solokeys / solo1-cli Goto Github PK
View Code? Open in Web Editor NEWSolo 1 library and CLI in Python
Home Page: https://pypi.org/project/solo-python
License: Apache License 2.0
Solo 1 library and CLI in Python
Home Page: https://pypi.org/project/solo-python
License: Apache License 2.0
Turns out Python has a hassle-free, good documentation system: https://pdoc.dev/
Let's use it (and host on GitHub Pages).
I want to update my Solo Key but unfortunately I get following error message:
$ solo key update
Wrote temporary copy of firmware-3.1.0.json to /var/folders/h_/114j7dh94x18slkgdpbc_3gw1844k4/T/tmpwibmajqh.json
sha256sums coincide: 3120da98b05a992e52b8a8bc8d3924b7633d7a84c9fb319e497c698511838528
Switching into bootloader mode...
Exception ignored in: <function MacOsHidDevice.__del__ at 0x10609d320>
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/macos.py", line 458, in __del__
self.device_handle,
AttributeError: 'MacOsHidDevice' object has no attribute 'device_handle'
error:
problem flashing firmware!
no Solo found
Run with
$ solo version
0.0.23
solo key wink
and solo ls
is working as expected though
okay, so 2 questions:
because for me they just die with "PIN required" which obviously sux.
as they obviously can be (and are) used for things where the response actually us used for something like crypto it might be an interesting Idea to use different secrets for acting with and without pin. that way if one wants pin it cannot just be skipped. and as these things may run local you might not want the response for something you want pin output without pin obviously, and no idea whether it could discern by credID whether PIN is wanted or not so a dual-secret approach may be fun
It'll have to speak for itself; I've no idea what it all means (other than "doesn't work!")
$ solo key rng raw > ~/xxx.bin
Traceback (most recent call last):
File "/home/dick/.local/bin/solo", line 10, in <module>
sys.exit(solo_cli())
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/dick/.local/lib/python3.7/site-packages/solo/cli/key.py", line 65, in raw
r = p.get_rng(255)
File "/home/dick/.local/lib/python3.7/site-packages/solo/client.py", line 203, in get_rng
ret = self.send_data_hid(SoloBootloader.HIDCommandRNG, struct.pack("B", num))
File "/home/dick/.local/lib/python3.7/site-packages/solo/client.py", line 143, in send_data_hid
return self.dev.call(cmd, data, event)
File "/home/dick/.local/lib/python3.7/site-packages/fido2/hid.py", line 89, in call
status, resp = self._dev.InternalRecv()
File "/home/dick/.local/lib/python3.7/site-packages/fido2/_pyu2f/hidtransport.py", line 330, in InternalRecv
raise OSError('Packets received out of order')
OSError: Packets received out of order
If you had not hidraw devices attached sinced boot, the directory /sys/class/hidraw
may be missing. The fido2
library complains with
File "/home/nicolas/.local/lib/python3.7/site-packages/solo/cli/__init__.py", line 129, in ls
solos = solo.client.find_all()
File "/home/nicolas/.local/lib/python3.7/site-packages/solo/client.py", line 52, in find_all
hid_devices = list(CtapHidDevice.list_devices())
File "/usr/lib/python3.7/site-packages/fido2/hid.py", line 136, in list_devices
for d in hidtransport.hid.Enumerate():
File "/usr/lib/python3.7/site-packages/fido2/_pyu2f/linux.py", line 183, in Enumerate
for hidraw in os.listdir('/sys/class/hidraw'):
FileNotFoundError: [Errno 2] No such file or directory: '/sys/class/hidraw
We should catch this.
Hello there,
Trying to update my solo keys I came across the problem that after installation it doesn't recognize the solo command.
Below the output from the installation script. That gave no error whatsoever.
Running:
A brand new macpro 13'' 2019
Any suggestions?
Thank You,
Maurice
mapolo@mpmac ~ % pip3 install -U solo-python
Requirement already up-to-date: solo-python in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (0.0.19)
Requirement already satisfied, skipping upgrade: cryptography in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (2.8)
Requirement already satisfied, skipping upgrade: pyserial in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (3.4)
Requirement already satisfied, skipping upgrade: fido2==0.7.3 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (0.7.3)
Requirement already satisfied, skipping upgrade: pyusb in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (1.0.2)
Requirement already satisfied, skipping upgrade: ecdsa in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (0.14.1)
Requirement already satisfied, skipping upgrade: intelhex in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (2.2.1)
Requirement already satisfied, skipping upgrade: click>=7.0 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (7.0)
Requirement already satisfied, skipping upgrade: requests in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from solo-python) (2.22.0)
Requirement already satisfied, skipping upgrade: six>=1.4.1 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from cryptography->solo-python) (1.13.0)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from cryptography->solo-python) (1.13.2)
Requirement already satisfied, skipping upgrade: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (1.25.7)
Requirement already satisfied, skipping upgrade: chardet<3.1.0,>=3.0.2 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (3.0.4)
Requirement already satisfied, skipping upgrade: certifi>=2017.4.17 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (2019.9.11)
Requirement already satisfied, skipping upgrade: idna<2.9,>=2.5 in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from requests->solo-python) (2.8)
Requirement already satisfied, skipping upgrade: pycparser in /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages (from cffi!=1.11.3,>=1.8->cryptography->solo-python) (2.19)
mapolo@mpmac ~ % solo
zsh: command not found: solo
I have one solo key installed and one Yubikey 5 key installed.
