mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 10:19:04 +00:00
Vendor import of libfido2 0.13.0
This commit is contained in:
parent
fdfa06d7d3
commit
00db45a658
|
@ -29,17 +29,17 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
|
|||
set(CMAKE_COLOR_MAKEFILE OFF)
|
||||
set(CMAKE_VERBOSE_MAKEFILE ON)
|
||||
set(FIDO_MAJOR "1")
|
||||
set(FIDO_MINOR "12")
|
||||
set(FIDO_MINOR "13")
|
||||
set(FIDO_PATCH "0")
|
||||
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
|
||||
|
||||
option(BUILD_TESTS "Build the regress tests" ON)
|
||||
option(BUILD_EXAMPLES "Build example programs" ON)
|
||||
option(BUILD_MANPAGES "Build man pages" ON)
|
||||
option(BUILD_SHARED_LIBS "Build a shared library" ON)
|
||||
option(BUILD_STATIC_LIBS "Build a static library" ON)
|
||||
option(BUILD_TOOLS "Build tool programs" ON)
|
||||
option(FUZZ "Enable fuzzing instrumentation" OFF)
|
||||
option(LIBFUZZER "Build libfuzzer harnesses" OFF)
|
||||
option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
|
||||
option(USE_PCSC "Enable experimental PCSC support" OFF)
|
||||
option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" ON)
|
||||
|
@ -49,6 +49,14 @@ add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
|
|||
add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
|
||||
add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
|
||||
|
||||
if(BUILD_SHARED_LIBS)
|
||||
set(_FIDO2_LIBRARY fido2_shared)
|
||||
elseif(BUILD_STATIC_LIBS)
|
||||
set(_FIDO2_LIBRARY fido2)
|
||||
else()
|
||||
message(FATAL_ERROR "Nothing to build (BUILD_*_LIBS=OFF)")
|
||||
endif()
|
||||
|
||||
if(CYGWIN OR MSYS OR MINGW)
|
||||
set(WIN32 1)
|
||||
endif()
|
||||
|
@ -151,7 +159,7 @@ foreach(v ${CHECK_VARIABLES})
|
|||
endif()
|
||||
endforeach()
|
||||
|
||||
if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER)
|
||||
if(HAVE_EXPLICIT_BZERO AND NOT FUZZ)
|
||||
add_definitions(-DHAVE_EXPLICIT_BZERO)
|
||||
endif()
|
||||
|
||||
|
@ -159,19 +167,30 @@ if(UNIX)
|
|||
add_definitions(-DHAVE_DEV_URANDOM)
|
||||
endif()
|
||||
|
||||
|
||||
if(MSVC)
|
||||
if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR
|
||||
(NOT CBOR_BIN_DIRS) OR (NOT CRYPTO_INCLUDE_DIRS) OR
|
||||
(NOT CRYPTO_LIBRARY_DIRS) OR (NOT CRYPTO_BIN_DIRS) OR
|
||||
(NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS) OR
|
||||
(NOT ZLIB_BIN_DIRS))
|
||||
(NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR
|
||||
(NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS))
|
||||
message(FATAL_ERROR "please define "
|
||||
"{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY,BIN}_DIRS when "
|
||||
"{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when "
|
||||
"building under msvc")
|
||||
endif()
|
||||
set(CBOR_LIBRARIES cbor)
|
||||
set(ZLIB_LIBRARIES zlib1)
|
||||
set(CRYPTO_LIBRARIES crypto-49)
|
||||
if(BUILD_TESTS AND BUILD_SHARED_LIBS AND
|
||||
((NOT CBOR_BIN_DIRS) OR (NOT ZLIB_BIN_DIRS) OR (NOT CRYPTO_BIN_DIRS)))
|
||||
message(FATAL_ERROR "please define {CBOR,CRYPTO,ZLIB}_BIN_DIRS "
|
||||
"when building tests")
|
||||
endif()
|
||||
if(NOT CBOR_LIBRARIES)
|
||||
set(CBOR_LIBRARIES cbor)
|
||||
endif()
|
||||
if(NOT ZLIB_LIBRARIES)
|
||||
set(ZLIB_LIBRARIES zlib1)
|
||||
endif()
|
||||
if(NOT CRYPTO_LIBRARIES)
|
||||
set(CRYPTO_LIBRARIES crypto)
|
||||
endif()
|
||||
|
||||
set(MSVC_DISABLED_WARNINGS_LIST
|
||||
"C4152" # nonstandard extension used: function/data pointer
|
||||
# conversion in expression;
|
||||
|
@ -213,8 +232,12 @@ else()
|
|||
message(FATAL_ERROR "could not find zlib")
|
||||
endif()
|
||||
|
||||
set(CBOR_LIBRARIES "cbor")
|
||||
set(CRYPTO_LIBRARIES "crypto")
|
||||
if(NOT CBOR_LIBRARIES)
|
||||
set(CBOR_LIBRARIES "cbor")
|
||||
endif()
|
||||
if(NOT CRYPTO_LIBRARIES)
|
||||
set(CRYPTO_LIBRARIES "crypto")
|
||||
endif()
|
||||
|
||||
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
|
||||
pkg_search_module(UDEV libudev REQUIRED)
|
||||
|
@ -305,9 +328,7 @@ else()
|
|||
add_definitions(-DOPENSSL_API_COMPAT=0x10100000L)
|
||||
endif()
|
||||
|
||||
if(LIBFUZZER)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link")
|
||||
else()
|
||||
if(NOT FUZZ)
|
||||
set(EXTRA_CFLAGS "${EXTRA_CFLAGS} -Wframe-larger-than=2047")
|
||||
endif()
|
||||
endif()
|
||||
|
@ -391,6 +412,9 @@ message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}")
|
|||
message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
|
||||
message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
|
||||
message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
|
||||
if(BUILD_TESTS)
|
||||
message(STATUS "CBOR_BIN_DIRS: ${CBOR_BIN_DIRS}")
|
||||
endif()
|
||||
message(STATUS "CBOR_VERSION: ${CBOR_VERSION}")
|
||||
message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
|
||||
message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
|
||||
|
@ -408,12 +432,21 @@ message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
|
|||
message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
|
||||
message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
