From e0d3b5e0daa577c7d7e00f5c31464eb6b402e8b5 Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Fri, 15 Oct 2021 21:31:11 +0200
Subject: [PATCH 1/9] Add support for choosing algorithm and displaying public
 key to make_credential (v0.0.30 version)

---
 solo/cli/key.py     | 20 +++++++++++++++++---
 solo/hmac_secret.py | 23 +++++++++++++++++------
 2 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index 299c86d..3b838cd 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -19,6 +19,7 @@
 from fido2.client import ClientError as Fido2ClientError
 from fido2.ctap1 import ApduError
 from fido2.ctap2 import CredentialManagement
+import fido2.cose
 
 import solo
 import solo.fido2
@@ -134,21 +135,28 @@ def feedkernel(count, serial):
     default="Touch your authenticator to generate a credential...",
     show_default=True,
 )
-def make_credential(serial, host, user, udp, prompt, pin):
+@click.option("--alg", default="EdDSA,ES256", help="Algorithm(s) for key, separated by ',', in order of preference")
+@click.option("--no-pubkey", is_flag=True, default=False, help="Do not display public key")
+def make_credential(serial, host, user, udp, prompt, pin, alg, no_pubkey):
     """Generate a credential.
 
-    Pass `--prompt ""` to output only the `credential_id` as hex.
+    Pass `--prompt "" --no-pubkey` to output only the `credential_id` as hex.
     """
 
     import solo.hmac_secret
 
+    algs = [fido2.cose.CoseKey.for_name(a).ALGORITHM for a in alg.split(",")]
+    if None in algs:
+        print("Error: Unknown algorithm(s): ", [a for a, aid in zip(alg.split(","), algs) if aid is None])
+        return 1
+
     # check for PIN
     if not pin:
         pin = getpass.getpass("PIN (leave empty for no PIN): ")
     if not pin:
         pin = None
 
-    solo.hmac_secret.make_credential(
+    cred_id, pk = solo.hmac_secret.make_credential(
         host=host,
         user_id=user,
         serial=serial,
@@ -156,8 +164,14 @@ def make_credential(serial, host, user, udp, prompt, pin):
         prompt=prompt,
         udp=udp,
         pin=pin,
+        algs=algs
     )
 
+    pk_bytes = pk[-2]
+
+    if not no_pubkey:
+        print(f"Public key ({type(pk).__name__}) (HEX): {pk_bytes.hex()}")
+
 
 @click.command()
 @click.option("-s", "--serial", help="Serial number of Solo use")
diff --git a/solo/hmac_secret.py b/solo/hmac_secret.py
index 773340a..a50ee40 100644
--- a/solo/hmac_secret.py
+++ b/solo/hmac_secret.py
@@ -14,6 +14,13 @@
 import hashlib
 import secrets
 
+import fido2.cose
+from fido2.webauthn import (
+    PublicKeyCredentialCreationOptions,
+    PublicKeyCredentialParameters, PublicKeyCredentialDescriptor,
+    PublicKeyCredentialType, PublicKeyCredentialRpEntity,
+)
+
 import solo.client
 
 
@@ -25,15 +32,19 @@ def make_credential(
     prompt="Touch your authenticator to generate a credential...",
     output=True,
     udp=False,
+    algs=None
 ):
+    if algs is None:
+        algs = [fido2.cose.EdDSA.ALGORITHM, fido2.cose.ES256.ALGORITHM]
+
     user_id = user_id.encode()
     client = solo.client.find(solo_serial=serial, udp=udp).get_current_fido_client()
 
-    rp = {"id": host, "name": "Example RP"}
+    rp = PublicKeyCredentialRpEntity(host, "Example RP")
     client.host = host
     client.origin = f"https://{client.host}"
     client.user_id = user_id
-    user = {"id": user_id, "name": "A. User"}
+    user = fido2.webauthn.PublicKeyCredentialUserEntity(user_id, "A. User")
     challenge = secrets.token_bytes(32)
 
     if prompt:
@@ -45,8 +56,8 @@ def make_credential(
             "user": user,
             "challenge": challenge,
             "pubKeyCredParams": [
-                {"type": "public-key", "alg": -8},
-                {"type": "public-key", "alg": -7},
+                PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, alg)
+                for alg in algs
             ],
             "extensions": {"hmacCreateSecret": True},
         },
@@ -58,7 +69,7 @@ def make_credential(
     if output:
         print(credential_id.hex())
 
-    return credential_id
+    return credential_id, credential.public_key
 
 
 def simple_secret(
@@ -83,7 +94,7 @@ def simple_secret(
     # user = {"id": user_id, "name": "A. User"}
     credential_id = binascii.a2b_hex(credential_id)
 
-    allow_list = [{"type": "public-key", "id": credential_id}]
+    allow_list = [PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, credential_id)]
 
     challenge = secrets.token_bytes(32)
 

From dacd2281fc64ee3de7c16c13aff98a97ef90834a Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Fri, 15 Oct 2021 21:40:24 +0200
Subject: [PATCH 2/9] Add support for Minisign to sign-file/sign-hash and
 make-credential (largely from branch minisign(-v0.0.27)), via a custom CTAP
 command, see stevenwdv/solo:sign-hash. (v0.0.30 version) Note that sign-hash
 now uses HEX credentials just like make-credential, and it will respect the
 credential algorithm

---
 solo/cli/key.py      | 166 +++++++++++++++++++++++++++++++++++++++----
 solo/devices/base.py |  23 +++---
 2 files changed, 167 insertions(+), 22 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index 3b838cd..f591f61 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -11,12 +11,14 @@
 import getpass
 import hashlib
 import os
+import pathlib
 import sys
 import time
 
 import click
 from cryptography.hazmat.primitives import hashes
 from fido2.client import ClientError as Fido2ClientError
+from fido2.ctap import CtapError
 from fido2.ctap1 import ApduError
 from fido2.ctap2 import CredentialManagement
 import fido2.cose
@@ -137,7 +139,13 @@ def feedkernel(count, serial):
 )
 @click.option("--alg", default="EdDSA,ES256", help="Algorithm(s) for key, separated by ',', in order of preference")
 @click.option("--no-pubkey", is_flag=True, default=False, help="Do not display public key")
-def make_credential(serial, host, user, udp, prompt, pin, alg, no_pubkey):
+@click.option("--minisign", is_flag=True, default=False, help="Display public key in Minisign-compatible format")
+@click.option("--key-file", default=None, help="File to store public key (use with --minisign)")
+@click.option("--key-id", default=None, help="Key ID to write to key file (8 bytes as HEX) (use with --key-file)"
+                                             " [default: <hash of credential ID>]")
+@click.option("--untrusted-comment", default=None,
+              help="Untrusted comment to write to public key file (use with --key-file) [default: <key ID>]")
+def make_credential(serial, host, user, udp, prompt, pin, alg, no_pubkey, minisign, key_file, key_id, untrusted_comment):
     """Generate a credential.
 
     Pass `--prompt "" --no-pubkey` to output only the `credential_id` as hex.
@@ -169,9 +177,45 @@ def make_credential(serial, host, user, udp, prompt, pin, alg, no_pubkey):
 
     pk_bytes = pk[-2]
 
-    if not no_pubkey:
+    if minisign:
+        if pk.ALGORITHM != fido2.cose.EdDSA.ALGORITHM:
+            print(f"Error: Minisign only supports EdDSA keys but this credential was created using {type(pk).__name__}")
+            return 1
+
+        if key_id is not None:
+            key_id_hex = key_id
+            key_id = int(key_id, 16).to_bytes(8, "little")
+        else:
+            key_id = hashlib.blake2b(cred_id).digest()[:8]
+            # key_id is interpreted as little endian integer and then converted to hex (omitting leading zeros)
+            key_id_hex = f"{int.from_bytes(key_id, 'little'):X}"
+
+        minisign_pk = base64.b64encode(b"Ed" + key_id + pk_bytes)
+        if not no_pubkey:
+            print(f"Public key ({type(pk).__name__}) {key_id_hex} (Minisign Base64): {minisign_pk.decode()}")
+
+    elif not no_pubkey:
         print(f"Public key ({type(pk).__name__}) (HEX): {pk_bytes.hex()}")
 
+    if key_file is not None:
+        if minisign:
+            if untrusted_comment is not None:
+                untrusted_comment_bytes = untrusted_comment.encode()
+            else:
+                untrusted_comment_bytes = b"minisign solokey public key " + key_id_hex.encode()
+
+            with open(key_file, "wb") as f:
+                f.write(b"untrusted comment: ")
+                f.write(untrusted_comment_bytes)
+                f.write(b"\n")
+                f.write(minisign_pk)
+                f.write(b"\n")
+
+            print(f"Minisign public key written to {key_file}")
+
+        else:
+            print("Writing key file is only supported for minisign keys")
+
 