This happens:
$ solo key update
Multiple Solo keys are plugged in! Please:
* unplug all but one key
When I removed the Yubikey the error went away.
Solo-python crashes just after running. It looks like one of the parser options are invalid. Log below.
Version: solo-python==0.0.6
Python: Python 3.7.2
OS: Fedora 29
Installed without errors via pip3 install solo-python --user
.
$ solo
Traceback (most recent call last):
File "/home/sz/.local/bin/solo", line 7, in <module>
from solo.cli import solo_cli
File "/home/sz/.local/lib/python3.7/site-packages/solo/cli/__init__.py", line 17, in <module>
from solo.cli.key import key
File "/home/sz/.local/lib/python3.7/site-packages/solo/cli/key.py", line 18, in <module>
from solo.cli.update import update
File "/home/sz/.local/lib/python3.7/site-packages/solo/cli/update.py", line 41, in <module>
help="Development option: pull firmware from http://localhost:8000",
File "/usr/lib/python3.7/site-packages/click/decorators.py", line 170, in decorator
_param_memo(f, OptionClass(param_decls, **attrs))
File "/usr/lib/python3.7/site-packages/click/core.py", line 1459, in __init__
Parameter.__init__(self, param_decls, type=type, **attrs)
TypeError: __init__() got an unexpected keyword argument 'hidden'
I tried to install on an ubuntu-20.04 box. I'm doing this:
uli@ulicsl:~/git/cloned$ pip3 install solo-python
Defaulting to user installation because normal site-packages is not writeable
Collecting solo-python
Downloading solo_python-0.0.26-py3-none-any.whl (43 kB)
|████████████████████████████████| 43 kB 1.2 MB/s
Requirement already satisfied: click>=7.0 in /usr/lib/python3/dist-packages (from solo-python) (7.0)
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from solo-python) (2.22.0)
Collecting fido2>=0.8
Downloading fido2-0.9.0.tar.gz (206 kB)
|████████████████████████████████| 206 kB 2.7 MB/s
Collecting pyserial
Downloading pyserial-3.5-py2.py3-none-any.whl (90 kB)
|████████████████████████████████| 90 kB 5.2 MB/s
Collecting pyusb
Downloading pyusb-1.1.1-py3-none-any.whl (58 kB)
|████████████████████████████████| 58 kB 5.6 MB/s
Collecting ecdsa
Downloading ecdsa-0.16.1-py2.py3-none-any.whl (104 kB)
|████████████████████████████████| 104 kB 8.8 MB/s
Requirement already satisfied: cryptography in /usr/lib/python3/dist-packages (from solo-python) (2.8)
Collecting intelhex
Downloading intelhex-2.3.0-py2.py3-none-any.whl (50 kB)
|████████████████████████████████| 50 kB 6.8 MB/s
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from fido2>=0.8->solo-python) (1.14.0)
Building wheels for collected packages: fido2
Building wheel for fido2 (setup.py) ... done
Created wheel for fido2: filename=fido2-0.9.0-py2.py3-none-any.whl size=178439 sha256=cd89cfc7ae5485140714b8e1e033f710fc5e7d8adc9e375591ab30f67525b57f
Stored in directory: /home/uli/.cache/pip/wheels/09/9c/f7/81b6838898d93db1c11373e023bcebc1261b66455ccba0c4c8
Successfully built fido2
Installing collected packages: fido2, pyserial, pyusb, ecdsa, intelhex, solo-python
Successfully installed ecdsa-0.16.1 fido2-0.9.0 intelhex-2.3.0 pyserial-3.5 pyusb-1.1.1 solo-python-0.0.26
I'm getting this error:
uli@ulicsl:~/git/cloned$ solo --help
Traceback (most recent call last):
File "/home/uli/.local/bin/solo", line 5, in <module>
from solo.cli import solo_cli
File "/home/uli/.local/lib/python3.8/site-packages/solo/cli/__init__.py", line 17, in <module>
from solo.cli.key import key
File "/home/uli/.local/lib/python3.8/site-packages/solo/cli/key.py", line 24, in <module>
import solo.fido2
File "/home/uli/.local/lib/python3.8/site-packages/solo/fido2/__init__.py", line 3, in <module>
import fido2._pyu2f
ModuleNotFoundError: No module named 'fido2._pyu2f'
Downgrading to 0.8.1 fixes the issue:
uli@ulicsl:~/git/cloned$ pip3 install "fido2==0.8.1"
Defaulting to user installation because normal site-packages is not writeable
Collecting fido2==0.8.1
Downloading fido2-0.8.1.tar.gz (201 kB)
|████████████████████████████████| 201 kB 2.9 MB/s
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from fido2==0.8.1) (1.14.0)
Requirement already satisfied: cryptography>=1.5 in /usr/lib/python3/dist-packages (from fido2==0.8.1) (2.8)
Building wheels for collected packages: fido2
Building wheel for fido2 (setup.py) ... done
Created wheel for fido2: filename=fido2-0.8.1-py2.py3-none-any.whl size=160370 sha256=7709875821d6129fcbe2a668c57741191d5e626fd42fe7e3f40cd5be1c5e191c
Stored in directory: /home/uli/.cache/pip/wheels/cd/28/c1/f0805b67ded1cca2509030ad301b90ce9f39b1be26422b4079
Successfully built fido2
Installing collected packages: fido2
Attempting uninstall: fido2
Found existing installation: fido2 0.9.0
Uninstalling fido2-0.9.0:
Successfully uninstalled fido2-0.9.0
Successfully installed fido2-0.8.1
uli@ulicsl:~/git/cloned$ solo --help
Usage: solo [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
genkey Generates key pair that can be used for Solo signed firmware...
