libfido2: update to 1.10.0
Some highlights from NEWS: ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. ** New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. ** Documentation and reliability fixes. ** Support for TPM 2.0 attestation of COSE_ES256 credentials. Relnotes: Yes Sponsored by: The FreeBSD Foundation
This commit is contained in:
commit
3e696dfb70
@ -28,7 +28,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
|
|||||||
set(CMAKE_COLOR_MAKEFILE OFF)
|
set(CMAKE_COLOR_MAKEFILE OFF)
|
||||||
set(CMAKE_VERBOSE_MAKEFILE ON)
|
set(CMAKE_VERBOSE_MAKEFILE ON)
|
||||||
set(FIDO_MAJOR "1")
|
set(FIDO_MAJOR "1")
|
||||||
set(FIDO_MINOR "9")
|
set(FIDO_MINOR "10")
|
||||||
set(FIDO_PATCH "0")
|
set(FIDO_PATCH "0")
|
||||||
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
|
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
|
||||||
|
|
||||||
@ -40,16 +40,15 @@ option(BUILD_TOOLS "Build tool programs" ON)
|
|||||||
option(FUZZ "Enable fuzzing instrumentation" OFF)
|
option(FUZZ "Enable fuzzing instrumentation" OFF)
|
||||||
option(LIBFUZZER "Build libfuzzer harnesses" OFF)
|
option(LIBFUZZER "Build libfuzzer harnesses" OFF)
|
||||||
option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
|
option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
|
||||||
option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" OFF)
|
option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" ON)
|
||||||
option(NFC_LINUX "Experimental NFC support on Linux" OFF)
|
option(NFC_LINUX "Enable NFC support on Linux" ON)
|
||||||
|
|
||||||
add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
|
add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
|
||||||
add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
|
add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
|
||||||
add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
|
add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
|
||||||
|
|
||||||
if(CYGWIN OR MSYS)
|
if(CYGWIN OR MSYS OR MINGW)
|
||||||
set(WIN32 1)
|
set(WIN32 1)
|
||||||
add_definitions(-DWINVER=0x0a00)
|
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(WIN32)
|
if(WIN32)
|
||||||
@ -68,12 +67,13 @@ if(NOT MSVC)
|
|||||||
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
|
||||||
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
|
||||||
elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
|
elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
|
||||||
set(NFC_LINUX ON)
|
|
||||||
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
|
||||||
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
|
||||||
elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
|
elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
|
||||||
CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD")
|
CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD")
|
||||||
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1")
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1")
|
||||||
|
elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
|
||||||
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_NETBSD_SOURCE")
|
||||||
endif()
|
endif()
|
||||||
set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99")
|
set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99")
|
||||||
set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}")
|
set(CMAKE_C_FLAGS "${FIDO_CFLAGS} ${CMAKE_C_FLAGS}")
|
||||||
@ -167,12 +167,13 @@ if(MSVC)
|
|||||||
endif()
|
endif()
|
||||||
set(CBOR_LIBRARIES cbor)
|
set(CBOR_LIBRARIES cbor)
|
||||||
set(ZLIB_LIBRARIES zlib)
|
set(ZLIB_LIBRARIES zlib)
|
||||||
set(CRYPTO_LIBRARIES crypto-46)
|
set(CRYPTO_LIBRARIES crypto-47)
|
||||||
set(MSVC_DISABLED_WARNINGS_LIST
|
set(MSVC_DISABLED_WARNINGS_LIST
|
||||||
"C4152" # nonstandard extension used: function/data pointer
|
"C4152" # nonstandard extension used: function/data pointer
|
||||||
# conversion in expression;
|
# conversion in expression;
|
||||||
"C4200" # nonstandard extension used: zero-sized array in
|
"C4200" # nonstandard extension used: zero-sized array in
|
||||||
# struct/union;
|
# struct/union;
|
||||||
|
"C4201" # nonstandard extension used: nameless struct/union;
|
||||||
"C4204" # nonstandard extension used: non-constant aggregate
|
"C4204" # nonstandard extension used: non-constant aggregate
|
||||||
# initializer;
|
# initializer;
|
||||||
"C4706" # assignment within conditional expression;
|
"C4706" # assignment within conditional expression;
|
||||||
@ -188,8 +189,10 @@ if(MSVC)
|
|||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
|
||||||
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Od /Z7 /guard:cf /sdl /RTCcsu")
|
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Od /Z7 /guard:cf /sdl /RTCcsu")
|
||||||
set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl")
|
set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl")
|
||||||
|
if(USE_WINHELLO)
|
||||||
add_definitions(-DUSE_WINHELLO)
|
add_definitions(-DUSE_WINHELLO)
|
||||||
set(USE_WINHELLO ON)
|
endif()
|
||||||
|
set(NFC_LINUX OFF)
|
||||||
else()
|
else()
|
||||||
include(FindPkgConfig)
|
include(FindPkgConfig)
|
||||||
pkg_search_module(CBOR libcbor)
|
pkg_search_module(CBOR libcbor)
|
||||||
@ -223,6 +226,8 @@ else()
|
|||||||
set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
|
set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
else()
|
||||||
|
set(NFC_LINUX OFF)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(MINGW)
|
if(MINGW)
|
||||||
@ -238,14 +243,18 @@ else()
|
|||||||
set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
|
set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if(FUZZ)
|
|
||||||
set(NFC_LINUX ON)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if(NFC_LINUX)
|
if(NFC_LINUX)
|
||||||
add_definitions(-DNFC_LINUX)
|
add_definitions(-DNFC_LINUX)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
if(WIN32)
|
||||||
|
if(USE_WINHELLO)
|
||||||
|
add_definitions(-DUSE_WINHELLO)
|
||||||
|
endif()
|
||||||
|
else()
|
||||||
|
set(USE_WINHELLO OFF)
|
||||||
|
endif()
|
||||||
|
|
||||||
add_compile_options(-Wall)
|
add_compile_options(-Wall)
|
||||||
add_compile_options(-Wextra)
|
add_compile_options(-Wextra)
|
||||||
add_compile_options(-Werror)
|
add_compile_options(-Werror)
|
||||||
@ -257,6 +266,10 @@ else()
|
|||||||
add_compile_options(-pedantic)
|
add_compile_options(-pedantic)
|
||||||
add_compile_options(-pedantic-errors)
|
add_compile_options(-pedantic-errors)
|
||||||
|
|
||||||
|
if(WIN32)
|
||||||
|
add_compile_options(-Wno-type-limits)
|
||||||
|
add_compile_options(-Wno-cast-function-type)
|
||||||
|
endif()
|
||||||
if(HAVE_SHORTEN_64_TO_32)
|
if(HAVE_SHORTEN_64_TO_32)
|
||||||
add_compile_options(-Wshorten-64-to-32)
|
add_compile_options(-Wshorten-64-to-32)
|
||||||
endif()
|
endif()
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Copyright (c) 2018-2021 Yubico AB. All rights reserved.
|
Copyright (c) 2018-2022 Yubico AB. All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
modification, are permitted provided that the following conditions are
|
modification, are permitted provided that the following conditions are
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
* Version 1.10.0 (2022-01-17)
|
||||||
|
** hid_osx: handle devices with paths > 511 bytes; gh#462.
|
||||||
|
** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
|
||||||
|
** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
|
||||||
|
** winhello: fallback to hid_win.c if webauthn.dll isn't available.
|
||||||
|
** New API calls:
|
||||||
|
- fido_dev_info_set;
|
||||||
|
- fido_dev_io_handle;
|
||||||
|
- fido_dev_new_with_info;
|
||||||
|
- fido_dev_open_with_info.
|
||||||
|
** Cygwin and NetBSD build fixes.
|
||||||
|
** Documentation and reliability fixes.
|
||||||
|
** Support for TPM 2.0 attestation of COSE_ES256 credentials.
|
||||||
|
|
||||||
* Version 1.9.0 (2021-10-27)
|
* Version 1.9.0 (2021-10-27)
|
||||||
** Enabled NFC support on Linux.
|
** Enabled NFC support on Linux.
|
||||||
** Added OpenSSL 3.0 compatibility.
|
** Added OpenSSL 3.0 compatibility.
|
||||||
|
@ -10,7 +10,7 @@ image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fu
|
|||||||
communicate with a FIDO device over USB, and to verify attestation and
|
communicate with a FIDO device over USB, and to verify attestation and
|
||||||
assertion signatures.
|
assertion signatures.
|
||||||
|
|
||||||
*libfido2* supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
|
*libfido2* supports the FIDO U2F (CTAP 1) and FIDO2 (CTAP 2) protocols.
|
||||||
|
|
||||||
For usage, see the `examples/` directory.
|
For usage, see the `examples/` directory.
|
||||||
|
|
||||||
@ -42,7 +42,7 @@ is also available.
|
|||||||
|
|
||||||
==== Releases
|
==== Releases
|
||||||
|
|
||||||
The current release of *libfido2* is 1.9.0. Please consult Yubico's
|
The current release of *libfido2* is 1.10.0. Please consult Yubico's
|
||||||
https://developers.yubico.com/libfido2/Releases[release page] for source
|
https://developers.yubico.com/libfido2/Releases[release page] for source
|
||||||
and binary releases.
|
and binary releases.
|
||||||
|
|
||||||
|
5
contrib/libfido2/SECURITY.md
Normal file
5
contrib/libfido2/SECURITY.md
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# Reporting libfido2 Security Issues
|
||||||
|
|
||||||
|
To report security issues in libfido2, please contact security@yubico.com.
|
||||||
|
A PGP public key can be found at
|
||||||
|
https://www.yubico.com/support/security-advisories/issue-rating-system/.
|
@ -25,7 +25,7 @@ The following definitions are used in the description below:
|
|||||||
|
|
||||||
- <blobkey>
|
- <blobkey>
|
||||||
|
|
||||||
A credential's associated FIDO 2.1 "largeBlob" symmetric key.
|
A credential's associated CTAP 2.1 "largeBlob" symmetric key.
|
||||||
|
|
||||||
=== Description
|
=== Description
|
||||||
|
|
||||||
|
@ -7,6 +7,6 @@ ENV DEBIAN_FRONTEND=noninteractive
|
|||||||
RUN apt-get update
|
RUN apt-get update
|
||||||
RUN apt-get install -y clang-12 cmake git libssl-dev libudev-dev make pkg-config
|
RUN apt-get install -y clang-12 cmake git libssl-dev libudev-dev make pkg-config
|
||||||
RUN apt-get install -y zlib1g-dev
|
RUN apt-get install -y zlib1g-dev
|
||||||
RUN git clone --branch v0.8.0 https://github.com/PJK/libcbor
|
RUN git clone --branch v0.9.0 https://github.com/PJK/libcbor
|
||||||
RUN git clone https://github.com/yubico/libfido2
|
RUN git clone https://github.com/yubico/libfido2
|
||||||
RUN CC=clang-12 CXX=clang++-12 /libfido2/fuzz/build-coverage /libcbor /libfido2
|
RUN CC=clang-12 CXX=clang++-12 /libfido2/fuzz/build-coverage /libcbor /libfido2
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# Use of this source code is governed by a BSD-style
|
# Use of this source code is governed by a BSD-style
|
||||||
# license that can be found in the LICENSE file.
|
# license that can be found in the LICENSE file.
|
||||||
|
|
||||||
IMAGE := libfido2-coverage:1.9.1
|
IMAGE := libfido2-coverage:1.10.0
|
||||||
RUNNER := libfido2-runner
|
RUNNER := libfido2-runner
|
||||||
PROFDATA := llvm-profdata-12
|
PROFDATA := llvm-profdata-12
|
||||||
COV := llvm-cov-12
|
COV := llvm-cov-12
|
||||||
|
@ -201,6 +201,7 @@
|
|||||||
fido_dev_info_product;
|
fido_dev_info_product;
|
||||||
fido_dev_info_product_string;
|
fido_dev_info_product_string;
|
||||||
fido_dev_info_ptr;
|
fido_dev_info_ptr;
|
||||||
|
fido_dev_info_set;
|
||||||
fido_dev_info_vendor;
|
fido_dev_info_vendor;
|
||||||
fido_dev_is_fido2;
|
fido_dev_is_fido2;
|
||||||
fido_dev_major;
|
fido_dev_major;
|
||||||
|
@ -172,7 +172,7 @@ cbor_array_iter 12 0 100.00% 16 0
|
|||||||
cbor_parse_reply 27 0 100.00% 36 0 100.00%
|
cbor_parse_reply 27 0 100.00% 36 0 100.00%
|
||||||
cbor_vector_free 6 0 100.00% 5 0 100.00%
|
cbor_vector_free 6 0 100.00% 5 0 100.00%
|
||||||
cbor_bytestring_copy 14 0 100.00% 18 0 100.00%
|
cbor_bytestring_copy 14 0 100.00% 18 0 100.00%
|
||||||
cbor_string_copy 14 1 92.86% 18 3 83.33%
|
cbor_string_copy 14 0 100.00% 18 0 100.00%
|
||||||
cbor_add_bytestring 14 0 100.00% 21 0 100.00%
|
cbor_add_bytestring 14 0 100.00% 21 0 100.00%
|
||||||
cbor_add_string 14 0 100.00% 21 0 100.00%
|
cbor_add_string 14 0 100.00% 21 0 100.00%
|
||||||
cbor_add_bool 14 0 100.00% 21 0 100.00%
|
cbor_add_bool 14 0 100.00% 21 0 100.00%
|
||||||
@ -200,7 +200,7 @@ cbor_decode_uint64 4 0 100.00% 8 0
|
|||||||
cbor_decode_cred_id 8 0 100.00% 9 0 100.00%
|
cbor_decode_cred_id 8 0 100.00% 9 0 100.00%
|
||||||
cbor_decode_user 8 0 100.00% 9 0 100.00%
|
cbor_decode_user 8 0 100.00% 9 0 100.00%
|
||||||
cbor_decode_rp_entity 8 0 100.00% 9 0 100.00%
|
cbor_decode_rp_entity 8 0 100.00% 9 0 100.00%
|
||||||
cbor_build_uint 10 4 60.00% 9 4 55.56%
|
cbor_build_uint 10 1 90.00% 9 2 77.78%
|
||||||
cbor_array_append 17 0 100.00% 21 0 100.00%
|
cbor_array_append 17 0 100.00% 21 0 100.00%
|
||||||
cbor_array_drop 18 2 88.89% 17 3 82.35%
|
cbor_array_drop 18 2 88.89% 17 3 82.35%
|
||||||
cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00%
|
cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00%
|
||||||
@ -209,7 +209,7 @@ cbor.c:cbor_add_arg 13 0 100.00% 21 0
|
|||||||
cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00%
|
cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00%
|
||||||
cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00%
|
cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00%
|
||||||
cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88%
|
cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88%
|
||||||
cbor.c:get_cose_alg 36 1 97.22% 38 3 92.11%
|
cbor.c:get_cose_alg 36 0 100.00% 38 0 100.00%
|
||||||
cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00%
|
cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00%
|
||||||
cbor.c:decode_attcred 25 0 100.00% 44 0 100.00%
|
cbor.c:decode_attcred 25 0 100.00% 44 0 100.00%
|
||||||
cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00%
|
cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00%
|
||||||
@ -222,7 +222,7 @@ cbor.c:decode_cred_id_entry 10 0 100.00% 19 0
|
|||||||
cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00%
|
cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00%
|
||||||
cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00%
|
cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00%
|
||||||
------------------------------------------------------------------------------------------------------------------
|
------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 1047 28 97.33% 1237 54 95.63%
|
TOTAL 1047 23 97.80% 1237 46 96.28%
|
||||||
|
|
||||||
File '/libfido2/src/compress.c':
|
File '/libfido2/src/compress.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
@ -386,6 +386,7 @@ fido_dev_get_touch_begin 50 0 100.00% 59
|
|||||||
fido_dev_get_touch_status 17 0 100.00% 20 0 100.00%
|
fido_dev_get_touch_status 17 0 100.00% 20 0 100.00%
|
||||||
fido_dev_set_io_functions 18 4 77.78% 14 6 57.14%
|
fido_dev_set_io_functions 18 4 77.78% 14 6 57.14%
|
||||||
fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67%
|
fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67%
|
||||||
|
fido_dev_io_handle 1 1 0.00% 3 3 0.00%
|
||||||
fido_init 8 1 87.50% 5 0 100.00%
|
fido_init 8 1 87.50% 5 0 100.00%
|
||||||
fido_dev_new 5 0 100.00% 14 0 100.00%
|
fido_dev_new 5 0 100.00% 14 0 100.00%
|
||||||
fido_dev_new_with_info 10 10 0.00% 16 16 0.00%
|
fido_dev_new_with_info 10 10 0.00% 16 16 0.00%
|
||||||
@ -419,7 +420,7 @@ dev.c:fido_dev_set_extension_flags 7 0 100.00% 7
|
|||||||
dev.c:fido_dev_set_option_flags 29 0 100.00% 18 0 100.00%
|
dev.c:fido_dev_set_option_flags 29 0 100.00% 18 0 100.00%
|
||||||
dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00%
|
dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00%
|
||||||
-------------------------------------------------------------------------------------------------------------------
|
-------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 420 78 81.43% 488 102 79.10%
|
TOTAL 421 79 81.24% 491 105 78.62%
|
||||||
|
|
||||||
File '/libfido2/src/ecdh.c':
|
File '/libfido2/src/ecdh.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
@ -493,8 +494,9 @@ Name Regions Miss Cover Lines Mis
|
|||||||
fido_hid_get_usage 13 0 100.00% 22 0 100.00%
|
fido_hid_get_usage 13 0 100.00% 22 0 100.00%
|
||||||
fido_hid_get_report_len 19 0 100.00% 27 0 100.00%
|
fido_hid_get_report_len 19 0 100.00% 27 0 100.00%
|
||||||
fido_dev_info_new 1 0 100.00% 3 0 100.00%
|
fido_dev_info_new 1 0 100.00% 3 0 100.00%
|
||||||
fido_dev_info_free 9 0 100.00% 14 0 100.00%
|
fido_dev_info_free 9 0 100.00% 9 0 100.00%
|
||||||
fido_dev_info_ptr 1 0 100.00% 3 0 100.00%
|
fido_dev_info_ptr 1 0 100.00% 3 0 100.00%
|
||||||
|
fido_dev_info_set 26 2 92.31% 30 3 90.00%
|
||||||
fido_dev_info_path 1 0 100.00% 3 0 100.00%
|
fido_dev_info_path 1 0 100.00% 3 0 100.00%
|
||||||
fido_dev_info_vendor 1 0 100.00% 3 0 100.00%
|
fido_dev_info_vendor 1 0 100.00% 3 0 100.00%
|
||||||
fido_dev_info_product 1 0 100.00% 3 0 100.00%
|
fido_dev_info_product 1 0 100.00% 3 0 100.00%
|
||||||
@ -502,8 +504,9 @@ fido_dev_info_manufacturer_string 1 0 100.00% 3
|
|||||||
fido_dev_info_product_string 1 0 100.00% 3 0 100.00%
|
fido_dev_info_product_string 1 0 100.00% 3 0 100.00%
|
||||||
hid.c:get_key_len 6 0 100.00% 12 0 100.00%
|
hid.c:get_key_len 6 0 100.00% 12 0 100.00%
|
||||||
hid.c:get_key_val 6 0 100.00% 18 0 100.00%
|
hid.c:get_key_val 6 0 100.00% 18 0 100.00%
|
||||||
|
hid.c:fido_dev_info_reset 1 0 100.00% 6 0 100.00%
|
||||||
-------------------------------------------------------------------------------------------------------------------
|
-------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 60 0 100.00% 114 0 100.00%
|
TOTAL 87 2 97.70% 145 3 97.93%
|
||||||
|
|
||||||
File '/libfido2/src/hid_linux.c':
|
File '/libfido2/src/hid_linux.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
@ -612,7 +615,7 @@ File '/libfido2/src/largeblob.c':
|
|||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
-------------------------------------------------------------------------------------------------------------------
|
-------------------------------------------------------------------------------------------------------------------
|
||||||
fido_dev_largeblob_get 26 2 92.31% 38 4 89.47%
|
fido_dev_largeblob_get 26 2 92.31% 38 4 89.47%
|
||||||
fido_dev_largeblob_set 27 2 92.59% 36 4 88.89%
|
fido_dev_largeblob_set 27 0 100.00% 36 0 100.00%
|
||||||
fido_dev_largeblob_remove 12 0 100.00% 18 0 100.00%
|
fido_dev_largeblob_remove 12 0 100.00% 18 0 100.00%
|
||||||
fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19%
|
fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19%
|
||||||
fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00%
|
fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00%
|
||||||
@ -642,7 +645,7 @@ largeblob.c:largeblob_get_uv_token 19 0 100.00% 23
|
|||||||
largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00%
|
largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00%
|
||||||
largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57%
|
largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57%
|
||||||
-------------------------------------------------------------------------------------------------------------------
|
-------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 513 21 95.91% 684 47 93.13%
|
TOTAL 513 19 96.30% 684 43 93.71%
|
||||||
|
|
||||||
File '/libfido2/src/log.c':
|
File '/libfido2/src/log.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
@ -783,11 +786,11 @@ TOTAL 24 0 100.00% 23
|
|||||||
File '/libfido2/src/rs1.c':
|
File '/libfido2/src/rs1.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
---------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
rs1_verify_sig 20 1 95.00% 30 3 90.00%
|
rs1_verify_sig 20 0 100.00% 30 0 100.00%
|
||||||
rs1.c:rs1_get_EVP_MD 4 0 100.00% 6 0 100.00%
|
rs1.c:rs1_get_EVP_MD 4 0 100.00% 6 0 100.00%
|
||||||
rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00%
|
rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00%
|
||||||
---------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 25 1 96.00% 39 3 92.31%
|
TOTAL 25 0 100.00% 39 0 100.00%
|
||||||
|
|
||||||
File '/libfido2/src/rs256.c':
|
File '/libfido2/src/rs256.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
@ -820,15 +823,17 @@ TOTAL 43 3 93.02% 43
|
|||||||
File '/libfido2/src/tpm.c':
|
File '/libfido2/src/tpm.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
---------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
fido_get_signed_hash_tpm 20 0 100.00% 25 0 100.00%
|
fido_get_signed_hash_tpm 25 0 100.00% 39 0 100.00%
|
||||||
tpm.c:check_rsa2048_pubarea 16 0 100.00% 28 0 100.00%
|
tpm.c:check_es256_pubarea 18 0 100.00% 30 0 100.00%
|
||||||
tpm.c:bswap_rsa2048_pubarea 1 0 100.00% 10 0 100.00%
|
tpm.c:bswap_es256_pubarea 1 0 100.00% 12 0 100.00%
|
||||||
|
tpm.c:check_rs256_pubarea 16 0 100.00% 28 0 100.00%
|
||||||
|
tpm.c:bswap_rs256_pubarea 1 0 100.00% 10 0 100.00%
|
||||||
tpm.c:check_sha1_certinfo 14 0 100.00% 38 0 100.00%
|
tpm.c:check_sha1_certinfo 14 0 100.00% 38 0 100.00%
|
||||||
tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00%
|
tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00%
|
||||||
tpm.c:get_signed_name 7 0 100.00% 10 0 100.00%
|
tpm.c:get_signed_name 7 0 100.00% 10 0 100.00%
|
||||||
tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00%
|
tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00%
|
||||||
---------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 76 0 100.00% 138 0 100.00%
|
TOTAL 100 0 100.00% 194 0 100.00%
|
||||||
|
|
||||||
File '/libfido2/src/types.c':
|
File '/libfido2/src/types.c':
|
||||||
Name Regions Miss Cover Lines Miss Cover
|
Name Regions Miss Cover Lines Miss Cover
|
||||||
|
@ -175,15 +175,20 @@ static void
|
|||||||
manifest(const struct param *p)
|
manifest(const struct param *p)
|
||||||
{
|
{
|
||||||
size_t ndevs, nfound;
|
size_t ndevs, nfound;
|
||||||
fido_dev_info_t *devlist;
|
fido_dev_info_t *devlist = NULL, *devlist_set = NULL;
|
||||||
int16_t vendor_id, product_id;
|
int16_t vendor_id, product_id;
|
||||||
|
fido_dev_io_t io;
|
||||||
|
fido_dev_transport_t t;
|
||||||
|
|
||||||
|
memset(&io, 0, sizeof(io));
|
||||||
|
memset(&t, 0, sizeof(t));
|
||||||
set_netlink_io_functions(fd_read, fd_write);
|
set_netlink_io_functions(fd_read, fd_write);
|
||||||
set_wire_data(p->netlink_wiredata.body, p->netlink_wiredata.len);
|
set_wire_data(p->netlink_wiredata.body, p->netlink_wiredata.len);
|
||||||
set_udev_parameters(p->uevent, &p->report_descriptor);
|
set_udev_parameters(p->uevent, &p->report_descriptor);
|
||||||
|
|
||||||
ndevs = uniform_random(64);
|
ndevs = uniform_random(64);
|
||||||
if ((devlist = fido_dev_info_new(ndevs)) == NULL ||
|
if ((devlist = fido_dev_info_new(ndevs)) == NULL ||
|
||||||
|
(devlist_set = fido_dev_info_new(1)) == NULL ||
|
||||||
fido_dev_info_manifest(devlist, ndevs, &nfound) != FIDO_OK)
|
fido_dev_info_manifest(devlist, ndevs, &nfound) != FIDO_OK)
|
||||||
goto out;
|
goto out;
|
||||||
for (size_t i = 0; i < nfound; i++) {
|
for (size_t i = 0; i < nfound; i++) {
|
||||||
@ -195,9 +200,13 @@ manifest(const struct param *p)
|
|||||||
product_id = fido_dev_info_product(di);
|
product_id = fido_dev_info_product(di);
|
||||||
consume(&vendor_id, sizeof(vendor_id));
|
consume(&vendor_id, sizeof(vendor_id));
|
||||||
consume(&product_id, sizeof(product_id));
|
consume(&product_id, sizeof(product_id));
|
||||||
|
fido_dev_info_set(devlist_set, 0, fido_dev_info_path(di),
|
||||||
|
fido_dev_info_manufacturer_string(di),
|
||||||
|
fido_dev_info_product_string(di), &io, &t);
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
fido_dev_info_free(&devlist, ndevs);
|
fido_dev_info_free(&devlist, ndevs);
|
||||||
|
fido_dev_info_free(&devlist_set, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
Binary file not shown.
