Vendor import of libfido2 1.15.0

Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste
2026-03-23 13:23:05 -04:00
parent e85dbcdab0
commit c06c65e030
59 changed files with 1416 additions and 327 deletions
+2 -2
View File
@@ -15,7 +15,7 @@ cat > "${MANIFEST}" <<- EOF
image: ${IMAGE}
packages:
- cmake
- llvm
- llvm${LLVM_VERSION:+%${LLVM_VERSION}}
- pcsc-lite
EOF
@@ -38,7 +38,7 @@ tasks:
else
SUDO=sudo
fi
SCAN="/usr/local/bin/scan-build --use-cc=/usr/bin/cc --status-bugs"
SCAN="/usr/local/bin/scan-build${LLVM_VERSION:+-${LLVM_VERSION}} --use-cc=/usr/bin/cc --status-bugs"
cd libfido2
for T in Debug Release; do
mkdir build-\$T
+3 -3
View File
@@ -1,6 +1,6 @@
#!/bin/sh -eux
# Copyright (c) 2022-2023 Yubico AB. All rights reserved.
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
@@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
EOF
# Build and install libcbor.
git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1
git clone --depth=1 https://github.com/pjk/libcbor -b v0.11.0
cd libcbor
mkdir build
(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
@@ -42,7 +42,7 @@ sudo make install_sw
cd ..
# Build and install zlib.
git clone --depth=1 https://github.com/madler/zlib -b v1.3
git clone --depth=1 https://github.com/madler/zlib -b v1.3.1
cd zlib
make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32-
sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \
+3 -3
View File
@@ -1,6 +1,6 @@
#!/bin/sh -eux
# Copyright (c) 2022 Yubico AB. All rights reserved.
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
@@ -12,8 +12,8 @@ FAKEROOT="$(mktemp -d)"
# Check exports.
(cd src && ./diff_exports.sh)
# Build and install OpenSSL 3.0.12.
git clone --branch openssl-3.0.12 \
# Build and install OpenSSL 3.0.14.
git clone --branch openssl-3.0.14 \
--depth=1 https://github.com/openssl/openssl
cd openssl
./Configure linux-x86_64-clang --prefix="${FAKEROOT}" \
+3 -3
View File
@@ -1,6 +1,6 @@
#!/bin/sh -eux
# Copyright (c) 2022 Yubico AB. All rights reserved.
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
@@ -8,8 +8,8 @@
${CC} --version
FAKEROOT="$(mktemp -d)"
# Build and install OpenSSL 3.0.12.
git clone --branch openssl-3.0.12 \
# Build and install OpenSSL 3.0.14.
git clone --branch openssl-3.0.14 \
--depth=1 https://github.com/openssl/openssl
cd openssl
./Configure linux-x86_64 --prefix="${FAKEROOT}" \
@@ -1,6 +1,6 @@
#!/bin/sh -eux
# Copyright (c) 2022-2023 Yubico AB. All rights reserved.
# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
@@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
EOF
# Build and install libcbor.
git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1
git clone --depth=1 https://github.com/pjk/libcbor -b v0.11.0
cd libcbor
mkdir build
(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
@@ -32,8 +32,8 @@ make -j"$(nproc)" -C build
sudo make -C build install
cd ..
# Build and install OpenSSL 3.0.11.
git clone --branch openssl-3.0.12 \
# Build and install OpenSSL 3.0.14.
git clone --branch openssl-3.0.14 \
--depth=1 https://github.com/openssl/openssl
cd openssl
./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \
@@ -43,7 +43,7 @@ sudo make install_sw
cd ..
# Build and install zlib.
git clone --depth=1 https://github.com/madler/zlib -b v1.3
git clone --depth=1 https://github.com/madler/zlib -b v1.3.1
cd zlib
make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32-
sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \
+7 -6
View File
@@ -1,18 +1,18 @@
#!/bin/sh -eux
# Copyright (c) 2020-2022 Yubico AB. All rights reserved.
# Copyright (c) 2020-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
LIBCBOR_URL="https://github.com/pjk/libcbor"
LIBCBOR_TAG="v0.10.2"
LIBCBOR_TAG="v0.11.0"
LIBCBOR_ASAN="address alignment bounds"
LIBCBOR_MSAN="memory"
OPENSSL_URL="https://github.com/openssl/openssl"
OPENSSL_TAG="openssl-3.0.12"
OPENSSL_TAG="openssl-3.0.14"
ZLIB_URL="https://github.com/madler/zlib"
ZLIB_TAG="v1.3"
ZLIB_TAG="v1.3.1"
ZLIB_ASAN="address alignment bounds undefined"
ZLIB_MSAN="memory"
FIDO2_ASAN="address bounds fuzzer-no-link implicit-conversion leak"
@@ -63,6 +63,7 @@ git clone --depth=1 "${OPENSSL_URL}" -b "${OPENSSL_TAG}"
cd openssl
./Configure linux-x86_64-clang "enable-$1" --prefix="${FAKEROOT}" \
--openssldir="${FAKEROOT}/openssl" --libdir=lib
make -j"$(nproc)" build_sw
make install_sw
cd -
@@ -71,7 +72,7 @@ git clone --depth=1 "${ZLIB_URL}" -b "${ZLIB_TAG}"
cd zlib
CFLAGS="${ZLIB_CFLAGS}" LDFLAGS="${ZLIB_CFLAGS}" ./configure \
--prefix="${FAKEROOT}"
make install
make -j"$(nproc)" install
cd -
# libfido2
@@ -87,7 +88,7 @@ mkdir corpus
curl -s https://storage.googleapis.com/yubico-libfido2/corpus.tgz |
tar -C corpus -zxf -
export UBSAN_OPTIONS ASAN_OPTIONS MSAN_OPTIONS
for f in assert bio cred credman hid largeblob mgmt netlink pcsc; do
for f in assert attobj bio cred credman hid largeblob mgmt netlink pcsc; do
build/fuzz/fuzz_${f} -use_value_profile=1 -reload=30 -print_pcs=1 \
-print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_${f}
done
+1 -1
View File
@@ -16,7 +16,7 @@ on:
jobs:
build:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
container: alpine:latest
strategy:
fail-fast: false
+4 -1
View File
@@ -18,7 +18,9 @@ jobs:
strategy:
fail-fast: false
matrix:
image: [freebsd/13.x, openbsd/7.2]
include:
- { image: freebsd/14.x }
- { image: openbsd/7.4, llvm_version: 16 }
steps:
- uses: actions/checkout@v4
- name: dependencies
@@ -27,6 +29,7 @@ jobs:
sudo apt install -q -y curl jq
- name: build
env:
LLVM_VERSION: ${{ matrix.llvm_version }}
IMAGE: ${{ matrix.image }}
SOURCEHUT_TOKEN: ${{ secrets.SOURCEHUT_TOKEN }}
run: ./.actions/build-bsd
+1 -1
View File
@@ -17,7 +17,7 @@ on:
jobs:
fuzzing:
if: github.repository == 'Yubico/libfido2'
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
+2 -2
View File
@@ -26,10 +26,10 @@ jobs:
- { os: ubuntu-22.04, cc: gcc-10 }
- { os: ubuntu-22.04, cc: gcc-11 }
- { os: ubuntu-22.04, cc: gcc-12 }
- { os: ubuntu-22.04, cc: clang-13 }
- { os: ubuntu-22.04, cc: clang-14 }
- { os: ubuntu-22.04, cc: clang-15 }
- { os: ubuntu-22.04, cc: clang-16 }
- { os: ubuntu-22.04, cc: clang-17 }
- { os: ubuntu-22.04, cc: clang-18 }
- { os: ubuntu-20.04, cc: i686-w64-mingw32-gcc-9 }
- { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 }
steps:
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
fail-fast: false
matrix:
os: [ ubuntu-22.04 ]
cc: [ clang-16 ]
cc: [ clang-18 ]
sanitizer: [ asan, msan ]
steps:
- uses: actions/checkout@v4
+3 -1
View File
@@ -20,11 +20,13 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ macos-13, macos-12 ]
os: [ macos-14, macos-13, macos-12 ]
cc: [ clang ]
steps:
- uses: actions/checkout@v4
- name: dependencies
env:
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1
run: brew install libcbor llvm mandoc openssl@3.0 pkg-config zlib
- name: build
env:
+2 -2
View File
@@ -22,9 +22,9 @@ jobs:
matrix:
include:
- os: ubuntu-22.04
cc: gcc-11
cc: gcc-12
- os: ubuntu-22.04
cc: clang-16
cc: clang-18
- os: ubuntu-22.04
cc: i686-w64-mingw32-gcc-10
steps:
+2 -2
View File
@@ -29,7 +29,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_COLOR_MAKEFILE OFF)
set(CMAKE_VERBOSE_MAKEFILE ON)
set(FIDO_MAJOR "1")
set(FIDO_MINOR "14")
set(FIDO_MINOR "15")
set(FIDO_PATCH "0")
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
@@ -484,7 +484,7 @@ endif()
if(BUILD_TOOLS)
add_subdirectory(tools)
endif()
if(BUILD_MANPAGES)
if(BUILD_MANPAGES AND NOT MSVC)
add_subdirectory(man)
endif()
+1 -1
View File
@@ -1,4 +1,4 @@
Copyright (c) 2018-2023 Yubico AB. All rights reserved.
Copyright (c) 2018-2024 Yubico AB. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
+15 -3
View File
@@ -1,12 +1,24 @@
* Version 1.15.0 (2024-06-13)
** 1.15.0 will be the last release to support OpenSSL 1.1.
** bio, credman: improved CTAP 2.1 support.
** hid_osx: fix issue where fido_hid_read() may block unnecessarily; gh#757.
** fido2-token -I: print maxcredbloblen.
** hid_linux: improved support for uhid devices.
** New API calls:
- fido_cred_set_attobj;
- fido_cred_x5c_list_count;
- fido_cred_x5c_list_len;
- fido_cred_x5c_list_ptr.
* Version 1.14.0 (2023-11-13)
** fido2-cred -M, fido2-token -G: support raw client data via -w flag.
** winhello: support U2F AppID extension for assertions.
** winhello: fix restrictive parsing of the hmac-secret on assertions.
** winhello: translate NTE_USER_CANCELLED to FIDO_ERR_OPERATION_DENIED; gh#685.
** New API calls:
** fido_assert_authdata_raw_len;
** fido_assert_authdata_raw_ptr;
** fido_assert_set_winhello_appid.
- fido_assert_authdata_raw_len;
- fido_assert_authdata_raw_ptr;
- fido_assert_set_winhello_appid.
* Version 1.13.0 (2023-02-20)
** Support for linking against OpenSSL on Windows; gh#668.
+1 -1
View File
@@ -38,7 +38,7 @@ is also available.
=== Releases
The current release of *libfido2* is 1.14.0. Signed release tarballs are
The current release of *libfido2* is 1.15.0. Signed release tarballs are
available at Yubico's
https://developers.yubico.com/libfido2/Releases[release page].
+1 -1
View File
@@ -2,4 +2,4 @@
To report security issues in libfido2, please contact security@yubico.com.
A PGP public key can be found at
https://www.yubico.com/support/security-advisories/issue-rating-system/.
https://www.yubico.com/support/issue-rating-system/.
+8 -1
View File
@@ -1,4 +1,4 @@
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
# Copyright (c) 2019-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
@@ -80,3 +80,10 @@ set_target_properties(fuzz_pcsc PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_pcsc fido2_shared)
# fuzz_attobj
add_executable(fuzz_attobj fuzz_attobj.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
set_target_properties(fuzz_attobj PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_attobj fido2_shared)
+1 -1
View File
@@ -10,7 +10,7 @@ RUN apk -q update
RUN apk add build-base clang clang-analyzer cmake compiler-rt coreutils
RUN apk add eudev-dev git linux-headers llvm openssl-dev pcsc-lite-dev
RUN apk add sudo tar zlib-dev
RUN git clone --branch v0.10.2 --depth=1 https://github.com/PJK/libcbor
RUN git clone --branch v0.11.0 --depth=1 https://github.com/PJK/libcbor
RUN git clone --depth=1 https://github.com/yubico/libfido2
WORKDIR /libfido2
RUN ./fuzz/build-coverage /libcbor /libfido2
+3 -3
View File
@@ -3,12 +3,12 @@
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
IMAGE := libfido2-coverage:1.14.0
IMAGE := libfido2-coverage:1.15.0
RUNNER := libfido2-runner
PROFDATA := llvm-profdata
COV := llvm-cov
TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_hid \
fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc
TARGETS := fuzz_assert fuzz_attobj fuzz_bio fuzz_cred fuzz_credman \
fuzz_hid fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc
CORPORA := $(foreach f,${TARGETS},${f}/corpus)
MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus)
REMOTE := gs://libfido2-corpus.clusterfuzz-external.appspot.com
+4
View File
@@ -166,6 +166,7 @@
fido_cred_rp_id;
fido_cred_rp_name;
fido_cred_set_attstmt;
fido_cred_set_attobj;
fido_cred_set_authdata;
fido_cred_set_authdata_raw;
fido_cred_set_blob;
@@ -193,6 +194,9 @@
