solokeys / solo1-cli Goto Github PK

View Code? Open in Web Editor NEW

182.0 25.0 69.0 348 KB

Solo 1 library and CLI in Python

Home Page: https://pypi.org/project/solo-python

License: Apache License 2.0

Makefile 0.92% Python 99.08%

solo1-cli's People

Contributors

Stargazers

Watchers

Forkers

thor77 nickray corbolais joostd merlokk ehershey frodomo morristech jthigh surfndez himtronics aramboi cuongnv mfr78 windmueller wlo ddrown jolo1581 hausindustries rgerganov my1 artemdinaburg iolaum krayon sullof nna-dev minghuadev enrikb trustcrypto conorpp saravanan30erd asmw uli-heller flintsaw pilou- moslehpour heroickatora stevenwdv iob-arista innir fmardero isabella232 kms15 streetyoga dreammaster38 alexnigl flachschippe lbthomsen rogeliodh dzianisv xad21 balping ergg qu1x ghagl shagib40 dc7kr tjni melika1395 pierre-vo takluyver lguzzon-scratchbook codyps lunyauwu

solo1-cli's Issues

pdoc Documentation

Turns out Python has a hassle-free, good documentation system: https://pdoc.dev/

Let's use it (and host on GitHub Pages).

Update throws MacOsHidDevice error

I want to update my Solo Key but unfortunately I get following error message:

$ solo key update
Wrote temporary copy of firmware-3.1.0.json to /var/folders/h_/114j7dh94x18slkgdpbc_3gw1844k4/T/tmpwibmajqh.json
sha256sums coincide: 3120da98b05a992e52b8a8bc8d3924b7633d7a84c9fb319e497c698511838528
Switching into bootloader mode...
Exception ignored in: <function MacOsHidDevice.__del__ at 0x10609d320>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/macos.py", line 458, in __del__
    self.device_handle,
AttributeError: 'MacOsHidDevice' object has no attribute 'device_handle'
error:
problem flashing firmware!
no Solo found

Run with

$ solo version    
0.0.23

solo key wink and solo ls is working as expected though

PIN needed in HMAC?

okay, so 2 questions:

is it possible to drop PIN Requirement for HMAC or make it optional or whatever
could we add a way to insert the pin for the 2 hmac commands.

because for me they just die with "PIN required" which obviously sux.

as they obviously can be (and are) used for things where the response actually us used for something like crypto it might be an interesting Idea to use different secrets for acting with and without pin. that way if one wants pin it cannot just be skipped. and as these things may run local you might not want the response for something you want pin output without pin obviously, and no idea whether it could discern by credID whether PIN is wanted or not so a dual-secret approach may be fun

Python dump doing rng raw

It'll have to speak for itself; I've no idea what it all means (other than "doesn't work!")

$ solo key rng raw > ~/xxx.bin
Traceback (most recent call last):
  File "/home/dick/.local/bin/solo", line 10, in <module>
    sys.exit(solo_cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/dick/.local/lib/python3.7/site-packages/solo/cli/key.py", line 65, in raw
    r = p.get_rng(255)
  File "/home/dick/.local/lib/python3.7/site-packages/solo/client.py", line 203, in get_rng
    ret = self.send_data_hid(SoloBootloader.HIDCommandRNG, struct.pack("B", num))
  File "/home/dick/.local/lib/python3.7/site-packages/solo/client.py", line 143, in send_data_hid
    return self.dev.call(cmd, data, event)
  File "/home/dick/.local/lib/python3.7/site-packages/fido2/hid.py", line 89, in call
    status, resp = self._dev.InternalRecv()
  File "/home/dick/.local/lib/python3.7/site-packages/fido2/_pyu2f/hidtransport.py", line 330, in InternalRecv
    raise OSError('Packets received out of order')
OSError: Packets received out of order

Catch missing /sys/class/hidraw

If you had not hidraw devices attached sinced boot, the directory /sys/class/hidraw may be missing. The fido2 library complains with

  File "/home/nicolas/.local/lib/python3.7/site-packages/solo/cli/__init__.py", line 129, in ls
    solos = solo.client.find_all()
  File "/home/nicolas/.local/lib/python3.7/site-packages/solo/client.py", line 52, in find_all
    hid_devices = list(CtapHidDevice.list_devices())
  File "/usr/lib/python3.7/site-packages/fido2/hid.py", line 136, in list_devices
    for d in hidtransport.hid.Enumerate():
  File "/usr/lib/python3.7/site-packages/fido2/_pyu2f/linux.py", line 183, in Enumerate
    for hidraw in os.listdir('/sys/class/hidraw'):
FileNotFoundError: [Errno 2] No such file or directory: '/sys/class/hidraw

We should catch this.

command not found: solo

Hello there,

Trying to update my solo keys I came across the problem that after installation it doesn't recognize the solo command.

Below the output from the installation script. That gave no error whatsoever.

Running:
A brand new macpro 13'' 2019

Any suggestions?