 @click.command()
 @click.option("-s", "--serial", help="Serial number of Solo use")
@@ -608,27 +652,123 @@ def cred_rm(pin, credential_id, serial, udp):
 @click.command()
 @click.option("--pin", help="PIN for to access key")
 @click.option("-s", "--serial", help="Serial number of Solo to use")
+@click.option(
+    "--udp", is_flag=True, default=False, help="Communicate over UDP with software key"
+)
+@click.option(
+    "--prompt",
+    help="Prompt for user",
+    default="Touch your authenticator to generate a response...",
+    show_default=True,
+)
+@click.option("--minisign", is_flag=True, default=False, help="Use Minisign-compatible signatures (pre-hashed)")
+@click.option("--sig-file", default=None, help="Destination file for signature"
+                                               " (<filename>.(mini)sig if empty)")
+@click.option("--trusted-comment", default=None,
+              help="Trusted comment included in global signature (combine with --minisign)"
+                   " [default: <time and file name, prehashed>]")
+@click.option("--untrusted-comment", default="signature created on solokey", show_default=True,
+              help="Untrusted comment not included in global signature (combine with --minisign and --sig-file)")
+@click.option("--key-id", default=None,
+              help="Key ID to write to signature file (8 bytes as HEX) (combine with --minisign and --sig-file) "
+                   "[default: <hash of credential ID>]")
 @click.argument("credential-id")
 @click.argument("filename")
-def sign_file(pin, serial, credential_id, filename):
+def sign_file(pin, serial, udp, prompt, credential_id, filename, sig_file,
+              minisign, trusted_comment, untrusted_comment, key_id):
     """Sign the specified file using the given credential-id"""
 
-    dev = solo.client.find(serial)
-    dgst = hashlib.sha256()
+    # check for PIN
+    if not pin:
+        pin = getpass.getpass("PIN (leave empty for no PIN): ")
+    if not pin:
+        pin = None
+
+    dev = solo.client.find(solo_serial=serial, udp=udp)
+
+    credential_id = bytes.fromhex(credential_id)
+
+    dgst = hashlib.blake2b() if minisign else hashlib.sha256()
     with open(filename, "rb") as f:
         while True:
             data = f.read(64 * 1024)
             if not data:
                 break
             dgst.update(data)
-    print("{0}  {1}".format(dgst.hexdigest(), filename))
-    print("Please press the button on your Solo key")
-    ret = dev.sign_hash(base64.b64decode(credential_id), dgst.digest(), pin)
-    sig = ret[1]
-    sig_file = filename + ".sig"
-    print("Saving signature to " + sig_file)
-    with open(sig_file, "wb") as f:
-        f.write(sig)
+    print(f"{dgst.hexdigest()}  {filename}")
+
+    if prompt:
+        print(prompt)
+
+    if minisign:
+        if trusted_comment is None:
+            timestamp = int(time.time())
+            just_file_name = pathlib.Path(filename).name
+            trusted_comment = f"timestamp:{timestamp}\tfile:{just_file_name}\tprehashed"
+            trusted_comment_bytes = trusted_comment.encode()
+            if len(trusted_comment_bytes) > 128:
+                trusted_comment = f"timestamp:{timestamp}\tfile:<name too long>\tprehashed"
+            trusted_comment_bytes = trusted_comment.encode()
+        else:
+            trusted_comment_bytes = trusted_comment.encode()
+
+        print(f"Trusted comment: {trusted_comment}")
+
+        try:
+            ret = dev.sign_hash(credential_id, dgst.digest(), pin, trusted_comment_bytes)
+        except CtapError as err:
+            if err.code == CtapError.ERR.INVALID_OPTION:
+                print("Got CTAP error 0x2C INVALID_OPTION. Are you sure you used an EdDSA credential with Minisign?")
+                return 1
+            else:
+                raise
+
+        file_signature = ret[1]
+        if ret[2] is None:
+            print("Authenticator does not support Minisign")
+            return 1
+        global_signature = ret[2]
+
+        print(f"File signature (Base64): {base64.b64encode(file_signature).decode()}")
+        print(f"Global signature (Base64): {base64.b64encode(global_signature).decode()}")
+
+        if sig_file is not None:
+            untrusted_comment_bytes = untrusted_comment.encode()
+            if key_id is not None:
+                key_id = int(key_id, 16).to_bytes(8, "little")
+            else:
+                key_id = hashlib.blake2b(credential_id).digest()[:8]
+            key_id_hex = f"{int.from_bytes(key_id, 'little'):X}"
+
+            if sig_file == "":
+                sig_file = filename + ".minisig"
+            with open(sig_file, "wb") as f:
+                f.write(b"untrusted comment: ")
+                f.write(untrusted_comment_bytes)
+                f.write(b"\n")
+                f.write(base64.b64encode(b"ED" + key_id + file_signature))
+                f.write(b"\ntrusted comment: ")
+                f.write(trusted_comment_bytes)
+                f.write(b"\n")
+                f.write(base64.b64encode(global_signature))
+                f.write(b"\n")
+
+            print(f"Signature using key {key_id_hex} written to {sig_file}")
+
+    else:
+        ret = dev.sign_hash(credential_id, dgst.digest(), pin)
+        signature = ret[1]
+
+        print(f"Signature (Base64): {base64.b64encode(signature).decode()}")
+
+        if sig_file is not None:
+            if sig_file == "":
+                sig_file = filename + ".sig"
+
+            with open(sig_file, "wb") as f:
+                f.write(signature)
+
+            print(f"Signature written to {sig_file}")
 