fido_cred_verify;
fido_cred_verify_self;
fido_cred_x5c_len;
fido_cred_x5c_list_count;
fido_cred_x5c_list_len;
fido_cred_x5c_list_ptr;
fido_cred_x5c_ptr;
fido_dev_build;
fido_dev_cancel;
+43 -35
View File
@@ -122,7 +122,8 @@ fido_bio_info_free 6 0 100.00% 7 0
fido_bio_enroll_remaining_samples 1 0 100.00% 3 0 100.00%
fido_bio_enroll_last_status 1 0 100.00% 3 0 100.00%
bio.c:bio_get_template_array_wait 11 0 100.00% 7 0 100.00%
bio.c:bio_tx 43 0 100.00% 55 0 100.00%
bio.c:bio_tx 42 0 100.00% 55 0 100.00%
bio.c:bio_get_cmd 8 0 100.00% 5 0 100.00%
bio.c:bio_prepare_hmac 18 0 100.00% 29 0 100.00%
bio.c:bio_rx_template_array 19 0 100.00% 24 0 100.00%
bio.c:bio_parse_template_array 26 1 96.15% 27 4 85.19%
@@ -145,7 +146,7 @@ bio.c:bio_reset_template_array 4 0 100.00% 7 0
bio.c:bio_reset_template 1 0 100.00% 5 0 100.00%
bio.c:bio_reset_enroll 3 0 100.00% 6 0 100.00%
-----------------------------------------------------------------------------------------------------------------
TOTAL 451 20 95.57% 587 24 95.91%
TOTAL 458 20 95.63% 592 24 95.95%
File '/libfido2/src/blob.c':
Name Regions Miss Cover Lines Miss Cover
@@ -167,9 +168,9 @@ File '/libfido2/src/buf.c':
Name Regions Miss Cover Lines Miss Cover
-----------------------------------------------------------------------------------------------------------------
fido_buf_read 4 0 100.00% 8 0 100.00%
fido_buf_write 4 1 75.00% 8 1 87.50%
fido_buf_write 4 0 100.00% 8 0 100.00%
-----------------------------------------------------------------------------------------------------------------
TOTAL 8 1 87.50% 16 1 93.75%
TOTAL 8 0 100.00% 16 0 100.00%
File '/libfido2/src/cbor.c':
Name Regions Miss Cover Lines Miss Cover
@@ -200,6 +201,7 @@ cbor_encode_change_pin_auth 32 1 96.88% 36 3
cbor_encode_assert_ext 33 0 100.00% 32 0 100.00%
cbor_decode_fmt 13 0 100.00% 15 0 100.00%
cbor_decode_pubkey 26 1 96.15% 36 2 94.44%
cbor_decode_attobj 8 0 100.00% 9 0 100.00%
cbor_decode_cred_authdata 31 1 96.77% 35 3 91.43%
cbor_decode_assert_authdata 21 1 95.24% 32 3 90.62%
cbor_decode_attstmt 13 0 100.00% 16 0 100.00%
@@ -219,18 +221,20 @@ cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0
cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88%
cbor.c:get_cose_alg 46 0 100.00% 45 0 100.00%
cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00%
cbor.c:decode_attobj 23 0 100.00% 37 0 100.00%
cbor.c:decode_attcred 25 0 100.00% 44 0 100.00%
cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00%
cbor.c:decode_cred_extension 41 0 100.00% 45 0 100.00%
cbor.c:decode_assert_extensions 14 0 100.00% 23 0 100.00%
cbor.c:decode_assert_extension 19 0 100.00% 27 0 100.00%
cbor.c:decode_attstmt_entry 56 0 100.00% 51 0 100.00%
cbor.c:decode_x5c 4 0 100.00% 6 0 100.00%
cbor.c:decode_attstmt_entry 52 0 100.00% 49 0 100.00%
cbor.c:decode_x5c_array 9 1 88.89% 12 3 75.00%
cbor.c:decode_x5c 10 1 90.00% 22 3 86.36%
cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 100.00%
cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00%
cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00%
------------------------------------------------------------------------------------------------------------------
TOTAL 1070 12 98.88% 1258 28 97.77%
TOTAL 1112 14 98.74% 1330 34 97.44%
File '/libfido2/src/compress.c':
Name Regions Miss Cover Lines Miss Cover
@@ -269,14 +273,15 @@ fido_cred_verify 59 2 96.61% 75
fido_cred_verify_self 60 4 93.33% 87 7 91.95%
fido_cred_new 1 0 100.00% 3 0 100.00%
fido_cred_reset_tx 1 0 100.00% 18 0 100.00%
fido_cred_reset_rx 1 0 100.00% 7 0 100.00%
fido_cred_reset_rx 1 0 100.00% 4 0 100.00%
fido_cred_free 6 0 100.00% 9 0 100.00%
fido_cred_set_authdata 23 0 100.00% 28 0 100.00%
fido_cred_set_authdata_raw 25 0 100.00% 29 0 100.00%
fido_cred_set_id 6 0 100.00% 5 0 100.00%
fido_cred_set_x509 6 0 100.00% 5 0 100.00%
fido_cred_set_x509 14 2 85.71% 21 3 85.71%
fido_cred_set_sig 6 0 100.00% 5 0 100.00%
fido_cred_set_attstmt 20 0 100.00% 23 0 100.00%
fido_cred_set_attobj 17 0 100.00% 21 0 100.00%
fido_cred_exclude 14 2 85.71% 19 3 84.21%
fido_cred_empty_exclude_list 2 0 100.00% 5 0 100.00%
fido_cred_set_clientdata 12 12 0.00% 11 11 0.00%
@@ -299,6 +304,9 @@ fido_cred_clientdata_hash_ptr 1 0 100.00% 3
fido_cred_clientdata_hash_len 1 0 100.00% 3 0 100.00%
fido_cred_x5c_ptr 1 0 100.00% 3 0 100.00%
fido_cred_x5c_len 1 0 100.00% 3 0 100.00%
fido_cred_x5c_list_count 1 0 100.00% 3 0 100.00%
fido_cred_x5c_list_ptr 4 0 100.00% 5 0 100.00%
fido_cred_x5c_list_len 4 0 100.00% 5 0 100.00%
fido_cred_sig_ptr 1 0 100.00% 3 0 100.00%
fido_cred_sig_len 1 0 100.00% 3 0 100.00%
fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00%
@@ -330,11 +338,12 @@ cred.c:fido_dev_make_cred_rx 29 0 100.00% 32
cred.c:parse_makecred_reply 14 0 100.00% 27 0 100.00%
cred.c:check_extensions 2 0 100.00% 6 0 100.00%
cred.c:get_signed_hash_u2f 27 0 100.00% 27 0 100.00%
cred.c:verify_attstmt 25 2 92.00% 43 6 86.05%
cred.c:verify_attstmt 28 3 89.29% 48 10 79.17%
cred.c:fido_cred_clean_attobj 1 0 100.00% 6 0 100.00%
cred.c:fido_cred_clean_authdata 1 0 100.00% 8 0 100.00%
cred.c:fido_cred_clean_attstmt 1 0 100.00% 8 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 653 36 94.49% 853 39 95.43%
TOTAL 691 39 94.36% 911 46 94.95%
File '/libfido2/src/credman.c':
Name Regions Miss Cover Lines Miss Cover
@@ -360,7 +369,8 @@ fido_credman_rp_name 4 0 100.00% 5
fido_credman_rp_id_hash_len 4 0 100.00% 5 0 100.00%
fido_credman_rp_id_hash_ptr 4 0 100.00% 5 0 100.00%
credman.c:credman_get_metadata_wait 11 0 100.00% 8 0 100.00%
credman.c:credman_tx 36 0 100.00% 50 0 100.00%
credman.c:credman_tx 35 0 100.00% 50 0 100.00%
credman.c:credman_get_cmd 7 0 100.00% 5 0 100.00%
credman.c:credman_prepare_hmac 31 1 96.77% 50 2 96.00%
credman.c:credman_rx_metadata 19 0 100.00% 24 0 100.00%
credman.c:credman_parse_metadata 9 0 100.00% 17 0 100.00%
@@ -380,7 +390,7 @@ credman.c:credman_set_dev_rk_wait 11 0 100.00% 8
credman.c:credman_reset_rk 4 0 100.00% 9 0 100.00%
credman.c:credman_reset_rp 4 0 100.00% 12 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 422 10 97.63% 557 20 96.41%
TOTAL 428 10 97.66% 562 20 96.44%
File '/libfido2/src/dev.c':
Name Regions Miss Cover Lines Miss Cover
@@ -408,7 +418,7 @@ fido_dev_is_winhello 2 2 0.00% 3
fido_dev_supports_pin 3 0 100.00% 3 0 100.00%
fido_dev_has_pin 2 0 100.00% 3 0 100.00%
fido_dev_supports_cred_prot 2 0 100.00% 3 0 100.00%
fido_dev_supports_credman 2 0 100.00% 3 0 100.00%
fido_dev_supports_credman 3 0 100.00% 3 0 100.00%
fido_dev_supports_uv 3 0 100.00% 3 0 100.00%
fido_dev_has_uv 2 0 100.00% 3 0 100.00%
fido_dev_supports_permissions 2 0 100.00% 3 0 100.00%
@@ -424,10 +434,10 @@ dev.c:set_random_report_len 11 0 100.00% 6
dev.c:fido_dev_open_rx 36 1 97.22% 53 1 98.11%
dev.c:fido_dev_set_flags 1 0 100.00% 5 0 100.00%
dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 0 100.00%
dev.c:fido_dev_set_option_flags 31 0 100.00% 20 0 100.00%
dev.c:fido_dev_set_option_flags 42 0 100.00% 25 0 100.00%
dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 332 65 80.42% 378 80 78.84%
TOTAL 344 65 81.10% 383 80 79.11%
File '/libfido2/src/ecdh.c':
Name Regions Miss Cover Lines Miss Cover
@@ -547,14 +557,14 @@ fido_hid_read 15 15 0.00% 21 2
fido_hid_write 12 12 0.00% 17 17 0.00%
fido_hid_report_in_len 1 1 0.00% 4 4 0.00%
fido_hid_report_out_len 1 1 0.00% 4 4 0.00%
hid_linux.c:copy_info 34 0 100.00% 44 0 100.00%
hid_linux.c:copy_info 38 0 100.00% 53 0 100.00%
hid_linux.c:is_fido 15 1 93.33% 16 1 93.75%
hid_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00%
hid_linux.c:parse_uevent 12 0 100.00% 24 0 100.00%
hid_linux.c:parse_uevent 26 0 100.00% 29 0 100.00%
hid_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00%
hid_linux.c:get_report_descriptor 14 1 92.86% 17 3 82.35%
-------------------------------------------------------------------------------------------------------------------
TOTAL 184 73 60.33% 263 115 56.27%
TOTAL 202 73 63.86% 277 115 58.48%
File '/libfido2/src/hid_unix.c':
Name Regions Miss Cover Lines Miss Cover
@@ -758,17 +768,17 @@ nfc.c:nfc_do_tx 20 0 100.00% 25
nfc.c:tx_short_apdu 14 0 100.00% 32 0 100.00%
nfc.c:rx_init 25 0 100.00% 27 0 100.00%
nfc.c:rx_cbor 4 0 100.00% 6 0 100.00%
nfc.c:rx_msg 18 2 88.89% 23 6 73.91%
nfc.c:rx_apdu 14 1 92.86% 22 3 86.36%
nfc.c:rx_msg 18 1 94.44% 23 3 86.96%
nfc.c:rx_apdu 14 0 100.00% 22 0 100.00%
nfc.c:tx_get_response 4 0 100.00% 11 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 155 5 96.77% 244 15 93.85%
TOTAL 155 3 98.06% 244 9 96.31%
File '/libfido2/src/nfc_linux.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_nfc_manifest 35 7 80.00% 45 15 66.67%
fido_nfc_open 20 3 85.00% 23 4 82.61%
fido_nfc_open 20 2 90.00% 23 4 82.61%
fido_nfc_close 1 1 0.00% 4 4 0.00%
fido_nfc_set_sigmask 2 2 0.00% 6 6 0.00%
fido_nfc_read 14 14 0.00% 30 30 0.00%
@@ -778,10 +788,10 @@ nfc_linux.c:get_usb_attr 1 1 0.00% 3
nfc_linux.c:get_parent_attr 6 6 0.00% 9 9 0.00%
nfc_linux.c:sysnum_from_syspath 15 0 100.00% 17 0 100.00%
nfc_linux.c:nfc_new 6 0 100.00% 11 0 100.00%
nfc_linux.c:nfc_target_connect 9 9 0.00% 21 21 0.00%
nfc_linux.c:nfc_target_connect 9 6 33.33% 21 9 57.14%
nfc_linux.c:nfc_free 12 0 100.00% 11 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 172 77 55.23% 242 126 47.93%
TOTAL 172 73 57.56% 242 114 52.89%
File '/libfido2/src/pcsc.c':
Name Regions Miss Cover Lines Miss Cover
@@ -814,7 +824,7 @@ cbor_add_uv_params 17 0 100.00% 23
pin.c:uv_token_wait 14 2 85.71% 12 1 91.67%
pin.c:ctap21_uv_token_tx 49 0 100.00% 53 0 100.00%
pin.c:pin_sha256_enc 19 0 100.00% 24 0 100.00%
pin.c:encode_uv_permission 20 1 95.00% 19 3 84.21%
pin.c:encode_uv_permission 24 1 95.83% 21 3 85.71%
pin.c:ctap20_uv_token_tx 37 0 100.00% 45 0 100.00%
pin.c:uv_token_rx 27 0 100.00% 34 0 100.00%
pin.c:parse_uv_token 8 0 100.00% 10 0 100.00%
@@ -832,7 +842,7 @@ pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 7
pin.c:fido_dev_get_uv_retry_count_rx 19 0 100.00% 24 0 100.00%
pin.c:parse_uv_retry_count 1 0 100.00% 3 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 426 3 99.30% 514 4 99.22%
TOTAL 430 3 99.30% 516 4 99.22%
File '/libfido2/src/random.c':
Name Regions Miss Cover Lines Miss Cover
@@ -853,11 +863,10 @@ TOTAL 24 0 100.00% 23
File '/libfido2/src/rs1.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
rs1_verify_sig 20 2 90.00% 30 6 80.00%
rs1.c:rs1_get_EVP_MD 1 0 100.00% 3 0 100.00%
rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00%
rs1_verify_sig 20 1 95.00% 29 3 89.66%
rs1.c:rs1_get_EVP_MD 1 0 100.00% 6 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 22 2 90.91% 36 6 83.33%
TOTAL 21 1 95.24% 35 3 91.43%
File '/libfido2/src/rs256.c':
Name Regions Miss Cover Lines Miss Cover
@@ -869,14 +878,13 @@ rs256_pk_from_ptr 10 0 100.00% 12
rs256_pk_to_EVP_PKEY 35 0 100.00% 43 0 100.00%
rs256_pk_from_RSA 32 6 81.25% 26 9 65.38%
rs256_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00%
rs256_verify_sig 20 2 90.00% 30 5 83.33%
rs256_verify_sig 20 1 95.00% 29 2 93.10%
rs256_pk_verify_sig 7 1 85.71% 13 2 84.62%
rs256.c:decode_rsa_pubkey 9 0 100.00% 13 0 100.00%
rs256.c:decode_bignum 8 0 100.00% 10 0 100.00%
rs256.c:rs256_get_EVP_MD 1 0 100.00% 3 0 100.00%