@ -16,33 +16,33 @@ src/authkey.c 44 0 100.00%
|
|||||||
src/bio.c 419 20 95.23% 49 2 95.92% 559 21 96.24%
|
src/bio.c 419 20 95.23% 49 2 95.92% 559 21 96.24%
|
||||||
src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18%
|
src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18%
|
||||||
src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75%
|
src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75%
|
||||||
src/cbor.c 1047 28 97.33% 54 0 100.00% 1237 54 95.63%
|
src/cbor.c 1047 23 97.80% 54 0 100.00% 1237 46 96.28%
|
||||||
src/compress.c 34 4 88.24% 3 0 100.00% 28 3 89.29%
|
src/compress.c 34 4 88.24% 3 0 100.00% 28 3 89.29%
|
||||||
src/config.c 108 0 100.00% 11 0 100.00% 151 0 100.00%
|
src/config.c 108 0 100.00% 11 0 100.00% 151 0 100.00%
|
||||||
src/cred.c 632 34 94.62% 69 2 97.10% 830 36 95.66%
|
src/cred.c 632 34 94.62% 69 2 97.10% 830 36 95.66%
|
||||||
src/credman.c 382 10 97.38% 40 0 100.00% 518 15 97.10%
|
src/credman.c 382 10 97.38% 40 0 100.00% 518 15 97.10%
|
||||||
src/dev.c 420 78 81.43% 44 6 86.36% 488 102 79.10%
|
src/dev.c 421 79 81.24% 45 7 84.44% 491 105 78.62%
|
||||||
src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58%
|
src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58%
|
||||||
src/eddsa.c 80 3 96.25% 10 0 100.00% 106 8 92.45%
|
src/eddsa.c 80 3 96.25% 10 0 100.00% 106 8 92.45%
|
||||||
src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06%
|
src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06%
|
||||||
src/es256.c 306 5 98.37% 19 0 100.00% 358 7 98.04%
|
src/es256.c 306 5 98.37% 19 0 100.00% 358 7 98.04%
|
||||||
src/hid.c 60 0 100.00% 12 0 100.00% 114 0 100.00%
|
src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93%
|
||||||
src/hid_linux.c 173 68 60.69% 14 7 50.00% 250 104 58.40%
|
src/hid_linux.c 173 68 60.69% 14 7 50.00% 250 104 58.40%
|
||||||
src/hid_unix.c 28 20 28.57% 2 0 100.00% 43 24 44.19%
|
src/hid_unix.c 28 20 28.57% 2 0 100.00% 43 24 44.19%
|
||||||
src/info.c 184 0 100.00% 39 0 100.00% 316 0 100.00%
|
src/info.c 184 0 100.00% 39 0 100.00% 316 0 100.00%
|
||||||
src/io.c 182 7 96.15% 13 0 100.00% 221 11 95.02%
|
src/io.c 182 7 96.15% 13 0 100.00% 221 11 95.02%
|
||||||
src/iso7816.c 18 1 94.44% 5 0 100.00% 38 0 100.00%
|
src/iso7816.c 18 1 94.44% 5 0 100.00% 38 0 100.00%
|
||||||
src/largeblob.c 513 21 95.91% 30 0 100.00% 684 47 93.13%
|
src/largeblob.c 513 19 96.30% 30 0 100.00% 684 43 93.71%
|
||||||
src/log.c 39 5 87.18% 7 1 85.71% 63 4 93.65%
|
src/log.c 39 5 87.18% 7 1 85.71% 63 4 93.65%
|
||||||
src/netlink.c 328 14 95.73% 40 0 100.00% 498 32 93.57%
|
src/netlink.c 328 14 95.73% 40 0 100.00% 498 32 93.57%
|
||||||
src/nfc_linux.c 327 73 77.68% 23 5 78.26% 458 124 72.93%
|
src/nfc_linux.c 327 73 77.68% 23 5 78.26% 458 124 72.93%
|
||||||
src/pin.c 403 3 99.26% 26 0 100.00% 495 3 99.39%
|
src/pin.c 403 3 99.26% 26 0 100.00% 495 3 99.39%
|
||||||
src/random.c 6 1 83.33% 1 0 100.00% 6 1 83.33%
|
src/random.c 6 1 83.33% 1 0 100.00% 6 1 83.33%
|
||||||
src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00%
|
src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00%
|
||||||
src/rs1.c 25 1 96.00% 3 0 100.00% 39 3 92.31%
|
src/rs1.c 25 0 100.00% 3 0 100.00% 39 0 100.00%
|
||||||
src/rs256.c 141 8 94.33% 13 0 100.00% 172 10 94.19%
|
src/rs256.c 141 8 94.33% 13 0 100.00% 172 10 94.19%
|
||||||
src/time.c 43 3 93.02% 3 0 100.00% 43 1 97.67%
|
src/time.c 43 3 93.02% 3 0 100.00% 43 1 97.67%
|
||||||
src/tpm.c 76 0 100.00% 7 0 100.00% 138 0 100.00%
|
src/tpm.c 100 0 100.00% 9 0 100.00% 194 0 100.00%
|
||||||
src/types.c 25 0 100.00% 6 0 100.00% 46 0 100.00%
|
src/types.c 25 0 100.00% 6 0 100.00% 46 0 100.00%
|
||||||
src/u2f.c 528 4 99.24% 17 0 100.00% 685 12 98.25%
|
src/u2f.c 528 4 99.24% 17 0 100.00% 685 12 98.25%
|
||||||
|
|
||||||
@ -54,4 +54,4 @@ src/fido.h 0 0 -
|
|||||||
src/fido/err.h 0 0 - 0 0 - 0 0 -
|
src/fido/err.h 0 0 - 0 0 - 0 0 -
|
||||||
src/fido/param.h 0 0 - 0 0 - 0 0 -
|
src/fido/param.h 0 0 - 0 0 - 0 0 -
|
||||||
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
||||||
TOTAL 7809 481 93.84% 679 26 96.17% 10180 708 93.05%
|
TOTAL 7861 476 93.94% 684 27 96.05% 10270 699 93.19%
|
||||||
|
@ -44,6 +44,7 @@ list(APPEND MAN_SOURCES
|
|||||||
|
|
||||||
list(APPEND MAN_ALIAS
|
list(APPEND MAN_ALIAS
|
||||||
eddsa_pk_new eddsa_pk_free
|
eddsa_pk_new eddsa_pk_free
|
||||||
|
eddsa_pk_new eddsa_pk_from_EVP_PKEY
|
||||||
eddsa_pk_new eddsa_pk_from_ptr
|
eddsa_pk_new eddsa_pk_from_ptr
|
||||||
eddsa_pk_new eddsa_pk_to_EVP_PKEY
|
eddsa_pk_new eddsa_pk_to_EVP_PKEY
|
||||||
es256_pk_new es256_pk_free
|
es256_pk_new es256_pk_free
|
||||||
@ -75,6 +76,7 @@ list(APPEND MAN_ALIAS
|
|||||||
fido_assert_new fido_assert_user_id_len
|
fido_assert_new fido_assert_user_id_len
|
||||||
fido_assert_new fido_assert_user_id_ptr
|
fido_assert_new fido_assert_user_id_ptr
|
||||||
fido_assert_new fido_assert_user_name
|
fido_assert_new fido_assert_user_name
|
||||||
|
fido_assert_set_authdata fido_assert_set_authdata_raw
|
||||||
fido_assert_set_authdata fido_assert_set_clientdata
|
fido_assert_set_authdata fido_assert_set_clientdata
|
||||||
fido_assert_set_authdata fido_assert_set_clientdata_hash
|
fido_assert_set_authdata fido_assert_set_clientdata_hash
|
||||||
fido_assert_set_authdata fido_assert_set_count
|
fido_assert_set_authdata fido_assert_set_count
|
||||||
@ -117,8 +119,8 @@ list(APPEND MAN_ALIAS
|
|||||||
fido_cbor_info_new fido_cbor_info_free
|
fido_cbor_info_new fido_cbor_info_free
|
||||||
fido_cbor_info_new fido_cbor_info_maxmsgsiz
|
fido_cbor_info_new fido_cbor_info_maxmsgsiz
|
||||||
fido_cbor_info_new fido_cbor_info_maxcredbloblen
|
fido_cbor_info_new fido_cbor_info_maxcredbloblen
|
||||||
fido_cbor_info_new fido_cbor_info_maxcredcntlst;
|
fido_cbor_info_new fido_cbor_info_maxcredcntlst
|
||||||
fido_cbor_info_new fido_cbor_info_maxcredidlen;
|
fido_cbor_info_new fido_cbor_info_maxcredidlen
|
||||||
fido_cbor_info_new fido_cbor_info_fwversion
|
fido_cbor_info_new fido_cbor_info_fwversion
|
||||||
fido_cbor_info_new fido_cbor_info_options_len
|
fido_cbor_info_new fido_cbor_info_options_len
|
||||||
fido_cbor_info_new fido_cbor_info_options_name_ptr
|
fido_cbor_info_new fido_cbor_info_options_name_ptr
|
||||||
@ -163,6 +165,7 @@ list(APPEND MAN_ALIAS
|
|||||||
fido_cred_new fido_cred_user_name
|
fido_cred_new fido_cred_user_name
|
||||||
fido_cred_new fido_cred_x5c_len
|
fido_cred_new fido_cred_x5c_len
|
||||||
fido_cred_new fido_cred_x5c_ptr
|
fido_cred_new fido_cred_x5c_ptr
|
||||||
|
fido_cred_verify fido_cred_verify_self
|
||||||
fido_credman_metadata_new fido_credman_del_dev_rk
|
fido_credman_metadata_new fido_credman_del_dev_rk
|
||||||
fido_credman_metadata_new fido_credman_get_dev_metadata
|
fido_credman_metadata_new fido_credman_get_dev_metadata
|
||||||
fido_credman_metadata_new fido_credman_get_dev_rk
|
fido_credman_metadata_new fido_credman_get_dev_rk
|
||||||
@ -211,6 +214,7 @@ list(APPEND MAN_ALIAS
|
|||||||
fido_dev_info_manifest fido_dev_info_product
|
fido_dev_info_manifest fido_dev_info_product
|
||||||
fido_dev_info_manifest fido_dev_info_product_string
|
fido_dev_info_manifest fido_dev_info_product_string
|
||||||
fido_dev_info_manifest fido_dev_info_ptr
|
fido_dev_info_manifest fido_dev_info_ptr
|
||||||
|
fido_dev_info_manifest fido_dev_info_set
|
||||||
fido_dev_info_manifest fido_dev_info_vendor
|
fido_dev_info_manifest fido_dev_info_vendor
|
||||||
fido_dev_open fido_dev_build
|
fido_dev_open fido_dev_build
|
||||||
fido_dev_open fido_dev_cancel
|
fido_dev_open fido_dev_cancel
|
||||||
@ -219,26 +223,33 @@ list(APPEND MAN_ALIAS
|
|||||||
fido_dev_open fido_dev_force_fido2
|
fido_dev_open fido_dev_force_fido2
|
||||||
fido_dev_open fido_dev_force_u2f
|
fido_dev_open fido_dev_force_u2f
|
||||||
fido_dev_open fido_dev_free
|
fido_dev_open fido_dev_free
|
||||||
|
fido_dev_open fido_dev_has_pin
|
||||||
|
fido_dev_open fido_dev_has_uv
|
||||||
fido_dev_open fido_dev_is_fido2
|
fido_dev_open fido_dev_is_fido2
|
||||||
fido_dev_open fido_dev_is_winhello
|
fido_dev_open fido_dev_is_winhello
|
||||||
fido_dev_open fido_dev_major
|
fido_dev_open fido_dev_major
|
||||||
fido_dev_open fido_dev_minor
|
fido_dev_open fido_dev_minor
|
||||||
fido_dev_open fido_dev_new
|
fido_dev_open fido_dev_new
|
||||||
|
fido_dev_open fido_dev_new_with_info
|
||||||
|
fido_dev_open fido_dev_open_with_info
|
||||||
fido_dev_open fido_dev_protocol
|
fido_dev_open fido_dev_protocol
|
||||||
fido_dev_open fido_dev_supports_cred_prot
|
fido_dev_open fido_dev_supports_cred_prot
|
||||||
fido_dev_open fido_dev_supports_credman
|
fido_dev_open fido_dev_supports_credman
|
||||||
|
fido_dev_open fido_dev_supports_permissions
|
||||||
fido_dev_open fido_dev_supports_pin
|
fido_dev_open fido_dev_supports_pin
|
||||||
fido_dev_open fido_dev_supports_uv
|
fido_dev_open fido_dev_supports_uv
|
||||||
fido_dev_open fido_dev_has_uv
|
|
||||||
fido_dev_set_pin fido_dev_get_retry_count
|
fido_dev_set_pin fido_dev_get_retry_count
|
||||||
fido_dev_set_pin fido_dev_get_uv_retry_count
|
fido_dev_set_pin fido_dev_get_uv_retry_count
|
||||||
fido_dev_set_pin fido_dev_reset
|
fido_dev_set_pin fido_dev_reset
|
||||||
|
fido_dev_set_io_functions fido_dev_io_handle
|
||||||
fido_dev_set_io_functions fido_dev_set_sigmask
|
fido_dev_set_io_functions fido_dev_set_sigmask
|
||||||
fido_dev_set_io_functions fido_dev_set_timeout
|
fido_dev_set_io_functions fido_dev_set_timeout
|
||||||
|
fido_dev_set_io_functions fido_dev_set_transport_functions
|
||||||
fido_dev_largeblob_get fido_dev_largeblob_set
|
fido_dev_largeblob_get fido_dev_largeblob_set
|
||||||
fido_dev_largeblob_get fido_dev_largeblob_remove
|
fido_dev_largeblob_get fido_dev_largeblob_remove
|
||||||
fido_dev_largeblob_get fido_dev_largeblob_get_array
|
fido_dev_largeblob_get fido_dev_largeblob_get_array
|
||||||
fido_dev_largeblob_get fido_dev_largeblob_set_array
|
fido_dev_largeblob_get fido_dev_largeblob_set_array
|
||||||
|
fido_init fido_set_log_handler
|
||||||
rs256_pk_new rs256_pk_free
|
rs256_pk_new rs256_pk_free
|
||||||
rs256_pk_new rs256_pk_from_ptr
|
rs256_pk_new rs256_pk_from_ptr
|
||||||
rs256_pk_new rs256_pk_from_EVP_PKEY
|
rs256_pk_new rs256_pk_from_EVP_PKEY
|
||||||
|
42
contrib/libfido2/man/check.sh
Executable file
42
contrib/libfido2/man/check.sh
Executable file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/sh -u
|
||||||
|
|
||||||
|
# Copyright (c) 2022 Yubico AB. All rights reserved.
|
||||||
|
# Use of this source code is governed by a BSD-style
|
||||||
|
# license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
T=$(mktemp -d) || exit 1
|
||||||
|
find . -maxdepth 1 -type f -name '*.3' -print0 > "$T/files"
|
||||||
|
|
||||||
|
xargs -0 awk '/^.Sh NAME/,/^.Nd/' < "$T/files" | \
|
||||||
|
awk '/^.Nm/ { print $2 }' | sort -u > "$T/Nm"
|
||||||
|
xargs -0 awk '/^.Fn/ { print $2 }' < "$T/files" | sort -u > "$T/Fn"
|
||||||
|
(cd "$T" && diff -u Nm Fn)
|
||||||
|
|
||||||
|
cut -c2- ../src/export.llvm | sort > "$T/exports"
|
||||||
|
(cd "$T" && diff -u Nm exports)
|
||||||
|
|
||||||
|
awk '/^list\(APPEND MAN_SOURCES/,/^\)/' CMakeLists.txt | \
|
||||||
|
awk '/.3$/ { print $1 }' | sort > "$T/listed_sources"
|
||||||
|
xargs -0 -n1 basename < "$T/files" | sort > "$T/actual_sources"
|
||||||
|
(cd "$T" && diff -u listed_sources actual_sources)
|
||||||
|
|
||||||
|
awk '/^list\(APPEND MAN_ALIAS/,/^\)/' CMakeLists.txt | \
|
||||||
|
sed '1d;$d' | awk '{ print $1, $2 }' | sort > "$T/listed_aliases"
|
||||||
|
xargs -0 grep -o "^.Fn [A-Za-z0-9_]* \"" < "$T/files" | \
|
||||||
|
cut -c3- | sed 's/\.3:\.Fn//;s/ "//' | awk '$1 != $2' | \
|
||||||
|
sort > "$T/actual_aliases"
|
||||||
|
(cd "$T" && diff -u listed_aliases actual_aliases)
|
||||||
|
|
||||||
|
xargs -0 grep -hB1 "^.Fn [A-Za-z0-9_]* \"" < "$T/files" | \
|
||||||
|
sed -E 's/^.F[tn] //;s/\*[^"\*]+"/\*"/g;s/ [^" \*]+"/"/g;/^--$/d' | \
|
||||||
|
paste -d " " - - | sed 's/\* /\*/' | sort > "$T/documented_prototypes"
|
||||||
|
while read -r f; do
|
||||||
|
awk "/\/\*/ { next } /$f\(/,/;/" ../src/fido.h ../src/fido/*.h | \
|
||||||
|
sed -E 's/^[ ]+//;s/[ ]+/ /' | tr '\n' ' ' | \
|
||||||
|
sed 's/(/ "/;s/, /" "/g;s/);/"/;s/ $/\n/'
|
||||||
|
done < "$T/exports" | sort > "$T/actual_prototypes"
|
||||||
|
(cd "$T" && diff -u documented_prototypes actual_prototypes)
|
||||||
|
|
||||||
|
(cd "$T" && rm files Nm Fn exports listed_sources actual_sources \
|
||||||
|
listed_aliases actual_aliases documented_prototypes actual_prototypes)
|
||||||
|
rmdir -- "$T"
|
@ -11,7 +11,7 @@
|
|||||||
.Nm eddsa_pk_from_EVP_PKEY ,
|
.Nm eddsa_pk_from_EVP_PKEY ,
|
||||||
.Nm eddsa_pk_from_ptr ,
|
.Nm eddsa_pk_from_ptr ,
|
||||||
.Nm eddsa_pk_to_EVP_PKEY
|
.Nm eddsa_pk_to_EVP_PKEY
|
||||||
.Nd FIDO 2 COSE EDDSA API
|
.Nd FIDO2 COSE EDDSA API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In openssl/evp.h
|
.In openssl/evp.h
|
||||||
.In fido/eddsa.h
|
.In fido/eddsa.h
|
||||||
@ -106,7 +106,7 @@ If an error occurs,
|
|||||||
returns NULL.
|
returns NULL.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The
|
The
|
||||||
.Fn eddsa_pk_from_EC_KEY
|
.Fn eddsa_pk_from_EVP_PKEY
|
||||||
and
|
and
|
||||||
.Fn eddsa_pk_from_ptr
|
.Fn eddsa_pk_from_ptr
|
||||||
functions return
|
functions return
|
||||||
|
@ -9,10 +9,10 @@
|
|||||||
.Nm es256_pk_new ,
|
.Nm es256_pk_new ,
|
||||||
.Nm es256_pk_free ,
|
.Nm es256_pk_free ,
|
||||||
.Nm es256_pk_from_EC_KEY ,
|
.Nm es256_pk_from_EC_KEY ,
|
||||||
.Nm es256_pk_from_EVP_KEY ,
|
.Nm es256_pk_from_EVP_PKEY ,
|
||||||
.Nm es256_pk_from_ptr ,
|
.Nm es256_pk_from_ptr ,
|
||||||
.Nm es256_pk_to_EVP_PKEY
|
.Nm es256_pk_to_EVP_PKEY
|
||||||
.Nd FIDO 2 COSE ES256 API
|
.Nd FIDO2 COSE ES256 API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In openssl/ec.h
|
.In openssl/ec.h
|
||||||
.In fido/es256.h
|
.In fido/es256.h
|
||||||
@ -82,7 +82,7 @@ No references to
|
|||||||
are kept.
|
are kept.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn es256_pk_from_EVP_KEY
|
.Fn es256_pk_from_EVP_PKEY
|
||||||
function fills
|
function fills
|
||||||
.Fa pk
|
.Fa pk
|
||||||
with the contents of
|
with the contents of
|
||||||
@ -124,7 +124,7 @@ returns NULL.
|
|||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The
|
The
|
||||||
.Fn es256_pk_from_EC_KEY ,
|
.Fn es256_pk_from_EC_KEY ,
|
||||||
.Fn es256_pk_from_EVP_KEY ,
|
.Fn es256_pk_from_EVP_PKEY ,
|
||||||
and
|
and
|
||||||
.Fn es256_pk_from_ptr
|
.Fn es256_pk_from_ptr
|
||||||
functions return
|
functions return
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido2-assert
|
.Nm fido2-assert
|
||||||
.Nd get/verify a FIDO 2 assertion
|
.Nd get/verify a FIDO2 assertion
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm
|
.Nm
|
||||||
.Fl G
|
.Fl G
|
||||||
@ -24,7 +24,7 @@
|
|||||||
.Op Ar type
|
.Op Ar type
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
gets or verifies a FIDO 2 assertion.
|
gets or verifies a FIDO2 assertion.
|
||||||
.Pp
|
.Pp
|
||||||
The input of
|
The input of
|
||||||
.Nm
|
.Nm
|
||||||
@ -117,7 +117,7 @@ will not expect a credential id in its input, and may output
|
|||||||
multiple assertions.
|
multiple assertions.
|
||||||
Resident credentials are called
|
Resident credentials are called
|
||||||
.Dq discoverable credentials
|
.Dq discoverable credentials
|
||||||
in FIDO 2.1.
|
in CTAP 2.1.
|
||||||
.It Fl t Ar option
|
.It Fl t Ar option
|
||||||
Toggles a key/value
|
Toggles a key/value
|
||||||
.Ar option ,
|
.Ar option ,
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido2-cred
|
.Nm fido2-cred
|
||||||
.Nd make/verify a FIDO 2 credential
|
.Nd make/verify a FIDO2 credential
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm
|
.Nm
|
||||||
.Fl M
|
.Fl M
|
||||||
@ -26,7 +26,7 @@
|
|||||||
.Op Ar type
|
.Op Ar type
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
makes or verifies a FIDO 2 credential.
|
makes or verifies a FIDO2 credential.
|
||||||
.Pp
|
.Pp
|
||||||
A credential
|
A credential
|
||||||
.Ar type
|
.Ar type
|
||||||
@ -143,7 +143,7 @@ will fail.
|
|||||||
Create a resident credential.
|
Create a resident credential.
|
||||||
Resident credentials are called
|
Resident credentials are called
|
||||||
.Dq discoverable credentials
|
.Dq discoverable credentials
|
||||||
in FIDO 2.1.
|
in CTAP 2.1.
|
||||||
.It Fl u
|
.It Fl u
|
||||||
Create a U2F credential.
|
Create a U2F credential.
|
||||||
By default,
|
By default,
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido2-token
|
.Nm fido2-token
|
||||||
.Nd find and manage a FIDO 2 authenticator
|
.Nd find and manage a FIDO2 authenticator
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm
|
.Nm
|
||||||
.Fl C
|
.Fl C
|
||||||
@ -121,7 +121,7 @@
|
|||||||
.Fl V
|
.Fl V
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
manages a FIDO 2 authenticator.
|
manages a FIDO2 authenticator.
|
||||||
.Pp
|
.Pp
|
||||||
The options are as follows:
|
The options are as follows:
|
||||||
.Bl -tag -width Ds
|
.Bl -tag -width Ds
|
||||||
@ -176,12 +176,12 @@ where
|
|||||||
is the enrollment's template base64-encoded id.
|
is the enrollment's template base64-encoded id.
|
||||||
The user will be prompted for the PIN.
|
The user will be prompted for the PIN.
|
||||||
.It Fl D Fl u Ar device
|
.It Fl D Fl u Ar device
|
||||||
Disables the FIDO 2.1
|
Disables the CTAP 2.1
|
||||||
.Dq user verification always
|
.Dq user verification always
|
||||||
feature on
|
feature on
|
||||||
.Ar device .
|
.Ar device .
|
||||||
.It Fl G Fl b Fl k Ar key_path Ar blob_path Ar device
|
.It Fl G Fl b Fl k Ar key_path Ar blob_path Ar device
|
||||||
Gets a FIDO 2.1
|
Gets a CTAP 2.1
|
||||||
.Dq largeBlob
|
.Dq largeBlob
|
||||||
encrypted with
|
encrypted with
|
||||||
.Ar key_path
|
.Ar key_path
|
||||||
@ -194,7 +194,7 @@ The blob is written to
|
|||||||
.Ar blob_path .
|
.Ar blob_path .
|
||||||
A PIN or equivalent user-verification gesture is required.
|
A PIN or equivalent user-verification gesture is required.
|
||||||
.It Fl G Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device
|
.It Fl G Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device
|
||||||
Gets a FIDO 2.1
|
Gets a CTAP 2.1
|
||||||
.Dq largeBlob
|
.Dq largeBlob
|
||||||
associated with
|
associated with
|
||||||
.Ar rp_id
|
.Ar rp_id
|
||||||
@ -234,7 +234,7 @@ The user will be prompted for the PIN.
|
|||||||
.It Fl L
|
.It Fl L
|
||||||
Produces a list of authenticators found by the operating system.
|
Produces a list of authenticators found by the operating system.
|
||||||
.It Fl L Fl b Ar device
|
.It Fl L Fl b Ar device
|
||||||
Produces a list of FIDO 2.1
|
Produces a list of CTAP 2.1
|
||||||
.Dq largeBlobs
|
.Dq largeBlobs
|
||||||
on
|
on
|
||||||
.Ar device .
|
.Ar device .
|
||||||
@ -264,12 +264,12 @@ Sets the PIN of
|
|||||||
.Ar device .
|
.Ar device .
|
||||||
The user will be prompted for the PIN.
|
The user will be prompted for the PIN.
|
||||||
.It Fl S Fl a Ar device
|
.It Fl S Fl a Ar device
|
||||||
Enables FIDO 2.1 Enterprise Attestation on
|
Enables CTAP 2.1 Enterprise Attestation on
|
||||||
.Ar device .
|
.Ar device .
|
||||||
.It Fl S Fl b Fl k Ar key_path Ar blob_path Ar device
|
.It Fl S Fl b Fl k Ar key_path Ar blob_path Ar device
|
||||||
Sets
|
Sets
|
||||||
.Ar blob_path
|
.Ar blob_path
|
||||||
as a FIDO 2.1
|
as a CTAP 2.1
|
||||||
.Dq largeBlob
|
.Dq largeBlob
|
||||||
encrypted with
|
encrypted with
|
||||||
.Ar key_path
|
.Ar key_path
|
||||||
@ -284,7 +284,7 @@ A PIN or equivalent user-verification gesture is required.
|
|||||||
.It Fl S Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device
|
.It Fl S Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device
|
||||||
Sets
|
Sets
|
||||||
.Ar blob_path
|
.Ar blob_path
|
||||||
as a FIDO 2.1
|
as a CTAP 2.1
|
||||||
.Dq largeBlob
|
.Dq largeBlob
|
||||||
associated with
|
associated with
|
||||||
.Ar rp_id
|
.Ar rp_id
|
||||||
@ -353,7 +353,7 @@ the minimum PIN length of
|
|||||||
Multiple IDs may be specified, separated by commas.
|
Multiple IDs may be specified, separated by commas.
|
||||||
The user will be prompted for the PIN.
|
The user will be prompted for the PIN.
|
||||||
.It Fl S Fl u Ar device
|
.It Fl S Fl u Ar device
|
||||||
Enables the FIDO 2.1
|
Enables the CTAP 2.1
|
||||||
.Dq user verification always
|
.Dq user verification always
|
||||||
feature on
|
feature on
|
||||||
.Ar device .
|
.Ar device .
|
||||||
@ -392,9 +392,9 @@ An authenticator's path may contain spaces.
|
|||||||
.Pp
|
.Pp
|
||||||
Resident credentials are called
|
Resident credentials are called
|
||||||
.Dq discoverable credentials
|
.Dq discoverable credentials
|
||||||
in FIDO 2.1.
|
in CTAP 2.1.
|
||||||
.Pp
|
.Pp
|
||||||
Whether the FIDO 2.1
|
Whether the CTAP 2.1
|
||||||
.Dq user verification always
|
.Dq user verification always
|
||||||
feature is activated or deactivated after an authenticator reset
|
feature is activated or deactivated after an authenticator reset
|
||||||
is vendor-specific.
|
is vendor-specific.
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_assert_allow_cred
|
.Nm fido_assert_allow_cred
|
||||||
.Nd appends a credential ID to the list of credentials allowed in an assertion
|
.Nd allow a credential in a FIDO2 assertion
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
@ -31,7 +31,7 @@ If
|
|||||||
.Fn fido_assert_allow_cred
|
.Fn fido_assert_allow_cred
|
||||||
fails, the existing list of allowed credentials is preserved.
|
fails, the existing list of allowed credentials is preserved.
|
||||||
.Pp
|
.Pp
|
||||||
For the format of a FIDO 2 credential ID, please refer to the
|
For the format of a FIDO2 credential ID, please refer to the
|
||||||
Web Authentication (webauthn) standard.
|
Web Authentication (webauthn) standard.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The error codes returned by
|
The error codes returned by
|
||||||
|
@ -31,7 +31,7 @@
|
|||||||
.Nm fido_assert_id_len ,
|
.Nm fido_assert_id_len ,
|
||||||
.Nm fido_assert_sigcount ,
|
.Nm fido_assert_sigcount ,
|
||||||
.Nm fido_assert_flags
|
.Nm fido_assert_flags
|
||||||
.Nd FIDO 2 assertion API
|
.Nd FIDO2 assertion API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft fido_assert_t *
|
.Ft fido_assert_t *
|
||||||
@ -85,9 +85,12 @@
|
|||||||
.Ft uint8_t
|
.Ft uint8_t
|
||||||
.Fn fido_assert_flags "const fido_assert_t *assert" "size_t idx"
|
.Fn fido_assert_flags "const fido_assert_t *assert" "size_t idx"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
FIDO 2 assertions are abstracted in
|
A FIDO2 assertion is a collection of statements, each statement a
|
||||||
.Em libfido2
|
map between a challenge, a credential, a signature, and ancillary
|
||||||
by the
|
attributes.
|
||||||
|
In
|
||||||
|
.Em libfido2 ,
|
||||||
|
a FIDO2 assertion is abstracted by the
|
||||||
.Vt fido_assert_t
|
.Vt fido_assert_t
|
||||||
type.
|
type.
|
||||||
The functions described in this page allow a
|
The functions described in this page allow a
|
||||||
@ -153,48 +156,62 @@ If not NULL, the values returned by these functions point to
|
|||||||
NUL-terminated UTF-8 strings.
|
NUL-terminated UTF-8 strings.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_assert_user_id_ptr ,
|
|
||||||
.Fn fido_assert_authdata_ptr ,
|
.Fn fido_assert_authdata_ptr ,
|
||||||
.Fn fido_assert_blob_ptr ,
|
.Fn fido_assert_clientdata_hash_ptr ,
|
||||||
.Fn fido_assert_hmac_secret_ptr ,
|
.Fn fido_assert_id_ptr ,
|
||||||
.Fn fido_assert_largeblob_key_ptr ,
|
.Fn fido_assert_user_id_ptr ,
|
||||||
.Fn fido_assert_sig_ptr ,
|
.Fn fido_assert_sig_ptr ,
|
||||||
|
.Fn fido_assert_sigcount ,
|
||||||
and
|
and
|
||||||
.Fn fido_assert_id_ptr
|
|
||||||
functions return pointers to the user ID, CBOR-encoded
|
|
||||||
authenticator data, cred blob, hmac-secret,
|
|
||||||
.Dq largeBlobKey ,
|
|
||||||
signature, and credential ID attributes of statement
|
|
||||||
.Fa idx
|
|
||||||
in
|
|
||||||
.Fa assert .
|
|
||||||
.Pp
|
|
||||||
The
|
|
||||||
.Fn fido_assert_user_id_len ,
|
|
||||||
.Fn fido_assert_authdata_len ,
|
|
||||||
.Fn fido_assert_blob_len ,
|
|
||||||
.Fn fido_assert_hmac_secret_len ,
|
|
||||||
.Fn fido_assert_largeblob_key_len ,
|
|
||||||
.Fn fido_assert_sig_len ,
|
|
||||||
and
|
|
||||||
.Fn fido_assert_id_len
|
|
||||||
functions can be used to retrieve the corresponding length of a
|
|
||||||
specific attribute.
|
|
||||||
.Pp
|
|
||||||
The
|
|
||||||
.Fn fido_assert_sigcount
|
|
||||||
function can be used to obtain the signature counter of statement
|
|
||||||
.Fa idx
|
|
||||||
in
|
|
||||||
.Fa assert .
|
|
||||||
.Pp
|
|
||||||
The
|
|
||||||
.Fn fido_assert_flags
|
.Fn fido_assert_flags
|
||||||
function returns the authenticator data flags of statement
|
functions return pointers to the CBOR-encoded authenticator data,
|
||||||
|
client data hash, credential ID, user ID, signature, signature
|
||||||
|
count, and authenticator data flags of statement
|
||||||
.Fa idx
|
.Fa idx
|
||||||
in
|
in
|
||||||
.Fa assert .
|
.Fa assert .
|
||||||
.Pp
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_assert_hmac_secret_ptr
|
||||||
|
function returns a pointer to the hmac-secret attribute of statement
|
||||||
|
.Fa idx
|
||||||
|
in
|
||||||
|
.Fa assert .
|
||||||
|
The HMAC Secret Extension
|
||||||
|
.Pq hmac-secret
|
||||||
|
is a CTAP 2.0 extension.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_assert_blob_ptr
|
||||||
|
and
|
||||||
|
.Fn fido_assert_largeblob_key_ptr
|
||||||
|
functions return pointers to the
|
||||||
|
.Dq credBlob
|
||||||
|
and
|
||||||
|
.Dq largeBlobKey
|
||||||
|
attributes of statement
|
||||||
|
.Fa idx
|
||||||
|
in
|
||||||
|
.Fa assert .
|
||||||
|
Credential Blob
|
||||||
|
.Pq credBlob
|
||||||
|
and
|
||||||
|
Large Blob Key
|
||||||
|
.Pq largeBlobKey
|
||||||
|
are CTAP 2.1 extensions.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_assert_authdata_len ,
|
||||||
|
.Fn fido_assert_clientdata_hash_len ,
|
||||||
|
.Fn fido_assert_id_len ,
|
||||||
|
.Fn fido_assert_user_id_len ,
|
||||||
|
.Fn fido_assert_sig_len ,
|
||||||
|
.Fn fido_assert_hmac_secret_len ,
|
||||||
|
.Fn fido_assert_blob_len ,
|
||||||
|
and
|
||||||
|
.Fn fido_assert_largeblob_key_len
|
||||||
|
functions return the length of a given attribute.
|
||||||
|
.Pp
|
||||||
Please note that the first statement in
|
Please note that the first statement in
|
||||||
.Fa assert
|
.Fa assert
|
||||||
has an
|
has an
|
||||||
@ -202,31 +219,27 @@ has an
|
|||||||
(index) value of 0.
|
(index) value of 0.
|
||||||
.Pp
|
.Pp
|
||||||
The authenticator data and signature parts of an assertion
|
The authenticator data and signature parts of an assertion
|
||||||
statement are typically passed to a FIDO 2 server for verification.
|
statement are typically passed to a FIDO2 server for verification.
|
||||||
.Pp
|
|
||||||
The
|
|
||||||
.Fn fido_assert_clientdata_hash_ptr
|
|
||||||
function returns a pointer to the client data hash of
|
|
||||||
.Fa assert .
|
|
||||||
The corresponding length can be obtained by
|
|
||||||
.Fn fido_assert_clientdata_hash_len .
|
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The authenticator data returned by
|
The authenticator data returned by
|
||||||
.Fn fido_assert_authdata_ptr
|
.Fn fido_assert_authdata_ptr
|
||||||
is a CBOR-encoded byte string, as obtained from the authenticator.
|
is a CBOR-encoded byte string, as obtained from the authenticator.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
|
.Fn fido_assert_rp_id ,
|
||||||
.Fn fido_assert_user_display_name ,
|
.Fn fido_assert_user_display_name ,
|
||||||
.Fn fido_assert_user_icon ,
|
.Fn fido_assert_user_icon ,
|
||||||
.Fn fido_assert_user_name ,
|
.Fn fido_assert_user_name ,
|
||||||
.Fn fido_assert_authdata_ptr ,
|
.Fn fido_assert_authdata_ptr ,
|
||||||
.Fn fido_assert_clientdata_hash_ptr ,
|
.Fn fido_assert_clientdata_hash_ptr ,
|
||||||
.Fn fido_assert_hmac_secret_ptr ,
|
.Fn fido_assert_id_ptr ,
|
||||||
.Fn fido_assert_largeblob_key_ptr ,
|
|
||||||
.Fn fido_assert_user_id_ptr ,
|
.Fn fido_assert_user_id_ptr ,
|
||||||
|
.Fn fido_assert_sig_ptr ,
|
||||||
|
.Fn fido_assert_hmac_secret_ptr ,
|
||||||
|
.Fn fido_assert_blob_ptr ,
|
||||||
and
|
and
|
||||||
.Fn fido_assert_sig_ptr
|
.Fn fido_assert_largeblob_key_ptr
|
||||||
functions return NULL if the respective field in
|
functions may return NULL if the respective field in
|
||||||
.Fa assert
|
.Fa assert
|
||||||
is not set.
|
is not set.
|
||||||
If not NULL, returned pointers are guaranteed to exist until any API
|
If not NULL, returned pointers are guaranteed to exist until any API
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
.Nm fido_assert_set_uv ,
|
.Nm fido_assert_set_uv ,
|
||||||
.Nm fido_assert_set_rp ,
|
.Nm fido_assert_set_rp ,
|
||||||
.Nm fido_assert_set_sig
|
.Nm fido_assert_set_sig
|
||||||
.Nd set parameters of a FIDO 2 assertion
|
.Nd set parameters of a FIDO2 assertion
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Bd -literal
|
.Bd -literal
|
||||||
@ -29,9 +29,9 @@ typedef enum {
|
|||||||
} fido_opt_t;
|
} fido_opt_t;
|
||||||
.Ed
|
.Ed
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_set_authdata "fido_assert_t *assert" " size_t idx" "const unsigned char *ptr" "size_t len"
|
.Fn fido_assert_set_authdata "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_set_authdata_raw "fido_assert_t *assert" " size_t idx" "const unsigned char *ptr" "size_t len"
|
.Fn fido_assert_set_authdata_raw "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_set_clientdata "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
|
.Fn fido_assert_set_clientdata "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
|
||||||
.Ft int
|
.Ft int
|
||||||
@ -43,7 +43,7 @@ typedef enum {
|
|||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_set_hmac_salt "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
|
.Fn fido_assert_set_hmac_salt "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_set_hmac_secret "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
|
.Fn fido_assert_set_hmac_secret "fido_assert_t *assert" "size_t idx" "const unsigned char *ptr" "size_t len"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_set_up "fido_assert_t *assert" "fido_opt_t up"
|
.Fn fido_assert_set_up "fido_assert_t *assert" "fido_opt_t up"
|
||||||
.Ft int
|
.Ft int
|
||||||
@ -55,14 +55,14 @@ typedef enum {
|
|||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Nm
|
.Nm
|
||||||
set of functions define the various parameters of a FIDO 2
|
set of functions define the various parameters of a FIDO2
|
||||||
assertion, allowing a
|
assertion, allowing a
|
||||||
.Fa fido_assert_t
|
.Fa fido_assert_t
|
||||||
type to be prepared for a subsequent call to
|
type to be prepared for a subsequent call to
|
||||||
.Xr fido_dev_get_assert 3
|
.Xr fido_dev_get_assert 3
|
||||||
or
|
or
|
||||||
.Xr fido_assert_verify 3 .
|
.Xr fido_assert_verify 3 .
|
||||||
For the complete specification of a FIDO 2 assertion and the format
|
For the complete specification of a FIDO2 assertion and the format
|
||||||
of its constituent parts, please refer to the Web Authentication
|
of its constituent parts, please refer to the Web Authentication
|
||||||
(webauthn) standard.
|
(webauthn) standard.
|
||||||
.Pp
|
.Pp
|
||||||
@ -106,11 +106,8 @@ Alternatively, a raw binary blob may be passed to
|
|||||||
.Fn fido_assert_set_authdata_raw .
|
.Fn fido_assert_set_authdata_raw .