key Interact with Solo keys, see subcommands.
ls List Solos (in firmware or bootloader mode) and potential Solos...
mergehex Merges hex files, and patches in the attestation key.
monitor Reads Solo Hacker serial output from USB serial port...
program Program a key.
sign Signs a firmware hex file, outputs a .json file that can be
used...
version Version of python-solo library and tool.
I updated two somu keys, one with bundle-secure-non-solokeys-3.0.1.hex
and one with bundle-hacker-3.0.1.hex
. solo key version
reports "3.0.1 unlocked" for both keys, though one is definitely secured as it can no longer boot to dfu.
[19:04:18 ~]$ solo key version
3.1.1 unlocked
[19:04:25 ~]$ solo key verify
Please press the button on your Solo key
Unexpected run loop exit code: 3
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/macos.py", line 451, in Read
return self.read_queue.get(False)
File "/usr/local/Cellar/python/3.7.6_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/queue.py", line 167, in get
raise Empty
_queue.Empty
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/solo", line 8, in <module>
sys.exit(solo_cli())
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/solo/cli/key.py", line 322, in verify
cert = solo.client.find(serial, udp=udp).make_credential(pin=pin)
File "/usr/local/lib/python3.7/site-packages/solo/client.py", line 235, in make_credential
attest, data = self.client.make_credential(options, pin=pin)
File "/usr/local/lib/python3.7/site-packages/fido2/client.py", line 406, in make_credential
kwargs.get("on_keepalive"),
File "/usr/local/lib/python3.7/site-packages/fido2/client.py", line 470, in _ctap2_make_credential
on_keepalive,
File "/usr/local/lib/python3.7/site-packages/fido2/ctap2.py", line 705, in make_credential
on_keepalive,
File "/usr/local/lib/python3.7/site-packages/fido2/ctap2.py", line 642, in send_cbor
response = self.device.call(CTAPHID.CBOR, request, event, on_keepalive)
File "/usr/local/lib/python3.7/site-packages/fido2/hid.py", line 89, in call
status, resp = self._dev.InternalRecv()
File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/hidtransport.py", line 308, in InternalRecv
first_read = self.InternalReadFrame()
File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/hidtransport.py", line 300, in InternalReadFrame
frame = self.hid_device.Read()
File "/usr/local/lib/python3.7/site-packages/fido2/_pyu2f/macos.py", line 453, in Read
raise OSError('Failed reading a response')
OSError: Failed reading a response
After this, it would not respond correctly until I pulled it out and put it back in.
File "solo/__init__.py", line 15, in <module>
from . import client, commands, dfu, helpers, operations
File "solo/client.py", line 26, in <module>
from fido2.utils import Timeout
ImportError: cannot import name 'Timeout' from 'fido2.utils' (/nix/store/3sisrlq99lahd0dd2a057n6r8nv9iz4g-python3.7-fido2-0.8.1/lib/python3.7/site-packages/fido2/utils.py)
The issue with
https://github.com/solokeys/solo-python/blob/908fa6f57893f5c4b277a44c04be1e6d9e9bd250/solo/client.py#L25
seems to be that the Timeout was recently removed
Yubico/python-fido2@4c48977#diff-8cc874c99a54f35b68bc2633e89a5af9L125
It seems like the get_rng
command doesn't check the "RNG status register" (RNG_SR
).
From page 659 of the reference manual [0]:
When a noise source (or seed) error occurs, the RNG stops generating random numbers and sets to “1” both SEIS and SECS bits to indicate that a seed error occurred. If a value is available in the RNG_DR register, it must not be used as it may not have enough entropy.
The check seems to be done in the embedded code at: https://github.com/solokeys/solo/blob/master/targets/stm32l432/src/rng.c#L28 but why is the check and'ing with 0x66
? The documentation says that CEIS and SEIS are bit 5 and 6, so shouldn't the check be RNG->SR & 0x60
or RNG->SR & 0x06
depending on endianness?).
basically what it says in the title.
I literally just updated because the verifications were failing, but now my solo is seen as a Tap, which is weird
Currently it looks like the python library is unable to recognize the solo key for updates in ubuntu 20.04, I've tested it on multiple machines with the result being the same that the device is not found while in bootloader mode. This is on a system with the latest release of the solo python library as well.
I've followed the instructions found here:
https://docs.solokeys.io/udev/
When I plug in the key I get this from dmesg:
[ 853.743595] usb 1-3.1: USB disconnect, device number 10
[ 858.588314] usb 1-3.1: new full-speed USB device number 11 using xhci_hcd
[ 858.913760] usb 1-3.1: New USB device found, idVendor=0483, idProduct=a2ca, bcdDevice= 2.00
[ 858.913764] usb 1-3.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 858.913766] usb 1-3.1: Product: Solo
[ 858.913767] usb 1-3.1: Manufacturer: Solo Keys
[ 858.913768] usb 1-3.1: SerialNumber: 0123456789ABCDEF
[ 858.945011] hid-generic 0003:0483:A2CA.000E: hiddev0,hidraw0: USB HID v1.11 Device [Solo Keys Solo] on usb-0000:03:00.0-3.1/input0
➜ udev git:(master)
But when I run the update I get:
➜ udev git:(master) solo key update
No Solo key found!