rs256.c:rs256_free_EVP_MD 1 0 100.00% 3 0 100.00%
rs256.c:rs256_get_EVP_MD 1 0 100.00% 6 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 146 9 93.84% 179 16 91.06%
TOTAL 145 8 94.48% 178 13 92.70%
File '/libfido2/src/time.c':
Name Regions Miss Cover Lines Miss Cover
+333
View File
@@ -0,0 +1,333 @@
/*
* Copyright (c) 2024 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "mutator_aux.h"
#include "wiredata_fido2.h"
#include "wiredata_u2f.h"
#include "dummy.h"
#include "../openbsd-compat/openbsd-compat.h"
struct param {
int seed;
char rp_id[MAXSTR];
struct blob cdh;
struct blob attobj;
uint8_t type;
};
static const uint8_t dummy_attestation_object[] = {
0xa3, 0x63, 0x66, 0x6d, 0x74, 0x66, 0x70, 0x61,
0x63, 0x6b, 0x65, 0x64, 0x67, 0x61, 0x74, 0x74,
0x53, 0x74, 0x6d, 0x74, 0xa3, 0x63, 0x61, 0x6c,
0x67, 0x26, 0x63, 0x73, 0x69, 0x67, 0x58, 0x46,
0x30, 0x44, 0x02, 0x20, 0x54, 0x92, 0x28, 0x3b,
0x83, 0x33, 0x47, 0x56, 0x68, 0x79, 0xb2, 0x0c,
0x84, 0x80, 0xcc, 0x67, 0x27, 0x8b, 0xfa, 0x48,
0x43, 0x0d, 0x3c, 0xb4, 0x02, 0x36, 0x87, 0x97,
0x3e, 0xdf, 0x2f, 0x65, 0x02, 0x20, 0x1b, 0x56,
0x17, 0x06, 0xe2, 0x26, 0x0f, 0x6a, 0xe9, 0xa9,
0x70, 0x99, 0x62, 0xeb, 0x3a, 0x04, 0x1a, 0xc4,
0xa7, 0x03, 0x28, 0x56, 0x7c, 0xed, 0x47, 0x08,
0x68, 0x73, 0x6a, 0xb6, 0x89, 0x0d, 0x63, 0x78,
0x35, 0x63, 0x81, 0x59, 0x02, 0xe6, 0x30, 0x82,
0x02, 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55,
0x04, 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69,
0x63, 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54,
0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e,
0x17, 0x0d, 0x31, 0x34, 0x30, 0x35, 0x31, 0x35,
0x31, 0x32, 0x35, 0x38, 0x35, 0x34, 0x5a, 0x17,
0x0d, 0x31, 0x34, 0x30, 0x36, 0x31, 0x34, 0x31,
0x32, 0x35, 0x38, 0x35, 0x34, 0x5a, 0x30, 0x1d,
0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, 0x63,
0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, 0x65,
0x73, 0x74, 0x20, 0x45, 0x45, 0x30, 0x59, 0x30,
0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04,
0xdb, 0x0a, 0xdb, 0xf5, 0x21, 0xc7, 0x5c, 0xce,
0x63, 0xdc, 0xa6, 0xe1, 0xe8, 0x25, 0x06, 0x0d,
0x94, 0xe6, 0x27, 0x54, 0x19, 0x4f, 0x9d, 0x24,
0xaf, 0x26, 0x1a, 0xbe, 0xad, 0x99, 0x44, 0x1f,
0x95, 0xa3, 0x71, 0x91, 0x0a, 0x3a, 0x20, 0xe7,
0x3e, 0x91, 0x5e, 0x13, 0xe8, 0xbe, 0x38, 0x05,
0x7a, 0xd5, 0x7a, 0xa3, 0x7e, 0x76, 0x90, 0x8f,
0xaf, 0xe2, 0x8a, 0x94, 0xb6, 0x30, 0xeb, 0x9d,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
0x82, 0x02, 0x01, 0x00, 0x95, 0x40, 0x6b, 0x50,
0x61, 0x7d, 0xad, 0x84, 0xa3, 0xb4, 0xeb, 0x88,
0x0f, 0xe3, 0x30, 0x0f, 0x2d, 0xa2, 0x0a, 0x00,
0xd9, 0x25, 0x04, 0xee, 0x72, 0xfa, 0x67, 0xdf,
0x58, 0x51, 0x0f, 0x0b, 0x47, 0x02, 0x9c, 0x3e,
0x41, 0x29, 0x4a, 0x93, 0xac, 0x29, 0x85, 0x89,
0x2d, 0xa4, 0x7a, 0x81, 0x32, 0x28, 0x57, 0x71,
0x01, 0xef, 0xa8, 0x42, 0x88, 0x16, 0x96, 0x37,
0x91, 0xd5, 0xdf, 0xe0, 0x8f, 0xc9, 0x3c, 0x8d,
0xb0, 0xcd, 0x89, 0x70, 0x82, 0xec, 0x79, 0xd3,
0xc6, 0x78, 0x73, 0x29, 0x32, 0xe5, 0xab, 0x6c,
0xbd, 0x56, 0x9f, 0xd5, 0x45, 0x91, 0xce, 0xc1,
0xdd, 0x8d, 0x64, 0xdc, 0xe9, 0x9c, 0x1f, 0x5e,
0x3c, 0xd2, 0xaf, 0x51, 0xa5, 0x82, 0x18, 0xaf,
0xe0, 0x37, 0xe7, 0x32, 0x9e, 0x76, 0x05, 0x77,
0x02, 0x7b, 0xe6, 0x24, 0xa0, 0x31, 0x56, 0x1b,
0xfd, 0x19, 0xc5, 0x71, 0xd3, 0xf0, 0x9e, 0xc0,
0x73, 0x05, 0x4e, 0xbc, 0x85, 0xb8, 0x53, 0x9e,
0xef, 0xc5, 0xbc, 0x9c, 0x56, 0xa3, 0xba, 0xd9,
0x27, 0x6a, 0xbb, 0xa9, 0x7a, 0x40, 0xd7, 0x47,
0x8b, 0x55, 0x72, 0x6b, 0xe3, 0xfe, 0x28, 0x49,
0x71, 0x24, 0xf4, 0x8f, 0xf4, 0x20, 0x81, 0xea,
0x38, 0xff, 0x7c, 0x0a, 0x4f, 0xdf, 0x02, 0x82,
0x39, 0x81, 0x82, 0x3b, 0xca, 0x09, 0xdd, 0xca,
0xaa, 0x0f, 0x27, 0xf5, 0xa4, 0x83, 0x55, 0x6c,
0x9a, 0x39, 0x9b, 0x15, 0x3a, 0x16, 0x63, 0xdc,
0x5b, 0xf9, 0xac, 0x5b, 0xbc, 0xf7, 0x9f, 0xbe,
0x0f, 0x8a, 0xa2, 0x3c, 0x31, 0x13, 0xa3, 0x32,
0x48, 0xca, 0x58, 0x87, 0xf8, 0x7b, 0xa0, 0xa1,
0x0a, 0x6a, 0x60, 0x96, 0x93, 0x5f, 0x5d, 0x26,
0x9e, 0x63, 0x1d, 0x09, 0xae, 0x9a, 0x41, 0xe5,
0xbd, 0x08, 0x47, 0xfe, 0xe5, 0x09, 0x9b, 0x20,
0xfd, 0x12, 0xe2, 0xe6, 0x40, 0x7f, 0xba, 0x4a,
0x61, 0x33, 0x66, 0x0d, 0x0e, 0x73, 0xdb, 0xb0,
0xd5, 0xa2, 0x9a, 0x9a, 0x17, 0x0d, 0x34, 0x30,
0x85, 0x6a, 0x42, 0x46, 0x9e, 0xff, 0x34, 0x8f,
0x5f, 0x87, 0x6c, 0x35, 0xe7, 0xa8, 0x4d, 0x35,
0xeb, 0xc1, 0x41, 0xaa, 0x8a, 0xd2, 0xda, 0x19,
0xaa, 0x79, 0xa2, 0x5f, 0x35, 0x2c, 0xa0, 0xfd,
0x25, 0xd3, 0xf7, 0x9d, 0x25, 0x18, 0x2d, 0xfa,
0xb4, 0xbc, 0xbb, 0x07, 0x34, 0x3c, 0x8d, 0x81,
0xbd, 0xf4, 0xe9, 0x37, 0xdb, 0x39, 0xe9, 0xd1,
0x45, 0x5b, 0x20, 0x41, 0x2f, 0x2d, 0x27, 0x22,
0xdc, 0x92, 0x74, 0x8a, 0x92, 0xd5, 0x83, 0xfd,
0x09, 0xfb, 0x13, 0x9b, 0xe3, 0x39, 0x7a, 0x6b,
0x5c, 0xfa, 0xe6, 0x76, 0x9e, 0xe0, 0xe4, 0xe3,
0xef, 0xad, 0xbc, 0xfd, 0x42, 0x45, 0x9a, 0xd4,
0x94, 0xd1, 0x7e, 0x8d, 0xa7, 0xd8, 0x05, 0xd5,
0xd3, 0x62, 0xcf, 0x15, 0xcf, 0x94, 0x7d, 0x1f,
0x5b, 0x58, 0x20, 0x44, 0x20, 0x90, 0x71, 0xbe,
0x66, 0xe9, 0x9a, 0xab, 0x74, 0x32, 0x70, 0x53,
0x1d, 0x69, 0xed, 0x87, 0x66, 0xf4, 0x09, 0x4f,
0xca, 0x25, 0x30, 0xc2, 0x63, 0x79, 0x00, 0x3c,
0xb1, 0x9b, 0x39, 0x3f, 0x00, 0xe0, 0xa8, 0x88,
0xef, 0x7a, 0x51, 0x5b, 0xe7, 0xbd, 0x49, 0x64,
0xda, 0x41, 0x7b, 0x24, 0xc3, 0x71, 0x22, 0xfd,
0xd1, 0xd1, 0x20, 0xb3, 0x3f, 0x97, 0xd3, 0x97,
0xb2, 0xaa, 0x18, 0x1c, 0x9e, 0x03, 0x77, 0x7b,
0x5b, 0x7e, 0xf9, 0xa3, 0xa0, 0xd6, 0x20, 0x81,
0x2c, 0x38, 0x8f, 0x9d, 0x25, 0xde, 0xe9, 0xc8,
0xf5, 0xdd, 0x6a, 0x47, 0x9c, 0x65, 0x04, 0x5a,
0x56, 0xe6, 0xc2, 0xeb, 0xf2, 0x02, 0x97, 0xe1,
0xb9, 0xd8, 0xe1, 0x24, 0x76, 0x9f, 0x23, 0x62,
0x39, 0x03, 0x4b, 0xc8, 0xf7, 0x34, 0x07, 0x49,
0xd6, 0xe7, 0x4d, 0x9a, 0x68, 0x61, 0x75, 0x74,
0x68, 0x44, 0x61, 0x74, 0x61, 0x58, 0xc4, 0x49,
0x96, 0x0d, 0xe5, 0x88, 0x0e, 0x8c, 0x68, 0x74,
0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, 0x8f,
0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, 0x99,
0x5c, 0xf3, 0xba, 0x83, 0x1d, 0x97, 0x63, 0x41,
0x00, 0x00, 0x00, 0x00, 0xf8, 0xa0, 0x11, 0xf3,
0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11,
0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, 0x53, 0xfb,
0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, 0xfe, 0x47,
0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, 0xa8, 0xbf,
0x9d, 0xd6, 0x09, 0x6b, 0x5e, 0x7f, 0xe0, 0x0d,
0x51, 0x30, 0x85, 0x6a, 0xda, 0x68, 0x70, 0x85,
0xb0, 0xdb, 0x08, 0x0b, 0x83, 0x2c, 0xef, 0x44,
0xe2, 0x36, 0x88, 0xee, 0x76, 0x90, 0x6e, 0x7b,
0x50, 0x3e, 0x9a, 0xa0, 0xd6, 0x3c, 0x34, 0xe3,
0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, 0xa5, 0x01,
0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20,
0x17, 0x5b, 0x27, 0xa6, 0x56, 0xb2, 0x26, 0x0c,
0x26, 0x0c, 0x55, 0x42, 0x78, 0x17, 0x5d, 0x4c,
0xf8, 0xa2, 0xfd, 0x1b, 0xb9, 0x54, 0xdf, 0xd5,
0xeb, 0xbf, 0x22, 0x64, 0xf5, 0x21, 0x9a, 0xc6,
0x22, 0x58, 0x20, 0x87, 0x5f, 0x90, 0xe6, 0xfd,
0x71, 0x27, 0x9f, 0xeb, 0xe3, 0x03, 0x44, 0xbc,
0x8d, 0x49, 0xc6, 0x1c, 0x31, 0x3b, 0x72, 0xae,
0xd4, 0x53, 0xb1, 0xfe, 0x5d, 0xe1, 0x30, 0xfc,
0x2b, 0x1e, 0xd2
};
struct param *
unpack(const uint8_t *ptr, size_t len)
{
cbor_item_t *item = NULL, **v;
struct cbor_load_result cbor;
struct param *p;
int ok = -1;
if ((p = calloc(1, sizeof(*p))) == NULL ||
(item = cbor_load(ptr, len, &cbor)) == NULL ||
cbor.read != len ||
cbor_isa_array(item) == false ||
cbor_array_is_definite(item) == false ||
cbor_array_size(item) != 5 ||
(v = cbor_array_handle(item)) == NULL)
goto fail;
if (unpack_int(v[0], &p->seed) < 0 ||
unpack_string(v[1], p->rp_id) < 0 ||
unpack_blob(v[2], &p->cdh) < 0 ||
unpack_blob(v[3], &p->attobj) < 0 ||
unpack_byte(v[4], &p->type) < 0)
goto fail;
ok = 0;
fail:
if (ok < 0) {
free(p);
p = NULL;
}
if (item)
cbor_decref(&item);
return p;
}
size_t
pack(uint8_t *ptr, size_t len, const struct param *p)
{
cbor_item_t *argv[5], *array = NULL;
size_t cbor_alloc_len, cbor_len = 0;
unsigned char *cbor = NULL;
memset(argv, 0, sizeof(argv));
if ((array = cbor_new_definite_array(17)) == NULL ||
(argv[0] = pack_int(p->seed)) == NULL ||
(argv[1] = pack_string(p->rp_id)) == NULL ||
(argv[2] = pack_blob(&p->cdh)) == NULL ||
(argv[3] = pack_blob(&p->attobj)) == NULL ||
(argv[4] = pack_byte(p->type)) == NULL)
goto fail;
for (size_t i = 0; i < 5; i++)
if (cbor_array_push(array, argv[i]) == false)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
memcpy(ptr, cbor, cbor_len);
fail:
for (size_t i = 0; i < 5; i++)
if (argv[i])
cbor_decref(&argv[i]);
if (array)
cbor_decref(&array);
free(cbor);
return cbor_len;
}
size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));
dummy.type = 1;
strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id));
dummy.cdh.len = sizeof(dummy_cdh);
dummy.attobj.len = sizeof(dummy_attestation_object);
memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
memcpy(&dummy.attobj.body, dummy_attestation_object, dummy.attobj.len);
assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0);
if (blob_len > len) {
memcpy(ptr, blob, len);
return len;
}
memcpy(ptr, blob, blob_len);
return blob_len;
}
void
mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN
{
if (flags & MUTATE_SEED)
p->seed = (int)seed;
if (flags & MUTATE_PARAM) {
mutate_byte(&p->type);
p->attobj.len = sizeof(dummy_attestation_object);
memcpy(&p->attobj.body, &dummy_attestation_object,
p->attobj.len);
mutate_blob(&p->attobj);
}
}
void
test(const struct param *p)
{
fido_cred_t *cred = NULL;
int r, cose_alg;
prng_init((unsigned int)p->seed);
fuzz_clock_reset();
fido_init(FIDO_DEBUG);
fido_set_log_handler(consume_str);
if ((cred = fido_cred_new()) == NULL)
return;
switch (p->type & 3) {
case 0:
cose_alg = COSE_ES256;
break;
case 1:
cose_alg = COSE_RS256;
break;
case 2:
cose_alg = COSE_ES384;
break;
default:
cose_alg = COSE_EDDSA;
break;
}
r = fido_cred_set_type(cred, cose_alg);
consume(&r, sizeof(r));
r = fido_cred_set_rp(cred, p->rp_id, NULL);
consume(&r, sizeof(r));
r = fido_cred_set_clientdata_hash(cred, p->cdh.body, p->cdh.len);
consume(&r, sizeof(r));
r = fido_cred_set_attobj(cred, p->attobj.body, p->attobj.len);
consume(&r, sizeof(r));
consume_str(fido_cred_fmt(cred));
consume(fido_cred_attstmt_ptr(cred), fido_cred_attstmt_len(cred));
consume(fido_cred_authdata_ptr(cred), fido_cred_authdata_len(cred));
r = fido_cred_verify(cred);
consume(&r, sizeof(r));
fido_cred_free(&cred);
}
+5
View File
@@ -309,6 +309,11 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len,
if (fmt)
fido_cred_set_fmt(cred, fmt);
/* XXX +1 on purpose */
for (size_t i = 0; i < fido_cred_x5c_list_count(cred) + 1; i++)
consume(fido_cred_x5c_list_ptr(cred, i),
fido_cred_x5c_list_len(cred, i));
/* repeat memory operations to trigger reallocation paths */
if (fido_cred_set_authdata(cred, authdata_ptr, authdata_len) != FIDO_OK)
fido_cred_set_authdata_raw(cred, authdata_raw_ptr,
+1
View File
@@ -9,6 +9,7 @@
#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
+6
View File
@@ -135,12 +135,18 @@ void
mutate_byte(uint8_t *b)
{
LLVMFuzzerMutate(b, sizeof(*b), sizeof(*b));
#ifdef WITH_MSAN
__msan_unpoison(b, sizeof(*b));
#endif
}
void
mutate_int(int *i)
{
LLVMFuzzerMutate((uint8_t *)i, sizeof(*i), sizeof(*i));
#ifdef WITH_MSAN
__msan_unpoison(i, sizeof(*i));
#endif
}
void
BIN
View File
Binary file not shown.