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_assert_set_clientdata_hash ,
|
.Fn fido_assert_set_clientdata_hash
|
||||||
.Fn fido_assert_set_hmac_salt ,
|
function sets the client data hash of
|
||||||
and
|
|
||||||
.Fn fido_assert_set_hmac_secret
|
|
||||||
functions set the client data hash and hmac-salt parts of
|
|
||||||
.Fa assert
|
.Fa assert
|
||||||
to
|
to
|
||||||
.Fa ptr ,
|
.Fa ptr ,
|
||||||
@ -167,6 +164,29 @@ is zero, the extensions of
|
|||||||
are cleared.
|
are cleared.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
|
.Fn fido_assert_set_hmac_salt
|
||||||
|
and
|
||||||
|
.Fn fido_assert_set_hmac_secret
|
||||||
|
functions set the hmac-salt and hmac-secret parts of
|
||||||
|
.Fa assert
|
||||||
|
to
|
||||||
|
.Fa ptr ,
|
||||||
|
where
|
||||||
|
.Fa ptr
|
||||||
|
points to
|
||||||
|
.Fa len
|
||||||
|
bytes.
|
||||||
|
A copy of
|
||||||
|
.Fa ptr
|
||||||
|
is made, and no references to the passed pointer are kept.
|
||||||
|
The HMAC Secret
|
||||||
|
.Pq hmac-secret
|
||||||
|
Extension is a CTAP 2.0 extension.
|
||||||
|
The
|
||||||
|
.Fn fido_assert_set_hmac_secret
|
||||||
|
function is normally only useful when writing tests.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
.Fn fido_assert_set_up
|
.Fn fido_assert_set_up
|
||||||
and
|
and
|
||||||
.Fn fido_assert_set_uv
|
.Fn fido_assert_set_uv
|
||||||
@ -184,27 +204,22 @@ by default, allowing the authenticator to use its default settings.
|
|||||||
Use of the
|
Use of the
|
||||||
.Nm
|
.Nm
|
||||||
set of functions may happen in two distinct situations:
|
set of functions may happen in two distinct situations:
|
||||||
when asking a FIDO device to produce a series of assertion
|
when asking a FIDO2 device to produce a series of assertion
|
||||||
statements, prior to
|
statements, prior to
|
||||||
.Xr fido_dev_get_assert 3
|
.Xr fido_dev_get_assert 3
|
||||||
(i.e, in the context of a FIDO client), or when verifying assertion
|
(i.e, in the context of a FIDO2 client), or when verifying assertion
|
||||||
statements using
|
statements using
|
||||||
.Xr fido_assert_verify 3
|
.Xr fido_assert_verify 3
|
||||||
(i.e, in the context of a FIDO server).
|
(i.e, in the context of a FIDO2 server).
|
||||||
.Pp
|
.Pp
|
||||||
For a complete description of the generation of a FIDO 2 assertion
|
For a complete description of the generation of a FIDO2 assertion
|
||||||
and its verification, please refer to the FIDO 2 specification.
|
and its verification, please refer to the FIDO2 specification.
|
||||||
An example of how to use the
|
An example of how to use the
|
||||||
.Nm
|
.Nm
|
||||||
set of functions can be found in the
|
set of functions can be found in the
|
||||||
.Pa examples/assert.c
|
.Pa examples/assert.c
|
||||||
file shipped with
|
file shipped with
|
||||||
.Em libfido2 .
|
.Em libfido2 .
|
||||||
.Pp
|
|
||||||
.Fn fido_assert_set_hmac_secret
|
|
||||||
is not normally useful in a FIDO client or server \(em it is provided
|
|
||||||
to enable testing other functionality that relies on retrieving the
|
|
||||||
HMAC secret from an assertion obtained from an authenticator.
|
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The
|
The
|
||||||
.Nm
|
.Nm
|
||||||
|
@ -7,11 +7,11 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_assert_verify
|
.Nm fido_assert_verify
|
||||||
.Nd verifies the signature of a FIDO 2 assertion statement
|
.Nd verifies the signature of a FIDO2 assertion statement
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_assert_verify "fido_assert_t *assert" "size_t idx" "int cose_alg" "const void *pk"
|
.Fn fido_assert_verify "const fido_assert_t *assert" "size_t idx" "int cose_alg" "const void *pk"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_assert_verify
|
.Fn fido_assert_verify
|
||||||
@ -23,7 +23,7 @@ matches the parameters of the assertion.
|
|||||||
Before using
|
Before using
|
||||||
.Fn fido_assert_verify
|
.Fn fido_assert_verify
|
||||||
in a sensitive context, the reader is strongly encouraged to make
|
in a sensitive context, the reader is strongly encouraged to make
|
||||||
herself familiar with the FIDO 2 assertion statement process
|
herself familiar with the FIDO2 assertion statement process
|
||||||
as defined in the Web Authentication (webauthn) standard.
|
as defined in the Web Authentication (webauthn) standard.
|
||||||
.Pp
|
.Pp
|
||||||
A brief description follows:
|
A brief description follows:
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
.Nm fido_bio_dev_enroll_remove ,
|
.Nm fido_bio_dev_enroll_remove ,
|
||||||
.Nm fido_bio_dev_get_template_array ,
|
.Nm fido_bio_dev_get_template_array ,
|
||||||
.Nm fido_bio_dev_set_template_name
|
.Nm fido_bio_dev_set_template_name
|
||||||
.Nd FIDO 2 biometric authenticator API
|
.Nd FIDO2 biometric authenticator API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.In fido/bio.h
|
.In fido/bio.h
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
.Nm fido_bio_enroll_free ,
|
.Nm fido_bio_enroll_free ,
|
||||||
.Nm fido_bio_enroll_last_status ,
|
.Nm fido_bio_enroll_last_status ,
|
||||||
.Nm fido_bio_enroll_remaining_samples
|
.Nm fido_bio_enroll_remaining_samples
|
||||||
.Nd FIDO 2 biometric enrollment API
|
.Nd FIDO2 biometric enrollment API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.In fido/bio.h
|
.In fido/bio.h
|
||||||
@ -40,7 +40,7 @@
|
|||||||
.Ft uint8_t
|
.Ft uint8_t
|
||||||
.Fn fido_bio_enroll_remaining_samples "const fido_bio_enroll_t *enroll"
|
.Fn fido_bio_enroll_remaining_samples "const fido_bio_enroll_t *enroll"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
Ongoing FIDO 2 biometric enrollments are abstracted in
|
Ongoing FIDO2 biometric enrollments are abstracted in
|
||||||
.Em libfido2
|
.Em libfido2
|
||||||
by the
|
by the
|
||||||
.Vt fido_bio_enroll_t
|
.Vt fido_bio_enroll_t
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
.Nm fido_bio_info_free ,
|
.Nm fido_bio_info_free ,
|
||||||
.Nm fido_bio_info_type ,
|
.Nm fido_bio_info_type ,
|
||||||
.Nm fido_bio_info_max_samples
|
.Nm fido_bio_info_max_samples
|
||||||
.Nd FIDO 2 biometric sensor information API
|
.Nd FIDO2 biometric sensor information API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.In fido/bio.h
|
.In fido/bio.h
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
.Nm fido_bio_template_new ,
|
.Nm fido_bio_template_new ,
|
||||||
.Nm fido_bio_template_set_id ,
|
.Nm fido_bio_template_set_id ,
|
||||||
.Nm fido_bio_template_set_name
|
.Nm fido_bio_template_set_name
|
||||||
.Nd FIDO 2 biometric template API
|
.Nd FIDO2 biometric template API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.In fido/bio.h
|
.In fido/bio.h
|
||||||
@ -44,7 +44,7 @@
|
|||||||
.Ft const fido_bio_template_t *
|
.Ft const fido_bio_template_t *
|
||||||
.Fn fido_bio_template "const fido_bio_template_array_t *array" "size_t idx"
|
.Fn fido_bio_template "const fido_bio_template_array_t *array" "size_t idx"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
Existing FIDO 2 biometric enrollments are abstracted in
|
Existing FIDO2 biometric enrollments are abstracted in
|
||||||
.Em libfido2
|
.Em libfido2
|
||||||
by the
|
by the
|
||||||
.Vt fido_bio_template_t
|
.Vt fido_bio_template_t
|
||||||
|
@ -26,10 +26,11 @@
|
|||||||
.Nm fido_cbor_info_versions_len ,
|
.Nm fido_cbor_info_versions_len ,
|
||||||
.Nm fido_cbor_info_options_len ,
|
.Nm fido_cbor_info_options_len ,
|
||||||
.Nm fido_cbor_info_maxmsgsiz ,
|
.Nm fido_cbor_info_maxmsgsiz ,
|
||||||
|
.Nm fido_cbor_info_maxcredbloblen ,
|
||||||
.Nm fido_cbor_info_maxcredcntlst ,
|
.Nm fido_cbor_info_maxcredcntlst ,
|
||||||
.Nm fido_cbor_info_maxcredidlen ,
|
.Nm fido_cbor_info_maxcredidlen ,
|
||||||
.Nm fido_cbor_info_fwversion
|
.Nm fido_cbor_info_fwversion
|
||||||
.Nd FIDO 2 CBOR Info API
|
.Nd FIDO2 CBOR Info API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft fido_cbor_info_t *
|
.Ft fido_cbor_info_t *
|
||||||
|
@ -44,7 +44,7 @@ then
|
|||||||
.Xr fido_dev_make_cred 3
|
.Xr fido_dev_make_cred 3
|
||||||
will fail.
|
will fail.
|
||||||
.Pp
|
.Pp
|
||||||
For the format of a FIDO 2 credential ID, please refer to the
|
For the format of a FIDO2 credential ID, please refer to the
|
||||||
Web Authentication (webauthn) standard.
|
Web Authentication (webauthn) standard.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The error codes returned by
|
The error codes returned by
|
||||||
|
@ -40,7 +40,7 @@
|
|||||||
.Nm fido_cred_type ,
|
.Nm fido_cred_type ,
|
||||||
.Nm fido_cred_flags ,
|
.Nm fido_cred_flags ,
|
||||||
.Nm fido_cred_sigcount
|
.Nm fido_cred_sigcount
|
||||||
.Nd FIDO 2 credential API
|
.Nd FIDO2 credential API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft fido_cred_t *
|
.Ft fido_cred_t *
|
||||||
@ -112,7 +112,7 @@
|
|||||||
.Ft uint32_t
|
.Ft uint32_t
|
||||||
.Fn fido_cred_sigcount "const fido_cred_t *cred"
|
.Fn fido_cred_sigcount "const fido_cred_t *cred"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
FIDO 2 credentials are abstracted in
|
FIDO2 credentials are abstracted in
|
||||||
.Em libfido2
|
.Em libfido2
|
||||||
by the
|
by the
|
||||||
.Vt fido_cred_t
|
.Vt fido_cred_t
|
||||||
@ -155,7 +155,7 @@ may be NULL, in which case
|
|||||||
.Fn fido_cred_free
|
.Fn fido_cred_free
|
||||||
is a NOP.
|
is a NOP.
|
||||||
.Pp
|
.Pp
|
||||||
If the FIDO 2.1
|
If the CTAP 2.1
|
||||||
.Dv FIDO_EXT_MINPINLEN
|
.Dv FIDO_EXT_MINPINLEN
|
||||||
extension is enabled on
|
extension is enabled on
|
||||||
.Fa cred ,
|
.Fa cred ,
|
||||||
@ -170,7 +170,7 @@ See
|
|||||||
.Xr fido_cred_set_pin_minlen 3
|
.Xr fido_cred_set_pin_minlen 3
|
||||||
on how to enable this extension.
|
on how to enable this extension.
|
||||||
.Pp
|
.Pp
|
||||||
If the FIDO 2.1
|
If the CTAP 2.1
|
||||||
.Dv FIDO_EXT_CRED_PROTECT
|
.Dv FIDO_EXT_CRED_PROTECT
|
||||||
extension is enabled on
|
extension is enabled on
|
||||||
.Fa cred ,
|
.Fa cred ,
|
||||||
@ -243,7 +243,7 @@ and
|
|||||||
.Fn fido_cred_attstmt_len .
|
.Fn fido_cred_attstmt_len .
|
||||||
.Pp
|
.Pp
|
||||||
The authenticator data, x509 certificate, and signature parts of a
|
The authenticator data, x509 certificate, and signature parts of a
|
||||||
credential are typically passed to a FIDO 2 server for verification.
|
credential are typically passed to a FIDO2 server for verification.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_cred_type
|
.Fn fido_cred_type
|
||||||
|
@ -24,7 +24,7 @@
|
|||||||
.Nm fido_cred_set_uv ,
|
.Nm fido_cred_set_uv ,
|
||||||
.Nm fido_cred_set_fmt ,
|
.Nm fido_cred_set_fmt ,
|
||||||
.Nm fido_cred_set_type
|
.Nm fido_cred_set_type
|
||||||
.Nd set parameters of a FIDO 2 credential
|
.Nd set parameters of a FIDO2 credential
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Bd -literal
|
.Bd -literal
|
||||||
@ -73,14 +73,14 @@ typedef enum {
|
|||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Nm
|
.Nm
|
||||||
set of functions define the various parameters of a FIDO 2
|
set of functions define the various parameters of a FIDO2
|
||||||
credential, allowing a
|
credential, allowing a
|
||||||
.Fa fido_cred_t
|
.Fa fido_cred_t
|
||||||
type to be prepared for a subsequent call to
|
type to be prepared for a subsequent call to
|
||||||
.Xr fido_dev_make_cred 3
|
.Xr fido_dev_make_cred 3
|
||||||
or
|
or
|
||||||
.Xr fido_cred_verify 3 .
|
.Xr fido_cred_verify 3 .
|
||||||
For the complete specification of a FIDO 2 credential and the format
|
For the complete specification of a FIDO2 credential and the format
|
||||||
of its constituent parts, please refer to the Web Authentication
|
of its constituent parts, please refer to the Web Authentication
|
||||||
(webauthn) standard.
|
(webauthn) standard.
|
||||||
.Pp
|
.Pp
|
||||||
@ -229,7 +229,7 @@ bytes long.
|
|||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_cred_set_pin_minlen
|
.Fn fido_cred_set_pin_minlen
|
||||||
function enables the FIDO 2.1
|
function enables the CTAP 2.1
|
||||||
.Dv FIDO_EXT_MINPINLEN
|
.Dv FIDO_EXT_MINPINLEN
|
||||||
extension on
|
extension on
|
||||||
.Fa cred
|
.Fa cred
|
||||||
@ -249,7 +249,7 @@ extension is disabled on
|
|||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_cred_set_prot
|
.Fn fido_cred_set_prot
|
||||||
function enables the FIDO 2.1
|
function enables the CTAP 2.1
|
||||||
.Dv FIDO_EXT_CRED_PROTECT
|
.Dv FIDO_EXT_CRED_PROTECT
|
||||||
extension on
|
extension on
|
||||||
.Fa cred
|
.Fa cred
|
||||||
@ -325,15 +325,15 @@ Note that not all authenticators support COSE_RS256 or COSE_EDDSA.
|
|||||||
Use of the
|
Use of the
|
||||||
.Nm
|
.Nm
|
||||||
set of functions may happen in two distinct situations:
|
set of functions may happen in two distinct situations:
|
||||||
when generating a new credential on a FIDO device, prior to
|
when generating a new credential on a FIDO2 device, prior to
|
||||||
.Xr fido_dev_make_cred 3
|
.Xr fido_dev_make_cred 3
|
||||||
(i.e, in the context of a FIDO client), or when validating
|
(i.e, in the context of a FIDO2 client), or when validating
|
||||||
a generated credential using
|
a generated credential using
|
||||||
.Xr fido_cred_verify 3
|
.Xr fido_cred_verify 3
|
||||||
(i.e, in the context of a FIDO server).
|
(i.e, in the context of a FIDO2 server).
|
||||||
.Pp
|
.Pp
|
||||||
For a complete description of the generation of a FIDO 2 credential
|
For a complete description of the generation of a FIDO2 credential
|
||||||
and its verification, please refer to the FIDO 2 specification.
|
and its verification, please refer to the FIDO2 specification.
|
||||||
A concrete utilisation example of the
|
A concrete utilisation example of the
|
||||||
.Nm
|
.Nm
|
||||||
set of functions can be found in the
|
set of functions can be found in the
|
||||||
|
@ -6,26 +6,31 @@
|
|||||||
.Dt FIDO_CRED_VERIFY 3
|
.Dt FIDO_CRED_VERIFY 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_cred_verify
|
.Nm fido_cred_verify ,
|
||||||
.Nd verifies the attestation signature of a FIDO 2 credential
|
.Nm fido_cred_verify_self
|
||||||
|
.Nd verify the attestation signature of a FIDO2 credential
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_cred_verify "const fido_cred_t *cred"
|
.Fn fido_cred_verify "const fido_cred_t *cred"
|
||||||
|
.Ft int
|
||||||
|
.Fn fido_cred_verify_self "const fido_cred_t *cred"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_cred_verify
|
.Fn fido_cred_verify
|
||||||
function verifies whether the attestation signature contained in
|
and
|
||||||
|
.Fn fido_cred_verify_self
|
||||||
|
functions verify whether the attestation signature contained in
|
||||||
.Fa cred
|
.Fa cred
|
||||||
matches the attributes of the credential.
|
matches the attributes of the credential.
|
||||||
Before using
|
Before using
|
||||||
.Fn fido_cred_verify
|
.Fn fido_cred_verify
|
||||||
|
or
|
||||||
|
.Fn fido_cred_verify_self
|
||||||
in a sensitive context, the reader is strongly encouraged to make
|
in a sensitive context, the reader is strongly encouraged to make
|
||||||
herself familiar with the FIDO 2 credential attestation process
|
herself familiar with the FIDO2 credential attestation process
|
||||||
as defined in the Web Authentication (webauthn) standard.
|
as defined in the Web Authentication (webauthn) standard.
|
||||||
.Pp
|
.Pp
|
||||||
A brief description follows:
|
|
||||||
.Pp
|
|
||||||
The
|
The
|
||||||
.Fn fido_cred_verify
|
.Fn fido_cred_verify
|
||||||
function verifies whether the client data hash, relying party ID,
|
function verifies whether the client data hash, relying party ID,
|
||||||
@ -48,19 +53,36 @@ The attestation type implemented by
|
|||||||
.Fn fido_cred_verify
|
.Fn fido_cred_verify
|
||||||
is
|
is
|
||||||
.Em Basic Attestation .
|
.Em Basic Attestation .
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_cred_verify_self
|
||||||
|
function verifies whether the client data hash, relying party ID,
|
||||||
|
credential ID, type, protection policy, minimum PIN length, and
|
||||||
|
resident/discoverable key and user verification attributes of
|
||||||
|
.Fa cred
|
||||||
|
have been attested by the holder of the credential's private key.
|
||||||
|
.Pp
|
||||||
|
The attestation statement formats supported by
|
||||||
|
.Fn fido_cred_verify_self
|
||||||
|
are
|
||||||
|
.Em packed
|
||||||
|
and
|
||||||
|
.Em fido-u2f .
|
||||||
|
The attestation type implemented by
|
||||||
|
.Fn fido_cred_verify_self
|
||||||
|
is
|
||||||
|
.Em Self Attestation .
|
||||||
|
.Pp
|
||||||
Other attestation formats and types are not supported.
|
Other attestation formats and types are not supported.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The error codes returned by
|
The error codes returned by
|
||||||
.Fn fido_cred_verify
|
.Fn fido_cred_verify
|
||||||
|
and
|
||||||
|
.Fn fido_cred_verify_self
|
||||||
are defined in
|
are defined in
|
||||||
.In fido/err.h .
|
.In fido/err.h .
|
||||||
If
|
If
|
||||||
.Fa cred
|
.Fa cred
|
||||||
does not contain attestation data, then
|
|
||||||
.Dv FIDO_ERR_INVALID_ARGUMENT
|
|
||||||
is returned.
|
|
||||||
If
|
|
||||||
.Fa cred
|
|
||||||
passes verification, then
|
passes verification, then
|
||||||
.Dv FIDO_OK
|
.Dv FIDO_OK
|
||||||
is returned.
|
is returned.
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
.Nm fido_credman_set_dev_rk ,
|
.Nm fido_credman_set_dev_rk ,
|
||||||
.Nm fido_credman_del_dev_rk ,
|
.Nm fido_credman_del_dev_rk ,
|
||||||
.Nm fido_credman_get_dev_rp
|
.Nm fido_credman_get_dev_rp
|
||||||
.Nd FIDO 2 credential management API
|
.Nd FIDO2 credential management API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.In fido/credman.h
|
.In fido/credman.h
|
||||||
@ -323,4 +323,4 @@ should have their return values checked for NULL.
|
|||||||
.Sh CAVEATS
|
.Sh CAVEATS
|
||||||
Resident credentials are called
|
Resident credentials are called
|
||||||
.Dq discoverable credentials
|
.Dq discoverable credentials
|
||||||
in FIDO 2.1.
|
in CTAP 2.1.
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
.Nm fido_dev_force_pin_change ,
|
.Nm fido_dev_force_pin_change ,
|
||||||
.Nm fido_dev_set_pin_minlen ,
|
.Nm fido_dev_set_pin_minlen ,
|
||||||
.Nm fido_dev_set_pin_minlen_rpid
|
.Nm fido_dev_set_pin_minlen_rpid
|
||||||
.Nd FIDO 2.1 configuration authenticator API
|
.Nd CTAP 2.1 configuration authenticator API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.In fido/config.h
|
.In fido/config.h
|
||||||
@ -27,7 +27,7 @@
|
|||||||
.Fn fido_dev_set_pin_minlen_rpid "fido_dev_t *dev" "const char * const *rpid" "size_t n" "const char *pin"
|
.Fn fido_dev_set_pin_minlen_rpid "fido_dev_t *dev" "const char * const *rpid" "size_t n" "const char *pin"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The functions described in this page allow configuration of a
|
The functions described in this page allow configuration of a
|
||||||
FIDO 2.1 authenticator.
|
CTAP 2.1 authenticator.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_enable_entattest
|
.Fn fido_dev_enable_entattest
|
||||||
@ -86,7 +86,7 @@ function sets the list of relying party identifiers
|
|||||||
.Pq RP IDs
|
.Pq RP IDs
|
||||||
that are allowed to obtain the minimum PIN length of
|
that are allowed to obtain the minimum PIN length of
|
||||||
.Fa dev
|
.Fa dev
|
||||||
through the FIDO 2.1
|
through the CTAP 2.1
|
||||||
.Dv FIDO_EXT_MINPINLEN
|
.Dv FIDO_EXT_MINPINLEN
|
||||||
extension.
|
extension.
|
||||||
The list of RP identifiers is denoted by
|
The list of RP identifiers is denoted by
|
||||||
|
@ -7,15 +7,15 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_dev_get_assert
|
.Nm fido_dev_get_assert
|
||||||
.Nd obtains an assertion from a FIDO device
|
.Nd obtains an assertion from a FIDO2 device
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_get_assert "fido_dev_t *dev" " fido_assert_t *assert" "const char *pin"
|
.Fn fido_dev_get_assert "fido_dev_t *dev" "fido_assert_t *assert" "const char *pin"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_dev_get_assert
|
.Fn fido_dev_get_assert
|
||||||
function asks the FIDO device represented by
|
function asks the FIDO2 device represented by
|
||||||
.Fa dev
|
.Fa dev
|
||||||
for an assertion according to the following parameters defined in
|
for an assertion according to the following parameters defined in
|
||||||
.Fa assert :
|
.Fa assert :
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_dev_get_touch_begin ,
|
.Nm fido_dev_get_touch_begin ,
|
||||||
.Nm fido_dev_get_touch_status
|
.Nm fido_dev_get_touch_status
|
||||||
.Nd asynchronously wait for touch on a FIDO 2 authenticator
|
.Nd asynchronously wait for touch on a FIDO2 authenticator
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
@ -17,7 +17,7 @@
|
|||||||
.Fn fido_dev_get_touch_status "fido_dev_t *dev" "int *touched" "int ms"
|
.Fn fido_dev_get_touch_status "fido_dev_t *dev" "int *touched" "int ms"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The functions described in this page allow an application to
|
The functions described in this page allow an application to
|
||||||
asynchronously wait for touch on a FIDO authenticator.
|
asynchronously wait for touch on a FIDO2 authenticator.
|
||||||
This is useful when multiple authenticators are present and
|
This is useful when multiple authenticators are present and
|
||||||
the application needs to know which one to use.
|
the application needs to know which one to use.
|
||||||
.Pp
|
.Pp
|
||||||
|
@ -14,8 +14,9 @@
|
|||||||
.Nm fido_dev_info_product ,
|
.Nm fido_dev_info_product ,
|
||||||
.Nm fido_dev_info_vendor ,
|
.Nm fido_dev_info_vendor ,
|
||||||
.Nm fido_dev_info_manufacturer_string ,
|
.Nm fido_dev_info_manufacturer_string ,
|
||||||
.Nm fido_dev_info_product_string
|
.Nm fido_dev_info_product_string ,
|
||||||
.Nd FIDO 2 device discovery functions
|
.Nm fido_dev_info_set
|
||||||
|
.Nd FIDO2 device discovery functions
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
@ -36,6 +37,8 @@
|
|||||||
.Fn fido_dev_info_manufacturer_string "const fido_dev_info_t *di"
|
.Fn fido_dev_info_manufacturer_string "const fido_dev_info_t *di"
|
||||||
.Ft const char *
|
.Ft const char *
|
||||||
.Fn fido_dev_info_product_string "const fido_dev_info_t *di"
|
.Fn fido_dev_info_product_string "const fido_dev_info_t *di"
|
||||||
|
.Ft int
|
||||||
|
.Fn fido_dev_info_set "fido_dev_info_t *devlist" "size_t i" "const char *path" "const char *manufacturer" "const char *product" "const fido_dev_io_t *io" "const fido_dev_transport_t *transport"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_dev_info_manifest
|
.Fn fido_dev_info_manifest
|
||||||
@ -43,7 +46,7 @@ function fills
|
|||||||
.Fa devlist
|
.Fa devlist
|
||||||
with up to
|
with up to
|
||||||
.Fa ilen
|
.Fa ilen
|
||||||
FIDO devices found by the underlying operating system.
|
FIDO2 devices found by the underlying operating system.
|
||||||
Currently only USB HID devices are supported.
|
Currently only USB HID devices are supported.
|
||||||
The number of discovered devices is returned in
|
The number of discovered devices is returned in
|
||||||
.Fa olen ,
|
.Fa olen ,
|
||||||
@ -133,6 +136,30 @@ can be found in the
|
|||||||
.Pa examples/manifest.c
|
.Pa examples/manifest.c
|
||||||
file shipped with
|
file shipped with
|
||||||
.Em libfido2 .
|
.Em libfido2 .