If you are on Linux, are your udev rules up to date?
Try adding a rule line such as the following:
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
For more, see https://docs.solokeys.io/solo/udev/
What's interesting is that when it's not in bootloader mode the python library picks it up and runs fine, but fails because the device is not in bootloader mode. Meaning the key still works fine on Linux I just can't update/patch it.
Hi!
While working on solokeys/solo1#238 I have noticed a 0x41
marker on the APPLICATION_END_PAGE
boundary, introduced during the all.hex
merge. Is it needed anywhere, or is it just for debug purposes (e.g. to hand-check firmware dump)?
Hi,
I'm trying out the tentative solo-python package for Debian, version 0.0.26, and I can't use feedkernel.
$ solo key rng feedkernel
Entropy before: 0x3866
Traceback (most recent call last):
File "/usr/bin/solo", line 4, in <module>
solo_cli()
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python3/dist-packages/solo/cli/key.py", line 117, in feedkernel
fcntl.ioctl(fh, RNDADDENTROPY, t)
PermissionError: [Errno 1] Operation not permitted
It refuses to let me use it as root:
$ sudo solo key rng feedkernel
THIS COMMAND SHOULD NOT BE RUN AS ROOT!
Please install udev rules and run `solo` as regular user (without sudo).
For more information, see: https://docs.solokeys.io/solo/udev
Entropy before: 0x3911
Entropy after: 0x3915
I do have the udev rules though. The merge request #18 that introduced the feedkernel option says that it should just warn in recent versions, but 0.0.26 is the latest.
When I try to install it with pip, nowadays it installs sqlalchemy along with psycopg2, which seems the need of an installed postgresql.
pip3 install solo --user
Collecting solo
Using cached https://files.pythonhosted.org/packages/ef/fd/63e63954cd69f9ad98a2774ac6ddda0f4293b2178c7f4affaeb671640883/solo-0.0.1-py3-none-any.whl
Collecting sqlalchemy==1.0.12
Downloading https://files.pythonhosted.org/packages/5c/52/9b48cd58eac58cae2a27923ff34c783f390b95413ff65669a86e98f80829/SQLAlchemy-1.0.12.tar.gz (4.7MB)
|████████████████████████████████| 4.8MB 1.2MB/s
Collecting ramlfications==0.1.9
Downloading https://files.pythonhosted.org/packages/92/a6/2c55224098adb71ffcaf02fbf9309043baf9f0594a67b6fa609db8f59fe4/ramlfications-0.1.9-py2.py3-none-any.whl (49kB)
|████████████████████████████████| 51kB 1.0MB/s
Collecting psycopg2==2.6.1
Using cached https://files.pythonhosted.org/packages/86/fd/cc8315be63a41fe000cce20482a917e874cdc1151e62cb0141f5e55f711e/psycopg2-2.6.1.tar.gz
ERROR: Command errored out with exit status 1:
command: /usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-c8m5lojt/psycopg2/setup.py'"'"'; __file__='"'"'/tmp/pip-install-c8m5lojt/psycopg2/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info
cwd: /tmp/pip-install-c8m5lojt/psycopg2/
Complete output (7 lines):
running egg_info
creating /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info
writing /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/PKG-INFO
writing dependency_links to /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/dependency_links.txt
writing top-level names to /tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/top_level.txt
writing manifest file '/tmp/pip-install-c8m5lojt/psycopg2/pip-egg-info/psycopg2.egg-info/SOURCES.txt'
Error: could not determine PostgreSQL version from '12.3'
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
One Solo key plugged in, and one Yubico key plugged in, causes:
$ solo key update
Multiple Solo keys are plugged in! Please:
* unplug all but one key
Not a biggie, but still annoying.
I wanted to do firmware updates to some SOMUs when I realized solo-python seems to not work anymore.
I'm very curious what caused this, because it is running in a venv, so I suspect something else outside the python packages, but I could't figure it out yet.
