From 54326a8373c70b49b3f122365295b82ee4b2bf1b Mon Sep 17 00:00:00 2001 From: Manasij Sur Roy Date: Tue, 21 Mar 2017 14:35:07 +0530 Subject: [PATCH] Auth-FW based FIDO Authenticator implementation Change-Id: Id408afb6a2a4c2036bea095150871e11f798e901 Signed-off-by: Manasij Sur Roy --- CMakeLists.txt | 4 +- common/AsmHelper.h | 6 +-- packaging/fido-asm.spec | 54 ++++++++++----------- server/auth_discovery/src/AuthManager.cpp | 42 ++++++++-------- silent_auth/CMakeLists.txt | 4 ++ silent_auth/instructions.txt | 34 +++++++++++++ silent_auth/silent_auth_entry.cpp | 81 ++++++++++++++++++++++++++++++- test/RADemoTV/.cproject | 24 ++++----- test/RADemoTV/.project | 6 +++ test/RADemoTV/.sign/.manifest.tmp | 4 +- test/RADemoTV/.sign/author-signature.xml | 8 +-- test/RADemoTV/.sign/signature1.xml | 10 ++-- 12 files changed, 199 insertions(+), 78 deletions(-) create mode 100644 silent_auth/instructions.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index 1cdee6f..1aabe10 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -13,9 +13,9 @@ ADD_SUBDIRECTORY(ui) ADD_SUBDIRECTORY(roaming_agent) ADD_SUBDIRECTORY(common/dbus_interfaces) ADD_SUBDIRECTORY(bt_roaming_agent) -ADD_SUBDIRECTORY(ble_roaming_agent) +##ADD_SUBDIRECTORY(ble_roaming_agent) ADD_DEPENDENCIES(fido-asm fido-asm-dbus) ADD_DEPENDENCIES(fido-bt-ragent-service fido-asm-dbus) -ADD_DEPENDENCIES(fido-ble-ragent-service fido-asm-dbus) +##ADD_DEPENDENCIES(fido-ble-ragent-service fido-asm-dbus) ADD_DEPENDENCIES(fido-roaming-agent-service fido-asm-dbus) ADD_DEPENDENCIES(asmui fido-asm-dbus) diff --git a/common/AsmHelper.h b/common/AsmHelper.h index 5850666..2b61584 100644 --- a/common/AsmHelper.h +++ b/common/AsmHelper.h @@ -67,15 +67,15 @@ #define LOG_TAG "org.tizen.fido.asm" #ifndef _ERR -#define _ERR(fmt, args...) LOGE("[%s:%d] "fmt"\n", __func__, __LINE__, ##args) +#define _ERR(fmt, args...) LOGE("[%s:%d] " fmt"\n", __func__, __LINE__, ##args) #endif #ifndef _DBG -#define _DBG(fmt, args...) LOGD("[%s:%d] "fmt"\n", __func__, __LINE__, ##args) +#define _DBG(fmt, args...) LOGD("[%s:%d] " fmt"\n", __func__, __LINE__, ##args) #endif #ifndef _INFO -#define _INFO(fmt, args...) LOGI("[%s:%d] "fmt"\n", __func__, __LINE__, ##args) +#define _INFO(fmt, args...) LOGI("[%s:%d] " fmt"\n", __func__, __LINE__, ##args) #endif #ifndef _BEGIN diff --git a/packaging/fido-asm.spec b/packaging/fido-asm.spec index 2868296..83ef1df 100644 --- a/packaging/fido-asm.spec +++ b/packaging/fido-asm.spec @@ -10,7 +10,7 @@ Source1: org.tizen.fido-asm.service Source2: org.tizen.fido-asm.conf Source3: fido-asm.service Source4: fido-roaming-agent.service -Source5: fido-ble-roaming-agent.service +##Source5: fido-ble-roaming-agent.service Source6: fido-bt-roaming-agent.service BuildRequires: cmake @@ -95,10 +95,6 @@ install -m 0644 %SOURCE4 %{buildroot}%{_unitdir}/fido-roaming-agent.service %install_service multi-user.target.wants fido-roaming-agent.service mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants -install -m 0644 %SOURCE5 %{buildroot}%{_unitdir}/fido-ble-roaming-agent.service -%install_service multi-user.target.wants fido-ble-roaming-agent.service - -mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants install -m 0644 %SOURCE6 %{buildroot}%{_unitdir}/fido-bt-roaming-agent.service %install_service multi-user.target.wants fido-bt-roaming-agent.service @@ -242,6 +238,8 @@ BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(glib-2.0) >= 2.26 BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(capi-network-connection) +BuildRequires: pkgconfig(syspopup-caller) +BuildRequires: pkgconfig(buxton2) %description -n fido_silent FIDO Silent Authenticator @@ -300,29 +298,29 @@ chsmack -a '_' /opt/data/fido-ra/*.dat ################################################################################# # FIDO BLE Roaming Agent ################################################################################# -%package -n fido_ble_roaming_agent -Summary: FIDO BLE Roaming Agent -Group: Account - -BuildRequires: cmake -BuildRequires: pkgconfig(capi-appfw-application) -BuildRequires: pkgconfig(dlog) -BuildRequires: pkgconfig(bundle) -BuildRequires: pkgconfig(json-glib-1.0) -BuildRequires: pkgconfig(glib-2.0) >= 2.26 -BuildRequires: pkgconfig(gio-unix-2.0) -BuildRequires: pkgconfig(capi-network-connection) -BuildRequires: pkgconfig(capi-network-bluetooth) - - -%description -n fido_ble_roaming_agent -FIDO BT Roaming Agent GATT Server - -%files -n fido_ble_roaming_agent -%manifest fido-ble-ragent.manifest -%{_bindir}/fido-ble-ragent-service -%{_unitdir}/fido-ble-roaming-agent.service -%{_unitdir}/multi-user.target.wants/fido-ble-roaming-agent.service +##%package -n fido_ble_roaming_agent +##Summary: FIDO BLE Roaming Agent +##Group: Account + +##BuildRequires: cmake +##BuildRequires: pkgconfig(capi-appfw-application) +##BuildRequires: pkgconfig(dlog) +##BuildRequires: pkgconfig(bundle) +##BuildRequires: pkgconfig(json-glib-1.0) +##BuildRequires: pkgconfig(glib-2.0) >= 2.26 +##BuildRequires: pkgconfig(gio-unix-2.0) +##BuildRequires: pkgconfig(capi-network-connection) +##BuildRequires: pkgconfig(capi-network-bluetooth) + + +##%description -n fido_ble_roaming_agent +##FIDO BT Roaming Agent GATT Server + +##%files -n fido_ble_roaming_agent +##%manifest fido-ble-ragent.manifest +##%{_bindir}/fido-ble-ragent-service +##%{_unitdir}/fido-ble-roaming-agent.service +##%{_unitdir}/multi-user.target.wants/fido-ble-roaming-agent.service ################################################################################# # FIDO BT Roaming Agent diff --git a/server/auth_discovery/src/AuthManager.cpp b/server/auth_discovery/src/AuthManager.cpp index 5402cfd..adfb8cb 100644 --- a/server/auth_discovery/src/AuthManager.cpp +++ b/server/auth_discovery/src/AuthManager.cpp @@ -38,27 +38,27 @@ AuthManager::initProviders(void) __providerList.push_back(badPro); - if (RoamingUtil::isRASupported() == true) { - IADProvider *radPro = new IotADProvider(); - int retRa = radPro->init(); - if (retRa == 0) { - _INFO("Roaming