 
 key.add_command(rng)
diff --git a/solo/devices/base.py b/solo/devices/base.py
index 30fc54d..c0852af 100644
--- a/solo/devices/base.py
+++ b/solo/devices/base.py
@@ -6,7 +6,8 @@
 from fido2.ctap2 import CTAP2, CredentialManagement
 from fido2.hid import CTAPHID
 from fido2.utils import hmac_sha256
-from fido2.webauthn import PublicKeyCredentialCreationOptions
+from fido2.webauthn import PublicKeyCredentialCreationOptions, PublicKeyCredentialDescriptor
+import fido2.ctap2.base
 
 from solo import helpers
 
@@ -140,20 +141,24 @@ def program_kbd(self, cmd):
         ctap2 = CTAP2(self.get_current_hid_device())
         return ctap2.send_cbor(0x51, cmd)
 
-    def sign_hash(self, credential_id, dgst, pin):
+    def sign_hash(self, credential_id, dgst, pin, trusted_comment=None):
         ctap2 = CTAP2(self.get_current_hid_device())
         client = self.get_current_fido_client()
+
+        pin_auth = None
         if pin:
             pin_token = client.client_pin.get_pin_token(pin)
             pin_auth = hmac_sha256(pin_token, dgst)[:16]
-            return ctap2.send_cbor(
-                0x50,
-                {1: dgst, 2: {"id": credential_id, "type": "public-key"}, 3: pin_auth},
-            )
-        else:
-            return ctap2.send_cbor(
-                0x50, {1: dgst, 2: {"id": credential_id, "type": "public-key"}}
+
+        return ctap2.send_cbor(
+            0x50,
+            fido2.ctap2.base.args(
+                dgst,
+                PublicKeyCredentialDescriptor("public-key", credential_id),
+                pin_auth,
+                trusted_comment
             )
+        )
 
     def program_file(self, name):
         pass

From 70a1001808d1cdff5433752a85fd914978b976aa Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Wed, 20 Oct 2021 12:55:04 +0200
Subject: [PATCH 3/9] Added `list-algorithms` command to list algorithms
 supported by python-fido2. Display default value for `--alg` in help.

---
 solo/cli/key.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index f591f61..a0570bc 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -121,6 +121,17 @@ def feedkernel(count, serial):
     print(f"Entropy after:  0x{open(entropy_info_file).read().strip()}")
 
 
+@click.command()
+def list_algorithms():
+    """Display algorithms supported by client.
+
+    These can be passed to `solo key make-credential`.
+    """
+
+    alg_names = (fido2.cose.CoseKey.for_alg(alg).__name__ for alg in fido2.cose.CoseKey.supported_algorithms())
+    print(f"Supported algorithms: {', '.join(alg_names)}")
+
+
 @click.command()
 @click.option("-s", "--serial", help="Serial number of Solo use")
 @click.option(
@@ -137,7 +148,8 @@ def feedkernel(count, serial):
     default="Touch your authenticator to generate a credential...",
     show_default=True,
 )
-@click.option("--alg", default="EdDSA,ES256", help="Algorithm(s) for key, separated by ',', in order of preference")
+@click.option("--alg", default="EdDSA,ES256", show_default=True,
+              help="Algorithm(s) for key, separated by ',', in order of preference")
 @click.option("--no-pubkey", is_flag=True, default=False, help="Do not display public key")
 @click.option("--minisign", is_flag=True, default=False, help="Display public key in Minisign-compatible format")
 @click.option("--key-file", default=None, help="File to store public key (use with --minisign)")
@@ -145,7 +157,8 @@ def feedkernel(count, serial):
                                              " [default: <hash of credential ID>]")
 @click.option("--untrusted-comment", default=None,
               help="Untrusted comment to write to public key file (use with --key-file) [default: <key ID>]")
-def make_credential(serial, host, user, udp, prompt, pin, alg, no_pubkey, minisign, key_file, key_id, untrusted_comment):
+def make_credential(serial, host, user, udp, prompt, pin,
+                    alg, no_pubkey, minisign, key_file, key_id, untrusted_comment):
     """Generate a credential.
 