`$ solo version
0.0.27`
`$ solo ls
Traceback (most recent call last):
File "/home/kabbone/IT/Solokey/solo-python/bin/solo", line 8, in
sys.exit(solo_cli())
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 829, in call
return self.main(*args, **kwargs)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/cli/init.py", line 136, in ls
solos = solo.client.find_all()
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/client.py", line 57, in find_all
hid_devices = list(CtapHidDevice.list_devices())
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/hid.py", line 135, in list_devices
for d in hidtransport.hid.Enumerate():
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 194, in Enumerate
ParseUevent(uevent_file.read(), desc)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/cli/_patches.py", line 113, in newParseUevent
oldnewParseUevent(uevent, desc)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 164, in ParseUevent
k, v = line.split(b'=')
ValueError: not enough values to unpack (expected 2, got 1)
`
`$ pip list
Package Version
certifi 2020.12.5
cffi 1.14.5
chardet 4.0.0
click 7.1.2
cryptography 3.4.6
ecdsa 0.16.1
fido2 0.8.1
idna 2.10
intelhex 2.3.0
pip 20.2.3
pycparser 2.20
pyserial 3.5
pyusb 1.1.1
requests 2.25.1
setuptools 49.2.1
six 1.15.0
solo-python 0.0.27
urllib3 1.26.3
`
You will already run into this with the minimal example
`Python 3.9.2 (default, Feb 20 2021, 18:40:11)
[GCC 10.2.0] on linux
import solo
solo.client.find()
Traceback (most recent call last):
File "", line 1, in
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/client.py", line 47, in find
p.find_device(dev=raw_device, solo_serial=solo_serial)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/solo/client.py", line 99, in find_device
devices = list(CtapHidDevice.list_devices())
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/hid.py", line 135, in list_devices
for d in hidtransport.hid.Enumerate():
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 194, in Enumerate
ParseUevent(uevent_file.read(), desc)
File "/home/kabbone/IT/Solokey/solo-python/lib/python3.9/site-packages/fido2/_pyu2f/linux.py", line 164, in ParseUevent
k, v = line.split(b'=')
ValueError: not enough values to unpack (expected 2, got 1)
`
5.11.2.arch1-1
libfido2-1.5.0-3
Currently, you require "fido == 0.7.0"
. Wouldn't "fido2 >= 0.7.0"
work too?
python-fido2 0.7.1
was released 22 days ago, and solo-python
seems to work with it too.
Edit:
What about support for fido2 0.8.1
, when will it be supported?
Since we are adding credential management support in Solo, I believe we also need relevant commands in solo-python. I propose the following CLI interface:
solo key cred --pin <pin>
get resident keys metadata
solo key cred get-rps --pin <pin>
list of relying parties with resident keys
solo key cred get-rks --pin <pin> <rpId>
list of resident keys with the specified rpId
solo key cred rm-rk --pin <pin> <credId>
deletes the resident key with the specified credential id
I can easily implement this one if others are OK with that.
I'm a noob and getting the following on Mac OS (10.14.1) when trying to install via pip3:
>pip3 install solo-python
Collecting solo-python
Could not find a version that satisfies the requirement solo-python (from versions: )
No matching distribution found for solo-python
Any pointers?
There are two parts:
-p/--pin <PIN>
in all subcommands that might need itsolo pin set/reset
to set/change the PINThere is working code in https://github.com/solokeys/solo/blob/master/tools/testing/tests/fido2.py https://github.com/solokeys/fido2-tests/tree/master/tests/standard/fido2 to guide this.
The actual code should be added to client.py, which the CLI just calls.
I am sure a typical solokey customer is a bit 'geeky' - still you could make geek lives easier. Please add to install instructions.
apt install python3-pip python3-setuptools python3-wheel
Just typing
pip3 install solo-python
does not work.
Despite this thanks for a open product. Very kind of you!
I was doing some testing of the solo-python
library because I wanted to use it. I wanted to read the serial number of the keys to differentiate between two keys that I have added to my laptop. (I want this because you can't have the same resident keys in two solo keys so one needs to know what resident key to expect for a given solo key.) I noticed that only the CLI provided access to the keys.
$ solo ls
:: Solos
207636905548: SoloKeys Solo 4.0.0
However when using python to get information for a given key the serial number is missing:
$ python
Python 3.8.2 (default, Feb 28 2020, 00:00:00)
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import solo
>>> solos = solo.client.find()
>>> print(solos.dev.descriptor)
{'path': '/dev/hidraw1', 'usage_page': 61904, 'usage': 1, 'vendor_id': 1155, 'product_id': 41674, 'product_string': 'SoloKeys Solo 4.0.0'}
Ideally the descriptor would also have the serial number information.
I started digging at the code and I found the culprit. The python-fido2
library doesn't parse uevent
files fully and misses the serial number entry. But there was a fix within solo in the cli._patches module. Using the solo library through the CLI to get the serial number felt like too much of a hack so I tried to add the fix to the library so it worked accross all functions.
I succeeded in doing so with this patch with which I 'll be making a PR as well.
During the course of all this I noticed that the problem is trully with with the Yubico fido2 python library. The fix on their side would be this patch. The patch was inspired by the solo python _patches fix. If the solo-python maintainers are ok with it I 'd be happy to submit it to the python-fido2 library.
With either fix the code above gives the following result:
$ python
Python 3.8.2 (default, Feb 28 2020, 00:00:00)
[GCC 10.0.1 20200216 (Red Hat 10.0.1-0.8)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import solo
>>> solos = solo.client.find()
>>> print(solos.dev.descriptor)
{'path': '/dev/hidraw1', 'usage_page': 61904, 'usage': 1, 'vendor_id': 1155, 'product_id': 41674, 'product_string': 'SoloKeys Solo 4.0.0', 'serial_number': '207636905548'}
Notice the serial_number
entry at the end of the printed dictionary. This allows for easier use of the solo keys serial number within a python program in order to differentiate between solo keys.
