jaseg/secure-hid
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

GUI pairing working as it should

Browse source
This commit is contained in:
jaseg 2018-11-14 09:39:43 +09:00
parent 370301e06d
commit 9249e792a1
5 changed files with 59 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

23
hexnoise.py
View file

@ -28,8 +28,9 @@ class ReportType(enum.Enum):
KEYBOARD = 1 KEYBOARD = 1
MOUSE = 2 MOUSE = 2
PAIRING_INPUT = 3 PAIRING_INPUT = 3
PAIRING_SUCESS = 4 PAIRING_SUCCESS = 4
PAIRING_ERROR = 5 PAIRING_ERROR = 5
PAIRING_START = 6
class ProtocolError(Exception): class ProtocolError(Exception):
pass pass
@ -205,6 +206,8 @@ class NoiseEngine:
self.proto.set_as_initiator() self.proto.set_as_initiator()
self.proto.set_keypair_from_private_bytes(Keypair.STATIC, self.static_local) self.proto.set_keypair_from_private_bytes(Keypair.STATIC, self.static_local)
self.proto.start_handshake() self.proto.start_handshake()
self.paired = False
self.connected = False
self.packetizer.send_packet(PacketType.INITIATE_HANDSHAKE, b'') self.packetizer.send_packet(PacketType.INITIATE_HANDSHAKE, b'')
self.debug_print('Handshake started') self.debug_print('Handshake started')
@ -226,6 +229,17 @@ class NoiseEngine:
self.proto.read_message(payload) self.proto.read_message(payload)
else: else:
raise ProtocolError(f'Incorrect packet type {pkt_type}. Ignoring since this is only test code.') raise ProtocolError(f'Incorrect packet type {pkt_type}. Ignoring since this is only test code.')
msg_type, payload = self.packetizer.receive_packet()
rtype, data = self._decrypt(payload)
if rtype is ReportType.PAIRING_SUCCESS:
self.connected, self.paired = True, True
elif rtype is ReportType.PAIRING_START:
self.connected, self.paired = True, False
else:
self.connected, self.paired = True, False
raise UserWarning(f'Unexpected record type {rtype} in {msg_type} packet. Ignoring.')
if self.debug: if self.debug:
print('Handshake finished, handshake hash:') print('Handshake finished, handshake hash:')
hexdump(print, self.proto.get_handshake_hash()) hexdump(print, self.proto.get_handshake_hash())
@ -282,7 +296,7 @@ class NoiseEngine:
def pairing_messages(self): def pairing_messages(self):
user_input = '' user_input = ''
for msg_type, payload in self.receive_loop(): for msg_type, payload in self.receive_loop():
if msg_type == ReportType.PAIRING_INPUT: if msg_type is ReportType.PAIRING_INPUT:
ch = chr(payload[0]) ch = chr(payload[0])
if ch == '\b': if ch == '\b':
user_input = user_input[:-1] user_input = user_input[:-1]
@ -290,10 +304,10 @@ class NoiseEngine:
user_input += ch user_input += ch
yield user_input yield user_input
elif msg_type == ReportType.PAIRING_SUCESS: elif msg_type is ReportType.PAIRING_SUCCESS:
break break
elif msg_type == ReportType.PAIRING_ERROR: elif msg_type is ReportType.PAIRING_ERROR:
raise ProtocolError('Device-side pairing error') # FIXME find better exception subclass here raise ProtocolError('Device-side pairing error') # FIXME find better exception subclass here
else: else:
@ -313,7 +327,6 @@ class NoiseEngine:
keys = { *KeyMapper.map_modifiers(modbyte), *KeyMapper.map_regulars(keycodes) } keys = { *KeyMapper.map_modifiers(modbyte), *KeyMapper.map_regulars(keycodes) }
if self.debug: if self.debug:
print('Emitting:', keys) print('Emitting:', keys)
print('payload:', binascii.hexlify(payload), 'emitting:', keys)
for key in keys - old_kcs: for key in keys - old_kcs:
ui.emit(key, 1, syn=False) ui.emit(key, 1, syn=False)

