diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2026-04-07 13:14:41 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2026-04-07 13:14:41 +0000 |
| commit | febb0da5bf4bc99828ebede7abcb039514ac367a (patch) | |
| tree | 78e09348752f98b0c84a6cbf8f7d0cdd302eeb36 | |
| parent | a09d06bc5bff64baab76220a66c3501b89899134 (diff) | |
| parent | fadebab18d4bb97e3ca8c840937c41cdfef8d798 (diff) | |
libfido2: Update to 1.16.0
Sponsored by: The FreeBSD Foundation
82 files changed, 3140 insertions, 1406 deletions
diff --git a/contrib/libfido2/.actions/build-bsd b/contrib/libfido2/.actions/build-bsd index 66fc4e3ba281..c56f084a3a84 100755 --- a/contrib/libfido2/.actions/build-bsd +++ b/contrib/libfido2/.actions/build-bsd @@ -15,7 +15,7 @@ cat > "${MANIFEST}" <<- EOF image: ${IMAGE} packages: - cmake - - llvm + - llvm${LLVM_VERSION:+%${LLVM_VERSION}} - pcsc-lite EOF @@ -38,7 +38,7 @@ tasks: else SUDO=sudo fi - SCAN="/usr/local/bin/scan-build --use-cc=/usr/bin/cc --status-bugs" + SCAN="/usr/local/bin/scan-build${LLVM_VERSION:+-${LLVM_VERSION}} --use-cc=/usr/bin/cc --status-bugs" cd libfido2 for T in Debug Release; do mkdir build-\$T @@ -60,6 +60,7 @@ q() { } submit_job() { + # shellcheck disable=SC3043 local manifest="$1" jq \ --compact-output --null-input \ @@ -71,6 +72,7 @@ submit_job() { } job_status() { + # shellcheck disable=SC3043 local id="$1" jq \ --compact-output --null-input \ diff --git a/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc b/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc index a89578da0886..6bcfe6348a69 100755 --- a/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc +++ b/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc @@ -1,6 +1,6 @@ #!/bin/sh -eux -# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) EOF # Build and install libcbor. -git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1 +git clone --depth=1 https://github.com/pjk/libcbor -b v0.12.0 cd libcbor mkdir build (cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ @@ -42,7 +42,7 @@ sudo make install_sw cd .. # Build and install zlib. -git clone --depth=1 https://github.com/madler/zlib -b v1.3 +git clone --depth=1 https://github.com/madler/zlib -b v1.3.1 cd zlib make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \ diff --git a/contrib/libfido2/.actions/build-linux-openssl3-clang b/contrib/libfido2/.actions/build-linux-openssl3-clang index 2383e51ad8f5..4b805793bf39 100755 --- a/contrib/libfido2/.actions/build-linux-openssl3-clang +++ b/contrib/libfido2/.actions/build-linux-openssl3-clang @@ -1,6 +1,6 @@ #!/bin/sh -eux -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -12,8 +12,8 @@ FAKEROOT="$(mktemp -d)" # Check exports. (cd src && ./diff_exports.sh) -# Build and install OpenSSL 3.0.12. -git clone --branch openssl-3.0.12 \ +# Build and install OpenSSL 3.0.15. +git clone --branch openssl-3.0.15 \ --depth=1 https://github.com/openssl/openssl cd openssl ./Configure linux-x86_64-clang --prefix="${FAKEROOT}" \ diff --git a/contrib/libfido2/.actions/build-linux-openssl3-gcc b/contrib/libfido2/.actions/build-linux-openssl3-gcc index 344fc12bce8c..91ccd48ffe28 100755 --- a/contrib/libfido2/.actions/build-linux-openssl3-gcc +++ b/contrib/libfido2/.actions/build-linux-openssl3-gcc @@ -1,6 +1,6 @@ #!/bin/sh -eux -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -8,8 +8,8 @@ ${CC} --version FAKEROOT="$(mktemp -d)" -# Build and install OpenSSL 3.0.12. -git clone --branch openssl-3.0.12 \ +# Build and install OpenSSL 3.0.15. +git clone --branch openssl-3.0.15 \ --depth=1 https://github.com/openssl/openssl cd openssl ./Configure linux-x86_64 --prefix="${FAKEROOT}" \ diff --git a/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc b/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc index 3bbb141dad0d..a9ba2e2b56d8 100755 --- a/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc +++ b/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc @@ -1,6 +1,6 @@ #!/bin/sh -eux -# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -23,7 +23,7 @@ SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) EOF # Build and install libcbor. -git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1 +git clone --depth=1 https://github.com/pjk/libcbor -b v0.12.0 cd libcbor mkdir build (cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ @@ -32,8 +32,8 @@ make -j"$(nproc)" -C build sudo make -C build install cd .. -# Build and install OpenSSL 3.0.11. -git clone --branch openssl-3.0.12 \ +# Build and install OpenSSL 3.0.15. +git clone --branch openssl-3.0.15 \ --depth=1 https://github.com/openssl/openssl cd openssl ./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \ @@ -43,7 +43,7 @@ sudo make install_sw cd .. # Build and install zlib. -git clone --depth=1 https://github.com/madler/zlib -b v1.3 +git clone --depth=1 https://github.com/madler/zlib -b v1.3.1 cd zlib make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \ diff --git a/contrib/libfido2/.actions/build-osx-clang b/contrib/libfido2/.actions/build-osx-clang index b4beea221315..552e99f83e58 100755 --- a/contrib/libfido2/.actions/build-osx-clang +++ b/contrib/libfido2/.actions/build-osx-clang @@ -5,7 +5,8 @@ # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause -export PKG_CONFIG_PATH="$(brew --prefix openssl@3.0)/lib/pkgconfig" +PKG_CONFIG_PATH="$(brew --prefix openssl@3.0)/lib/pkgconfig" +export PKG_CONFIG_PATH SCAN="$(brew --prefix llvm)/bin/scan-build" # Build, analyze, and install libfido2. diff --git a/contrib/libfido2/.actions/fuzz-linux b/contrib/libfido2/.actions/fuzz-linux index 3f57ac40ff4b..e404c8e7b4c6 100755 --- a/contrib/libfido2/.actions/fuzz-linux +++ b/contrib/libfido2/.actions/fuzz-linux @@ -1,18 +1,18 @@ #!/bin/sh -eux -# Copyright (c) 2020-2022 Yubico AB. All rights reserved. +# Copyright (c) 2020-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause LIBCBOR_URL="https://github.com/pjk/libcbor" -LIBCBOR_TAG="v0.10.2" +LIBCBOR_TAG="v0.12.0" LIBCBOR_ASAN="address alignment bounds" LIBCBOR_MSAN="memory" OPENSSL_URL="https://github.com/openssl/openssl" -OPENSSL_TAG="openssl-3.0.12" +OPENSSL_TAG="openssl-3.0.15" ZLIB_URL="https://github.com/madler/zlib" -ZLIB_TAG="v1.3" +ZLIB_TAG="v1.3.1" ZLIB_ASAN="address alignment bounds undefined" ZLIB_MSAN="memory" FIDO2_ASAN="address bounds fuzzer-no-link implicit-conversion leak" @@ -63,6 +63,7 @@ git clone --depth=1 "${OPENSSL_URL}" -b "${OPENSSL_TAG}" cd openssl ./Configure linux-x86_64-clang "enable-$1" --prefix="${FAKEROOT}" \ --openssldir="${FAKEROOT}/openssl" --libdir=lib +make -j"$(nproc)" build_sw make install_sw cd - @@ -71,7 +72,7 @@ git clone --depth=1 "${ZLIB_URL}" -b "${ZLIB_TAG}" cd zlib CFLAGS="${ZLIB_CFLAGS}" LDFLAGS="${ZLIB_CFLAGS}" ./configure \ --prefix="${FAKEROOT}" -make install +make -j"$(nproc)" install cd - # libfido2 @@ -87,7 +88,7 @@ mkdir corpus curl -s https://storage.googleapis.com/yubico-libfido2/corpus.tgz | tar -C corpus -zxf - export UBSAN_OPTIONS ASAN_OPTIONS MSAN_OPTIONS -for f in assert bio cred credman hid largeblob mgmt netlink pcsc; do +for f in assert attobj bio cred credman hid largeblob mgmt netlink pcsc; do build/fuzz/fuzz_${f} -use_value_profile=1 -reload=30 -print_pcs=1 \ -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_${f} done diff --git a/contrib/libfido2/.actions/run-shellcheck b/contrib/libfido2/.actions/run-shellcheck new file mode 100755 index 000000000000..063a5e0d1f1a --- /dev/null +++ b/contrib/libfido2/.actions/run-shellcheck @@ -0,0 +1,25 @@ +#!/bin/sh -u + +# Copyright (c) 2024 Google LLC. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +LIST="$(mktemp)" +trap 'rm -- $LIST' EXIT + +git ls-files | while read -r file; do + if head -n1 "$file" | grep -q '^#!.*sh'; then + if ! shellcheck -Cnever --norc "$file"; then + echo "$file" >> "$LIST" + fi + fi +done + +[ -s "$LIST" ] && { + echo "The following files contain errors:" + cat "$LIST" + exit 1 +} 1>&2 + +exit 0 diff --git a/contrib/libfido2/.github/workflows/alpine_builds.yml b/contrib/libfido2/.github/workflows/alpine_builds.yml index c6d826f39835..874f7104539f 100644 --- a/contrib/libfido2/.github/workflows/alpine_builds.yml +++ b/contrib/libfido2/.github/workflows/alpine_builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -16,7 +16,7 @@ on: jobs: build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 container: alpine:latest strategy: fail-fast: false diff --git a/contrib/libfido2/.github/workflows/bsd_builds.yml b/contrib/libfido2/.github/workflows/bsd_builds.yml index 366ea2141aca..a4dcf0073251 100644 --- a/contrib/libfido2/.github/workflows/bsd_builds.yml +++ b/contrib/libfido2/.github/workflows/bsd_builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -14,11 +14,13 @@ on: jobs: build: if: github.repository == 'Yubico/libfido2' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: - image: [freebsd/13.x, openbsd/7.2] + include: + - { image: freebsd/14.x } + - { image: openbsd/7.6, llvm_version: 16 } steps: - uses: actions/checkout@v4 - name: dependencies @@ -27,6 +29,7 @@ jobs: sudo apt install -q -y curl jq - name: build env: + LLVM_VERSION: ${{ matrix.llvm_version }} IMAGE: ${{ matrix.image }} SOURCEHUT_TOKEN: ${{ secrets.SOURCEHUT_TOKEN }} run: ./.actions/build-bsd diff --git a/contrib/libfido2/.github/workflows/cifuzz_oss.yml b/contrib/libfido2/.github/workflows/cifuzz_oss.yml index 556d5ad36f7c..7d621c644786 100644 --- a/contrib/libfido2/.github/workflows/cifuzz_oss.yml +++ b/contrib/libfido2/.github/workflows/cifuzz_oss.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -17,7 +17,7 @@ on: jobs: fuzzing: if: github.repository == 'Yubico/libfido2' - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -39,7 +39,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: upload crash - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: failure() with: name: ${{ matrix.sanitizer }}-artifacts diff --git a/contrib/libfido2/.github/workflows/codeql-analysis.yml b/contrib/libfido2/.github/workflows/codeql-analysis.yml index a3a8d54d2daa..486dd900e5bc 100644 --- a/contrib/libfido2/.github/workflows/codeql-analysis.yml +++ b/contrib/libfido2/.github/workflows/codeql-analysis.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -22,14 +22,14 @@ permissions: jobs: codeql-build: if: github.repository == 'Yubico/libfido2' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: checkout uses: actions/checkout@v4 with: fetch-depth: 2 - name: init codeql - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 - name: build env: CC: gcc @@ -39,4 +39,4 @@ jobs: libpcsclite-dev ./.actions/build-linux-gcc - name: perform codeql analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/contrib/libfido2/.github/workflows/linux_builds.yml b/contrib/libfido2/.github/workflows/linux_builds.yml index ec911cb92d92..a1e007daf404 100644 --- a/contrib/libfido2/.github/workflows/linux_builds.yml +++ b/contrib/libfido2/.github/workflows/linux_builds.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -21,17 +21,16 @@ jobs: fail-fast: false matrix: include: - - { os: ubuntu-20.04, cc: gcc-8 } - - { os: ubuntu-22.04, cc: gcc-9 } - { os: ubuntu-22.04, cc: gcc-10 } - { os: ubuntu-22.04, cc: gcc-11 } - - { os: ubuntu-22.04, cc: gcc-12 } - - { os: ubuntu-22.04, cc: clang-13 } - - { os: ubuntu-22.04, cc: clang-14 } - - { os: ubuntu-22.04, cc: clang-15 } + - { os: ubuntu-24.04, cc: gcc-12 } + - { os: ubuntu-24.04, cc: gcc-13 } - { os: ubuntu-22.04, cc: clang-16 } - - { os: ubuntu-20.04, cc: i686-w64-mingw32-gcc-9 } + - { os: ubuntu-22.04, cc: clang-17 } + - { os: ubuntu-24.04, cc: clang-18 } + - { os: ubuntu-24.04, cc: clang-19 } - { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 } + - { os: ubuntu-24.04, cc: i686-w64-mingw32-gcc-11 } steps: - uses: actions/checkout@v4 - name: dependencies diff --git a/contrib/libfido2/.github/workflows/linux_fuzz.yml b/contrib/libfido2/.github/workflows/linux_fuzz.yml index 296c0d9fab23..ea2d3833dca2 100644 --- a/contrib/libfido2/.github/workflows/linux_fuzz.yml +++ b/contrib/libfido2/.github/workflows/linux_fuzz.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -20,8 +20,8 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04 ] - cc: [ clang-16 ] + os: [ ubuntu-24.04 ] + cc: [ clang-19 ] sanitizer: [ asan, msan ] steps: - uses: actions/checkout@v4 diff --git a/contrib/libfido2/.github/workflows/macos_builds.yml b/contrib/libfido2/.github/workflows/macos_builds.yml index 7d84a750ac37..90466550ee69 100644 --- a/contrib/libfido2/.github/workflows/macos_builds.yml +++ b/contrib/libfido2/.github/workflows/macos_builds.yml @@ -20,11 +20,13 @@ jobs: strategy: fail-fast: false matrix: - os: [ macos-13, macos-12 ] + os: [ macos-15, macos-14, macos-13 ] cc: [ clang ] steps: - uses: actions/checkout@v4 - name: dependencies + env: + HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1 run: brew install libcbor llvm mandoc openssl@3.0 pkg-config zlib - name: build env: diff --git a/contrib/libfido2/.github/workflows/openssl3.yml b/contrib/libfido2/.github/workflows/openssl3.yml index ee70c087d285..b51685dff102 100644 --- a/contrib/libfido2/.github/workflows/openssl3.yml +++ b/contrib/libfido2/.github/workflows/openssl3.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Yubico AB. All rights reserved. +# Copyright (c) 2022-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -21,12 +21,12 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-22.04 - cc: gcc-11 - - os: ubuntu-22.04 - cc: clang-16 - - os: ubuntu-22.04 - cc: i686-w64-mingw32-gcc-10 + - os: ubuntu-24.04 + cc: gcc-13 + - os: ubuntu-24.04 + cc: clang-19 + - os: ubuntu-24.04 + cc: i686-w64-mingw32-gcc-11 steps: - uses: actions/checkout@v4 - name: dependencies diff --git a/contrib/libfido2/.github/workflows/shellcheck.yml b/contrib/libfido2/.github/workflows/shellcheck.yml new file mode 100644 index 000000000000..cdda760ae2b6 --- /dev/null +++ b/contrib/libfido2/.github/workflows/shellcheck.yml @@ -0,0 +1,27 @@ +# Copyright (c) 2024 Google LLC. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: shellcheck + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: | + sudo apt -q update + sudo apt install -q -y shellcheck + - name: build + run: ./.actions/run-shellcheck diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt index c4f7b1b7b51e..2630e263ecd2 100644 --- a/contrib/libfido2/CMakeLists.txt +++ b/contrib/libfido2/CMakeLists.txt @@ -28,8 +28,10 @@ endif() set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_COLOR_MAKEFILE OFF) set(CMAKE_VERBOSE_MAKEFILE ON) +set(CMAKE_EXPORT_COMPILE_COMMANDS ON) + set(FIDO_MAJOR "1") -set(FIDO_MINOR "14") +set(FIDO_MINOR "16") set(FIDO_PATCH "0") set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) @@ -190,6 +192,9 @@ if(MSVC) if(NOT CRYPTO_LIBRARIES) set(CRYPTO_LIBRARIES crypto) endif() + if(NOT CRYPTO_DLL) + set(CRYPTO_DLL crypto) + endif() set(MSVC_DISABLED_WARNINGS_LIST "C4152" # nonstandard extension used: function/data pointer @@ -435,6 +440,9 @@ message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}") if(BUILD_TESTS) message(STATUS "CRYPTO_BIN_DIRS: ${CRYPTO_BIN_DIRS}") endif() +if(MSVC) + message(STATUS "CRYPTO_DLL: ${CRYPTO_DLL}") +endif() message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}") message(STATUS "FIDO_VERSION: ${FIDO_VERSION}") message(STATUS "FUZZ: ${FUZZ}") @@ -484,7 +492,7 @@ endif() if(BUILD_TOOLS) add_subdirectory(tools) endif() -if(BUILD_MANPAGES) +if(BUILD_MANPAGES AND NOT MSVC) add_subdirectory(man) endif() diff --git a/contrib/libfido2/LICENSE b/contrib/libfido2/LICENSE index ad0e13358930..bfafcbe13129 100644 --- a/contrib/libfido2/LICENSE +++ b/contrib/libfido2/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2018-2023 Yubico AB. All rights reserved. +Copyright (c) 2018-2024 Yubico AB. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS index 58387ffd72bf..9f7c1563ba87 100644 --- a/contrib/libfido2/NEWS +++ b/contrib/libfido2/NEWS @@ -1,12 +1,34 @@ +* Version 1.16.0 (2025-05-06) + ** Added support for enterprise attestation. + ** Improved handling of invalid key handles in U2F key lookup; gh#819. + ** Fixed issue where storing small CTAP 2.1 largeBlobs failed; gh#826. + ** Fixed APDU chaining issues for certain authenticators; gh#818, gh#855. + ** Improved documentation and examples. + ** New API calls: + - fido_cred_entattest; + - fido_cred_set_entattest. + +* Version 1.15.0 (2024-06-13) + ** 1.15.0 will be the last release to support OpenSSL 1.1. + ** bio, credman: improved CTAP 2.1 support. + ** hid_osx: fix issue where fido_hid_read() may block unnecessarily; gh#757. + ** fido2-token -I: print maxcredbloblen. + ** hid_linux: improved support for uhid devices. + ** New API calls: + - fido_cred_set_attobj; + - fido_cred_x5c_list_count; + - fido_cred_x5c_list_len; + - fido_cred_x5c_list_ptr. + * Version 1.14.0 (2023-11-13) ** fido2-cred -M, fido2-token -G: support raw client data via -w flag. ** winhello: support U2F AppID extension for assertions. ** winhello: fix restrictive parsing of the hmac-secret on assertions. ** winhello: translate NTE_USER_CANCELLED to FIDO_ERR_OPERATION_DENIED; gh#685. ** New API calls: - ** fido_assert_authdata_raw_len; - ** fido_assert_authdata_raw_ptr; - ** fido_assert_set_winhello_appid. + - fido_assert_authdata_raw_len; + - fido_assert_authdata_raw_ptr; + - fido_assert_set_winhello_appid. * Version 1.13.0 (2023-02-20) ** Support for linking against OpenSSL on Windows; gh#668. diff --git a/contrib/libfido2/README.adoc b/contrib/libfido2/README.adoc index fb6f3d3eb004..38e882598ab3 100644 --- a/contrib/libfido2/README.adoc +++ b/contrib/libfido2/README.adoc @@ -38,7 +38,7 @@ is also available. === Releases -The current release of *libfido2* is 1.14.0. Signed release tarballs are +The current release of *libfido2* is 1.16.0. Signed release tarballs are available at Yubico's https://developers.yubico.com/libfido2/Releases[release page]. @@ -52,11 +52,11 @@ required. === Installation -==== Fedora 35 and 34 +==== Fedora 34 and later $ sudo dnf install libfido2 libfido2-devel fido2-tools -==== Ubuntu 22.04 (Jammy) and 20.04 (Focal) +==== Ubuntu 20.04 (Focal) and later $ sudo apt install libfido2-1 libfido2-dev libfido2-doc fido2-tools diff --git a/contrib/libfido2/SECURITY.md b/contrib/libfido2/SECURITY.md index e12a48a847ba..8071bc9a460a 100644 --- a/contrib/libfido2/SECURITY.md +++ b/contrib/libfido2/SECURITY.md @@ -2,4 +2,4 @@ To report security issues in libfido2, please contact security@yubico.com. A PGP public key can be found at -https://www.yubico.com/support/security-advisories/issue-rating-system/. +https://www.yubico.com/support/issue-rating-system/. diff --git a/contrib/libfido2/examples/README.adoc b/contrib/libfido2/examples/README.adoc index 6151b70bd91e..1249366f3e0f 100644 --- a/contrib/libfido2/examples/README.adoc +++ b/contrib/libfido2/examples/README.adoc @@ -64,7 +64,8 @@ The following examples are provided: The -T option may be used to enforce a timeout of <seconds>. If the option -b is specified, the credential's "largeBlob" key is stored in <blobkey>. If the option -c is specified the the generated credential - will be bound by the specified protection policy. + will be bound by the specified protection policy. If the option -a is + specified, enterprise attestation will be requested. - assert [-t es256|es384|rs256|eddsa] [-a cred_id] [-h hmac_secret] [-P pin] [-s hmac_salt] [-T seconds] [-b blobkey] [-puv] <pubkey> <device> diff --git a/contrib/libfido2/examples/cred.c b/contrib/libfido2/examples/cred.c index 5a2a27fd7771..4fb07868b4e7 100644 --- a/contrib/libfido2/examples/cred.c +++ b/contrib/libfido2/examples/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -36,7 +36,8 @@ static void usage(void) { fprintf(stderr, "usage: cred [-t es256|es384|rs256|eddsa] [-k pubkey] " - "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] [-hruv] " + "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] " + "[-a mode] [-hruv] " "<device>\n"); exit(EXIT_FAILURE); } @@ -106,9 +107,13 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, if (r != FIDO_OK) errx(1, "fido_cred_set_attstmt: %s (0x%x)", fido_strerr(r), r); - r = fido_cred_verify(cred); - if (r != FIDO_OK) - errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r); + if (fido_cred_x5c_ptr(cred) == NULL) { + if ((r = fido_cred_verify_self(cred)) != FIDO_OK) + errx(1, "fido_cred_verify_self: %s (0x%x)", fido_strerr(r), r); + } else { + if ((r = fido_cred_verify(cred)) != FIDO_OK) + errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r); + } out: if (key_out != NULL) { @@ -166,11 +171,12 @@ main(int argc, char **argv) int ch; int r; long long cred_protect = 0; + long long ea = 0; if ((cred = fido_cred_new()) == NULL) errx(1, "fido_cred_new"); - while ((ch = getopt(argc, argv, "P:T:b:e:hi:k:rt:uvc:")) != -1) { + while ((ch = getopt(argc, argv, "P:T:a:b:e:hi:k:rt:uvc:")) != -1) { switch (ch) { case 'P': pin = optarg; @@ -182,6 +188,12 @@ main(int argc, char **argv) errx(1, "-T: %s must be in (0,30]", optarg); ms *= 1000; /* seconds to milliseconds */ break; + case 'a': + if (base10(optarg, &ea) < 0) + errx(1, "base10: %s", optarg); + if (ea <= 0 || ea > 2) + errx(1, "-a: %s must be in (0,2]", optarg); + break; case 'b': ext |= FIDO_EXT_LARGEBLOB_KEY; blobkey_out = optarg; @@ -203,7 +215,7 @@ main(int argc, char **argv) if (base10(optarg, &cred_protect) < 0) errx(1, "base10: %s", optarg); if (cred_protect <= 0 || cred_protect > 3) - errx(1, "-c: %s must be in (1,3)", optarg); + errx(1, "-c: %s must be in (0,3]", optarg); ext |= FIDO_EXT_CRED_PROTECT; break; case 'i': @@ -293,6 +305,9 @@ main(int argc, char **argv) if (cred_protect != 0 && (r = fido_cred_set_prot(cred, (int)cred_protect)) != FIDO_OK) errx(1, "fido_cred_set_prot: %s (0x%x)", fido_strerr(r), r); + + if (ea != 0 && (r = fido_cred_set_entattest(cred, (int)ea)) != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s (0x%x)", fido_strerr(r), r); /* timeout */ if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK) diff --git a/contrib/libfido2/fuzz/CMakeLists.txt b/contrib/libfido2/fuzz/CMakeLists.txt index cc30baae88f2..0bf4bfbf05a5 100644 --- a/contrib/libfido2/fuzz/CMakeLists.txt +++ b/contrib/libfido2/fuzz/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2019-2023 Yubico AB. All rights reserved. +# Copyright (c) 2019-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -18,6 +18,10 @@ set(FUZZ_LINKER_LANGUAGE "C" CACHE STRING "Linker language for fuzz harnesses") mark_as_advanced(FUZZ_LINKER_LANGUAGE) enable_language(${FUZZ_LINKER_LANGUAGE}) +if(NOT FUZZ_LDFLAGS) + message(FATAL_ERROR "Please define FUZZ_LDFLAGS") +endif() + # fuzz_cred add_executable(fuzz_cred fuzz_cred.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) set_target_properties(fuzz_cred PROPERTIES @@ -80,3 +84,10 @@ set_target_properties(fuzz_pcsc PROPERTIES LINK_FLAGS ${FUZZ_LDFLAGS} LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE}) target_link_libraries(fuzz_pcsc fido2_shared) + +# fuzz_attobj +add_executable(fuzz_attobj fuzz_attobj.c ${COMMON_SOURCES} ${COMPAT_SOURCES}) +set_target_properties(fuzz_attobj PROPERTIES + LINK_FLAGS ${FUZZ_LDFLAGS} + LINKER_LANGUAGE ${FUZZ_LINKER_LANGUAGE}) +target_link_libraries(fuzz_attobj fido2_shared) diff --git a/contrib/libfido2/fuzz/Dockerfile b/contrib/libfido2/fuzz/Dockerfile index 7b26e6ec3b19..1ab14c33da75 100644 --- a/contrib/libfido2/fuzz/Dockerfile +++ b/contrib/libfido2/fuzz/Dockerfile @@ -10,7 +10,7 @@ RUN apk -q update RUN apk add build-base clang clang-analyzer cmake compiler-rt coreutils RUN apk add eudev-dev git linux-headers llvm openssl-dev pcsc-lite-dev RUN apk add sudo tar zlib-dev -RUN git clone --branch v0.10.2 --depth=1 https://github.com/PJK/libcbor +RUN git clone --branch v0.12.0 --depth=1 https://github.com/PJK/libcbor RUN git clone --depth=1 https://github.com/yubico/libfido2 WORKDIR /libfido2 RUN ./fuzz/build-coverage /libcbor /libfido2 diff --git a/contrib/libfido2/fuzz/Makefile b/contrib/libfido2/fuzz/Makefile index 55a506bc8312..a7ac24c0da58 100644 --- a/contrib/libfido2/fuzz/Makefile +++ b/contrib/libfido2/fuzz/Makefile @@ -3,12 +3,12 @@ # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause -IMAGE := libfido2-coverage:1.14.0 +IMAGE := libfido2-coverage:1.16.0 RUNNER := libfido2-runner PROFDATA := llvm-profdata COV := llvm-cov -TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_hid \ - fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc +TARGETS := fuzz_assert fuzz_attobj fuzz_bio fuzz_cred fuzz_credman \ + fuzz_hid fuzz_largeblob fuzz_netlink fuzz_mgmt fuzz_pcsc CORPORA := $(foreach f,${TARGETS},${f}/corpus) MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus) REMOTE := gs://libfido2-corpus.clusterfuzz-external.appspot.com diff --git a/contrib/libfido2/fuzz/export.gnu b/contrib/libfido2/fuzz/export.gnu index bc25dd66cba7..62dfda926944 100644 --- a/contrib/libfido2/fuzz/export.gnu +++ b/contrib/libfido2/fuzz/export.gnu @@ -127,6 +127,7 @@ fido_cred_clientdata_hash_len; fido_cred_clientdata_hash_ptr; fido_cred_display_name; + fido_cred_entattest; fido_cred_exclude; fido_cred_flags; fido_cred_largeblob_key_len; @@ -166,11 +167,13 @@ fido_cred_rp_id; fido_cred_rp_name; fido_cred_set_attstmt; + fido_cred_set_attobj; fido_cred_set_authdata; fido_cred_set_authdata_raw; fido_cred_set_blob; fido_cred_set_clientdata; fido_cred_set_clientdata_hash; + fido_cred_set_entattest; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; @@ -193,6 +196,9 @@ fido_cred_verify; fido_cred_verify_self; fido_cred_x5c_len; + fido_cred_x5c_list_count; + fido_cred_x5c_list_len; + fido_cred_x5c_list_ptr; fido_cred_x5c_ptr; fido_dev_build; fido_dev_cancel; diff --git a/contrib/libfido2/fuzz/functions.txt b/contrib/libfido2/fuzz/functions.txt index 4ad5a0c83f5c..5dab11c62d50 100644 --- a/contrib/libfido2/fuzz/functions.txt +++ b/contrib/libfido2/fuzz/functions.txt @@ -1,31 +1,31 @@ File '/libfido2/src/aes256.c': Name Regions Miss Cover Lines Miss Cover --------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------ aes256_cbc_enc 4 0 100.00% 4 0 100.00% aes256_cbc_dec 4 0 100.00% 4 0 100.00% aes256_gcm_enc 1 0 100.00% 3 0 100.00% aes256_gcm_dec 1 0 100.00% 3 0 100.00% -aes256.c:aes256_cbc_fips 26 1 96.15% 42 4 90.48% -aes256.c:aes256_cbc 29 1 96.55% 36 3 91.67% +aes256.c:aes256_cbc_fips 29 1 96.55% 42 4 90.48% +aes256.c:aes256_cbc 37 1 97.30% 36 3 91.67% aes256.c:aes256_cbc_proto1 1 0 100.00% 5 0 100.00% -aes256.c:aes256_gcm 52 1 98.08% 60 4 93.33% --------------------------------------------------------------------------------------------------------- -TOTAL 118 3 97.46% 157 11 92.99% +aes256.c:aes256_gcm 73 3 95.89% 64 10 84.38% +------------------------------------------------------------------------------ +TOTAL 150 5 96.67% 161 17 89.44% File '/libfido2/src/assert.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ -fido_dev_get_assert 40 0 100.00% 35 0 100.00% +--------------------------------------------------------------------------------------- +fido_dev_get_assert 50 0 100.00% 35 0 100.00% fido_check_flags 13 0 100.00% 15 0 100.00% -fido_get_signed_hash 20 1 95.00% 34 3 91.18% -fido_assert_verify 50 4 92.00% 70 7 90.00% +fido_get_signed_hash 27 1 96.30% 34 3 91.18% +fido_assert_verify 59 4 93.22% 70 7 90.00% fido_assert_set_clientdata 12 12 0.00% 11 11 0.00% fido_assert_set_clientdata_hash 8 0 100.00% 6 0 100.00% fido_assert_set_hmac_salt 10 0 100.00% 6 0 100.00% fido_assert_set_hmac_secret 12 12 0.00% 7 7 0.00% -fido_assert_set_rp 12 0 100.00% 11 0 100.00% +fido_assert_set_rp 16 0 100.00% 11 0 100.00% fido_assert_set_winhello_appid 2 2 0.00% 5 5 0.00% -fido_assert_allow_cred 13 2 84.62% 22 3 86.36% +fido_assert_allow_cred 16 2 87.50% 22 3 86.36% fido_assert_empty_allow_list 2 0 100.00% 5 0 100.00% fido_assert_set_extensions 14 0 100.00% 10 0 100.00% fido_assert_set_options 8 8 0.00% 5 5 0.00% @@ -34,71 +34,71 @@ fido_assert_set_uv 2 0 100.00% 4 0 fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00% fido_assert_new 1 0 100.00% 3 0 100.00% -fido_assert_reset_tx 1 0 100.00% 13 0 100.00% -fido_assert_reset_rx 4 0 100.00% 20 0 100.00% -fido_assert_free 6 0 100.00% 9 0 100.00% +fido_assert_reset_tx 3 0 100.00% 12 0 100.00% +fido_assert_reset_rx 5 0 100.00% 19 0 100.00% +fido_assert_free 10 0 100.00% 8 0 100.00% fido_assert_count 1 0 100.00% 3 0 100.00% fido_assert_rp_id 1 0 100.00% 3 0 100.00% fido_assert_flags 4 0 100.00% 5 0 100.00% fido_assert_sigcount 4 0 100.00% 5 0 100.00% -fido_assert_authdata_ptr 4 0 100.00% 5 0 100.00% +fido_assert_authdata_ptr 5 0 100.00% 5 0 100.00% fido_assert_authdata_len 4 0 100.00% 5 0 100.00% -fido_assert_authdata_raw_ptr 4 0 100.00% 5 0 100.00% +fido_assert_authdata_raw_ptr 5 0 100.00% 5 0 100.00% fido_assert_authdata_raw_len 4 0 100.00% 5 0 100.00% -fido_assert_sig_ptr 4 0 100.00% 5 0 100.00% +fido_assert_sig_ptr 5 0 100.00% 5 0 100.00% fido_assert_sig_len 4 0 100.00% 5 0 100.00% -fido_assert_id_ptr 4 0 100.00% 5 0 100.00% +fido_assert_id_ptr 5 0 100.00% 5 0 100.00% fido_assert_id_len 4 0 100.00% 5 0 100.00% -fido_assert_user_id_ptr 4 0 100.00% 5 0 100.00% +fido_assert_user_id_ptr 5 0 100.00% 5 0 100.00% fido_assert_user_id_len 4 0 100.00% 5 0 100.00% -fido_assert_user_icon 4 0 100.00% 5 