Skip to content

fix: verify the device's mutual-auth server proof (M8)#103

Merged
g4bri3lDev merged 1 commit into
OpenDisplay:mainfrom
balloob:fix/auth-server-proof
Jul 5, 2026
Merged

fix: verify the device's mutual-auth server proof (M8)#103
g4bri3lDev merged 1 commit into
OpenDisplay:mainfrom
balloob:fix/auth-server-proof

Conversation

@balloob

@balloob balloob commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

M8 — server proof never verified; mutual auth was one-way (🟠)

The firmware computes CMAC(session_key, server_nonce ‖ client_nonce ‖ device_id) precisely so the client can authenticate the device. But authenticate() called parse_authenticate_success() (which returns the 16-byte proof) and discarded the return value. A device — or a MITM — that returned status 0x00 without knowing the master key was accepted, deferring detection to the first encrypted exchange.

Fix

Add compute_server_proof(session_key, server_nonce, client_nonce, device_id) and, in authenticate(), recompute the proof from the derived session key and constant-time-compare it (hmac.compare_digest), raising AuthenticationFailedError on mismatch before storing the session state.

Test plan

  • uv run pytest -q → 445 passed (2 new end-to-end tests: valid proof accepted, bogus proof rejected with no session stored)
  • ruff, mypy clean

🤖 Generated with Claude Code

@balloob balloob requested a review from g4bri3lDev as a code owner July 4, 2026 07:10
@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@balloob balloob force-pushed the fix/auth-server-proof branch from eaa328b to f66e009 Compare July 4, 2026 11:42
Firmware computes CMAC(session_key, server_nonce||client_nonce||device_id)
precisely so the client can authenticate the device, but authenticate()
discarded the 16-byte proof returned by parse_authenticate_success(). A device
(or MITM) that returned status OK without knowing the master key was accepted,
deferring detection to the first encrypted exchange. Recompute the proof from
the derived session key and constant-time-compare it (hmac.compare_digest),
raising AuthenticationFailedError on mismatch before storing the session.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01JRrm95f1qNZzDM9r2SB6KW
@balloob balloob force-pushed the fix/auth-server-proof branch from f66e009 to ba89249 Compare July 5, 2026 14:37
@g4bri3lDev g4bri3lDev merged commit ce6ac6f into OpenDisplay:main Jul 5, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants