Giters

yohanes / teensy-u2f

Teensy LC U2F key implementation

Home Page:http://tinyhack.com/2015/11/08/teensy-lc-u2f-key/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

teensy-u2f

U2F implementation for Teensy LC.

This implementation is simple, works, but a bit insecure in the key handle generation part and user presence check.

The key handle is generated from private key XOR-ed with a simple fixed key (note: key handle generation is outside of U2F implementation scope). Attacker that knows the fixed key (or able to deduce it from multiple registrations request) can get the private key sign any authentication request although in practice its not that easy to perform this attack.

Because there is no user button in Teensy LC, I didn't actually implement any button handling logic for 'user-presence' check. On first request this implementation will assume button is not pressed, and on next request it will assume the user has pressed the button. When logging in to a website, you may need to unplug and replug the Teensy LC.

For the ECDSA key generation and signing this implementation uses the micro-ecc library:

https://github.com/kmackay/micro-ecc

License

See LICENSE.txt

About

Teensy LC U2F key implementation

http://tinyhack.com/2015/11/08/teensy-lc-u2f-key/

License:BSD 2-Clause "Simplified" License

Languages

Language:C 90.5%Language:Arduino 8.2%Language:C++ 1.3%