diff options
author | jaseg <git@jaseg.net> | 2018-11-14 09:39:43 +0900 |
---|---|---|
committer | jaseg <git@jaseg.net> | 2018-11-14 09:39:43 +0900 |
commit | 9249e792a1cc7ef6d04fa6a8eba6bd9bbc066915 (patch) | |
tree | cc85ad5f592b460f57471a3741d2ddeee6103912 | |
parent | 370301e06da15aada3772461d9f96d50d87475ca (diff) | |
download | secure-hid-9249e792a1cc7ef6d04fa6a8eba6bd9bbc066915.tar.gz secure-hid-9249e792a1cc7ef6d04fa6a8eba6bd9bbc066915.tar.bz2 secure-hid-9249e792a1cc7ef6d04fa6a8eba6bd9bbc066915.zip |
GUI pairing working as it should
-rwxr-xr-x | hexnoise.py | 23 | ||||
-rwxr-xr-x | pairing.py | 44 | ||||
-rw-r--r-- | src/demo.c | 16 | ||||
-rw-r--r-- | src/noise.c | 9 | ||||
-rw-r--r-- | src/packet_interface.h | 1 |
5 files changed, 62 insertions, 31 deletions
diff --git a/hexnoise.py b/hexnoise.py index cfbe9df..55a2be2 100755 --- a/hexnoise.py +++ b/hexnoise.py @@ -28,8 +28,9 @@ class ReportType(enum.Enum): KEYBOARD = 1 MOUSE = 2 PAIRING_INPUT = 3 - PAIRING_SUCESS = 4 + PAIRING_SUCCESS = 4 PAIRING_ERROR = 5 + PAIRING_START = 6 class ProtocolError(Exception): pass @@ -205,6 +206,8 @@ class NoiseEngine: self.proto.set_as_initiator() self.proto.set_keypair_from_private_bytes(Keypair.STATIC, self.static_local) self.proto.start_handshake() + self.paired = False + self.connected = False self.packetizer.send_packet(PacketType.INITIATE_HANDSHAKE, b'') self.debug_print('Handshake started') @@ -226,6 +229,17 @@ class NoiseEngine: self.proto.read_message(payload) else: raise ProtocolError(f'Incorrect packet type {pkt_type}. Ignoring since this is only test code.') + + msg_type, payload = self.packetizer.receive_packet() + rtype, data = self._decrypt(payload) + if rtype is ReportType.PAIRING_SUCCESS: + self.connected, self.paired = True, True + elif rtype is ReportType.PAIRING_START: + self.connected, self.paired = True, False + else: + self.connected, self.paired = True, False + raise UserWarning(f'Unexpected record type {rtype} in {msg_type} packet. Ignoring.') + if self.debug: print('Handshake finished, handshake hash:') hexdump(print, self.proto.get_handshake_hash()) @@ -282,7 +296,7 @@ class NoiseEngine: def pairing_messages(self): user_input = '' for msg_type, payload in self.receive_loop(): - if msg_type == ReportType.PAIRING_INPUT: + if msg_type is ReportType.PAIRING_INPUT: ch = chr(payload[0]) if ch == '\b': user_input = user_input[:-1] @@ -290,10 +304,10 @@ class NoiseEngine: user_input += ch yield user_input - elif msg_type == ReportType.PAIRING_SUCESS: + elif msg_type is ReportType.PAIRING_SUCCESS: break - elif msg_type == ReportType.PAIRING_ERROR: + elif msg_type is ReportType.PAIRING_ERROR: raise ProtocolError('Device-side pairing error') # FIXME find better exception subclass here else: @@ -313,7 +327,6 @@ class NoiseEngine: keys = { *KeyMapper.map_modifiers(modbyte), *KeyMapper.map_regulars(keycodes) } if self.debug: print('Emitting:', keys) - print('payload:', binascii.hexlify(payload), 'emitting:', keys) for key in keys - old_kcs: ui.emit(key, 1, syn=False) @@ -49,27 +49,29 @@ class PairingWindow(Gtk.Window): def run_handshake(self): self.noise.perform_handshake() - binding_incantation = self.noise.channel_binding_incantation() - self.label.set_markup(f'<b>Step 2</b>\n\nPerform channel binding ritual.\n' - f'Enter the following incantation, then press enter.