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_dev_info_set
|
||||||
|
function initializes an entry in a device list allocated by
|
||||||
|
.Fn fido_dev_info_new
|
||||||
|
with the specified path, manufacturer, and product strings, and with
|
||||||
|
the specified I/O handlers and, optionally, transport functions, as
|
||||||
|
described in
|
||||||
|
.Xr fido_dev_set_io_functions 3 .
|
||||||
|
The
|
||||||
|
.Fa io
|
||||||
|
argument must be specified; the
|
||||||
|
.Fa transport
|
||||||
|
argument may be
|
||||||
|
.Dv NULL .
|
||||||
|
The path, I/O handlers, and transport functions will be used
|
||||||
|
automatically by
|
||||||
|
.Xr fido_dev_new_with_info 3
|
||||||
|
and
|
||||||
|
.Xr fido_dev_open_with_info 3 .
|
||||||
|
An application can use this, for example, to substitute mock FIDO2
|
||||||
|
devices in testing for the real ones that
|
||||||
|
.Fn fido_dev_info_manifest
|
||||||
|
would discover.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
The
|
The
|
||||||
.Fn fido_dev_info_manifest
|
.Fn fido_dev_info_manifest
|
||||||
@ -142,6 +169,14 @@ If a discovery error occurs, the
|
|||||||
.Fa olen
|
.Fa olen
|
||||||
pointer is set to 0.
|
pointer is set to 0.
|
||||||
.Pp
|
.Pp
|
||||||
|
On success, the
|
||||||
|
.Fn fido_dev_info_set
|
||||||
|
function returns
|
||||||
|
.Dv FIDO_OK .
|
||||||
|
On error, a different error code defined in
|
||||||
|
.In fido/err.h
|
||||||
|
is returned.
|
||||||
|
.Pp
|
||||||
The pointers returned by
|
The pointers returned by
|
||||||
.Fn fido_dev_info_ptr ,
|
.Fn fido_dev_info_ptr ,
|
||||||
.Fn fido_dev_info_path ,
|
.Fn fido_dev_info_path ,
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
.Nm fido_dev_largeblob_remove ,
|
.Nm fido_dev_largeblob_remove ,
|
||||||
.Nm fido_dev_largeblob_get_array ,
|
.Nm fido_dev_largeblob_get_array ,
|
||||||
.Nm fido_dev_largeblob_set_array
|
.Nm fido_dev_largeblob_set_array
|
||||||
.Nd FIDO 2 large blob API
|
.Nd FIDO2 large blob API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
@ -29,10 +29,10 @@ The
|
|||||||
.Dq largeBlobs
|
.Dq largeBlobs
|
||||||
API of
|
API of
|
||||||
.Em libfido2
|
.Em libfido2
|
||||||
allows binary blobs residing on a FIDO 2.1 authenticator to be
|
allows binary blobs residing on a CTAP 2.1 authenticator to be
|
||||||
read, written, and inspected.
|
read, written, and inspected.
|
||||||
.Dq largeBlobs
|
.Dq largeBlobs
|
||||||
is a FIDO 2.1 extension.
|
is a CTAP 2.1 extension.
|
||||||
.Pp
|
.Pp
|
||||||
.Dq largeBlobs
|
.Dq largeBlobs
|
||||||
are stored as elements of a CBOR array.
|
are stored as elements of a CBOR array.
|
||||||
@ -58,9 +58,9 @@ The
|
|||||||
.Dq largeBlobs
|
.Dq largeBlobs
|
||||||
CBOR array is opaque to the authenticator.
|
CBOR array is opaque to the authenticator.
|
||||||
Management of the array is left at the discretion of FIDO2 clients.
|
Management of the array is left at the discretion of FIDO2 clients.
|
||||||
For further details on FIDO 2.1's
|
For further details on CTAP 2.1's
|
||||||
.Dq largeBlobs
|
.Dq largeBlobs
|
||||||
extension, please refer to the FIDO 2.1 spec.
|
extension, please refer to the CTAP 2.1 spec.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_largeblob_get
|
.Fn fido_dev_largeblob_get
|
||||||
|
@ -7,15 +7,15 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_dev_make_cred
|
.Nm fido_dev_make_cred
|
||||||
.Nd generates a new credential on a FIDO device
|
.Nd generates a new credential on a FIDO2 device
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_make_cred "fido_dev_t *dev" " fido_cred_t *cred" "const char *pin"
|
.Fn fido_dev_make_cred "fido_dev_t *dev" "fido_cred_t *cred" "const char *pin"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_dev_make_cred
|
.Fn fido_dev_make_cred
|
||||||
function asks the FIDO device represented by
|
function asks the FIDO2 device represented by
|
||||||
.Fa dev
|
.Fa dev
|
||||||
to generate a new credential according to the following parameters
|
to generate a new credential according to the following parameters
|
||||||
defined in
|
defined in
|
||||||
|
@ -7,9 +7,11 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_dev_open ,
|
.Nm fido_dev_open ,
|
||||||
|
.Nm fido_dev_open_with_info ,
|
||||||
.Nm fido_dev_close ,
|
.Nm fido_dev_close ,
|
||||||
.Nm fido_dev_cancel ,
|
.Nm fido_dev_cancel ,
|
||||||
.Nm fido_dev_new ,
|
.Nm fido_dev_new ,
|
||||||
|
.Nm fido_dev_new_with_info ,
|
||||||
.Nm fido_dev_free ,
|
.Nm fido_dev_free ,
|
||||||
.Nm fido_dev_force_fido2 ,
|
.Nm fido_dev_force_fido2 ,
|
||||||
.Nm fido_dev_force_u2f ,
|
.Nm fido_dev_force_u2f ,
|
||||||
@ -17,26 +19,31 @@
|
|||||||
.Nm fido_dev_is_winhello ,
|
.Nm fido_dev_is_winhello ,
|
||||||
.Nm fido_dev_supports_credman ,
|
.Nm fido_dev_supports_credman ,
|
||||||
.Nm fido_dev_supports_cred_prot ,
|
.Nm fido_dev_supports_cred_prot ,
|
||||||
|
.Nm fido_dev_supports_permissions ,
|
||||||
.Nm fido_dev_supports_pin ,
|
.Nm fido_dev_supports_pin ,
|
||||||
.Nm fido_dev_has_pin ,
|
|
||||||
.Nm fido_dev_supports_uv ,
|
.Nm fido_dev_supports_uv ,
|
||||||
|
.Nm fido_dev_has_pin ,
|
||||||
.Nm fido_dev_has_uv ,
|
.Nm fido_dev_has_uv ,
|
||||||
.Nm fido_dev_protocol ,
|
.Nm fido_dev_protocol ,
|
||||||
.Nm fido_dev_build ,
|
.Nm fido_dev_build ,
|
||||||
.Nm fido_dev_flags ,
|
.Nm fido_dev_flags ,
|
||||||
.Nm fido_dev_major ,
|
.Nm fido_dev_major ,
|
||||||
.Nm fido_dev_minor
|
.Nm fido_dev_minor
|
||||||
.Nd FIDO 2 device open/close and related functions
|
.Nd FIDO2 device open/close and related functions
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_open "fido_dev_t *dev" "const char *path"
|
.Fn fido_dev_open "fido_dev_t *dev" "const char *path"
|
||||||
.Ft int
|
.Ft int
|
||||||
|
.Fn fido_dev_open_with_info "fido_dev_t *dev"
|
||||||
|
.Ft int
|
||||||
.Fn fido_dev_close "fido_dev_t *dev"
|
.Fn fido_dev_close "fido_dev_t *dev"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_cancel "fido_dev_t *dev"
|
.Fn fido_dev_cancel "fido_dev_t *dev"
|
||||||
.Ft fido_dev_t *
|
.Ft fido_dev_t *
|
||||||
.Fn fido_dev_new "void"
|
.Fn fido_dev_new "void"
|
||||||
|
.Ft fido_dev_t *
|
||||||
|
.Fn fido_dev_new_with_info "const fido_dev_info_t *"
|
||||||
.Ft void
|
.Ft void
|
||||||
.Fn fido_dev_free "fido_dev_t **dev_p"
|
.Fn fido_dev_free "fido_dev_t **dev_p"
|
||||||
.Ft void
|
.Ft void
|
||||||
@ -52,12 +59,14 @@
|
|||||||
.Ft bool
|
.Ft bool
|
||||||
.Fn fido_dev_supports_cred_prot "const fido_dev_t *dev"
|
.Fn fido_dev_supports_cred_prot "const fido_dev_t *dev"
|
||||||
.Ft bool
|
.Ft bool
|
||||||
|
.Fn fido_dev_supports_permissions "const fido_dev_t *dev"
|
||||||
|
.Ft bool
|
||||||
.Fn fido_dev_supports_pin "const fido_dev_t *dev"
|
.Fn fido_dev_supports_pin "const fido_dev_t *dev"
|
||||||
.Ft bool
|
.Ft bool
|
||||||
.Fn fido_dev_has_pin "const fido_dev_t *dev"
|
|
||||||
.Ft bool
|
|
||||||
.Fn fido_dev_supports_uv "const fido_dev_t *dev"
|
.Fn fido_dev_supports_uv "const fido_dev_t *dev"
|
||||||
.Ft bool
|
.Ft bool
|
||||||
|
.Fn fido_dev_has_pin "const fido_dev_t *dev"
|
||||||
|
.Ft bool
|
||||||
.Fn fido_dev_has_uv "const fido_dev_t *dev"
|
.Fn fido_dev_has_uv "const fido_dev_t *dev"
|
||||||
.Ft uint8_t
|
.Ft uint8_t
|
||||||
.Fn fido_dev_protocol "const fido_dev_t *dev"
|
.Fn fido_dev_protocol "const fido_dev_t *dev"
|
||||||
@ -92,6 +101,13 @@ flag was set in
|
|||||||
.Xr fido_init 3 .
|
.Xr fido_init 3 .
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
|
.Fn fido_dev_open_with_info
|
||||||
|
function opens
|
||||||
|
.Fa dev
|
||||||
|
as previously allocated using
|
||||||
|
.Fn fido_dev_new_with_info .
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
.Fn fido_dev_close
|
.Fn fido_dev_close
|
||||||
function closes the device represented by
|
function closes the device represented by
|
||||||
.Fa dev .
|
.Fa dev .
|
||||||
@ -113,6 +129,18 @@ function returns a pointer to a newly allocated, empty
|
|||||||
If memory cannot be allocated, NULL is returned.
|
If memory cannot be allocated, NULL is returned.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
|
.Fn fido_dev_new_with_info
|
||||||
|
function returns a pointer to a newly allocated
|
||||||
|
.Vt fido_dev_t
|
||||||
|
with
|
||||||
|
.Vt fido_dev_info_t
|
||||||
|
parameters, for use with
|
||||||
|
.Xr fido_dev_info_manifest 3
|
||||||
|
and
|
||||||
|
.Fn fido_dev_open_with_info .
|
||||||
|
If memory cannot be allocated, NULL is returned.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
.Fn fido_dev_free
|
.Fn fido_dev_free
|
||||||
function releases the memory backing
|
function releases the memory backing
|
||||||
.Fa *dev_p ,
|
.Fa *dev_p ,
|
||||||
@ -134,12 +162,18 @@ is a NOP.
|
|||||||
The
|
The
|
||||||
.Fn fido_dev_force_fido2
|
.Fn fido_dev_force_fido2
|
||||||
function can be used to force CTAP2 communication with
|
function can be used to force CTAP2 communication with
|
||||||
.Fa dev .
|
.Fa dev ,
|
||||||
|
where
|
||||||
|
.Fa dev
|
||||||
|
is an open device.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_force_u2f
|
.Fn fido_dev_force_u2f
|
||||||
function can be used to force CTAP1 (U2F) communication with
|
function can be used to force CTAP1 (U2F) communication with
|
||||||
.Fa dev .
|
.Fa dev ,
|
||||||
|
where
|
||||||
|
.Fa dev
|
||||||
|
is an open device.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_is_fido2
|
.Fn fido_dev_is_fido2
|
||||||
@ -147,7 +181,7 @@ function returns
|
|||||||
.Dv true
|
.Dv true
|
||||||
if
|
if
|
||||||
.Fa dev
|
.Fa dev
|
||||||
is a FIDO 2 device.
|
is a FIDO2 device.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_is_winhello
|
.Fn fido_dev_is_winhello
|
||||||
@ -163,7 +197,7 @@ function returns
|
|||||||
.Dv true
|
.Dv true
|
||||||
if
|
if
|
||||||
.Fa dev
|
.Fa dev
|
||||||
supports FIDO 2.1 Credential Management.
|
supports CTAP 2.1 Credential Management.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_supports_cred_prot
|
.Fn fido_dev_supports_cred_prot
|
||||||
@ -171,7 +205,15 @@ function returns
|
|||||||
.Dv true
|
.Dv true
|
||||||
if
|
if
|
||||||
.Fa dev
|
.Fa dev
|
||||||
supports FIDO 2.1 Credential Protection.
|
supports CTAP 2.1 Credential Protection.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_dev_supports_permissions
|
||||||
|
function returns
|
||||||
|
.Dv true
|
||||||
|
if
|
||||||
|
.Fa dev
|
||||||
|
supports CTAP 2.1 UV token permissions.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_supports_pin
|
.Fn fido_dev_supports_pin
|
||||||
@ -179,15 +221,7 @@ function returns
|
|||||||
.Dv true
|
.Dv true
|
||||||
if
|
if
|
||||||
.Fa dev
|
.Fa dev
|
||||||
supports FIDO 2.0 Client PINs.
|
supports CTAP 2.0 Client PINs.
|
||||||
.Pp
|
|
||||||
The
|
|
||||||
.Fn fido_dev_has_pin
|
|
||||||
function returns
|
|
||||||
.Dv true
|
|
||||||
if
|
|
||||||
.Fa dev
|
|
||||||
has a FIDO 2.0 Client PIN set.
|
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Fn fido_dev_supports_uv
|
.Fn fido_dev_supports_uv
|
||||||
@ -198,6 +232,14 @@ if
|
|||||||
supports a built-in user verification method.
|
supports a built-in user verification method.
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
|
.Fn fido_dev_has_pin
|
||||||
|
function returns
|
||||||
|
.Dv true
|
||||||
|
if
|
||||||
|
.Fa dev
|
||||||
|
has a CTAP 2.0 Client PIN set.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
.Fn fido_dev_has_uv
|
.Fn fido_dev_has_uv
|
||||||
function returns
|
function returns
|
||||||
.Dv true
|
.Dv true
|
||||||
@ -236,7 +278,8 @@ functions above, please refer to the FIDO Client to Authenticator
|
|||||||
Protocol (CTAP) specification.
|
Protocol (CTAP) specification.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
On success,
|
On success,
|
||||||
.Fn fido_dev_open
|
.Fn fido_dev_open ,
|
||||||
|
.Fn fido_dev_open_with_info ,
|
||||||
and
|
and
|
||||||
.Fn fido_dev_close
|
.Fn fido_dev_close
|
||||||
return
|
return
|
||||||
|
@ -8,8 +8,10 @@
|
|||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_dev_set_io_functions ,
|
.Nm fido_dev_set_io_functions ,
|
||||||
.Nm fido_dev_set_sigmask ,
|
.Nm fido_dev_set_sigmask ,
|
||||||
.Nm fido_dev_set_timeout
|
.Nm fido_dev_set_timeout ,
|
||||||
.Nd FIDO 2 device I/O interface
|
.Nm fido_dev_set_transport_functions ,
|
||||||
|
.Nm fido_dev_io_handle
|
||||||
|
.Nd FIDO2 device I/O interface
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Bd -literal
|
.Bd -literal
|
||||||
@ -30,13 +32,28 @@ typedef int fido_sigset_t;
|
|||||||
#else
|
#else
|
||||||
typedef sigset_t fido_sigset_t;
|
typedef sigset_t fido_sigset_t;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
typedef int fido_dev_rx_t(struct fido_dev *,
|
||||||
|
uint8_t, unsigned char *, size_t, int);
|
||||||
|
typedef int fido_dev_tx_t(struct fido_dev *,
|
||||||
|
uint8_t, const unsigned char *, size_t);
|
||||||
|
|
||||||
|
typedef struct fido_dev_transport {
|
||||||
|
fido_dev_rx_t *rx;
|
||||||
|
fido_dev_tx_t *tx;
|
||||||
|
} fido_dev_transport_t;
|
||||||
.Ed
|
.Ed
|
||||||
|
.Pp
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_set_io_functions "fido_dev_t *dev" "const fido_dev_io_t *io"
|
.Fn fido_dev_set_io_functions "fido_dev_t *dev" "const fido_dev_io_t *io"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_set_sigmask "fido_dev_t *dev" "const fido_sigset_t *sigmask"
|
.Fn fido_dev_set_sigmask "fido_dev_t *dev" "const fido_sigset_t *sigmask"
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn fido_dev_set_timeout "fido_dev_t *dev" "int ms"
|
.Fn fido_dev_set_timeout "fido_dev_t *dev" "int ms"
|
||||||
|
.Ft int
|
||||||
|
.Fn fido_dev_set_transport_functions "fido_dev_t *dev" "const fido_dev_transport_t *t"
|
||||||
|
.Ft void *
|
||||||
|
.Fn fido_dev_io_handle "const fido_dev_t *dev"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_dev_set_io_functions
|
.Fn fido_dev_set_io_functions
|
||||||
@ -148,9 +165,59 @@ This is the default behaviour.
|
|||||||
When using the Windows Hello backend,
|
When using the Windows Hello backend,
|
||||||
.Fa ms
|
.Fa ms
|
||||||
is used as a guidance and may be overwritten by the platform.
|
is used as a guidance and may be overwritten by the platform.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_dev_set_transport_functions
|
||||||
|
function sets the transport functions used by
|
||||||
|
.Em libfido2
|
||||||
|
to talk to
|
||||||
|
.Fa dev .
|
||||||
|
While the I/O handlers are responsible for sending and receiving
|
||||||
|
transmission units of initialization and continuation packets already
|
||||||
|
formatted by
|
||||||
|
.Em libfido2 ,
|
||||||
|
the transport handlers are responsible for sending and receiving
|
||||||
|
the CTAPHID commands and data directly, as defined in the FIDO Client
|
||||||
|
to Authenticator Protocol (CTAP) standard.
|
||||||
|
They are defined as follows:
|
||||||
|
.Bl -tag -width Ds
|
||||||
|
.It Vt fido_dev_tx_t
|
||||||
|
Receives a device, a CTAPHID command to transmit, a data buffer to
|
||||||
|
transmit, and the length of the data buffer.
|
||||||
|
On success, 0 is returned.
|
||||||
|
On error, -1 is returned.
|
||||||
|
.It Vt fido_dev_rx_t
|
||||||
|
Receives a device, a CTAPHID command whose response the caller expects
|
||||||
|
to receive, a data buffer to receive into, the size of the data buffer
|
||||||
|
determining the maximum length of a response, and the maximum number of
|
||||||
|
milliseconds to wait for a response.
|
||||||
|
On success, the number of bytes read into the data buffer is returned.
|
||||||
|
On error, -1 is returned.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
When transport functions are specified,
|
||||||
|
.Em libfido2
|
||||||
|
will use them instead of the
|
||||||
|
.Dv read
|
||||||
|
and
|
||||||
|
.Dv write
|
||||||
|
functions of the I/O handlers.
|
||||||
|
However, the I/O handlers must still be specified to open and close the
|
||||||
|
device.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_dev_io_handle
|
||||||
|
function returns the opaque pointer returned by the
|
||||||
|
.Dv open
|
||||||
|
function of the I/O handlers.
|
||||||
|
This is useful mainly for the transport functions, which unlike the I/O
|
||||||
|
handlers are passed the
|
||||||
|
.Vt fido_dev_t
|
||||||
|
pointer instead of the opaque I/O handle.
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
On success,
|
On success,
|
||||||
.Fn fido_dev_set_io_functions ,
|
.Fn fido_dev_set_io_functions ,
|
||||||
|
.Fn fido_dev_set_transport_functions ,
|
||||||
.Fn fido_dev_set_sigmask ,
|
.Fn fido_dev_set_sigmask ,
|
||||||
and
|
and
|
||||||
.Fn fido_dev_set_timeout
|
.Fn fido_dev_set_timeout
|
||||||
@ -159,3 +226,13 @@ return
|
|||||||
On error, a different error code defined in
|
On error, a different error code defined in
|
||||||
.In fido/err.h
|
.In fido/err.h
|
||||||
is returned.
|
is returned.
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr fido_dev_info_manifest 3 ,
|
||||||
|
.Xr fido_dev_open 3
|
||||||
|
.Rs
|
||||||
|
.%D 2021-06-15
|
||||||
|
.%O Proposed Standard, Version 2.1
|
||||||
|
.%Q FIDO Alliance
|
||||||
|
.%R Client to Authenticator Protocol (CTAP)
|
||||||
|
.%U https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html
|
||||||
|
.Re
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
.Nm fido_dev_get_retry_count ,
|
.Nm fido_dev_get_retry_count ,
|
||||||
.Nm fido_dev_get_uv_retry_count ,
|
.Nm fido_dev_get_uv_retry_count ,
|
||||||
.Nm fido_dev_reset
|
.Nm fido_dev_reset
|
||||||
.Nd FIDO 2 device management functions
|
.Nd FIDO2 device management functions
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft int
|
.Ft int
|
||||||
|
@ -6,12 +6,19 @@
|
|||||||
.Dt FIDO_INIT 3
|
.Dt FIDO_INIT 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_init
|
.Nm fido_init ,
|
||||||
.Nd initialise the FIDO 2 library
|
.Nm fido_set_log_handler
|
||||||
|
.Nd initialise the FIDO2 library
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
|
.Bd -literal
|
||||||
|
typedef void fido_log_handler_t(const char *);
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
.Ft void
|
.Ft void
|
||||||
.Fn fido_init "int flags"
|
.Fn fido_init "int flags"
|
||||||
|
.Ft void
|
||||||
|
.Fn fido_set_log_handler "fido_log_handler_t *handler"
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Fn fido_init
|
.Fn fido_init
|
||||||
@ -43,8 +50,21 @@ then
|
|||||||
.Em libfido2
|
.Em libfido2
|
||||||
will not fallback to U2F in
|
will not fallback to U2F in
|
||||||
.Xr fido_dev_open 3
|
.Xr fido_dev_open 3
|
||||||
if a device claims to be FIDO2 but fails to respond to a
|
if a device claims to support FIDO2 but fails to respond to
|
||||||
FIDO2 command.
|
a CTAP 2.0 greeting.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn fido_set_log_handler
|
||||||
|
function causes
|
||||||
|
.Fa handler
|
||||||
|
to be called for each log line generated in the context of the
|
||||||
|
executing thread.
|
||||||
|
Lines passed to
|
||||||
|
.Fa handler
|
||||||
|
include a trailing newline character and are not printed by
|
||||||
|
.Em libfido2
|
||||||
|
on
|
||||||
|
.Em stderr .
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr fido_assert_new 3 ,
|
.Xr fido_assert_new 3 ,
|
||||||
.Xr fido_cred_new 3 ,
|
.Xr fido_cred_new 3 ,
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm fido_strerr
|
.Nm fido_strerr
|
||||||
.Nd FIDO 2 error codes
|
.Nd FIDO2 error codes
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In fido.h
|
.In fido.h
|
||||||
.Ft const char *
|
.Ft const char *
|
||||||
|
@ -8,11 +8,11 @@
|
|||||||
.Sh NAME
|
.Sh NAME
|
||||||
.Nm rs256_pk_new ,
|
.Nm rs256_pk_new ,
|
||||||
.Nm rs256_pk_free ,
|
.Nm rs256_pk_free ,
|
||||||
.Nm rs256_pk_from_EVP_PKEY ,
|
|
||||||
.Nm rs256_pk_from_RSA ,
|
.Nm rs256_pk_from_RSA ,
|
||||||
|
.Nm rs256_pk_from_EVP_PKEY ,
|
||||||
.Nm rs256_pk_from_ptr ,
|
.Nm rs256_pk_from_ptr ,
|
||||||
.Nm rs256_pk_to_EVP_PKEY
|
.Nm rs256_pk_to_EVP_PKEY
|
||||||
.Nd FIDO 2 COSE RS256 API
|
.Nd FIDO2 COSE RS256 API
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.In openssl/rsa.h
|
.In openssl/rsa.h
|
||||||
.In fido/rs256.h
|
.In fido/rs256.h
|
||||||
|
@ -102,7 +102,7 @@ static const unsigned char authdata_unsorted_keys[198] = {
|
|||||||
0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2,
|
0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2,
|
||||||
};
|
};
|
||||||
|
|
||||||
const unsigned char authdata_tpm[362] = {
|
const unsigned char authdata_tpm_rs256[362] = {
|
||||||
0x59, 0x01, 0x67, 0x49, 0x96, 0x0d, 0xe5, 0x88,
|
0x59, 0x01, 0x67, 0x49, 0x96, 0x0d, 0xe5, 0x88,
|
||||||
0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64,
|
0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64,
|
||||||
0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2,
|
0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2,
|
||||||
@ -151,6 +151,30 @@ const unsigned char authdata_tpm[362] = {
|
|||||||
0x00, 0x01
|
0x00, 0x01
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static const unsigned char authdata_tpm_es256[166] = {
|
||||||
|
0x58, 0xa4, 0x49, 0x96, 0x0d, 0xe5, 0x88, 0x0e,
|
||||||
|
0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64, 0x76,
|
||||||
|
0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86,
|
||||||
|
0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, 0x83, 0x1d,
|
||||||
|
0x97, 0x63, 0x45, 0x00, 0x00, 0x00, 0x00, 0x08,
|
||||||
|
0x98, 0x70, 0x58, 0xca, 0xdc, 0x4b, 0x81, 0xb6,
|
||||||
|
0xe1, 0x30, 0xde, 0x50, 0xdc, 0xbe, 0x96, 0x00,
|
||||||
|
0x20, 0xa8, 0xdf, 0x03, 0xf7, 0xbf, 0x39, 0x51,
|
||||||
|
0x94, 0x95, 0x8f, 0xa4, 0x84, 0x97, 0x30, 0xbc,
|
||||||
|
0x3c, 0x7e, 0x1c, 0x99, 0x91, 0x4d, 0xae, 0x6d,
|
||||||
|
0xfb, 0xdf, 0x53, 0xb5, 0xb6, 0x1f, 0x3a, 0x4e,
|
||||||
|
0x6a, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
|
||||||
|
0x21, 0x58, 0x20, 0xfb, 0xd6, 0xba, 0x74, 0xe6,
|
||||||
|
0x6e, 0x5c, 0x87, 0xef, 0x89, 0xa2, 0xe8, 0x3d,
|
||||||
|
0x0b, 0xe9, 0x69, 0x2c, 0x07, 0x07, 0x7a, 0x8a,
|
||||||
|
0x1e, 0xce, 0x12, 0xea, 0x3b, 0xb3, 0xf1, 0xf3,
|
||||||
|
0xd9, 0xc3, 0xe6, 0x22, 0x58, 0x20, 0x3c, 0x68,
|
||||||
|
0x51, 0x94, 0x54, 0x8d, 0xeb, 0x9f, 0xb2, 0x2c,
|
||||||
|
0x66, 0x75, 0xb6, 0xb7, 0x55, 0x22, 0x0d, 0x87,
|
||||||
|
0x59, 0xc4, 0x39, 0x91, 0x62, 0x17, 0xc2, 0xc3,
|
||||||
|
0x53, 0xa5, 0x26, 0x97, 0x4f, 0x2d
|
||||||
|
};
|
||||||
|
|
||||||
static const unsigned char x509[742] = {
|
static const unsigned char x509[742] = {
|
||||||
0x30, 0x82, 0x02, 0xe2, 0x30, 0x81, 0xcb, 0x02,
|
0x30, 0x82, 0x02, 0xe2, 0x30, 0x81, 0xcb, 0x02,
|
||||||
0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
|
0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
|
||||||
@ -270,7 +294,7 @@ const unsigned char pubkey[64] = {
|
|||||||
0xfe, 0x5d, 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2,
|
0xfe, 0x5d, 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2,
|
||||||
};
|
};
|
||||||
|
|
||||||
const unsigned char pubkey_tpm[259] = {
|
const unsigned char pubkey_tpm_rs256[259] = {
|
||||||
0xc5, 0xb6, 0x9c, 0x06, 0x1d, 0xcf, 0xb9, 0xf2,
|
0xc5, 0xb6, 0x9c, 0x06, 0x1d, 0xcf, 0xb9, 0xf2,
|
||||||
0x5e, 0x99, 0x7d, 0x6d, 0x73, 0xd8, 0x36, 0xc1,
|
0x5e, 0x99, 0x7d, 0x6d, 0x73, 0xd8, 0x36, 0xc1,
|
||||||
0x4a, 0x90, 0x05, 0x4d, 0x82, 0x57, 0xc1, 0xb6,
|
0x4a, 0x90, 0x05, 0x4d, 0x82, 0x57, 0xc1, 0xb6,
|
||||||
@ -306,6 +330,17 @@ const unsigned char pubkey_tpm[259] = {
|
|||||||
0x01, 0x00, 0x01,
|
0x01, 0x00, 0x01,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const unsigned char pubkey_tpm_es256[64] = {
|
||||||
|
0xfb, 0xd6, 0xba, 0x74, 0xe6, 0x6e, 0x5c, 0x87,
|
||||||
|
0xef, 0x89, 0xa2, 0xe8, 0x3d, 0x0b, 0xe9, 0x69,
|
||||||
|
0x2c, 0x07, 0x07, 0x7a, 0x8a, 0x1e, 0xce, 0x12,
|
||||||
|
0xea, 0x3b, 0xb3, 0xf1, 0xf3, 0xd9, 0xc3, 0xe6,
|
||||||
|
0x3c, 0x68, 0x51, 0x94, 0x54, 0x8d, 0xeb, 0x9f,
|
||||||
|
0xb2, 0x2c, 0x66, 0x75, 0xb6, 0xb7, 0x55, 0x22,
|
||||||
|
0x0d, 0x87, 0x59, 0xc4, 0x39, 0x91, 0x62, 0x17,
|
||||||
|
0xc2, 0xc3, 0x53, 0xa5, 0x26, 0x97, 0x4f, 0x2d
|
||||||
|
};
|
||||||
|
|
||||||
const unsigned char id[64] = {
|
const unsigned char id[64] = {
|
||||||
0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5,
|
0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5,
|
||||||
0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53,
|
0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53,
|
||||||
@ -317,14 +352,21 @@ const unsigned char id[64] = {
|
|||||||
0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25,
|