0 100.00% -fido_assert_user_name 4 0 100.00% 5 0 100.00% -fido_assert_user_display_name 4 0 100.00% 5 0 100.00% -fido_assert_hmac_secret_ptr 4 0 100.00% 5 0 100.00% +fido_assert_user_icon 5 0 100.00% 5 0 100.00% +fido_assert_user_name 5 0 100.00% 5 0 100.00% +fido_assert_user_display_name 5 0 100.00% 5 0 100.00% +fido_assert_hmac_secret_ptr 5 0 100.00% 5 0 100.00% fido_assert_hmac_secret_len 4 0 100.00% 5 0 100.00% -fido_assert_largeblob_key_ptr 4 0 100.00% 5 0 100.00% +fido_assert_largeblob_key_ptr 5 0 100.00% 5 0 100.00% fido_assert_largeblob_key_len 4 0 100.00% 5 0 100.00% -fido_assert_blob_ptr 4 0 100.00% 5 0 100.00% +fido_assert_blob_ptr 5 0 100.00% 5 0 100.00% fido_assert_blob_len 4 0 100.00% 5 0 100.00% -fido_assert_set_authdata 28 0 100.00% 33 0 100.00% -fido_assert_set_authdata_raw 28 0 100.00% 32 0 100.00% -fido_assert_set_sig 14 0 100.00% 7 0 100.00% -fido_assert_set_count 10 0 100.00% 17 0 100.00% +fido_assert_set_authdata 34 0 100.00% 33 0 100.00% +fido_assert_set_authdata_raw 34 0 100.00% 32 0 100.00% +fido_assert_set_sig 16 0 100.00% 7 0 100.00% +fido_assert_set_count 12 0 100.00% 17 0 100.00% assert.c:fido_dev_get_assert_wait 21 0 100.00% 14 0 100.00% -assert.c:fido_dev_get_assert_tx 56 2 96.43% 62 5 91.94% -assert.c:fido_dev_get_assert_rx 27 0 100.00% 36 0 100.00% -assert.c:adjust_assert_count 24 0 100.00% 26 0 100.00% -assert.c:parse_assert_reply 15 0 100.00% 28 0 100.00% +assert.c:fido_dev_get_assert_tx 67 2 97.01% 62 5 91.94% +assert.c:fido_dev_get_assert_rx 29 0 100.00% 36 0 100.00% +assert.c:adjust_assert_count 28 0 100.00% 26 0 100.00% +assert.c:parse_assert_reply 17 0 100.00% 28 0 100.00% assert.c:fido_get_next_assert_tx 8 0 100.00% 8 0 100.00% -assert.c:fido_get_next_assert_rx 23 2 91.30% 29 5 82.76% -assert.c:decrypt_hmac_secrets 9 0 100.00% 15 0 100.00% -assert.c:get_es256_hash 16 0 100.00% 17 0 100.00% -assert.c:get_es384_hash 16 0 100.00% 17 0 100.00% -assert.c:get_eddsa_hash 6 0 100.00% 9 0 100.00% +assert.c:fido_get_next_assert_rx 24 2 91.67% 29 5 82.76% +assert.c:decrypt_hmac_secrets 10 0 100.00% 15 0 100.00% +assert.c:get_es256_hash 26 0 100.00% 17 0 100.00% +assert.c:get_es384_hash 26 0 100.00% 17 0 100.00% +assert.c:get_eddsa_hash 8 0 100.00% 9 0 100.00% assert.c:check_extensions 5 0 100.00% 9 0 100.00% assert.c:fido_assert_reset_extattr 1 0 100.00% 5 0 100.00% assert.c:fido_assert_clean_authdata 1 0 100.00% 6 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 628 45 92.83% 782 51 93.48% +--------------------------------------------------------------------------------------- +TOTAL 738 45 93.90% 779 51 93.45% File '/libfido2/src/authkey.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- fido_dev_authkey 1 0 100.00% 3 0 100.00% authkey.c:fido_dev_authkey_wait 10 0 100.00% 7 0 100.00% -authkey.c:fido_dev_authkey_tx 19 0 100.00% 25 0 100.00% -authkey.c:fido_dev_authkey_rx 14 0 100.00% 21 0 100.00% -authkey.c:parse_authkey 8 0 100.00% 10 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 52 0 100.00% 66 0 100.00% +authkey.c:fido_dev_authkey_tx 22 0 100.00% 25 0 100.00% +authkey.c:fido_dev_authkey_rx 15 0 100.00% 21 0 100.00% +authkey.c:parse_authkey 10 0 100.00% 10 0 100.00% +--------------------------------------------------------------------------------------- +TOTAL 58 0 100.00% 66 0 100.00% File '/libfido2/src/bio.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ -fido_bio_dev_get_template_array 5 2 60.00% 6 1 83.33% -fido_bio_dev_set_template_name 7 0 100.00% 6 0 100.00% -fido_bio_dev_enroll_begin 25 2 92.00% 31 1 96.77% -fido_bio_dev_enroll_continue 5 2 60.00% 6 1 83.33% +--------------------------------------------------------------------------------------- +fido_bio_dev_get_template_array 6 2 66.67% 6 1 83.33% +fido_bio_dev_set_template_name 10 0 100.00% 6 0 100.00% +fido_bio_dev_enroll_begin 34 2 94.12% 31 1 96.77% +fido_bio_dev_enroll_continue 6 2 66.67% 6 1 83.33% fido_bio_dev_enroll_cancel 1 1 0.00% 4 4 0.00% fido_bio_dev_enroll_remove 1 0 100.00% 4 0 100.00% fido_bio_dev_get_info 1 0 100.00% 4 0 100.00% @@ -108,189 +108,195 @@ fido_bio_template_id_len 1 0 100.00% 3 0 fido_bio_template_array_count 1 0 100.00% 3 0 100.00% fido_bio_template_array_new 1 0 100.00% 3 0 100.00% fido_bio_template_new 1 0 100.00% 3 0 100.00% -fido_bio_template_array_free 6 0 100.00% 8 0 100.00% -fido_bio_template_free 6 0 100.00% 8 0 100.00% -fido_bio_template_set_name 8 0 100.00% 7 0 100.00% +fido_bio_template_array_free 10 0 100.00% 7 0 100.00% +fido_bio_template_free 10 0 100.00% 7 0 100.00% +fido_bio_template_set_name 10 0 100.00% 7 0 100.00% fido_bio_template_set_id 8 0 100.00% 6 0 100.00% -fido_bio_template 4 0 100.00% 5 0 100.00% +fido_bio_template 5 0 100.00% 5 0 100.00% fido_bio_enroll_new 1 0 100.00% 3 0 100.00% fido_bio_info_new 1 0 100.00% 3 0 100.00% fido_bio_info_type 1 0 100.00% 3 0 100.00% fido_bio_info_max_samples 1 0 100.00% 3 0 100.00% -fido_bio_enroll_free 6 0 100.00% 8 0 100.00% -fido_bio_info_free 6 0 100.00% 7 0 100.00% +fido_bio_enroll_free 10 0 100.00% 7 0 100.00% +fido_bio_info_free 10 0 100.00% 6 0 100.00% fido_bio_enroll_remaining_samples 1 0 100.00% 3 0 100.00% fido_bio_enroll_last_status 1 0 100.00% 3 0 100.00% -bio.c:bio_get_template_array_wait 11 0 100.00% 7 0 100.00% -bio.c:bio_tx 43 0 100.00% 55 0 100.00% -bio.c:bio_prepare_hmac 18 0 100.00% 29 0 100.00% -bio.c:bio_rx_template_array 19 0 100.00% 24 0 100.00% -bio.c:bio_parse_template_array 26 1 96.15% 27 4 85.19% -bio.c:decode_template_array 12 1 91.67% 18 3 83.33% -bio.c:decode_template 9 0 100.00% 15 0 100.00% -bio.c:bio_set_template_name_wait 19 0 100.00% 20 0 100.00% -bio.c:bio_enroll_begin_wait 17 0 100.00% 19 0 100.00% -bio.c:bio_rx_enroll_begin 23 0 100.00% 31 0 100.00% -bio.c:bio_parse_enroll_status 20 0 100.00% 28 0 100.00% -bio.c:bio_parse_template_id 8 0 100.00% 10 0 100.00% -bio.c:bio_enroll_continue_wait 19 0 100.00% 20 0 100.00% -bio.c:bio_rx_enroll_continue 19 0 100.00% 25 0 100.00% -bio.c:bio_enroll_cancel_wait 11 11 0.00% 10 10 0.00% -bio.c:bio_enroll_remove_wait 17 0 100.00% 19 0 100.00% -bio.c:bio_get_info_wait 11 0 100.00% 10 0 100.00% -bio.c:bio_rx_info 19 0 100.00% 24 0 100.00% +bio.c:bio_get_template_array_wait 13 0 100.00% 7 0 100.00% +bio.c:bio_tx 51 0 100.00% 55 0 100.00% +bio.c:bio_get_cmd 8 0 100.00% 5 0 100.00% +bio.c:bio_prepare_hmac 26 0 100.00% 29 0 100.00% +bio.c:bio_rx_template_array 20 0 100.00% 24 0 100.00% +bio.c:bio_parse_template_array 34 1 97.06% 27 4 85.19% +bio.c:decode_template_array 15 1 93.33% 18 3 83.33% +bio.c:decode_template 11 0 100.00% 15 0 100.00% +bio.c:bio_set_template_name_wait 23 0 100.00% 20 0 100.00% +bio.c:bio_enroll_begin_wait 19 0 100.00% 19 0 100.00% +bio.c:bio_rx_enroll_begin 24 0 100.00% 31 0 100.00% +bio.c:bio_parse_enroll_status 24 0 100.00% 28 0 100.00% +bio.c:bio_parse_template_id 10 0 100.00% 10 0 100.00% +bio.c:bio_enroll_continue_wait 23 0 100.00% 20 0 100.00% +bio.c:bio_rx_enroll_continue 20 0 100.00% 25 0 100.00% +bio.c:bio_enroll_cancel_wait 14 14 0.00% 10 10 0.00% +bio.c:bio_enroll_remove_wait 19 0 100.00% 19 0 100.00% +bio.c:bio_get_info_wait 14 0 100.00% 10 0 100.00% +bio.c:bio_rx_info 20 0 100.00% 24 0 100.00% bio.c:bio_reset_info 1 0 100.00% 4 0 100.00% -bio.c:bio_parse_info 20 0 100.00% 28 0 100.00% -bio.c:bio_reset_template_array 4 0 100.00% 7 0 100.00% -bio.c:bio_reset_template 1 0 100.00% 5 0 100.00% +bio.c:bio_parse_info 24 0 100.00% 28 0 100.00% +bio.c:bio_reset_template_array 5 0 100.00% 6 0 100.00% +bio.c:bio_reset_template 2 0 100.00% 4 0 100.00% bio.c:bio_reset_enroll 3 0 100.00% 6 0 100.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 451 20 95.57% 587 24 95.91% +--------------------------------------------------------------------------------------- +TOTAL 557 23 95.87% 586 24 95.90% File '/libfido2/src/blob.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- fido_blob_new 1 0 100.00% 3 0 100.00% fido_blob_reset 1 0 100.00% 4 0 100.00% -fido_blob_set 9 0 100.00% 15 0 100.00% -fido_blob_append 12 1 91.67% 20 3 85.00% -fido_blob_free 6 0 100.00% 8 0 100.00% -fido_free_blob_array 7 0 100.00% 12 0 100.00% -fido_blob_encode 6 0 100.00% 5 0 100.00% +fido_blob_set 12 0 100.00% 15 0 100.00% +fido_blob_append 17 1 94.12% 20 3 85.00% +fido_blob_free 10 0 100.00% 7 0 100.00% +fido_free_blob_array 10 0 100.00% 11 0 100.00% +fido_blob_encode 10 0 100.00% 5 0 100.00% fido_blob_decode 1 0 100.00% 3 0 100.00% -fido_blob_is_empty 3 0 100.00% 3 0 100.00% -fido_blob_serialise 7 1 85.71% 10 1 90.00% ------------------------------------------------------------------------------------------------------------------ -TOTAL 53 2 96.23% 83 4 95.18% +fido_blob_is_empty 5 0 100.00% 3 0 100.00% +fido_blob_serialise 8 1 87.50% 10 1 90.00% +--------------------------------------------------------------------------------------- +TOTAL 75 2 97.33% 81 4 95.06% File '/libfido2/src/buf.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------ +--------------------------------------------------------------------------------------- fido_buf_read 4 0 100.00% 8 0 100.00% -fido_buf_write 4 1 75.00% 8 1 87.50% ------------------------------------------------------------------------------------------------------------------ -TOTAL 8 1 87.50% 16 1 93.75% +fido_buf_write 4 0 100.00% 8 0 100.00% +--------------------------------------------------------------------------------------- +TOTAL 8 0 100.00% 16 0 100.00% File '/libfido2/src/cbor.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------- -cbor_map_iter 20 1 95.00% 26 4 84.62% -cbor_array_iter 12 0 100.00% 16 0 100.00% -cbor_parse_reply 27 0 100.00% 36 0 100.00% -cbor_vector_free 6 0 100.00% 5 0 100.00% -cbor_bytestring_copy 14 0 100.00% 18 0 100.00% -cbor_string_copy 14 0 100.00% 18 0 100.00% -cbor_add_bytestring 14 0 100.00% 21 0 100.00% -cbor_add_string 14 0 100.00% 21 0 100.00% -cbor_add_bool 14 0 100.00% 21 0 100.00% -cbor_flatten_vector 14 1 92.86% 16 1 93.75% -cbor_build_frame 15 0 100.00% 25 0 100.00% -cbor_encode_rp_entity 13 0 100.00% 11 0 100.00% -cbor_encode_user_entity 21 0 100.00% 15 0 100.00% -cbor_encode_pubkey_param 36 0 100.00% 39 0 100.00% -cbor_encode_pubkey 10 0 100.00% 11 0 100.00% -cbor_encode_pubkey_list 18 0 100.00% 19 0 100.00% -cbor_encode_str_array 18 0 100.00% 19 0 100.00% -cbor_encode_cred_ext 55 0 100.00% 50 0 100.00% -cbor_encode_cred_opt 13 0 100.00% 11 0 100.00% -cbor_encode_assert_opt 13 0 100.00% 11 0 100.00% -cbor_encode_pin_auth 21 1 95.24% 22 3 86.36% -cbor_encode_pin_opt 4 0 100.00% 8 0 100.00% -cbor_encode_change_pin_auth 32 1 96.88% 36 3 91.67% -cbor_encode_assert_ext 33 0 100.00% 32 0 100.00% -cbor_decode_fmt 13 0 100.00% 15 0 100.00% +---------------------------------------------------------------------------------------- +cbor_map_iter 24 1 95.83% 26 4 84.62% +cbor_array_iter 15 0 100.00% 16 0 100.00% +cbor_parse_reply 33 0 100.00% 36 0 100.00% +cbor_vector_free 7 0 100.00% 5 0 100.00% +cbor_bytestring_copy 20 0 100.00% 18 0 100.00% +cbor_string_copy 23 0 100.00% 18 0 100.00% +cbor_add_bytestring 17 0 100.00% 21 0 100.00% +cbor_add_string 17 0 100.00% 21 0 100.00% +cbor_add_bool 17 0 100.00% 21 0 100.00% +cbor_flatten_vector 19 2 89.47% 16 1 93.75% +cbor_build_frame 22 0 100.00% 25 0 100.00% +cbor_encode_rp_entity 17 0 100.00% 11 0 100.00% +cbor_encode_user_entity 25 0 100.00% 15 0 100.00% +cbor_encode_pubkey_param 55 0 100.00% 39 0 100.00% +cbor_encode_pubkey 14 0 100.00% 11 0 100.00% +cbor_encode_pubkey_list 27 0 100.00% 18 0 100.00% +cbor_encode_str_array 27 0 100.00% 18 0 100.00% +cbor_encode_cred_ext 65 0 100.00% 50 0 100.00% +cbor_encode_cred_opt 17 0 100.00% 11 0 100.00% +cbor_encode_assert_opt 17 0 100.00% 11 0 100.00% +cbor_encode_pin_auth 29 2 93.10% 22 3 86.36% +cbor_encode_pin_opt 5 0 100.00% 8 0 100.00% +cbor_encode_change_pin_auth 42 1 97.62% 36 3 91.67% +cbor_encode_assert_ext 39 0 100.00% 32 0 100.00% +cbor_decode_fmt 14 0 100.00% 15 0 100.00% cbor_decode_pubkey 26 1 96.15% 36 2 94.44% -cbor_decode_cred_authdata 31 1 96.77% 35 3 91.43% -cbor_decode_assert_authdata 21 1 95.24% 32 3 90.62% -cbor_decode_attstmt 13 0 100.00% 16 0 100.00% -cbor_decode_uint64 4 0 100.00% 8 0 100.00% -cbor_decode_cred_id 8 0 100.00% 9 0 100.00% -cbor_decode_user 8 0 100.00% 9 0 100.00% -cbor_decode_rp_entity 8 0 100.00% 9 0 100.00% -cbor_decode_bool 10 0 100.00% 11 0 100.00% -cbor_build_uint 10 1 90.00% 9 1 88.89% -cbor_array_append 17 0 100.00% 21 0 100.00% -cbor_array_drop 18 0 100.00% 17 0 100.00% +cbor_decode_attobj 12 0 100.00% 9 0 100.00% +cbor_decode_cred_authdata 40 1 97.50% 35 3 91.43% +cbor_decode_assert_authdata 28 1 96.43% 32 3 90.62% +cbor_decode_attstmt 19 0 100.00% 16 0 100.00% +cbor_decode_uint64 5 0 100.00% 8 0 100.00% +cbor_decode_cred_id 12 0 100.00% 9 0 100.00% +cbor_decode_user 12 0 100.00% 9 0 100.00% +cbor_decode_rp_entity 12 0 100.00% 9 0 100.00% +cbor_decode_bool 14 0 100.00% 11 0 100.00% +cbor_build_uint 13 1 92.31% 9 1 88.89% +cbor_array_append 24 0 100.00% 21 0 100.00% +cbor_array_drop 21 0 100.00% 17 0 100.00% cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00% cbor.c:check_key_type 8 0 100.00% 7 0 100.00% -cbor.c:cbor_add_arg 13 0 100.00% 21 0 100.00% -cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00% -cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00% -cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88% -cbor.c:get_cose_alg 46 0 100.00% 45 0 100.00% -cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00% -cbor.c:decode_attcred 25 0 100.00% 44 0 100.00% -cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00% -cbor.c:decode_cred_extension 41 0 100.00% 45 0 100.00% -cbor.c:decode_assert_extensions 14 0 100.00% 23 0 100.00% -cbor.c:decode_assert_extension 19 0 100.00% 27 0 100.00% -cbor.c:decode_attstmt_entry 56 0 100.00% 51 0 100.00% -cbor.c:decode_x5c 4 0 100.00% 6 0 100.00% -cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 100.00% -cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00% -cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00% ------------------------------------------------------------------------------------------------------------------- -TOTAL 1070 12 98.88% 1258 28 97.77% +cbor.c:cbor_add_arg 15 0 100.00% 21 0 100.00% +cbor.c:cbor_add_uint8 17 0 100.00% 21 0 100.00% +cbor.c:cbor_encode_largeblob_key_ext 8 0 100.00% 6 0 100.00% +cbor.c:cbor_encode_hmac_secret_param 81 4 95.06% 66 8 87.88% +cbor.c:get_cose_alg 50 0 100.00% 45 0 100.00% +cbor.c:find_cose_alg 51 0 100.00% 33 0 100.00% +cbor.c:decode_attobj 24 0 100.00% 37 0 100.00% +cbor.c:decode_attcred 30 0 100.00% 44 0 100.00% +cbor.c:decode_cred_extensions 21 0 100.00% 24 0 100.00% +cbor.c:decode_cred_extension 48 0 100.00% 45 0 100.00% +cbor.c:decode_assert_extensions 21 0 100.00% 23 0 100.00% +cbor.c:decode_assert_extension 20 0 100.00% 27 0 100.00% +cbor.c:decode_attstmt_entry 56 0 100.00% 49 0 100.00% +cbor.c:decode_x5c_array 12 1 91.67% 12 3 75.00% +cbor.c:decode_x5c 14 1 92.86% 22 3 86.36% +cbor.c:decode_cred_id_entry 11 0 100.00% 19 0 100.00% +cbor.c:decode_user_entry 26 0 100.00% 35 0 100.00% +cbor.c:decode_rp_entity_entry 16 0 100.00% 25 0 100.00% +---------------------------------------------------------------------------------------- +TOTAL 1402 16 98.86% 1328 34 97.44% File '/libfido2/src/compress.