system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-08 20:26:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

libfido2: update to 1.13.0

Browse Source 
Some highlights from NEWS entries:

 ** Improved OpenSSL 3.0 compatibility.
 ** Support for hidraw(4) on FreeBSD; gh#597.
 ** Improved support for FIDO 2.1 authenticators.

PR:		273596
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2023-09-19 13:06:12 -04:00
commit 2ccfa855b2
196 changed files with 7607 additions and 1748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
contrib/libfido2/CMakeLists.txt
View File

@ -1,6 +1,7 @@
# Copyright (c) 2018-2021 Yubico AB. All rights reserved.
# Copyright (c) 2018-2022 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
# detect AppleClang; needs to come before project()
cmake_policy(SET CMP0025 NEW)
@ -28,18 +29,19 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
set(CMAKE_COLOR_MAKEFILE OFF)
set(CMAKE_VERBOSE_MAKEFILE ON)
set(FIDO_MAJOR "1")
set(FIDO_MINOR "10")
set(FIDO_MINOR "13")
set(FIDO_PATCH "0")
set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
option(BUILD_TESTS "Build the regress tests" ON)
option(BUILD_EXAMPLES "Build example programs" ON)
option(BUILD_MANPAGES "Build man pages" ON)
option(BUILD_SHARED_LIBS "Build the shared library" ON)
option(BUILD_STATIC_LIBS "Build the static library" ON)
option(BUILD_SHARED_LIBS "Build a shared library" ON)
option(BUILD_STATIC_LIBS "Build a static library" ON)
option(BUILD_TOOLS "Build tool programs" ON)
option(FUZZ "Enable fuzzing instrumentation" OFF)
option(LIBFUZZER "Build libfuzzer harnesses" OFF)
option(USE_HIDAPI "Use hidapi as the HID backend" OFF)
option(USE_PCSC "Enable experimental PCSC support" OFF)
option(USE_WINHELLO "Abstract Windows Hello as a FIDO device" ON)
option(NFC_LINUX "Enable NFC support on Linux" ON)
@ -47,6 +49,14 @@ add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
if(BUILD_SHARED_LIBS)
set(_FIDO2_LIBRARY fido2_shared)
elseif(BUILD_STATIC_LIBS)
set(_FIDO2_LIBRARY fido2)
else()
message(FATAL_ERROR "Nothing to build (BUILD_*_LIBS=OFF)")
endif()
if(CYGWIN OR MSYS OR MINGW)
set(WIN32 1)
endif()
@ -66,7 +76,7 @@ if(NOT MSVC)
if(APPLE)
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
elseif((CMAKE_SYSTEM_NAME STREQUAL "Linux") OR MINGW OR CYGWIN)
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
@ -91,6 +101,7 @@ check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
check_include_files(unistd.h HAVE_UNISTD_H)
check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF)
check_symbol_exists(asprintf stdio.h HAVE_ASPRINTF)
check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME)
check_symbol_exists(explicit_bzero string.h HAVE_EXPLICIT_BZERO)
check_symbol_exists(freezero stdlib.h HAVE_FREEZERO)
@ -116,6 +127,7 @@ try_compile(HAVE_POSIX_IOCTL
list(APPEND CHECK_VARIABLES
HAVE_ARC4RANDOM_BUF
HAVE_ASPRINTF
HAVE_CBOR_H
HAVE_CLOCK_GETTIME
HAVE_ENDIAN_H
@ -147,7 +159,7 @@ foreach(v ${CHECK_VARIABLES})
endif()
endforeach()
if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER)
if(HAVE_EXPLICIT_BZERO AND NOT FUZZ)
add_definitions(-DHAVE_EXPLICIT_BZERO)
endif()
@ -155,19 +167,30 @@ if(UNIX)
add_definitions(-DHAVE_DEV_URANDOM)
endif()
if(MSVC)
if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR
(NOT CBOR_BIN_DIRS) OR (NOT CRYPTO_INCLUDE_DIRS) OR
(NOT CRYPTO_LIBRARY_DIRS) OR (NOT CRYPTO_BIN_DIRS) OR
(NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS) OR
(NOT ZLIB_BIN_DIRS))
(NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR
(NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS))
message(FATAL_ERROR "please define "
"{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY,BIN}_DIRS when "
"{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when "
"building under msvc")
endif()
set(CBOR_LIBRARIES cbor)
set(ZLIB_LIBRARIES zlib)
set(CRYPTO_LIBRARIES crypto-47)
if(BUILD_TESTS AND BUILD_SHARED_LIBS AND
((NOT CBOR_BIN_DIRS) OR (NOT ZLIB_BIN_DIRS) OR (NOT CRYPTO_BIN_DIRS)))
message(FATAL_ERROR "please define {CBOR,CRYPTO,ZLIB}_BIN_DIRS "
"when building tests")
endif()
if(NOT CBOR_LIBRARIES)
set(CBOR_LIBRARIES cbor)
endif()
if(NOT ZLIB_LIBRARIES)
set(ZLIB_LIBRARIES zlib1)
endif()
if(NOT CRYPTO_LIBRARIES)
set(CRYPTO_LIBRARIES crypto)
endif()
set(MSVC_DISABLED_WARNINGS_LIST
"C4152" # nonstandard extension used: function/data pointer
# conversion in expression;
@ -209,8 +232,12 @@ else()
message(FATAL_ERROR "could not find zlib")
endif()
set(CBOR_LIBRARIES "cbor")
set(CRYPTO_LIBRARIES "crypto")
if(NOT CBOR_LIBRARIES)
set(CBOR_LIBRARIES "cbor")
endif()
if(NOT CRYPTO_LIBRARIES)
set(CRYPTO_LIBRARIES "crypto")
endif()
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
pkg_search_module(UDEV libudev REQUIRED)
@ -237,6 +264,17 @@ else()
add_compile_options(-Wno-unused-parameter)
endif()
if(FUZZ)
set(USE_PCSC ON)
add_definitions(-DFIDO_FUZZ)
endif()
# If building with PCSC, look for pcsc-lite.
if(USE_PCSC AND NOT (APPLE OR CYGWIN OR MSYS OR MINGW))
pkg_search_module(PCSC libpcsclite REQUIRED)
set(PCSC_LIBRARIES pcsclite)
endif()
if(USE_HIDAPI)
add_definitions(-DUSE_HIDAPI)
pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
@ -244,7 +282,7 @@ else()
endif()
if(NFC_LINUX)
add_definitions(-DNFC_LINUX)
add_definitions(-DUSE_NFC)
endif()
if(WIN32)
@ -263,16 +301,21 @@ else()
add_compile_options(-Wwrite-strings)
add_compile_options(-Wmissing-prototypes)
add_compile_options(-Wbad-function-cast)
add_compile_options(-Wimplicit-fallthrough)
add_compile_options(-pedantic)
add_compile_options(-pedantic-errors)
set(EXTRA_CFLAGS "-Wconversion -Wsign-conversion")
if(WIN32)
add_compile_options(-Wno-type-limits)
add_compile_options(-Wno-cast-function-type)
endif()
if(HAVE_SHORTEN_64_TO_32)
add_compile_options(-Wshorten-64-to-32)
endif()
if(HAVE_STACK_PROTECTOR_ALL)
add_compile_options(-fstack-protector-all)
endif()
@ -285,12 +328,8 @@ else()
add_definitions(-DOPENSSL_API_COMPAT=0x10100000L)
endif()
if(FUZZ)
add_definitions(-DFIDO_FUZZ)
endif()
if(LIBFUZZER)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link")
if(NOT FUZZ)
set(EXTRA_CFLAGS "${EXTRA_CFLAGS} -Wframe-larger-than=2047")
endif()
endif()
@ -309,6 +348,10 @@ elseif(WIN32)
endif()
add_definitions(-DTLS=${TLS})
if(USE_PCSC)
add_definitions(-DUSE_PCSC)
endif()
# export list
if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
@ -345,16 +388,18 @@ else()
" /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
endif()
include_directories(${CMAKE_SOURCE_DIR}/src)
include_directories(${PROJECT_SOURCE_DIR}/src)
include_directories(${CBOR_INCLUDE_DIRS})
include_directories(${CRYPTO_INCLUDE_DIRS})
include_directories(${HIDAPI_INCLUDE_DIRS})
include_directories(${PCSC_INCLUDE_DIRS})
include_directories(${UDEV_INCLUDE_DIRS})
include_directories(${ZLIB_INCLUDE_DIRS})
link_directories(${CBOR_LIBRARY_DIRS})
link_directories(${CRYPTO_LIBRARY_DIRS})
link_directories(${HIDAPI_LIBRARY_DIRS})
link_directories(${PCSC_LIBRARY_DIRS})
link_directories(${UDEV_LIBRARY_DIRS})
link_directories(${ZLIB_LIBRARY_DIRS})
@ -367,24 +412,41 @@ message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}")
message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
if(BUILD_TESTS)
message(STATUS "CBOR_BIN_DIRS: ${CBOR_BIN_DIRS}")
endif()
message(STATUS "CBOR_VERSION: ${CBOR_VERSION}")
message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}")
message(STATUS "CMAKE_CROSSCOMPILING: ${CMAKE_CROSSCOMPILING}")
message(STATUS "CMAKE_GENERATOR_PLATFORM: ${CMAKE_GENERATOR_PLATFORM}")
message(STATUS "CMAKE_HOST_SYSTEM_NAME: ${CMAKE_HOST_SYSTEM_NAME}")
message(STATUS "CMAKE_HOST_SYSTEM_PROCESSOR: ${CMAKE_HOST_SYSTEM_PROCESSOR}")
message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}")
message(STATUS "CMAKE_SYSTEM_PROCESSOR: ${CMAKE_SYSTEM_PROCESSOR}")
message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
if(BUILD_TESTS)
message(STATUS "CRYPTO_BIN_DIRS: ${CRYPTO_BIN_DIRS}")
endif()
message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}")
message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
message(STATUS "FUZZ: ${FUZZ}")
if(FUZZ)
message(STATUS "FUZZ_LDFLAGS: ${FUZZ_LDFLAGS}")
endif()
message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}")
message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}")
message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}")
if(BUILD_TESTS)
message(STATUS "ZLIB_BIN_DIRS: ${ZLIB_BIN_DIRS}")
endif()
message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}")
if(USE_HIDAPI)
message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
@ -392,7 +454,10 @@ if(USE_HIDAPI)
message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
message(STATUS "HIDAPI_VERSION: ${HIDAPI_VERSION}")
endif()
message(STATUS "LIBFUZZER: ${LIBFUZZER}")
message(STATUS "PCSC_INCLUDE_DIRS: ${PCSC_INCLUDE_DIRS}")
message(STATUS "PCSC_LIBRARIES: ${PCSC_LIBRARIES}")
message(STATUS "PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
message(STATUS "PCSC_VERSION: ${PCSC_VERSION}")
message(STATUS "TLS: ${TLS}")
message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
@ -400,29 +465,34 @@ message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
message(STATUS "UDEV_VERSION: ${UDEV_VERSION}")
message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
message(STATUS "USE_PCSC: ${USE_PCSC}")
message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
message(STATUS "NFC_LINUX: ${NFC_LINUX}")
subdirs(src)
if(BUILD_TESTS)
enable_testing()
endif()
add_subdirectory(src)
if(BUILD_TESTS)
add_subdirectory(regress)
endif()
if(BUILD_EXAMPLES)
subdirs(examples)
add_subdirectory(examples)
endif()
if(BUILD_TOOLS)
subdirs(tools)
add_subdirectory(tools)
endif()
if(BUILD_MANPAGES)
subdirs(man)
add_subdirectory(man)
endif()
if(NOT WIN32)
if(CMAKE_BUILD_TYPE STREQUAL "Debug" AND NOT FUZZ)
enable_testing()
subdirs(regress)
endif()
if(FUZZ)
subdirs(fuzz)
add_subdirectory(fuzz)
endif()
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
subdirs(udev)
add_subdirectory(udev)
endif()
endif()

4
contrib/libfido2/LICENSE
View File

@ -1,4 +1,4 @@
Copyright (c) 2018-2022 Yubico AB. All rights reserved.
Copyright (c) 2018-2023 Yubico AB. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@ -22,3 +22,5 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
SPDX-License-Identifier: BSD-2-Clause

41
contrib/libfido2/NEWS
View File

@ -1,3 +1,44 @@
* Version 1.13.0 (2023-02-20)
** Support for linking against OpenSSL on Windows; gh#668.
** New API calls:
- fido_assert_empty_allow_list;
- fido_cred_empty_exclude_list.
** fido2-token: fix issue when listing large blobs.
** Improved support for different fuzzing engines.
* Version 1.12.0 (2022-09-22)
** Support for COSE_ES384.
** Support for hidraw(4) on FreeBSD; gh#597.
** Improved support for FIDO 2.1 authenticators.
** New API calls:
- es384_pk_free;
- es384_pk_from_EC_KEY;
- es384_pk_from_EVP_PKEY;
- es384_pk_from_ptr;
- es384_pk_new;
- es384_pk_to_EVP_PKEY;
- fido_cbor_info_certs_len;
- fido_cbor_info_certs_name_ptr;
- fido_cbor_info_certs_value_ptr;
- fido_cbor_info_maxrpid_minpinlen;
- fido_cbor_info_minpinlen;
- fido_cbor_info_new_pin_required;
- fido_cbor_info_rk_remaining;
- fido_cbor_info_uv_attempts;
- fido_cbor_info_uv_modality.
** Documentation and reliability fixes.
* Version 1.11.0 (2022-05-03)
** Experimental PCSC support; enable with -DUSE_PCSC.
** Improved OpenSSL 3.0 compatibility.
** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
** winhello: advertise "uv" instead of "clientPin".
** winhello: support hmac-secret in fido_dev_get_assert().
** New API calls:
- fido_cbor_info_maxlargeblob.
** Documentation and reliability fixes.
** Separate build and regress targets.
* Version 1.10.0 (2022-01-17)
** hid_osx: handle devices with paths > 511 bytes; gh#462.
** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.

122
contrib/libfido2/README.adoc
View File

@ -7,7 +7,7 @@ image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status
image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"]
*libfido2* provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation and
communicate with a FIDO device over USB or NFC, and to verify attestation and
assertion signatures.
*libfido2* supports the FIDO U2F (CTAP 1) and FIDO2 (CTAP 2) protocols.
@ -23,8 +23,6 @@ file for the full license text.
*libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD.
NFC support is available on Linux and Windows.
=== Documentation
Documentation is available in troff and HTML formats. An
@ -38,19 +36,29 @@ is also available.
* Perl: https://github.com/jacquesg/p5-FIDO-Raw[p5-FIDO-Raw]
* Rust: https://github.com/PvdBerg1998/libfido2[libfido2]
=== Releases
The current release of *libfido2* is 1.13.0. Signed release tarballs are
available at Yubico's
https://developers.yubico.com/libfido2/Releases[release page].
=== Dependencies
*libfido2* depends on https://github.com/pjk/libcbor[libcbor],
https://www.openssl.org[OpenSSL] 1.1 or newer, and https://zlib.net[zlib].
On Linux, libudev
(part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also
required.
=== Installation
==== Releases
==== Fedora 35 and 34
The current release of *libfido2* is 1.10.0. Please consult Yubico's
https://developers.yubico.com/libfido2/Releases[release page] for source
and binary releases.
$ sudo dnf install libfido2 libfido2-devel fido2-tools
==== Ubuntu 20.04 (Focal)
==== Ubuntu 22.04 (Jammy) and 20.04 (Focal)
$ sudo apt install libfido2-1
$ sudo apt install libfido2-dev
$ sudo apt install libfido2-doc
$ sudo apt install libfido2-1 libfido2-dev libfido2-doc fido2-tools
Alternatively, newer versions of *libfido2* are available in Yubico's PPA.
Follow the instructions for Ubuntu 18.04 (Bionic) below.
@ -60,33 +68,10 @@ Follow the instructions for Ubuntu 18.04 (Bionic) below.
$ sudo apt install software-properties-common
$ sudo apt-add-repository ppa:yubico/stable
$ sudo apt update
$ sudo apt install libfido2-dev
$ sudo apt install libfido2-1 libfido2-dev libfido2-doc fido2-tools
==== macOS
$ brew install libfido2
Or from source, on UNIX-like systems:
$ cmake -B build
$ make -C build
$ sudo make -C build install
Depending on the platform,
https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
be installed, or the PKG_CONFIG_PATH environment variable set.
*libfido2* depends on https://github.com/pjk/libcbor[libcbor],
https://www.openssl.org[OpenSSL] 1.1 or newer, and https://zlib.net[zlib].
On Linux, libudev
(part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also
required.
For complete, OS-specific installation instructions, please refer to the
`.actions/` (Linux, macOS) and `windows/` directories.
On Linux, you will need to add a udev rule to be able to access the FIDO
device, or run as root. For example, the udev rule may contain the following:
On Linux, you may need to add a udev rule to be able to access the FIDO
device. For example, the udev rule may contain the following:
----
#udev rule for allowing HID access to Yubico devices for FIDO support.
@ -94,3 +79,66 @@ device, or run as root. For example, the udev rule may contain the following:
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
==== macOS
$ brew install libfido2
==== Windows
Please consult Yubico's
https://developers.yubico.com/libfido2/Releases[release page] for ARM, ARM64,
Win32, and Win64 artefacts.
=== Building from source
On UNIX-like systems:
$ cmake -B build
$ make -C build
$ sudo make -C build install
Depending on the platform,
https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
be installed, or the PKG_CONFIG_PATH environment variable set. For complete,
OS-specific build instructions, please refer to the `.actions/`
(Linux, macOS, BSD) and `windows/` directories.
=== Build-time Customisation
*libfido2* supports a number of CMake options. Some of the options require
additional dependencies. Options that are disabled by default are not
officially supported.
[%autowidth.stretch]
|===
|*Option* |*Description* |*Default*
| BUILD_EXAMPLES | Build example programs | ON
| BUILD_MANPAGES | Build man pages | ON
| BUILD_SHARED_LIBS | Build a shared library | ON
| BUILD_STATIC_LIBS | Build a static library | ON
| BUILD_TOOLS | Build auxiliary tools | ON
| FUZZ | Enable fuzzing instrumentation | OFF
| NFC_LINUX | Enable netlink NFC support on Linux | ON
| USE_HIDAPI | Use hidapi as the HID backend | OFF
| USE_PCSC | Enable experimental PCSC support | OFF
| USE_WINHELLO | Abstract Windows Hello as a FIDO device | ON
|===
The USE_HIDAPI option requires https://github.com/libusb/hidapi[hidapi]. The
USE_PCSC option requires https://github.com/LudovicRousseau/PCSC[pcsc-lite] on
Linux.
=== Development
Please use https://github.com/Yubico/libfido2/discussions[GitHub Discussions]
to ask questions and suggest features, and
https://github.com/Yubico/libfido2/pulls[GitHub pull-requests] for code
contributions.
=== Reporting bugs
Please use https://github.com/Yubico/libfido2/issues[GitHub Issues] to report
bugs. To report security issues, please contact security@yubico.com. A PGP
public key can be found at
https://www.yubico.com/support/security-advisories/issue-rating-system/.

12
contrib/libfido2/examples/CMakeLists.txt
View File

@ -1,6 +1,7 @@
# Copyright (c) 2018 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
list(APPEND COMPAT_SOURCES
../openbsd-compat/clock_gettime.c
@ -13,17 +14,6 @@ if(WIN32 AND BUILD_SHARED_LIBS AND NOT CYGWIN AND NOT MSYS)
list(APPEND COMPAT_SOURCES ../openbsd-compat/posix_win.c)
endif()
# set the library to link against
if(BUILD_STATIC_LIBS)
# drop -rdynamic
set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
set(_FIDO2_LIBRARY fido2)
elseif(BUILD_SHARED_LIBS)
set(_FIDO2_LIBRARY fido2_shared)
else()
set(_FIDO2_LIBRARY ${CRYPTO_LIBRARIES} fido2)
endif()
# enable -Wconversion -Wsign-conversion
if(NOT MSVC)
set_source_files_properties(assert.c cred.c info.c manifest.c reset.c

17
contrib/libfido2/examples/README.adoc
View File

@ -20,8 +20,7 @@ The following definitions are used in the description below:
- <pubkey>
The file system path of a file containing a NIST P-256 public key in
PEM format.
The file system path of a file containing a public key in PEM format.
- <blobkey>
@ -48,8 +47,8 @@ The following examples are provided:
Configures <pin> as the new PIN of <device>. If [oldpin] is provided,
the device's PIN is changed from [oldpin] to <pin>.
- cred [-t ecdsa|rsa|eddsa] [-k pubkey] [-ei cred_id] [-P pin] [-T seconds]
[-b blobkey] [-hruv] <device>
- cred [-t es256|es384|rs256|eddsa] [-k pubkey] [-ei cred_id] [-P pin]
[-T seconds] [-b blobkey] [-hruv] <device>
Creates a new credential on <device> and verify that the credential
was signed by the authenticator. The device's attestation certificate
@ -66,14 +65,16 @@ The following examples are provided:
option -b is specified, the credential's "largeBlob" key is stored in
<blobkey>.
- assert [-t ecdsa|rsa|eddsa] [-a cred_id] [-h hmac_secret] [-s hmac_salt]
[-P pin] [-T seconds] [-b blobkey] [-puv] <pubkey> <device>
- assert [-t es256|es384|rs256|eddsa] [-a cred_id] [-h hmac_secret] [-P pin]
[-s hmac_salt] [-T seconds] [-b blobkey] [-puv] <pubkey> <device>
Asks <device> for a FIDO2 assertion corresponding to [cred_id],
which may be omitted for resident keys. The obtained assertion
is verified using <pubkey>. The -p option requests that the user
be present. User verification may be requested through the -v
option. If option -u is specified, the assertion is generated using
be present and checks whether the user presence bit was signed by the
authenticator. The -v option requests user verification and checks
whether the user verification bit was signed by the authenticator.
If option -u is specified, the assertion is generated using
U2F (CTAP1) instead of FIDO2 (CTAP2) commands. If option -s is
specified, a FIDO2 hmac-secret is requested from the authenticator,
and the contents of <hmac_salt> are used as the salt. If option -h

33
contrib/libfido2/examples/assert.c
View File

@ -1,11 +1,13 @@
/*
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <fido.h>
#include <fido/es256.h>
#include <fido/es384.h>
#include <fido/rs256.h>
#include <fido/eddsa.h>
@ -30,9 +32,9 @@ static const unsigned char cd[32] = {
static void
usage(void)
{
fprintf(stderr, "usage: assert [-t ecdsa|rsa|eddsa] [-a cred_id] "
"[-h hmac_secret] [-s hmac_salt] [-P pin] [-T seconds] "
"[-b blobkey] [-puv] <pubkey> <device>\n");
fprintf(stderr, "usage: assert [-t es256|es384|rs256|eddsa] "
"[-a cred_id] [-h hmac_secret] [-s hmac_salt] [-P pin] "
"[-T seconds] [-b blobkey] [-puv] <pubkey> <device>\n");
exit(EXIT_FAILURE);
}
@ -46,6 +48,7 @@ verify_assert(int type, const unsigned char *authdata_ptr, size_t authdata_len,
RSA *rsa = NULL;
EVP_PKEY *eddsa = NULL;
es256_pk_t *es256_pk = NULL;
es384_pk_t *es384_pk = NULL;
rs256_pk_t *rs256_pk = NULL;
eddsa_pk_t *eddsa_pk = NULL;
void *pk;
@ -67,6 +70,21 @@ verify_assert(int type, const unsigned char *authdata_ptr, size_t authdata_len,
EC_KEY_free(ec);
ec = NULL;
break;
case COSE_ES384:
if ((ec = read_ec_pubkey(key)) == NULL)
errx(1, "read_ec_pubkey");
if ((es384_pk = es384_pk_new()) == NULL)
errx(1, "es384_pk_new");
if (es384_pk_from_EC_KEY(es384_pk, ec) != FIDO_OK)
errx(1, "es384_pk_from_EC_KEY");
pk = es384_pk;
EC_KEY_free(ec);
ec = NULL;
break;
case COSE_RS256:
if ((rsa = read_rsa_pubkey(key)) == NULL)
@ -147,6 +165,7 @@ verify_assert(int type, const unsigned char *authdata_ptr, size_t authdata_len,
errx(1, "fido_assert_verify: %s (0x%x)", fido_strerr(r), r);
es256_pk_free(&es256_pk);
es384_pk_free(&es384_pk);
rs256_pk_free(&rs256_pk);
eddsa_pk_free(&eddsa_pk);
@ -219,9 +238,11 @@ main(int argc, char **argv)
body = NULL;
break;
case 't':
if (strcmp(optarg, "ecdsa") == 0)
if (strcmp(optarg, "es256") == 0)
type = COSE_ES256;
else if (strcmp(optarg, "rsa") == 0)
else if (strcmp(optarg, "es384") == 0)
type = COSE_ES384;
else if (strcmp(optarg, "rs256") == 0)
type = COSE_RS256;
else if (strcmp(optarg, "eddsa") == 0)
type = COSE_EDDSA;

29
contrib/libfido2/examples/cred.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <errno.h>
@ -34,7 +35,7 @@ static const unsigned char user_id[32] = {
static void
usage(void)
{
fprintf(stderr, "usage: cred [-t ecdsa|rsa|eddsa] [-k pubkey] "
fprintf(stderr, "usage: cred [-t es256|es384|rs256|eddsa] [-k pubkey] "
"[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-hruv] "
"<device>\n");
exit(EXIT_FAILURE);
@ -107,15 +108,23 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr,
if (key_out != NULL) {
/* extract the credential pubkey */
if (type == COSE_ES256) {
if (write_ec_pubkey(key_out, fido_cred_pubkey_ptr(cred),
if (write_es256_pubkey(key_out,
fido_cred_pubkey_ptr(cred),
fido_cred_pubkey_len(cred)) < 0)
errx(1, "write_ec_pubkey");
errx(1, "write_es256_pubkey");
} else if (type == COSE_ES384) {
if (write_es384_pubkey(key_out,
fido_cred_pubkey_ptr(cred),
fido_cred_pubkey_len(cred)) < 0)
errx(1, "write_es384_pubkey");
} else if (type == COSE_RS256) {
if (write_rsa_pubkey(key_out, fido_cred_pubkey_ptr(cred),
if (write_rs256_pubkey(key_out,
fido_cred_pubkey_ptr(cred),
fido_cred_pubkey_len(cred)) < 0)
errx(1, "write_rsa_pubkey");
errx(1, "write_rs256_pubkey");
} else if (type == COSE_EDDSA) {
if (write_eddsa_pubkey(key_out, fido_cred_pubkey_ptr(cred),
if (write_eddsa_pubkey(key_out,
fido_cred_pubkey_ptr(cred),
fido_cred_pubkey_len(cred)) < 0)
errx(1, "write_eddsa_pubkey");
}
@ -193,9 +202,11 @@ main(int argc, char **argv)
rk = true;
break;
case 't':
if (strcmp(optarg, "ecdsa") == 0)
if (strcmp(optarg, "es256") == 0)
type = COSE_ES256;
else if (strcmp(optarg, "rsa") == 0)
else if (strcmp(optarg, "es384") == 0)
type = COSE_ES384;
else if (strcmp(optarg, "rs256") == 0)
type = COSE_RS256;
else if (strcmp(optarg, "eddsa") == 0)
type = COSE_EDDSA;

8
contrib/libfido2/examples/extern.h
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#ifndef _EXTERN_H_
@ -18,8 +19,9 @@ EVP_PKEY *read_eddsa_pubkey(const char *);
int base10(const char *, long long *);
int read_blob(const char *, unsigned char **, size_t *);
int write_blob(const char *, const unsigned char *, size_t);
int write_ec_pubkey(const char *, const void *, size_t);
int write_rsa_pubkey(const char *, const void *, size_t);
int write_es256_pubkey(const char *, const void *, size_t);
int write_es384_pubkey(const char *, const void *, size_t);
int write_rs256_pubkey(const char *, const void *, size_t);
int write_eddsa_pubkey(const char *, const void *, size_t);
#endif /* _EXTERN_H_ */

101
contrib/libfido2/examples/info.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <fido.h>
@ -103,6 +104,25 @@ print_opt_array(const char *label, char * const *name, const bool *value,
printf("\n");
}
/*
* Auxiliary function to print (char *, uint64_t) pairs on stdout.
*/
static void
print_cert_array(const char *label, char * const *name, const uint64_t *value,
size_t len)
{
if (len == 0)
return;
printf("%s: ", label);
for (size_t i = 0; i < len; i++)
printf("%s%s %llu", i > 0 ? ", " : "", name[i],
(unsigned long long)value[i]);
printf("\n");
}
/*
* Auxiliary function to print a list of supported COSE algorithms on stdout.
*/
@ -120,15 +140,18 @@ print_algorithms(const fido_cbor_info_t *ci)
for (size_t i = 0; i < len; i++) {
cose = type = "unknown";
switch (fido_cbor_info_algorithm_cose(ci, i)) {
case COSE_EDDSA:
cose = "eddsa";
break;
case COSE_ES256:
cose = "es256";
break;
case COSE_ES384:
cose = "es384";
break;
case COSE_RS256:
cose = "rs256";
break;
case COSE_EDDSA:
cose = "eddsa";
break;
}
if (fido_cbor_info_algorithm_type(ci, i) != NULL)
type = fido_cbor_info_algorithm_type(ci, i);
@ -182,6 +205,51 @@ print_maxcredidlen(uint64_t maxcredidlen)
printf("maxcredlen: %d\n", (int)maxcredidlen);
}
/*
* Auxiliary function to print the maximum size of an authenticator's
* serialized largeBlob array.
*/
static void
print_maxlargeblob(uint64_t maxlargeblob)
{
printf("maxlargeblob: %d\n", (int)maxlargeblob);
}
/*
* Auxiliary function to print the authenticator's estimated number of
* remaining resident credentials.
*/
static void
print_rk_remaining(int64_t rk_remaining)
{
printf("remaining rk(s): ");
if (rk_remaining == -1)
printf("undefined\n");
else
printf("%d\n", (int)rk_remaining);
}
/*
* Auxiliary function to print the minimum pin length observed by the
* authenticator.
*/
static void
print_minpinlen(uint64_t minpinlen)
{
printf("minpinlen: %d\n", (int)minpinlen);
}
/*
* Auxiliary function to print the authenticator's preferred (platform)
* UV attempts.
*/
static void
print_uv_attempts(uint64_t uv_attempts)
{
printf("platform uv attempt(s): %d\n", (int)uv_attempts);
}
/*
* Auxiliary function to print an authenticator's firmware version on stdout.
*/
@ -255,6 +323,14 @@ getinfo(const char *path)
fido_cbor_info_options_value_ptr(ci),
fido_cbor_info_options_len(ci));
/* print certifications */
print_cert_array("certifications", fido_cbor_info_certs_name_ptr(ci),
fido_cbor_info_certs_value_ptr(ci),
fido_cbor_info_certs_len(ci));
/* print firmware version */
print_fwversion(fido_cbor_info_fwversion(ci));
/* print maximum message size */
print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
@ -264,13 +340,26 @@ getinfo(const char *path)
/* print maximum length of a credential ID */
print_maxcredidlen(fido_cbor_info_maxcredidlen(ci));
/* print firmware version */
print_fwversion(fido_cbor_info_fwversion(ci));
/* print maximum length of largeBlob array */
print_maxlargeblob(fido_cbor_info_maxlargeblob(ci));
/* print number of remaining resident credentials */
print_rk_remaining(fido_cbor_info_rk_remaining(ci));
/* print minimum pin length */
print_minpinlen(fido_cbor_info_minpinlen(ci));
/* print supported pin protocols */
print_byte_array("pin protocols", fido_cbor_info_protocols_ptr(ci),
fido_cbor_info_protocols_len(ci));
/* print whether a new pin is required */
printf("pin change required: %s\n",
fido_cbor_info_new_pin_required(ci) ? "true" : "false");
/* print platform uv attempts */
print_uv_attempts(fido_cbor_info_uv_attempts(ci));
fido_cbor_info_free(&ci);
end:
if ((r = fido_dev_close(dev)) != FIDO_OK)