Thank You,

Maurice

mapolo@mpmac ~ % pip3 install -U solo-python
Requirement already up-to-date: solo-python in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (0.0.19)
Requirement already satisfied, skipping upgrade: cryptography in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (2.8)
Requirement already satisfied, skipping upgrade: pyserial in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (3.4)
Requirement already satisfied, skipping upgrade: fido2==0.7.3 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (0.7.3)
Requirement already satisfied, skipping upgrade: pyusb in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (1.0.2)
Requirement already satisfied, skipping upgrade: ecdsa in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (0.14.1)
Requirement already satisfied, skipping upgrade: intelhex in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (2.2.1)
Requirement already satisfied, skipping upgrade: click>=7.0 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (7.0)
Requirement already satisfied, skipping upgrade: requests in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (2.22.0)
Requirement already satisfied, skipping upgrade: six>=1.4.1 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from cryptography->solo-python) (1.13.0)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from cryptography->solo-python) (1.13.2)
Requirement already satisfied, skipping upgrade: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (1.25.7)
Requirement already satisfied, skipping upgrade: chardet<3.1.0,>=3.0.2 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (3.0.4)
Requirement already satisfied, skipping upgrade: certifi>=2017.4.17 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (2019.9.11)
Requirement already satisfied, skipping upgrade: idna<2.9,>=2.5 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (2.8)
Requirement already satisfied, skipping upgrade: pycparser in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from cffi!=1.11.3,>=1.8->cryptography->solo-python) (2.19)
mapolo@mpmac ~ % solo
zsh: command not found: solo

'solo key update' complains about multiple solo keys

I have one solo key installed and one Yubikey 5 key installed.

This happens:

$ solo key update

Multiple Solo keys are plugged in! Please:
  * unplug all but one key

When I removed the Yubikey the error went away.

Invalid parser option

Solo-python crashes just after running. It looks like one of the parser options are invalid. Log below.

Version: solo-python==0.0.6
Python: Python 3.7.2
OS: Fedora 29

Installed without errors via pip3 install solo-python --user.

$ solo
Traceback (most recent call last):
  File "/home/sz/.local/bin/solo", line 7, in <module>
    from solo.cli import solo_cli
  File "/home/sz/.local/lib/python3.7/site-packages/solo/cli/__init__.py", line 17, in <module>
    from solo.cli.key import key
  File "/home/sz/.local/lib/python3.7/site-packages/solo/cli/key.py", line 18, in <module>
    from solo.cli.update import update
  File "/home/sz/.local/lib/python3.7/site-packages/solo/cli/update.py", line 41, in <module>
    help="Development option: pull firmware from http://localhost:8000",
  File "/usr/lib/python3.7/site-packages/click/decorators.py", line 170, in decorator
    _param_memo(f, OptionClass(param_decls, **attrs))
  File "/usr/lib/python3.7/site-packages/click/core.py", line 1459, in __init__
    Parameter.__init__(self, param_decls, type=type, **attrs)
TypeError: __init__() got an unexpected keyword argument 'hidden'

Installing fails on ubuntu-20.04 when fido2 0.9.0 is used

I tried to install on an ubuntu-20.04 box. I'm doing this:

uli@ulicsl:~/git/cloned$ pip3 install solo-python
Defaulting to user installation because normal site-packages is not writeable
Collecting solo-python
  Downloading solo_python-0.0.26-py3-none-any.whl (43 kB)
     |████████████████████████████████| 43 kB 1.2 MB/s 
Requirement already satisfied: click>=7.0 in /usr/lib/python3/dist-packages (from solo-python) (7.0)
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from solo-python) (2.22.0)
Collecting fido2>=0.8
  Downloading fido2-0.9.0.tar.gz (206 kB)
     |████████████████████████████████| 206 kB 2.7 MB/s 
Collecting pyserial
  Downloading pyserial-3.5-py2.py3-none-any.whl (90 kB)
     |████████████████████████████████| 90 kB 5.2 MB/s 
Collecting pyusb
  Downloading pyusb-1.1.1-py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 5.6 MB/s 
Collecting ecdsa
  Downloading ecdsa-0.16.1-py2.py3-none-any.whl (104 kB)
     |████████████████████████████████| 104 kB 8.8 MB/s 
Requirement already satisfied: cryptography in /usr/lib/python3/dist-packages (from solo-python) (2.8)
Collecting intelhex
  Downloading intelhex-2.3.0-py2.py3-none-any.whl (50 kB)
     |████████████████████████████████| 50 kB 6.8 MB/s 
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from fido2>=0.8->solo-python) (1.14.0)
Building wheels for collected packages: fido2
  Building wheel for fido2 (setup.py) ... done
  Created wheel for fido2: filename=fido2-0.9.0-py2.py3-none-any.whl size=178439 sha256=cd89cfc7ae5485140714b8e1e033f710fc5e7d8adc9e375591ab30f67525b57f
  Stored in directory: /home/uli/.cache/pip/wheels/09/9c/f7/81b6838898d93db1c11373e023bcebc1261b66455ccba0c4c8
Successfully built fido2
Installing collected packages: fido2, pyserial, pyusb, ecdsa, intelhex, solo-python
Successfully installed ecdsa-0.16.1 fido2-0.9.0 intelhex-2.3.0 pyserial-3.5 pyusb-1.1.1 solo-python-0.0.26

I'm getting this error:

uli@ulicsl:~/git/cloned$ solo --help
Traceback (most recent call last):
  File "/home/uli/.local/bin/solo", line 5, in <module>
    from solo.cli import solo_cli
  File "/home/uli/.local/lib/python3.8/site-packages/solo/cli/__init__.py", line 17, in <module>
    from solo.cli.key import key
  File "/home/uli/.local/lib/python3.8/site-packages/solo/cli/key.py", line 24, in <module>
    import solo.fido2
  File "/home/uli/.local/lib/python3.8/site-packages/solo/fido2/__init__.py", line 3, in <module>
    import fido2._pyu2f
ModuleNotFoundError: No module named 'fido2._pyu2f'