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------------------------------- +---------------------------------------------------------------------------------------- fido_compress 1 0 100.00% 3 0 100.00% fido_uncompress 6 0 100.00% 5 0 100.00% -compress.c:rfc1951_deflate 33 4 87.88% 47 6 87.23% -compress.c:rfc1950_inflate 27 2 92.59% 22 4 81.82% -compress.c:rfc1951_inflate 38 8 78.95% 45 14 68.89% ------------------------------------------------------------------------------------------------------------------- -TOTAL 105 14 86.67% 122 24 80.33% +compress.c:rfc1951_deflate 42 4 90.48% 47 6 87.23% +compress.c:rfc1950_inflate 42 2 95.24% 22 4 81.82% +compress.c:rfc1951_inflate 49 8 83.67% 45 14 68.89% +---------------------------------------------------------------------------------------- +TOTAL 140 14 90.00% 122 24 80.33% File '/libfido2/src/config.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_dev_enable_entattest 1 0 100.00% 4 0 100.00% fido_dev_toggle_always_uv 1 0 100.00% 4 0 100.00% -fido_dev_set_pin_minlen 1 0 100.00% 4 0 100.00% -fido_dev_force_pin_change 1 0 100.00% 4 0 100.00% -fido_dev_set_pin_minlen_rpid 6 0 100.00% 15 0 100.00% -config.c:config_enable_entattest_wait 6 0 100.00% 7 0 100.00% -config.c:config_tx 39 0 100.00% 49 0 100.00% -config.c:config_prepare_hmac 10 0 100.00% 21 0 100.00% -config.c:config_toggle_always_uv_wait 6 0 100.00% 7 0 100.00% +fido_dev_set_pin_minlen 3 0 100.00% 4 0 100.00% +fido_dev_force_pin_change 3 0 100.00% 4 0 100.00% +fido_dev_set_pin_minlen_rpid 7 0 100.00% 15 0 100.00% +config.c:config_enable_entattest_wait 7 0 100.00% 7 0 100.00% +config.c:config_tx 46 0 100.00% 49 0 100.00% +config.c:config_prepare_hmac 12 0 100.00% 21 0 100.00% +config.c:config_toggle_always_uv_wait 7 0 100.00% 7 0 100.00% config.c:config_pin_minlen 5 0 100.00% 7 0 100.00% -config.c:config_pin_minlen_tx 36 0 100.00% 32 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 112 0 100.00% 154 0 100.00% +config.c:config_pin_minlen_tx 45 0 100.00% 32 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 137 0 100.00% 154 0 100.00% File '/libfido2/src/cred.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_dev_make_cred 12 0 100.00% 10 0 100.00% -fido_check_rp_id 4 0 100.00% 11 0 100.00% -fido_cred_verify 59 2 96.61% 75 4 94.67% -fido_cred_verify_self 60 4 93.33% 87 7 91.95% +----------------------------------------------------------------------------------------- +fido_dev_make_cred 15 0 100.00% 10 0 100.00% +fido_check_rp_id 5 0 100.00% 10 0 100.00% +fido_cred_verify 72 0 100.00% 75 0 100.00% +fido_cred_verify_self 73 4 94.52% 87 7 91.95% fido_cred_new 1 0 100.00% 3 0 100.00% -fido_cred_reset_tx 1 0 100.00% 18 0 100.00% -fido_cred_reset_rx 1 0 100.00% 7 0 100.00% -fido_cred_free 6 0 100.00% 9 0 100.00% -fido_cred_set_authdata 23 0 100.00% 28 0 100.00% -fido_cred_set_authdata_raw 25 0 100.00% 29 0 100.00% +fido_cred_reset_tx 1 0 100.00% 19 0 100.00% +fido_cred_reset_rx 2 0 100.00% 4 0 100.00% +fido_cred_free 10 0 100.00% 8 0 100.00% +fido_cred_set_authdata 28 0 100.00% 28 0 100.00% +fido_cred_set_authdata_raw 30 0 100.00% 29 0 100.00% fido_cred_set_id 6 0 100.00% 5 0 100.00% -fido_cred_set_x509 6 0 100.00% 5 0 100.00% +fido_cred_set_x509 18 2 88.89% 21 3 85.71% fido_cred_set_sig 6 0 100.00% 5 0 100.00% -fido_cred_set_attstmt 20 0 100.00% 23 0 100.00% -fido_cred_exclude 14 2 85.71% 19 3 84.21% +fido_cred_set_attstmt 25 0 100.00% 23 0 100.00% +fido_cred_set_attobj 22 0 100.00% 21 0 100.00% +fido_cred_exclude 17 2 88.24% 19 3 84.21% fido_cred_empty_exclude_list 2 0 100.00% 5 0 100.00% fido_cred_set_clientdata 12 12 0.00% 11 11 0.00% fido_cred_set_clientdata_hash 8 0 100.00% 6 0 100.00% -fido_cred_set_rp 18 0 100.00% 22 0 100.00% -fido_cred_set_user 32 0 100.00% 41 0 100.00% +fido_cred_set_rp 30 0 100.00% 22 0 100.00% +fido_cred_set_user 55 0 100.00% 41 0 100.00% fido_cred_set_extensions 16 0 100.00% 10 0 100.00% fido_cred_set_options 8 8 0.00% 5 5 0.00% fido_cred_set_rk 2 0 100.00% 4 0 100.00% fido_cred_set_uv 2 0 100.00% 4 0 100.00% +fido_cred_set_entattest 13 0 100.00% 7 0 100.00% fido_cred_set_prot 21 0 100.00% 14 0 100.00% fido_cred_set_pin_minlen 7 0 100.00% 8 0 100.00% -fido_cred_set_blob 13 0 100.00% 8 0 100.00% -fido_cred_set_fmt 20 4 80.00% 12 2 83.33% +fido_cred_set_blob 15 0 100.00% 8 0 100.00% +fido_cred_set_fmt 23 4 82.61% 12 2 83.33% fido_cred_set_type 23 2 91.30% 9 1 88.89% fido_cred_type 1 0 100.00% 3 0 100.00% fido_cred_flags 1 0 100.00% 3 0 100.00% @@ -299,6 +305,9 @@ fido_cred_clientdata_hash_ptr 1 0 100.00% 3 fido_cred_clientdata_hash_len 1 0 100.00% 3 0 100.00% fido_cred_x5c_ptr 1 0 100.00% 3 0 100.00% fido_cred_x5c_len 1 0 100.00% 3 0 100.00% +fido_cred_x5c_list_count 1 0 100.00% 3 0 100.00% +fido_cred_x5c_list_ptr 5 0 100.00% 5 0 100.00% +fido_cred_x5c_list_len 4 0 100.00% 5 0 100.00% fido_cred_sig_ptr 1 0 100.00% 3 0 100.00% fido_cred_sig_len 1 0 100.00% 3 0 100.00% fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00% @@ -307,7 +316,7 @@ fido_cred_authdata_raw_ptr 1 0 100.00% 3 fido_cred_authdata_raw_len 1 0 100.00% 3 0 100.00% fido_cred_attstmt_ptr 1 0 100.00% 3 0 100.00% fido_cred_attstmt_len 1 0 100.00% 3 0 100.00% -fido_cred_pubkey_ptr 11 0 100.00% 21 0 100.00% +fido_cred_pubkey_ptr 12 0 100.00% 21 0 100.00% fido_cred_pubkey_len 11 0 100.00% 21 0 100.00% fido_cred_id_ptr 1 0 100.00% 3 0 100.00% fido_cred_id_len 1 0 100.00% 3 0 100.00% @@ -324,80 +333,83 @@ fido_cred_user_id_ptr 1 0 100.00% 3 fido_cred_user_id_len 1 0 100.00% 3 0 100.00% fido_cred_largeblob_key_ptr 1 0 100.00% 3 0 100.00% fido_cred_largeblob_key_len 1 0 100.00% 3 0 100.00% +fido_cred_entattest 1 0 100.00% 3 0 100.00% cred.c:fido_dev_make_cred_wait 10 0 100.00% 7 0 100.00% -cred.c:fido_dev_make_cred_tx 64 0 100.00% 70 0 100.00% -cred.c:fido_dev_make_cred_rx 29 0 100.00% 32 0 100.00% -cred.c:parse_makecred_reply 14 0 100.00% 27 0 100.00% +cred.c:fido_dev_make_cred_tx 87 0 100.00% 77 0 100.00% +cred.c:fido_dev_make_cred_rx 32 0 100.00% 32 0 100.00% +cred.c:parse_makecred_reply 17 0 100.00% 29 0 100.00% cred.c:check_extensions 2 0 100.00% 6 0 100.00% -cred.c:get_signed_hash_u2f 27 0 100.00% 27 0 100.00% -cred.c:verify_attstmt 25 2 92.00% 43 6 86.05% +cred.c:get_signed_hash_u2f 38 0 100.00% 27 0 100.00% +cred.c:verify_attstmt 38 3 92.11% 48 10 79.17% +cred.c:fido_cred_clean_attobj 2 0 100.00% 5 0 100.00% cred.c:fido_cred_clean_authdata 1 0 100.00% 8 0 100.00% cred.c:fido_cred_clean_attstmt 1 0 100.00% 8 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 653 36 94.49% 853 39 95.43% +----------------------------------------------------------------------------------------- +TOTAL 860 37 95.70% 928 42 95.47% File '/libfido2/src/credman.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_credman_get_dev_metadata 1 0 100.00% 4 0 100.00% fido_credman_get_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_del_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_get_dev_rp 1 0 100.00% 4 0 100.00% fido_credman_set_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_rk_new 1 0 100.00% 3 0 100.00% -fido_credman_rk_free 6 1 83.33% 8 1 87.50% +fido_credman_rk_free 10 1 90.00% 7 1 85.71% fido_credman_rk_count 1 0 100.00% 3 0 100.00% -fido_credman_rk 4 0 100.00% 5 0 100.00% +fido_credman_rk 5 0 100.00% 5 0 100.00% fido_credman_metadata_new 1 0 100.00% 3 0 100.00% -fido_credman_metadata_free 6 1 83.33% 7 1 85.71% +fido_credman_metadata_free 10 1 90.00% 6 1 83.33% fido_credman_rk_existing 1 0 100.00% 3 0 100.00% fido_credman_rk_remaining 1 0 100.00% 3 0 100.00% fido_credman_rp_new 1 0 100.00% 3 0 100.00% -fido_credman_rp_free 6 1 83.33% 8 1 87.50% +fido_credman_rp_free 10 1 90.00% 7 1 85.71% fido_credman_rp_count 1 0 100.00% 3 0 100.00% -fido_credman_rp_id 4 0 100.00% 5 0 100.00% -fido_credman_rp_name 4 0 100.00% 5 0 100.00% +fido_credman_rp_id 5 0 100.00% 5 0 100.00% +fido_credman_rp_name 5 0 100.00% 5 0 100.00% fido_credman_rp_id_hash_len 4 0 100.00% 5 0 100.00% -fido_credman_rp_id_hash_ptr 4 0 100.00% 5 0 100.00% -credman.c:credman_get_metadata_wait 11 0 100.00% 8 0 100.00% -credman.c:credman_tx 36 0 100.00% 50 0 100.00% -credman.c:credman_prepare_hmac 31 1 96.77% 50 2 96.00% -credman.c:credman_rx_metadata 19 0 100.00% 24 0 100.00% -credman.c:credman_parse_metadata 9 0 100.00% 17 0 100.00% -credman.c:credman_get_rk_wait 27 0 100.00% 23 0 100.00% -credman.c:credman_rx_rk 27 0 100.00% 35 0 100.00% -credman.c:credman_parse_rk_count 16 0 100.00% 20 0 100.00% -credman.c:credman_grow_array 17 2 88.24% 21 5 76.19% -credman.c:credman_parse_rk 23 0 100.00% 31 0 100.00% -credman.c:credman_rx_next_rk 23 2 91.30% 29 5 82.76% -credman.c:credman_del_rk_wait 16 0 100.00% 15 0 100.00% -credman.c:credman_get_rp_wait 23 0 100.00% 15 0 100.00% -credman.c:credman_rx_rp 27 0 100.00% 35 0 100.00% -credman.c:credman_parse_rp_count 16 0 100.00% 20 0 100.00% -credman.c:credman_parse_rp 9 0 100.00% 17 0 100.00% -credman.c:credman_rx_next_rp 23 2 91.30% 29 5 82.76% -credman.c:credman_set_dev_rk_wait 11 0 100.00% 8 0 100.00% -credman.c:credman_reset_rk 4 0 100.00% 9 0 100.00% -credman.c:credman_reset_rp 4 0 100.00% 12 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 422 10 97.63% 557 20 96.41% +fido_credman_rp_id_hash_ptr 5 0 100.00% 5 0 100.00% +credman.c:credman_get_metadata_wait 13 0 100.00% 8 0 100.00% +credman.c:credman_tx 41 0 100.00% 50 0 100.00% +credman.c:credman_get_cmd 7 0 100.00% 5 0 100.00% +credman.c:credman_prepare_hmac 38 1 97.37% 50 2 96.00% +credman.c:credman_rx_metadata 20 0 100.00% 24 0 100.00% +credman.c:credman_parse_metadata 11 0 100.00% 17 0 100.00% +credman.c:credman_get_rk_wait 30 0 100.00% 23 0 100.00% +credman.c:credman_rx_rk 28 0 100.00% 35 0 100.00% +credman.c:credman_parse_rk_count 20 0 100.00% 20 0 100.00% +credman.c:credman_grow_array 19 2 89.47% 21 5 76.19% +credman.c:credman_parse_rk 27 0 100.00% 31 0 100.00% +credman.c:credman_rx_next_rk 24 2 91.67% 29 5 82.76% +credman.c:credman_del_rk_wait 17 0 100.00% 15 0 100.00% +credman.c:credman_get_rp_wait 28 0 100.00% 15 0 100.00% +credman.c:credman_rx_rp 28 0 100.00% 35 0 100.00% +credman.c:credman_parse_rp_count 20 0 100.00% 20 0 100.00% +credman.c:credman_parse_rp 11 0 100.00% 17 0 100.00% +credman.c:credman_rx_next_rp 24 2 91.67% 29 5 82.76% +credman.c:credman_set_dev_rk_wait 12 0 100.00% 8 0 100.00% +credman.c:credman_reset_rk 5 0 100.00% 8 0 100.00% +credman.c:credman_reset_rp 7 0 100.00% 11 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 496 10 97.98% 557 20 96.41% File '/libfido2/src/dev.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_dev_info_manifest 2 0 100.00% 11 0 100.00% -fido_dev_open_with_info 5 5 0.00% 6 6 0.00% +fido_dev_open_with_info 6 6 0.00% 6 6 0.00% fido_dev_open 13 4 69.23% 16 6 62.50% -fido_dev_close 9 2 77.78% 8 1 87.50% -fido_dev_set_sigmask 18 18 0.00% 11 11 0.00% -fido_dev_cancel 11 0 100.00% 8 0 100.00% -fido_dev_set_io_functions 18 4 77.78% 14 6 57.14% -fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67% +fido_dev_close 13 2 84.62% 8 1 87.50% +fido_dev_set_sigmask 23 23 0.00% 11 11 0.00% +fido_dev_cancel 13 0 100.00% 8 0 100.00% +fido_dev_set_io_functions 29 4 86.21% 14 6 57.14% +fido_dev_set_transport_functions 8 2 75.00% 9 3 66.67% fido_dev_io_handle 1 1 0.00% 3 3 0.00% -fido_init 8 1 87.50% 5 0 100.00% -fido_dev_new 5 0 100.00% 14 0 100.00% -fido_dev_new_with_info 10 10 0.00% 16 16 0.00% -fido_dev_free 6 0 100.00% 8 0 100.00% +fido_init 9 2 77.78% 5 0 100.00% +fido_dev_new 7 0 100.00% 14 0 100.00% +fido_dev_new_with_info 18 18 0.00% 16 16 0.00% +fido_dev_free 10 0 100.00% 7 0 100.00% fido_dev_protocol 1 0 100.00% 3 0 100.00% fido_dev_major 1 0 100.00% 3 0 100.00% fido_dev_minor 1 0 100.00% 3 0 100.00% @@ -408,7 +420,7 @@ fido_dev_is_winhello 2 2 0.00% 3 fido_dev_supports_pin 3 0 100.00% 3 0 100.00% fido_dev_has_pin 2 0 100.00% 3 0 100.00% fido_dev_supports_cred_prot 2 0 100.00% 3 0 100.00% -fido_dev_supports_credman 2 0 100.00% 3 0 100.00% +fido_dev_supports_credman 3 0 100.00% 3 0 100.00% fido_dev_supports_uv 3 0 100.00% 3 0 100.00% fido_dev_has_uv 2 0 100.00% 3 0 100.00% fido_dev_supports_permissions 2 0 100.00% 3 0 100.00% @@ -419,112 +431,112 @@ fido_dev_maxmsgsize 1 0 100.00% 3 fido_dev_set_timeout 6 2 66.67% 6 1 83.33% dev.c:run_manifest 10 0 100.00% 13 0 100.00% dev.c:fido_dev_open_wait 10 0 100.00% 7 0 100.00% -dev.c:fido_dev_open_tx 56 11 80.36% 56 20 64.29% +dev.c:fido_dev_open_tx 62 11 82.26% 56 20 64.29% dev.c:set_random_report_len 11 0 100.00% 6 0 100.00% -dev.c:fido_dev_open_rx 36 1 97.22% 53 1 98.11% +dev.c:fido_dev_open_rx 40 1 97.50% 53 1 98.11% dev.c:fido_dev_set_flags 1 0 100.00% 5 0 100.00% dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 0 100.00% -dev.c:fido_dev_set_option_flags 31 0 100.00% 20 0 100.00% +dev.c:fido_dev_set_option_flags 42 0 100.00% 25 0 100.00% dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 332 65 80.42% 378 80 78.84% +----------------------------------------------------------------------------------------- +TOTAL 394 80 79.70% 382 80 79.06% File '/libfido2/src/ecdh.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_do_ecdh 29 0 100.00% 36 0 100.00% -ecdh.c:do_ecdh 37 0 100.00% 44 0 100.00% -ecdh.c:kdf 19 1 94.74% 28 2 92.86% -ecdh.c:hkdf_sha256 32 1 96.88% 38 3 92.11% -------------------------------------------------------------------------------------------------------------------- -TOTAL 117 2 98.29% 146 5 96.58% +----------------------------------------------------------------------------------------- +fido_do_ecdh 38 0 100.00% 36 0 100.00% +ecdh.c:do_ecdh 57 0 100.00% 44 0 100.00% +ecdh.c:kdf 26 1 96.15% 28 2 92.86% +ecdh.c:hkdf_sha256 48 1 97.92% 38 3 92.11% +----------------------------------------------------------------------------------------- +TOTAL 169 2 98.82% 146 5 96.58% File '/libfido2/src/eddsa.