+13 -13
View File
@@ -13,22 +13,22 @@ openbsd-compat/timingsafe_bcmp.c 4 0 100.00%
src/aes256.c 118 3 97.46% 8 0 100.00% 157 11 92.99%
src/assert.c 628 45 92.83% 63 4 93.65% 782 51 93.48%
src/authkey.c 52 0 100.00% 5 0 100.00% 66 0 100.00%
src/bio.c 451 20 95.57% 49 2 95.92% 587 24 95.91%
src/bio.c 458 20 95.63% 50 2 96.00% 592 24 95.95%
src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18%
src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75%
src/cbor.c 1070 12 98.88% 55 0 100.00% 1258 28 97.77%
src/buf.c 8 0 100.00% 2 0 100.00% 16 0 100.00%
src/cbor.c 1112 14 98.74% 58 0 100.00% 1330 34 97.44%
src/compress.c 105 14 86.67% 5 0 100.00% 122 24 80.33%
src/config.c 112 0 100.00% 11 0 100.00% 154 0 100.00%
src/cred.c 653 36 94.49% 70 2 97.14% 853 39 95.43%
src/credman.c 422 10 97.63% 40 0 100.00% 557 20 96.41%
src/dev.c 332 65 80.42% 41 6 85.37% 378 80 78.84%
src/cred.c 691 39 94.36% 75 2 97.33% 911 46 94.95%
src/credman.c 428 10 97.66% 41 0 100.00% 562 20 96.44%
src/dev.c 344 65 81.10% 41 6 85.37% 383 80 79.11%
src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58%
src/eddsa.c 88 5 94.32% 10 0 100.00% 114 9 92.11%
src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06%
src/es256.c 315 5 98.41% 19 0 100.00% 372 11 97.04%
src/es384.c 158 5 96.84% 11 0 100.00% 198 11 94.44%
src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93%
src/hid_linux.c 184 73 60.33% 14 7 50.00% 263 115 56.27%
src/hid_linux.c 202 73 63.86% 14 7 50.00% 277 115 58.48%
src/hid_unix.c 29 21 27.59% 2 0 100.00% 43 26 39.53%
src/info.c 232 0 100.00% 51 0 100.00% 409 0 100.00%
src/io.c 193 7 96.37% 13 0 100.00% 230 12 94.78%
@@ -36,14 +36,14 @@ src/iso7816.c 18 1 94.44%
src/largeblob.c 525 18 96.57% 30 0 100.00% 693 43 93.80%
src/log.c 39 5 87.18% 7 1 85.71% 63 7 88.89%
src/netlink.c 329 8 97.57% 40 0 100.00% 498 15 96.99%
src/nfc.c 155 5 96.77% 12 0 100.00% 244 15 93.85%
src/nfc_linux.c 172 77 55.23% 13 7 46.15% 242 126 47.93%
src/nfc.c 155 3 98.06% 12 0 100.00% 244 9 96.31%
src/nfc_linux.c 172 73 57.56% 13 6 53.85% 242 114 52.89%
src/pcsc.c 204 1 99.51% 13 0 100.00% 282 3 98.94%
src/pin.c 426 3 99.30% 26 0 100.00% 514 4 99.22%
src/pin.c 430 3 99.30% 26 0 100.00% 516 4 99.22%
src/random.c 6 0 100.00% 1 0 100.00% 6 0 100.00%
src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00%
src/rs1.c 22 2 90.91% 3 0 100.00% 36 6 83.33%
src/rs256.c 146 9 93.84% 13 0 100.00% 179 16 91.06%
src/rs1.c 21 1 95.24% 2 0 100.00% 35 3 91.43%
src/rs256.c 145 8 94.48% 12 0 100.00% 178 13 92.70%
src/time.c 43 3 93.02% 3 0 100.00% 43 2 95.35%
src/touch.c 67 0 100.00% 2 0 100.00% 79 0 100.00%
src/tpm.c 103 0 100.00% 9 0 100.00% 194 0 100.00%
@@ -61,4 +61,4 @@ src/fido.h 0 0 -
src/fido/err.h 0 0 - 0 0 - 0 0 -
src/fido/param.h 0 0 - 0 0 - 0 0 -
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL 8730 486 94.43% 742 29 96.09% 11357 769 93.23%
TOTAL 8855 482 94.56% 750 28 96.27% 11516 757 93.43%
+5 -1
View File
@@ -186,6 +186,9 @@ list(APPEND MAN_ALIAS
fido_cred_new fido_cred_user_id_ptr
fido_cred_new fido_cred_user_name
fido_cred_new fido_cred_x5c_len
fido_cred_new fido_cred_x5c_list_count
fido_cred_new fido_cred_x5c_list_len
fido_cred_new fido_cred_x5c_list_ptr
fido_cred_new fido_cred_x5c_ptr
fido_cred_verify fido_cred_verify_self
fido_credman_metadata_new fido_credman_del_dev_rk
@@ -208,6 +211,7 @@ list(APPEND MAN_ALIAS
fido_credman_metadata_new fido_credman_rp_new
fido_credman_metadata_new fido_credman_set_dev_rk
fido_cred_set_authdata fido_cred_set_attstmt
fido_cred_set_authdata fido_cred_set_attobj
fido_cred_set_authdata fido_cred_set_authdata_raw
fido_cred_set_authdata fido_cred_set_blob
fido_cred_set_authdata fido_cred_set_clientdata
@@ -393,7 +397,7 @@ if(GZIP_PATH)
install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.3.gz
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
endforeach()
elseif(NOT MSVC)
else()
add_dependencies(man man_symlink)
foreach(f ${MAN_SOURCES})
if (${f} MATCHES ".1$")
+42 -2
View File
@@ -1,4 +1,4 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
@@ -47,6 +47,8 @@
.Nm fido_cred_pubkey_ptr ,
.Nm fido_cred_sig_ptr ,
.Nm fido_cred_user_id_ptr ,
.Nm fido_cred_x5c_list_count ,
.Nm fido_cred_x5c_list_ptr ,
.Nm fido_cred_x5c_ptr ,
.Nm fido_cred_attstmt_ptr ,
.Nm fido_cred_authdata_len ,
@@ -58,6 +60,7 @@
.Nm fido_cred_pubkey_len ,
.Nm fido_cred_sig_len ,
.Nm fido_cred_user_id_len ,
.Nm fido_cred_x5c_list_len ,
.Nm fido_cred_x5c_len ,
.Nm fido_cred_attstmt_len ,
.Nm fido_cred_type ,
@@ -102,6 +105,10 @@
.Fn fido_cred_sig_ptr "const fido_cred_t *cred"
.Ft const unsigned char *
.Fn fido_cred_user_id_ptr "const fido_cred_t *cred"
.Ft size_t
.Fn fido_cred_x5c_list_count "const fido_cred_t *cred"
.Ft const unsigned char *
.Fn fido_cred_x5c_list_ptr "const fido_cred_t *cred" "size_t idx"
.Ft const unsigned char *
.Fn fido_cred_x5c_ptr "const fido_cred_t *cred"
.Ft const unsigned char *
@@ -125,6 +132,8 @@
.Ft size_t
.Fn fido_cred_user_id_len "const fido_cred_t *cred"
.Ft size_t
.Fn fido_cred_x5c_list_len "const fido_cred_t *cred" "size_t idx"
.Ft size_t
.Fn fido_cred_x5c_len "const fido_cred_t *cred"
.Ft size_t
.Fn fido_cred_attstmt_len "const fido_cred_t *cred"
@@ -246,7 +255,7 @@ and
functions return pointers to the CBOR-encoded and raw authenticator
data, client data hash, ID, authenticator attestation GUID,
.Dq largeBlobKey ,
public key, signature, user ID, x509 certificate, and attestation
public key, signature, user ID, x509 leaf certificate, and attestation
statement parts of
.Fa cred ,
or NULL if the respective entry is not set.
@@ -265,6 +274,37 @@ The corresponding length can be obtained by
and
.Fn fido_cred_attstmt_len .
.Pp
The
.Fn fido_cred_x5c_list_count
function returns the length of the x509 certificate chain in
.Fa cred
and the
.Fn fido_cred_x5c_list_ptr
and
.Fn fido_cred_x5c_list_len
functions return a pointer to and length of the x509 certificate at index
.Fa idx
respectively.
Please note that the leaf certificate has an
.Fa idx
(index) value of 0 and calling
.Fn fido_cred_x5c_list_ptr cred 0
and
.Fn fido_cred_x5c_list_len cred 0
is equivalent to
.Fn fido_cred_x5c_ptr cred
and
.Fn fido_cred_x5c_len cred
respectively.
If
.Fa idx
exceeds the return value of
.Fn fido_cred_x5c_list_count ,
.Fn fido_cred_x5c_list_ptr
returns NULL and
.Fn fido_cred_x5c_list_len
returns 0.
.Pp
The authenticator data, x509 certificate, and signature parts of a
credential are typically passed to a FIDO2 server for verification.
.Pp
+26 -2
View File
@@ -32,6 +32,7 @@
.Nm fido_cred_set_authdata ,
.Nm fido_cred_set_authdata_raw ,
.Nm fido_cred_set_attstmt ,
.Nm fido_cred_set_attobj ,
.Nm fido_cred_set_x509 ,
.Nm fido_cred_set_sig ,
.Nm fido_cred_set_id ,
@@ -64,6 +65,8 @@ typedef enum {
.Ft int
.Fn fido_cred_set_attstmt "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
.Ft int
.Fn fido_cred_set_attobj "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
.Ft int
.Fn fido_cred_set_x509 "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
.Ft int
.Fn fido_cred_set_sig "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
@@ -110,14 +113,15 @@ of its constituent parts, please refer to the Web Authentication
The
.Fn fido_cred_set_authdata ,
.Fn fido_cred_set_attstmt ,
.Fn fido_cred_set_attobj ,
.Fn fido_cred_set_x509 ,
.Fn fido_cred_set_sig ,
.Fn fido_cred_set_id ,
and
.Fn fido_cred_set_clientdata_hash
functions set the authenticator data, attestation statement,
attestation certificate, attestation signature, id, and client
data hash parts of
attestation object, attestation certificate, attestation signature,
id, and client data hash parts of
.Fa cred
to
.Fa ptr ,
@@ -157,6 +161,26 @@ The latter two are meant to be used in contexts where the
credential's complete attestation statement is not available or
required.
.Pp
The attestation object passed to
.Fn fido_cred_set_attobj
must be a CBOR-encoded map containing
.Dq authData ,
.Dq fmt ,
and
.Dq attStmt .
An application calling
.Fn fido_cred_set_attobj
does not need to call
.Fn fido_cred_set_fmt ,
.Fn fido_cred_set_attstmt ,
.Fn fido_cred_set_authdata ,
or
.Fn fido_cred_set_authdata_raw .
.Fn fido_cred_set_attobj
may be useful in applications interfacing with the WebAuthn API,
removing the need to first parse the attestation object to verify the
credential.
.Pp
The
.Fn fido_cred_set_clientdata
function allows an application to set the client data hash of
+477
View File
@@ -1365,6 +1365,420 @@ const unsigned char attstmt_tpm_es256[3841] = {
0x4e
};
const unsigned char x509_0_tpm_es256[1476] = {
0x30, 0x82, 0x05, 0xc0, 0x30, 0x82, 0x03, 0xa8,
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x30,
0xcd, 0xf2, 0x7e, 0x81, 0xc0, 0x43, 0x85, 0xa2,
0xd7, 0x29, 0xef, 0xf7, 0x9f, 0xa5, 0x2b, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x41,
0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04,
0x03, 0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53,
0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44,
0x2d, 0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34,
0x41, 0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37,
0x41, 0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30,
0x30, 0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31,
0x41, 0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36,
0x30, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x31,
0x31, 0x30, 0x32, 0x31, 0x35, 0x30, 0x36, 0x35,
0x33, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36,
0x30, 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36,
0x5a, 0x30, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02,
0x82, 0x01, 0x01, 0x00, 0xdb, 0xd5, 0x9a, 0xfc,
0x09, 0xa7, 0xc4, 0xa5, 0x5f, 0xbe, 0x5f, 0xa2,
0xeb, 0xd6, 0x8e, 0xed, 0xc5, 0x67, 0xa6, 0xa7,
0xd9, 0xb2, 0x46, 0xc6, 0xe0, 0xae, 0x0c, 0x02,
0x25, 0x0a, 0xf2, 0xc5, 0x96, 0xdc, 0xb7, 0x0e,
0xb9, 0x86, 0xd3, 0x51, 0xbb, 0x63, 0xf0, 0x4f,
0x8a, 0x5e, 0xd7, 0xf7, 0xff, 0xbb, 0x29, 0xbd,
0x58, 0xcf, 0x75, 0x02, 0x39, 0xcb, 0x80, 0xf1,
0xd4, 0xb6, 0x75, 0x67, 0x2f, 0x27, 0x4d, 0x0c,
0xcc, 0x18, 0x59, 0x87, 0xfa, 0x51, 0xd1, 0x80,
0xb5, 0x1a, 0xac, 0xac, 0x29, 0x51, 0xcf, 0x27,
0xaa, 0x74, 0xac, 0x3e, 0x59, 0x56, 0x67, 0xe4,
0x42, 0xe8, 0x30, 0x35, 0xb2, 0xf6, 0x27, 0x91,
0x62, 0x60, 0x42, 0x42, 0x12, 0xde, 0xfe, 0xdd,
0xee, 0xe8, 0xa8, 0x82, 0xf9, 0xb1, 0x08, 0xd5,
0x8d, 0x57, 0x9a, 0x29, 0xb9, 0xb4, 0xe9, 0x19,
0x1e, 0x33, 0x7d, 0x37, 0xa0, 0xce, 0x2e, 0x53,
0x13, 0x39, 0xb6, 0x12, 0x61, 0x63, 0xbf, 0xd3,
0x42, 0xeb, 0x6f, 0xed, 0xc1, 0x8e, 0x26, 0xba,
0x7d, 0x8b, 0x37, 0x7c, 0xbb, 0x42, 0x1e, 0x56,
0x76, 0xda, 0xdb, 0x35, 0x6b, 0x80, 0xe1, 0x8e,
0x00, 0xac, 0xd2, 0xfc, 0x22, 0x96, 0x14, 0x0c,
0xf4, 0xe4, 0xc5, 0xad, 0x14, 0xb7, 0x4d, 0x46,
0x63, 0x30, 0x79, 0x3a, 0x7c, 0x33, 0xb5, 0xe5,
0x2e, 0xbb, 0x5f, 0xca, 0xf2, 0x75, 0xe3, 0x4e,
0x99, 0x64, 0x1b, 0x26, 0x99, 0x60, 0x1a, 0x79,
0xcc, 0x30, 0x2c, 0xb3, 0x4c, 0x59, 0xf7, 0x77,
0x59, 0xd5, 0x90, 0x70, 0x21, 0x79, 0x8c, 0x1f,
0x79, 0x0a, 0x12, 0x8b, 0x3b, 0x37, 0x2d, 0x97,
0x39, 0x89, 0x92, 0x0c, 0x44, 0x7c, 0xe9, 0x9f,
0xce, 0x6d, 0xad, 0xc5, 0xae, 0xea, 0x8e, 0x50,
0x22, 0x37, 0xe0, 0xd1, 0x9e, 0xd6, 0xe6, 0xa8,
0xcc, 0x21, 0xfb, 0xff, 0x02, 0x03, 0x01, 0x00,
0x01, 0xa3, 0x82, 0x01, 0xf3, 0x30, 0x82, 0x01,
0xef, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07,
0x80, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30,
0x6d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01,
0xff, 0x04, 0x63, 0x30, 0x61, 0x30, 0x5f, 0x06,
0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37,
0x15, 0x1f, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02,
0x30, 0x44, 0x1e, 0x42, 0x00, 0x54, 0x00, 0x43,
0x00, 0x50, 0x00, 0x41, 0x00, 0x20, 0x00, 0x20,
0x00, 0x54, 0x00, 0x72, 0x00, 0x75, 0x00, 0x73,
0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20,
0x00, 0x20, 0x00, 0x50, 0x00, 0x6c, 0x00, 0x61,
0x00, 0x74, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x72,
0x00, 0x6d, 0x00, 0x20, 0x00, 0x20, 0x00, 0x49,
0x00, 0x64, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74,
0x00, 0x69, 0x00, 0x74, 0x00, 0x79, 0x30, 0x10,
0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x09, 0x30,
0x07, 0x06, 0x05, 0x67, 0x81, 0x05, 0x08, 0x03,
0x30, 0x59, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x01,