Provider=[%p]", radPro); - __providerList.push_back(radPro); - } else { - _INFO("RA not supported"); - delete radPro; - } - } - - IADProvider *blePro = new BleAdProvider(); - int retBle = blePro->init(); - if (retBle == 0) { - _INFO("BLE Provider=[%p]", blePro); - __providerList.push_back(blePro); - } else { - _INFO("BLE Provider not supported"); - delete blePro; - } +// if (RoamingUtil::isRASupported() == true) { +// IADProvider *radPro = new IotADProvider(); +// int retRa = radPro->init(); +// if (retRa == 0) { +// _INFO("Roaming Provider=[%p]", radPro); +// __providerList.push_back(radPro); +// } else { +// _INFO("RA not supported"); +// delete radPro; +// } +// } + +// IADProvider *blePro = new BleAdProvider(); +// int retBle = blePro->init(); +// if (retBle == 0) { +// _INFO("BLE Provider=[%p]", blePro); +// __providerList.push_back(blePro); +// } else { +// _INFO("BLE Provider not supported"); +// delete blePro; +// } IADProvider *btPro = new BtAdProvider(); int retBt = btPro->init(); diff --git a/silent_auth/CMakeLists.txt b/silent_auth/CMakeLists.txt index 4021531..37e7a06 100644 --- a/silent_auth/CMakeLists.txt +++ b/silent_auth/CMakeLists.txt @@ -29,6 +29,10 @@ pkg_check_modules(SILENT_AUTH_PKGS REQUIRED capi-network-connection aul libtzplatform-config + syspopup-caller + capi-appfw-application + capi-appfw-app-manager + buxton2 ) FOREACH(flag ${SILENT_AUTH_PKGS_CFLAGS}) diff --git a/silent_auth/instructions.txt b/silent_auth/instructions.txt new file mode 100644 index 0000000..1bc48bb --- /dev/null +++ b/silent_auth/instructions.txt @@ -0,0 +1,34 @@ +======================================================================== +FIDO Authenticator Plugin based on Auth-FW +======================================================================== +This is a FIDO Authenticator which utilizes Tizen Device PIN using "auth-fw". +This utilizes fido-syspopup for PIN UI. + +Instructions for TM1, Bound Use Case: + +Setup:- +1. Build fido-asm and fido-syspopup +2. Uninstall dummyasm +3. Install fido-asm, fido_silent_auth using rpm -ivh --force command. +4. Install fido-syspopup as globalapp: + - rpm -ivh --force --nodeps /home/org.tizen.fido-syspopup-1.0-1.armv7l.rpm + - tpk-backend -y org.tizen.fido-syspopup --preload +5. (Once per device only) Add org.tizen.fido-syspopup into auth-fw client whitelist + - echo "User::Pkg::org.tizen.fido-syspopup" >> /etc/auth-fw/client-whitelist +6. Install rademotv from IDE +If IDE does not recognize TM1 then: +sdb push org.example.rademotv-1.0.0-arm.tpk /opt/usr/home/owner/apps_rw/tmp +sdb shell tpk-backend -i /opt/usr/home/owner/apps_rw/tmp/org.example.rademotv-1.0.0-arm.tpk +sdb shell tpk-backend -i /opt/usr/home/owner/apps_rw/tmp/org.example.rademotv-1.0.0-arm.tpk --preload + +6. Reboot + +Test:- +1. Launch RADemoTV. +2. Register New user. +3. Enter any name. +4. PIN UI will be launched, enter 2 digit PIN, confirm the same again. +(If the device already has PIN setup previously via Settings, then instead of setting new PIN you must enter the +previous PIN) +5. Registration