     Pass `--prompt "" --no-pubkey` to output only the `credential_id` as hex.
@@ -775,6 +788,7 @@ def sign_file(pin, serial, udp, prompt, credential_id, filename, sig_file,
 rng.add_command(hexbytes)
 rng.add_command(raw)
 rng.add_command(feedkernel)
+key.add_command(list_algorithms)
 key.add_command(make_credential)
 key.add_command(challenge_response)
 key.add_command(reset)

From 6f2f63dbeb2b1e82ebe733388735969293170597 Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Mon, 25 Oct 2021 18:53:19 +0200
Subject: [PATCH 4/9] Added RP to sign-file defaulting to 'solo-sign-hash:' and
 --default-sign-host to make-credential to quickly set RP ID to this

---
 solo/cli/key.py      | 24 ++++++++++++++++++------
 solo/devices/base.py |  5 +++--
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index a0570bc..0e1a736 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -135,8 +135,10 @@ def list_algorithms():
 @click.command()
 @click.option("-s", "--serial", help="Serial number of Solo use")
 @click.option(
-    "--host", help="Relying party's host", default="solokeys.dev", show_default=True
+    "--host", help="Relying party's host  [default: solokeys.dev]", default=None
 )
+@click.option("--default-sign-host", is_flag=True, default=False,
+              help="Set host to default value for sign-file, shorthand for --host 'solo-sign-hash:'")
 @click.option("--user", help="User ID", default="they", show_default=True)
 @click.option("--pin", help="PIN", default=None)
 @click.option(
@@ -151,13 +153,14 @@ def list_algorithms():
 @click.option("--alg", default="EdDSA,ES256", show_default=True,
               help="Algorithm(s) for key, separated by ',', in order of preference")
 @click.option("--no-pubkey", is_flag=True, default=False, help="Do not display public key")
-@click.option("--minisign", is_flag=True, default=False, help="Display public key in Minisign-compatible format")
+@click.option("--minisign", is_flag=True, default=False,
+              help="Display public key in Minisign-compatible format and set host to 'solo-sign-hash:' for sign-hash")
 @click.option("--key-file", default=None, help="File to store public key (use with --minisign)")
 @click.option("--key-id", default=None, help="Key ID to write to key file (8 bytes as HEX) (use with --key-file)"
                                              " [default: <hash of credential ID>]")
 @click.option("--untrusted-comment", default=None,
               help="Untrusted comment to write to public key file (use with --key-file) [default: <key ID>]")
-def make_credential(serial, host, user, udp, prompt, pin,
+def make_credential(serial, host, default_sign_host, user, udp, prompt, pin,
                     alg, no_pubkey, minisign, key_file, key_id, untrusted_comment):
     """Generate a credential.
 
@@ -177,6 +180,14 @@ def make_credential(serial, host, user, udp, prompt, pin,
     if not pin:
         pin = None
 
+    if default_sign_host:
+        if host is not None:
+            print("Error: Cannot specify both --host and --default-sign-host")
+            return 1
+        host = "solo-sign-hash:"
+    elif host is None:
+        host = "solokeys.dev"
+
     cred_id, pk = solo.hmac_secret.make_credential(
         host=host,
         user_id=user,
@@ -674,6 +685,7 @@ def cred_rm(pin, credential_id, serial, udp):
     default="Touch your authenticator to generate a response...",
     show_default=True,
 )
+@click.option("--host", default="solo-sign-hash:", help="Choose relying host, must start with 'solo-sign-hash:'")
 @click.option("--minisign", is_flag=True, default=False, help="Use Minisign-compatible signatures (pre-hashed)")
 @click.option("--sig-file", default=None, help="Destination file for signature"
                                                " (<filename>.(mini)sig if empty)")
@@ -687,7 +699,7 @@ def cred_rm(pin, credential_id, serial, udp):
                    "[default: <hash of credential ID>]")
 @click.argument("credential-id")
 @click.argument("filename")
-def sign_file(pin, serial, udp, prompt, credential_id, filename, sig_file,
+def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
               minisign, trusted_comment, untrusted_comment, key_id):
     """Sign the specified file using the given credential-id"""
 