Downgrading to 0.8.1 fixes the issue:

uli@ulicsl:~/git/cloned$ pip3 install "fido2==0.8.1"
Defaulting to user installation because normal site-packages is not writeable
Collecting fido2==0.8.1
  Downloading fido2-0.8.1.tar.gz (201 kB)
     |████████████████████████████████| 201 kB 2.9 MB/s 
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from fido2==0.8.1) (1.14.0)
Requirement already satisfied: cryptography>=1.5 in /usr/lib/python3/dist-packages (from fido2==0.8.1) (2.8)
Building wheels for collected packages: fido2
  Building wheel for fido2 (setup.py) ... done
  Created wheel for fido2: filename=fido2-0.8.1-py2.py3-none-any.whl size=160370 sha256=7709875821d6129fcbe2a668c57741191d5e626fd42fe7e3f40cd5be1c5e191c
  Stored in directory: /home/uli/.cache/pip/wheels/cd/28/c1/f0805b67ded1cca2509030ad301b90ce9f39b1be26422b4079
Successfully built fido2
Installing collected packages: fido2
  Attempting uninstall: fido2
    Found existing installation: fido2 0.9.0
    Uninstalling fido2-0.9.0:
      Successfully uninstalled fido2-0.9.0
Successfully installed fido2-0.8.1

uli@ulicsl:~/git/cloned$ solo --help
Usage: solo [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  genkey    Generates key pair that can be used for Solo signed firmware...
  key       Interact with Solo keys, see subcommands.
  ls        List Solos (in firmware or bootloader mode) and potential Solos...
  mergehex  Merges hex files, and patches in the attestation key.
  monitor   Reads Solo Hacker serial output from USB serial port...
  program   Program a key.
  sign      Signs a firmware hex file, outputs a .json file that can be
            used...
  version   Version of python-solo library and tool.

`solo key version` incorrectly reporting unlocked on version 3.0.1

I updated two somu keys, one with bundle-secure-non-solokeys-3.0.1.hex and one with bundle-hacker-3.0.1.hex. solo key version reports "3.0.1 unlocked" for both keys, though one is definitely secured as it can no longer boot to dfu.

Fails to `solo key verify`

[19:04:18 ~]$ solo key version
3.1.1 unlocked
[19:04:25 ~]$ solo key verify
Please press the button on your Solo key
Unexpected run loop exit code: 3
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/macos.py", line 451, in Read
    return self.read_queue.get(False)
  File "/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/queue.py", line 167, in get
    raise Empty
_queue.Empty

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/solo", line 8, in <module>
    sys.exit(solo_cli())
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/solo/cli/key.py", line 322, in verify
    cert = solo.client.find(serial, udp=udp).make_credential(pin=pin)
  File "/usr/local/lib/python3.7/site-packages/solo/client.py", line 235, in make_credential
    attest, data = self.client.make_credential(options, pin=pin)
  File "/usr/local/lib/python3.7/site-packages/fido2/client.py", line 406, in make_credential
    kwargs.get("on_keepalive"),
  File "/usr/local/lib/python3.7/site-packages/fido2/client.py", line 470, in _ctap2_make_credential
    on_keepalive,
  File "/usr/local/lib/python3.7/site-packages/fido2/ctap2.py", line 705, in make_credential
    on_keepalive,
  File "/usr/local/lib/python3.7/site-packages/fido2/ctap2.py", line 642, in send_cbor
    response = self.device.call(CTAPHID.CBOR, request, event, on_keepalive)
  File "/usr/local/lib/python3.7/site-packages/fido2/hid.py", line 89, in call
    status, resp = self._dev.InternalRecv()
  File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/hidtransport.py", line 308, in InternalRecv
    first_read = self.InternalReadFrame()
  File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/hidtransport.py", line 300, in InternalReadFrame
    frame = self.hid_device.Read()
  File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/macos.py", line 453, in Read
    raise OSError('Failed reading a response')
OSError: Failed reading a response

After this, it would not respond correctly until I pulled it out and put it back in.

Doesn't work with latest fido2

    File "solo/__init__.py", line 15, in <module>
      from . import client, commands, dfu, helpers, operations
    File "solo/client.py", line 26, in <module>
      from fido2.utils import Timeout
  ImportError: cannot import name 'Timeout' from 'fido2.utils' (/nix/store/3sisrlq99lahd0dd2a057n6r8nv9iz4g-python3.7-fido2-0.8.1/lib/python3.7/site-packages/fido2/utils.py)

The issue with
https://github.com/solokeys/solo-python/blob/908fa6f57893f5c4b277a44c04be1e6d9e9bd250/solo/client.py#L25
seems to be that the Timeout was recently removed
Yubico/python-fido2@4c48977#diff-8cc874c99a54f35b68bc2633e89a5af9L125

rng doesn't check RNG_SR

It seems like the get_rng command doesn't check the "RNG status register" (RNG_SR).

From page 659 of the reference manual [0]:

When a noise source (or seed) error occurs, the RNG stops generating random numbers and sets to “1” both SEIS and SECS bits to indicate that a seed error occurred. If a value is available in the RNG_DR register, it must not be used as it may not have enough entropy.

The check seems to be done in the embedded code at: https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/rng.c#L28 but why is the check and'ing with 0x66 ? The documentation says that CEIS and SEIS are bit 5 and 6, so shouldn't the check be RNG->SR & 0x60 or RNG->SR & 0x06 depending on endianness?).

[0] RM0394: https://www.st.com/content/ccc/resource/technical/document/reference_manual/group0/b0/ac/3e/8f/6d/21/47/af/DM00151940/files/DM00151940.pdf/jcr:content/translations/en.DM00151940.pdf

solo key verify lists Solo as Solo Tap

basically what it says in the title.

I literally just updated because the verifications were failing, but now my solo is seen as a Tap, which is weird

Unable to Update Key Ubuntu 20.04

Currently it looks like the python library is unable to recognize the solo key for updates in ubuntu 20.04, I've tested it on multiple machines with the result being the same that the device is not found while in bootloader mode. This is on a system with the latest release of the solo python library as well.