completes. +6. For Authenticate: Enter PIN to verify. diff --git a/silent_auth/silent_auth_entry.cpp b/silent_auth/silent_auth_entry.cpp index 4235647..5d04721 100644 --- a/silent_auth/silent_auth_entry.cpp +++ b/silent_auth/silent_auth_entry.cpp @@ -21,6 +21,12 @@ #include #include #include +#include +#include +#include +#include +#include + #include "silent_auth_entry.h" #include "GetInfoReqTlvEncoder.h" @@ -78,6 +84,9 @@ static int __sign_counter = 1; #define AUTH_EXTENSION_RESPONSE_SUCCESS "success" #define AUTH_EXTENSION_RESPONSE_SUCCESS_LEN 128 +#define PWD_VERIFY_STATUS_TS_KEY "LOCK_PWD_VERIFY_STATUS_TS_KEY" +#define PWD_VERIFY_STATUS_KEY "LOCK_PWD_VERIFY_STATUS_KEY" + #ifdef JSON_BUILDER static void __add_string_to_json_object(JsonBuilder *json_obj, const char *key, const char *val) @@ -1118,6 +1127,9 @@ fido_auth_plugin_is_enrolled(const char *args) return true; } +#define TS_KEY "ts" +#define TS_VAL_TEST "test" + EXPORT_API int fido_auth_plugin_enroll(const char *args) { @@ -1129,8 +1141,75 @@ fido_auth_plugin_enroll(const char *args) EXPORT_API int fido_auth_plugin_verify(const char *cmd, const char *fch, char **verif_token) { + time_t ts = time(0); + _INFO(""); - /*TODO: user verification*/ + bundle *b = NULL; + b = bundle_create(); + char ts_str[1024] = {0, }; + snprintf(ts_str, 1024 - 1, "%lld", (long long)ts); + bundle_add(b, TS_KEY, ts_str); + _INFO("[%s]", ts_str); + + int ret = syspopup_launch((char *)"fido-syspopup", b); + if (ret != 0) { + _ERR("syspopup_launch Error = [%d]", ret); + return -1; + } + + /*buxton watch*/ + struct buxton_client *cli; + struct buxton_layer *layer; + + int r = buxton_open(&cli, NULL, NULL); + if (r) { + _ERR("buxton_open=[%d]", r); + return -1; + } + + layer = buxton_create_layer("system"); + + /*long long int poll_count = 0;*/ + + while (1) { + usleep(1000); + buxton_value *val_ts = NULL; + r = buxton_get_value_sync(cli, layer, PWD_VERIFY_STATUS_TS_KEY, &val_ts); + if (r == -1) { + _ERR("buxton_get_value_sync=[%d]", r); + return -1; + } + if (val_ts != NULL) { + char *val_ts_str = NULL; + buxton_value_get_string(val_ts, (const char **)&val_ts_str); + if (val_ts_str != NULL) { + /*poll_count++;*/ + /*if ((poll_count % 50) == 0) + _INFO("[%s][%s]", val_ts_str, ts_str);*/ + + if (strcmp(val_ts_str, ts_str) == 0) { + _INFO("Received matching ts"); + buxton_value *val_bool = NULL; + r = buxton_get_value_sync(cli, layer, PWD_VERIFY_STATUS_KEY, &val_bool); + _INFO("buxton_get_value_sync=[%d]", r); + if (val_bool != NULL) { + int val_verifiy = false; + buxton_value_get_boolean(val_bool, &val_verifiy); + _INFO("val_verifiy=[%d]", val_verifiy); + if (val_verifiy != 0) + return 0; + else + return -1; + } else { + _ERR(""); + return -1; + } + } + } + } + + } + _ERR("Out of while!!"); return 0; } diff --git a/test/RADemoTV/.cproject b/test/RADemoTV/.cproject index ebc8598..20b7d24 100644 --- a/test/RADemoTV/.cproject +++ b/test/RADemoTV/.cproject @@ -322,10 +322,10 @@ - - - - @@ -437,10 +437,10 @@ - - - - @@ -552,7 +552,7 @@ - diff --git a/test/RADemoTV/.project b/test/RADemoTV/.project index 46db98f..57fe641 100644 --- a/test/RADemoTV/.project +++ b/test/RADemoTV/.project @@ -6,6 +6,11 @@ + org.tizen.nativecore.apichecker.apicheckerbuilder + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder @@ -22,6 +27,7 @@ org.eclipse.cdt.core.ccnature org.eclipse.cdt.managedbuilder.core.managedBuildNature org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + org.tizen.nativecore.apichecker.apicheckernature diff --git a/test/RADemoTV/.sign/.manifest.tmp b/test/RADemoTV/.sign/.manifest.tmp index 0e0ccde..6453fc3 100644 --- a/test/RADemoTV/.sign/.manifest.tmp +++ b/test/RADemoTV/.sign/.manifest.tmp @@ -26,8 +26,8 @@ res/offline_auth_req.json__DEL__oZb4hdBo7gfvHQp3Phmi7OrQvOTkYebs+cj0CUB55wQ= res/offline_dereg_req.json__DEL__ls9i8E/7YfyG+yCzw/XQC8as8ooSZNM8ItkTCvG3AQ0= res/offline_reg_req.json__DEL__rdOHCvLX1D/a4sN49GMCPTDj4spKyHjgXrcTvDmtHmI= res/ui-controls.edc__DEL__yT6Ox68AGW/HIfljsxpDJ0/42qHiF0sSTOPCj0hDChM= -res/ui-controls.edj__DEL__zY+RgwVhayMhI8gOpkbxqIKV8/Sqe8uUkf/hn4wUZcQ= +res/ui-controls.edj__DEL__nf2E5KtcXKvxS/HUTnR60HxwBrU7JMxbEM3lfwxCn/8= shared/res/fido.png__DEL__9DwesXg1NEg1AEHfbtrY6C9YwJoypEr2v6hOyWHW6i8= shared/res/rademotv.png__DEL__1d0oEZHqPn+QzNzGIHwj9ODby6x9ggFs9uOsav6jPNs= tizen-manifest.xml__DEL__hf3BnDDOp8ZyVZbapG4QNDJtBWqH8Qa24aJD4/kN4dY= -author-signature.xml__DEL__7K9ckaGz1GQydrpk8zkpnZw1mh7PkeJZQ41FJxuRd3Q= +author-signature.xml__DEL__y4enTiLoUZO3luwmsmV3hK5i2fohhohsYOxM6GGripk= diff --git a/test/RADemoTV/.sign/author-signature.xml b/test/RADemoTV/.sign/author-signature.xml index 845390e..035e5a0 100644 --- a/test/RADemoTV/.sign/author-signature.xml +++ b/test/RADemoTV/.sign/author-signature.xml @@ -116,7 +116,7 @@ -zY+RgwVhayMhI8gOpkbxqIKV8/Sqe8uUkf/hn4wUZcQ= +nf2E5KtcXKvxS/HUTnR60HxwBrU7JMxbEM3lfwxCn/8= @@ -139,9 +139,9 @@ -o9X1remP0l3i/1LdxaKEtQungByfq6filBpnmxprmlrLGlbJ8NvlYwLGbiESY21gHajumW4Zyn// -c/iy8VFQOX04y9Nk2cxLO2Ut3RjUIakHyk32y+KgoBlRZAusGD1EQ/zu0noLLbiSzZcFhe96NO+d -b74qVqwdHfy9tYxkyao= +MlYR5rz7dFxkEYZtkZj4l+iSZh4dZSlxSvZVriY1s1D07Jbzm016xmcv15KQq6GrP6mW67P9mVNv +QoW+I4F/7jnTl/5ofa03oI5cB18AT3Mr/AX0fKM/JHBxnutpjK2MdNj6VANv7bZ/9H64tTOeZQHr +HLJH0TwfmAVwPBkXDU0= diff --git a/test/RADemoTV/.sign/signature1.xml b/test/RADemoTV/.sign/signature1.xml index 6a21c0d..cdd3b09 100644 --- a/test/RADemoTV/.sign/signature1.xml +++ b/test/RADemoTV/.sign/signature1.xml @@ -4,7 +4,7 @@ -7K9ckaGz1GQydrpk8zkpnZw1mh7PkeJZQ41FJxuRd3Q= +y4enTiLoUZO3luwmsmV3hK5i2fohhohsYOxM6GGripk= @@ -120,7 +120,7 @@ -zY+RgwVhayMhI8gOpkbxqIKV8/Sqe8uUkf/hn4wUZcQ= +nf2E5KtcXKvxS/HUTnR60HxwBrU7JMxbEM3lfwxCn/8= @@ -143,9 +143,9 @@ -G9pc7RO8mSwrw7f796Ngr1qU37WS3jRv9g8Sm5ugLxsJ23F6D3glkBRwiDvpTMc0/y/JtzINzCgs -ArloFO39fWP8kEKHcTkkVPXGED3D7jl3eVIYcIcgLD0iFsHFFzBHKRVIrZORmQIt9J3F6Ul8q9rQ -IwXK4ORO1aTjOqP6lgM= +HApMDDq7LO1eI07Iw5VjSAaM73WeFAtQeW8KQi3e5SyHCbUWoKTDSFwHA/Y2+91iqJnC/3KN2ksy +S8CwCOBAMx5kWSr+01qiQIv5J0tV3T0/PFN/rMwXGX4SaImwYJ+g/Xdwns4gZCaTISZBqQPi25NM +QDcoZ3vdFA/uFzmSIVw= -- 2.7.4