|
||||
message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
|
||||
if(BUILD_TESTS)
|
||||
message(STATUS "CRYPTO_BIN_DIRS: ${CRYPTO_BIN_DIRS}")
|
||||
endif()
|
||||
message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}")
|
||||
message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
|
||||
message(STATUS "FUZZ: ${FUZZ}")
|
||||
if(FUZZ)
|
||||
message(STATUS "FUZZ_LDFLAGS: ${FUZZ_LDFLAGS}")
|
||||
endif()
|
||||
message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}")
|
||||
message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}")
|
||||
message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}")
|
||||
if(BUILD_TESTS)
|
||||
message(STATUS "ZLIB_BIN_DIRS: ${ZLIB_BIN_DIRS}")
|
||||
endif()
|
||||
message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}")
|
||||
if(USE_HIDAPI)
|
||||
message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
|
||||
|
@ -425,7 +458,6 @@ message(STATUS "PCSC_INCLUDE_DIRS: ${PCSC_INCLUDE_DIRS}")
|
|||
message(STATUS "PCSC_LIBRARIES: ${PCSC_LIBRARIES}")
|
||||
message(STATUS "PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
|
||||
message(STATUS "PCSC_VERSION: ${PCSC_VERSION}")
|
||||
message(STATUS "LIBFUZZER: ${LIBFUZZER}")
|
||||
message(STATUS "TLS: ${TLS}")
|
||||
message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
|
||||
message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
|
||||
|
@ -437,33 +469,30 @@ message(STATUS "USE_PCSC: ${USE_PCSC}")
|
|||
message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
|
||||
message(STATUS "NFC_LINUX: ${NFC_LINUX}")
|
||||
|
||||
if(BUILD_SHARED_LIBS)
|
||||
set(_FIDO2_LIBRARY fido2_shared)
|
||||
elseif(BUILD_STATIC_LIBS)
|
||||
set(_FIDO2_LIBRARY fido2)
|
||||
else()
|
||||
message(FATAL_ERROR "Nothing to build (BUILD_*_LIBS=OFF)")
|
||||
if(BUILD_TESTS)
|
||||
enable_testing()
|
||||
endif()
|
||||
|
||||
enable_testing()
|
||||
add_subdirectory(src)
|
||||
|
||||
subdirs(src)
|
||||
subdirs(regress)
|
||||
if(BUILD_TESTS)
|
||||
add_subdirectory(regress)
|
||||
endif()
|
||||
if(BUILD_EXAMPLES)
|
||||
subdirs(examples)
|
||||
add_subdirectory(examples)
|
||||
endif()
|
||||
if(BUILD_TOOLS)
|
||||
subdirs(tools)
|
||||
add_subdirectory(tools)
|
||||
endif()
|
||||
if(BUILD_MANPAGES)
|
||||
subdirs(man)
|
||||
add_subdirectory(man)
|
||||
endif()
|
||||
|
||||
if(NOT WIN32)
|
||||
if(FUZZ)
|
||||
subdirs(fuzz)
|
||||
add_subdirectory(fuzz)
|
||||
endif()
|
||||
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
|
||||
subdirs(udev)
|
||||
add_subdirectory(udev)
|
||||
endif()
|
||||
endif()
|
||||
|
|
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
Copyright (c) 2018-2022 Yubico AB. All rights reserved.
|
||||
Copyright (c) 2018-2023 Yubico AB. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
|
|
8
NEWS
8
NEWS
|
@ -1,3 +1,11 @@
|
|||
* Version 1.13.0 (2023-02-20)
|
||||
** Support for linking against OpenSSL on Windows; gh#668.
|
||||
** New API calls:
|
||||
- fido_assert_empty_allow_list;
|
||||
- fido_cred_empty_exclude_list.
|
||||
** fido2-token: fix issue when listing large blobs.
|
||||
** Improved support for different fuzzing engines.
|
||||
|
||||
* Version 1.12.0 (2022-09-22)
|
||||
** Support for COSE_ES384.
|
||||
** Support for hidraw(4) on FreeBSD; gh#597.
|
||||
|
|
|
@ -38,7 +38,7 @@ is also available.
|
|||
|
||||
=== Releases
|
||||
|
||||
The current release of *libfido2* is 1.12.0. Signed release tarballs are
|
||||
The current release of *libfido2* is 1.13.0. Signed release tarballs are
|
||||
available at Yubico's
|
||||
https://developers.yubico.com/libfido2/Releases[release page].
|
||||
|
||||
|
@ -119,7 +119,6 @@ officially supported.
|
|||
| BUILD_STATIC_LIBS | Build a static library | ON
|
||||
| BUILD_TOOLS | Build auxiliary tools | ON
|
||||
| FUZZ | Enable fuzzing instrumentation | OFF
|
||||
| LIBFUZZER | Build libfuzzer harnesses | OFF
|
||||
| NFC_LINUX | Enable netlink NFC support on Linux | ON
|
||||
| USE_HIDAPI | Use hidapi as the HID backend | OFF
|
||||
| USE_PCSC | Enable experimental PCSC support | OFF
|
||||
|
|
|
@ -20,8 +20,7 @@ The following definitions are used in the description below:
|
|||
|
||||
- <pubkey>
|
||||
|
||||
The file system path of a file containing a NIST P-256 public key in
|
||||
PEM format.
|
||||
The file system path of a file containing a public key in PEM format.
|
||||
|
||||
- <blobkey>
|
||||
|
||||
|
@ -72,8 +71,10 @@ The following examples are provided:
|
|||
Asks <device> for a FIDO2 assertion corresponding to [cred_id],
|
||||
which may be omitted for resident keys. The obtained assertion
|
||||
is verified using <pubkey>. The -p option requests that the user
|
||||
be present. User verification may be requested through the -v
|
||||
option. If option -u is specified, the assertion is generated using
|
||||
be present and checks whether the user presence bit was signed by the
|
||||
authenticator. The -v option requests user verification and checks
|
||||
whether the user verification bit was signed by the authenticator.
