diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2026-03-23 17:24:10 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2026-03-23 17:24:10 +0000 |
| commit | fadebab18d4bb97e3ca8c840937c41cdfef8d798 (patch) | |
| tree | 5407aa1db87c9dffbf68ddc3fc698d783fbe996d | |
| parent | c06c65e0308fdfc14e455f5067a2f5dcfd9c1b77 (diff) | |
Vendor import of libfido2 1.16.0vendor/libfido2/1.16.0vendor/libfido2
Sponsored by: The FreeBSD Foundation
62 files changed, 1795 insertions, 1150 deletions
diff --git a/.actions/build-bsd b/.actions/build-bsd index 27fa6fa8b332..c56f084a3a84 100755 --- a/.actions/build-bsd +++ b/.actions/build-bsd @@ -60,6 +60,7 @@ q() { } submit_job() { + # shellcheck disable=SC3043 local manifest="$1" jq \ --compact-output --null-input \ @@ -71,6 +72,7 @@ submit_job() { } job_status() { + # shellcheck disable=SC3043 local id="$1" jq \ --compact-output --null-input \ diff --git a/.actions/build-linux-i686-w64-mingw32-gcc b/.actions/build-linux-i686-w64-mingw32-gcc index fe521ab9f2b5..6bcfe6348a69 100755 --- a/.actions/build-linux-i686-w64-mingw32-gcc +++ b/.actions/build-linux-i686-w64-mingw32-gcc @@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) EOF # Build and install libcbor. -git clone --depth=1 https://github.com/pjk/libcbor -b v0.11.0 +git clone --depth=1 https://github.com/pjk/libcbor -b v0.12.0 cd libcbor mkdir build (cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ diff --git a/.actions/build-linux-openssl3-clang b/.actions/build-linux-openssl3-clang index e0151ddc455d..4b805793bf39 100755 --- a/.actions/build-linux-openssl3-clang +++ b/.actions/build-linux-openssl3-clang @@ -12,8 +12,8 @@ FAKEROOT="$(mktemp -d)" # Check exports. (cd src && ./diff_exports.sh) -# Build and install OpenSSL 3.0.14. -git clone --branch openssl-3.0.14 \ +# Build and install OpenSSL 3.0.15. +git clone --branch openssl-3.0.15 \ --depth=1 https://github.com/openssl/openssl cd openssl ./Configure linux-x86_64-clang --prefix="${FAKEROOT}" \ diff --git a/.actions/build-linux-openssl3-gcc b/.actions/build-linux-openssl3-gcc index 81f53089911f..91ccd48ffe28 100755 --- a/.actions/build-linux-openssl3-gcc +++ b/.actions/build-linux-openssl3-gcc @@ -8,8 +8,8 @@ ${CC} --version FAKEROOT="$(mktemp -d)" -# Build and install OpenSSL 3.0.14. -git clone --branch openssl-3.0.14 \ +# Build and install OpenSSL 3.0.15. +git clone --branch openssl-3.0.15 \ --depth=1 https://github.com/openssl/openssl cd openssl ./Configure linux-x86_64 --prefix="${FAKEROOT}" \ diff --git a/.actions/build-linux-openssl3-i686-w64-mingw32-gcc b/.actions/build-linux-openssl3-i686-w64-mingw32-gcc index f926785e81f5..a9ba2e2b56d8 100755 --- a/.actions/build-linux-openssl3-i686-w64-mingw32-gcc +++ b/.actions/build-linux-openssl3-i686-w64-mingw32-gcc @@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) EOF # Build and install libcbor. -git clone --depth=1 https://github.com/pjk/libcbor -b v0.11.0 +git clone --depth=1 https://github.com/pjk/libcbor -b v0.12.0 cd libcbor mkdir build (cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ @@ -32,8 +32,8 @@ make -j"$(nproc)" -C build sudo make -C build install cd .. -# Build and install OpenSSL 3.0.14. -git clone --branch openssl-3.0.14 \ +# Build and install OpenSSL 3.0.15. +git clone --branch openssl-3.0.15 \ --depth=1 https://github.com/openssl/openssl cd openssl ./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \ diff --git a/.actions/build-osx-clang b/.actions/build-osx-clang index b4beea221315..552e99f83e58 100755 --- a/.actions/build-osx-clang +++ b/.actions/build-osx-clang @@ -5,7 +5,8 @@ # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause -export PKG_CONFIG_PATH="$(brew --prefix openssl@3.0)/lib/pkgconfig" +PKG_CONFIG_PATH="$(brew --prefix openssl@3.0)/lib/pkgconfig" +export PKG_CONFIG_PATH SCAN="$(brew --prefix llvm)/bin/scan-build" # Build, analyze, and install libfido2. diff --git a/.actions/fuzz-linux b/.actions/fuzz-linux index d7119496e3b6..e404c8e7b4c6 100755 --- a/.actions/fuzz-linux +++ b/.actions/fuzz-linux @@ -6,11 +6,11 @@ # SPDX-License-Identifier: BSD-2-Clause LIBCBOR_URL="https://github.com/pjk/libcbor" -LIBCBOR_TAG="v0.11.0" +LIBCBOR_TAG="v0.12.0" LIBCBOR_ASAN="address alignment bounds" LIBCBOR_MSAN="memory" OPENSSL_URL="https://github.com/openssl/openssl" -OPENSSL_TAG="openssl-3.0.14" +OPENSSL_TAG="openssl-3.0.15" ZLIB_URL="https://github.com/madler/zlib" ZLIB_TAG="v1.3.1" ZLIB_ASAN="address alignment bounds undefined" diff --git a/.actions/run-shellcheck b/.actions/run-shellcheck new file mode 100755 index 000000000000..063a5e0d1f1a --- /dev/null +++ b/.actions/run-shellcheck @@ -0,0 +1,25 @@ +#!/bin/sh -u + +# Copyright (c) 2024 Google LLC. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +LIST="$(mktemp)" +trap 'rm -- $LIST' EXIT + +git ls-files | while read -r file; do + if head -n1 "$file" | grep -q '^#!.*sh'; then + if ! shellcheck -Cnever --norc "$file"; then + echo "$file" >> "$LIST" + fi + fi +done + +[ -s "$LIST" ] && { + echo "The following files contain errors:" + cat "$LIST" + exit 1 +} 1>&2 + +exit 0 diff --git a/.github/workflows/alpine_builds.yml b/.github/workflows/alpine_builds.yml index 6f160c4b8041..874f7104539f 100644 --- a/.github/workflows/alpine_builds.yml +++ b/.github/workflows/alpine_builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -16,7 +16,7 @@ on: jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 container: alpine:latest strategy: fail-fast: false diff --git a/.github/workflows/bsd_builds.yml b/.github/workflows/bsd_builds.yml index 3a1285dd2122..a4dcf0073251 100644 --- a/.github/workflows/bsd_builds.yml +++ b/.github/workflows/bsd_builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -14,13 +14,13 @@ on: jobs: build: if: github.repository == 'Yubico/libfido2' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: include: - { image: freebsd/14.x } - - { image: openbsd/7.4, llvm_version: 16 } + - { image: openbsd/7.6, llvm_version: 16 } steps: - uses: actions/checkout@v4 - name: dependencies diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml index 5835bb1fc8d9..7d621c644786 100644 --- a/.github/workflows/cifuzz_oss.yml +++ b/.github/workflows/cifuzz_oss.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -17,7 +17,7 @@ on: jobs: fuzzing: if: github.repository == 'Yubico/libfido2' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -39,7 +39,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: upload crash - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: failure() with: name: ${{ matrix.sanitizer }}-artifacts diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a3a8d54d2daa..486dd900e5bc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -22,14 +22,14 @@ permissions: jobs: codeql-build: if: github.repository == 'Yubico/libfido2' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: checkout uses: actions/checkout@v4 with: fetch-depth: 2 - name: init codeql - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 - name: build env: CC: gcc @@ -39,4 +39,4 @@ jobs: libpcsclite-dev ./.actions/build-linux-gcc - name: perform codeql analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/linux_builds.yml b/.github/workflows/linux_builds.yml index 2ed553a7b5c5..a1e007daf404 100644 --- a/.github/workflows/linux_builds.yml +++ b/.github/workflows/linux_builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -21,17 +21,16 @@ jobs: fail-fast: false matrix: include: - - { os: ubuntu-20.04, cc: gcc-8 } - - { os: ubuntu-22.04, cc: gcc-9 } - { os: ubuntu-22.04, cc: gcc-10 } - { os: ubuntu-22.04, cc: gcc-11 } - - { os: ubuntu-22.04, cc: gcc-12 } - - { os: ubuntu-22.04, cc: clang-15 } + - { os: ubuntu-24.04, cc: gcc-12 } + - { os: ubuntu-24.04, cc: gcc-13 } - { os: ubuntu-22.04, cc: clang-16 } - { os: ubuntu-22.04, cc: clang-17 } - - { os: ubuntu-22.04, cc: clang-18 } - - { os: ubuntu-20.04, cc: i686-w64-mingw32-gcc-9 } + - { os: ubuntu-24.04, cc: clang-18 } + - { os: ubuntu-24.04, cc: clang-19 } - { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 } + - { os: ubuntu-24.04, cc: i686-w64-mingw32-gcc-11 } steps: - uses: actions/checkout@v4 - name: dependencies diff --git a/.github/workflows/linux_fuzz.yml b/.github/workflows/linux_fuzz.yml index f98cac7aff2e..ea2d3833dca2 100644 --- a/.github/workflows/linux_fuzz.yml +++ b/.github/workflows/linux_fuzz.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -20,8 +20,8 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04 ] - cc: [ clang-18 ] + os: [ ubuntu-24.04 ] + cc: [ clang-19 ] sanitizer: [ asan, msan ] steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/macos_builds.yml b/.github/workflows/macos_builds.yml index a278c942a0a2..90466550ee69 100644 --- a/.github/workflows/macos_builds.yml +++ b/.github/workflows/macos_builds.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ macos-14, macos-13, macos-12 ] + os: [ macos-15, macos-14, macos-13 ] cc: [ clang ] steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml index 32b6d3f50df9..b51685dff102 100644 --- a/.github/workflows/openssl3.yml +++ b/.github/workflows/openssl3.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -21,12 +21,12 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-22.04 - cc: gcc-12 - - os: ubuntu-22.04 - cc: clang-18 - - os: ubuntu-22.04 - cc: i686-w64-mingw32-gcc-10 + - os: ubuntu-24.04 + cc: gcc-13 + - os: ubuntu-24.04 + cc: clang-19 + - os: ubuntu-24.04 + cc: i686-w64-mingw32-gcc-11 steps: - uses: actions/checkout@v4 - name: dependencies diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 000000000000..cdda760ae2b6 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,27 @@ +# Copyright (c) 2024 Google LLC. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: shellcheck + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: | + sudo apt -q update + sudo apt install -q -y shellcheck + - name: build + run: ./.actions/run-shellcheck diff --git a/CMakeLists.txt b/CMakeLists.txt index c41de28e0454..2630e263ecd2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -28,8 +28,10 @@ endif() set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_COLOR_MAKEFILE OFF) set(CMAKE_VERBOSE_MAKEFILE ON) +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + set(FIDO_MAJOR "1") -set(FIDO_MINOR "15") +set(FIDO_MINOR "16") set(FIDO_PATCH "0") set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) @@ -190,6 +192,9 @@ if(MSVC) if(NOT CRYPTO_LIBRARIES) set(CRYPTO_LIBRARIES crypto) endif() + if(NOT CRYPTO_DLL) + set(CRYPTO_DLL crypto) + endif() set(MSVC_DISABLED_WARNINGS_LIST "C4152" # nonstandard extension used: function/data pointer @@ -435,6 +440,9 @@ message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}") if(BUILD_TESTS) message(STATUS "CRYPTO_BIN_DIRS: ${CRYPTO_BIN_DIRS}") endif() +if(MSVC) + message(STATUS "CRYPTO_DLL: ${CRYPTO_DLL}") +endif() message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}") message(STATUS "FIDO_VERSION: ${FIDO_VERSION}") message(STATUS "FUZZ: ${FUZZ}") @@ -1,3 +1,13 @@ +* Version 1.16.0 (2025-05-06) + ** Added support for enterprise attestation. + ** Improved handling of invalid key handles in U2F key lookup; gh#819. + ** Fixed issue where storing small CTAP 2.1 largeBlobs failed; gh#826. + ** Fixed APDU chaining issues for certain authenticators; gh#818, gh#855. + ** Improved documentation and examples. + ** New API calls: + - fido_cred_entattest; + - fido_cred_set_entattest. + * Version 1.15.0 (2024-06-13) ** 1.15.0 will be the last release to support OpenSSL 1.1. ** bio, credman: improved CTAP 2.1 support. diff --git a/README.adoc b/README.adoc index b68197330ade..38e882598ab3 100644 --- a/README.adoc +++ b/README.adoc @@ -38,7 +38,7 @@ is also available. === Releases -The current release of *libfido2* is 1.15.0. Signed release tarballs are +The current release of *libfido2* is 1.16.0. Signed release tarballs are available at Yubico's https://developers.yubico.com/libfido2/Releases[release page]. @@ -52,11 +52,11 @@ required. === Installation -==== Fedora 35 and 34 +==== Fedora 34 and later $ sudo dnf install libfido2 libfido2-devel fido2-tools -==== Ubuntu 22.04 (Jammy) and 20.04 (Focal) +==== Ubuntu 20.04 (Focal) and later $ sudo apt install libfido2-1 libfido2-dev libfido2-doc fido2-tools diff --git a/examples/README.adoc b/examples/README.adoc index 6151b70bd91e..1249366f3e0f 100644 --- a/examples/README.adoc +++ b/examples/README.adoc @@ -64,7 +64,8 @@ The following examples are provided: The -T option may be used to enforce a timeout of <seconds>. If the option -b is specified, the credential's "largeBlob" key is stored in <blobkey>. If the option -c is specified the the generated credential - will be bound by the specified protection policy. + will be bound by the specified protection policy. If the option -a is + specified, enterprise attestation will be requested. - assert [-t es256|es384|rs256|eddsa] [-a cred_id] [-h hmac_secret] [-P pin] [-s hmac_salt] [-T seconds] [-b blobkey] [-puv] <pubkey> <device> diff --git a/examples/cred.c b/examples/cred.c index 5a2a27fd7771..4fb07868b4e7 100644 --- a/examples/cred.c +++ b/examples/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -36,7 +36,8 @@ static void usage(void) { fprintf(stderr, "usage: cred [-t es256|es384|rs256|eddsa] [-k pubkey] " - "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] [-hruv] " + "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] " + "[-a mode] [-hruv] " "<device>\n"); exit(EXIT_FAILURE); } @@ -106,9 +107,13 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, if (r != FIDO_OK) errx(1, "fido_cred_set_attstmt: %s (0x%x)", fido_strerr(r), r); - r = fido_cred_verify(cred); - if (r != FIDO_OK) - errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r); + if (fido_cred_x5c_ptr(cred) == NULL) { + if ((r = fido_cred_verify_self(cred)) != FIDO_OK) + errx(1, "fido_cred_verify_self: %s (0x%x)", fido_strerr(r), r); + } else { + if ((r = fido_cred_verify(cred)) != FIDO_OK) + errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r); + } out: if (key_out != NULL) { @@ -166,11 +171,12 @@ main(int argc, char **argv) int ch; int r; long long cred_protect = 0; + long long ea = 0; if ((cred = fido_cred_new()) == NULL) errx(1, "fido_cred_new"); - while ((ch = getopt(argc, argv, "P:T:b:e:hi:k:rt:uvc:")) != -1) { + while ((ch = getopt(argc, argv, "P:T:a:b:e:hi:k:rt:uvc:")) != -1) { switch (ch) { case 'P': pin = optarg; @@ -182,6 +188,12 @@ main(int argc, char **argv) errx(1, "-T: %s must be in (0,30]", optarg); ms *= 1000; /* seconds to milliseconds */ break; + case 'a': + if (base10(optarg, &ea) < 0) + errx(1, "base10: %s", optarg); + if (ea <= 0 || ea > 2) + errx(1, "-a: %s must be in (0,2]", optarg); + break; case 'b': ext |= FIDO_EXT_LARGEBLOB_KEY; blobkey_out = optarg; @@ -203,7 +215,7 @@ main(int argc, char **argv) if (base10(optarg, &cred_protect) < 0) errx(1, "base10: %s", optarg); if (cred_protect <= 0 || cred_protect > 3) - errx(1, "-c: %s must be in (1,3)", optarg); + errx(1, "-c: %s must be in (0,3]", optarg); ext |= FIDO_EXT_CRED_PROTECT; break; case 'i': @@ -293,6 +305,9 @@ main(int argc, char **argv) if (cred_protect != 0 && (r = fido_cred_set_prot(cred, (int)cred_protect)) != FIDO_OK) errx(1, "fido_cred_set_prot: %s (0x%x)", fido_strerr(r), r); + + if (ea != 0 && (r = fido_cred_set_entattest(cred, (int)ea)) != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s (0x%x)", fido_strerr(r), r); /* timeout */ if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK) diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index ca272bb95cc1..0bf4bfbf05a5 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -18,6 +18,10 @@ set(FUZZ_LINKER_LANGUAGE "C" CACHE STRING "Linker language for fuzz harnesses") mark_as_advanced(FUZZ_LINKER_LANGUAGE) enable_language(${FUZZ_LINKER_LANGUAGE}) +if(NOT FUZZ_LDFLAGS) + message(FATAL_ERROR "Please define FUZZ_LDFLAGS") +endif() + # fuzz_cred add_executable(fuzz_cred fuzz_cred.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) set_target_properties(fuzz_cred PROPERTIES diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile index 68d40fad1687..1ab14c33da75 100644 --- a/fuzz/Dockerfile +++ b/fuzz/Dockerfile @@ -10,7 +10,7 @@ RUN apk -q update RUN apk add build-base clang clang-analyzer cmake compiler-rt coreutils RUN apk add eudev-dev git linux-headers llvm openssl-dev pcsc-lite-dev RUN apk add sudo tar zlib-dev -RUN git clone --branch v0.11.0 --depth=1 https://github.com/PJK/libcbor +RUN git clone --branch v0.12.0 --depth=1 https://github.com/PJK/libcbor RUN git clone --depth=1 https://github.com/yubico/libfido2 WORKDIR /libfido2 RUN ./fuzz/build-coverage /libcbor /libfido2 diff --git a/fuzz/Makefile b/fuzz/Makefile index 2b30790b5bac..a7ac24c0da58 100644 --- a/fuzz/Makefile +++ b/fuzz/Makefile @@ -3,7 +3,7 @@ # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause -IMAGE := libfido2-coverage:1.15.0 +IMAGE := libfido2-coverage:1.16.0 RUNNER := libfido2-runner PROFDATA := llvm-profdata COV := llvm-cov diff --git a/fuzz/export.gnu b/fuzz/export.gnu index c23831c0b808..62dfda926944 100644 --- a/fuzz/export.gnu +++ b/fuzz/export.gnu @@ -127,6 +127,7 @@ fido_cred_clientdata_hash_len; fido_cred_clientdata_hash_ptr; fido_cred_display_name; + fido_cred_entattest; fido_cred_exclude; fido_cred_flags; fido_cred_largeblob_key_len; @@ -172,6 +173,7 @@ fido_cred_set_blob; fido_cred_set_clientdata; fido_cred_set_clientdata_hash; + fido_cred_set_entattest; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; diff --git a/fuzz/functions.txt b/fuzz/functions.txt index 52e0edcddf30..5dab11c62d50 100644 --- a/fuzz/functions.txt +++ b/fuzz/functions.txt @@ -1,31 +1,31 @@ File '/libfido2/src/aes256.c': Name Regions Miss Cover Lines Miss Cover --------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------ aes256_cbc_enc 4 0 100.00% 4 0 100.00% aes256_cbc_dec 4 0 100.00% 4 0 100.00% aes256_gcm_enc 1 0 100.00% 3 0 100.00% aes256_gcm_dec 1 0 100.00% 3 0 100.00% -aes256.c:aes256_cbc_fips 26 1 96.15% 42 4 90.48% -aes256.c:aes256_cbc 29 1 96.55% 36 3 91.67% +aes256.c:aes256_cbc_fips 29 1 96.55% 42 4 90.48% +aes256.c:aes256_cbc 37 1 97.30% 36 3 91.67% aes256.c:aes256_cbc_proto1 1 0 100.00% 5 0 100.00% -aes256.c:aes256_gcm 52 1 98.08% 60 4 93.33% --------------------------------------------------------------------------------------------------------- -TOTAL 118 3 97.46% 157 11 92.99% +aes256.c:aes256_gcm 73 3 95.89% 64 10 84.38% +------------------------------------------------------------------------------ +TOTAL 150 5 96.67% 161 17 89.44% File '/libfido2/src/assert.