commented Nov 9, 2022
edited
Loading

Add the reverse HOTP feature

Tasks

  • return error on the counter overflow
  • discuss, if on-credential operations (get code, verify code, or both) should be limited during its registration
  • integrate with embedded runner
  • support LED control - done partially, see Update blinking handlers #4
  • support touch button
  • extension: PIN verification as an alternative to the VALIDATE command, PIN verification as an alternative to the VALIDATE command #6
  • optional: finish Trussed Virt-based example and tests , Add example #7
  • discuss, if the error codes should be more specific (its basically success or error now)
  • use u64 as the input for the verify_code, instead of the currently string

Description

Verify the HOTP code coming from a PC host, and show visually to user, that the code is correct or not, with a green or red LED respectively. Does not need authorization by design.

See more at:

Solution contains means to avoid desynchronization between the host's and device's counters. Device calculates up to 9 values ahead of its current counter to find the matching code (in total it calculates HOTP code for 10 subsequent counter positions). In case:

  • no code would match - the on-device counter will not be changed;
  • incoming code parsing would fail - the on-device counter will not be changed;
  • code would match, but with some counter's offset (up to 9) - the on-device counter will be set to matched code-generated HOTP counter and incremented by 1;
  • code would match, and the code matches counter without offset - the counter will be incremented by 1.

Device will stop verifying the HOTP codes in case, when the difference between the host and on-device counters will be greater or equal to 10.

cc @sosthene-nitrokey

@szszszsz szszszsz marked this pull request as draft November 9, 2022 12:24
@szszszsz szszszsz marked this pull request as ready for review November 9, 2022 12:24
@szszszsz
Copy link
Member Author

szszszsz commented Nov 9, 2022

Let's consider this being ready to review. The remaining tasks' results will be supplied in separate PRs.

@szszszsz
Copy link
Member Author

szszszsz commented Nov 9, 2022
edited
Loading

Note: confirmed to work in the NK3's embedded runner (embedded-runner-lpc55):

CLI is WIP under:

sosthene-nitrokey
sosthene-nitrokey requested changes Nov 10, 2022
View reviewed changes
Cargo.toml Outdated Show resolved Hide resolved
src/authenticator.rs Outdated Show resolved Hide resolved
src/authenticator.rs Outdated Show resolved Hide resolved
src/authenticator.rs Outdated Show resolved Hide resolved
src/command.rs Show resolved Hide resolved
src/authenticator.rs Outdated Show resolved Hide resolved
src/authenticator.rs Outdated Show resolved Hide resolved
@szszszsz szszszsz mentioned this pull request Nov 18, 2022
Merged
5 tasks
@szszszsz
Merge branch 'ctaphid'
d8cfaab 
Support CTAPHID transport. This is realized by sending CCID traffic into CTAP vendor command.

Fixes #2
@szszszsz
Copy link
Member Author

Updated as suggested in the review. Remaining tasks moved to separate tickets.
Merging.

@szszszsz
Initial implementation for the HOTP code verification
73440ee 
New command is added: VerifyCode
This is used e.g. in Heads, to execute the Measured Boot operation.
@szszszsz
Refactor: extract HOTP code calculation
3a295a1
@szszszsz
Extract string to number conversion. Add tests.
4c79594
@szszszsz
Comments
efb8cdb
@szszszsz
Make ctaphid crate optional. Add initial example for tests.
84bd9ea
@szszszsz
Handle counter windowing for HOTP code verification
33aacd6 
To avoid desynchronization between the host's and device's counters
@szszszsz
Correct ctaphid feature name
5756b4a
@szszszsz
Do not complain if the logging is disabled
3e3bf8c
@szszszsz
Review comments
0d66fb1
@szszszsz
Remove trussed modifications
758130e
@szszszsz
Add UI handling - button and LED blinking
ed83641
@szszszsz
Add reverse HOTP as a separate kind
774c373 
This way different operations cannot be mixed on the same credential
@szszszsz
Return different CTAP1 error for the data conversion error
90bdc97
@szszszsz
Allow to use VerifyCode without authorization
3b26c17
@szszszsz
Fail on HOTP counter overflow
3008a85
@szszszsz
Accept u32 BE code for the verification
3e6a67c
@szszszsz
Comments and cleanup
c3ea59b
@szszszsz
Remove obsolete dependencies
dbd7892
@szszszsz
Remove example
04b2ebb
@szszszsz szszszsz closed this in 833c3bc Nov 18, 2022
@szszszsz szszszsz deleted the reverse-hotp branch November 18, 2022 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sosthene-nitrokey sosthene-nitrokey sosthene-nitrokey requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@szszszsz @sosthene-nitrokey