0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25,
|
||||||
};
|
};
|
||||||
|
|
||||||
const unsigned char id_tpm[32] = {
|
const unsigned char id_tpm_rs256[32] = {
|
||||||
0x89, 0x99, 0x6d, 0x5a, 0x00, 0x29, 0xe5, 0x3e,
|
0x89, 0x99, 0x6d, 0x5a, 0x00, 0x29, 0xe5, 0x3e,
|
||||||
0x6a, 0x1c, 0x72, 0x6d, 0x71, 0x4a, 0x4f, 0x03,
|
0x6a, 0x1c, 0x72, 0x6d, 0x71, 0x4a, 0x4f, 0x03,
|
||||||
0x9b, 0x68, 0x17, 0xdb, 0x29, 0x1a, 0x6b, 0x02,
|
0x9b, 0x68, 0x17, 0xdb, 0x29, 0x1a, 0x6b, 0x02,
|
||||||
0x6c, 0x26, 0xf9, 0xbd, 0xc3, 0x0e, 0x38, 0x1a
|
0x6c, 0x26, 0xf9, 0xbd, 0xc3, 0x0e, 0x38, 0x1a
|
||||||
};
|
};
|
||||||
|
|
||||||
const unsigned char attstmt_tpm[4034] = {
|
const unsigned char id_tpm_es256[32] = {
|
||||||
|
0xa8, 0xdf, 0x03, 0xf7, 0xbf, 0x39, 0x51, 0x94,
|
||||||
|
0x95, 0x8f, 0xa4, 0x84, 0x97, 0x30, 0xbc, 0x3c,
|
||||||
|
0x7e, 0x1c, 0x99, 0x91, 0x4d, 0xae, 0x6d, 0xfb,
|
||||||
|
0xdf, 0x53, 0xb5, 0xb6, 0x1f, 0x3a, 0x4e, 0x6a
|
||||||
|
};
|
||||||
|
|
||||||
|
const unsigned char attstmt_tpm_rs256[4034] = {
|
||||||
0xa6, 0x63, 0x61, 0x6c, 0x67, 0x39, 0xff, 0xfe,
|
0xa6, 0x63, 0x61, 0x6c, 0x67, 0x39, 0xff, 0xfe,
|
||||||
0x63, 0x73, 0x69, 0x67, 0x59, 0x01, 0x00, 0x1c,
|
0x63, 0x73, 0x69, 0x67, 0x59, 0x01, 0x00, 0x1c,
|
||||||
0x09, 0x0d, 0x35, 0x97, 0x22, 0xfc, 0xfe, 0xc0,
|
0x09, 0x0d, 0x35, 0x97, 0x22, 0xfc, 0xfe, 0xc0,
|
||||||
@ -832,6 +874,490 @@ const unsigned char attstmt_tpm[4034] = {
|
|||||||
0x3e, 0x91
|
0x3e, 0x91
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const unsigned char attstmt_tpm_es256[3841] = {
|
||||||
|
0xa6, 0x63, 0x61, 0x6c, 0x67, 0x39, 0xff, 0xfe,
|
||||||
|
0x63, 0x73, 0x69, 0x67, 0x59, 0x01, 0x00, 0x6d,
|
||||||
|
0x11, 0x61, 0x1f, 0x45, 0xb9, 0x7f, 0x65, 0x6f,
|
||||||
|
0x97, 0x46, 0xfe, 0xbb, 0x8a, 0x98, 0x07, 0xa3,
|
||||||
|
0xbc, 0x67, 0x5c, 0xd7, 0x65, 0xa4, 0xf4, 0x6c,
|
||||||
|
0x5b, 0x37, 0x75, 0xa4, 0x7f, 0x08, 0x52, 0xeb,
|
||||||
|
0x1e, 0x12, 0xe2, 0x78, 0x8c, 0x7d, 0x94, 0xab,
|
||||||
|
0x7b, 0xed, 0x05, 0x17, 0x67, 0x7e, 0xaa, 0x02,
|
||||||
|
0x89, 0x6d, 0xe8, 0x6d, 0x43, 0x30, 0x99, 0xc6,
|
||||||
|
0xf9, 0x59, 0xe5, 0x82, 0x3c, 0x56, 0x4e, 0x77,
|
||||||
|
0x11, 0x25, 0xe4, 0x43, 0x6a, 0xae, 0x92, 0x4f,
|
||||||
|
0x60, 0x92, 0x50, 0xf9, 0x65, 0x0e, 0x44, 0x38,
|
||||||
|
0x3d, 0xf7, 0xaf, 0x66, 0x89, 0xc7, 0xe6, 0xe6,
|
||||||
|
0x01, 0x07, 0x9e, 0x90, 0xfd, 0x6d, 0xaa, 0x35,
|
||||||
|
0x51, 0x51, 0xbf, 0x54, 0x13, 0x95, 0xc2, 0x17,
|
||||||
|
0xfa, 0x32, 0x0f, 0xa7, 0x82, 0x17, 0x58, 0x6c,
|
||||||
|
0x3d, 0xea, 0x88, 0xd8, 0x64, 0xc7, 0xf8, 0xc2,
|
||||||
|
0xd6, 0x1c, 0xbb, 0xea, 0x1e, 0xb3, 0xd9, 0x4c,
|
||||||
|
0xa7, 0xce, 0x18, 0x1e, 0xcb, 0x42, 0x5f, 0xbf,
|
||||||
|
0x44, 0xe7, 0xf1, 0x22, 0xe0, 0x5b, 0xeb, 0xff,
|
||||||
|
0xb6, 0x1e, 0x6f, 0x60, 0x12, 0x16, 0x63, 0xfe,
|
||||||
|
0xab, 0x5e, 0x31, 0x13, 0xdb, 0x72, 0xc6, 0x9a,
|
||||||
|
0xf8, 0x8f, 0x19, 0x6b, 0x2e, 0xaf, 0x7d, 0xca,
|
||||||
|
0x9f, 0xbc, 0x6b, 0x1a, 0x8b, 0x5e, 0xe3, 0x9e,
|
||||||
|
0xaa, 0x8c, 0x79, 0x9c, 0x4e, 0xed, 0xe4, 0xff,
|
||||||
|
0x3d, 0x12, 0x79, 0x90, 0x09, 0x61, 0x97, 0x67,
|
||||||
|
0xbf, 0x04, 0xac, 0x37, 0xea, 0xa9, 0x1f, 0x9f,
|
||||||
|
0x52, 0x64, 0x0b, 0xeb, 0xc3, 0x61, 0xd4, 0x13,
|
||||||
|
0xb0, 0x84, 0xf1, 0x3c, 0x74, 0x83, 0xcc, 0xa8,
|
||||||
|
0x1c, 0x14, 0xe6, 0x9d, 0xfe, 0xec, 0xee, 0xa1,
|
||||||
|
0xd2, 0xc2, 0x0a, 0xa6, 0x36, 0x08, 0xbb, 0x17,
|
||||||
|
0xa5, 0x7b, 0x53, 0x34, 0x0e, 0xc9, 0x09, 0xe5,
|
||||||
|
0x10, 0xa6, 0x85, 0x01, 0x71, 0x66, 0xff, 0xd0,
|
||||||
|
0x6d, 0x4b, 0x93, 0xdb, 0x81, 0x25, 0x01, 0x63,
|
||||||
|
0x76, 0x65, 0x72, 0x63, 0x32, 0x2e, 0x30, 0x63,
|
||||||
|
0x78, 0x35, 0x63, 0x82, 0x59, 0x05, 0xc4, 0x30,
|
||||||
|
0x82, 0x05, 0xc0, 0x30, 0x82, 0x03, 0xa8, 0xa0,
|
||||||
|
0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x30, 0xcd,
|
||||||
|
0xf2, 0x7e, 0x81, 0xc0, 0x43, 0x85, 0xa2, 0xd7,
|
||||||
|
0x29, 0xef, 0xf7, 0x9f, 0xa5, 0x2b, 0x30, 0x0d,
|
||||||
|
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||||
|
0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x41, 0x31,
|
||||||
|
0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, 0x03,
|
||||||
|
0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53, 0x54,
|
||||||
|
0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44, 0x2d,
|
||||||
|
0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34, 0x41,
|
||||||
|
0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37, 0x41,
|
||||||
|
0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30, 0x30,
|
||||||
|
0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31, 0x41,
|
||||||
|
0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36, 0x30,
|
||||||
|
0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x31, 0x31,
|
||||||
|
0x30, 0x32, 0x31, 0x35, 0x30, 0x36, 0x35, 0x33,
|
||||||
|
0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36, 0x30,
|
||||||
|
0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36, 0x5a,
|
||||||
|
0x30, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
|
||||||
|
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||||
|
0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
|
||||||
|
0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
|
||||||
|
0x01, 0x01, 0x00, 0xdb, 0xd5, 0x9a, 0xfc, 0x09,
|
||||||
|
0xa7, 0xc4, 0xa5, 0x5f, 0xbe, 0x5f, 0xa2, 0xeb,
|
||||||
|
0xd6, 0x8e, 0xed, 0xc5, 0x67, 0xa6, 0xa7, 0xd9,
|
||||||
|
0xb2, 0x46, 0xc6, 0xe0, 0xae, 0x0c, 0x02, 0x25,
|
||||||
|
0x0a, 0xf2, 0xc5, 0x96, 0xdc, 0xb7, 0x0e, 0xb9,
|
||||||
|
0x86, 0xd3, 0x51, 0xbb, 0x63, 0xf0, 0x4f, 0x8a,
|
||||||
|
0x5e, 0xd7, 0xf7, 0xff, 0xbb, 0x29, 0xbd, 0x58,
|
||||||
|
0xcf, 0x75, 0x02, 0x39, 0xcb, 0x80, 0xf1, 0xd4,
|
||||||
|
0xb6, 0x75, 0x67, 0x2f, 0x27, 0x4d, 0x0c, 0xcc,
|
||||||
|
0x18, 0x59, 0x87, 0xfa, 0x51, 0xd1, 0x80, 0xb5,
|
||||||
|
0x1a, 0xac, 0xac, 0x29, 0x51, 0xcf, 0x27, 0xaa,
|
||||||
|
0x74, 0xac, 0x3e, 0x59, 0x56, 0x67, 0xe4, 0x42,
|
||||||
|
0xe8, 0x30, 0x35, 0xb2, 0xf6, 0x27, 0x91, 0x62,
|
||||||
|
0x60, 0x42, 0x42, 0x12, 0xde, 0xfe, 0xdd, 0xee,
|
||||||
|
0xe8, 0xa8, 0x82, 0xf9, 0xb1, 0x08, 0xd5, 0x8d,
|
||||||
|
0x57, 0x9a, 0x29, 0xb9, 0xb4, 0xe9, 0x19, 0x1e,
|
||||||
|
0x33, 0x7d, 0x37, 0xa0, 0xce, 0x2e, 0x53, 0x13,
|
||||||
|
0x39, 0xb6, 0x12, 0x61, 0x63, 0xbf, 0xd3, 0x42,
|
||||||
|
0xeb, 0x6f, 0xed, 0xc1, 0x8e, 0x26, 0xba, 0x7d,
|
||||||
|
0x8b, 0x37, 0x7c, 0xbb, 0x42, 0x1e, 0x56, 0x76,
|
||||||
|
0xda, 0xdb, 0x35, 0x6b, 0x80, 0xe1, 0x8e, 0x00,
|
||||||
|
0xac, 0xd2, 0xfc, 0x22, 0x96, 0x14, 0x0c, 0xf4,
|
||||||
|
0xe4, 0xc5, 0xad, 0x14, 0xb7, 0x4d, 0x46, 0x63,
|
||||||
|
0x30, 0x79, 0x3a, 0x7c, 0x33, 0xb5, 0xe5, 0x2e,
|
||||||
|
0xbb, 0x5f, 0xca, 0xf2, 0x75, 0xe3, 0x4e, 0x99,
|
||||||
|
0x64, 0x1b, 0x26, 0x99, 0x60, 0x1a, 0x79, 0xcc,
|
||||||
|
0x30, 0x2c, 0xb3, 0x4c, 0x59, 0xf7, 0x77, 0x59,
|
||||||
|
0xd5, 0x90, 0x70, 0x21, 0x79, 0x8c, 0x1f, 0x79,
|
||||||
|
0x0a, 0x12, 0x8b, 0x3b, 0x37, 0x2d, 0x97, 0x39,
|
||||||
|
0x89, 0x92, 0x0c, 0x44, 0x7c, 0xe9, 0x9f, 0xce,
|
||||||
|
0x6d, 0xad, 0xc5, 0xae, 0xea, 0x8e, 0x50, 0x22,
|
||||||
|
0x37, 0xe0, 0xd1, 0x9e, 0xd6, 0xe6, 0xa8, 0xcc,
|
||||||
|
0x21, 0xfb, 0xff, 0x02, 0x03, 0x01, 0x00, 0x01,
|
||||||
|
0xa3, 0x82, 0x01, 0xf3, 0x30, 0x82, 0x01, 0xef,
|
||||||
|
0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
|
||||||
|
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80,
|
||||||
|
0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
|
||||||
|
0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x6d,
|
||||||
|
0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01, 0xff,
|
||||||
|
0x04, 0x63, 0x30, 0x61, 0x30, 0x5f, 0x06, 0x09,
|
||||||
|
0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15,
|
||||||
|
0x1f, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b,
|
||||||
|
0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30,
|
||||||
|
0x44, 0x1e, 0x42, 0x00, 0x54, 0x00, 0x43, 0x00,
|
||||||
|
0x50, 0x00, 0x41, 0x00, 0x20, 0x00, 0x20, 0x00,
|
||||||
|
0x54, 0x00, 0x72, 0x00, 0x75, 0x00, 0x73, 0x00,
|
||||||
|
0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, 0x00,
|
||||||
|
0x20, 0x00, 0x50, 0x00, 0x6c, 0x00, 0x61, 0x00,
|
||||||
|
0x74, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x72, 0x00,
|
||||||
|
0x6d, 0x00, 0x20, 0x00, 0x20, 0x00, 0x49, 0x00,
|
||||||
|
0x64, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00,
|
||||||
|
0x69, 0x00, 0x74, 0x00, 0x79, 0x30, 0x10, 0x06,
|
||||||
|
0x03, 0x55, 0x1d, 0x25, 0x04, 0x09, 0x30, 0x07,
|
||||||
|
0x06, 0x05, 0x67, 0x81, 0x05, 0x08, 0x03, 0x30,
|
||||||
|
0x59, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x01, 0x01,
|
||||||
|
0xff, 0x04, 0x4f, 0x30, 0x4d, 0xa4, 0x4b, 0x30,
|
||||||
|
0x49, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05, 0x67,
|
||||||
|
0x81, 0x05, 0x02, 0x01, 0x0c, 0x0b, 0x69, 0x64,
|
||||||
|
0x3a, 0x35, 0x33, 0x35, 0x34, 0x34, 0x44, 0x32,
|
||||||
|
0x30, 0x31, 0x17, 0x30, 0x15, 0x06, 0x05, 0x67,
|
||||||
|
0x81, 0x05, 0x02, 0x02, 0x0c, 0x0c, 0x53, 0x54,
|
||||||
|
0x33, 0x33, 0x48, 0x54, 0x50, 0x48, 0x41, 0x48,
|
||||||
|
0x42, 0x34, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05,
|
||||||
|
0x67, 0x81, 0x05, 0x02, 0x03, 0x0c, 0x0b, 0x69,
|
||||||
|
0x64, 0x3a, 0x30, 0x30, 0x34, 0x39, 0x30, 0x30,
|
||||||
|
0x30, 0x34, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
|
||||||
|
0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45,
|
||||||
|
0x1a, 0xec, 0xfc, 0x91, 0x70, 0xf8, 0x83, 0x8b,
|
||||||
|
0x9c, 0x47, 0x2f, 0x0b, 0x9f, 0x07, 0xf3, 0x2f,
|
||||||
|
0x7c, 0xa2, 0x8a, 0x30, 0x1d, 0x06, 0x03, 0x55,
|
||||||
|
0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xa6,
|
||||||
|
0xee, 0xe3, 0x28, 0xdd, 0x40, 0x7f, 0x21, 0xd2,
|
||||||
|
0x7b, 0x8c, 0x69, 0x2f, 0x8c, 0x08, 0x29, 0xbc,
|
||||||
|
0x95, 0xb8, 0x30, 0x81, 0xb2, 0x06, 0x08, 0x2b,
|
||||||
|
0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04,
|
||||||
|
0x81, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x81, 0x9f,
|
||||||
|
0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
|
||||||
|
0x30, 0x02, 0x86, 0x81, 0x92, 0x68, 0x74, 0x74,
|
||||||
|
0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x7a, 0x63, 0x73,
|
||||||
|
0x70, 0x72, 0x6f, 0x64, 0x65, 0x75, 0x73, 0x61,
|
||||||
|
0x69, 0x6b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73,
|
||||||
|
0x68, 0x2e, 0x62, 0x6c, 0x6f, 0x62, 0x2e, 0x63,
|
||||||
|
0x6f, 0x72, 0x65, 0x2e, 0x77, 0x69, 0x6e, 0x64,
|
||||||
|
0x6f, 0x77, 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x2f,
|
||||||
|
0x65, 0x75, 0x73, 0x2d, 0x73, 0x74, 0x6d, 0x2d,
|
||||||
|
0x6b, 0x65, 0x79, 0x69, 0x64, 0x2d, 0x31, 0x61,
|
||||||
|
0x64, 0x62, 0x39, 0x39, 0x34, 0x61, 0x62, 0x35,
|
||||||
|
0x38, 0x62, 0x65, 0x35, 0x37, 0x61, 0x30, 0x63,
|
||||||
|
0x63, 0x39, 0x62, 0x39, 0x30, 0x30, 0x65, 0x37,
|
||||||
|
0x38, 0x35, 0x31, 0x65, 0x31, 0x61, 0x34, 0x33,
|
||||||
|
0x63, 0x30, 0x38, 0x36, 0x36, 0x30, 0x2f, 0x62,
|
||||||
|
0x36, 0x63, 0x30, 0x64, 0x39, 0x38, 0x64, 0x2d,
|
||||||
|
0x35, 0x37, 0x38, 0x61, 0x2d, 0x34, 0x62, 0x66,
|
||||||
|
0x62, 0x2d, 0x61, 0x32, 0x64, 0x33, 0x2d, 0x65,
|
||||||
|
0x64, 0x66, 0x65, 0x35, 0x66, 0x38, 0x32, 0x30,
|
||||||
|
0x36, 0x30, 0x31, 0x2e, 0x63, 0x65, 0x72, 0x30,
|
||||||
|
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||||
|
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
|
||||||
|
0x02, 0x01, 0x00, 0x2a, 0x08, 0x30, 0x1f, 0xfd,
|
||||||
|
0x8f, 0x80, 0x9b, 0x4b, 0x37, 0x82, 0x61, 0x86,
|
||||||
|
0x36, 0x57, 0x90, 0xb5, 0x1d, 0x1f, 0xa3, 0xae,
|
||||||
|
0x68, 0xac, 0xa7, 0x96, 0x6a, 0x25, 0x5e, 0xc5,
|
||||||
|
0x82, 0x7c, 0x36, 0x64, 0x58, 0x11, 0xcb, 0xa5,
|
||||||
|
0xee, 0xbf, 0xc4, 0xdb, 0xa0, 0xc7, 0x82, 0x3b,
|
||||||
|
0xa3, 0x85, 0x9b, 0xc4, 0xee, 0x07, 0x36, 0xd7,
|
||||||
|
0xc7, 0xb6, 0x23, 0xed, 0xc2, 0x73, 0xab, 0xbe,
|
||||||
|
0xbe, 0xee, 0x63, 0x17, 0xf9, 0xd7, 0x7a, 0x23,
|
||||||
|
0x7b, 0xf8, 0x09, 0x7a, 0xaa, 0x7f, 0x67, 0xc3,
|
||||||
|
0x04, 0x84, 0x71, 0x9b, 0x06, 0x9c, 0x07, 0x42,
|
||||||
|
0x4b, 0x65, 0x41, 0x56, 0x58, 0x14, 0x92, 0xb0,
|
||||||
|
0xb9, 0xaf, 0xa1, 0x39, 0xd4, 0x08, 0x2d, 0x71,
|
||||||
|
0xd5, 0x6c, 0x56, 0xb9, 0x2b, 0x1e, 0xf3, 0x93,
|
||||||
|
0xa5, 0xe9, 0xb2, 0x9b, 0x4d, 0x05, 0x2b, 0xbc,
|
||||||
|
0xd2, 0x20, 0x57, 0x3b, 0xa4, 0x01, 0x68, 0x8c,
|
||||||
|
0x23, 0x20, 0x7d, 0xbb, 0x71, 0xe4, 0x2a, 0x24,
|
||||||
|
0xba, 0x75, 0x0c, 0x89, 0x54, 0x22, 0xeb, 0x0e,
|
||||||
|
0xb2, 0xf4, 0xc2, 0x1f, 0x02, 0xb7, 0xe3, 0x06,
|
||||||
|
0x41, 0x15, 0x6b, 0xf3, 0xc8, 0x2d, 0x5b, 0xc2,
|
||||||
|
0x21, 0x82, 0x3e, 0xe8, 0x95, 0x40, 0x39, 0x9e,
|
||||||
|
0x91, 0x68, 0x33, 0x0c, 0x3d, 0x45, 0xef, 0x99,
|
||||||
|
0x79, 0xe6, 0x32, 0xc9, 0x00, 0x84, 0x36, 0xfb,
|
||||||
|
0x0a, 0x8d, 0x41, 0x1c, 0x32, 0x64, 0x06, 0x9e,
|
||||||
|
0x0f, 0xb5, 0x04, 0xcc, 0x08, 0xb1, 0xb6, 0x2b,
|
||||||
|
0xcf, 0x36, 0x0f, 0x73, 0x14, 0x8e, 0x25, 0x44,
|
||||||
|
0xb3, 0x0c, 0x34, 0x14, 0x96, 0x0c, 0x8a, 0x65,
|
||||||
|
0xa1, 0xde, 0x8e, 0xc8, 0x9d, 0xbe, 0x66, 0xdf,
|
||||||
|
0x06, 0x91, 0xca, 0x15, 0x0f, 0x92, 0xd5, 0x2a,
|
||||||
|
0x0b, 0xdc, 0x4c, 0x6a, 0xf3, 0x16, 0x4a, 0x3e,
|
||||||
|
0xb9, 0x76, 0xbc, 0xfe, 0x62, 0xd4, 0xa8, 0xcd,
|
||||||
|
0x94, 0x78, 0x0d, 0xdd, 0x94, 0xfd, 0x5e, 0x63,
|
||||||
|
0x57, 0x27, 0x05, 0x9c, 0xd0, 0x80, 0x91, 0x91,
|
||||||
|
0x79, 0xe8, 0x5e, 0x18, 0x64, 0x22, 0xe4, 0x2c,
|
||||||
|
0x13, 0x65, 0xa4, 0x51, 0x5a, 0x1e, 0x3b, 0x71,
|
||||||
|
0x2e, 0x70, 0x9f, 0xc4, 0xa5, 0x20, 0xcd, 0xef,
|
||||||
|
0xd8, 0x3f, 0xa4, 0xf5, 0x89, 0x8a, 0xa5, 0x4f,
|
||||||
|
0x76, 0x2d, 0x49, 0x56, 0x00, 0x8d, 0xde, 0x40,
|
||||||
|
0xba, 0x24, 0x46, 0x51, 0x38, 0xad, 0xdb, 0xc4,
|
||||||
|
0x04, 0xf4, 0x6e, 0xc0, 0x29, 0x48, 0x07, 0x6a,
|
||||||
|
0x1b, 0x26, 0x32, 0x0a, 0xfb, 0xea, 0x71, 0x2a,
|
||||||
|
0x11, 0xfc, 0x98, 0x7c, 0x44, 0x87, 0xbc, 0x06,
|
||||||
|
0x3a, 0x4d, 0xbd, 0x91, 0x63, 0x4f, 0x26, 0x48,
|
||||||
|
0x54, 0x47, 0x1b, 0xbd, 0xf0, 0xf1, 0x56, 0x05,
|
||||||
|
0xc5, 0x0f, 0x8f, 0x20, 0xa5, 0xcc, 0xfb, 0x76,
|
||||||
|
0xb0, 0xbd, 0x83, 0xde, 0x7f, 0x39, 0x4f, 0xcf,
|
||||||
|
0x61, 0x74, 0x52, 0xa7, 0x1d, 0xf6, 0xb5, 0x5e,
|
||||||
|
0x4a, 0x82, 0x20, 0xc1, 0x94, 0xaa, 0x2c, 0x33,
|
||||||
|
0xd6, 0x0a, 0xf9, 0x8f, 0x92, 0xc6, 0x29, 0x80,
|
||||||
|
0xf5, 0xa2, 0xb1, 0xff, 0xb6, 0x2b, 0xaa, 0x04,
|
||||||
|
0x00, 0x72, 0xb4, 0x12, 0xbb, 0xb1, 0xf1, 0x3c,
|
||||||
|
0x88, 0xa3, 0xab, 0x49, 0x17, 0x90, 0x80, 0x59,
|
||||||
|
0xa2, 0x96, 0x41, 0x69, 0x74, 0x33, 0x8a, 0x28,
|
||||||
|
0x33, 0x7e, 0xb3, 0x19, 0x92, 0x28, 0xc1, 0xf0,
|
||||||
|
0xd1, 0x82, 0xd5, 0x42, 0xff, 0xe7, 0xa5, 0x3f,
|
||||||
|
0x1e, 0xb6, 0x4a, 0x23, 0xcc, 0x6a, 0x7f, 0x15,
|
||||||
|
0x15, 0x52, 0x25, 0xb1, 0xca, 0x21, 0x95, 0x11,
|
||||||
|
0x53, 0x3e, 0x1f, 0x50, 0x33, 0x12, 0x7a, 0x62,
|
||||||
|
0xce, 0xcc, 0x71, 0xc2, 0x5f, 0x34, 0x47, 0xc6,
|
||||||
|
0x7c, 0x71, 0xfa, 0xa0, 0x54, 0x00, 0xb2, 0xdf,
|
||||||
|
0xc5, 0x54, 0xac, 0x6c, 0x53, 0xef, 0x64, 0x6b,
|
||||||
|
0x08, 0x82, 0xd8, 0x16, 0x1e, 0xca, 0x40, 0xf3,
|
||||||
|
0x1f, 0xdf, 0x56, 0x63, 0x10, 0xbc, 0xd7, 0xa0,
|
||||||
|
0xeb, 0xee, 0xd1, 0x95, 0xe5, 0xef, 0xf1, 0x6a,
|
||||||
|
0x83, 0x2d, 0x5a, 0x59, 0x06, 0xef, 0x30, 0x82,
|
||||||
|
0x06, 0xeb, 0x30, 0x82, 0x04, 0xd3, 0xa0, 0x03,
|
||||||
|
0x02, 0x01, 0x02, 0x02, 0x13, 0x33, 0x00, 0x00,
|
||||||
|
0x05, 0x23, 0xbf, 0xe8, 0xa1, 0x1a, 0x2a, 0x68,
|
||||||
|
0xbd, 0x09, 0x00, 0x00, 0x00, 0x00, 0x05, 0x23,
|
||||||
|
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||||
|
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
|
||||||
|
0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
|
||||||
|
0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
|
||||||
|
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
|
||||||
|
0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
|
||||||
|
0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e,
|
||||||
|
0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
|
||||||
|
0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e,
|
||||||
|
0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
|
||||||
|
0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
|
||||||
|
0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f,
|
||||||
|
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x36,
|
||||||
|
0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
|
||||||
|
0x2d, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
|
||||||
|
0x66, 0x74, 0x20, 0x54, 0x50, 0x4d, 0x20, 0x52,
|
||||||
|
0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
|
||||||
|
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20,
|
||||||
|
0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
|
||||||
|
0x79, 0x20, 0x32, 0x30, 0x31, 0x34, 0x30, 0x1e,
|
||||||
|
0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x30, 0x33,
|
||||||
|
0x31, 0x39, 0x34, 0x30, 0x31, 0x36, 0x5a, 0x17,
|
||||||
|
0x0d, 0x32, 0x37, 0x30, 0x36, 0x30, 0x33, 0x31,
|
||||||
|
0x39, 0x34, 0x30, 0x31, 0x36, 0x5a, 0x30, 0x41,
|
||||||
|
0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04,
|
||||||
|
0x03, 0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53,
|
||||||
|
0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44,
|
||||||
|
0x2d, 0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34,
|
||||||
|
0x41, 0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37,
|
||||||
|
0x41, 0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30,
|
||||||
|
0x30, 0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31,
|
||||||
|
0x41, 0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36,
|
||||||
|
0x30, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06,
|
||||||
|
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
|
||||||
|
0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f,
|
||||||
|
0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02,
|
||||||
|
0x01, 0x00, 0xdb, 0x03, 0x34, 0x82, 0xfa, 0x81,
|
||||||
|
0x1c, 0x84, 0x0b, 0xa0, 0x0e, 0x60, 0xd8, 0x9d,
|
||||||
|
0x84, 0xf4, 0x81, 0xc4, 0xe9, 0xff, 0xcf, 0xe9,
|
||||||
|
0xa3, 0x57, 0x53, 0x60, 0xa8, 0x19, 0xce, 0xbe,
|
||||||
|
0xe1, 0x97, 0xee, 0x5d, 0x8c, 0x9f, 0xe4, 0xbd,
|
||||||
|
0xef, 0xbd, 0x94, 0x14, 0xe4, 0x74, 0x41, 0x02,
|
||||||
|
0xe9, 0x03, 0x19, 0x9f, 0xdd, 0x48, 0x2d, 0xbd,
|
||||||
|
0xca, 0x26, 0x47, 0x2c, 0x01, 0x31, 0x5f, 0x34,
|
||||||
|
0xef, 0x59, 0x35, 0x48, 0x36, 0x3d, 0x1e, 0xdf,
|
||||||
|
0xd8, 0x13, 0xf0, 0xd0, 0x67, 0xc1, 0xb0, 0x47,
|
||||||
|
0x67, 0xa2, 0xd6, 0x62, 0xc8, 0xe1, 0x00, 0x36,
|
||||||
|
0x8b, 0x45, 0xf6, 0x3b, 0x96, 0x60, 0xa0, 0x45,
|
||||||
|
0x26, 0xcb, 0xc7, 0x0b, 0x5b, 0x97, 0xd1, 0xaf,
|
||||||
|
0x54, 0x25, 0x7a, 0x67, 0xe4, 0x2a, 0xd8, 0x9d,
|
||||||
|
0x53, 0x05, 0xbd, 0x12, 0xac, 0xa2, 0x8e, 0x95,
|
||||||
|
0xb4, 0x2a, 0xca, 0x89, 0x93, 0x64, 0x97, 0x25,
|
||||||
|
0xdc, 0x1f, 0xa9, 0xe0, 0x55, 0x07, 0x38, 0x1d,
|
||||||
|
0xee, 0x02, 0x90, 0x22, 0xf5, 0xad, 0x4e, 0x5c,
|
||||||
|
0xf8, 0xc5, 0x1f, 0x9e, 0x84, 0x7e, 0x13, 0x47,
|
||||||
|
0x52, 0xa2, 0x36, 0xf9, 0xf6, 0xbf, 0x76, 0x9e,
|
||||||
|
0x0f, 0xdd, 0x14, 0x99, 0xb9, 0xd8, 0x5a, 0x42,
|
||||||
|
0x3d, 0xd8, 0xbf, 0xdd, 0xb4, 0x9b, 0xbf, 0x6a,
|
||||||
|
0x9f, 0x89, 0x13, 0x75, 0xaf, 0x96, 0xd2, 0x72,
|
||||||
|
0xdf, 0xb3, 0x80, 0x6f, 0x84, 0x1a, 0x9d, 0x06,
|
||||||
|
0x55, 0x09, 0x29, 0xea, 0xa7, 0x05, 0x31, 0xec,
|
||||||
|
0x47, 0x3a, 0xcf, 0x3f, 0x9c, 0x2c, 0xbd, 0xd0,
|
||||||
|
0x7d, 0xe4, 0x75, 0x5b, 0x33, 0xbe, 0x12, 0x86,
|
||||||
|
0x09, 0xcf, 0x66, 0x9a, 0xeb, 0xf8, 0xf8, 0x72,
|
||||||
|
0x91, 0x88, 0x4a, 0x5e, 0x89, 0x62, 0x6a, 0x94,
|
||||||
|
0xdc, 0x48, 0x37, 0x13, 0xd8, 0x91, 0x02, 0xe3,
|
||||||
|
0x42, 0x41, 0x7c, 0x2f, 0xe3, 0xb6, 0x0f, 0xb4,
|
||||||
|
0x96, 0x06, 0x80, 0xca, 0x28, 0x01, 0x6f, 0x4b,
|
||||||
|
0xcd, 0x28, 0xd4, 0x2c, 0x94, 0x7e, 0x40, 0x7e,
|
||||||
|
0xdf, 0x01, 0xe5, 0xf2, 0x33, 0xd4, 0xda, 0xf4,
|
||||||
|
0x1a, 0x17, 0xf7, 0x5d, 0xcb, 0x66, 0x2c, 0x2a,
|
||||||
|
0xeb, 0xe1, 0xb1, 0x4a, 0xc3, 0x85, 0x63, 0xb2,
|
||||||
|
0xac, 0xd0, 0x3f, 0x1a, 0x8d, 0xa5, 0x0c, 0xee,
|
||||||
|
0x4f, 0xde, 0x74, 0x9c, 0xe0, 0x5a, 0x10, 0xc7,
|
||||||
|
0xb8, 0xe4, 0xec, 0xe7, 0x73, 0xa6, 0x41, 0x42,
|
||||||
|
0x37, 0xe1, 0xdf, 0xb9, 0xc7, 0xb5, 0x14, 0xa8,
|
||||||
|
0x80, 0x95, 0xa0, 0x12, 0x67, 0x99, 0xf5, 0xba,
|
||||||
|
0x25, 0x0a, 0x74, 0x86, 0x71, 0x9c, 0x7f, 0x59,
|
||||||
|
0x97, 0xd2, 0x3f, 0x10, 0xfe, 0x6a, 0xb9, 0xe4,
|
||||||
|
0x47, 0x36, 0xfb, 0x0f, 0x50, 0xee, 0xfc, 0x87,
|
||||||
|
0x99, 0x7e, 0x36, 0x64, 0x1b, 0xc7, 0x13, 0xb3,
|
||||||
|
0x33, 0x18, 0x71, 0xa4, 0xc3, 0xb0, 0xfc, 0x45,
|
||||||
|
0x37, 0x11, 0x40, 0xb3, 0xde, 0x2c, 0x9f, 0x0a,
|
||||||
|
0xcd, 0xaf, 0x5e, 0xfb, 0xd5, 0x9c, 0xea, 0xd7,
|
||||||
|
0x24, 0x19, 0x3a, 0x92, 0x80, 0xa5, 0x63, 0xc5,
|
||||||
|
0x3e, 0xdd, 0x51, 0xd0, 0x9f, 0xb8, 0x5e, 0xd5,
|
||||||
|
0xf1, 0xfe, 0xa5, 0x93, 0xfb, 0x7f, 0xd9, 0xb8,
|
||||||
|
0xb7, 0x0e, 0x0d, 0x12, 0x71, 0xf0, 0x52, 0x9d,
|
||||||
|
0xe9, 0xd0, 0xd2, 0x8b, 0x38, 0x8b, 0x85, 0x83,
|
||||||
|
0x98, 0x24, 0x88, 0xe8, 0x42, 0x30, 0x83, 0x12,
|
||||||
|
0xef, 0x09, 0x96, 0x2f, 0x21, 0x81, 0x05, 0x30,
|
||||||
|
0x0c, 0xbb, 0xba, 0x21, 0x39, 0x16, 0x12, 0xe8,
|
||||||
|
0x4b, 0x7b, 0x7a, 0x66, 0xb8, 0x22, 0x2c, 0x71,
|
||||||
|
0xaf, 0x59, 0xa1, 0xfc, 0x61, 0xf1, 0xb4, 0x5e,
|
||||||
|
0xfc, 0x43, 0x19, 0x45, 0x6e, 0xa3, 0x45, 0xe4,
|
||||||
|
0xcb, 0x66, 0x5f, 0xe0, 0x57, 0xf6, 0x0a, 0x30,
|
||||||
|
0xa3, 0xd6, 0x51, 0x24, 0xc9, 0x07, 0x55, 0x82,
|
||||||
|
0x4a, 0x66, 0x0e, 0x9d, 0xb2, 0x2f, 0x84, 0x56,
|
||||||
|
0x6c, 0x3e, 0x71, 0xef, 0x9b, 0x35, 0x4d, 0x72,
|
||||||
|
0xdc, 0x46, 0x2a, 0xe3, 0x7b, 0x13, 0x20, 0xbf,
|
||||||
|
0xab, 0x77, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
|
||||||
|
0x82, 0x01, 0x8e, 0x30, 0x82, 0x01, 0x8a, 0x30,
|
||||||
|
0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01,
|
||||||
|
0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30,
|
||||||
|
0x1b, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x14,
|
||||||
|
0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
|
||||||
|
0x01, 0x82, 0x37, 0x15, 0x24, 0x06, 0x05, 0x67,
|
||||||
|
0x81, 0x05, 0x08, 0x03, 0x30, 0x16, 0x06, 0x03,
|
||||||
|
0x55, 0x1d, 0x20, 0x04, 0x0f, 0x30, 0x0d, 0x30,
|
||||||
|
0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
|
||||||
|
0x82, 0x37, 0x15, 0x1f, 0x30, 0x12, 0x06, 0x03,
|
||||||
|
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08,
|
||||||
|
0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00,
|
||||||
|
0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
|
||||||
|
0x16, 0x04, 0x14, 0x45, 0x1a, 0xec, 0xfc, 0x91,
|
||||||
|
0x70, 0xf8, 0x83, 0x8b, 0x9c, 0x47, 0x2f, 0x0b,
|
||||||
|
0x9f, 0x07, 0xf3, 0x2f, 0x7c, 0xa2, 0x8a, 0x30,
|
||||||
|
0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
|
||||||
|
0x30, 0x16, 0x80, 0x14, 0x7a, 0x8c, 0x0a, 0xce,
|
||||||
|
0x2f, 0x48, 0x62, 0x17, 0xe2, 0x94, 0xd1, 0xae,
|
||||||
|
0x55, 0xc1, 0x52, 0xec, 0x71, 0x74, 0xa4, 0x56,
|
||||||
|
0x30, 0x70, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04,
|
||||||
|
0x69, 0x30, 0x67, 0x30, 0x65, 0xa0, 0x63, 0xa0,
|
||||||
|
0x61, 0x86, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x3a,
|
||||||
|
0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69,
|
||||||
|
0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
|
||||||
|
0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f,
|
||||||
|
0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x4d,
|
||||||
|
0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
|
||||||
|
0x25, 0x32, 0x30, 0x54, 0x50, 0x4d, 0x25, 0x32,
|
||||||
|
0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32, 0x30,
|
||||||
|
0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
|
||||||
|
0x61, 0x74, 0x65, 0x25, 0x32, 0x30, 0x41, 0x75,
|
||||||
|
0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x25,
|
||||||
|
0x32, 0x30, 0x32, 0x30, 0x31, 0x34, 0x2e, 0x63,
|
||||||
|
0x72, 0x6c, 0x30, 0x7d, 0x06, 0x08, 0x2b, 0x06,
|
||||||
|
0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x71,
|
||||||
|
0x30, 0x6f, 0x30, 0x6d, 0x06, 0x08, 0x2b, 0x06,
|
||||||
|
0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x61,
|
||||||
|
0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
|
||||||
|
0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f,
|
||||||
|
0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d,
|
||||||
|
0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f,
|
||||||
|
0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69,
|
||||||
|