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ -fido_dev_get_assert 40 0 100.00% 35 0 100.00% +--------------------------------------------------------------------------------------- +fido_dev_get_assert 50 0 100.00% 35 0 100.00% fido_check_flags 13 0 100.00% 15 0 100.00% -fido_get_signed_hash 20 1 95.00% 34 3 91.18% -fido_assert_verify 50 4 92.00% 70 7 90.00% +fido_get_signed_hash 27 1 96.30% 34 3 91.18% +fido_assert_verify 59 4 93.22% 70 7 90.00% fido_assert_set_clientdata 12 12 0.00% 11 11 0.00% fido_assert_set_clientdata_hash 8 0 100.00% 6 0 100.00% fido_assert_set_hmac_salt 10 0 100.00% 6 0 100.00% fido_assert_set_hmac_secret 12 12 0.00% 7 7 0.00% -fido_assert_set_rp 12 0 100.00% 11 0 100.00% +fido_assert_set_rp 16 0 100.00% 11 0 100.00% fido_assert_set_winhello_appid 2 2 0.00% 5 5 0.00% -fido_assert_allow_cred 13 2 84.62% 22 3 86.36% +fido_assert_allow_cred 16 2 87.50% 22 3 86.36% fido_assert_empty_allow_list 2 0 100.00% 5 0 100.00% fido_assert_set_extensions 14 0 100.00% 10 0 100.00% fido_assert_set_options 8 8 0.00% 5 5 0.00% @@ -34,71 +34,71 @@ fido_assert_set_uv 2 0 100.00% 4 0 fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00% fido_assert_new 1 0 100.00% 3 0 100.00% -fido_assert_reset_tx 1 0 100.00% 13 0 100.00% -fido_assert_reset_rx 4 0 100.00% 20 0 100.00% -fido_assert_free 6 0 100.00% 9 0 100.00% +fido_assert_reset_tx 3 0 100.00% 12 0 100.00% +fido_assert_reset_rx 5 0 100.00% 19 0 100.00% +fido_assert_free 10 0 100.00% 8 0 100.00% fido_assert_count 1 0 100.00% 3 0 100.00% fido_assert_rp_id 1 0 100.00% 3 0 100.00% fido_assert_flags 4 0 100.00% 5 0 100.00% fido_assert_sigcount 4 0 100.00% 5 0 100.00% -fido_assert_authdata_ptr 4 0 100.00% 5 0 100.00% +fido_assert_authdata_ptr 5 0 100.00% 5 0 100.00% fido_assert_authdata_len 4 0 100.00% 5 0 100.00% -fido_assert_authdata_raw_ptr 4 0 100.00% 5 0 100.00% +fido_assert_authdata_raw_ptr 5 0 100.00% 5 0 100.00% fido_assert_authdata_raw_len 4 0 100.00% 5 0 100.00% -fido_assert_sig_ptr 4 0 100.00% 5 0 100.00% +fido_assert_sig_ptr 5 0 100.00% 5 0 100.00% fido_assert_sig_len 4 0 100.00% 5 0 100.00% -fido_assert_id_ptr 4 0 100.00% 5 0 100.00% +fido_assert_id_ptr 5 0 100.00% 5 0 100.00% fido_assert_id_len 4 0 100.00% 5 0 100.00% -fido_assert_user_id_ptr 4 0 100.00% 5 0 100.00% +fido_assert_user_id_ptr 5 0 100.00% 5 0 100.00% fido_assert_user_id_len 4 0 100.00% 5 0 100.00% -fido_assert_user_icon 4 0 100.00% 5 0 100.00% -fido_assert_user_name 4 0 100.00% 5 0 100.00% -fido_assert_user_display_name 4 0 100.00% 5 0 100.00% -fido_assert_hmac_secret_ptr 4 0 100.00% 5 0 100.00% +fido_assert_user_icon 5 0 100.00% 5 0 100.00% +fido_assert_user_name 5 0 100.00% 5 0 100.00% +fido_assert_user_display_name 5 0 100.00% 5 0 100.00% +fido_assert_hmac_secret_ptr 5 0 100.00% 5 0 100.00% fido_assert_hmac_secret_len 4 0 100.00% 5 0 100.00% -fido_assert_largeblob_key_ptr 4 0 100.00% 5 0 100.00% +fido_assert_largeblob_key_ptr 5 0 100.00% 5 0 100.00% fido_assert_largeblob_key_len 4 0 100.00% 5 0 100.00% -fido_assert_blob_ptr 4 0 100.00% 5 0 100.00% +fido_assert_blob_ptr 5 0 100.00% 5 0 100.00% fido_assert_blob_len 4 0 100.00% 5 0 100.00% -fido_assert_set_authdata 28 0 100.00% 33 0 100.00% -fido_assert_set_authdata_raw 28 0 100.00% 32 0 100.00% -fido_assert_set_sig 14 0 100.00% 7 0 100.00% -fido_assert_set_count 10 0 100.00% 17 0 100.00% +fido_assert_set_authdata 34 0 100.00% 33 0 100.00% +fido_assert_set_authdata_raw 34 0 100.00% 32 0 100.00% +fido_assert_set_sig 16 0 100.00% 7 0 100.00% +fido_assert_set_count 12 0 100.00% 17 0 100.00% assert.c:fido_dev_get_assert_wait 21 0 100.00% 14 0 100.00% -assert.c:fido_dev_get_assert_tx 56 2 96.43% 62 5 91.94% -assert.c:fido_dev_get_assert_rx 27 0 100.00% 36 0 100.00% -assert.c:adjust_assert_count 24 0 100.00% 26 0 100.00% -assert.c:parse_assert_reply 15 0 100.00% 28 0 100.00% +assert.c:fido_dev_get_assert_tx 67 2 97.01% 62 5 91.94% +assert.c:fido_dev_get_assert_rx 29 0 100.00% 36 0 100.00% +assert.c:adjust_assert_count 28 0 100.00% 26 0 100.00% +assert.c:parse_assert_reply 17 0 100.00% 28 0 100.00% assert.c:fido_get_next_assert_tx 8 0 100.00% 8 0 100.00% -assert.c:fido_get_next_assert_rx 23 2 91.30% 29 5 82.76% -assert.c:decrypt_hmac_secrets 9 0 100.00% 15 0 100.00% -assert.c:get_es256_hash 16 0 100.00% 17 0 100.00% -assert.c:get_es384_hash 16 0 100.00% 17 0 100.00% -assert.c:get_eddsa_hash 6 0 100.00% 9 0 100.00% +assert.c:fido_get_next_assert_rx 24 2 91.67% 29 5 82.76% +assert.c:decrypt_hmac_secrets 10 0 100.00% 15 0 100.00% +assert.c:get_es256_hash 26 0 100.00% 17 0 100.00% +assert.c:get_es384_hash 26 0 100.00% 17 0 100.00% +assert.c:get_eddsa_hash 8 0 100.00% 9 0 100.00% assert.c:check_extensions 5 0 100.00% 9 0 100.00% assert.c:fido_assert_reset_extattr 1 0 100.00% 5 0 100.00% assert.c:fido_assert_clean_authdata 1 0 100.00% 6 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 628 45 92.83% 782 51 93.48% +--------------------------------------------------------------------------------------- +TOTAL 738 45 93.90% 779 51 93.45% File '/libfido2/src/authkey.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- fido_dev_authkey 1 0 100.00% 3 0 100.00% authkey.c:fido_dev_authkey_wait 10 0 100.00% 7 0 100.00% -authkey.c:fido_dev_authkey_tx 19 0 100.00% 25 0 100.00% -authkey.c:fido_dev_authkey_rx 14 0 100.00% 21 0 100.00% -authkey.c:parse_authkey 8 0 100.00% 10 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 52 0 100.00% 66 0 100.00% +authkey.c:fido_dev_authkey_tx 22 0 100.00% 25 0 100.00% +authkey.c:fido_dev_authkey_rx 15 0 100.00% 21 0 100.00% +authkey.c:parse_authkey 10 0 100.00% 10 0 100.00% +--------------------------------------------------------------------------------------- +TOTAL 58 0 100.00% 66 0 100.00% File '/libfido2/src/bio.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ -fido_bio_dev_get_template_array 5 2 60.00% 6 1 83.33% -fido_bio_dev_set_template_name 7 0 100.00% 6 0 100.00% -fido_bio_dev_enroll_begin 25 2 92.00% 31 1 96.77% -fido_bio_dev_enroll_continue 5 2 60.00% 6 1 83.33% +--------------------------------------------------------------------------------------- +fido_bio_dev_get_template_array 6 2 66.67% 6 1 83.33% +fido_bio_dev_set_template_name 10 0 100.00% 6 0 100.00% +fido_bio_dev_enroll_begin 34 2 94.12% 31 1 96.77% +fido_bio_dev_enroll_continue 6 2 66.67% 6 1 83.33% fido_bio_dev_enroll_cancel 1 1 0.00% 4 4 0.00% fido_bio_dev_enroll_remove 1 0 100.00% 4 0 100.00% fido_bio_dev_get_info 1 0 100.00% 4 0 100.00% @@ -108,194 +108,195 @@ fido_bio_template_id_len 1 0 100.00% 3 0 fido_bio_template_array_count 1 0 100.00% 3 0 100.00% fido_bio_template_array_new 1 0 100.00% 3 0 100.00% fido_bio_template_new 1 0 100.00% 3 0 100.00% -fido_bio_template_array_free 6 0 100.00% 8 0 100.00% -fido_bio_template_free 6 0 100.00% 8 0 100.00% -fido_bio_template_set_name 8 0 100.00% 7 0 100.00% +fido_bio_template_array_free 10 0 100.00% 7 0 100.00% +fido_bio_template_free 10 0 100.00% 7 0 100.00% +fido_bio_template_set_name 10 0 100.00% 7 0 100.00% fido_bio_template_set_id 8 0 100.00% 6 0 100.00% -fido_bio_template 4 0 100.00% 5 0 100.00% +fido_bio_template 5 0 100.00% 5 0 100.00% fido_bio_enroll_new 1 0 100.00% 3 0 100.00% fido_bio_info_new 1 0 100.00% 3 0 100.00% fido_bio_info_type 1 0 100.00% 3 0 100.00% fido_bio_info_max_samples 1 0 100.00% 3 0 100.00% -fido_bio_enroll_free 6 0 100.00% 8 0 100.00% -fido_bio_info_free 6 0 100.00% 7 0 100.00% +fido_bio_enroll_free 10 0 100.00% 7 0 100.00% +fido_bio_info_free 10 0 100.00% 6 0 100.00% fido_bio_enroll_remaining_samples 1 0 100.00% 3 0 100.00% fido_bio_enroll_last_status 1 0 100.00% 3 0 100.00% -bio.c:bio_get_template_array_wait 11 0 100.00% 7 0 100.00% -bio.c:bio_tx 42 0 100.00% 55 0 100.00% +bio.c:bio_get_template_array_wait 13 0 100.00% 7 0 100.00% +bio.c:bio_tx 51 0 100.00% 55 0 100.00% bio.c:bio_get_cmd 8 0 100.00% 5 0 100.00% -bio.c:bio_prepare_hmac 18 0 100.00% 29 0 100.00% -bio.c:bio_rx_template_array 19 0 100.00% 24 0 100.00% -bio.c:bio_parse_template_array 26 1 96.15% 27 4 85.19% -bio.c:decode_template_array 12 1 91.67% 18 3 83.33% -bio.c:decode_template 9 0 100.00% 15 0 100.00% -bio.c:bio_set_template_name_wait 19 0 100.00% 20 0 100.00% -bio.c:bio_enroll_begin_wait 17 0 100.00% 19 0 100.00% -bio.c:bio_rx_enroll_begin 23 0 100.00% 31 0 100.00% -bio.c:bio_parse_enroll_status 20 0 100.00% 28 0 100.00% -bio.c:bio_parse_template_id 8 0 100.00% 10 0 100.00% -bio.c:bio_enroll_continue_wait 19 0 100.00% 20 0 100.00% -bio.c:bio_rx_enroll_continue 19 0 100.00% 25 0 100.00% -bio.c:bio_enroll_cancel_wait 11 11 0.00% 10 10 0.00% -bio.c:bio_enroll_remove_wait 17 0 100.00% 19 0 100.00% -bio.c:bio_get_info_wait 11 0 100.00% 10 0 100.00% -bio.c:bio_rx_info 19 0 100.00% 24 0 100.00% +bio.c:bio_prepare_hmac 26 0 100.00% 29 0 100.00% +bio.c:bio_rx_template_array 20 0 100.00% 24 0 100.00% +bio.c:bio_parse_template_array 34 1 97.06% 27 4 85.19% +bio.c:decode_template_array 15 1 93.33% 18 3 83.33% +bio.c:decode_template 11 0 100.00% 15 0 100.00% +bio.c:bio_set_template_name_wait 23 0 100.00% 20 0 100.00% +bio.c:bio_enroll_begin_wait 19 0 100.00% 19 0 100.00% +bio.c:bio_rx_enroll_begin 24 0 100.00% 31 0 100.00% +bio.c:bio_parse_enroll_status 24 0 100.00% 28 0 100.00% +bio.c:bio_parse_template_id 10 0 100.00% 10 0 100.00% +bio.c:bio_enroll_continue_wait 23 0 100.00% 20 0 100.00% +bio.c:bio_rx_enroll_continue 20 0 100.00% 25 0 100.00% +bio.c:bio_enroll_cancel_wait 14 14 0.00% 10 10 0.00% +bio.c:bio_enroll_remove_wait 19 0 100.00% 19 0 100.00% +bio.c:bio_get_info_wait 14 0 100.00% 10 0 100.00% +bio.c:bio_rx_info 20 0 100.00% 24 0 100.00% bio.c:bio_reset_info 1 0 100.00% 4 0 100.00% -bio.c:bio_parse_info 20 0 100.00% 28 0 100.00% -bio.c:bio_reset_template_array 4 0 100.00% 7 0 100.00% -bio.c:bio_reset_template 1 0 100.00% 5 0 100.00% +bio.c:bio_parse_info 24 0 100.00% 28 0 100.00% +bio.c:bio_reset_template_array 5 0 100.00% 6 0 100.00% +bio.c:bio_reset_template 2 0 100.00% 4 0 100.00% bio.c:bio_reset_enroll 3 0 100.00% 6 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 458 20 95.63% 592 24 95.95% +--------------------------------------------------------------------------------------- +TOTAL 557 23 95.87% 586 24 95.90% File '/libfido2/src/blob.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- fido_blob_new 1 0 100.00% 3 0 100.00% fido_blob_reset 1 0 100.00% 4 0 100.00% -fido_blob_set 9 0 100.00% 15 0 100.00% -fido_blob_append 12 1 91.67% 20 3 85.00% -fido_blob_free 6 0 100.00% 8 0 100.00% -fido_free_blob_array 7 0 100.00% 12 0 100.00% -fido_blob_encode 6 0 100.00% 5 0 100.00% +fido_blob_set 12 0 100.00% 15 0 100.00% +fido_blob_append 17 1 94.12% 20 3 85.00% +fido_blob_free 10 0 100.00% 7 0 100.00% +fido_free_blob_array 10 0 100.00% 11 0 100.00% +fido_blob_encode 10 0 100.00% 5 0 100.00% fido_blob_decode 1 0 100.00% 3 0 100.00% -fido_blob_is_empty 3 0 100.00% 3 0 100.00% -fido_blob_serialise 7 1 85.71% 10 1 90.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 53 2 96.23% 83 4 95.18% +fido_blob_is_empty 5 0 100.00% 3 0 100.00% +fido_blob_serialise 8 1 87.50% 10 1 90.00% +--------------------------------------------------------------------------------------- +TOTAL 75 2 97.33% 81 4 95.06% File '/libfido2/src/buf.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- fido_buf_read 4 0 100.00% 8 0 100.00% fido_buf_write 4 0 100.00% 8 0 100.00% ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- TOTAL 8 0 100.00% 16 0 100.00% File '/libfido2/src/cbor.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------- -cbor_map_iter 20 1 95.00% 26 4 84.62% -cbor_array_iter 12 0 100.00% 16 0 100.00% -cbor_parse_reply 27 0 100.00% 36 0 100.00% -cbor_vector_free 6 0 100.00% 5 0 100.00% -cbor_bytestring_copy 14 0 100.00% 18 0 100.00% -cbor_string_copy 14 0 100.00% 18 0 100.00% -cbor_add_bytestring 14 0 100.00% 21 0 100.00% -cbor_add_string 14 0 100.00% 21 0 100.00% -cbor_add_bool 14 0 100.00% 21 0 100.00% -cbor_flatten_vector 14 1 92.86% 16 1 93.75% -cbor_build_frame 15 0 100.00% 25 0 100.00% -cbor_encode_rp_entity 13 0 100.00% 11 0 100.00% -cbor_encode_user_entity 21 0 100.00% 15 0 100.00% -cbor_encode_pubkey_param 36 0 100.00% 39 0 100.00% -cbor_encode_pubkey 10 0 100.00% 11 0 100.00% -cbor_encode_pubkey_list 18 0 100.00% 19 0 100.00% -cbor_encode_str_array 18 0 100.00% 19 0 100.00% -cbor_encode_cred_ext 55 0 100.00% 50 0 100.00% -cbor_encode_cred_opt 13 0 100.00% 11 0 100.00% -cbor_encode_assert_opt 13 0 100.00% 11 0 100.00% -cbor_encode_pin_auth 21 1 95.24% 22 3 86.36% -cbor_encode_pin_opt 4 0 100.00% 8 0 100.00% -cbor_encode_change_pin_auth 32 1 96.88% 36 3 91.67% -cbor_encode_assert_ext 33 0 100.00% 32 0 100.00% -cbor_decode_fmt 13 0 100.00% 15 0 100.00% +---------------------------------------------------------------------------------------- +cbor_map_iter 24 1 95.83% 26 4 84.62% +cbor_array_iter 15 0 100.00% 16 0 100.00% +cbor_parse_reply 33 0 100.00% 36 0 100.00% +cbor_vector_free 7 0 100.00% 5 0 100.00% +cbor_bytestring_copy 20 0 100.00% 18 0 100.00% +cbor_string_copy 23 0 100.00% 18 0 100.00% +cbor_add_bytestring 17 0 100.00% 21 0 100.00% +cbor_add_string 17 0 100.00% 21 0 100.00% +cbor_add_bool 17 0 100.00% 21 0 100.00% +cbor_flatten_vector 19 2 89.47% 16 1 93.75% +cbor_build_frame 22 0 100.00% 25 0 100.00% +cbor_encode_rp_entity 17 0 100.00% 11 0 100.00% +cbor_encode_user_entity 25 0 100.00% 15 0 100.00% +cbor_encode_pubkey_param 55 0 100.00% 39 0 100.00% +cbor_encode_pubkey 14 0 100.00% 11 0 100.00% +cbor_encode_pubkey_list 27 0 100.00% 18 0 100.00% +cbor_encode_str_array 27 0 100.00% 18 0 100.00% +cbor_encode_cred_ext 65 0 100.00% 50 0 100.00% +cbor_encode_cred_opt 17 0 100.00% 11 0 100.00% +cbor_encode_assert_opt 17 0 100.00% 11 0 100.00% +cbor_encode_pin_auth 29 2 93.10% 22 3 86.36% +cbor_encode_pin_opt 5 0 100.00% 8 0 100.00% +cbor_encode_change_pin_auth 42 1 97.62% 36 3 91.67% +cbor_encode_assert_ext 39 0 100.00% 32 0 100.00% +cbor_decode_fmt 14 0 100.00% 15 0 100.00% cbor_decode_pubkey 26 1 96.15% 36 2 94.44% -cbor_decode_attobj 8 0 100.00% 9 0 100.00% -cbor_decode_cred_authdata 31 1 96.77% 35 3 91.43% -cbor_decode_assert_authdata 21 1 95.24% 32 3 90.62% -cbor_decode_attstmt 13 0 100.00% 16 0 100.00% -cbor_decode_uint64 4 0 100.00% 8 0 100.00% -cbor_decode_cred_id 8 0 100.00% 9 0 100.00% -cbor_decode_user 8 0 100.00% 9 0 100.00% -cbor_decode_rp_entity 8 0 100.00% 9 0 100.00% -cbor_decode_bool 10 0 100.00% 11 0 100.00% -cbor_build_uint 10 1 90.00% 9 1 88.89% -cbor_array_append 17 0 100.00% 21 0 100.00% -cbor_array_drop 18 0 100.00% 17 0 100.00% +cbor_decode_attobj 12 0 100.00% 9 0 100.00% +cbor_decode_cred_authdata 40 1 97.50% 35 3 91.43% +cbor_decode_assert_authdata 28 1 96.43% 32 3 90.62% +cbor_decode_attstmt 19 0 100.00% 16 0 100.00% +cbor_decode_uint64 5 0 100.00% 8 0 100.00% +cbor_decode_cred_id 12 0 100.00% 9 0 100.00% +cbor_decode_user 12 0 100.00% 9 0 100.00% +cbor_decode_rp_entity 12 0 100.00% 9 0 100.00% +cbor_decode_bool 14 0 100.00% 11 0 100.00% +cbor_build_uint 13 1 92.31% 9 1 88.89% +cbor_array_append 24 0 100.00% 21 0 100.00% +cbor_array_drop 21 0 100.00% 17 0 100.00% cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00% cbor.c:check_key_type 8 0 100.00% 7 0 100.00% -cbor.c:cbor_add_arg 13 0 100.00% 21 0 100.00% -cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00% -cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00% -cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88% -cbor.c:get_cose_alg 46 0 100.00% 45 0 100.00% -cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00% -cbor.c:decode_attobj 23 0 100.00% 37 0 100.00% -cbor.c:decode_attcred 25 0 100.00% 44 0 100.00% -cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00% -cbor.c:decode_cred_extension 41 0 100.00% 45 0 100.00% -cbor.c:decode_assert_extensions 14 0 100.00% 23 0 100.00% -cbor.c:decode_assert_extension 19 0 100.00% 27 0 100.00% -cbor.c:decode_attstmt_entry 52 0 100.00% 49 0 100.00% -cbor.c:decode_x5c_array 9 1 88.89% 12 3 75.00% -cbor.c:decode_x5c 10 1 90.00% 22 3 86.36% -cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 100.00% -cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00% -cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00% ------------------------------------------------------------------------------------------------------------------- -TOTAL 1112 14 98.74% 1330 34 97.44% +cbor.c:cbor_add_arg 15 0 100.00% 21 0 100.00% +cbor.c:cbor_add_uint8 17 0 100.00% 21 0 100.00% +cbor.c:cbor_encode_largeblob_key_ext 8 0 100.00% 6 0 100.00% +cbor.c:cbor_encode_hmac_secret_param 81 4 95.06% 66 8 87.88% +cbor.c:get_cose_alg 50 0 100.00% 45 0 100.00% +cbor.c:find_cose_alg 51 0 100.00% 33 0 100.00% +cbor.c:decode_attobj 24 0 100.00% 37 0 100.00% +cbor.c:decode_attcred 30 0 100.00% 44 0 100.00% +cbor.c:decode_cred_extensions 21 0 100.00% 24 0 100.00% +cbor.c:decode_cred_extension 48 0 100.00% 45 0 100.00% +cbor.c:decode_assert_extensions 21 0 100.00% 23 0 100.00% +cbor.c:decode_assert_extension 20 0 100.00% 27 0 100.00% +cbor.c:decode_attstmt_entry 56 0 100.00% 49 0 100.00% +cbor.c:decode_x5c_array 12 1 91.67% 12 3 75.00% +cbor.c:decode_x5c 14 1 92.86% 22 3 86.36% +cbor.c:decode_cred_id_entry 11 0 100.00% 19 0 100.00% +cbor.c:decode_user_entry 26 0 100.00% 35 0 100.00% +cbor.c:decode_rp_entity_entry 16 0 100.00% 25 0 100.00% +---------------------------------------------------------------------------------------- +TOTAL 1402 16 98.86% 1328 34 97.44% File '/libfido2/src/compress.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------- +---------------------------------------------------------------------------------------- fido_compress 1 0 100.00% 3 0 100.00% fido_uncompress 6 0 100.00% 5 0 100.00% -compress.c:rfc1951_deflate 33 4 87.88% 47 6 87.23% -compress.c:rfc1950_inflate 27 2 92.59% 22 4 81.82% -compress.c:rfc1951_inflate 38 8 78.95% 45 14 68.89% ------------------------------------------------------------------------------------------------------------------- -TOTAL 105 14 86.67% 122 24 80.33% +compress.c:rfc1951_deflate 42 4 90.48% 47 6 87.23% +compress.c:rfc1950_inflate 42 2 95.24% 22 4 81.82% +compress.c:rfc1951_inflate 49 8 83.67% 45 14 68.89% +---------------------------------------------------------------------------------------- +TOTAL 140 14 90.00% 122 24 80.33% File '/libfido2/src/config.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_dev_enable_entattest 1 0 100.00% 4 0 100.00% fido_dev_toggle_always_uv 1 0 100.00% 4 0 100.00% -fido_dev_set_pin_minlen 1 0 100.00% 4 0 100.00% -fido_dev_force_pin_change 1 0 100.00% 4 0 100.00% -fido_dev_set_pin_minlen_rpid 6 0 100.00% 15 0 100.00% -config.c:config_enable_entattest_wait 6 0 100.00% 7 0 100.00% -config.c:config_tx 39 0 100.00% 49 0 100.00% -config.c:config_prepare_hmac 10 0 100.00% 21 0 100.00% -config.c:config_toggle_always_uv_wait 6 0 100.00% 7 0 100.00% +fido_dev_set_pin_minlen 3 0 100.00% 4 0 100.00% +fido_dev_force_pin_change 3 0 100.00% 4 0 100.00% +fido_dev_set_pin_minlen_rpid 7 0 100.00% 15 0 100.00% +config.c:config_enable_entattest_wait 7 0 100.00% 7 0 100.00% +config.c:config_tx 46 0 100.00% 49 0 100.00% +config.c:config_prepare_hmac 12 0 100.00% 21 0 100.00% +config.c:config_toggle_always_uv_wait 7 0 100.00% 7 0 100.00% config.c:config_pin_minlen 5 0 100.00% 7 0 100.00% -config.c:config_pin_minlen_tx 36 0 100.00% 32 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 112 0 100.00% 154 0 100.00% +config.c:config_pin_minlen_tx 45 0 100.00% 32 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 137 0 100.00% 154 0 100.00% File '/libfido2/src/cred.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_dev_make_cred 12 0 100.00% 10 0 100.00% -fido_check_rp_id 4 0 100.00% 11 0 100.00% -fido_cred_verify 59 2 96.61% 75 4 94.67% -fido_cred_verify_self 60 4 93.33% 87 7 91.95% +----------------------------------------------------------------------------------------- +fido_dev_make_cred 15 0 100.00% 10 0 100.00% +fido_check_rp_id 5 0 100.00% 10 0 100.00% +fido_cred_verify 72 0 100.00% 75 0 100.00% +fido_cred_verify_self 73 4 94.52% 87 7 91.95% fido_cred_new 1 0 100.00% 3 0 100.00% -fido_cred_reset_tx 1 0 100.00% 18 0 100.00% -fido_cred_reset_rx 1 0 100.00% 4 0 100.00% -fido_cred_free 6 0 100.00% 9 0 100.00% -fido_cred_set_authdata 23 0 100.00% 28 0 100.00% -fido_cred_set_authdata_raw 25 0 100.00% 29 0 100.00% +fido_cred_reset_tx 1 0 100.00% 19 0 100.00% +fido_cred_reset_rx 2 0 100.00% 4 0 100.00% +fido_cred_free 10 0 100.00% 8 0 100.00% +fido_cred_set_authdata 28 0 100.00% 28 0 100.00% +fido_cred_set_authdata_raw 30 0 100.00% 29 0 100.00% fido_cred_set_id 6 0 100.00% 5 0 100.00% -fido_cred_set_x509 14 2 85.71% 21 3 85.71% +fido_cred_set_x509 18 2 88.89% 21 3 85.71% fido_cred_set_sig 6 0 100.00% 5 0 100.00% -fido_cred_set_attstmt 20 0 100.00% 23 0 100.00% -fido_cred_set_attobj 17 0 100.00% 21 0 100.00% -fido_cred_exclude 14 2 85.71% 19 3 84.21% +fido_cred_set_attstmt 25 0 100.00% 23 0 100.00% +fido_cred_set_attobj 22 0 100.00% 21 0 100.00% +fido_cred_exclude 17 2 88.24% 19 3 84.21% fido_cred_empty_exclude_list 2 0 100.00% 5 0 100.00% fido_cred_set_clientdata 12 12 0.00% 11 11 0.00% fido_cred_set_clientdata_hash 8 0 100.00% 6 0 100.00% -fido_cred_set_rp 18 0 100.00% 22 0 100.00% -fido_cred_set_user 32 0 100.00% 41 0 100.00% +fido_cred_set_rp 30 0 100.00% 22 0 100.00% +fido_cred_set_user 55 0 100.00% 41 0 100.00% fido_cred_set_extensions 16 0 100.00% 10 0 100.00% fido_cred_set_options 8 8 0.00% 5 5 0.00% fido_cred_set_rk 2 0 100.00% 4 0 100.00% fido_cred_set_uv 2 0 100.00% 4 0 100.00% +fido_cred_set_entattest 13 0 100.00% 7 0 100.00% fido_cred_set_prot 21 0 100.00% 14 0 100.00% fido_cred_set_pin_minlen 7 0 100.00% 8 0 100.00% -fido_cred_set_blob 13 0 100.00% 8 0 100.00% -fido_cred_set_fmt 20 4 80.00% 12 2 83.33% +fido_cred_set_blob 15 0 100.00% 8 0 100.00% +fido_cred_set_fmt 23 4 82.61% 12 2 83.33% fido_cred_set_type 23 2 91.30% 9 1 88.89% fido_cred_type 1 0 100.00% 3 0 100.00% fido_cred_flags 1 0 100.00% 3 0 100.00% @@ -305,7 +306,7 @@ fido_cred_clientdata_hash_len 1 0 100.00% 3 fido_cred_x5c_ptr 1 0 100.00% 3 0 100.00% fido_cred_x5c_len 1 0 100.00% 3 0 100.00% fido_cred_x5c_list_count 1 0 100.00% 3 0 100.00% -fido_cred_x5c_list_ptr 4 0 100.00% 5 0 100.00% +fido_cred_x5c_list_ptr 5 0 100.00% 5 0 100.00% fido_cred_x5c_list_len 4 0 100.00% 5 0 100.00% fido_cred_sig_ptr 1 0 100.00% 3 0 100.00% fido_cred_sig_len 1 0 100.00% 3 0 100.00% @@ -315,7 +316,7 @@ fido_cred_authdata_raw_ptr 1 0 100.00% 3 fido_cred_authdata_raw_len 1 0 100.00% 3 0 100.00% fido_cred_attstmt_ptr 1 0 100.00% 3 0 100.00% fido_cred_attstmt_len 1 0 100.00% 3 0 100.00% -fido_cred_pubkey_ptr 11 0 100.00% 21 0 100.00% +fido_cred_pubkey_ptr 12 0 100.00% 21 0 100.00% fido_cred_pubkey_len 11 0 100.00% 21 0 100.00% fido_cred_id_ptr 1 0 100.00% 3 0 100.00% fido_cred_id_len 1 0 100.00% 3 0 100.00% @@ -332,82 +333,83 @@ fido_cred_user_id_ptr 1 0 100.00% 3 fido_cred_user_id_len 1 0 100.00% 3 0 100.00% fido_cred_largeblob_key_ptr 1 0 100.00% 3 0 100.00% fido_cred_largeblob_key_len 1 0 100.00% 3 0 100.00% +fido_cred_entattest 1 0 100.00% 3 0 100.00% cred.c:fido_dev_make_cred_wait 10 0 100.00% 7 0 100.00% -cred.c:fido_dev_make_cred_tx 64 0 100.00% 70 0 100.00% -cred.c:fido_dev_make_cred_rx 29 0 100.00% 32 0 100.00% -cred.c:parse_makecred_reply 14 0 100.00% 27 0 100.00% +cred.c:fido_dev_make_cred_tx 87 0 100.00% 77 0 100.00% +cred.c:fido_dev_make_cred_rx 32 0 100.00% 32 0 100.00% +cred.c:parse_makecred_reply 17 0 100.00% 29 0 100.00% cred.c:check_extensions 2 0 100.00% 6 0 100.00% -cred.c:get_signed_hash_u2f 27 0 100.00% 27 0 100.00% -cred.c:verify_attstmt 28 3 89.29% 48 10 79.17% -cred.c:fido_cred_clean_attobj 1 0 100.00% 6 0 100.00% +cred.c:get_signed_hash_u2f 38 0 100.00% 27 0 100.00% +cred.c:verify_attstmt 38 3 92.11% 48 10 79.17% +cred.c:fido_cred_clean_attobj 2 0 100.00% 5 0 100.00% cred.c:fido_cred_clean_authdata 1 0 100.00% 8 0 100.00% cred.c:fido_cred_clean_attstmt 1 0 100.00% 8 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 691 39 94.36% 911 46 94.95% +----------------------------------------------------------------------------------------- +TOTAL 860 37 95.70% 928 42 95.47% File '/libfido2/src/credman.