0x01, 0xff, 0x04, 0x4f, 0x30, 0x4d, 0xa4, 0x4b,
0x30, 0x49, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05,
0x67, 0x81, 0x05, 0x02, 0x01, 0x0c, 0x0b, 0x69,
0x64, 0x3a, 0x35, 0x33, 0x35, 0x34, 0x34, 0x44,
0x32, 0x30, 0x31, 0x17, 0x30, 0x15, 0x06, 0x05,
0x67, 0x81, 0x05, 0x02, 0x02, 0x0c, 0x0c, 0x53,
0x54, 0x33, 0x33, 0x48, 0x54, 0x50, 0x48, 0x41,
0x48, 0x42, 0x34, 0x31, 0x16, 0x30, 0x14, 0x06,
0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0c, 0x0b,
0x69, 0x64, 0x3a, 0x30, 0x30, 0x34, 0x39, 0x30,
0x30, 0x30, 0x34, 0x30, 0x1f, 0x06, 0x03, 0x55,
0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
0x45, 0x1a, 0xec, 0xfc, 0x91, 0x70, 0xf8, 0x83,
0x8b, 0x9c, 0x47, 0x2f, 0x0b, 0x9f, 0x07, 0xf3,
0x2f, 0x7c, 0xa2, 0x8a, 0x30, 0x1d, 0x06, 0x03,
0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55,
0xa6, 0xee, 0xe3, 0x28, 0xdd, 0x40, 0x7f, 0x21,
0xd2, 0x7b, 0x8c, 0x69, 0x2f, 0x8c, 0x08, 0x29,
0xbc, 0x95, 0xb8, 0x30, 0x81, 0xb2, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
0x04, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x81,
0x9f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
0x07, 0x30, 0x02, 0x86, 0x81, 0x92, 0x68, 0x74,
0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x7a, 0x63,
0x73, 0x70, 0x72, 0x6f, 0x64, 0x65, 0x75, 0x73,
0x61, 0x69, 0x6b, 0x70, 0x75, 0x62, 0x6c, 0x69,
0x73, 0x68, 0x2e, 0x62, 0x6c, 0x6f, 0x62, 0x2e,
0x63, 0x6f, 0x72, 0x65, 0x2e, 0x77, 0x69, 0x6e,
0x64, 0x6f, 0x77, 0x73, 0x2e, 0x6e, 0x65, 0x74,
0x2f, 0x65, 0x75, 0x73, 0x2d, 0x73, 0x74, 0x6d,
0x2d, 0x6b, 0x65, 0x79, 0x69, 0x64, 0x2d, 0x31,
0x61, 0x64, 0x62, 0x39, 0x39, 0x34, 0x61, 0x62,
0x35, 0x38, 0x62, 0x65, 0x35, 0x37, 0x61, 0x30,
0x63, 0x63, 0x39, 0x62, 0x39, 0x30, 0x30, 0x65,
0x37, 0x38, 0x35, 0x31, 0x65, 0x31, 0x61, 0x34,
0x33, 0x63, 0x30, 0x38, 0x36, 0x36, 0x30, 0x2f,
0x62, 0x36, 0x63, 0x30, 0x64, 0x39, 0x38, 0x64,
0x2d, 0x35, 0x37, 0x38, 0x61, 0x2d, 0x34, 0x62,
0x66, 0x62, 0x2d, 0x61, 0x32, 0x64, 0x33, 0x2d,
0x65, 0x64, 0x66, 0x65, 0x35, 0x66, 0x38, 0x32,
0x30, 0x36, 0x30, 0x31, 0x2e, 0x63, 0x65, 0x72,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
0x82, 0x02, 0x01, 0x00, 0x2a, 0x08, 0x30, 0x1f,
0xfd, 0x8f, 0x80, 0x9b, 0x4b, 0x37, 0x82, 0x61,
0x86, 0x36, 0x57, 0x90, 0xb5, 0x1d, 0x1f, 0xa3,
0xae, 0x68, 0xac, 0xa7, 0x96, 0x6a, 0x25, 0x5e,
0xc5, 0x82, 0x7c, 0x36, 0x64, 0x58, 0x11, 0xcb,
0xa5, 0xee, 0xbf, 0xc4, 0xdb, 0xa0, 0xc7, 0x82,
0x3b, 0xa3, 0x85, 0x9b, 0xc4, 0xee, 0x07, 0x36,
0xd7, 0xc7, 0xb6, 0x23, 0xed, 0xc2, 0x73, 0xab,
0xbe, 0xbe, 0xee, 0x63, 0x17, 0xf9, 0xd7, 0x7a,
0x23, 0x7b, 0xf8, 0x09, 0x7a, 0xaa, 0x7f, 0x67,
0xc3, 0x04, 0x84, 0x71, 0x9b, 0x06, 0x9c, 0x07,
0x42, 0x4b, 0x65, 0x41, 0x56, 0x58, 0x14, 0x92,
0xb0, 0xb9, 0xaf, 0xa1, 0x39, 0xd4, 0x08, 0x2d,
0x71, 0xd5, 0x6c, 0x56, 0xb9, 0x2b, 0x1e, 0xf3,
0x93, 0xa5, 0xe9, 0xb2, 0x9b, 0x4d, 0x05, 0x2b,
0xbc, 0xd2, 0x20, 0x57, 0x3b, 0xa4, 0x01, 0x68,
0x8c, 0x23, 0x20, 0x7d, 0xbb, 0x71, 0xe4, 0x2a,
0x24, 0xba, 0x75, 0x0c, 0x89, 0x54, 0x22, 0xeb,
0x0e, 0xb2, 0xf4, 0xc2, 0x1f, 0x02, 0xb7, 0xe3,
0x06, 0x41, 0x15, 0x6b, 0xf3, 0xc8, 0x2d, 0x5b,
0xc2, 0x21, 0x82, 0x3e, 0xe8, 0x95, 0x40, 0x39,
0x9e, 0x91, 0x68, 0x33, 0x0c, 0x3d, 0x45, 0xef,
0x99, 0x79, 0xe6, 0x32, 0xc9, 0x00, 0x84, 0x36,
0xfb, 0x0a, 0x8d, 0x41, 0x1c, 0x32, 0x64, 0x06,
0x9e, 0x0f, 0xb5, 0x04, 0xcc, 0x08, 0xb1, 0xb6,
0x2b, 0xcf, 0x36, 0x0f, 0x73, 0x14, 0x8e, 0x25,
0x44, 0xb3, 0x0c, 0x34, 0x14, 0x96, 0x0c, 0x8a,
0x65, 0xa1, 0xde, 0x8e, 0xc8, 0x9d, 0xbe, 0x66,
0xdf, 0x06, 0x91, 0xca, 0x15, 0x0f, 0x92, 0xd5,
0x2a, 0x0b, 0xdc, 0x4c, 0x6a, 0xf3, 0x16, 0x4a,
0x3e, 0xb9, 0x76, 0xbc, 0xfe, 0x62, 0xd4, 0xa8,
0xcd, 0x94, 0x78, 0x0d, 0xdd, 0x94, 0xfd, 0x5e,
0x63, 0x57, 0x27, 0x05, 0x9c, 0xd0, 0x80, 0x91,
0x91, 0x79, 0xe8, 0x5e, 0x18, 0x64, 0x22, 0xe4,
0x2c, 0x13, 0x65, 0xa4, 0x51, 0x5a, 0x1e, 0x3b,
0x71, 0x2e, 0x70, 0x9f, 0xc4, 0xa5, 0x20, 0xcd,
0xef, 0xd8, 0x3f, 0xa4, 0xf5, 0x89, 0x8a, 0xa5,
0x4f, 0x76, 0x2d, 0x49, 0x56, 0x00, 0x8d, 0xde,
0x40, 0xba, 0x24, 0x46, 0x51, 0x38, 0xad, 0xdb,
0xc4, 0x04, 0xf4, 0x6e, 0xc0, 0x29, 0x48, 0x07,
0x6a, 0x1b, 0x26, 0x32, 0x0a, 0xfb, 0xea, 0x71,
0x2a, 0x11, 0xfc, 0x98, 0x7c, 0x44, 0x87, 0xbc,
0x06, 0x3a, 0x4d, 0xbd, 0x91, 0x63, 0x4f, 0x26,
0x48, 0x54, 0x47, 0x1b, 0xbd, 0xf0, 0xf1, 0x56,
0x05, 0xc5, 0x0f, 0x8f, 0x20, 0xa5, 0xcc, 0xfb,
0x76, 0xb0, 0xbd, 0x83, 0xde, 0x7f, 0x39, 0x4f,
0xcf, 0x61, 0x74, 0x52, 0xa7, 0x1d, 0xf6, 0xb5,
0x5e, 0x4a, 0x82, 0x20, 0xc1, 0x94, 0xaa, 0x2c,
0x33, 0xd6, 0x0a, 0xf9, 0x8f, 0x92, 0xc6, 0x29,
0x80, 0xf5, 0xa2, 0xb1, 0xff, 0xb6, 0x2b, 0xaa,
0x04, 0x00, 0x72, 0xb4, 0x12, 0xbb, 0xb1, 0xf1,
0x3c, 0x88, 0xa3, 0xab, 0x49, 0x17, 0x90, 0x80,
0x59, 0xa2, 0x96, 0x41, 0x69, 0x74, 0x33, 0x8a,
0x28, 0x33, 0x7e, 0xb3, 0x19, 0x92, 0x28, 0xc1,
0xf0, 0xd1, 0x82, 0xd5, 0x42, 0xff, 0xe7, 0xa5,
0x3f, 0x1e, 0xb6, 0x4a, 0x23, 0xcc, 0x6a, 0x7f,
0x15, 0x15, 0x52, 0x25, 0xb1, 0xca, 0x21, 0x95,
0x11, 0x53, 0x3e, 0x1f, 0x50, 0x33, 0x12, 0x7a,
0x62, 0xce, 0xcc, 0x71, 0xc2, 0x5f, 0x34, 0x47,
0xc6, 0x7c, 0x71, 0xfa, 0xa0, 0x54, 0x00, 0xb2,
0xdf, 0xc5, 0x54, 0xac, 0x6c, 0x53, 0xef, 0x64,
0x6b, 0x08, 0x82, 0xd8, 0x16, 0x1e, 0xca, 0x40,
0xf3, 0x1f, 0xdf, 0x56, 0x63, 0x10, 0xbc, 0xd7,
0xa0, 0xeb, 0xee, 0xd1, 0x95, 0xe5, 0xef, 0xf1,
0x6a, 0x83, 0x2d, 0x5a
};
const unsigned char x509_1_tpm_es256[1775] = {
0x30, 0x82, 0x06, 0xeb, 0x30, 0x82, 0x04, 0xd3,
0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x33,
0x00, 0x00, 0x05, 0x23, 0xbf, 0xe8, 0xa1, 0x1a,
0x2a, 0x68, 0xbd, 0x09, 0x00, 0x00, 0x00, 0x00,
0x05, 0x23, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
0x00, 0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68,
0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64,
0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f,
0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04,
0x03, 0x13, 0x2d, 0x4d, 0x69, 0x63, 0x72, 0x6f,
0x73, 0x6f, 0x66, 0x74, 0x20, 0x54, 0x50, 0x4d,
0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65,
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x34,
0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36,
0x30, 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36,
0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36, 0x30,
0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36, 0x5a,
0x30, 0x41, 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03,
0x55, 0x04, 0x03, 0x13, 0x36, 0x45, 0x55, 0x53,
0x2d, 0x53, 0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59,
0x49, 0x44, 0x2d, 0x31, 0x41, 0x44, 0x42, 0x39,
0x39, 0x34, 0x41, 0x42, 0x35, 0x38, 0x42, 0x45,
0x35, 0x37, 0x41, 0x30, 0x43, 0x43, 0x39, 0x42,
0x39, 0x30, 0x30, 0x45, 0x37, 0x38, 0x35, 0x31,
0x45, 0x31, 0x41, 0x34, 0x33, 0x43, 0x30, 0x38,
0x36, 0x36, 0x30, 0x30, 0x82, 0x02, 0x22, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82,
0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02,
0x82, 0x02, 0x01, 0x00, 0xdb, 0x03, 0x34, 0x82,
0xfa, 0x81, 0x1c, 0x84, 0x0b, 0xa0, 0x0e, 0x60,
0xd8, 0x9d, 0x84, 0xf4, 0x81, 0xc4, 0xe9, 0xff,
0xcf, 0xe9, 0xa3, 0x57, 0x53, 0x60, 0xa8, 0x19,
0xce, 0xbe, 0xe1, 0x97, 0xee, 0x5d, 0x8c, 0x9f,
0xe4, 0xbd, 0xef, 0xbd, 0x94, 0x14, 0xe4, 0x74,
0x41, 0x02, 0xe9, 0x03, 0x19, 0x9f, 0xdd, 0x48,
0x2d, 0xbd, 0xca, 0x26, 0x47, 0x2c, 0x01, 0x31,
0x5f, 0x34, 0xef, 0x59, 0x35, 0x48, 0x36, 0x3d,
0x1e, 0xdf, 0xd8, 0x13, 0xf0, 0xd0, 0x67, 0xc1,
0xb0, 0x47, 0x67, 0xa2, 0xd6, 0x62, 0xc8, 0xe1,
0x00, 0x36, 0x8b, 0x45, 0xf6, 0x3b, 0x96, 0x60,
0xa0, 0x45, 0x26, 0xcb, 0xc7, 0x0b, 0x5b, 0x97,
0xd1, 0xaf, 0x54, 0x25, 0x7a, 0x67, 0xe4, 0x2a,
0xd8, 0x9d, 0x53, 0x05, 0xbd, 0x12, 0xac, 0xa2,
0x8e, 0x95, 0xb4, 0x2a, 0xca, 0x89, 0x93, 0x64,
0x97, 0x25, 0xdc, 0x1f, 0xa9, 0xe0, 0x55, 0x07,
0x38, 0x1d, 0xee, 0x02, 0x90, 0x22, 0xf5, 0xad,
0x4e, 0x5c, 0xf8, 0xc5, 0x1f, 0x9e, 0x84, 0x7e,
0x13, 0x47, 0x52, 0xa2, 0x36, 0xf9, 0xf6, 0xbf,
0x76, 0x9e, 0x0f, 0xdd, 0x14, 0x99, 0xb9, 0xd8,
0x5a, 0x42, 0x3d, 0xd8, 0xbf, 0xdd, 0xb4, 0x9b,
0xbf, 0x6a, 0x9f, 0x89, 0x13, 0x75, 0xaf, 0x96,
0xd2, 0x72, 0xdf, 0xb3, 0x80, 0x6f, 0x84, 0x1a,
0x9d, 0x06, 0x55, 0x09, 0x29, 0xea, 0xa7, 0x05,
0x31, 0xec, 0x47, 0x3a, 0xcf, 0x3f, 0x9c, 0x2c,
0xbd, 0xd0, 0x7d, 0xe4, 0x75, 0x5b, 0x33, 0xbe,
0x12, 0x86, 0x09, 0xcf, 0x66, 0x9a, 0xeb, 0xf8,
0xf8, 0x72, 0x91, 0x88, 0x4a, 0x5e, 0x89, 0x62,
0x6a, 0x94, 0xdc, 0x48, 0x37, 0x13, 0xd8, 0x91,
0x02, 0xe3, 0x42, 0x41, 0x7c, 0x2f, 0xe3, 0xb6,
0x0f, 0xb4, 0x96, 0x06, 0x80, 0xca, 0x28, 0x01,
0x6f, 0x4b, 0xcd, 0x28, 0xd4, 0x2c, 0x94, 0x7e,
0x40, 0x7e, 0xdf, 0x01, 0xe5, 0xf2, 0x33, 0xd4,
0xda, 0xf4, 0x1a, 0x17, 0xf7, 0x5d, 0xcb, 0x66,
0x2c, 0x2a, 0xeb, 0xe1, 0xb1, 0x4a, 0xc3, 0x85,
0x63, 0xb2, 0xac, 0xd0, 0x3f, 0x1a, 0x8d, 0xa5,
0x0c, 0xee, 0x4f, 0xde, 0x74, 0x9c, 0xe0, 0x5a,
0x10, 0xc7, 0xb8, 0xe4, 0xec, 0xe7, 0x73, 0xa6,
0x41, 0x42, 0x37, 0xe1, 0xdf, 0xb9, 0xc7, 0xb5,
0x14, 0xa8, 0x80, 0x95, 0xa0, 0x12, 0x67, 0x99,
0xf5, 0xba, 0x25, 0x0a, 0x74, 0x86, 0x71, 0x9c,
0x7f, 0x59, 0x97, 0xd2, 0x3f, 0x10, 0xfe, 0x6a,
0xb9, 0xe4, 0x47, 0x36, 0xfb, 0x0f, 0x50, 0xee,
0xfc, 0x87, 0x99, 0x7e, 0x36, 0x64, 0x1b, 0xc7,
0x13, 0xb3, 0x33, 0x18, 0x71, 0xa4, 0xc3, 0xb0,
0xfc, 0x45, 0x37, 0x11, 0x40, 0xb3, 0xde, 0x2c,
0x9f, 0x0a, 0xcd, 0xaf, 0x5e, 0xfb, 0xd5, 0x9c,
0xea, 0xd7, 0x24, 0x19, 0x3a, 0x92, 0x80, 0xa5,
0x63, 0xc5, 0x3e, 0xdd, 0x51, 0xd0, 0x9f, 0xb8,
0x5e, 0xd5, 0xf1, 0xfe, 0xa5, 0x93, 0xfb, 0x7f,
0xd9, 0xb8, 0xb7, 0x0e, 0x0d, 0x12, 0x71, 0xf0,
0x52, 0x9d, 0xe9, 0xd0, 0xd2, 0x8b, 0x38, 0x8b,
0x85, 0x83, 0x98, 0x24, 0x88, 0xe8, 0x42, 0x30,
0x83, 0x12, 0xef, 0x09, 0x96, 0x2f, 0x21, 0x81,
0x05, 0x30, 0x0c, 0xbb, 0xba, 0x21, 0x39, 0x16,
0x12, 0xe8, 0x4b, 0x7b, 0x7a, 0x66, 0xb8, 0x22,
0x2c, 0x71, 0xaf, 0x59, 0xa1, 0xfc, 0x61, 0xf1,
0xb4, 0x5e, 0xfc, 0x43, 0x19, 0x45, 0x6e, 0xa3,
0x45, 0xe4, 0xcb, 0x66, 0x5f, 0xe0, 0x57, 0xf6,
0x0a, 0x30, 0xa3, 0xd6, 0x51, 0x24, 0xc9, 0x07,
0x55, 0x82, 0x4a, 0x66, 0x0e, 0x9d, 0xb2, 0x2f,
0x84, 0x56, 0x6c, 0x3e, 0x71, 0xef, 0x9b, 0x35,
0x4d, 0x72, 0xdc, 0x46, 0x2a, 0xe3, 0x7b, 0x13,
0x20, 0xbf, 0xab, 0x77, 0x02, 0x03, 0x01, 0x00,
0x01, 0xa3, 0x82, 0x01, 0x8e, 0x30, 0x82, 0x01,
0x8a, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02,
0x84, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x1d, 0x25,
0x04, 0x14, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06,
0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x24, 0x06,
0x05, 0x67, 0x81, 0x05, 0x08, 0x03, 0x30, 0x16,
0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0f, 0x30,
0x0d, 0x30, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01,
0x04, 0x01, 0x82, 0x37, 0x15, 0x1f, 0x30, 0x12,
0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
0x0e, 0x04, 0x16, 0x04, 0x14, 0x45, 0x1a, 0xec,
0xfc, 0x91, 0x70, 0xf8, 0x83, 0x8b, 0x9c, 0x47,
0x2f, 0x0b, 0x9f, 0x07, 0xf3, 0x2f, 0x7c, 0xa2,
0x8a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7a, 0x8c,
0x0a, 0xce, 0x2f, 0x48, 0x62, 0x17, 0xe2, 0x94,
0xd1, 0xae, 0x55, 0xc1, 0x52, 0xec, 0x71, 0x74,
0xa4, 0x56, 0x30, 0x70, 0x06, 0x03, 0x55, 0x1d,
0x1f, 0x04, 0x69, 0x30, 0x67, 0x30, 0x65, 0xa0,
0x63, 0xa0, 0x61, 0x86, 0x5f, 0x68, 0x74, 0x74,
0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e,
0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b,
0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c,
0x2f, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
0x66, 0x74, 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d,
0x25, 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25,
0x32, 0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
0x69, 0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30,
0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
0x79, 0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x34,
0x2e, 0x63, 0x72, 0x6c, 0x30, 0x7d, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01,
0x04, 0x71, 0x30, 0x6f, 0x30, 0x6d, 0x06, 0x08,
0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02,
0x86, 0x61, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63,
0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63,
0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70,
0x73, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f,
0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
0x74, 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d, 0x25,