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -eddsa_pk_decode 8 0 100.00% 9 0 100.00% +----------------------------------------------------------------------------------------- +eddsa_pk_decode 12 0 100.00% 9 0 100.00% eddsa_pk_new 1 0 100.00% 3 0 100.00% -eddsa_pk_free 6 0 100.00% 7 0 100.00% -eddsa_pk_from_ptr 10 0 100.00% 12 0 100.00% -eddsa_pk_to_EVP_PKEY 3 0 100.00% 7 0 100.00% -eddsa_pk_from_EVP_PKEY 18 2 88.89% 12 1 91.67% -eddsa_verify_sig 19 2 89.47% 30 6 80.00% -eddsa_pk_verify_sig 7 1 85.71% 13 2 84.62% -eddsa.c:decode_pubkey_point 8 0 100.00% 11 0 100.00% -eddsa.c:decode_coord 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 88 5 94.32% 114 9 92.11% +eddsa_pk_free 10 0 100.00% 6 0 100.00% +eddsa_pk_from_ptr 11 0 100.00% 12 0 100.00% +eddsa_pk_to_EVP_PKEY 8 0 100.00% 7 0 100.00% +eddsa_pk_from_EVP_PKEY 22 2 90.91% 12 1 91.67% +eddsa_verify_sig 30 2 93.33% 30 6 80.00% +eddsa_pk_verify_sig 9 1 88.89% 13 2 84.62% +eddsa.c:decode_pubkey_point 10 0 100.00% 11 0 100.00% +eddsa.c:decode_coord 12 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 125 5 96.00% 113 9 92.04% File '/libfido2/src/err.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_strerr 122 10 91.80% 126 10 92.06% -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- TOTAL 122 10 91.80% 126 10 92.06% File '/libfido2/src/es256.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -es256_pk_decode 8 0 100.00% 9 0 100.00% -es256_pk_encode 56 0 100.00% 48 0 100.00% +----------------------------------------------------------------------------------------- +es256_pk_decode 12 0 100.00% 9 0 100.00% +es256_pk_encode 80 0 100.00% 48 0 100.00% es256_sk_new 1 0 100.00% 3 0 100.00% -es256_sk_free 6 0 100.00% 7 0 100.00% +es256_sk_free 10 0 100.00% 6 0 100.00% es256_pk_new 1 0 100.00% 3 0 100.00% -es256_pk_free 6 0 100.00% 7 0 100.00% -es256_pk_from_ptr 15 0 100.00% 17 0 100.00% +es256_pk_free 10 0 100.00% 6 0 100.00% +es256_pk_from_ptr 16 0 100.00% 17 0 100.00% es256_pk_set_x 1 0 100.00% 4 0 100.00% es256_pk_set_y 1 0 100.00% 4 0 100.00% -es256_sk_create 39 0 100.00% 40 0 100.00% -es256_pk_to_EVP_PKEY 42 0 100.00% 53 0 100.00% -es256_pk_from_EC_KEY 42 2 95.24% 47 4 91.49% -es256_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00% -es256_sk_to_EVP_PKEY 28 0 100.00% 39 0 100.00% -es256_derive_pk 25 0 100.00% 29 0 100.00% -es256_verify_sig 12 2 83.33% 19 5 73.68% -es256_pk_verify_sig 7 1 85.71% 13 2 84.62% -es256.c:decode_pubkey_point 9 0 100.00% 13 0 100.00% -es256.c:decode_coord 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 315 5 98.41% 372 11 97.04% +es256_sk_create 60 0 100.00% 40 0 100.00% +es256_pk_to_EVP_PKEY 72 0 100.00% 53 0 100.00% +es256_pk_from_EC_KEY 58 2 96.55% 47 4 91.49% +es256_pk_from_EVP_PKEY 14 0 100.00% 7 0 100.00% +es256_sk_to_EVP_PKEY 48 0 100.00% 39 0 100.00% +es256_derive_pk 43 0 100.00% 29 0 100.00% +es256_verify_sig 19 1 94.74% 19 2 89.47% +es256_pk_verify_sig 9 1 88.89% 13 2 84.62% +es256.c:decode_pubkey_point 11 0 100.00% 13 0 100.00% +es256.c:decode_coord 12 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 478 4 99.16% 370 8 97.84% File '/libfido2/src/es384.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -es384_pk_decode 8 0 100.00% 9 0 100.00% +----------------------------------------------------------------------------------------- +es384_pk_decode 12 0 100.00% 9 0 100.00% es384_pk_new 1 0 100.00% 3 0 100.00% -es384_pk_free 6 0 100.00% 7 0 100.00% -es384_pk_from_ptr 15 0 100.00% 17 0 100.00% -es384_pk_to_EVP_PKEY 42 0 100.00% 53 0 100.00% -es384_pk_from_EC_KEY 42 2 95.24% 47 4 91.49% -es384_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00% -es384_verify_sig 12 2 83.33% 19 5 73.68% -es384_pk_verify_sig 7 1 85.71% 13 2 84.62% -es384.c:decode_pubkey_point 9 0 100.00% 13 0 100.00% -es384.c:decode_coord 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 158 5 96.84% 198 11 94.44% +es384_pk_free 10 0 100.00% 6 0 100.00% +es384_pk_from_ptr 16 0 100.00% 17 0 100.00% +es384_pk_to_EVP_PKEY 73 0 100.00% 53 0 100.00% +es384_pk_from_EC_KEY 59 2 96.61% 47 4 91.49% +es384_pk_from_EVP_PKEY 14 0 100.00% 7 0 100.00% +es384_verify_sig 19 2 89.47% 19 5 73.68% +es384_pk_verify_sig 9 1 88.89% 13 2 84.62% +es384.c:decode_pubkey_point 11 0 100.00% 13 0 100.00% +es384.c:decode_coord 12 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 236 5 97.88% 197 11 94.42% File '/libfido2/src/extern.h': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- File '/libfido2/src/fallthrough.h': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- File '/libfido2/src/fido.h': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- File '/libfido2/src/hid.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_hid_get_usage 13 0 100.00% 22 0 100.00% fido_hid_get_report_len 19 0 100.00% 27 0 100.00% fido_dev_info_new 1 0 100.00% 3 0 100.00% -fido_dev_info_free 9 0 100.00% 9 0 100.00% +fido_dev_info_free 13 0 100.00% 8 0 100.00% fido_dev_info_ptr 1 0 100.00% 3 0 100.00% -fido_dev_info_set 26 2 92.31% 30 3 90.00% +fido_dev_info_set 41 2 95.12% 30 3 90.00% fido_dev_info_path 1 0 100.00% 3 0 100.00% fido_dev_info_vendor 1 0 100.00% 3 0 100.00% fido_dev_info_product 1 0 100.00% 3 0 100.00% @@ -533,45 +545,45 @@ fido_dev_info_product_string 1 0 100.00% 3 hid.c:get_key_len 6 0 100.00% 12 0 100.00% hid.c:get_key_val 6 0 100.00% 18 0 100.00% hid.c:fido_dev_info_reset 1 0 100.00% 6 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 87 2 97.70% 145 3 97.93% +----------------------------------------------------------------------------------------- +TOTAL 106 2 98.11% 144 3 97.92% File '/libfido2/src/hid_linux.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_hid_manifest 35 4 88.57% 41 2 95.12% -fido_hid_open 33 33 0.00% 51 51 0.00% -fido_hid_close 3 3 0.00% 6 6 0.00% +----------------------------------------------------------------------------------------- +fido_hid_manifest 48 4 91.67% 41 2 95.12% +fido_hid_open 52 52 0.00% 51 51 0.00% +fido_hid_close 4 4 0.00% 6 6 0.00% fido_hid_set_sigmask 2 2 0.00% 6 6 0.00% -fido_hid_read 15 15 0.00% 21 21 0.00% -fido_hid_write 12 12 0.00% 17 17 0.00% +fido_hid_read 16 16 0.00% 21 21 0.00% +fido_hid_write 13 13 0.00% 17 17 0.00% fido_hid_report_in_len 1 1 0.00% 4 4 0.00% fido_hid_report_out_len 1 1 0.00% 4 4 0.00% -hid_linux.c:copy_info 34 0 100.00% 44 0 100.00% -hid_linux.c:is_fido 15 1 93.33% 16 1 93.75% -hid_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00% -hid_linux.c:parse_uevent 12 0 100.00% 24 0 100.00% +hid_linux.c:copy_info 63 0 100.00% 53 0 100.00% +hid_linux.c:is_fido 19 2 89.47% 16 1 93.75% +hid_linux.c:get_parent_attr 10 0 100.00% 9 0 100.00% +hid_linux.c:parse_uevent 36 0 100.00% 29 0 100.00% hid_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00% -hid_linux.c:get_report_descriptor 14 1 92.86% 17 3 82.35% -------------------------------------------------------------------------------------------------------------------- -TOTAL 184 73 60.33% 263 115 56.27% +hid_linux.c:get_report_descriptor 17 1 94.12% 17 3 82.35% +----------------------------------------------------------------------------------------- +TOTAL 283 96 66.08% 277 115 58.48% File '/libfido2/src/hid_unix.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_hid_unix_open 18 11 38.89% 22 14 36.36% -fido_hid_unix_wait 11 10 9.09% 21 12 42.86% -------------------------------------------------------------------------------------------------------------------- -TOTAL 29 21 27.59% 43 26 39.53% +----------------------------------------------------------------------------------------- +fido_hid_unix_open 31 20 35.48% 22 14 36.36% +fido_hid_unix_wait 15 13 13.33% 21 12 42.86% +----------------------------------------------------------------------------------------- +TOTAL 46 33 28.26% 43 26 39.53% File '/libfido2/src/info.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_dev_get_cbor_info_wait 10 0 100.00% 7 0 100.00% fido_dev_get_cbor_info 1 0 100.00% 4 0 100.00% -fido_cbor_info_new 4 0 100.00% 7 0 100.00% +fido_cbor_info_new 6 0 100.00% 7 0 100.00% fido_cbor_info_reset 1 0 100.00% 10 0 100.00% -fido_cbor_info_free 6 0 100.00% 8 0 100.00% +fido_cbor_info_free 10 0 100.00% 7 0 100.00% fido_cbor_info_versions_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_versions_len 1 0 100.00% 3 0 100.00% fido_cbor_info_extensions_ptr 1 0 100.00% 3 0 100.00% @@ -597,36 +609,36 @@ fido_cbor_info_rk_remaining 1 0 100.00% 3 fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00% fido_cbor_info_algorithm_count 1 0 100.00% 3 0 100.00% -fido_cbor_info_algorithm_type 4 0 100.00% 5 0 100.00% +fido_cbor_info_algorithm_type 5 0 100.00% 5 0 100.00% fido_cbor_info_algorithm_cose 4 0 100.00% 5 0 100.00% fido_cbor_info_new_pin_required 1 0 100.00% 3 0 100.00% fido_cbor_info_certs_name_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_certs_value_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_certs_len 1 0 100.00% 3 0 100.00% info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 9 0 100.00% -info.c:fido_dev_get_cbor_info_rx 14 0 100.00% 21 0 100.00% -info.c:parse_reply_element 32 0 100.00% 59 0 100.00% -info.c:decode_string_array 12 0 100.00% 17 0 100.00% +info.c:fido_dev_get_cbor_info_rx 15 0 100.00% 21 0 100.00% +info.c:parse_reply_element 35 0 100.00% 59 0 100.00% +info.c:decode_string_array 17 0 100.00% 17 0 100.00% info.c:decode_string 4 0 100.00% 10 0 100.00% -info.c:decode_aaguid 8 0 100.00% 10 0 100.00% -info.c:decode_options 11 0 100.00% 15 0 100.00% -info.c:decode_option 7 0 100.00% 15 0 100.00% -info.c:decode_protocols 12 0 100.00% 17 0 100.00% -info.c:decode_protocol 6 0 100.00% 12 0 100.00% -info.c:decode_algorithms 12 0 100.00% 17 0 100.00% -info.c:decode_algorithm 9 0 100.00% 17 0 100.00% -info.c:decode_algorithm_entry 20 0 100.00% 27 0 100.00% -info.c:decode_certs 11 0 100.00% 15 0 100.00% -info.c:decode_cert 7 0 100.00% 15 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 232 0 100.00% 409 0 100.00% +info.c:decode_aaguid 12 0 100.00% 10 0 100.00% +info.c:decode_options 19 0 100.00% 15 0 100.00% +info.c:decode_option 8 0 100.00% 15 0 100.00% +info.c:decode_protocols 17 0 100.00% 17 0 100.00% +info.c:decode_protocol 8 0 100.00% 12 0 100.00% +info.c:decode_algorithms 17 0 100.00% 17 0 100.00% +info.c:decode_algorithm 12 0 100.00% 17 0 100.00% +info.c:decode_algorithm_entry 25 0 100.00% 27 0 100.00% +info.c:decode_certs 19 0 100.00% 15 0 100.00% +info.c:decode_cert 8 0 100.00% 15 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 290 0 100.00% 408 0 100.00% File '/libfido2/src/io.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_tx 14 0 100.00% 11 0 100.00% -fido_rx 13 1 92.31% 14 3 78.57% -fido_rx_cbor_status 16 0 100.00% 19 0 100.00% +----------------------------------------------------------------------------------------- +fido_tx 20 0 100.00% 11 0 100.00% +fido_rx 19 1 94.74% 14 3 78.57% +fido_rx_cbor_status 17 0 100.00% 19 0 100.00% io.c:transport_tx 7 0 100.00% 10 0 100.00% io.c:tx_empty 9 0 100.00% 14 0 100.00% io.c:tx_pkt 7 0 100.00% 10 0 100.00% @@ -637,318 +649,316 @@ io.c:transport_rx 7 0 100.00% 10 io.c:rx 40 2 95.00% 52 2 96.15% io.c:rx_preamble 23 2 91.30% 22 5 77.27% io.c:rx_frame 11 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 193 7 96.37% 230 12 94.78% +----------------------------------------------------------------------------------------- +TOTAL 206 7 96.60% 230 12 94.78% File '/libfido2/src/iso7816.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -iso7816_new 4 0 100.00% 16 0 100.00% -iso7816_free 6 0 100.00% 7 0 100.00% -iso7816_add 6 1 83.33% 8 1 87.50% +----------------------------------------------------------------------------------------- +iso7816_new 6 0 100.00% 16 0 100.00% +iso7816_free 10 0 100.00% 6 0 100.00% +iso7816_add 7 1 85.71% 8 1 87.50% iso7816_ptr 1 0 100.00% 3 0 100.00% -iso7816_len 1 0 100.00% 4 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 18 1 94.44% 38 1 97.37% +iso7816_len 3 0 100.00% 3 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 27 1 96.30% 36 1 97.22% File '/libfido2/src/largeblob.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_dev_largeblob_get 26 2 92.31% 38 4 89.47% -fido_dev_largeblob_set 27 0 100.00% 36 0 100.00% +----------------------------------------------------------------------------------------- +fido_dev_largeblob_get 33 2 93.94% 38 4 89.47% +fido_dev_largeblob_set 32 0 100.00% 36 0 100.00% fido_dev_largeblob_remove 12 0 100.00% 18 0 100.00% -fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19% -fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00% -largeblob.c:largeblob_get_array 32 0 100.00% 36 0 100.00% -largeblob.c:get_chunklen 10 1 90.00% 9 1 88.89% -largeblob.c:largeblob_get_tx 19 0 100.00% 24 0 100.00% -largeblob.c:largeblob_get_rx 26 0 100.00% 30 0 100.00% -largeblob.c:parse_largeblob_reply 8 0 100.00% 9 0 100.00% +fido_dev_largeblob_get_array 20 2 90.00% 27 4 85.19% +fido_dev_largeblob_set_array 18 0 100.00% 19 0 100.00% +largeblob.c:largeblob_get_array 36 0 100.00% 36 0 100.00% +largeblob.c:get_chunklen 14 3 78.57% 9 1 88.89% +largeblob.c:largeblob_get_tx 22 0 100.00% 24 0 100.00% +largeblob.c:largeblob_get_rx 29 0 100.00% 30 0 100.00% +largeblob.c:parse_largeblob_reply 10 0 100.00% 9 0 100.00% largeblob.c:largeblob_array_check 7 0 100.00% 16 0 100.00% -largeblob.c:largeblob_array_digest 10 0 100.00% 9 0 100.00% -largeblob.c:largeblob_array_load 14 2 85.71% 19 7 63.16% -largeblob.c:largeblob_array_lookup 25 0 100.00% 33 0 100.00% +largeblob.c:largeblob_array_digest 12 0 100.00% 9 0 100.00% +largeblob.c:largeblob_array_load 18 4 77.78% 19 7 63.16% +largeblob.c:largeblob_array_lookup 32 0 100.00% 33 0 100.00% largeblob.c:largeblob_decode 16 2 87.50% 16 6 62.50% -largeblob.c:largeblob_do_decode 27 3 88.89% 30 7 76.67% -largeblob.c:largeblob_decrypt 15 0 100.00% 24 0 100.00% -largeblob.c:largeblob_aad 1 0 100.00% 10 0 100.00% +largeblob.c:largeblob_do_decode 31 3 90.32% 30 7 76.67% +largeblob.c:largeblob_decrypt 20 0 100.00% 24 0 100.00% +largeblob.c:largeblob_aad 2 0 100.00% 10 0 100.00% largeblob.c:largeblob_reset 1 0 100.00% 5 0 100.00% -largeblob.c:largeblob_encode 16 0 100.00% 21 0 100.00% +largeblob.c:largeblob_encode 24 0 100.00% 21 0 100.00% largeblob.c:largeblob_new 1 0 100.00% 3 0 100.00% -largeblob.c:largeblob_seal 20 0 100.00% 32 0 100.00% +largeblob.c:largeblob_seal 25 0 100.00% 32 0 100.00% largeblob.c:largeblob_get_nonce 8 0 100.00% 16 0 100.00% -largeblob.c:largeblob_free 6 0 100.00% 8 0 100.00% -largeblob.c:largeblob_add 27 2 92.59% 35 3 91.43% -largeblob.c:largeblob_drop 21 0 100.00% 27 0 100.00% -largeblob.c:largeblob_set_array 54 2 96.30% 61 4 93.44% -largeblob.c:largeblob_get_uv_token 19 0 100.00% 23 0 100.00% -largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00% -largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57% -------------------------------------------------------------------------------------------------------------------- -TOTAL 525 18 96.57% 693 43 93.80% +largeblob.c:largeblob_free 10 0 100.00% 7 0 100.00% +largeblob.c:largeblob_add 30 2 93.33% 35 3 91.43% +largeblob.c:largeblob_drop 24 0 100.00% 27 0 100.00% +largeblob.c:largeblob_set_array 59 2 96.61% 61 4 93.44% +largeblob.c:largeblob_get_uv_token 23 0 100.00% 23 0 100.00% +largeblob.c:largeblob_set_tx 47 0 100.00% 36 0 100.00% +largeblob.c:prepare_hmac 17 2 88.24% 23 7 69.57% +----------------------------------------------------------------------------------------- +TOTAL 633 22 96.52% 692 43 93.79% File '/libfido2/src/log.