|
||||
If option -u is specified, the assertion is generated using
|
||||
U2F (CTAP1) instead of FIDO2 (CTAP2) commands. If option -s is
|
||||
specified, a FIDO2 hmac-secret is requested from the authenticator,
|
||||
and the contents of <hmac_salt> are used as the salt. If option -h
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2019 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
@ -13,58 +13,70 @@ list(APPEND COMMON_SOURCES
|
|||
mutator_aux.c
|
||||
)
|
||||
|
||||
set(FUZZ_LDFLAGS "-fsanitize=fuzzer")
|
||||
# XXX: OSS-Fuzz require linking using CXX
|
||||
set(FUZZ_LINKER_LANGUAGE "C" CACHE STRING "Linker language for fuzz harnesses")
|
||||
mark_as_advanced(FUZZ_LINKER_LANGUAGE)
|
||||
enable_language(${FUZZ_LINKER_LANGUAGE})
|
||||
|
||||
# fuzz_cred
|
||||
add_executable(fuzz_cred fuzz_cred.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_cred PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_cred PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_cred PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_cred fido2_shared)
|
||||
|
||||
# fuzz_assert
|
||||
add_executable(fuzz_assert fuzz_assert.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_assert PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_assert PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_assert PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_assert fido2_shared)
|
||||
|
||||
# fuzz_mgmt
|
||||
add_executable(fuzz_mgmt fuzz_mgmt.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_mgmt PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_mgmt PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_mgmt PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_mgmt fido2_shared)
|
||||
|
||||
# fuzz_credman
|
||||
add_executable(fuzz_credman fuzz_credman.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_credman PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_credman PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_credman PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_credman fido2_shared)
|
||||
|
||||
# fuzz_bio
|
||||
add_executable(fuzz_bio fuzz_bio.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_bio PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_bio PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_bio PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_bio fido2_shared)
|
||||
|
||||
# fuzz_hid
|
||||
add_executable(fuzz_hid fuzz_hid.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_hid PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_hid PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_hid PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_hid fido2_shared)
|
||||
|
||||
# fuzz_netlink
|
||||
add_executable(fuzz_netlink fuzz_netlink.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_netlink PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_netlink PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_netlink PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_netlink fido2_shared)
|
||||
|
||||
# fuzz_largeblob
|
||||
add_executable(fuzz_largeblob fuzz_largeblob.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_largeblob PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_largeblob PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_largeblob PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_largeblob fido2_shared)
|
||||
|
||||
# fuzz_pcsc
|
||||
add_executable(fuzz_pcsc fuzz_pcsc.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
|
||||
target_compile_options(fuzz_pcsc PRIVATE ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_pcsc PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
|
||||
set_target_properties(fuzz_pcsc PROPERTIES
|
||||
LINK_FLAGS ${FUZZ_LDFLAGS}
|
||||
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
|
||||
target_link_libraries(fuzz_pcsc fido2_shared)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2019-2022 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
@ -10,7 +10,7 @@ RUN apk -q update
|
|||
RUN apk add build-base clang clang-analyzer cmake compiler-rt coreutils
|
||||
RUN apk add eudev-dev git linux-headers llvm openssl-dev pcsc-lite-dev
|
||||
RUN apk add sudo tar zlib-dev
|
||||
RUN git clone --branch v0.9.0 --depth=1 https://github.com/PJK/libcbor
|
||||
RUN git clone --branch v0.10.1 --depth=1 https://github.com/PJK/libcbor
|
||||
RUN git clone --depth=1 https://github.com/yubico/libfido2
|
||||
WORKDIR /libfido2
|
||||
RUN ./fuzz/build-coverage /libcbor /libfido2
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
# Copyright (c) 2019-2022 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
||||
IMAGE := libfido2-coverage:1.12.2
|
||||
IMAGE := libfido2-coverage:1.13.1
|
||||
RUNNER := libfido2-runner
|
||||
PROFDATA := llvm-profdata
|
||||
COV := llvm-cov
|
||||
|
|
15
fuzz/README
15
fuzz/README
|
@ -8,7 +8,8 @@ use preload-fuzz.c to read device data from stdin.
|
|||
|
||||
libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
|
||||
fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these
|
||||
harnesses, use -DFUZZ=ON -DLIBFUZZER=ON.
|
||||
harnesses, use -DCMAKE_C_FLAGS=-fsanitize=fuzzer-no-link
|
||||
-DFUZZ_LDFLAGS=-fsanitize=fuzzer -DFUZZ=ON.
|
||||
|
||||
If -DFUZZ=ON is enabled, symbols listed in wrapped.sym are wrapped in the
|
||||
resulting shared object. The wrapper functions simulate failure according to a
|
||||
|
@ -21,20 +22,22 @@ To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
|
|||
libcbor and OpenSSL built with the respective sanitiser. In order to keep
|
||||
memory utilisation at a manageable level, you can either enforce limits at
|
||||
the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
|
||||
N.B., the patch below is relative to libcbor 0.10.1.
|
||||
|
||||
diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
|
||||
index aa049a2..e294b38 100644
|
||||
index bbea63c..3f7c9af 100644
|
||||
--- src/cbor/internal/memory_utils.c
|
||||
+++ src/cbor/internal/memory_utils.c
|
||||
@@ -28,7 +28,10 @@ bool _cbor_safe_to_multiply(size_t a, size_t b) {
|
||||
@@ -41,7 +41,11 @@ size_t _cbor_safe_signaling_add(size_t a, size_t b) {
|
||||
|
||||
void* _cbor_alloc_multiple(size_t item_size, size_t item_count) {
|
||||
if (_cbor_safe_to_multiply(item_size, item_count)) {
|
||||
- return _CBOR_MALLOC(item_size * item_count);
|
||||
- return _cbor_malloc(item_size * item_count);
|
||||
+ if (item_count > 1000) {
|
||||
+ return NULL;
|
||||
+ } else
|
||||
+ return _CBOR_MALLOC(item_size * item_count);
|
||||
+ } else {
|
||||
+ return _cbor_malloc(item_size * item_count);
|
||||
+ }
|
||||
} else {
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -26,7 +26,9 @@ make -C "${LIBCBOR}/build" VERBOSE=1 all install
|
|||
# Build libfido2.
|
||||
mkdir -p "${LIBFIDO2}/build"
|
||||
export CFLAGS="-fprofile-instr-generate -fcoverage-mapping"
|
||||
export CFLAGS="${CFLAGS} -fsanitize=fuzzer-no-link"
|
||||
export LDFLAGS="${CFLAGS}"
|
||||
(cd "${LIBFIDO2}/build" && cmake -DFUZZ=ON -DLIBFUZZER=ON \
|
||||
-DCMAKE_BUILD_TYPE=Debug ..)