0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32,
0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30, 0x41,
0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x34, 0x2e,
0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x48,
0x24, 0x32, 0xe8, 0xd6, 0x38, 0xda, 0x65, 0xec,
0x1b, 0x18, 0x8e, 0x37, 0x07, 0xd5, 0x18, 0x5a,
0xc8, 0xb9, 0xbb, 0x24, 0x8a, 0x4d, 0xa1, 0x3c,
0x9e, 0x46, 0x76, 0xcf, 0xa5, 0xdf, 0xd7, 0x61,
0xba, 0x05, 0x89, 0x3c, 0x13, 0xc2, 0x1f, 0x71,
0xe3, 0xec, 0x5d, 0x54, 0x9e, 0xd9, 0x01, 0x5a,
0x10, 0x3b, 0x17, 0x75, 0xde, 0xa1, 0x45, 0xbf,
0x1d, 0x1b, 0x41, 0x21, 0x42, 0x68, 0x22, 0x6b,
0xbb, 0xcb, 0x11, 0x04, 0xd2, 0xae, 0x86, 0xcf,
0x73, 0x5a, 0xf2, 0x80, 0x18, 0x00, 0xf0, 0xd6,
0x6c, 0x5a, 0x1e, 0xb3, 0x4d, 0x30, 0x02, 0x4a,
0x6a, 0x03, 0x36, 0x42, 0xde, 0xb2, 0x52, 0x55,
0xff, 0x71, 0xeb, 0x7b, 0x8b, 0x55, 0x6c, 0xdf,
0x05, 0x35, 0x47, 0x70, 0x53, 0xfb, 0x6c, 0xba,
0x06, 0xb2, 0x61, 0x86, 0xdc, 0x2a, 0x64, 0x81,
0x24, 0x79, 0x46, 0x73, 0x04, 0x55, 0x59, 0xed,
0xd6, 0x06, 0x61, 0x15, 0xf9, 0x8d, 0x78, 0x39,
0x7b, 0x84, 0x7a, 0x40, 0x45, 0x13, 0x1a, 0x91,
0x71, 0x8f, 0xd1, 0x4f, 0x78, 0x10, 0x68, 0x9b,
0x15, 0x79, 0x3f, 0x79, 0x2d, 0x9b, 0xc7, 0x5d,
0xa3, 0xcf, 0xa9, 0x14, 0xb0, 0xc4, 0xdb, 0xa9,
0x45, 0x6a, 0x6e, 0x60, 0x45, 0x0b, 0x14, 0x25,
0xc7, 0x74, 0xd0, 0x36, 0xaf, 0xc5, 0xbd, 0x4f,
0x7b, 0xc0, 0x04, 0x43, 0x85, 0xbb, 0x06, 0x36,
0x77, 0x26, 0x02, 0x23, 0x0b, 0xf8, 0x57, 0x8f,
0x1f, 0x27, 0x30, 0x95, 0xff, 0x83, 0x23, 0x2b,
0x49, 0x33, 0x43, 0x62, 0x87, 0x5d, 0x27, 0x12,
0x1a, 0x68, 0x7b, 0xba, 0x2d, 0xf6, 0xed, 0x2c,
0x26, 0xb5, 0xbb, 0xe2, 0x6f, 0xc2, 0x61, 0x17,
0xfc, 0x72, 0x14, 0x57, 0x2c, 0x2c, 0x5a, 0x92,
0x13, 0x41, 0xc4, 0x7e, 0xb5, 0x64, 0x5b, 0x86,
0x57, 0x13, 0x14, 0xff, 0xf5, 0x04, 0xb9, 0x3d,
0x2d, 0xc3, 0xe9, 0x75, 0x1f, 0x68, 0x0b, 0xb5,
0x76, 0xe1, 0x7d, 0xe3, 0xb0, 0x14, 0xa8, 0x45,
0x05, 0x98, 0x81, 0x32, 0xc1, 0xf5, 0x49, 0x4d,
0x58, 0xa4, 0xee, 0xd8, 0x84, 0xba, 0x65, 0x07,
0x8d, 0xf7, 0x9a, 0xff, 0x7d, 0xa5, 0xbc, 0x9a,
0xed, 0x4a, 0x5d, 0xa4, 0x97, 0x4b, 0x4d, 0x31,
0x90, 0xb5, 0x7d, 0x28, 0x77, 0x25, 0x88, 0x1c,
0xbf, 0x78, 0x22, 0xb2, 0xb5, 0x5c, 0x9a, 0xc9,
0x63, 0x17, 0x96, 0xe9, 0xc2, 0x52, 0x30, 0xb8,
0x9b, 0x37, 0x69, 0x1a, 0x6a, 0x66, 0x76, 0x18,
0xac, 0xc0, 0x48, 0xee, 0x46, 0x5b, 0xbe, 0x6a,
0xd5, 0x72, 0x07, 0xdc, 0x7d, 0x05, 0xbe, 0x76,
0x7d, 0xa5, 0x5e, 0x53, 0xb5, 0x47, 0x80, 0x58,
0xf0, 0xaf, 0x6f, 0x4e, 0xc0, 0xf1, 0x1e, 0x37,
0x64, 0x15, 0x42, 0x96, 0x18, 0x3a, 0x89, 0xc8,
0x14, 0x48, 0x89, 0x5c, 0x12, 0x88, 0x98, 0x0b,
0x7b, 0x4e, 0xce, 0x1c, 0xda, 0xd5, 0xa4, 0xd3,
0x32, 0x32, 0x74, 0x5b, 0xcc, 0xfd, 0x2b, 0x02,
0xfb, 0xae, 0xd0, 0x5a, 0x4c, 0xc9, 0xc1, 0x35,
0x19, 0x90, 0x5f, 0xca, 0x14, 0xeb, 0x4c, 0x17,
0xd7, 0xe3, 0xe2, 0x5d, 0xb4, 0x49, 0xaa, 0xf0,
0x50, 0x87, 0xc3, 0x20, 0x00, 0xda, 0xe9, 0x04,
0x80, 0x64, 0xac, 0x9f, 0xcd, 0x26, 0x41, 0x48,
0xe8, 0x4c, 0x46, 0xcc, 0x5b, 0xd7, 0xca, 0x4c,
0x1b, 0x43, 0x43, 0x1e, 0xbd, 0x94, 0xe7, 0xa7,
0xa6, 0x86, 0xe5, 0xd1, 0x78, 0x29, 0xa2, 0x40,
0xc5, 0xc5, 0x47, 0xb6, 0x6d, 0x53, 0xde, 0xac,
0x97, 0x74, 0x24, 0x57, 0xcc, 0x05, 0x93, 0xfd,
0x52, 0x35, 0x29, 0xd5, 0xe0, 0xfa, 0x23, 0x0d,
0xd7, 0xaa, 0x8b, 0x07, 0x4b, 0xf6, 0x64, 0xc7,
0xad, 0x3c, 0xa1, 0xb5, 0xc5, 0x70, 0xaf, 0x46,
0xfe, 0x9a, 0x82, 0x4d, 0x75, 0xb8, 0x6d
};
/*
* Security Key By Yubico
* 5.1.X
@@ -2135,6 +2549,13 @@ valid_tpm_es256_cred(bool xfail)
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK);
assert(fido_cred_set_attstmt(c, attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == FIDO_OK);
assert(fido_cred_x5c_list_count(c) == 2);
assert(fido_cred_x5c_list_len(c, 0) == sizeof(x509_0_tpm_es256));
assert(memcmp(fido_cred_x5c_list_ptr(c, 0), x509_0_tpm_es256, sizeof(x509_0_tpm_es256)) == 0);
assert(fido_cred_x5c_list_len(c, 1) == sizeof(x509_1_tpm_es256));
assert(memcmp(fido_cred_x5c_list_ptr(c, 1), x509_1_tpm_es256, sizeof(x509_1_tpm_es256)) == 0);
assert(fido_cred_x5c_list_len(c, 2) == 0);
assert(fido_cred_x5c_list_ptr(c, 2) == NULL);
// XXX: RHEL9 has deprecated SHA-1 for signing.
assert(fido_cred_verify(c) == (xfail ? FIDO_ERR_INVALID_SIG : FIDO_OK));
assert(fido_cred_prot(c) == 0);
@@ -2147,6 +2568,61 @@ valid_tpm_es256_cred(bool xfail)
free_cred(c);
}
static void
push_kv(cbor_item_t *map, const char *key, cbor_item_t *value)
{
struct cbor_pair kv;
cbor_item_t *tmp;
memset(&kv, 0, sizeof(kv));
assert(map != NULL && key != NULL && value != NULL);
assert((tmp = cbor_build_string(key)) != NULL);
/* XXX transfers ownership */
kv.key = cbor_move(tmp);
kv.value = cbor_move(value);
assert(cbor_map_add(map, kv));
}
static void
attestation_object(void)
{
struct cbor_load_result cbor;
unsigned char *attobj = NULL;
size_t len, alloclen = 0;
cbor_item_t *map;
fido_cred_t *c;
assert((map = cbor_new_definite_map(3)) != NULL);
push_kv(map, "fmt", cbor_build_string("tpm"));
push_kv(map, "attStmt", cbor_load(attstmt_tpm_es256,
sizeof(attstmt_tpm_es256), &cbor));
push_kv(map, "authData", cbor_load(authdata_tpm_es256,
sizeof(authdata_tpm_es256), &cbor));
assert((len = cbor_serialize_alloc(map, &attobj, &alloclen)));
cbor_decref(&map);
c = alloc_cred();
assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK);
assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK);
assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK);
assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK);
assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK);
assert(fido_cred_set_attobj(c, attobj, len) == FIDO_OK);
assert(strcmp(fido_cred_fmt(c), "tpm") == 0);
assert(fido_cred_attstmt_len(c) == sizeof(attstmt_tpm_es256));
assert(memcmp(fido_cred_attstmt_ptr(c), attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == 0);
assert(fido_cred_authdata_len(c) == sizeof(authdata_tpm_es256));
assert(memcmp(fido_cred_authdata_ptr(c), authdata_tpm_es256, sizeof(authdata_tpm_es256)) == 0);
assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm_es256));
assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm_es256, sizeof(pubkey_tpm_es256)) == 0);
assert(fido_cred_id_len(c) == sizeof(id_tpm_es256));
assert(memcmp(fido_cred_id_ptr(c), id_tpm_es256, sizeof(id_tpm_es256)) == 0);
assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm));
assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0);
free_cred(c);
free(attobj);
}
int
main(void)
{
@@ -2180,6 +2656,7 @@ main(void)
fmt_none();
valid_tpm_rs256_cred(xfail);
valid_tpm_es256_cred(xfail);
attestation_object();
exit(0);
}
+3 -5
View File
@@ -151,8 +151,6 @@ endif()
install(FILES fido.h DESTINATION include)
install(DIRECTORY fido DESTINATION include)
if(NOT MSVC)
configure_file(libfido2.pc.in libfido2.pc @ONLY)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc"
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
endif()
configure_file(libfido2.pc.in libfido2.pc @ONLY)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc"
DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
+10 -1
View File
@@ -57,6 +57,15 @@ bio_prepare_hmac(uint8_t cmd, cbor_item_t **argv, size_t argc,
return (ok);
}
static uint8_t
bio_get_cmd(const fido_dev_t *dev)
{
if (dev->flags & (FIDO_DEV_BIO_SET|FIDO_DEV_BIO_UNSET))
return (CTAP_CBOR_BIO_ENROLL);
return (CTAP_CBOR_BIO_ENROLL_PRE);
}
static int
bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc,
const char *pin, const fido_blob_t *token, int *ms)
@@ -66,7 +75,7 @@ bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc,
fido_blob_t *ecdh = NULL;
fido_blob_t f;
fido_blob_t hmac;
const uint8_t cmd = CTAP_CBOR_BIO_ENROLL_PRE;
const uint8_t cmd = bio_get_cmd(dev);
int r = FIDO_ERR_INTERNAL;
memset(&f, 0, sizeof(f));
+98 -7
View File
@@ -1132,6 +1132,64 @@ decode_attcred(const unsigned char **buf, size_t *len, int cose_alg,
return (ok);
}
static int
decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
fido_cred_t *cred = arg;
char *name = NULL;
int ok = -1;
if (cbor_string_copy(key, &name) < 0) {
fido_log_debug("%s: cbor type", __func__);
ok = 0; /* ignore */
goto fail;
}
if (!strcmp(name, "fmt")) {
if (cbor_decode_fmt(val, &cred->fmt) < 0) {
fido_log_debug("%s: cbor_decode_fmt", __func__);
goto fail;
}
} else if (!strcmp(name, "attStmt")) {
if (cbor_decode_attstmt(val, &cred->attstmt) < 0) {
fido_log_debug("%s: cbor_decode_attstmt", __func__);
goto fail;
}
} else if (!strcmp(name, "authData")) {
if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
fido_log_debug("%s: fido_blob_decode", __func__);
goto fail;
}
if (cbor_decode_cred_authdata(val, cred->type,
&cred->authdata_cbor, &cred->authdata, &cred->attcred,
&cred->authdata_ext) < 0) {
fido_log_debug("%s: cbor_decode_cred_authdata",
__func__);
goto fail;
}
}
ok = 0;
fail:
free(name);
return (ok);
}
/* XXX introduce fido_attobj_t? */
int
cbor_decode_attobj(const cbor_item_t *item, fido_cred_t *cred)
{
if (cbor_isa_map(item) == false ||
cbor_map_is_definite(item) == false ||
cbor_map_iter(item, cred, decode_attobj) < 0) {
fido_log_debug("%s: cbor type", __func__);
return (-1);
}
return (0);
}
static int
decode_cred_extension(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
@@ -1386,12 +1444,47 @@ cbor_decode_assert_authdata(const cbor_item_t *item, fido_blob_t *authdata_cbor,
static int
decode_x5c(const cbor_item_t *item, void *arg)
{
fido_blob_t *x5c = arg;
fido_blob_array_t *x5c = arg;
fido_blob_t *list_ptr = NULL;
fido_blob_t x5c_blob;
if (x5c->len)
return (0); /* ignore */
memset(&x5c_blob, 0, sizeof(x5c_blob));
return (fido_blob_decode(item, x5c));
if (fido_blob_decode(item, &x5c_blob) < 0) {
fido_log_debug("%s: fido_blob_decode", __func__);
return (-1);
}
if (x5c->len == SIZE_MAX) {
fido_blob_reset(&x5c_blob);
return (-1);
}
if ((list_ptr = recallocarray(x5c->ptr, x5c->len,
x5c->len + 1, sizeof(x5c_blob))) == NULL) {
fido_blob_reset(&x5c_blob);
return (-1);
}
list_ptr[x5c->len++] = x5c_blob;
x5c->ptr = list_ptr;
return (0);
}
static int
decode_x5c_array(const cbor_item_t *item, fido_blob_array_t *arr)
{
if (arr->len) {
fido_log_debug("%s: dup", __func__);
return (-1);
}
if (cbor_isa_array(item) == false ||
cbor_array_is_definite(item) == false) {
fido_log_debug("%s: cbor", __func__);
return (-1);
}
return (cbor_array_iter(item, arr, decode_x5c));
}
static int
@@ -1427,9 +1520,7 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg)
goto out;
}
} else if (!strcmp(name, "x5c")) {
if (cbor_isa_array(val) == false ||
cbor_array_is_definite(val) == false ||
cbor_array_iter(val, &attstmt->x5c, decode_x5c) < 0) {
if (decode_x5c_array(val, &attstmt->x5c)) {
fido_log_debug("%s: x5c", __func__);
goto out;
}
+97 -11
View File
@@ -284,15 +284,21 @@ verify_attstmt(const fido_blob_t *dgst, const fido_attstmt_t *attstmt)
EVP_PKEY *pkey = NULL;
int ok = -1;
/* openssl needs ints */
if (attstmt->x5c.len > INT_MAX) {
if (!attstmt->x5c.len) {
fido_log_debug("%s: x5c.len=%zu", __func__, attstmt->x5c.len);
return (-1);
}
/* openssl needs ints */
if (attstmt->x5c.ptr[0].len > INT_MAX) {
fido_log_debug("%s: x5c[0].len=%zu", __func__,
attstmt->x5c.ptr[0].len);
return (-1);
}
/* fetch key from x509 */
if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr,
(int)attstmt->x5c.len)) == NULL ||
if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr[0].ptr,
(int)attstmt->x5c.ptr[0].len)) == NULL ||
(cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
(pkey = X509_get_pubkey(cert)) == NULL) {
fido_log_debug("%s: x509 key", __func__);
@@ -543,12 +549,21 @@ fido_cred_clean_attstmt(fido_attstmt_t *attstmt)
fido_blob_reset(&attstmt->certinfo);
fido_blob_reset(&attstmt->pubarea);
fido_blob_reset(&attstmt->cbor);
fido_blob_reset(&attstmt->x5c);
fido_free_blob_array(&attstmt->x5c);
fido_blob_reset(&attstmt->sig);
memset(attstmt, 0, sizeof(*attstmt));
}
static void
fido_cred_clean_attobj(fido_cred_t *cred)
{
free(cred->fmt);
cred->fmt = NULL;
fido_cred_clean_authdata(cred);
fido_cred_clean_attstmt(&cred->attstmt);
}
void
fido_cred_reset_tx(fido_cred_t *cred)
{
@@ -576,10 +591,7 @@ fido_cred_reset_tx(fido_cred_t *cred)
void
fido_cred_reset_rx(fido_cred_t *cred)
{
free(cred->fmt);
cred->fmt = NULL;
fido_cred_clean_authdata(cred);
fido_cred_clean_attstmt(&cred->attstmt);
fido_cred_clean_attobj(cred);
fido_blob_reset(&cred->largeblob_key);
}