I've followed the instructions found here:
https://docs.solokeys.io/udev/

When I plug in the key I get this from dmesg:

[  853.743595] usb 1-3.1: USB disconnect, device number 10
[  858.588314] usb 1-3.1: new full-speed USB device number 11 using xhci_hcd
[  858.913760] usb 1-3.1: New USB device found, idVendor=0483, idProduct=a2ca, bcdDevice= 2.00
[  858.913764] usb 1-3.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.913766] usb 1-3.1: Product: Solo
[  858.913767] usb 1-3.1: Manufacturer: Solo Keys
[  858.913768] usb 1-3.1: SerialNumber: 0123456789ABCDEF
[  858.945011] hid-generic 0003:0483:A2CA.000E: hiddev0,hidraw0: USB HID v1.11 Device [Solo Keys Solo] on usb-0000:03:00.0-3.1/input0
➜  udev git:(master)

But when I run the update I get:

➜  udev git:(master) solo key update 

No Solo key found!

If you are on Linux, are your udev rules up to date?
Try adding a rule line such as the following:
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
For more, see https://docs.solokeys.io/solo/udev/

What's interesting is that when it's not in bootloader mode the python library picks it up and runs fine, but fails because the device is not in bootloader mode. Meaning the key still works fine on Linux I just can't update/patch it.

Unexpected 0x41 markers added during merge

Hi!

While working on solokeys/solo1#238 I have noticed a 0x41 marker on the APPLICATION_END_PAGE boundary, introduced during the all.hex merge. Is it needed anywhere, or is it just for debug purposes (e.g. to hand-check firmware dump)?

https://github.com/solokeys/solo-python/blob/e2a81a2c39bef61f98dca29154c5fdedff3a1044/solo/operations.py#L68-L69

Can't use feedkernel; doesn't allow running as root

Hi,

I'm trying out the tentative solo-python package for Debian, version 0.0.26, and I can't use feedkernel.

$ solo key rng feedkernel
Entropy before: 0x3866
Traceback (most recent call last):
File "/usr/bin/solo", line 4, in <module>
solo_cli()
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python3/dist-packages/solo/cli/key.py", line 117, in feedkernel
fcntl.ioctl(fh, RNDADDENTROPY, t)
PermissionError: [Errno 1] Operation not permitted

It refuses to let me use it as root:

$ sudo solo key rng feedkernel
THIS COMMAND SHOULD NOT BE RUN AS ROOT!

Please install udev rules and run `solo` as regular user (without sudo).
For more information, see: https://docs.solokeys.io/solo/udev
Entropy before: 0x3911
Entropy after:  0x3915

I do have the udev rules though. The merge request #18 that introduced the feedkernel option says that it should just warn in recent versions, but 0.0.26 is the latest.

remove psycopg2 dependency

When I try to install it with pip, nowadays it installs sqlalchemy along with psycopg2, which seems the need of an installed postgresql.

pip3 install solo --user
Collecting solo
  Using cached https://files.pythonhosted.org/packages/ef/fd/63e63954cd69f9ad98a2774ac6ddda0f4293b2178c7f4affaeb671640883/solo-0.0.1-py3-none-any.whl
Collecting sqlalchemy==1.0.12
  Downloading https://files.pythonhosted.org/packages/5c/52/9b48cd58eac58cae2a27923ff34c783f390b95413ff65669a86e98f80829/SQLAlchemy-1.0.12.tar.gz (4.7MB)
     |████████████████████████████████| 4.8MB 1.2MB/s 
Collecting ramlfications==0.1.9
  Downloading https://files.pythonhosted.org/packages/92/a6/2c55224098adb71ffcaf02fbf9309043baf9f0594a67b6fa609db8f59fe4/ramlfications-0.1.9-py2.py3-none-any.whl (49kB)
     |████████████████████████████████| 51kB 1.0MB/s 
Collecting psycopg2==2.6.1
  Using cached https://files.pythonhosted.org/packages/86/fd/cc8315be63a41fe000cce20482a917e874cdc1151e62cb0141f5e55f711e/psycopg2-2.6.1.tar.gz
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-c8m5lojt/psycopg2/setup.py'"'"'; __file__='"'"'/tmp/pip-install-c8m5lojt/psycopg2/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info
         cwd: /tmp/pip-install-c8m5lojt/psycopg2/
    Complete output (7 lines):
    running egg_info
    creating /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info
    writing /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/PKG-INFO
    writing dependency_links to /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/dependency_links.txt
    writing top-level names to /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/top_level.txt
    writing manifest file '/tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/SOURCES.txt'
    Error: could not determine PostgreSQL version from '12.3'
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

`solo key update` sees non-Solo FIDO keys

One Solo key plugged in, and one Yubico key plugged in, causes:

$ solo key update

Multiple Solo keys are plugged in! Please:
  * unplug all but one key

Not a biggie, but still annoying.

no interaction with key possible

I wanted to do firmware updates to some SOMUs when I realized solo-python seems to not work anymore.
I'm very curious what caused this, because it is running in a venv, so I suspect something else outside the python packages, but I could't figure it out yet.