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_credman_get_dev_metadata 1 0 100.00% 4 0 100.00% fido_credman_get_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_del_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_get_dev_rp 1 0 100.00% 4 0 100.00% fido_credman_set_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_rk_new 1 0 100.00% 3 0 100.00% -fido_credman_rk_free 6 1 83.33% 8 1 87.50% +fido_credman_rk_free 10 1 90.00% 7 1 85.71% fido_credman_rk_count 1 0 100.00% 3 0 100.00% -fido_credman_rk 4 0 100.00% 5 0 100.00% +fido_credman_rk 5 0 100.00% 5 0 100.00% fido_credman_metadata_new 1 0 100.00% 3 0 100.00% -fido_credman_metadata_free 6 1 83.33% 7 1 85.71% +fido_credman_metadata_free 10 1 90.00% 6 1 83.33% fido_credman_rk_existing 1 0 100.00% 3 0 100.00% fido_credman_rk_remaining 1 0 100.00% 3 0 100.00% fido_credman_rp_new 1 0 100.00% 3 0 100.00% -fido_credman_rp_free 6 1 83.33% 8 1 87.50% +fido_credman_rp_free 10 1 90.00% 7 1 85.71% fido_credman_rp_count 1 0 100.00% 3 0 100.00% -fido_credman_rp_id 4 0 100.00% 5 0 100.00% -fido_credman_rp_name 4 0 100.00% 5 0 100.00% +fido_credman_rp_id 5 0 100.00% 5 0 100.00% +fido_credman_rp_name 5 0 100.00% 5 0 100.00% fido_credman_rp_id_hash_len 4 0 100.00% 5 0 100.00% -fido_credman_rp_id_hash_ptr 4 0 100.00% 5 0 100.00% -credman.c:credman_get_metadata_wait 11 0 100.00% 8 0 100.00% -credman.c:credman_tx 35 0 100.00% 50 0 100.00% +fido_credman_rp_id_hash_ptr 5 0 100.00% 5 0 100.00% +credman.c:credman_get_metadata_wait 13 0 100.00% 8 0 100.00% +credman.c:credman_tx 41 0 100.00% 50 0 100.00% credman.c:credman_get_cmd 7 0 100.00% 5 0 100.00% -credman.c:credman_prepare_hmac 31 1 96.77% 50 2 96.00% -credman.c:credman_rx_metadata 19 0 100.00% 24 0 100.00% -credman.c:credman_parse_metadata 9 0 100.00% 17 0 100.00% -credman.c:credman_get_rk_wait 27 0 100.00% 23 0 100.00% -credman.c:credman_rx_rk 27 0 100.00% 35 0 100.00% -credman.c:credman_parse_rk_count 16 0 100.00% 20 0 100.00% -credman.c:credman_grow_array 17 2 88.24% 21 5 76.19% -credman.c:credman_parse_rk 23 0 100.00% 31 0 100.00% -credman.c:credman_rx_next_rk 23 2 91.30% 29 5 82.76% -credman.c:credman_del_rk_wait 16 0 100.00% 15 0 100.00% -credman.c:credman_get_rp_wait 23 0 100.00% 15 0 100.00% -credman.c:credman_rx_rp 27 0 100.00% 35 0 100.00% -credman.c:credman_parse_rp_count 16 0 100.00% 20 0 100.00% -credman.c:credman_parse_rp 9 0 100.00% 17 0 100.00% -credman.c:credman_rx_next_rp 23 2 91.30% 29 5 82.76% -credman.c:credman_set_dev_rk_wait 11 0 100.00% 8 0 100.00% -credman.c:credman_reset_rk 4 0 100.00% 9 0 100.00% -credman.c:credman_reset_rp 4 0 100.00% 12 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 428 10 97.66% 562 20 96.44% +credman.c:credman_prepare_hmac 38 1 97.37% 50 2 96.00% +credman.c:credman_rx_metadata 20 0 100.00% 24 0 100.00% +credman.c:credman_parse_metadata 11 0 100.00% 17 0 100.00% +credman.c:credman_get_rk_wait 30 0 100.00% 23 0 100.00% +credman.c:credman_rx_rk 28 0 100.00% 35 0 100.00% +credman.c:credman_parse_rk_count 20 0 100.00% 20 0 100.00% +credman.c:credman_grow_array 19 2 89.47% 21 5 76.19% +credman.c:credman_parse_rk 27 0 100.00% 31 0 100.00% +credman.c:credman_rx_next_rk 24 2 91.67% 29 5 82.76% +credman.c:credman_del_rk_wait 17 0 100.00% 15 0 100.00% +credman.c:credman_get_rp_wait 28 0 100.00% 15 0 100.00% +credman.c:credman_rx_rp 28 0 100.00% 35 0 100.00% +credman.c:credman_parse_rp_count 20 0 100.00% 20 0 100.00% +credman.c:credman_parse_rp 11 0 100.00% 17 0 100.00% +credman.c:credman_rx_next_rp 24 2 91.67% 29 5 82.76% +credman.c:credman_set_dev_rk_wait 12 0 100.00% 8 0 100.00% +credman.c:credman_reset_rk 5 0 100.00% 8 0 100.00% +credman.c:credman_reset_rp 7 0 100.00% 11 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 496 10 97.98% 557 20 96.41% File '/libfido2/src/dev.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_dev_info_manifest 2 0 100.00% 11 0 100.00% -fido_dev_open_with_info 5 5 0.00% 6 6 0.00% +fido_dev_open_with_info 6 6 0.00% 6 6 0.00% fido_dev_open 13 4 69.23% 16 6 62.50% -fido_dev_close 9 2 77.78% 8 1 87.50% -fido_dev_set_sigmask 18 18 0.00% 11 11 0.00% -fido_dev_cancel 11 0 100.00% 8 0 100.00% -fido_dev_set_io_functions 18 4 77.78% 14 6 57.14% -fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67% +fido_dev_close 13 2 84.62% 8 1 87.50% +fido_dev_set_sigmask 23 23 0.00% 11 11 0.00% +fido_dev_cancel 13 0 100.00% 8 0 100.00% +fido_dev_set_io_functions 29 4 86.21% 14 6 57.14% +fido_dev_set_transport_functions 8 2 75.00% 9 3 66.67% fido_dev_io_handle 1 1 0.00% 3 3 0.00% -fido_init 8 1 87.50% 5 0 100.00% -fido_dev_new 5 0 100.00% 14 0 100.00% -fido_dev_new_with_info 10 10 0.00% 16 16 0.00% -fido_dev_free 6 0 100.00% 8 0 100.00% +fido_init 9 2 77.78% 5 0 100.00% +fido_dev_new 7 0 100.00% 14 0 100.00% +fido_dev_new_with_info 18 18 0.00% 16 16 0.00% +fido_dev_free 10 0 100.00% 7 0 100.00% fido_dev_protocol 1 0 100.00% 3 0 100.00% fido_dev_major 1 0 100.00% 3 0 100.00% fido_dev_minor 1 0 100.00% 3 0 100.00% @@ -429,112 +431,112 @@ fido_dev_maxmsgsize 1 0 100.00% 3 fido_dev_set_timeout 6 2 66.67% 6 1 83.33% dev.c:run_manifest 10 0 100.00% 13 0 100.00% dev.c:fido_dev_open_wait 10 0 100.00% 7 0 100.00% -dev.c:fido_dev_open_tx 56 11 80.36% 56 20 64.29% +dev.c:fido_dev_open_tx 62 11 82.26% 56 20 64.29% dev.c:set_random_report_len 11 0 100.00% 6 0 100.00% -dev.c:fido_dev_open_rx 36 1 97.22% 53 1 98.11% +dev.c:fido_dev_open_rx 40 1 97.50% 53 1 98.11% dev.c:fido_dev_set_flags 1 0 100.00% 5 0 100.00% dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 0 100.00% dev.c:fido_dev_set_option_flags 42 0 100.00% 25 0 100.00% dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 344 65 81.10% 383 80 79.11% +----------------------------------------------------------------------------------------- +TOTAL 394 80 79.70% 382 80 79.06% File '/libfido2/src/ecdh.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_do_ecdh 29 0 100.00% 36 0 100.00% -ecdh.c:do_ecdh 37 0 100.00% 44 0 100.00% -ecdh.c:kdf 19 1 94.74% 28 2 92.86% -ecdh.c:hkdf_sha256 32 1 96.88% 38 3 92.11% -------------------------------------------------------------------------------------------------------------------- -TOTAL 117 2 98.29% 146 5 96.58% +----------------------------------------------------------------------------------------- +fido_do_ecdh 38 0 100.00% 36 0 100.00% +ecdh.c:do_ecdh 57 0 100.00% 44 0 100.00% +ecdh.c:kdf 26 1 96.15% 28 2 92.86% +ecdh.c:hkdf_sha256 48 1 97.92% 38 3 92.11% +----------------------------------------------------------------------------------------- +TOTAL 169 2 98.82% 146 5 96.58% File '/libfido2/src/eddsa.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -eddsa_pk_decode 8 0 100.00% 9 0 100.00% +----------------------------------------------------------------------------------------- +eddsa_pk_decode 12 0 100.00% 9 0 100.00% eddsa_pk_new 1 0 100.00% 3 0 100.00% -eddsa_pk_free 6 0 100.00% 7 0 100.00% -eddsa_pk_from_ptr 10 0 100.00% 12 0 100.00% -eddsa_pk_to_EVP_PKEY 3 0 100.00% 7 0 100.00% -eddsa_pk_from_EVP_PKEY 18 2 88.89% 12 1 91.67% -eddsa_verify_sig 19 2 89.47% 30 6 80.00% -eddsa_pk_verify_sig 7 1 85.71% 13 2 84.62% -eddsa.c:decode_pubkey_point 8 0 100.00% 11 0 100.00% -eddsa.c:decode_coord 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 88 5 94.32% 114 9 92.11% +eddsa_pk_free 10 0 100.00% 6 0 100.00% +eddsa_pk_from_ptr 11 0 100.00% 12 0 100.00% +eddsa_pk_to_EVP_PKEY 8 0 100.00% 7 0 100.00% +eddsa_pk_from_EVP_PKEY 22 2 90.91% 12 1 91.67% +eddsa_verify_sig 30 2 93.33% 30 6 80.00% +eddsa_pk_verify_sig 9 1 88.89% 13 2 84.62% +eddsa.c:decode_pubkey_point 10 0 100.00% 11 0 100.00% +eddsa.c:decode_coord 12 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 125 5 96.00% 113 9 92.04% File '/libfido2/src/err.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_strerr 122 10 91.80% 126 10 92.06% -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- TOTAL 122 10 91.80% 126 10 92.06% File '/libfido2/src/es256.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -es256_pk_decode 8 0 100.00% 9 0 100.00% -es256_pk_encode 56 0 100.00% 48 0 100.00% +----------------------------------------------------------------------------------------- +es256_pk_decode 12 0 100.00% 9 0 100.00% +es256_pk_encode 80 0 100.00% 48 0 100.00% es256_sk_new 1 0 100.00% 3 0 100.00% -es256_sk_free 6 0 100.00% 7 0 100.00% +es256_sk_free 10 0 100.00% 6 0 100.00% es256_pk_new 1 0 100.00% 3 0 100.00% -es256_pk_free 6 0 100.00% 7 0 100.00% -es256_pk_from_ptr 15 0 100.00% 17 0 100.00% +es256_pk_free 10 0 100.00% 6 0 100.00% +es256_pk_from_ptr 16 0 100.00% 17 0 100.00% es256_pk_set_x 1 0 100.00% 4 0 100.00% es256_pk_set_y 1 0 100.00% 4 0 100.00% -es256_sk_create 39 0 100.00% 40 0 100.00% -es256_pk_to_EVP_PKEY 42 0 100.00% 53 0 100.00% -es256_pk_from_EC_KEY 42 2 95.24% 47 4 91.49% -es256_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00% -es256_sk_to_EVP_PKEY 28 0 100.00% 39 0 100.00% -es256_derive_pk 25 0 100.00% 29 0 100.00% -es256_verify_sig 12 2 83.33% 19 5 73.68% -es256_pk_verify_sig 7 1 85.71% 13 2 84.62% -es256.c:decode_pubkey_point 9 0 100.00% 13 0 100.00% -es256.c:decode_coord 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 315 5 98.41% 372 11 97.04% +es256_sk_create 60 0 100.00% 40 0 100.00% +es256_pk_to_EVP_PKEY 72 0 100.00% 53 0 100.00% +es256_pk_from_EC_KEY 58 2 96.55% 47 4 91.49% +es256_pk_from_EVP_PKEY 14 0 100.00% 7 0 100.00% +es256_sk_to_EVP_PKEY 48 0 100.00% 39 0 100.00% +es256_derive_pk 43 0 100.00% 29 0 100.00% +es256_verify_sig 19 1 94.74% 19 2 89.47% +es256_pk_verify_sig 9 1 88.89% 13 2 84.62% +es256.c:decode_pubkey_point 11 0 100.00% 13 0 100.00% +es256.c:decode_coord 12 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 478 4 99.16% 370 8 97.84% File '/libfido2/src/es384.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -es384_pk_decode 8 0 100.00% 9 0 100.00% +----------------------------------------------------------------------------------------- +es384_pk_decode 12 0 100.00% 9 0 100.00% es384_pk_new 1 0 100.00% 3 0 100.00% -es384_pk_free 6 0 100.00% 7 0 100.00% -es384_pk_from_ptr 15 0 100.00% 17 0 100.00% -es384_pk_to_EVP_PKEY 42 0 100.00% 53 0 100.00% -es384_pk_from_EC_KEY 42 2 95.24% 47 4 91.49% -es384_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00% -es384_verify_sig 12 2 83.33% 19 5 73.68% -es384_pk_verify_sig 7 1 85.71% 13 2 84.62% -es384.c:decode_pubkey_point 9 0 100.00% 13 0 100.00% -es384.c:decode_coord 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 158 5 96.84% 198 11 94.44% +es384_pk_free 10 0 100.00% 6 0 100.00% +es384_pk_from_ptr 16 0 100.00% 17 0 100.00% +es384_pk_to_EVP_PKEY 73 0 100.00% 53 0 100.00% +es384_pk_from_EC_KEY 59 2 96.61% 47 4 91.49% +es384_pk_from_EVP_PKEY 14 0 100.00% 7 0 100.00% +es384_verify_sig 19 2 89.47% 19 5 73.68% +es384_pk_verify_sig 9 1 88.89% 13 2 84.62% +es384.c:decode_pubkey_point 11 0 100.00% 13 0 100.00% +es384.c:decode_coord 12 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 236 5 97.88% 197 11 94.42% File '/libfido2/src/extern.h': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- File '/libfido2/src/fallthrough.h': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- File '/libfido2/src/fido.h': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- File '/libfido2/src/hid.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_hid_get_usage 13 0 100.00% 22 0 100.00% fido_hid_get_report_len 19 0 100.00% 27 0 100.00% fido_dev_info_new 1 0 100.00% 3 0 100.00% -fido_dev_info_free 9 0 100.00% 9 0 100.00% +fido_dev_info_free 13 0 100.00% 8 0 100.00% fido_dev_info_ptr 1 0 100.00% 3 0 100.00% -fido_dev_info_set 26 2 92.31% 30 3 90.00% +fido_dev_info_set 41 2 95.12% 30 3 90.00% fido_dev_info_path 1 0 100.00% 3 0 100.00% fido_dev_info_vendor 1 0 100.00% 3 0 100.00% fido_dev_info_product 1 0 100.00% 3 0 100.00% @@ -543,45 +545,45 @@ fido_dev_info_product_string 1 0 100.00% 3 hid.c:get_key_len 6 0 100.00% 12 0 100.00% hid.c:get_key_val 6 0 100.00% 18 0 100.00% hid.c:fido_dev_info_reset 1 0 100.00% 6 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 87 2 97.70% 145 3 97.93% +----------------------------------------------------------------------------------------- +TOTAL 106 2 98.11% 144 3 97.92% File '/libfido2/src/hid_linux.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_hid_manifest 35 4 88.57% 41 2 95.12% -fido_hid_open 33 33 0.00% 51 51 0.00% -fido_hid_close 3 3 0.00% 6 6 0.00% +----------------------------------------------------------------------------------------- +fido_hid_manifest 48 4 91.67% 41 2 95.12% +fido_hid_open 52 52 0.00% 51 51 0.00% +fido_hid_close 4 4 0.00% 6 6 0.00% fido_hid_set_sigmask 2 2 0.00% 6 6 0.00% -fido_hid_read 15 15 0.00% 21 21 0.00% -fido_hid_write 12 12 0.00% 17 17 0.00% +fido_hid_read 16 16 0.00% 21 21 0.00% +fido_hid_write 13 13 0.00% 17 17 0.00% fido_hid_report_in_len 1 1 0.00% 4 4 0.00% fido_hid_report_out_len 1 1 0.00% 4 4 0.00% -hid_linux.c:copy_info 38 0 100.00% 53 0 100.00% -hid_linux.c:is_fido 15 1 93.33% 16 1 93.75% -hid_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00% -hid_linux.c:parse_uevent 26 0 100.00% 29 0 100.00% +hid_linux.c:copy_info 63 0 100.00% 53 0 100.00% +hid_linux.c:is_fido 19 2 89.47% 16 1 93.75% +hid_linux.c:get_parent_attr 10 0 100.00% 9 0 100.00% +hid_linux.c:parse_uevent 36 0 100.00% 29 0 100.00% hid_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00% -hid_linux.c:get_report_descriptor 14 1 92.86% 17 3 82.35% -------------------------------------------------------------------------------------------------------------------- -TOTAL 202 73 63.86% 277 115 58.48% +hid_linux.c:get_report_descriptor 17 1 94.12% 17 3 82.35% +----------------------------------------------------------------------------------------- +TOTAL 283 96 66.08% 277 115 58.48% File '/libfido2/src/hid_unix.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_hid_unix_open 18 11 38.89% 22 14 36.36% -fido_hid_unix_wait 11 10 9.09% 21 12 42.86% -------------------------------------------------------------------------------------------------------------------- -TOTAL 29 21 27.59% 43 26 39.53% +----------------------------------------------------------------------------------------- +fido_hid_unix_open 31 20 35.48% 22 14 36.36% +fido_hid_unix_wait 15 13 13.33% 21 12 42.86% +----------------------------------------------------------------------------------------- +TOTAL 46 33 28.26% 43 26 39.53% File '/libfido2/src/info.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_dev_get_cbor_info_wait 10 0 100.00% 7 0 100.00% fido_dev_get_cbor_info 1 0 100.00% 4 0 100.00% -fido_cbor_info_new 4 0 100.00% 7 0 100.00% +fido_cbor_info_new 6 0 100.00% 7 0 100.00% fido_cbor_info_reset 1 0 100.00% 10 0 100.00% -fido_cbor_info_free 6 0 100.00% 8 0 100.00% +fido_cbor_info_free 10 0 100.00% 7 0 100.00% fido_cbor_info_versions_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_versions_len 1 0 100.00% 3 0 100.00% fido_cbor_info_extensions_ptr 1 0 100.00% 3 0 100.00% @@ -607,36 +609,36 @@ fido_cbor_info_rk_remaining 1 0 100.00% 3 fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00% fido_cbor_info_algorithm_count 1 0 100.00% 3 0 100.00% -fido_cbor_info_algorithm_type 4 0 100.00% 5 0 100.00% +fido_cbor_info_algorithm_type 5 0 100.00% 5 0 100.00% fido_cbor_info_algorithm_cose 4 0 100.00% 5 0 100.00% fido_cbor_info_new_pin_required 1 0 100.00% 3 0 100.00% fido_cbor_info_certs_name_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_certs_value_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_certs_len 1 0 100.00% 3 0 100.00% info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 9 0 100.00% -info.c:fido_dev_get_cbor_info_rx 14 0 100.00% 21 0 100.00% -info.c:parse_reply_element 32 0 100.00% 59 0 100.00% -info.c:decode_string_array 12 0 100.00% 17 0 100.00% +info.c:fido_dev_get_cbor_info_rx 15 0 100.00% 21 0 100.00% +info.c:parse_reply_element 35 0 100.00% 59 0 100.00% +info.c:decode_string_array 17 0 100.00% 17 0 100.00% info.c:decode_string 4 0 100.00% 10 0 100.00% -info.c:decode_aaguid 8 0 100.00% 10 0 100.00% -info.c:decode_options 11 0 100.00% 15 0 100.00% -info.c:decode_option 7 0 100.00% 15 0 100.00% -info.c:decode_protocols 12 0 100.00% 17 0 100.00% -info.c:decode_protocol 6 0 100.00% 12 0 100.00% -info.c:decode_algorithms 12 0 100.00% 17 0 100.00% -info.c:decode_algorithm 9 0 100.00% 17 0 100.00% -info.c:decode_algorithm_entry 20 0 100.00% 27 0 100.00% -info.c:decode_certs 11 0 100.00% 15 0 100.00% -info.c:decode_cert 7 0 100.00% 15 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 232 0 100.00% 409 0 100.00% +info.c:decode_aaguid 12 0 100.00% 10 0 100.00% +info.c:decode_options 19 0 100.00% 15 0 100.00% +info.c:decode_option 8 0 100.00% 15 0 100.00% +info.c:decode_protocols 17 0 100.00% 17 0 100.00% +info.c:decode_protocol 8 0 100.00% 12 0 100.00% +info.c:decode_algorithms 17 0 100.00% 17 0 100.00% +info.c:decode_algorithm 12 0 100.00% 17 0 100.00% +info.c:decode_algorithm_entry 25 0 100.00% 27 0 100.00% +info.c:decode_certs 19 0 100.00% 15 0 100.00% +info.c:decode_cert 8 0 100.00% 15 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 290 0 100.00% 408 0 100.00% File '/libfido2/src/io.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_tx 14 0 100.00% 11 0 100.00% -fido_rx 13 1 92.31% 14 3 78.57% -fido_rx_cbor_status 16 0 100.00% 19 0 100.00% +----------------------------------------------------------------------------------------- +fido_tx 20 0 100.00% 11 0 100.00% +fido_rx 19 1 94.74% 14 3 78.57% +fido_rx_cbor_status 17 0 100.00% 19 0 100.00% io.c:transport_tx 7 0 100.00% 10 0 100.00% io.c:tx_empty 9 0 100.00% 14 0 100.00% io.c:tx_pkt 7 0 100.00% 10 0 100.00% @@ -647,316 +649,316 @@ io.c:transport_rx 7 0 100.00% 10 io.c:rx 40 2 95.00% 52 2 96.15% io.c:rx_preamble 23 2 91.30% 22 5 77.27% io.c:rx_frame 11 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 193 7 96.37% 230 12 94.78% +----------------------------------------------------------------------------------------- +TOTAL 206 7 96.60% 230 12 94.78% File '/libfido2/src/iso7816.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -iso7816_new 4 0 100.00% 16 0 100.00% -iso7816_free 6 0 100.00% 7 0 100.00% -iso7816_add 6 1 83.33% 8 1 87.50% +----------------------------------------------------------------------------------------- +iso7816_new 6 0 100.00% 16 0 100.00% +iso7816_free 10 0 100.00% 6 0 100.00% +iso7816_add 7 1 85.71% 8 1 87.50% iso7816_ptr 1 0 100.00% 3 0 100.00% -iso7816_len 1 0 100.00% 4 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 18 1 94.44% 38 1 97.37% +iso7816_len 3 0 100.00% 3 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 27 1 96.30% 36 1 97.22% File '/libfido2/src/largeblob.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_dev_largeblob_get 26 2 92.31% 38 4 89.47% -fido_dev_largeblob_set 27 0 100.00% 36 0 100.00% +----------------------------------------------------------------------------------------- +fido_dev_largeblob_get 33 2 93.94% 38 4 89.47% +fido_dev_largeblob_set 32 0 100.00% 36 0 100.00% fido_dev_largeblob_remove 12 0 100.00% 18 0 100.00% -fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19% -fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00% -largeblob.c:largeblob_get_array 32 0 100.00% 36 0 100.00% -largeblob.c:get_chunklen 10 1 90.00% 9 1 88.89% -largeblob.c:largeblob_get_tx 19 0 100.00% 24 0 100.00% -largeblob.c:largeblob_get_rx 26 0 100.00% 30 0 100.00% -largeblob.c:parse_largeblob_reply 8 0 100.00% 9 0 100.00% +fido_dev_largeblob_get_array 20 2 90.00% 27 4 85.19% +fido_dev_largeblob_set_array 18 0 100.00% 19 0 100.00% +largeblob.c:largeblob_get_array 36 0 100.00% 36 0 100.00% +largeblob.c:get_chunklen 14 3 78.57% 9 1 88.89% +largeblob.c:largeblob_get_tx 22 0 100.00% 24 0 100.00% +largeblob.c:largeblob_get_rx 29 0 100.00% 30 0 100.00% +largeblob.c:parse_largeblob_reply 10 0 100.00% 9 0 100.00% largeblob.c:largeblob_array_check 7 0 100.00% 16 0 100.00% -largeblob.c:largeblob_array_digest 10 0 100.00% 9 0 100.00% -largeblob.c:largeblob_array_load 14 2 85.71% 19 7 63.16% -largeblob.c:largeblob_array_lookup 25 0 100.00% 33 0 100.00% +largeblob.c:largeblob_array_digest 12 0 100.00% 9 0 100.00% +largeblob.c:largeblob_array_load 18 4 77.78% 19 7 63.16% +largeblob.c:largeblob_array_lookup 32 0 100.00% 33 0 100.00% largeblob.c:largeblob_decode 16 2 87.50% 16 6 62.50% -largeblob.c:largeblob_do_decode 27 3 88.89% 30 7 76.67% -largeblob.c:largeblob_decrypt 15 0 100.00% 24 0 100.00% -largeblob.c:largeblob_aad 1 0 100.00% 10 0 100.00% +largeblob.c:largeblob_do_decode 31 3 90.32% 30 7 76.67% +largeblob.c:largeblob_decrypt 20 0 100.00% 24 0 100.00% +largeblob.c:largeblob_aad 2 0 100.00% 10 0 100.00% largeblob.c:largeblob_reset 1 0 100.00% 5 0 100.00% -largeblob.c:largeblob_encode 16 0 100.00% 21 0 100.00% +largeblob.c:largeblob_encode 24 0 100.00% 21 0 100.00% largeblob.c:largeblob_new 1 0 100.00% 3 0 100.00% -largeblob.c:largeblob_seal 20 0 100.00% 32 0 100.00% +largeblob.c:largeblob_seal 25 0 100.00% 32 0 100.00% largeblob.c:largeblob_get_nonce 8 0 100.00% 16 0 100.00% -largeblob.c:largeblob_free 6 0 100.00% 8 0 100.00% -largeblob.c:largeblob_add 27 2 92.59% 35 3 91.43% -largeblob.c:largeblob_drop 21 0 100.00% 27 0 100.00% -largeblob.c:largeblob_set_array 54 2 96.30% 61 4 93.44% -largeblob.c:largeblob_get_uv_token 19 0 100.00% 23 0 100.00% -largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00% -largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57% -------------------------------------------------------------------------------------------------------------------- -TOTAL 525 18 96.57% 693 43 93.80% +largeblob.c:largeblob_free 10 0 100.00% 7 0 100.00% +largeblob.c:largeblob_add 30 2 93.33% 35 3 91.43% +largeblob.c:largeblob_drop 24 0 100.00% 27 0 100.00% +largeblob.c:largeblob_set_array 59 2 96.61% 61 4 93.44% +largeblob.c:largeblob_get_uv_token 23 0 100.00% 23 0 100.00% +largeblob.c:largeblob_set_tx 47 0 100.00% 36 0 100.00% +largeblob.c:prepare_hmac 17 2 88.24% 23 7 69.57% +----------------------------------------------------------------------------------------- +TOTAL 633 22 96.52% 692 43 93.79% File '/libfido2/src/log.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_log_init 1 0 100.00% 4 0 100.00% -fido_log_debug 6 1 83.33% 8 1 87.50% -fido_log_xxd 16 1 93.75% 24 1 95.83% -fido_log_error 8 2 75.00% 11 2 81.82% -fido_set_log_handler 3 0 100.00% 4 0 100.00% -log.c:log_on_stderr 1 1 0.00% 3 3 0.00% -log.c:do_log 4 0 100.00% 9 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 39 5 87.18% 63 7 88.89% +fido_log_debug 10 1 90.00% 7 1 85.71% +fido_log_xxd 19 1 94.74% 24 1 95.83% +fido_log_error 11 2 81.82% 10 2 80.00% +fido_set_log_handler 4 0 100.00% 4 0 100.00% +log.c:log_on_stderr 2 2 0.00% 2 2 0.00% +log.c:do_log 5 0 100.00% 9 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 52 6 88.46% 60 6 90.00% File '/libfido2/src/netlink.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_nl_power_nfc 18 0 100.00% 24 0 100.00% +----------------------------------------------------------------------------------------- +fido_nl_power_nfc 24 0 100.00% 24 0 100.00% fido_nl_get_nfc_target 17 0 100.00% 31 0 100.00% -fido_nl_free 10 2 80.00% 9 2 77.78% -fido_nl_new 16 1 93.75% 26 3 88.46% +fido_nl_free 15 3 80.00% 8 2 75.00% +fido_nl_new 27 2 92.59% 26 3 88.46% set_netlink_io_functions 1 0 100.00% 4 0 100.00% -netlink.c:nlmsg_new 8 0 100.00% 15 0 100.00% -netlink.c:nlmsg_set_genl 1 0 100.00% 7 0 100.00% -netlink.c:nlmsg_write 6 1 83.33% 7 1 85.71% +netlink.c:nlmsg_new 19 0 100.00% 15 0 100.00% +netlink.c:nlmsg_set_genl 2 0 100.00% 7 0 100.00% +netlink.c:nlmsg_write 7 1 85.71% 7 1 85.71% netlink.c:nlmsg_set_u32 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_setattr 15 1 93.33% 17 0 100.00% -netlink.c:nlmsg_tx 10 1 90.00% 13 3 76.92% +netlink.c:nlmsg_setattr 20 1 95.00% 17 0 100.00% +netlink.c:nlmsg_tx 11 1 90.91% 13 3 76.92% netlink.c:nlmsg_ptr 1 0 100.00% 3 0 100.00% netlink.c:nlmsg_len 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_rx 11 2 81.82% 17 6 64.71% -netlink.c:nl_parse_reply 20 0 100.00% 28 0 100.00% -netlink.c:nlmsg_from_buf 15 0 100.00% 17 0 100.00% +netlink.c:nlmsg_rx 16 2 87.50% 17 6 64.71% +netlink.c:nl_parse_reply 24 0 100.00% 28 0 100.00% +netlink.c:nlmsg_from_buf 23 0 100.00% 17 0 100.00% netlink.c:nlmsg_type 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_get_status 8 0 100.00% 8 0 100.00% +netlink.c:nlmsg_get_status 9 0 100.00% 8 0 100.00% netlink.c:nlmsg_read 6 0 100.00% 7 0 100.00% netlink.c:nlmsg_get_genl 6 0 100.00% 7 0 100.00% -netlink.c:nlmsg_iter 6 0 100.00% 13 0 100.00% +netlink.c:nlmsg_iter 7 0 100.00% 13 0 100.00% netlink.c:nlmsg_getattr 1 0 100.00% 3 0 100.00% -netlink.c:nla_from_buf 17 0 100.00% 21 0 100.00% -netlink.c:nl_nfc_poll 18 0 100.00% 25 0 100.00% +netlink.c:nla_from_buf 27 0 100.00% 21 0 100.00% +netlink.c:nl_nfc_poll 25 0 100.00% 25 0 100.00% netlink.c:parse_nfc_event 10 0 100.00% 17 0 100.00% netlink.c:nla_type 1 0 100.00% 3 0 100.00% netlink.c:nla_get_u32 1 0 100.00% 3 0 100.00% netlink.c:nla_read 6 0 100.00% 7 0 100.00% -netlink.c:nl_dump_nfc_target 19 0 100.00% 31 0 100.00% +netlink.c:nl_dump_nfc_target 24 0 100.00% 31 0 100.00% netlink.c:parse_target 9 0 100.00% 13 0 100.00% -netlink.c:nl_get_nfc_family 23 0 100.00% 33 0 100.00% +netlink.c:nl_get_nfc_family 32 0 100.00% 33 0 100.00% netlink.c:nlmsg_set_u16 1 0 100.00% 3 0 100.00% netlink.c:nlmsg_set_str 1 0 100.00% 3 0 100.00% netlink.c:parse_family 10 0 100.00% 17 0 100.00% netlink.c:nla_get_u16 1 0 100.00% 3 0 100.00% -netlink.c:nla_iter 6 0 100.00% 13 0 100.00% +netlink.c:nla_iter 7 0 100.00% 13 0 100.00% netlink.c:nla_getattr 1 0 100.00% 3 0 100.00% netlink.c:parse_mcastgrps 1 0 100.00% 3 0 100.00% -netlink.c:parse_mcastgrp 15 0 100.00% 24 0 100.00% -netlink.c:nla_get_str 10 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 329 8 97.57% 498 15 96.99% +netlink.c:parse_mcastgrp 18 0 100.00% 24 0 100.00% +netlink.c:nla_get_str 14 0 100.00% 11 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 428 10 97.66% 497 15 96.98% File '/libfido2/src/nfc.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_nfc_tx 28 0 100.00% 43 0 100.00% -fido_nfc_rx 8 0 100.00% 13 0 100.00% -nfc_is_fido 13 1 92.31% 21 3 85.71% +----------------------------------------------------------------------------------------- +fido_nfc_tx 36 0 100.00% 43 0 100.00% +fido_nfc_rx 9 0 100.00% 13 0 100.00% +nfc_is_fido 17 1 94.12% 21 3 85.71% fido_is_nfc 3 0 100.00% 3 0 100.00% -fido_dev_set_nfc 4 1 75.00% 18 3 83.33% +fido_dev_set_nfc 6 1 83.33% 18 3 83.33% nfc.c:nfc_do_tx 20 0 100.00% 25 0 100.00% nfc.c:tx_short_apdu 14 0 100.00% 32 0 100.00% -nfc.c:rx_init 25 0 100.00% 27 0 100.00% -nfc.c:rx_cbor 4 0 100.00% 6 0 100.00% -nfc.c:rx_msg 18 1 94.44% 23 3 86.96% +nfc.c:rx_init 26 0 100.00% 27 0 100.00% +nfc.c:rx_cbor 5 0 100.00% 6 0 100.00% +nfc.c:rx_msg 19 1 94.74% 23 3 86.96% nfc.c:rx_apdu 14 0 100.00% 22 0 100.00% -nfc.c:tx_get_response 4 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 155 3 98.06% 244 9 96.31% +nfc.c:tx_get_response 7 0 100.00% 12 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 176 3 98.30% 245 9 96.33% File '/libfido2/src/nfc_linux.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_nfc_manifest 35 7 80.00% 45 15 66.67% -fido_nfc_open 20 2 90.00% 23 4 82.61% +----------------------------------------------------------------------------------------- +fido_nfc_manifest 48 7 85.42% 45 15 66.67% +fido_nfc_open 23 2 91.30% 22 4 81.82% fido_nfc_close 1 1 0.00% 4 4 0.00% fido_nfc_set_sigmask 2 2 0.00% 6 6 0.00% -fido_nfc_read 14 14 0.00% 30 30 0.00% -fido_nfc_write 12 12 0.00% 18 18 0.00% -nfc_linux.c:copy_info 39 22 43.59% 44 16 63.64% +fido_nfc_read 15 15 0.00% 30 30 0.00% +fido_nfc_write 14 14 0.00% 18 18 0.00% +nfc_linux.c:copy_info 57 33 42.11% 44 16 63.64% nfc_linux.c:get_usb_attr 1 1 0.00% 3 3 0.00% -nfc_linux.c:get_parent_attr 6 6 0.00% 9 9 0.00% -nfc_linux.c:sysnum_from_syspath 15 0 100.00% 17 0 100.00% -nfc_linux.c:nfc_new 6 0 100.00% 11 0 100.00% -nfc_linux.c:nfc_target_connect 9 6 33.33% 21 9 57.14% -nfc_linux.c:nfc_free 12 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 172 73 57.56% 242 114 52.89% +nfc_linux.c:get_parent_attr 10 10 0.00% 9 9 0.00% +nfc_linux.c:sysnum_from_syspath 26 0 100.00% 17 0 100.00% +nfc_linux.c:nfc_new 10 0 100.00% 11 0 100.00% +nfc_linux.c:nfc_target_connect 20 8 60.00% 21 9 57.14% +nfc_linux.c:nfc_free 18 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 245 93 62.04% 240 114 52.50% File '/libfido2/src/pcsc.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_pcsc_manifest 51 0 100.00% 55 0 100.00% -fido_pcsc_open 32 0 100.00% 43 0 100.00% +----------------------------------------------------------------------------------------- +fido_pcsc_manifest 55 0 100.00% 55 0 100.00% +fido_pcsc_open 38 0 100.00% 43 0 100.00% fido_pcsc_close 6 0 100.00% 9 0 100.00% fido_pcsc_read 8 0 100.00% 16 0 100.00% -fido_pcsc_write 8 0 100.00% 22 0 100.00% +fido_pcsc_write 10 0 100.00% 22 0 100.00% fido_pcsc_tx 1 0 100.00% 3 0 100.00% fido_pcsc_rx 1 0 100.00% 3 0 100.00% fido_is_pcsc 3 0 100.00% 3 0 100.00% -fido_dev_set_pcsc 4 1 75.00% 18 3 83.33% -pcsc.c:list_readers 24 0 100.00% 24 0 100.00% -pcsc.c:copy_info 30 0 100.00% 41 0 100.00% -pcsc.c:get_reader 25 0 100.00% 28 0 100.00% +fido_dev_set_pcsc 6 1 83.33% 18 3 83.33% +pcsc.c:list_readers 27 0 100.00% 24 0 100.00% +pcsc.c:copy_info 35 0 100.00% 41 0 100.00% +pcsc.c:get_reader 28 0 100.00% 28 0 100.00% pcsc.c:prepare_io_request 11 0 100.00% 17 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 204 1 99.51% 282 3 98.94% +----------------------------------------------------------------------------------------- +TOTAL 229 1 99.56% 282 3 98.94% File '/libfido2/src/pin.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_sha256 7 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------- +fido_sha256 10 0 100.00% 10 0 100.00% fido_dev_get_uv_token 1 0 100.00% 3 0 100.00% fido_dev_set_pin 1 0 100.00% 4 0 100.00% fido_dev_get_retry_count 1 0 100.00% 4 0 100.00% fido_dev_get_uv_retry_count 1 0 100.00% 4 0 100.00% -cbor_add_uv_params 17 0 100.00% 23 0 100.00% -pin.c:uv_token_wait 14 2 85.71% 12 1 91.67% -pin.c:ctap21_uv_token_tx 49 0 100.00% 53 0 100.00% -pin.c:pin_sha256_enc 19 0 100.00% 24 0 100.00% -pin.c:encode_uv_permission 24 1 95.83% 21 3 85.71% -pin.c:ctap20_uv_token_tx 37 0 100.00% 45 0 100.00% -pin.c:uv_token_rx 27 0 100.00% 34 0 100.00% -pin.c:parse_uv_token 8 0 100.00% 10 0 100.00% -pin.c:fido_dev_set_pin_wait 21 0 100.00% 24 0 100.00% -pin.c:fido_dev_change_pin_tx 45 0 100.00% 56 0 100.00% -pin.c:pin_pad64_enc 15 0 100.00% 21 0 100.00% -pin.c:pad64 18 0 100.00% 20 0 100.00% -pin.c:fido_dev_set_pin_tx 33 0 100.00% 41 0 100.00% +cbor_add_uv_params 22 0 100.00% 23 0 100.00% +pin.c:uv_token_wait 17 2 88.24% 12 1 91.67% +pin.c:ctap21_uv_token_tx 69 0 100.00% 53 0 100.00% +pin.c:pin_sha256_enc 23 0 100.00% 24 0 100.00% +pin.c:encode_uv_permission 25 2 92.00% 20 2 90.00% +pin.c:ctap20_uv_token_tx 49 0 100.00% 45 0 100.00% +pin.c:uv_token_rx 31 0 100.00% 34 0 100.00% +pin.c:parse_uv_token 10 0 100.00% 10 0 100.00% +pin.c:fido_dev_set_pin_wait 22 0 100.00% 24 0 100.00% +pin.c:fido_dev_change_pin_tx 63 0 100.00% 56 0 100.00% +pin.c:pin_pad64_enc 17 0 100.00% 21 0 100.00% +pin.c:pad64 20 0 100.00% 20 0 100.00% +pin.c:fido_dev_set_pin_tx 45 0 100.00% 41 0 100.00% pin.c:fido_dev_get_pin_retry_count_wait 10 0 100.00% 7 0 100.00% -pin.c:fido_dev_get_retry_count_tx 19 0 100.00% 23 0 100.00% -pin.c:fido_dev_get_pin_retry_count_rx 19 0 100.00% 24 0 100.00% +pin.c:fido_dev_get_retry_count_tx 22 0 100.00% 23 0 100.00% +pin.c:fido_dev_get_pin_retry_count_rx 20 0 100.00% 24 0 100.00% pin.c:parse_pin_retry_count 1 0 100.00% 3 0 100.00% -pin.c:parse_retry_count 13 0 100.00% 16 0 100.00% +pin.c:parse_retry_count 16 0 100.00% 16 0 100.00% pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 7 0 100.00% -pin.c:fido_dev_get_uv_retry_count_rx 19 0 100.00% 24 0 100.00% +pin.c:fido_dev_get_uv_retry_count_rx 20 0 100.00% 24 0 100.00% pin.c:parse_uv_retry_count 1 0 100.00% 3 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 430 3 99.30% 516 4 99.22% +------------------------------------------------------------------------------------------- +TOTAL 527 4 99.24% 515 3 99.42% File '/libfido2/src/random.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- fido_get_random 6 0 100.00% 6 0 100.00% ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- TOTAL 6 0 100.00% 6 0 100.00% File '/libfido2/src/reset.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- fido_dev_reset 1 0 100.00% 4 0 100.00% reset.c:fido_dev_reset_wait 15 0 100.00% 11 0 100.00% reset.c:fido_dev_reset_tx 8 0 100.00% 8 0 100.00% ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- TOTAL 24 0 100.00% 23 0 100.00% File '/libfido2/src/rs1.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -rs1_verify_sig 20 1 95.00% 29 3 89.66% +------------------------------------------------------------------------------------------- +rs1_verify_sig 30 1 96.67% 29 3 89.66% rs1.c:rs1_get_EVP_MD 1 0 100.00% 6 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 21 1 95.24% 35 3 91.43% +------------------------------------------------------------------------------------------- +TOTAL 31 1 96.77% 35 3 91.43% File '/libfido2/src/rs256.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -rs256_pk_decode 8 0 100.00% 9 0 100.00% +------------------------------------------------------------------------------------------- +rs256_pk_decode 12 0 100.00% 9 0 100.00% rs256_pk_new 1 0 100.00% 3 0 100.00% -rs256_pk_free 6 0 100.00% 7 0 100.00% -rs256_pk_from_ptr 10 0 100.00% 12 0 100.00% -rs256_pk_to_EVP_PKEY 35 0 100.00% 43 0 100.00% -rs256_pk_from_RSA 32 6 81.25% 26 9 65.38% -rs256_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00% -rs256_verify_sig 20 1 95.00% 29 2 93.10% -rs256_pk_verify_sig 7 1 85.71% 13 2 84.62% -rs256.c:decode_rsa_pubkey 9 0 100.00% 13 0 100.00% -rs256.c:decode_bignum 8 0 100.00% 10 0 100.00% +rs256_pk_free 10 0 100.00% 6 0 100.00% +rs256_pk_from_ptr 11 0 100.00% 12 0 100.00% +rs256_pk_to_EVP_PKEY 61 0 100.00% 43 0 100.00% +rs256_pk_from_RSA 40 6 85.00% 26 9 65.38% +rs256_pk_from_EVP_PKEY 14 0 100.00% 7 0 100.00% +rs256_verify_sig 30 1 96.67% 29 2 93.10% +rs256_pk_verify_sig 9 1 88.89% 13 2 84.62% +rs256.c:decode_rsa_pubkey 11 0 100.00% 13 0 100.00% +rs256.c:decode_bignum 12 0 100.00% 10 0 100.00% rs256.c:rs256_get_EVP_MD 1 0 100.00% 6 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 145 8 94.48% 178 13 92.70% +------------------------------------------------------------------------------------------- +TOTAL 212 8 96.23% 177 13 92.66% File '/libfido2/src/time.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_time_now 4 0 100.00% 7 0 100.00% -fido_time_delta 23 1 95.65% 23 0 100.00% -time.c:timespec_to_ms 16 2 87.50% 13 2 84.62% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 43 3 93.02% 43 2 95.35% +------------------------------------------------------------------------------------------- +fido_time_now 6 0 100.00% 7 0 100.00% +fido_time_delta 25 1 96.00% 23 0 100.00% +time.c:timespec_to_ms 19 2 89.47% 13 2 84.62% +------------------------------------------------------------------------------------------- +TOTAL 50 3 94.00% 43 2 95.35% File '/libfido2/src/touch.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_dev_get_touch_begin 50 0 100.00% 59 0 100.00% -fido_dev_get_touch_status 17 0 100.00% 20 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 67 0 100.00% 79 0 100.00% +------------------------------------------------------------------------------------------- +fido_dev_get_touch_begin 64 0 100.00% 59 0 100.00% +fido_dev_get_touch_status 18 0 100.00% 20 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 82 0 100.00% 79 0 100.00% File '/libfido2/src/tpm.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_get_signed_hash_tpm 25 0 100.00% 39 0 100.00% -tpm.c:check_es256_pubarea 19 0 100.00% 30 0 100.00% -tpm.c:bswap_es256_pubarea 1 0 100.00% 12 0 100.00% -tpm.c:check_rs256_pubarea 17 0 100.00% 28 0 100.00% -tpm.c:bswap_rs256_pubarea 1 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------- +fido_get_signed_hash_tpm 28 0 100.00% 39 0 100.00% +tpm.c:check_es256_pubarea 20 0 100.00% 30 0 100.00% +tpm.c:bswap_es256_pubarea 11 0 100.00% 11 0 100.00% +tpm.c:check_rs256_pubarea 18 0 100.00% 28 0 100.00% +tpm.c:bswap_rs256_pubarea 9 0 100.00% 9 0 100.00% tpm.c:check_sha1_certinfo 15 0 100.00% 38 0 100.00% -tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00% -tpm.c:get_signed_name 7 0 100.00% 10 0 100.00% -tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 103 0 100.00% 194 0 100.00% +tpm.c:get_signed_sha1 27 0 100.00% 19 0 100.00% +tpm.c:get_signed_name 9 0 100.00% 10 0 100.00% +tpm.c:bswap_sha1_certinfo 7 0 100.00% 7 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 144 0 100.00% 191 0 100.00% File '/libfido2/src/types.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_str_array_free 4 0 100.00% 7 0 100.00% -fido_opt_array_free 4 0 100.00% 9 0 100.00% -fido_byte_array_free 1 0 100.00% 5 0 100.00% -fido_algo_free 1 0 100.00% 5 0 100.00% -fido_algo_array_free 4 0 100.00% 7 0 100.00% -fido_cert_array_free 4 0 100.00% 9 0 100.00% -fido_str_array_pack 11 0 100.00% 14 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 29 0 100.00% 56 0 100.00% +------------------------------------------------------------------------------------------- +fido_str_array_free 5 0 100.00% 6 0 100.00% +fido_opt_array_free 6 0 100.00% 8 0 100.00% +fido_byte_array_free 2 0 100.00% 4 0 100.00% +fido_algo_free 2 0 100.00% 4 0 100.00% +fido_algo_array_free 5 0 100.00% 6 0 100.00% +fido_cert_array_free 6 0 100.00% 8 0 100.00% +fido_str_array_pack 13 0 100.00% 14 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 39 0 100.00% 50 0 100.00% File '/libfido2/src/u2f.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -u2f_register 76 0 100.00% 81 0 100.00% -u2f_authenticate 33 0 100.00% 37 0 100.00% -u2f_get_touch_begin 37 0 100.00% 45 0 100.00% -u2f_get_touch_status 26 0 100.00% 36 0 100.00% -u2f.c:key_lookup 51 0 100.00% 65 0 100.00% -u2f.c:send_dummy_register 37 0 100.00% 45 0 100.00% -u2f.c:delay_ms 13 1 92.31% 15 3 80.00% -u2f.c:parse_register_reply 49 0 100.00% 62 0 100.00% -u2f.c:x5c_get 21 1 95.24% 26 3 88.46% -u2f.c:sig_get 6 0 100.00% 10 0 100.00% -u2f.c:encode_cred_attstmt 45 0 100.00% 52 0 100.00% -u2f.c:encode_cred_authdata 33 2 93.94% 61 6 90.16% -u2f.c:cbor_blob_from_ec_point 22 0 100.00% 31 0 100.00% +------------------------------------------------------------------------------------------- +u2f_register 87 0 100.00% 81 0 100.00% +u2f_authenticate 34 0 100.00% 37 0 100.00% +u2f_get_touch_begin 44 0 100.00% 45 0 100.00% +u2f_get_touch_status 27 0 100.00% 36 0 100.00% +u2f.c:key_lookup 62 0 100.00% 66 0 100.00% +u2f.c:send_dummy_register 43 0 100.00% 45 0 100.00% +u2f.c:delay_ms 15 1 93.33% 15 3 80.00% +u2f.c:parse_register_reply 52 0 100.00% 62 0 100.00% +u2f.c:x5c_get 30 1 96.67% 26 3 88.46% +u2f.c:sig_get 8 0 100.00% 10 0 100.00% +u2f.c:encode_cred_attstmt 64 0 100.00% 52 0 100.00% +u2f.c:encode_cred_authdata 38 2 94.74% 61 6 90.16% +u2f.c:cbor_blob_from_ec_point 27 0 100.00% 31 0 100.00% u2f.c:u2f_authenticate_single 32 0 100.00% 43 0 100.00% -u2f.c:do_auth 56 0 100.00% 67 0 100.00% +u2f.c:do_auth 67 0 100.00% 67 0 100.00% u2f.c:parse_auth_reply 23 0 100.00% 23 0 100.00% -u2f.c:authdata_fake 12 0 100.00% 27 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 572 4 99.30% 726 12 98.35% +u2f.c:authdata_fake 16 0 100.00% 27 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 669 4 99.40% 727 12 98.35% File '/libfido2/src/util.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_to_uint64 14 1 92.86% 14 1 92.86% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 14 1 92.86% 14 1 92.86% +------------------------------------------------------------------------------------------- +fido_to_uint64 21 1 95.24% 14 1 92.86% +------------------------------------------------------------------------------------------- +TOTAL 21 1 95.24% 14 1 92.86% diff --git a/fuzz/fuzz_cred.c b/fuzz/fuzz_cred.c index f1fc928d3d93..7d3ae61e3d7e 100644 --- a/fuzz/fuzz_cred.c +++ b/fuzz/fuzz_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -248,6 +248,8 @@ make_cred(fido_cred_t *cred, uint8_t opt, int type, const struct blob *cdh, fido_cred_set_uv(cred, FIDO_OPT_TRUE); if (user_id->len) fido_cred_set_prot(cred, user_id->body[0] & 0x03); + if (excl_cred->len) + fido_cred_set_entattest(cred, excl_cred->body[0] & 0x03); /* repeat memory operations to trigger reallocation paths */ fido_cred_set_type(cred, type); @@ -279,6 +281,7 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, uint8_t flags; uint32_t sigcount; int r; + bool ea; if ((cred = fido_cred_new()) == NULL) return; @@ -348,6 +351,9 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, minpinlen = fido_cred_pin_minlen(cred); consume(&minpinlen, sizeof(minpinlen)); + ea = fido_cred_entattest(cred); + consume(&ea, sizeof(ea)); + fido_cred_free(&cred); } diff --git a/fuzz/report.tgz b/fuzz/report.tgz Binary files differindex 07b8ea920deb..7f89eb355310 100644 --- a/fuzz/report.tgz +++ b/fuzz/report.tgz diff --git a/fuzz/summary.txt b/fuzz/summary.txt index b9fe412f4cc5..82cbe58edff9 100644 --- a/fuzz/summary.txt +++ b/fuzz/summary.txt @@ -1,55 +1,55 @@ Filename Regions Missed Regions Cover Functions Missed Functions Executed Lines Missed Lines Cover ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -fuzz/clock.c 24 1 95.83% 4 0 100.00% 35 1 97.14% -fuzz/pcsc.c 59 0 100.00% 8 0 100.00% 75 12 84.00% -fuzz/prng.c 31 0 100.00% 2 0 100.00% 35 1 97.14% -fuzz/udev.c 110 2 98.18% 17 0 100.00% 126 12 90.48% +-------------------------------------------------------------------------------------------------------------------------------------------------------- +fuzz/clock.c 29 1 96.55% 4 0 100.00% 35 1 97.14% +fuzz/pcsc.c 78 0 100.00% 8 0 100.00% 75 0 100.00% +fuzz/prng.c 32 0 100.00% 2 0 100.00% 35 0 100.00% +fuzz/udev.c 152 3 98.03% 17 0 100.00% 123 4 96.75% fuzz/uniform_random.c 7 1 85.71% 1 0 100.00% 12 1 91.67% -fuzz/wrap.c 23 0 100.00% 3 0 100.00% 29 0 100.00% +fuzz/wrap.c 29 0 100.00% 3 0 100.00% 29 0 100.00% openbsd-compat/explicit_bzero.c 4 0 100.00% 1 0 100.00% 7 0 100.00% -openbsd-compat/freezero.c 4 0 100.00% 1 0 100.00% 6 0 100.00% -openbsd-compat/recallocarray.c 41 7 82.93% 1 0 100.00% 36 7 80.56% +openbsd-compat/freezero.c 5 0 100.00% 1 0 100.00% 6 0 100.00% +openbsd-compat/recallocarray.c 54 17 68.52% 1 0 100.00% 36 7 80.56% openbsd-compat/timingsafe_bcmp.c 4 0 100.00% 1 0 100.00% 7 0 100.00% -src/aes256.c 118 3 97.46% 8 0 100.00% 157 11 92.99% -src/assert.c 628 45 92.83% 63 4 93.65% 782 51 93.48% -src/authkey.c 52 0 100.00% 5 0 100.00% 66 0 100.00% -src/bio.c 458 20 95.63% 50 2 96.00% 592 24 95.95% -src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18% +src/aes256.c 150 5 96.67% 8 0 100.00% 161 17 89.44% +src/assert.c 738 45 93.90% 63 4 93.65% 779 51 93.45% +src/authkey.c 58 0 100.00% 5 0 100.00% 66 0 100.00% +src/bio.c 557 23 95.87% 50 2 96.00% 586 24 95.90% +src/blob.c 75 2 97.33% 10 0 100.00% 81 4 95.06% src/buf.c 8 0 100.00% 2 0 100.00% 16 0 100.00% -src/cbor.c 1112 14 98.74% 58 0 100.00% 1330 34 97.44% -src/compress.c 105 14 86.67% 5 0 100.00% 122 24 80.33% -src/config.c 112 0 100.00% 11 0 100.00% 154 0 100.00% -src/cred.c 691 39 94.36% 75 2 97.33% 911 46 94.95% -src/credman.c 428 10 97.66% 41 0 100.00% 562 20 96.44% -src/dev.c 344 65 81.10% 41 6 85.37% 383 80 79.11% -src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58% -src/eddsa.c 88 5 94.32% 10 0 100.00% 114 9 92.11% +src/cbor.c 1402 16 98.86% 58 0 100.00% 1328 34 97.44% +src/compress.c 140 14 90.00% 5 0 100.00% 122 24 80.33% +src/config.c 137 0 100.00% 11 0 100.00% 154 0 100.00% +src/cred.c 860 37 95.70% 77 2 97.40% 928 42 95.47% +src/credman.c 496 10 97.98% 41 0 100.00% 557 20 96.41% +src/dev.c 394 80 79.70% 41 6 85.37% 382 80 79.06% +src/ecdh.c 169 2 98.82% 4 0 100.00% 146 5 96.58% +src/eddsa.c 125 5 96.00% 10 0 100.00% 113 9 92.04% src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06% -src/es256.c 315 5 98.41% 19 0 100.00% 372 11 97.04% -src/es384.c 158 5 96.84% 11 0 100.00% 198 11 94.44% -src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93% -src/hid_linux.c 202 73 63.86% 14 7 50.00% 277 115 58.48% -src/hid_unix.c 29 21 27.59% 2 0 100.00% 43 26 39.53% -src/info.c 232 0 100.00% 51 0 100.00% 409 0 100.00% -src/io.c 193 7 96.37% 13 0 100.00% 230 12 94.78% -src/iso7816.c 18 1 94.44% 5 0 100.00% 38 1 97.37% -src/largeblob.c 525 18 96.57% 30 0 100.00% 693 43 93.80% -src/log.c 39 5 87.18% 7 1 85.71% 63 7 88.89% -src/netlink.c 329 8 97.57% 40 0 100.00% 498 15 96.99% -src/nfc.c 155 3 98.06% 12 0 100.00% 244 9 96.31% -src/nfc_linux.c 172 73 57.56% 13 6 53.85% 242 114 52.89% -src/pcsc.c 204 1 99.51% 13 0 100.00% 282 3 98.94% -src/pin.c 430 3 99.30% 26 0 100.00% 516 4 99.22% +src/es256.c 478 4 99.16% 19 0 100.00% 370 8 97.84% +src/es384.c 236 5 97.88% 11 0 100.00% 197 11 94.42% +src/hid.c 106 2 98.11% 14 0 100.00% 144 3 97.92% +src/hid_linux.c 283 96 66.08% 14 7 50.00% 277 115 58.48% +src/hid_unix.c 46 33 28.26% 2 0 100.00% 43 26 39.53% +src/info.c 290 0 100.00% 51 0 100.00% 408 0 100.00% +src/io.c 206 7 96.60% 13 0 100.00% 230 12 94.78% +src/iso7816.c 27 1 96.30% 5 0 100.00% 36 1 97.22% +src/largeblob.c 633 22 96.52% 30 0 100.00% 692 43 93.79% +src/log.c 52 6 88.46% 7 1 85.71% 60 6 90.00% +src/netlink.c 428 10 97.66% 40 0 100.00% 497 15 96.98% +src/nfc.c 176 3 98.30% 12 0 100.00% 245 9 96.33% +src/nfc_linux.c 245 93 62.04% 13 6 53.85% 240 114 52.50% +src/pcsc.c 229 1 99.56% 13 0 100.00% 282 3 98.94% +src/pin.c 527 4 99.24% 26 0 100.00% 515 3 99.42% src/random.c 6 0 100.00% 1 0 100.00% 6 0 100.00% src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00% -src/rs1.c 21 1 95.24% 2 0 100.00% 35 3 91.43% -src/rs256.c 145 8 94.48% 12 0 100.00% 178 13 92.70% -src/time.c 43 3 93.02% 3 0 100.00% 43 2 95.35% -src/touch.c 67 0 100.00% 2 0 100.00% 79 0 100.00% -src/tpm.c 103 0 100.00% 9 0 100.00% 194 0 100.00% -src/types.c 29 0 100.00% 7 0 100.00% 56 0 100.00% -src/u2f.c 572 4 99.30% 17 0 100.00% 726 12 98.35% -src/util.c 14 1 92.86% 1 0 100.00% 14 1 92.86% +src/rs1.c 31 1 96.77% 2 0 100.00% 35 3 91.43% +src/rs256.c 212 8 96.23% 12 0 100.00% 177 13 92.66% +src/time.c 50 3 94.00% 3 0 100.00% 43 2 95.35% +src/touch.c 82 0 100.00% 2 0 100.00% 79 0 100.00% +src/tpm.c 144 0 100.00% 9 0 100.00% 191 0 100.00% +src/types.c 39 0 100.00% 7 0 100.00% 50 0 100.00% +src/u2f.c 669 4 99.40% 17 0 100.00% 727 12 98.35% +src/util.c 21 1 95.24% 1 0 100.00% 14 1 92.86% Files which contain no functions: fuzz/mutator_aux.h 0 0 - 0 0 - 0 0 - @@ -60,5 +60,5 @@ src/fallthrough.h 0 0 - src/fido.h 0 0 - 0 0 - 0 0 - src/fido/err.h 0 0 - 0 0 - 0 0 - src/fido/param.h 0 0 - 0 0 - 0 0 - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -TOTAL 8855 482 94.56% 750 28 96.27% 11516 757 93.43% +-------------------------------------------------------------------------------------------------------------------------------------------------------- +TOTAL 11065 575 94.80% 752 28 96.28% 11491 733 93.62% diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt index e83a9d713f90..f77c3891f875 100644 --- a/man/CMakeLists.txt +++ b/man/CMakeLists.txt @@ -165,6 +165,7 @@ list(APPEND MAN_ALIAS fido_cred_new fido_cred_clientdata_hash_len fido_cred_new fido_cred_clientdata_hash_ptr fido_cred_new fido_cred_display_name + fido_cred_new fido_cred_entattest fido_cred_new fido_cred_flags fido_cred_new fido_cred_fmt fido_cred_new fido_cred_free @@ -216,6 +217,7 @@ list(APPEND MAN_ALIAS fido_cred_set_authdata fido_cred_set_blob fido_cred_set_authdata fido_cred_set_clientdata fido_cred_set_authdata fido_cred_set_clientdata_hash + fido_cred_set_authdata fido_cred_set_entattest fido_cred_set_authdata fido_cred_set_extensions fido_cred_set_authdata fido_cred_set_fmt fido_cred_set_authdata fido_cred_set_id diff --git a/man/check.sh b/man/check.sh index d969a7afb666..cf978473290e 100755 --- a/man/check.sh +++ b/man/check.sh @@ -10,6 +10,7 @@ find . -maxdepth 1 -type f -name '*.3' -print0 > "$T/files" xargs -0 awk '/^.Sh NAME/,/^.Nd/' < "$T/files" | \ awk '/^.Nm/ { print $2 }' | sort -u > "$T/Nm" +# shellcheck disable=SC2016 xargs -0 awk '/^.Fn/ { print $2 }' < "$T/files" | sort -u > "$T/Fn" (cd "$T" && diff -u Nm Fn) diff --git a/man/fido2-assert.1 b/man/fido2-assert.1 index 882b7ab1feaa..9201acfc473e 100644 --- a/man/fido2-assert.1 +++ b/man/fido2-assert.1 @@ -89,6 +89,8 @@ where may be .Em es256 (denoting ECDSA over NIST P-256 with SHA-256), +.Em es384 +(denoting ECDSA over NIST P-384 with SHA-384), .Em rs256 (denoting 2048-bit RSA with PKCS#1.5 padding and SHA-256), or .Em eddsa @@ -224,7 +226,7 @@ client data hash (base64 blob); .It relying party id (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It assertion signature (base64 blob); .El @@ -248,7 +250,7 @@ client data hash (base64 blob); .It relying party id (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It assertion signature (base64 blob); .It diff --git a/man/fido2-cred.1 b/man/fido2-cred.1 index 3f181db6d135..a7fc00ae9702 100644 --- a/man/fido2-cred.1 +++ b/man/fido2-cred.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2023 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -35,6 +35,7 @@ .Nm .Fl M .Op Fl bdhqruvw +.Op Fl a Ar mode .Op Fl c Ar cred_protect .Op Fl i Ar input_file .Op Fl o Ar output_file @@ -56,6 +57,8 @@ A credential may be .Em es256 (denoting ECDSA over NIST P-256 with SHA-256), +.Em es384 +(denoting ECDSA over NIST P-384 with SHA-384), .Em rs256 (denoting 2048-bit RSA with PKCS#1.5 padding and SHA-256), or .Em eddsa @@ -118,6 +121,11 @@ to verify a credential. Request the credential's .Dq largeBlobKey , a 32-byte symmetric key associated with the generated credential. +.It Fl a Ar mode +When making a credential, request enterprise attestation. +Please refer to +.In fido/param.h +for the set of possible values. .It Fl c Ar cred_protect If making a credential, set the credential's protection level to .Ar cred_protect , @@ -218,7 +226,7 @@ relying party id (UTF-8 string); .It credential format (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It credential id (base64 blob); .It @@ -248,7 +256,7 @@ relying party id (UTF-8 string); .It credential format (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It credential id (base64 blob); .It diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3 index 32ce76840d6a..79eb06a56b3b 100644 --- a/man/fido_cred_new.3 +++ b/man/fido_cred_new.3 @@ -63,6 +63,7 @@ .Nm fido_cred_x5c_list_len , .Nm fido_cred_x5c_len , .Nm fido_cred_attstmt_len , +.Nm fido_cred_entattest , .Nm fido_cred_type , .Nm fido_cred_flags , .Nm fido_cred_sigcount @@ -137,6 +138,8 @@ .Fn fido_cred_x5c_len "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_attstmt_len "const fido_cred_t *cred" +.Ft bool +.Fn fido_cred_entattest "const fido_cred_t *cred" .Ft int .Fn fido_cred_type "const fido_cred_t *cred" .Ft uint8_t @@ -309,6 +312,13 @@ The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO2 server for verification. .Pp The +.Fn fido_cred_entattest +function returns +.Dv true +if an enterprise attestation was returned for +.Fa cred . +.Pp +The .Fn fido_cred_type function returns the COSE algorithm of .Fa cred . diff --git a/man/fido_cred_set_authdata.3 b/man/fido_cred_set_authdata.3 index ba3507fdffd2..a5898774ee11 100644 --- a/man/fido_cred_set_authdata.3 +++ b/man/fido_cred_set_authdata.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -40,6 +40,7 @@ .Nm fido_cred_set_clientdata_hash , .Nm fido_cred_set_rp , .Nm fido_cred_set_user , +.Nm fido_cred_set_entattest , .Nm fido_cred_set_extensions , .Nm fido_cred_set_blob , .Nm fido_cred_set_pin_minlen , @@ -81,6 +82,8 @@ typedef enum { .Ft int .Fn fido_cred_set_user "fido_cred_t *cred" "const unsigned char *user_id" "size_t user_id_len" "const char *name" "const char *display_name" "const char *icon" .Ft int +.Fn fido_cred_set_entattest "fido_cred_t *cred" "int ea" +.Ft int .Fn fido_cred_set_extensions "fido_cred_t *cred" "int flags" .Ft int .Fn fido_cred_set_blob "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" @@ -243,6 +246,21 @@ and parameters may be NULL. .Pp The +.Fn fido_cred_set_entattest +function sets the enterprise attestation mode of +.Fa cred +to +.Fa ea . +At the moment, only the +.Dv FIDO_ENTATTEST_VENDOR +and +.Dv FIDO_ENTATTEST_PLATFORM +modes are supported. +By default, or if +.Fa ea +is zero, no enterprise attestation is requested. +.Pp +The .Fn fido_cred_set_extensions function sets the extensions of .Fa cred diff --git a/regress/CMakeLists.txt b/regress/CMakeLists.txt index 246bffa175c4..25b52c5431bd 100644 --- a/regress/CMakeLists.txt +++ b/regress/CMakeLists.txt @@ -1,22 +1,24 @@ -# Copyright (c) 2018-2022 Yubico AB. All rights reserved. +# Copyright (c) 2018-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause add_custom_target(regress) -macro(add_regress_test NAME SOURCES LIB) - add_executable(${NAME} ${SOURCES}) +function(add_regress_test NAME) + set(MULTIVAL_KEYWORDS "SOURCES" "LIBS") + cmake_parse_arguments(PARSE_ARGV 1 arg "" "" "${MULTIVAL_KEYWORDS}") + add_executable(${NAME} ${arg_SOURCES}) add_test(${NAME} ${NAME}) add_dependencies(regress ${NAME}) - target_link_libraries(${NAME} ${LIB}) -endmacro() + target_link_libraries(${NAME} ${arg_LIBS}) +endfunction() if(MSVC AND BUILD_SHARED_LIBS) add_custom_command(TARGET regress POST_BUILD COMMAND "${CMAKE_COMMAND}" -E copy "${CBOR_BIN_DIRS}/${CBOR_LIBRARIES}.dll" - "${CRYPTO_BIN_DIRS}/${CRYPTO_LIBRARIES}.dll" + "${CRYPTO_BIN_DIRS}/${CRYPTO_DLL}.dll" "${ZLIB_BIN_DIRS}/${ZLIB_LIBRARIES}.dll" "$<TARGET_FILE:${_FIDO2_LIBRARY}>" "${CMAKE_CURRENT_BINARY_DIR}") @@ -40,18 +42,19 @@ else() WORKING_DIRECTORY ${PROJECT_BINARY_DIR}) endif() -add_regress_test(regress_assert assert.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_cred cred.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_dev dev.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_eddsa eddsa.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_es256 es256.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_es384 es384.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_rs256 rs256.c ${_FIDO2_LIBRARY}) +add_regress_test(regress_assert SOURCES assert.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_cred SOURCES cred.c mock.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_dev SOURCES dev.c mock.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_eddsa SOURCES eddsa.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_es256 SOURCES es256.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_es384 SOURCES es384.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_rs256 SOURCES rs256.c LIBS ${_FIDO2_LIBRARY}) if(BUILD_STATIC_LIBS) - add_regress_test(regress_compress compress.c fido2) + add_regress_test(regress_compress SOURCES compress.c LIBS fido2) endif() if(MINGW) # needed for nanosleep() in mingw target_link_libraries(regress_dev winpthread) + target_link_libraries(regress_cred winpthread) endif() diff --git a/regress/cred.c b/regress/cred.c index 00c555efbfe1..a9be954d3d51 100644 --- a/regress/cred.c +++ b/regress/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2021 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -15,8 +15,292 @@ #define _FIDO_INTERNAL #include <fido.h> - -static int fake_dev_handle; +#include "extern.h" +#include "../fuzz/wiredata_fido2.h" + +#define REGRESS_WIREDATA_MAKECRED \ + 0x00, 0x22, 0x00, 0x02, 0x90, 0x04, 0x13, 0x00, \ + 0xa3, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \ + 0x64, 0x02, 0x58, 0xc4, 0x49, 0x96, 0x0d, 0xe5, \ + 0x88, 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, \ + 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, \ + 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, \ + 0x83, 0x1d, 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, \ + 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \ + 0x00, 0x22, 0x00, 0x02, 0x00, 0x15, 0x80, 0x06, \ + 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \ + 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, 0x38, \ + 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, 0x95, \ + 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, 0xbb, \ + 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, 0x20, \ + 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, 0xd6, \ + 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, 0x35, \ + 0x00, 0x22, 0x00, 0x02, 0x01, 0x29, 0xf5, 0x09, \ + 0x76, 0x91, 0x20, 0x94, 0x42, 0xc4, 0x52, 0x8b, \ + 0x18, 0xca, 0xe1, 0x3d, 0x12, 0xa5, 0x01, 0x02, \ + 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf8, \ + 0x28, 0x2e, 0x88, 0x10, 0xfe, 0xa4, 0xda, 0x50, \ + 0x6c, 0xef, 0x2d, 0x48, 0x0d, 0xba, 0x71, 0xaf, \ + 0xb8, 0x76, 0x78, 0xb8, 0xc3, 0x32, 0x80, 0x0d, \ + 0x8c, 0x1f, 0xba, 0xb4, 0xbf, 0xa0, 0xa1, 0x22, \ + 0x00, 0x22, 0x00, 0x02, 0x02, 0x58, 0x20, 0xc3, \ + 0x88, 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, 0x21, \ + 0xf3, 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, 0x6b, \ + 0x30, 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, 0xc7, \ + 0xe8, 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d, 0x03, \ + 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \ + 0x69, 0x67, 0x58, 0x47, 0x30, 0x45, 0x02, 0x21, \ + 0x00, 0x89, 0xec, 0x44, 0xbc, 0xa9, 0x4a, 0x8d, \ + 0x00, 0x22, 0x00, 0x02, 0x03, 0xf8, 0x38, 0xa1, \ + 0x86, 0x39, 0x8f, 0xbd, 0xca, 0x4f, 0x0c, 0xe4, \ + 0x60, 0xa1, 0x62, 0xb7, 0x93, 0x9a, 0x42, 0x8a, \ + 0xcc, 0x74, 0x6c, 0x9e, 0x6e, 0xc2, 0x02, 0x20, \ + 0x64, 0x04, 0x4a, 0xfb, 0x7c, 0xcf, 0x94, 0x12, \ + 0xef, 0x17, 0xc5, 0x4f, 0x48, 0xb6, 0xbc, 0x72, \ + 0xc8, 0x39, 0x6d, 0x64, 0xb6, 0x23, 0xe3, 0xc8, \ + 0xcb, 0x62, 0xd8, 0x6b, 0x90, 0x32, 0xc7, 0x99, \ + 0x00, 0x22, 0x00, 0x02, 0x04, 0x63, 0x78, 0x35, \ + 0x63, 0x81, 0x59, 0x02, 0xe6, 0x30, 0x82, 0x02, \ + 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, \ + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x1d, \ + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, 0x63, \ + 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, 0x65, \ + 0x00, 0x22, 0x00, 0x02, 0x05, 0x73, 0x74, 0x20, \ + 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, \ + 0x30, 0x35, 0x31, 0x35, 0x31, 0x32, 0x35, 0x38, \ + 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x30, \ + 0x36, 0x31, 0x34, 0x31, 0x32, 0x35, 0x38, 0x35, \ + 0x34, 0x5a, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, \ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x59, \ + 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, 0x32, \ + 0x00, 0x22, 0x00, 0x02, 0x06, 0x46, 0x20, 0x54, \ + 0x65, 0x73, 0x74, 0x20, 0x45, 0x45, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, \ + 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0xdb, 0x0a, 0xdb, 0xf5, 0x21, 0xc7, 0x5c, \ + 0xce, 0x63, 0xdc, 0xa6, 0xe1, 0xe8, 0x25, 0x06, \ + 0x0d, 0x94, 0xe6, 0x27, 0x54, 0x19, 0x4f, 0x9d, \ + 0x00, 0x22, 0x00, 0x02, 0x07, 0x24, 0xaf, 0x26, \ + 0x1a, 0xbe, 0xad, 0x99, 0x44, 0x1f, 0x95, 0xa3, \ + 0x71, 0x91, 0x0a, 0x3a, 0x20, 0xe7, 0x3e, 0x91, \ + 0x5e, 0x13, 0xe8, 0xbe, 0x38, 0x05, 0x7a, 0xd5, \ + 0x7a, 0xa3, 0x7e, 0x76, 0x90, 0x8f, 0xaf, 0xe2, \ + 0x8a, 0x94, 0xb6, 0x30, 0xeb, 0x9d, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, \ + 0x00, 0x22, 0x00, 0x02, 0x08, 0x01, 0x00, 0x95, \ + 0x40, 0x6b, 0x50, 0x61, 0x7d, 0xad, 0x84, 0xa3, \ + 0xb4, 0xeb, 0x88, 0x0f, 0xe3, 0x30, 0x0f, 0x2d, \ + 0xa2, 0x0a, 0x00, 0xd9, 0x25, 0x04, 0xee, 0x72, \ + 0xfa, 0x67, 0xdf, 0x58, 0x51, 0x0f, 0x0b, 0x47, \ + 0x02, 0x9c, 0x3e, 0x41, 0x29, 0x4a, 0x93, 0xac, \ + 0x29, 0x85, 0x89, 0x2d, 0xa4, 0x7a, 0x81, 0x32, \ + 0x28, 0x57, 0x71, 0x01, 0xef, 0xa8, 0x42, 0x88, \ + 0x00, 0x22, 0x00, 0x02, 0x09, 0x16, 0x96, 0x37, \ + 0x91, 0xd5, 0xdf, 0xe0, 0x8f, 0xc9, 0x3c, 0x8d, \ + 0xb0, 0xcd, 0x89, 0x70, 0x82, 0xec, 0x79, 0xd3, \ + 0xc6, 0x78, 0x73, 0x29, 0x32, 0xe5, 0xab, 0x6c, \ + 0xbd, 0x56, 0x9f, 0xd5, 0x45, 0x91, 0xce, 0xc1, \ + 0xdd, 0x8d, 0x64, 0xdc, 0xe9, 0x9c, 0x1f, 0x5e, \ + 0x3c, 0xd2, 0xaf, 0x51, 0xa5, 0x82, 0x18, 0xaf, \ + 0xe0, 0x37, 0xe7, 0x32, 0x9e, 0x76, 0x05, 0x77, \ + 0x00, 0x22, 0x00, 0x02, 0x0a, 0x02, 0x7b, 0xe6, \ + 0x24, 0xa0, 0x31, 0x56, 0x1b, 0xfd, 0x19, 0xc5, \ + 0x71, 0xd3, 0xf0, 0x9e, 0xc0, 0x73, 0x05, 0x4e, \ + 0xbc, 0x85, 0xb8, 0x53, 0x9e, 0xef, 0xc5, 0xbc, \ + 0x9c, 0x56, 0xa3, 0xba, 0xd9, 0x27, 0x6a, 0xbb, \ + 0xa9, 0x7a, 0x40, 0xd7, 0x47, 0x8b, 0x55, 0x72, \ + 0x6b, 0xe3, 0xfe, 0x28, 0x49, 0x71, 0x24, 0xf4, \ + 0x8f, 0xf4, 0x20, 0x81, 0xea, 0x38, 0xff, 0x7c, \ + 0x00, 0x22, 0x00, 0x02, 0x0b, 0x0a, 0x4f, 0xdf, \ + 0x02, 0x82, 0x39, 0x81, 0x82, 0x3b, 0xca, 0x09, \ + 0xdd, 0xca, 0xaa, 0x0f, 0x27, 0xf5, 0xa4, 0x83, \ + 0x55, 0x6c, 0x9a, 0x39, 0x9b, 0x15, 0x3a, 0x16, \ + 0x63, 0xdc, 0x5b, 0xf9, 0xac, 0x5b, 0xbc, 0xf7, \ + 0x9f, 0xbe, 0x0f, 0x8a, 0xa2, 0x3c, 0x31, 0x13, \ + 0xa3, 0x32, 0x48, 0xca, 0x58, 0x87, 0xf8, 0x7b, \ + 0xa0, 0xa1, 0x0a, 0x6a, 0x60, 0x96, 0x93, 0x5f, \ + 0x00, 0x22, 0x00, 0x02, 0x0c, 0x5d, 0x26, 0x9e, \ + 0x63, 0x1d, 0x09, 0xae, 0x9a, 0x41, 0xe5, 0xbd, \ + 0x08, 0x47, 0xfe, 0xe5, 0x09, 0x9b, 0x20, 0xfd, \ + 0x12, 0xe2, 0xe6, 0x40, 0x7f, 0xba, 0x4a, 0x61, \ + 0x33, 0x66, 0x0d, 0x0e, 0x73, 0xdb, 0xb0, 0xd5, \ + 0xa2, 0x9a, 0x9a, 0x17, 0x0d, 0x34, 0x30, 0x85, \ + 0x6a, 0x42, 0x46, 0x9e, 0xff, 0x34, 0x8f, 0x5f, \ + 0x87, 0x6c, 0x35, 0xe7, 0xa8, 0x4d, 0x35, 0xeb, \ + 0x00, 0x22, 0x00, 0x02, 0x0d, 0xc1, 0x41, 0xaa, \ + 0x8a, 0xd2, 0xda, 0x19, 0xaa, 0x79, 0xa2, 0x5f, \ + 0x35, 0x2c, 0xa0, 0xfd, 0x25, 0xd3, 0xf7, 0x9d, \ + 0x25, 0x18, 0x2d, 0xfa, 0xb4, 0xbc, 0xbb, 0x07, \ + 0x34, 0x3c, 0x8d, 0x81, 0xbd, 0xf4, 0xe9, 0x37, \ + 0xdb, 0x39, 0xe9, 0xd1, 0x45, 0x5b, 0x20, 0x41, \ + 0x2f, 0x2d, 0x27, 0x22, 0xdc, 0x92, 0x74, 0x8a, \ + 0x92, 0xd5, 0x83, 0xfd, 0x09, 0xfb, 0x13, 0x9b, \ + 0x00, 0x22, 0x00, 0x02, 0x0e, 0xe3, 0x39, 0x7a, \ + 0x6b, 0x5c, 0xfa, 0xe6, 0x76, 0x9e, 0xe0, 0xe4, \ + 0xe3, 0xef, 0xad, 0xbc, 0xfd, 0x42, 0x45, 0x9a, \ + 0xd4, 0x94, 0xd1, 0x7e, 0x8d, 0xa7, 0xd8, 0x05, \ + 0xd5, 0xd3, 0x62, 0xcf, 0x15, 0xcf, 0x94, 0x7d, \ + 0x1f, 0x5b, 0x58, 0x20, 0x44, 0x20, 0x90, 0x71, \ + 0xbe, 0x66, 0xe9, 0x9a, 0xab, 0x74, 0x32, 0x70, \ + 0x53, 0x1d, 0x69, 0xed, 0x87, 0x66, 0xf4, 0x09, \ + 0x00, 0x22, 0x00, 0x02, 0x0f, 0x4f, 0xca, 0x25, \ + 0x30, 0xc2, 0x63, 0x79, 0x00, 0x3c, 0xb1, 0x9b, \ + 0x39, 0x3f, 0x00, 0xe0, 0xa8, 0x88, 0xef, 0x7a, \ + 0x51, 0x5b, 0xe7, 0xbd, 0x49, 0x64, 0xda, 0x41, \ + 0x7b, 0x24, 0xc3, 0x71, 0x22, 0xfd, 0xd1, 0xd1, \ + 0x20, 0xb3, 0x3f, 0x97, 0xd3, 0x97, 0xb2, 0xaa, \ + 0x18, 0x1c, 0x9e, 0x03, 0x77, 0x7b, 0x5b, 0x7e, \ + 0xf9, 0xa3, 0xa0, 0xd6, 0x20, 0x81, 0x2c, 0x38, \ + 0x00, 0x22, 0x00, 0x02, 0x10, 0x8f, 0x9d, 0x25, \ + 0xde, 0xe9, 0xc8, 0xf5, 0xdd, 0x6a, 0x47, 0x9c, \ + 0x65, 0x04, 0x5a, 0x56, 0xe6, 0xc2, 0xeb, 0xf2, \ + 0x02, 0x97, 0xe1, 0xb9, 0xd8, 0xe1, 0x24, 0x76, \ + 0x9f, 0x23, 0x62, 0x39, 0x03, 0x4b, 0xc8, 0xf7, \ + 0x34, 0x07, 0x49, 0xd6, 0xe7, 0x4d, 0x9a, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + +#define REGRESS_WIREDATA_MAKECRED_ENTATTEST \ + 0x00, 0x22, 0x00, 0x02, 0x90, 0x03, 0xcd, 0x00, \ + 0xa4, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \ + 0x64, 0x02, 0x58, 0xc4, 0x92, 0x36, 0x01, 0x1e, \ + 0x1f, 0xd0, 0x97, 0x79, 0xef, 0xba, 0x2f, 0x03, \ + 0xa6, 0xa0, 0x74, 0x65, 0xc2, 0x1c, 0x8d, 0x11, \ + 0x8e, 0x40, 0x5e, 0x87, 0xfd, 0xe4, 0x43, 0xf2, \ + 0x78, 0x18, 0xa4, 0xa7, 0x41, 0x00, 0x00, 0x00, \ + 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \ + 0x00, 0x22, 0x00, 0x02, 0x00, 0x15, 0x80, 0x06, \ + 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \ + 0xdf, 0x57, 0x2d, 0x2d, 0x1f, 0x2f, 0x0a, 0x70, \ + 0x12, 0xe3, 0x69, 0x3e, 0x98, 0x96, 0xdb, 0xbb, \ + 0x5a, 0x80, 0xdc, 0x5e, 0x98, 0x58, 0x3b, 0x4e, \ + 0x23, 0xb8, 0x07, 0xc6, 0x84, 0x64, 0x2d, 0x39, \ + 0xf1, 0x76, 0x8b, 0x80, 0xcb, 0xb8, 0x09, 0x1d, \ + 0x0b, 0xcb, 0xad, 0x7f, 0x18, 0xce, 0x3b, 0xc9, \ + 0x00, 0x22, 0x00, 0x02, 0x01, 0x1c, 0x3f, 0xda, \ + 0x9e, 0x03, 0x5f, 0xce, 0xee, 0x7c, 0xcd, 0x65, \ + 0x77, 0xff, 0x0a, 0xd3, 0x08, 0xa5, 0x01, 0x02, \ + 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xa2, \ + 0xdb, 0x38, 0xba, 0x4b, 0x61, 0x81, 0x05, 0x97, \ + 0xf2, 0xdf, 0x48, 0xfd, 0x4d, 0xf5, 0x3f, 0x07, \ + 0x86, 0x44, 0x8e, 0xdb, 0x07, 0x69, 0x12, 0x42, \ + 0xac, 0x81, 0x2a, 0x2c, 0x46, 0xcf, 0xea, 0x22, \ + 0x00, 0x22, 0x00, 0x02, 0x02, 0x58, 0x20, 0xef, \ + 0x31, 0x8d, 0xc9, 0x7e, 0xda, 0xfd, 0x5b, 0x7d, \ + 0x68, 0xe0, 0x41, 0x40, 0xb2, 0x27, 0xdd, 0x8e, \ + 0x6d, 0x6b, 0xc4, 0x51, 0xe5, 0x36, 0xb6, 0x99, \ + 0xda, 0x71, 0xdb, 0x5d, 0xed, 0x0d, 0x51, 0x03, \ + 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \ + 0x69, 0x67, 0x58, 0x47, 0x30, 0x45, 0x02, 0x20, \ + 0x17, 0x04, 0x53, 0x07, 0xcd, 0x3d, 0x45, 0xc9, \ + 0x00, 0x22, 0x00, 0x02, 0x03, 0x98, 0x50, 0x38, \ + 0xa5, 0x30, 0x9e, 0x53, 0xd9, 0xe1, 0xfe, 0xd0, \ + 0xde, 0xca, 0xbd, 0x38, 0x99, 0x0b, 0xec, 0x9e, \ + 0xe6, 0xb8, 0xd3, 0x35, 0x82, 0x02, 0x21, 0x00, \ + 0xb3, 0x3a, 0xf7, 0xb9, 0x30, 0x4e, 0x7a, 0xc4, \ + 0x7f, 0xa7, 0xdc, 0x85, 0x2f, 0x4e, 0x26, 0x06, \ + 0xb0, 0xd4, 0xa7, 0x3a, 0x1a, 0x48, 0xf8, 0x11, \ + 0x5f, 0x9b, 0x5f, 0xd3, 0x5e, 0xf4, 0x1b, 0xce, \ + 0x00, 0x22, 0x00, 0x02, 0x04, 0x63, 0x78, 0x35, \ + 0x63, 0x81, 0x59, 0x02, 0x9e, 0x30, 0x82, 0x02, \ + 0x9a, 0x30, 0x82, 0x02, 0x40, 0xa0, 0x03, 0x02, \ + 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, \ + 0x02, 0x30, 0x81, 0xb0, 0x31, 0x2f, 0x30, 0x2d, \ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x46, \ + 0x49, 0x44, 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, \ + 0x00, 0x22, 0x00, 0x02, 0x05, 0x65, 0x72, 0x70, \ + 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, 0x74, 0x74, \ + 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, \ + 0x20, 0x54, 0x45, 0x53, 0x54, 0x20, 0x52, 0x4f, \ + 0x4f, 0x54, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, \ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, \ + 0x01, 0x16, 0x16, 0x74, 0x6f, 0x6f, 0x6c, 0x73, \ + 0x40, 0x66, 0x69, 0x64, 0x6f, 0x61, 0x6c, 0x6c, \ + 0x00, 0x22, 0x00, 0x02, 0x06, 0x69, 0x61, 0x6e, \ + 0x63, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x16, \ + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, \ + 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, 0x6c, \ + 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, 0x0c, \ + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, \ + 0x03, 0x43, 0x57, 0x47, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, \ + 0x00, 0x22, 0x00, 0x02, 0x07, 0x53, 0x31, 0x0b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, \ + 0x02, 0x43, 0x41, 0x31, 0x16, 0x30, 0x14, 0x06, \ + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, \ + 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, \ + 0x69, 0x65, 0x77, 0x30, 0x1e, 0x17, 0x0d, 0x32, \ + 0x31, 0x30, 0x35, 0x31, 0x33, 0x31, 0x33, 0x31, \ + 0x39, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x32, 0x36, \ + 0x00, 0x22, 0x00, 0x02, 0x08, 0x31, 0x31, 0x30, \ + 0x33, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, \ + 0x30, 0x81, 0xcd, 0x31, 0x3a, 0x30, 0x38, 0x06, \ + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x31, 0x46, 0x49, \ + 0x44, 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, 0x65, \ + 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, \ + 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, \ + 0x6f, 0x6e, 0x20, 0x42, 0x41, 0x54, 0x43, 0x48, \ + 0x00, 0x22, 0x00, 0x02, 0x09, 0x20, 0x4b, 0x45, \ + 0x59, 0x20, 0x70, 0x72, 0x69, 0x6d, 0x65, 0x32, \ + 0x35, 0x36, 0x76, 0x31, 0x31, 0x25, 0x30, 0x23, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x09, 0x01, 0x16, 0x16, 0x74, 0x6f, 0x6f, \ + 0x6c, 0x73, 0x40, 0x66, 0x69, 0x64, 0x6f, 0x61, \ + 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x2e, \ + 0x6f, 0x72, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, \ + 0x00, 0x22, 0x00, 0x02, 0x0a, 0x03, 0x55, 0x04, \ + 0x0a, 0x0c, 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, \ + 0x41, 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, \ + 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, \ + 0x0b, 0x0c, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65, \ + 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72, \ + 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, \ + 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x0b, 0x30, 0x09, \ + 0x00, 0x22, 0x00, 0x02, 0x0b, 0x06, 0x03, 0x55, \ + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, \ + 0x02, 0x4d, 0x59, 0x31, 0x12, 0x30, 0x10, 0x06, \ + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x57, 0x61, \ + 0x6b, 0x65, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x30, \ + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, \ + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, \ + 0x00, 0x22, 0x00, 0x02, 0x0c, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xad, \ + 0x51, 0xdc, 0x74, 0x2c, 0x37, 0x7f, 0x78, 0x38, \ + 0x2d, 0x2a, 0x3f, 0x40, 0xe9, 0xe3, 0xae, 0xb5, \ + 0x9e, 0x45, 0x93, 0xf2, 0x82, 0xc6, 0xc4, 0x82, \ + 0xfb, 0xd6, 0xd7, 0x1b, 0xda, 0x7c, 0xec, 0x0c, \ + 0x5c, 0x8e, 0x8a, 0xd3, 0xdd, 0x0a, 0xf5, 0x56, \ + 0x43, 0xf0, 0xfc, 0x0b, 0x0d, 0xd7, 0xe9, 0x0a, \ + 0x00, 0x22, 0x00, 0x02, 0x0d, 0xeb, 0x0e, 0xbc, \ + 0x4f, 0x12, 0x27, 0xd7, 0xbc, 0xb0, 0xa9, 0x15, \ + 0x1f, 0x49, 0x6e, 0x10, 0xa3, 0x2c, 0x30, 0x2a, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0xd3, \ + 0xe9, 0x9a, 0xaf, 0x89, 0x9a, 0xb7, 0x10, 0x61, \ + 0xa3, 0xae, 0x74, 0x7f, 0x3a, 0x96, 0x96, 0xda, \ + 0x00, 0x22, 0x00, 0x02, 0x0e, 0xce, 0x61, 0x30, \ + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, \ + 0x02, 0x21, 0x00, 0x8e, 0xd7, 0x9c, 0xbe, 0x8f, \ + 0x99, 0xe0, 0xcf, 0x88, 0x04, 0x7e, 0xc0, 0xe1, \ + 0x5a, 0xaa, 0x4a, 0xa3, 0xd7, 0xfc, 0x53, 0x9f, \ + 0x8f, 0x13, 0x66, 0xe7, 0x03, 0x8f, 0xb8, 0x6d, \ + 0x8b, 0xb1, 0x44, 0x02, 0x20, 0x16, 0x68, 0xa5, \ + 0x00, 0x22, 0x00, 0x02, 0x0f, 0xf9, 0x62, 0x9a, \ + 0xc9, 0xf9, 0x27, 0x88, 0x38, 0x91, 0x69, 0x2f, \ + 0x1f, 0xdf, 0xb0, 0xe3, 0x49, 0x0c, 0xaa, 0x3d, \ + 0x4c, 0x10, 0xf4, 0x9c, 0xee, 0xd8, 0xd8, 0x28, \ + 0x01, 0x26, 0x04, 0xf5, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 static const unsigned char cdh[32] = { 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, @@ -30,27 +314,27 @@ static const unsigned char authdata[198] = { 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, 0x83, 0x1d, - 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, 0x00, 0xf8, + 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, - 0x40, 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, - 0xc5, 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, - 0x53, 0xa8, 0xbf, 0x9d, 0xd6, 0x09, 0x6b, 0x5e, - 0x7f, 0xe0, 0x0d, 0x51, 0x30, 0x85, 0x6a, 0xda, - 0x68, 0x70, 0x85, 0xb0, 0xdb, 0x08, 0x0b, 0x83, - 0x2c, 0xef, 0x44, 0xe2, 0x36, 0x88, 0xee, 0x76, - 0x90, 0x6e, 0x7b, 0x50, 0x3e, 0x9a, 0xa0, 0xd6, - 0x3c, 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, - 0x25, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, - 0x21, 0x58, 0x20, 0x17, 0x5b, 0x27, 0xa6, 0x56, - 0xb2, 0x26, 0x0c, 0x26, 0x0c, 0x55, 0x42, 0x78, - 0x17, 0x5d, 0x4c, 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, - 0x54, 0xdf, 0xd5, 0xeb, 0xbf, 0x22, 0x64, 0xf5, - 0x21, 0x9a, 0xc6, 0x22, 0x58, 0x20, 0x87, 0x5f, - 0x90, 0xe6, 0xfd, 0x71, 0x27, 0x9f, 0xeb, 0xe3, - 0x03, 0x44, 0xbc, 0x8d, 0x49, 0xc6, 0x1c, 0x31, - 0x3b, 0x72, 0xae, 0xd4, 0x53, 0xb1, 0xfe, 0x5d, - 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, + 0x40, 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, + 0x38, 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, + 0x95, 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, + 0xbb, 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, + 0x20, 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, + 0xd6, 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, + 0x35, 0x29, 0xf5, 0x09, 0x76, 0x91, 0x20, 0x94, + 0x42, 0xc4, 0x52, 0x8b, 0x18, 0xca, 0xe1, 0x3d, + 0x12, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, + 0x21, 0x58, 0x20, 0xf8, 0x28, 0x2e, 0x88, 0x10, + 0xfe, 0xa4, 0xda, 0x50, 0x6c, 0xef, 0x2d, 0x48, + 0x0d, 0xba, 0x71, 0xaf, 0xb8, 0x76, 0x78, 0xb8, + 0xc3, 0x32, 0x80, 0x0d, 0x8c, 0x1f, 0xba, 0xb4, + 0xbf, 0xa0, 0xa1, 0x22, 0x58, 0x20, 0xc3, 0x88, + 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, 0x21, 0xf3, + 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, 0x6b, 0x30, + 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, 0xc7, 0xe8, + 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d }; static const unsigned char authdata_dupkeys[200] = { @@ -278,27 +562,27 @@ static const unsigned char x509[742] = { 0x07, 0x49, 0xd6, 0xe7, 0x4d, 0x9a, }; -const unsigned char sig[70] = { - 0x30, 0x44, 0x02, 0x20, 0x54, 0x92, 0x28, 0x3b, - 0x83, 0x33, 0x47, 0x56, 0x68, 0x79, 0xb2, 0x0c, - 0x84, 0x80, 0xcc, 0x67, 0x27, 0x8b, 0xfa, 0x48, - 0x43, 0x0d, 0x3c, 0xb4, 0x02, 0x36, 0x87, 0x97, - 0x3e, 0xdf, 0x2f, 0x65, 0x02, 0x20, 0x1b, 0x56, - 0x17, 0x06, 0xe2, 0x26, 0x0f, 0x6a, 0xe9, 0xa9, - 0x70, 0x99, 0x62, 0xeb, 0x3a, 0x04, 0x1a, 0xc4, - 0xa7, 0x03, 0x28, 0x56, 0x7c, 0xed, 0x47, 0x08, - 0x68, 0x73, 0x6a, 0xb6, 0x89, 0x0d, +const unsigned char sig[71] = { + 0x30, 0x45, 0x02, 0x21, 0x00, 0x89, 0xec, 0x44, + 0xbc, 0xa9, 0x4a, 0x8d, 0xf8, 0x38, 0xa1, 0x86, + 0x39, 0x8f, 0xbd, 0xca, 0x4f, 0x0c, 0xe4, 0x60, + 0xa1, 0x62, 0xb7, 0x93, 0x9a, 0x42, 0x8a, 0xcc, + 0x74, 0x6c, 0x9e, 0x6e, 0xc2, 0x02, 0x20, 0x64, + 0x04, 0x4a, 0xfb, 0x7c, 0xcf, 0x94, 0x12, 0xef, + 0x17, 0xc5, 0x4f, 0x48, 0xb6, 0xbc, 0x72, 0xc8, + 0x39, 0x6d, 0x64, 0xb6, 0x23, 0xe3, 0xc8, 0xcb, + 0x62, 0xd8, 0x6b, 0x90, 0x32, 0xc7, 0x99, }; const unsigned char pubkey[64] = { - 0x17, 0x5b, 0x27, 0xa6, 0x56, 0xb2, 0x26, 0x0c, - 0x26, 0x0c, 0x55, 0x42, 0x78, 0x17, 0x5d, 0x4c, - 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, 0x54, 0xdf, 0xd5, - 0xeb, 0xbf, 0x22, 0x64, 0xf5, 0x21, 0x9a, 0xc6, - 0x87, 0x5f, 0x90, 0xe6, 0xfd, 0x71, 0x27, 0x9f, - 0xeb, 0xe3, 0x03, 0x44, 0xbc, 0x8d, 0x49, 0xc6, - 0x1c, 0x31, 0x3b, 0x72, 0xae, 0xd4, 0x53, 0xb1, - 0xfe, 0x5d, 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, + 0xf8, 0x28, 0x2e, 0x88, 0x10, 0xfe, 0xa4, 0xda, + 0x50, 0x6c, 0xef, 0x2d, 0x48, 0x0d, 0xba, 0x71, + 0xaf, 0xb8, 0x76, 0x78, 0xb8, 0xc3, 0x32, 0x80, + 0x0d, 0x8c, 0x1f, 0xba, 0xb4, 0xbf, 0xa0, 0xa1, + 0xc3, 0x88, 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, + 0x21, 0xf3, 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, + 0x6b, 0x30, 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, + 0xc7, 0xe8, 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d, }; const unsigned char pubkey_tpm_rs256[259] = { @@ -349,14 +633,14 @@ const unsigned char pubkey_tpm_es256[64] = { }; const unsigned char id[64] = { - 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, - 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, - 0xa8, 0xbf, 0x9d, 0xd6, 0x09, 0x6b, 0x5e, 0x7f, - 0xe0, 0x0d, 0x51, 0x30, 0x85, 0x6a, 0xda, 0x68, - 0x70, 0x85, 0xb0, 0xdb, 0x08, 0x0b, 0x83, 0x2c, - 0xef, 0x44, 0xe2, 0x36, 0x88, 0xee, 0x76, 0x90, - 0x6e, 0x7b, 0x50, 0x3e, 0x9a, 0xa0, 0xd6, 0x3c, - 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, + 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, 0x38, + 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, 0x95, + 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, 0xbb, + 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, 0x20, + 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, 0xd6, + 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, 0x35, + 0x29, 0xf5, 0x09, 0x76, 0x91, 0x20, 0x94, 0x42, + 0xc4, 0x52, 0x8b, 0x18, 0xca, 0xe1, 0x3d, 0x12, }; const unsigned char id_tpm_rs256[32] = { @@ -1778,6 +2062,92 @@ const unsigned char x509_1_tpm_es256[1775] = { 0xfe, 0x9a, 0x82, 0x4d, 0x75, 0xb8, 0x6d }; +static const uint8_t x509_entattest[] = { + 0x30, 0x82, 0x02, 0x9a, 0x30, 0x82, 0x02, 0x40, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0xb0, 0x31, + 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x26, 0x46, 0x49, 0x44, 0x4f, 0x32, 0x20, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, + 0x73, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x54, + 0x45, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, + 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x16, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x40, 0x66, + 0x69, 0x64, 0x6f, 0x61, 0x6c, 0x6c, 0x69, 0x61, + 0x6e, 0x63, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, + 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x03, 0x43, 0x57, 0x47, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x35, 0x31, + 0x33, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, + 0x17, 0x0d, 0x32, 0x36, 0x31, 0x31, 0x30, 0x33, + 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, 0x30, + 0x81, 0xcd, 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x31, 0x46, 0x49, 0x44, + 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x42, 0x41, 0x54, 0x43, 0x48, 0x20, + 0x4b, 0x45, 0x59, 0x20, 0x70, 0x72, 0x69, 0x6d, + 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x31, 0x25, + 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x16, 0x74, + 0x6f, 0x6f, 0x6c, 0x73, 0x40, 0x66, 0x69, 0x64, + 0x6f, 0x61, 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, + 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x16, 0x30, + 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, + 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, 0x6c, 0x6c, + 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, 0x22, 0x30, + 0x20, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x19, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x6f, 0x72, 0x20, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x02, 0x4d, 0x59, 0x31, 0x12, 0x30, 0x10, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x57, 0x61, + 0x6b, 0x65, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x30, + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, + 0x00, 0x04, 0xad, 0x51, 0xdc, 0x74, 0x2c, 0x37, + 0x7f, 0x78, 0x38, 0x2d, 0x2a, 0x3f, 0x40, 0xe9, + 0xe3, 0xae, 0xb5, 0x9e, 0x45, 0x93, 0xf2, 0x82, + 0xc6, 0xc4, 0x82, 0xfb, 0xd6, 0xd7, 0x1b, 0xda, + 0x7c, 0xec, 0x0c, 0x5c, 0x8e, 0x8a, 0xd3, 0xdd, + 0x0a, 0xf5, 0x56, 0x43, 0xf0, 0xfc, 0x0b, 0x0d, + 0xd7, 0xe9, 0x0a, 0xeb, 0x0e, 0xbc, 0x4f, 0x12, + 0x27, 0xd7, 0xbc, 0xb0, 0xa9, 0x15, 0x1f, 0x49, + 0x6e, 0x10, 0xa3, 0x2c, 0x30, 0x2a, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x1e, 0xd3, 0xe9, 0x9a, + 0xaf, 0x89, 0x9a, 0xb7, 0x10, 0x61, 0xa3, 0xae, + 0x74, 0x7f, 0x3a, 0x96, 0x96, 0xda, 0xce, 0x61, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, + 0x45, 0x02, 0x21, 0x00, 0x8e, 0xd7, 0x9c, 0xbe, + 0x8f, 0x99, 0xe0, 0xcf, 0x88, 0x04, 0x7e, 0xc0, + 0xe1, 0x5a, 0xaa, 0x4a, 0xa3, 0xd7, 0xfc, 0x53, + 0x9f, 0x8f, 0x13, 0x66, 0xe7, 0x03, 0x8f, 0xb8, + 0x6d, 0x8b, 0xb1, 0x44, 0x02, 0x20, 0x16, 0x68, + 0xa5, 0xf9, 0x62, 0x9a, 0xc9, 0xf9, 0x27, 0x88, + 0x38, 0x91, 0x69, 0x2f, 0x1f, 0xdf, 0xb0, 0xe3, + 0x49, 0x0c, 0xaa, 0x3d, 0x4c, 0x10, 0xf4, 0x9c, + 0xee, 0xd8, 0xd8, 0x28, 0x01, 0x26 +}; /* * Security Key By Yubico @@ -1800,43 +2170,6 @@ const unsigned char aaguid_tpm[16] = { const char rp_id[] = "localhost"; const char rp_name[] = "sweet home localhost"; -static void * -dummy_open(const char *path) -{ - (void)path; - - return (&fake_dev_handle); -} - -static void -dummy_close(void *handle) -{ - assert(handle == &fake_dev_handle); -} - -static int -dummy_read(void *handle, unsigned char *buf, size_t len, int ms) -{ - (void)handle; - (void)buf; - (void)len; - (void)ms; - - abort(); - /* NOTREACHED */ -} - -static int -dummy_write(void *handle, const unsigned char *buf, size_t len) -{ - (void)handle; - (void)buf; - (void)len; - - abort(); - /* NOTREACHED */ -} - static fido_cred_t * alloc_cred(void) { @@ -1878,7 +2211,6 @@ empty_cred(void) { fido_cred_t *c; fido_dev_t *d; - fido_dev_io_t io_f; c = alloc_cred(); assert(fido_cred_authdata_len(c) == 0); @@ -1902,23 +2234,15 @@ empty_cred(void) assert(fido_cred_x5c_ptr(c) == NULL); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); - memset(&io_f, 0, sizeof(io_f)); - - io_f.open = dummy_open; - io_f.close = dummy_close; - io_f.read = dummy_read; - io_f.write = dummy_write; - d = alloc_dev(); + setup_dummy_io(d); fido_dev_force_u2f(d); - assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK); assert(fido_dev_make_cred(d, c, NULL) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_make_cred(d, c, "") == FIDO_ERR_UNSUPPORTED_OPTION); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); fido_dev_force_fido2(d); - assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK); assert(fido_dev_make_cred(d, c, NULL) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_make_cred(d, c, "") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); @@ -2623,6 +2947,81 @@ attestation_object(void) free(attobj); } +static void +makecred(void) +{ + const uint8_t makecred_wiredata[] = { + WIREDATA_CTAP_CBOR_INFO, + REGRESS_WIREDATA_MAKECRED, + }; + uint8_t *wiredata; + fido_cred_t *c; + fido_dev_t *dev; + + assert((dev = fido_dev_new())); + wiredata = wiredata_setup(makecred_wiredata, sizeof(makecred_wiredata)); + setup_dummy_io(dev); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); + assert(fido_dev_make_cred(dev, c, NULL) == FIDO_OK); + assert(memcmp(fido_cred_pubkey_ptr(c), pubkey, sizeof(pubkey)) == 0); + assert(fido_cred_authdata_len(c) == sizeof(authdata)); + assert(memcmp(fido_cred_authdata_ptr(c), authdata, sizeof(authdata)) == 0); + assert(fido_cred_id_len(c) == sizeof(id)); + assert(memcmp(fido_cred_id_ptr(c), id, sizeof(id)) == 0); + assert(fido_cred_aaguid_len(c) == sizeof(aaguid)); + assert(memcmp(fido_cred_aaguid_ptr(c), aaguid, sizeof(aaguid)) == 0); + assert(fido_cred_x5c_len(c) == sizeof(x509)); + assert(memcmp(fido_cred_x5c_ptr(c), x509, sizeof(x509)) == 0); + assert(fido_cred_sig_len(c) == sizeof(sig)); + assert(memcmp(fido_cred_sig_ptr(c), sig, sizeof(sig)) == 0); + assert(fido_cred_verify(c) == FIDO_OK); + assert(!fido_cred_entattest(c)); + + fido_cred_free(&c); + wiredata_clear(&wiredata); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); +} + +static void +entattest(void) +{ + const uint8_t makecred_wiredata[] = { + WIREDATA_CTAP_CBOR_INFO, + REGRESS_WIREDATA_MAKECRED_ENTATTEST, + }; + uint8_t *wiredata; + fido_cred_t *c; + fido_dev_t *dev; + + assert((dev = fido_dev_new())); + wiredata = wiredata_setup(makecred_wiredata, sizeof(makecred_wiredata)); + setup_dummy_io(dev); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_entattest(c, 3) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_cred_set_entattest(c, FIDO_ENTATTEST_VENDOR) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, "ep.fidoalliance.co.nz", NULL) == FIDO_OK); + assert(fido_dev_make_cred(dev, c, NULL) == FIDO_OK); + assert(fido_cred_x5c_len(c) == sizeof(x509_entattest)); + assert(memcmp(fido_cred_x5c_ptr(c), x509_entattest, sizeof(x509_entattest)) == 0); + assert(fido_cred_verify(c) == FIDO_OK); + assert(fido_cred_entattest(c)); + + fido_cred_free(&c); + wiredata_clear(&wiredata); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); +} + int main(void) { @@ -2657,6 +3056,8 @@ main(void) valid_tpm_rs256_cred(xfail); valid_tpm_es256_cred(xfail); attestation_object(); + makecred(); + entattest(); exit(0); } diff --git a/regress/dev.c b/regress/dev.c index 0ba552b70552..55107df34c71 100644 --- a/regress/dev.c +++ b/regress/dev.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -16,166 +16,16 @@ #include <fido.h> #include "../fuzz/wiredata_fido2.h" - -#define REPORT_LEN (64 + 1) - -static uint8_t ctap_nonce[8]; -static uint8_t *wiredata_ptr; -static size_t wiredata_len; -static int fake_dev_handle; -static int initialised; -static long interval_ms; - -#if defined(_MSC_VER) -static int -nanosleep(const struct timespec *rqtp, struct timespec *rmtp) -{ - if (rmtp != NULL) { - errno = EINVAL; - return (-1); - } - - Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000)); - - return (0); -} -#endif - -static void * -dummy_open(const char *path) -{ - (void)path; - - return (&fake_dev_handle); -} - -static void -dummy_close(void *handle) -{ - assert(handle == &fake_dev_handle); -} - -static int -dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) -{ - struct timespec tv; - size_t n; - long d; - - assert(handle == &fake_dev_handle); - assert(ptr != NULL); - assert(len == REPORT_LEN - 1); - - if (wiredata_ptr == NULL) - return (-1); - - if (!initialised) { - assert(wiredata_len >= REPORT_LEN - 1); - memcpy(&wiredata_ptr[7], &ctap_nonce, sizeof(ctap_nonce)); - initialised = 1; - } - - if (ms >= 0 && ms < interval_ms) - d = ms; - else - d = interval_ms; - - if (d) { - tv.tv_sec = d / 1000; - tv.tv_nsec = (d % 1000) * 1000000; - if (nanosleep(&tv, NULL) == -1) - err(1, "nanosleep"); - } - - if (d != interval_ms) - return (-1); /* timeout */ - - if (wiredata_len < len) - n = wiredata_len; - else - n = len; - - memcpy(ptr, wiredata_ptr, n); - wiredata_ptr += n; - wiredata_len -= n; - - return ((int)n); -} - -static int -dummy_write(void *handle, const unsigned char *ptr, size_t len) -{ - struct timespec tv; - - assert(handle == &fake_dev_handle); - assert(ptr != NULL); - assert(len == REPORT_LEN); - - if (!initialised) - memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); - - if (interval_ms) { - tv.tv_sec = interval_ms / 1000; - tv.tv_nsec = (interval_ms % 1000) * 1000000; - if (nanosleep(&tv, NULL) == -1) - err(1, "nanosleep"); - } - - return ((int)len); -} - -static uint8_t * -wiredata_setup(const uint8_t *data, size_t len) -{ - const uint8_t ctap_init_data[] = { WIREDATA_CTAP_INIT }; - - assert(wiredata_ptr == NULL); - assert(SIZE_MAX - len > sizeof(ctap_init_data)); - assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL); - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:6386) -#endif - memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data)); -#if defined(_MSC_VER) -#pragma warning(pop) -#endif - - if (len) - memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len); - - wiredata_len = sizeof(ctap_init_data) + len; - - return (wiredata_ptr); -} - -static void -wiredata_clear(uint8_t **wiredata) -{ - free(*wiredata); - *wiredata = NULL; - wiredata_ptr = NULL; - wiredata_len = 0; - initialised = 0; -} +#include "extern.h" /* gh#56 */ static void open_iff_ok(void) { fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_RX); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); @@ -188,18 +38,10 @@ reopen(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); wiredata_clear(&wiredata); @@ -217,18 +59,10 @@ double_open(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_close(dev) == FIDO_OK); @@ -242,19 +76,11 @@ double_close(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); @@ -269,18 +95,10 @@ is_fido2(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_is_fido2(dev) == true); assert(fido_dev_supports_pin(dev) == true); @@ -313,18 +131,10 @@ has_pin(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(set_pin_data, sizeof(set_pin_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_has_pin(dev) == false); assert(fido_dev_set_pin(dev, "top secret", NULL) == FIDO_OK); @@ -350,26 +160,18 @@ timeout_rx(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(timeout_rx_data, sizeof(timeout_rx_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_set_timeout(dev, 3 * 1000) == FIDO_OK); - interval_ms = 1000; + set_read_interval(1000); assert(fido_dev_reset(dev) == FIDO_ERR_RX); assert(fido_dev_close(dev) == FIDO_OK); fido_dev_free(&dev); wiredata_clear(&wiredata); - interval_ms = 0; + set_read_interval(0); } static void @@ -386,26 +188,18 @@ timeout_ok(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(timeout_ok_data, sizeof(timeout_ok_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_set_timeout(dev, 30 * 1000) == FIDO_OK); - interval_ms = 1000; + set_read_interval(1000); assert(fido_dev_reset(dev) == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); fido_dev_free(&dev); wiredata_clear(&wiredata); - interval_ms = 0; + set_read_interval(0); } static void diff --git a/regress/extern.h b/regress/extern.h new file mode 100644 index 000000000000..8bab9d4ae667 --- /dev/null +++ b/regress/extern.h @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ +#ifndef REGRESS_EXTERN_H +#define REGRESS_EXTERN_H + +#include <fido.h> + +void setup_dummy_io(fido_dev_t *); +void set_read_interval(long); +uint8_t *wiredata_setup(const uint8_t *, size_t); +void wiredata_clear(uint8_t **); + +#endif diff --git a/regress/mock.c b/regress/mock.c new file mode 100644 index 000000000000..cfaeffc9a3d9 --- /dev/null +++ b/regress/mock.c @@ -0,0 +1,182 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ + +#undef NDEBUG + +#include <assert.h> +#include <string.h> +#include <time.h> +#include <stdint.h> + +#define _FIDO_INTERNAL +#include <fido.h> + +#include "extern.h" +#include "../fuzz/wiredata_fido2.h" + +#define REPORT_LEN (64 + 1) + +static uint8_t ctap_nonce[8]; +static uint8_t *wiredata_ptr; +static size_t wiredata_len; +static int fake_dev_handle; +static int initialised; +static long interval_ms; + +#if defined(_MSC_VER) +static int +nanosleep(const struct timespec *rqtp, struct timespec *rmtp) +{ + if (rmtp != NULL) { + errno = EINVAL; + return (-1); + } + + Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000)); + + return (0); +} +#endif + +static void * +dummy_open(const char *path) +{ + (void)path; + + return (&fake_dev_handle); +} + +static void +dummy_close(void *handle) +{ + assert(handle == &fake_dev_handle); +} + +static int +dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) +{ + struct timespec tv; + size_t n; + long d; + + assert(handle == &fake_dev_handle); + assert(ptr != NULL); + assert(len == REPORT_LEN - 1); + + if (wiredata_ptr == NULL) + return (-1); + + if (!initialised) { + assert(wiredata_len >= REPORT_LEN - 1); + memcpy(&wiredata_ptr[7], &ctap_nonce, sizeof(ctap_nonce)); + initialised = 1; + } + + if (ms >= 0 && ms < interval_ms) + d = ms; + else + d = interval_ms; + + if (d) { + tv.tv_sec = d / 1000; + tv.tv_nsec = (d % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + if (d != interval_ms) + return (-1); /* timeout */ + + if (wiredata_len < len) + n = wiredata_len; + else + n = len; + + memcpy(ptr, wiredata_ptr, n); + wiredata_ptr += n; + wiredata_len -= n; + + return ((int)n); +} + +static int +dummy_write(void *handle, const unsigned char *ptr, size_t len) +{ + struct timespec tv; + + assert(handle == &fake_dev_handle); + assert(ptr != NULL); + assert(len == REPORT_LEN); + + if (!initialised) + memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); + + if (interval_ms) { + tv.tv_sec = interval_ms / 1000; + tv.tv_nsec = (interval_ms % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + return ((int)len); +} + +uint8_t * +wiredata_setup(const uint8_t *data, size_t len) +{ + const uint8_t ctap_init_data[] = { WIREDATA_CTAP_INIT }; + + assert(wiredata_ptr == NULL); + assert(SIZE_MAX - len > sizeof(ctap_init_data)); + assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL); + +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable:6386) +#endif + memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data)); +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + + if (len) + memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len); + + wiredata_len = sizeof(ctap_init_data) + len; + + return (wiredata_ptr); +} + +void +wiredata_clear(uint8_t **wiredata) +{ + free(*wiredata); + *wiredata = NULL; + wiredata_ptr = NULL; + wiredata_len = 0; + initialised = 0; +} + +void +setup_dummy_io(fido_dev_t *dev) +{ + fido_dev_io_t io; + + memset(&io, 0, sizeof(io)); + io.open = dummy_open; + io.close = dummy_close; + io.read = dummy_read; + io.write = dummy_write; + + assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); +} + +void +set_read_interval(long ms) +{ + interval_ms = ms; +} diff --git a/src/aes256.c b/src/aes256.c index dcf716d65abb..0e4a34ddeb72 100644 --- a/src/aes256.c +++ b/src/aes256.c @@ -128,7 +128,11 @@ aes256_gcm(const fido_blob_t *key, const fido_blob_t *nonce, nonce->len, key->len, aad->len); goto fail; } - if (in->len > UINT_MAX || in->len > SIZE_MAX - 16 || in->len < 16) { + if (in->len > UINT_MAX || in->len > SIZE_MAX - 16) { + fido_log_debug("%s: invalid input len %zu", __func__, in->len); + goto fail; + } + if (!encrypt && in->len < 16) { fido_log_debug("%s: invalid input len %zu", __func__, in->len); goto fail; } diff --git a/src/cred.c b/src/cred.c index 2e52d2b93c55..1fb0dfbd5cfa 100644 --- a/src/cred.c +++ b/src/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -39,6 +39,8 @@ parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg) &cred->authdata_ext)); case 3: /* attestation statement */ return (cbor_decode_attstmt(val, &cred->attstmt)); + case 4: /* enterprise attestation */ + return (cbor_decode_bool(val, &cred->ea.att)); case 5: /* large blob key */ return (fido_blob_decode(val, &cred->largeblob_key)); default: /* ignore */ @@ -55,7 +57,7 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, fido_blob_t *ecdh = NULL; fido_opt_t uv = cred->uv; es256_pk_t *pk = NULL; - cbor_item_t *argv[9]; + cbor_item_t *argv[10]; const uint8_t cmd = CTAP_CBOR_MAKECRED; int r; @@ -118,6 +120,15 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, goto fail; } + /* enterprise attestation */ + if (cred->ea.mode != 0) + if ((argv[9] = cbor_build_uint8((uint8_t)cred->ea.mode)) == + NULL) { + fido_log_debug("%s: cbor_build_uint8", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } + /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { @@ -586,6 +597,7 @@ fido_cred_reset_tx(fido_cred_t *cred) cred->type = 0; cred->rk = FIDO_OPT_OMIT; cred->uv = FIDO_OPT_OMIT; + cred->ea.mode = 0; } void @@ -593,6 +605,7 @@ fido_cred_reset_rx(fido_cred_t *cred) { fido_cred_clean_attobj(cred); fido_blob_reset(&cred->largeblob_key); + cred->ea.att = false; } void @@ -982,6 +995,18 @@ fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv) } int +fido_cred_set_entattest(fido_cred_t *cred, int ea) +{ + if (ea != 0 && ea != FIDO_ENTATTEST_VENDOR && + ea != FIDO_ENTATTEST_PLATFORM) + return (FIDO_ERR_INVALID_ARGUMENT); + + cred->ea.mode = ea; + + return (FIDO_OK); +} + +int fido_cred_set_prot(fido_cred_t *cred, int prot) { if (prot == 0) { @@ -1314,3 +1339,9 @@ fido_cred_largeblob_key_len(const fido_cred_t *cred) { return (cred->largeblob_key.len); } + +bool +fido_cred_entattest(const fido_cred_t *cred) +{ + return (cred->ea.att); +} diff --git a/src/export.gnu b/src/export.gnu index 134dcf0ef0f9..f22d663bf0ba 100644 --- a/src/export.gnu +++ b/src/export.gnu @@ -130,6 +130,7 @@ fido_cred_clientdata_hash_ptr; fido_cred_display_name; fido_cred_empty_exclude_list; + fido_cred_entattest; fido_cred_exclude; fido_cred_flags; fido_cred_largeblob_key_len; @@ -175,6 +176,7 @@ fido_cred_set_blob; fido_cred_set_clientdata; fido_cred_set_clientdata_hash; + fido_cred_set_entattest; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; diff --git a/src/export.llvm b/src/export.llvm index fa1a8098a5c4..b1b1cdf34285 100644 --- a/src/export.llvm +++ b/src/export.llvm @@ -128,6 +128,7 @@ _fido_cred_clientdata_hash_len _fido_cred_clientdata_hash_ptr _fido_cred_display_name _fido_cred_empty_exclude_list +_fido_cred_entattest _fido_cred_exclude _fido_cred_flags _fido_cred_largeblob_key_len @@ -173,6 +174,7 @@ _fido_cred_set_authdata_raw _fido_cred_set_blob _fido_cred_set_clientdata _fido_cred_set_clientdata_hash +_fido_cred_set_entattest _fido_cred_set_extensions _fido_cred_set_fmt _fido_cred_set_id diff --git a/src/export.msvc b/src/export.msvc index 241b17f0b9cf..449f1eaf6bc1 100644 --- a/src/export.msvc +++ b/src/export.msvc @@ -129,6 +129,7 @@ fido_cred_clientdata_hash_len fido_cred_clientdata_hash_ptr fido_cred_display_name fido_cred_empty_exclude_list +fido_cred_entattest fido_cred_exclude fido_cred_flags fido_cred_largeblob_key_len @@ -174,6 +175,7 @@ fido_cred_set_authdata_raw fido_cred_set_blob fido_cred_set_clientdata fido_cred_set_clientdata_hash +fido_cred_set_entattest fido_cred_set_extensions fido_cred_set_fmt fido_cred_set_id diff --git a/src/fido.h b/src/fido.h index ef1d3d3b80f8..3f7f1e5b674a 100644 --- a/src/fido.h +++ b/src/fido.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -149,6 +149,7 @@ int fido_assert_set_winhello_appid(fido_assert_t *, const char *); int fido_assert_verify(const fido_assert_t *, size_t, int, const void *); int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t); int fido_cred_empty_exclude_list(fido_cred_t *); +bool fido_cred_entattest(const fido_cred_t *); int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t); int fido_cred_prot(const fido_cred_t *); int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t); @@ -158,6 +159,7 @@ int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_clientdata(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_clientdata_hash(fido_cred_t *, const unsigned char *, size_t); +int fido_cred_set_entattest(fido_cred_t *, int); int fido_cred_set_extensions(fido_cred_t *, int); int fido_cred_set_fmt(fido_cred_t *, const char *); int fido_cred_set_id(fido_cred_t *, const unsigned char *, size_t); diff --git a/src/fido/param.h b/src/fido/param.h index fb66abfd2d00..cf1dcd886684 100644 --- a/src/fido/param.h +++ b/src/fido/param.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -74,6 +74,7 @@ /* ISO7816-4 status words. */ #define SW1_MORE_DATA 0x61 +#define SW_WRONG_LENGTH 0x6700 #define SW_CONDITIONS_NOT_SATISFIED 0x6985 #define SW_WRONG_DATA 0x6a80 #define SW_NO_ERROR 0x9000 @@ -136,6 +137,10 @@ #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 #define FIDO_CRED_PROT_UV_REQUIRED 0x03 +/* Supported enterprise attestation modes. */ +#define FIDO_ENTATTEST_VENDOR 1 +#define FIDO_ENTATTEST_PLATFORM 2 + #ifdef _FIDO_INTERNAL #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ FIDO_EXT_CRED_BLOB) diff --git a/src/fido/types.h b/src/fido/types.h index 0aaa8cb6150a..ab9b02a66487 100644 --- a/src/fido/types.h +++ b/src/fido/types.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -166,6 +166,11 @@ typedef struct fido_cred_ext { size_t minpinlen; /* minimum pin length */ } fido_cred_ext_t; +typedef struct fido_cred_ea { + int mode; + bool att; +} fido_cred_ea_t; + typedef struct fido_cred { fido_blob_t cd; /* client data */ fido_blob_t cdh; /* client data hash */ @@ -185,6 +190,7 @@ typedef struct fido_cred { fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */ fido_blob_t largeblob_key; /* decoded large blob key */ fido_blob_t blob; /* CTAP 2.1 credBlob */ + fido_cred_ea_t ea; /* enterprise attestation */ } fido_cred_t; typedef struct fido_assert_extattr { diff --git a/src/nfc.c b/src/nfc.c index 2e97d5fc50da..f2f65a237d3e 100644 --- a/src/nfc.c +++ b/src/nfc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2022 Yubico AB. All rights reserved. + * Copyright (c) 2020-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -34,7 +34,10 @@ tx_short_apdu(fido_dev_t *d, const iso7816_header_t *h, const uint8_t *payload, apdu[3] = h->p2; apdu[4] = payload_len; memcpy(&apdu[5], payload, payload_len); - apdu_len = (size_t)(5 + payload_len + 1); + apdu_len = (size_t)(5 + payload_len); + + if (!(cla_flags & 0x10)) + apdu_len += 1; if (d->io.write(d->io_handle, apdu, apdu_len) < 0) { fido_log_debug("%s: write", __func__); @@ -144,51 +147,12 @@ fail: } static int -rx_init(fido_dev_t *d, unsigned char *buf, size_t count, int ms) -{ - fido_ctap_info_t *attr = (fido_ctap_info_t *)buf; - uint8_t f[64]; - int n; - - if (count != sizeof(*attr)) { - fido_log_debug("%s: count=%zu", __func__, count); - return -1; - } - - memset(attr, 0, sizeof(*attr)); - - if ((n = d->io.read(d->io_handle, f, sizeof(f), ms)) < 2 || - (f[n - 2] << 8 | f[n - 1]) != SW_NO_ERROR) { - fido_log_debug("%s: read", __func__); - return -1; - } - - n -= 2; - - if (n == sizeof(v_u2f) && memcmp(f, v_u2f, sizeof(v_u2f)) == 0) - attr->flags = FIDO_CAP_CBOR; - else if (n == sizeof(v_fido) && memcmp(f, v_fido, sizeof(v_fido)) == 0) - attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; - else { - fido_log_debug("%s: unknown version string", __func__); -#ifdef FIDO_FUZZ - attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; -#else - return -1; -#endif - } - - memcpy(&attr->nonce, &d->nonce, sizeof(attr->nonce)); /* XXX */ - - return (int)count; -} - -static int -tx_get_response(fido_dev_t *d, uint8_t count) +tx_get_response(fido_dev_t *d, uint8_t count, bool cbor) { uint8_t apdu[5]; memset(apdu, 0, sizeof(apdu)); + apdu[0] = cbor ? 0x80 : 0x00; apdu[1] = 0xc0; /* GET_RESPONSE */ apdu[4] = count; @@ -233,7 +197,7 @@ fail: } static int -rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms) +rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms, bool cbor) { uint8_t sw[2]; const size_t bufsiz = count; @@ -244,7 +208,7 @@ rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms) } while (sw[0] == SW1_MORE_DATA) - if (tx_get_response(d, sw[1]) < 0 || + if (tx_get_response(d, sw[1], cbor) < 0 || rx_apdu(d, sw, &buf, &count, &ms) < 0) { fido_log_debug("%s: chain", __func__); return -1; @@ -268,12 +232,52 @@ rx_cbor(fido_dev_t *d, unsigned char *buf, size_t count, int ms) { int r; - if ((r = rx_msg(d, buf, count, ms)) < 2) + if ((r = rx_msg(d, buf, count, ms, true)) < 2) return -1; return r - 2; } +static int +rx_init(fido_dev_t *d, unsigned char *buf, size_t count, int ms) +{ + fido_ctap_info_t *attr = (fido_ctap_info_t *)buf; + uint8_t f[64]; + int n; + + if (count != sizeof(*attr)) { + fido_log_debug("%s: count=%zu", __func__, count); + return -1; + } + + memset(attr, 0, sizeof(*attr)); + + if ((n = rx_msg(d, f, sizeof(f), ms, false)) < 2 || + (f[n - 2] << 8 | f[n - 1]) != SW_NO_ERROR) { + fido_log_debug("%s: read", __func__); + return -1; + } + + n -= 2; + + if (n == sizeof(v_u2f) && memcmp(f, v_u2f, sizeof(v_u2f)) == 0) + attr->flags = FIDO_CAP_CBOR; + else if (n == sizeof(v_fido) && memcmp(f, v_fido, sizeof(v_fido)) == 0) + attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; + else { + fido_log_debug("%s: unknown version string", __func__); +#ifdef FIDO_FUZZ + attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; +#else + return -1; +#endif + } + + memcpy(&attr->nonce, &d->nonce, sizeof(attr->nonce)); /* XXX */ + + return (int)count; +} + int fido_nfc_rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) { @@ -283,7 +287,7 @@ fido_nfc_rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms case CTAP_CMD_CBOR: return rx_cbor(d, buf, count, ms); case CTAP_CMD_MSG: - return rx_msg(d, buf, count, ms); + return rx_msg(d, buf, count, ms, false); default: fido_log_debug("%s: cmd=%02x", __func__, cmd); return -1; diff --git a/src/random.c b/src/random.c index 9688d35ca945..187fe09a79d5 100644 --- a/src/random.c +++ b/src/random.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -16,6 +16,13 @@ #include <unistd.h> #endif +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) +# include <sanitizer/msan_interface.h> +# define WITH_MSAN 1 +# endif +#endif + #include "fido.h" #if defined(_WIN32) @@ -45,6 +52,9 @@ int fido_get_random(void *buf, size_t len) { arc4random_buf(buf, len); +#ifdef WITH_MSAN + __msan_unpoison(buf, len); /* XXX */ +#endif return (0); } #elif defined(HAVE_GETRANDOM) diff --git a/src/u2f.c b/src/u2f.c index b1f7bce3b7ab..2620a2eb49c9 100644 --- a/src/u2f.c +++ b/src/u2f.c @@ -260,6 +260,7 @@ key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id, *found = 1; /* key exists */ break; case SW_WRONG_DATA: + case SW_WRONG_LENGTH: *found = 0; /* key does not exist */ break; default: diff --git a/src/winhello.c b/src/winhello.c index 2b2a5d1b7d26..7805976b0e0d 100644 --- a/src/winhello.c +++ b/src/winhello.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Yubico AB. All rights reserved. + * Copyright (c) 2021-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -735,6 +735,10 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred, if (cred->rk == FIDO_OPT_TRUE) { opt->bRequireResidentKey = true; } + if (cred->ea.mode != 0) { + opt->dwVersion = WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4; + opt->dwEnterpriseAttestation = (DWORD)cred->ea.mode; + } return FIDO_OK; } @@ -760,6 +764,8 @@ translate_winhello_cred(fido_cred_t *cred, fido_log_debug("%s: cbor_decode_attobj", __func__); goto fail; } + if (att->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4) + cred->ea.att = att->bEpAtt; r = FIDO_OK; fail: diff --git a/tools/cred_make.c b/tools/cred_make.c index 66c8b52d8e38..6d335a5c58b1 100644 --- a/tools/cred_make.c +++ b/tools/cred_make.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -151,11 +151,16 @@ cred_make(int argc, char **argv) int type = COSE_ES256; int flags = 0; int cred_protect = -1; + int ea = 0; int ch; int r; - while ((ch = getopt(argc, argv, "bc:dhi:o:qruvw")) != -1) { + while ((ch = getopt(argc, argv, "a:bc:dhi:o:qruvw")) != -1) { switch (ch) { + case 'a': + if ((ea = base10(optarg)) < 0) + errx(1, "-a: invalid argument '%s'", optarg); + break; case 'b': flags |= FLAG_LARGEBLOB; break; @@ -221,6 +226,11 @@ cred_make(int argc, char **argv) errx(1, "fido_cred_set_prot: %s", fido_strerr(r)); } } + if (ea > 0) { + r = fido_cred_set_entattest(cred, ea); + if (r != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s", fido_strerr(r)); + } r = fido_dev_make_cred(dev, cred, NULL); if (r == FIDO_ERR_PIN_REQUIRED && !(flags & FLAG_QUIET)) { diff --git a/tools/fido2-cred.c b/tools/fido2-cred.c index 76081c6856e9..a819bd118d12 100644 --- a/tools/fido2-cred.c +++ b/tools/fido2-cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -27,7 +27,7 @@ void usage(void) { fprintf(stderr, -"usage: fido2-cred -M [-bdhqruvw] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" +"usage: fido2-cred -M [-bdhqruvw] [-a mode] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" " fido2-cred -V [-dhv] [-c cred_protect] [-i input_file] [-o output_file] [type]\n" ); diff --git a/tools/fido2-unprot.sh b/tools/fido2-unprot.sh index 7d8c77936ee9..06b52232c6be 100755 --- a/tools/fido2-unprot.sh +++ b/tools/fido2-unprot.sh @@ -6,53 +6,56 @@ # SPDX-License-Identifier: BSD-2-Clause -if [ $(uname) != "Linux" ] ; then +if [ "$(uname)" != "Linux" ] ; then echo "Can only run on Linux" exit 1 fi -TOKEN_VERSION=$(${FIDO_TOOLS_PREFIX}fido2-token -V 2>&1) -if [ $? -ne 0 ] ; then +if ! TOKEN_VERSION=$("${FIDO_TOOLS_PREFIX}"fido2-token -V 2>&1); then echo "Please install libfido2 1.5.0 or higher" - exit + exit 1 fi TOKEN_VERSION_MAJOR=$(echo "$TOKEN_VERSION" | cut -d. -f1) TOKEN_VERSION_MINOR=$(echo "$TOKEN_VERSION" | cut -d. -f2) -if [ $TOKEN_VERSION_MAJOR -eq 0 -o $TOKEN_VERSION_MAJOR -eq 1 -a $TOKEN_VERSION_MINOR -lt 5 ] ; then +if [ "$TOKEN_VERSION_MAJOR" -eq 0 ] ; then + echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)" + exit 1 +fi +if [ "$TOKEN_VERSION_MAJOR" -eq 1 ] && [ "$TOKEN_VERSION_MINOR" -lt 5 ] ; then echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)" exit 1 fi set -e -TOKEN_OUTPUT=$(${FIDO_TOOLS_PREFIX}fido2-token -L) +TOKEN_OUTPUT=$("${FIDO_TOOLS_PREFIX}"fido2-token -L) DEV_PATH_NAMES=$(echo "$TOKEN_OUTPUT" | sed -r 's/^(.*): .*\((.*)\)$/\1 \2/g') DEV_COUNT=$(echo "$DEV_PATH_NAMES" | wc -l) -for i in $(seq 1 $DEV_COUNT) +for i in $(seq 1 "$DEV_COUNT") do DEV_PATH_NAME=$(echo "$DEV_PATH_NAMES" | sed "${i}q;d") DEV_PATH=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1) DEV_NAME=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1 --complement) - DEV_PRETTY=$(echo "$DEV_NAME (at '$DEV_PATH')") - if expr match "$(${FIDO_TOOLS_PREFIX}fido2-token -I $DEV_PATH)" ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then - printf "Enter PIN for $DEV_PRETTY once (ignore further prompts): " + DEV_PRETTY="$DEV_NAME (at '$DEV_PATH')" + if expr "$("${FIDO_TOOLS_PREFIX}"fido2-token -I "$DEV_PATH")" : ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then + printf "Enter PIN for %s once (ignore further prompts): " "$DEV_PRETTY" stty -echo - read PIN + IFS= read -r PIN stty echo printf "\n" - RESIDENT_RPS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -r $DEV_PATH | cut -d' ' -f3) + RESIDENT_RPS=$(printf "%s\n" "$PIN" | setsid -w "${FIDO_TOOLS_PREFIX}"fido2-token -L -r "$DEV_PATH" | cut -d' ' -f3) printf "\n" RESIDENT_RPS_COUNT=$(echo "$RESIDENT_RPS" | wc -l) FOUND=0 - for j in $(seq 1 $DEV_RESIDENT_RPS_COUNT) + for j in $(seq 1 "$RESIDENT_RPS_COUNT") do RESIDENT_RP=$(echo "$RESIDENT_RPS" | sed "${j}q;d") - UNPROT_CREDS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -k $RESIDENT_RP $DEV_PATH | grep ' uvopt$' | cut -d' ' -f2,3,4) + UNPROT_CREDS=$(printf "%s\n" "$PIN" | setsid -w "${FIDO_TOOLS_PREFIX}"fido2-token -L -k "$RESIDENT_RP" "$DEV_PATH" | grep ' uvopt$' | cut -d' ' -f2,3,4) printf "\n" UNPROT_CREDS_COUNT=$(echo "$UNPROT_CREDS" | wc -l) - if [ $UNPROT_CREDS_COUNT -gt 0 ] ; then + if [ "$UNPROT_CREDS_COUNT" -gt 0 ] ; then FOUND=1 echo "Unprotected credentials on $DEV_PRETTY for '$RESIDENT_RP':" echo "$UNPROT_CREDS" @@ -64,9 +67,9 @@ do else echo "$DEV_PRETTY cannot enumerate credentials" echo "Discovering unprotected SSH credentials only..." - STUB_HASH=$(echo -n "" | openssl sha256 -binary | base64) - printf "$STUB_HASH\nssh:\n" | ${FIDO_TOOLS_PREFIX}fido2-assert -G -r -t up=false $DEV_PATH 2> /dev/null || ASSERT_EXIT_CODE=$? - if [ $ASSERT_EXIT_CODE -eq 0 ] ; then + STUB_HASH=$(printf "" | openssl sha256 -binary | base64) + printf "%s\nssh:\n" "$STUB_HASH" | "${FIDO_TOOLS_PREFIX}"fido2-assert -G -r -t up=false "$DEV_PATH" 2> /dev/null || ASSERT_EXIT_CODE=$? + if [ "$ASSERT_EXIT_CODE" -eq 0 ] ; then echo "Found an unprotected SSH credential on $DEV_PRETTY!" else echo "No unprotected SSH credentials (default settings) on $DEV_PRETTY" diff --git a/tools/include_check.sh b/tools/include_check.sh index 70abada1640d..a9a9873ca7df 100755 --- a/tools/include_check.sh +++ b/tools/include_check.sh @@ -1,15 +1,22 @@ -#!/bin/sh +#!/bin/sh -u # Copyright (c) 2019 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause +SKIP='(webauthn.h)' + check() { - for f in $(find $1 -maxdepth 1 -name '*.h'); do - echo "#include \"$f\"" | \ - cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1 - echo "$f $CFLAGS $?" + try="cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1" + git ls-files "$1" | grep '.*\.h$' | while read -r header; do + if echo "$header" | grep -Eq "$SKIP"; then + echo "Skipping $header" + else + body="#include \"$header\"" + echo "echo $body | $try" + echo "$body" | eval "$try" + fi done } diff --git a/tools/test.sh b/tools/test.sh index 67b757e80a8d..28b3facca570 100755 --- a/tools/test.sh +++ b/tools/test.sh @@ -13,7 +13,7 @@ # - should pass as-is on a YubiKey with a PIN set; # - may otherwise require set +e above; # - can be executed with UV=1 to run additional UV tests; -# - was last tested on 2022-01-11 with firmware 5.4.3. +# - was last tested on 2024-06-15 with firmware 5.7.1. cd "$1" DEV="$2" @@ -28,11 +28,11 @@ $1 some user name $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) EOF - fido2-cred -M $2 "${DEV}" "${TYPE}" > "$3" < cred_param + fido2-cred -M "$2" "${DEV}" "${TYPE}" > "$3" < cred_param } verify_cred() { - fido2-cred -V $1 "${TYPE}" > cred_out < "$2" + fido2-cred -V "$1" "${TYPE}" > cred_out < "$2" || return 1 head -1 cred_out > "$3" tail -n +2 cred_out > "$4" } @@ -41,79 +41,84 @@ get_assert() { sed /^$/d > assert_param << EOF $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) $1 -$(cat $3) -$(cat $4) +$(cat "$3") +$(cat "$4") EOF + # we want to expand $2 + # shellcheck disable=SC2086 fido2-assert -G $2 "${DEV}" > "$5" < assert_param } verify_assert() { - fido2-assert -V $1 "$2" "${TYPE}" < "$3" + fido2-assert -V "$1" "$2" "${TYPE}" < "$3" } dd if=/dev/urandom bs=32 count=1 | base64 > hmac-salt # u2f -if [ "x${TYPE}" = "xes256" ]; then +if [ "${TYPE}" = "es256" ]; then make_cred no.tld "-u" u2f - ! make_cred no.tld "-ru" /dev/null - ! make_cred no.tld "-uc1" /dev/null - ! make_cred no.tld "-uc2" /dev/null + make_cred no.tld "-ru" /dev/null && exit 1 + make_cred no.tld "-uc1" /dev/null && exit 1 + make_cred no.tld "-uc2" /dev/null && exit 1 verify_cred "--" u2f u2f-cred u2f-pubkey - ! verify_cred "-h" u2f /dev/null /dev/null - ! verify_cred "-v" u2f /dev/null /dev/null + verify_cred "-h" u2f /dev/null /dev/null && exit 1 + verify_cred "-v" u2f /dev/null /dev/null && exit 1 verify_cred "-c0" u2f /dev/null /dev/null - ! verify_cred "-c1" u2f /dev/null /dev/null - ! verify_cred "-c2" u2f /dev/null /dev/null - ! verify_cred "-c3" u2f /dev/null /dev/null + verify_cred "-c1" u2f /dev/null /dev/null && exit 1 + verify_cred "-c2" u2f /dev/null /dev/null && exit 1 + verify_cred "-c3" u2f /dev/null /dev/null && exit 1 fi # wrap (non-resident) make_cred no.tld "--" wrap -verify_cred "--" wrap wrap-cred wrap-pubkey -! verify_cred "-h" wrap /dev/null /dev/null -! verify_cred "-v" wrap /dev/null /dev/null +verify_cred "--" wrap wrap-cred wrap-pubkey +verify_cred "-h" wrap /dev/null /dev/null && exit 1 +verify_cred "-v" wrap /dev/null /dev/null && exit 1 verify_cred "-c0" wrap /dev/null /dev/null -! verify_cred "-c1" wrap /dev/null /dev/null -! verify_cred "-c2" wrap /dev/null /dev/null -! verify_cred "-c3" wrap /dev/null /dev/null +verify_cred "-c1" wrap /dev/null /dev/null && exit 1 +verify_cred "-c2" wrap /dev/null /dev/null && exit 1 +verify_cred "-c3" wrap /dev/null /dev/null && exit 1 # wrap (non-resident) + hmac-secret make_cred no.tld "-h" wrap-hs -! verify_cred "--" wrap-hs /dev/null /dev/null +verify_cred "--" wrap-hs /dev/null /dev/null && exit 1 verify_cred "-h" wrap-hs wrap-hs-cred wrap-hs-pubkey -! verify_cred "-v" wrap-hs /dev/null /dev/null +verify_cred "-v" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-hv" wrap-hs /dev/null /dev/null && exit 1 verify_cred "-hc0" wrap-hs /dev/null /dev/null -! verify_cred "-c0" wrap-hs /dev/null /dev/null -! verify_cred "-c1" wrap-hs /dev/null /dev/null -! verify_cred "-c2" wrap-hs /dev/null /dev/null -! verify_cred "-c3" wrap-hs /dev/null /dev/null +verify_cred "-c0" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-c1" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-c2" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-c3" wrap-hs /dev/null /dev/null && exit 1 # resident make_cred no.tld "-r" rk verify_cred "--" rk rk-cred rk-pubkey -! verify_cred "-h" rk /dev/null /dev/null -! verify_cred "-v" rk /dev/null /dev/null +verify_cred "-h" rk /dev/null /dev/null && exit 1 +verify_cred "-v" rk /dev/null /dev/null +verify_cred "-hv" rk /dev/null /dev/null && exit 1 verify_cred "-c0" rk /dev/null /dev/null -! verify_cred "-c1" rk /dev/null /dev/null -! verify_cred "-c2" rk /dev/null /dev/null -! verify_cred "-c3" rk /dev/null /dev/null +verify_cred "-c1" rk /dev/null /dev/null && exit 1 +verify_cred "-c2" rk /dev/null /dev/null && exit 1 +verify_cred "-c3" rk /dev/null /dev/null && exit 1 # resident + hmac-secret make_cred no.tld "-hr" rk-hs -! verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey +verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey && exit 1 verify_cred "-h" rk-hs /dev/null /dev/null -! verify_cred "-v" rk-hs /dev/null /dev/null +verify_cred "-v" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-hv" rk-hs /dev/null /dev/null verify_cred "-hc0" rk-hs /dev/null /dev/null -! verify_cred "-c0" rk-hs /dev/null /dev/null -! verify_cred "-c1" rk-hs /dev/null /dev/null -! verify_cred "-c2" rk-hs /dev/null /dev/null -! verify_cred "-c3" rk-hs /dev/null /dev/null +verify_cred "-c0" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-c1" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-c2" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-c3" rk-hs /dev/null /dev/null && exit 1 # u2f -if [ "x${TYPE}" = "xes256" ]; then +if [ "${TYPE}" = "es256" ]; then get_assert no.tld "-u" u2f-cred /dev/null u2f-assert - ! get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null + get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null && exit 1 verify_assert "--" u2f-pubkey u2f-assert verify_assert "-p" u2f-pubkey u2f-assert fi @@ -138,40 +143,40 @@ verify_assert "--" wrap-pubkey wrap-assert verify_assert "-p" wrap-pubkey wrap-assert get_assert no.tld "-t up=false" wrap-cred /dev/null wrap-assert verify_assert "--" wrap-pubkey wrap-assert -! verify_assert "-p" wrap-pubkey wrap-assert +verify_assert "-p" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-t up=false -t pin=true" wrap-cred /dev/null wrap-assert -! verify_assert "-p" wrap-pubkey wrap-assert +verify_assert "-p" wrap-pubkey wrap-assert && exit 1 verify_assert "-v" wrap-pubkey wrap-assert -! verify_assert "-pv" wrap-pubkey wrap-assert +verify_assert "-pv" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-t up=false -t pin=false" wrap-cred /dev/null wrap-assert -! verify_assert "-p" wrap-pubkey wrap-assert +verify_assert "-p" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-h" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert get_assert no.tld "-h -t pin=true" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hv" wrap-pubkey wrap-assert get_assert no.tld "-h -t pin=false" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true -t pin=true" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert verify_assert "-hv" wrap-pubkey wrap-assert verify_assert "-hpv" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true -t pin=false" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert -! get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert -! get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert -! get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert +get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert && exit 1 +get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1 +get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1 if [ "x${UV}" != "x" ]; then get_assert no.tld "-t uv=true" wrap-cred /dev/null wrap-assert @@ -205,11 +210,11 @@ if [ "x${UV}" != "x" ]; then get_assert no.tld "-t up=false -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert verify_assert "-v" wrap-pubkey wrap-assert get_assert no.tld "-t up=false -t uv=false" wrap-cred /dev/null wrap-assert - ! verify_assert "--" wrap-pubkey wrap-assert + verify_assert "--" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-t up=false -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert verify_assert "-v" wrap-pubkey wrap-assert get_assert no.tld "-t up=false -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert - ! verify_assert "--" wrap-pubkey wrap-assert + verify_assert "--" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-h -t uv=true" wrap-cred hmac-salt wrap-assert verify_assert "-hv" wrap-pubkey wrap-assert get_assert no.tld "-h -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert @@ -234,12 +239,12 @@ if [ "x${UV}" != "x" ]; then verify_assert "-hpv" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert + get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1 fi # resident @@ -258,9 +263,9 @@ get_assert no.tld "-r -h -t pin=false" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t pin=true" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t pin=false" /dev/null hmac-salt wrap-assert -! get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert -! get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert -! get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert +get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert && exit 1 +get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert && exit 1 +get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert && exit 1 if [ "x${UV}" != "x" ]; then get_assert no.tld "-r -t uv=true" /dev/null /dev/null wrap-assert @@ -293,12 +298,12 @@ if [ "x${UV}" != "x" ]; then get_assert no.tld "-r -h -t up=true -t uv=false" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert + get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert && exit 1 fi exit 0 diff --git a/udev/check.sh b/udev/check.sh index 804a8843b378..5f2ed131ce34 100755 --- a/udev/check.sh +++ b/udev/check.sh @@ -1,12 +1,12 @@ #!/bin/sh -u -# Copyright (c) 2020 Yubico AB. All rights reserved. +# Copyright (c) 2020-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause sort_by_id() { - awk '{ printf "%d\n", $3 }' | sort -Cnu + awk '{ printf "%s\n", $3 }' | xargs printf '%d\n' | sort -Cnu } if ! grep '^vendor' "$1" | sort_by_id; then diff --git a/windows/build.ps1 b/windows/build.ps1 index abc139e2109c..a26ae1bfd6e8 100644 --- a/windows/build.ps1 +++ b/windows/build.ps1 @@ -74,11 +74,9 @@ if (-Not (Test-Path $GPG)) { throw "Unable to find GPG at $GPG" } -# Override CMAKE_SYSTEM_VERSION if $WinSDK is set. -if (-Not ([string]::IsNullOrEmpty($WinSDK))) { - $CMAKE_SYSTEM_VERSION = "-DCMAKE_SYSTEM_VERSION='$WinSDK'" -} else { - $CMAKE_SYSTEM_VERSION = '' +# 10.0.261000.0 appear to have dropped ARM32 support, pin the SDK version +if ($Arch -eq "ARM" -and [string]::IsNullOrEmpty($WinSDK)) { + $WinSDK = '10.0.22621.0' } Write-Host "WinSDK: $WinSDK" @@ -110,6 +108,11 @@ New-Item -Type Directory "${OUTPUT}" -Force New-Item -Type Directory "${OUTPUT}\${Arch}" -Force New-Item -Type Directory "${OUTPUT}\${Arch}\${Type}" -force +# Override Windows SDK version if $WinSDK is set. +if (-Not ([string]::IsNullOrEmpty($WinSDK))) { + $Arch = "$Arch,version=$WinSDK" +} + # Fetch and verify dependencies. Push-Location ${BUILD} try { @@ -155,7 +158,7 @@ try { -DLIBRESSL_APPS=OFF -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` -DCMAKE_MSVC_RUNTIME_LIBRARY="${CMAKE_MSVC_RUNTIME_LIBRARY}" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target install --verbose; ` @@ -174,7 +177,7 @@ try { -DBUILD_SHARED_LIBS="${SHARED}" ` -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} /wd4703" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} /wd4703" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target install --verbose; ` @@ -193,7 +196,7 @@ try { -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` -DCMAKE_MSVC_RUNTIME_LIBRARY="${CMAKE_MSVC_RUNTIME_LIBRARY}" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target install --verbose; ` @@ -229,10 +232,11 @@ try { -DCRYPTO_INCLUDE_DIRS="${PREFIX}\include" ` -DCRYPTO_LIBRARY_DIRS="${PREFIX}\lib" ` -DCRYPTO_BIN_DIRS="${PREFIX}\bin" ` - -DCRYPTO_LIBRARIES="${CRYPTO_LIBRARIES}" ` + -DCRYPTO_LIBRARIES="${CRYPTO_LIB}" ` + -DCRYPTO_DLL="${CRYPTO_DLL}" ` -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} ${Fido2Flags}" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} ${Fido2Flags}" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target regress --verbose; ` @@ -241,7 +245,7 @@ try { ExitOnError # Copy DLLs. if ("${SHARED}" -eq "ON") { - "cbor.dll", "${CRYPTO_LIBRARIES}.dll", "zlib1.dll" | ` + "cbor.dll", "${CRYPTO_DLL}.dll", "zlib1.dll" | ` %{ Copy-Item "${PREFIX}\bin\$_" ` -Destination "examples\${Config}" } } diff --git a/windows/const.ps1 b/windows/const.ps1 index 7a39b015c7a0..787fe5badf20 100644 --- a/windows/const.ps1 +++ b/windows/const.ps1 @@ -7,12 +7,13 @@ New-Variable -Name 'LIBRESSL_URL' ` -Value 'https://ftp.openbsd.org/pub/OpenBSD/LibreSSL' ` -Option Constant -New-Variable -Name 'LIBRESSL' -Value 'libressl-3.9.2' -Option Constant -New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto' -Option Constant +New-Variable -Name 'LIBRESSL' -Value 'libressl-4.0.0' -Option Constant +New-Variable -Name 'CRYPTO_LIB' -Value 'crypto' -Option Constant +New-Variable -Name 'CRYPTO_DLL' -Value 'crypto-55' -Option Constant # libcbor coordinates. -New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.11.0' -Option Constant -New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.11.0' -Option Constant +New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.12.0' -Option Constant +New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.12.0' -Option Constant New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' ` -Option Constant diff --git a/windows/release.ps1 b/windows/release.ps1 index 6989a5c34a9b..07bc2d45a964 100644 --- a/windows/release.ps1 +++ b/windows/release.ps1 @@ -35,8 +35,8 @@ Function Package-Dynamic(${SRC}, ${DEST}) { Copy-Item "${SRC}\lib\cbor.lib" "${DEST}" Copy-Item "${SRC}\bin\zlib1.dll" "${DEST}" Copy-Item "${SRC}\lib\zlib1.lib" "${DEST}" - Copy-Item "${SRC}\bin\${CRYPTO_LIBRARIES}.dll" "${DEST}" - Copy-Item "${SRC}\lib\${CRYPTO_LIBRARIES}.lib" "${DEST}" + Copy-Item "${SRC}\bin\${CRYPTO_DLL}.dll" "${DEST}" + Copy-Item "${SRC}\lib\${CRYPTO_LIB}.lib" "${DEST}" Copy-Item "${SRC}\bin\fido2.dll" "${DEST}" Copy-Item "${SRC}\lib\fido2.lib" "${DEST}" } @@ -44,13 +44,13 @@ Function Package-Dynamic(${SRC}, ${DEST}) { Function Package-Static(${SRC}, ${DEST}) { Copy-Item "${SRC}/lib/cbor.lib" "${DEST}" Copy-Item "${SRC}/lib/zlib1.lib" "${DEST}" - Copy-Item "${SRC}/lib/${CRYPTO_LIBRARIES}.lib" "${DEST}" + Copy-Item "${SRC}/lib/${CRYPTO_LIB}.lib" "${DEST}" Copy-Item "${SRC}/lib/fido2_static.lib" "${DEST}/fido2.lib" } Function Package-PDBs(${SRC}, ${DEST}) { Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" ` - "${DEST}\${CRYPTO_LIBRARIES}.pdb" + "${DEST}\${CRYPTO_LIB}.pdb" Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\${Config}\vc${SDK}.pdb" ` "${DEST}\cbor.pdb" Copy-Item "${SRC}\${ZLIB}\zlib.dir\${Config}\vc${SDK}.pdb" ` |