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------- fido_log_init 1 0 100.00% 4 0 100.00% -fido_log_debug 6 1 83.33% 8 1 87.50% -fido_log_xxd 16 1 93.75% 24 1 95.83% -fido_log_error 8 2 75.00% 11 2 81.82% -fido_set_log_handler 3 0 100.00% 4 0 100.00% -log.c:log_on_stderr 1 1 0.00% 3 3 0.00% -log.c:do_log 4 0 100.00% 9 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 39 5 87.18% 63 7 88.89% +fido_log_debug 10 1 90.00% 7 1 85.71% +fido_log_xxd 19 1 94.74% 24 1 95.83% +fido_log_error 11 2 81.82% 10 2 80.00% +fido_set_log_handler 4 0 100.00% 4 0 100.00% +log.c:log_on_stderr 2 2 0.00% 2 2 0.00% +log.c:do_log 5 0 100.00% 9 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 52 6 88.46% 60 6 90.00% File '/libfido2/src/netlink.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_nl_power_nfc 18 0 100.00% 24 0 100.00% +----------------------------------------------------------------------------------------- +fido_nl_power_nfc 24 0 100.00% 24 0 100.00% fido_nl_get_nfc_target 17 0 100.00% 31 0 100.00% -fido_nl_free 10 2 80.00% 9 2 77.78% -fido_nl_new 16 1 93.75% 26 3 88.46% +fido_nl_free 15 3 80.00% 8 2 75.00% +fido_nl_new 27 2 92.59% 26 3 88.46% set_netlink_io_functions 1 0 100.00% 4 0 100.00% -netlink.c:nlmsg_new 8 0 100.00% 15 0 100.00% -netlink.c:nlmsg_set_genl 1 0 100.00% 7 0 100.00% -netlink.c:nlmsg_write 6 1 83.33% 7 1 85.71% +netlink.c:nlmsg_new 19 0 100.00% 15 0 100.00% +netlink.c:nlmsg_set_genl 2 0 100.00% 7 0 100.00% +netlink.c:nlmsg_write 7 1 85.71% 7 1 85.71% netlink.c:nlmsg_set_u32 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_setattr 15 1 93.33% 17 0 100.00% -netlink.c:nlmsg_tx 10 1 90.00% 13 3 76.92% +netlink.c:nlmsg_setattr 20 1 95.00% 17 0 100.00% +netlink.c:nlmsg_tx 11 1 90.91% 13 3 76.92% netlink.c:nlmsg_ptr 1 0 100.00% 3 0 100.00% netlink.c:nlmsg_len 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_rx 11 2 81.82% 17 6 64.71% -netlink.c:nl_parse_reply 20 0 100.00% 28 0 100.00% -netlink.c:nlmsg_from_buf 15 0 100.00% 17 0 100.00% +netlink.c:nlmsg_rx 16 2 87.50% 17 6 64.71% +netlink.c:nl_parse_reply 24 0 100.00% 28 0 100.00% +netlink.c:nlmsg_from_buf 23 0 100.00% 17 0 100.00% netlink.c:nlmsg_type 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_get_status 8 0 100.00% 8 0 100.00% +netlink.c:nlmsg_get_status 9 0 100.00% 8 0 100.00% netlink.c:nlmsg_read 6 0 100.00% 7 0 100.00% netlink.c:nlmsg_get_genl 6 0 100.00% 7 0 100.00% -netlink.c:nlmsg_iter 6 0 100.00% 13 0 100.00% +netlink.c:nlmsg_iter 7 0 100.00% 13 0 100.00% netlink.c:nlmsg_getattr 1 0 100.00% 3 0 100.00% -netlink.c:nla_from_buf 17 0 100.00% 21 0 100.00% -netlink.c:nl_nfc_poll 18 0 100.00% 25 0 100.00% +netlink.c:nla_from_buf 27 0 100.00% 21 0 100.00% +netlink.c:nl_nfc_poll 25 0 100.00% 25 0 100.00% netlink.c:parse_nfc_event 10 0 100.00% 17 0 100.00% netlink.c:nla_type 1 0 100.00% 3 0 100.00% netlink.c:nla_get_u32 1 0 100.00% 3 0 100.00% netlink.c:nla_read 6 0 100.00% 7 0 100.00% -netlink.c:nl_dump_nfc_target 19 0 100.00% 31 0 100.00% +netlink.c:nl_dump_nfc_target 24 0 100.00% 31 0 100.00% netlink.c:parse_target 9 0 100.00% 13 0 100.00% -netlink.c:nl_get_nfc_family 23 0 100.00% 33 0 100.00% +netlink.c:nl_get_nfc_family 32 0 100.00% 33 0 100.00% netlink.c:nlmsg_set_u16 1 0 100.00% 3 0 100.00% netlink.c:nlmsg_set_str 1 0 100.00% 3 0 100.00% netlink.c:parse_family 10 0 100.00% 17 0 100.00% netlink.c:nla_get_u16 1 0 100.00% 3 0 100.00% -netlink.c:nla_iter 6 0 100.00% 13 0 100.00% +netlink.c:nla_iter 7 0 100.00% 13 0 100.00% netlink.c:nla_getattr 1 0 100.00% 3 0 100.00% netlink.c:parse_mcastgrps 1 0 100.00% 3 0 100.00% -netlink.c:parse_mcastgrp 15 0 100.00% 24 0 100.00% -netlink.c:nla_get_str 10 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 329 8 97.57% 498 15 96.99% +netlink.c:parse_mcastgrp 18 0 100.00% 24 0 100.00% +netlink.c:nla_get_str 14 0 100.00% 11 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 428 10 97.66% 497 15 96.98% File '/libfido2/src/nfc.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_nfc_tx 28 0 100.00% 43 0 100.00% -fido_nfc_rx 8 0 100.00% 13 0 100.00% -nfc_is_fido 13 1 92.31% 21 3 85.71% +----------------------------------------------------------------------------------------- +fido_nfc_tx 36 0 100.00% 43 0 100.00% +fido_nfc_rx 9 0 100.00% 13 0 100.00% +nfc_is_fido 17 1 94.12% 21 3 85.71% fido_is_nfc 3 0 100.00% 3 0 100.00% -fido_dev_set_nfc 4 1 75.00% 18 3 83.33% +fido_dev_set_nfc 6 1 83.33% 18 3 83.33% nfc.c:nfc_do_tx 20 0 100.00% 25 0 100.00% nfc.c:tx_short_apdu 14 0 100.00% 32 0 100.00% -nfc.c:rx_init 25 0 100.00% 27 0 100.00% -nfc.c:rx_cbor 4 0 100.00% 6 0 100.00% -nfc.c:rx_msg 18 2 88.89% 23 6 73.91% -nfc.c:rx_apdu 14 1 92.86% 22 3 86.36% -nfc.c:tx_get_response 4 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 155 5 96.77% 244 15 93.85% +nfc.c:rx_init 26 0 100.00% 27 0 100.00% +nfc.c:rx_cbor 5 0 100.00% 6 0 100.00% +nfc.c:rx_msg 19 1 94.74% 23 3 86.96% +nfc.c:rx_apdu 14 0 100.00% 22 0 100.00% +nfc.c:tx_get_response 7 0 100.00% 12 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 176 3 98.30% 245 9 96.33% File '/libfido2/src/nfc_linux.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_nfc_manifest 35 7 80.00% 45 15 66.67% -fido_nfc_open 20 3 85.00% 23 4 82.61% +----------------------------------------------------------------------------------------- +fido_nfc_manifest 48 7 85.42% 45 15 66.67% +fido_nfc_open 23 2 91.30% 22 4 81.82% fido_nfc_close 1 1 0.00% 4 4 0.00% fido_nfc_set_sigmask 2 2 0.00% 6 6 0.00% -fido_nfc_read 14 14 0.00% 30 30 0.00% -fido_nfc_write 12 12 0.00% 18 18 0.00% -nfc_linux.c:copy_info 39 22 43.59% 44 16 63.64% +fido_nfc_read 15 15 0.00% 30 30 0.00% +fido_nfc_write 14 14 0.00% 18 18 0.00% +nfc_linux.c:copy_info 57 33 42.11% 44 16 63.64% nfc_linux.c:get_usb_attr 1 1 0.00% 3 3 0.00% -nfc_linux.c:get_parent_attr 6 6 0.00% 9 9 0.00% -nfc_linux.c:sysnum_from_syspath 15 0 100.00% 17 0 100.00% -nfc_linux.c:nfc_new 6 0 100.00% 11 0 100.00% -nfc_linux.c:nfc_target_connect 9 9 0.00% 21 21 0.00% -nfc_linux.c:nfc_free 12 0 100.00% 11 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 172 77 55.23% 242 126 47.93% +nfc_linux.c:get_parent_attr 10 10 0.00% 9 9 0.00% +nfc_linux.c:sysnum_from_syspath 26 0 100.00% 17 0 100.00% +nfc_linux.c:nfc_new 10 0 100.00% 11 0 100.00% +nfc_linux.c:nfc_target_connect 20 8 60.00% 21 9 57.14% +nfc_linux.c:nfc_free 18 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------- +TOTAL 245 93 62.04% 240 114 52.50% File '/libfido2/src/pcsc.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------------------------------- -fido_pcsc_manifest 51 0 100.00% 55 0 100.00% -fido_pcsc_open 32 0 100.00% 43 0 100.00% +----------------------------------------------------------------------------------------- +fido_pcsc_manifest 55 0 100.00% 55 0 100.00% +fido_pcsc_open 38 0 100.00% 43 0 100.00% fido_pcsc_close 6 0 100.00% 9 0 100.00% fido_pcsc_read 8 0 100.00% 16 0 100.00% -fido_pcsc_write 8 0 100.00% 22 0 100.00% +fido_pcsc_write 10 0 100.00% 22 0 100.00% fido_pcsc_tx 1 0 100.00% 3 0 100.00% fido_pcsc_rx 1 0 100.00% 3 0 100.00% fido_is_pcsc 3 0 100.00% 3 0 100.00% -fido_dev_set_pcsc 4 1 75.00% 18 3 83.33% -pcsc.c:list_readers 24 0 100.00% 24 0 100.00% -pcsc.c:copy_info 30 0 100.00% 41 0 100.00% -pcsc.c:get_reader 25 0 100.00% 28 0 100.00% +fido_dev_set_pcsc 6 1 83.33% 18 3 83.33% +pcsc.c:list_readers 27 0 100.00% 24 0 100.00% +pcsc.c:copy_info 35 0 100.00% 41 0 100.00% +pcsc.c:get_reader 28 0 100.00% 28 0 100.00% pcsc.c:prepare_io_request 11 0 100.00% 17 0 100.00% -------------------------------------------------------------------------------------------------------------------- -TOTAL 204 1 99.51% 282 3 98.94% +----------------------------------------------------------------------------------------- +TOTAL 229 1 99.56% 282 3 98.94% File '/libfido2/src/pin.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_sha256 7 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------- +fido_sha256 10 0 100.00% 10 0 100.00% fido_dev_get_uv_token 1 0 100.00% 3 0 100.00% fido_dev_set_pin 1 0 100.00% 4 0 100.00% fido_dev_get_retry_count 1 0 100.00% 4 0 100.00% fido_dev_get_uv_retry_count 1 0 100.00% 4 0 100.00% -cbor_add_uv_params 17 0 100.00% 23 0 100.00% -pin.c:uv_token_wait 14 2 85.71% 12 1 91.67% -pin.c:ctap21_uv_token_tx 49 0 100.00% 53 0 100.00% -pin.c:pin_sha256_enc 19 0 100.00% 24 0 100.00% -pin.c:encode_uv_permission 20 1 95.00% 19 3 84.21% -pin.c:ctap20_uv_token_tx 37 0 100.00% 45 0 100.00% -pin.c:uv_token_rx 27 0 100.00% 34 0 100.00% -pin.c:parse_uv_token 8 0 100.00% 10 0 100.00% -pin.c:fido_dev_set_pin_wait 21 0 100.00% 24 0 100.00% -pin.c:fido_dev_change_pin_tx 45 0 100.00% 56 0 100.00% -pin.c:pin_pad64_enc 15 0 100.00% 21 0 100.00% -pin.c:pad64 18 0 100.00% 20 0 100.00% -pin.c:fido_dev_set_pin_tx 33 0 100.00% 41 0 100.00% +cbor_add_uv_params 22 0 100.00% 23 0 100.00% +pin.c:uv_token_wait 17 2 88.24% 12 1 91.67% +pin.c:ctap21_uv_token_tx 69 0 100.00% 53 0 100.00% +pin.c:pin_sha256_enc 23 0 100.00% 24 0 100.00% +pin.c:encode_uv_permission 25 2 92.00% 20 2 90.00% +pin.c:ctap20_uv_token_tx 49 0 100.00% 45 0 100.00% +pin.c:uv_token_rx 31 0 100.00% 34 0 100.00% +pin.c:parse_uv_token 10 0 100.00% 10 0 100.00% +pin.c:fido_dev_set_pin_wait 22 0 100.00% 24 0 100.00% +pin.c:fido_dev_change_pin_tx 63 0 100.00% 56 0 100.00% +pin.c:pin_pad64_enc 17 0 100.00% 21 0 100.00% +pin.c:pad64 20 0 100.00% 20 0 100.00% +pin.c:fido_dev_set_pin_tx 45 0 100.00% 41 0 100.00% pin.c:fido_dev_get_pin_retry_count_wait 10 0 100.00% 7 0 100.00% -pin.c:fido_dev_get_retry_count_tx 19 0 100.00% 23 0 100.00% -pin.c:fido_dev_get_pin_retry_count_rx 19 0 100.00% 24 0 100.00% +pin.c:fido_dev_get_retry_count_tx 22 0 100.00% 23 0 100.00% +pin.c:fido_dev_get_pin_retry_count_rx 20 0 100.00% 24 0 100.00% pin.c:parse_pin_retry_count 1 0 100.00% 3 0 100.00% -pin.c:parse_retry_count 13 0 100.00% 16 0 100.00% +pin.c:parse_retry_count 16 0 100.00% 16 0 100.00% pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 7 0 100.00% -pin.c:fido_dev_get_uv_retry_count_rx 19 0 100.00% 24 0 100.00% +pin.c:fido_dev_get_uv_retry_count_rx 20 0 100.00% 24 0 100.00% pin.c:parse_uv_retry_count 1 0 100.00% 3 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 426 3 99.30% 514 4 99.22% +------------------------------------------------------------------------------------------- +TOTAL 527 4 99.24% 515 3 99.42% File '/libfido2/src/random.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- fido_get_random 6 0 100.00% 6 0 100.00% ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- TOTAL 6 0 100.00% 6 0 100.00% File '/libfido2/src/reset.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- fido_dev_reset 1 0 100.00% 4 0 100.00% reset.c:fido_dev_reset_wait 15 0 100.00% 11 0 100.00% reset.c:fido_dev_reset_tx 8 0 100.00% 8 0 100.00% ---------------------------------------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------- TOTAL 24 0 100.00% 23 0 100.00% File '/libfido2/src/rs1.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -rs1_verify_sig 20 2 90.00% 30 6 80.00% -rs1.c:rs1_get_EVP_MD 1 0 100.00% 3 0 100.00% -rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 22 2 90.91% 36 6 83.33% +------------------------------------------------------------------------------------------- +rs1_verify_sig 30 1 96.67% 29 3 89.66% +rs1.c:rs1_get_EVP_MD 1 0 100.00% 6 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 31 1 96.77% 35 3 91.43% File '/libfido2/src/rs256.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -rs256_pk_decode 8 0 100.00% 9 0 100.00% +------------------------------------------------------------------------------------------- +rs256_pk_decode 12 0 100.00% 9 0 100.00% rs256_pk_new 1 0 100.00% 3 0 100.00% -rs256_pk_free 6 0 100.00% 7 0 100.00% -rs256_pk_from_ptr 10 0 100.00% 12 0 100.00% -rs256_pk_to_EVP_PKEY 35 0 100.00% 43 0 100.00% -rs256_pk_from_RSA 32 6 81.25% 26 9 65.38% -rs256_pk_from_EVP_PKEY 8 0 100.00% 7 0 100.00% -rs256_verify_sig 20 2 90.00% 30 5 83.33% -rs256_pk_verify_sig 7 1 85.71% 13 2 84.62% -rs256.c:decode_rsa_pubkey 9 0 100.00% 13 0 100.00% -rs256.c:decode_bignum 8 0 100.00% 10 0 100.00% -rs256.c:rs256_get_EVP_MD 1 0 100.00% 3 0 100.00% -rs256.c:rs256_free_EVP_MD 1 0 100.00% 3 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 146 9 93.84% 179 16 91.06% +rs256_pk_free 10 0 100.00% 6 0 100.00% +rs256_pk_from_ptr 11 0 100.00% 12 0 100.00% +rs256_pk_to_EVP_PKEY 61 0 100.00% 43 0 100.00% +rs256_pk_from_RSA 40 6 85.00% 26 9 65.38% +rs256_pk_from_EVP_PKEY 14 0 100.00% 7 0 100.00% +rs256_verify_sig 30 1 96.67% 29 2 93.10% +rs256_pk_verify_sig 9 1 88.89% 13 2 84.62% +rs256.c:decode_rsa_pubkey 11 0 100.00% 13 0 100.00% +rs256.c:decode_bignum 12 0 100.00% 10 0 100.00% +rs256.c:rs256_get_EVP_MD 1 0 100.00% 6 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 212 8 96.23% 177 13 92.66% File '/libfido2/src/time.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_time_now 4 0 100.00% 7 0 100.00% -fido_time_delta 23 1 95.65% 23 0 100.00% -time.c:timespec_to_ms 16 2 87.50% 13 2 84.62% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 43 3 93.02% 43 2 95.35% +------------------------------------------------------------------------------------------- +fido_time_now 6 0 100.00% 7 0 100.00% +fido_time_delta 25 1 96.00% 23 0 100.00% +time.c:timespec_to_ms 19 2 89.47% 13 2 84.62% +------------------------------------------------------------------------------------------- +TOTAL 50 3 94.00% 43 2 95.35% File '/libfido2/src/touch.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_dev_get_touch_begin 50 0 100.00% 59 0 100.00% -fido_dev_get_touch_status 17 0 100.00% 20 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 67 0 100.00% 79 0 100.00% +------------------------------------------------------------------------------------------- +fido_dev_get_touch_begin 64 0 100.00% 59 0 100.00% +fido_dev_get_touch_status 18 0 100.00% 20 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 82 0 100.00% 79 0 100.00% File '/libfido2/src/tpm.