`$ solo version

0.0.27`

`$ solo ls

Traceback (most recent call last):
File "/home/kabbone/IT/Solokey/solo-python/bin/solo", line 8, in
sys.exit(solo_cli())
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 829, in call
return self.main(*args, **kwargs)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/cli/init.py", line 136, in ls
solos = solo.client.find_all()
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/client.py", line 57, in find_all
hid_devices = list(CtapHidDevice.list_devices())
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/hid.py", line 135, in list_devices
for d in hidtransport.hid.Enumerate():
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 194, in Enumerate
ParseUevent(uevent_file.read(), desc)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/cli/_patches.py", line 113, in newParseUevent
oldnewParseUevent(uevent, desc)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 164, in ParseUevent
k, v = line.split(b'=')
ValueError: not enough values to unpack (expected 2, got 1)
`

`$ pip list

Package Version

certifi 2020.12.5
cffi 1.14.5
chardet 4.0.0
click 7.1.2
cryptography 3.4.6
ecdsa 0.16.1
fido2 0.8.1
idna 2.10
intelhex 2.3.0
pip 20.2.3
pycparser 2.20
pyserial 3.5
pyusb 1.1.1
requests 2.25.1
setuptools 49.2.1
six 1.15.0
solo-python 0.0.27
urllib3 1.26.3
`

You will already run into this with the minimal example
`Python 3.9.2 (default, Feb 20 2021, 18:40:11)
[GCC 10.2.0] on linux
import solo
solo.client.find()

Traceback (most recent call last):
File "", line 1, in
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/client.py", line 47, in find
p.find_device(dev=raw_device, solo_serial=solo_serial)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/client.py", line 99, in find_device
devices = list(CtapHidDevice.list_devices())
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/hid.py", line 135, in list_devices
for d in hidtransport.hid.Enumerate():
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 194, in Enumerate
ParseUevent(uevent_file.read(), desc)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 164, in ParseUevent
k, v = line.split(b'=')
ValueError: not enough values to unpack (expected 2, got 1)
`

5.11.2.arch1-1
libfido2-1.5.0-3

Remove fido2 version pinpoint

Currently, you require "fido == 0.7.0". Wouldn't "fido2 >= 0.7.0" work too?
python-fido2 0.7.1 was released 22 days ago, and solo-python seems to work with it too.

Edit:
What about support for fido2 0.8.1, when will it be supported?

Add commands for credential management

Since we are adding credential management support in Solo, I believe we also need relevant commands in solo-python. I propose the following CLI interface:

solo key cred --pin <pin>
  get resident keys metadata

solo key cred get-rps --pin <pin>
  list of relying parties with resident keys

solo key cred get-rks --pin <pin> <rpId>
  list of resident keys with the specified rpId

solo key cred rm-rk --pin <pin> <credId>
  deletes the resident key with the specified credential id

I can easily implement this one if others are OK with that.

No matching distribution found for solo-python

I'm a noob and getting the following on Mac OS (10.14.1) when trying to install via pip3:

>pip3 install solo-python
Collecting solo-python
  Could not find a version that satisfies the requirement solo-python (from versions: )
No matching distribution found for solo-python

Any pointers?

Add PIN support

There are two parts:

allow passing -p/--pin <PIN> in all subcommands that might need it
implement subcommands solo pin set/reset to set/change the PIN

There is working code in ~~https://github.com/solokeys/solo/blob/master/tools/testing/tests/fido2.py~~ https://github.com/solokeys/fido2-tests/tree/master/tests/standard/fido2 to guide this.

The actual code should be added to client.py, which the CLI just calls.

Ubuntu install instructions.

I am sure a typical solokey customer is a bit 'geeky' - still you could make geek lives easier. Please add to install instructions.

apt install python3-pip python3-setuptools python3-wheel

Just typing

pip3 install solo-python
does not work.

Despite this thanks for a open product. Very kind of you!

Getting Serial number from solo library.

I was doing some testing of the solo-python library because I wanted to use it. I wanted to read the serial number of the keys to differentiate between two keys that I have added to my laptop. (I want this because you can't have the same resident keys in two solo keys so one needs to know what resident key to expect for a given solo key.) I noticed that only the CLI provided access to the keys.

$ solo ls
:: Solos
207636905548: SoloKeys Solo 4.0.0

However when using python to get information for a given key the serial number is missing:

$ python
Python 3.8.2 (default, Feb 28 2020, 00:00:00) 
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import solo
>>> solos = solo.client.find()
>>> print(solos.dev.descriptor)
{'path': '/dev/hidraw1', 'usage_page': 61904, 'usage': 1, 'vendor_id': 1155, 'product_id': 41674, 'product_string': 'SoloKeys Solo 4.0.0'}

Ideally the descriptor would also have the serial number information.

I started digging at the code and I found the culprit. The python-fido2 library doesn't parse uevent files fully and misses the serial number entry. But there was a fix within solo in the cli._patches module. Using the solo library through the CLI to get the serial number felt like too much of a hack so I tried to add the fix to the library so it worked accross all functions.

I succeeded in doing so with this patch with which I 'll be making a PR as well.

During the course of all this I noticed that the problem is trully with with the Yubico fido2 python library. The fix on their side would be this patch. The patch was inspired by the solo python _patches fix. If the solo-python maintainers are ok with it I 'd be happy to submit it to the python-fido2 library.