|
||||
export FUZZ_LDFLAGS="${LDFLAGS} -fsanitize=fuzzer"
|
||||
(cd "${LIBFIDO2}/build" && cmake -DFUZZ=ON -DFUZZ_LDFLAGS="${FUZZ_LDFLAGS}" \
|
||||
-DCMAKE_BUILD_TYPE=Debug ..)
|
||||
make -C "${LIBFIDO2}/build"
|
||||
|
|
|
@ -141,7 +141,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -155,7 +155,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -151,7 +151,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -142,7 +142,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -105,7 +105,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -119,7 +119,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -139,7 +139,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -76,7 +76,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -94,7 +94,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
|
|||
goto fail;
|
||||
|
||||
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
|
||||
&cbor_alloc_len)) > len) {
|
||||
&cbor_alloc_len)) == 0 || cbor_len > len) {
|
||||
cbor_len = 0;
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -59,6 +59,7 @@ list(APPEND MAN_ALIAS
|
|||
es384_pk_new es384_pk_from_EVP_PKEY
|
||||
es384_pk_new es384_pk_from_ptr
|
||||
es384_pk_new es384_pk_to_EVP_PKEY
|
||||
fido_assert_allow_cred fido_assert_empty_allow_list
|
||||
fido_assert_new fido_assert_authdata_len
|
||||
fido_assert_new fido_assert_authdata_ptr
|
||||
fido_assert_new fido_assert_blob_len
|
||||
|
@ -149,6 +150,7 @@ list(APPEND MAN_ALIAS
|
|||
fido_cbor_info_new fido_cbor_info_versions_len
|
||||
fido_cbor_info_new fido_cbor_info_versions_ptr
|
||||
fido_cbor_info_new fido_dev_get_cbor_info
|
||||
fido_cred_exclude fido_cred_empty_exclude_list
|
||||
fido_cred_new fido_cred_aaguid_len
|
||||
fido_cred_new fido_cred_aaguid_ptr
|
||||
fido_cred_new fido_cred_attstmt_len
|
||||
|
@ -295,7 +297,7 @@ endforeach()
|
|||
|
||||
# man_html
|
||||
foreach(f ${MAN_SOURCES})
|
||||
string(REGEX REPLACE ".[13]" "" g ${f})
|
||||
string(REGEX REPLACE "\\.[13]$" "" g ${f})
|
||||
add_custom_command(OUTPUT ${g}.html
|
||||
COMMAND mandoc -T html -O man="%N.html",style=style.css -I os="Yubico AB" ${f} > ${g}.html
|
||||
DEPENDS ${f})
|
||||
|
@ -304,7 +306,7 @@ endforeach()
|
|||
|
||||
# man_html_partial
|
||||
foreach(f ${MAN_SOURCES})
|
||||
string(REGEX REPLACE ".[13]" "" g ${f})
|
||||
string(REGEX REPLACE "\\.[13]$" "" g ${f})
|
||||
add_custom_command(OUTPUT ${g}.partial
|
||||
COMMAND cat ${PROJECT_SOURCE_DIR}/man/dyc.css > ${g}.partial
|
||||
COMMAND mandoc -T html -O man="%N.html",fragment ${f} >> ${g}.partial
|
||||
|
@ -357,7 +359,7 @@ if(MANDOC_PATH)
|
|||
install(FILES ${PROJECT_SOURCE_DIR}/man/style.css
|
||||
DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
|
||||
foreach(f ${MAN_SOURCES})
|
||||
string(REGEX REPLACE ".[13]" "" f ${f})
|
||||
string(REGEX REPLACE "\\.[13]$" "" f ${f})
|
||||
install(FILES ${PROJECT_BINARY_DIR}/man/${f}.html
|
||||
DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
|
||||
endforeach()
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
|
||||
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions are
|
||||
|
@ -25,16 +25,19 @@
|
|||
.\"
|
||||
.\" SPDX-License-Identifier: BSD-2-Clause
|
||||
.\"
|
||||
.Dd $Mdocdate: May 23 2018 $
|
||||
.Dd $Mdocdate: December 1 2022 $
|
||||
.Dt FIDO_ASSERT_ALLOW_CRED 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm fido_assert_allow_cred
|
||||
.Nd allow a credential in a FIDO2 assertion
|
||||
.Nm fido_assert_allow_cred ,
|
||||
.Nm fido_assert_empty_allow_list
|
||||
.Nd manage allow lists in a FIDO2 assertion
|
||||
.Sh SYNOPSIS
|
||||
.In fido.h
|
||||
.Ft int
|
||||
.Fn fido_assert_allow_cred "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
|
||||
.Ft int
|
||||
.Fn fido_assert_empty_allow_list "fido_assert_t *assert"
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Fn fido_assert_allow_cred
|
||||
|
@ -56,9 +59,16 @@ fails, the existing list of allowed credentials is preserved.
|
|||
.Pp
|
||||
For the format of a FIDO2 credential ID, please refer to the
|
||||
Web Authentication (webauthn) standard.
|
||||
.Pp
|
||||
The
|
||||
.Fn fido_assert_empty_allow_list
|
||||
function empties the list of credentials allowed in
|
||||
.Fa assert .
|
||||
.Sh RETURN VALUES
|
||||
The error codes returned by
|
||||
.Fn fido_assert_allow_cred
|
||||
and
|
||||
.Fn fido_assert_empty_allow_list
|
||||
are defined in
|
||||
.In fido/err.h .
|
||||
On success,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
|
||||
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions are
|
||||
|
@ -25,16 +25,19 @@
|
|||
.\"
|
||||
.\" SPDX-License-Identifier: BSD-2-Clause
|
||||
.\"
|
||||
.Dd $Mdocdate: May 23 2018 $
|
||||
.Dd $Mdocdate: December 2 2022 $
|
||||
.Dt FIDO_CRED_EXCLUDE 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm fido_cred_exclude
|
||||
.Nd appends a credential ID to a credential's list of excluded credentials
|
||||
.Nm fido_cred_exclude ,
|
||||
.Nm fido_cred_empty_exclude_list
|
||||
.Nd manage exclude lists in a FIDO2 credential
|
||||
.Sh SYNOPSIS
|
||||
.In fido.h
|
||||
.Ft int
|
||||
.Fn fido_cred_exclude "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
|
||||
.Ft int
|
||||
.Fn fido_cred_empty_exclude_list "fido_cred_t *cred"
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Fn fido_cred_exclude
|
||||
|
@ -69,9 +72,16 @@ will fail.