@@ -688,9 +700,30 @@ fido_cred_set_id(fido_cred_t *cred, const unsigned char *ptr, size_t len)
int
fido_cred_set_x509(fido_cred_t *cred, const unsigned char *ptr, size_t len)
{
if (fido_blob_set(&cred->attstmt.x5c, ptr, len) < 0)
fido_blob_t x5c_blob;
fido_blob_t *list_ptr = NULL;
memset(&x5c_blob, 0, sizeof(x5c_blob));
fido_free_blob_array(&cred->attstmt.x5c);
if (fido_blob_set(&x5c_blob, ptr, len) < 0)
return (FIDO_ERR_INVALID_ARGUMENT);
if (cred->attstmt.x5c.len == SIZE_MAX) {
fido_blob_reset(&x5c_blob);
return (FIDO_ERR_INVALID_ARGUMENT);
}
if ((list_ptr = recallocarray(cred->attstmt.x5c.ptr,
cred->attstmt.x5c.len, cred->attstmt.x5c.len + 1,
sizeof(x5c_blob))) == NULL) {
fido_blob_reset(&x5c_blob);
return (FIDO_ERR_INTERNAL);
}
list_ptr[cred->attstmt.x5c.len++] = x5c_blob;
cred->attstmt.x5c.ptr = list_ptr;
return (FIDO_OK);
}
@@ -736,6 +769,35 @@ fido_cred_set_attstmt(fido_cred_t *cred, const unsigned char *ptr, size_t len)
return (r);
}
int
fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len)
{
cbor_item_t *item = NULL;
struct cbor_load_result cbor;
int r = FIDO_ERR_INVALID_ARGUMENT;
fido_cred_clean_attobj(cred);
if (ptr == NULL || len == 0)
goto fail;
if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
fido_log_debug("%s: cbor_load", __func__);
goto fail;
}
if (cbor_decode_attobj(item, cred) != 0) {
fido_log_debug("%s: cbor_decode_attobj", __func__);
goto fail;
}
r = FIDO_OK;
fail:
if (item != NULL)
cbor_decref(&item);
return (r);
}
int
fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
{
@@ -1030,15 +1092,39 @@ fido_cred_clientdata_hash_len(const fido_cred_t *cred)
const unsigned char *
fido_cred_x5c_ptr(const fido_cred_t *cred)
{
return (cred->attstmt.x5c.ptr);
return (fido_cred_x5c_list_ptr(cred, 0));
}
size_t
fido_cred_x5c_len(const fido_cred_t *cred)
{
return (fido_cred_x5c_list_len(cred, 0));
}
size_t
fido_cred_x5c_list_count(const fido_cred_t *cred)
{
return (cred->attstmt.x5c.len);
}
const unsigned char *
fido_cred_x5c_list_ptr(const fido_cred_t *cred, size_t i)
{
if (i >= cred->attstmt.x5c.len)
return (NULL);
return (cred->attstmt.x5c.ptr[i].ptr);
}
size_t
fido_cred_x5c_list_len(const fido_cred_t *cred, size_t i)
{
if (i >= cred->attstmt.x5c.len)
return (0);
return (cred->attstmt.x5c.ptr[i].len);
}
const unsigned char *
fido_cred_sig_ptr(const fido_cred_t *cred)
{
+10 -1
View File
@@ -111,6 +111,15 @@ credman_prepare_hmac(uint8_t cmd, const void *body, cbor_item_t **param,
return (ok);
}
static uint8_t
credman_get_cmd(const fido_dev_t *dev)
{
if (dev->flags & FIDO_DEV_CREDMAN)
return (CTAP_CBOR_CRED_MGMT);
return (CTAP_CBOR_CRED_MGMT_PRE);
}
static int
credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin,
const char *rp_id, fido_opt_t uv, int *ms)
@@ -120,7 +129,7 @@ credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin,
fido_blob_t hmac;
es256_pk_t *pk = NULL;
cbor_item_t *argv[4];
const uint8_t cmd = CTAP_CBOR_CRED_MGMT_PRE;
const uint8_t cmd = credman_get_cmd(dev);
int r = FIDO_ERR_INTERNAL;
memset(&f, 0, sizeof(f));
+8 -3
View File
@@ -46,16 +46,21 @@ fido_dev_set_option_flags(fido_dev_t *dev, const fido_cbor_info_t *info)
if (strcmp(ptr[i], "clientPin") == 0) {
dev->flags |= val[i] ?
FIDO_DEV_PIN_SET : FIDO_DEV_PIN_UNSET;
} else if (strcmp(ptr[i], "credMgmt") == 0 ||
strcmp(ptr[i], "credentialMgmtPreview") == 0) {
} else if (strcmp(ptr[i], "credMgmt") == 0) {
if (val[i])
dev->flags |= FIDO_DEV_CREDMAN;
} else if (strcmp(ptr[i], "credentialMgmtPreview") == 0) {
if (val[i])
dev->flags |= FIDO_DEV_CREDMAN_PRE;
} else if (strcmp(ptr[i], "uv") == 0) {
dev->flags |= val[i] ?
FIDO_DEV_UV_SET : FIDO_DEV_UV_UNSET;
} else if (strcmp(ptr[i], "pinUvAuthToken") == 0) {
if (val[i])
dev->flags |= FIDO_DEV_TOKEN_PERMS;
} else if (strcmp(ptr[i], "bioEnroll") == 0) {
dev->flags |= val[i] ?
FIDO_DEV_BIO_SET : FIDO_DEV_BIO_UNSET;
}
}
@@ -538,7 +543,7 @@ fido_dev_supports_cred_prot(const fido_dev_t *dev)
bool
fido_dev_supports_credman(const fido_dev_t *dev)
{
return (dev->flags & FIDO_DEV_CREDMAN);
return (dev->flags & (FIDO_DEV_CREDMAN|FIDO_DEV_CREDMAN_PRE));
}
bool
+4
View File
@@ -169,6 +169,7 @@
fido_cred_rp_id;
fido_cred_rp_name;
fido_cred_set_attstmt;
fido_cred_set_attobj;
fido_cred_set_authdata;
fido_cred_set_authdata_raw;
fido_cred_set_blob;
@@ -196,6 +197,9 @@
fido_cred_verify;
fido_cred_verify_self;
fido_cred_x5c_len;
fido_cred_x5c_list_count;
fido_cred_x5c_list_len;
fido_cred_x5c_list_ptr;
fido_cred_x5c_ptr;
fido_dev_build;
fido_dev_cancel;
+4
View File
@@ -167,6 +167,7 @@ _fido_cred_pubkey_ptr
_fido_cred_rp_id
_fido_cred_rp_name
_fido_cred_set_attstmt
_fido_cred_set_attobj
_fido_cred_set_authdata
_fido_cred_set_authdata_raw
_fido_cred_set_blob
@@ -194,6 +195,9 @@ _fido_cred_user_name
_fido_cred_verify
_fido_cred_verify_self
_fido_cred_x5c_len
_fido_cred_x5c_list_count
_fido_cred_x5c_list_len
_fido_cred_x5c_list_ptr
_fido_cred_x5c_ptr
_fido_dev_build
_fido_dev_cancel
+4
View File
@@ -168,6 +168,7 @@ fido_cred_pubkey_ptr
fido_cred_rp_id
fido_cred_rp_name
fido_cred_set_attstmt
fido_cred_set_attobj
fido_cred_set_authdata
fido_cred_set_authdata_raw
fido_cred_set_blob
@@ -195,6 +196,9 @@ fido_cred_user_name
fido_cred_verify
fido_cred_verify_self
fido_cred_x5c_len
fido_cred_x5c_list_count
fido_cred_x5c_list_len
fido_cred_x5c_list_ptr
fido_cred_x5c_ptr
fido_dev_build
fido_dev_cancel
+14 -10
View File
@@ -58,6 +58,7 @@ cbor_item_t *es256_pk_encode(const es256_pk_t *, int);
/* cbor decoding functions */
int cbor_decode_attstmt(const cbor_item_t *, fido_attstmt_t *);
int cbor_decode_attobj(const cbor_item_t *, fido_cred_t *);
int cbor_decode_bool(const cbor_item_t *, bool *);
int cbor_decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *,
fido_authdata_t *, fido_attcred_t *, fido_cred_ext_t *);
@@ -249,16 +250,19 @@ uint32_t uniform_random(uint32_t);
#endif
/* internal device capability flags */
#define FIDO_DEV_PIN_SET 0x001
#define FIDO_DEV_PIN_UNSET 0x002
#define FIDO_DEV_CRED_PROT 0x004
#define FIDO_DEV_CREDMAN 0x008
#define FIDO_DEV_PIN_PROTOCOL1 0x010
#define FIDO_DEV_PIN_PROTOCOL2 0x020
#define FIDO_DEV_UV_SET 0x040
#define FIDO_DEV_UV_UNSET 0x080
#define FIDO_DEV_TOKEN_PERMS 0x100
#define FIDO_DEV_WINHELLO 0x200
#define FIDO_DEV_PIN_SET 0x0001
#define FIDO_DEV_PIN_UNSET 0x0002
#define FIDO_DEV_CRED_PROT 0x0004
#define FIDO_DEV_CREDMAN 0x0008
#define FIDO_DEV_PIN_PROTOCOL1 0x0010
#define FIDO_DEV_PIN_PROTOCOL2 0x0020
#define FIDO_DEV_UV_SET 0x0040
#define FIDO_DEV_UV_UNSET 0x0080
#define FIDO_DEV_TOKEN_PERMS 0x0100
#define FIDO_DEV_WINHELLO 0x0200
#define FIDO_DEV_CREDMAN_PRE 0x0400
#define FIDO_DEV_BIO_SET 0x0800
#define FIDO_DEV_BIO_UNSET 0x1000
/* miscellanea */
#define FIDO_DUMMY_CLIENTDATA ""
+4
View File
@@ -124,6 +124,7 @@ const unsigned char *fido_cred_pubkey_ptr(const fido_cred_t *);
const unsigned char *fido_cred_sig_ptr(const fido_cred_t *);
const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *);
const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *);
const unsigned char *fido_cred_x5c_list_ptr(const fido_cred_t *, size_t);
int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t);
int fido_assert_empty_allow_list(fido_assert_t *);
@@ -151,6 +152,7 @@ int fido_cred_empty_exclude_list(fido_cred_t *);
int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_prot(const fido_cred_t *);
int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_attobj(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t);
int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t);
@@ -226,6 +228,8 @@ size_t fido_cred_pubkey_len(const fido_cred_t *);
size_t fido_cred_sig_len(const fido_cred_t *);
size_t fido_cred_user_id_len(const fido_cred_t *);
size_t fido_cred_x5c_len(const fido_cred_t *);
size_t fido_cred_x5c_list_count(const fido_cred_t *);
size_t fido_cred_x5c_list_len(const fido_cred_t *, size_t);
uint8_t fido_assert_flags(const fido_assert_t *, size_t);
uint32_t fido_assert_sigcount(const fido_assert_t *, size_t);
+2
View File
@@ -53,6 +53,8 @@
#define CTAP_CBOR_CLIENT_PIN 0x06
#define CTAP_CBOR_RESET 0x07
#define CTAP_CBOR_NEXT_ASSERT 0x08
#define CTAP_CBOR_BIO_ENROLL 0x09
#define CTAP_CBOR_CRED_MGMT 0x0a
#define CTAP_CBOR_LARGEBLOB 0x0c
#define CTAP_CBOR_CONFIG 0x0d
#define CTAP_CBOR_BIO_ENROLL_PRE 0x40
+6 -6
View File
@@ -140,12 +140,12 @@ typedef struct fido_attcred {
} fido_attcred_t;
typedef struct fido_attstmt {
fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */
fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */
fido_blob_t cbor; /* cbor-encoded attestation statement */
fido_blob_t x5c; /* attestation certificate */
fido_blob_t sig; /* attestation signature */
int alg; /* attestation algorithm (cose) */
fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */
fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */
fido_blob_t cbor; /* cbor-encoded attestation statement */
fido_blob_array_t x5c; /* attestation certificate chain */
fido_blob_t sig; /* attestation signature */
int alg; /* attestation algorithm (cose) */
} fido_attstmt_t;
typedef struct fido_rp {
+26 -10
View File
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Copyright (c) 2019-2024 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
@@ -77,12 +77,13 @@ is_fido(const char *path)
static int
parse_uevent(const char *uevent, int *bus, int16_t *vendor_id,
int16_t *product_id)
int16_t *product_id, char **hid_name)
{
char *cp;
char *p;
char *s;
int ok = -1;
bool found_id = false;
bool found_name = false;
short unsigned int x;
short unsigned int y;
short unsigned int z;
@@ -91,20 +92,25 @@ parse_uevent(const char *uevent, int *bus, int16_t *vendor_id,
return (-1);
while ((p = strsep(&cp, "\n")) != NULL && *p != '\0') {
if (strncmp(p, "HID_ID=", 7) == 0) {
if (!found_id && strncmp(p, "HID_ID=", 7) == 0) {
if (sscanf(p + 7, "%hx:%hx:%hx", &x, &y, &z) == 3) {
*bus = (int)x;
*vendor_id = (int16_t)y;
*product_id = (int16_t)z;
ok = 0;
break;
found_id = true;
}
} else if (!found_name && strncmp(p, "HID_NAME=", 9) == 0) {
if ((*hid_name = strdup(p + 9)) != NULL)
found_name = true;
}
}
free(s);
return (ok);
if (!found_name || !found_id)
return (-1);
return (0);
}
static char *
@@ -137,6 +143,7 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
char *uevent = NULL;
struct udev_device *dev = NULL;
int bus = 0;
char *hid_name = NULL;
int ok = -1;
memset(di, 0, sizeof(*di));
@@ -148,7 +155,8 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
goto fail;
if ((uevent = get_parent_attr(dev, "hid", NULL, "uevent")) == NULL ||
parse_uevent(uevent, &bus, &di->vendor_id, &di->product_id) < 0) {
parse_uevent(uevent, &bus, &di->vendor_id, &di->product_id,
&hid_name) < 0) {
fido_log_debug("%s: uevent", __func__);
goto fail;
}
@@ -161,9 +169,16 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
#endif
di->path = strdup(path);
if ((di->manufacturer = get_usb_attr(dev, "manufacturer")) == NULL)
di->manufacturer = get_usb_attr(dev, "manufacturer");
di->product = get_usb_attr(dev, "product");
if (di->manufacturer == NULL && di->product == NULL) {
di->product = hid_name; /* fallback */
hid_name = NULL;
}
if (di->manufacturer == NULL)
di->manufacturer = strdup("");
if ((di->product = get_usb_attr(dev, "product")) == NULL)
if (di->product == NULL)
di->product = strdup("");
if (di->path == NULL || di->manufacturer == NULL || di->product == NULL)
goto fail;
@@ -174,6 +189,7 @@ copy_info(fido_dev_info_t *di, struct udev *udev,
udev_device_unref(dev);
free(uevent);
free(hid_name);
if (ok < 0) {
free(di->path);
+3 -3
View File
@@ -127,14 +127,14 @@ fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
char path[64];
size_t i;
if (devlist == NULL || olen == NULL)
return (FIDO_ERR_INVALID_ARGUMENT);
*olen = 0;
if (ilen == 0)
return (FIDO_OK); /* nothing to do */
if (devlist == NULL || olen == NULL)
return (FIDO_ERR_INVALID_ARGUMENT);
for (i = *olen = 0; i < MAX_UHID && *olen < ilen; i++) {
snprintf(path, sizeof(path), "/dev/uhid%zu", i);
if (copy_info(&devlist[*olen], path) == 0) {
+28 -14
View File
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Copyright (c) 2019-2023 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
@@ -523,6 +523,21 @@ fido_hid_set_sigmask(void *handle, const fido_sigset_t *sigmask)
return (FIDO_ERR_INTERNAL);
}
static void