solo key version
etc with 2 inserted keys results in this error:
Traceback (most recent call last):
File "/home/xxxx/.local/bin/solo", line 10, in <module>
sys.exit(solo_cli())
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/xxxx/.local/lib/python3.7/site-packages/solo/cli/key.py", line 409, in version
res = solo.client.find(serial, udp=udp).solo_version()
File "/home/xxxx/.local/lib/python3.7/site-packages/solo/client.py", line 46, in find
p.find_device(dev=raw_device, solo_serial=solo_serial)
File "/home/xxxx/.local/lib/python3.7/site-packages/solo/client.py", line 104, in find_device
raise solo.exceptions.NonUniqueDeviceError
solo.exceptions.NonUniqueDeviceError
one key was a solo and the other one a somu key
After installing solo-python on Windows 10 with pip install --user solo-python
trying to run solo ls
fails with this output
C:\Users\User>solo ls
:: Solos
b'\\\\?\\hid#vid_0483&pid_a2ca#6&2c612bc6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\x00': Solo HACKER (Unlocked)
Traceback (most recent call last):
File "c:\program files\python37\lib\runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "c:\program files\python37\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Users\User\AppData\Roaming\Python\Python37\Scripts\solo.exe\__main__.py", line 9, in <module>
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 717, in main
rv = self.invoke(ctx)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 555, in invoke
return callback(*args, **kwargs)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\cli\__init__.py", line 112, in ls
st_dfus = solo.dfu.find_all()
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\dfu.py", line 52, in find_all
st_dfus = usb.core.find(idVendor=0x0483, idProduct=0xDF11, find_all=True)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\usb\core.py", line 1263, in find
raise NoBackendError('No backend available')
usb.core.NoBackendError: No backend available
At this time I have a solo hacker inserted and 'solo key wink,
solo key verify and
solo key rng` commands work.
Hi,
I started packaging solo-python for Debian. Could you please add gpg signatures for your releases, that would make things a lot trustworthier for Debian / Ubuntu users.
You can find a short guide how to do that here: https://wiki.debian.org/Creating%20signed%20GitHub%20releases
Thanks,
Philip
Maybe solokeys/solo1#144 will roll out quickly, but separately it would be great to have a command
solo install-udev-rules
or similar that
This can already be done today with a Makefile
This should be implemented as a library function or functions, that the CLI calls.
I have a Solo key and Yubikey 5 plugged in at the same time:
$ solo key verify
Please press the button on your Solo key
Traceback (most recent call last):
File "/home/solo-user/.local/bin/solo", line 8, in <module>
sys.exit(solo_cli())
File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 829, in __call__
return self.main(*args, **kwargs)
File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/solo-user/.local/lib/python3.8/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/home/solo-user/.local/lib/python3.8/site-packages/solo/cli/key.py", line 323, in verify
cert = solo.client.find(serial, udp=udp).make_credential(pin=pin)
File "/home/solo-user/.local/lib/python3.8/site-packages/solo/client.py", line 46, in find
p.find_device(dev=raw_device, solo_serial=solo_serial)
File "/home/solo-user/.local/lib/python3.8/site-packages/solo/client.py", line 104, in find_device
raise solo.exceptions.NonUniqueDeviceError
solo.exceptions.NonUniqueDeviceError
When I removed the Yubikey the error went away.
while trying to use my raspi 4 as a dev machine I found something interesting.
apparently the solo tool will not recognize the solo on an SSH session except if the same user is also logged in via local console or desktop. lsusb will still find the solo though.
Device: Somu Hacker
the update itself work flawless (5.10.11-arch1-1 #1 SMP PREEMPT Wed, 27 Jan 2021 13:53:16 +0000 x86_64 GNU/Linux), but the update flow is too fast. The device gets with the first command into the bootloader but the flashing part does not wait long enough for it.
✔ [11:26|coelner@localhost bin]$ solo version
0.0.27
✔ [11:26|coelner@localhost bin]$ solo ls
:: Solos
1337DEADBEEF: SoloKeys Solo 4.0.0
✔ [11:26|coelner@localhost bin]$ solo key update
Wrote temporary copy of firmware-4.1.0.json to /tmp/tmp78tdsymh.json
sha256sums coincide: 0b4a198bde48a4c0bbe6931ddf5fc24aa22aad5cd3d45391ef542d6c5ec7e724
Switching into bootloader mode...
error:
problem flashing firmware!
no Solo found
✔ [11:26|coelner@localhost bin]$ solo key update
Not using FIDO2 interface.
Wrote temporary copy of firmware-4.1.0.json to /tmp/tmp5po_ozir.json
sha256sums coincide: 0b4a198bde48a4c0bbe6931ddf5fc24aa22aad5cd3d45391ef542d6c5ec7e724
using signature version >2.5.3
erasing firmware...
updated firmware 100%
time: 9.44 s
bootloader is verifying signature...
...pass!
Congratulations, your key was updated to the latest firmware version: 4.1.0
I blame this line:
https://github.com/solokeys/solo-python/blob/76d7255b47cc5697578bce8aac2982daf3aaab04/solo/cli/update.py#L187
after changing it to time.sleep(1.0)
it works with the first try.
We have use cases (e.g. https://github.com/ola-ct/Qt-SESAM) where people want to get HMAC(device-secret, provided nonce)
. The idea is that we can use hmac-secret
for this.
Implement this here, so we can refer people to it.
Dependabot couldn't authenticate with https://pypi.python.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
When making a bundled firmware in Docker, it runs into this issue.