\n' - f'<b>{binding_incantation}</b>') - - def update_text(text): - self.entry.set_text(text) - self.entry.set_position(len(text)) - - clean = lambda s: re.sub('[^a-z0-9-]', '', s.lower()) - if clean(binding_incantation).startswith(clean(text)): - color = 0.9, 1.0, 0.9 # light red - else: - color = 1.0, 0.9, 0.9 # light green - self.entry.override_background_color(Gtk.StateType.NORMAL, Gdk.RGBA(*color, 1.0)) - - for user_input in self.noise.pairing_messages(): - print(f'User input: "{user_input}"') - GLib.idle_add(update_text, user_input) - - self.label.set_markup(f'<b>Done!</b>') + if not self.noise.paired: + binding_incantation = self.noise.channel_binding_incantation() + GLib.idle_add(self.label.set_markup, + f'<b>Step 2</b>\n\nPerform channel binding ritual.\n' + f'Enter the following incantation, then press enter.\n' + f'<b>{binding_incantation}</b>') + + def update_text(text): + self.entry.set_text(text) + self.entry.set_position(len(text)) + + clean = lambda s: re.sub('[^a-z0-9-]', '', s.lower()) + if clean(binding_incantation).startswith(clean(text)): + color = 0.9, 1.0, 0.9 # light red + else: + color = 1.0, 0.9, 0.9 # light green + self.entry.override_background_color(Gtk.StateType.NORMAL, Gdk.RGBA(*color, 1.0)) + + for user_input in self.noise.pairing_messages(): + print(f'User input: "{user_input}"') + GLib.idle_add(update_text, user_input) + + GLib.idle_add(self.label.set_markup, f'<b>Done!</b>') # FIXME demo self.noise.uinput_passthrough() @@ -61,8 +61,8 @@ static uint8_t remote_key_reference[CURVE25519_KEY_LEN]; void _fini(void);
-static inline void delay_ms_busy_loop(uint32_t ms) {
- for (volatile uint32_t i = 0; i < 14903*ms; i++);
+static inline void delay(uint32_t n) {
+ for (volatile uint32_t i = 0; i < 1490*n; i++);
}
@@ -414,10 +414,16 @@ int main(void) if (generate_identity_key(&noise_state))
LOG_PRINTF("Error generating identiy key\n");
+ int poll_ctr = 0;
while (23) {
- TRACING_SET(TR_USBH_POLL);
- usbh_poll(tim6_get_time_us());
- TRACING_CLEAR(TR_USBH_POLL);
+ delay(1);
+
+ if (++poll_ctr == 10) {
+ poll_ctr = 0;
+ TRACING_SET(TR_USBH_POLL);
+ usbh_poll(tim6_get_time_us());
+ TRACING_CLEAR(TR_USBH_POLL);
+ }
TRACING_SET(TR_HOST_PKT_HANDLER);
if (host_packet_length > 0) {
diff --git a/src/noise.c b/src/noise.c index 9f898dd..a30d338 100644 --- a/src/noise.c +++ b/src/noise.c @@ -147,9 +147,18 @@ int try_continue_noise_handshake(struct NoiseState *st, uint8_t *buf, size_t len HANDLE_NOISE_ERROR(noise_dhstate_get_public_key(remote_dh, st->remote_key, sizeof(st->remote_key)), "getting remote pubkey"); if (!memcmp(st->remote_key, st->remote_key_reference, sizeof(st->remote_key))) { /* keys match */ + uint8_t response = REPORT_PAIRING_SUCCESS; + if (send_encrypted_message(st, &response, sizeof(response))) + LOG_PRINTF("Error sending pairing response packet\n"); + uninit_handshake(st, HANDSHAKE_DONE_KNOWN_HOST); st->failed_handshakes = 0; + } else { /* keys don't match */ + uint8_t response = REPORT_PAIRING_START; + if (send_encrypted_message(st, &response, sizeof(response))) + LOG_PRINTF("Error sending pairing response packet\n"); + uninit_handshake(st, HANDSHAKE_DONE_UNKNOWN_HOST); st->failed_handshakes++; } diff --git a/src/packet_interface.h b/src/packet_interface.h index 0502325..4d1be07 100644 --- a/src/packet_interface.h +++ b/src/packet_interface.h @@ -23,6 +23,7 @@ enum packet_types { REPORT_PAIRING_INPUT = 3, REPORT_PAIRING_SUCCESS = 4, REPORT_PAIRING_ERROR = 5, + REPORT_PAIRING_START = 6, }; struct hid_report_packet { |