schedule_io_loop(struct hid_osx *ctx, int ms)
{
IOHIDDeviceScheduleWithRunLoop(ctx->ref, CFRunLoopGetCurrent(),
ctx->loop_id);
if (ms == -1)
ms = 5000; /* wait 5 seconds by default */
CFRunLoopRunInMode(ctx->loop_id, (double)ms/1000.0, true);
IOHIDDeviceUnscheduleFromRunLoop(ctx->ref, CFRunLoopGetCurrent(),
ctx->loop_id);
}
int
fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
{
@@ -537,20 +552,19 @@ fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
return (-1);
}
IOHIDDeviceScheduleWithRunLoop(ctx->ref, CFRunLoopGetCurrent(),
ctx->loop_id);
if (ms == -1)
ms = 5000; /* wait 5 seconds by default */
CFRunLoopRunInMode(ctx->loop_id, (double)ms/1000.0, true);
IOHIDDeviceUnscheduleFromRunLoop(ctx->ref, CFRunLoopGetCurrent(),
ctx->loop_id);
/* check for pending frame */
if ((r = read(ctx->report_pipe[0], buf, len)) == -1) {
fido_log_error(errno, "%s: read", __func__);
return (-1);
if (errno != EAGAIN && errno != EWOULDBLOCK) {
fido_log_error(errno, "%s: read", __func__);
return (-1);
}
schedule_io_loop(ctx, ms);
if ((r = read(ctx->report_pipe[0], buf, len)) == -1) {
fido_log_error(errno, "%s: read", __func__);
return (-1);
}
}
if (r < 0 || (size_t)r != len) {
+2
View File
@@ -131,12 +131,14 @@ encode_uv_permission(uint8_t cmd)
case CTAP_CBOR_ASSERT:
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_ASSERT));
case CTAP_CBOR_BIO_ENROLL_PRE:
case CTAP_CBOR_BIO_ENROLL:
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_BIO));
case CTAP_CBOR_CONFIG:
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_CONFIG));
case CTAP_CBOR_MAKECRED:
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_MAKECRED));
case CTAP_CBOR_CRED_MGMT_PRE:
case CTAP_CBOR_CRED_MGMT:
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_CRED_MGMT));
case CTAP_CBOR_LARGEBLOB:
return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_LARGEBLOB));
+9 -44
View File
@@ -10,55 +10,21 @@
#include "fido.h"
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL
static EVP_MD *
rs1_get_EVP_MD(void)
{
const EVP_MD *from;
EVP_MD *to = NULL;
if ((from = EVP_sha1()) != NULL && (to = malloc(sizeof(*to))) != NULL)
memcpy(to, from, sizeof(*to));
return (to);
}
static void
rs1_free_EVP_MD(EVP_MD *md)
{
freezero(md, sizeof(*md));
}
#elif OPENSSL_VERSION_NUMBER >= 0x30000000
static EVP_MD *
rs1_get_EVP_MD(void)
{
return (EVP_MD_fetch(NULL, "SHA-1", NULL));
}
static void
rs1_free_EVP_MD(EVP_MD *md)
{
EVP_MD_free(md);
}
#if defined(__GNUC__)
#define PRAGMA(s) _Pragma(s)
#else
#define PRAGMA(s)
#endif
static EVP_MD *
rs1_get_EVP_MD(void)
{
const EVP_MD *md;
if ((md = EVP_sha1()) == NULL)
return (NULL);
return (EVP_MD_meth_dup(md));
PRAGMA("GCC diagnostic push")
PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"")
return ((EVP_MD *)EVP_sha1());
PRAGMA("GCC diagnostic pop")
}
static void
rs1_free_EVP_MD(EVP_MD *md)
{
EVP_MD_meth_free(md);
}
#endif /* LIBRESSL_VERSION_NUMBER */
int
rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
const fido_blob_t *sig)
@@ -94,7 +60,6 @@ rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
ok = 0;
fail:
EVP_PKEY_CTX_free(pctx);
rs1_free_EVP_MD(md);
return (ok);
}
+9 -44
View File
@@ -18,55 +18,21 @@
#define get0_RSA(x) EVP_PKEY_get0((x))
#endif
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL
static EVP_MD *
rs256_get_EVP_MD(void)
{
const EVP_MD *from;
EVP_MD *to = NULL;
if ((from = EVP_sha256()) != NULL && (to = malloc(sizeof(*to))) != NULL)
memcpy(to, from, sizeof(*to));
return (to);
}
static void
rs256_free_EVP_MD(EVP_MD *md)
{
freezero(md, sizeof(*md));
}
#elif OPENSSL_VERSION_NUMBER >= 0x30000000
static EVP_MD *
rs256_get_EVP_MD(void)
{
return (EVP_MD_fetch(NULL, "SHA2-256", NULL));
}
static void
rs256_free_EVP_MD(EVP_MD *md)
{
EVP_MD_free(md);
}
#if defined(__GNUC__)
#define PRAGMA(s) _Pragma(s)
#else
#define PRAGMA(s)
#endif
static EVP_MD *
rs256_get_EVP_MD(void)
{
const EVP_MD *md;
if ((md = EVP_sha256()) == NULL)
return (NULL);
return (EVP_MD_meth_dup(md));
PRAGMA("GCC diagnostic push")
PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"")
return ((EVP_MD *)EVP_sha256());
PRAGMA("GCC diagnostic pop")
}
static void
rs256_free_EVP_MD(EVP_MD *md)
{
EVP_MD_meth_free(md);
}
#endif /* LIBRESSL_VERSION_NUMBER */
static int
decode_bignum(const cbor_item_t *item, void *ptr, size_t len)
{
@@ -290,7 +256,6 @@ rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
ok = 0;
fail:
EVP_PKEY_CTX_free(pctx);
rs256_free_EVP_MD(md);
return (ok);
}
+2 -48
View File
@@ -739,50 +739,6 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred,
return FIDO_OK;
}
static int
decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg)
{
fido_cred_t *cred = arg;
char *name = NULL;
int ok = -1;
if (cbor_string_copy(key, &name) < 0) {
fido_log_debug("%s: cbor type", __func__);
ok = 0; /* ignore */
goto fail;
}
if (!strcmp(name, "fmt")) {
if (cbor_decode_fmt(val, &cred->fmt) < 0) {
fido_log_debug("%s: cbor_decode_fmt", __func__);
goto fail;
}
} else if (!strcmp(name, "attStmt")) {
if (cbor_decode_attstmt(val, &cred->attstmt) < 0) {
fido_log_debug("%s: cbor_decode_attstmt", __func__);
goto fail;
}
} else if (!strcmp(name, "authData")) {
if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
fido_log_debug("%s: fido_blob_decode", __func__);
goto fail;
}
if (cbor_decode_cred_authdata(val, cred->type,
&cred->authdata_cbor, &cred->authdata, &cred->attcred,
&cred->authdata_ext) < 0) {
fido_log_debug("%s: cbor_decode_cred_authdata",
__func__);
goto fail;
}
}
ok = 0;
fail:
free(name);
return (ok);
}
static int
translate_winhello_cred(fido_cred_t *cred,
const WEBAUTHN_CREDENTIAL_ATTESTATION *att)
@@ -800,10 +756,8 @@ translate_winhello_cred(fido_cred_t *cred,
fido_log_debug("%s: cbor_load", __func__);
goto fail;
}
if (cbor_isa_map(item) == false ||
cbor_map_is_definite(item) == false ||
cbor_map_iter(item, cred, decode_attobj) < 0) {
fido_log_debug("%s: cbor type", __func__);
if (cbor_decode_attobj(item, cred) != 0) {
fido_log_debug("%s: cbor_decode_attobj", __func__);
goto fail;
}
+5 -2
View File
@@ -119,6 +119,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
char *user_id = NULL;
const char *type;
const char *prot;
int r = -1;
if ((cred = fido_credman_rk(rk, idx)) == NULL) {
warnx("fido_credman_rk");
@@ -128,7 +129,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
&id) < 0 || base64_encode(fido_cred_user_id_ptr(cred),
fido_cred_user_id_len(cred), &user_id) < 0) {
warnx("output error");
return -1;
goto out;
}
type = cose_string(fido_cred_type(cred));
@@ -137,10 +138,12 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
printf("%02u: %s %s %s %s %s\n", (unsigned)idx, id,
fido_cred_display_name(cred), user_id, type, prot);
r = 0;
out:
free(user_id);
free(id);
return 0;
return r;
}
int
+9
View File
@@ -169,6 +169,12 @@ print_maxcredcntlst(uint64_t maxcredcntlst)
printf("maxcredcntlst: %d\n", (int)maxcredcntlst);
}
static void
print_maxcredblob(uint64_t maxcredblob)
{
printf("maxcredblob: %d\n", (int)maxcredblob);
}
static void
print_maxcredidlen(uint64_t maxcredidlen)
{
@@ -388,6 +394,9 @@ token_info(int argc, char **argv, char *path)
/* print maximum length of a credential ID */
print_maxcredidlen(fido_cbor_info_maxcredidlen(ci));
/* print maximum length of credBlob */
print_maxcredblob(fido_cbor_info_maxcredbloblen(ci));
/* print maximum length of serialized largeBlob array */
print_maxlargeblob(fido_cbor_info_maxlargeblob(ci));
+12 -3
View File
@@ -98,6 +98,13 @@ New-Item -Type Directory "${STAGE}\${LIBRESSL}" -Force
New-Item -Type Directory "${STAGE}\${LIBCBOR}" -Force
New-Item -Type Directory "${STAGE}\${ZLIB}" -Force
# Create GNUPGHOME with an empty common.conf to disable use-keyboxd.
# Recent default is to enable keyboxd which in turn ignores --keyring
# arguments.
$GpgHome = "${BUILD}\.gnupg"
New-Item -Type Directory "${GpgHome}" -Force
New-Item -Type File "${GpgHome}\common.conf" -Force
# Create output directories.
New-Item -Type Directory "${OUTPUT}" -Force
New-Item -Type Directory "${OUTPUT}\${Arch}" -Force
@@ -117,8 +124,9 @@ try {
}
Copy-Item "$PSScriptRoot\libressl.gpg" -Destination "${BUILD}"
& $GPG --list-keys
& $GPG --quiet --no-default-keyring --keyring ./libressl.gpg `
& $GPG --homedir ${GpgHome} --list-keys
& $GPG --homedir ${GpgHome} --quiet --no-default-keyring `
--keyring ./libressl.gpg `
--verify .\${LIBRESSL}.tar.gz.asc .\${LIBRESSL}.tar.gz
if ($LastExitCode -ne 0) {
throw "GPG signature verification failed"
@@ -144,8 +152,9 @@ Push-Location ${STAGE}\${LIBRESSL}
try {
& $CMake ..\..\..\${LIBRESSL} -A "${Arch}" `
-DBUILD_SHARED_LIBS="${SHARED}" -DLIBRESSL_TESTS=OFF `
-DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" `
-DLIBRESSL_APPS=OFF -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" `
-DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" `
-DCMAKE_MSVC_RUNTIME_LIBRARY="${CMAKE_MSVC_RUNTIME_LIBRARY}" `
-DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; `
ExitOnError
& $CMake --build . --config ${Config} --verbose; ExitOnError
+8 -8
View File
@@ -1,24 +1,24 @@
# Copyright (c) 2021-2023 Yubico AB. All rights reserved.
# Copyright (c) 2021-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
# LibreSSL coordinates.
New-Variable -Name 'LIBRESSL_URL' `
-Value 'https://cloudflare.cdn.openbsd.org/pub/OpenBSD/LibreSSL' `
-Value 'https://ftp.openbsd.org/pub/OpenBSD/LibreSSL' `
-Option Constant
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.7.3' -Option Constant
New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto-50' -Option Constant
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.9.2' -Option Constant
New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto' -Option Constant
# libcbor coordinates.
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.10.2' -Option Constant
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.10.2' -Option Constant
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.11.0' -Option Constant
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.11.0' -Option Constant
New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' `
-Option Constant
# zlib coordinates.
New-Variable -Name 'ZLIB' -Value 'zlib-1.3' -Option Constant
New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.3' -Option Constant
New-Variable -Name 'ZLIB' -Value 'zlib-1.3.1' -Option Constant
New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.3.1' -Option Constant
New-Variable -Name 'ZLIB_GIT' -Value 'https://github.com/madler/zlib' `
-Option Constant
+9 -2
View File
@@ -38,6 +38,13 @@ Write-Host "GPG: $GPG"
New-Item -Type Directory "${Cygwin}" -Force
New-Item -Type Directory "${Root}" -Force
# Create GNUPGHOME with an empty common.conf to disable use-keyboxd.
# Recent default is to enable keyboxd which in turn ignores --keyring
# arguments.
$GpgHome = "${Cygwin}\.gnupg"
New-Item -Type Directory "${GpgHome}" -Force
New-Item -Type File "${GpgHome}\common.conf" -Force
# Fetch and verify Cygwin.
try {
if (-Not (Test-Path ${Cygwin}\${Setup} -PathType leaf)) {
@@ -48,8 +55,8 @@ try {
Invoke-WebRequest ${URL}/${Setup}.sig `
-OutFile ${Cygwin}\${Setup}.sig
}
& $GPG --list-keys
& $GPG --quiet --no-default-keyring `
& $GPG --homedir ${GpgHome} --list-keys
& $GPG --homedir ${GpgHome} --quiet --no-default-keyring `
--keyring ${PSScriptRoot}/cygwin.gpg `
--verify ${Cygwin}\${Setup}.sig ${Cygwin}\${Setup}
if ($LastExitCode -ne 0) {
+6 -8
View File
@@ -1,4 +1,4 @@
# Copyright (c) 2021-2022 Yubico AB. All rights reserved.
# Copyright (c) 2021-2024 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
@@ -60,14 +60,12 @@ Function Package-PDBs(${SRC}, ${DEST}) {
}
Function Package-StaticPDBs(${SRC}, ${DEST}) {
# NOTE: original file names must be preserved
Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" `
"${DEST}\${CRYPTO_LIBRARIES}.pdb"
Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" `
"${DEST}\cbor.pdb"
Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" `
"${DEST}\zlib1.pdb"
Copy-Item "${SRC}\src\${Config}\fido2_static.pdb" `
"${DEST}\fido2.pdb"
"${DEST}"
Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" "${DEST}"
Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" "${DEST}"
Copy-Item "${SRC}\src\${Config}\fido2_static.pdb" "${DEST}"
}
Function Package-Tools(${SRC}, ${DEST}) {