|
|||
.Pp
|
||||
For the format of a FIDO2 credential ID, please refer to the
|
||||
Web Authentication (webauthn) standard.
|
||||
.Pp
|
||||
The
|
||||
.Fn fido_cred_empty_exclude_list
|
||||
function empties the list of credentials excluded by
|
||||
.Fa cred .
|
||||
.Sh RETURN VALUES
|
||||
The error codes returned by
|
||||
.Fn fido_cred_exclude
|
||||
and
|
||||
.Fn fido_cred_empty_exclude_list
|
||||
are defined in
|
||||
.In fido/err.h .
|
||||
On success,
|
||||
|
|
11
src/assert.c
11
src/assert.c
|
@ -673,7 +673,15 @@ fido_assert_allow_cred(fido_assert_t *assert, const unsigned char *ptr,
|
|||
free(id.ptr);
|
||||
|
||||
return (r);
|
||||
}
|
||||
|
||||
int
|
||||
fido_assert_empty_allow_list(fido_assert_t *assert)
|
||||
{
|
||||
fido_free_blob_array(&assert->allow_list);
|
||||
memset(&assert->allow_list, 0, sizeof(assert->allow_list));
|
||||
|
||||
return (FIDO_OK);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -740,9 +748,8 @@ fido_assert_reset_tx(fido_assert_t *assert)
|
|||
fido_blob_reset(&assert->cd);
|
||||
fido_blob_reset(&assert->cdh);
|
||||
fido_blob_reset(&assert->ext.hmac_salt);
|
||||
fido_free_blob_array(&assert->allow_list);
|
||||
fido_assert_empty_allow_list(assert);
|
||||
memset(&assert->ext, 0, sizeof(assert->ext));
|
||||
memset(&assert->allow_list, 0, sizeof(assert->allow_list));
|
||||
assert->rp_id = NULL;
|
||||
assert->up = FIDO_OPT_OMIT;
|
||||
assert->uv = FIDO_OPT_OMIT;
|
||||
|
|
12
src/cred.c
12
src/cred.c
|
@ -562,11 +562,10 @@ fido_cred_reset_tx(fido_cred_t *cred)
|
|||
free(cred->user.icon);
|
||||
free(cred->user.name);
|
||||
free(cred->user.display_name);
|
||||
fido_free_blob_array(&cred->excl);
|
||||
fido_cred_empty_exclude_list(cred);
|
||||
|
||||
memset(&cred->rp, 0, sizeof(cred->rp));
|
||||
memset(&cred->user, 0, sizeof(cred->user));
|
||||
memset(&cred->excl, 0, sizeof(cred->excl));
|
||||
memset(&cred->ext, 0, sizeof(cred->ext));
|
||||
|
||||
cred->type = 0;
|
||||
|
@ -765,6 +764,15 @@ fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
|
|||
return (FIDO_OK);
|
||||
}
|
||||
|
||||
int
|
||||
fido_cred_empty_exclude_list(fido_cred_t *cred)
|
||||
{
|
||||
fido_free_blob_array(&cred->excl);
|
||||
memset(&cred->excl, 0, sizeof(cred->excl));
|
||||
|
||||
return (FIDO_OK);
|
||||
}
|
||||
|
||||
int
|
||||
fido_cred_set_clientdata(fido_cred_t *cred, const unsigned char *data,
|
||||
size_t data_len)
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
#include "fido.h"
|
||||
#include "fido/eddsa.h"
|
||||
|
||||
#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000f
|
||||
EVP_PKEY *
|
||||
EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key,
|
||||
size_t keylen)
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
fido_assert_clientdata_hash_len;
|
||||
fido_assert_clientdata_hash_ptr;
|
||||
fido_assert_count;
|
||||
fido_assert_empty_allow_list;
|
||||
fido_assert_flags;
|
||||
fido_assert_free;
|
||||
fido_assert_hmac_secret_len;
|
||||
|
@ -125,6 +126,7 @@
|
|||
fido_cred_clientdata_hash_len;
|
||||
fido_cred_clientdata_hash_ptr;
|
||||
fido_cred_display_name;
|
||||
fido_cred_empty_exclude_list;
|
||||
fido_cred_exclude;
|
||||
fido_cred_flags;
|
||||
fido_cred_largeblob_key_len;
|
||||
|
|
|
@ -23,6 +23,7 @@ _fido_assert_blob_ptr
|
|||
_fido_assert_clientdata_hash_len
|
||||
_fido_assert_clientdata_hash_ptr
|
||||
_fido_assert_count
|
||||
_fido_assert_empty_allow_list
|
||||
_fido_assert_flags
|
||||
_fido_assert_free
|
||||
_fido_assert_hmac_secret_len
|
||||
|
@ -123,6 +124,7 @@ _fido_cred_authdata_raw_ptr
|
|||
_fido_cred_clientdata_hash_len
|
||||
_fido_cred_clientdata_hash_ptr
|
||||
_fido_cred_display_name
|
||||
_fido_cred_empty_exclude_list
|
||||
_fido_cred_exclude
|
||||
_fido_cred_flags
|
||||
_fido_cred_largeblob_key_len
|
||||
|
|
|
@ -24,6 +24,7 @@ fido_assert_blob_ptr
|
|||
fido_assert_clientdata_hash_len
|
||||
fido_assert_clientdata_hash_ptr
|
||||
fido_assert_count
|
||||
fido_assert_empty_allow_list
|
||||
fido_assert_flags
|
||||
fido_assert_free
|
||||
fido_assert_hmac_secret_len
|
||||
|
@ -124,6 +125,7 @@ fido_cred_authdata_raw_ptr
|
|||
fido_cred_clientdata_hash_len
|
||||
fido_cred_clientdata_hash_ptr
|
||||
fido_cred_display_name
|
||||
fido_cred_empty_exclude_list
|
||||
fido_cred_exclude
|
||||
fido_cred_flags
|
||||
fido_cred_largeblob_key_len
|
||||
|
|
|
@ -124,6 +124,7 @@ const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *);
|
|||
const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *);
|
||||
|
||||
int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t);
|
||||
int fido_assert_empty_allow_list(fido_assert_t *);
|
||||
int fido_assert_set_authdata(fido_assert_t *, size_t, const unsigned char *,
|
||||
size_t);
|
||||
int fido_assert_set_authdata_raw(fido_assert_t *, size_t, const unsigned char *,
|
||||
|
@ -143,6 +144,7 @@ int fido_assert_set_uv(fido_assert_t *, fido_opt_t);
|
|||
int fido_assert_set_sig(fido_assert_t *, size_t, const unsigned char *, size_t);
|
||||
int fido_assert_verify(const fido_assert_t *, size_t, int, const void *);
|
||||
int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t);
|
||||
int fido_cred_empty_exclude_list(fido_cred_t *);
|
||||
int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t);
|
||||
int fido_cred_prot(const fido_cred_t *);
|
||||
int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t);
|
||||
|
|
|
@ -53,7 +53,7 @@ int eddsa_pk_from_ptr(eddsa_pk_t *, const void *, size_t);
|
|||
|
||||
#ifdef _FIDO_INTERNAL
|
||||
|
||||
#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000f
|
||||
#define EVP_PKEY_ED25519 EVP_PKEY_NONE
|
||||
int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
|
||||
EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
|
||||
|
|
|
@ -48,7 +48,7 @@ struct tpm_sha256_digest {
|
|||
/* Part 2, 10.4.3: TPM2B_DATA */
|
||||
PACKED_TYPE(tpm_sha1_data_t,
|
||||
struct tpm_sha1_data {
|
||||
uint16_t size; /* sizeof(body */
|
||||
uint16_t size; /* sizeof(body) */
|
||||
uint8_t body[20];
|
||||
})
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ webauthn_load(void)
|
|||
fido_log_debug("%s: already loaded", __func__);
|
||||
return -1;
|
||||
}
|
||||
if ((webauthn_handle = LoadLibrary("webauthn.dll")) == NULL) {
|
||||
if ((webauthn_handle = LoadLibrary(TEXT("webauthn.dll"))) == NULL) {
|
||||
fido_log_debug("%s: LoadLibrary", __func__);
|
||||
return -1;
|
||||
}
|
||||
|
@ -472,12 +472,8 @@ unpack_assert_authdata(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
|||
{
|
||||
int r;
|
||||
|
||||
if (wa->cbAuthenticatorData > SIZE_MAX) {
|
||||
fido_log_debug("%s: cbAuthenticatorData", __func__);
|
||||
return -1;
|
||||
}
|
||||
if ((r = fido_assert_set_authdata_raw(assert, 0, wa->pbAuthenticatorData,
|
||||
(size_t)wa->cbAuthenticatorData)) != FIDO_OK) {
|
||||
wa->cbAuthenticatorData)) != FIDO_OK) {
|
||||
fido_log_debug("%s: fido_assert_set_authdata_raw: %s", __func__,
|
||||
fido_strerr(r));
|
||||
return -1;
|
||||
|
@ -491,12 +487,8 @@ unpack_assert_sig(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
|||
{
|
||||
int r;
|
||||
|
||||
if (wa->cbSignature > SIZE_MAX) {
|
||||
fido_log_debug("%s: cbSignature", __func__);
|
||||
return -1;
|
||||
}
|
||||
if ((r = fido_assert_set_sig(assert, 0, wa->pbSignature,
|
||||
(size_t)wa->cbSignature)) != FIDO_OK) {
|
||||
wa->cbSignature)) != FIDO_OK) {
|
||||
fido_log_debug("%s: fido_assert_set_sig: %s", __func__,
|
||||
fido_strerr(r));
|
||||
return -1;
|
||||
|
@ -508,12 +500,8 @@ unpack_assert_sig(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
|||
static int
|
||||
unpack_cred_id(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
||||
{
|
||||
if (wa->Credential.cbId > SIZE_MAX) {
|
||||
fido_log_debug("%s: Credential.cbId", __func__);
|
||||
return -1;
|
||||
}
|
||||
if (fido_blob_set(&assert->stmt[0].id, wa->Credential.pbId,
|
||||
(size_t)wa->Credential.cbId) < 0) {
|
||||
wa->Credential.cbId) < 0) {
|
||||
fido_log_debug("%s: fido_blob_set", __func__);
|
||||
return -1;
|
||||
}
|
||||
|
@ -526,12 +514,8 @@ unpack_user_id(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
|||
{
|
||||
if (wa->cbUserId == 0)
|
||||
return 0; /* user id absent */
|
||||
if (wa->cbUserId > SIZE_MAX) {
|
||||
fido_log_debug("%s: cbUserId", __func__);
|
||||
return -1;
|
||||
}
|
||||
if (fido_blob_set(&assert->stmt[0].user.id, wa->pbUserId,
|
||||
(size_t)wa->cbUserId) < 0) {
|
||||
wa->cbUserId) < 0) {
|
||||
fido_log_debug("%s: fido_blob_set", __func__);
|
||||
return -1;
|
||||
}
|
||||
|
@ -549,7 +533,6 @@ unpack_hmac_secret(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
|||
}
|
||||
if (wa->pHmacSecret == NULL ||
|
||||
wa->pHmacSecret->cbFirst == 0 ||
|
||||
wa->pHmacSecret->cbFirst > SIZE_MAX ||
|
||||
wa->pHmacSecret->pbFirst == NULL) {
|
||||
fido_log_debug("%s: hmac-secret absent", __func__);
|
||||
return 0; /* proceed without hmac-secret */
|
||||
|
@ -564,7 +547,7 @@ unpack_hmac_secret(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa)
|
|||
return -1;
|
||||
}
|
||||
if (fido_blob_set(&assert->stmt[0].hmac_secret,
|
||||
wa->pHmacSecret->pbFirst, (size_t)wa->pHmacSecret->cbFirst) < 0) {
|
||||
wa->pHmacSecret->pbFirst, wa->pHmacSecret->cbFirst) < 0) {
|
||||
fido_log_debug("%s: fido_blob_set", __func__);
|
||||
return -1;
|
||||
}
|
||||
|
@ -752,13 +735,12 @@ translate_winhello_cred(fido_cred_t *cred,
|
|||
struct cbor_load_result cbor;
|
||||
int r = FIDO_ERR_INTERNAL;
|
||||
|
||||
if (att->pbAttestationObject == NULL ||
|
||||
att->cbAttestationObject > SIZE_MAX) {
|
||||
if (att->pbAttestationObject == NULL) {
|
||||
fido_log_debug("%s: pbAttestationObject", __func__);
|
||||
goto fail;
|
||||
}
|
||||
if ((item = cbor_load(att->pbAttestationObject,
|
||||
(size_t)att->cbAttestationObject, &cbor)) == NULL) {
|
||||
att->cbAttestationObject, &cbor)) == NULL) {
|
||||
fido_log_debug("%s: cbor_load", __func__);
|
||||
goto fail;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2020 Yubico AB. All rights reserved.
|
||||
* Copyright (c) 2020-2022 Yubico AB. All rights reserved.
|
||||
* Use of this source code is governed by a BSD-style
|
||||
* license that can be found in the LICENSE file.
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
|
@ -25,6 +25,8 @@
|
|||
#include "../openbsd-compat/openbsd-compat.h"
|
||||
#include "extern.h"
|
||||
|
||||
#define BOUND (1024UL * 1024UL)
|
||||
|
||||
struct rkmap {
|
||||
fido_credman_rp_t *rp; /* known rps */
|
||||
fido_credman_rk_t **rk; /* rk per rp */
|
||||
|
@ -303,34 +305,56 @@ blob_delete(const char *path, const char *keyf, const char *rp_id,
|
|||
}
|
||||
|
||||
static int
|
||||
decompress(const struct blob *plaintext, uint64_t origsiz)
|
||||
try_decompress(const struct blob *in, uint64_t origsiz, int wbits)
|
||||
{
|
||||
struct blob inflated;
|
||||
u_long ilen, plen;
|
||||
struct blob out;
|
||||
z_stream zs;
|
||||
u_int ilen, olen;
|
||||
int ok = -1;
|
||||
|
||||
memset(&inflated, 0, sizeof(inflated));
|
||||
memset(&zs, 0, sizeof(zs));
|
||||
memset(&out, 0, sizeof(out));
|
||||
|
||||
if (plaintext->len > ULONG_MAX)
|
||||
if (in->len > UINT_MAX || (ilen = (u_int)in->len) > BOUND)
|
||||
return -1;
|
||||
if (origsiz > ULONG_MAX || origsiz > SIZE_MAX)
|
||||
if (origsiz > SIZE_MAX || origsiz > UINT_MAX ||
|
||||
(olen = (u_int)origsiz) > BOUND)
|
||||
return -1;
|
||||
plen = (u_long)plaintext->len;
|
||||
ilen = (u_long)origsiz;
|
||||
inflated.len = (size_t)origsiz;
|
||||
if ((inflated.ptr = calloc(1, inflated.len)) == NULL)
|
||||
if (inflateInit2(&zs, wbits) != Z_OK)
|
||||
return -1;
|
||||
if (uncompress(inflated.ptr, &ilen, plaintext->ptr, plen) != Z_OK ||
|
||||
ilen > SIZE_MAX || (size_t)ilen != (size_t)origsiz)
|
||||
goto out;
|
||||
|
||||
ok = 0; /* success */
|
||||
out:
|
||||
freezero(inflated.ptr, inflated.len);
|
||||
if ((out.ptr = calloc(1, olen)) == NULL)
|
||||
goto fail;
|
||||
|
||||
out.len = olen;
|
||||
zs.next_in = in->ptr;
|
||||
zs.avail_in = ilen;
|
||||
zs.next_out = out.ptr;
|
||||
zs.avail_out = olen;
|
||||
|
||||
if (inflate(&zs, Z_FINISH) != Z_STREAM_END)
|
||||
goto fail;
|
||||
if (zs.avail_out != 0)
|
||||
goto fail;
|
||||
|
||||
ok = 0;
|
||||
fail:
|
||||
if (inflateEnd(&zs) != Z_OK)
|
||||
ok = -1;
|
||||
|
||||
freezero(out.ptr, out.len);
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
static int
|
||||
decompress(const struct blob *plaintext, uint64_t origsiz)
|
||||
{
|
||||
if (try_decompress(plaintext, origsiz, MAX_WBITS) == 0) /* rfc1950 */
|
||||
return 0;
|
||||
return try_decompress(plaintext, origsiz, -MAX_WBITS); /* rfc1951 */
|
||||
}
|
||||
|
||||
static int
|
||||
decode(const struct blob *ciphertext, const struct blob *nonce,
|
||||
uint64_t origsiz, const fido_cred_t *cred)
|
||||
|
|
|
@ -216,6 +216,9 @@ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2ccf", ATTRS{idProduct
|
|||
# TrustKey Solutions FIDO2 G310 by eWBM Co., Ltd.
|
||||
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a1a", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# TrustKey Solutions FIDO2 G310H/G320H by eWBM Co., Ltd.
|
||||
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4a2a", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
# TrustKey Solutions FIDO2 G320 by eWBM Co., Ltd.
|
||||
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="311f", ATTRS{idProduct}=="4c2a", TAG+="uaccess", GROUP="plugdev", MODE="0660"
|
||||
|
||||
|
|
|
@ -115,6 +115,7 @@ product LEDGER 0x4015 Ledger Nano X Legacy
|
|||
product HYPERSECU 0x0880 Hypersecu HyperFIDO
|
||||
|
||||
product EWBM 0x4a1a TrustKey Solutions FIDO2 G310
|
||||
product EWBM 0x4a2a TrustKey Solutions FIDO2 G310H/G320H
|
||||
product EWBM 0x4c2a TrustKey Solutions FIDO2 G320
|
||||
product EWBM 0x5c2f eWBM FIDO2 Goldengate G500
|
||||
product EWBM 0xa6e9 TrustKey Solutions FIDO2 T120
|
||||
|
|
|
@ -163,8 +163,8 @@ try {
|
|||
& $CMake ..\..\..\${LIBCBOR} -A "${Arch}" `
|
||||
-DWITH_EXAMPLES=OFF `
|
||||
-DBUILD_SHARED_LIBS="${SHARED}" `
|
||||
-DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" `
|
||||
-DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" `
|
||||
-DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} /wd4703" `
|
||||
-DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} /wd4703" `
|
||||
-DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; `
|
||||
ExitOnError
|
||||
& $CMake --build . --config ${Config} --verbose; ExitOnError
|
||||
|
@ -219,6 +219,7 @@ try {
|
|||
-DCRYPTO_INCLUDE_DIRS="${PREFIX}\include" `
|
||||
-DCRYPTO_LIBRARY_DIRS="${PREFIX}\lib" `
|
||||
-DCRYPTO_BIN_DIRS="${PREFIX}\bin" `
|
||||
-DCRYPTO_LIBRARIES="${CRYPTO_LIBRARIES}" `
|
||||
-DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} ${Fido2Flags}" `
|
||||
-DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} ${Fido2Flags}" `
|
||||
-DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; `
|
||||
|
@ -230,7 +231,7 @@ try {
|
|||
ExitOnError
|
||||
# Copy DLLs.
|
||||
if ("${SHARED}" -eq "ON") {
|
||||
"cbor.dll", "crypto-49.dll", "zlib1.dll" | `
|
||||
"cbor.dll", "${CRYPTO_LIBRARIES}.dll", "zlib1.dll" | `
|
||||
%{ Copy-Item "${PREFIX}\bin\$_" `
|
||||
-Destination "examples\${Config}" }
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2021 Yubico AB. All rights reserved.
|
||||
# Copyright (c) 2021-2023 Yubico AB. All rights reserved.
|
||||
# Use of this source code is governed by a BSD-style
|
||||
# license that can be found in the LICENSE file.
|
||||
# SPDX-License-Identifier: BSD-2-Clause
|
||||
|
@ -7,17 +7,18 @@
|
|||
New-Variable -Name 'LIBRESSL_URL' `
|
||||
-Value 'https://fastly.cdn.openbsd.org/pub/OpenBSD/LibreSSL' `
|
||||
-Option Constant
|
||||
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.5.3' -Option Constant
|
||||
New-Variable -Name 'LIBRESSL' -Value 'libressl-3.6.2' -Option Constant
|
||||
New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto-50' -Option Constant
|
||||
|
||||
# libcbor coordinates.
|
||||
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.9.0' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.9.0' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.10.1' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.10.1' -Option Constant
|
||||
New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' `
|
||||
-Option Constant
|
||||
|
||||
# zlib coordinates.
|
||||
New-Variable -Name 'ZLIB' -Value 'zlib-1.2.12' -Option Constant
|
||||
New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.2.12' -Option Constant
|
||||
New-Variable -Name 'ZLIB' -Value 'zlib-1.2.13' -Option Constant
|
||||
New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.2.13' -Option Constant
|
||||
New-Variable -Name 'ZLIB_GIT' -Value 'https://github.com/madler/zlib' `
|
||||
-Option Constant
|
||||
|
||||
|
|
|
@ -8,7 +8,6 @@ $Architectures = @('x64', 'Win32', 'ARM64', 'ARM')
|
|||
$InstallPrefixes = @('Win64', 'Win32', 'ARM64', 'ARM')
|
||||
$Types = @('dynamic', 'static')
|
||||
$Config = 'Release'
|
||||
$LibCrypto = '49'
|
||||
$SDK = '143'
|
||||
|
||||
. "$PSScriptRoot\const.ps1"
|
||||
|
@ -36,8 +35,8 @@ Function Package-Dynamic(${SRC}, ${DEST}) {
|
|||
Copy-Item "${SRC}\lib\cbor.lib" "${DEST}"
|
||||
Copy-Item "${SRC}\bin\zlib1.dll" "${DEST}"
|
||||
Copy-Item "${SRC}\lib\zlib1.lib" "${DEST}"
|
||||
Copy-Item "${SRC}\bin\crypto-${LibCrypto}.dll" "${DEST}"
|
||||
Copy-Item "${SRC}\lib\crypto-${LibCrypto}.lib" "${DEST}"
|
||||
Copy-Item "${SRC}\bin\${CRYPTO_LIBRARIES}.dll" "${DEST}"
|
||||
Copy-Item "${SRC}\lib\${CRYPTO_LIBRARIES}.lib" "${DEST}"
|
||||
Copy-Item "${SRC}\bin\fido2.dll" "${DEST}"
|
||||
Copy-Item "${SRC}\lib\fido2.lib" "${DEST}"
|
||||
}
|
||||
|
@ -45,13 +44,13 @@ Function Package-Dynamic(${SRC}, ${DEST}) {
|
|||
Function Package-Static(${SRC}, ${DEST}) {
|
||||
Copy-Item "${SRC}/lib/cbor.lib" "${DEST}"
|
||||
Copy-Item "${SRC}/lib/zlib1.lib" "${DEST}"
|
||||
Copy-Item "${SRC}/lib/crypto-${LibCrypto}.lib" "${DEST}"
|
||||
Copy-Item "${SRC}/lib/${CRYPTO_LIBRARIES}.lib" "${DEST}"
|
||||
Copy-Item "${SRC}/lib/fido2_static.lib" "${DEST}/fido2.lib"
|
||||
}
|
||||
|
||||
Function Package-PDBs(${SRC}, ${DEST}) {
|
||||
Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" `
|
||||
"${DEST}\crypto-${LibCrypto}.pdb"
|
||||
"${DEST}\${CRYPTO_LIBRARIES}.pdb"
|
||||
Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\${Config}\vc${SDK}.pdb" `
|
||||
"${DEST}\cbor.pdb"
|
||||
Copy-Item "${SRC}\${ZLIB}\zlib.dir\${Config}\vc${SDK}.pdb" `
|
||||
|
@ -62,7 +61,7 @@ Function Package-PDBs(${SRC}, ${DEST}) {
|
|||
|
||||
Function Package-StaticPDBs(${SRC}, ${DEST}) {
|
||||
Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" `
|
||||
"${DEST}\crypto-${LibCrypto}.pdb"
|
||||
"${DEST}\${CRYPTO_LIBRARIES}.pdb"
|
||||
Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" `
|
||||
"${DEST}\cbor.pdb"
|
||||
Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" `
|
||||
|
|
Loading…
Reference in a new issue