A demo of RFC 6287 / OCRA using MirageOS on QubesOS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Mirage OCRA Build status

  • This is a sample QubesOS unikernel using https://github.com/sg2342/ocaml-rfc6287 to perform authentication using the OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1 suite as implemented in OTP.to cards

  • Since the low-level primitives are provided by nocrypto which is eternally stuck in a frustratingly fucked and/or unmaintained state, pin this revision which is the last occasion on which anybody cared about mirage-xen support: opam pin add -n nocrypto -k git 'https://github.com/mirleft/ocaml-nocrypto.git#79d5db2488e338d161d7e170cd681a8120ce07d1'

  • This demo is probably a bit tricky to install since it uses the unpackaged mirage-framebuffer library. See the eye-of-mirage README for installation instructions for that, and complain in the GitHub issues here if that gives you problems.

Running it

  • You probably want to run something like (after following the instructions above):
opam install cstruct mirage mirage-qubes mirage-key mirage-time-lwt rfc6287 mirage-framebuffer nocrypto
./yomake $(cat my.card.secret)
  • You need to press enter since the state machine is line-based. There is no local echo.