+ /opt/conda/bin/solo mergehex bootloader-nonverifying-2.3.0.hex firmware-hacker-2.3.0.hex bundle-hacker-2.3.0.hex
THIS COMMAND SHOULD NOT BE RUN AS ROOT!
Please install udev rules and run `solo` as regular user (without sudo).
We suggest using: https://github.com/solokeys/solo/blob/master/udev/70-solokeys-access.rules
For more information, see: https://docs.solokeys.io/solo/udev/
Maybe turn the root message into a warning?
It might be a good idea to add a warning if Solo is being run as root, to catch more people running on linux and don't have udev rules set.
import os
if os.geteuid() == 0: print('Warning')
I am trying to use its challenge response method for unlocking a LUKS-encrypted drive (encrypt complete / partition except /boot partition).
I tried to create custom hook(in Arch Linux) for solokey, challenge-response will be performed during booting sequence.
The solokey tool is a python package, I tried to include the python & solo in custom hook on initrd image(using mkinitcpio) but facing issues related to python.
Since yubikey (ykchalresp) tool is a simple binary, its straightforward to include ykchalresp in initrd image(https://github.com/agherzan/yubikey-full-disk-encryption/blob/master/src/install/ykfde). But solokey is only available as python package, facing difficulty including python&solo in initrd image for Arch Linux.
https://github.com/saravanan30erd/solokey-full-disk-encryption/blob/master/skfde-install
Is it any other tool(simple binary same as ykchalresp) for solokey?
When using the solo key challenge-response
command you have to press the solo key before you get a response. Is there a way to do get the response without having to press the solo key?
I gave it a try from python as well:
>>>import solo.hmac_secret as shc
>>> shc.simple_secret(
... credential_id='appropariate_credential_id',
... secret_input='myinput',
... host='myhost.org'
... )
Touch your authenticator to generate a reponse...
...
but I still had to press the solo key and couldn't find any option to circumvent it. Is there such an option?
I've tried to update my SOMU key using this tool. But the key did reject the firmeware:
$ solo key update
Not using FIDO2 interface.
Wrote temporary copy of firmware-3.1.2.json to /tmp/tmpvcjvo97b.json
sha256sums coincide: 4a24fae228b5c5560d5ed8982770a72dec3cae5dcb02f6fc768b03a60afb10cf
using signature version >2.5.3
erasing firmware...
updated firmware 100%
time: 7.45 s
bootloader is verifying signature...
...error!
Your key did not accept the firmware's signature! Possible reasons:
* Tried to flash "hacker" firmware on custom hacker key with verifying bootloader
Currently, your key does not work. Please run update again with correct parameters
Now my key is constantly flashing red.
How can I now fix my key again? (The web updater could not fix)
Probably this tool only works for Solo keys and not for Somu? A check before update would be very helpful for preventing others to run into this issue.
Just managed to install solo-python after struggling in Ubuntu!
https://github.com/solokeys/solo-python#firmware-update
states the commandline as solo key update --secure
./pip3 install solo-python
./solo key update --secure
Usage: solo key update [OPTIONS]
Try "solo key update --help" for help.
Error: no such option: --secure
seems the new command line is
./solo key update
./solo key version
3.0.0 locked
Many linux systems require pip3 install not pip install
I've tested this on both a macos and archlinux system, both running python 3.7.4, and in both cases solo key verify
causes an immediate crash.
$ solo key verify
Please press the button on your Solo key
Traceback (most recent call last):
File "/usr/bin/solo", line 10, in <module>
sys.exit(solo_cli())
File "/usr/lib/python3.7/site-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3.7/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3.7/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3.7/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/lib/python3.7/site-packages/solo/cli/key.py", line 219, in verify
cert = solo.client.find(serial).make_credential()
File "/usr/lib/python3.7/site-packages/solo/client.py", line 215, in make_credential
attest, data = self.client.make_credential(rp, user, challenge, exclude_list=[])
File "/usr/lib/python3.7/site-packages/fido2/client.py", line 308, in make_credential
pin, timeout, on_keepalive
File "/usr/lib/python3.7/site-packages/fido2/client.py", line 324, in _ctap2_make_credential
raise ValueError('PIN required!')
ValueError: PIN required!
It crashes within a split second of me hitting enter before I have a chance to try and press the button on the key. My key is a Solo Secure running 2.4.2.
solo key update --hacker
fails with this message:
C:\Users\User>solo key update --hacker
Traceback (most recent call last):
File "c:\program files\python37\lib\runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "c:\program files\python37\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Users\User\AppData\Roaming\Python\Python37\Scripts\solo.exe\__main__.py", line 9, in <module>
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 717, in main
rv = self.invoke(ctx)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\click\core.py", line 555, in invoke
return callback(*args, **kwargs)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\cli\update.py", line 63, in update
solo_client.is_solo_bootloader()
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\client.py", line 243, in is_solo_bootloader
self.bootloader_version()
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\client.py", line 185, in bootloader_version
data = self.exchange(SoloBootloader.version)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\solo\client.py", line 155, in exchange_u2f
res = self.ctap1.authenticate(chal, appid, req)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\fido2\ctap1.py", line 259, in authenticate
response = self.send_apdu(ins=CTAP1.INS.AUTHENTICATE, p1=p1, data=data)
File "C:\Users\User\AppData\Roaming\Python\Python37\site-packages\fido2\ctap1.py", line 223, in send_apdu
raise ApduError(status, data)
fido2.ctap1.ApduError: (27264, b'')
Finally found some time to play with my Solo Hacker.
