diff --git a/examples/README.adoc b/examples/README.adoc index 6151b70b..1249366f 100644 --- a/examples/README.adoc +++ b/examples/README.adoc @@ -64,7 +64,8 @@ The following examples are provided: The -T option may be used to enforce a timeout of . If the option -b is specified, the credential's "largeBlob" key is stored in . If the option -c is specified the the generated credential - will be bound by the specified protection policy. + will be bound by the specified protection policy. If the option -a is + specified, enterprise attestation will be requested. - assert [-t es256|es384|rs256|eddsa] [-a cred_id] [-h hmac_secret] [-P pin] [-s hmac_salt] [-T seconds] [-b blobkey] [-puv] diff --git a/examples/cred.c b/examples/cred.c index 5a2a27fd..29652b34 100644 --- a/examples/cred.c +++ b/examples/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -36,7 +36,8 @@ static void usage(void) { fprintf(stderr, "usage: cred [-t es256|es384|rs256|eddsa] [-k pubkey] " - "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] [-hruv] " + "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] " + "[-a mode] [-hruv] " "\n"); exit(EXIT_FAILURE); } @@ -166,11 +167,12 @@ main(int argc, char **argv) int ch; int r; long long cred_protect = 0; + long long ea = 0; if ((cred = fido_cred_new()) == NULL) errx(1, "fido_cred_new"); - while ((ch = getopt(argc, argv, "P:T:b:e:hi:k:rt:uvc:")) != -1) { + while ((ch = getopt(argc, argv, "P:T:a:b:e:hi:k:rt:uvc:")) != -1) { switch (ch) { case 'P': pin = optarg; @@ -182,6 +184,12 @@ main(int argc, char **argv) errx(1, "-T: %s must be in (0,30]", optarg); ms *= 1000; /* seconds to milliseconds */ break; + case 'a': + if (base10(optarg, &ea) < 0) + errx(1, "base10: %s", optarg); + if (ea <= 0 || ea > 2) + errx(1, "-a: %s must be in (0,2]", optarg); + break; case 'b': ext |= FIDO_EXT_LARGEBLOB_KEY; blobkey_out = optarg; @@ -203,7 +211,7 @@ main(int argc, char **argv) if (base10(optarg, &cred_protect) < 0) errx(1, "base10: %s", optarg); if (cred_protect <= 0 || cred_protect > 3) - errx(1, "-c: %s must be in (1,3)", optarg); + errx(1, "-c: %s must be in (0,3]", optarg); ext |= FIDO_EXT_CRED_PROTECT; break; case 'i': @@ -293,6 +301,9 @@ main(int argc, char **argv) if (cred_protect != 0 && (r = fido_cred_set_prot(cred, (int)cred_protect)) != FIDO_OK) errx(1, "fido_cred_set_prot: %s (0x%x)", fido_strerr(r), r); + + if (ea != 0 && (r = fido_cred_set_entattest(cred, (int)ea)) != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s (0x%x)", fido_strerr(r), r); /* timeout */ if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK) diff --git a/fuzz/export.gnu b/fuzz/export.gnu index c23831c0..62dfda92 100644 --- a/fuzz/export.gnu +++ b/fuzz/export.gnu @@ -127,6 +127,7 @@ fido_cred_clientdata_hash_len; fido_cred_clientdata_hash_ptr; fido_cred_display_name; + fido_cred_entattest; fido_cred_exclude; fido_cred_flags; fido_cred_largeblob_key_len; @@ -172,6 +173,7 @@ fido_cred_set_blob; fido_cred_set_clientdata; fido_cred_set_clientdata_hash; + fido_cred_set_entattest; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; diff --git a/fuzz/fuzz_cred.c b/fuzz/fuzz_cred.c index f1fc928d..7d3ae61e 100644 --- a/fuzz/fuzz_cred.c +++ b/fuzz/fuzz_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -248,6 +248,8 @@ make_cred(fido_cred_t *cred, uint8_t opt, int type, const struct blob *cdh, fido_cred_set_uv(cred, FIDO_OPT_TRUE); if (user_id->len) fido_cred_set_prot(cred, user_id->body[0] & 0x03); + if (excl_cred->len) + fido_cred_set_entattest(cred, excl_cred->body[0] & 0x03); /* repeat memory operations to trigger reallocation paths */ fido_cred_set_type(cred, type); @@ -279,6 +281,7 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, uint8_t flags; uint32_t sigcount; int r; + bool ea; if ((cred = fido_cred_new()) == NULL) return; @@ -348,6 +351,9 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, minpinlen = fido_cred_pin_minlen(cred); consume(&minpinlen, sizeof(minpinlen)); + ea = fido_cred_entattest(cred); + consume(&ea, sizeof(ea)); + fido_cred_free(&cred); } diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt index e83a9d71..f77c3891 100644 --- a/man/CMakeLists.txt +++ b/man/CMakeLists.txt @@ -165,6 +165,7 @@ list(APPEND MAN_ALIAS fido_cred_new fido_cred_clientdata_hash_len fido_cred_new fido_cred_clientdata_hash_ptr fido_cred_new fido_cred_display_name + fido_cred_new fido_cred_entattest fido_cred_new fido_cred_flags fido_cred_new fido_cred_fmt fido_cred_new fido_cred_free @@ -216,6 +217,7 @@ list(APPEND MAN_ALIAS fido_cred_set_authdata fido_cred_set_blob fido_cred_set_authdata fido_cred_set_clientdata fido_cred_set_authdata fido_cred_set_clientdata_hash + fido_cred_set_authdata fido_cred_set_entattest fido_cred_set_authdata fido_cred_set_extensions fido_cred_set_authdata fido_cred_set_fmt fido_cred_set_authdata fido_cred_set_id diff --git a/man/fido2-cred.1 b/man/fido2-cred.1 index 4e6a4c78..01833081 100644 --- a/man/fido2-cred.1 +++ b/man/fido2-cred.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2023 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -35,6 +35,7 @@ .Nm .Fl M .Op Fl bdhqruvw +.Op Fl a Ar mode .Op Fl c Ar cred_protect .Op Fl i Ar input_file .Op Fl o Ar output_file @@ -120,6 +121,11 @@ to verify a credential. Request the credential's .Dq largeBlobKey , a 32-byte symmetric key associated with the generated credential. +.It Fl a Ar mode +When making a credential, request enterprise attestation. +Please refer to +.In fido/param.h +for the set of possible values. .It Fl c Ar cred_protect If making a credential, set the credential's protection level to .Ar cred_protect , diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3 index 32ce7684..79eb06a5 100644 --- a/man/fido_cred_new.3 +++ b/man/fido_cred_new.3 @@ -63,6 +63,7 @@ .Nm fido_cred_x5c_list_len , .Nm fido_cred_x5c_len , .Nm fido_cred_attstmt_len , +.Nm fido_cred_entattest , .Nm fido_cred_type , .Nm fido_cred_flags , .Nm fido_cred_sigcount @@ -137,6 +138,8 @@ .Fn fido_cred_x5c_len "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_attstmt_len "const fido_cred_t *cred" +.Ft bool +.Fn fido_cred_entattest "const fido_cred_t *cred" .Ft int .Fn fido_cred_type "const fido_cred_t *cred" .Ft uint8_t @@ -309,6 +312,13 @@ The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO2 server for verification. .Pp The +.Fn fido_cred_entattest +function returns +.Dv true +if an enterprise attestation was returned for +.Fa cred . +.Pp +The .Fn fido_cred_type function returns the COSE algorithm of .Fa cred . diff --git a/man/fido_cred_set_authdata.3 b/man/fido_cred_set_authdata.3 index ba3507fd..a5898774 100644 --- a/man/fido_cred_set_authdata.3 +++ b/man/fido_cred_set_authdata.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -40,6 +40,7 @@ .Nm fido_cred_set_clientdata_hash , .Nm fido_cred_set_rp , .Nm fido_cred_set_user , +.Nm fido_cred_set_entattest , .Nm fido_cred_set_extensions , .Nm fido_cred_set_blob , .Nm fido_cred_set_pin_minlen , @@ -81,6 +82,8 @@ typedef enum { .Ft int .Fn fido_cred_set_user "fido_cred_t *cred" "const unsigned char *user_id" "size_t user_id_len" "const char *name" "const char *display_name" "const char *icon" .Ft int +.Fn fido_cred_set_entattest "fido_cred_t *cred" "int ea" +.Ft int .Fn fido_cred_set_extensions "fido_cred_t *cred" "int flags" .Ft int .Fn fido_cred_set_blob "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" @@ -243,6 +246,21 @@ and parameters may be NULL. .Pp The +.Fn fido_cred_set_entattest +function sets the enterprise attestation mode of +.Fa cred +to +.Fa ea . +At the moment, only the +.Dv FIDO_ENTATTEST_VENDOR +and +.Dv FIDO_ENTATTEST_PLATFORM +modes are supported. +By default, or if +.Fa ea +is zero, no enterprise attestation is requested. +.Pp +The .Fn fido_cred_set_extensions function sets the extensions of .Fa cred diff --git a/regress/CMakeLists.txt b/regress/CMakeLists.txt index 246bffa1..ea7a69dc 100644 --- a/regress/CMakeLists.txt +++ b/regress/CMakeLists.txt @@ -1,16 +1,18 @@ -# Copyright (c) 2018-2022 Yubico AB. All rights reserved. +# Copyright (c) 2018-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause add_custom_target(regress) -macro(add_regress_test NAME SOURCES LIB) - add_executable(${NAME} ${SOURCES}) +function(add_regress_test NAME) + set(MULTIVAL_KEYWORDS "SOURCES" "LIBS") + cmake_parse_arguments(PARSE_ARGV 1 arg "" "" "${MULTIVAL_KEYWORDS}") + add_executable(${NAME} ${arg_SOURCES}) add_test(${NAME} ${NAME}) add_dependencies(regress ${NAME}) - target_link_libraries(${NAME} ${LIB}) -endmacro() + target_link_libraries(${NAME} ${arg_LIBS}) +endfunction() if(MSVC AND BUILD_SHARED_LIBS) add_custom_command(TARGET regress POST_BUILD @@ -40,18 +42,19 @@ else() WORKING_DIRECTORY ${PROJECT_BINARY_DIR}) endif() -add_regress_test(regress_assert assert.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_cred cred.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_dev dev.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_eddsa eddsa.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_es256 es256.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_es384 es384.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_rs256 rs256.c ${_FIDO2_LIBRARY}) +add_regress_test(regress_assert SOURCES assert.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_cred SOURCES cred.c mock.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_dev SOURCES dev.c mock.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_eddsa SOURCES eddsa.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_es256 SOURCES es256.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_es384 SOURCES es384.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_rs256 SOURCES rs256.c LIBS ${_FIDO2_LIBRARY}) if(BUILD_STATIC_LIBS) - add_regress_test(regress_compress compress.c fido2) + add_regress_test(regress_compress SOURCES compress.c LIBS fido2) endif() if(MINGW) # needed for nanosleep() in mingw target_link_libraries(regress_dev winpthread) + target_link_libraries(regress_cred winpthread) endif() diff --git a/regress/cred.c b/regress/cred.c index 00c555ef..a9be954d 100644 --- a/regress/cred.c +++ b/regress/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2021 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -15,8 +15,292 @@ #define _FIDO_INTERNAL #include - -static int fake_dev_handle; +#include "extern.h" +#include "../fuzz/wiredata_fido2.h" + +#define REGRESS_WIREDATA_MAKECRED \ + 0x00, 0x22, 0x00, 0x02, 0x90, 0x04, 0x13, 0x00, \ + 0xa3, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \ + 0x64, 0x02, 0x58, 0xc4, 0x49, 0x96, 0x0d, 0xe5, \ + 0x88, 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, \ + 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, \ + 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, \ + 0x83, 0x1d, 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, \ + 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \ + 0x00, 0x22, 0x00, 0x02, 0x00, 0x15, 0x80, 0x06, \ + 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \ + 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, 0x38, \ + 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, 0x95, \ + 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, 0xbb, \ + 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, 0x20, \ + 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, 0xd6, \ + 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, 0x35, \ + 0x00, 0x22, 0x00, 0x02, 0x01, 0x29, 0xf5, 0x09, \ + 0x76, 0x91, 0x20, 0x94, 0x42, 0xc4, 0x52, 0x8b, \ + 0x18, 0xca, 0xe1, 0x3d, 0x12, 0xa5, 0x01, 0x02, \ + 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf8, \ + 0x28, 0x2e, 0x88, 0x10, 0xfe, 0xa4, 0xda, 0x50, \ + 0x6c, 0xef, 0x2d, 0x48, 0x0d, 0xba, 0x71, 0xaf, \ + 0xb8, 0x76, 0x78, 0xb8, 0xc3, 0x32, 0x80, 0x0d, \ + 0x8c, 0x1f, 0xba, 0xb4, 0xbf, 0xa0, 0xa1, 0x22, \ + 0x00, 0x22, 0x00, 0x02, 0x02, 0x58, 0x20, 0xc3, \ + 0x88, 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, 0x21, \ + 0xf3, 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, 0x6b, \ + 0x30, 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, 0xc7, \ + 0xe8, 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d, 0x03, \ + 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \ + 0x69, 0x67, 0x58, 0x47, 0x30, 0x45, 0x02, 0x21, \ + 0x00, 0x89, 0xec, 0x44, 0xbc, 0xa9, 0x4a, 0x8d, \ + 0x00, 0x22, 0x00, 0x02, 0x03, 0xf8, 0x38, 0xa1, \ + 0x86, 0x39, 0x8f, 0xbd, 0xca, 0x4f, 0x0c, 0xe4, \ + 0x60, 0xa1, 0x62, 0xb7, 0x93, 0x9a, 0x42, 0x8a, \ + 0xcc, 0x74, 0x6c, 0x9e, 0x6e, 0xc2, 0x02, 0x20, \ + 0x64, 0x04, 0x4a, 0xfb, 0x7c, 0xcf, 0x94, 0x12, \ + 0xef, 0x17, 0xc5, 0x4f, 0x48, 0xb6, 0xbc, 0x72, \ + 0xc8, 0x39, 0x6d, 0x64, 0xb6, 0x23, 0xe3, 0xc8, \ + 0xcb, 0x62, 0xd8, 0x6b, 0x90, 0x32, 0xc7, 0x99, \ + 0x00, 0x22, 0x00, 0x02, 0x04, 0x63, 0x78, 0x35, \ + 0x63, 0x81, 0x59, 0x02, 0xe6, 0x30, 0x82, 0x02, \ + 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, \ + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x1d, \ + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, 0x63, \ + 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, 0x65, \ + 0x00, 0x22, 0x00, 0x02, 0x05, 0x73, 0x74, 0x20, \ + 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, \ + 0x30, 0x35, 0x31, 0x35, 0x31, 0x32, 0x35, 0x38, \ + 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x30, \ + 0x36, 0x31, 0x34, 0x31, 0x32, 0x35, 0x38, 0x35, \ + 0x34, 0x5a, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, \ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x59, \ + 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, 0x32, \ + 0x00, 0x22, 0x00, 0x02, 0x06, 0x46, 0x20, 0x54, \ + 0x65, 0x73, 0x74, 0x20, 0x45, 0x45, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, \ + 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0xdb, 0x0a, 0xdb, 0xf5, 0x21, 0xc7, 0x5c, \ + 0xce, 0x63, 0xdc, 0xa6, 0xe1, 0xe8, 0x25, 0x06, \ + 0x0d, 0x94, 0xe6, 0x27, 0x54, 0x19, 0x4f, 0x9d, \ + 0x00, 0x22, 0x00, 0x02, 0x07, 0x24, 0xaf, 0x26, \ + 0x1a, 0xbe, 0xad, 0x99, 0x44, 0x1f, 0x95, 0xa3, \ + 0x71, 0x91, 0x0a, 0x3a, 0x20, 0xe7, 0x3e, 0x91, \ + 0x5e, 0x13, 0xe8, 0xbe, 0x38, 0x05, 0x7a, 0xd5, \ + 0x7a, 0xa3, 0x7e, 0x76, 0x90, 0x8f, 0xaf, 0xe2, \ + 0x8a, 0x94, 0xb6, 0x30, 0xeb, 0x9d, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, \ + 0x00, 0x22, 0x00, 0x02, 0x08, 0x01, 0x00, 0x95, \ + 0x40, 0x6b, 0x50, 0x61, 0x7d, 0xad, 0x84, 0xa3, \ + 0xb4, 0xeb, 0x88, 0x0f, 0xe3, 0x30, 0x0f, 0x2d, \ + 0xa2, 0x0a, 0x00, 0xd9, 0x25, 0x04, 0xee, 0x72, \ + 0xfa, 0x67, 0xdf, 0x58, 0x51, 0x0f, 0x0b, 0x47, \ + 0x02, 0x9c, 0x3e, 0x41, 0x29, 0x4a, 0x93, 0xac, \ + 0x29, 0x85, 0x89, 0x2d, 0xa4, 0x7a, 0x81, 0x32, \ + 0x28, 0x57, 0x71, 0x01, 0xef, 0xa8, 0x42, 0x88, \ + 0x00, 0x22, 0x00, 0x02, 0x09, 0x16, 0x96, 0x37, \ + 0x91, 0xd5, 0xdf, 0xe0, 0x8f, 0xc9, 0x3c, 0x8d, \ + 0xb0, 0xcd, 0x89, 0x70, 0x82, 0xec, 0x79, 0xd3, \ + 0xc6, 0x78, 0x73, 0x29, 0x32, 0xe5, 0xab, 0x6c, \ + 0xbd, 0x56, 0x9f, 0xd5, 0x45, 0x91, 0xce, 0xc1, \ + 0xdd, 0x8d, 0x64, 0xdc, 0xe9, 0x9c, 0x1f, 0x5e, \ + 0x3c, 0xd2, 0xaf, 0x51, 0xa5, 0x82, 0x18, 0xaf, \ + 0xe0, 0x37, 0xe7, 0x32, 0x9e, 0x76, 0x05, 0x77, \ + 0x00, 0x22, 0x00, 0x02, 0x0a, 0x02, 0x7b, 0xe6, \ + 0x24, 0xa0, 0x31, 0x56, 0x1b, 0xfd, 0x19, 0xc5, \ + 0x71, 0xd3, 0xf0, 0x9e, 0xc0, 0x73, 0x05, 0x4e, \ + 0xbc, 0x85, 0xb8, 0x53, 0x9e, 0xef, 0xc5, 0xbc, \ + 0x9c, 0x56, 0xa3, 0xba, 0xd9, 0x27, 0x6a, 0xbb, \ + 0xa9, 0x7a, 0x40, 0xd7, 0x47, 0x8b, 0x55, 0x72, \ + 0x6b, 0xe3, 0xfe, 0x28, 0x49, 0x71, 0x24, 0xf4, \ + 0x8f, 0xf4, 0x20, 0x81, 0xea, 0x38, 0xff, 0x7c, \ + 0x00, 0x22, 0x00, 0x02, 0x0b, 0x0a, 0x4f, 0xdf, \ + 0x02, 0x82, 0x39, 0x81, 0x82, 0x3b, 0xca, 0x09, \ + 0xdd, 0xca, 0xaa, 0x0f, 0x27, 0xf5, 0xa4, 0x83, \ + 0x55, 0x6c, 0x9a, 0x39, 0x9b, 0x15, 0x3a, 0x16, \ + 0x63, 0xdc, 0x5b, 0xf9, 0xac, 0x5b, 0xbc, 0xf7, \ + 0x9f, 0xbe, 0x0f, 0x8a, 0xa2, 0x3c, 0x31, 0x13, \ + 0xa3, 0x32, 0x48, 0xca, 0x58, 0x87, 0xf8, 0x7b, \ + 0xa0, 0xa1, 0x0a, 0x6a, 0x60, 0x96, 0x93, 0x5f, \ + 0x00, 0x22, 0x00, 0x02, 0x0c, 0x5d, 0x26, 0x9e, \ + 0x63, 0x1d, 0x09, 0xae, 0x9a, 0x41, 0xe5, 0xbd, \ + 0x08, 0x47, 0xfe, 0xe5, 0x09, 0x9b, 0x20, 0xfd, \ + 0x12, 0xe2, 0xe6, 0x40, 0x7f, 0xba, 0x4a, 0x61, \ + 0x33, 0x66, 0x0d, 0x0e, 0x73, 0xdb, 0xb0, 0xd5, \ + 0xa2, 0x9a, 0x9a, 0x17, 0x0d, 0x34, 0x30, 0x85, \ + 0x6a, 0x42, 0x46, 0x9e, 0xff, 0x34, 0x8f, 0x5f, \ + 0x87, 0x6c, 0x35, 0xe7, 0xa8, 0x4d, 0x35, 0xeb, \ + 0x00, 0x22, 0x00, 0x02, 0x0d, 0xc1, 0x41, 0xaa, \ + 0x8a, 0xd2, 0xda, 0x19, 0xaa, 0x79, 0xa2, 0x5f, \ + 0x35, 0x2c, 0xa0, 0xfd, 0x25, 0xd3, 0xf7, 0x9d, \ + 0x25, 0x18, 0x2d, 0xfa, 0xb4, 0xbc, 0xbb, 0x07, \ + 0x34, 0x3c, 0x8d, 0x81, 0xbd, 0xf4, 0xe9, 0x37, \ + 0xdb, 0x39, 0xe9, 0xd1, 0x45, 0x5b, 0x20, 0x41, \ + 0x2f, 0x2d, 0x27, 0x22, 0xdc, 0x92, 0x74, 0x8a, \ + 0x92, 0xd5, 0x83, 0xfd, 0x09, 0xfb, 0x13, 0x9b, \ + 0x00, 0x22, 0x00, 0x02, 0x0e, 0xe3, 0x39, 0x7a, \ + 0x6b, 0x5c, 0xfa, 0xe6, 0x76, 0x9e, 0xe0, 0xe4, \ + 0xe3, 0xef, 0xad, 0xbc, 0xfd, 0x42, 0x45, 0x9a, \ + 0xd4, 0x94, 0xd1, 0x7e, 0x8d, 0xa7, 0xd8, 0x05, \ + 0xd5, 0xd3, 0x62, 0xcf, 0x15, 0xcf, 0x94, 0x7d, \ + 0x1f, 0x5b, 0x58, 0x20, 0x44, 0x20, 0x90, 0x71, \ + 0xbe, 0x66, 0xe9, 0x9a, 0xab, 0x74, 0x32, 0x70, \ + 0x53, 0x1d, 0x69, 0xed, 0x87, 0x66, 0xf4, 0x09, \ + 0x00, 0x22, 0x00, 0x02, 0x0f, 0x4f, 0xca, 0x25, \ + 0x30, 0xc2, 0x63, 0x79, 0x00, 0x3c, 0xb1, 0x9b, \ + 0x39, 0x3f, 0x00, 0xe0, 0xa8, 0x88, 0xef, 0x7a, \ + 0x51, 0x5b, 0xe7, 0xbd, 0x49, 0x64, 0xda, 0x41, \ + 0x7b, 0x24, 0xc3, 0x71, 0x22, 0xfd, 0xd1, 0xd1, \ + 0x20, 0xb3, 0x3f, 0x97, 0xd3, 0x97, 0xb2, 0xaa, \ + 0x18, 0x1c, 0x9e, 0x03, 0x77, 0x7b, 0x5b, 0x7e, \ + 0xf9, 0xa3, 0xa0, 0xd6, 0x20, 0x81, 0x2c, 0x38, \ + 0x00, 0x22, 0x00, 0x02, 0x10, 0x8f, 0x9d, 0x25, \ + 0xde, 0xe9, 0xc8, 0xf5, 0xdd, 0x6a, 0x47, 0x9c, \ + 0x65, 0x04, 0x5a, 0x56, 0xe6, 0xc2, 0xeb, 0xf2, \ + 0x02, 0x97, 0xe1, 0xb9, 0xd8, 0xe1, 0x24, 0x76, \ + 0x9f, 0x23, 0x62, 0x39, 0x03, 0x4b, 0xc8, 0xf7, \ + 0x34, 0x07, 0x49, 0xd6, 0xe7, 0x4d, 0x9a, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + +#define REGRESS_WIREDATA_MAKECRED_ENTATTEST \ + 0x00, 0x22, 0x00, 0x02, 0x90, 0x03, 0xcd, 0x00, \ + 0xa4, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \ + 0x64, 0x02, 0x58, 0xc4, 0x92, 0x36, 0x01, 0x1e, \ + 0x1f, 0xd0, 0x97, 0x79, 0xef, 0xba, 0x2f, 0x03, \ + 0xa6, 0xa0, 0x74, 0x65, 0xc2, 0x1c, 0x8d, 0x11, \ + 0x8e, 0x40, 0x5e, 0x87, 0xfd, 0xe4, 0x43, 0xf2, \ + 0x78, 0x18, 0xa4, 0xa7, 0x41, 0x00, 0x00, 0x00, \ + 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \ + 0x00, 0x22, 0x00, 0x02, 0x00, 0x15, 0x80, 0x06, \ + 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \ + 0xdf, 0x57, 0x2d, 0x2d, 0x1f, 0x2f, 0x0a, 0x70, \ + 0x12, 0xe3, 0x69, 0x3e, 0x98, 0x96, 0xdb, 0xbb, \ + 0x5a, 0x80, 0xdc, 0x5e, 0x98, 0x58, 0x3b, 0x4e, \ + 0x23, 0xb8, 0x07, 0xc6, 0x84, 0x64, 0x2d, 0x39, \ + 0xf1, 0x76, 0x8b, 0x80, 0xcb, 0xb8, 0x09, 0x1d, \ + 0x0b, 0xcb, 0xad, 0x7f, 0x18, 0xce, 0x3b, 0xc9, \ + 0x00, 0x22, 0x00, 0x02, 0x01, 0x1c, 0x3f, 0xda, \ + 0x9e, 0x03, 0x5f, 0xce, 0xee, 0x7c, 0xcd, 0x65, \ + 0x77, 0xff, 0x0a, 0xd3, 0x08, 0xa5, 0x01, 0x02, \ + 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xa2, \ + 0xdb, 0x38, 0xba, 0x4b, 0x61, 0x81, 0x05, 0x97, \ + 0xf2, 0xdf, 0x48, 0xfd, 0x4d, 0xf5, 0x3f, 0x07, \ + 0x86, 0x44, 0x8e, 0xdb, 0x07, 0x69, 0x12, 0x42, \ + 0xac, 0x81, 0x2a, 0x2c, 0x46, 0xcf, 0xea, 0x22, \ + 0x00, 0x22, 0x00, 0x02, 0x02, 0x58, 0x20, 0xef, \ + 0x31, 0x8d, 0xc9, 0x7e, 0xda, 0xfd, 0x5b, 0x7d, \ + 0x68, 0xe0, 0x41, 0x40, 0xb2, 0x27, 0xdd, 0x8e, \ + 0x6d, 0x6b, 0xc4, 0x51, 0xe5, 0x36, 0xb6, 0x99, \ + 0xda, 0x71, 0xdb, 0x5d, 0xed, 0x0d, 0x51, 0x03, \ + 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \ + 0x69, 0x67, 0x58, 0x47, 0x30, 0x45, 0x02, 0x20, \ + 0x17, 0x04, 0x53, 0x07, 0xcd, 0x3d, 0x45, 0xc9, \ + 0x00, 0x22, 0x00, 0x02, 0x03, 0x98, 0x50, 0x38, \ + 0xa5, 0x30, 0x9e, 0x53, 0xd9, 0xe1, 0xfe, 0xd0, \ + 0xde, 0xca, 0xbd, 0x38, 0x99, 0x0b, 0xec, 0x9e, \ + 0xe6, 0xb8, 0xd3, 0x35, 0x82, 0x02, 0x21, 0x00, \ + 0xb3, 0x3a, 0xf7, 0xb9, 0x30, 0x4e, 0x7a, 0xc4, \ + 0x7f, 0xa7, 0xdc, 0x85, 0x2f, 0x4e, 0x26, 0x06, \ + 0xb0, 0xd4, 0xa7, 0x3a, 0x1a, 0x48, 0xf8, 0x11, \ + 0x5f, 0x9b, 0x5f, 0xd3, 0x5e, 0xf4, 0x1b, 0xce, \ + 0x00, 0x22, 0x00, 0x02, 0x04, 0x63, 0x78, 0x35, \ + 0x63, 0x81, 0x59, 0x02, 0x9e, 0x30, 0x82, 0x02, \ + 0x9a, 0x30, 0x82, 0x02, 0x40, 0xa0, 0x03, 0x02, \ + 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, \ + 0x02, 0x30, 0x81, 0xb0, 0x31, 0x2f, 0x30, 0x2d, \ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x46, \ + 0x49, 0x44, 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, \ + 0x00, 0x22, 0x00, 0x02, 0x05, 0x65, 0x72, 0x70, \ + 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, 0x74, 0x74, \ + 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, \ + 0x20, 0x54, 0x45, 0x53, 0x54, 0x20, 0x52, 0x4f, \ + 0x4f, 0x54, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, \ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, \ + 0x01, 0x16, 0x16, 0x74, 0x6f, 0x6f, 0x6c, 0x73, \ + 0x40, 0x66, 0x69, 0x64, 0x6f, 0x61, 0x6c, 0x6c, \ + 0x00, 0x22, 0x00, 0x02, 0x06, 0x69, 0x61, 0x6e, \ + 0x63, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x16, \ + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, \ + 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, 0x6c, \ + 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, 0x0c, \ + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, \ + 0x03, 0x43, 0x57, 0x47, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, \ + 0x00, 0x22, 0x00, 0x02, 0x07, 0x53, 0x31, 0x0b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, \ + 0x02, 0x43, 0x41, 0x31, 0x16, 0x30, 0x14, 0x06, \ + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, \ + 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, \ + 0x69, 0x65, 0x77, 0x30, 0x1e, 0x17, 0x0d, 0x32, \ + 0x31, 0x30, 0x35, 0x31, 0x33, 0x31, 0x33, 0x31, \ + 0x39, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x32, 0x36, \ + 0x00, 0x22, 0x00, 0x02, 0x08, 0x31, 0x31, 0x30, \ + 0x33, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, \ + 0x30, 0x81, 0xcd, 0x31, 0x3a, 0x30, 0x38, 0x06, \ + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x31, 0x46, 0x49, \ + 0x44, 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, 0x65, \ + 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, \ + 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, \ + 0x6f, 0x6e, 0x20, 0x42, 0x41, 0x54, 0x43, 0x48, \ + 0x00, 0x22, 0x00, 0x02, 0x09, 0x20, 0x4b, 0x45, \ + 0x59, 0x20, 0x70, 0x72, 0x69, 0x6d, 0x65, 0x32, \ + 0x35, 0x36, 0x76, 0x31, 0x31, 0x25, 0x30, 0x23, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x09, 0x01, 0x16, 0x16, 0x74, 0x6f, 0x6f, \ + 0x6c, 0x73, 0x40, 0x66, 0x69, 0x64, 0x6f, 0x61, \ + 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x2e, \ + 0x6f, 0x72, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, \ + 0x00, 0x22, 0x00, 0x02, 0x0a, 0x03, 0x55, 0x04, \ + 0x0a, 0x0c, 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, \ + 0x41, 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, \ + 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, \ + 0x0b, 0x0c, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65, \ + 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72, \ + 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, \ + 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x0b, 0x30, 0x09, \ + 0x00, 0x22, 0x00, 0x02, 0x0b, 0x06, 0x03, 0x55, \ + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, \ + 0x02, 0x4d, 0x59, 0x31, 0x12, 0x30, 0x10, 0x06, \ + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x57, 0x61, \ + 0x6b, 0x65, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x30, \ + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, \ + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, \ + 0x00, 0x22, 0x00, 0x02, 0x0c, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xad, \ + 0x51, 0xdc, 0x74, 0x2c, 0x37, 0x7f, 0x78, 0x38, \ + 0x2d, 0x2a, 0x3f, 0x40, 0xe9, 0xe3, 0xae, 0xb5, \ + 0x9e, 0x45, 0x93, 0xf2, 0x82, 0xc6, 0xc4, 0x82, \ + 0xfb, 0xd6, 0xd7, 0x1b, 0xda, 0x7c, 0xec, 0x0c, \ + 0x5c, 0x8e, 0x8a, 0xd3, 0xdd, 0x0a, 0xf5, 0x56, \ + 0x43, 0xf0, 0xfc, 0x0b, 0x0d, 0xd7, 0xe9, 0x0a, \ + 0x00, 0x22, 0x00, 0x02, 0x0d, 0xeb, 0x0e, 0xbc, \ + 0x4f, 0x12, 0x27, 0xd7, 0xbc, 0xb0, 0xa9, 0x15, \ + 0x1f, 0x49, 0x6e, 0x10, 0xa3, 0x2c, 0x30, 0x2a, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0xd3, \ + 0xe9, 0x9a, 0xaf, 0x89, 0x9a, 0xb7, 0x10, 0x61, \ + 0xa3, 0xae, 0x74, 0x7f, 0x3a, 0x96, 0x96, 0xda, \ + 0x00, 0x22, 0x00, 0x02, 0x0e, 0xce, 0x61, 0x30, \ + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, \ + 0x02, 0x21, 0x00, 0x8e, 0xd7, 0x9c, 0xbe, 0x8f, \ + 0x99, 0xe0, 0xcf, 0x88, 0x04, 0x7e, 0xc0, 0xe1, \ + 0x5a, 0xaa, 0x4a, 0xa3, 0xd7, 0xfc, 0x53, 0x9f, \ + 0x8f, 0x13, 0x66, 0xe7, 0x03, 0x8f, 0xb8, 0x6d, \ + 0x8b, 0xb1, 0x44, 0x02, 0x20, 0x16, 0x68, 0xa5, \ + 0x00, 0x22, 0x00, 0x02, 0x0f, 0xf9, 0x62, 0x9a, \ + 0xc9, 0xf9, 0x27, 0x88, 0x38, 0x91, 0x69, 0x2f, \ + 0x1f, 0xdf, 0xb0, 0xe3, 0x49, 0x0c, 0xaa, 0x3d, \ + 0x4c, 0x10, 0xf4, 0x9c, 0xee, 0xd8, 0xd8, 0x28, \ + 0x01, 0x26, 0x04, 0xf5, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 static const unsigned char cdh[32] = { 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, @@ -30,27 +314,27 @@ static const unsigned char authdata[198] = { 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, 0x83, 0x1d, - 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, 0x00, 0xf8, + 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, - 0x40, 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, - 0xc5, 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, - 0x53, 0xa8, 0xbf, 0x9d, 0xd6, 0x09, 0x6b, 0x5e, - 0x7f, 0xe0, 0x0d, 0x51, 0x30, 0x85, 0x6a, 0xda, - 0x68, 0x70, 0x85, 0xb0, 0xdb, 0x08, 0x0b, 0x83, - 0x2c, 0xef, 0x44, 0xe2, 0x36, 0x88, 0xee, 0x76, - 0x90, 0x6e, 0x7b, 0x50, 0x3e, 0x9a, 0xa0, 0xd6, - 0x3c, 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, - 0x25, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, - 0x21, 0x58, 0x20, 0x17, 0x5b, 0x27, 0xa6, 0x56, - 0xb2, 0x26, 0x0c, 0x26, 0x0c, 0x55, 0x42, 0x78, - 0x17, 0x5d, 0x4c, 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, - 0x54, 0xdf, 0xd5, 0xeb, 0xbf, 0x22, 0x64, 0xf5, - 0x21, 0x9a, 0xc6, 0x22, 0x58, 0x20, 0x87, 0x5f, - 0x90, 0xe6, 0xfd, 0x71, 0x27, 0x9f, 0xeb, 0xe3, - 0x03, 0x44, 0xbc, 0x8d, 0x49, 0xc6, 0x1c, 0x31, - 0x3b, 0x72, 0xae, 0xd4, 0x53, 0xb1, 0xfe, 0x5d, - 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, + 0x40, 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, + 0x38, 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, + 0x95, 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, + 0xbb, 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, + 0x20, 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, + 0xd6, 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, + 0x35, 0x29, 0xf5, 0x09, 0x76, 0x91, 0x20, 0x94, + 0x42, 0xc4, 0x52, 0x8b, 0x18, 0xca, 0xe1, 0x3d, + 0x12, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, + 0x21, 0x58, 0x20, 0xf8, 0x28, 0x2e, 0x88, 0x10, + 0xfe, 0xa4, 0xda, 0x50, 0x6c, 0xef, 0x2d, 0x48, + 0x0d, 0xba, 0x71, 0xaf, 0xb8, 0x76, 0x78, 0xb8, + 0xc3, 0x32, 0x80, 0x0d, 0x8c, 0x1f, 0xba, 0xb4, + 0xbf, 0xa0, 0xa1, 0x22, 0x58, 0x20, 0xc3, 0x88, + 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, 0x21, 0xf3, + 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, 0x6b, 0x30, + 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, 0xc7, 0xe8, + 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d }; static const unsigned char authdata_dupkeys[200] = { @@ -278,27 +562,27 @@ static const unsigned char x509[742] = { 0x07, 0x49, 0xd6, 0xe7, 0x4d, 0x9a, }; -const unsigned char sig[70] = { - 0x30, 0x44, 0x02, 0x20, 0x54, 0x92, 0x28, 0x3b, - 0x83, 0x33, 0x47, 0x56, 0x68, 0x79, 0xb2, 0x0c, - 0x84, 0x80, 0xcc, 0x67, 0x27, 0x8b, 0xfa, 0x48, - 0x43, 0x0d, 0x3c, 0xb4, 0x02, 0x36, 0x87, 0x97, - 0x3e, 0xdf, 0x2f, 0x65, 0x02, 0x20, 0x1b, 0x56, - 0x17, 0x06, 0xe2, 0x26, 0x0f, 0x6a, 0xe9, 0xa9, - 0x70, 0x99, 0x62, 0xeb, 0x3a, 0x04, 0x1a, 0xc4, - 0xa7, 0x03, 0x28, 0x56, 0x7c, 0xed, 0x47, 0x08, - 0x68, 0x73, 0x6a, 0xb6, 0x89, 0x0d, +const unsigned char sig[71] = { + 0x30, 0x45, 0x02, 0x21, 0x00, 0x89, 0xec, 0x44, + 0xbc, 0xa9, 0x4a, 0x8d, 0xf8, 0x38, 0xa1, 0x86, + 0x39, 0x8f, 0xbd, 0xca, 0x4f, 0x0c, 0xe4, 0x60, + 0xa1, 0x62, 0xb7, 0x93, 0x9a, 0x42, 0x8a, 0xcc, + 0x74, 0x6c, 0x9e, 0x6e, 0xc2, 0x02, 0x20, 0x64, + 0x04, 0x4a, 0xfb, 0x7c, 0xcf, 0x94, 0x12, 0xef, + 0x17, 0xc5, 0x4f, 0x48, 0xb6, 0xbc, 0x72, 0xc8, + 0x39, 0x6d, 0x64, 0xb6, 0x23, 0xe3, 0xc8, 0xcb, + 0x62, 0xd8, 0x6b, 0x90, 0x32, 0xc7, 0x99, }; const unsigned char pubkey[64] = { - 0x17, 0x5b, 0x27, 0xa6, 0x56, 0xb2, 0x26, 0x0c, - 0x26, 0x0c, 0x55, 0x42, 0x78, 0x17, 0x5d, 0x4c, - 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, 0x54, 0xdf, 0xd5, - 0xeb, 0xbf, 0x22, 0x64, 0xf5, 0x21, 0x9a, 0xc6, - 0x87, 0x5f, 0x90, 0xe6, 0xfd, 0x71, 0x27, 0x9f, - 0xeb, 0xe3, 0x03, 0x44, 0xbc, 0x8d, 0x49, 0xc6, - 0x1c, 0x31, 0x3b, 0x72, 0xae, 0xd4, 0x53, 0xb1, - 0xfe, 0x5d, 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, + 0xf8, 0x28, 0x2e, 0x88, 0x10, 0xfe, 0xa4, 0xda, + 0x50, 0x6c, 0xef, 0x2d, 0x48, 0x0d, 0xba, 0x71, + 0xaf, 0xb8, 0x76, 0x78, 0xb8, 0xc3, 0x32, 0x80, + 0x0d, 0x8c, 0x1f, 0xba, 0xb4, 0xbf, 0xa0, 0xa1, + 0xc3, 0x88, 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, + 0x21, 0xf3, 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, + 0x6b, 0x30, 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, + 0xc7, 0xe8, 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d, }; const unsigned char pubkey_tpm_rs256[259] = { @@ -349,14 +633,14 @@ const unsigned char pubkey_tpm_es256[64] = { }; const unsigned char id[64] = { - 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, - 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, - 0xa8, 0xbf, 0x9d, 0xd6, 0x09, 0x6b, 0x5e, 0x7f, - 0xe0, 0x0d, 0x51, 0x30, 0x85, 0x6a, 0xda, 0x68, - 0x70, 0x85, 0xb0, 0xdb, 0x08, 0x0b, 0x83, 0x2c, - 0xef, 0x44, 0xe2, 0x36, 0x88, 0xee, 0x76, 0x90, - 0x6e, 0x7b, 0x50, 0x3e, 0x9a, 0xa0, 0xd6, 0x3c, - 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, + 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, 0x38, + 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, 0x95, + 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, 0xbb, + 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, 0x20, + 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, 0xd6, + 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, 0x35, + 0x29, 0xf5, 0x09, 0x76, 0x91, 0x20, 0x94, 0x42, + 0xc4, 0x52, 0x8b, 0x18, 0xca, 0xe1, 0x3d, 0x12, }; const unsigned char id_tpm_rs256[32] = { @@ -1778,6 +2062,92 @@ const unsigned char x509_1_tpm_es256[1775] = { 0xfe, 0x9a, 0x82, 0x4d, 0x75, 0xb8, 0x6d }; +static const uint8_t x509_entattest[] = { + 0x30, 0x82, 0x02, 0x9a, 0x30, 0x82, 0x02, 0x40, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0xb0, 0x31, + 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x26, 0x46, 0x49, 0x44, 0x4f, 0x32, 0x20, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, + 0x73, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x54, + 0x45, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, + 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x16, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x40, 0x66, + 0x69, 0x64, 0x6f, 0x61, 0x6c, 0x6c, 0x69, 0x61, + 0x6e, 0x63, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, + 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x03, 0x43, 0x57, 0x47, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x35, 0x31, + 0x33, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, + 0x17, 0x0d, 0x32, 0x36, 0x31, 0x31, 0x30, 0x33, + 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, 0x30, + 0x81, 0xcd, 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x31, 0x46, 0x49, 0x44, + 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x42, 0x41, 0x54, 0x43, 0x48, 0x20, + 0x4b, 0x45, 0x59, 0x20, 0x70, 0x72, 0x69, 0x6d, + 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x31, 0x25, + 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x16, 0x74, + 0x6f, 0x6f, 0x6c, 0x73, 0x40, 0x66, 0x69, 0x64, + 0x6f, 0x61, 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, + 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x16, 0x30, + 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, + 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, 0x6c, 0x6c, + 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, 0x22, 0x30, + 0x20, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x19, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x6f, 0x72, 0x20, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x02, 0x4d, 0x59, 0x31, 0x12, 0x30, 0x10, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x57, 0x61, + 0x6b, 0x65, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x30, + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, + 0x00, 0x04, 0xad, 0x51, 0xdc, 0x74, 0x2c, 0x37, + 0x7f, 0x78, 0x38, 0x2d, 0x2a, 0x3f, 0x40, 0xe9, + 0xe3, 0xae, 0xb5, 0x9e, 0x45, 0x93, 0xf2, 0x82, + 0xc6, 0xc4, 0x82, 0xfb, 0xd6, 0xd7, 0x1b, 0xda, + 0x7c, 0xec, 0x0c, 0x5c, 0x8e, 0x8a, 0xd3, 0xdd, + 0x0a, 0xf5, 0x56, 0x43, 0xf0, 0xfc, 0x0b, 0x0d, + 0xd7, 0xe9, 0x0a, 0xeb, 0x0e, 0xbc, 0x4f, 0x12, + 0x27, 0xd7, 0xbc, 0xb0, 0xa9, 0x15, 0x1f, 0x49, + 0x6e, 0x10, 0xa3, 0x2c, 0x30, 0x2a, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x1e, 0xd3, 0xe9, 0x9a, + 0xaf, 0x89, 0x9a, 0xb7, 0x10, 0x61, 0xa3, 0xae, + 0x74, 0x7f, 0x3a, 0x96, 0x96, 0xda, 0xce, 0x61, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, + 0x45, 0x02, 0x21, 0x00, 0x8e, 0xd7, 0x9c, 0xbe, + 0x8f, 0x99, 0xe0, 0xcf, 0x88, 0x04, 0x7e, 0xc0, + 0xe1, 0x5a, 0xaa, 0x4a, 0xa3, 0xd7, 0xfc, 0x53, + 0x9f, 0x8f, 0x13, 0x66, 0xe7, 0x03, 0x8f, 0xb8, + 0x6d, 0x8b, 0xb1, 0x44, 0x02, 0x20, 0x16, 0x68, + 0xa5, 0xf9, 0x62, 0x9a, 0xc9, 0xf9, 0x27, 0x88, + 0x38, 0x91, 0x69, 0x2f, 0x1f, 0xdf, 0xb0, 0xe3, + 0x49, 0x0c, 0xaa, 0x3d, 0x4c, 0x10, 0xf4, 0x9c, + 0xee, 0xd8, 0xd8, 0x28, 0x01, 0x26 +}; /* * Security Key By Yubico @@ -1800,43 +2170,6 @@ const unsigned char aaguid_tpm[16] = { const char rp_id[] = "localhost"; const char rp_name[] = "sweet home localhost"; -static void * -dummy_open(const char *path) -{ - (void)path; - - return (&fake_dev_handle); -} - -static void -dummy_close(void *handle) -{ - assert(handle == &fake_dev_handle); -} - -static int -dummy_read(void *handle, unsigned char *buf, size_t len, int ms) -{ - (void)handle; - (void)buf; - (void)len; - (void)ms; - - abort(); - /* NOTREACHED */ -} - -static int -dummy_write(void *handle, const unsigned char *buf, size_t len) -{ - (void)handle; - (void)buf; - (void)len; - - abort(); - /* NOTREACHED */ -} - static fido_cred_t * alloc_cred(void) { @@ -1878,7 +2211,6 @@ empty_cred(void) { fido_cred_t *c; fido_dev_t *d; - fido_dev_io_t io_f; c = alloc_cred(); assert(fido_cred_authdata_len(c) == 0); @@ -1902,23 +2234,15 @@ empty_cred(void) assert(fido_cred_x5c_ptr(c) == NULL); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); - memset(&io_f, 0, sizeof(io_f)); - - io_f.open = dummy_open; - io_f.close = dummy_close; - io_f.read = dummy_read; - io_f.write = dummy_write; - d = alloc_dev(); + setup_dummy_io(d); fido_dev_force_u2f(d); - assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK); assert(fido_dev_make_cred(d, c, NULL) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_make_cred(d, c, "") == FIDO_ERR_UNSUPPORTED_OPTION); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); fido_dev_force_fido2(d); - assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK); assert(fido_dev_make_cred(d, c, NULL) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_make_cred(d, c, "") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); @@ -2623,6 +2947,81 @@ attestation_object(void) free(attobj); } +static void +makecred(void) +{ + const uint8_t makecred_wiredata[] = { + WIREDATA_CTAP_CBOR_INFO, + REGRESS_WIREDATA_MAKECRED, + }; + uint8_t *wiredata; + fido_cred_t *c; + fido_dev_t *dev; + + assert((dev = fido_dev_new())); + wiredata = wiredata_setup(makecred_wiredata, sizeof(makecred_wiredata)); + setup_dummy_io(dev); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); + assert(fido_dev_make_cred(dev, c, NULL) == FIDO_OK); + assert(memcmp(fido_cred_pubkey_ptr(c), pubkey, sizeof(pubkey)) == 0); + assert(fido_cred_authdata_len(c) == sizeof(authdata)); + assert(memcmp(fido_cred_authdata_ptr(c), authdata, sizeof(authdata)) == 0); + assert(fido_cred_id_len(c) == sizeof(id)); + assert(memcmp(fido_cred_id_ptr(c), id, sizeof(id)) == 0); + assert(fido_cred_aaguid_len(c) == sizeof(aaguid)); + assert(memcmp(fido_cred_aaguid_ptr(c), aaguid, sizeof(aaguid)) == 0); + assert(fido_cred_x5c_len(c) == sizeof(x509)); + assert(memcmp(fido_cred_x5c_ptr(c), x509, sizeof(x509)) == 0); + assert(fido_cred_sig_len(c) == sizeof(sig)); + assert(memcmp(fido_cred_sig_ptr(c), sig, sizeof(sig)) == 0); + assert(fido_cred_verify(c) == FIDO_OK); + assert(!fido_cred_entattest(c)); + + fido_cred_free(&c); + wiredata_clear(&wiredata); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); +} + +static void +entattest(void) +{ + const uint8_t makecred_wiredata[] = { + WIREDATA_CTAP_CBOR_INFO, + REGRESS_WIREDATA_MAKECRED_ENTATTEST, + }; + uint8_t *wiredata; + fido_cred_t *c; + fido_dev_t *dev; + + assert((dev = fido_dev_new())); + wiredata = wiredata_setup(makecred_wiredata, sizeof(makecred_wiredata)); + setup_dummy_io(dev); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_entattest(c, 3) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_cred_set_entattest(c, FIDO_ENTATTEST_VENDOR) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, "ep.fidoalliance.co.nz", NULL) == FIDO_OK); + assert(fido_dev_make_cred(dev, c, NULL) == FIDO_OK); + assert(fido_cred_x5c_len(c) == sizeof(x509_entattest)); + assert(memcmp(fido_cred_x5c_ptr(c), x509_entattest, sizeof(x509_entattest)) == 0); + assert(fido_cred_verify(c) == FIDO_OK); + assert(fido_cred_entattest(c)); + + fido_cred_free(&c); + wiredata_clear(&wiredata); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); +} + int main(void) { @@ -2657,6 +3056,8 @@ main(void) valid_tpm_rs256_cred(xfail); valid_tpm_es256_cred(xfail); attestation_object(); + makecred(); + entattest(); exit(0); } diff --git a/regress/dev.c b/regress/dev.c index 0ba552b7..55107df3 100644 --- a/regress/dev.c +++ b/regress/dev.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -16,166 +16,16 @@ #include #include "../fuzz/wiredata_fido2.h" - -#define REPORT_LEN (64 + 1) - -static uint8_t ctap_nonce[8]; -static uint8_t *wiredata_ptr; -static size_t wiredata_len; -static int fake_dev_handle; -static int initialised; -static long interval_ms; - -#if defined(_MSC_VER) -static int -nanosleep(const struct timespec *rqtp, struct timespec *rmtp) -{ - if (rmtp != NULL) { - errno = EINVAL; - return (-1); - } - - Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000)); - - return (0); -} -#endif - -static void * -dummy_open(const char *path) -{ - (void)path; - - return (&fake_dev_handle); -} - -static void -dummy_close(void *handle) -{ - assert(handle == &fake_dev_handle); -} - -static int -dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) -{ - struct timespec tv; - size_t n; - long d; - - assert(handle == &fake_dev_handle); - assert(ptr != NULL); - assert(len == REPORT_LEN - 1); - - if (wiredata_ptr == NULL) - return (-1); - - if (!initialised) { - assert(wiredata_len >= REPORT_LEN - 1); - memcpy(&wiredata_ptr[7], &ctap_nonce, sizeof(ctap_nonce)); - initialised = 1; - } - - if (ms >= 0 && ms < interval_ms) - d = ms; - else - d = interval_ms; - - if (d) { - tv.tv_sec = d / 1000; - tv.tv_nsec = (d % 1000) * 1000000; - if (nanosleep(&tv, NULL) == -1) - err(1, "nanosleep"); - } - - if (d != interval_ms) - return (-1); /* timeout */ - - if (wiredata_len < len) - n = wiredata_len; - else - n = len; - - memcpy(ptr, wiredata_ptr, n); - wiredata_ptr += n; - wiredata_len -= n; - - return ((int)n); -} - -static int -dummy_write(void *handle, const unsigned char *ptr, size_t len) -{ - struct timespec tv; - - assert(handle == &fake_dev_handle); - assert(ptr != NULL); - assert(len == REPORT_LEN); - - if (!initialised) - memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); - - if (interval_ms) { - tv.tv_sec = interval_ms / 1000; - tv.tv_nsec = (interval_ms % 1000) * 1000000; - if (nanosleep(&tv, NULL) == -1) - err(1, "nanosleep"); - } - - return ((int)len); -} - -static uint8_t * -wiredata_setup(const uint8_t *data, size_t len) -{ - const uint8_t ctap_init_data[] = { WIREDATA_CTAP_INIT }; - - assert(wiredata_ptr == NULL); - assert(SIZE_MAX - len > sizeof(ctap_init_data)); - assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL); - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:6386) -#endif - memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data)); -#if defined(_MSC_VER) -#pragma warning(pop) -#endif - - if (len) - memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len); - - wiredata_len = sizeof(ctap_init_data) + len; - - return (wiredata_ptr); -} - -static void -wiredata_clear(uint8_t **wiredata) -{ - free(*wiredata); - *wiredata = NULL; - wiredata_ptr = NULL; - wiredata_len = 0; - initialised = 0; -} +#include "extern.h" /* gh#56 */ static void open_iff_ok(void) { fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_RX); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); @@ -188,18 +38,10 @@ reopen(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); wiredata_clear(&wiredata); @@ -217,18 +59,10 @@ double_open(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_close(dev) == FIDO_OK); @@ -242,19 +76,11 @@ double_close(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); @@ -269,18 +95,10 @@ is_fido2(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_is_fido2(dev) == true); assert(fido_dev_supports_pin(dev) == true); @@ -313,18 +131,10 @@ has_pin(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(set_pin_data, sizeof(set_pin_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_has_pin(dev) == false); assert(fido_dev_set_pin(dev, "top secret", NULL) == FIDO_OK); @@ -350,26 +160,18 @@ timeout_rx(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(timeout_rx_data, sizeof(timeout_rx_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_set_timeout(dev, 3 * 1000) == FIDO_OK); - interval_ms = 1000; + set_read_interval(1000); assert(fido_dev_reset(dev) == FIDO_ERR_RX); assert(fido_dev_close(dev) == FIDO_OK); fido_dev_free(&dev); wiredata_clear(&wiredata); - interval_ms = 0; + set_read_interval(0); } static void @@ -386,26 +188,18 @@ timeout_ok(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(timeout_ok_data, sizeof(timeout_ok_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_set_timeout(dev, 30 * 1000) == FIDO_OK); - interval_ms = 1000; + set_read_interval(1000); assert(fido_dev_reset(dev) == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); fido_dev_free(&dev); wiredata_clear(&wiredata); - interval_ms = 0; + set_read_interval(0); } static void diff --git a/regress/extern.h b/regress/extern.h new file mode 100644 index 00000000..8bab9d4a --- /dev/null +++ b/regress/extern.h @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ +#ifndef REGRESS_EXTERN_H +#define REGRESS_EXTERN_H + +#include + +void setup_dummy_io(fido_dev_t *); +void set_read_interval(long); +uint8_t *wiredata_setup(const uint8_t *, size_t); +void wiredata_clear(uint8_t **); + +#endif diff --git a/regress/mock.c b/regress/mock.c new file mode 100644 index 00000000..cfaeffc9 --- /dev/null +++ b/regress/mock.c @@ -0,0 +1,182 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ + +#undef NDEBUG + +#include +#include +#include +#include + +#define _FIDO_INTERNAL +#include + +#include "extern.h" +#include "../fuzz/wiredata_fido2.h" + +#define REPORT_LEN (64 + 1) + +static uint8_t ctap_nonce[8]; +static uint8_t *wiredata_ptr; +static size_t wiredata_len; +static int fake_dev_handle; +static int initialised; +static long interval_ms; + +#if defined(_MSC_VER) +static int +nanosleep(const struct timespec *rqtp, struct timespec *rmtp) +{ + if (rmtp != NULL) { + errno = EINVAL; + return (-1); + } + + Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000)); + + return (0); +} +#endif + +static void * +dummy_open(const char *path) +{ + (void)path; + + return (&fake_dev_handle); +} + +static void +dummy_close(void *handle) +{ + assert(handle == &fake_dev_handle); +} + +static int +dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) +{ + struct timespec tv; + size_t n; + long d; + + assert(handle == &fake_dev_handle); + assert(ptr != NULL); + assert(len == REPORT_LEN - 1); + + if (wiredata_ptr == NULL) + return (-1); + + if (!initialised) { + assert(wiredata_len >= REPORT_LEN - 1); + memcpy(&wiredata_ptr[7], &ctap_nonce, sizeof(ctap_nonce)); + initialised = 1; + } + + if (ms >= 0 && ms < interval_ms) + d = ms; + else + d = interval_ms; + + if (d) { + tv.tv_sec = d / 1000; + tv.tv_nsec = (d % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + if (d != interval_ms) + return (-1); /* timeout */ + + if (wiredata_len < len) + n = wiredata_len; + else + n = len; + + memcpy(ptr, wiredata_ptr, n); + wiredata_ptr += n; + wiredata_len -= n; + + return ((int)n); +} + +static int +dummy_write(void *handle, const unsigned char *ptr, size_t len) +{ + struct timespec tv; + + assert(handle == &fake_dev_handle); + assert(ptr != NULL); + assert(len == REPORT_LEN); + + if (!initialised) + memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); + + if (interval_ms) { + tv.tv_sec = interval_ms / 1000; + tv.tv_nsec = (interval_ms % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + return ((int)len); +} + +uint8_t * +wiredata_setup(const uint8_t *data, size_t len) +{ + const uint8_t ctap_init_data[] = { WIREDATA_CTAP_INIT }; + + assert(wiredata_ptr == NULL); + assert(SIZE_MAX - len > sizeof(ctap_init_data)); + assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL); + +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable:6386) +#endif + memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data)); +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + + if (len) + memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len); + + wiredata_len = sizeof(ctap_init_data) + len; + + return (wiredata_ptr); +} + +void +wiredata_clear(uint8_t **wiredata) +{ + free(*wiredata); + *wiredata = NULL; + wiredata_ptr = NULL; + wiredata_len = 0; + initialised = 0; +} + +void +setup_dummy_io(fido_dev_t *dev) +{ + fido_dev_io_t io; + + memset(&io, 0, sizeof(io)); + io.open = dummy_open; + io.close = dummy_close; + io.read = dummy_read; + io.write = dummy_write; + + assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); +} + +void +set_read_interval(long ms) +{ + interval_ms = ms; +} diff --git a/src/cred.c b/src/cred.c index 2e52d2b9..1fb0dfbd 100644 --- a/src/cred.c +++ b/src/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -39,6 +39,8 @@ parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg) &cred->authdata_ext)); case 3: /* attestation statement */ return (cbor_decode_attstmt(val, &cred->attstmt)); + case 4: /* enterprise attestation */ + return (cbor_decode_bool(val, &cred->ea.att)); case 5: /* large blob key */ return (fido_blob_decode(val, &cred->largeblob_key)); default: /* ignore */ @@ -55,7 +57,7 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, fido_blob_t *ecdh = NULL; fido_opt_t uv = cred->uv; es256_pk_t *pk = NULL; - cbor_item_t *argv[9]; + cbor_item_t *argv[10]; const uint8_t cmd = CTAP_CBOR_MAKECRED; int r; @@ -118,6 +120,15 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, goto fail; } + /* enterprise attestation */ + if (cred->ea.mode != 0) + if ((argv[9] = cbor_build_uint8((uint8_t)cred->ea.mode)) == + NULL) { + fido_log_debug("%s: cbor_build_uint8", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } + /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { @@ -586,6 +597,7 @@ fido_cred_reset_tx(fido_cred_t *cred) cred->type = 0; cred->rk = FIDO_OPT_OMIT; cred->uv = FIDO_OPT_OMIT; + cred->ea.mode = 0; } void @@ -593,6 +605,7 @@ fido_cred_reset_rx(fido_cred_t *cred) { fido_cred_clean_attobj(cred); fido_blob_reset(&cred->largeblob_key); + cred->ea.att = false; } void @@ -981,6 +994,18 @@ fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv) return (FIDO_OK); } +int +fido_cred_set_entattest(fido_cred_t *cred, int ea) +{ + if (ea != 0 && ea != FIDO_ENTATTEST_VENDOR && + ea != FIDO_ENTATTEST_PLATFORM) + return (FIDO_ERR_INVALID_ARGUMENT); + + cred->ea.mode = ea; + + return (FIDO_OK); +} + int fido_cred_set_prot(fido_cred_t *cred, int prot) { @@ -1314,3 +1339,9 @@ fido_cred_largeblob_key_len(const fido_cred_t *cred) { return (cred->largeblob_key.len); } + +bool +fido_cred_entattest(const fido_cred_t *cred) +{ + return (cred->ea.att); +} diff --git a/src/export.gnu b/src/export.gnu index 134dcf0e..f22d663b 100644 --- a/src/export.gnu +++ b/src/export.gnu @@ -130,6 +130,7 @@ fido_cred_clientdata_hash_ptr; fido_cred_display_name; fido_cred_empty_exclude_list; + fido_cred_entattest; fido_cred_exclude; fido_cred_flags; fido_cred_largeblob_key_len; @@ -175,6 +176,7 @@ fido_cred_set_blob; fido_cred_set_clientdata; fido_cred_set_clientdata_hash; + fido_cred_set_entattest; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; diff --git a/src/export.llvm b/src/export.llvm index fa1a8098..b1b1cdf3 100644 --- a/src/export.llvm +++ b/src/export.llvm @@ -128,6 +128,7 @@ _fido_cred_clientdata_hash_len _fido_cred_clientdata_hash_ptr _fido_cred_display_name _fido_cred_empty_exclude_list +_fido_cred_entattest _fido_cred_exclude _fido_cred_flags _fido_cred_largeblob_key_len @@ -173,6 +174,7 @@ _fido_cred_set_authdata_raw _fido_cred_set_blob _fido_cred_set_clientdata _fido_cred_set_clientdata_hash +_fido_cred_set_entattest _fido_cred_set_extensions _fido_cred_set_fmt _fido_cred_set_id diff --git a/src/export.msvc b/src/export.msvc index 241b17f0..449f1eaf 100644 --- a/src/export.msvc +++ b/src/export.msvc @@ -129,6 +129,7 @@ fido_cred_clientdata_hash_len fido_cred_clientdata_hash_ptr fido_cred_display_name fido_cred_empty_exclude_list +fido_cred_entattest fido_cred_exclude fido_cred_flags fido_cred_largeblob_key_len @@ -174,6 +175,7 @@ fido_cred_set_authdata_raw fido_cred_set_blob fido_cred_set_clientdata fido_cred_set_clientdata_hash +fido_cred_set_entattest fido_cred_set_extensions fido_cred_set_fmt fido_cred_set_id diff --git a/src/fido.h b/src/fido.h index ef1d3d3b..3f7f1e5b 100644 --- a/src/fido.h +++ b/src/fido.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -149,6 +149,7 @@ int fido_assert_set_winhello_appid(fido_assert_t *, const char *); int fido_assert_verify(const fido_assert_t *, size_t, int, const void *); int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t); int fido_cred_empty_exclude_list(fido_cred_t *); +bool fido_cred_entattest(const fido_cred_t *); int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t); int fido_cred_prot(const fido_cred_t *); int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t); @@ -158,6 +159,7 @@ int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_clientdata(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_clientdata_hash(fido_cred_t *, const unsigned char *, size_t); +int fido_cred_set_entattest(fido_cred_t *, int); int fido_cred_set_extensions(fido_cred_t *, int); int fido_cred_set_fmt(fido_cred_t *, const char *); int fido_cred_set_id(fido_cred_t *, const unsigned char *, size_t); diff --git a/src/fido/param.h b/src/fido/param.h index 1c22cc28..cf1dcd88 100644 --- a/src/fido/param.h +++ b/src/fido/param.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -137,6 +137,10 @@ #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 #define FIDO_CRED_PROT_UV_REQUIRED 0x03 +/* Supported enterprise attestation modes. */ +#define FIDO_ENTATTEST_VENDOR 1 +#define FIDO_ENTATTEST_PLATFORM 2 + #ifdef _FIDO_INTERNAL #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ FIDO_EXT_CRED_BLOB) diff --git a/src/fido/types.h b/src/fido/types.h index 0aaa8cb6..ab9b02a6 100644 --- a/src/fido/types.h +++ b/src/fido/types.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -166,6 +166,11 @@ typedef struct fido_cred_ext { size_t minpinlen; /* minimum pin length */ } fido_cred_ext_t; +typedef struct fido_cred_ea { + int mode; + bool att; +} fido_cred_ea_t; + typedef struct fido_cred { fido_blob_t cd; /* client data */ fido_blob_t cdh; /* client data hash */ @@ -185,6 +190,7 @@ typedef struct fido_cred { fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */ fido_blob_t largeblob_key; /* decoded large blob key */ fido_blob_t blob; /* CTAP 2.1 credBlob */ + fido_cred_ea_t ea; /* enterprise attestation */ } fido_cred_t; typedef struct fido_assert_extattr { diff --git a/src/winhello.c b/src/winhello.c index 2b2a5d1b..7805976b 100644 --- a/src/winhello.c +++ b/src/winhello.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Yubico AB. All rights reserved. + * Copyright (c) 2021-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -735,6 +735,10 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred, if (cred->rk == FIDO_OPT_TRUE) { opt->bRequireResidentKey = true; } + if (cred->ea.mode != 0) { + opt->dwVersion = WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4; + opt->dwEnterpriseAttestation = (DWORD)cred->ea.mode; + } return FIDO_OK; } @@ -760,6 +764,8 @@ translate_winhello_cred(fido_cred_t *cred, fido_log_debug("%s: cbor_decode_attobj", __func__); goto fail; } + if (att->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4) + cred->ea.att = att->bEpAtt; r = FIDO_OK; fail: diff --git a/tools/cred_make.c b/tools/cred_make.c index 66c8b52d..6d335a5c 100644 --- a/tools/cred_make.c +++ b/tools/cred_make.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -151,11 +151,16 @@ cred_make(int argc, char **argv) int type = COSE_ES256; int flags = 0; int cred_protect = -1; + int ea = 0; int ch; int r; - while ((ch = getopt(argc, argv, "bc:dhi:o:qruvw")) != -1) { + while ((ch = getopt(argc, argv, "a:bc:dhi:o:qruvw")) != -1) { switch (ch) { + case 'a': + if ((ea = base10(optarg)) < 0) + errx(1, "-a: invalid argument '%s'", optarg); + break; case 'b': flags |= FLAG_LARGEBLOB; break; @@ -221,6 +226,11 @@ cred_make(int argc, char **argv) errx(1, "fido_cred_set_prot: %s", fido_strerr(r)); } } + if (ea > 0) { + r = fido_cred_set_entattest(cred, ea); + if (r != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s", fido_strerr(r)); + } r = fido_dev_make_cred(dev, cred, NULL); if (r == FIDO_ERR_PIN_REQUIRED && !(flags & FLAG_QUIET)) { diff --git a/tools/fido2-cred.c b/tools/fido2-cred.c index 76081c68..a819bd11 100644 --- a/tools/fido2-cred.c +++ b/tools/fido2-cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -27,7 +27,7 @@ void usage(void) { fprintf(stderr, -"usage: fido2-cred -M [-bdhqruvw] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" +"usage: fido2-cred -M [-bdhqruvw] [-a mode] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" " fido2-cred -V [-dhv] [-c cred_protect] [-i input_file] [-o output_file] [type]\n" );