1
contrib/libfido2/examples/manifest.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <fido.h>

1
contrib/libfido2/examples/reset.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
/*

3
contrib/libfido2/examples/retries.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
/*
@ -35,7 +36,7 @@ main(int argc, char **argv)
errx(1, "fido_open: %s (0x%x)", fido_strerr(r), r);
if ((r = fido_dev_get_retry_count(dev, &n)) != FIDO_OK)
errx(1, "fido_get_retries: %s (0x%x)", fido_strerr(r), r);
errx(1, "fido_dev_get_retry_count: %s (0x%x)", fido_strerr(r), r);
if ((r = fido_dev_close(dev)) != FIDO_OK)
errx(1, "fido_close: %s (0x%x)", fido_strerr(r), r);

5
contrib/libfido2/examples/select.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Copyright (c) 2020-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <errno.h>
@ -23,7 +24,7 @@ nanosleep(const struct timespec *rqtp, struct timespec *rmtp)
return (-1);
}
Sleep(rqtp->tv_nsec / 1000000);
Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000));
return (0);
}

3
contrib/libfido2/examples/setpin.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
/*
@ -29,7 +30,7 @@ setpin(const char *path, const char *pin, const char *oldpin)
errx(1, "fido_dev_open: %s (0x%x)", fido_strerr(r), r);
if ((r = fido_dev_set_pin(dev, pin, oldpin)) != FIDO_OK)
errx(1, "fido_setpin: %s (0x%x)", fido_strerr(r), r);
errx(1, "fido_dev_set_pin: %s (0x%x)", fido_strerr(r), r);
if ((r = fido_dev_close(dev)) != FIDO_OK)
errx(1, "fido_dev_close: %s (0x%x)", fido_strerr(r), r);

65
contrib/libfido2/examples/util.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <sys/types.h>
@ -13,6 +14,7 @@
#include <fido.h>
#include <fido/es256.h>
#include <fido/es384.h>
#include <fido/rs256.h>
#include <fido/eddsa.h>
@ -158,7 +160,7 @@ read_ec_pubkey(const char *path)
}
int
write_ec_pubkey(const char *path, const void *ptr, size_t len)
write_es256_pubkey(const char *path, const void *ptr, size_t len)
{
FILE *fp = NULL;
EVP_PKEY *pkey = NULL;
@ -214,6 +216,63 @@ write_ec_pubkey(const char *path, const void *ptr, size_t len)
return (ok);
}
int
write_es384_pubkey(const char *path, const void *ptr, size_t len)
{
FILE *fp = NULL;
EVP_PKEY *pkey = NULL;
es384_pk_t *pk = NULL;
int fd = -1;
int ok = -1;
if ((pk = es384_pk_new()) == NULL) {
warnx("es384_pk_new");
goto fail;
}
if (es384_pk_from_ptr(pk, ptr, len) != FIDO_OK) {
warnx("es384_pk_from_ptr");
goto fail;
}
if ((fd = open(path, O_WRONLY | O_CREAT, 0644)) < 0) {
warn("open %s", path);
goto fail;
}
if ((fp = fdopen(fd, "w")) == NULL) {
warn("fdopen");
goto fail;
}
fd = -1; /* owned by fp now */
if ((pkey = es384_pk_to_EVP_PKEY(pk)) == NULL) {
warnx("es384_pk_to_EVP_PKEY");
goto fail;
}
if (PEM_write_PUBKEY(fp, pkey) == 0) {
warnx("PEM_write_PUBKEY");
goto fail;
}
ok = 0;
fail:
es384_pk_free(&pk);
if (fp != NULL) {
fclose(fp);
}
if (fd != -1) {
close(fd);
}
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
return (ok);
}
RSA *
read_rsa_pubkey(const char *path)
{
@ -247,7 +306,7 @@ read_rsa_pubkey(const char *path)
}
int
write_rsa_pubkey(const char *path, const void *ptr, size_t len)
write_rs256_pubkey(const char *path, const void *ptr, size_t len)
{
FILE *fp = NULL;
EVP_PKEY *pkey = NULL;

55
contrib/libfido2/fuzz/CMakeLists.txt
View File

@ -1,6 +1,7 @@
# Copyright (c) 2019 Yubico AB. All rights reserved.
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
list(APPEND COMPAT_SOURCES
../openbsd-compat/strlcpy.c
@ -12,52 +13,70 @@ list(APPEND COMMON_SOURCES
mutator_aux.c
)
set(FUZZ_LDFLAGS "-fsanitize=fuzzer")
# XXX: OSS-Fuzz require linking using CXX
set(FUZZ_LINKER_LANGUAGE "C" CACHE STRING "Linker language for fuzz harnesses")
mark_as_advanced(FUZZ_LINKER_LANGUAGE)
enable_language(${FUZZ_LINKER_LANGUAGE})
# fuzz_cred
add_executable(fuzz_cred fuzz_cred.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_cred PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_cred PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_cred PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_cred fido2_shared)
# fuzz_assert
add_executable(fuzz_assert fuzz_assert.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_assert PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_assert PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_assert PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_assert fido2_shared)
# fuzz_mgmt
add_executable(fuzz_mgmt fuzz_mgmt.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_mgmt PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_mgmt PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_mgmt PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_mgmt fido2_shared)
# fuzz_credman
add_executable(fuzz_credman fuzz_credman.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_credman PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_credman PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_credman PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_credman fido2_shared)
# fuzz_bio
add_executable(fuzz_bio fuzz_bio.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_bio PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_bio PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_bio PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_bio fido2_shared)
# fuzz_hid
add_executable(fuzz_hid fuzz_hid.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_hid PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_hid PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_hid PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_hid fido2_shared)
# fuzz_netlink
add_executable(fuzz_netlink fuzz_netlink.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_netlink PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_netlink PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_netlink PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_netlink fido2_shared)
# fuzz_largeblob
add_executable(fuzz_largeblob fuzz_largeblob.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
target_compile_options(fuzz_largeblob PRIVATE ${FUZZ_LDFLAGS})
set_target_properties(fuzz_largeblob PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS})
set_target_properties(fuzz_largeblob PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_largeblob fido2_shared)
# fuzz_pcsc
add_executable(fuzz_pcsc fuzz_pcsc.c ${COMMON_SOURCES} ${COMPAT_SOURCES})
set_target_properties(fuzz_pcsc PROPERTIES
LINK_FLAGS ${FUZZ_LDFLAGS}
LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE})
target_link_libraries(fuzz_pcsc fido2_shared)

22
contrib/libfido2/fuzz/Dockerfile
View File

@ -1,12 +1,16 @@
# Copyright (c) 2019-2021 Yubico AB. All rights reserved.
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN apt-get install -y clang-12 cmake git libssl-dev libudev-dev make pkg-config
RUN apt-get install -y zlib1g-dev
RUN git clone --branch v0.9.0 https://github.com/PJK/libcbor
RUN git clone https://github.com/yubico/libfido2
RUN CC=clang-12 CXX=clang++-12 /libfido2/fuzz/build-coverage /libcbor /libfido2
FROM alpine:latest
ENV CC=clang
ENV CXX=clang++
RUN apk -q update
RUN apk add build-base clang clang-analyzer cmake compiler-rt coreutils
RUN apk add eudev-dev git linux-headers llvm openssl-dev pcsc-lite-dev
RUN apk add sudo tar zlib-dev
RUN git clone --branch v0.10.1 --depth=1 https://github.com/PJK/libcbor
RUN git clone --depth=1 https://github.com/yubico/libfido2
WORKDIR /libfido2
RUN ./fuzz/build-coverage /libcbor /libfido2

35
contrib/libfido2/fuzz/Makefile
View File

@ -1,13 +1,14 @@
# Copyright (c) 2019-2021 Yubico AB. All rights reserved.
# Copyright (c) 2019-2023 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
IMAGE := libfido2-coverage:1.10.0
IMAGE := libfido2-coverage:1.13.1
RUNNER := libfido2-runner
PROFDATA := llvm-profdata-12
COV := llvm-cov-12
PROFDATA := llvm-profdata
COV := llvm-cov
TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_hid \
fuzz_largeblob fuzz_netlink fuzz_mgmt
fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc
CORPORA := $(foreach f,${TARGETS},${f}/corpus)
MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus)
REMOTE := gs://libfido2-corpus.clusterfuzz-external.appspot.com
@ -24,7 +25,7 @@ run: build
sync: run
tar Ccf .. - src fuzz | docker exec -i ${RUNNER} tar Cxf /libfido2 -
docker exec ${RUNNER} make -C libfido2/build
docker exec ${RUNNER} make -C /libfido2/build
corpus: sync
docker exec ${RUNNER} /bin/sh -c 'cd /libfido2/fuzz && rm -rf ${TARGETS}'
@ -45,23 +46,24 @@ corpus.tgz-: ${MINIFY}
profdata: run
docker exec ${RUNNER} /bin/sh -c 'rm -f /$@ && ${PROFDATA} \
merge -sparse profraw/* -o $@'
merge -sparse /profraw/* -o /$@'
report.tgz: profdata
docker exec ${RUNNER} /bin/sh -c 'rm -rf /report && mkdir /report && \
${COV} show -format=html -tab-size=8 -instr-profile=/$< \
--show-branch-summary=false -output-dir=/report \
/libfido2/build/src/libfido2.so'
-ignore-filename-regex=pcsclite.h --show-branch-summary=false \
-output-dir=/report /libfido2/build/src/libfido2.so'
docker exec -i ${RUNNER} tar Czcf / - report > $@
summary.txt: profdata
docker exec ${RUNNER} ${COV} report -use-color=false \
--show-branch-summary=false /libfido2/build/src/libfido2.so \
-instr-profile=/$< > $@
-ignore-filename-regex=pcsclite.h --show-branch-summary=false \
/libfido2/build/src/libfido2.so -instr-profile=/$< > $@
functions.txt: profdata
docker exec ${RUNNER} /bin/sh -c '${COV} report -use-color=false \
-show-functions --show-branch-summary=false -instr-profile=/$< \
-ignore-filename-regex=pcsclite.h -show-functions \
--show-branch-summary=false -instr-profile=/$< \
/libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@
clean: run
@ -74,8 +76,15 @@ ${CORPORA}:
-mkdir -p $@
gsutil -q -m rsync -d -r ${REMOTE}/libFuzzer/libfido2_$(@:/corpus=) $@
corpus.tgz: ${CORPORA}
fetch-oss-fuzz: ${CORPORA}
find ${TARGETS} -type f -size +8192c -print0 | xargs -0 rm
fetch-franz:
ssh franz tar -C corpus -cf- . | tar -xf-
corpus.tgz:
tar zcf $@ ${TARGETS}
.PHONY: build run sync corpus ${TARGETS} ${CORPORA}
.PHONY: report.tgz summary.txt functions.txt
.PHONY: fetch-oss-fuzz fetch-franz corpus.tgz

22
contrib/libfido2/fuzz/README
View File

@ -8,26 +8,36 @@ use preload-fuzz.c to read device data from stdin.
libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these
harnesses, use -DFUZZ=ON -DLIBFUZZER=ON.
harnesses, use -DCMAKE_C_FLAGS=-fsanitize=fuzzer-no-link
-DFUZZ_LDFLAGS=-fsanitize=fuzzer -DFUZZ=ON.
If -DFUZZ=ON is enabled, symbols listed in wrapped.sym are wrapped in the
resulting shared object. The wrapper functions simulate failure according to a
deterministic RNG and probabilities defined in wrap.c. Harnesses wishing to
use this functionality should call prng_init() with a seed obtained from the
corpus. To mutate only the seed part of a libFuzzer harness's corpora,
use '-reduce_inputs=0 --fido-mutate=seed'.
To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
libcbor and OpenSSL built with the respective sanitiser. In order to keep
memory utilisation at a manageable level, you can either enforce limits at
the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
N.B., the patch below is relative to libcbor 0.10.1.
diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
index aa049a2..e294b38 100644
index bbea63c..3f7c9af 100644
--- src/cbor/internal/memory_utils.c
+++ src/cbor/internal/memory_utils.c
@@ -28,7 +28,10 @@ bool _cbor_safe_to_multiply(size_t a, size_t b) {
@@ -41,7 +41,11 @@ size_t _cbor_safe_signaling_add(size_t a, size_t b) {
void* _cbor_alloc_multiple(size_t item_size, size_t item_count) {
if (_cbor_safe_to_multiply(item_size, item_count)) {
- return _CBOR_MALLOC(item_size * item_count);
- return _cbor_malloc(item_size * item_count);
+ if (item_count > 1000) {
+ return NULL;
+ } else
+ return _CBOR_MALLOC(item_size * item_count);
+ } else {
+ return _cbor_malloc(item_size * item_count);
+ }
} else {
return NULL;
}

7
contrib/libfido2/fuzz/build-coverage
View File

@ -3,6 +3,7 @@
# Copyright (c) 2019 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
LIBCBOR="$1"
LIBFIDO2="$2"
@ -25,7 +26,9 @@ make -C "${LIBCBOR}/build" VERBOSE=1 all install
# Build libfido2.
mkdir -p "${LIBFIDO2}/build"
export CFLAGS="-fprofile-instr-generate -fcoverage-mapping"
export CFLAGS="${CFLAGS} -fsanitize=fuzzer-no-link"
export LDFLAGS="${CFLAGS}"
(cd "${LIBFIDO2}/build" && cmake -DFUZZ=ON -DLIBFUZZER=ON \
-DCMAKE_BUILD_TYPE=Debug ..)
export FUZZ_LDFLAGS="${LDFLAGS} -fsanitize=fuzzer"
(cd "${LIBFIDO2}/build" && cmake -DFUZZ=ON -DFUZZ_LDFLAGS="${FUZZ_LDFLAGS}" \
-DCMAKE_BUILD_TYPE=Debug ..)
make -C "${LIBFIDO2}/build"

1
contrib/libfido2/fuzz/clock.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <stdint.h>

5
contrib/libfido2/fuzz/dummy.h
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Copyright (c) 2020-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#ifndef _DUMMY_H
@ -18,6 +19,8 @@ const char dummy_rp_name[] = "sweet home localhost";
const char dummy_user_icon[] = "an icon";
const char dummy_user_name[] = "john smith";
const char dummy_user_nick[] = "jsmith";
const char dummy_pcsc_list[] = "reader1\0reader2\0reader3\0\0";
const char dummy_pcsc_path[] = "pcsc://slot7";
const uint8_t dummy_id[] = { 0x5e, 0xd2 };
const uint8_t dummy_user_id[] = {

32
contrib/libfido2/fuzz/export.gnu
View File

@ -11,6 +11,12 @@
es256_pk_from_ptr;
es256_pk_new;
es256_pk_to_EVP_PKEY;
es384_pk_free;
es384_pk_from_EC_KEY;
es384_pk_from_EVP_PKEY;
es384_pk_from_ptr;
es384_pk_new;
es384_pk_to_EVP_PKEY;
fido_assert_allow_cred;
fido_assert_authdata_len;
fido_assert_authdata_ptr;
@ -82,22 +88,32 @@
fido_cbor_info_algorithm_cose;
fido_cbor_info_algorithm_count;
fido_cbor_info_algorithm_type;
fido_cbor_info_certs_len;
fido_cbor_info_certs_name_ptr;
fido_cbor_info_certs_value_ptr;
fido_cbor_info_extensions_len;
fido_cbor_info_extensions_ptr;
fido_cbor_info_free;
fido_cbor_info_maxmsgsiz;
fido_cbor_info_fwversion;
fido_cbor_info_maxcredbloblen;
fido_cbor_info_maxcredcntlst;
fido_cbor_info_maxcredidlen;
fido_cbor_info_fwversion;
fido_cbor_info_maxlargeblob;
fido_cbor_info_maxmsgsiz;
fido_cbor_info_maxrpid_minpinlen;
fido_cbor_info_minpinlen;
fido_cbor_info_new;
fido_cbor_info_new_pin_required;
fido_cbor_info_options_len;
fido_cbor_info_options_name_ptr;
fido_cbor_info_options_value_ptr;
fido_cbor_info_protocols_len;
fido_cbor_info_protocols_ptr;
fido_cbor_info_rk_remaining;
fido_cbor_info_transports_len;
fido_cbor_info_transports_ptr;
fido_cbor_info_uv_attempts;
fido_cbor_info_uv_modality;
fido_cbor_info_versions_len;
fido_cbor_info_versions_ptr;
fido_cred_attstmt_len;
@ -212,6 +228,7 @@
fido_dev_protocol;
fido_dev_reset;
fido_dev_set_io_functions;
fido_dev_set_pcsc;
fido_dev_set_pin;
fido_dev_set_pin_minlen;
fido_dev_set_pin_minlen_rpid;
@ -237,6 +254,13 @@
fido_nl_get_nfc_target;
fido_nl_new;
fido_nl_power_nfc;
fido_pcsc_close;
fido_pcsc_manifest;
fido_pcsc_open;
fido_pcsc_read;
fido_pcsc_rx;
fido_pcsc_tx;
fido_pcsc_write;
fido_set_log_handler;
fido_strerr;
rs256_pk_free;
@ -246,8 +270,12 @@
rs256_pk_new;
rs256_pk_to_EVP_PKEY;
prng_init;
prng_up;
fuzz_clock_reset;
fuzz_save_corpus;
set_netlink_io_functions;
set_pcsc_parameters;
set_pcsc_io_functions;
set_udev_parameters;
uniform_random;
local:

404
contrib/libfido2/fuzz/functions.txt
View File

@ -1,24 +1,24 @@
File '/libfido2/src/aes256.c':
Name Regions Miss Cover Lines Miss Cover
--------------------------------------------------------------------------------------------------------
aes256_cbc_enc 3 0 100.00% 4 0 100.00%
aes256_cbc_dec 3 0 100.00% 4 0 100.00%
aes256_cbc_enc 4 0 100.00% 4 0 100.00%
aes256_cbc_dec 4 0 100.00% 4 0 100.00%
aes256_gcm_enc 1 0 100.00% 3 0 100.00%
aes256_gcm_dec 1 0 100.00% 3 0 100.00%
aes256.c:aes256_cbc_fips 26 2 92.31% 42 7 83.33%
aes256.c:aes256_cbc_fips 26 1 96.15% 42 4 90.48%
aes256.c:aes256_cbc 29 1 96.55% 36 3 91.67%
aes256.c:aes256_cbc_proto1 1 0 100.00% 5 0 100.00%
aes256.c:aes256_gcm 51 1 98.04% 60 4 93.33%
aes256.c:aes256_gcm 52 1 98.08% 60 4 93.33%
--------------------------------------------------------------------------------------------------------
TOTAL 115 4 96.52% 157 14 91.08%
TOTAL 118 3 97.46% 157 11 92.99%
File '/libfido2/src/assert.c':
Name Regions Miss Cover Lines Miss Cover
-----------------------------------------------------------------------------------------------------------------
fido_dev_get_assert 40 0 100.00% 35 0 100.00%
fido_check_flags 13 0 100.00% 15 0 100.00%
fido_get_signed_hash 36 0 100.00% 46 0 100.00%
fido_assert_verify 48 4 91.67% 67 5 92.54%
fido_get_signed_hash 20 1 95.00% 34 3 91.18%
fido_assert_verify 50 4 92.00% 70 7 90.00%
fido_assert_set_clientdata 12 12 0.00% 11 11 0.00%
fido_assert_set_clientdata_hash 8 0 100.00% 6 0 100.00%
fido_assert_set_hmac_salt 10 0 100.00% 6 0 100.00%
@ -26,7 +26,7 @@ fido_assert_set_hmac_secret 12 12 0.00% 7 7
fido_assert_set_rp 12 0 100.00% 11 0 100.00%
fido_assert_allow_cred 13 2 84.62% 22 3 86.36%
fido_assert_set_extensions 14 0 100.00% 10 0 100.00%
fido_assert_set_options 6 6 0.00% 5 5 0.00%
fido_assert_set_options 8 8 0.00% 5 5 0.00%
fido_assert_set_up 2 0 100.00% 4 0 100.00%
fido_assert_set_uv 2 0 100.00% 4 0 100.00%
fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0 100.00%
@ -62,17 +62,20 @@ fido_assert_set_sig 14 0 100.00% 7 0
fido_assert_set_count 10 0 100.00% 17 0 100.00%
assert.c:fido_dev_get_assert_wait 21 0 100.00% 14 0 100.00%
assert.c:fido_dev_get_assert_tx 56 2 96.43% 62 5 91.94%
assert.c:fido_dev_get_assert_rx 19 0 100.00% 27 0 100.00%
assert.c:fido_dev_get_assert_rx 27 0 100.00% 36 0 100.00%
assert.c:adjust_assert_count 24 0 100.00% 26 0 100.00%
assert.c:parse_assert_reply 12 0 100.00% 24 0 100.00%
assert.c:fido_get_next_assert_tx 8 0 100.00% 8 0 100.00%
assert.c:fido_get_next_assert_rx 15 2 86.67% 21 4 80.95%
assert.c:fido_get_next_assert_rx 23 2 91.30% 29 5 82.76%
assert.c:decrypt_hmac_secrets 9 0 100.00% 15 0 100.00%
assert.c:get_es256_hash 16 0 100.00% 17 0 100.00%
assert.c:get_es384_hash 16 0 100.00% 17 0 100.00%
assert.c:get_eddsa_hash 6 0 100.00% 9 0 100.00%
assert.c:check_extensions 5 0 100.00% 9 0 100.00%
assert.c:fido_assert_reset_extattr 1 0 100.00% 5 0 100.00%
assert.c:fido_assert_clean_authdata 1 0 100.00% 5 0 100.00%
-----------------------------------------------------------------------------------------------------------------
TOTAL 563 40 92.90% 694 40 94.24%
TOTAL 605 43 92.89% 745 46 93.83%
File '/libfido2/src/authkey.c':
Name Regions Miss Cover Lines Miss Cover
@ -80,18 +83,18 @@ Name Regions Miss Cover Lines Miss
fido_dev_authkey 1 0 100.00% 3 0 100.00%
authkey.c:fido_dev_authkey_wait 10 0 100.00% 7 0 100.00%
authkey.c:fido_dev_authkey_tx 19 0 100.00% 25 0 100.00%
authkey.c:fido_dev_authkey_rx 6 0 100.00% 14 0 100.00%
authkey.c:fido_dev_authkey_rx 14 0 100.00% 21 0 100.00%
authkey.c:parse_authkey 8 0 100.00% 10 0 100.00%
-----------------------------------------------------------------------------------------------------------------
TOTAL 44 0 100.00% 59 0 100.00%
TOTAL 52 0 100.00% 66 0 100.00%
File '/libfido2/src/bio.c':
Name Regions Miss Cover Lines Miss Cover
-----------------------------------------------------------------------------------------------------------------
fido_bio_dev_get_template_array 5 2 60.00% 6 0 100.00%
fido_bio_dev_get_template_array 5 2 60.00% 6 1 83.33%
fido_bio_dev_set_template_name 7 0 100.00% 6 0 100.00%
fido_bio_dev_enroll_begin 25 2 92.00% 31 0 100.00%
fido_bio_dev_enroll_continue 5 2 60.00% 6 0 100.00%
fido_bio_dev_enroll_begin 25 2 92.00% 31 1 96.77%
fido_bio_dev_enroll_continue 5 2 60.00% 6 1 83.33%
fido_bio_dev_enroll_cancel 1 1 0.00% 4 4 0.00%
fido_bio_dev_enroll_remove 1 0 100.00% 4 0 100.00%
fido_bio_dev_get_info 1 0 100.00% 4 0 100.00%
@ -117,28 +120,28 @@ fido_bio_enroll_last_status 1 0 100.00% 3 0
bio.c:bio_get_template_array_wait 11 0 100.00% 7 0 100.00%
bio.c:bio_tx 43 0 100.00% 55 0 100.00%
bio.c:bio_prepare_hmac 18 0 100.00% 29 0 100.00%
bio.c:bio_rx_template_array 11 0 100.00% 17 0 100.00%
bio.c:bio_rx_template_array 19 0 100.00% 24 0 100.00%
bio.c:bio_parse_template_array 26 1 96.15% 27 4 85.19%
bio.c:decode_template_array 12 1 91.67% 18 3 83.33%
bio.c:decode_template 9 0 100.00% 15 0 100.00%
bio.c:bio_set_template_name_wait 19 0 100.00% 20 0 100.00%
bio.c:bio_enroll_begin_wait 17 0 100.00% 19 0 100.00%
bio.c:bio_rx_enroll_begin 15 0 100.00% 24 0 100.00%
bio.c:bio_rx_enroll_begin 23 0 100.00% 31 0 100.00%
bio.c:bio_parse_enroll_status 20 0 100.00% 28 0 100.00%
bio.c:bio_parse_template_id 8 0 100.00% 10 0 100.00%
bio.c:bio_enroll_continue_wait 19 0 100.00% 20 0 100.00%
bio.c:bio_rx_enroll_continue 11 0 100.00% 18 0 100.00%
bio.c:bio_rx_enroll_continue 19 0 100.00% 25 0 100.00%
bio.c:bio_enroll_cancel_wait 11 11 0.00% 10 10 0.00%
bio.c:bio_enroll_remove_wait 17 0 100.00% 19 0 100.00%
bio.c:bio_get_info_wait 11 0 100.00% 10 0 100.00%
bio.c:bio_rx_info 11 0 100.00% 17 0 100.00%
bio.c:bio_rx_info 19 0 100.00% 24 0 100.00%
bio.c:bio_reset_info 1 0 100.00% 4 0 100.00%
bio.c:bio_parse_info 20 0 100.00% 28 0 100.00%
bio.c:bio_reset_template_array 4 0 100.00% 7 0 100.00%
bio.c:bio_reset_template 1 0 100.00% 5 0 100.00%
bio.c:bio_reset_enroll 3 0 100.00% 6 0 100.00%
-----------------------------------------------------------------------------------------------------------------
TOTAL 419 20 95.23% 559 21 96.24%
TOTAL 451 20 95.57% 587 24 95.91%
File '/libfido2/src/blob.c':
Name Regions Miss Cover Lines Miss Cover
@ -187,12 +190,12 @@ cbor_encode_str_array 18 0 100.00% 19 0
cbor_encode_cred_ext 55 0 100.00% 50 0 100.00%
cbor_encode_cred_opt 13 0 100.00% 11 0 100.00%
cbor_encode_assert_opt 13 0 100.00% 11 0 100.00%
cbor_encode_pin_auth 20 1 95.00% 22 3 86.36%
cbor_encode_pin_auth 21 1 95.24% 22 3 86.36%
cbor_encode_pin_opt 4 0 100.00% 8 0 100.00%
cbor_encode_change_pin_auth 31 1 96.77% 36 3 91.67%
cbor_encode_change_pin_auth 32 1 96.88% 36 3 91.67%
cbor_encode_assert_ext 33 0 100.00% 32 0 100.00%
cbor_decode_fmt 13 0 100.00% 15 0 100.00%
cbor_decode_pubkey 21 1 95.24% 30 2 93.33%
cbor_decode_pubkey 26 1 96.15% 36 2 94.44%
cbor_decode_cred_authdata 31 1 96.77% 35 3 91.43%
cbor_decode_assert_authdata 21 0 100.00% 32 0 100.00%
cbor_decode_attstmt 13 0 100.00% 16 0 100.00%
@ -200,38 +203,41 @@ cbor_decode_uint64 4 0 100.00% 8 0
cbor_decode_cred_id 8 0 100.00% 9 0 100.00%
cbor_decode_user 8 0 100.00% 9 0 100.00%
cbor_decode_rp_entity 8 0 100.00% 9 0 100.00%
cbor_build_uint 10 1 90.00% 9 2 77.78%
cbor_decode_bool 10 0 100.00% 11 0 100.00%
cbor_build_uint 10 1 90.00% 9 1 88.89%
cbor_array_append 17 0 100.00% 21 0 100.00%
cbor_array_drop 18 2 88.89% 17 3 82.35%
cbor_array_drop 18 0 100.00% 17 0 100.00%
cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00%
cbor.c:check_key_type 8 0 100.00% 7 0 100.00%
cbor.c:cbor_add_arg 13 0 100.00% 21 0 100.00%
cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00%
cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00%
cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88%
cbor.c:get_cose_alg 36 0 100.00% 38 0 100.00%
cbor.c:get_cose_alg 46 1 97.83% 45 3 93.33%
cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00%
cbor.c:decode_attcred 25 0 100.00% 44 0 100.00%
cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00%
cbor.c:decode_cred_extension 49 10 79.59% 49 17 65.31%
cbor.c:decode_cred_extension 41 1 97.56% 45 3 93.33%
cbor.c:decode_assert_extensions 14 0 100.00% 23 0 100.00%
cbor.c:decode_assert_extension 19 0 100.00% 27 0 100.00%
cbor.c:decode_attstmt_entry 52 0 100.00% 50 0 100.00%
cbor.c:decode_attstmt_entry 56 0 100.00% 51 0 100.00%
cbor.c:decode_x5c 4 0 100.00% 6 0 100.00%
cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 100.00%
cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00%
cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00%
------------------------------------------------------------------------------------------------------------------
TOTAL 1047 23 97.80% 1237 46 96.28%
TOTAL 1070 13 98.79% 1258 31 97.54%
File '/libfido2/src/compress.c':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------------------------------------
fido_compress 1 0 100.00% 3 0 100.00%
fido_uncompress 1 0 100.00% 3 0 100.00%
compress.c:do_compress 32 4 87.50% 22 3 86.36%
fido_uncompress 6 0 100.00% 5 0 100.00%
compress.c:rfc1951_deflate 33 4 87.88% 47 6 87.23%
compress.c:rfc1950_inflate 27 2 92.59% 22 4 81.82%
compress.c:rfc1951_inflate 38 8 78.95% 45 14 68.89%
------------------------------------------------------------------------------------------------------------------
TOTAL 34 4 88.24% 28 3 89.29%
TOTAL 105 14 86.67% 122 24 80.33%
File '/libfido2/src/config.c':
Name Regions Miss Cover Lines Miss Cover
@ -242,21 +248,21 @@ fido_dev_set_pin_minlen 1 0 100.00% 4
fido_dev_force_pin_change 1 0 100.00% 4 0 100.00%
fido_dev_set_pin_minlen_rpid 6 0 100.00% 15 0 100.00%
config.c:config_enable_entattest_wait 6 0 100.00% 7 0 100.00%
config.c:config_tx 37 0 100.00% 48 0 100.00%
config.c:config_tx 41 0 100.00% 49 0 100.00%
config.c:config_prepare_hmac 8 0 100.00% 19 0 100.00%
config.c:config_toggle_always_uv_wait 6 0 100.00% 7 0 100.00%
config.c:config_pin_minlen 5 0 100.00% 7 0 100.00%
config.c:config_pin_minlen_tx 36 0 100.00% 32 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 108 0 100.00% 151 0 100.00%
TOTAL 112 0 100.00% 152 0 100.00%
File '/libfido2/src/cred.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_dev_make_cred 12 0 100.00% 10 0 100.00%
fido_check_rp_id 4 0 100.00% 11 0 100.00%
fido_cred_verify 56 2 96.43% 72 5 93.06%
fido_cred_verify_self 58 4 93.10% 83 5 93.98%
fido_cred_verify 59 2 96.61% 75 4 94.67%
fido_cred_verify_self 60 6 90.00% 87 11 87.36%
fido_cred_new 1 0 100.00% 3 0 100.00%
fido_cred_reset_tx 1 0 100.00% 19 0 100.00%
fido_cred_reset_rx 1 0 100.00% 7 0 100.00%
@ -273,14 +279,14 @@ fido_cred_set_clientdata_hash 8 0 100.00% 6
fido_cred_set_rp 18 0 100.00% 22 0 100.00%
fido_cred_set_user 32 0 100.00% 41 0 100.00%
fido_cred_set_extensions 16 0 100.00% 10 0 100.00%
fido_cred_set_options 6 6 0.00% 5 5 0.00%
fido_cred_set_options 8 8 0.00% 5 5 0.00%
fido_cred_set_rk 2 0 100.00% 4 0 100.00%
fido_cred_set_uv 2 0 100.00% 4 0 100.00%
fido_cred_set_prot 21 0 100.00% 14 0 100.00%
fido_cred_set_pin_minlen 7 0 100.00% 8 0 100.00%
fido_cred_set_blob 13 2 84.62% 8 1 87.50%
fido_cred_set_fmt 20 4 80.00% 12 1 91.67%
fido_cred_set_type 17 0 100.00% 7 0 100.00%
fido_cred_set_blob 13 0 100.00% 8 0 100.00%
fido_cred_set_fmt 20 4 80.00% 12 2 83.33%
fido_cred_set_type 23 2 91.30% 9 1 88.89%
fido_cred_type 1 0 100.00% 3 0 100.00%
fido_cred_flags 1 0 100.00% 3 0 100.00%
fido_cred_sigcount 1 0 100.00% 3 0 100.00%
@ -296,8 +302,8 @@ fido_cred_authdata_raw_ptr 1 0 100.00% 3
fido_cred_authdata_raw_len 1 0 100.00% 3 0 100.00%
fido_cred_attstmt_ptr 1 0 100.00% 3 0 100.00%
fido_cred_attstmt_len 1 0 100.00% 3 0 100.00%
fido_cred_pubkey_ptr 9 0 100.00% 18 0 100.00%
fido_cred_pubkey_len 9 0 100.00% 18 0 100.00%
fido_cred_pubkey_ptr 11 0 100.00% 21 0 100.00%
fido_cred_pubkey_len 11 0 100.00% 21 0 100.00%
fido_cred_id_ptr 1 0 100.00% 3 0 100.00%
fido_cred_id_len 1 0 100.00% 3 0 100.00%
fido_cred_aaguid_ptr 1 0 100.00% 3 0 100.00%
@ -318,12 +324,12 @@ cred.c:fido_dev_make_cred_tx 64 0 100.00% 70
cred.c:fido_dev_make_cred_rx 29 0 100.00% 32 0 100.00%
cred.c:parse_makecred_reply 14 0 100.00% 27 0 100.00%
cred.c:check_extensions 2 0 100.00% 6 0 100.00%
cred.c:get_signed_hash_u2f 27 0 100.00% 26 0 100.00%
cred.c:verify_attstmt 23 2 91.30% 40 5 87.50%
cred.c:get_signed_hash_u2f 27 0 100.00% 27 0 100.00%
cred.c:verify_attstmt 25 2 92.00% 43 6 86.05%
cred.c:fido_cred_clean_authdata 1 0 100.00% 8 0 100.00%
cred.c:fido_cred_clean_attstmt 1 0 100.00% 8 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 632 34 94.62% 830 36 95.66%
TOTAL 651 38 94.16% 849 43 94.94%
File '/libfido2/src/credman.c':
Name Regions Miss Cover Lines Miss Cover
@ -334,15 +340,15 @@ fido_credman_del_dev_rk 1 0 100.00% 4
fido_credman_get_dev_rp 1 0 100.00% 4 0 100.00%
fido_credman_set_dev_rk 1 0 100.00% 4 0 100.00%
fido_credman_rk_new 1 0 100.00% 3 0 100.00%
fido_credman_rk_free 6 1 83.33% 8 0 100.00%
fido_credman_rk_free 6 1 83.33% 8 1 87.50%
fido_credman_rk_count 1 0 100.00% 3 0 100.00%
fido_credman_rk 4 0 100.00% 5 0 100.00%
fido_credman_metadata_new 1 0 100.00% 3 0 100.00%
fido_credman_metadata_free 6 1 83.33% 7 0 100.00%
fido_credman_metadata_free 6 1 83.33% 7 1 85.71%
fido_credman_rk_existing 1 0 100.00% 3 0 100.00%
fido_credman_rk_remaining 1 0 100.00% 3 0 100.00%
fido_credman_rp_new 1 0 100.00% 3 0 100.00%
fido_credman_rp_free 6 1 83.33% 8 0 100.00%
fido_credman_rp_free 6 1 83.33% 8 1 87.50%
fido_credman_rp_count 1 0 100.00% 3 0 100.00%
fido_credman_rp_id 4 0 100.00% 5 0 100.00%
fido_credman_rp_name 4 0 100.00% 5 0 100.00%
@ -351,39 +357,35 @@ fido_credman_rp_id_hash_ptr 4 0 100.00% 5
credman.c:credman_get_metadata_wait 11 0 100.00% 8 0 100.00%
credman.c:credman_tx 36 0 100.00% 50 0 100.00%
credman.c:credman_prepare_hmac 31 1 96.77% 50 2 96.00%
credman.c:credman_rx_metadata 11 0 100.00% 17 0 100.00%
credman.c:credman_rx_metadata 19 0 100.00% 24 0 100.00%
credman.c:credman_parse_metadata 9 0 100.00% 17 0 100.00%
credman.c:credman_get_rk_wait 27 0 100.00% 23 0 100.00%
credman.c:credman_rx_rk 19 0 100.00% 27 0 100.00%
credman.c:credman_rx_rk 27 0 100.00% 35 0 100.00%
credman.c:credman_parse_rk_count 16 0 100.00% 20 0 100.00%
credman.c:credman_grow_array 17 2 88.24% 21 5 76.19%
credman.c:credman_parse_rk 23 0 100.00% 31 0 100.00%
credman.c:credman_rx_next_rk 15 2 86.67% 21 4 80.95%
credman.c:credman_rx_next_rk 23 2 91.30% 29 5 82.76%
credman.c:credman_del_rk_wait 16 0 100.00% 15 0 100.00%
credman.c:credman_get_rp_wait 23 0 100.00% 15 0 100.00%
credman.c:credman_rx_rp 19 0 100.00% 27 0 100.00%
credman.c:credman_rx_rp 27 0 100.00% 35 0 100.00%
credman.c:credman_parse_rp_count 16 0 100.00% 20 0 100.00%
credman.c:credman_parse_rp 9 0 100.00% 17 0 100.00%
credman.c:credman_rx_next_rp 15 2 86.67% 21 4 80.95%
credman.c:credman_rx_next_rp 23 2 91.30% 29 5 82.76%
credman.c:credman_set_dev_rk_wait 11 0 100.00% 8 0 100.00%
credman.c:credman_reset_rk 4 0 100.00% 9 0 100.00%
credman.c:credman_reset_rp 4 0 100.00% 12 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 382 10 97.38% 518 15 97.10%
TOTAL 422 10 97.63% 557 20 96.41%
File '/libfido2/src/dev.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_dev_register_manifest_func 10 2 80.00% 14 3 78.57%
fido_dev_unregister_manifest_func 7 7 0.00% 11 11 0.00%
fido_dev_info_manifest 22 4 81.82% 24 0 100.00%
fido_dev_info_manifest 2 0 100.00% 11 0 100.00%
fido_dev_open_with_info 5 5 0.00% 6 6 0.00%
fido_dev_open 5 1 80.00% 19 12 36.84%
fido_dev_close 9 2 77.78% 8 0 100.00%
fido_dev_open 13 4 69.23% 16 6 62.50%
fido_dev_close 9 2 77.78% 8 1 87.50%
fido_dev_set_sigmask 18 18 0.00% 11 11 0.00%
fido_dev_cancel 11 0 100.00% 8 0 100.00%
fido_dev_get_touch_begin 50 0 100.00% 59 0 100.00%
fido_dev_get_touch_status 17 0 100.00% 20 0 100.00%
fido_dev_set_io_functions 18 4 77.78% 14 6 57.14%
fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67%
fido_dev_io_handle 1 1 0.00% 3 3 0.00%
@ -410,17 +412,17 @@ fido_dev_force_fido2 2 2 0.00% 3
fido_dev_get_pin_protocol 11 0 100.00% 7 0 100.00%
fido_dev_maxmsgsize 1 0 100.00% 3 0 100.00%
fido_dev_set_timeout 6 2 66.67% 6 1 83.33%
dev.c:find_manifest_func_node 5 0 100.00% 8 0 100.00%
dev.c:run_manifest 10 0 100.00% 13 0 100.00%
dev.c:fido_dev_open_wait 10 0 100.00% 7 0 100.00%
dev.c:fido_dev_open_tx 56 15 73.21% 56 26 53.57%
dev.c:fido_dev_open_tx 56 11 80.36% 56 20 64.29%
dev.c:set_random_report_len 11 0 100.00% 6 0 100.00%
dev.c:fido_dev_open_rx 36 1 97.22% 53 1 98.11%
dev.c:fido_dev_set_flags 1 0 100.00% 5 0 100.00%
dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 0 100.00%
dev.c:fido_dev_set_option_flags 29 0 100.00% 18 0 100.00%
dev.c:fido_dev_set_option_flags 31 0 100.00% 20 0 100.00%
dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 421 79 81.24% 491 105 78.62%
TOTAL 332 65 80.42% 378 80 78.84%
File '/libfido2/src/ecdh.c':
Name Regions Miss Cover Lines Miss Cover
@ -438,15 +440,15 @@ Name Regions Miss Cover Lines Mis
eddsa_pk_decode 8 0 100.00% 9 0 100.00%
eddsa_pk_new 1 0 100.00% 3 0 100.00%
eddsa_pk_free 6 0 100.00% 7 0 100.00%
eddsa_pk_from_ptr 6 0 100.00% 6 0 100.00%
eddsa_pk_from_ptr 10 0 100.00% 12 0 100.00%
eddsa_pk_to_EVP_PKEY 3 0 100.00% 7 0 100.00%
eddsa_pk_from_EVP_PKEY 14 0 100.00% 10 0 100.00%
eddsa_pk_from_EVP_PKEY 18 2 88.89% 12 1 91.67%
eddsa_verify_sig 19 2 89.47% 30 6 80.00%
eddsa_pk_verify_sig 7 1 85.71% 13 2 84.62%
eddsa.c:decode_pubkey_point 8 0 100.00% 11 0 100.00%
eddsa.c:decode_coord 8 0 100.00% 10 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 80 3 96.25% 106 8 92.45%
TOTAL 88 5 94.32% 114 9 92.11%
File '/libfido2/src/err.c':
Name Regions Miss Cover Lines Miss Cover
@ -464,26 +466,47 @@ es256_sk_new 1 0 100.00% 3
es256_sk_free 6 0 100.00% 7 0 100.00%
es256_pk_new 1 0 100.00% 3 0 100.00%
es256_pk_free 6 0 100.00% 7 0 100.00%
es256_pk_from_ptr 11 0 100.00% 10 0 100.00%
es256_pk_from_ptr 15 0 100.00% 17 0 100.00%
es256_pk_set_x 1 0 100.00% 4 0 100.00%
es256_pk_set_y 1 0 100.00% 4 0 100.00%
es256_sk_create 39 0 100.00% 41 0 100.00%
es256_pk_to_EVP_PKEY 42 0 100.00% 54 0 100.00%
es256_pk_from_EC_KEY 38 0 100.00% 36 0 100.00%
es256_pk_from_EVP_PKEY 7 2 71.43% 7 0 100.00%
es256_sk_to_EVP_PKEY 28 0 100.00% 40 0 100.00%
es256_derive_pk 25 0 100.00% 30 0 100.00%
es256_sk_create 39 0 100.00% 40 0 100.00%
es256_pk_to_EVP_PKEY 42 0 100.00% 53 0 100.00%
es256_pk_from_EC_KEY 42 2 95.24% 47 4 91.49%
es256_pk_from_EVP_PKEY 8 2 75.00% 7 1 85.71%
es256_sk_to_EVP_PKEY 28 0 100.00% 39 0 100.00%
es256_derive_pk 25 0 100.00% 29 0 100.00%
es256_verify_sig 12 2 83.33% 19 5 73.68%
es256_pk_verify_sig 7 1 85.71% 13 2 84.62%
es256.c:decode_pubkey_point 9 0 100.00% 13 0 100.00%
es256.c:decode_coord 8 0 100.00% 10 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 306 5 98.37% 358 7 98.04%
TOTAL 315 7 97.78% 372 12 96.77%
File '/libfido2/src/es384.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
es384_pk_decode 8 0 100.00% 9 0 100.00%
es384_pk_new 1 0 100.00% 3 0 100.00%
es384_pk_free 6 0 100.00% 7 0 100.00%
es384_pk_from_ptr 15 0 100.00% 17 0 100.00%
es384_pk_to_EVP_PKEY 42 0 100.00% 53 0 100.00%
es384_pk_from_EC_KEY 42 2 95.24% 47 4 91.49%
es384_pk_from_EVP_PKEY 8 2 75.00% 7 1 85.71%
es384_verify_sig 12 2 83.33% 19 5 73.68%
es384_pk_verify_sig 7 1 85.71% 13 2 84.62%
es384.c:decode_pubkey_point 9 0 100.00% 13 0 100.00%
es384.c:decode_coord 8 1 87.50% 10 3 70.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 158 8 94.94% 198 15 92.42%
File '/libfido2/src/extern.h':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
File '/libfido2/src/fallthrough.h':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
File '/libfido2/src/fido.h':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
@ -511,8 +534,8 @@ TOTAL 87 2 97.70% 145
File '/libfido2/src/hid_linux.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_hid_manifest 35 4 88.57% 41 1 97.56%
fido_hid_open 27 27 0.00% 40 40 0.00%
fido_hid_manifest 35 4 88.57% 41 2 95.12%
fido_hid_open 33 33 0.00% 51 51 0.00%
fido_hid_close 3 3 0.00% 6 6 0.00%
fido_hid_set_sigmask 2 2 0.00% 6 6 0.00%
fido_hid_read 15 15 0.00% 21 21 0.00%
@ -520,29 +543,29 @@ fido_hid_write 12 12 0.00% 17 1
fido_hid_report_in_len 1 1 0.00% 4 4 0.00%
fido_hid_report_out_len 1 1 0.00% 4 4 0.00%
hid_linux.c:copy_info 34 0 100.00% 44 0 100.00%
hid_linux.c:is_fido 10 2 80.00% 14 2 85.71%
hid_linux.c:is_fido 15 1 93.33% 16 1 93.75%
hid_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00%
hid_linux.c:parse_uevent 12 0 100.00% 24 0 100.00%
hid_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00%
hid_linux.c:get_report_descriptor 14 1 92.86% 17 3 82.35%
-------------------------------------------------------------------------------------------------------------------
TOTAL 173 68 60.69% 250 104 58.40%
TOTAL 184 73 60.33% 263 115 56.27%
File '/libfido2/src/hid_unix.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_hid_unix_open 18 11 38.89% 22 14 36.36%
fido_hid_unix_wait 10 9 10.00% 21 10 52.38%
fido_hid_unix_wait 11 10 9.09% 21 12 42.86%
-------------------------------------------------------------------------------------------------------------------
TOTAL 28 20 28.57% 43 24 44.19%
TOTAL 29 21 27.59% 43 26 39.53%
File '/libfido2/src/info.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_dev_get_cbor_info_wait 10 0 100.00% 7 0 100.00%
fido_dev_get_cbor_info 1 0 100.00% 4 0 100.00%
fido_cbor_info_new 1 0 100.00% 3 0 100.00%
fido_cbor_info_reset 1 0 100.00% 8 0 100.00%
fido_cbor_info_new 4 0 100.00% 7 0 100.00%
fido_cbor_info_reset 1 0 100.00% 10 0 100.00%
fido_cbor_info_free 6 0 100.00% 8 0 100.00%
fido_cbor_info_versions_ptr 1 0 100.00% 3 0 100.00%
fido_cbor_info_versions_len 1 0 100.00% 3 0 100.00%
@ -559,57 +582,69 @@ fido_cbor_info_maxcredbloblen 1 0 100.00% 3
fido_cbor_info_maxmsgsiz 1 0 100.00% 3 0 100.00%
fido_cbor_info_maxcredcntlst 1 0 100.00% 3 0 100.00%
fido_cbor_info_maxcredidlen 1 0 100.00% 3 0 100.00%
fido_cbor_info_maxlargeblob 1 0 100.00% 3 0 100.00%
fido_cbor_info_fwversion 1 0 100.00% 3 0 100.00%
fido_cbor_info_minpinlen 1 0 100.00% 3 0 100.00%
fido_cbor_info_maxrpid_minpinlen 1 0 100.00% 3 0 100.00%
fido_cbor_info_uv_attempts 1 0 100.00% 3 0 100.00%
fido_cbor_info_uv_modality 1 0 100.00% 3 0 100.00%
fido_cbor_info_rk_remaining 1 0 100.00% 3 0 100.00%
fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00%
fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00%
fido_cbor_info_algorithm_count 1 0 100.00% 3 0 100.00%
fido_cbor_info_algorithm_type 4 0 100.00% 5 0 100.00%
fido_cbor_info_algorithm_cose 4 0 100.00% 5 0 100.00%
fido_cbor_info_new_pin_required 1 0 100.00% 3 0 100.00%
fido_cbor_info_certs_name_ptr 1 0 100.00% 3 0 100.00%
fido_cbor_info_certs_value_ptr 1 0 100.00% 3 0 100.00%
fido_cbor_info_certs_len 1 0 100.00% 3 0 100.00%
info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 9 0 100.00%
info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 14 0 100.00%
info.c:parse_reply_element 19 0 100.00% 37 0 100.00%
info.c:fido_dev_get_cbor_info_rx 14 0 100.00% 21 0 100.00%
info.c:parse_reply_element 32 0 100.00% 59 0 100.00%
info.c:decode_string_array 12 0 100.00% 17 0 100.00%
info.c:decode_string 4 0 100.00% 10 0 100.00%
info.c:decode_aaguid 8 0 100.00% 10 0 100.00%
info.c:decode_options 11 0 100.00% 15 0 100.00%
info.c:decode_option 11 0 100.00% 17 0 100.00%
info.c:decode_option 7 0 100.00% 15 0 100.00%
info.c:decode_protocols 12 0 100.00% 17 0 100.00%
info.c:decode_protocol 6 0 100.00% 12 0 100.00%
info.c:decode_algorithms 12 0 100.00% 17 0 100.00%
info.c:decode_algorithm 9 0 100.00% 17 0 100.00%
info.c:decode_algorithm_entry 20 0 100.00% 27 0 100.00%
info.c:decode_certs 11 0 100.00% 15 0 100.00%
info.c:decode_cert 7 0 100.00% 15 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 184 0 100.00% 316 0 100.00%
TOTAL 232 0 100.00% 409 0 100.00%
File '/libfido2/src/io.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_tx 13 0 100.00% 11 0 100.00%
fido_tx 14 0 100.00% 11 0 100.00%
fido_rx 13 1 92.31% 14 3 78.57%
fido_rx_cbor_status 8 0 100.00% 10 0 100.00%
fido_rx_cbor_status 16 0 100.00% 19 0 100.00%
io.c:transport_tx 7 0 100.00% 10 0 100.00%
io.c:tx_empty 9 0 100.00% 14 0 100.00%
io.c:tx_pkt 7 0 100.00% 10 0 100.00%
io.c:tx 13 0 100.00% 19 0 100.00%
io.c:tx_preamble 16 1 93.75% 20 1 95.00%
io.c:tx_frame 15 1 93.33% 18 1 94.44%
io.c:tx_preamble 17 1 94.12% 20 1 95.00%
io.c:tx_frame 16 1 93.75% 18 1 94.44%
io.c:transport_rx 7 0 100.00% 10 0 100.00%
io.c:rx 40 2 95.00% 52 1 98.08%
io.c:rx 40 2 95.00% 52 2 96.15%
io.c:rx_preamble 23 2 91.30% 22 5 77.27%
io.c:rx_frame 11 0 100.00% 11 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 182 7 96.15% 221 11 95.02%
TOTAL 193 7 96.37% 230 12 94.78%
File '/libfido2/src/iso7816.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
iso7816_new 4 0 100.00% 16 0 100.00%
iso7816_free 6 0 100.00% 7 0 100.00%
iso7816_add 6 1 83.33% 8 0 100.00%
iso7816_add 6 1 83.33% 8 1 87.50%
iso7816_ptr 1 0 100.00% 3 0 100.00%
iso7816_len 1 0 100.00% 4 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 18 1 94.44% 38 0 100.00%
TOTAL 18 1 94.44% 38 1 97.37%
File '/libfido2/src/largeblob.c':
Name Regions Miss Cover Lines Miss Cover
@ -620,23 +655,23 @@ fido_dev_largeblob_remove 12 0 100.00% 18
fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19%
fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00%
largeblob.c:largeblob_get_array 32 0 100.00% 36 0 100.00%
largeblob.c:get_chunklen 9 1 88.89% 9 0 100.00%
largeblob.c:get_chunklen 10 1 90.00% 9 1 88.89%
largeblob.c:largeblob_get_tx 19 0 100.00% 24 0 100.00%
largeblob.c:largeblob_get_rx 15 0 100.00% 21 0 100.00%
largeblob.c:largeblob_get_rx 26 0 100.00% 30 0 100.00%
largeblob.c:parse_largeblob_reply 8 0 100.00% 9 0 100.00%
largeblob.c:largeblob_array_check 7 0 100.00% 16 0 100.00%
largeblob.c:largeblob_array_digest 10 0 100.00% 9 0 100.00%
largeblob.c:largeblob_array_load 14 2 85.71% 19 7 63.16%
largeblob.c:largeblob_array_lookup 25 0 100.00% 33 0 100.00%
largeblob.c:largeblob_decode 16 2 87.50% 16 6 62.50%
largeblob.c:largeblob_do_decode 27 3 88.89% 30 5 83.33%
largeblob.c:largeblob_do_decode 27 3 88.89% 30 7 76.67%
largeblob.c:largeblob_decrypt 15 0 100.00% 24 0 100.00%
largeblob.c:largeblob_aad 1 0 100.00% 10 0 100.00%
largeblob.c:largeblob_reset 1 0 100.00% 5 0 100.00%
largeblob.c:largeblob_encode 16 0 100.00% 21 0 100.00%
largeblob.c:largeblob_new 1 0 100.00% 3 0 100.00%
largeblob.c:largeblob_seal 20 0 100.00% 32 0 100.00%
largeblob.c:largeblob_get_nonce 8 1 87.50% 16 3 81.25%
largeblob.c:largeblob_get_nonce 8 0 100.00% 16 0 100.00%
largeblob.c:largeblob_free 6 0 100.00% 8 0 100.00%
largeblob.c:largeblob_add 27 2 92.59% 35 3 91.43%
largeblob.c:largeblob_drop 21 0 100.00% 27 0 100.00%
@ -645,38 +680,38 @@ largeblob.c:largeblob_get_uv_token 19 0 100.00% 23
largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00%
largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57%
-------------------------------------------------------------------------------------------------------------------
TOTAL 513 19 96.30% 684 43 93.71%
TOTAL 525 18 96.57% 693 43 93.80%
File '/libfido2/src/log.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_log_init 1 0 100.00% 4 0 100.00%
fido_log_debug 6 1 83.33% 8 0 100.00%
fido_log_xxd 16 1 93.75% 24 0 100.00%
fido_log_error 8 2 75.00% 11 1 90.91%
fido_log_debug 6 1 83.33% 8 1 87.50%
fido_log_xxd 16 1 93.75% 24 1 95.83%
fido_log_error 8 2 75.00% 11 2 81.82%
fido_set_log_handler 3 0 100.00% 4 0 100.00%
log.c:log_on_stderr 1 1 0.00% 3 3 0.00%
log.c:do_log 4 0 100.00% 9 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 39 5 87.18% 63 4 93.65%
TOTAL 39 5 87.18% 63 7 88.89%
File '/libfido2/src/netlink.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_nl_power_nfc 18 1 94.44% 24 3 87.50%
fido_nl_get_nfc_target 17 1 94.12% 31 3 90.32%
fido_nl_free 10 2 80.00% 9 1 88.89%
fido_nl_power_nfc 18 0 100.00% 24 0 100.00%
fido_nl_get_nfc_target 17 0 100.00% 31 0 100.00%
fido_nl_free 10 2 80.00% 9 2 77.78%
fido_nl_new 16 1 93.75% 26 3 88.46%
set_netlink_io_functions 1 0 100.00% 4 0 100.00%
netlink.c:nlmsg_new 8 0 100.00% 15 0 100.00%
netlink.c:nlmsg_set_genl 1 0 100.00% 7 0 100.00%
netlink.c:nlmsg_write 6 1 83.33% 7 1 85.71%
netlink.c:nlmsg_set_u32 1 0 100.00% 3 0 100.00%
netlink.c:nlmsg_setattr 14 1 92.86% 17 0 100.00%
netlink.c:nlmsg_setattr 15 1 93.33% 17 0 100.00%
netlink.c:nlmsg_tx 10 1 90.00% 13 3 76.92%
netlink.c:nlmsg_ptr 1 0 100.00% 3 0 100.00%
netlink.c:nlmsg_len 1 0 100.00% 3 0 100.00%
netlink.c:nlmsg_rx 11 3 72.73% 17 9 47.06%
netlink.c:nlmsg_rx 11 2 81.82% 17 6 64.71%
netlink.c:nl_parse_reply 20 0 100.00% 28 0 100.00%
netlink.c:nlmsg_from_buf 15 0 100.00% 17 0 100.00%
netlink.c:nlmsg_type 1 0 100.00% 3 0 100.00%
@ -686,14 +721,14 @@ netlink.c:nlmsg_get_genl 6 0 100.00% 7
netlink.c:nlmsg_iter 6 0 100.00% 13 0 100.00%
netlink.c:nlmsg_getattr 1 0 100.00% 3 0 100.00%
netlink.c:nla_from_buf 17 0 100.00% 21 0 100.00%
netlink.c:nl_nfc_poll 18 1 94.44% 25 3 88.00%
netlink.c:nl_nfc_poll 18 0 100.00% 25 0 100.00%
netlink.c:parse_nfc_event 10 0 100.00% 17 0 100.00%
netlink.c:nla_type 1 0 100.00% 3 0 100.00%
netlink.c:nla_get_u32 1 0 100.00% 3 0 100.00%
netlink.c:nla_read 6 0 100.00% 7 0 100.00%
netlink.c:nl_dump_nfc_target 19 1 94.74% 31 3 90.32%
netlink.c:nl_dump_nfc_target 19 0 100.00% 31 0 100.00%
netlink.c:parse_target 9 0 100.00% 13 0 100.00%
netlink.c:nl_get_nfc_family 23 1 95.65% 33 3 90.91%
netlink.c:nl_get_nfc_family 23 0 100.00% 33 0 100.00%
netlink.c:nlmsg_set_u16 1 0 100.00% 3 0 100.00%
netlink.c:nlmsg_set_str 1 0 100.00% 3 0 100.00%
netlink.c:parse_family 10 0 100.00% 17 0 100.00%
@ -704,36 +739,63 @@ netlink.c:parse_mcastgrps 1 0 100.00% 3
netlink.c:parse_mcastgrp 15 0 100.00% 24 0 100.00%
netlink.c:nla_get_str 10 0 100.00% 11 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 328 14 95.73% 498 32 93.57%
TOTAL 329 8 97.57% 498 15 96.99%
File '/libfido2/src/nfc.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_nfc_tx 28 0 100.00% 43 0 100.00%
fido_nfc_rx 8 0 100.00% 13 0 100.00%
nfc_is_fido 13 1 92.31% 21 3 85.71%
fido_is_nfc 3 0 100.00% 3 0 100.00%
fido_dev_set_nfc 4 1 75.00% 18 3 83.33%
nfc.c:nfc_do_tx 20 0 100.00% 25 0 100.00%
nfc.c:tx_short_apdu 14 0 100.00% 32 0 100.00%
nfc.c:rx_init 25 0 100.00% 27 0 100.00%
nfc.c:rx_cbor 4 0 100.00% 6 0 100.00%
nfc.c:rx_msg 18 2 88.89% 23 6 73.91%
nfc.c:rx_apdu 14 1 92.86% 22 3 86.36%
nfc.c:tx_get_response 4 0 100.00% 11 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 155 5 96.77% 244 15 93.85%
File '/libfido2/src/nfc_linux.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_nfc_tx 28 0 100.00% 43 0 100.00%
fido_nfc_rx 8 1 87.50% 13 3 76.92%
fido_nfc_manifest 35 5 85.71% 45 13 71.11%
fido_nfc_open 20 3 85.00% 23 5 78.26%
fido_nfc_manifest 35 7 80.00% 45 15 66.67%
fido_nfc_open 20 3 85.00% 23 4 82.61%
fido_nfc_close 1 1 0.00% 4 4 0.00%
fido_nfc_set_sigmask 2 2 0.00% 6 6 0.00%
fido_nfc_read 14 14 0.00% 30 30 0.00%
fido_nfc_write 12 12 0.00% 18 18 0.00%
nfc_linux.c:nfc_do_tx 20 2 90.00% 25 6 76.00%
nfc_linux.c:tx_short_apdu 14 0 100.00% 32 0 100.00%
nfc_linux.c:rx_init 25 6 76.00% 27 5 81.48%
nfc_linux.c:rx_cbor 4 0 100.00% 6 0 100.00%
nfc_linux.c:rx_msg 18 2 88.89% 23 6 73.91%
nfc_linux.c:rx_apdu 14 1 92.86% 22 3 86.36%
nfc_linux.c:tx_get_response 4 0 100.00% 11 0 100.00%
nfc_linux.c:copy_info 41 9 78.05% 44 3 93.18%
nfc_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00%
nfc_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00%
nfc_linux.c:to_int 21 6 71.43% 14 1 92.86%
nfc_linux.c:sysnum_from_syspath 12 0 100.00% 17 0 100.00%
nfc_linux.c:copy_info 39 22 43.59% 44 16 63.64%
nfc_linux.c:get_usb_attr 1 1 0.00% 3 3 0.00%
nfc_linux.c:get_parent_attr 6 6 0.00% 9 9 0.00%
nfc_linux.c:sysnum_from_syspath 15 0 100.00% 17 0 100.00%
nfc_linux.c:nfc_new 6 0 100.00% 11 0 100.00%
nfc_linux.c:nfc_target_connect 9 9 0.00% 21 21 0.00%
nfc_linux.c:nfc_free 12 0 100.00% 11 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 327 73 77.68% 458 124 72.93%
TOTAL 172 77 55.23% 242 126 47.93%
File '/libfido2/src/pcsc.c':
Name Regions Miss Cover Lines Miss Cover
-------------------------------------------------------------------------------------------------------------------
fido_pcsc_manifest 51 0 100.00% 55 0 100.00%
fido_pcsc_open 32 0 100.00% 43 0 100.00%
fido_pcsc_close 6 0 100.00% 9 0 100.00%
fido_pcsc_read 8 0 100.00% 16 0 100.00%
fido_pcsc_write 8 0 100.00% 22 0 100.00%
fido_pcsc_tx 1 0 100.00% 3 0 100.00%
fido_pcsc_rx 1 0 100.00% 3 0 100.00%
fido_is_pcsc 3 0 100.00% 3 0 100.00%
fido_dev_set_pcsc 4 1 75.00% 18 3 83.33%
pcsc.c:list_readers 24 0 100.00% 24 0 100.00%
pcsc.c:copy_info 30 0 100.00% 41 0 100.00%
pcsc.c:get_reader 25 0 100.00% 28 0 100.00%
pcsc.c:prepare_io_request 11 0 100.00% 17 0 100.00%
-------------------------------------------------------------------------------------------------------------------
TOTAL 204 1 99.51% 282 3 98.94%
File '/libfido2/src/pin.c':
Name Regions Miss Cover Lines Miss Cover
@ -744,35 +806,35 @@ fido_dev_set_pin 1 0 100.00% 4
fido_dev_get_retry_count 1 0 100.00% 4 0 100.00%
fido_dev_get_uv_retry_count 1 0 100.00% 4 0 100.00%
cbor_add_uv_params 17 0 100.00% 23 0 100.00%
pin.c:uv_token_wait 14 2 85.71% 12 0 100.00%
pin.c:uv_token_wait 14 2 85.71% 12 1 91.67%
pin.c:ctap21_uv_token_tx 49 0 100.00% 53 0 100.00%
pin.c:pin_sha256_enc 19 0 100.00% 24 0 100.00%
pin.c:encode_uv_permission 20 1 95.00% 19 3 84.21%
pin.c:ctap20_uv_token_tx 37 0 100.00% 45 0 100.00%
pin.c:uv_token_rx 20 0 100.00% 30 0 100.00%
pin.c:uv_token_rx 27 0 100.00% 34 0 100.00%
pin.c:parse_uv_token 8 0 100.00% 10 0 100.00%
pin.c:fido_dev_set_pin_wait 21 0 100.00% 24 0 100.00%
pin.c:fido_dev_change_pin_tx 45 0 100.00% 56 0 100.00%
pin.c:pin_pad64_enc 15 0 100.00% 21 0 100.00%
pin.c:pad64 18 0 100.00% 19 0 100.00%
pin.c:pad64 18 0 100.00% 20 0 100.00%
pin.c:fido_dev_set_pin_tx 33 0 100.00% 41 0 100.00%
pin.c:fido_dev_get_pin_retry_count_wait 10 0 100.00% 7 0 100.00%
pin.c:fido_dev_get_retry_count_tx 19 0 100.00% 23 0 100.00%
pin.c:fido_dev_get_pin_retry_count_rx 11 0 100.00% 17 0 100.00%
pin.c:fido_dev_get_pin_retry_count_rx 19 0 100.00% 24 0 100.00%
pin.c:parse_pin_retry_count 1 0 100.00% 3 0 100.00%
pin.c:parse_retry_count 13 0 100.00% 16 0 100.00%
pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 7 0 100.00%
pin.c:fido_dev_get_uv_retry_count_rx 11 0 100.00% 17 0 100.00%
pin.c:fido_dev_get_uv_retry_count_rx 19 0 100.00% 24 0 100.00%
pin.c:parse_uv_retry_count 1 0 100.00% 3 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 403 3 99.26% 495 3 99.39%
TOTAL 426 3 99.30% 514 4 99.22%
File '/libfido2/src/random.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
fido_get_random 6 1 83.33% 6 1 83.33%
fido_get_random 6 0 100.00% 6 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 6 1 83.33% 6 1 83.33%
TOTAL 6 0 100.00% 6 0 100.00%
File '/libfido2/src/reset.c':
Name Regions Miss Cover Lines Miss Cover
@ -786,11 +848,11 @@ TOTAL 24 0 100.00% 23
File '/libfido2/src/rs1.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
rs1_verify_sig 20 0 100.00% 30 0 100.00%
rs1_verify_sig 20 1 95.00% 30 3 90.00%
rs1.c:rs1_get_EVP_MD 4 0 100.00% 6 0 100.00%
rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 25 0 100.00% 39 0 100.00%
TOTAL 25 1 96.00% 39 3 92.31%
File '/libfido2/src/rs256.c':
Name Regions Miss Cover Lines Miss Cover
@ -798,10 +860,10 @@ Name Regions Miss Cover Lines M
rs256_pk_decode 8 0 100.00% 9 0 100.00%
rs256_pk_new 1 0 100.00% 3 0 100.00%
rs256_pk_free 6 0 100.00% 7 0 100.00%
rs256_pk_from_ptr 6 0 100.00% 6 0 100.00%
rs256_pk_to_EVP_PKEY 32 0 100.00% 39 0 100.00%
rs256_pk_from_RSA 32 4 87.50% 26 6 76.92%
rs256_pk_from_EVP_PKEY 7 2 71.43% 7 0 100.00%
rs256_pk_from_ptr 10 0 100.00% 12 0 100.00%
rs256_pk_to_EVP_PKEY 35 0 100.00% 43 0 100.00%
rs256_pk_from_RSA 32 6 81.25% 26 9 65.38%
rs256_pk_from_EVP_PKEY 8 2 75.00% 7 1 85.71%
rs256_verify_sig 20 1 95.00% 30 2 93.33%
rs256_pk_verify_sig 7 1 85.71% 13 2 84.62%
rs256.c:decode_rsa_pubkey 9 0 100.00% 13 0 100.00%
@ -809,53 +871,62 @@ rs256.c:decode_bignum 8 0 100.00% 10
rs256.c:rs256_get_EVP_MD 4 0 100.00% 6 0 100.00%
rs256.c:rs256_free_EVP_MD 1 0 100.00% 3 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 141 8 94.33% 172 10 94.19%
TOTAL 149 10 93.29% 182 14 92.31%
File '/libfido2/src/time.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
fido_time_now 4 0 100.00% 7 0 100.00%
fido_time_delta 23 1 95.65% 23 0 100.00%
time.c:timespec_to_ms 16 2 87.50% 13 1 92.31%
time.c:timespec_to_ms 16 2 87.50% 13 2 84.62%
---------------------------------------------------------------------------------------------------------------------
TOTAL 43 3 93.02% 43 1 97.67%
TOTAL 43 3 93.02% 43 2 95.35%
File '/libfido2/src/touch.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
fido_dev_get_touch_begin 50 0 100.00% 59 0 100.00%
fido_dev_get_touch_status 17 0 100.00% 20 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 67 0 100.00% 79 0 100.00%
File '/libfido2/src/tpm.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
fido_get_signed_hash_tpm 25 0 100.00% 39 0 100.00%
tpm.c:check_es256_pubarea 18 0 100.00% 30 0 100.00%
tpm.c:check_es256_pubarea 19 0 100.00% 30 0 100.00%
tpm.c:bswap_es256_pubarea 1 0 100.00% 12 0 100.00%
tpm.c:check_rs256_pubarea 16 0 100.00% 28 0 100.00%
tpm.c:check_rs256_pubarea 17 0 100.00% 28 0 100.00%
tpm.c:bswap_rs256_pubarea 1 0 100.00% 10 0 100.00%
tpm.c:check_sha1_certinfo 14 0 100.00% 38 0 100.00%
tpm.c:check_sha1_certinfo 15 0 100.00% 38 0 100.00%
tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00%
tpm.c:get_signed_name 7 0 100.00% 10 0 100.00%
tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 100 0 100.00% 194 0 100.00%
TOTAL 103 0 100.00% 194 0 100.00%
File '/libfido2/src/types.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
fido_str_array_free 4 0 100.00% 7 0 100.00%
fido_opt_array_free 4 0 100.00% 8 0 100.00%
fido_opt_array_free 4 0 100.00% 9 0 100.00%
fido_byte_array_free 1 0 100.00% 5 0 100.00%
fido_algo_free 1 0 100.00% 5 0 100.00%
fido_algo_array_free 4 0 100.00% 7 0 100.00%
fido_cert_array_free 4 0 100.00% 9 0 100.00%
fido_str_array_pack 11 0 100.00% 14 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 25 0 100.00% 46 0 100.00%
TOTAL 29 0 100.00% 56 0 100.00%
File '/libfido2/src/u2f.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
u2f_register 69 0 100.00% 75 0 100.00%
u2f_authenticate 32 0 100.00% 36 0 100.00%
u2f_get_touch_begin 30 0 100.00% 39 0 100.00%
u2f_get_touch_status 18 0 100.00% 26 0 100.00%
u2f.c:key_lookup 44 0 100.00% 59 0 100.00%
u2f.c:send_dummy_register 30 0 100.00% 39 0 100.00%
u2f_register 76 0 100.00% 81 0 100.00%
u2f_authenticate 33 0 100.00% 37 0 100.00%
u2f_get_touch_begin 37 0 100.00% 45 0 100.00%
u2f_get_touch_status 26 0 100.00% 36 0 100.00%
u2f.c:key_lookup 51 0 100.00% 65 0 100.00%
u2f.c:send_dummy_register 37 0 100.00% 45 0 100.00%
u2f.c:delay_ms 13 1 92.31% 15 3 80.00%
u2f.c:parse_register_reply 49 0 100.00% 62 0 100.00%
u2f.c:x5c_get 21 1 95.24% 26 3 88.46%
@ -864,8 +935,15 @@ u2f.c:encode_cred_attstmt 45 0 100.00% 52
u2f.c:encode_cred_authdata 33 2 93.94% 61 6 90.16%
u2f.c:cbor_blob_from_ec_point 22 0 100.00% 31 0 100.00%
u2f.c:u2f_authenticate_single 32 0 100.00% 43 0 100.00%
u2f.c:do_auth 49 0 100.00% 61 0 100.00%
u2f.c:do_auth 56 0 100.00% 67 0 100.00%
u2f.c:parse_auth_reply 23 0 100.00% 23 0 100.00%
u2f.c:authdata_fake 12 0 100.00% 27 0 100.00%
---------------------------------------------------------------------------------------------------------------------
TOTAL 528 4 99.24% 685 12 98.25%
TOTAL 572 4 99.30% 726 12 98.35%
File '/libfido2/src/util.c':
Name Regions Miss Cover Lines Miss Cover
---------------------------------------------------------------------------------------------------------------------
fido_to_uint64 14 1 92.86% 14 1 92.86%
---------------------------------------------------------------------------------------------------------------------
TOTAL 14 1 92.86% 14 1 92.86%

43
contrib/libfido2/fuzz/fuzz_assert.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -140,7 +141,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -163,7 +164,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));
@ -313,6 +314,27 @@ es256_convert(const es256_pk_t *k)
EVP_PKEY_free(pkey);
}
/*
* Do a dummy conversion to exercise es384_pk_from_EVP_PKEY().
*/
static void
es384_convert(const es384_pk_t *k)
{
EVP_PKEY *pkey = NULL;
es384_pk_t *pk = NULL;
int r;
if ((pkey = es384_pk_to_EVP_PKEY(k)) == NULL ||
(pk = es384_pk_new()) == NULL)
goto out;
r = es384_pk_from_EVP_PKEY(pk, pkey);
consume(&r, sizeof(r));
out:
es384_pk_free(&pk);
EVP_PKEY_free(pkey);
}
/*
* Do a dummy conversion to exercise rs256_pk_from_EVP_PKEY().
*/
@ -362,6 +384,7 @@ test(const struct param *p)
{
fido_assert_t *assert = NULL;
es256_pk_t *es256_pk = NULL;
es384_pk_t *es384_pk = NULL;
rs256_pk_t *rs256_pk = NULL;
eddsa_pk_t *eddsa_pk = NULL;
uint8_t flags;
@ -398,6 +421,19 @@ test(const struct param *p)
rs256_convert(pk);
break;
case 2:
cose_alg = COSE_ES384;
if ((es384_pk = es384_pk_new()) == NULL)
return;
/* XXX reuse p->es256 as es384 */
es384_pk_from_ptr(es384_pk, p->es256.body, p->es256.len);
pk = es384_pk;
es384_convert(pk);
break;
default:
cose_alg = COSE_EDDSA;
@ -452,6 +488,7 @@ test(const struct param *p)
out:
es256_pk_free(&es256_pk);
es384_pk_free(&es384_pk);
rs256_pk_free(&rs256_pk);
eddsa_pk_free(&eddsa_pk);

5
contrib/libfido2/fuzz/fuzz_bio.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -154,7 +155,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -177,7 +178,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));

10
contrib/libfido2/fuzz/fuzz_cred.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -150,7 +151,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -173,7 +174,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));
@ -361,6 +362,9 @@ test_cred(const struct param *p)
case 1:
cose_alg = COSE_RS256;
break;
case 2:
cose_alg = COSE_ES384;
break;
default:
cose_alg = COSE_EDDSA;
break;

5
contrib/libfido2/fuzz/fuzz_credman.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -141,7 +142,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -164,7 +165,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));

5
contrib/libfido2/fuzz/fuzz_hid.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2020-2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -104,7 +105,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -127,7 +128,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));

5
contrib/libfido2/fuzz/fuzz_largeblob.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -118,7 +119,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -141,7 +142,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));

34
contrib/libfido2/fuzz/fuzz_mgmt.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -138,7 +139,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -161,7 +162,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));
@ -223,6 +224,7 @@ dev_get_cbor_info(const struct param *p)
fido_cbor_info_t *ci;
uint64_t n;
uint8_t proto, major, minor, build, flags;
bool v;
set_wire_data(p->info_wire_data.body, p->info_wire_data.len);
@ -276,25 +278,43 @@ dev_get_cbor_info(const struct param *p)
consume(&cose, sizeof(cose));
}
for (size_t i = 0; i < fido_cbor_info_certs_len(ci); i++) {
char * const *na = fido_cbor_info_certs_name_ptr(ci);
const uint64_t *va = fido_cbor_info_certs_value_ptr(ci);
consume(na[i], strlen(na[i]));
consume(&va[i], sizeof(va[i]));
}
n = fido_cbor_info_maxmsgsiz(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_maxcredbloblen(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_maxcredcntlst(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_maxcredidlen(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_maxlargeblob(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_fwversion(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_minpinlen(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_maxrpid_minpinlen(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_uv_attempts(ci);
consume(&n, sizeof(n));
n = fido_cbor_info_uv_modality(ci);
consume(&n, sizeof(n));
n = (uint64_t)fido_cbor_info_rk_remaining(ci);
consume(&n, sizeof(n));
consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));
consume(fido_cbor_info_protocols_ptr(ci),
fido_cbor_info_protocols_len(ci));
v = fido_cbor_info_new_pin_required(ci);
consume(&v, sizeof(v));
out:
fido_dev_close(dev);
fido_dev_free(&dev);

5
contrib/libfido2/fuzz/fuzz_netlink.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -75,7 +76,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) > len) {
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
@ -98,7 +99,7 @@ size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));

269
contrib/libfido2/fuzz/fuzz_pcsc.c Normal file
View File

@ -0,0 +1,269 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#define _FIDO_INTERNAL
#include <assert.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <winscard.h>
#include "mutator_aux.h"
#include "wiredata_fido2.h"
#include "dummy.h"
#include "../src/extern.h"
struct param {
int seed;
char path[MAXSTR];
struct blob pcsc_list;
struct blob tx_apdu;
struct blob wiredata_init;
struct blob wiredata_msg;
};
static const uint8_t dummy_tx_apdu[] = { WIREDATA_CTAP_EXTENDED_APDU };
static const uint8_t dummy_wiredata_init[] = { WIREDATA_CTAP_NFC_INIT };
static const uint8_t dummy_wiredata_msg[] = { WIREDATA_CTAP_NFC_MSG };
struct param *
unpack(const uint8_t *ptr, size_t len)
{
cbor_item_t *item = NULL, **v;
struct cbor_load_result cbor;
struct param *p;
int ok = -1;
if ((p = calloc(1, sizeof(*p))) == NULL ||
(item = cbor_load(ptr, len, &cbor)) == NULL ||
cbor.read != len ||
cbor_isa_array(item) == false ||
cbor_array_is_definite(item) == false ||
cbor_array_size(item) != 6 ||
(v = cbor_array_handle(item)) == NULL)
goto fail;
if (unpack_int(v[0], &p->seed) < 0 ||
unpack_string(v[1], p->path) < 0 ||
unpack_blob(v[2], &p->pcsc_list) < 0 ||
unpack_blob(v[3], &p->tx_apdu) < 0 ||
unpack_blob(v[4], &p->wiredata_init) < 0 ||
unpack_blob(v[5], &p->wiredata_msg) < 0)
goto fail;
ok = 0;
fail:
if (ok < 0) {
free(p);
p = NULL;
}
if (item)
cbor_decref(&item);
return p;
}
size_t
pack(uint8_t *ptr, size_t len, const struct param *p)
{
cbor_item_t *argv[6], *array = NULL;
size_t cbor_alloc_len, cbor_len = 0;
unsigned char *cbor = NULL;
memset(argv, 0, sizeof(argv));
if ((array = cbor_new_definite_array(6)) == NULL ||
(argv[0] = pack_int(p->seed)) == NULL ||
(argv[1] = pack_string(p->path)) == NULL ||
(argv[2] = pack_blob(&p->pcsc_list)) == NULL ||
(argv[3] = pack_blob(&p->tx_apdu)) == NULL ||
(argv[4] = pack_blob(&p->wiredata_init)) == NULL ||
(argv[5] = pack_blob(&p->wiredata_msg)) == NULL)
goto fail;
for (size_t i = 0; i < 6; i++)
if (cbor_array_push(array, argv[i]) == false)
goto fail;
if ((cbor_len = cbor_serialize_alloc(array, &cbor,
&cbor_alloc_len)) == 0 || cbor_len > len) {
cbor_len = 0;
goto fail;
}
memcpy(ptr, cbor, cbor_len);
fail:
for (size_t i = 0; i < 6; i++)
if (argv[i])
cbor_decref(&argv[i]);
if (array)
cbor_decref(&array);
free(cbor);
return cbor_len;
}
size_t
pack_dummy(uint8_t *ptr, size_t len)
{
struct param dummy;
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&dummy, 0, sizeof(dummy));
strlcpy(dummy.path, dummy_pcsc_path, sizeof(dummy.path));
dummy.pcsc_list.len = sizeof(dummy_pcsc_list);
memcpy(&dummy.pcsc_list.body, &dummy_pcsc_list, dummy.pcsc_list.len);
dummy.tx_apdu.len = sizeof(dummy_tx_apdu);
memcpy(&dummy.tx_apdu.body, &dummy_tx_apdu, dummy.tx_apdu.len);
dummy.wiredata_init.len = sizeof(dummy_wiredata_init);
memcpy(&dummy.wiredata_init.body, &dummy_wiredata_init,
dummy.wiredata_init.len);
dummy.wiredata_msg.len = sizeof(dummy_wiredata_msg);
memcpy(&dummy.wiredata_msg.body, &dummy_wiredata_msg,
dummy.wiredata_msg.len);
assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0);
if (blob_len > len) {
memcpy(ptr, blob, len);
return len;
}
memcpy(ptr, blob, blob_len);
return blob_len;
}
static void
test_manifest(void)
{
size_t ndevs, nfound;
fido_dev_info_t *devlist = NULL;
int16_t vendor_id, product_id;
int r;
r = fido_pcsc_manifest(NULL, 0, &nfound);
assert(r == FIDO_OK && nfound == 0);
r = fido_pcsc_manifest(NULL, 1, &nfound);
assert(r == FIDO_ERR_INVALID_ARGUMENT);
ndevs = uniform_random(64);
if ((devlist = fido_dev_info_new(ndevs)) == NULL ||
fido_pcsc_manifest(devlist, ndevs, &nfound) != FIDO_OK)
goto out;
for (size_t i = 0; i < nfound; i++) {
const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
consume_str(fido_dev_info_path(di));
consume_str(fido_dev_info_manufacturer_string(di));
consume_str(fido_dev_info_product_string(di));
vendor_id = fido_dev_info_vendor(di);
product_id = fido_dev_info_product(di);
consume(&vendor_id, sizeof(vendor_id));
consume(&product_id, sizeof(product_id));
}
out:
fido_dev_info_free(&devlist, ndevs);
}
static void
test_tx(const char *path, const struct blob *apdu, uint8_t cmd, u_char *rx_buf,
size_t rx_len)
{
fido_dev_t dev;
const u_char *tx_ptr = NULL;
size_t tx_len = 0;
int n;
memset(&dev, 0, sizeof(dev));
if (fido_dev_set_pcsc(&dev) < 0)
return;
if ((dev.io_handle = fido_pcsc_open(path)) == NULL)
return;
if (apdu) {
tx_ptr = apdu->body;
tx_len = apdu->len;
}
fido_pcsc_tx(&dev, cmd, tx_ptr, tx_len);
if ((n = fido_pcsc_rx(&dev, cmd, rx_buf, rx_len, -1)) >= 0)
consume(rx_buf, n);
fido_pcsc_close(dev.io_handle);
}
static void
test_misc(void)
{
assert(fido_pcsc_open(NULL) == NULL);
assert(fido_pcsc_write(NULL, NULL, INT_MAX + 1LL) == -1);
}
void
test(const struct param *p)
{
u_char buf[512];
prng_init((unsigned int)p->seed);
fuzz_clock_reset();
fido_init(FIDO_DEBUG);
fido_set_log_handler(consume_str);
set_pcsc_parameters(&p->pcsc_list);
set_pcsc_io_functions(nfc_read, nfc_write, consume);
set_wire_data(p->wiredata_init.body, p->wiredata_init.len);
test_manifest();
test_misc();
set_wire_data(p->wiredata_init.body, p->wiredata_init.len);
test_tx(p->path, NULL, CTAP_CMD_INIT, buf, uniform_random(20));
set_wire_data(p->wiredata_msg.body, p->wiredata_msg.len);
test_tx(p->path, &p->tx_apdu, CTAP_CMD_MSG, buf, sizeof(buf));
set_wire_data(p->wiredata_msg.body, p->wiredata_msg.len);
test_tx(p->path, &p->tx_apdu, CTAP_CMD_CBOR, buf, sizeof(buf));
set_wire_data(p->wiredata_msg.body, p->wiredata_msg.len);
test_tx(p->path, &p->tx_apdu, CTAP_CMD_LOCK, buf, sizeof(buf));
}
void
mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN
{
if (flags & MUTATE_SEED)
p->seed = (int)seed;
if (flags & MUTATE_PARAM) {
mutate_string(p->path);
mutate_blob(&p->pcsc_list);
mutate_blob(&p->tx_apdu);
}
if (flags & MUTATE_WIREDATA) {
mutate_blob(&p->wiredata_init);
mutate_blob(&p->wiredata_msg);
}
}

61
contrib/libfido2/fuzz/libfuzzer.c
View File

@ -1,9 +1,12 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <openssl/sha.h>
#include <err.h>
#include <fcntl.h>
#include <stdbool.h>
@ -15,6 +18,8 @@
#include "mutator_aux.h"
extern int fuzz_save_corpus;
static bool debug;
static unsigned int flags = MUTATE_ALL;
static unsigned long long test_fail;
@ -32,7 +37,7 @@ save_seed(const char *opt)
const char *path;
int fd = -1, status = 1;
void *buf = NULL;
const size_t buflen = 4096;
const size_t buflen = MAXCORPUS;
size_t n;
struct param *p = NULL;
@ -73,6 +78,50 @@ save_seed(const char *opt)
return status;
}
static int
save_corpus(const struct param *p)
{
uint8_t blob[MAXCORPUS], dgst[SHA256_DIGEST_LENGTH];
size_t blob_len;
char path[PATH_MAX];
int r, fd;
if ((blob_len = pack(blob, sizeof(blob), p)) == 0 ||
blob_len > sizeof(blob)) {
warnx("pack");
return -1;
}
if (SHA256(blob, blob_len, dgst) != dgst) {
warnx("sha256");
return -1;
}
if ((r = snprintf(path, sizeof(path), "saved_corpus_%02x%02x%02x%02x"
"%02x%02x%02x%02x", dgst[0], dgst[1], dgst[2], dgst[3], dgst[4],
dgst[5], dgst[6], dgst[7])) < 0 || (size_t)r >= sizeof(path)) {
warnx("snprintf");
return -1;
}
if ((fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, 0644)) == -1) {
warn("open %s", path);
return -1;
}
if (write(fd, blob, blob_len) != (ssize_t)blob_len) {
warn("write");
r = -1;
} else {
warnx("wrote %s", path);
r = 0;
}
close(fd);
return r;
}
static void
parse_mutate_flags(const char *opt, unsigned int *mutate_flags)
{
@ -116,7 +165,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
struct param *p;
if (size > 4096)
if (size > MAXCORPUS)
return 0;
if (++test_total % 100000 == 0 && debug) {
@ -128,7 +177,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if ((p = unpack(data, size)) == NULL)
test_fail++;
else {
fuzz_save_corpus = 0;
test(p);
if (fuzz_save_corpus && save_corpus(p) < 0)
fprintf(stderr, "%s: failed to save corpus\n",
__func__);
free(p);
}
@ -140,7 +193,7 @@ LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize,
unsigned int seed) NO_MSAN
{
struct param *p;
uint8_t blob[4096];
uint8_t blob[MAXCORPUS];
size_t blob_len;
memset(&p, 0, sizeof(p));

21
contrib/libfido2/fuzz/mutator_aux.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
@ -15,13 +16,11 @@
#include "mutator_aux.h"
#define HID_DEV_HANDLE 0x68696421
#define NFC_DEV_HANDLE 0x6e666321
int fido_nfc_rx(fido_dev_t *, uint8_t, unsigned char *, size_t, int);
int fido_nfc_tx(fido_dev_t *, uint8_t, const unsigned char *, size_t);
size_t LLVMFuzzerMutate(uint8_t *, size_t, size_t);
extern int prng_up;
static const uint8_t *wire_data_ptr = NULL;
static size_t wire_data_len = 0;
@ -160,7 +159,6 @@ mutate_string(char *s)
s[n] = '\0';
}
/* XXX should fail, but doesn't */
static int
buf_read(unsigned char *ptr, size_t len, int ms)
{
@ -168,6 +166,11 @@ buf_read(unsigned char *ptr, size_t len, int ms)
(void)ms;
if (prng_up && uniform_random(400) < 1) {
errno = EIO;
return -1;
}
if (wire_data_len < len)
n = wire_data_len;
else
@ -186,7 +189,7 @@ buf_write(const unsigned char *ptr, size_t len)
{
consume(ptr, len);
if (uniform_random(400) < 1) {
if (prng_up && uniform_random(400) < 1) {
errno = EIO;
return -1;
}
@ -241,16 +244,16 @@ nfc_close(void *handle)
assert(handle == (void *)NFC_DEV_HANDLE);
}
static int
int
nfc_read(void *handle, unsigned char *ptr, size_t len, int ms)
{
assert(handle == (void *)NFC_DEV_HANDLE);
assert(len > 0 && len <= 256 + 2);
assert(len > 0 && len <= 264);
return buf_read(ptr, len, ms);
}
static int
int
nfc_write(void *handle, const unsigned char *ptr, size_t len)
{
assert(handle == (void *)NFC_DEV_HANDLE);

22
contrib/libfido2/fuzz/mutator_aux.h
View File

@ -1,12 +1,15 @@
/*
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#ifndef _MUTATOR_AUX_H
#define _MUTATOR_AUX_H
#include <sys/types.h>
#include <stddef.h>
#include <stdint.h>
#include <cbor.h>
@ -17,7 +20,7 @@
#include "../src/fido/credman.h"
#include "../src/fido/eddsa.h"
#include "../src/fido/es256.h"
#include "../src/fido/es256.h"
#include "../src/fido/es384.h"
#include "../src/fido/rs256.h"
#include "../src/netlink.h"
@ -48,8 +51,12 @@
#define MUTATE_WIREDATA 0x04
#define MUTATE_ALL (MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA)
#define MAXSTR 1024
#define MAXBLOB 3600
#define MAXSTR 1024
#define MAXBLOB 3600
#define MAXCORPUS 8192
#define HID_DEV_HANDLE 0x68696421
#define NFC_DEV_HANDLE 0x6e666321
struct blob {
uint8_t body[MAXBLOB];
@ -85,6 +92,9 @@ void mutate_string(char *);
ssize_t fd_read(int, void *, size_t);
ssize_t fd_write(int, const void *, size_t);
int nfc_read(void *, unsigned char *, size_t, int);
int nfc_write(void *, const unsigned char *, size_t);
fido_dev_t *open_dev(int);
void set_wire_data(const uint8_t *, size_t);
@ -94,4 +104,8 @@ unsigned long prng_uint32(void);
uint32_t uniform_random(uint32_t);
void set_pcsc_parameters(const struct blob *);
void set_pcsc_io_functions(int (*)(void *, u_char *, size_t, int),
int (*)(void *, const u_char *, size_t), void (*)(const void *, size_t));
#endif /* !_MUTATOR_AUX_H */

153
contrib/libfido2/fuzz/pcsc.c Normal file
View File

@ -0,0 +1,153 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <assert.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <winscard.h>
#include "mutator_aux.h"
static const struct blob *reader_list;
static int (*xread)(void *, u_char *, size_t, int);
static int (*xwrite)(void *, const u_char *, size_t);
static void (*xconsume)(const void *, size_t);
LONG __wrap_SCardEstablishContext(DWORD, LPCVOID, LPCVOID, LPSCARDCONTEXT);
LONG __wrap_SCardListReaders(SCARDCONTEXT, LPCSTR, LPSTR, LPDWORD);
LONG __wrap_SCardReleaseContext(SCARDCONTEXT);
LONG __wrap_SCardConnect(SCARDCONTEXT, LPCSTR, DWORD, DWORD, LPSCARDHANDLE,
LPDWORD);
LONG __wrap_SCardDisconnect(SCARDHANDLE, DWORD);
LONG __wrap_SCardTransmit(SCARDHANDLE, const SCARD_IO_REQUEST *, LPCBYTE,
DWORD, SCARD_IO_REQUEST *, LPBYTE, LPDWORD);
LONG
__wrap_SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1,
LPCVOID pvReserved2, LPSCARDCONTEXT phContext)
{
assert(dwScope == SCARD_SCOPE_SYSTEM);
assert(pvReserved1 == NULL);
assert(pvReserved2 == NULL);
*phContext = 1;
if (uniform_random(400) < 1)
return SCARD_E_NO_SERVICE;
if (uniform_random(400) < 1)
return SCARD_E_NO_SMARTCARD;
if (uniform_random(400) < 1)
return SCARD_E_NO_MEMORY;
if (uniform_random(400) < 1)
*phContext = 0;
return SCARD_S_SUCCESS;
}
LONG
__wrap_SCardListReaders(SCARDCONTEXT hContext, LPCSTR mszGroups,
LPSTR mszReaders, LPDWORD pcchReaders)
{
assert(hContext == 1);
assert(mszGroups == NULL);
assert(mszReaders != NULL);
assert(pcchReaders != 0);
if (reader_list == NULL || uniform_random(400) < 1)
return SCARD_E_NO_READERS_AVAILABLE;
if (uniform_random(400) < 1)
return SCARD_E_NO_MEMORY;
memcpy(mszReaders, reader_list->body, reader_list->len > *pcchReaders ?
*pcchReaders : reader_list->len);
*pcchReaders = (DWORD)reader_list->len; /* on purpose */
return SCARD_S_SUCCESS;
}
LONG
__wrap_SCardReleaseContext(SCARDCONTEXT hContext)
{
assert(hContext == 1);
return SCARD_S_SUCCESS;
}
LONG
__wrap_SCardConnect(SCARDCONTEXT hContext, LPCSTR szReader, DWORD dwShareMode,
DWORD dwPreferredProtocols, LPSCARDHANDLE phCard, LPDWORD pdwActiveProtocol)
{
uint32_t r;
assert(hContext == 1);
xconsume(szReader, strlen(szReader) + 1);
assert(dwShareMode == SCARD_SHARE_SHARED);
assert(dwPreferredProtocols == SCARD_PROTOCOL_ANY);
assert(phCard != NULL);
assert(pdwActiveProtocol != NULL);
if ((r = uniform_random(400)) < 1)
return SCARD_E_UNEXPECTED;
*phCard = 1;
*pdwActiveProtocol = (r & 1) ? SCARD_PROTOCOL_T0 : SCARD_PROTOCOL_T1;
if (uniform_random(400) < 1)
*pdwActiveProtocol = SCARD_PROTOCOL_RAW;
return SCARD_S_SUCCESS;
}
LONG
__wrap_SCardDisconnect(SCARDHANDLE hCard, DWORD dwDisposition)
{
assert(hCard == 1);
assert(dwDisposition == SCARD_LEAVE_CARD);
return SCARD_S_SUCCESS;
}
extern void consume(const void *body, size_t len);
LONG
__wrap_SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci,
LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci,
LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength)
{
void *ioh = (void *)NFC_DEV_HANDLE;
int n;
assert(hCard == 1);
xconsume(pioSendPci, sizeof(*pioSendPci));
xwrite(ioh, pbSendBuffer, cbSendLength);
assert(pioRecvPci == NULL);
if (uniform_random(400) < 1 ||
(n = xread(ioh, pbRecvBuffer, *pcbRecvLength, -1)) == -1)
return SCARD_E_UNEXPECTED;
*pcbRecvLength = (DWORD)n;
return SCARD_S_SUCCESS;
}
void
set_pcsc_parameters(const struct blob *reader_list_ptr)
{
reader_list = reader_list_ptr;
}
void
set_pcsc_io_functions(int (*read_f)(void *, u_char *, size_t, int),
int (*write_f)(void *, const u_char *, size_t),
void (*consume_f)(const void *, size_t))
{
xread = read_f;
xwrite = write_f;
xconsume = consume_f;
}

1
contrib/libfido2/fuzz/preload-fuzz.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
/*

1
contrib/libfido2/fuzz/preload-snoop.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
/*

BIN
contrib/libfido2/fuzz/report.tgz
View File

Binary file not shown.

77
contrib/libfido2/fuzz/summary.txt
View File

@ -1,57 +1,64 @@
Filename Regions Missed Regions Cover Functions Missed Functions Executed Lines Missed Lines Cover
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
fuzz/clock.c 24 1 95.83% 4 0 100.00% 35 0 100.00%
fuzz/prng.c 31 0 100.00% 2 0 100.00% 35 0 100.00%
fuzz/udev.c 103 1 99.03% 17 0 100.00% 126 3 97.62%
fuzz/clock.c 24 1 95.83% 4 0 100.00% 35 1 97.14%
fuzz/pcsc.c 59 0 100.00% 8 0 100.00% 75 12 84.00%
fuzz/prng.c 31 0 100.00% 2 0 100.00% 35 1 97.14%
fuzz/udev.c 110 2 98.18% 17 0 100.00% 126 12 90.48%
fuzz/uniform_random.c 7 1 85.71% 1 0 100.00% 12 1 91.67%
fuzz/wrap.c 6 0 100.00% 1 0 100.00% 7 0 100.00%
fuzz/wrap.c 23 0 100.00% 3 0 100.00% 29 0 100.00%
openbsd-compat/explicit_bzero.c 4 0 100.00% 1 0 100.00% 7 0 100.00%
openbsd-compat/freezero.c 4 0 100.00% 1 0 100.00% 6 0 100.00%
openbsd-compat/recallocarray.c 41 7 82.93% 1 0 100.00% 36 7 80.56%
openbsd-compat/strlcat.c 12 1 91.67% 1 0 100.00% 21 1 95.24%
openbsd-compat/timingsafe_bcmp.c 4 0 100.00% 1 0 100.00% 7 0 100.00%
src/aes256.c 115 4 96.52% 8 0 100.00% 157 14 91.08%
src/assert.c 563 40 92.90% 56 3 94.64% 694 40 94.24%
src/authkey.c 44 0 100.00% 5 0 100.00% 59 0 100.00%
src/bio.c 419 20 95.23% 49 2 95.92% 559 21 96.24%
src/aes256.c 118 3 97.46% 8 0 100.00% 157 11 92.99%
src/assert.c 605 43 92.89% 59 3 94.92% 745 46 93.83%
src/authkey.c 52 0 100.00% 5 0 100.00% 66 0 100.00%
src/bio.c 451 20 95.57% 49 2 95.92% 587 24 95.91%
src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18%
src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75%
src/cbor.c 1047 23 97.80% 54 0 100.00% 1237 46 96.28%
src/compress.c 34 4 88.24% 3 0 100.00% 28 3 89.29%
src/config.c 108 0 100.00% 11 0 100.00% 151 0 100.00%
src/cred.c 632 34 94.62% 69 2 97.10% 830 36 95.66%
src/credman.c 382 10 97.38% 40 0 100.00% 518 15 97.10%
src/dev.c 421 79 81.24% 45 7 84.44% 491 105 78.62%
src/cbor.c 1070 13 98.79% 55 0 100.00% 1258 31 97.54%
src/compress.c 105 14 86.67% 5 0 100.00% 122 24 80.33%
src/config.c 112 0 100.00% 11 0 100.00% 152 0 100.00%
src/cred.c 651 38 94.16% 69 2 97.10% 849 43 94.94%
src/credman.c 422 10 97.63% 40 0 100.00% 557 20 96.41%
src/dev.c 332 65 80.42% 41 6 85.37% 378 80 78.84%
src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58%
src/eddsa.c 80 3 96.25% 10 0 100.00% 106 8 92.45%
src/eddsa.c 88 5 94.32% 10 0 100.00% 114 9 92.11%
src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06%
src/es256.c 306 5 98.37% 19 0 100.00% 358 7 98.04%
src/es256.c 315 7 97.78% 19 0 100.00% 372 12 96.77%
src/es384.c 158 8 94.94% 11 0 100.00% 198 15 92.42%
src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93%
src/hid_linux.c 173 68 60.69% 14 7 50.00% 250 104 58.40%
src/hid_unix.c 28 20 28.57% 2 0 100.00% 43 24 44.19%
src/info.c 184 0 100.00% 39 0 100.00% 316 0 100.00%
src/io.c 182 7 96.15% 13 0 100.00% 221 11 95.02%
src/iso7816.c 18 1 94.44% 5 0 100.00% 38 0 100.00%
src/largeblob.c 513 19 96.30% 30 0 100.00% 684 43 93.71%
src/log.c 39 5 87.18% 7 1 85.71% 63 4 93.65%
src/netlink.c 328 14 95.73% 40 0 100.00% 498 32 93.57%
src/nfc_linux.c 327 73 77.68% 23 5 78.26% 458 124 72.93%
src/pin.c 403 3 99.26% 26 0 100.00% 495 3 99.39%
src/random.c 6 1 83.33% 1 0 100.00% 6 1 83.33%
src/hid_linux.c 184 73 60.33% 14 7 50.00% 263 115 56.27%
src/hid_unix.c 29 21 27.59% 2 0 100.00% 43 26 39.53%
src/info.c 232 0 100.00% 51 0 100.00% 409 0 100.00%
src/io.c 193 7 96.37% 13 0 100.00% 230 12 94.78%
src/iso7816.c 18 1 94.44% 5 0 100.00% 38 1 97.37%
src/largeblob.c 525 18 96.57% 30 0 100.00% 693 43 93.80%
src/log.c 39 5 87.18% 7 1 85.71% 63 7 88.89%
src/netlink.c 329 8 97.57% 40 0 100.00% 498 15 96.99%
src/nfc.c 155 5 96.77% 12 0 100.00% 244 15 93.85%
src/nfc_linux.c 172 77 55.23% 13 7 46.15% 242 126 47.93%
src/pcsc.c 204 1 99.51% 13 0 100.00% 282 3 98.94%
src/pin.c 426 3 99.30% 26 0 100.00% 514 4 99.22%
src/random.c 6 0 100.00% 1 0 100.00% 6 0 100.00%
src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00%
src/rs1.c 25 0 100.00% 3 0 100.00% 39 0 100.00%
src/rs256.c 141 8 94.33% 13 0 100.00% 172 10 94.19%
src/time.c 43 3 93.02% 3 0 100.00% 43 1 97.67%
src/tpm.c 100 0 100.00% 9 0 100.00% 194 0 100.00%
src/types.c 25 0 100.00% 6 0 100.00% 46 0 100.00%
src/u2f.c 528 4 99.24% 17 0 100.00% 685 12 98.25%
src/rs1.c 25 1 96.00% 3 0 100.00% 39 3 92.31%
src/rs256.c 149 10 93.29% 13 0 100.00% 182 14 92.31%
src/time.c 43 3 93.02% 3 0 100.00% 43 2 95.35%
src/touch.c 67 0 100.00% 2 0 100.00% 79 0 100.00%
src/tpm.c 103 0 100.00% 9 0 100.00% 194 0 100.00%
src/types.c 29 0 100.00% 7 0 100.00% 56 0 100.00%
src/u2f.c 572 4 99.30% 17 0 100.00% 726 12 98.35%
src/util.c 14 1 92.86% 1 0 100.00% 14 1 92.86%
Files which contain no functions:
fuzz/mutator_aux.h 0 0 - 0 0 - 0 0 -
openbsd-compat/openbsd-compat.h 0 0 - 0 0 - 0 0 -
openbsd-compat/time.h 0 0 - 0 0 - 0 0 -
src/extern.h 0 0 - 0 0 - 0 0 -
src/fallthrough.h 0 0 - 0 0 - 0 0 -
src/fido.h 0 0 - 0 0 - 0 0 -
src/fido/err.h 0 0 - 0 0 - 0 0 -
src/fido/param.h 0 0 - 0 0 - 0 0 -
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL 7861 476 93.94% 684 27 96.05% 10270 699 93.19%
TOTAL 8711 492 94.35% 737 28 96.20% 11320 771 93.19%

3
contrib/libfido2/fuzz/udev.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <sys/types.h>
@ -241,7 +242,7 @@ __wrap_ioctl(int fd, unsigned long request, ...)
va_start(ap, request);
switch (request) {
switch (IOCTL_REQ(request)) {
case IOCTL_REQ(HIDIOCGRDESCSIZE):
*va_arg(ap, int *) = (int)report_descriptor->len;
break;

77
contrib/libfido2/fuzz/wiredata_fido2.h
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Copyright (c) 2020-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#ifndef _WIREDATA_FIDO2_H
@ -630,4 +631,78 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
#define WIREDATA_CTAP_NFC_INIT \
0x55, 0x32, 0x46, 0x5f, 0x56, 0x32, 0x90, 0x00
#define WIREDATA_CTAP_NFC_MSG \
0x90, 0x00, 0x90, 0x00, 0x90, 0x00, 0x90, 0x00
#define WIREDATA_CTAP_EXTENDED_APDU \
0x00, 0xa4, 0x04, 0x00, 0x00, 0x02, 0x00, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, \
0x00
#endif /* _WIREDATA_FIDO2_H */

1
contrib/libfido2/fuzz/wiredata_u2f.h
View File

@ -2,6 +2,7 @@
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#ifndef _WIREDATA_U2F_H

67
contrib/libfido2/fuzz/wrap.c
View File

@ -1,10 +1,12 @@
/*
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <sys/types.h>
#include <sys/random.h>
#include <sys/socket.h>
#include <openssl/bn.h>
@ -16,14 +18,19 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <zlib.h>
#include "mutator_aux.h"
extern int prng_up;
int fuzz_save_corpus;
/*
* Build wrappers around functions of interest, and have them fail
* in a pseudo-random manner.
* in a pseudo-random manner. A uniform probability of 0.25% (1/400)
* allows for a depth of log(0.5)/log(399/400) > 276 operations
* before simulated errors become statistically more likely.
*/
#define WRAP(type, name, args, retval, param, prob) \
@ -69,6 +76,14 @@ WRAP(char *,
1
)
WRAP(ssize_t,
getrandom,
(void *buf, size_t buflen, unsigned int flags),
-1,
(buf, buflen, flags),
1
)
WRAP(int,
EVP_Cipher,
(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
@ -635,3 +650,51 @@ WRAP(int,
(sockfd, addr, addrlen),
1
)
WRAP(int,
deflateInit2_,
(z_streamp strm, int level, int method, int windowBits, int memLevel,
int strategy, const char *version, int stream_size),
Z_STREAM_ERROR,
(strm, level, method, windowBits, memLevel, strategy, version,
stream_size),
1
)
int __wrap_deflate(z_streamp, int);
int __real_deflate(z_streamp, int);
int
__wrap_deflate(z_streamp strm, int flush)
{
if (prng_up && uniform_random(400) < 1) {
return Z_BUF_ERROR;
}
/* should never happen, but we check for it */
if (prng_up && uniform_random(400) < 1) {
strm->avail_out = UINT_MAX;
return Z_STREAM_END;
}
return __real_deflate(strm, flush);
}
int __wrap_asprintf(char **, const char *, ...);
int
__wrap_asprintf(char **strp, const char *fmt, ...)
{
va_list ap;
int r;
if (prng_up && uniform_random(400) < 1) {
*strp = (void *)0xdeadbeef;
return -1;
}
va_start(ap, fmt);
r = vasprintf(strp, fmt, ap);
va_end(ap);
return r;
}

10
contrib/libfido2/fuzz/wrapped.sym
View File

@ -1,3 +1,4 @@
asprintf
bind
BN_bin2bn
BN_bn2bin
@ -24,6 +25,8 @@ cbor_new_definite_bytestring
cbor_new_definite_map
cbor_serialize_alloc
clock_gettime
deflate
deflateInit2_
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_new_by_curve_name
@ -60,6 +63,7 @@ EVP_PKEY_verify_init
EVP_sha1
EVP_sha256
fido_tx
getrandom
HMAC
HMAC_CTX_new
HMAC_Final
@ -71,6 +75,12 @@ realloc
RSA_new
RSA_pkey_ctx_ctrl
RSA_set0_key
SCardConnect
SCardDisconnect
SCardEstablishContext
SCardListReaders
SCardReleaseContext
SCardTransmit
SHA1
SHA256
strdup

53
contrib/libfido2/man/CMakeLists.txt
View File

@ -1,6 +1,7 @@
# Copyright (c) 2018 Yubico AB. All rights reserved.
# Copyright (c) 2018-2022 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
find_program(MANDOC_PATH mandoc)
find_program(GZIP_PATH gzip)
@ -11,6 +12,7 @@ message(STATUS "GZIP_PATH: ${GZIP_PATH}")
list(APPEND MAN_SOURCES
eddsa_pk_new.3
es256_pk_new.3
es384_pk_new.3
fido2-assert.1
fido2-cred.1
fido2-token.1
@ -52,6 +54,12 @@ list(APPEND MAN_ALIAS
es256_pk_new es256_pk_from_EVP_PKEY
es256_pk_new es256_pk_from_ptr
es256_pk_new es256_pk_to_EVP_PKEY
es384_pk_new es384_pk_free
es384_pk_new es384_pk_from_EC_KEY
es384_pk_new es384_pk_from_EVP_PKEY
es384_pk_new es384_pk_from_ptr
es384_pk_new es384_pk_to_EVP_PKEY
fido_assert_allow_cred fido_assert_empty_allow_list
fido_assert_new fido_assert_authdata_len
fido_assert_new fido_assert_authdata_ptr
fido_assert_new fido_assert_blob_len
@ -114,24 +122,35 @@ list(APPEND MAN_ALIAS
fido_cbor_info_new fido_cbor_info_algorithm_cose
fido_cbor_info_new fido_cbor_info_algorithm_count
fido_cbor_info_new fido_cbor_info_algorithm_type
fido_cbor_info_new fido_cbor_info_certs_len
fido_cbor_info_new fido_cbor_info_certs_name_ptr
fido_cbor_info_new fido_cbor_info_certs_value_ptr
fido_cbor_info_new fido_cbor_info_extensions_len
fido_cbor_info_new fido_cbor_info_extensions_ptr
fido_cbor_info_new fido_cbor_info_free
fido_cbor_info_new fido_cbor_info_maxmsgsiz
fido_cbor_info_new fido_cbor_info_fwversion
fido_cbor_info_new fido_cbor_info_maxcredbloblen
fido_cbor_info_new fido_cbor_info_maxcredcntlst
fido_cbor_info_new fido_cbor_info_maxcredidlen
fido_cbor_info_new fido_cbor_info_fwversion
fido_cbor_info_new fido_cbor_info_maxlargeblob
fido_cbor_info_new fido_cbor_info_maxmsgsiz
fido_cbor_info_new fido_cbor_info_maxrpid_minpinlen
fido_cbor_info_new fido_cbor_info_minpinlen
fido_cbor_info_new fido_cbor_info_new_pin_required
fido_cbor_info_new fido_cbor_info_options_len
fido_cbor_info_new fido_cbor_info_options_name_ptr
fido_cbor_info_new fido_cbor_info_options_value_ptr
fido_cbor_info_new fido_cbor_info_protocols_len
fido_cbor_info_new fido_cbor_info_protocols_ptr
fido_cbor_info_new fido_cbor_info_rk_remaining
fido_cbor_info_new fido_cbor_info_transports_len
fido_cbor_info_new fido_cbor_info_transports_ptr
fido_cbor_info_new fido_cbor_info_uv_attempts
fido_cbor_info_new fido_cbor_info_uv_modality
fido_cbor_info_new fido_cbor_info_versions_len
fido_cbor_info_new fido_cbor_info_versions_ptr
fido_cbor_info_new fido_dev_get_cbor_info
fido_cred_exclude fido_cred_empty_exclude_list
fido_cred_new fido_cred_aaguid_len
fido_cred_new fido_cred_aaguid_ptr
fido_cred_new fido_cred_attstmt_len
@ -263,7 +282,7 @@ math(EXPR MAN_ALIAS_MAX "${MAN_ALIAS_LEN} - 2")
# man_copy
foreach(f ${MAN_SOURCES})
add_custom_command(OUTPUT ${f}
COMMAND cp -f ${CMAKE_SOURCE_DIR}/man/${f} .
COMMAND cp -f ${PROJECT_SOURCE_DIR}/man/${f} .
DEPENDS ${f})
list(APPEND COPY_FILES ${f})
endforeach()
@ -278,7 +297,7 @@ endforeach()
# man_html
foreach(f ${MAN_SOURCES})
string(REGEX REPLACE ".[13]" "" g ${f})
string(REGEX REPLACE "\\.[13]$" "" g ${f})
add_custom_command(OUTPUT ${g}.html
COMMAND mandoc -T html -O man="%N.html",style=style.css -I os="Yubico AB" ${f} > ${g}.html
DEPENDS ${f})
@ -287,9 +306,9 @@ endforeach()
# man_html_partial
foreach(f ${MAN_SOURCES})
string(REGEX REPLACE ".[13]" "" g ${f})
string(REGEX REPLACE "\\.[13]$" "" g ${f})
add_custom_command(OUTPUT ${g}.partial
COMMAND cat ${CMAKE_SOURCE_DIR}/man/dyc.css > ${g}.partial
COMMAND cat ${PROJECT_SOURCE_DIR}/man/dyc.css > ${g}.partial
COMMAND mandoc -T html -O man="%N.html",fragment ${f} >> ${g}.partial
DEPENDS ${f})
list(APPEND HTML_PARTIAL_FILES ${g}.partial)
@ -337,17 +356,17 @@ add_custom_target(man ALL)
if(MANDOC_PATH)
add_dependencies(man man_symlink_html)
add_dependencies(man_gzip man_lint)
install(FILES ${CMAKE_SOURCE_DIR}/man/style.css
install(FILES ${PROJECT_SOURCE_DIR}/man/style.css
DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
foreach(f ${MAN_SOURCES})
string(REGEX REPLACE ".[13]" "" f ${f})
install(FILES ${CMAKE_BINARY_DIR}/man/${f}.html
string(REGEX REPLACE "\\.[13]$" "" f ${f})
install(FILES ${PROJECT_BINARY_DIR}/man/${f}.html
DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
endforeach()
foreach(i RANGE 0 ${MAN_ALIAS_MAX} 2)
math(EXPR j "${i} + 1")
list(GET MAN_ALIAS ${j} DST)
install(FILES ${CMAKE_BINARY_DIR}/man/${DST}.html
install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.html
DESTINATION "${CMAKE_INSTALL_DOCDIR}/html")
endforeach()
endif()
@ -358,34 +377,34 @@ if(GZIP_PATH)
add_dependencies(man man_symlink_gzip)
foreach(f ${MAN_SOURCES})
if (${f} MATCHES ".1$")
install(FILES ${CMAKE_BINARY_DIR}/man/${f}.gz
install(FILES ${PROJECT_BINARY_DIR}/man/${f}.gz
DESTINATION "${CMAKE_INSTALL_MANDIR}/man1")
elseif(${f} MATCHES ".3$")
install(FILES ${CMAKE_BINARY_DIR}/man/${f}.gz
install(FILES ${PROJECT_BINARY_DIR}/man/${f}.gz
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
endif()
endforeach()
foreach(i RANGE 0 ${MAN_ALIAS_MAX} 2)
math(EXPR j "${i} + 1")
list(GET MAN_ALIAS ${j} DST)
install(FILES ${CMAKE_BINARY_DIR}/man/${DST}.3.gz
install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.3.gz
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
endforeach()
elseif(NOT MSVC)
add_dependencies(man man_symlink)
foreach(f ${MAN_SOURCES})
if (${f} MATCHES ".1$")
install(FILES ${CMAKE_BINARY_DIR}/man/${f}
install(FILES ${PROJECT_BINARY_DIR}/man/${f}
DESTINATION "${CMAKE_INSTALL_MANDIR}/man1")
elseif(${f} MATCHES ".3$")
install(FILES ${CMAKE_BINARY_DIR}/man/${f}
install(FILES ${PROJECT_BINARY_DIR}/man/${f}
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
endif()
endforeach()
foreach(i RANGE 0 ${MAN_ALIAS_MAX} 2)
math(EXPR j "${i} + 1")
list(GET MAN_ALIAS ${j} DST)
install(FILES ${CMAKE_BINARY_DIR}/man/${DST}.3
install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.3
DESTINATION "${CMAKE_INSTALL_MANDIR}/man3")
endforeach()
endif()

1
contrib/libfido2/man/check.sh
View File

@ -3,6 +3,7 @@
# Copyright (c) 2022 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
T=$(mktemp -d) || exit 1
find . -maxdepth 1 -type f -name '*.3' -print0 > "$T/files"

32
contrib/libfido2/man/eddsa_pk_new.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2019 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2019-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 15 2019 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: July 15 2022 $
.Dt EDDSA_PK_NEW 3
.Os
.Sh NAME
@ -117,6 +140,7 @@ On error, a different error code defined in
is returned.
.Sh SEE ALSO
.Xr es256_pk_new 3 ,
.Xr es384_pk_new 3 ,
.Xr fido_assert_verify 3 ,
.Xr fido_cred_pubkey_ptr 3 ,
.Xr rs256_pk_new 3

32
contrib/libfido2/man/es256_pk_new.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 24 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: July 15 2022 $
.Dt ES256_PK_NEW 3
.Os
.Sh NAME
@ -135,6 +158,7 @@ On error, a different error code defined in
is returned.
.Sh SEE ALSO
.Xr eddsa_pk_new 3 ,
.Xr es384_pk_new 3 ,
.Xr fido_assert_verify 3 ,
.Xr fido_cred_pubkey_ptr 3 ,
.Xr rs256_pk_new 3

164
contrib/libfido2/man/es384_pk_new.3 Normal file
View File

@ -0,0 +1,164 @@
.\" Copyright (c) 2022 Yubico AB. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: July 15 2022 $
.Dt ES384_PK_NEW 3
.Os
.Sh NAME
.Nm es384_pk_new ,
.Nm es384_pk_free ,
.Nm es384_pk_from_EC_KEY ,
.Nm es384_pk_from_EVP_PKEY ,
.Nm es384_pk_from_ptr ,
.Nm es384_pk_to_EVP_PKEY
.Nd FIDO2 COSE ES384 API
.Sh SYNOPSIS
.In openssl/ec.h
.In fido/es384.h
.Ft es384_pk_t *
.Fn es384_pk_new "void"
.Ft void
.Fn es384_pk_free "es384_pk_t **pkp"
.Ft int
.Fn es384_pk_from_EC_KEY "es384_pk_t *pk" "const EC_KEY *ec"
.Ft int
.Fn es384_pk_from_EVP_PKEY "es384_pk_t *pk" "const EVP_PKEY *pkey"
.Ft int
.Fn es384_pk_from_ptr "es384_pk_t *pk" "const void *ptr" "size_t len"
.Ft EVP_PKEY *
.Fn es384_pk_to_EVP_PKEY "const es384_pk_t *pk"
.Sh DESCRIPTION
ES384 is the name given in the CBOR Object Signing and Encryption
(COSE) RFC to ECDSA over P-384 with SHA-384.
The COSE ES384 API of
.Em libfido2
is an auxiliary API with routines to convert between the different
ECDSA public key types used in
.Em libfido2
and
.Em OpenSSL .
.Pp
In
.Em libfido2 ,
ES384 public keys are abstracted by the
.Vt es384_pk_t
type.
.Pp
The
.Fn es384_pk_new
function returns a pointer to a newly allocated, empty
.Vt es384_pk_t
type.
If memory cannot be allocated, NULL is returned.
.Pp
The
.Fn es384_pk_free
function releases the memory backing
.Fa *pkp ,
where
.Fa *pkp
must have been previously allocated by
.Fn es384_pk_new .
On return,
.Fa *pkp
is set to NULL.
Either
.Fa pkp
or
.Fa *pkp
may be NULL, in which case
.Fn es384_pk_free
is a NOP.
.Pp
The
.Fn es384_pk_from_EC_KEY
function fills
.Fa pk
with the contents of
.Fa ec .
No references to
.Fa ec
are kept.
.Pp
The
.Fn es384_pk_from_EVP_PKEY
function fills
.Fa pk
with the contents of
.Fa pkey .
No references to
.Fa pkey
are kept.
.Pp
The
.Fn es384_pk_from_ptr
function fills
.Fa pk
with the contents of
.Fa ptr ,
where
.Fa ptr
points to
.Fa len
bytes.
The
.Fa ptr
pointer may point to an uncompressed point, or to the
concatenation of the x and y coordinates.
No references to
.Fa ptr
are kept.
.Pp
The
.Fn es384_pk_to_EVP_PKEY
function converts
.Fa pk
to a newly allocated
.Fa EVP_PKEY
type with a reference count of 1.
No internal references to the returned pointer are kept.
If an error occurs,
.Fn es384_pk_to_EVP_PKEY
returns NULL.
.Sh RETURN VALUES
The
.Fn es384_pk_from_EC_KEY ,
.Fn es384_pk_from_EVP_PKEY ,
and
.Fn es384_pk_from_ptr
functions return
.Dv FIDO_OK
on success.
On error, a different error code defined in
.In fido/err.h
is returned.
.Sh SEE ALSO
.Xr eddsa_pk_new 3 ,
.Xr es256_pk_new 3 ,
.Xr fido_assert_verify 3 ,
.Xr fido_cred_pubkey_ptr 3 ,
.Xr rs256_pk_new 3

27
contrib/libfido2/man/fido2-assert.1
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: November 5 2019 $
.Dt FIDO2-ASSERT 1

27
contrib/libfido2/man/fido2-cred.1
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: November 5 2019 $
.Dt FIDO2-CRED 1

51
contrib/libfido2/man/fido2-token.1
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: September 13 2019 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: April 11 2022 $
.Dt FIDO2-TOKEN 1
.Os
.Sh NAME
@ -147,7 +170,7 @@ from
.Ar device ,
where
.Ar key_path
must hold the blob's base64-encoded encryption key.
holds the blob's base64-encoded 32-byte AES-256 GCM encryption key.
A PIN or equivalent user-verification gesture is required.
.It Fl D Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar device
Deletes a
@ -189,7 +212,7 @@ from
.Ar device ,
where
.Ar key_path
must hold the blob's base64-encoded encryption key.
holds the blob's base64-encoded 32-byte AES-256 GCM encryption key.
The blob is written to
.Ar blob_path .
A PIN or equivalent user-verification gesture is required.
@ -267,29 +290,27 @@ The user will be prompted for the PIN.
Enables CTAP 2.1 Enterprise Attestation on
.Ar device .
.It Fl S Fl b Fl k Ar key_path Ar blob_path Ar device
Sets
.Ar blob_path
as a CTAP 2.1
Sets a CTAP 2.1
.Dq largeBlob
encrypted with
.Ar key_path
on
.Ar device ,
where
.Ar blob_path
holds the blob's plaintext, and
.Ar key_path
the blob's base64-encoded encryption.
holds the blob's base64-encoded 32-byte AES-256 GCM encryption key.
The blob is read from
.Fa blob_path .
A PIN or equivalent user-verification gesture is required.
.It Fl S Fl b Fl n Ar rp_id Oo Fl i Ar cred_id Oc Ar blob_path Ar device
Sets
.Ar blob_path
as a CTAP 2.1
Sets a CTAP 2.1
.Dq largeBlob
associated with
.Ar rp_id
on
.Ar device .
The blob is read from
.Fa blob_path .
If
.Ar rp_id
has multiple credentials enrolled on

45
contrib/libfido2/man/fido_assert_allow_cred.3
View File

@ -1,17 +1,43 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 23 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: December 1 2022 $
.Dt FIDO_ASSERT_ALLOW_CRED 3
.Os
.Sh NAME
.Nm fido_assert_allow_cred
.Nd allow a credential in a FIDO2 assertion
.Nm fido_assert_allow_cred ,
.Nm fido_assert_empty_allow_list
.Nd manage allow lists in a FIDO2 assertion
.Sh SYNOPSIS
.In fido.h
.Ft int
.Fn fido_assert_allow_cred "fido_assert_t *assert" "const unsigned char *ptr" "size_t len"
.Ft int
.Fn fido_assert_empty_allow_list "fido_assert_t *assert"
.Sh DESCRIPTION
The
.Fn fido_assert_allow_cred
@ -33,9 +59,16 @@ fails, the existing list of allowed credentials is preserved.
.Pp
For the format of a FIDO2 credential ID, please refer to the
Web Authentication (webauthn) standard.
.Pp
The
.Fn fido_assert_empty_allow_list
function empties the list of credentials allowed in
.Fa assert .
.Sh RETURN VALUES
The error codes returned by
.Fn fido_assert_allow_cred
and
.Fn fido_assert_empty_allow_list
are defined in
.In fido/err.h .
On success,

37
contrib/libfido2/man/fido_assert_new.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: October 22 2019 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: April 27 2022 $
.Dt FIDO_ASSERT_NEW 3
.Os
.Sh NAME
@ -154,6 +177,10 @@ in
.Fa assert .
If not NULL, the values returned by these functions point to
NUL-terminated UTF-8 strings.
The user display name, icon, and name attributes will typically
only be returned by the authenticator if user verification was
performed by the authenticator and multiple resident/discoverable
credentials were involved in the assertion.
.Pp
The
.Fn fido_assert_authdata_ptr ,
@ -180,6 +207,8 @@ in
The HMAC Secret Extension
.Pq hmac-secret
is a CTAP 2.0 extension.
Note that the resulting hmac-secret varies according to whether
user verification was performed by the authenticator.
.Pp
The
.Fn fido_assert_blob_ptr

33
contrib/libfido2/man/fido_assert_set_authdata.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 23 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: April 27 2022 $
.Dt FIDO_ASSERT_SET_AUTHDATA 3
.Os
.Sh NAME
@ -182,6 +205,8 @@ is made, and no references to the passed pointer are kept.
The HMAC Secret
.Pq hmac-secret
Extension is a CTAP 2.0 extension.
Note that the resulting hmac-secret varies according to whether
user verification was performed by the authenticator.
The
.Fn fido_assert_set_hmac_secret
function is normally only useful when writing tests.

33
contrib/libfido2/man/fido_assert_verify.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 24 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: July 15 2022 $
.Dt FIDO_ASSERT_VERIFY 3
.Os
.Sh NAME
@ -42,6 +65,7 @@ where
.Fa cose_alg
is
.Dv COSE_ES256 ,
.Dv COSE_ES384 ,
.Dv COSE_RS256 ,
or
.Dv COSE_EDDSA ,
@ -49,6 +73,7 @@ and
.Fa pk
points to a
.Vt es256_pk_t ,
.Vt es384_pk_t ,
.Vt rs256_pk_t ,
or
.Vt eddsa_pk_t

27
contrib/libfido2/man/fido_bio_dev_get_info.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2019 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: September 13 2019 $
.Dt FIDO_BIO_DEV_GET_INFO 3

27
contrib/libfido2/man/fido_bio_enroll_new.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2019 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: September 13 2019 $
.Dt FIDO_BIO_ENROLL_NEW 3

27
contrib/libfido2/man/fido_bio_info_new.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2019 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: September 13 2019 $
.Dt FIDO_BIO_INFO_NEW 3

27
contrib/libfido2/man/fido_bio_template.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2019 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: September 13 2019 $
.Dt FIDO_BIO_TEMPLATE 3

169
contrib/libfido2/man/fido_cbor_info_new.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 24 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: April 22 2022 $
.Dt FIDO_CBOR_INFO_NEW 3
.Os
.Sh NAME
@ -19,6 +42,9 @@
.Nm fido_cbor_info_algorithm_type ,
.Nm fido_cbor_info_algorithm_cose ,
.Nm fido_cbor_info_algorithm_count ,
.Nm fido_cbor_info_certs_name_ptr ,
.Nm fido_cbor_info_certs_value_ptr ,
.Nm fido_cbor_info_certs_len ,
.Nm fido_cbor_info_aaguid_len ,
.Nm fido_cbor_info_extensions_len ,
.Nm fido_cbor_info_protocols_len ,
@ -29,7 +55,14 @@
.Nm fido_cbor_info_maxcredbloblen ,
.Nm fido_cbor_info_maxcredcntlst ,
.Nm fido_cbor_info_maxcredidlen ,
.Nm fido_cbor_info_fwversion
.Nm fido_cbor_info_maxlargeblob ,
.Nm fido_cbor_info_maxrpid_minpinlen ,
.Nm fido_cbor_info_minpinlen ,
.Nm fido_cbor_info_fwversion ,
.Nm fido_cbor_info_uv_attempts ,
.Nm fido_cbor_info_uv_modality ,
.Nm fido_cbor_info_rk_remaining ,
.Nm fido_cbor_info_new_pin_required
.Nd FIDO2 CBOR Info API
.Sh SYNOPSIS
.In fido.h
@ -59,6 +92,12 @@
.Fn fido_cbor_info_algorithm_cose "const fido_cbor_info_t *ci" "size_t idx"
.Ft size_t
.Fn fido_cbor_info_algorithm_count "const fido_cbor_info_t *ci"
.Ft char **
.Fn fido_cbor_info_certs_name_ptr "const fido_cbor_info_t *ci"
.Ft const uint64_t *
.Fn fido_cbor_info_certs_value_ptr "const fido_cbor_info_t *ci"
.Ft size_t
.Fn fido_cbor_info_certs_len "const fido_cbor_info_t *ci"
.Ft size_t
.Fn fido_cbor_info_aaguid_len "const fido_cbor_info_t *ci"
.Ft size_t
@ -80,7 +119,21 @@
.Ft uint64_t
.Fn fido_cbor_info_maxcredidlen "const fido_cbor_info_t *ci"
.Ft uint64_t
.Fn fido_cbor_info_maxlargeblob "const fido_cbor_info_t *ci"
.Ft uint64_t
.Fn fido_cbor_info_maxrpid_minpinlen "const fido_cbor_info_t *ci"
.Ft uint64_t
.Fn fido_cbor_info_minpinlen "const fido_cbor_info_t *ci"
.Ft uint64_t
.Fn fido_cbor_info_fwversion "const fido_cbor_info_t *ci"
.Ft uint64_t
.Fn fido_cbor_info_uv_attempts "const fido_cbor_info_t *ci"
.Ft uint64_t
.Fn fido_cbor_info_uv_modality "const fido_cbor_info_t *ci"
.Ft int64_t
.Fn fido_cbor_info_rk_remaining "const fido_cbor_info_t *ci"
.Ft bool
.Fn fido_cbor_info_new_pin_required "const fido_cbor_info_t *ci"
.Sh DESCRIPTION
The
.Fn fido_cbor_info_new
@ -177,6 +230,17 @@ has an
(index) value of 0.
.Pp
The
.Fn fido_cbor_info_certs_name_ptr
and
.Fn fido_cbor_info_certs_value_ptr
functions return pointers to the array of certification names and their
respective values
in
.Fa ci .
The length of the certifications array is returned by
.Fn fido_cbor_info_certs_len .
.Pp
The
.Fn fido_cbor_info_maxmsgsiz
function returns the maximum message size attribute of
.Fa ci .
@ -201,10 +265,93 @@ as reported in
.Fa ci .
.Pp
The
.Fn fido_cbor_info_maxrpid_minpinlen
function returns the maximum number of RP IDs that may be passed to
.Xr fido_dev_set_pin_minlen_rpid 3 ,
as reported in
.Fa ci .
The minimum PIN length attribute is a CTAP 2.1 addition.
If the attribute is not advertised by the authenticator, the
.Fn fido_cbor_info_maxrpid_minpinlen
function returns zero.
.Pp
The
.Fn fido_cbor_info_maxlargeblob
function returns the maximum length in bytes of an authenticator's
serialized largeBlob array as reported in
.Fa ci .
.Pp
The
.Fn fido_cbor_info_minpinlen
function returns the minimum PIN length enforced by the
authenticator as reported in
.Fa ci .
The minimum PIN length attribute is a CTAP 2.1 addition.
If the attribute is not advertised by the authenticator, the
.Fn fido_cbor_info_minpinlen
function returns zero.
.Pp
The
.Fn fido_cbor_info_fwversion
function returns the firmware version attribute of
.Fa ci .
.Pp
The
.Fn fido_cbor_info_uv_attempts
function returns the number of UV attempts that the platform may
attempt before falling back to PIN authentication.
If 1, then all
.Xr fido_dev_get_uv_retry_count 3
retries are handled internally by the authenticator and the
platform may only attempt non-PIN UV once.
The UV attempts attribute is a CTAP 2.1 addition.
If the attribute is not advertised by the authenticator,
the
.Fn fido_cbor_info_uv_attempts
function returns zero.
.Pp
The
.Fn fido_cbor_info_uv_modality
function returns a bitmask representing different UV modes
supported by the authenticator, as defined in the FIDO Registry of
Predefined Values and reported in
.Fa ci .
See the
.Em FIDO_UV_MODE_*
definitions in
.In fido/param.h
for the set of values defined by libfido2 and a brief description
of each.
The UV modality attribute is a CTAP 2.1 addition.
If the attribute is not advertised by the authenticator, the
.Fn fido_cbor_info_uv_modality
function returns zero.
.Pp
The
.Fn fido_cbor_info_rk_remaining
function returns the estimated number of additional
resident/discoverable credentials that can be stored on the
authenticator as reported in
.Fa ci .
The estimated number of remaining resident credentials is a
CTAP 2.1 addition.
If the attribute is not advertised by the authenticator, the
.Fn fido_cbor_info_rk_remaining
function returns -1.
.Pp
The
.Fn fido_cbor_info_new_pin_required
function returns whether a new PIN is required by the authenticator
as reported in
.Fa ci .
If
.Fn fido_cbor_info_new_pin_required
returns true, operations requiring PIN authentication will fail
until a new PIN is set on the authenticator.
The
.Xr fido_dev_set_pin 3
function can be used to set a new PIN.
.Pp
A complete example of how to use these functions can be found in the
.Pa example/info.c
file shipped with
@ -229,4 +376,14 @@ without the
.Em const
qualifier is invoked.
.Sh SEE ALSO
.Xr fido_dev_open 3
.Xr fido_dev_get_uv_retry_count 3 ,
.Xr fido_dev_open 3 ,
.Xr fido_dev_set_pin 3 ,
.Xr fido_dev_set_pin_minlen_rpid 3
.Rs
.%D 2021-05-25
.%O Review Draft, Version 2.2
.%Q FIDO Alliance
.%R FIDO Registry of Predefined Values
.%U https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-rd-20210525.html
.Re

45
contrib/libfido2/man/fido_cred_exclude.3
View File

@ -1,17 +1,43 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 23 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: December 2 2022 $
.Dt FIDO_CRED_EXCLUDE 3
.Os
.Sh NAME
.Nm fido_cred_exclude
.Nd appends a credential ID to a credential's list of excluded credentials
.Nm fido_cred_exclude ,
.Nm fido_cred_empty_exclude_list
.Nd manage exclude lists in a FIDO2 credential
.Sh SYNOPSIS
.In fido.h
.Ft int
.Fn fido_cred_exclude "fido_cred_t *cred" "const unsigned char *ptr" "size_t len"
.Ft int
.Fn fido_cred_empty_exclude_list "fido_cred_t *cred"
.Sh DESCRIPTION
The
.Fn fido_cred_exclude
@ -46,9 +72,16 @@ will fail.
.Pp
For the format of a FIDO2 credential ID, please refer to the
Web Authentication (webauthn) standard.
.Pp
The
.Fn fido_cred_empty_exclude_list
function empties the list of credentials excluded by
.Fa cred .
.Sh RETURN VALUES
The error codes returned by
.Fn fido_cred_exclude
and
.Fn fido_cred_empty_exclude_list
are defined in
.In fido/err.h .
On success,

29
contrib/libfido2/man/fido_cred_new.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 23 2018 $
.Dt FIDO_CRED_NEW 3
@ -189,7 +212,7 @@ for the protection policies understood by
The
.Fn fido_cred_fmt
function returns a pointer to a NUL-terminated string containing
the format of
the attestation statement format identifier of
.Fa cred ,
or NULL if
.Fa cred

46
contrib/libfido2/man/fido_cred_set_authdata.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 23 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: July 15 2022 $
.Dt FIDO_CRED_SET_AUTHDATA 3
.Os
.Sh NAME
@ -287,7 +310,7 @@ by default, allowing the authenticator to use its default settings.
.Pp
The
.Fn fido_cred_set_fmt
function sets the attestation format of
function sets the attestation statement format identifier of
.Fa cred
to
.Fa fmt ,
@ -297,15 +320,18 @@ must be
.Vt "packed"
.Pq the format used in FIDO2 ,
.Vt "fido-u2f"
.Pq the format used by U2F ,
.Pq the format used in U2F ,
.Vt "tpm"
.Pq the format used by TPM-based authenticators ,
or
.Vt "none" .
A copy of
.Fa fmt
is made, and no references to the passed pointer are kept.
Note that not all authenticators support FIDO2 and therefore may not
Note that not all authenticators support FIDO2 and therefore may only
be able to generate
.Vt "packed" .
.Vt fido-u2f
attestation statements.
.Pp
The
.Fn fido_cred_set_type
@ -316,11 +342,13 @@ where
.Fa cose_alg
is
.Dv COSE_ES256 ,
.Dv COSE_ES384 ,
.Dv COSE_RS256 ,
or
.Dv COSE_EDDSA .
The type of a credential may only be set once.
Note that not all authenticators support COSE_RS256 or COSE_EDDSA.
Note that not all authenticators support COSE_RS256, COSE_ES384, or
COSE_EDDSA.
.Pp
Use of the
.Nm

27
contrib/libfido2/man/fido_cred_verify.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 23 2018 $
.Dt FIDO_CRED_VERIFY 3

27
contrib/libfido2/man/fido_credman_metadata_new.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2019-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: June 28 2019 $
.Dt FIDO_CREDMAN_METADATA_NEW 3

38
contrib/libfido2/man/fido_dev_enable_entattest.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2020 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2020-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: September 22 2020 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: March 30 2022 $
.Dt FIDO_DEV_ENABLE_ENTATTEST 3
.Os
.Sh NAME
@ -65,7 +88,7 @@ does not have a PIN set.
.Pp
The
.Fn fido_dev_force_pin_change
instructs
function instructs
.Fa dev
to require a PIN change.
Subsequent PIN authentication attempts against
@ -97,6 +120,10 @@ NUL-terminated UTF-8 strings.
A copy of
.Fa rpid
is made, and no reference to it or its contents is kept.
The maximum value of
.Fa n
supported by the authenticator can be obtained using
.Xr fido_cbor_info_maxrpid_minpinlen 3 .
.Pp
Configuration settings are reflected in the payload returned by the
authenticator in response to a
@ -116,6 +143,7 @@ On success,
.Dv FIDO_OK
is returned.
.Sh SEE ALSO
.Xr fido_cbor_info_maxrpid_minpinlen 3 ,
.Xr fido_cred_pin_minlen 3 ,
.Xr fido_dev_get_cbor_info 3 ,
.Xr fido_dev_reset 3

27
contrib/libfido2/man/fido_dev_get_assert.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 24 2018 $
.Dt FIDO_DEV_GET_ASSERT 3

27
contrib/libfido2/man/fido_dev_get_touch_begin.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2020 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: August 5 2020 $
.Dt FIDO_DEV_GET_TOUCH_BEGIN 3

31
contrib/libfido2/man/fido_dev_info_manifest.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.Dd $Mdocdate: May 25 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: March 30 2022 $
.Dt FIDO_DEV_INFO_MANIFEST 3
.Os
.Sh NAME
@ -97,7 +120,7 @@ Please note that the first slot has index 0.
.Pp
The
.Fn fido_dev_info_path
returns the filesystem path or subsystem-specific identification
function returns the filesystem path or subsystem-specific identification
string of
.Fa di .
.Pp

34
contrib/libfido2/man/fido_dev_largeblob_get.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2020 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: October 26 2020 $
.Dt FIDO_LARGEBLOB_GET 3
@ -68,8 +91,7 @@ function retrieves the authenticator's
.Dq largeBlobs
CBOR array and, on success, returns the first blob
.Pq iterating from array index zero
that can be
decrypted by
that can be decrypted by
.Fa key_ptr ,
where
.Fa key_ptr
@ -179,8 +201,8 @@ is returned.
.Xr fido_cred_largeblob_key_len 3 ,
.Xr fido_cred_largeblob_key_ptr 3 ,
.Xr fido_cred_set_extensions 3 ,
.Xr fido_credman_dev_get_rk 3 ,
.Xr fido_credman_dev_get_rp 3 ,
.Xr fido_credman_get_dev_rk 3 ,
.Xr fido_credman_get_dev_rp 3 ,
.Xr fido_dev_get_assert 3 ,
.Xr fido_dev_make_cred 3
.Sh CAVEATS

27
contrib/libfido2/man/fido_dev_make_cred.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 23 2018 $
.Dt FIDO_DEV_MAKE_CRED 3

27
contrib/libfido2/man/fido_dev_open.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 25 2018 $
.Dt FIDO_DEV_OPEN 3

27
contrib/libfido2/man/fido_dev_set_io_functions.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 25 2018 $
.Dt FIDO_DEV_SET_IO_FUNCTIONS 3

29
contrib/libfido2/man/fido_dev_set_pin.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 25 2018 $
.Dt FIDO_DEV_SET_PIN 3
@ -89,6 +112,8 @@ are defined in
On success,
.Dv FIDO_OK
is returned.
.Sh SEE ALSO
.Xr fido_cbor_info_uv_attempts 3
.Sh CAVEATS
Regarding
.Fn fido_dev_reset ,

27
contrib/libfido2/man/fido_init.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 25 2018 $
.Dt FIDO_INIT 3

27
contrib/libfido2/man/fido_strerr.3
View File

@ -1,6 +1,29 @@
.\" Copyright (c) 2018 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: May 25 2018 $
.Dt FIDO_STRERR 3

32
contrib/libfido2/man/rs256_pk_new.3
View File

@ -1,8 +1,31 @@
.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved.
.\" Use of this source code is governed by a BSD-style
.\" license that can be found in the LICENSE file.
.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved.
.\"
.Dd $Mdocdate: May 24 2018 $
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
.Dd $Mdocdate: July 15 2022 $
.Dt RS256_PK_NEW 3
.Os
.Sh NAME
@ -132,5 +155,6 @@ is returned.
.Sh SEE ALSO
.Xr eddsa_pk_new 3 ,
.Xr es256_pk_new 3 ,
.Xr es384_pk_new 3 ,
.Xr fido_assert_verify 3 ,
.Xr fido_cred_pubkey_ptr 3

88
contrib/libfido2/openbsd-compat/bsd-asprintf.c Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright (c) 2004 Darren Tucker.
*
* Based originally on asprintf.c from OpenBSD:
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "openbsd-compat.h"
#ifndef HAVE_ASPRINTF
#include <errno.h>
#include <limits.h> /* for INT_MAX */
#include <stdarg.h>
#include <stdio.h> /* for vsnprintf */
#include <stdlib.h>
#define VA_COPY(dest, src) va_copy(dest, src)
#define INIT_SZ 128
int
vasprintf(char **str, const char *fmt, va_list ap)
{
int ret;
va_list ap2;
char *string, *newstr;
size_t len;
if ((string = malloc(INIT_SZ)) == NULL)
goto fail;
VA_COPY(ap2, ap);
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
va_end(ap2);
if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
*str = string;
} else if (ret == INT_MAX || ret < 0) { /* Bad length */
free(string);
goto fail;
} else { /* bigger than initial, realloc allowing for nul */
len = (size_t)ret + 1;
if ((newstr = realloc(string, len)) == NULL) {
free(string);
goto fail;
}
VA_COPY(ap2, ap);
ret = vsnprintf(newstr, len, fmt, ap2);
va_end(ap2);
if (ret < 0 || (size_t)ret >= len) { /* failed with realloc'ed string */
free(newstr);
goto fail;
}
*str = newstr;
}
return (ret);
fail:
*str = NULL;
errno = ENOMEM;
return (-1);
}
int asprintf(char **str, const char *fmt, ...)
{
va_list ap;
int ret;
*str = NULL;
va_start(ap, fmt);
ret = vasprintf(str, fmt, ap);
va_end(ap);
return ret;
}
#endif

1
contrib/libfido2/openbsd-compat/clock_gettime.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include "openbsd-compat.h"

1
contrib/libfido2/openbsd-compat/endian_win32.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2020 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include "openbsd-compat.h"

5
contrib/libfido2/openbsd-compat/openbsd-compat.h
View File

@ -2,6 +2,7 @@
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#ifndef _OPENBSD_COMPAT_H
@ -115,4 +116,8 @@ ssize_t getline(char **, size_t *, FILE *);
#define IOCTL_REQ(x) ((int)(x))
#endif
#if !defined(HAVE_ASPRINTF)
int asprintf(char **, const char *, ...);
#endif
#endif /* !_OPENBSD_COMPAT_H */

57
contrib/libfido2/regress/CMakeLists.txt
View File

@ -1,20 +1,57 @@
# Copyright (c) 2018-2021 Yubico AB. All rights reserved.
# Copyright (c) 2018-2022 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
add_custom_target(regress ALL)
add_custom_target(regress)
macro(add_regress_test NAME SOURCES)
macro(add_regress_test NAME SOURCES LIB)
add_executable(${NAME} ${SOURCES})
target_link_libraries(${NAME} fido2_shared)
add_test(${NAME} ${NAME})
add_dependencies(regress ${NAME})
target_link_libraries(${NAME} ${LIB})
endmacro()
add_custom_command(TARGET regress POST_BUILD
COMMAND ${CMAKE_CTEST_COMMAND} --output-on-failure
WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
if(MSVC AND BUILD_SHARED_LIBS)
add_custom_command(TARGET regress POST_BUILD
COMMAND "${CMAKE_COMMAND}" -E copy
"${CBOR_BIN_DIRS}/${CBOR_LIBRARIES}.dll"
"${CRYPTO_BIN_DIRS}/${CRYPTO_LIBRARIES}.dll"
"${ZLIB_BIN_DIRS}/${ZLIB_LIBRARIES}.dll"
"$<TARGET_FILE:${_FIDO2_LIBRARY}>"
"${CMAKE_CURRENT_BINARY_DIR}")
endif()
add_regress_test(regress_cred cred.c)
add_regress_test(regress_assert assert.c)
add_regress_test(regress_dev dev.c)
if(CYGWIN AND BUILD_SHARED_LIBS)
add_custom_command(TARGET regress POST_BUILD
COMMAND "${CMAKE_COMMAND}" -E copy
"$<TARGET_FILE:${_FIDO2_LIBRARY}>"
"${CMAKE_CURRENT_BINARY_DIR}")
endif()
if(CMAKE_CROSSCOMPILING OR (CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "AMD64" AND
CMAKE_GENERATOR_PLATFORM MATCHES "^ARM.*$"))
add_custom_command(TARGET regress POST_BUILD
COMMAND "${CMAKE_COMMAND}" -E echo
"Cross-compilation detected. Skipping regress tests.")
else()
add_custom_command(TARGET regress POST_BUILD
COMMAND "${CMAKE_CTEST_COMMAND}" --output-on-failure
WORKING_DIRECTORY ${PROJECT_BINARY_DIR})
endif()
add_regress_test(regress_assert assert.c ${_FIDO2_LIBRARY})
add_regress_test(regress_cred cred.c ${_FIDO2_LIBRARY})
add_regress_test(regress_dev dev.c ${_FIDO2_LIBRARY})
add_regress_test(regress_eddsa eddsa.c ${_FIDO2_LIBRARY})
add_regress_test(regress_es256 es256.c ${_FIDO2_LIBRARY})
add_regress_test(regress_es384 es384.c ${_FIDO2_LIBRARY})
add_regress_test(regress_rs256 rs256.c ${_FIDO2_LIBRARY})
if(BUILD_STATIC_LIBS)
add_regress_test(regress_compress compress.c fido2)
endif()
if(MINGW)
# needed for nanosleep() in mingw
target_link_libraries(regress_dev winpthread)
endif()

14
contrib/libfido2/regress/assert.c
View File

@ -2,18 +2,22 @@
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <string.h>
#define _FIDO_INTERNAL
#include <assert.h>
#include <fido.h>
#include <fido/es256.h>
#include <fido/rs256.h>
#include <fido/eddsa.h>
#include <string.h>
#define FAKE_DEV_HANDLE ((void *)0xdeadbeef)
static int fake_dev_handle;
static const unsigned char es256_pk[64] = {
0x34, 0xeb, 0x99, 0x77, 0x02, 0x9c, 0x36, 0x38,
@ -94,13 +98,13 @@ dummy_open(const char *path)
{
(void)path;
return (FAKE_DEV_HANDLE);
return (&fake_dev_handle);
}
static void
dummy_close(void *handle)
{
assert(handle == FAKE_DEV_HANDLE);
assert(handle == &fake_dev_handle);
}
static int

268
contrib/libfido2/regress/compress.c Normal file
View File

@ -0,0 +1,268 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <string.h>
#include <openssl/sha.h>
#define _FIDO_INTERNAL
#include <fido.h>
/*
* zlib compressed data (RFC1950); see https://www.ietf.org/rfc/rfc6713.txt
*/
static /* const */ unsigned char rfc1950_blob[694] = {
0x78, 0x9c, 0xb5, 0x52, 0x3b, 0x6f, 0xdb, 0x30,
0x10, 0xde, 0xf5, 0x2b, 0x0e, 0x99, 0x12, 0x40,
0x75, 0x13, 0x4f, 0x45, 0x3b, 0xd1, 0x12, 0x6d,
0x1d, 0x20, 0x8b, 0x2a, 0x49, 0xd9, 0xf5, 0x28,
0x4b, 0x4c, 0x42, 0xc0, 0x12, 0x03, 0x3d, 0x12,
0xe4, 0xdf, 0xf7, 0xc8, 0x3a, 0x88, 0xd3, 0x0c,
0x9d, 0xea, 0xc1, 0x3e, 0xf3, 0x8e, 0xdf, 0xeb,
0x98, 0xb8, 0xa7, 0xd7, 0xc1, 0x3e, 0x3c, 0x4e,
0x70, 0xdd, 0xdc, 0xc0, 0xf2, 0xf6, 0xee, 0xdb,
0x97, 0xe5, 0xed, 0x72, 0x09, 0x87, 0xf9, 0x68,
0x1b, 0x07, 0x6c, 0xb5, 0x00, 0x76, 0x3a, 0x41,
0x18, 0x19, 0x61, 0x30, 0xa3, 0x19, 0x9e, 0x4d,
0xbb, 0x88, 0x22, 0x69, 0x5a, 0x3b, 0x4e, 0x83,
0x3d, 0xce, 0x93, 0x75, 0x3d, 0xd4, 0x7d, 0x0b,
0xf3, 0x68, 0xc0, 0xf6, 0x30, 0xba, 0x79, 0x68,
0x4c, 0x38, 0x39, 0xda, 0xbe, 0x1e, 0x5e, 0xe1,
0xde, 0x0d, 0xdd, 0x18, 0xc3, 0x8b, 0x9d, 0x1e,
0xc1, 0x0d, 0xe1, 0xd7, 0xcd, 0x53, 0xd4, 0xb9,
0xd6, 0xde, 0xdb, 0xa6, 0xf6, 0x00, 0x31, 0xd4,
0x83, 0x81, 0x27, 0x33, 0x74, 0x76, 0x9a, 0x4c,
0x0b, 0x4f, 0x83, 0x7b, 0xb6, 0x2d, 0x15, 0xd3,
0x63, 0x3d, 0xd1, 0x97, 0x21, 0x90, 0xd3, 0xc9,
0xbd, 0xd8, 0xfe, 0x01, 0x1a, 0xd7, 0xb7, 0xd6,
0x5f, 0x1a, 0xfd, 0xa5, 0xa8, 0x33, 0xd3, 0xf7,
0x28, 0x02, 0x80, 0xbb, 0x05, 0x7c, 0x54, 0x35,
0x82, 0xbb, 0x7f, 0x93, 0xd3, 0xb8, 0xd6, 0x40,
0x37, 0x8f, 0x13, 0x99, 0x98, 0x6a, 0x92, 0xe9,
0x31, 0xeb, 0xa3, 0x7b, 0xf6, 0xad, 0x73, 0x06,
0x1e, 0x84, 0x3e, 0xbd, 0x9b, 0x6c, 0x63, 0x62,
0x9a, 0xb0, 0x23, 0x9c, 0x08, 0xcf, 0xc3, 0x5c,
0x92, 0xf6, 0xed, 0x5f, 0x8a, 0x88, 0xb4, 0x39,
0xd5, 0xb6, 0x33, 0xc3, 0xc2, 0x63, 0x2c, 0x3f,
0x0b, 0x21, 0xc2, 0x8b, 0x30, 0xde, 0x84, 0x90,
0xcb, 0x76, 0x26, 0x71, 0xff, 0x47, 0x0b, 0x91,
0x9e, 0x51, 0xfc, 0x44, 0xeb, 0x9a, 0xb9, 0x33,
0xfd, 0x54, 0xbf, 0xed, 0xeb, 0x2b, 0xad, 0xc2,
0x51, 0x67, 0x80, 0xae, 0x9e, 0xcc, 0x60, 0xeb,
0xd3, 0xf8, 0x1e, 0x7b, 0xd8, 0x15, 0x35, 0xcf,
0x00, 0x97, 0x66, 0x68, 0xf9, 0x3a, 0x43, 0x05,
0x4a, 0xac, 0xf5, 0x9e, 0x49, 0x0e, 0x54, 0x97,
0x52, 0xec, 0x30, 0xe5, 0x29, 0xac, 0x0e, 0xa0,
0x33, 0x0e, 0x89, 0x28, 0x0f, 0x12, 0x37, 0x99,
0x86, 0x4c, 0xe4, 0x29, 0x97, 0x0a, 0x58, 0x91,
0xd2, 0x69, 0xa1, 0x25, 0xae, 0x2a, 0x2d, 0xa4,
0x8a, 0xae, 0x98, 0xa2, 0x9b, 0x57, 0xa1, 0xc1,
0x8a, 0x03, 0xf0, 0x5f, 0xa5, 0xe4, 0x4a, 0x81,
0x90, 0x80, 0xdb, 0x32, 0x47, 0x02, 0x23, 0x74,
0xc9, 0x0a, 0x8d, 0x5c, 0xc5, 0x80, 0x45, 0x92,
0x57, 0x29, 0x16, 0x9b, 0x18, 0x08, 0x00, 0x0a,
0xa1, 0xa3, 0x1c, 0xb7, 0xa8, 0x69, 0x4c, 0x8b,
0x38, 0x90, 0x7e, 0xbe, 0x06, 0x62, 0x0d, 0x5b,
0x2e, 0x93, 0x8c, 0xfe, 0xb2, 0x15, 0xe6, 0xa8,
0x0f, 0x81, 0x6f, 0x8d, 0xba, 0xf0, 0x5c, 0x6b,
0x21, 0x23, 0x06, 0x25, 0x93, 0x1a, 0x93, 0x2a,
0x67, 0x12, 0xca, 0x4a, 0x96, 0x42, 0x71, 0xf0,
0xb6, 0x52, 0x54, 0x49, 0xce, 0x70, 0xcb, 0xd3,
0x05, 0xb1, 0x13, 0x23, 0xf0, 0x1d, 0x2f, 0x34,
0xa8, 0x8c, 0xe5, 0xf9, 0x47, 0x97, 0xd1, 0x1f,
0x97, 0x5e, 0xfb, 0xa5, 0x47, 0x58, 0x71, 0xc8,
0x91, 0xad, 0x72, 0xee, 0x99, 0x82, 0xcb, 0x14,
0x25, 0x4f, 0xb4, 0xb7, 0xf3, 0x5e, 0x25, 0x94,
0x1c, 0xe9, 0xcb, 0xe3, 0x48, 0x95, 0x3c, 0x41,
0x2a, 0x28, 0x0c, 0x4e, 0x66, 0x98, 0x3c, 0xc4,
0x67, 0x4c, 0xc5, 0x7f, 0x56, 0x34, 0x44, 0x4d,
0x48, 0xd9, 0x96, 0x6d, 0xc8, 0xdb, 0xf5, 0x3f,
0x22, 0xa1, 0x9d, 0x24, 0x95, 0xe4, 0x5b, 0xaf,
0x99, 0x72, 0x50, 0xd5, 0x4a, 0x69, 0xd4, 0x95,
0xe6, 0xb0, 0x11, 0x22, 0x0d, 0x41, 0x2b, 0x2e,
0x77, 0x98, 0x70, 0xf5, 0x03, 0x72, 0xa1, 0x42,
0x5a, 0x95, 0xe2, 0x71, 0x94, 0x32, 0xcd, 0x02,
0x31, 0x41, 0x50, 0x54, 0xd4, 0xa6, 0x7a, 0x55,
0x29, 0x0c, 0xa1, 0x61, 0xa1, 0xb9, 0x94, 0x55,
0xa9, 0x51, 0x14, 0x37, 0xb4, 0xdf, 0x3d, 0xc5,
0x42, 0x1a, 0x19, 0x5d, 0x4d, 0x43, 0xba, 0xa2,
0xf0, 0x56, 0xe9, 0x91, 0x70, 0x21, 0x0f, 0x1e,
0xd4, 0x67, 0x10, 0xc2, 0x8f, 0x61, 0x9f, 0x71,
0x3a, 0x97, 0x3e, 0xd0, 0x90, 0x14, 0xf3, 0x11,
0x28, 0x4a, 0x2c, 0xd1, 0x97, 0x63, 0xc4, 0x47,
0x01, 0xea, 0xe8, 0xdd, 0x23, 0x14, 0x7c, 0x93,
0xe3, 0x86, 0x17, 0x09, 0xf7, 0x5d, 0xe1, 0x51,
0xf6, 0xa8, 0xf8, 0x0d, 0xed, 0x0a, 0x95, 0x1f,
0xc0, 0x40, 0x4b, 0xdb, 0x27, 0xce, 0x2a, 0x58,
0xf6, 0x3b, 0x22, 0x55, 0x51, 0x28, 0x2f, 0x5e,
0x6c, 0x1c, 0x36, 0x09, 0xb8, 0x06, 0x96, 0xee,
0xd0, 0xcb, 0x3e, 0x0f, 0xd3, 0xee, 0x15, 0x9e,
0xdf, 0x49, 0x88, 0x2c, 0xc9, 0xce, 0x71, 0x2f,
0xa2, 0xdf, 0xdf, 0xd7, 0x8e, 0x9c,
};
/*
* expected sha256 of rfc1950_blob after decompression
*/
static const unsigned char rfc1950_blob_hash[SHA256_DIGEST_LENGTH] = {
0x61, 0xc0, 0x4e, 0x14, 0x01, 0xb6, 0xc5, 0x2d,
0xba, 0x15, 0xf6, 0x27, 0x4c, 0xa1, 0xcc, 0xfc,
0x39, 0xed, 0xd7, 0x12, 0xb6, 0x02, 0x3d, 0xb6,
0xd9, 0x85, 0xd0, 0x10, 0x9f, 0xe9, 0x3e, 0x75,
};
static const size_t rfc1950_blob_origsiz = 1322;
static /* const */ unsigned char random_words[515] = {
0x61, 0x74, 0x68, 0x69, 0x72, 0x73, 0x74, 0x20,
0x54, 0x68, 0x6f, 0x20, 0x63, 0x6f, 0x74, 0x20,
0x73, 0x70, 0x6f, 0x66, 0x66, 0x79, 0x20, 0x4a,
0x61, 0x76, 0x61, 0x6e, 0x20, 0x62, 0x72, 0x65,
0x64, 0x65, 0x73, 0x20, 0x4c, 0x41, 0x4d, 0x20,
0x6d, 0x69, 0x73, 0x2d, 0x68, 0x75, 0x6d, 0x69,
0x6c, 0x69, 0x74, 0x79, 0x20, 0x73, 0x70, 0x69,
0x67, 0x6f, 0x74, 0x20, 0x72, 0x65, 0x76, 0x6f,
0x6c, 0x74, 0x69, 0x6e, 0x67, 0x6c, 0x79, 0x20,
0x49, 0x6f, 0x64, 0x61, 0x6d, 0x6f, 0x65, 0x62,
0x61, 0x20, 0x68, 0x79, 0x70, 0x6f, 0x68, 0x79,
0x64, 0x72, 0x6f, 0x63, 0x68, 0x6c, 0x6f, 0x72,
0x69, 0x61, 0x20, 0x76, 0x6f, 0x6c, 0x75, 0x6d,
0x65, 0x74, 0x74, 0x65, 0x20, 0x61, 0x63, 0x72,
0x69, 0x64, 0x69, 0x6e, 0x65, 0x20, 0x68, 0x6f,
0x77, 0x6c, 0x20, 0x45, 0x75, 0x72, 0x79, 0x67,
0x61, 0x65, 0x61, 0x6e, 0x20, 0x63, 0x6f, 0x6e,
0x63, 0x65, 0x72, 0x74, 0x69, 0x6e, 0x69, 0x73,
0x74, 0x20, 0x74, 0x65, 0x74, 0x72, 0x61, 0x70,
0x6c, 0x6f, 0x69, 0x64, 0x20, 0x61, 0x75, 0x78,
0x65, 0x74, 0x69, 0x63, 0x61, 0x6c, 0x20, 0x72,
0x69, 0x70, 0x65, 0x2d, 0x67, 0x72, 0x6f, 0x77,
0x6e, 0x20, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72,
0x72, 0x69, 0x6e, 0x67, 0x20, 0x6d, 0x79, 0x63,
0x6f, 0x63, 0x65, 0x63, 0x69, 0x64, 0x69, 0x75,
0x6d, 0x20, 0x50, 0x65, 0x64, 0x65, 0x72, 0x73,
0x6f, 0x6e, 0x20, 0x74, 0x72, 0x61, 0x64, 0x69,
0x74, 0x69, 0x6f, 0x6e, 0x2d, 0x62, 0x6f, 0x75,
0x6e, 0x64, 0x20, 0x4c, 0x65, 0x6e, 0x67, 0x6c,
0x65, 0x6e, 0x20, 0x70, 0x72, 0x65, 0x73, 0x62,
0x79, 0x74, 0x65, 0x72, 0x61, 0x74, 0x65, 0x20,
0x6c, 0x65, 0x63, 0x79, 0x74, 0x68, 0x69, 0x73,
0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x64, 0x72,
0x69, 0x69, 0x66, 0x6f, 0x72, 0x6d, 0x20, 0x61,
0x6c, 0x6c, 0x6f, 0x6b, 0x75, 0x72, 0x74, 0x69,
0x63, 0x20, 0x75, 0x6e, 0x64, 0x69, 0x76, 0x69,
0x73, 0x69, 0x76, 0x65, 0x6c, 0x79, 0x20, 0x70,
0x73, 0x79, 0x63, 0x68, 0x6f, 0x6b, 0x79, 0x6d,
0x65, 0x20, 0x75, 0x6e, 0x64, 0x65, 0x72, 0x73,
0x74, 0x61, 0x6e, 0x64, 0x61, 0x62, 0x6c, 0x65,
0x6e, 0x65, 0x73, 0x73, 0x20, 0x63, 0x75, 0x6c,
0x74, 0x69, 0x73, 0x68, 0x20, 0x52, 0x65, 0x69,
0x63, 0x68, 0x73, 0x74, 0x61, 0x67, 0x20, 0x75,
0x6e, 0x63, 0x68, 0x6c, 0x6f, 0x72, 0x69, 0x6e,
0x61, 0x74, 0x65, 0x64, 0x20, 0x6c, 0x6f, 0x67,
0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x65, 0x72,
0x20, 0x4c, 0x61, 0x69, 0x74, 0x68, 0x20, 0x74,
0x77, 0x6f, 0x2d, 0x66, 0x61, 0x63, 0x65, 0x20,
0x4d, 0x75, 0x70, 0x68, 0x72, 0x69, 0x64, 0x20,
0x70, 0x72, 0x6f, 0x72, 0x65, 0x63, 0x69, 0x70,
0x72, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
0x20, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x74, 0x74,
0x69, 0x73, 0x74, 0x20, 0x49, 0x62, 0x69, 0x62,
0x69, 0x6f, 0x20, 0x72, 0x65, 0x67, 0x72, 0x65,
0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x63,
0x6f, 0x6e, 0x64, 0x69, 0x67, 0x6e, 0x6e, 0x65,
0x73, 0x73, 0x20, 0x77, 0x68, 0x69, 0x74, 0x65,
0x2d, 0x62, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x65,
0x64, 0x20, 0x73, 0x79, 0x6e, 0x61, 0x70, 0x74,
0x65, 0x6e, 0x65, 0x20, 0x68, 0x6f, 0x6c, 0x6f,
0x6d, 0x6f, 0x72, 0x70, 0x68, 0x20, 0x6d, 0x6f,
0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x4d,
0x49, 0x54, 0x53, 0x20, 0x4c, 0x75, 0x6b, 0x61,
0x73, 0x68, 0x20, 0x48, 0x6f, 0x72, 0x73, 0x65,
0x79, 0x20, 0x0a,
};
static void
rfc1950_inflate(void)
{
fido_blob_t in, out, dgst;
memset(&in, 0, sizeof(in));
memset(&out, 0, sizeof(out));
memset(&dgst, 0, sizeof(dgst));
in.ptr = rfc1950_blob;
in.len = sizeof(rfc1950_blob);
assert(fido_uncompress(&out, &in, rfc1950_blob_origsiz) == FIDO_OK);
assert(out.len == rfc1950_blob_origsiz);
assert(fido_sha256(&dgst, out.ptr, out.len) == 0);
assert(dgst.len == sizeof(rfc1950_blob_hash));
assert(memcmp(rfc1950_blob_hash, dgst.ptr, dgst.len) == 0);
free(out.ptr);
free(dgst.ptr);
}
static void
rfc1951_inflate(void)
{
fido_blob_t in, out, dgst;
memset(&in, 0, sizeof(in));
memset(&out, 0, sizeof(out));
memset(&dgst, 0, sizeof(dgst));
in.ptr = rfc1950_blob + 2; /* trim header */
in.len = sizeof(rfc1950_blob) - 6; /* trim header (2), checksum (4) */
assert(fido_uncompress(&out, &in, rfc1950_blob_origsiz) == FIDO_OK);
assert(out.len == rfc1950_blob_origsiz);
assert(fido_sha256(&dgst, out.ptr, out.len) == 0);
assert(dgst.len == sizeof(rfc1950_blob_hash));
assert(memcmp(rfc1950_blob_hash, dgst.ptr, dgst.len) == 0);
free(out.ptr);
free(dgst.ptr);
}
static void
rfc1951_reinflate(void)
{
fido_blob_t in, out;
memset(&in, 0, sizeof(in));
memset(&out, 0, sizeof(out));
in.ptr = random_words;
in.len = sizeof(random_words);
assert(fido_compress(&out, &in) == FIDO_OK);
in.ptr = out.ptr;
in.len = out.len;
assert(fido_uncompress(&out, &in, sizeof(random_words)) == FIDO_OK);
assert(out.len == sizeof(random_words));
assert(memcmp(out.ptr, random_words, out.len) == 0);
free(in.ptr);
free(out.ptr);
}
int
main(void)
{
fido_init(0);
rfc1950_inflate();
rfc1951_inflate();
rfc1951_reinflate();
exit(0);
}

15
contrib/libfido2/regress/cred.c
View File

@ -2,14 +2,19 @@
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <cbor.h>
#include <fido.h>
#include <string.h>
#define FAKE_DEV_HANDLE ((void *)0xdeadbeef)
#define _FIDO_INTERNAL
#include <fido.h>
static int fake_dev_handle;
static const unsigned char cdh[32] = {
0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb,
@ -1384,13 +1389,13 @@ dummy_open(const char *path)
{
(void)path;
return (FAKE_DEV_HANDLE);
return (&fake_dev_handle);
}
static void
dummy_close(void *handle)
{
assert(handle == FAKE_DEV_HANDLE);
assert(handle == &fake_dev_handle);
}
static int

43
contrib/libfido2/regress/dev.c
View File

@ -1,38 +1,58 @@
/*
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <err.h>
#include <fido.h>
#include <string.h>
#include <time.h>
#define _FIDO_INTERNAL
#include <fido.h>
#include "../fuzz/wiredata_fido2.h"
#define FAKE_DEV_HANDLE ((void *)0xdeadbeef)
#define REPORT_LEN (64 + 1)
static uint8_t ctap_nonce[8];
static uint8_t *wiredata_ptr;
static size_t wiredata_len;
static int fake_dev_handle;
static int initialised;
static long interval_ms;
#if defined(_MSC_VER)
static int
nanosleep(const struct timespec *rqtp, struct timespec *rmtp)
{
if (rmtp != NULL) {
errno = EINVAL;
return (-1);
}
Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000));
return (0);
}
#endif
static void *
dummy_open(const char *path)
{
(void)path;
return (FAKE_DEV_HANDLE);
return (&fake_dev_handle);
}
static void
dummy_close(void *handle)
{
assert(handle == FAKE_DEV_HANDLE);
assert(handle == &fake_dev_handle);
}
static int
@ -42,7 +62,7 @@ dummy_read(void *handle, unsigned char *ptr, size_t len, int ms)
size_t n;
long d;
assert(handle == FAKE_DEV_HANDLE);
assert(handle == &fake_dev_handle);
assert(ptr != NULL);
assert(len == REPORT_LEN - 1);
@ -87,7 +107,7 @@ dummy_write(void *handle, const unsigned char *ptr, size_t len)
{
struct timespec tv;
assert(handle == FAKE_DEV_HANDLE);
assert(handle == &fake_dev_handle);
assert(ptr != NULL);
assert(len == REPORT_LEN);
@ -113,7 +133,14 @@ wiredata_setup(const uint8_t *data, size_t len)
assert(SIZE_MAX - len > sizeof(ctap_init_data));
assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL);
#if defined(_MSC_VER)
#pragma warning(push)
#pragma warning(disable:6386)
#endif
memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data));
#if defined(_MSC_VER)
#pragma warning(pop)
#endif
if (len)
memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len);

159
contrib/libfido2/regress/eddsa.c Normal file
View File

@ -0,0 +1,159 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <string.h>
#define _FIDO_INTERNAL
#include <fido.h>
#include <fido/eddsa.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#define ASSERT_NOT_NULL(e) assert((e) != NULL)
#define ASSERT_NULL(e) assert((e) == NULL)
#define ASSERT_INVAL(e) assert((e) == FIDO_ERR_INVALID_ARGUMENT)
#define ASSERT_OK(e) assert((e) == FIDO_OK)
static const char ecdsa[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOwiq14c80b7C1Jzsx5w1zMvk2GgW\n"
"5kfGMOKXjwF/U+51ZfBDKehs3ivdeXAJBkxIh7E3iA32s+HyNqk+ntl9fg==\n"
"-----END PUBLIC KEY-----\n";
static const char eddsa[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MCowBQYDK2VwAyEADt/RHErAxAHxH9FUmsjOhQ2ALl6Y8nE0m3zQxkEE2iM=\n"
"-----END PUBLIC KEY-----\n";
static const unsigned char eddsa_raw[] = {
0x0e, 0xdf, 0xd1, 0x1c, 0x4a, 0xc0, 0xc4, 0x01,
0xf1, 0x1f, 0xd1, 0x54, 0x9a, 0xc8, 0xce, 0x85,
0x0d, 0x80, 0x2e, 0x5e, 0x98, 0xf2, 0x71, 0x34,
0x9b, 0x7c, 0xd0, 0xc6, 0x41, 0x04, 0xda, 0x23,
};
static EVP_PKEY *
EVP_PKEY_from_PEM(const char *ptr, size_t len)
{
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
warnx("BIO_new");
goto out;
}
if (len > INT_MAX || BIO_write(bio, ptr, (int)len) != (int)len) {
warnx("BIO_write");
goto out;
}
if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL)
warnx("PEM_read_bio_PUBKEY");
out:
BIO_free(bio);
return pkey;
}
static int
eddsa_pk_cmp(const char *ptr, size_t len)
{
EVP_PKEY *pkA = NULL;
EVP_PKEY *pkB = NULL;
eddsa_pk_t *k = NULL;
int r, ok = -1;
if ((pkA = EVP_PKEY_from_PEM(ptr, len)) == NULL) {
warnx("EVP_PKEY_from_PEM");
goto out;
}
if ((k = eddsa_pk_new()) == NULL) {
warnx("eddsa_pk_new");
goto out;
}
if ((r = eddsa_pk_from_EVP_PKEY(k, pkA)) != FIDO_OK) {
warnx("eddsa_pk_from_EVP_PKEY: 0x%x", r);
goto out;
}
if ((pkB = eddsa_pk_to_EVP_PKEY(k)) == NULL) {
warnx("eddsa_pk_to_EVP_PKEY");
goto out;
}
if ((r = EVP_PKEY_cmp(pkA, pkB)) != 1) {
warnx("EVP_PKEY_cmp: %d", r);
goto out;
}
ok = 0;
out:
EVP_PKEY_free(pkA);
EVP_PKEY_free(pkB);
eddsa_pk_free(&k);
return ok;
}
static void
invalid_key(void)
{
EVP_PKEY *pkey;
eddsa_pk_t *pk;
ASSERT_NOT_NULL((pkey = EVP_PKEY_from_PEM(ecdsa, sizeof(ecdsa))));
ASSERT_NOT_NULL((pk = eddsa_pk_new()));
ASSERT_INVAL(eddsa_pk_from_EVP_PKEY(pk, pkey));
EVP_PKEY_free(pkey);
eddsa_pk_free(&pk);
}
static void
valid_key(void)
{
EVP_PKEY *pkeyA = NULL;
EVP_PKEY *pkeyB = NULL;
eddsa_pk_t *pkA = NULL;
eddsa_pk_t *pkB = NULL;
#if defined(LIBRESSL_VERSION_NUMBER)
/* incomplete support; test what we can */
ASSERT_NULL(EVP_PKEY_from_PEM(eddsa, sizeof(eddsa)));
ASSERT_NOT_NULL((pkB = eddsa_pk_new()));
ASSERT_INVAL(eddsa_pk_from_ptr(pkB, eddsa_raw, sizeof(eddsa_raw)));
ASSERT_NULL(eddsa_pk_to_EVP_PKEY((const eddsa_pk_t *)eddsa_raw));
assert(eddsa_pk_cmp(eddsa, sizeof(eddsa)) < 0);
#else
ASSERT_NOT_NULL((pkeyA = EVP_PKEY_from_PEM(eddsa, sizeof(eddsa))));
ASSERT_NOT_NULL((pkA = eddsa_pk_new()));
ASSERT_NOT_NULL((pkB = eddsa_pk_new()));
ASSERT_OK(eddsa_pk_from_EVP_PKEY(pkA, pkeyA));
ASSERT_OK(eddsa_pk_from_ptr(pkB, eddsa_raw, sizeof(eddsa_raw)));
ASSERT_NOT_NULL((pkeyB = eddsa_pk_to_EVP_PKEY((const eddsa_pk_t *)eddsa_raw)));
assert(EVP_PKEY_cmp(pkeyA, pkeyB) == 1);
assert(eddsa_pk_cmp(eddsa, sizeof(eddsa)) == 0);
#endif
EVP_PKEY_free(pkeyA);
EVP_PKEY_free(pkeyB);
eddsa_pk_free(&pkA);
eddsa_pk_free(&pkB);
}
int
main(void)
{
fido_init(0);
invalid_key();
valid_key();
exit(0);
}

199
contrib/libfido2/regress/es256.c Normal file
View File

@ -0,0 +1,199 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <string.h>
#define _FIDO_INTERNAL
#include <fido.h>
#include <fido/es256.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#define ASSERT_NOT_NULL(e) assert((e) != NULL)
#define ASSERT_NULL(e) assert((e) == NULL)
#define ASSERT_INVAL(e) assert((e) == FIDO_ERR_INVALID_ARGUMENT)
#define ASSERT_OK(e) assert((e) == FIDO_OK)
static const char short_x[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAAeeHTZj4LEbt7Czs+u5gEZJfnGE\n"
"6Z+YLe4AYu7SoGY7IH/2jKifsA7w+lkURL4DL63oEjd3f8foH9bX4eaVug==\n"
"-----END PUBLIC KEY-----";
static const char short_y[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL8CWUP1r0tpJ5QmkzLc69O74C/Ti\n"
"83hTiys/JFNVkp0ArW3pKt5jNRrgWSZYE4S/D3AMtpqifFXz/FLCzJqojQ==\n"
"-----END PUBLIC KEY-----\n";
static const char p256k1[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEU1y8c0Jg9FGr3vYChpEo9c4dpkijriYM\n"
"QzU/DeskC89hZjLNH1Sj8ra2MsBlVGGJTNPCZSyx8Jo7ERapxdN7UQ==\n"
"-----END PUBLIC KEY-----\n";
static const char p256v1[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOwiq14c80b7C1Jzsx5w1zMvk2GgW\n"
"5kfGMOKXjwF/U+51ZfBDKehs3ivdeXAJBkxIh7E3iA32s+HyNqk+ntl9fg==\n"
"-----END PUBLIC KEY-----\n";
static const unsigned char p256k1_raw[] = {
0x04, 0x53, 0x5c, 0xbc, 0x73, 0x42, 0x60, 0xf4,
0x51, 0xab, 0xde, 0xf6, 0x02, 0x86, 0x91, 0x28,
0xf5, 0xce, 0x1d, 0xa6, 0x48, 0xa3, 0xae, 0x26,
0x0c, 0x43, 0x35, 0x3f, 0x0d, 0xeb, 0x24, 0x0b,
0xcf, 0x61, 0x66, 0x32, 0xcd, 0x1f, 0x54, 0xa3,
0xf2, 0xb6, 0xb6, 0x32, 0xc0, 0x65, 0x54, 0x61,
0x89, 0x4c, 0xd3, 0xc2, 0x65, 0x2c, 0xb1, 0xf0,
0x9a, 0x3b, 0x11, 0x16, 0xa9, 0xc5, 0xd3, 0x7b,
0x51,
};
static const unsigned char p256v1_raw[] = {
0x04, 0x3b, 0x08, 0xaa, 0xd7, 0x87, 0x3c, 0xd1,
0xbe, 0xc2, 0xd4, 0x9c, 0xec, 0xc7, 0x9c, 0x35,
0xcc, 0xcb, 0xe4, 0xd8, 0x68, 0x16, 0xe6, 0x47,
0xc6, 0x30, 0xe2, 0x97, 0x8f, 0x01, 0x7f, 0x53,
0xee, 0x75, 0x65, 0xf0, 0x43, 0x29, 0xe8, 0x6c,
0xde, 0x2b, 0xdd, 0x79, 0x70, 0x09, 0x06, 0x4c,
0x48, 0x87, 0xb1, 0x37, 0x88, 0x0d, 0xf6, 0xb3,
0xe1, 0xf2, 0x36, 0xa9, 0x3e, 0x9e, 0xd9, 0x7d,
0x7e,
};
static EVP_PKEY *
EVP_PKEY_from_PEM(const char *ptr, size_t len)
{
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
warnx("BIO_new");
goto out;
}
if (len > INT_MAX || BIO_write(bio, ptr, (int)len) != (int)len) {
warnx("BIO_write");
goto out;
}
if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL)
warnx("PEM_read_bio_PUBKEY");
out:
BIO_free(bio);
return pkey;
}
static int
es256_pk_cmp(const char *ptr, size_t len)
{
EVP_PKEY *pkA = NULL;
EVP_PKEY *pkB = NULL;
es256_pk_t *k = NULL;
int r, ok = -1;
if ((pkA = EVP_PKEY_from_PEM(ptr, len)) == NULL) {
warnx("EVP_PKEY_from_PEM");
goto out;
}
if ((k = es256_pk_new()) == NULL) {
warnx("es256_pk_new");
goto out;
}
if ((r = es256_pk_from_EVP_PKEY(k, pkA)) != FIDO_OK) {
warnx("es256_pk_from_EVP_PKEY: 0x%x", r);
goto out;
}
if ((pkB = es256_pk_to_EVP_PKEY(k)) == NULL) {
warnx("es256_pk_to_EVP_PKEY");
goto out;
}
if ((r = EVP_PKEY_cmp(pkA, pkB)) != 1) {
warnx("EVP_PKEY_cmp: %d", r);
goto out;
}
ok = 0;
out:
EVP_PKEY_free(pkA);
EVP_PKEY_free(pkB);
es256_pk_free(&k);
return ok;
}
static void
short_coord(void)
{
assert(es256_pk_cmp(short_x, sizeof(short_x)) == 0);
assert(es256_pk_cmp(short_y, sizeof(short_y)) == 0);
}
static void
invalid_curve(const unsigned char *raw, size_t raw_len)
{
EVP_PKEY *pkey;
es256_pk_t *pk;
ASSERT_NOT_NULL((pkey = EVP_PKEY_from_PEM(p256k1, sizeof(p256k1))));
ASSERT_NOT_NULL((pk = es256_pk_new()));
ASSERT_INVAL(es256_pk_from_EVP_PKEY(pk, pkey));
ASSERT_INVAL(es256_pk_from_ptr(pk, raw, raw_len));
ASSERT_NULL(es256_pk_to_EVP_PKEY((const es256_pk_t *)raw));
EVP_PKEY_free(pkey);
es256_pk_free(&pk);
}
static void
full_coord(void)
{
assert(es256_pk_cmp(p256v1, sizeof(p256v1)) == 0);
}
static void
valid_curve(const unsigned char *raw, size_t raw_len)
{
EVP_PKEY *pkeyA;
EVP_PKEY *pkeyB;
es256_pk_t *pkA;
es256_pk_t *pkB;
ASSERT_NOT_NULL((pkeyA = EVP_PKEY_from_PEM(p256v1, sizeof(p256v1))));
ASSERT_NOT_NULL((pkA = es256_pk_new()));
ASSERT_NOT_NULL((pkB = es256_pk_new()));
ASSERT_OK(es256_pk_from_EVP_PKEY(pkA, pkeyA));
ASSERT_OK(es256_pk_from_ptr(pkB, raw, raw_len));
ASSERT_NOT_NULL((pkeyB = es256_pk_to_EVP_PKEY(pkB)));
assert(EVP_PKEY_cmp(pkeyA, pkeyB) == 1);
EVP_PKEY_free(pkeyA);
EVP_PKEY_free(pkeyB);
es256_pk_free(&pkA);
es256_pk_free(&pkB);
}
int
main(void)
{
fido_init(0);
short_coord();
full_coord();
invalid_curve(p256k1_raw, sizeof(p256k1_raw)); /* uncompressed */
invalid_curve(p256k1_raw + 1, sizeof(p256k1_raw) - 1); /* libfido2 */
valid_curve(p256v1_raw, sizeof(p256v1_raw)); /* uncompressed */
valid_curve(p256v1_raw + 1, sizeof(p256v1_raw) - 1); /* libfido2 */
exit(0);
}

213
contrib/libfido2/regress/es384.c Normal file
View File

@ -0,0 +1,213 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <string.h>
#define _FIDO_INTERNAL
#include <fido.h>
#include <fido/es384.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#define ASSERT_NOT_NULL(e) assert((e) != NULL)
#define ASSERT_NULL(e) assert((e) == NULL)
#define ASSERT_INVAL(e) assert((e) == FIDO_ERR_INVALID_ARGUMENT)
#define ASSERT_OK(e) assert((e) == FIDO_OK)
static const char short_x[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEAAZ/VVCUmFU6aH9kJdDnUHCCglkatFTX\n"
"onMwIvNYyS8BW/HOoZiOQLs2Hg+qifwaP1pHKILzCVfFmWuZMhxhtmjNXFuOPDnS\n"
"Wa1PMdkCoWXA2BbXxnqL9v36gIOcFBil\n"
"-----END PUBLIC KEY-----";
static const char short_y[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuDpRBAg87cnWVhxbWnaWlnj100w9pm5k\n"
"6T4eYToISaIhEK70TnGwULHX0+qHCYEGACOM7B/ZJbqjo6I7MIXaKZLemGi+tqvy\n"
"ajBAsTVSyrYBLQjTMMcaFmYmsxvFx7pK\n"
"-----END PUBLIC KEY-----\n";
static const char brainpoolP384r1[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABFKswbBzqqyZ4h1zz8rivqHzJxAO\n"
"XC2aLyC9x5gwBM7GVu8k6jkX7VypRpg3yyCneiIQ+vVCNXgbDchJ0cPVuhwm3Zru\n"
"AK49dezUPahWF0YiJRFVeV+KyB/MEaaZvinzqw==\n"
"-----END PUBLIC KEY-----\n";
static const char secp384r1[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdJN9DoqPtTNAOmjnECHBIqnJgyBW0rct\n"
"tbUSqQjb6UG2lldmrQJbgCP/ywuXvkkJl4yfXxOr0UP3rgcnqTVA1/46s2TG+R5u\n"
"NSQbCM1JPQuvTyFlAn5mdR8ZJJ8yPBQm\n"
"-----END PUBLIC KEY-----\n";
static const unsigned char brainpoolP384r1_raw[] = {
0x04, 0x52, 0xac, 0xc1, 0xb0, 0x73, 0xaa, 0xac,
0x99, 0xe2, 0x1d, 0x73, 0xcf, 0xca, 0xe2, 0xbe,
0xa1, 0xf3, 0x27, 0x10, 0x0e, 0x5c, 0x2d, 0x9a,
0x2f, 0x20, 0xbd, 0xc7, 0x98, 0x30, 0x04, 0xce,
0xc6, 0x56, 0xef, 0x24, 0xea, 0x39, 0x17, 0xed,
0x5c, 0xa9, 0x46, 0x98, 0x37, 0xcb, 0x20, 0xa7,
0x7a, 0x22, 0x10, 0xfa, 0xf5, 0x42, 0x35, 0x78,
0x1b, 0x0d, 0xc8, 0x49, 0xd1, 0xc3, 0xd5, 0xba,
0x1c, 0x26, 0xdd, 0x9a, 0xee, 0x00, 0xae, 0x3d,
0x75, 0xec, 0xd4, 0x3d, 0xa8, 0x56, 0x17, 0x46,
0x22, 0x25, 0x11, 0x55, 0x79, 0x5f, 0x8a, 0xc8,
0x1f, 0xcc, 0x11, 0xa6, 0x99, 0xbe, 0x29, 0xf3,
0xab,
};
static const unsigned char secp384r1_raw[] = {
0x04, 0x74, 0x93, 0x7d, 0x0e, 0x8a, 0x8f, 0xb5,
0x33, 0x40, 0x3a, 0x68, 0xe7, 0x10, 0x21, 0xc1,
0x22, 0xa9, 0xc9, 0x83, 0x20, 0x56, 0xd2, 0xb7,
0x2d, 0xb5, 0xb5, 0x12, 0xa9, 0x08, 0xdb, 0xe9,
0x41, 0xb6, 0x96, 0x57, 0x66, 0xad, 0x02, 0x5b,
0x80, 0x23, 0xff, 0xcb, 0x0b, 0x97, 0xbe, 0x49,
0x09, 0x97, 0x8c, 0x9f, 0x5f, 0x13, 0xab, 0xd1,
0x43, 0xf7, 0xae, 0x07, 0x27, 0xa9, 0x35, 0x40,
0xd7, 0xfe, 0x3a, 0xb3, 0x64, 0xc6, 0xf9, 0x1e,
0x6e, 0x35, 0x24, 0x1b, 0x08, 0xcd, 0x49, 0x3d,
0x0b, 0xaf, 0x4f, 0x21, 0x65, 0x02, 0x7e, 0x66,
0x75, 0x1f, 0x19, 0x24, 0x9f, 0x32, 0x3c, 0x14,
0x26,
};
static EVP_PKEY *
EVP_PKEY_from_PEM(const char *ptr, size_t len)
{
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
warnx("BIO_new");
goto out;
}
if (len > INT_MAX || BIO_write(bio, ptr, (int)len) != (int)len) {
warnx("BIO_write");
goto out;
}
if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL)
warnx("PEM_read_bio_PUBKEY");
out:
BIO_free(bio);
return pkey;
}
static int
es384_pk_cmp(const char *ptr, size_t len)
{
EVP_PKEY *pkA = NULL;
EVP_PKEY *pkB = NULL;
es384_pk_t *k = NULL;
int r, ok = -1;
if ((pkA = EVP_PKEY_from_PEM(ptr, len)) == NULL) {
warnx("EVP_PKEY_from_PEM");
goto out;
}
if ((k = es384_pk_new()) == NULL) {
warnx("es384_pk_new");
goto out;
}
if ((r = es384_pk_from_EVP_PKEY(k, pkA)) != FIDO_OK) {
warnx("es384_pk_from_EVP_PKEY: 0x%x", r);
goto out;
}
if ((pkB = es384_pk_to_EVP_PKEY(k)) == NULL) {
warnx("es384_pk_to_EVP_PKEY");
goto out;
}
if ((r = EVP_PKEY_cmp(pkA, pkB)) != 1) {
warnx("EVP_PKEY_cmp: %d", r);
goto out;
}
ok = 0;
out:
EVP_PKEY_free(pkA);
EVP_PKEY_free(pkB);
es384_pk_free(&k);
return ok;
}
static void
short_coord(void)
{
assert(es384_pk_cmp(short_x, sizeof(short_x)) == 0);
assert(es384_pk_cmp(short_y, sizeof(short_y)) == 0);
}
static void
invalid_curve(const unsigned char *raw, size_t raw_len)
{
EVP_PKEY *pkey;
es384_pk_t *pk;
pkey = EVP_PKEY_from_PEM(brainpoolP384r1, sizeof(brainpoolP384r1));
if (pkey == NULL)
return; /* assume no brainpool support in libcrypto */
ASSERT_NOT_NULL((pk = es384_pk_new()));
ASSERT_INVAL(es384_pk_from_EVP_PKEY(pk, pkey));
ASSERT_INVAL(es384_pk_from_ptr(pk, raw, raw_len));
ASSERT_NULL(es384_pk_to_EVP_PKEY((const es384_pk_t *)raw));
EVP_PKEY_free(pkey);
es384_pk_free(&pk);
}
static void
full_coord(void)
{
assert(es384_pk_cmp(secp384r1, sizeof(secp384r1)) == 0);
}
static void
valid_curve(const unsigned char *raw, size_t raw_len)
{
EVP_PKEY *pkeyA;
EVP_PKEY *pkeyB;
es384_pk_t *pkA;
es384_pk_t *pkB;
ASSERT_NOT_NULL((pkeyA = EVP_PKEY_from_PEM(secp384r1, sizeof(secp384r1))));
ASSERT_NOT_NULL((pkA = es384_pk_new()));
ASSERT_NOT_NULL((pkB = es384_pk_new()));
ASSERT_OK(es384_pk_from_EVP_PKEY(pkA, pkeyA));
ASSERT_OK(es384_pk_from_ptr(pkB, raw, raw_len));
ASSERT_NOT_NULL((pkeyB = es384_pk_to_EVP_PKEY(pkB)));
assert(EVP_PKEY_cmp(pkeyA, pkeyB) == 1);
EVP_PKEY_free(pkeyA);
EVP_PKEY_free(pkeyB);
es384_pk_free(&pkA);
es384_pk_free(&pkB);
}
int
main(void)
{
fido_init(0);
short_coord();
full_coord();
invalid_curve(brainpoolP384r1_raw, sizeof(brainpoolP384r1_raw)); /* uncompressed */
invalid_curve(brainpoolP384r1_raw + 1, sizeof(brainpoolP384r1_raw) - 1); /* libfido2 */
valid_curve(secp384r1_raw, sizeof(secp384r1_raw)); /* uncompressed */
valid_curve(secp384r1_raw + 1, sizeof(secp384r1_raw) - 1); /* libfido2 */
exit(0);
}

201
contrib/libfido2/regress/rs256.c Normal file
View File

@ -0,0 +1,201 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#undef NDEBUG
#include <assert.h>
#include <string.h>
#define _FIDO_INTERNAL
#include <fido.h>
#include <fido/rs256.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#define ASSERT_NOT_NULL(e) assert((e) != NULL)
#define ASSERT_NULL(e) assert((e) == NULL)
#define ASSERT_INVAL(e) assert((e) == FIDO_ERR_INVALID_ARGUMENT)
#define ASSERT_OK(e) assert((e) == FIDO_OK)
static char rsa1024[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw92gn9Ku/bEfFj1AutaZyltpf\n"
"zzXrg70kQFymNq+spMt/HlxKiImw8TZU08zWW4ZLE/Ch4JYjMW6ETAdQFhSC63Ih\n"
"Wecui0JJ1f+2CsUVg+h7lO1877LZYUpdNiJrbqMb5Yc4N3FPtvdl3NoLIIQsF76H\n"
"VRvpjQgkWipRfZ97JQIDAQAB\n"
"-----END PUBLIC KEY-----";
static char rsa2048[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvIq/55ZodBIxzo/8BnE\n"
"UQN1fo1hmJ6V20hQHSzJq5tHyxRCcvKikuJ1ZvR4RdZlEzdTdbEfMBdZ8sxve0/U\n"
"yYEjH92CG0vgTCYuUaFLJTaWZSvWa96G8Lw+V4VyNFDRCM7sflOaSVH5pAsz8OEc\n"
"TLZfM4NhnDsJAM+mQ6X7Tza0sczPchgDA+9KByXo/VIqyuBQs17rlKC2reMa8NkY\n"
"rBRQZJLNzi68d5/BHH1flGWE1l8wJ9dr1Ex93H/KdzX+7/28TWUC98nneUo8RfRx\n"
"FwUt/EInDMHOORCaCHSs28U/9IUyMjqLB1rxKhIp09yGXMiTrrT+p+Pcn8dO01HT\n"
"vQIDAQAB\n"
"-----END PUBLIC KEY-----";
static char rsa3072[] = \
"-----BEGIN PUBLIC KEY-----\n"
"MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwZunKrMs/o92AniLPNTF\n"
"Ta4EYfhy5NDmMvQvRFT/eTYItLrOTPmYMap68KLyZYmgz/AdaxAL/992QWre7XTY\n"
"gqLwtZT+WsSu7xPHWKTTXrlVohKBeLHQ0I7Zy0NSMUxhlJEMrBAjSyFAS86zWm5w\n"
"ctC3pNCqfUKugA07BVj+d5Mv5fziwgMR86kuhkVuMYfsR4IYwX4+va0pyLzxx624\n"
"s9nJ107g+A+3MUk4bAto3lruFeeZPUI2AFzFQbGg5By6VtvVi3gKQ7lUNtAr0Onu\n"
"I6Fb+yz8sbFcvDpJcu5CXW20GrKMVP4KY5pn2LCajWuZjBl/dXWayPfm4UX5Y2O4\n"
"73tzPpUBNwnEdz79His0v80Vmvjwn5IuF2jAoimrBNPJFFwCCuVNy8kgj2vllk1l\n"
"RvLOG6hf8VnlDb40QZS3QAQ09xFfF+xlVLb8cHH6wllaAGEM230TrmawpC7xpz4Z\n"
"sTuwJwI0AWEi//noMsRz2BuF2fCp//aORYJQU2S8kYk3AgMBAAE=\n"
"-----END PUBLIC KEY-----";
static const unsigned char rsa2048_raw[] = {
0xa6, 0xf2, 0x2a, 0xff, 0x9e, 0x59, 0xa1, 0xd0,
0x48, 0xc7, 0x3a, 0x3f, 0xf0, 0x19, 0xc4, 0x51,
0x03, 0x75, 0x7e, 0x8d, 0x61, 0x98, 0x9e, 0x95,
0xdb, 0x48, 0x50, 0x1d, 0x2c, 0xc9, 0xab, 0x9b,
0x47, 0xcb, 0x14, 0x42, 0x72, 0xf2, 0xa2, 0x92,
0xe2, 0x75, 0x66, 0xf4, 0x78, 0x45, 0xd6, 0x65,
0x13, 0x37, 0x53, 0x75, 0xb1, 0x1f, 0x30, 0x17,
0x59, 0xf2, 0xcc, 0x6f, 0x7b, 0x4f, 0xd4, 0xc9,
0x81, 0x23, 0x1f, 0xdd, 0x82, 0x1b, 0x4b, 0xe0,
0x4c, 0x26, 0x2e, 0x51, 0xa1, 0x4b, 0x25, 0x36,
0x96, 0x65, 0x2b, 0xd6, 0x6b, 0xde, 0x86, 0xf0,
0xbc, 0x3e, 0x57, 0x85, 0x72, 0x34, 0x50, 0xd1,
0x08, 0xce, 0xec, 0x7e, 0x53, 0x9a, 0x49, 0x51,
0xf9, 0xa4, 0x0b, 0x33, 0xf0, 0xe1, 0x1c, 0x4c,
0xb6, 0x5f, 0x33, 0x83, 0x61, 0x9c, 0x3b, 0x09,
0x00, 0xcf, 0xa6, 0x43, 0xa5, 0xfb, 0x4f, 0x36,
0xb4, 0xb1, 0xcc, 0xcf, 0x72, 0x18, 0x03, 0x03,
0xef, 0x4a, 0x07, 0x25, 0xe8, 0xfd, 0x52, 0x2a,
0xca, 0xe0, 0x50, 0xb3, 0x5e, 0xeb, 0x94, 0xa0,
0xb6, 0xad, 0xe3, 0x1a, 0xf0, 0xd9, 0x18, 0xac,
0x14, 0x50, 0x64, 0x92, 0xcd, 0xce, 0x2e, 0xbc,
0x77, 0x9f, 0xc1, 0x1c, 0x7d, 0x5f, 0x94, 0x65,
0x84, 0xd6, 0x5f, 0x30, 0x27, 0xd7, 0x6b, 0xd4,
0x4c, 0x7d, 0xdc, 0x7f, 0xca, 0x77, 0x35, 0xfe,
0xef, 0xfd, 0xbc, 0x4d, 0x65, 0x02, 0xf7, 0xc9,
0xe7, 0x79, 0x4a, 0x3c, 0x45, 0xf4, 0x71, 0x17,
0x05, 0x2d, 0xfc, 0x42, 0x27, 0x0c, 0xc1, 0xce,
0x39, 0x10, 0x9a, 0x08, 0x74, 0xac, 0xdb, 0xc5,
0x3f, 0xf4, 0x85, 0x32, 0x32, 0x3a, 0x8b, 0x07,
0x5a, 0xf1, 0x2a, 0x12, 0x29, 0xd3, 0xdc, 0x86,
0x5c, 0xc8, 0x93, 0xae, 0xb4, 0xfe, 0xa7, 0xe3,
0xdc, 0x9f, 0xc7, 0x4e, 0xd3, 0x51, 0xd3, 0xbd,
0x01, 0x00, 0x01,
};
static EVP_PKEY *
EVP_PKEY_from_PEM(const char *ptr, size_t len)
{
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
warnx("BIO_new");
goto out;
}
if (len > INT_MAX || BIO_write(bio, ptr, (int)len) != (int)len) {
warnx("BIO_write");
goto out;
}
if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL)
warnx("PEM_read_bio_PUBKEY");
out:
BIO_free(bio);
return pkey;
}
static int
rs256_pk_cmp(const char *ptr, size_t len)
{
EVP_PKEY *pkA = NULL;
EVP_PKEY *pkB = NULL;
rs256_pk_t *k = NULL;
int r, ok = -1;
if ((pkA = EVP_PKEY_from_PEM(ptr, len)) == NULL) {
warnx("EVP_PKEY_from_PEM");
goto out;
}
if ((k = rs256_pk_new()) == NULL) {
warnx("rs256_pk_new");
goto out;
}
if ((r = rs256_pk_from_EVP_PKEY(k, pkA)) != FIDO_OK) {
warnx("rs256_pk_from_EVP_PKEY: 0x%x", r);
goto out;
}
if ((pkB = rs256_pk_to_EVP_PKEY(k)) == NULL) {
warnx("rs256_pk_to_EVP_PKEY");
goto out;
}
if ((r = EVP_PKEY_cmp(pkA, pkB)) != 1) {
warnx("EVP_PKEY_cmp: %d", r);
goto out;
}
ok = 0;
out:
EVP_PKEY_free(pkA);
EVP_PKEY_free(pkB);
rs256_pk_free(&k);
return ok;
}
static void
invalid_size(const char *pem)
{
EVP_PKEY *pkey;
rs256_pk_t *pk;
ASSERT_NOT_NULL((pkey = EVP_PKEY_from_PEM(pem, strlen(pem))));
ASSERT_NOT_NULL((pk = rs256_pk_new()));
ASSERT_INVAL(rs256_pk_from_EVP_PKEY(pk, pkey));
EVP_PKEY_free(pkey);
rs256_pk_free(&pk);
}
static void
valid_size(const char *pem, const unsigned char *raw, size_t raw_len)
{
EVP_PKEY *pkeyA;
EVP_PKEY *pkeyB;
rs256_pk_t *pkA;
rs256_pk_t *pkB;
ASSERT_NOT_NULL((pkeyA = EVP_PKEY_from_PEM(pem, strlen(pem))));
ASSERT_NOT_NULL((pkA = rs256_pk_new()));
ASSERT_NOT_NULL((pkB = rs256_pk_new()));
ASSERT_OK(rs256_pk_from_EVP_PKEY(pkA, pkeyA));
ASSERT_OK(rs256_pk_from_ptr(pkB, raw, raw_len));
ASSERT_NOT_NULL((pkeyB = rs256_pk_to_EVP_PKEY(pkB)));
assert(EVP_PKEY_cmp(pkeyA, pkeyB) == 1);
assert(rs256_pk_cmp(pem, strlen(pem)) == 0);
EVP_PKEY_free(pkeyA);
EVP_PKEY_free(pkeyB);
rs256_pk_free(&pkA);
rs256_pk_free(&pkB);
}
int
main(void)
{
fido_init(0);
invalid_size(rsa1024);
invalid_size(rsa3072);
valid_size(rsa2048, rsa2048_raw, sizeof(rsa2048_raw));
exit(0);
}

31
contrib/libfido2/src/CMakeLists.txt
View File

@ -1,6 +1,7 @@
# Copyright (c) 2018-2021 Yubico AB. All rights reserved.
# Copyright (c) 2018-2022 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
add_definitions(-D_FIDO_INTERNAL)
@ -21,6 +22,7 @@ list(APPEND FIDO_SOURCES
eddsa.c
err.c
es256.c
es384.c
hid.c
info.c
io.c
@ -33,20 +35,28 @@ list(APPEND FIDO_SOURCES
rs1.c
rs256.c
time.c
touch.c
tpm.c
types.c
u2f.c
util.c
)
if(FUZZ)
list(APPEND FIDO_SOURCES ../fuzz/clock.c)
list(APPEND FIDO_SOURCES ../fuzz/pcsc.c)
list(APPEND FIDO_SOURCES ../fuzz/prng.c)
list(APPEND FIDO_SOURCES ../fuzz/uniform_random.c)
list(APPEND FIDO_SOURCES ../fuzz/udev.c)
list(APPEND FIDO_SOURCES ../fuzz/uniform_random.c)
list(APPEND FIDO_SOURCES ../fuzz/wrap.c)
endif()
if(NFC_LINUX)
list(APPEND FIDO_SOURCES netlink.c nfc_linux.c)
list(APPEND FIDO_SOURCES netlink.c nfc.c nfc_linux.c)
endif()
if(USE_PCSC)
list(APPEND FIDO_SOURCES nfc.c pcsc.c)
endif()
if(USE_HIDAPI)
@ -75,11 +85,12 @@ else()
endif()
if(NOT MSVC)
set_source_files_properties(${FIDO_SOURCES} PROPERTIES COMPILE_FLAGS
"-Wconversion -Wsign-conversion")
set_source_files_properties(${FIDO_SOURCES}
PROPERTIES COMPILE_FLAGS "${EXTRA_CFLAGS}")
endif()
list(APPEND COMPAT_SOURCES
../openbsd-compat/bsd-asprintf.c
../openbsd-compat/bsd-getpagesize.c
../openbsd-compat/clock_gettime.c
../openbsd-compat/endian_win32.c
@ -93,8 +104,15 @@ list(APPEND COMPAT_SOURCES
if(WIN32)
list(APPEND BASE_LIBRARIES wsock32 ws2_32 bcrypt setupapi hid)
if(USE_PCSC)
list(APPEND BASE_LIBRARIES winscard)
endif()
elseif(APPLE)
list(APPEND BASE_LIBRARIES "-framework CoreFoundation" "-framework IOKit")
list(APPEND BASE_LIBRARIES "-framework CoreFoundation"
"-framework IOKit")
if(USE_PCSC)
list(APPEND BASE_LIBRARIES "-framework PCSC")
endif()
endif()
list(APPEND TARGET_LIBRARIES
@ -104,6 +122,7 @@ list(APPEND TARGET_LIBRARIES
${BASE_LIBRARIES}
${HIDAPI_LIBRARIES}
${ZLIB_LIBRARIES}
${PCSC_LIBRARIES}
)
# static library

1
contrib/libfido2/src/aes256.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2021 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include "fido.h"

206
contrib/libfido2/src/assert.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <openssl/sha.h>
@ -160,42 +161,51 @@ fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert,
static int
fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
int r;
unsigned char *msg;
int msglen;
int r;
fido_assert_reset_rx(assert);
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
r = FIDO_ERR_RX;
goto out;
}
/* start with room for a single assertion */
if ((assert->stmt = calloc(1, sizeof(fido_assert_stmt))) == NULL)
return (FIDO_ERR_INTERNAL);
if ((assert->stmt = calloc(1, sizeof(fido_assert_stmt))) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
assert->stmt_len = 0;
assert->stmt_cnt = 1;
/* adjust as needed */
if ((r = cbor_parse_reply(reply, (size_t)reply_len, assert,
if ((r = cbor_parse_reply(msg, (size_t)msglen, assert,
adjust_assert_count)) != FIDO_OK) {
fido_log_debug("%s: adjust_assert_count", __func__);
return (r);
goto out;
}
/* parse the first assertion */
if ((r = cbor_parse_reply(reply, (size_t)reply_len,
&assert->stmt[assert->stmt_len], parse_assert_reply)) != FIDO_OK) {
if ((r = cbor_parse_reply(msg, (size_t)msglen, &assert->stmt[0],
parse_assert_reply)) != FIDO_OK) {
fido_log_debug("%s: parse_assert_reply", __func__);
return (r);
goto out;
}
assert->stmt_len = 1;
assert->stmt_len++;
r = FIDO_OK;
out:
freezero(msg, FIDO_MAXMSG);
return (FIDO_OK);
return (r);
}
static int
@ -214,30 +224,40 @@ fido_get_next_assert_tx(fido_dev_t *dev, int *ms)
static int
fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
int r;
unsigned char *msg;
int msglen;
int r;
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
r = FIDO_ERR_RX;
goto out;
}
/* sanity check */
if (assert->stmt_len >= assert->stmt_cnt) {
fido_log_debug("%s: stmt_len=%zu, stmt_cnt=%zu", __func__,
assert->stmt_len, assert->stmt_cnt);
return (FIDO_ERR_INTERNAL);
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((r = cbor_parse_reply(reply, (size_t)reply_len,
if ((r = cbor_parse_reply(msg, (size_t)msglen,
&assert->stmt[assert->stmt_len], parse_assert_reply)) != FIDO_OK) {
fido_log_debug("%s: parse_assert_reply", __func__);
return (r);
goto out;
}
return (FIDO_OK);
r = FIDO_OK;
out:
freezero(msg, FIDO_MAXMSG);
return (r);
}
static int
@ -365,59 +385,108 @@ check_extensions(int authdata_ext, int ext)
return (0);
}
static int
get_es256_hash(fido_blob_t *dgst, const fido_blob_t *clientdata,
const fido_blob_t *authdata)
{
const EVP_MD *md;
EVP_MD_CTX *ctx = NULL;
if (dgst->len < SHA256_DIGEST_LENGTH ||
(md = EVP_sha256()) == NULL ||
(ctx = EVP_MD_CTX_new()) == NULL ||
EVP_DigestInit_ex(ctx, md, NULL) != 1 ||
EVP_DigestUpdate(ctx, authdata->ptr, authdata->len) != 1 ||
EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 ||
EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) {
EVP_MD_CTX_free(ctx);
return (-1);
}
dgst->len = SHA256_DIGEST_LENGTH;
EVP_MD_CTX_free(ctx);
return (0);
}
static int
get_es384_hash(fido_blob_t *dgst, const fido_blob_t *clientdata,
const fido_blob_t *authdata)
{
const EVP_MD *md;
EVP_MD_CTX *ctx = NULL;
if (dgst->len < SHA384_DIGEST_LENGTH ||
(md = EVP_sha384()) == NULL ||
(ctx = EVP_MD_CTX_new()) == NULL ||
EVP_DigestInit_ex(ctx, md, NULL) != 1 ||
EVP_DigestUpdate(ctx, authdata->ptr, authdata->len) != 1 ||
EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 ||
EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) {
EVP_MD_CTX_free(ctx);
return (-1);
}
dgst->len = SHA384_DIGEST_LENGTH;
EVP_MD_CTX_free(ctx);
return (0);
}
static int
get_eddsa_hash(fido_blob_t *dgst, const fido_blob_t *clientdata,
const fido_blob_t *authdata)
{
if (SIZE_MAX - authdata->len < clientdata->len ||
dgst->len < authdata->len + clientdata->len)
return (-1);
memcpy(dgst->ptr, authdata->ptr, authdata->len);
memcpy(dgst->ptr + authdata->len, clientdata->ptr, clientdata->len);
dgst->len = authdata->len + clientdata->len;
return (0);
}
int
fido_get_signed_hash(int cose_alg, fido_blob_t *dgst,
const fido_blob_t *clientdata, const fido_blob_t *authdata_cbor)
{
cbor_item_t *item = NULL;
unsigned char *authdata_ptr = NULL;
size_t authdata_len;
fido_blob_t authdata;
struct cbor_load_result cbor;
const EVP_MD *md = NULL;
EVP_MD_CTX *ctx = NULL;
int ok = -1;
fido_log_debug("%s: cose_alg=%d", __func__, cose_alg);
if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len,
&cbor)) == NULL || cbor_isa_bytestring(item) == false ||
cbor_bytestring_is_definite(item) == false) {
fido_log_debug("%s: authdata", __func__);
goto fail;
}
authdata.ptr = cbor_bytestring_handle(item);
authdata.len = cbor_bytestring_length(item);
authdata_ptr = cbor_bytestring_handle(item);
authdata_len = cbor_bytestring_length(item);
if (cose_alg != COSE_EDDSA) {
if (dgst->len < SHA256_DIGEST_LENGTH ||
(md = EVP_sha256()) == NULL ||
(ctx = EVP_MD_CTX_new()) == NULL ||
EVP_DigestInit_ex(ctx, md, NULL) != 1 ||
EVP_DigestUpdate(ctx, authdata_ptr, authdata_len) != 1 ||
EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 ||
EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) {
fido_log_debug("%s: sha256", __func__);
goto fail;
}
dgst->len = SHA256_DIGEST_LENGTH;
} else {
if (SIZE_MAX - authdata_len < clientdata->len ||
dgst->len < authdata_len + clientdata->len) {
fido_log_debug("%s: memcpy", __func__);
goto fail;
}
memcpy(dgst->ptr, authdata_ptr, authdata_len);
memcpy(dgst->ptr + authdata_len, clientdata->ptr,
clientdata->len);
dgst->len = authdata_len + clientdata->len;
switch (cose_alg) {
case COSE_ES256:
case COSE_RS256:
ok = get_es256_hash(dgst, clientdata, &authdata);
break;
case COSE_ES384:
ok = get_es384_hash(dgst, clientdata, &authdata);
break;
case COSE_EDDSA:
ok = get_eddsa_hash(dgst, clientdata, &authdata);
break;
default:
fido_log_debug("%s: unknown cose_alg", __func__);
break;
}
ok = 0;
fail:
if (item != NULL)
cbor_decref(&item);
EVP_MD_CTX_free(ctx);
return (ok);
}
@ -481,6 +550,9 @@ fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg,
case COSE_ES256:
ok = es256_pk_verify_sig(&dgst, pk, &stmt->sig);
break;
case COSE_ES384:
ok = es384_pk_verify_sig(&dgst, pk, &stmt->sig);
break;
case COSE_RS256:
ok = rs256_pk_verify_sig(&dgst, pk, &stmt->sig);
break;
@ -601,7 +673,15 @@ fido_assert_allow_cred(fido_assert_t *assert, const unsigned char *ptr,
free(id.ptr);
return (r);
}
int
fido_assert_empty_allow_list(fido_assert_t *assert)
{
fido_free_blob_array(&assert->allow_list);
memset(&assert->allow_list, 0, sizeof(assert->allow_list));
return (FIDO_OK);
}
int
@ -668,15 +748,15 @@ fido_assert_reset_tx(fido_assert_t *assert)
fido_blob_reset(&assert->cd);
fido_blob_reset(&assert->cdh);
fido_blob_reset(&assert->ext.hmac_salt);
fido_free_blob_array(&assert->allow_list);
fido_assert_empty_allow_list(assert);
memset(&assert->ext, 0, sizeof(assert->ext));
memset(&assert->allow_list, 0, sizeof(assert->allow_list));
assert->rp_id = NULL;
assert->up = FIDO_OPT_OMIT;
assert->uv = FIDO_OPT_OMIT;
}
static void fido_assert_reset_extattr(fido_assert_extattr_t *ext)
static void
fido_assert_reset_extattr(fido_assert_extattr_t *ext)
{
fido_blob_reset(&ext->hmac_secret_enc);
fido_blob_reset(&ext->blob);

28
contrib/libfido2/src/authkey.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include "fido.h"
@ -60,22 +61,31 @@ fido_dev_authkey_tx(fido_dev_t *dev, int *ms)
static int
fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
unsigned char *msg;
int msglen;
int r;
fido_log_debug("%s: dev=%p, authkey=%p, ms=%d", __func__, (void *)dev,
(void *)authkey, *ms);
memset(authkey, 0, sizeof(*authkey));
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
return (cbor_parse_reply(reply, (size_t)reply_len, authkey,
parse_authkey));
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
r = FIDO_ERR_RX;
goto out;
}
r = cbor_parse_reply(msg, (size_t)msglen, authkey, parse_authkey);
out:
freezero(msg, FIDO_MAXMSG);
return (r);
}
static int

130
contrib/libfido2/src/bio.c
View File

@ -1,7 +1,8 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* Copyright (c) 2019-2022 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include "fido.h"
@ -233,25 +234,34 @@ bio_parse_template_array(const cbor_item_t *key, const cbor_item_t *val,
static int
bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
int r;
unsigned char *msg;
int msglen;
int r;
bio_reset_template_array(ta);
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((r = cbor_parse_reply(reply, (size_t)reply_len, ta,
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
r = FIDO_ERR_RX;
goto out;
}
if ((r = cbor_parse_reply(msg, (size_t)msglen, ta,
bio_parse_template_array)) != FIDO_OK) {
fido_log_debug("%s: bio_parse_template_array" , __func__);
return (r);
goto out;
}
return (FIDO_OK);
r = FIDO_OK;
out:
freezero(msg, FIDO_MAXMSG);
return (r);
}
static int
@ -385,33 +395,43 @@ static int
bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
fido_bio_enroll_t *e, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
int r;
unsigned char *msg;
int msglen;
int r;
bio_reset_template(t);
e->remaining_samples = 0;
e->last_status = 0;
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((r = cbor_parse_reply(reply, (size_t)reply_len, e,
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
r = FIDO_ERR_RX;
goto out;
}
if ((r = cbor_parse_reply(msg, (size_t)msglen, e,
bio_parse_enroll_status)) != FIDO_OK) {
fido_log_debug("%s: bio_parse_enroll_status", __func__);
return (r);
}
if ((r = cbor_parse_reply(reply, (size_t)reply_len, &t->id,
bio_parse_template_id)) != FIDO_OK) {
fido_log_debug("%s: bio_parse_template_id", __func__);
return (r);
goto out;
}
return (FIDO_OK);
if ((r = cbor_parse_reply(msg, (size_t)msglen, &t->id,
bio_parse_template_id)) != FIDO_OK) {
fido_log_debug("%s: bio_parse_template_id", __func__);
goto out;
}
r = FIDO_OK;
out:
freezero(msg, FIDO_MAXMSG);
return (r);
}
static int
@ -487,26 +507,35 @@ fido_bio_dev_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
static int
bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
int r;
unsigned char *msg;
int msglen;
int r;
e->remaining_samples = 0;
e->last_status = 0;
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((r = cbor_parse_reply(reply, (size_t)reply_len, e,
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
r = FIDO_ERR_RX;
goto out;
}
if ((r = cbor_parse_reply(msg, (size_t)msglen, e,
bio_parse_enroll_status)) != FIDO_OK) {
fido_log_debug("%s: bio_parse_enroll_status", __func__);
return (r);
goto out;
}
return (FIDO_OK);
r = FIDO_OK;
out:
freezero(msg, FIDO_MAXMSG);
return (r);
}
static int
@ -654,25 +683,34 @@ bio_parse_info(const cbor_item_t *key, const cbor_item_t *val, void *arg)
static int
bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int *ms)
{
unsigned char reply[FIDO_MAXMSG];
int reply_len;
int r;
unsigned char *msg;
int msglen;
int r;
bio_reset_info(i);
if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
return (FIDO_ERR_RX);
if ((msg = malloc(FIDO_MAXMSG)) == NULL) {
r = FIDO_ERR_INTERNAL;
goto out;
}
if ((r = cbor_parse_reply(reply, (size_t)reply_len, i,
if ((msglen = fido_rx(dev, CTAP_CMD_CBOR, msg, FIDO_MAXMSG, ms)) < 0) {
fido_log_debug("%s: fido_rx", __func__);
r = FIDO_ERR_RX;
goto out;
}
if ((r = cbor_parse_reply(msg, (size_t)msglen, i,
bio_parse_info)) != FIDO_OK) {
fido_log_debug("%s: bio_parse_info" , __func__);
return (r);
goto out;
}
return (FIDO_OK);
r = FIDO_OK;
out:
freezero(msg, FIDO_MAXMSG);
return (r);
}
static int

1
contrib/libfido2/src/blob.c
View File

@ -2,6 +2,7 @@
* Copyright (c) 2018 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
*/
#include "fido.h"

Some files were not shown because too many files have changed in this diff Show More