@@ -728,7 +740,7 @@ def sign_file(pin, serial, udp, prompt, credential_id, filename, sig_file,
         print(f"Trusted comment: {trusted_comment}")
 
         try:
-            ret = dev.sign_hash(credential_id, dgst.digest(), pin, trusted_comment_bytes)
+            ret = dev.sign_hash(credential_id, dgst.digest(), pin, host, trusted_comment_bytes)
         except CtapError as err:
             if err.code == CtapError.ERR.INVALID_OPTION:
                 print("Got CTAP error 0x2C INVALID_OPTION. Are you sure you used an EdDSA credential with Minisign?")
@@ -769,7 +781,7 @@ def sign_file(pin, serial, udp, prompt, credential_id, filename, sig_file,
             print(f"Signature using key {key_id_hex} written to {sig_file}")
 
     else:
-        ret = dev.sign_hash(credential_id, dgst.digest(), pin)
+        ret = dev.sign_hash(credential_id, dgst.digest(), pin, host)
         signature = ret[1]
 
         print(f"Signature (Base64): {base64.b64encode(signature).decode()}")
diff --git a/solo/devices/base.py b/solo/devices/base.py
index c0852af..b144c38 100644
--- a/solo/devices/base.py
+++ b/solo/devices/base.py
@@ -141,7 +141,7 @@ def program_kbd(self, cmd):
         ctap2 = CTAP2(self.get_current_hid_device())
         return ctap2.send_cbor(0x51, cmd)
 
-    def sign_hash(self, credential_id, dgst, pin, trusted_comment=None):
+    def sign_hash(self, credential_id, dgst, pin, rp_id, trusted_comment=None):
         ctap2 = CTAP2(self.get_current_hid_device())
         client = self.get_current_fido_client()
 
@@ -156,7 +156,8 @@ def sign_hash(self, credential_id, dgst, pin, trusted_comment=None):
                 dgst,
                 PublicKeyCredentialDescriptor("public-key", credential_id),
                 pin_auth,
-                trusted_comment
+                trusted_comment,
+                rp_id
             )
         )
 

From a0a16867700563788a0b83e578b33c2355382e25 Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Mon, 25 Oct 2021 19:16:31 +0200
Subject: [PATCH 5/9] Force Fido2Client to accept any RP ID, incl.
 'solo-sign-hash:...'

---
 solo/devices/solo_v1.py | 3 ++-
 solo/hmac_secret.py     | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/solo/devices/solo_v1.py b/solo/devices/solo_v1.py
index 5752f99..a482e8e 100644
--- a/solo/devices/solo_v1.py
+++ b/solo/devices/solo_v1.py
@@ -73,7 +73,8 @@ def find_device(self, dev=None, solo_serial=None):
             self.ctap2 = None
 
         try:
-            self.client = Fido2Client(dev, self.origin)
+            # Accept any RP ID, including e.g. 'solo-sign-hash:...'
+            self.client = Fido2Client(dev, self.origin, verify=lambda _rp_id, _origin: True)
         except CtapError:
             print("Not using FIDO2 interface.")
             self.client = None
diff --git a/solo/hmac_secret.py b/solo/hmac_secret.py
index a50ee40..760edbc 100644
--- a/solo/hmac_secret.py
+++ b/solo/hmac_secret.py
@@ -42,7 +42,7 @@ def make_credential(
 
     rp = PublicKeyCredentialRpEntity(host, "Example RP")
     client.host = host
-    client.origin = f"https://{client.host}"
+    client.origin = client.host if ":" in client.host else f"https://{client.host}"
     client.user_id = user_id
     user = fido2.webauthn.PublicKeyCredentialUserEntity(user_id, "A. User")
     challenge = secrets.token_bytes(32)
@@ -89,7 +89,7 @@ def simple_secret(
 
     # rp = {"id": host, "name": "Example RP"}
     client.host = host
-    client.origin = f"https://{client.host}"
+    client.origin = client.host if ":" in client.host else f"https://{client.host}"
     client.user_id = user_id
     # user = {"id": user_id, "name": "A. User"}
     credential_id = binascii.a2b_hex(credential_id)

From 05b04acf6d876071c17f6b9799311e64ce8c6ecb Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Mon, 25 Oct 2021 19:29:37 +0200
Subject: [PATCH 6/9] Added more hints to sign-file