38
pairing.py
View file

@ -49,27 +49,29 @@ class PairingWindow(Gtk.Window):
def run_handshake(self): def run_handshake(self):
self.noise.perform_handshake() self.noise.perform_handshake()
binding_incantation = self.noise.channel_binding_incantation() if not self.noise.paired:
self.label.set_markup(f'<b>Step 2</b>\n\nPerform channel binding ritual.\n' binding_incantation = self.noise.channel_binding_incantation()
f'Enter the following incantation, then press enter.\n' GLib.idle_add(self.label.set_markup,
f'<b>{binding_incantation}</b>') f'<b>Step 2</b>\n\nPerform channel binding ritual.\n'
f'Enter the following incantation, then press enter.\n'
def update_text(text): f'<b>{binding_incantation}</b>')
self.entry.set_text(text)
self.entry.set_position(len(text)) def update_text(text):
self.entry.set_text(text)
self.entry.set_position(len(text))
clean = lambda s: re.sub('[^a-z0-9-]', '', s.lower()) clean = lambda s: re.sub('[^a-z0-9-]', '', s.lower())
if clean(binding_incantation).startswith(clean(text)): if clean(binding_incantation).startswith(clean(text)):
color = 0.9, 1.0, 0.9 # light red color = 0.9, 1.0, 0.9 # light red
else: else:
color = 1.0, 0.9, 0.9 # light green color = 1.0, 0.9, 0.9 # light green
self.entry.override_background_color(Gtk.StateType.NORMAL, Gdk.RGBA(*color, 1.0)) self.entry.override_background_color(Gtk.StateType.NORMAL, Gdk.RGBA(*color, 1.0))
for user_input in self.noise.pairing_messages(): for user_input in self.noise.pairing_messages():
print(f'User input: "{user_input}"') print(f'User input: "{user_input}"')
GLib.idle_add(update_text, user_input) GLib.idle_add(update_text, user_input)
self.label.set_markup(f'<b>Done!</b>') GLib.idle_add(self.label.set_markup, f'<b>Done!</b>')
# FIXME demo # FIXME demo
self.noise.uinput_passthrough() self.noise.uinput_passthrough()

16
src/demo.c
View file

@ -61,8 +61,8 @@ static uint8_t remote_key_reference[CURVE25519_KEY_LEN];
void _fini(void); void _fini(void);
static inline void delay_ms_busy_loop(uint32_t ms) { static inline void delay(uint32_t n) {
for (volatile uint32_t i = 0; i < 14903*ms; i++); for (volatile uint32_t i = 0; i < 1490*n; i++);
} }
@ -414,10 +414,16 @@ int main(void)
if (generate_identity_key(&noise_state)) if (generate_identity_key(&noise_state))
LOG_PRINTF("Error generating identiy key\n"); LOG_PRINTF("Error generating identiy key\n");
int poll_ctr = 0;
while (23) { while (23) {
TRACING_SET(TR_USBH_POLL); delay(1);
usbh_poll(tim6_get_time_us());
TRACING_CLEAR(TR_USBH_POLL); if (++poll_ctr == 10) {
poll_ctr = 0;
TRACING_SET(TR_USBH_POLL);
usbh_poll(tim6_get_time_us());
TRACING_CLEAR(TR_USBH_POLL);
}
TRACING_SET(TR_HOST_PKT_HANDLER); TRACING_SET(TR_HOST_PKT_HANDLER);
if (host_packet_length > 0) { if (host_packet_length > 0) {

9
src/noise.c
View file

@ -147,9 +147,18 @@ int try_continue_noise_handshake(struct NoiseState *st, uint8_t *buf, size_t len
HANDLE_NOISE_ERROR(noise_dhstate_get_public_key(remote_dh, st->remote_key, sizeof(st->remote_key)), "getting remote pubkey"); HANDLE_NOISE_ERROR(noise_dhstate_get_public_key(remote_dh, st->remote_key, sizeof(st->remote_key)), "getting remote pubkey");
if (!memcmp(st->remote_key, st->remote_key_reference, sizeof(st->remote_key))) { /* keys match */ if (!memcmp(st->remote_key, st->remote_key_reference, sizeof(st->remote_key))) { /* keys match */
uint8_t response = REPORT_PAIRING_SUCCESS;
if (send_encrypted_message(st, &response, sizeof(response)))
LOG_PRINTF("Error sending pairing response packet\n");
uninit_handshake(st, HANDSHAKE_DONE_KNOWN_HOST); uninit_handshake(st, HANDSHAKE_DONE_KNOWN_HOST);
st->failed_handshakes = 0; st->failed_handshakes = 0;
} else { /* keys don't match */ } else { /* keys don't match */
uint8_t response = REPORT_PAIRING_START;
if (send_encrypted_message(st, &response, sizeof(response)))
LOG_PRINTF("Error sending pairing response packet\n");
uninit_handshake(st, HANDSHAKE_DONE_UNKNOWN_HOST); uninit_handshake(st, HANDSHAKE_DONE_UNKNOWN_HOST);
st->failed_handshakes++; st->failed_handshakes++;
} }

1
src/packet_interface.h
View file

@ -23,6 +23,7 @@ enum packet_types {
REPORT_PAIRING_INPUT = 3, REPORT_PAIRING_INPUT = 3,
REPORT_PAIRING_SUCCESS = 4, REPORT_PAIRING_SUCCESS = 4,
REPORT_PAIRING_ERROR = 5, REPORT_PAIRING_ERROR = 5,
REPORT_PAIRING_START = 6,
}; };
struct hid_report_packet { struct hid_report_packet {