0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x25,
|
||||||
|
0x32, 0x30, 0x54, 0x50, 0x4d, 0x25, 0x32, 0x30,
|
||||||
|
0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32, 0x30, 0x43,
|
||||||
|
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
|
||||||
|
0x74, 0x65, 0x25, 0x32, 0x30, 0x41, 0x75, 0x74,
|
||||||
|
0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x25, 0x32,
|
||||||
|
0x30, 0x32, 0x30, 0x31, 0x34, 0x2e, 0x63, 0x72,
|
||||||
|
0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
|
||||||
|
0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
|
||||||
|
0x03, 0x82, 0x02, 0x01, 0x00, 0x48, 0x24, 0x32,
|
||||||
|
0xe8, 0xd6, 0x38, 0xda, 0x65, 0xec, 0x1b, 0x18,
|
||||||
|
0x8e, 0x37, 0x07, 0xd5, 0x18, 0x5a, 0xc8, 0xb9,
|
||||||
|
0xbb, 0x24, 0x8a, 0x4d, 0xa1, 0x3c, 0x9e, 0x46,
|
||||||
|
0x76, 0xcf, 0xa5, 0xdf, 0xd7, 0x61, 0xba, 0x05,
|
||||||
|
0x89, 0x3c, 0x13, 0xc2, 0x1f, 0x71, 0xe3, 0xec,
|
||||||
|
0x5d, 0x54, 0x9e, 0xd9, 0x01, 0x5a, 0x10, 0x3b,
|
||||||
|
0x17, 0x75, 0xde, 0xa1, 0x45, 0xbf, 0x1d, 0x1b,
|
||||||
|
0x41, 0x21, 0x42, 0x68, 0x22, 0x6b, 0xbb, 0xcb,
|
||||||
|
0x11, 0x04, 0xd2, 0xae, 0x86, 0xcf, 0x73, 0x5a,
|
||||||
|
0xf2, 0x80, 0x18, 0x00, 0xf0, 0xd6, 0x6c, 0x5a,
|
||||||
|
0x1e, 0xb3, 0x4d, 0x30, 0x02, 0x4a, 0x6a, 0x03,
|
||||||
|
0x36, 0x42, 0xde, 0xb2, 0x52, 0x55, 0xff, 0x71,
|
||||||
|
0xeb, 0x7b, 0x8b, 0x55, 0x6c, 0xdf, 0x05, 0x35,
|
||||||
|
0x47, 0x70, 0x53, 0xfb, 0x6c, 0xba, 0x06, 0xb2,
|
||||||
|
0x61, 0x86, 0xdc, 0x2a, 0x64, 0x81, 0x24, 0x79,
|
||||||
|
0x46, 0x73, 0x04, 0x55, 0x59, 0xed, 0xd6, 0x06,
|
||||||
|
0x61, 0x15, 0xf9, 0x8d, 0x78, 0x39, 0x7b, 0x84,
|
||||||
|
0x7a, 0x40, 0x45, 0x13, 0x1a, 0x91, 0x71, 0x8f,
|
||||||
|
0xd1, 0x4f, 0x78, 0x10, 0x68, 0x9b, 0x15, 0x79,
|
||||||
|
0x3f, 0x79, 0x2d, 0x9b, 0xc7, 0x5d, 0xa3, 0xcf,
|
||||||
|
0xa9, 0x14, 0xb0, 0xc4, 0xdb, 0xa9, 0x45, 0x6a,
|
||||||
|
0x6e, 0x60, 0x45, 0x0b, 0x14, 0x25, 0xc7, 0x74,
|
||||||
|
0xd0, 0x36, 0xaf, 0xc5, 0xbd, 0x4f, 0x7b, 0xc0,
|
||||||
|
0x04, 0x43, 0x85, 0xbb, 0x06, 0x36, 0x77, 0x26,
|
||||||
|
0x02, 0x23, 0x0b, 0xf8, 0x57, 0x8f, 0x1f, 0x27,
|
||||||
|
0x30, 0x95, 0xff, 0x83, 0x23, 0x2b, 0x49, 0x33,
|
||||||
|
0x43, 0x62, 0x87, 0x5d, 0x27, 0x12, 0x1a, 0x68,
|
||||||
|
0x7b, 0xba, 0x2d, 0xf6, 0xed, 0x2c, 0x26, 0xb5,
|
||||||
|
0xbb, 0xe2, 0x6f, 0xc2, 0x61, 0x17, 0xfc, 0x72,
|
||||||
|
0x14, 0x57, 0x2c, 0x2c, 0x5a, 0x92, 0x13, 0x41,
|
||||||
|
0xc4, 0x7e, 0xb5, 0x64, 0x5b, 0x86, 0x57, 0x13,
|
||||||
|
0x14, 0xff, 0xf5, 0x04, 0xb9, 0x3d, 0x2d, 0xc3,
|
||||||
|
0xe9, 0x75, 0x1f, 0x68, 0x0b, 0xb5, 0x76, 0xe1,
|
||||||
|
0x7d, 0xe3, 0xb0, 0x14, 0xa8, 0x45, 0x05, 0x98,
|
||||||
|
0x81, 0x32, 0xc1, 0xf5, 0x49, 0x4d, 0x58, 0xa4,
|
||||||
|
0xee, 0xd8, 0x84, 0xba, 0x65, 0x07, 0x8d, 0xf7,
|
||||||
|
0x9a, 0xff, 0x7d, 0xa5, 0xbc, 0x9a, 0xed, 0x4a,
|
||||||
|
0x5d, 0xa4, 0x97, 0x4b, 0x4d, 0x31, 0x90, 0xb5,
|
||||||
|
0x7d, 0x28, 0x77, 0x25, 0x88, 0x1c, 0xbf, 0x78,
|
||||||
|
0x22, 0xb2, 0xb5, 0x5c, 0x9a, 0xc9, 0x63, 0x17,
|
||||||
|
0x96, 0xe9, 0xc2, 0x52, 0x30, 0xb8, 0x9b, 0x37,
|
||||||
|
0x69, 0x1a, 0x6a, 0x66, 0x76, 0x18, 0xac, 0xc0,
|
||||||
|
0x48, 0xee, 0x46, 0x5b, 0xbe, 0x6a, 0xd5, 0x72,
|
||||||
|
0x07, 0xdc, 0x7d, 0x05, 0xbe, 0x76, 0x7d, 0xa5,
|
||||||
|
0x5e, 0x53, 0xb5, 0x47, 0x80, 0x58, 0xf0, 0xaf,
|
||||||
|
0x6f, 0x4e, 0xc0, 0xf1, 0x1e, 0x37, 0x64, 0x15,
|
||||||
|
0x42, 0x96, 0x18, 0x3a, 0x89, 0xc8, 0x14, 0x48,
|
||||||
|
0x89, 0x5c, 0x12, 0x88, 0x98, 0x0b, 0x7b, 0x4e,
|
||||||
|
0xce, 0x1c, 0xda, 0xd5, 0xa4, 0xd3, 0x32, 0x32,
|
||||||
|
0x74, 0x5b, 0xcc, 0xfd, 0x2b, 0x02, 0xfb, 0xae,
|
||||||
|
0xd0, 0x5a, 0x4c, 0xc9, 0xc1, 0x35, 0x19, 0x90,
|
||||||
|
0x5f, 0xca, 0x14, 0xeb, 0x4c, 0x17, 0xd7, 0xe3,
|
||||||
|
0xe2, 0x5d, 0xb4, 0x49, 0xaa, 0xf0, 0x50, 0x87,
|
||||||
|
0xc3, 0x20, 0x00, 0xda, 0xe9, 0x04, 0x80, 0x64,
|
||||||
|
0xac, 0x9f, 0xcd, 0x26, 0x41, 0x48, 0xe8, 0x4c,
|
||||||
|
0x46, 0xcc, 0x5b, 0xd7, 0xca, 0x4c, 0x1b, 0x43,
|
||||||
|
0x43, 0x1e, 0xbd, 0x94, 0xe7, 0xa7, 0xa6, 0x86,
|
||||||
|
0xe5, 0xd1, 0x78, 0x29, 0xa2, 0x40, 0xc5, 0xc5,
|
||||||
|
0x47, 0xb6, 0x6d, 0x53, 0xde, 0xac, 0x97, 0x74,
|
||||||
|
0x24, 0x57, 0xcc, 0x05, 0x93, 0xfd, 0x52, 0x35,
|
||||||
|
0x29, 0xd5, 0xe0, 0xfa, 0x23, 0x0d, 0xd7, 0xaa,
|
||||||
|
0x8b, 0x07, 0x4b, 0xf6, 0x64, 0xc7, 0xad, 0x3c,
|
||||||
|
0xa1, 0xb5, 0xc5, 0x70, 0xaf, 0x46, 0xfe, 0x9a,
|
||||||
|
0x82, 0x4d, 0x75, 0xb8, 0x6d, 0x67, 0x70, 0x75,
|
||||||
|
0x62, 0x41, 0x72, 0x65, 0x61, 0x58, 0x76, 0x00,
|
||||||
|
0x23, 0x00, 0x0b, 0x00, 0x04, 0x00, 0x72, 0x00,
|
||||||
|
0x20, 0x9d, 0xff, 0xcb, 0xf3, 0x6c, 0x38, 0x3a,
|
||||||
|
0xe6, 0x99, 0xfb, 0x98, 0x68, 0xdc, 0x6d, 0xcb,
|
||||||
|
0x89, 0xd7, 0x15, 0x38, 0x84, 0xbe, 0x28, 0x03,
|
||||||
|
0x92, 0x2c, 0x12, 0x41, 0x58, 0xbf, 0xad, 0x22,
|
||||||
|
0xae, 0x00, 0x10, 0x00, 0x10, 0x00, 0x03, 0x00,
|
||||||
|
0x10, 0x00, 0x20, 0xfb, 0xd6, 0xba, 0x74, 0xe6,
|
||||||
|
0x6e, 0x5c, 0x87, 0xef, 0x89, 0xa2, 0xe8, 0x3d,
|
||||||
|
0x0b, 0xe9, 0x69, 0x2c, 0x07, 0x07, 0x7a, 0x8a,
|
||||||
|
0x1e, 0xce, 0x12, 0xea, 0x3b, 0xb3, 0xf1, 0xf3,
|
||||||
|
0xd9, 0xc3, 0xe6, 0x00, 0x20, 0x3c, 0x68, 0x51,
|
||||||
|
0x94, 0x54, 0x8d, 0xeb, 0x9f, 0xb2, 0x2c, 0x66,
|
||||||
|
0x75, 0xb6, 0xb7, 0x55, 0x22, 0x0d, 0x87, 0x59,
|
||||||
|
0xc4, 0x39, 0x91, 0x62, 0x17, 0xc2, 0xc3, 0x53,
|
||||||
|
0xa5, 0x26, 0x97, 0x4f, 0x2d, 0x68, 0x63, 0x65,
|
||||||
|
0x72, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x58, 0xa1,
|
||||||
|
0xff, 0x54, 0x43, 0x47, 0x80, 0x17, 0x00, 0x22,
|
||||||
|
0x00, 0x0b, 0x73, 0xbe, 0xb7, 0x40, 0x82, 0xc0,
|
||||||
|
0x49, 0x9a, 0xf7, 0xf2, 0xd0, 0x79, 0x6c, 0x88,
|
||||||
|
0xf3, 0x56, 0x7b, 0x7a, 0x7d, 0xcd, 0x70, 0xd1,
|
||||||
|
0xbc, 0x41, 0x88, 0x48, 0x51, 0x03, 0xf3, 0x58,
|
||||||
|
0x3e, 0xb8, 0x00, 0x14, 0x9f, 0x57, 0x39, 0x67,
|
||||||
|
0xa8, 0x7b, 0xd8, 0xf6, 0x9e, 0x75, 0xc9, 0x85,
|
||||||
|
0xab, 0xe3, 0x55, 0xc7, 0x9c, 0xf6, 0xd8, 0x4f,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x1c, 0x12,
|
||||||
|
0xfd, 0xc6, 0x05, 0xc6, 0x2b, 0xf5, 0xe9, 0x88,
|
||||||
|
0x01, 0x1f, 0x70, 0x8d, 0x98, 0x2a, 0x04, 0x21,
|
||||||
|
0x30, 0x00, 0x22, 0x00, 0x0b, 0xf4, 0xfd, 0x9a,
|
||||||
|
0x33, 0x55, 0x21, 0x08, 0x27, 0x48, 0x55, 0x01,
|
||||||
|
0x56, 0xf9, 0x0b, 0x4e, 0x47, 0x55, 0x08, 0x2e,
|
||||||
|
0x3c, 0x91, 0x3d, 0x6e, 0x53, 0xcf, 0x08, 0xe9,
|
||||||
|
0x0a, 0x4b, 0xc9, 0x7e, 0x99, 0x00, 0x22, 0x00,
|
||||||
|
0x0b, 0x51, 0xd3, 0x38, 0xfe, 0xaa, 0xda, 0xc6,
|
||||||
|
0x68, 0x84, 0x39, 0xe7, 0xb1, 0x03, 0x22, 0x5e,
|
||||||
|
0xc4, 0xd3, 0xf1, 0x0c, 0xec, 0x35, 0x5d, 0x50,
|
||||||
|
0xa3, 0x9d, 0xab, 0xa1, 0x7b, 0x61, 0x51, 0x8f,
|
||||||
|
0x4e
|
||||||
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Security Key By Yubico
|
* Security Key By Yubico
|
||||||
* 5.1.X
|
* 5.1.X
|
||||||
@ -1563,7 +2089,7 @@ fmt_none(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
valid_tpm_cred(void)
|
valid_tpm_rs256_cred(void)
|
||||||
{
|
{
|
||||||
fido_cred_t *c;
|
fido_cred_t *c;
|
||||||
|
|
||||||
@ -1571,17 +2097,42 @@ valid_tpm_cred(void)
|
|||||||
assert(fido_cred_set_type(c, COSE_RS256) == FIDO_OK);
|
assert(fido_cred_set_type(c, COSE_RS256) == FIDO_OK);
|
||||||
assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK);
|
assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK);
|
||||||
assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK);
|
assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK);
|
||||||
assert(fido_cred_set_authdata(c, authdata_tpm, sizeof(authdata_tpm)) == FIDO_OK);
|
assert(fido_cred_set_authdata(c, authdata_tpm_rs256, sizeof(authdata_tpm_rs256)) == FIDO_OK);
|
||||||
assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK);
|
assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK);
|
||||||
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
|
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
|
||||||
assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK);
|
assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK);
|
||||||
assert(fido_cred_set_attstmt(c, attstmt_tpm, sizeof(attstmt_tpm)) == FIDO_OK);
|
assert(fido_cred_set_attstmt(c, attstmt_tpm_rs256, sizeof(attstmt_tpm_rs256)) == FIDO_OK);
|
||||||
assert(fido_cred_verify(c) == FIDO_OK);
|
assert(fido_cred_verify(c) == FIDO_OK);
|
||||||
assert(fido_cred_prot(c) == 0);
|
assert(fido_cred_prot(c) == 0);
|
||||||
assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm));
|
assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm_rs256));
|
||||||
assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm, sizeof(pubkey_tpm)) == 0);
|
assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm_rs256, sizeof(pubkey_tpm_rs256)) == 0);
|
||||||
assert(fido_cred_id_len(c) == sizeof(id_tpm));
|
assert(fido_cred_id_len(c) == sizeof(id_tpm_rs256));
|
||||||
assert(memcmp(fido_cred_id_ptr(c), id_tpm, sizeof(id_tpm)) == 0);
|
assert(memcmp(fido_cred_id_ptr(c), id_tpm_rs256, sizeof(id_tpm_rs256)) == 0);
|
||||||
|
assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm));
|
||||||
|
assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0);
|
||||||
|
free_cred(c);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
valid_tpm_es256_cred(void)
|
||||||
|
{
|
||||||
|
fido_cred_t *c;
|
||||||
|
|
||||||
|
c = alloc_cred();
|
||||||
|
assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK);
|
||||||
|
assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK);
|
||||||
|
assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK);
|
||||||
|
assert(fido_cred_set_authdata(c, authdata_tpm_es256, sizeof(authdata_tpm_es256)) == FIDO_OK);
|
||||||
|
assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK);
|
||||||
|
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
|
||||||
|
assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK);
|
||||||
|
assert(fido_cred_set_attstmt(c, attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == FIDO_OK);
|
||||||
|
assert(fido_cred_verify(c) == FIDO_OK);
|
||||||
|
assert(fido_cred_prot(c) == 0);
|
||||||
|
assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm_es256));
|
||||||
|
assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm_es256, sizeof(pubkey_tpm_es256)) == 0);
|
||||||
|
assert(fido_cred_id_len(c) == sizeof(id_tpm_es256));
|
||||||
|
assert(memcmp(fido_cred_id_ptr(c), id_tpm_es256, sizeof(id_tpm_es256)) == 0);
|
||||||
assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm));
|
assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm));
|
||||||
assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0);
|
assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0);
|
||||||
free_cred(c);
|
free_cred(c);
|
||||||
@ -1616,7 +2167,8 @@ main(void)
|
|||||||
wrong_credprot();
|
wrong_credprot();
|
||||||
raw_authdata();
|
raw_authdata();
|
||||||
fmt_none();
|
fmt_none();
|
||||||
valid_tpm_cred();
|
valid_tpm_rs256_cred();
|
||||||
|
valid_tpm_es256_cred();
|
||||||
|
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
@ -132,7 +132,7 @@ endif()
|
|||||||
install(FILES fido.h DESTINATION include)
|
install(FILES fido.h DESTINATION include)
|
||||||
install(DIRECTORY fido DESTINATION include)
|
install(DIRECTORY fido DESTINATION include)
|
||||||
|
|
||||||
if(NOT WIN32)
|
if(NOT MSVC)
|
||||||
configure_file(libfido2.pc.in libfido2.pc @ONLY)
|
configure_file(libfido2.pc.in libfido2.pc @ONLY)
|
||||||
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc"
|
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc"
|
||||||
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
|
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
|
||||||
|
@ -424,7 +424,7 @@ bio_enroll_begin_wait(fido_dev_t *dev, fido_bio_template_t *t,
|
|||||||
|
|
||||||
memset(&argv, 0, sizeof(argv));
|
memset(&argv, 0, sizeof(argv));
|
||||||
|
|
||||||
if ((argv[2] = cbor_build_uint32(timo_ms)) == NULL) {
|
if ((argv[2] = cbor_build_uint(timo_ms)) == NULL) {
|
||||||
fido_log_debug("%s: cbor encode", __func__);
|
fido_log_debug("%s: cbor encode", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@ -520,7 +520,7 @@ bio_enroll_continue_wait(fido_dev_t *dev, const fido_bio_template_t *t,
|
|||||||
memset(&argv, 0, sizeof(argv));
|
memset(&argv, 0, sizeof(argv));
|
||||||
|
|
||||||
if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
|
if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
|
||||||
(argv[2] = cbor_build_uint32(timo_ms)) == NULL) {
|
(argv[2] = cbor_build_uint(timo_ms)) == NULL) {
|
||||||
fido_log_debug("%s: cbor encode", __func__);
|
fido_log_debug("%s: cbor encode", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
@ -696,7 +696,6 @@ cbor_encode_pin_auth(const fido_dev_t *dev, const fido_blob_t *secret,
|
|||||||
uint8_t prot;
|
uint8_t prot;
|
||||||
fido_blob_t key;
|
fido_blob_t key;
|
||||||
|
|
||||||
|
|
||||||
key.ptr = secret->ptr;
|
key.ptr = secret->ptr;
|
||||||
key.len = secret->len;
|
key.len = secret->len;
|
||||||
|
|
||||||
|
@ -548,6 +548,13 @@ fido_dev_set_transport_functions(fido_dev_t *dev, const fido_dev_transport_t *t)
|
|||||||
return (FIDO_OK);
|
return (FIDO_OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void *
|
||||||
|
fido_dev_io_handle(const fido_dev_t *dev)
|
||||||
|
{
|
||||||
|
|
||||||
|
return (dev->io_handle);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
fido_init(int flags)
|
fido_init(int flags)
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2019 Yubico AB. All rights reserved.
|
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
|
||||||
* Use of this source code is governed by a BSD-style
|
* Use of this source code is governed by a BSD-style
|
||||||
* license that can be found in the LICENSE file.
|
* license that can be found in the LICENSE file.
|
||||||
*/
|
*/
|
||||||
@ -37,7 +37,9 @@ EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
|
|||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
#endif /* LIBRESSL_VERSION_NUMBER */
|
||||||
|
|
||||||
|
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3040000f
|
||||||
int
|
int
|
||||||
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
|
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
|
||||||
const unsigned char *tbs, size_t tbslen)
|
const unsigned char *tbs, size_t tbslen)
|
||||||
@ -52,7 +54,7 @@ EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
|
|||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
#endif /* LIBRESSL_VERSION_NUMBER */
|
#endif /* LIBRESSL_VERSION_NUMBER < 0x3040000f */
|
||||||
|
|
||||||
static int
|
static int
|
||||||
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
|
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
|
||||||
|
@ -201,14 +201,18 @@
|
|||||||
fido_dev_info_product;
|
fido_dev_info_product;
|
||||||
fido_dev_info_product_string;
|
fido_dev_info_product_string;
|
||||||
fido_dev_info_ptr;
|
fido_dev_info_ptr;
|
||||||
|
fido_dev_info_set;
|
||||||
fido_dev_info_vendor;
|
fido_dev_info_vendor;
|
||||||
|
fido_dev_io_handle;
|
||||||
fido_dev_is_fido2;
|
fido_dev_is_fido2;
|
||||||
fido_dev_is_winhello;
|
fido_dev_is_winhello;
|
||||||
fido_dev_major;
|
fido_dev_major;
|
||||||
fido_dev_make_cred;
|
fido_dev_make_cred;
|
||||||
fido_dev_minor;
|
fido_dev_minor;
|
||||||
fido_dev_new;
|
fido_dev_new;
|
||||||
|
fido_dev_new_with_info;
|
||||||
fido_dev_open;
|
fido_dev_open;
|
||||||
|
fido_dev_open_with_info;
|
||||||
fido_dev_protocol;
|
fido_dev_protocol;
|
||||||
fido_dev_reset;
|
fido_dev_reset;
|
||||||
fido_dev_set_io_functions;
|
fido_dev_set_io_functions;
|
||||||
|
@ -199,14 +199,18 @@ _fido_dev_info_path
|
|||||||
_fido_dev_info_product
|
_fido_dev_info_product
|
||||||
_fido_dev_info_product_string
|
_fido_dev_info_product_string
|
||||||
_fido_dev_info_ptr
|
_fido_dev_info_ptr
|
||||||
|
_fido_dev_info_set
|
||||||
_fido_dev_info_vendor
|
_fido_dev_info_vendor
|
||||||
|
_fido_dev_io_handle
|
||||||
_fido_dev_is_fido2
|
_fido_dev_is_fido2
|
||||||
_fido_dev_is_winhello
|
_fido_dev_is_winhello
|
||||||
_fido_dev_major
|
_fido_dev_major
|
||||||
_fido_dev_make_cred
|
_fido_dev_make_cred
|
||||||
_fido_dev_minor
|
_fido_dev_minor
|
||||||
_fido_dev_new
|
_fido_dev_new
|
||||||
|
_fido_dev_new_with_info
|
||||||
_fido_dev_open
|
_fido_dev_open
|
||||||
|
_fido_dev_open_with_info
|
||||||
_fido_dev_protocol
|
_fido_dev_protocol
|
||||||
_fido_dev_reset
|
_fido_dev_reset
|
||||||
_fido_dev_set_io_functions
|
_fido_dev_set_io_functions
|
||||||
|
@ -200,14 +200,18 @@ fido_dev_info_path
|
|||||||
fido_dev_info_product
|
fido_dev_info_product
|
||||||
fido_dev_info_product_string
|
fido_dev_info_product_string
|
||||||
fido_dev_info_ptr
|
fido_dev_info_ptr
|
||||||
|
fido_dev_info_set
|
||||||
fido_dev_info_vendor
|
fido_dev_info_vendor
|
||||||
|
fido_dev_io_handle
|
||||||
fido_dev_is_fido2
|
fido_dev_is_fido2
|
||||||
fido_dev_is_winhello
|
fido_dev_is_winhello
|
||||||
fido_dev_major
|
fido_dev_major
|
||||||
fido_dev_make_cred
|
fido_dev_make_cred
|
||||||
fido_dev_minor
|
fido_dev_minor
|
||||||
fido_dev_new
|
fido_dev_new
|
||||||
|
fido_dev_new_with_info
|
||||||
fido_dev_open
|
fido_dev_open
|
||||||
|
fido_dev_open_with_info
|
||||||
fido_dev_protocol
|
fido_dev_protocol
|
||||||
fido_dev_reset
|
fido_dev_reset
|
||||||
fido_dev_set_io_functions
|
fido_dev_set_io_functions
|
||||||
|
@ -178,7 +178,6 @@ int fido_dev_get_uv_token(fido_dev_t *, uint8_t, const char *,
|
|||||||
int *);
|
int *);
|
||||||
uint64_t fido_dev_maxmsgsize(const fido_dev_t *);
|
uint64_t fido_dev_maxmsgsize(const fido_dev_t *);
|
||||||
int fido_do_ecdh(fido_dev_t *, es256_pk_t **, fido_blob_t **, int *);
|
int fido_do_ecdh(fido_dev_t *, es256_pk_t **, fido_blob_t **, int *);
|
||||||
bool fido_dev_supports_permissions(const fido_dev_t *);
|
|
||||||
|
|
||||||
/* types */
|
/* types */
|
||||||
void fido_algo_array_free(fido_algo_array_t *);
|
void fido_algo_array_free(fido_algo_array_t *);
|
||||||
|
@ -40,6 +40,7 @@ fido_dev_t *fido_dev_new(void);
|
|||||||
fido_dev_t *fido_dev_new_with_info(const fido_dev_info_t *);
|
fido_dev_t *fido_dev_new_with_info(const fido_dev_info_t *);
|
||||||
fido_dev_info_t *fido_dev_info_new(size_t);
|
fido_dev_info_t *fido_dev_info_new(size_t);
|
||||||
fido_cbor_info_t *fido_cbor_info_new(void);
|
fido_cbor_info_t *fido_cbor_info_new(void);
|
||||||
|
void *fido_dev_io_handle(const fido_dev_t *);
|
||||||
|
|
||||||
void fido_assert_free(fido_assert_t **);
|
void fido_assert_free(fido_assert_t **);
|
||||||
void fido_cbor_info_free(fido_cbor_info_t **);
|
void fido_cbor_info_free(fido_cbor_info_t **);
|
||||||
@ -153,6 +154,8 @@ int fido_dev_get_uv_retry_count(fido_dev_t *, int *);
|
|||||||
int fido_dev_get_touch_begin(fido_dev_t *);
|
int fido_dev_get_touch_begin(fido_dev_t *);
|
||||||
int fido_dev_get_touch_status(fido_dev_t *, int *, int);
|
int fido_dev_get_touch_status(fido_dev_t *, int *, int);
|
||||||
int fido_dev_info_manifest(fido_dev_info_t *, size_t, size_t *);
|
int fido_dev_info_manifest(fido_dev_info_t *, size_t, size_t *);
|
||||||
|
int fido_dev_info_set(fido_dev_info_t *, size_t, const char *, const char *,
|
||||||
|
const char *, const fido_dev_io_t *, const fido_dev_transport_t *);
|
||||||
int fido_dev_make_cred(fido_dev_t *, fido_cred_t *, const char *);
|
int fido_dev_make_cred(fido_dev_t *, fido_cred_t *, const char *);
|
||||||
int fido_dev_open_with_info(fido_dev_t *);
|
int fido_dev_open_with_info(fido_dev_t *);
|
||||||
int fido_dev_open(fido_dev_t *, const char *);
|
int fido_dev_open(fido_dev_t *, const char *);
|
||||||
@ -212,9 +215,10 @@ bool fido_dev_has_pin(const fido_dev_t *);
|
|||||||
bool fido_dev_has_uv(const fido_dev_t *);
|
bool fido_dev_has_uv(const fido_dev_t *);
|
||||||
bool fido_dev_is_fido2(const fido_dev_t *);
|
bool fido_dev_is_fido2(const fido_dev_t *);
|
||||||
bool fido_dev_is_winhello(const fido_dev_t *);
|
bool fido_dev_is_winhello(const fido_dev_t *);
|
||||||
bool fido_dev_supports_pin(const fido_dev_t *);
|
|
||||||
bool fido_dev_supports_cred_prot(const fido_dev_t *);
|
|
||||||
bool fido_dev_supports_credman(const fido_dev_t *);
|
bool fido_dev_supports_credman(const fido_dev_t *);
|
||||||
|
bool fido_dev_supports_cred_prot(const fido_dev_t *);
|
||||||
|
bool fido_dev_supports_permissions(const fido_dev_t *);
|
||||||
|
bool fido_dev_supports_pin(const fido_dev_t *);
|
||||||
bool fido_dev_supports_uv(const fido_dev_t *);
|
bool fido_dev_supports_uv(const fido_dev_t *);
|
||||||
|
|
||||||
int fido_dev_largeblob_get(fido_dev_t *, const unsigned char *, size_t,
|
int fido_dev_largeblob_get(fido_dev_t *, const unsigned char *, size_t,
|
||||||
|
@ -151,13 +151,13 @@ typedef struct fido_cred {
|
|||||||
fido_attcred_t attcred; /* returned credential (key + id) */
|
fido_attcred_t attcred; /* returned credential (key + id) */
|
||||||
fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */
|
fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */
|
||||||
fido_blob_t largeblob_key; /* decoded large blob key */
|
fido_blob_t largeblob_key; /* decoded large blob key */
|
||||||
fido_blob_t blob; /* FIDO 2.1 credBlob */
|
fido_blob_t blob; /* CTAP 2.1 credBlob */
|
||||||
} fido_cred_t;
|
} fido_cred_t;
|
||||||
|
|
||||||
typedef struct fido_assert_extattr {
|
typedef struct fido_assert_extattr {
|
||||||
int mask; /* decoded extensions */
|
int mask; /* decoded extensions */
|
||||||
fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */
|
fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */
|
||||||
fido_blob_t blob; /* decoded FIDO 2.1 credBlob */
|
fido_blob_t blob; /* decoded CTAP 2.1 credBlob */
|
||||||
} fido_assert_extattr_t;
|
} fido_assert_extattr_t;
|
||||||
|
|
||||||
typedef struct _fido_assert_stmt {
|
typedef struct _fido_assert_stmt {
|
||||||
|
@ -121,6 +121,15 @@ fido_dev_info_new(size_t n)
|
|||||||
return (calloc(n, sizeof(fido_dev_info_t)));
|
return (calloc(n, sizeof(fido_dev_info_t)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
fido_dev_info_reset(fido_dev_info_t *di)
|
||||||
|
{
|
||||||
|
free(di->path);
|
||||||
|
free(di->manufacturer);
|
||||||
|
free(di->product);
|
||||||
|
memset(di, 0, sizeof(*di));
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
fido_dev_info_free(fido_dev_info_t **devlist_p, size_t n)
|
fido_dev_info_free(fido_dev_info_t **devlist_p, size_t n)
|
||||||
{
|
{
|
||||||
@ -129,13 +138,8 @@ fido_dev_info_free(fido_dev_info_t **devlist_p, size_t n)
|
|||||||
if (devlist_p == NULL || (devlist = *devlist_p) == NULL)
|
if (devlist_p == NULL || (devlist = *devlist_p) == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
for (size_t i = 0; i < n; i++) {
|
for (size_t i = 0; i < n; i++)
|
||||||
const fido_dev_info_t *di;
|
fido_dev_info_reset(&devlist[i]);
|
||||||
di = &devlist[i];
|
|
||||||
free(di->path);
|
|
||||||
free(di->manufacturer);
|
|
||||||
free(di->product);
|
|
||||||
}
|
|
||||||
|
|
||||||
free(devlist);
|
free(devlist);
|
||||||
|
|
||||||
@ -148,6 +152,44 @@ fido_dev_info_ptr(const fido_dev_info_t *devlist, size_t i)
|
|||||||
return (&devlist[i]);
|
return (&devlist[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
fido_dev_info_set(fido_dev_info_t *devlist, size_t i,
|
||||||
|
const char *path, const char *manufacturer, const char *product,
|
||||||
|
const fido_dev_io_t *io, const fido_dev_transport_t *transport)
|
||||||
|
{
|
||||||
|
char *path_copy = NULL, *manu_copy = NULL, *prod_copy = NULL;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
if (path == NULL || manufacturer == NULL || product == NULL ||
|
||||||
|
io == NULL) {
|
||||||
|
r = FIDO_ERR_INVALID_ARGUMENT;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((path_copy = strdup(path)) == NULL ||
|
||||||
|
(manu_copy = strdup(manufacturer)) == NULL ||
|
||||||
|
(prod_copy = strdup(product)) == NULL) {
|
||||||
|
r = FIDO_ERR_INTERNAL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
fido_dev_info_reset(&devlist[i]);
|
||||||
|
devlist[i].path = path_copy;
|
||||||
|
devlist[i].manufacturer = manu_copy;
|
||||||
|
devlist[i].product = prod_copy;
|
||||||
|
devlist[i].io = *io;
|
||||||
|
if (transport)
|
||||||
|
devlist[i].transport = *transport;
|
||||||
|
r = FIDO_OK;
|
||||||
|
out:
|
||||||
|
if (r != FIDO_OK) {
|
||||||
|
free(prod_copy);
|
||||||
|
free(manu_copy);
|
||||||
|
free(path_copy);
|
||||||
|
}
|
||||||
|
return (r);
|
||||||
|
}
|
||||||
|
|
||||||
const char *
|
const char *
|
||||||
fido_dev_info_path(const fido_dev_info_t *di)
|
fido_dev_info_path(const fido_dev_info_t *di)
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2019 Yubico AB. All rights reserved.