With either fix the code above gives the following result:

$ python
Python 3.8.2 (default, Feb 28 2020, 00:00:00) 
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import solo
>>> solos = solo.client.find()
>>> print(solos.dev.descriptor)
{'path': '/dev/hidraw1', 'usage_page': 61904, 'usage': 1, 'vendor_id': 1155, 'product_id': 41674, 'product_string': 'SoloKeys Solo 4.0.0', 'serial_number': '207636905548'}

Notice the serial_number entry at the end of the printed dictionary. This allows for easier use of the solo keys serial number within a python program in order to differentiate between solo keys.

solo.exceptions.NonUniqueDeviceError

solo key version etc with 2 inserted keys results in this error:

Traceback (most recent call last):
  File "/home/xxxx/.local/bin/solo", line 10, in <module>
    sys.exit(solo_cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/xxxx/.local/lib/python3.7/site-packages/solo/cli/key.py", line 409, in version
    res = solo.client.find(serial, udp=udp).solo_version()
  File "/home/xxxx/.local/lib/python3.7/site-packages/solo/client.py", line 46, in find
    p.find_device(dev=raw_device, solo_serial=solo_serial)
  File "/home/xxxx/.local/lib/python3.7/site-packages/solo/client.py", line 104, in find_device
    raise solo.exceptions.NonUniqueDeviceError
solo.exceptions.NonUniqueDeviceError

one key was a solo and the other one a somu key

`solo ls` fails on Windows user install

After installing solo-python on Windows 10 with pip install --user solo-python trying to run solo ls fails with this output

C:\Users\User>solo ls
:: Solos
b'\\\\?\\hid#vid_0483&pid_a2ca#6&2c612bc6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\x00': Solo HACKER (Unlocked)
Traceback (most recent call last):
  File "c:\program files\python37\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\program files\python37\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\User\AppData\Roaming\Python\Python37\Scripts\solo.exe\__main__.py", line 9, in <module>
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\cli\__init__.py", line 112, in ls
    st_dfus = solo.dfu.find_all()
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\dfu.py", line 52, in find_all
    st_dfus = usb.core.find(idVendor=0x0483, idProduct=0xDF11, find_all=True)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\usb\core.py", line 1263, in find
    raise NoBackendError('No backend available')
usb.core.NoBackendError: No backend available

At this time I have a solo hacker inserted and 'solo key wink, solo key verify andsolo key rng` commands work.

Signed releases

Hi,

I started packaging solo-python for Debian. Could you please add gpg signatures for your releases, that would make things a lot trustworthier for Debian / Ubuntu users.
You can find a short guide how to do that here: https://wiki.debian.org/Creating%20signed%20GitHub%20releases

Thanks,
Philip

Implement udev rule installer

Maybe solokeys/solo1#144 will roll out quickly, but separately it would be great to have a command

solo install-udev-rules

or similar that

checks if we're on Linux
optionally: checks if udev rule for VID/PID is already installed
checks udev version:
- installs https://github.com/solokeys/solo/blob/master/udev/70-solokeys-access.rules if udev is recent
- otherwise falls back on https://github.com/solokeys/solo/blob/master/udev/70-solokeys-legacy-access.rules
activates the rule

This can already be done today with a Makefile

This should be implemented as a library function or functions, that the CLI calls.

"solo key verify" causes NonUniqueDeviceError exception when Yubikey also installed

I have a Solo key and Yubikey 5 plugged in at the same time:

$ solo key verify
Please press the button on your Solo key
Traceback (most recent call last):
  File "/home/solo-user/.local/bin/solo", line 8, in <module>
    sys.exit(solo_cli())
  File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/solo-user/.local/lib/python3.8/site-packages/solo/cli/key.py", line 323, in verify
    cert = solo.client.find(serial, udp=udp).make_credential(pin=pin)
  File "/home/solo-user/.local/lib/python3.8/site-packages/solo/client.py", line 46, in find
    p.find_device(dev=raw_device, solo_serial=solo_serial)
  File "/home/solo-user/.local/lib/python3.8/site-packages/solo/client.py", line 104, in find_device
    raise solo.exceptions.NonUniqueDeviceError
solo.exceptions.NonUniqueDeviceError

When I removed the Yubikey the error went away.

solo keys not recognized on SSH Sessions

while trying to use my raspi 4 as a dev machine I found something interesting.

apparently the solo tool will not recognize the solo on an SSH session except if the same user is also logged in via local console or desktop. lsusb will still find the solo though.

[solo key update] wait for bootloader

Device: Somu Hacker
the update itself work flawless (5.10.11-arch1-1 #1 SMP PREEMPT Wed, 27 Jan 2021 13:53:16 +0000 x86_64 GNU/Linux), but the update flow is too fast. The device gets with the first command into the bootloader but the flashing part does not wait long enough for it.

✔ [11:26|coelner@localhost bin]$ solo version
0.0.27
✔ [11:26|coelner@localhost bin]$ solo ls
:: Solos
1337DEADBEEF: SoloKeys Solo 4.0.0
✔ [11:26|coelner@localhost bin]$ solo key update
Wrote temporary copy of firmware-4.1.0.json to /tmp/tmp78tdsymh.json
sha256sums coincide: 0b4a198bde48a4c0bbe6931ddf5fc24aa22aad5cd3d45391ef542d6c5ec7e724
Switching into bootloader mode...
error:
problem flashing firmware!
no Solo found
✔ [11:26|coelner@localhost bin]$ solo key update
Not using FIDO2 interface.
Wrote temporary copy of firmware-4.1.0.json to /tmp/tmp5po_ozir.json
sha256sums coincide: 0b4a198bde48a4c0bbe6931ddf5fc24aa22aad5cd3d45391ef542d6c5ec7e724
using signature version >2.5.3
erasing firmware...
updated firmware 100%             
time: 9.44 s
bootloader is verifying signature...
...pass!

Congratulations, your key was updated to the latest firmware version: 4.1.0

I blame this line:
https://github.com/solokeys/solo-python/blob/76d7255b47cc5697578bce8aac2982daf3aaab04/solo/cli/update.py#L187
after changing it to time.sleep(1.0) it works with the first try.

Add hmac-secret (demo) support

We have use cases (e.g. https://github.com/ola-ct/Qt-SESAM) where people want to get HMAC(device-secret, provided nonce). The idea is that we can use hmac-secret for this.

Implement this here, so we can refer people to it.