---
 solo/cli/key.py | 41 +++++++++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index 0e1a736..f335945 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -172,22 +172,22 @@ def make_credential(serial, host, default_sign_host, user, udp, prompt, pin,
     algs = [fido2.cose.CoseKey.for_name(a).ALGORITHM for a in alg.split(",")]
     if None in algs:
         print("Error: Unknown algorithm(s): ", [a for a, aid in zip(alg.split(","), algs) if aid is None])
-        return 1
-
-    # check for PIN
-    if not pin:
-        pin = getpass.getpass("PIN (leave empty for no PIN): ")
-    if not pin:
-        pin = None
+        sys.exit(1)
 
     if default_sign_host:
         if host is not None:
             print("Error: Cannot specify both --host and --default-sign-host")
-            return 1
+            sys.exit(2)
         host = "solo-sign-hash:"
     elif host is None:
         host = "solokeys.dev"
 
+    # check for PIN
+    if not pin:
+        pin = getpass.getpass("PIN (leave empty for no PIN): ")
+    if not pin:
+        pin = None
+
     cred_id, pk = solo.hmac_secret.make_credential(
         host=host,
         user_id=user,
@@ -204,7 +204,7 @@ def make_credential(serial, host, default_sign_host, user, udp, prompt, pin,
     if minisign:
         if pk.ALGORITHM != fido2.cose.EdDSA.ALGORITHM:
             print(f"Error: Minisign only supports EdDSA keys but this credential was created using {type(pk).__name__}")
-            return 1
+            sys.exit(1)
 
         if key_id is not None:
             key_id_hex = key_id
@@ -744,14 +744,21 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
         except CtapError as err:
             if err.code == CtapError.ERR.INVALID_OPTION:
                 print("Got CTAP error 0x2C INVALID_OPTION. Are you sure you used an EdDSA credential with Minisign?")
-                return 1
+                sys.exit(1)
+            elif err.code == CtapError.ERR.INVALID_CREDENTIAL:
+                print("Got CTAP error 0x22 INVALID_CREDENTIAL.")
+                if host.startswith("solo-sign-hash:"):
+                    print("Are you sure you created this credential using a 'solo-sign-hash:...' host?")
+                else:
+                    print("Host should start with 'solo-sign-hash:'")
+                sys.exit(1)
             else:
                 raise
 
         file_signature = ret[1]
         if ret[2] is None:
             print("Authenticator does not support Minisign")
-            return 1
+            sys.exit(1)
         global_signature = ret[2]
 
         print(f"File signature (Base64): {base64.b64encode(file_signature).decode()}")
@@ -781,7 +788,17 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
             print(f"Signature using key {key_id_hex} written to {sig_file}")
 
     else:
-        ret = dev.sign_hash(credential_id, dgst.digest(), pin, host)
+        try:
+            ret = dev.sign_hash(credential_id, dgst.digest(), pin, host)
+        except CtapError as err:
+            if err.code == CtapError.ERR.INVALID_CREDENTIAL:
+                print("Got CTAP error 0x22 INVALID_CREDENTIAL.")
+                if host.startswith("solo-sign-hash:"):
+                    print("Are you sure you created this credential using a 'solo-sign-hash:...' host?")
+                else:
+                    print("Host should start with 'solo-sign-hash:'")
+                sys.exit(1)
+
         signature = ret[1]
 
         print(f"Signature (Base64): {base64.b64encode(signature).decode()}")

From 7bf368cc820eae19ae9ec3c14065cff5301992d8 Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Mon, 25 Oct 2021 19:37:16 +0200
Subject: [PATCH 7/9] Added more hints to sign-file

---
 solo/cli/key.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index f335945..1860742 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -748,7 +748,7 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
             elif err.code == CtapError.ERR.INVALID_CREDENTIAL:
                 print("Got CTAP error 0x22 INVALID_CREDENTIAL.")
                 if host.startswith("solo-sign-hash:"):
-                    print("Are you sure you created this credential using a 'solo-sign-hash:...' host?")
+                    print(f"Are you sure you created this credential using host '{host}'?")
                 else:
                     print("Host should start with 'solo-sign-hash:'")
                 sys.exit(1)
@@ -794,7 +794,7 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
             if err.code == CtapError.ERR.INVALID_CREDENTIAL:
                 print("Got CTAP error 0x22 INVALID_CREDENTIAL.")
                 if host.startswith("solo-sign-hash:"):
-                    print("Are you sure you created this credential using a 'solo-sign-hash:...' host?")
+                    print(f"Are you sure you created this credential using host '{host}'?")
                 else:
                     print("Host should start with 'solo-sign-hash:'")
                 sys.exit(1)

From 98436b7b400298196f8a5e2a67e40c1351b5029a Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Tue, 2 Nov 2021 12:31:42 +0100
Subject: [PATCH 8/9] Added hints to sign-file about mixing --minisign with
 ES256 credential etc.