|
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
|
||||||
* Use of this source code is governed by a BSD-style
|
* Use of this source code is governed by a BSD-style
|
||||||
* license that can be found in the LICENSE file.
|
* license that can be found in the LICENSE file.
|
||||||
*/
|
*/
|
||||||
@ -23,6 +23,8 @@
|
|||||||
#define kIOMainPortDefault kIOMasterPortDefault
|
#define kIOMainPortDefault kIOMasterPortDefault
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define IOREG "ioreg://"
|
||||||
|
|
||||||
struct hid_osx {
|
struct hid_osx {
|
||||||
IOHIDDeviceRef ref;
|
IOHIDDeviceRef ref;
|
||||||
CFStringRef loop_id;
|
CFStringRef loop_id;
|
||||||
@ -167,19 +169,26 @@ static char *
|
|||||||
get_path(IOHIDDeviceRef dev)
|
get_path(IOHIDDeviceRef dev)
|
||||||
{
|
{
|
||||||
io_service_t s;
|
io_service_t s;
|
||||||
io_string_t path;
|
uint64_t id;
|
||||||
|
char *path;
|
||||||
|
|
||||||
if ((s = IOHIDDeviceGetService(dev)) == MACH_PORT_NULL) {
|
if ((s = IOHIDDeviceGetService(dev)) == MACH_PORT_NULL) {
|
||||||
fido_log_debug("%s: IOHIDDeviceGetService", __func__);
|
fido_log_debug("%s: IOHIDDeviceGetService", __func__);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (IORegistryEntryGetPath(s, kIOServicePlane, path) != KERN_SUCCESS) {
|
if (IORegistryEntryGetRegistryEntryID(s, &id) != KERN_SUCCESS) {
|
||||||
fido_log_debug("%s: IORegistryEntryGetPath", __func__);
|
fido_log_debug("%s: IORegistryEntryGetRegistryEntryID",
|
||||||
|
__func__);
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (strdup(path));
|
if (asprintf(&path, "%s%llu", IOREG, (unsigned long long)id) == -1) {
|
||||||
|
fido_log_error(errno, "%s: asprintf", __func__);
|
||||||
|
return (NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
return (path);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
@ -365,6 +374,42 @@ disable_sigpipe(int fd)
|
|||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
to_uint64(const char *str, uint64_t *out)
|
||||||
|
{
|
||||||
|
char *ep;
|
||||||
|
unsigned long long ull;
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
ull = strtoull(str, &ep, 10);
|
||||||
|
if (str == ep || *ep != '\0')
|
||||||
|
return (-1);
|
||||||
|
else if (ull == ULLONG_MAX && errno == ERANGE)
|
||||||
|
return (-1);
|
||||||
|
else if (ull > UINT64_MAX)
|
||||||
|
return (-1);
|
||||||
|
*out = (uint64_t)ull;
|
||||||
|
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
|
static io_registry_entry_t
|
||||||
|
get_ioreg_entry(const char *path)
|
||||||
|
{
|
||||||
|
uint64_t id;
|
||||||
|
|
||||||
|
if (strncmp(path, IOREG, strlen(IOREG)) != 0)
|
||||||
|
return (IORegistryEntryFromPath(kIOMainPortDefault, path));
|
||||||
|
|
||||||
|
if (to_uint64(path + strlen(IOREG), &id) == -1) {
|
||||||
|
fido_log_debug("%s: to_uint64", __func__);
|
||||||
|
return (MACH_PORT_NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
return (IOServiceGetMatchingService(kIOMainPortDefault,
|
||||||
|
IORegistryEntryIDMatching(id)));
|
||||||
|
}
|
||||||
|
|
||||||
void *
|
void *
|
||||||
fido_hid_open(const char *path)
|
fido_hid_open(const char *path)
|
||||||
{
|
{
|
||||||
@ -398,9 +443,8 @@ fido_hid_open(const char *path)
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((entry = IORegistryEntryFromPath(kIOMainPortDefault,
|
if ((entry = get_ioreg_entry(path)) == MACH_PORT_NULL) {
|
||||||
path)) == MACH_PORT_NULL) {
|
fido_log_debug("%s: get_ioreg_entry: %s", __func__, path);
|
||||||
fido_log_debug("%s: IORegistryEntryFromPath", __func__);
|
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -454,7 +454,7 @@ fido_hid_close(void *handle)
|
|||||||
fido_log_debug("%s: report_pending", __func__);
|
fido_log_debug("%s: report_pending", __func__);
|
||||||
if (CancelIoEx(ctx->dev, &ctx->overlap) == 0)
|
if (CancelIoEx(ctx->dev, &ctx->overlap) == 0)
|
||||||
fido_log_debug("%s CancelIoEx: 0x%lx",
|
fido_log_debug("%s CancelIoEx: 0x%lx",
|
||||||
__func__, GetLastError());
|
__func__, (u_long)GetLastError());
|
||||||
}
|
}
|
||||||
CloseHandle(ctx->overlap.hEvent);
|
CloseHandle(ctx->overlap.hEvent);
|
||||||
}
|
}
|
||||||
|
@ -21,6 +21,10 @@
|
|||||||
#define TPM_ALG_RSA 0x0001
|
#define TPM_ALG_RSA 0x0001
|
||||||
#define TPM_ALG_SHA256 0x000b
|
#define TPM_ALG_SHA256 0x000b
|
||||||
#define TPM_ALG_NULL 0x0010
|
#define TPM_ALG_NULL 0x0010
|
||||||
|
#define TPM_ALG_ECC 0x0023
|
||||||
|
|
||||||
|
/* Part 2, 6.4: TPM_ECC_CURVE */
|
||||||
|
#define TPM_ECC_P256 0x0003
|
||||||
|
|
||||||
/* Part 2, 6.9: TPM_ST_ATTEST_CERTIFY */
|
/* Part 2, 6.9: TPM_ST_ATTEST_CERTIFY */
|
||||||
#define TPM_ST_CERTIFY 0x8017
|
#define TPM_ST_CERTIFY 0x8017
|
||||||
@ -31,7 +35,7 @@
|
|||||||
#define TPMA_CLEAR 0x00000004 /* object persists */
|
#define TPMA_CLEAR 0x00000004 /* object persists */
|
||||||
#define TPMA_FIXED_P 0x00000010 /* object has fixed parent */
|
#define TPMA_FIXED_P 0x00000010 /* object has fixed parent */
|
||||||
#define TPMA_SENSITIVE 0x00000020 /* data originates within tpm */
|
#define TPMA_SENSITIVE 0x00000020 /* data originates within tpm */
|
||||||
#define TPMA_SIGN 0x00020000 /* object may sign */
|
#define TPMA_SIGN 0x00040000 /* object may sign */
|
||||||
|
|
||||||
/* Part 2, 10.4.2: TPM2B_DIGEST */
|
/* Part 2, 10.4.2: TPM2B_DIGEST */
|
||||||
PACKED_TYPE(tpm_sha256_digest_t,
|
PACKED_TYPE(tpm_sha256_digest_t,
|
||||||
@ -73,35 +77,69 @@ struct tpm_sha1_attest {
|
|||||||
tpm_sha1_data_t data; /* signed sha1 */
|
tpm_sha1_data_t data; /* signed sha1 */
|
||||||
tpm_clock_info_t clock;
|
tpm_clock_info_t clock;
|
||||||
uint64_t fwversion; /* obfuscated by tpm */
|
uint64_t fwversion; /* obfuscated by tpm */
|
||||||
tpm_sha256_name_t name; /* sha256 of tpm_rsa2048_pubarea_t */
|
tpm_sha256_name_t name; /* sha256 of tpm_rs256_pubarea_t */
|
||||||
tpm_sha256_name_t qual_name; /* full tpm path of attested key */
|
tpm_sha256_name_t qual_name; /* full tpm path of attested key */
|
||||||
})
|
})
|
||||||
|
|
||||||
/* Part 2, 11.2.4.5: TPM2B_PUBLIC_KEY_RSA */
|
/* Part 2, 11.2.4.5: TPM2B_PUBLIC_KEY_RSA */
|
||||||
PACKED_TYPE(tpm_rsa2048_key_t,
|
PACKED_TYPE(tpm_rs256_key_t,
|
||||||
struct tpm_rsa2048_key {
|
struct tpm_rs256_key {
|
||||||
uint16_t size; /* sizeof(body) */
|
uint16_t size; /* sizeof(body) */
|
||||||
uint8_t body[256];
|
uint8_t body[256];
|
||||||
})
|
})
|
||||||
|
|
||||||
|
/* Part 2, 11.2.5.1: TPM2B_ECC_PARAMETER */
|
||||||
|
PACKED_TYPE(tpm_es256_coord_t,
|
||||||
|
struct tpm_es256_coord {
|
||||||
|
uint16_t size; /* sizeof(body) */
|
||||||
|
uint8_t body[32];
|
||||||
|
})
|
||||||
|
|
||||||
|
/* Part 2, 11.2.5.2: TPMS_ECC_POINT */
|
||||||
|
PACKED_TYPE(tpm_es256_point_t,
|
||||||
|
struct tpm_es256_point {
|
||||||
|
tpm_es256_coord_t x;
|
||||||
|
tpm_es256_coord_t y;
|
||||||
|
})
|
||||||
|
|
||||||
/* Part 2, 12.2.3.5: TPMS_RSA_PARMS */
|
/* Part 2, 12.2.3.5: TPMS_RSA_PARMS */
|
||||||
PACKED_TYPE(tpm_rsa2048_param_t,
|
PACKED_TYPE(tpm_rs256_param_t,
|
||||||
struct tpm_rsa2048_param {
|
struct tpm_rs256_param {
|
||||||
uint16_t symmetric; /* TPM_ALG_NULL */
|
uint16_t symmetric; /* TPM_ALG_NULL */
|
||||||
uint16_t scheme; /* TPM_ALG_NULL */
|
uint16_t scheme; /* TPM_ALG_NULL */
|
||||||
uint16_t keybits; /* 2048 */
|
uint16_t keybits; /* 2048 */
|
||||||
uint32_t exponent; /* zero (meaning 2^16 + 1) */
|
uint32_t exponent; /* zero (meaning 2^16 + 1) */
|
||||||
})
|
})
|
||||||
|
|
||||||
|
/* Part 2, 12.2.3.6: TPMS_ECC_PARMS */
|
||||||
|
PACKED_TYPE(tpm_es256_param_t,
|
||||||
|
struct tpm_es256_param {
|
||||||
|
uint16_t symmetric; /* TPM_ALG_NULL */
|
||||||
|
uint16_t scheme; /* TPM_ALG_NULL */
|
||||||
|
uint16_t curve_id; /* TPM_ECC_P256 */
|
||||||
|
uint16_t kdf; /* TPM_ALG_NULL */
|
||||||
|
})
|
||||||
|
|
||||||
/* Part 2, 12.2.4: TPMT_PUBLIC */
|
/* Part 2, 12.2.4: TPMT_PUBLIC */
|
||||||
PACKED_TYPE(tpm_rsa2048_pubarea_t,
|
PACKED_TYPE(tpm_rs256_pubarea_t,
|
||||||
struct tpm_rsa2048_pubarea {
|
struct tpm_rs256_pubarea {
|
||||||
uint16_t alg; /* TPM_ALG_RSA */
|
uint16_t alg; /* TPM_ALG_RSA */
|
||||||
uint16_t hash; /* TPM_ALG_SHA256 */
|
uint16_t hash; /* TPM_ALG_SHA256 */
|
||||||
uint32_t attr;
|
uint32_t attr;
|
||||||
tpm_sha256_digest_t policy; /* must be present? */
|
tpm_sha256_digest_t policy; /* must be present? */
|
||||||
tpm_rsa2048_param_t param;
|
tpm_rs256_param_t param;
|
||||||
tpm_rsa2048_key_t key;
|
tpm_rs256_key_t key;
|
||||||
|
})
|
||||||
|
|
||||||
|
/* Part 2, 12.2.4: TPMT_PUBLIC */
|
||||||
|
PACKED_TYPE(tpm_es256_pubarea_t,
|
||||||
|
struct tpm_es256_pubarea {
|
||||||
|
uint16_t alg; /* TPM_ALG_ECC */
|
||||||
|
uint16_t hash; /* TPM_ALG_SHA256 */
|
||||||
|
uint32_t attr;
|
||||||
|
tpm_sha256_digest_t policy; /* must be present? */
|
||||||
|
tpm_es256_param_t param;
|
||||||
|
tpm_es256_point_t point;
|
||||||
})
|
})
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -145,7 +183,7 @@ get_signed_name(tpm_sha256_name_t *name, const fido_blob_t *pubarea)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
bswap_rsa2048_pubarea(tpm_rsa2048_pubarea_t *x)
|
bswap_rs256_pubarea(tpm_rs256_pubarea_t *x)
|
||||||
{
|
{
|
||||||
x->alg = htobe16(x->alg);
|
x->alg = htobe16(x->alg);
|
||||||
x->hash = htobe16(x->hash);
|
x->hash = htobe16(x->hash);
|
||||||
@ -157,6 +195,21 @@ bswap_rsa2048_pubarea(tpm_rsa2048_pubarea_t *x)
|
|||||||
x->key.size = htobe16(x->key.size);
|
x->key.size = htobe16(x->key.size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
bswap_es256_pubarea(tpm_es256_pubarea_t *x)
|
||||||
|
{
|
||||||
|
x->alg = htobe16(x->alg);
|
||||||
|
x->hash = htobe16(x->hash);
|
||||||
|
x->attr = htobe32(x->attr);
|
||||||
|
x->policy.size = htobe16(x->policy.size);
|
||||||
|
x->param.symmetric = htobe16(x->param.symmetric);
|
||||||
|
x->param.scheme = htobe16(x->param.scheme);
|
||||||
|
x->param.curve_id = htobe16(x->param.curve_id);
|
||||||
|
x->param.kdf = htobe16(x->param.kdf);
|
||||||
|
x->point.x.size = htobe16(x->point.x.size);
|
||||||
|
x->point.y.size = htobe16(x->point.y.size);
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
bswap_sha1_certinfo(tpm_sha1_attest_t *x)
|
bswap_sha1_certinfo(tpm_sha1_attest_t *x)
|
||||||
{
|
{
|
||||||
@ -169,10 +222,10 @@ bswap_sha1_certinfo(tpm_sha1_attest_t *x)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
check_rsa2048_pubarea(const fido_blob_t *buf, const rs256_pk_t *pk)
|
check_rs256_pubarea(const fido_blob_t *buf, const rs256_pk_t *pk)
|
||||||
{
|
{
|
||||||
const tpm_rsa2048_pubarea_t *actual;
|
const tpm_rs256_pubarea_t *actual;
|
||||||
tpm_rsa2048_pubarea_t expected;
|
tpm_rs256_pubarea_t expected;
|
||||||
int ok;
|
int ok;
|
||||||
|
|
||||||
if (buf->len != sizeof(*actual)) {
|
if (buf->len != sizeof(*actual)) {
|
||||||
@ -195,7 +248,44 @@ check_rsa2048_pubarea(const fido_blob_t *buf, const rs256_pk_t *pk)
|
|||||||
expected.param.exponent = 0; /* meaning 2^16+1 */
|
expected.param.exponent = 0; /* meaning 2^16+1 */
|
||||||
expected.key.size = sizeof(expected.key.body);
|
expected.key.size = sizeof(expected.key.body);
|
||||||
memcpy(&expected.key.body, &pk->n, sizeof(expected.key.body));
|
memcpy(&expected.key.body, &pk->n, sizeof(expected.key.body));
|
||||||
bswap_rsa2048_pubarea(&expected);
|
bswap_rs256_pubarea(&expected);
|
||||||
|
|
||||||
|
ok = timingsafe_bcmp(&expected, actual, sizeof(expected));
|
||||||
|
explicit_bzero(&expected, sizeof(expected));
|
||||||
|
|
||||||
|
return ok != 0 ? -1 : 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
check_es256_pubarea(const fido_blob_t *buf, const es256_pk_t *pk)
|
||||||
|
{
|
||||||
|
const tpm_es256_pubarea_t *actual;
|
||||||
|
tpm_es256_pubarea_t expected;
|
||||||
|
int ok;
|
||||||
|
|
||||||
|
if (buf->len != sizeof(*actual)) {
|
||||||
|
fido_log_debug("%s: buf->len=%zu", __func__, buf->len);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
actual = (const void *)buf->ptr;
|
||||||
|
|
||||||
|
memset(&expected, 0, sizeof(expected));
|
||||||
|
expected.alg = TPM_ALG_ECC;
|
||||||
|
expected.hash = TPM_ALG_SHA256;
|
||||||
|
expected.attr = be32toh(actual->attr);
|
||||||
|
expected.attr &= ~(TPMA_RESERVED|TPMA_CLEAR);
|
||||||
|
expected.attr |= (TPMA_FIXED|TPMA_FIXED_P|TPMA_SENSITIVE|TPMA_SIGN);
|
||||||
|
expected.policy = actual->policy;
|
||||||
|
expected.policy.size = sizeof(expected.policy.body);
|
||||||
|
expected.param.symmetric = TPM_ALG_NULL;
|
||||||
|
expected.param.scheme = TPM_ALG_NULL; /* TCG Alg. Registry, 5.2.4 */
|
||||||
|
expected.param.curve_id = TPM_ECC_P256;
|
||||||
|
expected.param.kdf = TPM_ALG_NULL;
|
||||||
|
expected.point.x.size = sizeof(expected.point.x.body);
|
||||||
|
expected.point.y.size = sizeof(expected.point.y.body);
|
||||||
|
memcpy(&expected.point.x.body, &pk->x, sizeof(expected.point.x.body));
|
||||||
|
memcpy(&expected.point.y.body, &pk->y, sizeof(expected.point.y.body));
|
||||||
|
bswap_es256_pubarea(&expected);
|
||||||
|
|
||||||
ok = timingsafe_bcmp(&expected, actual, sizeof(expected));
|
ok = timingsafe_bcmp(&expected, actual, sizeof(expected));
|
||||||
explicit_bzero(&expected, sizeof(expected));
|
explicit_bzero(&expected, sizeof(expected));
|
||||||
@ -258,14 +348,28 @@ fido_get_signed_hash_tpm(fido_blob_t *dgst, const fido_blob_t *clientdata_hash,
|
|||||||
const fido_blob_t *pubarea = &attstmt->pubarea;
|
const fido_blob_t *pubarea = &attstmt->pubarea;
|
||||||
const fido_blob_t *certinfo = &attstmt->certinfo;
|
const fido_blob_t *certinfo = &attstmt->certinfo;
|
||||||
|
|
||||||
if (attstmt->alg != COSE_RS1 || attcred->type != COSE_RS256) {
|
if (attstmt->alg != COSE_RS1) {
|
||||||
fido_log_debug("%s: unsupported alg %d, type %d", __func__,
|
fido_log_debug("%s: unsupported alg %d", __func__,
|
||||||
attstmt->alg, attcred->type);
|
attstmt->alg);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (check_rsa2048_pubarea(pubarea, &attcred->pubkey.rs256) < 0) {
|
switch (attcred->type) {
|
||||||
fido_log_debug("%s: check_rsa2048_pubarea", __func__);
|
case COSE_ES256:
|
||||||
|
if (check_es256_pubarea(pubarea, &attcred->pubkey.es256) < 0) {
|
||||||
|
fido_log_debug("%s: check_es256_pubarea", __func__);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case COSE_RS256:
|
||||||
|
if (check_rs256_pubarea(pubarea, &attcred->pubkey.rs256) < 0) {
|
||||||
|
fido_log_debug("%s: check_rs256_pubarea", __func__);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
fido_log_debug("%s: unsupported type %d", __func__,
|
||||||
|
attcred->type);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,9 @@
|
|||||||
|
|
||||||
#include <winapifamily.h>
|
#include <winapifamily.h>
|
||||||
|
|
||||||
|
#ifdef _MSC_VER
|
||||||
#pragma region Desktop Family or OneCore Family
|
#pragma region Desktop Family or OneCore Family
|
||||||
|
#endif
|
||||||
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM)
|
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM)
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
@ -84,7 +86,15 @@ extern "C" {
|
|||||||
// - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH
|
// - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH
|
||||||
//
|
//
|
||||||
|
|
||||||
#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_3
|
#define WEBAUTHN_API_VERSION_4 4
|
||||||
|
// WEBAUTHN_API_VERSION_4 : Delta From WEBAUTHN_API_VERSION_3
|
||||||
|
// Data Structures and their sub versions:
|
||||||
|
// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 5
|
||||||
|
// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 6
|
||||||
|
// - WEBAUTHN_ASSERTION : 3
|
||||||
|
//
|
||||||
|
|
||||||
|
#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_4
|
||||||
|
|
||||||
//+------------------------------------------------------------------------------------------
|
//+------------------------------------------------------------------------------------------
|
||||||
// Information about an RP Entity
|
// Information about an RP Entity
|
||||||
@ -272,6 +282,45 @@ typedef struct _WEBAUTHN_CREDENTIAL_LIST {
|
|||||||
} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST;
|
} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST;
|
||||||
typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
|
typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST;
|
||||||
|
|
||||||
|
//+------------------------------------------------------------------------------------------
|
||||||
|
// PRF values.
|
||||||
|
//-------------------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
#define WEBAUTHN_CTAP_ONE_HMAC_SECRET_LENGTH 32
|
||||||
|
|
||||||
|
typedef struct _WEBAUTHN_HMAC_SECRET_SALT {
|
||||||
|
// Size of pbFirst.
|
||||||
|
DWORD cbFirst;
|
||||||
|
_Field_size_bytes_(cbFirst)
|
||||||
|
PBYTE pbFirst; // Required
|
||||||
|
|
||||||
|
// Size of pbSecond.
|
||||||
|
DWORD cbSecond;
|
||||||
|
_Field_size_bytes_(cbSecond)
|
||||||
|
PBYTE pbSecond;
|
||||||
|
} WEBAUTHN_HMAC_SECRET_SALT, *PWEBAUTHN_HMAC_SECRET_SALT;
|
||||||
|
typedef const WEBAUTHN_HMAC_SECRET_SALT *PCWEBAUTHN_HMAC_SECRET_SALT;
|
||||||
|
|
||||||
|
typedef struct _WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT {
|
||||||
|
// Size of pbCredID.
|
||||||
|
DWORD cbCredID;
|
||||||
|
_Field_size_bytes_(cbCredID)
|
||||||
|
PBYTE pbCredID; // Required
|
||||||
|
|
||||||
|
// PRF Values for above credential
|
||||||
|
PWEBAUTHN_HMAC_SECRET_SALT pHmacSecretSalt; // Required
|
||||||
|
} WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT, *PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT;
|
||||||
|
typedef const WEBAUTHN_CRED_WITH_HMAC_SECRET_SALT *PCWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT;
|
||||||
|
|
||||||
|
typedef struct _WEBAUTHN_HMAC_SECRET_SALT_VALUES {
|
||||||
|
PWEBAUTHN_HMAC_SECRET_SALT pGlobalHmacSalt;
|
||||||
|
|
||||||
|
DWORD cCredWithHmacSecretSaltList;
|
||||||
|
_Field_size_(cCredWithHmacSecretSaltList)
|
||||||
|
PWEBAUTHN_CRED_WITH_HMAC_SECRET_SALT pCredWithHmacSecretSaltList;
|
||||||
|
} WEBAUTHN_HMAC_SECRET_SALT_VALUES, *PWEBAUTHN_HMAC_SECRET_SALT_VALUES;
|
||||||
|
typedef const WEBAUTHN_HMAC_SECRET_SALT_VALUES *PCWEBAUTHN_HMAC_SECRET_SALT_VALUES;
|
||||||
|
|
||||||
//+------------------------------------------------------------------------------------------
|
//+------------------------------------------------------------------------------------------
|
||||||
// Hmac-Secret extension
|
// Hmac-Secret extension
|
||||||
//-------------------------------------------------------------------------------------------
|
//-------------------------------------------------------------------------------------------
|
||||||
@ -410,7 +459,8 @@ typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS;
|
|||||||
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2
|
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2
|
||||||
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3
|
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3
|
||||||
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4
|
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4
|
||||||
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4
|
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5 5
|
||||||
|
#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5
|
||||||
|
|
||||||
typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
|
typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
|
||||||
// Version of this structure, to allow for modifications in the future.
|
// Version of this structure, to allow for modifications in the future.
|
||||||
@ -465,13 +515,20 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS {
|
|||||||
// Large Blob Support: none, required or preferred
|
// Large Blob Support: none, required or preferred
|
||||||
//
|
//
|
||||||
// NTE_INVALID_PARAMETER when large blob required or preferred and
|
// NTE_INVALID_PARAMETER when large blob required or preferred and
|
||||||
// both bRequireResidentKey and bPreferResidentKey are set to FALSE.
|
// bRequireResidentKey isn't set to TRUE
|
||||||
DWORD dwLargeBlobSupport;
|
DWORD dwLargeBlobSupport;
|
||||||
|
|
||||||
// Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE,
|
// Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE,
|
||||||
// overrides the above bRequireResidentKey.
|
// overrides the above bRequireResidentKey.
|
||||||
BOOL bPreferResidentKey;
|
BOOL bPreferResidentKey;
|
||||||
|
|
||||||
|
//
|
||||||
|
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_5
|
||||||
|
//
|
||||||
|
|
||||||
|
// Optional. BrowserInPrivate Mode. Defaulting to FALSE.
|
||||||
|
BOOL bBrowserInPrivateMode;
|
||||||
|
|
||||||
} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
|
} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
|
||||||
typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
|
typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS;
|
||||||
|
|
||||||
@ -485,7 +542,8 @@ typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENT
|
|||||||
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3
|
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3
|
||||||
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4
|
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4
|
||||||
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5
|
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5
|
||||||
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5
|
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6 6
|
||||||
|
#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6
|
||||||
|
|
||||||
typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
|
typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
|
||||||
// Version of this structure, to allow for modifications in the future.
|
// Version of this structure, to allow for modifications in the future.
|
||||||
@ -545,6 +603,17 @@ typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS {
|
|||||||
DWORD cbCredLargeBlob;
|
DWORD cbCredLargeBlob;
|
||||||
_Field_size_bytes_(cbCredLargeBlob)
|
_Field_size_bytes_(cbCredLargeBlob)
|
||||||
PBYTE pbCredLargeBlob;
|
PBYTE pbCredLargeBlob;
|
||||||
|
|
||||||
|
//
|
||||||
|
// The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_6
|
||||||
|
//
|
||||||
|
|
||||||
|
// PRF values which will be converted into HMAC-SECRET values according to WebAuthn Spec.
|
||||||
|
PWEBAUTHN_HMAC_SECRET_SALT_VALUES pHmacSecretSaltValues;
|
||||||
|
|
||||||
|
// Optional. BrowserInPrivate Mode. Defaulting to FALSE.
|
||||||
|
BOOL bBrowserInPrivateMode;
|
||||||
|
|
||||||
} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
|
} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
|
||||||
typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
|
typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS;
|
||||||
|
|
||||||
@ -705,7 +774,8 @@ typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION
|
|||||||
|
|
||||||
#define WEBAUTHN_ASSERTION_VERSION_1 1
|
#define WEBAUTHN_ASSERTION_VERSION_1 1
|
||||||
#define WEBAUTHN_ASSERTION_VERSION_2 2
|
#define WEBAUTHN_ASSERTION_VERSION_2 2
|
||||||
#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_2
|
#define WEBAUTHN_ASSERTION_VERSION_3 3
|
||||||
|
#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_3
|
||||||
|
|
||||||
typedef struct _WEBAUTHN_ASSERTION {
|
typedef struct _WEBAUTHN_ASSERTION {
|
||||||
// Version of this structure, to allow for modifications in the future.
|
// Version of this structure, to allow for modifications in the future.
|
||||||
@ -745,6 +815,12 @@ typedef struct _WEBAUTHN_ASSERTION {
|
|||||||
|
|
||||||
DWORD dwCredLargeBlobStatus;
|
DWORD dwCredLargeBlobStatus;
|
||||||
|
|
||||||
|
//
|
||||||
|
// Following fields have been added in WEBAUTHN_ASSERTION_VERSION_3
|
||||||
|
//
|
||||||
|
|
||||||
|
PWEBAUTHN_HMAC_SECRET_SALT pHmacSecret;
|
||||||
|
|
||||||
} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
|
} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION;
|
||||||
typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
|
typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION;
|
||||||
|
|
||||||
@ -834,6 +910,8 @@ WebAuthNGetW3CExceptionDOMError(
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif // WINAPI_FAMILY_PARTITION
|
#endif // WINAPI_FAMILY_PARTITION
|
||||||
|
#ifdef _MSC_VER
|
||||||
#pragma endregion
|
#pragma endregion
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif // __WEBAUTHN_H_
|
#endif // __WEBAUTHN_H_
|
||||||
|
@ -12,6 +12,16 @@
|
|||||||
#include "fido.h"
|
#include "fido.h"
|
||||||
#include "webauthn.h"
|
#include "webauthn.h"
|
||||||
|
|
||||||
|
#ifndef NTE_INVALID_PARAMETER
|
||||||
|
#define NTE_INVALID_PARAMETER _HRESULT_TYPEDEF_(0x80090027)
|
||||||
|
#endif
|
||||||
|
#ifndef NTE_NOT_SUPPORTED
|
||||||
|
#define NTE_NOT_SUPPORTED _HRESULT_TYPEDEF_(0x80090029)
|
||||||
|
#endif
|
||||||
|
#ifndef NTE_DEVICE_NOT_FOUND
|
||||||
|
#define NTE_DEVICE_NOT_FOUND _HRESULT_TYPEDEF_(0x80090035)
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MAXCHARS 128
|
#define MAXCHARS 128
|
||||||
#define MAXCREDS 128
|
#define MAXCREDS 128
|
||||||
#define MAXMSEC 6000 * 1000
|
#define MAXMSEC 6000 * 1000
|
||||||
@ -40,27 +50,36 @@ struct winhello_cred {
|
|||||||
wchar_t *display_name;
|
wchar_t *display_name;
|
||||||
};
|
};
|
||||||
|
|
||||||
static TLS BOOL webauthn_loaded;
|
typedef DWORD WINAPI webauthn_get_api_version_t(void);
|
||||||
static TLS HMODULE webauthn_handle;
|
typedef PCWSTR WINAPI webauthn_strerr_t(HRESULT);
|
||||||
static TLS DWORD (*webauthn_get_api_version)(void);
|
typedef HRESULT WINAPI webauthn_get_assert_t(HWND, LPCWSTR,
|
||||||
static TLS PCWSTR (*webauthn_strerr)(HRESULT);
|
|
||||||
static TLS HRESULT (*webauthn_get_assert)(HWND, LPCWSTR,
|
|
||||||
PCWEBAUTHN_CLIENT_DATA,
|
PCWEBAUTHN_CLIENT_DATA,
|
||||||
PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,
|
PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS,
|
||||||
PWEBAUTHN_ASSERTION *);
|
PWEBAUTHN_ASSERTION *);
|
||||||
static TLS HRESULT (*webauthn_make_cred)(HWND,
|
typedef HRESULT WINAPI webauthn_make_cred_t(HWND,
|
||||||
PCWEBAUTHN_RP_ENTITY_INFORMATION,
|
PCWEBAUTHN_RP_ENTITY_INFORMATION,
|
||||||
PCWEBAUTHN_USER_ENTITY_INFORMATION,
|
PCWEBAUTHN_USER_ENTITY_INFORMATION,
|
||||||
PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS,
|
PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS,
|
||||||
PCWEBAUTHN_CLIENT_DATA,
|
PCWEBAUTHN_CLIENT_DATA,
|
||||||
PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS,
|
PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS,
|
||||||
PWEBAUTHN_CREDENTIAL_ATTESTATION *);
|
PWEBAUTHN_CREDENTIAL_ATTESTATION *);
|
||||||
static TLS void (*webauthn_free_assert)(PWEBAUTHN_ASSERTION);
|
typedef void WINAPI webauthn_free_assert_t(PWEBAUTHN_ASSERTION);
|
||||||
static TLS void (*webauthn_free_attest)(PWEBAUTHN_CREDENTIAL_ATTESTATION);
|
typedef void WINAPI webauthn_free_attest_t(PWEBAUTHN_CREDENTIAL_ATTESTATION);
|
||||||
|
|
||||||
|
static TLS BOOL webauthn_loaded;
|
||||||
|
static TLS HMODULE webauthn_handle;
|
||||||
|
static TLS webauthn_get_api_version_t *webauthn_get_api_version;
|
||||||
|
static TLS webauthn_strerr_t *webauthn_strerr;
|
||||||
|
static TLS webauthn_get_assert_t *webauthn_get_assert;
|
||||||
|
static TLS webauthn_make_cred_t *webauthn_make_cred;
|
||||||
|
static TLS webauthn_free_assert_t *webauthn_free_assert;
|
||||||
|
static TLS webauthn_free_attest_t *webauthn_free_attest;
|
||||||
|
|
||||||
static int
|
static int
|
||||||
webauthn_load(void)
|
webauthn_load(void)
|
||||||
{
|
{
|
||||||
|
DWORD n = 1;
|
||||||
|
|
||||||
if (webauthn_loaded || webauthn_handle != NULL) {
|
if (webauthn_loaded || webauthn_handle != NULL) {
|
||||||
fido_log_debug("%s: already loaded", __func__);
|
fido_log_debug("%s: already loaded", __func__);
|
||||||
return -1;
|
return -1;
|
||||||
@ -70,34 +89,46 @@ webauthn_load(void)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((webauthn_get_api_version = (void *)GetProcAddress(webauthn_handle,
|
if ((webauthn_get_api_version =
|
||||||
|
(webauthn_get_api_version_t *)GetProcAddress(webauthn_handle,
|
||||||
"WebAuthNGetApiVersionNumber")) == NULL) {
|
"WebAuthNGetApiVersionNumber")) == NULL) {
|
||||||
fido_log_debug("%s: WebAuthNGetApiVersionNumber", __func__);
|
fido_log_debug("%s: WebAuthNGetApiVersionNumber", __func__);
|
||||||
|
/* WebAuthNGetApiVersionNumber might not exist */
|
||||||
|
}
|
||||||
|
if (webauthn_get_api_version != NULL &&
|
||||||
|
(n = webauthn_get_api_version()) < 1) {
|
||||||
|
fido_log_debug("%s: unsupported api %lu", __func__, (u_long)n);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if ((webauthn_strerr = (void *)GetProcAddress(webauthn_handle,
|
fido_log_debug("%s: api version %lu", __func__, (u_long)n);
|
||||||
|
if ((webauthn_strerr =
|
||||||
|
(webauthn_strerr_t *)GetProcAddress(webauthn_handle,
|
||||||
"WebAuthNGetErrorName")) == NULL) {
|
"WebAuthNGetErrorName")) == NULL) {
|
||||||
fido_log_debug("%s: WebAuthNGetErrorName", __func__);
|
fido_log_debug("%s: WebAuthNGetErrorName", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if ((webauthn_get_assert = (void *)GetProcAddress(webauthn_handle,
|
if ((webauthn_get_assert =
|
||||||
|
(webauthn_get_assert_t *)GetProcAddress(webauthn_handle,
|
||||||
"WebAuthNAuthenticatorGetAssertion")) == NULL) {
|
"WebAuthNAuthenticatorGetAssertion")) == NULL) {
|
||||||
fido_log_debug("%s: WebAuthNAuthenticatorGetAssertion",
|
fido_log_debug("%s: WebAuthNAuthenticatorGetAssertion",
|
||||||
__func__);
|
__func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if ((webauthn_make_cred = (void *)GetProcAddress(webauthn_handle,
|
if ((webauthn_make_cred =
|
||||||
|
(webauthn_make_cred_t *)GetProcAddress(webauthn_handle,
|
||||||
"WebAuthNAuthenticatorMakeCredential")) == NULL) {
|
"WebAuthNAuthenticatorMakeCredential")) == NULL) {
|
||||||
fido_log_debug("%s: WebAuthNAuthenticatorMakeCredential",
|
fido_log_debug("%s: WebAuthNAuthenticatorMakeCredential",
|
||||||
__func__);
|
__func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if ((webauthn_free_assert = (void *)GetProcAddress(webauthn_handle,
|
if ((webauthn_free_assert =
|
||||||
|
(webauthn_free_assert_t *)GetProcAddress(webauthn_handle,
|
||||||
"WebAuthNFreeAssertion")) == NULL) {
|
"WebAuthNFreeAssertion")) == NULL) {
|
||||||
fido_log_debug("%s: WebAuthNFreeAssertion", __func__);
|
fido_log_debug("%s: WebAuthNFreeAssertion", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if ((webauthn_free_attest = (void *)GetProcAddress(webauthn_handle,
|
if ((webauthn_free_attest =
|
||||||
|
(webauthn_free_attest_t *)GetProcAddress(webauthn_handle,
|
||||||
"WebAuthNFreeCredentialAttestation")) == NULL) {
|
"WebAuthNFreeCredentialAttestation")) == NULL) {
|
||||||
fido_log_debug("%s: WebAuthNFreeCredentialAttestation",
|
fido_log_debug("%s: WebAuthNFreeCredentialAttestation",
|
||||||
__func__);
|
__func__);
|
||||||
@ -149,35 +180,6 @@ to_utf16(const char *utf8)
|
|||||||
return utf16;
|
return utf16;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char *
|
|
||||||
to_utf8(const wchar_t *utf16)
|
|
||||||
{
|
|
||||||
int nch;
|
|
||||||
char *utf8;
|
|
||||||
|
|
||||||
if (utf16 == NULL) {
|
|
||||||
fido_log_debug("%s: NULL", __func__);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
if ((nch = WideCharToMultiByte(CP_UTF8, WC_ERR_INVALID_CHARS, utf16,
|
|
||||||
-1, NULL, 0, NULL, NULL)) < 1 || (size_t)nch > MAXCHARS) {
|
|
||||||
fido_log_debug("%s: WideCharToMultiByte %d", __func__);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
if ((utf8 = calloc((size_t)nch, sizeof(*utf8))) == NULL) {
|
|
||||||
fido_log_debug("%s: calloc", __func__);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
if (WideCharToMultiByte(CP_UTF8, WC_ERR_INVALID_CHARS, utf16, -1,
|
|
||||||
utf8, nch, NULL, NULL) != nch) {
|
|
||||||
fido_log_debug("%s: WideCharToMultiByte", __func__);
|
|
||||||
free(utf8);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return utf8;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
to_fido(HRESULT hr)
|
to_fido(HRESULT hr)
|
||||||
{
|
{
|
||||||
@ -192,7 +194,7 @@ to_fido(HRESULT hr)
|
|||||||
case NTE_NOT_FOUND:
|
case NTE_NOT_FOUND:
|
||||||
return FIDO_ERR_NOT_ALLOWED;
|
return FIDO_ERR_NOT_ALLOWED;
|
||||||
default:
|
default:
|
||||||
fido_log_debug("%s: hr=0x%x", __func__, hr);
|
fido_log_debug("%s: hr=0x%lx", __func__, (u_long)hr);
|
||||||
return FIDO_ERR_INTERNAL;
|
return FIDO_ERR_INTERNAL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -249,7 +251,7 @@ pack_credlist(WEBAUTHN_CREDENTIALS *out, const fido_blob_array_t *in)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
set_uv(DWORD *out, fido_opt_t uv, const char *pin)
|
set_cred_uv(DWORD *out, fido_opt_t uv, const char *pin)
|
||||||
{
|
{
|
||||||
if (pin) {
|
if (pin) {
|
||||||
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
|
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
|
||||||
@ -258,7 +260,28 @@ set_uv(DWORD *out, fido_opt_t uv, const char *pin)
|
|||||||
|
|
||||||
switch (uv) {
|
switch (uv) {
|
||||||
case FIDO_OPT_OMIT:
|
case FIDO_OPT_OMIT:
|
||||||
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
|
case FIDO_OPT_FALSE:
|
||||||
|
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
|
||||||
|
break;
|
||||||
|
case FIDO_OPT_TRUE:
|
||||||
|
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
set_assert_uv(DWORD *out, fido_opt_t uv, const char *pin)
|
||||||
|
{
|
||||||
|
if (pin) {
|
||||||
|
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (uv) {
|
||||||
|
case FIDO_OPT_OMIT:
|
||||||
|
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED;
|
||||||
break;
|
break;
|
||||||
case FIDO_OPT_FALSE:
|
case FIDO_OPT_FALSE:
|
||||||
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
|
*out = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
|
||||||
@ -361,7 +384,7 @@ pack_cred_ext(WEBAUTHN_EXTENSIONS *out, const fido_cred_ext_t *in)
|
|||||||
return 0; /* nothing to do */
|
return 0; /* nothing to do */
|
||||||
}
|
}
|
||||||
if (in->mask & ~(FIDO_EXT_HMAC_SECRET | FIDO_EXT_CRED_PROTECT)) {
|
if (in->mask & ~(FIDO_EXT_HMAC_SECRET | FIDO_EXT_CRED_PROTECT)) {
|
||||||
fido_log_debug("%s: mask 0x%x", in->mask);
|
fido_log_debug("%s: mask 0x%x", __func__, in->mask);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (in->mask & FIDO_EXT_HMAC_SECRET)
|
if (in->mask & FIDO_EXT_HMAC_SECRET)
|
||||||
@ -508,8 +531,9 @@ translate_fido_assert(struct winhello_assert *ctx, const fido_assert_t *assert,
|
|||||||
fido_log_debug("%s: pack_credlist", __func__);
|
fido_log_debug("%s: pack_credlist", __func__);
|
||||||
return FIDO_ERR_INTERNAL;
|
return FIDO_ERR_INTERNAL;
|
||||||
}
|
}
|
||||||
if (set_uv(&opt->dwUserVerificationRequirement, assert->uv, pin) < 0) {
|
if (set_assert_uv(&opt->dwUserVerificationRequirement, assert->uv,
|
||||||
fido_log_debug("%s: set_uv", __func__);
|
pin) < 0) {
|
||||||
|
fido_log_debug("%s: set_assert_uv", __func__);
|
||||||
return FIDO_ERR_INTERNAL;
|
return FIDO_ERR_INTERNAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -587,9 +611,9 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred,
|
|||||||
fido_log_debug("%s: pack_cred_ext", __func__);
|
fido_log_debug("%s: pack_cred_ext", __func__);
|
||||||
return FIDO_ERR_UNSUPPORTED_EXTENSION;
|
return FIDO_ERR_UNSUPPORTED_EXTENSION;
|
||||||
}
|
}
|
||||||
if (set_uv(&opt->dwUserVerificationRequirement, (cred->ext.mask &
|
if (set_cred_uv(&opt->dwUserVerificationRequirement, (cred->ext.mask &
|
||||||
FIDO_EXT_CRED_PROTECT) ? FIDO_OPT_TRUE : cred->uv, pin) < 0) {
|
FIDO_EXT_CRED_PROTECT) ? FIDO_OPT_TRUE : cred->uv, pin) < 0) {
|
||||||
fido_log_debug("%s: set_uv", __func__);
|
fido_log_debug("%s: set_cred_uv", __func__);
|
||||||
return FIDO_ERR_INTERNAL;
|
return FIDO_ERR_INTERNAL;
|
||||||
}
|
}
|
||||||
if (cred->rk == FIDO_OPT_TRUE) {
|
if (cred->rk == FIDO_OPT_TRUE) {
|
||||||
@ -623,6 +647,10 @@ decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
} else if (!strcmp(name, "authData")) {
|
} else if (!strcmp(name, "authData")) {
|
||||||
|
if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
|
||||||
|
fido_log_debug("%s: fido_blob_decode", __func__);
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
if (cbor_decode_cred_authdata(val, cred->type,
|
if (cbor_decode_cred_authdata(val, cred->type,
|
||||||
&cred->authdata_cbor, &cred->authdata, &cred->attcred,
|
&cred->authdata_cbor, &cred->authdata, &cred->attcred,
|
||||||
&cred->authdata_ext) < 0) {
|
&cred->authdata_ext) < 0) {
|
||||||
@ -640,9 +668,9 @@ decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
translate_winhello_cred(fido_cred_t *cred, const WEBAUTHN_CREDENTIAL_ATTESTATION *att)
|
translate_winhello_cred(fido_cred_t *cred,
|
||||||
|
const WEBAUTHN_CREDENTIAL_ATTESTATION *att)
|
||||||
{
|
{
|
||||||
|
|
||||||
cbor_item_t *item = NULL;
|
cbor_item_t *item = NULL;
|
||||||
struct cbor_load_result cbor;
|
struct cbor_load_result cbor;
|
||||||
int r = FIDO_ERR_INTERNAL;
|
int r = FIDO_ERR_INTERNAL;
|
||||||
@ -672,24 +700,6 @@ translate_winhello_cred(fido_cred_t *cred, const WEBAUTHN_CREDENTIAL_ATTESTATION
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
|
||||||
winhello_manifest(void)
|
|
||||||
{
|
|
||||||
DWORD n;
|
|
||||||
|
|
||||||
if (!webauthn_loaded && webauthn_load() < 0) {
|
|
||||||
fido_log_debug("%s: webauthn_load", __func__);
|
|
||||||
return FIDO_ERR_INTERNAL;
|
|
||||||
}
|
|
||||||
if ((n = webauthn_get_api_version()) < 1) {
|
|
||||||
fido_log_debug("%s: unsupported api %u", __func__, n);
|
|
||||||
return FIDO_ERR_INTERNAL;
|
|
||||||
}
|
|
||||||
fido_log_debug("%s: api version %u", __func__, n);
|
|
||||||
|
|
||||||
return FIDO_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
winhello_get_assert(HWND w, struct winhello_assert *ctx)
|
winhello_get_assert(HWND w, struct winhello_assert *ctx)
|
||||||
{
|
{
|
||||||
@ -761,7 +771,6 @@ winhello_cred_free(struct winhello_cred *ctx)
|
|||||||
int
|
int
|
||||||
fido_winhello_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
|
fido_winhello_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
|
||||||
{
|
{
|
||||||
int r;
|
|
||||||
fido_dev_info_t *di;
|
fido_dev_info_t *di;
|
||||||
|
|
||||||
if (ilen == 0) {
|
if (ilen == 0) {
|
||||||
@ -770,9 +779,9 @@ fido_winhello_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
|
|||||||
if (devlist == NULL) {
|
if (devlist == NULL) {
|
||||||
return FIDO_ERR_INVALID_ARGUMENT;
|
return FIDO_ERR_INVALID_ARGUMENT;
|
||||||
}
|
}
|
||||||
if ((r = winhello_manifest()) != FIDO_OK) {
|
if (!webauthn_loaded && webauthn_load() < 0) {
|
||||||
fido_log_debug("%s: winhello_manifest", __func__);
|
fido_log_debug("%s: webauthn_load", __func__);
|
||||||
return r;
|
return FIDO_OK; /* not an error */
|
||||||
}
|
}
|
||||||
|
|
||||||
di = &devlist[*olen];
|
di = &devlist[*olen];
|
||||||
@ -844,13 +853,16 @@ fido_winhello_get_assert(fido_dev_t *dev, fido_assert_t *assert,
|
|||||||
}
|
}
|
||||||
if ((w = GetForegroundWindow()) == NULL) {
|
if ((w = GetForegroundWindow()) == NULL) {
|
||||||
fido_log_debug("%s: GetForegroundWindow", __func__);
|
fido_log_debug("%s: GetForegroundWindow", __func__);
|
||||||
|
if ((w = GetTopWindow(NULL)) == NULL) {
|
||||||
|
fido_log_debug("%s: GetTopWindow", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if ((r = translate_fido_assert(ctx, assert, pin, ms)) != FIDO_OK) {
|
if ((r = translate_fido_assert(ctx, assert, pin, ms)) != FIDO_OK) {
|
||||||
fido_log_debug("%s: translate_fido_assert", __func__);
|
fido_log_debug("%s: translate_fido_assert", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if ((r = winhello_get_assert(w, ctx)) != S_OK) {
|
if ((r = winhello_get_assert(w, ctx)) != FIDO_OK) {
|
||||||
fido_log_debug("%s: winhello_get_assert", __func__);
|
fido_log_debug("%s: winhello_get_assert", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@ -918,8 +930,11 @@ fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
|
|||||||
}
|
}
|
||||||
if ((w = GetForegroundWindow()) == NULL) {
|
if ((w = GetForegroundWindow()) == NULL) {
|
||||||
fido_log_debug("%s: GetForegroundWindow", __func__);
|
fido_log_debug("%s: GetForegroundWindow", __func__);
|
||||||
|
if ((w = GetTopWindow(NULL)) == NULL) {
|
||||||
|
fido_log_debug("%s: GetTopWindow", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if ((r = translate_fido_cred(ctx, cred, pin, ms)) != FIDO_OK) {
|
if ((r = translate_fido_cred(ctx, cred, pin, ms)) != FIDO_OK) {
|
||||||
fido_log_debug("%s: translate_fido_cred", __func__);
|
fido_log_debug("%s: translate_fido_cred", __func__);
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -12,13 +12,13 @@
|
|||||||
# - should pass as-is on a YubiKey with a PIN set;
|
# - should pass as-is on a YubiKey with a PIN set;
|
||||||
# - may otherwise require set +e above;
|
# - may otherwise require set +e above;
|
||||||
# - can be executed with UV=1 to run additional UV tests;
|
# - can be executed with UV=1 to run additional UV tests;
|
||||||
# - was last tested on 2021-07-21 with firmware 5.2.7.
|
# - was last tested on 2022-01-11 with firmware 5.4.3.
|
||||||
|
|
||||||
cd "$1"
|
cd "$1"
|
||||||
DEV="$2"
|
DEV="$2"
|
||||||
|
|
||||||
make_cred() {
|
make_cred() {
|
||||||
cat > cred_param << EOF
|
sed /^$/d > cred_param << EOF
|
||||||
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
|
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
|
||||||
$1
|
$1
|
||||||
some user name
|
some user name
|
||||||
@ -34,7 +34,7 @@ verify_cred() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
get_assert() {
|
get_assert() {
|
||||||
cat > assert_param << EOF
|
sed /^$/d > assert_param << EOF
|
||||||
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
|
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
|
||||||
$1
|
$1
|
||||||
$(cat $3)
|
$(cat $3)
|
||||||
|
@ -229,7 +229,7 @@ try {
|
|||||||
ExitOnError
|
ExitOnError
|
||||||
# Copy DLLs.
|
# Copy DLLs.
|
||||||
if ("${SHARED}" -eq "ON") {
|
if ("${SHARED}" -eq "ON") {
|
||||||
"cbor.dll", "crypto-46.dll", "zlib1.dll" | `
|
"cbor.dll", "crypto-47.dll", "zlib1.dll" | `
|
||||||
%{ Copy-Item "${PREFIX}\bin\$_" `
|
%{ Copy-Item "${PREFIX}\bin\$_" `
|
||||||
-Destination "examples\${Config}" }
|
-Destination "examples\${Config}" }
|
||||||
}
|
}
|
||||||
|
@ -6,11 +6,11 @@
|
|||||||
New-Variable -Name 'LIBRESSL_URL' `
|
New-Variable -Name 'LIBRESSL_URL' `
|
||||||
-Value 'https://fastly.cdn.openbsd.org/pub/OpenBSD/LibreSSL' `
|
-Value 'https://fastly.cdn.openbsd.org/pub/OpenBSD/LibreSSL' `
|
||||||
-Option Constant
|
-Option Constant
|
||||||
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.3.4' -Option Constant
|
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.4.2' -Option Constant
|
||||||
|
|
||||||
# libcbor coordinates.
|
# libcbor coordinates.
|
||||||
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.8.0' -Option Constant
|
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.9.0' -Option Constant
|
||||||
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.8.0' -Option Constant
|
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.9.0' -Option Constant
|
||||||
New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' `
|
New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' `
|
||||||
-Option Constant
|
-Option Constant
|
||||||
|
|
||||||
|
BIN
contrib/libfido2/windows/cygwin.gpg
Executable file
BIN
contrib/libfido2/windows/cygwin.gpg
Executable file
Binary file not shown.
68
contrib/libfido2/windows/cygwin.ps1
Executable file
68
contrib/libfido2/windows/cygwin.ps1
Executable file
@ -0,0 +1,68 @@
|
|||||||
|
# Copyright (c) 2021 Yubico AB. All rights reserved.
|
||||||
|
# Use of this source code is governed by a BSD-style
|
||||||
|
# license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
param(
|
||||||
|
[string]$GPGPath = "C:\Program Files (x86)\GnuPG\bin\gpg.exe",
|
||||||
|
[string]$Config = "Release"
|
||||||
|
)
|
||||||
|
|
||||||
|
$ErrorActionPreference = "Stop"
|
||||||
|
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||||
|
|
||||||
|
# Cygwin coordinates.
|
||||||
|
$URL = 'https://www.cygwin.com'
|
||||||
|
$Setup = 'setup-x86_64.exe'
|
||||||
|
$Mirror = 'https://mirrors.kernel.org/sourceware/cygwin/'
|
||||||
|
$Packages = 'gcc-core,pkg-config,cmake,make,libcbor-devel,libssl-devel,zlib-devel'
|
||||||
|
|
||||||
|
# Work directories.
|
||||||
|
$Cygwin = "$PSScriptRoot\..\cygwin"
|
||||||
|
$Root = "${Cygwin}\root"
|
||||||
|
|
||||||
|
# Find GPG.
|
||||||
|
$GPG = $(Get-Command gpg -ErrorAction Ignore | `
|
||||||
|
Select-Object -ExpandProperty Source)
|
||||||
|
if ([string]::IsNullOrEmpty($GPG)) {
|
||||||
|
$GPG = $GPGPath
|
||||||
|
}
|
||||||
|
if (-Not (Test-Path $GPG)) {
|
||||||
|
throw "Unable to find GPG at $GPG"
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Host "Config: $Config"
|
||||||
|
Write-Host "GPG: $GPG"
|
||||||
|
|
||||||
|
# Create work directories.
|
||||||
|
New-Item -Type Directory "${Cygwin}" -Force
|
||||||
|
New-Item -Type Directory "${Root}" -Force
|
||||||
|
|
||||||
|
# Fetch and verify Cygwin.
|
||||||
|
try {
|
||||||
|
if (-Not (Test-Path ${Cygwin}\${Setup} -PathType leaf)) {
|
||||||
|
Invoke-WebRequest ${URL}/${Setup} `
|
||||||
|
-OutFile ${Cygwin}\${Setup}
|
||||||
|
}
|
||||||
|
if (-Not (Test-Path ${Cygwin}\${Setup}.sig -PathType leaf)) {
|
||||||
|
Invoke-WebRequest ${URL}/${Setup}.sig `
|
||||||
|
-OutFile ${Cygwin}\${Setup}.sig
|
||||||
|
}
|
||||||
|
& $GPG --list-keys
|
||||||
|
& $GPG --quiet --no-default-keyring `
|
||||||
|
--keyring ${PSScriptRoot}/cygwin.gpg `
|
||||||
|
--verify ${Cygwin}\${Setup}.sig ${Cygwin}\${Setup}
|
||||||
|
if ($LastExitCode -ne 0) {
|
||||||
|
throw "GPG signature verification failed"
|
||||||
|
}
|
||||||
|
} catch {
|
||||||
|
throw "Failed to fetch and verify Cygwin"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Bootstrap Cygwin.
|
||||||
|
Start-Process "${Cygwin}\${Setup}" -Wait -NoNewWindow `
|
||||||
|
-ArgumentList "-dnNOqW -s ${Mirror} -R ${Root} -P ${Packages}"
|
||||||
|
|
||||||
|
# Build libfido2.
|
||||||
|
$Env:PATH = "${Root}\bin\;" + $Env:PATH
|
||||||
|
cmake "-DCMAKE_BUILD_TYPE=${Config}" -B "build-${Config}"
|
||||||
|
make -C "build-${Config}"
|
@ -7,8 +7,8 @@ $Architectures = @('x64', 'Win32', 'ARM64', 'ARM')
|
|||||||
$InstallPrefixes = @('Win64', 'Win32', 'ARM64', 'ARM')
|
$InstallPrefixes = @('Win64', 'Win32', 'ARM64', 'ARM')
|
||||||
$Types = @('dynamic', 'static')
|
$Types = @('dynamic', 'static')
|
||||||
$Config = 'Release'
|
$Config = 'Release'
|
||||||
$LibCrypto = '46'
|
$LibCrypto = '47'
|
||||||
$SDK = '142'
|
$SDK = '143'
|
||||||
|
|
||||||
. "$PSScriptRoot\const.ps1"
|
. "$PSScriptRoot\const.ps1"
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ Function Package-Static(${SRC}, ${DEST}) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Function Package-PDBs(${SRC}, ${DEST}) {
|
Function Package-PDBs(${SRC}, ${DEST}) {
|
||||||
Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto.dir\${Config}\vc${SDK}.pdb" `
|
Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" `
|
||||||
"${DEST}\crypto-${LibCrypto}.pdb"
|
"${DEST}\crypto-${LibCrypto}.pdb"
|
||||||
Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\${Config}\vc${SDK}.pdb" `
|
Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\${Config}\vc${SDK}.pdb" `
|
||||||
"${DEST}\cbor.pdb"
|
"${DEST}\cbor.pdb"
|
||||||
@ -59,6 +59,17 @@ Function Package-PDBs(${SRC}, ${DEST}) {
|
|||||||
"${DEST}\fido2.pdb"
|
"${DEST}\fido2.pdb"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Function Package-StaticPDBs(${SRC}, ${DEST}) {
|
||||||
|
Copy-Item "${SRC}\${LIBRESSL}\crypto\Release\crypto-${LibCrypto}.pdb" `
|
||||||
|
"${DEST}\crypto-${LibCrypto}.pdb"
|
||||||
|
Copy-Item "${SRC}\${LIBCBOR}\src\Release\cbor.pdb" `
|
||||||
|
"${DEST}\cbor.pdb"
|
||||||
|
Copy-Item "${SRC}\${ZLIB}\Release\zlibstatic.pdb" `
|
||||||
|
"${DEST}\zlib.pdb"
|
||||||
|
Copy-Item "${SRC}\src\Release\fido2_static.pdb" `
|
||||||
|
"${DEST}\fido2.pdb"
|
||||||
|
}
|
||||||
|
|
||||||
Function Package-Tools(${SRC}, ${DEST}) {
|
Function Package-Tools(${SRC}, ${DEST}) {
|
||||||
Copy-Item "${SRC}\tools\${Config}\fido2-assert.exe" `
|
Copy-Item "${SRC}\tools\${Config}\fido2-assert.exe" `
|
||||||
"${DEST}\fido2-assert.exe"
|
"${DEST}\fido2-assert.exe"
|
||||||
@ -81,4 +92,6 @@ for ($i = 0; $i -lt $Architectures.Length; $i++) {
|
|||||||
"${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\dynamic"
|
"${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\dynamic"
|
||||||
Package-Static "${OUTPUT}\${Arch}\static" `
|
Package-Static "${OUTPUT}\${Arch}\static" `
|
||||||
"${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\static"
|
"${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\static"
|
||||||
|
Package-StaticPDBs "${BUILD}\${Arch}\static" `
|
||||||
|
"${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\static"
|
||||||
}
|
}
|
||||||
|
@ -66,7 +66,7 @@ CFLAGS+= -DHAVE_TIMINGSAFE_BCMP
|
|||||||
CFLAGS+= -DHAVE_UNISTD_H
|
CFLAGS+= -DHAVE_UNISTD_H
|
||||||
CFLAGS+= -DTLS=__thread
|
CFLAGS+= -DTLS=__thread
|
||||||
CFLAGS+= -D_FIDO_MAJOR=1
|
CFLAGS+= -D_FIDO_MAJOR=1
|
||||||
CFLAGS+= -D_FIDO_MINOR=9
|
CFLAGS+= -D_FIDO_MINOR=10
|
||||||
CFLAGS+= -D_FIDO_PATCH=0
|
CFLAGS+= -D_FIDO_PATCH=0
|
||||||
|
|
||||||
LIBADD= crypto z
|
LIBADD= crypto z
|
||||||
|
Loading…
Reference in New Issue
Block a user