Dependabot couldn't authenticate with https://pypi.python.org/simple/

Dependabot couldn't authenticate with https://pypi.python.org/simple/.

You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.

View the update logs.

Running as root in Docker

When making a bundled firmware in Docker, it runs into this issue.

+ /opt/conda/bin/solo mergehex bootloader-nonverifying-2.3.0.hex firmware-hacker-2.3.0.hex bundle-hacker-2.3.0.hex
THIS COMMAND SHOULD NOT BE RUN AS ROOT!

Please install udev rules and run `solo` as regular user (without sudo).
We suggest using: https://github.com/solokeys/solo/blob/master/udev/70-solokeys-access.rules

For more information, see: https://docs.solokeys.io/solo/udev/

Maybe turn the root message into a warning?

Check if Solo is being run as root

It might be a good idea to add a warning if Solo is being run as root, to catch more people running on linux and don't have udev rules set.

import os

if os.geteuid() == 0: print('Warning')

solokey for LUKS encryption

I am trying to use its challenge response method for unlocking a LUKS-encrypted drive (encrypt complete / partition except /boot partition).

I tried to create custom hook(in Arch Linux) for solokey, challenge-response will be performed during booting sequence.
The solokey tool is a python package, I tried to include the python & solo in custom hook on initrd image(using mkinitcpio) but facing issues related to python.

Since yubikey (ykchalresp) tool is a simple binary, its straightforward to include ykchalresp in initrd image(https://github.com/agherzan/yubikey-full-disk-encryption/blob/master/src/install/ykfde). But solokey is only available as python package, facing difficulty including python&solo in initrd image for Arch Linux.
https://github.com/saravanan30erd/solokey-full-disk-encryption/blob/master/skfde-install

Is it any other tool(simple binary same as ykchalresp) for solokey?

Is there a way to use solo key challenge-response without having to press the solo key?

When using the solo key challenge-response command you have to press the solo key before you get a response. Is there a way to do get the response without having to press the solo key?

I gave it a try from python as well:

>>>import solo.hmac_secret as shc
>>> shc.simple_secret(
...     credential_id='appropariate_credential_id',
...     secret_input='myinput',
...     host='myhost.org'
... )
Touch your authenticator to generate a reponse...
...

but I still had to press the solo key and couldn't find any option to circumvent it. Is there such an option?

Somu update not working

I've tried to update my SOMU key using this tool. But the key did reject the firmeware:

$ solo key update
Not using FIDO2 interface.
Wrote temporary copy of firmware-3.1.2.json to /tmp/tmpvcjvo97b.json
sha256sums coincide: 4a24fae228b5c5560d5ed8982770a72dec3cae5dcb02f6fc768b03a60afb10cf
using signature version >2.5.3
erasing firmware...
updated firmware 100%             
time: 7.45 s
bootloader is verifying signature...
...error!

Your key did not accept the firmware's signature! Possible reasons:
  * Tried to flash "hacker" firmware on custom hacker key with verifying bootloader

Currently, your key does not work. Please run update again with correct parameters

Now my key is constantly flashing red.
How can I now fix my key again? (The web updater could not fix)
Probably this tool only works for Solo keys and not for Somu? A check before update would be very helpful for preventing others to run into this issue.

update commandline incorrect

Just managed to install solo-python after struggling in Ubuntu!

https://github.com/solokeys/solo-python#firmware-update

states the commandline as solo key update --secure

./pip3 install solo-python

./solo key update --secure
Usage: solo key update [OPTIONS]
Try "solo key update --help" for help.

Error: no such option: --secure

seems the new command line is

./solo key update

./solo  key version
3.0.0 locked

Fail to install

Many linux systems require pip3 install not pip install

solo key verify crashes instantly

I've tested this on both a macos and archlinux system, both running python 3.7.4, and in both cases solo key verify causes an immediate crash.

$ solo key verify
Please press the button on your Solo key
Traceback (most recent call last):
  File "/usr/bin/solo", line 10, in <module>
    sys.exit(solo_cli())
  File "/usr/lib/python3.7/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3.7/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3.7/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.7/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3.7/site-packages/solo/cli/key.py", line 219, in verify
    cert = solo.client.find(serial).make_credential()
  File "/usr/lib/python3.7/site-packages/solo/client.py", line 215, in make_credential
    attest, data = self.client.make_credential(rp, user, challenge, exclude_list=[])
  File "/usr/lib/python3.7/site-packages/fido2/client.py", line 308, in make_credential
    pin, timeout, on_keepalive
  File "/usr/lib/python3.7/site-packages/fido2/client.py", line 324, in _ctap2_make_credential
    raise ValueError('PIN required!')
ValueError: PIN required!

It crashes within a split second of me hitting enter before I have a chance to try and press the button on the key. My key is a Solo Secure running 2.4.2.

`solo key update` fails on Windows

solo key update --hacker fails with this message:

C:\Users\User>solo key update --hacker
Traceback (most recent call last):
  File "c:\program files\python37\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\program files\python37\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\User\AppData\Roaming\Python\Python37\Scripts\solo.exe\__main__.py", line 9, in <module>
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 717, in main
    rv = self.invoke(ctx)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\cli\update.py", line 63, in update
    solo_client.is_solo_bootloader()
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\client.py", line 243, in is_solo_bootloader
    self.bootloader_version()
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\client.py", line 185, in bootloader_version
    data = self.exchange(SoloBootloader.version)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\client.py", line 155, in exchange_u2f
    res = self.ctap1.authenticate(chal, appid, req)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\fido2\ctap1.py", line 259, in authenticate
    response = self.send_apdu(ins=CTAP1.INS.AUTHENTICATE, p1=p1, data=data)
  File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\fido2\ctap1.py", line 223, in send_apdu
    raise ApduError(status, data)
fido2.ctap1.ApduError: (27264, b'')

Flashing in DFU mode very unstable

Finally found some time to play with my Solo Hacker.