---
 solo/cli/key.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index 1860742..a32fddd 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -686,7 +686,9 @@ def cred_rm(pin, credential_id, serial, udp):
     show_default=True,
 )
 @click.option("--host", default="solo-sign-hash:", help="Choose relying host, must start with 'solo-sign-hash:'")
-@click.option("--minisign", is_flag=True, default=False, help="Use Minisign-compatible signatures (pre-hashed)")
+@click.option("--minisign", is_flag=True, default=False,
+              help="Use Minisign-compatible signature (pre-hashed) with EdDSA credential,"
+                   " default is to try ES256 signature")
 @click.option("--sig-file", default=None, help="Destination file for signature"
                                                " (<filename>.(mini)sig if empty)")
 @click.option("--trusted-comment", default=None,
@@ -745,6 +747,9 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
             if err.code == CtapError.ERR.INVALID_OPTION:
                 print("Got CTAP error 0x2C INVALID_OPTION. Are you sure you used an EdDSA credential with Minisign?")
                 sys.exit(1)
+            elif err.code == CtapError.ERR.INVALID_LENGTH:
+                print("Got CTAP error 0x03 INVALID_LENGTH. Are you sure you used an EdDSA credential with Minisign?")
+                sys.exit(1)
             elif err.code == CtapError.ERR.INVALID_CREDENTIAL:
                 print("Got CTAP error 0x22 INVALID_CREDENTIAL.")
                 if host.startswith("solo-sign-hash:"):
@@ -791,7 +796,11 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
         try:
             ret = dev.sign_hash(credential_id, dgst.digest(), pin, host)
         except CtapError as err:
-            if err.code == CtapError.ERR.INVALID_CREDENTIAL:
+            if err.code == CtapError.ERR.INVALID_LENGTH:
+                print("Got CTAP error 0x03 INVALID_LENGTH. Are you sure you used an ES256 credential, "
+                      "or did you mean to specify --minisign?")
+                sys.exit(1)
+            elif err.code == CtapError.ERR.INVALID_CREDENTIAL:
                 print("Got CTAP error 0x22 INVALID_CREDENTIAL.")
                 if host.startswith("solo-sign-hash:"):
                     print(f"Are you sure you created this credential using host '{host}'?")

From 2098535646c9ba280bd385c4957df03b9a8633bc Mon Sep 17 00:00:00 2001
From: stevenwdv <stevenwdv@gmail.com>
Date: Sat, 13 Nov 2021 00:12:20 +0100
Subject: [PATCH 9/9] sign-file: change 'prehashed' to 'hashed' in trusted
 comment

---
 solo/cli/key.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/solo/cli/key.py b/solo/cli/key.py
index a32fddd..c30fb45 100644
--- a/solo/cli/key.py
+++ b/solo/cli/key.py
@@ -693,7 +693,7 @@ def cred_rm(pin, credential_id, serial, udp):
                                                " (<filename>.(mini)sig if empty)")
 @click.option("--trusted-comment", default=None,
               help="Trusted comment included in global signature (combine with --minisign)"
-                   " [default: <time and file name, prehashed>]")
+                   " [default: <time and file name, hashed>]")
 @click.option("--untrusted-comment", default="signature created on solokey", show_default=True,
               help="Untrusted comment not included in global signature (combine with --minisign and --sig-file)")
 @click.option("--key-id", default=None,
@@ -731,10 +731,10 @@ def sign_file(pin, serial, udp, prompt, credential_id, host, filename, sig_file,
         if trusted_comment is None:
             timestamp = int(time.time())
             just_file_name = pathlib.Path(filename).name
-            trusted_comment = f"timestamp:{timestamp}\tfile:{just_file_name}\tprehashed"
+            trusted_comment = f"timestamp:{timestamp}\tfile:{just_file_name}\thashed"
             trusted_comment_bytes = trusted_comment.encode()
             if len(trusted_comment_bytes) > 128:
-                trusted_comment = f"timestamp:{timestamp}\tfile:<name too long>\tprehashed"
+                trusted_comment = f"timestamp:{timestamp}\tfile:<name too long>\thashed"
             trusted_comment_bytes = trusted_comment.encode()
         else:
             trusted_comment_bytes = trusted_comment.encode()