fidati is a FIDO2 U2F token implementation for the F-Secure USB Armory Mk.II, written in Go by leveraging the Tamago compiler.
This repository holds a developer-friendly Tamago firmware, for a more user-friendly one check out GoKey.
This project is still very much a Proof-of-Concept and should be handled as such: there are exactly zero guarantees about the safety/security of fidati.
Code is still work-in-progress, expect bugs/bad practices and so on.
What works:
- HID interface
- key generation
- site registration
- site authentication
fidati uses the microSD card as its support for persistency.
Currently no filesystem is supported, so fidati will use up the entire microSD space if needed.
This means that fidati can only be ran from the Armory eMMC - a future revision will fix this.
To prepare a microSD for fidati, zero out the first 512 bytes:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 count=1No relying party private key is stored, the microSD is only used to store a monotonic counter.
For more details about how fidati deterministic key derivation works, see here.
You can run fidati with or without a bootloader.
By default the project Makefile produces a binary with logging disabled.
To enable logging append TARGET="'usbarmory debug fidati_logs'" to the make parameters.
fidati as a library disables logging by default.
To enable it, build your program with the fidati_logs build tag.
$ make
This command will produce a self-standing ELF executable, fidati, which can be booted via U-Boot in the usual way:
ext4load mmc 0:1 0x80800000 /fidati
bootelf 0x80800000
$ make imx
This command will produce a i.MX native image, fidati.imx, which can be flashed to either the internal Armory eMMC or a microSD.
Refer to these instructions for further instructions.
fidati can be used as a library, by importing the github.com/gsora/fidati package and invoking the ConfigureUSB() function.
See firmware/main.go and firmware/usb.go for an example.
fidati implements the bare minimum functionality to act as a FIDO2 U2F token, as detailed by the FIDO Alliance.
A default attestation certificate and private key are contained in this repository, in the /certs directory.
A CLI tool – gen-cert – is available for those who want to generate their own certificate and private key.
For each relying party, given their appID and a device-specific master key fidati derives in a deterministic fashion an ECDSA private key, which will then be used in the registration and authentication phase.
The derivation algorithm is defined as follows:
nonce := (32 secure random bytes)
relyingPartyPrivateKey := HMAC-SHA256(MasterKey, appID, nonce)
keyHandle := HMAC-SHA256(MasterKey, appID, relyingPartyPrivateKey) + nonce
To derive the private key back given a keyHandle and appID, one must extract the nonce by reading the last 32 bytes of keyHandle and then execute the algorithm again.
To test U2F token registration and login, the following tools can be used: