Vendor import of libfido2 1.15.0
Sponsored by: The FreeBSD Foundation
This commit is contained in:
+2
-2
@@ -15,7 +15,7 @@ cat > "${MANIFEST}" <<- EOF
|
||||
image: ${IMAGE}
|
||||
packages:
|
||||
- cmake
|
||||
- llvm
|
||||
- llvm${LLVM_VERSION:+%${LLVM_VERSION}}
|
||||
- pcsc-lite
|
||||
EOF
|
||||
|
||||
@@ -38,7 +38,7 @@ tasks:
|
||||
else
|
||||
SUDO=sudo
|
||||
fi
|
||||
SCAN="/usr/local/bin/scan-build --use-cc=/usr/bin/cc --status-bugs"
|
||||
SCAN="/usr/local/bin/scan-build${LLVM_VERSION:+-${LLVM_VERSION}} --use-cc=/usr/bin/cc --status-bugs"
|
||||
cd libfido2
|
||||
for T in Debug Release; do
|
||||
mkdir build-\$T
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/sh -eux
|
||||
|
||||
# Copyright (c) 2022-2023 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
|
||||
EOF
|
||||
|
||||
# Build and install libcbor.
|
||||
git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1
|
||||
git clone --depth=1 https://github.com/pjk/libcbor -b v0.11.0
|
||||
cd libcbor
|
||||
mkdir build
|
||||
(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
|
||||
@@ -42,7 +42,7 @@ sudo make install_sw
|
||||
cd ..
|
||||
|
||||
# Build and install zlib.
|
||||
git clone --depth=1 https://github.com/madler/zlib -b v1.3
|
||||
git clone --depth=1 https://github.com/madler/zlib -b v1.3.1
|
||||
cd zlib
|
||||
make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32-
|
||||
sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/sh -eux
|
||||
|
||||
# Copyright (c) 2022 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -12,8 +12,8 @@ FAKEROOT="$(mktemp -d)"
|
||||
# Check exports.
|
||||
(cd src && ./diff_exports.sh)
|
||||
|
||||
# Build and install OpenSSL 3.0.12.
|
||||
git clone --branch openssl-3.0.12 \
|
||||
# Build and install OpenSSL 3.0.14.
|
||||
git clone --branch openssl-3.0.14 \
|
||||
--depth=1 https://github.com/openssl/openssl
|
||||
cd openssl
|
||||
./Configure linux-x86_64-clang --prefix="${FAKEROOT}" \
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/sh -eux
|
||||
|
||||
# Copyright (c) 2022 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -8,8 +8,8 @@
|
||||
${CC} --version
|
||||
FAKEROOT="$(mktemp -d)"
|
||||
|
||||
# Build and install OpenSSL 3.0.12.
|
||||
git clone --branch openssl-3.0.12 \
|
||||
# Build and install OpenSSL 3.0.14.
|
||||
git clone --branch openssl-3.0.14 \
|
||||
--depth=1 https://github.com/openssl/openssl
|
||||
cd openssl
|
||||
./Configure linux-x86_64 --prefix="${FAKEROOT}" \
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/sh -eux
|
||||
|
||||
# Copyright (c) 2022-2023 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
|
||||
EOF
|
||||
|
||||
# Build and install libcbor.
|
||||
git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1
|
||||
git clone --depth=1 https://github.com/pjk/libcbor -b v0.11.0
|
||||
cd libcbor
|
||||
mkdir build
|
||||
(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
|
||||
@@ -32,8 +32,8 @@ make -j"$(nproc)" -C build
|
||||
sudo make -C build install
|
||||
cd ..
|
||||
|
||||
# Build and install OpenSSL 3.0.11.
|
||||
git clone --branch openssl-3.0.12 \
|
||||
# Build and install OpenSSL 3.0.14.
|
||||
git clone --branch openssl-3.0.14 \
|
||||
--depth=1 https://github.com/openssl/openssl
|
||||
cd openssl
|
||||
./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \
|
||||
@@ -43,7 +43,7 @@ sudo make install_sw
|
||||
cd ..
|
||||
|
||||
# Build and install zlib.
|
||||
git clone --depth=1 https://github.com/madler/zlib -b v1.3
|
||||
git clone --depth=1 https://github.com/madler/zlib -b v1.3.1
|
||||
cd zlib
|
||||
make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32-
|
||||
sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \
|
||||
|
||||
+7
-6
@@ -1,18 +1,18 @@
|
||||
#!/bin/sh -eux
|
||||
|
||||
# Copyright (c) 2020-2022 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2020-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
||||
LIBCBOR_URL="https://github.com/pjk/libcbor"
|
||||
LIBCBOR_TAG="v0.10.2"
|
||||
LIBCBOR_TAG="v0.11.0"
|
||||
LIBCBOR_ASAN="address alignment bounds"
|
||||
LIBCBOR_MSAN="memory"
|
||||
OPENSSL_URL="https://github.com/openssl/openssl"
|
||||
OPENSSL_TAG="openssl-3.0.12"
|
||||
OPENSSL_TAG="openssl-3.0.14"
|
||||
ZLIB_URL="https://github.com/madler/zlib"
|
||||
ZLIB_TAG="v1.3"
|
||||
ZLIB_TAG="v1.3.1"
|
||||
ZLIB_ASAN="address alignment bounds undefined"
|
||||
ZLIB_MSAN="memory"
|
||||
FIDO2_ASAN="address bounds fuzzer-no-link implicit-conversion leak"
|
||||
@@ -63,6 +63,7 @@ git clone --depth=1 "${OPENSSL_URL}" -b "${OPENSSL_TAG}"
|
||||
cd openssl
|
||||
./Configure linux-x86_64-clang "enable-$1" --prefix="${FAKEROOT}" \
|
||||
--openssldir="${FAKEROOT}/openssl" --libdir=lib
|
||||
make -j"$(nproc)" build_sw
|
||||
make install_sw
|
||||
cd -
|
||||
|
||||
@@ -71,7 +72,7 @@ git clone --depth=1 "${ZLIB_URL}" -b "${ZLIB_TAG}"
|
||||
cd zlib
|
||||
CFLAGS="${ZLIB_CFLAGS}" LDFLAGS="${ZLIB_CFLAGS}" ./configure \
|
||||
--prefix="${FAKEROOT}"
|
||||
make install
|
||||
make -j"$(nproc)" install
|
||||
cd -
|
||||
|
||||
# libfido2
|
||||
@@ -87,7 +88,7 @@ mkdir corpus
|
||||
curl -s https://storage.googleapis.com/yubico-libfido2/corpus.tgz |
|
||||
tar -C corpus -zxf -
|
||||
export UBSAN_OPTIONS ASAN_OPTIONS MSAN_OPTIONS
|
||||
for f in assert bio cred credman hid largeblob mgmt netlink pcsc; do
|
||||
for f in assert attobj bio cred credman hid largeblob mgmt netlink pcsc; do
|
||||
build/fuzz/fuzz_${f} -use_value_profile=1 -reload=30 -print_pcs=1 \
|
||||
-print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_${f}
|
||||
done
|
||||
|
||||
@@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
container: alpine:latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
|
||||
@@ -18,7 +18,9 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
image: [freebsd/13.x, openbsd/7.2]
|
||||
include:
|
||||
- { image: freebsd/14.x }
|
||||
- { image: openbsd/7.4, llvm_version: 16 }
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: dependencies
|
||||
@@ -27,6 +29,7 @@ jobs:
|
||||
sudo apt install -q -y curl jq
|
||||
- name: build
|
||||
env:
|
||||
LLVM_VERSION: ${{ matrix.llvm_version }}
|
||||
IMAGE: ${{ matrix.image }}
|
||||
SOURCEHUT_TOKEN: ${{ secrets.SOURCEHUT_TOKEN }}
|
||||
run: ./.actions/build-bsd
|
||||
|
||||
@@ -17,7 +17,7 @@ on:
|
||||
jobs:
|
||||
fuzzing:
|
||||
if: github.repository == 'Yubico/libfido2'
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
|
||||
@@ -26,10 +26,10 @@ jobs:
|
||||
- { os: ubuntu-22.04, cc: gcc-10 }
|
||||
- { os: ubuntu-22.04, cc: gcc-11 }
|
||||
- { os: ubuntu-22.04, cc: gcc-12 }
|
||||
- { os: ubuntu-22.04, cc: clang-13 }
|
||||
- { os: ubuntu-22.04, cc: clang-14 }
|
||||
- { os: ubuntu-22.04, cc: clang-15 }
|
||||
- { os: ubuntu-22.04, cc: clang-16 }
|
||||
- { os: ubuntu-22.04, cc: clang-17 }
|
||||
- { os: ubuntu-22.04, cc: clang-18 }
|
||||
- { os: ubuntu-20.04, cc: i686-w64-mingw32-gcc-9 }
|
||||
- { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 }
|
||||
steps:
|
||||
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [ ubuntu-22.04 ]
|
||||
cc: [ clang-16 ]
|
||||
cc: [ clang-18 ]
|
||||
sanitizer: [ asan, msan ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
@@ -20,11 +20,13 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [ macos-13, macos-12 ]
|
||||
os: [ macos-14, macos-13, macos-12 ]
|
||||
cc: [ clang ]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: dependencies
|
||||
env:
|
||||
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1
|
||||
run: brew install libcbor llvm mandoc openssl@3.0 pkg-config zlib
|
||||
- name: build
|
||||
env:
|
||||
|
||||
@@ -22,9 +22,9 @@ jobs:
|
||||
matrix:
|
||||
include:
|
||||
- os: ubuntu-22.04
|
||||
cc: gcc-11
|
||||
cc: gcc-12
|
||||
- os: ubuntu-22.04
|
||||
cc: clang-16
|
||||
cc: clang-18
|
||||
- os: ubuntu-22.04
|
||||
cc: i686-w64-mingw32-gcc-10
|
||||
steps:
|
||||
|
||||
+2
-2
@@ -29,7 +29,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
|
||||
set(CMAKE_COLOR_MAKEFILE OFF)
|
||||
set(CMAKE_VERBOSE_MAKEFILE ON)
|
||||
set(FIDO_MAJOR "1")
|
||||
set(FIDO_MINOR "14")
|
||||
set(FIDO_MINOR "15")
|
||||
set(FIDO_PATCH "0")
|
||||
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
|
||||
|
||||
@@ -484,7 +484,7 @@ endif()
|
||||
if(BUILD_TOOLS)
|
||||
add_subdirectory(tools)
|
||||
endif()
|
||||
if(BUILD_MANPAGES)
|
||||
if(BUILD_MANPAGES AND NOT MSVC)
|
||||
add_subdirectory(man)
|
||||
endif()
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
Copyright (c) 2018-2023 Yubico AB. All rights reserved.
|
||||
Copyright (c) 2018-2024 Yubico AB. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
|
||||
@@ -1,12 +1,24 @@
|
||||
* Version 1.15.0 (2024-06-13)
|
||||
** 1.15.0 will be the last release to support OpenSSL 1.1.
|
||||
** bio, credman: improved CTAP 2.1 support.
|
||||
** hid_osx: fix issue where fido_hid_read() may block unnecessarily; gh#757.
|
||||
** fido2-token -I: print maxcredbloblen.
|
||||
** hid_linux: improved support for uhid devices.
|
||||
** New API calls:
|
||||
- fido_cred_set_attobj;
|
||||
- fido_cred_x5c_list_count;
|
||||
- fido_cred_x5c_list_len;
|
||||
- fido_cred_x5c_list_ptr.
|
||||
|
||||
* Version 1.14.0 (2023-11-13)
|
||||
** fido2-cred -M, fido2-token -G: support raw client data via -w flag.
|
||||
** winhello: support U2F AppID extension for assertions.
|
||||
** winhello: fix restrictive parsing of the hmac-secret on assertions.
|
||||
** winhello: translate NTE_USER_CANCELLED to FIDO_ERR_OPERATION_DENIED; gh#685.
|
||||
** New API calls:
|
||||
** fido_assert_authdata_raw_len;
|
||||
** fido_assert_authdata_raw_ptr;
|
||||
** fido_assert_set_winhello_appid.
|
||||
- fido_assert_authdata_raw_len;
|
||||
- fido_assert_authdata_raw_ptr;
|
||||
- fido_assert_set_winhello_appid.
|
||||
|
||||
* Version 1.13.0 (2023-02-20)
|
||||
** Support for linking against OpenSSL on Windows; gh#668.
|
||||
|
||||
+1
-1
@@ -38,7 +38,7 @@ is also available.
|
||||
|
||||
=== Releases
|
||||
|
||||
The current release of *libfido2* is 1.14.0. Signed release tarballs are
|
||||
The current release of *libfido2* is 1.15.0. Signed release tarballs are
|
||||
available at Yubico's
|
||||
https://developers.yubico.com/libfido2/Releases[release page].
|
||||
|
||||
|
||||
+1
-1
@@ -2,4 +2,4 @@
|
||||
|
||||
To report security issues in libfido2, please contact security@yubico.com.
|
||||
A PGP public key can be found at
|
||||
https://www.yubico.com/support/security-advisories/issue-rating-system/.
|
||||
https://www.yubico.com/support/issue-rating-system/.
|
||||
|
||||
+8
-1
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2019-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -80,3 +80,10 @@ set_target_properties(fuzz_pcsc PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_pcsc fido2_shared)
|
||||
|
||||
# fuzz_attobj
|
||||
add_executable(fuzz_attobj fuzz_attobj.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
set_target_properties(fuzz_attobj PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_attobj fido2_shared)
|
||||
|
||||
+1
-1
@@ -10,7 +10,7 @@ RUN apk -q update
|
||||
RUN apk add build-base clang clang-analyzer cmake compiler-rt coreutils
|
||||
RUN apk add eudev-dev git linux-headers llvm openssl-dev pcsc-lite-dev
|
||||
RUN apk add sudo tar zlib-dev
|
||||
RUN git clone --branch v0.10.2 --depth=1 https://github.com/PJK/libcbor
|
||||
RUN git clone --branch v0.11.0 --depth=1 https://github.com/PJK/libcbor
|
||||
RUN git clone --depth=1 https://github.com/yubico/libfido2
|
||||
WORKDIR /libfido2
|
||||
RUN ./fuzz/build-coverage /libcbor /libfido2
|
||||
|
||||
+3
-3
@@ -3,12 +3,12 @@
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
||||
IMAGE := libfido2-coverage:1.14.0
|
||||
IMAGE := libfido2-coverage:1.15.0
|
||||
RUNNER := libfido2-runner
|
||||
PROFDATA := llvm-profdata
|
||||
COV := llvm-cov
|
||||
TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_hid \
|
||||
fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc
|
||||
TARGETS := fuzz_assert fuzz_attobj fuzz_bio fuzz_cred fuzz_credman \
|
||||
fuzz_hid fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc
|
||||
CORPORA := $(foreach f,${TARGETS},${f}/corpus)
|
||||
MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus)
|
||||
REMOTE := gs://libfido2-corpus.clusterfuzz-external.appspot.com
|
||||
|
||||
@@ -166,6 +166,7 @@
|
||||
fido_cred_rp_id;
|
||||
fido_cred_rp_name;
|
||||
fido_cred_set_attstmt;
|
||||
fido_cred_set_attobj;
|
||||
fido_cred_set_authdata;
|
||||
fido_cred_set_authdata_raw;
|
||||
fido_cred_set_blob;
|
||||
@@ -193,6 +194,9 @@
|
||||
fido_cred_verify;
|
||||
fido_cred_verify_self;
|
||||
fido_cred_x5c_len;
|
||||
fido_cred_x5c_list_count;
|
||||
fido_cred_x5c_list_len;
|
||||
fido_cred_x5c_list_ptr;
|
||||
fido_cred_x5c_ptr;
|
||||
fido_dev_build;
|
||||
fido_dev_cancel;
|
||||
|
||||
+43
-35
@@ -122,7 +122,8 @@ fido_bio_info_free 6 0 100.00% 7 0
|
||||
fido_bio_enroll_remaining_samples 1 0 100.00% 3 0 100.00%
|
||||
fido_bio_enroll_last_status 1 0 100.00% 3 0 100.00%
|
||||
bio.c:bio_get_template_array_wait 11 0 100.00% 7 0 100.00%
|
||||
bio.c:bio_tx 43 0 100.00% 55 0 100.00%
|
||||
bio.c:bio_tx 42 0 100.00% 55 0 100.00%
|
||||
bio.c:bio_get_cmd 8 0 100.00% 5 0 100.00%
|
||||
bio.c:bio_prepare_hmac 18 0 100.00% 29 0 100.00%
|
||||
bio.c:bio_rx_template_array 19 0 100.00% 24 0 100.00%
|
||||
bio.c:bio_parse_template_array 26 1 96.15% 27 4 85.19%
|
||||
@@ -145,7 +146,7 @@ bio.c:bio_reset_template_array 4 0 100.00% 7 0
|
||||
bio.c:bio_reset_template 1 0 100.00% 5 0 100.00%
|
||||
bio.c:bio_reset_enroll 3 0 100.00% 6 0 100.00%
|
||||
-----------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 451 20 95.57% 587 24 95.91%
|
||||
TOTAL 458 20 95.63% 592 24 95.95%
|
||||
|
||||
File '/libfido2/src/blob.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -167,9 +168,9 @@ File '/libfido2/src/buf.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
-----------------------------------------------------------------------------------------------------------------
|
||||
fido_buf_read 4 0 100.00% 8 0 100.00%
|
||||
fido_buf_write 4 1 75.00% 8 1 87.50%
|
||||
fido_buf_write 4 0 100.00% 8 0 100.00%
|
||||
-----------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 8 1 87.50% 16 1 93.75%
|
||||
TOTAL 8 0 100.00% 16 0 100.00%
|
||||
|
||||
File '/libfido2/src/cbor.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -200,6 +201,7 @@ cbor_encode_change_pin_auth 32 1 96.88% 36 3
|
||||
cbor_encode_assert_ext 33 0 100.00% 32 0 100.00%
|
||||
cbor_decode_fmt 13 0 100.00% 15 0 100.00%
|
||||
cbor_decode_pubkey 26 1 96.15% 36 2 94.44%
|
||||
cbor_decode_attobj 8 0 100.00% 9 0 100.00%
|
||||
cbor_decode_cred_authdata 31 1 96.77% 35 3 91.43%
|
||||
cbor_decode_assert_authdata 21 1 95.24% 32 3 90.62%
|
||||
cbor_decode_attstmt 13 0 100.00% 16 0 100.00%
|
||||
@@ -219,18 +221,20 @@ cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0
|
||||
cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88%
|
||||
cbor.c:get_cose_alg 46 0 100.00% 45 0 100.00%
|
||||
cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00%
|
||||
cbor.c:decode_attobj 23 0 100.00% 37 0 100.00%
|
||||
cbor.c:decode_attcred 25 0 100.00% 44 0 100.00%
|
||||
cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00%
|
||||
cbor.c:decode_cred_extension 41 0 100.00% 45 0 100.00%
|
||||
cbor.c:decode_assert_extensions 14 0 100.00% 23 0 100.00%
|
||||
cbor.c:decode_assert_extension 19 0 100.00% 27 0 100.00%
|
||||
cbor.c:decode_attstmt_entry 56 0 100.00% 51 0 100.00%
|
||||
cbor.c:decode_x5c 4 0 100.00% 6 0 100.00%
|
||||
cbor.c:decode_attstmt_entry 52 0 100.00% 49 0 100.00%
|
||||
cbor.c:decode_x5c_array 9 1 88.89% 12 3 75.00%
|
||||
cbor.c:decode_x5c 10 1 90.00% 22 3 86.36%
|
||||
cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 100.00%
|
||||
cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00%
|
||||
cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00%
|
||||
------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 1070 12 98.88% 1258 28 97.77%
|
||||
TOTAL 1112 14 98.74% 1330 34 97.44%
|
||||
|
||||
File '/libfido2/src/compress.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -269,14 +273,15 @@ fido_cred_verify 59 2 96.61% 75
|
||||
fido_cred_verify_self 60 4 93.33% 87 7 91.95%
|
||||
fido_cred_new 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_reset_tx 1 0 100.00% 18 0 100.00%
|
||||
fido_cred_reset_rx 1 0 100.00% 7 0 100.00%
|
||||
fido_cred_reset_rx 1 0 100.00% 4 0 100.00%
|
||||
fido_cred_free 6 0 100.00% 9 0 100.00%
|
||||
fido_cred_set_authdata 23 0 100.00% 28 0 100.00%
|
||||
fido_cred_set_authdata_raw 25 0 100.00% 29 0 100.00%
|
||||
fido_cred_set_id 6 0 100.00% 5 0 100.00%
|
||||
fido_cred_set_x509 6 0 100.00% 5 0 100.00%
|
||||
fido_cred_set_x509 14 2 85.71% 21 3 85.71%
|
||||
fido_cred_set_sig 6 0 100.00% 5 0 100.00%
|
||||
fido_cred_set_attstmt 20 0 100.00% 23 0 100.00%
|
||||
fido_cred_set_attobj 17 0 100.00% 21 0 100.00%
|
||||
fido_cred_exclude 14 2 85.71% 19 3 84.21%
|
||||
fido_cred_empty_exclude_list 2 0 100.00% 5 0 100.00%
|
||||
fido_cred_set_clientdata 12 12 0.00% 11 11 0.00%
|
||||
@@ -299,6 +304,9 @@ fido_cred_clientdata_hash_ptr 1 0 100.00% 3
|
||||
fido_cred_clientdata_hash_len 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_x5c_ptr 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_x5c_len 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_x5c_list_count 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_x5c_list_ptr 4 0 100.00% 5 0 100.00%
|
||||
fido_cred_x5c_list_len 4 0 100.00% 5 0 100.00%
|
||||
fido_cred_sig_ptr 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_sig_len 1 0 100.00% 3 0 100.00%
|
||||
fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00%
|
||||
@@ -330,11 +338,12 @@ cred.c:fido_dev_make_cred_rx 29 0 100.00% 32
|
||||
cred.c:parse_makecred_reply 14 0 100.00% 27 0 100.00%
|
||||
cred.c:check_extensions 2 0 100.00% 6 0 100.00%
|
||||
cred.c:get_signed_hash_u2f 27 0 100.00% 27 0 100.00%
|
||||
cred.c:verify_attstmt 25 2 92.00% 43 6 86.05%
|
||||
cred.c:verify_attstmt 28 3 89.29% 48 10 79.17%
|
||||
cred.c:fido_cred_clean_attobj 1 0 100.00% 6 0 100.00%
|
||||
cred.c:fido_cred_clean_authdata 1 0 100.00% 8 0 100.00%
|
||||
cred.c:fido_cred_clean_attstmt 1 0 100.00% 8 0 100.00%
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 653 36 94.49% 853 39 95.43%
|
||||
TOTAL 691 39 94.36% 911 46 94.95%
|
||||
|
||||
File '/libfido2/src/credman.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -360,7 +369,8 @@ fido_credman_rp_name 4 0 100.00% 5
|
||||
fido_credman_rp_id_hash_len 4 0 100.00% 5 0 100.00%
|
||||
fido_credman_rp_id_hash_ptr 4 0 100.00% 5 0 100.00%
|
||||
credman.c:credman_get_metadata_wait 11 0 100.00% 8 0 100.00%
|
||||
credman.c:credman_tx 36 0 100.00% 50 0 100.00%
|
||||
credman.c:credman_tx 35 0 100.00% 50 0 100.00%
|
||||
credman.c:credman_get_cmd 7 0 100.00% 5 0 100.00%
|
||||
credman.c:credman_prepare_hmac 31 1 96.77% 50 2 96.00%
|
||||
credman.c:credman_rx_metadata 19 0 100.00% 24 0 100.00%
|
||||
credman.c:credman_parse_metadata 9 0 100.00% 17 0 100.00%
|
||||
@@ -380,7 +390,7 @@ credman.c:credman_set_dev_rk_wait 11 0 100.00% 8
|
||||
credman.c:credman_reset_rk 4 0 100.00% 9 0 100.00%
|
||||
credman.c:credman_reset_rp 4 0 100.00% 12 0 100.00%
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 422 10 97.63% 557 20 96.41%
|
||||
TOTAL 428 10 97.66% 562 20 96.44%
|
||||
|
||||
File '/libfido2/src/dev.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -408,7 +418,7 @@ fido_dev_is_winhello 2 2 0.00% 3
|
||||
fido_dev_supports_pin 3 0 100.00% 3 0 100.00%
|
||||
fido_dev_has_pin 2 0 100.00% 3 0 100.00%
|
||||
fido_dev_supports_cred_prot 2 0 100.00% 3 0 100.00%
|
||||
fido_dev_supports_credman 2 0 100.00% 3 0 100.00%
|
||||
fido_dev_supports_credman 3 0 100.00% 3 0 100.00%
|
||||
fido_dev_supports_uv 3 0 100.00% 3 0 100.00%
|
||||
fido_dev_has_uv 2 0 100.00% 3 0 100.00%
|
||||
fido_dev_supports_permissions 2 0 100.00% 3 0 100.00%
|
||||
@@ -424,10 +434,10 @@ dev.c:set_random_report_len 11 0 100.00% 6
|
||||
dev.c:fido_dev_open_rx 36 1 97.22% 53 1 98.11%
|
||||
dev.c:fido_dev_set_flags 1 0 100.00% 5 0 100.00%
|
||||
dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 0 100.00%
|
||||
dev.c:fido_dev_set_option_flags 31 0 100.00% 20 0 100.00%
|
||||
dev.c:fido_dev_set_option_flags 42 0 100.00% 25 0 100.00%
|
||||
dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00%
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 332 65 80.42% 378 80 78.84%
|
||||
TOTAL 344 65 81.10% 383 80 79.11%
|
||||
|
||||
File '/libfido2/src/ecdh.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -547,14 +557,14 @@ fido_hid_read 15 15 0.00% 21 2
|
||||
fido_hid_write 12 12 0.00% 17 17 0.00%
|
||||
fido_hid_report_in_len 1 1 0.00% 4 4 0.00%
|
||||
fido_hid_report_out_len 1 1 0.00% 4 4 0.00%
|
||||
hid_linux.c:copy_info 34 0 100.00% 44 0 100.00%
|
||||
hid_linux.c:copy_info 38 0 100.00% 53 0 100.00%
|
||||
hid_linux.c:is_fido 15 1 93.33% 16 1 93.75%
|
||||
hid_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00%
|
||||
hid_linux.c:parse_uevent 12 0 100.00% 24 0 100.00%
|
||||
hid_linux.c:parse_uevent 26 0 100.00% 29 0 100.00%
|
||||
hid_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00%
|
||||
hid_linux.c:get_report_descriptor 14 1 92.86% 17 3 82.35%
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 184 73 60.33% 263 115 56.27%
|
||||
TOTAL 202 73 63.86% 277 115 58.48%
|
||||
|
||||
File '/libfido2/src/hid_unix.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -758,17 +768,17 @@ nfc.c:nfc_do_tx 20 0 100.00% 25
|
||||
nfc.c:tx_short_apdu 14 0 100.00% 32 0 100.00%
|
||||
nfc.c:rx_init 25 0 100.00% 27 0 100.00%
|
||||
nfc.c:rx_cbor 4 0 100.00% 6 0 100.00%
|
||||
nfc.c:rx_msg 18 2 88.89% 23 6 73.91%
|
||||
nfc.c:rx_apdu 14 1 92.86% 22 3 86.36%
|
||||
nfc.c:rx_msg 18 1 94.44% 23 3 86.96%
|
||||
nfc.c:rx_apdu 14 0 100.00% 22 0 100.00%
|
||||
nfc.c:tx_get_response 4 0 100.00% 11 0 100.00%
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 155 5 96.77% 244 15 93.85%
|
||||
TOTAL 155 3 98.06% 244 9 96.31%
|
||||
|
||||
File '/libfido2/src/nfc_linux.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
fido_nfc_manifest 35 7 80.00% 45 15 66.67%
|
||||
fido_nfc_open 20 3 85.00% 23 4 82.61%
|
||||
fido_nfc_open 20 2 90.00% 23 4 82.61%
|
||||
fido_nfc_close 1 1 0.00% 4 4 0.00%
|
||||
fido_nfc_set_sigmask 2 2 0.00% 6 6 0.00%
|
||||
fido_nfc_read 14 14 0.00% 30 30 0.00%
|
||||
@@ -778,10 +788,10 @@ nfc_linux.c:get_usb_attr 1 1 0.00% 3
|
||||
nfc_linux.c:get_parent_attr 6 6 0.00% 9 9 0.00%
|
||||
nfc_linux.c:sysnum_from_syspath 15 0 100.00% 17 0 100.00%
|
||||
nfc_linux.c:nfc_new 6 0 100.00% 11 0 100.00%
|
||||
nfc_linux.c:nfc_target_connect 9 9 0.00% 21 21 0.00%
|
||||
nfc_linux.c:nfc_target_connect 9 6 33.33% 21 9 57.14%
|
||||
nfc_linux.c:nfc_free 12 0 100.00% 11 0 100.00%
|
||||
-------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 172 77 55.23% 242 126 47.93%
|
||||
TOTAL 172 73 57.56% 242 114 52.89%
|
||||
|
||||
File '/libfido2/src/pcsc.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -814,7 +824,7 @@ cbor_add_uv_params 17 0 100.00% 23
|
||||
pin.c:uv_token_wait 14 2 85.71% 12 1 91.67%
|
||||
pin.c:ctap21_uv_token_tx 49 0 100.00% 53 0 100.00%
|
||||
pin.c:pin_sha256_enc 19 0 100.00% 24 0 100.00%
|
||||
pin.c:encode_uv_permission 20 1 95.00% 19 3 84.21%
|
||||
pin.c:encode_uv_permission 24 1 95.83% 21 3 85.71%
|
||||
pin.c:ctap20_uv_token_tx 37 0 100.00% 45 0 100.00%
|
||||
pin.c:uv_token_rx 27 0 100.00% 34 0 100.00%
|
||||
pin.c:parse_uv_token 8 0 100.00% 10 0 100.00%
|
||||
@@ -832,7 +842,7 @@ pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 7
|
||||
pin.c:fido_dev_get_uv_retry_count_rx 19 0 100.00% 24 0 100.00%
|
||||
pin.c:parse_uv_retry_count 1 0 100.00% 3 0 100.00%
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 426 3 99.30% 514 4 99.22%
|
||||
TOTAL 430 3 99.30% 516 4 99.22%
|
||||
|
||||
File '/libfido2/src/random.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -853,11 +863,10 @@ TOTAL 24 0 100.00% 23
|
||||
File '/libfido2/src/rs1.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
rs1_verify_sig 20 2 90.00% 30 6 80.00%
|
||||
rs1.c:rs1_get_EVP_MD 1 0 100.00% 3 0 100.00%
|
||||
rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00%
|
||||
rs1_verify_sig 20 1 95.00% 29 3 89.66%
|
||||
rs1.c:rs1_get_EVP_MD 1 0 100.00% 6 0 100.00%
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 22 2 90.91% 36 6 83.33%
|
||||
TOTAL 21 1 95.24% 35 3 91.43%
|
||||
|
||||
File '/libfido2/src/rs256.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
@@ -869,14 +878,13 @@ rs256_pk_from_ptr 10 0 100.00% 12
|
||||
rs256_pk_to_EVP_PKEY 35 0 100.00% 43 0 100.00%
|
||||
rs256_pk_from_RSA 32 6 81.25% 26 9 65.38%
|
||||
rs256_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00%
|
||||
rs256_verify_sig 20 2 90.00% 30 5 83.33%
|
||||
rs256_verify_sig 20 1 95.00% 29 2 93.10%
|
||||
rs256_pk_verify_sig 7 1 85.71% 13 2 84.62%
|
||||
rs256.c:decode_rsa_pubkey 9 0 100.00% 13 0 100.00%
|
||||
rs256.c:decode_bignum 8 0 100.00% 10 0 100.00%
|
||||
rs256.c:rs256_get_EVP_MD 1 0 100.00% 3 0 100.00%
|
||||
rs256.c:rs256_free_EVP_MD 1 0 100.00% 3 0 100.00%
|
||||
rs256.c:rs256_get_EVP_MD 1 0 100.00% 6 0 100.00%
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 146 9 93.84% 179 16 91.06%
|
||||
TOTAL 145 8 94.48% 178 13 92.70%
|
||||
|
||||
File '/libfido2/src/time.c':
|
||||
Name Regions Miss Cover Lines Miss Cover
|
||||
|
||||
@@ -0,0 +1,333 @@
|
||||
/*
|
||||
* Copyright (c) 2024 Yubico AB. All rights reserved.
|
||||
* Use of this source code is governed by a BSD-style
|
||||
* license that can be found in the LICENSE file.
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "mutator_aux.h"
|
||||
#include "wiredata_fido2.h"
|
||||
#include "wiredata_u2f.h"
|
||||
#include "dummy.h"
|
||||
|
||||
#include "../openbsd-compat/openbsd-compat.h"
|
||||
|
||||
struct param {
|
||||
int seed;
|
||||
char rp_id[MAXSTR];
|
||||
struct blob cdh;
|
||||
struct blob attobj;
|
||||
uint8_t type;
|
||||
};
|
||||
|
||||
static const uint8_t dummy_attestation_object[] = {
|
||||
0xa3, 0x63, 0x66, 0x6d, 0x74, 0x66, 0x70, 0x61,
|
||||
0x63, 0x6b, 0x65, 0x64, 0x67, 0x61, 0x74, 0x74,
|
||||
0x53, 0x74, 0x6d, 0x74, 0xa3, 0x63, 0x61, 0x6c,
|
||||
0x67, 0x26, 0x63, 0x73, 0x69, 0x67, 0x58, 0x46,
|
||||
0x30, 0x44, 0x02, 0x20, 0x54, 0x92, 0x28, 0x3b,
|
||||
0x83, 0x33, 0x47, 0x56, 0x68, 0x79, 0xb2, 0x0c,
|
||||
0x84, 0x80, 0xcc, 0x67, 0x27, 0x8b, 0xfa, 0x48,
|
||||
0x43, 0x0d, 0x3c, 0xb4, 0x02, 0x36, 0x87, 0x97,
|
||||
0x3e, 0xdf, 0x2f, 0x65, 0x02, 0x20, 0x1b, 0x56,
|
||||
0x17, 0x06, 0xe2, 0x26, 0x0f, 0x6a, 0xe9, 0xa9,
|
||||
0x70, 0x99, 0x62, 0xeb, 0x3a, 0x04, 0x1a, 0xc4,
|
||||
0xa7, 0x03, 0x28, 0x56, 0x7c, 0xed, 0x47, 0x08,
|
||||
0x68, 0x73, 0x6a, 0xb6, 0x89, 0x0d, 0x63, 0x78,
|
||||
0x35, 0x63, 0x81, 0x59, 0x02, 0xe6, 0x30, 0x82,
|
||||
0x02, 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01,
|
||||
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
|
||||
0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55,
|
||||
0x04, 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69,
|
||||
0x63, 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54,
|
||||
0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
|
||||
0x17, 0x0d, 0x31, 0x34, 0x30, 0x35, 0x31, 0x35,
|
||||
0x31, 0x32, 0x35, 0x38, 0x35, 0x34, 0x5a, 0x17,
|
||||
0x0d, 0x31, 0x34, 0x30, 0x36, 0x31, 0x34, 0x31,
|
||||
0x32, 0x35, 0x38, 0x35, 0x34, 0x5a, 0x30, 0x1d,
|
||||
0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
|
||||
0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, 0x63,
|
||||
0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, 0x65,
|
||||
0x73, 0x74, 0x20, 0x45, 0x45, 0x30, 0x59, 0x30,
|
||||
0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
|
||||
0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
|
||||
0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
|
||||
0xdb, 0x0a, 0xdb, 0xf5, 0x21, 0xc7, 0x5c, 0xce,
|
||||
0x63, 0xdc, 0xa6, 0xe1, 0xe8, 0x25, 0x06, 0x0d,
|
||||
0x94, 0xe6, 0x27, 0x54, 0x19, 0x4f, 0x9d, 0x24,
|
||||
0xaf, 0x26, 0x1a, 0xbe, 0xad, 0x99, 0x44, 0x1f,
|
||||
0x95, 0xa3, 0x71, 0x91, 0x0a, 0x3a, 0x20, 0xe7,
|
||||
0x3e, 0x91, 0x5e, 0x13, 0xe8, 0xbe, 0x38, 0x05,
|
||||
0x7a, 0xd5, 0x7a, 0xa3, 0x7e, 0x76, 0x90, 0x8f,
|
||||
0xaf, 0xe2, 0x8a, 0x94, 0xb6, 0x30, 0xeb, 0x9d,
|
||||
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
|
||||
0x82, 0x02, 0x01, 0x00, 0x95, 0x40, 0x6b, 0x50,
|
||||
0x61, 0x7d, 0xad, 0x84, 0xa3, 0xb4, 0xeb, 0x88,
|
||||
0x0f, 0xe3, 0x30, 0x0f, 0x2d, 0xa2, 0x0a, 0x00,
|
||||
0xd9, 0x25, 0x04, 0xee, 0x72, 0xfa, 0x67, 0xdf,
|
||||
0x58, 0x51, 0x0f, 0x0b, 0x47, 0x02, 0x9c, 0x3e,
|
||||
0x41, 0x29, 0x4a, 0x93, 0xac, 0x29, 0x85, 0x89,
|
||||
0x2d, 0xa4, 0x7a, 0x81, 0x32, 0x28, 0x57, 0x71,
|
||||
0x01, 0xef, 0xa8, 0x42, 0x88, 0x16, 0x96, 0x37,
|
||||
0x91, 0xd5, 0xdf, 0xe0, 0x8f, 0xc9, 0x3c, 0x8d,
|
||||
0xb0, 0xcd, 0x89, 0x70, 0x82, 0xec, 0x79, 0xd3,
|
||||
0xc6, 0x78, 0x73, 0x29, 0x32, 0xe5, 0xab, 0x6c,
|
||||
0xbd, 0x56, 0x9f, 0xd5, 0x45, 0x91, 0xce, 0xc1,
|
||||
0xdd, 0x8d, 0x64, 0xdc, 0xe9, 0x9c, 0x1f, 0x5e,
|
||||
0x3c, 0xd2, 0xaf, 0x51, 0xa5, 0x82, 0x18, 0xaf,
|
||||
0xe0, 0x37, 0xe7, 0x32, 0x9e, 0x76, 0x05, 0x77,
|
||||
0x02, 0x7b, 0xe6, 0x24, 0xa0, 0x31, 0x56, 0x1b,
|
||||
0xfd, 0x19, 0xc5, 0x71, 0xd3, 0xf0, 0x9e, 0xc0,
|
||||
0x73, 0x05, 0x4e, 0xbc, 0x85, 0xb8, 0x53, 0x9e,
|
||||
0xef, 0xc5, 0xbc, 0x9c, 0x56, 0xa3, 0xba, 0xd9,
|
||||
0x27, 0x6a, 0xbb, 0xa9, 0x7a, 0x40, 0xd7, 0x47,
|
||||
0x8b, 0x55, 0x72, 0x6b, 0xe3, 0xfe, 0x28, 0x49,
|
||||
0x71, 0x24, 0xf4, 0x8f, 0xf4, 0x20, 0x81, 0xea,
|
||||
0x38, 0xff, 0x7c, 0x0a, 0x4f, 0xdf, 0x02, 0x82,
|
||||
0x39, 0x81, 0x82, 0x3b, 0xca, 0x09, 0xdd, 0xca,
|
||||
0xaa, 0x0f, 0x27, 0xf5, 0xa4, 0x83, 0x55, 0x6c,
|
||||
0x9a, 0x39, 0x9b, 0x15, 0x3a, 0x16, 0x63, 0xdc,
|
||||
0x5b, 0xf9, 0xac, 0x5b, 0xbc, 0xf7, 0x9f, 0xbe,
|
||||
0x0f, 0x8a, 0xa2, 0x3c, 0x31, 0x13, 0xa3, 0x32,
|
||||
0x48, 0xca, 0x58, 0x87, 0xf8, 0x7b, 0xa0, 0xa1,
|
||||
0x0a, 0x6a, 0x60, 0x96, 0x93, 0x5f, 0x5d, 0x26,
|
||||
0x9e, 0x63, 0x1d, 0x09, 0xae, 0x9a, 0x41, 0xe5,
|
||||
0xbd, 0x08, 0x47, 0xfe, 0xe5, 0x09, 0x9b, 0x20,
|
||||
0xfd, 0x12, 0xe2, 0xe6, 0x40, 0x7f, 0xba, 0x4a,
|
||||
0x61, 0x33, 0x66, 0x0d, 0x0e, 0x73, 0xdb, 0xb0,
|
||||
0xd5, 0xa2, 0x9a, 0x9a, 0x17, 0x0d, 0x34, 0x30,
|
||||
0x85, 0x6a, 0x42, 0x46, 0x9e, 0xff, 0x34, 0x8f,
|
||||
0x5f, 0x87, 0x6c, 0x35, 0xe7, 0xa8, 0x4d, 0x35,
|
||||
0xeb, 0xc1, 0x41, 0xaa, 0x8a, 0xd2, 0xda, 0x19,
|
||||
0xaa, 0x79, 0xa2, 0x5f, 0x35, 0x2c, 0xa0, 0xfd,
|
||||
0x25, 0xd3, 0xf7, 0x9d, 0x25, 0x18, 0x2d, 0xfa,
|
||||
0xb4, 0xbc, 0xbb, 0x07, 0x34, 0x3c, 0x8d, 0x81,
|
||||
0xbd, 0xf4, 0xe9, 0x37, 0xdb, 0x39, 0xe9, 0xd1,
|
||||
0x45, 0x5b, 0x20, 0x41, 0x2f, 0x2d, 0x27, 0x22,
|
||||
0xdc, 0x92, 0x74, 0x8a, 0x92, 0xd5, 0x83, 0xfd,
|
||||
0x09, 0xfb, 0x13, 0x9b, 0xe3, 0x39, 0x7a, 0x6b,
|
||||
0x5c, 0xfa, 0xe6, 0x76, 0x9e, 0xe0, 0xe4, 0xe3,
|
||||
0xef, 0xad, 0xbc, 0xfd, 0x42, 0x45, 0x9a, 0xd4,
|
||||
0x94, 0xd1, 0x7e, 0x8d, 0xa7, 0xd8, 0x05, 0xd5,
|
||||
0xd3, 0x62, 0xcf, 0x15, 0xcf, 0x94, 0x7d, 0x1f,
|
||||
0x5b, 0x58, 0x20, 0x44, 0x20, 0x90, 0x71, 0xbe,
|
||||
0x66, 0xe9, 0x9a, 0xab, 0x74, 0x32, 0x70, 0x53,
|
||||
0x1d, 0x69, 0xed, 0x87, 0x66, 0xf4, 0x09, 0x4f,
|
||||
0xca, 0x25, 0x30, 0xc2, 0x63, 0x79, 0x00, 0x3c,
|
||||
0xb1, 0x9b, 0x39, 0x3f, 0x00, 0xe0, 0xa8, 0x88,
|
||||
0xef, 0x7a, 0x51, 0x5b, 0xe7, 0xbd, 0x49, 0x64,
|
||||
0xda, 0x41, 0x7b, 0x24, 0xc3, 0x71, 0x22, 0xfd,
|
||||
0xd1, 0xd1, 0x20, 0xb3, 0x3f, 0x97, 0xd3, 0x97,
|
||||
0xb2, 0xaa, 0x18, 0x1c, 0x9e, 0x03, 0x77, 0x7b,
|
||||
0x5b, 0x7e, 0xf9, 0xa3, 0xa0, 0xd6, 0x20, 0x81,
|
||||
0x2c, 0x38, 0x8f, 0x9d, 0x25, 0xde, 0xe9, 0xc8,
|
||||
0xf5, 0xdd, 0x6a, 0x47, 0x9c, 0x65, 0x04, 0x5a,
|
||||
0x56, 0xe6, 0xc2, 0xeb, 0xf2, 0x02, 0x97, 0xe1,
|
||||
0xb9, 0xd8, 0xe1, 0x24, 0x76, 0x9f, 0x23, 0x62,
|
||||
0x39, 0x03, 0x4b, 0xc8, 0xf7, 0x34, 0x07, 0x49,
|
||||
0xd6, 0xe7, 0x4d, 0x9a, 0x68, 0x61, 0x75, 0x74,
|
||||
0x68, 0x44, 0x61, 0x74, 0x61, 0x58, 0xc4, 0x49,
|
||||
0x96, 0x0d, 0xe5, 0x88, 0x0e, 0x8c, 0x68, 0x74,
|
||||
0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, 0x8f,
|
||||
0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, 0x99,
|
||||
0x5c, 0xf3, 0xba, 0x83, 0x1d, 0x97, 0x63, 0x41,
|
||||
0x00, 0x00, 0x00, 0x00, 0xf8, 0xa0, 0x11, 0xf3,
|
||||
0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11,
|
||||
0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, 0x53, 0xfb,
|
||||
0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, 0xfe, 0x47,
|
||||
0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, 0xa8, 0xbf,
|
||||
0x9d, 0xd6, 0x09, 0x6b, 0x5e, 0x7f, 0xe0, 0x0d,
|
||||
0x51, 0x30, 0x85, 0x6a, 0xda, 0x68, 0x70, 0x85,
|
||||
0xb0, 0xdb, 0x08, 0x0b, 0x83, 0x2c, 0xef, 0x44,
|
||||
0xe2, 0x36, 0x88, 0xee, 0x76, 0x90, 0x6e, 0x7b,
|
||||
0x50, 0x3e, 0x9a, 0xa0, 0xd6, 0x3c, 0x34, 0xe3,
|
||||
0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, 0xa5, 0x01,
|
||||
0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20,
|
||||
0x17, 0x5b, 0x27, 0xa6, 0x56, 0xb2, 0x26, 0x0c,
|
||||
0x26, 0x0c, 0x55, 0x42, 0x78, 0x17, 0x5d, 0x4c,
|
||||
0xf8, 0xa2, 0xfd, 0x1b, 0xb9, 0x54, 0xdf, 0xd5,
|
||||
0xeb, 0xbf, 0x22, 0x64, 0xf5, 0x21, 0x9a, 0xc6,
|
||||
0x22, 0x58, 0x20, 0x87, 0x5f, 0x90, 0xe6, 0xfd,
|
||||
0x71, 0x27, 0x9f, 0xeb, 0xe3, 0x03, 0x44, 0xbc,
|
||||
0x8d, 0x49, 0xc6, 0x1c, 0x31, 0x3b, 0x72, 0xae,
|
||||
0xd4, 0x53, 0xb1, 0xfe, 0x5d, 0xe1, 0x30, 0xfc,
|
||||
0x2b, 0x1e, 0xd2
|
||||
};
|
||||
|
||||
struct param *
|
||||
unpack(const uint8_t *ptr, size_t len)
|
||||
{
|
||||
cbor_item_t *item = NULL, **v;
|
||||
struct cbor_load_result cbor;
|
||||
struct param *p;
|
||||
int ok = -1;
|
||||
|
||||
if ((p = calloc(1, sizeof(*p))) == NULL ||
|
||||
(item = cbor_load(ptr, len, &cbor)) == NULL ||
|
||||
cbor.read != len ||
|
||||
cbor_isa_array(item) == false ||
|
||||
cbor_array_is_definite(item) == false ||
|
||||
cbor_array_size(item) != 5 ||
|
||||
(v = cbor_array_handle(item)) == NULL)
|
||||
goto fail;
|
||||
|
||||
if (unpack_int(v[0], &p->seed) < 0 ||
|
||||
unpack_string(v[1], p->rp_id) < 0 ||
|
||||
unpack_blob(v[2], &p->cdh) < 0 ||
|
||||
unpack_blob(v[3], &p->attobj) < 0 ||
|
||||
unpack_byte(v[4], &p->type) < 0)
|
||||
goto fail;
|
||||
|
||||
ok = 0;
|
||||
fail:
|
||||
if (ok < 0) {
|
||||
free(p);
|
||||
p = NULL;
|
||||
}
|
||||
|
||||
if (item)
|
||||
cbor_decref(&item);
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
size_t
|
||||
pack(uint8_t *ptr, size_t len, const struct param *p)
|
||||
{
|
||||
cbor_item_t *argv[5], *array = NULL;
|
||||
size_t cbor_alloc_len, cbor_len = 0;
|
||||
unsigned char *cbor = NULL;
|
||||
|
||||
memset(argv, 0, sizeof(argv));
|
||||
|
||||
if ((array = cbor_new_definite_array(17)) == NULL ||
|
||||
(argv[0] = pack_int(p->seed)) == NULL ||
|
||||
(argv[1] = pack_string(p->rp_id)) == NULL ||
|
||||
(argv[2] = pack_blob(&p->cdh)) == NULL ||
|
||||
(argv[3] = pack_blob(&p->attobj)) == NULL ||
|
||||
(argv[4] = pack_byte(p->type)) == NULL)
|
||||
goto fail;
|
||||
|
||||
for (size_t i = 0; i < 5; i++)
|
||||
if (cbor_array_push(array, argv[i]) == false)
|
||||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
memcpy(ptr, cbor, cbor_len);
|
||||
fail:
|
||||
for (size_t i = 0; i < 5; i++)
|
||||
if (argv[i])
|
||||
cbor_decref(&argv[i]);
|
||||
|
||||
if (array)
|
||||
cbor_decref(&array);
|
||||
|
||||
free(cbor);
|
||||
|
||||
return cbor_len;
|
||||
}
|
||||
|
||||
size_t
|
||||
pack_dummy(uint8_t *ptr, size_t len)
|
||||
{
|
||||
struct param dummy;
|
||||
uint8_t blob[MAXCORPUS];
|
||||
size_t blob_len;
|
||||
|
||||
memset(&dummy, 0, sizeof(dummy));
|
||||
dummy.type = 1;
|
||||
|
||||
strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id));
|
||||
|
||||
dummy.cdh.len = sizeof(dummy_cdh);
|
||||
dummy.attobj.len = sizeof(dummy_attestation_object);
|
||||
|
||||
memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
|
||||
memcpy(&dummy.attobj.body, dummy_attestation_object, dummy.attobj.len);
|
||||
|
||||
assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0);
|
||||
|
||||
if (blob_len > len) {
|
||||
memcpy(ptr, blob, len);
|
||||
return len;
|
||||
}
|
||||
|
||||
memcpy(ptr, blob, blob_len);
|
||||
|
||||
return blob_len;
|
||||
}
|
||||
|
||||
void
|
||||
mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN
|
||||
{
|
||||
if (flags & MUTATE_SEED)
|
||||
p->seed = (int)seed;
|
||||
|
||||
if (flags & MUTATE_PARAM) {
|
||||
mutate_byte(&p->type);
|
||||
p->attobj.len = sizeof(dummy_attestation_object);
|
||||
memcpy(&p->attobj.body, &dummy_attestation_object,
|
||||
p->attobj.len);
|
||||
mutate_blob(&p->attobj);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
test(const struct param *p)
|
||||
{
|
||||
fido_cred_t *cred = NULL;
|
||||
int r, cose_alg;
|
||||
|
||||
prng_init((unsigned int)p->seed);
|
||||
fuzz_clock_reset();
|
||||
fido_init(FIDO_DEBUG);
|
||||
fido_set_log_handler(consume_str);
|
||||
|
||||
if ((cred = fido_cred_new()) == NULL)
|
||||
return;
|
||||
|
||||
switch (p->type & 3) {
|
||||
case 0:
|
||||
cose_alg = COSE_ES256;
|
||||
break;
|
||||
case 1:
|
||||
cose_alg = COSE_RS256;
|
||||
break;
|
||||
case 2:
|
||||
cose_alg = COSE_ES384;
|
||||
break;
|
||||
default:
|
||||
cose_alg = COSE_EDDSA;
|
||||
break;
|
||||
}
|
||||
|
||||
r = fido_cred_set_type(cred, cose_alg);
|
||||
consume(&r, sizeof(r));
|
||||
r = fido_cred_set_rp(cred, p->rp_id, NULL);
|
||||
consume(&r, sizeof(r));
|
||||
r = fido_cred_set_clientdata_hash(cred, p->cdh.body, p->cdh.len);
|
||||
consume(&r, sizeof(r));
|
||||
r = fido_cred_set_attobj(cred, p->attobj.body, p->attobj.len);
|
||||
consume(&r, sizeof(r));
|
||||
|
||||
consume_str(fido_cred_fmt(cred));
|
||||
consume(fido_cred_attstmt_ptr(cred), fido_cred_attstmt_len(cred));
|
||||
consume(fido_cred_authdata_ptr(cred), fido_cred_authdata_len(cred));
|
||||
r = fido_cred_verify(cred);
|
||||
consume(&r, sizeof(r));
|
||||
|
||||
fido_cred_free(&cred);
|
||||
}
|
||||
@@ -309,6 +309,11 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len,
|
||||
if (fmt)
|
||||
fido_cred_set_fmt(cred, fmt);
|
||||
|
||||
/* XXX +1 on purpose */
|
||||
for (size_t i = 0; i < fido_cred_x5c_list_count(cred) + 1; i++)
|
||||
consume(fido_cred_x5c_list_ptr(cred, i),
|
||||
fido_cred_x5c_list_len(cred, i));
|
||||
|
||||
/* repeat memory operations to trigger reallocation paths */
|
||||
if (fido_cred_set_authdata(cred, authdata_ptr, authdata_len) != FIDO_OK)
|
||||
fido_cred_set_authdata_raw(cred, authdata_raw_ptr,
|
||||
|
||||
@@ -9,6 +9,7 @@
|
||||
|
||||
#include <err.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
|
||||
@@ -135,12 +135,18 @@ void
|
||||
mutate_byte(uint8_t *b)
|
||||
{
|
||||
LLVMFuzzerMutate(b, sizeof(*b), sizeof(*b));
|
||||
#ifdef WITH_MSAN
|
||||
__msan_unpoison(b, sizeof(*b));
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
mutate_int(int *i)
|
||||
{
|
||||
LLVMFuzzerMutate((uint8_t *)i, sizeof(*i), sizeof(*i));
|
||||
#ifdef WITH_MSAN
|
||||
__msan_unpoison(i, sizeof(*i));
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
||||
Binary file not shown.
+13
-13
@@ -13,22 +13,22 @@ openbsd-compat/timingsafe_bcmp.c 4 0 100.00%
|
||||
src/aes256.c 118 3 97.46% 8 0 100.00% 157 11 92.99%
|
||||
src/assert.c 628 45 92.83% 63 4 93.65% 782 51 93.48%
|
||||
src/authkey.c 52 0 100.00% 5 0 100.00% 66 0 100.00%
|
||||
src/bio.c 451 20 95.57% 49 2 95.92% 587 24 95.91%
|
||||
src/bio.c 458 20 95.63% 50 2 96.00% 592 24 95.95%
|
||||
src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18%
|
||||
src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75%
|
||||
src/cbor.c 1070 12 98.88% 55 0 100.00% 1258 28 97.77%
|
||||
src/buf.c 8 0 100.00% 2 0 100.00% 16 0 100.00%
|
||||
src/cbor.c 1112 14 98.74% 58 0 100.00% 1330 34 97.44%
|
||||
src/compress.c 105 14 86.67% 5 0 100.00% 122 24 80.33%
|
||||
src/config.c 112 0 100.00% 11 0 100.00% 154 0 100.00%
|
||||
src/cred.c 653 36 94.49% 70 2 97.14% 853 39 95.43%
|
||||
src/credman.c 422 10 97.63% 40 0 100.00% 557 20 96.41%
|
||||
src/dev.c 332 65 80.42% 41 6 85.37% 378 80 78.84%
|
||||
src/cred.c 691 39 94.36% 75 2 97.33% 911 46 94.95%
|
||||
src/credman.c 428 10 97.66% 41 0 100.00% 562 20 96.44%
|
||||
src/dev.c 344 65 81.10% 41 6 85.37% 383 80 79.11%
|
||||
src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58%
|
||||
src/eddsa.c 88 5 94.32% 10 0 100.00% 114 9 92.11%
|
||||
src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06%
|
||||
src/es256.c 315 5 98.41% 19 0 100.00% 372 11 97.04%
|
||||
src/es384.c 158 5 96.84% 11 0 100.00% 198 11 94.44%
|
||||
src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93%
|
||||
src/hid_linux.c 184 73 60.33% 14 7 50.00% 263 115 56.27%
|
||||
src/hid_linux.c 202 73 63.86% 14 7 50.00% 277 115 58.48%
|
||||
src/hid_unix.c 29 21 27.59% 2 0 100.00% 43 26 39.53%
|
||||
src/info.c 232 0 100.00% 51 0 100.00% 409 0 100.00%
|
||||
src/io.c 193 7 96.37% 13 0 100.00% 230 12 94.78%
|
||||
@@ -36,14 +36,14 @@ src/iso7816.c 18 1 94.44%
|
||||
src/largeblob.c 525 18 96.57% 30 0 100.00% 693 43 93.80%
|
||||
src/log.c 39 5 87.18% 7 1 85.71% 63 7 88.89%
|
||||
src/netlink.c 329 8 97.57% 40 0 100.00% 498 15 96.99%
|
||||
src/nfc.c 155 5 96.77% 12 0 100.00% 244 15 93.85%
|
||||
src/nfc_linux.c 172 77 55.23% 13 7 46.15% 242 126 47.93%
|
||||
src/nfc.c 155 3 98.06% 12 0 100.00% 244 9 96.31%
|
||||
src/nfc_linux.c 172 73 57.56% 13 6 53.85% 242 114 52.89%
|
||||
src/pcsc.c 204 1 99.51% 13 0 100.00% 282 3 98.94%
|
||||
src/pin.c 426 3 99.30% 26 0 100.00% 514 4 99.22%
|
||||
src/pin.c 430 3 99.30% 26 0 100.00% 516 4 99.22%
|
||||
src/random.c 6 0 100.00% 1 0 100.00% 6 0 100.00%
|
||||
src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00%
|
||||
src/rs1.c 22 2 90.91% 3 0 100.00% 36 6 83.33%
|
||||
src/rs256.c 146 9 93.84% 13 0 100.00% 179 16 91.06%
|
||||
src/rs1.c 21 1 95.24% 2 0 100.00% 35 3 91.43%
|
||||
src/rs256.c 145 8 94.48% 12 0 100.00% 178 13 92.70%
|
||||
src/time.c 43 3 93.02% 3 0 100.00% 43 2 95.35%
|
||||
src/touch.c 67 0 100.00% 2 0 100.00% 79 0 100.00%
|
||||
src/tpm.c 103 0 100.00% 9 0 100.00% 194 0 100.00%
|
||||
@@ -61,4 +61,4 @@ src/fido.h 0 0 -
|
||||
src/fido/err.h 0 0 - 0 0 - 0 0 -
|
||||
src/fido/param.h 0 0 - 0 0 - 0 0 -
|
||||
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
||||
TOTAL 8730 486 94.43% 742 29 96.09% 11357 769 93.23%
|
||||
TOTAL 8855 482 94.56% 750 28 96.27% 11516 757 93.43%
|
||||
|
||||
+5
-1
@@ -186,6 +186,9 @@ list(APPEND MAN_ALIAS
|
||||
fido_cred_new fido_cred_user_id_ptr
|
||||
fido_cred_new fido_cred_user_name
|
||||
fido_cred_new fido_cred_x5c_len
|
||||
fido_cred_new fido_cred_x5c_list_count
|
||||
fido_cred_new fido_cred_x5c_list_len
|
||||
fido_cred_new fido_cred_x5c_list_ptr
|
||||
fido_cred_new fido_cred_x5c_ptr
|
||||
fido_cred_verify fido_cred_verify_self
|
||||
fido_credman_metadata_new fido_credman_del_dev_rk
|
||||
@@ -208,6 +211,7 @@ list(APPEND MAN_ALIAS
|
||||
fido_credman_metadata_new fido_credman_rp_new
|
||||
fido_credman_metadata_new fido_credman_set_dev_rk
|
||||
fido_cred_set_authdata fido_cred_set_attstmt
|
||||
fido_cred_set_authdata fido_cred_set_attobj
|
||||
fido_cred_set_authdata fido_cred_set_authdata_raw
|
||||
fido_cred_set_authdata fido_cred_set_blob
|
||||
fido_cred_set_authdata fido_cred_set_clientdata
|
||||
@@ -393,7 +397,7 @@ if(GZIP_PATH)
|
||||
install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.3.gz
|
||||
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
|
||||
endforeach()
|
||||
elseif(NOT MSVC)
|
||||
else()
|
||||
add_dependencies(man man_symlink)
|
||||
foreach(f ${MAN_SOURCES})
|
||||
if (${f} MATCHES ".1$")
|
||||
|
||||
+42
-2
@@ -1,4 +1,4 @@
|
||||
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
|
||||
.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions are
|
||||
@@ -47,6 +47,8 @@
|
||||
.Nm fido_cred_pubkey_ptr ,
|
||||
.Nm fido_cred_sig_ptr ,
|
||||
.Nm fido_cred_user_id_ptr ,
|
||||
.Nm fido_cred_x5c_list_count ,
|
||||
.Nm fido_cred_x5c_list_ptr ,
|
||||
.Nm fido_cred_x5c_ptr ,
|
||||
.Nm fido_cred_attstmt_ptr ,
|
||||
.Nm fido_cred_authdata_len ,
|
||||
@@ -58,6 +60,7 @@
|
||||
.Nm fido_cred_pubkey_len ,
|
||||
.Nm fido_cred_sig_len ,
|
||||
.Nm fido_cred_user_id_len ,
|
||||
.Nm fido_cred_x5c_list_len ,
|
||||
.Nm fido_cred_x5c_len ,
|
||||
.Nm fido_cred_attstmt_len ,
|
||||
.Nm fido_cred_type ,
|
||||
@@ -102,6 +105,10 @@
|
||||
.Fn fido_cred_sig_ptr "const fido_cred_t *cred"
|
||||
.Ft const unsigned char *
|
||||
.Fn fido_cred_user_id_ptr "const fido_cred_t *cred"
|
||||
.Ft size_t
|
||||
.Fn fido_cred_x5c_list_count "const fido_cred_t *cred"
|
||||
.Ft const unsigned char *
|
||||
.Fn fido_cred_x5c_list_ptr "const fido_cred_t *cred" "size_t idx"
|
||||
.Ft const unsigned char *
|
||||
.Fn fido_cred_x5c_ptr "const fido_cred_t *cred"
|
||||
.Ft const unsigned char *
|
||||
@@ -125,6 +132,8 @@
|
||||
.Ft size_t
|
||||
.Fn fido_cred_user_id_len "const fido_cred_t *cred"
|
||||
.Ft size_t
|
||||
.Fn fido_cred_x5c_list_len "const fido_cred_t *cred" "size_t idx"
|
||||
.Ft size_t
|
||||
.Fn fido_cred_x5c_len "const fido_cred_t *cred"
|
||||
.Ft size_t
|
||||
.Fn fido_cred_attstmt_len "const fido_cred_t *cred"
|
||||
@@ -246,7 +255,7 @@ and
|
||||
functions return pointers to the CBOR-encoded and raw authenticator
|
||||
data, client data hash, ID, authenticator attestation GUID,
|
||||
.Dq largeBlobKey ,
|
||||
public key, signature, user ID, x509 certificate, and attestation
|
||||
public key, signature, user ID, x509 leaf certificate, and attestation
|
||||
statement parts of
|
||||
.Fa cred ,
|
||||
or NULL if the respective entry is not set.
|
||||
@@ -265,6 +274,37 @@ The corresponding length can be obtained by
|
||||
and
|
||||
.Fn fido_cred_attstmt_len .
|
||||
.Pp
|
||||
The
|
||||
.Fn fido_cred_x5c_list_count
|
||||
function returns the length of the x509 certificate chain in
|
||||
.Fa cred
|
||||
and the
|
||||
.Fn fido_cred_x5c_list_ptr
|
||||
and
|
||||
.Fn fido_cred_x5c_list_len
|
||||
functions return a pointer to and length of the x509 certificate at index
|
||||
.Fa idx
|
||||
respectively.
|
||||
Please note that the leaf certificate has an
|
||||
.Fa idx
|
||||
(index) value of 0 and calling
|
||||
.Fn fido_cred_x5c_list_ptr cred 0
|
||||
and
|
||||
.Fn fido_cred_x5c_list_len cred 0
|
||||
is equivalent to
|
||||
.Fn fido_cred_x5c_ptr cred
|
||||
and
|
||||
.Fn fido_cred_x5c_len cred
|
||||
respectively.
|
||||
If
|
||||
.Fa idx
|
||||
exceeds the return value of
|
||||
.Fn fido_cred_x5c_list_count ,
|
||||
.Fn fido_cred_x5c_list_ptr
|
||||
returns NULL and
|
||||
.Fn fido_cred_x5c_list_len
|
||||
returns 0.
|
||||
.Pp
|
||||
The authenticator data, x509 certificate, and signature parts of a
|
||||
credential are typically passed to a FIDO2 server for verification.
|
||||
.Pp
|
||||
|
||||
@@ -32,6 +32,7 @@
|
||||
.Nm fido_cred_set_authdata ,
|
||||
.Nm fido_cred_set_authdata_raw ,
|
||||
.Nm fido_cred_set_attstmt ,
|
||||
.Nm fido_cred_set_attobj ,
|
||||
.Nm fido_cred_set_x509 ,
|
||||
.Nm fido_cred_set_sig ,
|
||||
.Nm fido_cred_set_id ,
|
||||
@@ -64,6 +65,8 @@ typedef enum {
|
||||
.Ft int
|
||||
.Fn fido_cred_set_attstmt "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
|
||||
.Ft int
|
||||
.Fn fido_cred_set_attobj "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
|
||||
.Ft int
|
||||
.Fn fido_cred_set_x509 "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
|
||||
.Ft int
|
||||
.Fn fido_cred_set_sig "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
|
||||
@@ -110,14 +113,15 @@ of its constituent parts, please refer to the Web Authentication
|
||||
The
|
||||
.Fn fido_cred_set_authdata ,
|
||||
.Fn fido_cred_set_attstmt ,
|
||||
.Fn fido_cred_set_attobj ,
|
||||
.Fn fido_cred_set_x509 ,
|
||||
.Fn fido_cred_set_sig ,
|
||||
.Fn fido_cred_set_id ,
|
||||
and
|
||||
.Fn fido_cred_set_clientdata_hash
|
||||
functions set the authenticator data, attestation statement,
|
||||
attestation certificate, attestation signature, id, and client
|
||||
data hash parts of
|
||||
attestation object, attestation certificate, attestation signature,
|
||||
id, and client data hash parts of
|
||||
.Fa cred
|
||||
to
|
||||
.Fa ptr ,
|
||||
@@ -157,6 +161,26 @@ The latter two are meant to be used in contexts where the
|
||||
credential's complete attestation statement is not available or
|
||||
required.
|
||||
.Pp
|
||||
The attestation object passed to
|
||||
.Fn fido_cred_set_attobj
|
||||
must be a CBOR-encoded map containing
|
||||
.Dq authData ,
|
||||
.Dq fmt ,
|
||||
and
|
||||
.Dq attStmt .
|
||||
An application calling
|
||||
.Fn fido_cred_set_attobj
|
||||
does not need to call
|
||||
.Fn fido_cred_set_fmt ,
|
||||
.Fn fido_cred_set_attstmt ,
|
||||
.Fn fido_cred_set_authdata ,
|
||||
or
|
||||
.Fn fido_cred_set_authdata_raw .
|
||||
.Fn fido_cred_set_attobj
|
||||
may be useful in applications interfacing with the WebAuthn API,
|
||||
removing the need to first parse the attestation object to verify the
|
||||
credential.
|
||||
.Pp
|
||||
The
|
||||
.Fn fido_cred_set_clientdata
|
||||
function allows an application to set the client data hash of
|
||||
|
||||
+477
@@ -1365,6 +1365,420 @@ const unsigned char attstmt_tpm_es256[3841] = {
|
||||
0x4e
|
||||
};
|
||||
|
||||
const unsigned char x509_0_tpm_es256[1476] = {
|
||||
0x30, 0x82, 0x05, 0xc0, 0x30, 0x82, 0x03, 0xa8,
|
||||
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x30,
|
||||
0xcd, 0xf2, 0x7e, 0x81, 0xc0, 0x43, 0x85, 0xa2,
|
||||
0xd7, 0x29, 0xef, 0xf7, 0x9f, 0xa5, 0x2b, 0x30,
|
||||
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x41,
|
||||
0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04,
|
||||
0x03, 0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53,
|
||||
0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44,
|
||||
0x2d, 0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34,
|
||||
0x41, 0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37,
|
||||
0x41, 0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30,
|
||||
0x30, 0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31,
|
||||
0x41, 0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36,
|
||||
0x30, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x31,
|
||||
0x31, 0x30, 0x32, 0x31, 0x35, 0x30, 0x36, 0x35,
|
||||
0x33, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36,
|
||||
0x30, 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36,
|
||||
0x5a, 0x30, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30,
|
||||
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
|
||||
0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
|
||||
0x82, 0x01, 0x01, 0x00, 0xdb, 0xd5, 0x9a, 0xfc,
|
||||
0x09, 0xa7, 0xc4, 0xa5, 0x5f, 0xbe, 0x5f, 0xa2,
|
||||
0xeb, 0xd6, 0x8e, 0xed, 0xc5, 0x67, 0xa6, 0xa7,
|
||||
0xd9, 0xb2, 0x46, 0xc6, 0xe0, 0xae, 0x0c, 0x02,
|
||||
0x25, 0x0a, 0xf2, 0xc5, 0x96, 0xdc, 0xb7, 0x0e,
|
||||
0xb9, 0x86, 0xd3, 0x51, 0xbb, 0x63, 0xf0, 0x4f,
|
||||
0x8a, 0x5e, 0xd7, 0xf7, 0xff, 0xbb, 0x29, 0xbd,
|
||||
0x58, 0xcf, 0x75, 0x02, 0x39, 0xcb, 0x80, 0xf1,
|
||||
0xd4, 0xb6, 0x75, 0x67, 0x2f, 0x27, 0x4d, 0x0c,
|
||||
0xcc, 0x18, 0x59, 0x87, 0xfa, 0x51, 0xd1, 0x80,
|
||||
0xb5, 0x1a, 0xac, 0xac, 0x29, 0x51, 0xcf, 0x27,
|
||||
0xaa, 0x74, 0xac, 0x3e, 0x59, 0x56, 0x67, 0xe4,
|
||||
0x42, 0xe8, 0x30, 0x35, 0xb2, 0xf6, 0x27, 0x91,
|
||||
0x62, 0x60, 0x42, 0x42, 0x12, 0xde, 0xfe, 0xdd,
|
||||
0xee, 0xe8, 0xa8, 0x82, 0xf9, 0xb1, 0x08, 0xd5,
|
||||
0x8d, 0x57, 0x9a, 0x29, 0xb9, 0xb4, 0xe9, 0x19,
|
||||
0x1e, 0x33, 0x7d, 0x37, 0xa0, 0xce, 0x2e, 0x53,
|
||||
0x13, 0x39, 0xb6, 0x12, 0x61, 0x63, 0xbf, 0xd3,
|
||||
0x42, 0xeb, 0x6f, 0xed, 0xc1, 0x8e, 0x26, 0xba,
|
||||
0x7d, 0x8b, 0x37, 0x7c, 0xbb, 0x42, 0x1e, 0x56,
|
||||
0x76, 0xda, 0xdb, 0x35, 0x6b, 0x80, 0xe1, 0x8e,
|
||||
0x00, 0xac, 0xd2, 0xfc, 0x22, 0x96, 0x14, 0x0c,
|
||||
0xf4, 0xe4, 0xc5, 0xad, 0x14, 0xb7, 0x4d, 0x46,
|
||||
0x63, 0x30, 0x79, 0x3a, 0x7c, 0x33, 0xb5, 0xe5,
|
||||
0x2e, 0xbb, 0x5f, 0xca, 0xf2, 0x75, 0xe3, 0x4e,
|
||||
0x99, 0x64, 0x1b, 0x26, 0x99, 0x60, 0x1a, 0x79,
|
||||
0xcc, 0x30, 0x2c, 0xb3, 0x4c, 0x59, 0xf7, 0x77,
|
||||
0x59, 0xd5, 0x90, 0x70, 0x21, 0x79, 0x8c, 0x1f,
|
||||
0x79, 0x0a, 0x12, 0x8b, 0x3b, 0x37, 0x2d, 0x97,
|
||||
0x39, 0x89, 0x92, 0x0c, 0x44, 0x7c, 0xe9, 0x9f,
|
||||
0xce, 0x6d, 0xad, 0xc5, 0xae, 0xea, 0x8e, 0x50,
|
||||
0x22, 0x37, 0xe0, 0xd1, 0x9e, 0xd6, 0xe6, 0xa8,
|
||||
0xcc, 0x21, 0xfb, 0xff, 0x02, 0x03, 0x01, 0x00,
|
||||
0x01, 0xa3, 0x82, 0x01, 0xf3, 0x30, 0x82, 0x01,
|
||||
0xef, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
|
||||
0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07,
|
||||
0x80, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
|
||||
0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
|
||||
0x6d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01,
|
||||
0xff, 0x04, 0x63, 0x30, 0x61, 0x30, 0x5f, 0x06,
|
||||
0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37,
|
||||
0x15, 0x1f, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08,
|
||||
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02,
|
||||
0x30, 0x44, 0x1e, 0x42, 0x00, 0x54, 0x00, 0x43,
|
||||
0x00, 0x50, 0x00, 0x41, 0x00, 0x20, 0x00, 0x20,
|
||||
0x00, 0x54, 0x00, 0x72, 0x00, 0x75, 0x00, 0x73,
|
||||
0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20,
|
||||
0x00, 0x20, 0x00, 0x50, 0x00, 0x6c, 0x00, 0x61,
|
||||
0x00, 0x74, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x72,
|
||||
0x00, 0x6d, 0x00, 0x20, 0x00, 0x20, 0x00, 0x49,
|
||||
0x00, 0x64, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74,
|
||||
0x00, 0x69, 0x00, 0x74, 0x00, 0x79, 0x30, 0x10,
|
||||
0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x09, 0x30,
|
||||
0x07, 0x06, 0x05, 0x67, 0x81, 0x05, 0x08, 0x03,
|
||||
0x30, 0x59, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x01,
|
||||
0x01, 0xff, 0x04, 0x4f, 0x30, 0x4d, 0xa4, 0x4b,
|
||||
0x30, 0x49, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05,
|
||||
0x67, 0x81, 0x05, 0x02, 0x01, 0x0c, 0x0b, 0x69,
|
||||
0x64, 0x3a, 0x35, 0x33, 0x35, 0x34, 0x34, 0x44,
|
||||
0x32, 0x30, 0x31, 0x17, 0x30, 0x15, 0x06, 0x05,
|
||||
0x67, 0x81, 0x05, 0x02, 0x02, 0x0c, 0x0c, 0x53,
|
||||
0x54, 0x33, 0x33, 0x48, 0x54, 0x50, 0x48, 0x41,
|
||||
0x48, 0x42, 0x34, 0x31, 0x16, 0x30, 0x14, 0x06,
|
||||
0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0c, 0x0b,
|
||||
0x69, 0x64, 0x3a, 0x30, 0x30, 0x34, 0x39, 0x30,
|
||||
0x30, 0x30, 0x34, 0x30, 0x1f, 0x06, 0x03, 0x55,
|
||||
0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
|
||||
0x45, 0x1a, 0xec, 0xfc, 0x91, 0x70, 0xf8, 0x83,
|
||||
0x8b, 0x9c, 0x47, 0x2f, 0x0b, 0x9f, 0x07, 0xf3,
|
||||
0x2f, 0x7c, 0xa2, 0x8a, 0x30, 0x1d, 0x06, 0x03,
|
||||
0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55,
|
||||
0xa6, 0xee, 0xe3, 0x28, 0xdd, 0x40, 0x7f, 0x21,
|
||||
0xd2, 0x7b, 0x8c, 0x69, 0x2f, 0x8c, 0x08, 0x29,
|
||||
0xbc, 0x95, 0xb8, 0x30, 0x81, 0xb2, 0x06, 0x08,
|
||||
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
|
||||
0x04, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x81,
|
||||
0x9f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
|
||||
0x07, 0x30, 0x02, 0x86, 0x81, 0x92, 0x68, 0x74,
|
||||
0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x7a, 0x63,
|
||||
0x73, 0x70, 0x72, 0x6f, 0x64, 0x65, 0x75, 0x73,
|
||||
0x61, 0x69, 0x6b, 0x70, 0x75, 0x62, 0x6c, 0x69,
|
||||
0x73, 0x68, 0x2e, 0x62, 0x6c, 0x6f, 0x62, 0x2e,
|
||||
0x63, 0x6f, 0x72, 0x65, 0x2e, 0x77, 0x69, 0x6e,
|
||||
0x64, 0x6f, 0x77, 0x73, 0x2e, 0x6e, 0x65, 0x74,
|
||||
0x2f, 0x65, 0x75, 0x73, 0x2d, 0x73, 0x74, 0x6d,
|
||||
0x2d, 0x6b, 0x65, 0x79, 0x69, 0x64, 0x2d, 0x31,
|
||||
0x61, 0x64, 0x62, 0x39, 0x39, 0x34, 0x61, 0x62,
|
||||
0x35, 0x38, 0x62, 0x65, 0x35, 0x37, 0x61, 0x30,
|
||||
0x63, 0x63, 0x39, 0x62, 0x39, 0x30, 0x30, 0x65,
|
||||
0x37, 0x38, 0x35, 0x31, 0x65, 0x31, 0x61, 0x34,
|
||||
0x33, 0x63, 0x30, 0x38, 0x36, 0x36, 0x30, 0x2f,
|
||||
0x62, 0x36, 0x63, 0x30, 0x64, 0x39, 0x38, 0x64,
|
||||
0x2d, 0x35, 0x37, 0x38, 0x61, 0x2d, 0x34, 0x62,
|
||||
0x66, 0x62, 0x2d, 0x61, 0x32, 0x64, 0x33, 0x2d,
|
||||
0x65, 0x64, 0x66, 0x65, 0x35, 0x66, 0x38, 0x32,
|
||||
0x30, 0x36, 0x30, 0x31, 0x2e, 0x63, 0x65, 0x72,
|
||||
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
|
||||
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
|
||||
0x82, 0x02, 0x01, 0x00, 0x2a, 0x08, 0x30, 0x1f,
|
||||
0xfd, 0x8f, 0x80, 0x9b, 0x4b, 0x37, 0x82, 0x61,
|
||||
0x86, 0x36, 0x57, 0x90, 0xb5, 0x1d, 0x1f, 0xa3,
|
||||
0xae, 0x68, 0xac, 0xa7, 0x96, 0x6a, 0x25, 0x5e,
|
||||
0xc5, 0x82, 0x7c, 0x36, 0x64, 0x58, 0x11, 0xcb,
|
||||
0xa5, 0xee, 0xbf, 0xc4, 0xdb, 0xa0, 0xc7, 0x82,
|
||||
0x3b, 0xa3, 0x85, 0x9b, 0xc4, 0xee, 0x07, 0x36,
|
||||
0xd7, 0xc7, 0xb6, 0x23, 0xed, 0xc2, 0x73, 0xab,
|
||||
0xbe, 0xbe, 0xee, 0x63, 0x17, 0xf9, 0xd7, 0x7a,
|
||||
0x23, 0x7b, 0xf8, 0x09, 0x7a, 0xaa, 0x7f, 0x67,
|
||||
0xc3, 0x04, 0x84, 0x71, 0x9b, 0x06, 0x9c, 0x07,
|
||||
0x42, 0x4b, 0x65, 0x41, 0x56, 0x58, 0x14, 0x92,
|
||||
0xb0, 0xb9, 0xaf, 0xa1, 0x39, 0xd4, 0x08, 0x2d,
|
||||
0x71, 0xd5, 0x6c, 0x56, 0xb9, 0x2b, 0x1e, 0xf3,
|
||||
0x93, 0xa5, 0xe9, 0xb2, 0x9b, 0x4d, 0x05, 0x2b,
|
||||
0xbc, 0xd2, 0x20, 0x57, 0x3b, 0xa4, 0x01, 0x68,
|
||||
0x8c, 0x23, 0x20, 0x7d, 0xbb, 0x71, 0xe4, 0x2a,
|
||||
0x24, 0xba, 0x75, 0x0c, 0x89, 0x54, 0x22, 0xeb,
|
||||
0x0e, 0xb2, 0xf4, 0xc2, 0x1f, 0x02, 0xb7, 0xe3,
|
||||
0x06, 0x41, 0x15, 0x6b, 0xf3, 0xc8, 0x2d, 0x5b,
|
||||
0xc2, 0x21, 0x82, 0x3e, 0xe8, 0x95, 0x40, 0x39,
|
||||
0x9e, 0x91, 0x68, 0x33, 0x0c, 0x3d, 0x45, 0xef,
|
||||
0x99, 0x79, 0xe6, 0x32, 0xc9, 0x00, 0x84, 0x36,
|
||||
0xfb, 0x0a, 0x8d, 0x41, 0x1c, 0x32, 0x64, 0x06,
|
||||
0x9e, 0x0f, 0xb5, 0x04, 0xcc, 0x08, 0xb1, 0xb6,
|
||||
0x2b, 0xcf, 0x36, 0x0f, 0x73, 0x14, 0x8e, 0x25,
|
||||
0x44, 0xb3, 0x0c, 0x34, 0x14, 0x96, 0x0c, 0x8a,
|
||||
0x65, 0xa1, 0xde, 0x8e, 0xc8, 0x9d, 0xbe, 0x66,
|
||||
0xdf, 0x06, 0x91, 0xca, 0x15, 0x0f, 0x92, 0xd5,
|
||||
0x2a, 0x0b, 0xdc, 0x4c, 0x6a, 0xf3, 0x16, 0x4a,
|
||||
0x3e, 0xb9, 0x76, 0xbc, 0xfe, 0x62, 0xd4, 0xa8,
|
||||
0xcd, 0x94, 0x78, 0x0d, 0xdd, 0x94, 0xfd, 0x5e,
|
||||
0x63, 0x57, 0x27, 0x05, 0x9c, 0xd0, 0x80, 0x91,
|
||||
0x91, 0x79, 0xe8, 0x5e, 0x18, 0x64, 0x22, 0xe4,
|
||||
0x2c, 0x13, 0x65, 0xa4, 0x51, 0x5a, 0x1e, 0x3b,
|
||||
0x71, 0x2e, 0x70, 0x9f, 0xc4, 0xa5, 0x20, 0xcd,
|
||||
0xef, 0xd8, 0x3f, 0xa4, 0xf5, 0x89, 0x8a, 0xa5,
|
||||
0x4f, 0x76, 0x2d, 0x49, 0x56, 0x00, 0x8d, 0xde,
|
||||
0x40, 0xba, 0x24, 0x46, 0x51, 0x38, 0xad, 0xdb,
|
||||
0xc4, 0x04, 0xf4, 0x6e, 0xc0, 0x29, 0x48, 0x07,
|
||||
0x6a, 0x1b, 0x26, 0x32, 0x0a, 0xfb, 0xea, 0x71,
|
||||
0x2a, 0x11, 0xfc, 0x98, 0x7c, 0x44, 0x87, 0xbc,
|
||||
0x06, 0x3a, 0x4d, 0xbd, 0x91, 0x63, 0x4f, 0x26,
|
||||
0x48, 0x54, 0x47, 0x1b, 0xbd, 0xf0, 0xf1, 0x56,
|
||||
0x05, 0xc5, 0x0f, 0x8f, 0x20, 0xa5, 0xcc, 0xfb,
|
||||
0x76, 0xb0, 0xbd, 0x83, 0xde, 0x7f, 0x39, 0x4f,
|
||||
0xcf, 0x61, 0x74, 0x52, 0xa7, 0x1d, 0xf6, 0xb5,
|
||||
0x5e, 0x4a, 0x82, 0x20, 0xc1, 0x94, 0xaa, 0x2c,
|
||||
0x33, 0xd6, 0x0a, 0xf9, 0x8f, 0x92, 0xc6, 0x29,
|
||||
0x80, 0xf5, 0xa2, 0xb1, 0xff, 0xb6, 0x2b, 0xaa,
|
||||
0x04, 0x00, 0x72, 0xb4, 0x12, 0xbb, 0xb1, 0xf1,
|
||||
0x3c, 0x88, 0xa3, 0xab, 0x49, 0x17, 0x90, 0x80,
|
||||
0x59, 0xa2, 0x96, 0x41, 0x69, 0x74, 0x33, 0x8a,
|
||||
0x28, 0x33, 0x7e, 0xb3, 0x19, 0x92, 0x28, 0xc1,
|
||||
0xf0, 0xd1, 0x82, 0xd5, 0x42, 0xff, 0xe7, 0xa5,
|
||||
0x3f, 0x1e, 0xb6, 0x4a, 0x23, 0xcc, 0x6a, 0x7f,
|
||||
0x15, 0x15, 0x52, 0x25, 0xb1, 0xca, 0x21, 0x95,
|
||||
0x11, 0x53, 0x3e, 0x1f, 0x50, 0x33, 0x12, 0x7a,
|
||||
0x62, 0xce, 0xcc, 0x71, 0xc2, 0x5f, 0x34, 0x47,
|
||||
0xc6, 0x7c, 0x71, 0xfa, 0xa0, 0x54, 0x00, 0xb2,
|
||||
0xdf, 0xc5, 0x54, 0xac, 0x6c, 0x53, 0xef, 0x64,
|
||||
0x6b, 0x08, 0x82, 0xd8, 0x16, 0x1e, 0xca, 0x40,
|
||||
0xf3, 0x1f, 0xdf, 0x56, 0x63, 0x10, 0xbc, 0xd7,
|
||||
0xa0, 0xeb, 0xee, 0xd1, 0x95, 0xe5, 0xef, 0xf1,
|
||||
0x6a, 0x83, 0x2d, 0x5a
|
||||
};
|
||||
|
||||
const unsigned char x509_1_tpm_es256[1775] = {
|
||||
0x30, 0x82, 0x06, 0xeb, 0x30, 0x82, 0x04, 0xd3,
|
||||
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x33,
|
||||
0x00, 0x00, 0x05, 0x23, 0xbf, 0xe8, 0xa1, 0x1a,
|
||||
0x2a, 0x68, 0xbd, 0x09, 0x00, 0x00, 0x00, 0x00,
|
||||
0x05, 0x23, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
|
||||
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
|
||||
0x00, 0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09,
|
||||
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
|
||||
0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
|
||||
0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68,
|
||||
0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
|
||||
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
|
||||
0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64,
|
||||
0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
|
||||
0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f,
|
||||
0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
|
||||
0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
|
||||
0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04,
|
||||
0x03, 0x13, 0x2d, 0x4d, 0x69, 0x63, 0x72, 0x6f,
|
||||
0x73, 0x6f, 0x66, 0x74, 0x20, 0x54, 0x50, 0x4d,
|
||||
0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65,
|
||||
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
|
||||
0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
|
||||
0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x34,
|
||||
0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36,
|
||||
0x30, 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36,
|
||||
0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36, 0x30,
|
||||
0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36, 0x5a,
|
||||
0x30, 0x41, 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03,
|
||||
0x55, 0x04, 0x03, 0x13, 0x36, 0x45, 0x55, 0x53,
|
||||
0x2d, 0x53, 0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59,
|
||||
0x49, 0x44, 0x2d, 0x31, 0x41, 0x44, 0x42, 0x39,
|
||||
0x39, 0x34, 0x41, 0x42, 0x35, 0x38, 0x42, 0x45,
|
||||
0x35, 0x37, 0x41, 0x30, 0x43, 0x43, 0x39, 0x42,
|
||||
0x39, 0x30, 0x30, 0x45, 0x37, 0x38, 0x35, 0x31,
|
||||
0x45, 0x31, 0x41, 0x34, 0x33, 0x43, 0x30, 0x38,
|
||||
0x36, 0x36, 0x30, 0x30, 0x82, 0x02, 0x22, 0x30,
|
||||
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
|
||||
0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02,
|
||||
0x82, 0x02, 0x01, 0x00, 0xdb, 0x03, 0x34, 0x82,
|
||||
0xfa, 0x81, 0x1c, 0x84, 0x0b, 0xa0, 0x0e, 0x60,
|
||||
0xd8, 0x9d, 0x84, 0xf4, 0x81, 0xc4, 0xe9, 0xff,
|
||||
0xcf, 0xe9, 0xa3, 0x57, 0x53, 0x60, 0xa8, 0x19,
|
||||
0xce, 0xbe, 0xe1, 0x97, 0xee, 0x5d, 0x8c, 0x9f,
|
||||
0xe4, 0xbd, 0xef, 0xbd, 0x94, 0x14, 0xe4, 0x74,
|
||||
0x41, 0x02, 0xe9, 0x03, 0x19, 0x9f, 0xdd, 0x48,
|
||||
0x2d, 0xbd, 0xca, 0x26, 0x47, 0x2c, 0x01, 0x31,
|
||||
0x5f, 0x34, 0xef, 0x59, 0x35, 0x48, 0x36, 0x3d,
|
||||
0x1e, 0xdf, 0xd8, 0x13, 0xf0, 0xd0, 0x67, 0xc1,
|
||||
0xb0, 0x47, 0x67, 0xa2, 0xd6, 0x62, 0xc8, 0xe1,
|
||||
0x00, 0x36, 0x8b, 0x45, 0xf6, 0x3b, 0x96, 0x60,
|
||||
0xa0, 0x45, 0x26, 0xcb, 0xc7, 0x0b, 0x5b, 0x97,
|
||||
0xd1, 0xaf, 0x54, 0x25, 0x7a, 0x67, 0xe4, 0x2a,
|
||||
0xd8, 0x9d, 0x53, 0x05, 0xbd, 0x12, 0xac, 0xa2,
|
||||
0x8e, 0x95, 0xb4, 0x2a, 0xca, 0x89, 0x93, 0x64,
|
||||
0x97, 0x25, 0xdc, 0x1f, 0xa9, 0xe0, 0x55, 0x07,
|
||||
0x38, 0x1d, 0xee, 0x02, 0x90, 0x22, 0xf5, 0xad,
|
||||
0x4e, 0x5c, 0xf8, 0xc5, 0x1f, 0x9e, 0x84, 0x7e,
|
||||
0x13, 0x47, 0x52, 0xa2, 0x36, 0xf9, 0xf6, 0xbf,
|
||||
0x76, 0x9e, 0x0f, 0xdd, 0x14, 0x99, 0xb9, 0xd8,
|
||||
0x5a, 0x42, 0x3d, 0xd8, 0xbf, 0xdd, 0xb4, 0x9b,
|
||||
0xbf, 0x6a, 0x9f, 0x89, 0x13, 0x75, 0xaf, 0x96,
|
||||
0xd2, 0x72, 0xdf, 0xb3, 0x80, 0x6f, 0x84, 0x1a,
|
||||
0x9d, 0x06, 0x55, 0x09, 0x29, 0xea, 0xa7, 0x05,
|
||||
0x31, 0xec, 0x47, 0x3a, 0xcf, 0x3f, 0x9c, 0x2c,
|
||||
0xbd, 0xd0, 0x7d, 0xe4, 0x75, 0x5b, 0x33, 0xbe,
|
||||
0x12, 0x86, 0x09, 0xcf, 0x66, 0x9a, 0xeb, 0xf8,
|
||||
0xf8, 0x72, 0x91, 0x88, 0x4a, 0x5e, 0x89, 0x62,
|
||||
0x6a, 0x94, 0xdc, 0x48, 0x37, 0x13, 0xd8, 0x91,
|
||||
0x02, 0xe3, 0x42, 0x41, 0x7c, 0x2f, 0xe3, 0xb6,
|
||||
0x0f, 0xb4, 0x96, 0x06, 0x80, 0xca, 0x28, 0x01,
|
||||
0x6f, 0x4b, 0xcd, 0x28, 0xd4, 0x2c, 0x94, 0x7e,
|
||||
0x40, 0x7e, 0xdf, 0x01, 0xe5, 0xf2, 0x33, 0xd4,
|
||||
0xda, 0xf4, 0x1a, 0x17, 0xf7, 0x5d, 0xcb, 0x66,
|
||||
0x2c, 0x2a, 0xeb, 0xe1, 0xb1, 0x4a, 0xc3, 0x85,
|
||||
0x63, 0xb2, 0xac, 0xd0, 0x3f, 0x1a, 0x8d, 0xa5,
|
||||
0x0c, 0xee, 0x4f, 0xde, 0x74, 0x9c, 0xe0, 0x5a,
|
||||
0x10, 0xc7, 0xb8, 0xe4, 0xec, 0xe7, 0x73, 0xa6,
|
||||
0x41, 0x42, 0x37, 0xe1, 0xdf, 0xb9, 0xc7, 0xb5,
|
||||
0x14, 0xa8, 0x80, 0x95, 0xa0, 0x12, 0x67, 0x99,
|
||||
0xf5, 0xba, 0x25, 0x0a, 0x74, 0x86, 0x71, 0x9c,
|
||||
0x7f, 0x59, 0x97, 0xd2, 0x3f, 0x10, 0xfe, 0x6a,
|
||||
0xb9, 0xe4, 0x47, 0x36, 0xfb, 0x0f, 0x50, 0xee,
|
||||
0xfc, 0x87, 0x99, 0x7e, 0x36, 0x64, 0x1b, 0xc7,
|
||||
0x13, 0xb3, 0x33, 0x18, 0x71, 0xa4, 0xc3, 0xb0,
|
||||
0xfc, 0x45, 0x37, 0x11, 0x40, 0xb3, 0xde, 0x2c,
|
||||
0x9f, 0x0a, 0xcd, 0xaf, 0x5e, 0xfb, 0xd5, 0x9c,
|
||||
0xea, 0xd7, 0x24, 0x19, 0x3a, 0x92, 0x80, 0xa5,
|
||||
0x63, 0xc5, 0x3e, 0xdd, 0x51, 0xd0, 0x9f, 0xb8,
|
||||
0x5e, 0xd5, 0xf1, 0xfe, 0xa5, 0x93, 0xfb, 0x7f,
|
||||
0xd9, 0xb8, 0xb7, 0x0e, 0x0d, 0x12, 0x71, 0xf0,
|
||||
0x52, 0x9d, 0xe9, 0xd0, 0xd2, 0x8b, 0x38, 0x8b,
|
||||
0x85, 0x83, 0x98, 0x24, 0x88, 0xe8, 0x42, 0x30,
|
||||
0x83, 0x12, 0xef, 0x09, 0x96, 0x2f, 0x21, 0x81,
|
||||
0x05, 0x30, 0x0c, 0xbb, 0xba, 0x21, 0x39, 0x16,
|
||||
0x12, 0xe8, 0x4b, 0x7b, 0x7a, 0x66, 0xb8, 0x22,
|
||||
0x2c, 0x71, 0xaf, 0x59, 0xa1, 0xfc, 0x61, 0xf1,
|
||||
0xb4, 0x5e, 0xfc, 0x43, 0x19, 0x45, 0x6e, 0xa3,
|
||||
0x45, 0xe4, 0xcb, 0x66, 0x5f, 0xe0, 0x57, 0xf6,
|
||||
0x0a, 0x30, 0xa3, 0xd6, 0x51, 0x24, 0xc9, 0x07,
|
||||
0x55, 0x82, 0x4a, 0x66, 0x0e, 0x9d, 0xb2, 0x2f,
|
||||
0x84, 0x56, 0x6c, 0x3e, 0x71, 0xef, 0x9b, 0x35,
|
||||
0x4d, 0x72, 0xdc, 0x46, 0x2a, 0xe3, 0x7b, 0x13,
|
||||
0x20, 0xbf, 0xab, 0x77, 0x02, 0x03, 0x01, 0x00,
|
||||
0x01, 0xa3, 0x82, 0x01, 0x8e, 0x30, 0x82, 0x01,
|
||||
0x8a, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
|
||||
0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
|
||||
0x84, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x1d, 0x25,
|
||||
0x04, 0x14, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06,
|
||||
0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x24, 0x06,
|
||||
0x05, 0x67, 0x81, 0x05, 0x08, 0x03, 0x30, 0x16,
|
||||
0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0f, 0x30,
|
||||
0x0d, 0x30, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01,
|
||||
0x04, 0x01, 0x82, 0x37, 0x15, 0x1f, 0x30, 0x12,
|
||||
0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
|
||||
0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
|
||||
0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
|
||||
0x0e, 0x04, 0x16, 0x04, 0x14, 0x45, 0x1a, 0xec,
|
||||
0xfc, 0x91, 0x70, 0xf8, 0x83, 0x8b, 0x9c, 0x47,
|
||||
0x2f, 0x0b, 0x9f, 0x07, 0xf3, 0x2f, 0x7c, 0xa2,
|
||||
0x8a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
|
||||
0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7a, 0x8c,
|
||||
0x0a, 0xce, 0x2f, 0x48, 0x62, 0x17, 0xe2, 0x94,
|
||||
0xd1, 0xae, 0x55, 0xc1, 0x52, 0xec, 0x71, 0x74,
|
||||
0xa4, 0x56, 0x30, 0x70, 0x06, 0x03, 0x55, 0x1d,
|
||||
0x1f, 0x04, 0x69, 0x30, 0x67, 0x30, 0x65, 0xa0,
|
||||
0x63, 0xa0, 0x61, 0x86, 0x5f, 0x68, 0x74, 0x74,
|
||||
0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e,
|
||||
0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
|
||||
0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b,
|
||||
0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c,
|
||||
0x2f, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
|
||||
0x66, 0x74, 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d,
|
||||
0x25, 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25,
|
||||
0x32, 0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
|
||||
0x69, 0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30,
|
||||
0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
|
||||
0x79, 0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x34,
|
||||
0x2e, 0x63, 0x72, 0x6c, 0x30, 0x7d, 0x06, 0x08,
|
||||
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
|
||||
0x04, 0x71, 0x30, 0x6f, 0x30, 0x6d, 0x06, 0x08,
|
||||
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02,
|
||||
0x86, 0x61, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
|
||||
0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63,
|
||||
0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63,
|
||||
0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70,
|
||||
0x73, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f,
|
||||
0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
|
||||
0x74, 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d, 0x25,
|
||||
0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32,
|
||||
0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
|
||||
0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30, 0x41,
|
||||
0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
|
||||
0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x34, 0x2e,
|
||||
0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a,
|
||||
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
|
||||
0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x48,
|
||||
0x24, 0x32, 0xe8, 0xd6, 0x38, 0xda, 0x65, 0xec,
|
||||
0x1b, 0x18, 0x8e, 0x37, 0x07, 0xd5, 0x18, 0x5a,
|
||||
0xc8, 0xb9, 0xbb, 0x24, 0x8a, 0x4d, 0xa1, 0x3c,
|
||||
0x9e, 0x46, 0x76, 0xcf, 0xa5, 0xdf, 0xd7, 0x61,
|
||||
0xba, 0x05, 0x89, 0x3c, 0x13, 0xc2, 0x1f, 0x71,
|
||||
0xe3, 0xec, 0x5d, 0x54, 0x9e, 0xd9, 0x01, 0x5a,
|
||||
0x10, 0x3b, 0x17, 0x75, 0xde, 0xa1, 0x45, 0xbf,
|
||||
0x1d, 0x1b, 0x41, 0x21, 0x42, 0x68, 0x22, 0x6b,
|
||||
0xbb, 0xcb, 0x11, 0x04, 0xd2, 0xae, 0x86, 0xcf,
|
||||
0x73, 0x5a, 0xf2, 0x80, 0x18, 0x00, 0xf0, 0xd6,
|
||||
0x6c, 0x5a, 0x1e, 0xb3, 0x4d, 0x30, 0x02, 0x4a,
|
||||
0x6a, 0x03, 0x36, 0x42, 0xde, 0xb2, 0x52, 0x55,
|
||||
0xff, 0x71, 0xeb, 0x7b, 0x8b, 0x55, 0x6c, 0xdf,
|
||||
0x05, 0x35, 0x47, 0x70, 0x53, 0xfb, 0x6c, 0xba,
|
||||
0x06, 0xb2, 0x61, 0x86, 0xdc, 0x2a, 0x64, 0x81,
|
||||
0x24, 0x79, 0x46, 0x73, 0x04, 0x55, 0x59, 0xed,
|
||||
0xd6, 0x06, 0x61, 0x15, 0xf9, 0x8d, 0x78, 0x39,
|
||||
0x7b, 0x84, 0x7a, 0x40, 0x45, 0x13, 0x1a, 0x91,
|
||||
0x71, 0x8f, 0xd1, 0x4f, 0x78, 0x10, 0x68, 0x9b,
|
||||
0x15, 0x79, 0x3f, 0x79, 0x2d, 0x9b, 0xc7, 0x5d,
|
||||
0xa3, 0xcf, 0xa9, 0x14, 0xb0, 0xc4, 0xdb, 0xa9,
|
||||
0x45, 0x6a, 0x6e, 0x60, 0x45, 0x0b, 0x14, 0x25,
|
||||
0xc7, 0x74, 0xd0, 0x36, 0xaf, 0xc5, 0xbd, 0x4f,
|
||||
0x7b, 0xc0, 0x04, 0x43, 0x85, 0xbb, 0x06, 0x36,
|
||||
0x77, 0x26, 0x02, 0x23, 0x0b, 0xf8, 0x57, 0x8f,
|
||||
0x1f, 0x27, 0x30, 0x95, 0xff, 0x83, 0x23, 0x2b,
|
||||
0x49, 0x33, 0x43, 0x62, 0x87, 0x5d, 0x27, 0x12,
|
||||
0x1a, 0x68, 0x7b, 0xba, 0x2d, 0xf6, 0xed, 0x2c,
|
||||
0x26, 0xb5, 0xbb, 0xe2, 0x6f, 0xc2, 0x61, 0x17,
|
||||
0xfc, 0x72, 0x14, 0x57, 0x2c, 0x2c, 0x5a, 0x92,
|
||||
0x13, 0x41, 0xc4, 0x7e, 0xb5, 0x64, 0x5b, 0x86,
|
||||
0x57, 0x13, 0x14, 0xff, 0xf5, 0x04, 0xb9, 0x3d,
|
||||
0x2d, 0xc3, 0xe9, 0x75, 0x1f, 0x68, 0x0b, 0xb5,
|
||||
0x76, 0xe1, 0x7d, 0xe3, 0xb0, 0x14, 0xa8, 0x45,
|
||||
0x05, 0x98, 0x81, 0x32, 0xc1, 0xf5, 0x49, 0x4d,
|
||||
0x58, 0xa4, 0xee, 0xd8, 0x84, 0xba, 0x65, 0x07,
|
||||
0x8d, 0xf7, 0x9a, 0xff, 0x7d, 0xa5, 0xbc, 0x9a,
|
||||
0xed, 0x4a, 0x5d, 0xa4, 0x97, 0x4b, 0x4d, 0x31,
|
||||
0x90, 0xb5, 0x7d, 0x28, 0x77, 0x25, 0x88, 0x1c,
|
||||
0xbf, 0x78, 0x22, 0xb2, 0xb5, 0x5c, 0x9a, 0xc9,
|
||||
0x63, 0x17, 0x96, 0xe9, 0xc2, 0x52, 0x30, 0xb8,
|
||||
0x9b, 0x37, 0x69, 0x1a, 0x6a, 0x66, 0x76, 0x18,
|
||||
0xac, 0xc0, 0x48, 0xee, 0x46, 0x5b, 0xbe, 0x6a,
|
||||
0xd5, 0x72, 0x07, 0xdc, 0x7d, 0x05, 0xbe, 0x76,
|
||||
0x7d, 0xa5, 0x5e, 0x53, 0xb5, 0x47, 0x80, 0x58,
|
||||
0xf0, 0xaf, 0x6f, 0x4e, 0xc0, 0xf1, 0x1e, 0x37,
|
||||
0x64, 0x15, 0x42, 0x96, 0x18, 0x3a, 0x89, 0xc8,
|
||||
0x14, 0x48, 0x89, 0x5c, 0x12, 0x88, 0x98, 0x0b,
|
||||
0x7b, 0x4e, 0xce, 0x1c, 0xda, 0xd5, 0xa4, 0xd3,
|
||||
0x32, 0x32, 0x74, 0x5b, 0xcc, 0xfd, 0x2b, 0x02,
|
||||
0xfb, 0xae, 0xd0, 0x5a, 0x4c, 0xc9, 0xc1, 0x35,
|
||||
0x19, 0x90, 0x5f, 0xca, 0x14, 0xeb, 0x4c, 0x17,
|
||||
0xd7, 0xe3, 0xe2, 0x5d, 0xb4, 0x49, 0xaa, 0xf0,
|
||||
0x50, 0x87, 0xc3, 0x20, 0x00, 0xda, 0xe9, 0x04,
|
||||
0x80, 0x64, 0xac, 0x9f, 0xcd, 0x26, 0x41, 0x48,
|
||||
0xe8, 0x4c, 0x46, 0xcc, 0x5b, 0xd7, 0xca, 0x4c,
|
||||
0x1b, 0x43, 0x43, 0x1e, 0xbd, 0x94, 0xe7, 0xa7,
|
||||
0xa6, 0x86, 0xe5, 0xd1, 0x78, 0x29, 0xa2, 0x40,
|
||||
0xc5, 0xc5, 0x47, 0xb6, 0x6d, 0x53, 0xde, 0xac,
|
||||
0x97, 0x74, 0x24, 0x57, 0xcc, 0x05, 0x93, 0xfd,
|
||||
0x52, 0x35, 0x29, 0xd5, 0xe0, 0xfa, 0x23, 0x0d,
|
||||
0xd7, 0xaa, 0x8b, 0x07, 0x4b, 0xf6, 0x64, 0xc7,
|
||||
0xad, 0x3c, 0xa1, 0xb5, 0xc5, 0x70, 0xaf, 0x46,
|
||||
0xfe, 0x9a, 0x82, 0x4d, 0x75, 0xb8, 0x6d
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
* Security Key By Yubico
|
||||
* 5.1.X
|
||||
@@ -2135,6 +2549,13 @@ valid_tpm_es256_cred(bool xfail)
|
||||
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
|
||||
assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK);
|
||||
assert(fido_cred_set_attstmt(c, attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == FIDO_OK);
|
||||
assert(fido_cred_x5c_list_count(c) == 2);
|
||||
assert(fido_cred_x5c_list_len(c, 0) == sizeof(x509_0_tpm_es256));
|
||||
assert(memcmp(fido_cred_x5c_list_ptr(c, 0), x509_0_tpm_es256, sizeof(x509_0_tpm_es256)) == 0);
|
||||
assert(fido_cred_x5c_list_len(c, 1) == sizeof(x509_1_tpm_es256));
|
||||
assert(memcmp(fido_cred_x5c_list_ptr(c, 1), x509_1_tpm_es256, sizeof(x509_1_tpm_es256)) == 0);
|
||||
assert(fido_cred_x5c_list_len(c, 2) == 0);
|
||||
assert(fido_cred_x5c_list_ptr(c, 2) == NULL);
|
||||
// XXX: RHEL9 has deprecated SHA-1 for signing.
|
||||
assert(fido_cred_verify(c) == (xfail ? FIDO_ERR_INVALID_SIG : FIDO_OK));
|
||||
assert(fido_cred_prot(c) == 0);
|
||||
@@ -2147,6 +2568,61 @@ valid_tpm_es256_cred(bool xfail)
|
||||
free_cred(c);
|
||||
}
|
||||
|
||||
static void
|
||||
push_kv(cbor_item_t *map, const char *key, cbor_item_t *value)
|
||||
{
|
||||
struct cbor_pair kv;
|
||||
cbor_item_t *tmp;
|
||||
|
||||
memset(&kv, 0, sizeof(kv));
|
||||
assert(map != NULL && key != NULL && value != NULL);
|
||||
assert((tmp = cbor_build_string(key)) != NULL);
|
||||
/* XXX transfers ownership */
|
||||
kv.key = cbor_move(tmp);
|
||||
kv.value = cbor_move(value);
|
||||
assert(cbor_map_add(map, kv));
|
||||
}
|
||||
|
||||
static void
|
||||
attestation_object(void)
|
||||
{
|
||||
struct cbor_load_result cbor;
|
||||
unsigned char *attobj = NULL;
|
||||
size_t len, alloclen = 0;
|
||||
cbor_item_t *map;
|
||||
fido_cred_t *c;
|
||||
|
||||
assert((map = cbor_new_definite_map(3)) != NULL);
|
||||
push_kv(map, "fmt", cbor_build_string("tpm"));
|
||||
push_kv(map, "attStmt", cbor_load(attstmt_tpm_es256,
|
||||
sizeof(attstmt_tpm_es256), &cbor));
|
||||
push_kv(map, "authData", cbor_load(authdata_tpm_es256,
|
||||
sizeof(authdata_tpm_es256), &cbor));
|
||||
assert((len = cbor_serialize_alloc(map, &attobj, &alloclen)));
|
||||
cbor_decref(&map);
|
||||
|
||||
c = alloc_cred();
|
||||
assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK);
|
||||
assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK);
|
||||
assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK);
|
||||
assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK);
|
||||
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
|
||||
assert(fido_cred_set_attobj(c, attobj, len) == FIDO_OK);
|
||||
assert(strcmp(fido_cred_fmt(c), "tpm") == 0);
|
||||
assert(fido_cred_attstmt_len(c) == sizeof(attstmt_tpm_es256));
|
||||
assert(memcmp(fido_cred_attstmt_ptr(c), attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == 0);
|
||||
assert(fido_cred_authdata_len(c) == sizeof(authdata_tpm_es256));
|
||||
assert(memcmp(fido_cred_authdata_ptr(c), authdata_tpm_es256, sizeof(authdata_tpm_es256)) == 0);
|
||||
assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm_es256));
|
||||
assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm_es256, sizeof(pubkey_tpm_es256)) == 0);
|
||||
assert(fido_cred_id_len(c) == sizeof(id_tpm_es256));
|
||||
assert(memcmp(fido_cred_id_ptr(c), id_tpm_es256, sizeof(id_tpm_es256)) == 0);
|
||||
assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm));
|
||||
assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0);
|
||||
free_cred(c);
|
||||
free(attobj);
|
||||
}
|
||||
|
||||
int
|
||||
main(void)
|
||||
{
|
||||
@@ -2180,6 +2656,7 @@ main(void)
|
||||
fmt_none();
|
||||
valid_tpm_rs256_cred(xfail);
|
||||
valid_tpm_es256_cred(xfail);
|
||||
attestation_object();
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
+3
-5
@@ -151,8 +151,6 @@ endif()
|
||||
install(FILES fido.h DESTINATION include)
|
||||
install(DIRECTORY fido DESTINATION include)
|
||||
|
||||
if(NOT MSVC)
|
||||
configure_file(libfido2.pc.in libfido2.pc @ONLY)
|
||||
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc"
|
||||
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
|
||||
endif()
|
||||
configure_file(libfido2.pc.in libfido2.pc @ONLY)
|
||||
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc"
|
||||
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
|
||||
|
||||
@@ -57,6 +57,15 @@ bio_prepare_hmac(uint8_t cmd, cbor_item_t **argv, size_t argc,
|
||||
return (ok);
|
||||
}
|
||||
|
||||
static uint8_t
|
||||
bio_get_cmd(const fido_dev_t *dev)
|
||||
{
|
||||
if (dev->flags & (FIDO_DEV_BIO_SET|FIDO_DEV_BIO_UNSET))
|
||||
return (CTAP_CBOR_BIO_ENROLL);
|
||||
|
||||
return (CTAP_CBOR_BIO_ENROLL_PRE);
|
||||
}
|
||||
|
||||
static int
|
||||
bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc,
|
||||
const char *pin, const fido_blob_t *token, int *ms)
|
||||
@@ -66,7 +75,7 @@ bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc,
|
||||
fido_blob_t *ecdh = NULL;
|
||||
fido_blob_t f;
|
||||
fido_blob_t hmac;
|
||||
const uint8_t cmd = CTAP_CBOR_BIO_ENROLL_PRE;
|
||||
const uint8_t cmd = bio_get_cmd(dev);
|
||||
int r = FIDO_ERR_INTERNAL;
|
||||
|
||||
memset(&f, 0, sizeof(f));
|
||||
|
||||
+98
-7
@@ -1132,6 +1132,64 @@ decode_attcred(const unsigned char **buf, size_t *len, int cose_alg,
|
||||
return (ok);
|
||||
}
|
||||
|
||||
static int
|
||||
decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
|
||||
{
|
||||
fido_cred_t *cred = arg;
|
||||
char *name = NULL;
|
||||
int ok = -1;
|
||||
|
||||
if (cbor_string_copy(key, &name) < 0) {
|
||||
fido_log_debug("%s: cbor type", __func__);
|
||||
ok = 0; /* ignore */
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!strcmp(name, "fmt")) {
|
||||
if (cbor_decode_fmt(val, &cred->fmt) < 0) {
|
||||
fido_log_debug("%s: cbor_decode_fmt", __func__);
|
||||
goto fail;
|
||||
}
|
||||
} else if (!strcmp(name, "attStmt")) {
|
||||
if (cbor_decode_attstmt(val, &cred->attstmt) < 0) {
|
||||
fido_log_debug("%s: cbor_decode_attstmt", __func__);
|
||||
goto fail;
|
||||
}
|
||||
} else if (!strcmp(name, "authData")) {
|
||||
if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
|
||||
fido_log_debug("%s: fido_blob_decode", __func__);
|
||||
goto fail;
|
||||
}
|
||||
if (cbor_decode_cred_authdata(val, cred->type,
|
||||
&cred->authdata_cbor, &cred->authdata, &cred->attcred,
|
||||
&cred->authdata_ext) < 0) {
|
||||
fido_log_debug("%s: cbor_decode_cred_authdata",
|
||||
__func__);
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
ok = 0;
|
||||
fail:
|
||||
free(name);
|
||||
|
||||
return (ok);
|
||||
}
|
||||
|
||||
/* XXX introduce fido_attobj_t? */
|
||||
int
|
||||
cbor_decode_attobj(const cbor_item_t *item, fido_cred_t *cred)
|
||||
{
|
||||
if (cbor_isa_map(item) == false ||
|
||||
cbor_map_is_definite(item) == false ||
|
||||
cbor_map_iter(item, cred, decode_attobj) < 0) {
|
||||
fido_log_debug("%s: cbor type", __func__);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
decode_cred_extension(const cbor_item_t *key, const cbor_item_t *val, void *arg)
|
||||
{
|
||||
@@ -1386,12 +1444,47 @@ cbor_decode_assert_authdata(const cbor_item_t *item, fido_blob_t *authdata_cbor,
|
||||
static int
|
||||
decode_x5c(const cbor_item_t *item, void *arg)
|
||||
{
|
||||
fido_blob_t *x5c = arg;
|
||||
fido_blob_array_t *x5c = arg;
|
||||
fido_blob_t *list_ptr = NULL;
|
||||
fido_blob_t x5c_blob;
|
||||
|
||||
if (x5c->len)
|
||||
return (0); /* ignore */
|
||||
memset(&x5c_blob, 0, sizeof(x5c_blob));
|
||||
|
||||
return (fido_blob_decode(item, x5c));
|
||||
if (fido_blob_decode(item, &x5c_blob) < 0) {
|
||||
fido_log_debug("%s: fido_blob_decode", __func__);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if (x5c->len == SIZE_MAX) {
|
||||
fido_blob_reset(&x5c_blob);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
if ((list_ptr = recallocarray(x5c->ptr, x5c->len,
|
||||
x5c->len + 1, sizeof(x5c_blob))) == NULL) {
|
||||
fido_blob_reset(&x5c_blob);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
list_ptr[x5c->len++] = x5c_blob;
|
||||
x5c->ptr = list_ptr;
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
decode_x5c_array(const cbor_item_t *item, fido_blob_array_t *arr)
|
||||
{
|
||||
if (arr->len) {
|
||||
fido_log_debug("%s: dup", __func__);
|
||||
return (-1);
|
||||
}
|
||||
if (cbor_isa_array(item) == false ||
|
||||
cbor_array_is_definite(item) == false) {
|
||||
fido_log_debug("%s: cbor", __func__);
|
||||
return (-1);
|
||||
}
|
||||
return (cbor_array_iter(item, arr, decode_x5c));
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -1427,9 +1520,7 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
|
||||
goto out;
|
||||
}
|
||||
} else if (!strcmp(name, "x5c")) {
|
||||
if (cbor_isa_array(val) == false ||
|
||||
cbor_array_is_definite(val) == false ||
|
||||
cbor_array_iter(val, &attstmt->x5c, decode_x5c) < 0) {
|
||||
if (decode_x5c_array(val, &attstmt->x5c)) {
|
||||
fido_log_debug("%s: x5c", __func__);
|
||||
goto out;
|
||||
}
|
||||
|
||||
+97
-11
@@ -284,15 +284,21 @@ verify_attstmt(const fido_blob_t *dgst, const fido_attstmt_t *attstmt)
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int ok = -1;
|
||||
|
||||
/* openssl needs ints */
|
||||
if (attstmt->x5c.len > INT_MAX) {
|
||||
if (!attstmt->x5c.len) {
|
||||
fido_log_debug("%s: x5c.len=%zu", __func__, attstmt->x5c.len);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* openssl needs ints */
|
||||
if (attstmt->x5c.ptr[0].len > INT_MAX) {
|
||||
fido_log_debug("%s: x5c[0].len=%zu", __func__,
|
||||
attstmt->x5c.ptr[0].len);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* fetch key from x509 */
|
||||
if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr,
|
||||
(int)attstmt->x5c.len)) == NULL ||
|
||||
if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr[0].ptr,
|
||||
(int)attstmt->x5c.ptr[0].len)) == NULL ||
|
||||
(cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
|
||||
(pkey = X509_get_pubkey(cert)) == NULL) {
|
||||
fido_log_debug("%s: x509 key", __func__);
|
||||
@@ -543,12 +549,21 @@ fido_cred_clean_attstmt(fido_attstmt_t *attstmt)
|
||||
fido_blob_reset(&attstmt->certinfo);
|
||||
fido_blob_reset(&attstmt->pubarea);
|
||||
fido_blob_reset(&attstmt->cbor);
|
||||
fido_blob_reset(&attstmt->x5c);
|
||||
fido_free_blob_array(&attstmt->x5c);
|
||||
fido_blob_reset(&attstmt->sig);
|
||||
|
||||
memset(attstmt, 0, sizeof(*attstmt));
|
||||
}
|
||||
|
||||
static void
|
||||
fido_cred_clean_attobj(fido_cred_t *cred)
|
||||
{
|
||||
free(cred->fmt);
|
||||
cred->fmt = NULL;
|
||||
fido_cred_clean_authdata(cred);
|
||||
fido_cred_clean_attstmt(&cred->attstmt);
|
||||
}
|
||||
|
||||
void
|
||||
fido_cred_reset_tx(fido_cred_t *cred)
|
||||
{
|
||||
@@ -576,10 +591,7 @@ fido_cred_reset_tx(fido_cred_t *cred)
|
||||
void
|
||||
fido_cred_reset_rx(fido_cred_t *cred)
|
||||
{
|
||||
free(cred->fmt);
|
||||
cred->fmt = NULL;
|
||||
fido_cred_clean_authdata(cred);
|
||||
fido_cred_clean_attstmt(&cred->attstmt);
|
||||
fido_cred_clean_attobj(cred);
|
||||
fido_blob_reset(&cred->largeblob_key);
|
||||
}
|
||||
|
||||
@@ -688,9 +700,30 @@ fido_cred_set_id(fido_cred_t *cred, const unsigned char *ptr, size_t len)
|
||||
int
|
||||
fido_cred_set_x509(fido_cred_t *cred, const unsigned char *ptr, size_t len)
|
||||
{
|
||||
if (fido_blob_set(&cred->attstmt.x5c, ptr, len) < 0)
|
||||
fido_blob_t x5c_blob;
|
||||
fido_blob_t *list_ptr = NULL;
|
||||
|
||||
memset(&x5c_blob, 0, sizeof(x5c_blob));
|
||||
fido_free_blob_array(&cred->attstmt.x5c);
|
||||
|
||||
if (fido_blob_set(&x5c_blob, ptr, len) < 0)
|
||||
return (FIDO_ERR_INVALID_ARGUMENT);
|
||||
|
||||
if (cred->attstmt.x5c.len == SIZE_MAX) {
|
||||
fido_blob_reset(&x5c_blob);
|
||||
return (FIDO_ERR_INVALID_ARGUMENT);
|
||||
}
|
||||
|
||||
if ((list_ptr = recallocarray(cred->attstmt.x5c.ptr,
|
||||
cred->attstmt.x5c.len, cred->attstmt.x5c.len + 1,
|
||||
sizeof(x5c_blob))) == NULL) {
|
||||
fido_blob_reset(&x5c_blob);
|
||||
return (FIDO_ERR_INTERNAL);
|
||||
}
|
||||
|
||||
list_ptr[cred->attstmt.x5c.len++] = x5c_blob;
|
||||
cred->attstmt.x5c.ptr = list_ptr;
|
||||
|
||||
return (FIDO_OK);
|
||||
}
|
||||
|
||||
@@ -736,6 +769,35 @@ fido_cred_set_attstmt(fido_cred_t *cred, const unsigned char *ptr, size_t len)
|
||||
return (r);
|
||||
}
|
||||
|
||||
int
|
||||
fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len)
|
||||
{
|
||||
cbor_item_t *item = NULL;
|
||||
struct cbor_load_result cbor;
|
||||
int r = FIDO_ERR_INVALID_ARGUMENT;
|
||||
|
||||
fido_cred_clean_attobj(cred);
|
||||
|
||||
if (ptr == NULL || len == 0)
|
||||
goto fail;
|
||||
|
||||
if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
|
||||
fido_log_debug("%s: cbor_load", __func__);
|
||||
goto fail;
|
||||
}
|
||||
if (cbor_decode_attobj(item, cred) != 0) {
|
||||
fido_log_debug("%s: cbor_decode_attobj", __func__);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
r = FIDO_OK;
|
||||
fail:
|
||||
if (item != NULL)
|
||||
cbor_decref(&item);
|
||||
|
||||
return (r);
|
||||
}
|
||||
|
||||
int
|
||||
fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
|
||||
{
|
||||
@@ -1030,15 +1092,39 @@ fido_cred_clientdata_hash_len(const fido_cred_t *cred)
|
||||
const unsigned char *
|
||||
fido_cred_x5c_ptr(const fido_cred_t *cred)
|
||||
{
|
||||
return (cred->attstmt.x5c.ptr);
|
||||
return (fido_cred_x5c_list_ptr(cred, 0));
|
||||
}
|
||||
|
||||
size_t
|
||||
fido_cred_x5c_len(const fido_cred_t *cred)
|
||||
{
|
||||
return (fido_cred_x5c_list_len(cred, 0));
|
||||
}
|
||||
|
||||
size_t
|
||||
fido_cred_x5c_list_count(const fido_cred_t *cred)
|
||||
{
|
||||
return (cred->attstmt.x5c.len);
|
||||
}
|
||||
|
||||
const unsigned char *
|
||||
fido_cred_x5c_list_ptr(const fido_cred_t *cred, size_t i)
|
||||
{
|
||||
if (i >= cred->attstmt.x5c.len)
|
||||
return (NULL);
|
||||
|
||||
return (cred->attstmt.x5c.ptr[i].ptr);
|
||||
}
|
||||
|
||||
size_t
|
||||
fido_cred_x5c_list_len(const fido_cred_t *cred, size_t i)
|
||||
{
|
||||
if (i >= cred->attstmt.x5c.len)
|
||||
return (0);
|
||||
|
||||
return (cred->attstmt.x5c.ptr[i].len);
|
||||
}
|
||||
|
||||
const unsigned char *
|
||||
fido_cred_sig_ptr(const fido_cred_t *cred)
|
||||
{
|
||||
|
||||
+10
-1
@@ -111,6 +111,15 @@ credman_prepare_hmac(uint8_t cmd, const void *body, cbor_item_t **param,
|
||||
return (ok);
|
||||
}
|
||||
|
||||
static uint8_t
|
||||
credman_get_cmd(const fido_dev_t *dev)
|
||||
{
|
||||
if (dev->flags & FIDO_DEV_CREDMAN)
|
||||
return (CTAP_CBOR_CRED_MGMT);
|
||||
|
||||
return (CTAP_CBOR_CRED_MGMT_PRE);
|
||||
}
|
||||
|
||||
static int
|
||||
credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin,
|
||||
const char *rp_id, fido_opt_t uv, int *ms)
|
||||
@@ -120,7 +129,7 @@ credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin,
|
||||
fido_blob_t hmac;
|
||||
es256_pk_t *pk = NULL;
|
||||
cbor_item_t *argv[4];
|
||||
const uint8_t cmd = CTAP_CBOR_CRED_MGMT_PRE;
|
||||
const uint8_t cmd = credman_get_cmd(dev);
|
||||
int r = FIDO_ERR_INTERNAL;
|
||||
|
||||
memset(&f, 0, sizeof(f));
|
||||
|
||||
@@ -46,16 +46,21 @@ fido_dev_set_option_flags(fido_dev_t *dev, const fido_cbor_info_t *info)
|
||||
if (strcmp(ptr[i], "clientPin") == 0) {
|
||||
dev->flags |= val[i] ?
|
||||
FIDO_DEV_PIN_SET : FIDO_DEV_PIN_UNSET;
|
||||
} else if (strcmp(ptr[i], "credMgmt") == 0 ||
|
||||
strcmp(ptr[i], "credentialMgmtPreview") == 0) {
|
||||
} else if (strcmp(ptr[i], "credMgmt") == 0) {
|
||||
if (val[i])
|
||||
dev->flags |= FIDO_DEV_CREDMAN;
|
||||
} else if (strcmp(ptr[i], "credentialMgmtPreview") == 0) {
|
||||
if (val[i])
|
||||
dev->flags |= FIDO_DEV_CREDMAN_PRE;
|
||||
} else if (strcmp(ptr[i], "uv") == 0) {
|
||||
dev->flags |= val[i] ?
|
||||
FIDO_DEV_UV_SET : FIDO_DEV_UV_UNSET;
|
||||
} else if (strcmp(ptr[i], "pinUvAuthToken") == 0) {
|
||||
if (val[i])
|
||||
dev->flags |= FIDO_DEV_TOKEN_PERMS;
|
||||
} else if (strcmp(ptr[i], "bioEnroll") == 0) {
|
||||
dev->flags |= val[i] ?
|
||||
FIDO_DEV_BIO_SET : FIDO_DEV_BIO_UNSET;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -538,7 +543,7 @@ fido_dev_supports_cred_prot(const fido_dev_t *dev)
|
||||
bool
|
||||
fido_dev_supports_credman(const fido_dev_t *dev)
|
||||
{
|
||||
return (dev->flags & FIDO_DEV_CREDMAN);
|
||||
return (dev->flags & (FIDO_DEV_CREDMAN|FIDO_DEV_CREDMAN_PRE));
|
||||
}
|
||||
|
||||
bool
|
||||
|
||||
@@ -169,6 +169,7 @@
|
||||
fido_cred_rp_id;
|
||||
fido_cred_rp_name;
|
||||
fido_cred_set_attstmt;
|
||||
fido_cred_set_attobj;
|
||||
fido_cred_set_authdata;
|
||||
fido_cred_set_authdata_raw;
|
||||
fido_cred_set_blob;
|
||||
@@ -196,6 +197,9 @@
|
||||
fido_cred_verify;
|
||||
fido_cred_verify_self;
|
||||
fido_cred_x5c_len;
|
||||
fido_cred_x5c_list_count;
|
||||
fido_cred_x5c_list_len;
|
||||
fido_cred_x5c_list_ptr;
|
||||
fido_cred_x5c_ptr;
|
||||
fido_dev_build;
|
||||
fido_dev_cancel;
|
||||
|
||||
@@ -167,6 +167,7 @@ _fido_cred_pubkey_ptr
|
||||
_fido_cred_rp_id
|
||||
_fido_cred_rp_name
|
||||
_fido_cred_set_attstmt
|
||||
_fido_cred_set_attobj
|
||||
_fido_cred_set_authdata
|
||||
_fido_cred_set_authdata_raw
|
||||
_fido_cred_set_blob
|
||||
@@ -194,6 +195,9 @@ _fido_cred_user_name
|
||||
_fido_cred_verify
|
||||
_fido_cred_verify_self
|
||||
_fido_cred_x5c_len
|
||||
_fido_cred_x5c_list_count
|
||||
_fido_cred_x5c_list_len
|
||||
_fido_cred_x5c_list_ptr
|
||||
_fido_cred_x5c_ptr
|
||||
_fido_dev_build
|
||||
_fido_dev_cancel
|
||||
|
||||
@@ -168,6 +168,7 @@ fido_cred_pubkey_ptr
|
||||
fido_cred_rp_id
|
||||
fido_cred_rp_name
|
||||
fido_cred_set_attstmt
|
||||
fido_cred_set_attobj
|
||||
fido_cred_set_authdata
|
||||
fido_cred_set_authdata_raw
|
||||
fido_cred_set_blob
|
||||
@@ -195,6 +196,9 @@ fido_cred_user_name
|
||||
fido_cred_verify
|
||||
fido_cred_verify_self
|
||||
fido_cred_x5c_len
|
||||
fido_cred_x5c_list_count
|
||||
fido_cred_x5c_list_len
|
||||
fido_cred_x5c_list_ptr
|
||||
fido_cred_x5c_ptr
|
||||
fido_dev_build
|
||||
fido_dev_cancel
|
||||
|
||||
+14
-10
@@ -58,6 +58,7 @@ cbor_item_t *es256_pk_encode(const es256_pk_t *, int);
|
||||
|
||||
/* cbor decoding functions */
|
||||
int cbor_decode_attstmt(const cbor_item_t *, fido_attstmt_t *);
|
||||
int cbor_decode_attobj(const cbor_item_t *, fido_cred_t *);
|
||||
int cbor_decode_bool(const cbor_item_t *, bool *);
|
||||
int cbor_decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *,
|
||||
fido_authdata_t *, fido_attcred_t *, fido_cred_ext_t *);
|
||||
@@ -249,16 +250,19 @@ uint32_t uniform_random(uint32_t);
|
||||
#endif
|
||||
|
||||
/* internal device capability flags */
|
||||
#define FIDO_DEV_PIN_SET 0x001
|
||||
#define FIDO_DEV_PIN_UNSET 0x002
|
||||
#define FIDO_DEV_CRED_PROT 0x004
|
||||
#define FIDO_DEV_CREDMAN 0x008
|
||||
#define FIDO_DEV_PIN_PROTOCOL1 0x010
|
||||
#define FIDO_DEV_PIN_PROTOCOL2 0x020
|
||||
#define FIDO_DEV_UV_SET 0x040
|
||||
#define FIDO_DEV_UV_UNSET 0x080
|
||||
#define FIDO_DEV_TOKEN_PERMS 0x100
|
||||
#define FIDO_DEV_WINHELLO 0x200
|
||||
#define FIDO_DEV_PIN_SET 0x0001
|
||||
#define FIDO_DEV_PIN_UNSET 0x0002
|
||||
#define FIDO_DEV_CRED_PROT 0x0004
|
||||
#define FIDO_DEV_CREDMAN 0x0008
|
||||
#define FIDO_DEV_PIN_PROTOCOL1 0x0010
|
||||
#define FIDO_DEV_PIN_PROTOCOL2 0x0020
|
||||
#define FIDO_DEV_UV_SET 0x0040
|
||||
#define FIDO_DEV_UV_UNSET 0x0080
|
||||
#define FIDO_DEV_TOKEN_PERMS 0x0100
|
||||
#define FIDO_DEV_WINHELLO 0x0200
|
||||
#define FIDO_DEV_CREDMAN_PRE 0x0400
|
||||
#define FIDO_DEV_BIO_SET 0x0800
|
||||
#define FIDO_DEV_BIO_UNSET 0x1000
|
||||
|
||||
/* miscellanea */
|
||||
#define FIDO_DUMMY_CLIENTDATA ""
|
||||
|
||||
@@ -124,6 +124,7 @@ const unsigned char *fido_cred_pubkey_ptr(const fido_cred_t *);
|
||||
const unsigned char *fido_cred_sig_ptr(const fido_cred_t *);
|
||||
const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *);
|
||||
const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *);
|
||||
const unsigned char *fido_cred_x5c_list_ptr(const fido_cred_t *, size_t);
|
||||
|
||||
int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t);
|
||||
int fido_assert_empty_allow_list(fido_assert_t *);
|
||||
@@ -151,6 +152,7 @@ int fido_cred_empty_exclude_list(fido_cred_t *);
|
||||
int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t);
|
||||
int fido_cred_prot(const fido_cred_t *);
|
||||
int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t);
|
||||
int fido_cred_set_attobj(fido_cred_t *, const unsigned char *, size_t);
|
||||
int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t);
|
||||
int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t);
|
||||
int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t);
|
||||
@@ -226,6 +228,8 @@ size_t fido_cred_pubkey_len(const fido_cred_t *);
|
||||
size_t fido_cred_sig_len(const fido_cred_t *);
|
||||
size_t fido_cred_user_id_len(const fido_cred_t *);
|
||||
size_t fido_cred_x5c_len(const fido_cred_t *);
|
||||
size_t fido_cred_x5c_list_count(const fido_cred_t *);
|
||||
size_t fido_cred_x5c_list_len(const fido_cred_t *, size_t);
|
||||
|
||||
uint8_t fido_assert_flags(const fido_assert_t *, size_t);
|
||||
uint32_t fido_assert_sigcount(const fido_assert_t *, size_t);
|
||||
|
||||
@@ -53,6 +53,8 @@
|
||||
#define CTAP_CBOR_CLIENT_PIN 0x06
|
||||
#define CTAP_CBOR_RESET 0x07
|
||||
#define CTAP_CBOR_NEXT_ASSERT 0x08
|
||||
#define CTAP_CBOR_BIO_ENROLL 0x09
|
||||
#define CTAP_CBOR_CRED_MGMT 0x0a
|
||||
#define CTAP_CBOR_LARGEBLOB 0x0c
|
||||
#define CTAP_CBOR_CONFIG 0x0d
|
||||
#define CTAP_CBOR_BIO_ENROLL_PRE 0x40
|
||||
|
||||
+6
-6
@@ -140,12 +140,12 @@ typedef struct fido_attcred {
|
||||
} fido_attcred_t;
|
||||
|
||||
typedef struct fido_attstmt {
|
||||
fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */
|
||||
fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */
|
||||
fido_blob_t cbor; /* cbor-encoded attestation statement */
|
||||
fido_blob_t x5c; /* attestation certificate */
|
||||
fido_blob_t sig; /* attestation signature */
|
||||
int alg; /* attestation algorithm (cose) */
|
||||
fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */
|
||||
fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */
|
||||
fido_blob_t cbor; /* cbor-encoded attestation statement */
|
||||
fido_blob_array_t x5c; /* attestation certificate chain */
|
||||
fido_blob_t sig; /* attestation signature */
|
||||
int alg; /* attestation algorithm (cose) */
|
||||
} fido_attstmt_t;
|
||||
|
||||
typedef struct fido_rp {
|
||||
|
||||
+26
-10
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
|
||||
* Copyright (c) 2019-2024 Yubico AB. All rights reserved.
|
||||
* Use of this source code is governed by a BSD-style
|
||||
* license that can be found in the LICENSE file.
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -77,12 +77,13 @@ is_fido(const char *path)
|
||||
|
||||
static int
|
||||
parse_uevent(const char *uevent, int *bus, int16_t *vendor_id,
|
||||
int16_t *product_id)
|
||||
int16_t *product_id, char **hid_name)
|
||||
{
|
||||
char *cp;
|
||||
char *p;
|
||||
char *s;
|
||||
int ok = -1;
|
||||
bool found_id = false;
|
||||
bool found_name = false;
|
||||
short unsigned int x;
|
||||
short unsigned int y;
|
||||
short unsigned int z;
|
||||
@@ -91,20 +92,25 @@ parse_uevent(const char *uevent, int *bus, int16_t *vendor_id,
|
||||
return (-1);
|
||||
|
||||
while ((p = strsep(&cp, "\n")) != NULL && *p != '\0') {
|
||||
if (strncmp(p, "HID_ID=", 7) == 0) {
|
||||
if (!found_id && strncmp(p, "HID_ID=", 7) == 0) {
|
||||
if (sscanf(p + 7, "%hx:%hx:%hx", &x, &y, &z) == 3) {
|
||||
*bus = (int)x;
|
||||
*vendor_id = (int16_t)y;
|
||||
*product_id = (int16_t)z;
|
||||
ok = 0;
|
||||
break;
|
||||
found_id = true;
|
||||
}
|
||||
} else if (!found_name && strncmp(p, "HID_NAME=", 9) == 0) {
|
||||
if ((*hid_name = strdup(p + 9)) != NULL)
|
||||
found_name = true;
|
||||
}
|
||||
}
|
||||
|
||||
free(s);
|
||||
|
||||
return (ok);
|
||||
if (!found_name || !found_id)
|
||||
return (-1);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static char *
|
||||
@@ -137,6 +143,7 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
|
||||
char *uevent = NULL;
|
||||
struct udev_device *dev = NULL;
|
||||
int bus = 0;
|
||||
char *hid_name = NULL;
|
||||
int ok = -1;
|
||||
|
||||
memset(di, 0, sizeof(*di));
|
||||
@@ -148,7 +155,8 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
|
||||
goto fail;
|
||||
|
||||
if ((uevent = get_parent_attr(dev, "hid", NULL, "uevent")) == NULL ||
|
||||
parse_uevent(uevent, &bus, &di->vendor_id, &di->product_id) < 0) {
|
||||
parse_uevent(uevent, &bus, &di->vendor_id, &di->product_id,
|
||||
&hid_name) < 0) {
|
||||
fido_log_debug("%s: uevent", __func__);
|
||||
goto fail;
|
||||
}
|
||||
@@ -161,9 +169,16 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
|
||||
#endif
|
||||
|
||||
di->path = strdup(path);
|
||||
if ((di->manufacturer = get_usb_attr(dev, "manufacturer")) == NULL)
|
||||
di->manufacturer = get_usb_attr(dev, "manufacturer");
|
||||
di->product = get_usb_attr(dev, "product");
|
||||
|
||||
if (di->manufacturer == NULL && di->product == NULL) {
|
||||
di->product = hid_name; /* fallback */
|
||||
hid_name = NULL;
|
||||
}
|
||||
if (di->manufacturer == NULL)
|
||||
di->manufacturer = strdup("");
|
||||
if ((di->product = get_usb_attr(dev, "product")) == NULL)
|
||||
if (di->product == NULL)
|
||||
di->product = strdup("");
|
||||
if (di->path == NULL || di->manufacturer == NULL || di->product == NULL)
|
||||
goto fail;
|
||||
@@ -174,6 +189,7 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
|
||||
udev_device_unref(dev);
|
||||
|
||||
free(uevent);
|
||||
free(hid_name);
|
||||
|
||||
if (ok < 0) {
|
||||
free(di->path);
|
||||
|
||||
+3
-3
@@ -127,14 +127,14 @@ fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
|
||||
char path[64];
|
||||
size_t i;
|
||||
|
||||
if (devlist == NULL || olen == NULL)
|
||||
return (FIDO_ERR_INVALID_ARGUMENT);
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if (ilen == 0)
|
||||
return (FIDO_OK); /* nothing to do */
|
||||
|
||||
if (devlist == NULL || olen == NULL)
|
||||
return (FIDO_ERR_INVALID_ARGUMENT);
|
||||
|
||||
for (i = *olen = 0; i < MAX_UHID && *olen < ilen; i++) {
|
||||
snprintf(path, sizeof(path), "/dev/uhid%zu", i);
|
||||
if (copy_info(&devlist[*olen], path) == 0) {
|
||||
|
||||
+28
-14
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
|
||||
* Copyright (c) 2019-2023 Yubico AB. All rights reserved.
|
||||
* Use of this source code is governed by a BSD-style
|
||||
* license that can be found in the LICENSE file.
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -523,6 +523,21 @@ fido_hid_set_sigmask(void *handle, const fido_sigset_t *sigmask)
|
||||
return (FIDO_ERR_INTERNAL);
|
||||
}
|
||||
|
||||
static void
|
||||
schedule_io_loop(struct hid_osx *ctx, int ms)
|
||||
{
|
||||
IOHIDDeviceScheduleWithRunLoop(ctx->ref, CFRunLoopGetCurrent(),
|
||||
ctx->loop_id);
|
||||
|
||||
if (ms == -1)
|
||||
ms = 5000; /* wait 5 seconds by default */
|
||||
|
||||
CFRunLoopRunInMode(ctx->loop_id, (double)ms/1000.0, true);
|
||||
|
||||
IOHIDDeviceUnscheduleFromRunLoop(ctx->ref, CFRunLoopGetCurrent(),
|
||||
ctx->loop_id);
|
||||
}
|
||||
|
||||
int
|
||||
fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
|
||||
{
|
||||
@@ -537,20 +552,19 @@ fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
|
||||
return (-1);
|
||||
}
|
||||
|
||||
IOHIDDeviceScheduleWithRunLoop(ctx->ref, CFRunLoopGetCurrent(),
|
||||
ctx->loop_id);
|
||||
|
||||
if (ms == -1)
|
||||
ms = 5000; /* wait 5 seconds by default */
|
||||
|
||||
CFRunLoopRunInMode(ctx->loop_id, (double)ms/1000.0, true);
|
||||
|
||||
IOHIDDeviceUnscheduleFromRunLoop(ctx->ref, CFRunLoopGetCurrent(),
|
||||
ctx->loop_id);
|
||||
|
||||
/* check for pending frame */
|
||||
if ((r = read(ctx->report_pipe[0], buf, len)) == -1) {
|
||||
fido_log_error(errno, "%s: read", __func__);
|
||||
return (-1);
|
||||
if (errno != EAGAIN && errno != EWOULDBLOCK) {
|
||||
fido_log_error(errno, "%s: read", __func__);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
schedule_io_loop(ctx, ms);
|
||||
|
||||
if ((r = read(ctx->report_pipe[0], buf, len)) == -1) {
|
||||
fido_log_error(errno, "%s: read", __func__);
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
if (r < 0 || (size_t)r != len) {
|
||||
|
||||
@@ -131,12 +131,14 @@ encode_uv_permission(uint8_t cmd)
|
||||
case CTAP_CBOR_ASSERT:
|
||||
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_ASSERT));
|
||||
case CTAP_CBOR_BIO_ENROLL_PRE:
|
||||
case CTAP_CBOR_BIO_ENROLL:
|
||||
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_BIO));
|
||||
case CTAP_CBOR_CONFIG:
|
||||
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_CONFIG));
|
||||
case CTAP_CBOR_MAKECRED:
|
||||
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_MAKECRED));
|
||||
case CTAP_CBOR_CRED_MGMT_PRE:
|
||||
case CTAP_CBOR_CRED_MGMT:
|
||||
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_CRED_MGMT));
|
||||
case CTAP_CBOR_LARGEBLOB:
|
||||
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_LARGEBLOB));
|
||||
|
||||
@@ -10,55 +10,21 @@
|
||||
|
||||
#include "fido.h"
|
||||
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL
|
||||
static EVP_MD *
|
||||
rs1_get_EVP_MD(void)
|
||||
{
|
||||
const EVP_MD *from;
|
||||
EVP_MD *to = NULL;
|
||||
|
||||
if ((from = EVP_sha1()) != NULL && (to = malloc(sizeof(*to))) != NULL)
|
||||
memcpy(to, from, sizeof(*to));
|
||||
|
||||
return (to);
|
||||
}
|
||||
|
||||
static void
|
||||
rs1_free_EVP_MD(EVP_MD *md)
|
||||
{
|
||||
freezero(md, sizeof(*md));
|
||||
}
|
||||
#elif OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||
static EVP_MD *
|
||||
rs1_get_EVP_MD(void)
|
||||
{
|
||||
return (EVP_MD_fetch(NULL, "SHA-1", NULL));
|
||||
}
|
||||
|
||||
static void
|
||||
rs1_free_EVP_MD(EVP_MD *md)
|
||||
{
|
||||
EVP_MD_free(md);
|
||||
}
|
||||
#if defined(__GNUC__)
|
||||
#define PRAGMA(s) _Pragma(s)
|
||||
#else
|
||||
#define PRAGMA(s)
|
||||
#endif
|
||||
|
||||
static EVP_MD *
|
||||
rs1_get_EVP_MD(void)
|
||||
{
|
||||
const EVP_MD *md;
|
||||
|
||||
if ((md = EVP_sha1()) == NULL)
|
||||
return (NULL);
|
||||
|
||||
return (EVP_MD_meth_dup(md));
|
||||
PRAGMA("GCC diagnostic push")
|
||||
PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"")
|
||||
return ((EVP_MD *)EVP_sha1());
|
||||
PRAGMA("GCC diagnostic pop")
|
||||
}
|
||||
|
||||
static void
|
||||
rs1_free_EVP_MD(EVP_MD *md)
|
||||
{
|
||||
EVP_MD_meth_free(md);
|
||||
}
|
||||
#endif /* LIBRESSL_VERSION_NUMBER */
|
||||
|
||||
int
|
||||
rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
|
||||
const fido_blob_t *sig)
|
||||
@@ -94,7 +60,6 @@ rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
|
||||
ok = 0;
|
||||
fail:
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
rs1_free_EVP_MD(md);
|
||||
|
||||
return (ok);
|
||||
}
|
||||
|
||||
+9
-44
@@ -18,55 +18,21 @@
|
||||
#define get0_RSA(x) EVP_PKEY_get0((x))
|
||||
#endif
|
||||
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL
|
||||
static EVP_MD *
|
||||
rs256_get_EVP_MD(void)
|
||||
{
|
||||
const EVP_MD *from;
|
||||
EVP_MD *to = NULL;
|
||||
|
||||
if ((from = EVP_sha256()) != NULL && (to = malloc(sizeof(*to))) != NULL)
|
||||
memcpy(to, from, sizeof(*to));
|
||||
|
||||
return (to);
|
||||
}
|
||||
|
||||
static void
|
||||
rs256_free_EVP_MD(EVP_MD *md)
|
||||
{
|
||||
freezero(md, sizeof(*md));
|
||||
}
|
||||
#elif OPENSSL_VERSION_NUMBER >= 0x30000000
|
||||
static EVP_MD *
|
||||
rs256_get_EVP_MD(void)
|
||||
{
|
||||
return (EVP_MD_fetch(NULL, "SHA2-256", NULL));
|
||||
}
|
||||
|
||||
static void
|
||||
rs256_free_EVP_MD(EVP_MD *md)
|
||||
{
|
||||
EVP_MD_free(md);
|
||||
}
|
||||
#if defined(__GNUC__)
|
||||
#define PRAGMA(s) _Pragma(s)
|
||||
#else
|
||||
#define PRAGMA(s)
|
||||
#endif
|
||||
|
||||
static EVP_MD *
|
||||
rs256_get_EVP_MD(void)
|
||||
{
|
||||
const EVP_MD *md;
|
||||
|
||||
if ((md = EVP_sha256()) == NULL)
|
||||
return (NULL);
|
||||
|
||||
return (EVP_MD_meth_dup(md));
|
||||
PRAGMA("GCC diagnostic push")
|
||||
PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"")
|
||||
return ((EVP_MD *)EVP_sha256());
|
||||
PRAGMA("GCC diagnostic pop")
|
||||
}
|
||||
|
||||
static void
|
||||
rs256_free_EVP_MD(EVP_MD *md)
|
||||
{
|
||||
EVP_MD_meth_free(md);
|
||||
}
|
||||
#endif /* LIBRESSL_VERSION_NUMBER */
|
||||
|
||||
static int
|
||||
decode_bignum(const cbor_item_t *item, void *ptr, size_t len)
|
||||
{
|
||||
@@ -290,7 +256,6 @@ rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
|
||||
ok = 0;
|
||||
fail:
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
rs256_free_EVP_MD(md);
|
||||
|
||||
return (ok);
|
||||
}
|
||||
|
||||
+2
-48
@@ -739,50 +739,6 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred,
|
||||
return FIDO_OK;
|
||||
}
|
||||
|
||||
static int
|
||||
decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
|
||||
{
|
||||
fido_cred_t *cred = arg;
|
||||
char *name = NULL;
|
||||
int ok = -1;
|
||||
|
||||
if (cbor_string_copy(key, &name) < 0) {
|
||||
fido_log_debug("%s: cbor type", __func__);
|
||||
ok = 0; /* ignore */
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!strcmp(name, "fmt")) {
|
||||
if (cbor_decode_fmt(val, &cred->fmt) < 0) {
|
||||
fido_log_debug("%s: cbor_decode_fmt", __func__);
|
||||
goto fail;
|
||||
}
|
||||
} else if (!strcmp(name, "attStmt")) {
|
||||
if (cbor_decode_attstmt(val, &cred->attstmt) < 0) {
|
||||
fido_log_debug("%s: cbor_decode_attstmt", __func__);
|
||||
goto fail;
|
||||
}
|
||||
} else if (!strcmp(name, "authData")) {
|
||||
if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
|
||||
fido_log_debug("%s: fido_blob_decode", __func__);
|
||||
goto fail;
|
||||
}
|
||||
if (cbor_decode_cred_authdata(val, cred->type,
|
||||
&cred->authdata_cbor, &cred->authdata, &cred->attcred,
|
||||
&cred->authdata_ext) < 0) {
|
||||
fido_log_debug("%s: cbor_decode_cred_authdata",
|
||||
__func__);
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
ok = 0;
|
||||
fail:
|
||||
free(name);
|
||||
|
||||
return (ok);
|
||||
}
|
||||
|
||||
static int
|
||||
translate_winhello_cred(fido_cred_t *cred,
|
||||
const WEBAUTHN_CREDENTIAL_ATTESTATION *att)
|
||||
@@ -800,10 +756,8 @@ translate_winhello_cred(fido_cred_t *cred,
|
||||
fido_log_debug("%s: cbor_load", __func__);
|
||||
goto fail;
|
||||
}
|
||||
if (cbor_isa_map(item) == false ||
|
||||
cbor_map_is_definite(item) == false ||
|
||||
cbor_map_iter(item, cred, decode_attobj) < 0) {
|
||||
fido_log_debug("%s: cbor type", __func__);
|
||||
if (cbor_decode_attobj(item, cred) != 0) {
|
||||
fido_log_debug("%s: cbor_decode_attobj", __func__);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
||||
+5
-2
@@ -119,6 +119,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
|
||||
char *user_id = NULL;
|
||||
const char *type;
|
||||
const char *prot;
|
||||
int r = -1;
|
||||
|
||||
if ((cred = fido_credman_rk(rk, idx)) == NULL) {
|
||||
warnx("fido_credman_rk");
|
||||
@@ -128,7 +129,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
|
||||
&id) < 0 || base64_encode(fido_cred_user_id_ptr(cred),
|
||||
fido_cred_user_id_len(cred), &user_id) < 0) {
|
||||
warnx("output error");
|
||||
return -1;
|
||||
goto out;
|
||||
}
|
||||
|
||||
type = cose_string(fido_cred_type(cred));
|
||||
@@ -137,10 +138,12 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
|
||||
printf("%02u: %s %s %s %s %s\n", (unsigned)idx, id,
|
||||
fido_cred_display_name(cred), user_id, type, prot);
|
||||
|
||||
r = 0;
|
||||
out:
|
||||
free(user_id);
|
||||
free(id);
|
||||
|
||||
return 0;
|
||||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
@@ -169,6 +169,12 @@ print_maxcredcntlst(uint64_t maxcredcntlst)
|
||||
printf("maxcredcntlst: %d\n", (int)maxcredcntlst);
|
||||
}
|
||||
|
||||
static void
|
||||
print_maxcredblob(uint64_t maxcredblob)
|
||||
{
|
||||
printf("maxcredblob: %d\n", (int)maxcredblob);
|
||||
}
|
||||
|
||||
static void
|
||||
print_maxcredidlen(uint64_t maxcredidlen)
|
||||
{
|
||||
@@ -388,6 +394,9 @@ token_info(int argc, char **argv, char *path)
|
||||
/* print maximum length of a credential ID */
|
||||
print_maxcredidlen(fido_cbor_info_maxcredidlen(ci));
|
||||
|
||||
/* print maximum length of credBlob */
|
||||
print_maxcredblob(fido_cbor_info_maxcredbloblen(ci));
|
||||
|
||||
/* print maximum length of serialized largeBlob array */
|
||||
print_maxlargeblob(fido_cbor_info_maxlargeblob(ci));
|
||||
|
||||
|
||||
+12
-3
@@ -98,6 +98,13 @@ New-Item -Type Directory "${STAGE}\${LIBRESSL}" -Force
|
||||
New-Item -Type Directory "${STAGE}\${LIBCBOR}" -Force
|
||||
New-Item -Type Directory "${STAGE}\${ZLIB}" -Force
|
||||
|
||||
# Create GNUPGHOME with an empty common.conf to disable use-keyboxd.
|
||||
# Recent default is to enable keyboxd which in turn ignores --keyring
|
||||
# arguments.
|
||||
$GpgHome = "${BUILD}\.gnupg"
|
||||
New-Item -Type Directory "${GpgHome}" -Force
|
||||
New-Item -Type File "${GpgHome}\common.conf" -Force
|
||||
|
||||
# Create output directories.
|
||||
New-Item -Type Directory "${OUTPUT}" -Force
|
||||
New-Item -Type Directory "${OUTPUT}\${Arch}" -Force
|
||||
@@ -117,8 +124,9 @@ try {
|
||||
}
|
||||
|
||||
Copy-Item "$PSScriptRoot\libressl.gpg" -Destination "${BUILD}"
|
||||
& $GPG --list-keys
|
||||
& $GPG --quiet --no-default-keyring --keyring ./libressl.gpg `
|
||||
& $GPG --homedir ${GpgHome} --list-keys
|
||||
& $GPG --homedir ${GpgHome} --quiet --no-default-keyring `
|
||||
--keyring ./libressl.gpg `
|
||||
--verify .\${LIBRESSL}.tar.gz.asc .\${LIBRESSL}.tar.gz
|
||||
if ($LastExitCode -ne 0) {
|
||||
throw "GPG signature verification failed"
|
||||
@@ -144,8 +152,9 @@ Push-Location ${STAGE}\${LIBRESSL}
|
||||
try {
|
||||
& $CMake ..\..\..\${LIBRESSL} -A "${Arch}" `
|
||||
-DBUILD_SHARED_LIBS="${SHARED}" -DLIBRESSL_TESTS=OFF `
|
||||
-DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" `
|
||||
-DLIBRESSL_APPS=OFF -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" `
|
||||
-DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" `
|
||||
-DCMAKE_MSVC_RUNTIME_LIBRARY="${CMAKE_MSVC_RUNTIME_LIBRARY}" `
|
||||
-DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; `
|
||||
ExitOnError
|
||||
& $CMake --build . --config ${Config} --verbose; ExitOnError
|
||||
|
||||
+8
-8
@@ -1,24 +1,24 @@
|
||||
# Copyright (c) 2021-2023 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2021-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
||||
# LibreSSL coordinates.
|
||||
New-Variable -Name 'LIBRESSL_URL' `
|
||||
-Value 'https://cloudflare.cdn.openbsd.org/pub/OpenBSD/LibreSSL' `
|
||||
-Value 'https://ftp.openbsd.org/pub/OpenBSD/LibreSSL' `
|
||||
-Option Constant
|
||||
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.7.3' -Option Constant
|
||||
New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto-50' -Option Constant
|
||||
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.9.2' -Option Constant
|
||||
New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto' -Option Constant
|
||||
|
||||
# libcbor coordinates.
|
||||
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.10.2' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.10.2' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.11.0' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.11.0' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' `
|
||||
-Option Constant
|
||||
|
||||
# zlib coordinates.
|
||||
New-Variable -Name 'ZLIB' -Value 'zlib-1.3' -Option Constant
|
||||
New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.3' -Option Constant
|
||||
New-Variable -Name 'ZLIB' -Value 'zlib-1.3.1' -Option Constant
|
||||
New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.3.1' -Option Constant
|
||||
New-Variable -Name 'ZLIB_GIT' -Value 'https://github.com/madler/zlib' `
|
||||
-Option Constant
|
||||
|
||||
|
||||
+9
-2
@@ -38,6 +38,13 @@ Write-Host "GPG: $GPG"
|
||||
New-Item -Type Directory "${Cygwin}" -Force
|
||||
New-Item -Type Directory "${Root}" -Force
|
||||
|
||||
# Create GNUPGHOME with an empty common.conf to disable use-keyboxd.
|
||||
# Recent default is to enable keyboxd which in turn ignores --keyring
|
||||
# arguments.
|
||||
$GpgHome = "${Cygwin}\.gnupg"
|
||||
New-Item -Type Directory "${GpgHome}" -Force
|
||||
New-Item -Type File "${GpgHome}\common.conf" -Force
|
||||
|
||||
# Fetch and verify Cygwin.
|
||||
try {
|
||||
if (-Not (Test-Path ${Cygwin}\${Setup} -PathType leaf)) {
|
||||
@@ -48,8 +55,8 @@ try {
|
||||
Invoke-WebRequest ${URL}/${Setup}.sig `
|
||||
-OutFile ${Cygwin}\${Setup}.sig
|
||||
}
|
||||
& $GPG --list-keys
|
||||
& $GPG --quiet --no-default-keyring `
|
||||
& $GPG --homedir ${GpgHome} --list-keys
|
||||
& $GPG --homedir ${GpgHome} --quiet --no-default-keyring `
|
||||
--keyring ${PSScriptRoot}/cygwin.gpg `
|
||||
--verify ${Cygwin}\${Setup}.sig ${Cygwin}\${Setup}
|
||||
if ($LastExitCode -ne 0) {
|
||||
|
||||
+6
-8
@@ -1,4 +1,4 @@
|
||||
# Copyright (c) 2021-2022 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2021-2024 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
@@ -60,14 +60,12 @@ Function Package-PDBs(${SRC}, ${DEST}) {
|
||||
}
|
||||
|
||||
Function Package-StaticPDBs(${SRC}, ${DEST}) {
|
||||
# NOTE: original file names must be preserved
|
||||
Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" `
|
||||
"${DEST}\${CRYPTO_LIBRARIES}.pdb"
|
||||
Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" `
|
||||
"${DEST}\cbor.pdb"
|
||||
Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" `
|
||||
"${DEST}\zlib1.pdb"
|
||||
Copy-Item "${SRC}\src\${Config}\fido2_static.pdb" `
|
||||
"${DEST}\fido2.pdb"
|
||||
"${DEST}"
|
||||
Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" "${DEST}"
|
||||
Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" "${DEST}"
|
||||
Copy-Item "${SRC}\src\${Config}\fido2_static.pdb" "${DEST}"
|
||||
}
|
||||
|
||||
Function Package-Tools(${SRC}, ${DEST}) {
|
||||
|
||||
Reference in New Issue
Block a user