After building the firmware successfully following the docs, I immediately bricked the device during the first flash try.

Fortunately, I could recover it two days later using one of those cheap ST-Link clones found on ebay...

Then I started playing with DFU mode again to find it very unstable. Every flash program cycle with the full firmware aborted (without error message!) between 10% and 80% of progress.

The root cause of my problems is the fact that USB error exceptions are not handled in the following line:

https://github.com/solokeys/solo-python/blob/76d7255b47cc5697578bce8aac2982daf3aaab04/solo/dfu.py#L141

The ctrl transfer for get status sometimes leads to a USB pipe error, which is not handled and silently aborts the program.

I could fix the issue by catching and ignoring all USB errors at this location, which is of course a very harsh work around.

I think the flash programming especially in DFU mode, where it is very easy to brick the device, should be more robust. At least clear error indications should be given in the case of failure.

Win 10 1903 USB Issue

Have you guys tested this on the new version of Windows 10 that is getting pushed out 1903? It looks like with this release solo-python only works if run as administrator. Seems to be USB HID related as it is affecting other USB HID devices I have tested as well. To force Windows to update to 1903 to test this you can opt in to the Windows insider program.

Update secure should display error message when not in bootloader

I'm trying to update my solo key on a new laptop (with udev rules already installed) but it is failing.

solo key update --secure
We are about to update with the latest Solo Secure firmware.
Please confirm that the connected Solo key is a Solo Secure [y/N]: y
Wrote temporary copy of firmware-secure-2.5.3.json to /tmp/tmpgvas76y9.json
sha256sums coincide: 022f0d7a86f982a1621a6d43624c28b0f88ddfb986caea3c71c7fec9bca62729
erasing firmware...
problem flashing firmware!
CTAP error: 0x01 - INVALID_COMMAND
Traceback (most recent call last):
  File "/home/johnny/.local/bin/solo", line 11, in <module>
    sys.exit(solo_cli())
  File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/johnny/.local/lib/python3.6/site-packages/solo/cli/update.py", line 212, in update
    sig = solo_client.program_file(firmware_file)
  File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 328, in program_file
    self.write_flash(i, data)
  File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 192, in write_flash
    self.exchange(SoloBootloader.write, addr, data)
  File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 143, in exchange_hid
    data = self.send_data_hid(SoloBootloader.HIDCommandBoot, req)
  File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 138, in send_data_hid
    return self.dev.call(cmd, data, event)
  File "/home/johnny/.local/lib/python3.6/site-packages/fido2/hid.py", line 95, in call
    raise CtapError(resp[0])
fido2.ctap.CtapError: CTAP error: 0x01 - INVALID_COMMAND

solo key credential ls - not showing the credentials

I created the credentials for many use cases like google auth, webauthn.io, one for SSH,.. But solo key credential ls not showing any of the credentials which I created. I am not sure how this credentials ls works. In which criteria it shows the created credentials?

firmware update without pressing button (may be security)

I have 3 keys - and updated one from 3.0.0. to 4.0.0 (Worked on with the first key -> see my other ubuntu issue)

For the next key, I followed same but forgot to 'press and hold'

plug in your key, keeping the button pressed until the LED flashes yellow

just typed ./solo key update and it went to bootloader mode.
Is this expected behaviour?
I was actually worried if I somehow killed the device. (It works OK)

user@ubuntu : ~/.local/bin $ ./solo  key verify
Please press the button on your Solo key
Register valid
Valid Solo (<=3.0.0) firmware from SoloKeys.

user@ubuntu : ~/.local/bin $ ./solo  key update
Wrote temporary copy of firmware-4.0.0.json to /tmp/tmpnp42c43l.json
sha256sums coincide: b1822355eb1151f004cd7886ba338deee8c84488299ec3a8e5448a1057cd8455
Switching into bootloader mode...
error:
problem flashing firmware!
[Errno 19] No such device

(NOW IT WAS BLINKING continuously)

user@ubuntu : ~/.local/bin $ ./solo  version
0.0.24
user@ubuntu : ~/.local/bin $ ./solo  ls
Not using FIDO2 interface.
:: Solos
redacted: SoloKeys Solo Bootloader 3.0.0
user@ubuntu : ~/.local/bin $ ./solo  ls
Not using FIDO2 interface.
:: Solos
redacted: SoloKeys Solo Bootloader 3.0.0
user@ubuntu : ~/.local/bin $ ./solo  key update
Not using FIDO2 interface.
Wrote temporary copy of firmware-4.0.0.json to /tmp/tmp9w_cp__9.json
sha256sums coincide: b1822355eb1151f004cd7886ba338deee8c84488299ec3a8e5448a1057cd8455
using signature version >2.5.3
erasing firmware...
updated firmware 100%             
time: 7.68 s
bootloader is verifying signature...
...pass!

Congratulations, your key was updated to the latest firmware version: 4.0.0

TypeError: make_credential() takes 2 positional arguments but 4 were given

$ solo key verify
Please press the button on your Solo key
Traceback (most recent call last):
  File "/usr/local/bin/solo", line 8, in <module>
    sys.exit(solo_cli())
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/solo/cli/key.py", line 322, in verify
    cert = solo.client.find(serial, udp=udp).make_credential(pin=pin)
  File "/usr/local/lib/python3.7/dist-packages/solo/client.py", line 233, in make_credential
    rp, user, challenge, exclude_list=[], pin=pin
TypeError: make_credential() takes 2 positional arguments but 4 were given