After building the firmware successfully following the docs, I immediately bricked the device during the first flash try.
Fortunately, I could recover it two days later using one of those cheap ST-Link clones found on ebay...
Then I started playing with DFU mode again to find it very unstable. Every flash program cycle with the full firmware aborted (without error message!) between 10% and 80% of progress.
The root cause of my problems is the fact that USB error exceptions are not handled in the following line:
The ctrl transfer for get status sometimes leads to a USB pipe error, which is not handled and silently aborts the program.
I could fix the issue by catching and ignoring all USB errors at this location, which is of course a very harsh work around.
I think the flash programming especially in DFU mode, where it is very easy to brick the device, should be more robust. At least clear error indications should be given in the case of failure.
Have you guys tested this on the new version of Windows 10 that is getting pushed out 1903? It looks like with this release solo-python only works if run as administrator. Seems to be USB HID related as it is affecting other USB HID devices I have tested as well. To force Windows to update to 1903 to test this you can opt in to the Windows insider program.
I'm trying to update my solo key on a new laptop (with udev rules already installed) but it is failing.
solo key update --secure
We are about to update with the latest Solo Secure firmware.
Please confirm that the connected Solo key is a Solo Secure [y/N]: y
Wrote temporary copy of firmware-secure-2.5.3.json to /tmp/tmpgvas76y9.json
sha256sums coincide: 022f0d7a86f982a1621a6d43624c28b0f88ddfb986caea3c71c7fec9bca62729
erasing firmware...
problem flashing firmware!
CTAP error: 0x01 - INVALID_COMMAND
Traceback (most recent call last):
File "/home/johnny/.local/bin/solo", line 11, in <module>
sys.exit(solo_cli())
File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/johnny/.local/lib/python3.6/site-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/johnny/.local/lib/python3.6/site-packages/solo/cli/update.py", line 212, in update
sig = solo_client.program_file(firmware_file)
File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 328, in program_file
self.write_flash(i, data)
File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 192, in write_flash
self.exchange(SoloBootloader.write, addr, data)
File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 143, in exchange_hid
data = self.send_data_hid(SoloBootloader.HIDCommandBoot, req)
File "/home/johnny/.local/lib/python3.6/site-packages/solo/client.py", line 138, in send_data_hid
return self.dev.call(cmd, data, event)
File "/home/johnny/.local/lib/python3.6/site-packages/fido2/hid.py", line 95, in call
raise CtapError(resp[0])
fido2.ctap.CtapError: CTAP error: 0x01 - INVALID_COMMAND
I created the credentials for many use cases like google auth, webauthn.io, one for SSH,.. But solo key credential ls
not showing any of the credentials which I created. I am not sure how this credentials ls
works. In which criteria it shows the created credentials?
I have 3 keys - and updated one from 3.0.0. to 4.0.0 (Worked on with the first key -> see my other ubuntu issue)
For the next key, I followed same but forgot to 'press and hold'
plug in your key, keeping the button pressed until the LED flashes yellow
just typed ./solo key update
and it went to bootloader mode.
Is this expected behaviour?
I was actually worried if I somehow killed the device. (It works OK)
user@ubuntu : ~/.local/bin $ ./solo key verify
Please press the button on your Solo key
Register valid
Valid Solo (<=3.0.0) firmware from SoloKeys.
user@ubuntu : ~/.local/bin $ ./solo key update
Wrote temporary copy of firmware-4.0.0.json to /tmp/tmpnp42c43l.json
sha256sums coincide: b1822355eb1151f004cd7886ba338deee8c84488299ec3a8e5448a1057cd8455
Switching into bootloader mode...
error:
problem flashing firmware!
[Errno 19] No such device
(NOW IT WAS BLINKING continuously)
user@ubuntu : ~/.local/bin $ ./solo version
0.0.24
user@ubuntu : ~/.local/bin $ ./solo ls
Not using FIDO2 interface.
:: Solos
redacted: SoloKeys Solo Bootloader 3.0.0
user@ubuntu : ~/.local/bin $ ./solo ls
Not using FIDO2 interface.
:: Solos
redacted: SoloKeys Solo Bootloader 3.0.0
user@ubuntu : ~/.local/bin $ ./solo key update
Not using FIDO2 interface.
Wrote temporary copy of firmware-4.0.0.json to /tmp/tmp9w_cp__9.json
sha256sums coincide: b1822355eb1151f004cd7886ba338deee8c84488299ec3a8e5448a1057cd8455
using signature version >2.5.3
erasing firmware...
updated firmware 100%
time: 7.68 s
bootloader is verifying signature...
...pass!
Congratulations, your key was updated to the latest firmware version: 4.0.0
$ solo key verify
Please press the button on your Solo key
Traceback (most recent call last):
File "/usr/local/bin/solo", line 8, in <module>
sys.exit(solo_cli())
File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/solo/cli/key.py", line 322, in verify
cert = solo.client.find(serial, udp=udp).make_credential(pin=pin)
File "/usr/local/lib/python3.7/dist-packages/solo/client.py", line 233, in make_credential
rp, user, challenge, exclude_list=[], pin=pin
TypeError: make_credential() takes 2 positional arguments but 4 were given
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.