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_get_signed_hash_tpm 25 0 100.00% 39 0 100.00% -tpm.c:check_es256_pubarea 19 0 100.00% 30 0 100.00% -tpm.c:bswap_es256_pubarea 1 0 100.00% 12 0 100.00% -tpm.c:check_rs256_pubarea 17 0 100.00% 28 0 100.00% -tpm.c:bswap_rs256_pubarea 1 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------- +fido_get_signed_hash_tpm 28 0 100.00% 39 0 100.00% +tpm.c:check_es256_pubarea 20 0 100.00% 30 0 100.00% +tpm.c:bswap_es256_pubarea 11 0 100.00% 11 0 100.00% +tpm.c:check_rs256_pubarea 18 0 100.00% 28 0 100.00% +tpm.c:bswap_rs256_pubarea 9 0 100.00% 9 0 100.00% tpm.c:check_sha1_certinfo 15 0 100.00% 38 0 100.00% -tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00% -tpm.c:get_signed_name 7 0 100.00% 10 0 100.00% -tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 103 0 100.00% 194 0 100.00% +tpm.c:get_signed_sha1 27 0 100.00% 19 0 100.00% +tpm.c:get_signed_name 9 0 100.00% 10 0 100.00% +tpm.c:bswap_sha1_certinfo 7 0 100.00% 7 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 144 0 100.00% 191 0 100.00% File '/libfido2/src/types.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_str_array_free 4 0 100.00% 7 0 100.00% -fido_opt_array_free 4 0 100.00% 9 0 100.00% -fido_byte_array_free 1 0 100.00% 5 0 100.00% -fido_algo_free 1 0 100.00% 5 0 100.00% -fido_algo_array_free 4 0 100.00% 7 0 100.00% -fido_cert_array_free 4 0 100.00% 9 0 100.00% -fido_str_array_pack 11 0 100.00% 14 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 29 0 100.00% 56 0 100.00% +------------------------------------------------------------------------------------------- +fido_str_array_free 5 0 100.00% 6 0 100.00% +fido_opt_array_free 6 0 100.00% 8 0 100.00% +fido_byte_array_free 2 0 100.00% 4 0 100.00% +fido_algo_free 2 0 100.00% 4 0 100.00% +fido_algo_array_free 5 0 100.00% 6 0 100.00% +fido_cert_array_free 6 0 100.00% 8 0 100.00% +fido_str_array_pack 13 0 100.00% 14 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 39 0 100.00% 50 0 100.00% File '/libfido2/src/u2f.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -u2f_register 76 0 100.00% 81 0 100.00% -u2f_authenticate 33 0 100.00% 37 0 100.00% -u2f_get_touch_begin 37 0 100.00% 45 0 100.00% -u2f_get_touch_status 26 0 100.00% 36 0 100.00% -u2f.c:key_lookup 51 0 100.00% 65 0 100.00% -u2f.c:send_dummy_register 37 0 100.00% 45 0 100.00% -u2f.c:delay_ms 13 1 92.31% 15 3 80.00% -u2f.c:parse_register_reply 49 0 100.00% 62 0 100.00% -u2f.c:x5c_get 21 1 95.24% 26 3 88.46% -u2f.c:sig_get 6 0 100.00% 10 0 100.00% -u2f.c:encode_cred_attstmt 45 0 100.00% 52 0 100.00% -u2f.c:encode_cred_authdata 33 2 93.94% 61 6 90.16% -u2f.c:cbor_blob_from_ec_point 22 0 100.00% 31 0 100.00% +------------------------------------------------------------------------------------------- +u2f_register 87 0 100.00% 81 0 100.00% +u2f_authenticate 34 0 100.00% 37 0 100.00% +u2f_get_touch_begin 44 0 100.00% 45 0 100.00% +u2f_get_touch_status 27 0 100.00% 36 0 100.00% +u2f.c:key_lookup 62 0 100.00% 66 0 100.00% +u2f.c:send_dummy_register 43 0 100.00% 45 0 100.00% +u2f.c:delay_ms 15 1 93.33% 15 3 80.00% +u2f.c:parse_register_reply 52 0 100.00% 62 0 100.00% +u2f.c:x5c_get 30 1 96.67% 26 3 88.46% +u2f.c:sig_get 8 0 100.00% 10 0 100.00% +u2f.c:encode_cred_attstmt 64 0 100.00% 52 0 100.00% +u2f.c:encode_cred_authdata 38 2 94.74% 61 6 90.16% +u2f.c:cbor_blob_from_ec_point 27 0 100.00% 31 0 100.00% u2f.c:u2f_authenticate_single 32 0 100.00% 43 0 100.00% -u2f.c:do_auth 56 0 100.00% 67 0 100.00% +u2f.c:do_auth 67 0 100.00% 67 0 100.00% u2f.c:parse_auth_reply 23 0 100.00% 23 0 100.00% -u2f.c:authdata_fake 12 0 100.00% 27 0 100.00% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 572 4 99.30% 726 12 98.35% +u2f.c:authdata_fake 16 0 100.00% 27 0 100.00% +------------------------------------------------------------------------------------------- +TOTAL 669 4 99.40% 727 12 98.35% File '/libfido2/src/util.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------------------------------------- -fido_to_uint64 14 1 92.86% 14 1 92.86% ---------------------------------------------------------------------------------------------------------------------- -TOTAL 14 1 92.86% 14 1 92.86% +------------------------------------------------------------------------------------------- +fido_to_uint64 21 1 95.24% 14 1 92.86% +------------------------------------------------------------------------------------------- +TOTAL 21 1 95.24% 14 1 92.86% diff --git a/contrib/libfido2/fuzz/fuzz_attobj.c b/contrib/libfido2/fuzz/fuzz_attobj.c new file mode 100644 index 000000000000..4fddc0f461a9 --- /dev/null +++ b/contrib/libfido2/fuzz/fuzz_attobj.c @@ -0,0 +1,333 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <assert.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "mutator_aux.h" +#include "wiredata_fido2.h" +#include "wiredata_u2f.h" +#include "dummy.h" + +#include "../openbsd-compat/openbsd-compat.h" + +struct param { + int seed; + char rp_id[MAXSTR]; + struct blob cdh; + struct blob attobj; + uint8_t type; +}; + +static const uint8_t dummy_attestation_object[] = { + 0xa3, 0x63, 0x66, 0x6d, 0x74, 0x66, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x64, 0x67, 0x61, 0x74, 0x74, + 0x53, 0x74, 0x6d, 0x74, 0xa3, 0x63, 0x61, 0x6c, + 0x67, 0x26, 0x63, 0x73, 0x69, 0x67, 0x58, 0x46, + 0x30, 0x44, 0x02, 0x20, 0x54, 0x92, 0x28, 0x3b, + 0x83, 0x33, 0x47, 0x56, 0x68, 0x79, 0xb2, 0x0c, + 0x84, 0x80, 0xcc, 0x67, 0x27, 0x8b, 0xfa, 0x48, + 0x43, 0x0d, 0x3c, 0xb4, 0x02, 0x36, 0x87, 0x97, + 0x3e, 0xdf, 0x2f, 0x65, 0x02, 0x20, 0x1b, 0x56, + 0x17, 0x06, 0xe2, 0x26, 0x0f, 0x6a, 0xe9, 0xa9, + 0x70, 0x99, 0x62, 0xeb, 0x3a, 0x04, 0x1a, 0xc4, + 0xa7, 0x03, 0x28, 0x56, 0x7c, 0xed, 0x47, 0x08, + 0x68, 0x73, 0x6a, 0xb6, 0x89, 0x0d, 0x63, 0x78, + 0x35, 0x63, 0x81, 0x59, 0x02, 0xe6, 0x30, 0x82, + 0x02, 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, + 0x1d, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, + 0x63, 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, + 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x34, 0x30, 0x35, 0x31, 0x35, + 0x31, 0x32, 0x35, 0x38, 0x35, 0x34, 0x5a, 0x17, + 0x0d, 0x31, 0x34, 0x30, 0x36, 0x31, 0x34, 0x31, + 0x32, 0x35, 0x38, 0x35, 0x34, 0x5a, 0x30, 0x1d, + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, 0x63, + 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, 0x65, + 0x73, 0x74, 0x20, 0x45, 0x45, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, + 0xdb, 0x0a, 0xdb, 0xf5, 0x21, 0xc7, 0x5c, 0xce, + 0x63, 0xdc, 0xa6, 0xe1, 0xe8, 0x25, 0x06, 0x0d, + 0x94, 0xe6, 0x27, 0x54, 0x19, 0x4f, 0x9d, 0x24, + 0xaf, 0x26, 0x1a, 0xbe, 0xad, 0x99, 0x44, 0x1f, + 0x95, 0xa3, 0x71, 0x91, 0x0a, 0x3a, 0x20, 0xe7, + 0x3e, 0x91, 0x5e, 0x13, 0xe8, 0xbe, 0x38, 0x05, + 0x7a, 0xd5, 0x7a, 0xa3, 0x7e, 0x76, 0x90, 0x8f, + 0xaf, 0xe2, 0x8a, 0x94, 0xb6, 0x30, 0xeb, 0x9d, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x02, 0x01, 0x00, 0x95, 0x40, 0x6b, 0x50, + 0x61, 0x7d, 0xad, 0x84, 0xa3, 0xb4, 0xeb, 0x88, + 0x0f, 0xe3, 0x30, 0x0f, 0x2d, 0xa2, 0x0a, 0x00, + 0xd9, 0x25, 0x04, 0xee, 0x72, 0xfa, 0x67, 0xdf, + 0x58, 0x51, 0x0f, 0x0b, 0x47, 0x02, 0x9c, 0x3e, + 0x41, 0x29, 0x4a, 0x93, 0xac, 0x29, 0x85, 0x89, + 0x2d, 0xa4, 0x7a, 0x81, 0x32, 0x28, 0x57, 0x71, + 0x01, 0xef, 0xa8, 0x42, 0x88, 0x16, 0x96, 0x37, + 0x91, 0xd5, 0xdf, 0xe0, 0x8f, 0xc9, 0x3c, 0x8d, + 0xb0, 0xcd, 0x89, 0x70, 0x82, 0xec, 0x79, 0xd3, + 0xc6, 0x78, 0x73, 0x29, 0x32, 0xe5, 0xab, 0x6c, + 0xbd, 0x56, 0x9f, 0xd5, 0x45, 0x91, 0xce, 0xc1, + 0xdd, 0x8d, 0x64, 0xdc, 0xe9, 0x9c, 0x1f, 0x5e, + 0x3c, 0xd2, 0xaf, 0x51, 0xa5, 0x82, 0x18, 0xaf, + 0xe0, 0x37, 0xe7, 0x32, 0x9e, 0x76, 0x05, 0x77, + 0x02, 0x7b, 0xe6, 0x24, 0xa0, 0x31, 0x56, 0x1b, + 0xfd, 0x19, 0xc5, 0x71, 0xd3, 0xf0, 0x9e, 0xc0, + 0x73, 0x05, 0x4e, 0xbc, 0x85, 0xb8, 0x53, 0x9e, + 0xef, 0xc5, 0xbc, 0x9c, 0x56, 0xa3, 0xba, 0xd9, + 0x27, 0x6a, 0xbb, 0xa9, 0x7a, 0x40, 0xd7, 0x47, + 0x8b, 0x55, 0x72, 0x6b, 0xe3, 0xfe, 0x28, 0x49, + 0x71, 0x24, 0xf4, 0x8f, 0xf4, 0x20, 0x81, 0xea, + 0x38, 0xff, 0x7c, 0x0a, 0x4f, 0xdf, 0x02, 0x82, + 0x39, 0x81, 0x82, 0x3b, 0xca, 0x09, 0xdd, 0xca, + 0xaa, 0x0f, 0x27, 0xf5, 0xa4, 0x83, 0x55, 0x6c, + 0x9a, 0x39, 0x9b, 0x15, 0x3a, 0x16, 0x63, 0xdc, + 0x5b, 0xf9, 0xac, 0x5b, 0xbc, 0xf7, 0x9f, 0xbe, + 0x0f, 0x8a, 0xa2, 0x3c, 0x31, 0x13, 0xa3, 0x32, + 0x48, 0xca, 0x58, 0x87, 0xf8, 0x7b, 0xa0, 0xa1, + 0x0a, 0x6a, 0x60, 0x96, 0x93, 0x5f, 0x5d, 0x26, + 0x9e, 0x63, 0x1d, 0x09, 0xae, 0x9a, 0x41, 0xe5, + 0xbd, 0x08, 0x47, 0xfe, 0xe5, 0x09, 0x9b, 0x20, + 0xfd, 0x12, 0xe2, 0xe6, 0x40, 0x7f, 0xba, 0x4a, + 0x61, 0x33, 0x66, 0x0d, 0x0e, 0x73, 0xdb, 0xb0, + 0xd5, 0xa2, 0x9a, 0x9a, 0x17, 0x0d, 0x34, 0x30, + 0x85, 0x6a, 0x42, 0x46, 0x9e, 0xff, 0x34, 0x8f, + 0x5f, 0x87, 0x6c, 0x35, 0xe7, 0xa8, 0x4d, 0x35, + 0xeb, 0xc1, 0x41, 0xaa, 0x8a, 0xd2, 0xda, 0x19, + 0xaa, 0x79, 0xa2, 0x5f, 0x35, 0x2c, 0xa0, 0xfd, + 0x25, 0xd3, 0xf7, 0x9d, 0x25, 0x18, 0x2d, 0xfa, + 0xb4, 0xbc, 0xbb, 0x07, 0x34, 0x3c, 0x8d, 0x81, + 0xbd, 0xf4, 0xe9, 0x37, 0xdb, 0x39, 0xe9, 0xd1, + 0x45, 0x5b, 0x20, 0x41, 0x2f, 0x2d, 0x27, 0x22, + 0xdc, 0x92, 0x74, 0x8a, 0x92, 0xd5, 0x83, 0xfd, + 0x09, 0xfb, 0x13, 0x9b, 0xe3, 0x39, 0x7a, 0x6b, + 0x5c, 0xfa, 0xe6, 0x76, 0x9e, 0xe0, 0xe4, 0xe3, + 0xef, 0xad, 0xbc, 0xfd, 0x42, 0x45, 0x9a, 0xd4, + 0x94, 0xd1, 0x7e, 0x8d, 0xa7, 0xd8, 0x05, 0xd5, + 0xd3, 0x62, 0xcf, 0x15, 0xcf, 0x94, 0x7d, 0x1f, + 0x5b, 0x58, 0x20, 0x44, 0x20, 0x90, 0x71, 0xbe, + 0x66, 0xe9, 0x9a, 0xab, 0x74, 0x32, 0x70, 0x53, + 0x1d, 0x69, 0xed, 0x87, 0x66, 0xf4, 0x09, 0x4f, + 0xca, 0x25, 0x30, 0xc2, 0x63, 0x79, 0x00, 0x3c, + 0xb1, 0x9b, 0x39, 0x3f, 0x00, 0xe0, 0xa8, 0x88, + 0xef, 0x7a, 0x51, 0x5b, 0xe7, 0xbd, 0x49, 0x64, + 0xda, 0x41, 0x7b, 0x24, 0xc3, 0x71, 0x22, 0xfd, + 0xd1, 0xd1, 0x20, 0xb3, 0x3f, 0x97, 0xd3, 0x97, + 0xb2, 0xaa, 0x18, 0x1c, 0x9e, 0x03, 0x77, 0x7b, + 0x5b, 0x7e, 0xf9, 0xa3, 0xa0, 0xd6, 0x20, 0x81, + 0x2c, 0x38, 0x8f, 0x9d, 0x25, 0xde, 0xe9, 0xc8, + 0xf5, 0xdd, 0x6a, 0x47, 0x9c, 0x65, 0x04, 0x5a, + 0x56, 0xe6, 0xc2, 0xeb, 0xf2, 0x02, 0x97, 0xe1, + 0xb9, 0xd8, 0xe1, 0x24, 0x76, 0x9f, 0x23, 0x62, + 0x39, 0x03, 0x4b, 0xc8, 0xf7, 0x34, 0x07, 0x49, + 0xd6, 0xe7, 0x4d, 0x9a, 0x68, 0x61, 0x75, 0x74, + 0x68, 0x44, 0x61, 0x74, 0x61, 0x58, 0xc4, 0x49, + 0x96, 0x0d, 0xe5, 0x88, 0x0e, 0x8c, 0x68, 0x74, + 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, 0x8f, + 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, 0x99, + 0x5c, 0xf3, 0xba, 0x83, 0x1d, 0x97, 0x63, 0x41, + 0x00, 0x00, 0x00, 0x00, 0xf8, 0xa0, 0x11, 0xf3, + 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, + 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, 0x53, 0xfb, + 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, 0xfe, 0x47, + 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, 0xa8, 0xbf, + 0x9d, 0xd6, 0x09, 0x6b, 0x5e, 0x7f, 0xe0, 0x0d, + 0x51, 0x30, 0x85, 0x6a, 0xda, 0x68, 0x70, 0x85, + 0xb0, 0xdb, 0x08, 0x0b, 0x83, 0x2c, 0xef, 0x44, + 0xe2, 0x36, 0x88, 0xee, 0x76, 0x90, 0x6e, 0x7b, + 0x50, 0x3e, 0x9a, 0xa0, 0xd6, 0x3c, 0x34, 0xe3, + 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, 0xa5, 0x01, + 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, + 0x17, 0x5b, 0x27, 0xa6, 0x56, 0xb2, 0x26, 0x0c, + 0x26, 0x0c, 0x55, 0x42, 0x78, 0x17, 0x5d, 0x4c, + 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, 0x54, 0xdf, 0xd5, + 0xeb, 0xbf, 0x22, 0x64, 0xf5, 0x21, 0x9a, 0xc6, + 0x22, 0x58, 0x20, 0x87, 0x5f, 0x90, 0xe6, 0xfd, + 0x71, 0x27, 0x9f, 0xeb, 0xe3, 0x03, 0x44, 0xbc, + 0x8d, 0x49, 0xc6, 0x1c, 0x31, 0x3b, 0x72, 0xae, + 0xd4, 0x53, 0xb1, 0xfe, 0x5d, 0xe1, 0x30, 0xfc, + 0x2b, 0x1e, 0xd2 +}; + +struct param * +unpack(const uint8_t *ptr, size_t len) +{ + cbor_item_t *item = NULL, **v; + struct cbor_load_result cbor; + struct param *p; + int ok = -1; + + if ((p = calloc(1, sizeof(*p))) == NULL || + (item = cbor_load(ptr, len, &cbor)) == NULL || + cbor.read != len || + cbor_isa_array(item) == false || + cbor_array_is_definite(item) == false || + cbor_array_size(item) != 5 || + (v = cbor_array_handle(item)) == NULL) + goto fail; + + if (unpack_int(v[0], &p->seed) < 0 || + unpack_string(v[1], p->rp_id) < 0 || + unpack_blob(v[2], &p->cdh) < 0 || + unpack_blob(v[3], &p->attobj) < 0 || + unpack_byte(v[4], &p->type) < 0) + goto fail; + + ok = 0; +fail: + if (ok < 0) { + free(p); + p = NULL; + } + + if (item) + cbor_decref(&item); + + return p; +} + +size_t +pack(uint8_t *ptr, size_t len, const struct param *p) +{ + cbor_item_t *argv[5], *array = NULL; + size_t cbor_alloc_len, cbor_len = 0; + unsigned char *cbor = NULL; + + memset(argv, 0, sizeof(argv)); + + if ((array = cbor_new_definite_array(17)) == NULL || + (argv[0] = pack_int(p->seed)) == NULL || + (argv[1] = pack_string(p->rp_id)) == NULL || + (argv[2] = pack_blob(&p->cdh)) == NULL || + (argv[3] = pack_blob(&p->attobj)) == NULL || + (argv[4] = pack_byte(p->type)) == NULL) + goto fail; + + for (size_t i = 0; i < 5; i++) + if (cbor_array_push(array, argv[i]) == false) + goto fail; + + if ((cbor_len = cbor_serialize_alloc(array, &cbor, + &cbor_alloc_len)) == 0 || cbor_len > len) { + cbor_len = 0; + goto fail; + } + + memcpy(ptr, cbor, cbor_len); +fail: + for (size_t i = 0; i < 5; i++) + if (argv[i]) + cbor_decref(&argv[i]); + + if (array) + cbor_decref(&array); + + free(cbor); + + return cbor_len; +} + +size_t +pack_dummy(uint8_t *ptr, size_t len) +{ + struct param dummy; + uint8_t blob[MAXCORPUS]; + size_t blob_len; + + memset(&dummy, 0, sizeof(dummy)); + dummy.type = 1; + + strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id)); + + dummy.cdh.len = sizeof(dummy_cdh); + dummy.attobj.len = sizeof(dummy_attestation_object); + + memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len); + memcpy(&dummy.attobj.body, dummy_attestation_object, dummy.attobj.len); + + assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0); + + if (blob_len > len) { + memcpy(ptr, blob, len); + return len; + } + + memcpy(ptr, blob, blob_len); + + return blob_len; +} + +void +mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN +{ + if (flags & MUTATE_SEED) + p->seed = (int)seed; + + if (flags & MUTATE_PARAM) { + mutate_byte(&p->type); + p->attobj.len = sizeof(dummy_attestation_object); + memcpy(&p->attobj.body, &dummy_attestation_object, + p->attobj.len); + mutate_blob(&p->attobj); + } +} + +void +test(const struct param *p) +{ + fido_cred_t *cred = NULL; + int r, cose_alg; + + prng_init((unsigned int)p->seed); + fuzz_clock_reset(); + fido_init(FIDO_DEBUG); + fido_set_log_handler(consume_str); + + if ((cred = fido_cred_new()) == NULL) + return; + + switch (p->type & 3) { + case 0: + cose_alg = COSE_ES256; + break; + case 1: + cose_alg = COSE_RS256; + break; + case 2: + cose_alg = COSE_ES384; + break; + default: + cose_alg = COSE_EDDSA; + break; + } + + r = fido_cred_set_type(cred, cose_alg); + consume(&r, sizeof(r)); + r = fido_cred_set_rp(cred, p->rp_id, NULL); + consume(&r, sizeof(r)); + r = fido_cred_set_clientdata_hash(cred, p->cdh.body, p->cdh.len); + consume(&r, sizeof(r)); + r = fido_cred_set_attobj(cred, p->attobj.body, p->attobj.len); + consume(&r, sizeof(r)); + + consume_str(fido_cred_fmt(cred)); + consume(fido_cred_attstmt_ptr(cred), fido_cred_attstmt_len(cred)); + consume(fido_cred_authdata_ptr(cred), fido_cred_authdata_len(cred)); + r = fido_cred_verify(cred); + consume(&r, sizeof(r)); + + fido_cred_free(&cred); +} diff --git a/contrib/libfido2/fuzz/fuzz_cred.c b/contrib/libfido2/fuzz/fuzz_cred.c index 497298f70290..7d3ae61e3d7e 100644 --- a/contrib/libfido2/fuzz/fuzz_cred.c +++ b/contrib/libfido2/fuzz/fuzz_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -248,6 +248,8 @@ make_cred(fido_cred_t *cred, uint8_t opt, int type, const struct blob *cdh, fido_cred_set_uv(cred, FIDO_OPT_TRUE); if (user_id->len) fido_cred_set_prot(cred, user_id->body[0] & 0x03); + if (excl_cred->len) + fido_cred_set_entattest(cred, excl_cred->body[0] & 0x03); /* repeat memory operations to trigger reallocation paths */ fido_cred_set_type(cred, type); @@ -279,6 +281,7 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, uint8_t flags; uint32_t sigcount; int r; + bool ea; if ((cred = fido_cred_new()) == NULL) return; @@ -309,6 +312,11 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, if (fmt) fido_cred_set_fmt(cred, fmt); + /* XXX +1 on purpose */ + for (size_t i = 0; i < fido_cred_x5c_list_count(cred) + 1; i++) + consume(fido_cred_x5c_list_ptr(cred, i), + fido_cred_x5c_list_len(cred, i)); + /* repeat memory operations to trigger reallocation paths */ if (fido_cred_set_authdata(cred, authdata_ptr, authdata_len) != FIDO_OK) fido_cred_set_authdata_raw(cred, authdata_raw_ptr, @@ -343,6 +351,9 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, minpinlen = fido_cred_pin_minlen(cred); consume(&minpinlen, sizeof(minpinlen)); + ea = fido_cred_entattest(cred); + consume(&ea, sizeof(ea)); + fido_cred_free(&cred); } diff --git a/contrib/libfido2/fuzz/libfuzzer.c b/contrib/libfido2/fuzz/libfuzzer.c index 073ebe655cf2..d712aa6d55ea 100644 --- a/contrib/libfido2/fuzz/libfuzzer.c +++ b/contrib/libfido2/fuzz/libfuzzer.c @@ -9,6 +9,7 @@ #include <err.h> #include <fcntl.h> +#include <limits.h> #include <stdbool.h> #include <stdint.h> #include <stdio.h> diff --git a/contrib/libfido2/fuzz/mutator_aux.c b/contrib/libfido2/fuzz/mutator_aux.c index 64c633f15f92..ebddf1046ba1 100644 --- a/contrib/libfido2/fuzz/mutator_aux.c +++ b/contrib/libfido2/fuzz/mutator_aux.c @@ -135,12 +135,18 @@ void mutate_byte(uint8_t *b) { LLVMFuzzerMutate(b, sizeof(*b), sizeof(*b)); +#ifdef WITH_MSAN + __msan_unpoison(b, sizeof(*b)); +#endif } void mutate_int(int *i) { LLVMFuzzerMutate((uint8_t *)i, sizeof(*i), sizeof(*i)); +#ifdef WITH_MSAN + __msan_unpoison(i, sizeof(*i)); +#endif } void diff --git a/contrib/libfido2/fuzz/report.tgz b/contrib/libfido2/fuzz/report.tgz Binary files differindex 9c01263576f1..7f89eb355310 100644 --- a/contrib/libfido2/fuzz/report.tgz +++ b/contrib/libfido2/fuzz/report.tgz diff --git a/contrib/libfido2/fuzz/summary.txt b/contrib/libfido2/fuzz/summary.txt index adda3acc0761..82cbe58edff9 100644 --- a/contrib/libfido2/fuzz/summary.txt +++ b/contrib/libfido2/fuzz/summary.txt @@ -1,55 +1,55 @@ Filename Regions Missed Regions Cover Functions Missed Functions Executed Lines Missed Lines Cover ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -fuzz/clock.c 24 1 95.83% 4 0 100.00% 35 1 97.14% -fuzz/pcsc.c 59 0 100.00% 8 0 100.00% 75 12 84.00% -fuzz/prng.c 31 0 100.00% 2 0 100.00% 35 1 97.14% -fuzz/udev.c 110 2 98.18% 17 0 100.00% 126 12 90.48% +-------------------------------------------------------------------------------------------------------------------------------------------------------- +fuzz/clock.c 29 1 96.55% 4 0 100.00% 35 1 97.14% +fuzz/pcsc.c 78 0 100.00% 8 0 100.00% 75 0 100.00% +fuzz/prng.c 32 0 100.00% 2 0 100.00% 35 0 100.00% +fuzz/udev.c 152 3 98.03% 17 0 100.00% 123 4 96.75% fuzz/uniform_random.c 7 1 85.71% 1 0 100.00% 12 1 91.67% -fuzz/wrap.c 23 0 100.00% 3 0 100.00% 29 0 100.00% +fuzz/wrap.c 29 0 100.00% 3 0 100.00% 29 0 100.00% openbsd-compat/explicit_bzero.c 4 0 100.00% 1 0 100.00% 7 0 100.00% -openbsd-compat/freezero.c 4 0 100.00% 1 0 100.00% 6 0 100.00% -openbsd-compat/recallocarray.c 41 7 82.93% 1 0 100.00% 36 7 80.56% +openbsd-compat/freezero.c 5 0 100.00% 1 0 100.00% 6 0 100.00% +openbsd-compat/recallocarray.c 54 17 68.52% 1 0 100.00% 36 7 80.56% openbsd-compat/timingsafe_bcmp.c 4 0 100.00% 1 0 100.00% 7 0 100.00% -src/aes256.c 118 3 97.46% 8 0 100.00% 157 11 92.99% -src/assert.c 628 45 92.83% 63 4 93.65% 782 51 93.48% -src/authkey.c 52 0 100.00% 5 0 100.00% 66 0 100.00% -src/bio.c 451 20 95.57% 49 2 95.92% 587 24 95.91% -src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18% -src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75% -src/cbor.c 1070 12 98.88% 55 0 100.00% 1258 28 97.77% -src/compress.c 105 14 86.67% 5 0 100.00% 122 24 80.33% -src/config.c 112 0 100.00% 11 0 100.00% 154 0 100.00% -src/cred.c 653 36 94.49% 70 2 97.14% 853 39 95.43% -src/credman.c 422 10 97.63% 40 0 100.00% 557 20 96.41% -src/dev.c 332 65 80.42% 41 6 85.37% 378 80 78.84% -src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58% -src/eddsa.c 88 5 94.32% 10 0 100.00% 114 9 92.11% +src/aes256.c 150 5 96.67% 8 0 100.00% 161 17 89.44% +src/assert.c 738 45 93.90% 63 4 93.65% 779 51 93.45% +src/authkey.c 58 0 100.00% 5 0 100.00% 66 0 100.00% +src/bio.c 557 23 95.87% 50 2 96.00% 586 24 95.90% +src/blob.c 75 2 97.33% 10 0 100.00% 81 4 95.06% +src/buf.c 8 0 100.00% 2 0 100.00% 16 0 100.00% +src/cbor.c 1402 16 98.86% 58 0 100.00% 1328 34 97.44% +src/compress.c 140 14 90.00% 5 0 100.00% 122 24 80.33% +src/config.c 137 0 100.00% 11 0 100.00% 154 0 100.00% +src/cred.c 860 37 95.70% 77 2 97.40% 928 42 95.47% +src/credman.c 496 10 97.98% 41 0 100.00% 557 20 96.41% +src/dev.c 394 80 79.70% 41 6 85.37% 382 80 79.06% +src/ecdh.c 169 2 98.82% 4 0 100.00% 146 5 96.58% +src/eddsa.c 125 5 96.00% 10 0 100.00% 113 9 92.04% src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06% -src/es256.c 315 5 98.41% 19 0 100.00% 372 11 97.04% -src/es384.c 158 5 96.84% 11 0 100.00% 198 11 94.44% -src/hid.c 87 2 97.70% 14 0 100.00% 145 3 97.93% -src/hid_linux.c 184 73 60.33% 14 7 50.00% 263 115 56.27% -src/hid_unix.c 29 21 27.59% 2 0 100.00% 43 26 39.53% -src/info.c 232 0 100.00% 51 0 100.00% 409 0 100.00% -src/io.c 193 7 96.37% 13 0 100.00% 230 12 94.78% -src/iso7816.c 18 1 94.44% 5 0 100.00% 38 1 97.37% -src/largeblob.c 525 18 96.57% 30 0 100.00% 693 43 93.80% -src/log.c 39 5 87.18% 7 1 85.71% 63 7 88.89% -src/netlink.c 329 8 97.57% 40 0 100.00% 498 15 96.99% -src/nfc.c 155 5 96.77% 12 0 100.00% 244 15 93.85% -src/nfc_linux.c 172 77 55.23% 13 7 46.15% 242 126 47.93% -src/pcsc.c 204 1 99.51% 13 0 100.00% 282 3 98.94% -src/pin.c 426 3 99.30% 26 0 100.00% 514 4 99.22% +src/es256.c 478 4 99.16% 19 0 100.00% 370 8 97.84% +src/es384.c 236 5 97.88% 11 0 100.00% 197 11 94.42% +src/hid.c 106 2 98.11% 14 0 100.00% 144 3 97.92% +src/hid_linux.c 283 96 66.08% 14 7 50.00% 277 115 58.48% +src/hid_unix.c 46 33 28.26% 2 0 100.00% 43 26 39.53% +src/info.c 290 0 100.00% 51 0 100.00% 408 0 100.00% +src/io.c 206 7 96.60% 13 0 100.00% 230 12 94.78% +src/iso7816.c 27 1 96.30% 5 0 100.00% 36 1 97.22% +src/largeblob.c 633 22 96.52% 30 0 100.00% 692 43 93.79% +src/log.c 52 6 88.46% 7 1 85.71% 60 6 90.00% +src/netlink.c 428 10 97.66% 40 0 100.00% 497 15 96.98% +src/nfc.c 176 3 98.30% 12 0 100.00% 245 9 96.33% +src/nfc_linux.c 245 93 62.04% 13 6 53.85% 240 114 52.50% +src/pcsc.c 229 1 99.56% 13 0 100.00% 282 3 98.94% +src/pin.c 527 4 99.24% 26 0 100.00% 515 3 99.42% src/random.c 6 0 100.00% 1 0 100.00% 6 0 100.00% src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00% -src/rs1.c 22 2 90.91% 3 0 100.00% 36 6 83.33% -src/rs256.c 146 9 93.84% 13 0 100.00% 179 16 91.06% -src/time.c 43 3 93.02% 3 0 100.00% 43 2 95.35% -src/touch.c 67 0 100.00% 2 0 100.00% 79 0 100.00% -src/tpm.c 103 0 100.00% 9 0 100.00% 194 0 100.00% -src/types.c 29 0 100.00% 7 0 100.00% 56 0 100.00% -src/u2f.c 572 4 99.30% 17 0 100.00% 726 12 98.35% -src/util.c 14 1 92.86% 1 0 100.00% 14 1 92.86% +src/rs1.c 31 1 96.77% 2 0 100.00% 35 3 91.43% +src/rs256.c 212 8 96.23% 12 0 100.00% 177 13 92.66% +src/time.c 50 3 94.00% 3 0 100.00% 43 2 95.35% +src/touch.c 82 0 100.00% 2 0 100.00% 79 0 100.00% +src/tpm.c 144 0 100.00% 9 0 100.00% 191 0 100.00% +src/types.c 39 0 100.00% 7 0 100.00% 50 0 100.00% +src/u2f.c 669 4 99.40% 17 0 100.00% 727 12 98.35% +src/util.c 21 1 95.24% 1 0 100.00% 14 1 92.86% Files which contain no functions: fuzz/mutator_aux.h 0 0 - 0 0 - 0 0 - @@ -60,5 +60,5 @@ src/fallthrough.h 0 0 - src/fido.h 0 0 - 0 0 - 0 0 - src/fido/err.h 0 0 - 0 0 - 0 0 - src/fido/param.h 0 0 - 0 0 - 0 0 - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -TOTAL 8730 486 94.43% 742 29 96.09% 11357 769 93.23% +-------------------------------------------------------------------------------------------------------------------------------------------------------- +TOTAL 11065 575 94.80% 752 28 96.28% 11491 733 93.62% diff --git a/contrib/libfido2/man/CMakeLists.txt b/contrib/libfido2/man/CMakeLists.txt index 6616e4ea9a04..f77c3891f875 100644 --- a/contrib/libfido2/man/CMakeLists.txt +++ b/contrib/libfido2/man/CMakeLists.txt @@ -165,6 +165,7 @@ list(APPEND MAN_ALIAS fido_cred_new fido_cred_clientdata_hash_len fido_cred_new fido_cred_clientdata_hash_ptr fido_cred_new fido_cred_display_name + fido_cred_new fido_cred_entattest fido_cred_new fido_cred_flags fido_cred_new fido_cred_fmt fido_cred_new fido_cred_free @@ -186,6 +187,9 @@ list(APPEND MAN_ALIAS fido_cred_new fido_cred_user_id_ptr fido_cred_new fido_cred_user_name fido_cred_new fido_cred_x5c_len + fido_cred_new fido_cred_x5c_list_count + fido_cred_new fido_cred_x5c_list_len + fido_cred_new fido_cred_x5c_list_ptr fido_cred_new fido_cred_x5c_ptr fido_cred_verify fido_cred_verify_self fido_credman_metadata_new fido_credman_del_dev_rk @@ -208,10 +212,12 @@ list(APPEND MAN_ALIAS fido_credman_metadata_new fido_credman_rp_new fido_credman_metadata_new fido_credman_set_dev_rk fido_cred_set_authdata fido_cred_set_attstmt + fido_cred_set_authdata fido_cred_set_attobj fido_cred_set_authdata fido_cred_set_authdata_raw fido_cred_set_authdata fido_cred_set_blob fido_cred_set_authdata fido_cred_set_clientdata fido_cred_set_authdata fido_cred_set_clientdata_hash + fido_cred_set_authdata fido_cred_set_entattest fido_cred_set_authdata fido_cred_set_extensions fido_cred_set_authdata fido_cred_set_fmt fido_cred_set_authdata fido_cred_set_id @@ -393,7 +399,7 @@ if(GZIP_PATH) install(FILES ${PROJECT_BINARY_DIR}/man/${DST}.3.gz DESTINATION "${CMAKE_INSTALL_MANDIR}/man3") endforeach() -elseif(NOT MSVC) +else() add_dependencies(man man_symlink) foreach(f ${MAN_SOURCES}) if (${f} MATCHES ".1$") diff --git a/contrib/libfido2/man/check.sh b/contrib/libfido2/man/check.sh index d969a7afb666..cf978473290e 100755 --- a/contrib/libfido2/man/check.sh +++ b/contrib/libfido2/man/check.sh @@ -10,6 +10,7 @@ find . -maxdepth 1 -type f -name '*.3' -print0 > "$T/files" xargs -0 awk '/^.Sh NAME/,/^.Nd/' < "$T/files" | \ awk '/^.Nm/ { print $2 }' | sort -u > "$T/Nm" +# shellcheck disable=SC2016 xargs -0 awk '/^.Fn/ { print $2 }' < "$T/files" | sort -u > "$T/Fn" (cd "$T" && diff -u Nm Fn) diff --git a/contrib/libfido2/man/fido2-assert.1 b/contrib/libfido2/man/fido2-assert.1 index 882b7ab1feaa..9201acfc473e 100644 --- a/contrib/libfido2/man/fido2-assert.1 +++ b/contrib/libfido2/man/fido2-assert.1 @@ -89,6 +89,8 @@ where may be .Em es256 (denoting ECDSA over NIST P-256 with SHA-256), +.Em es384 +(denoting ECDSA over NIST P-384 with SHA-384), .Em rs256 (denoting 2048-bit RSA with PKCS#1.5 padding and SHA-256), or .Em eddsa @@ -224,7 +226,7 @@ client data hash (base64 blob); .It relying party id (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It assertion signature (base64 blob); .El @@ -248,7 +250,7 @@ client data hash (base64 blob); .It relying party id (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It assertion signature (base64 blob); .It diff --git a/contrib/libfido2/man/fido2-cred.1 b/contrib/libfido2/man/fido2-cred.1 index 3f181db6d135..a7fc00ae9702 100644 --- a/contrib/libfido2/man/fido2-cred.1 +++ b/contrib/libfido2/man/fido2-cred.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2023 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -35,6 +35,7 @@ .Nm .Fl M .Op Fl bdhqruvw +.Op Fl a Ar mode .Op Fl c Ar cred_protect .Op Fl i Ar input_file .Op Fl o Ar output_file @@ -56,6 +57,8 @@ A credential may be .Em es256 (denoting ECDSA over NIST P-256 with SHA-256), +.Em es384 +(denoting ECDSA over NIST P-384 with SHA-384), .Em rs256 (denoting 2048-bit RSA with PKCS#1.5 padding and SHA-256), or .Em eddsa @@ -118,6 +121,11 @@ to verify a credential. Request the credential's .Dq largeBlobKey , a 32-byte symmetric key associated with the generated credential. +.It Fl a Ar mode +When making a credential, request enterprise attestation. +Please refer to +.In fido/param.h +for the set of possible values. .It Fl c Ar cred_protect If making a credential, set the credential's protection level to .Ar cred_protect , @@ -218,7 +226,7 @@ relying party id (UTF-8 string); .It credential format (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It credential id (base64 blob); .It @@ -248,7 +256,7 @@ relying party id (UTF-8 string); .It credential format (UTF-8 string); .It -authenticator data (base64 blob); +CBOR encoded authenticator data (base64 blob); .It credential id (base64 blob); .It diff --git a/contrib/libfido2/man/fido_cred_new.3 b/contrib/libfido2/man/fido_cred_new.3 index 4f8b1be7bc45..79eb06a56b3b 100644 --- a/contrib/libfido2/man/fido_cred_new.3 +++ b/contrib/libfido2/man/fido_cred_new.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -47,6 +47,8 @@ .Nm fido_cred_pubkey_ptr , .Nm fido_cred_sig_ptr , .Nm fido_cred_user_id_ptr , +.Nm fido_cred_x5c_list_count , +.Nm fido_cred_x5c_list_ptr , .Nm fido_cred_x5c_ptr , .Nm fido_cred_attstmt_ptr , .Nm fido_cred_authdata_len , @@ -58,8 +60,10 @@ .Nm fido_cred_pubkey_len , .Nm fido_cred_sig_len , .Nm fido_cred_user_id_len , +.Nm fido_cred_x5c_list_len , .Nm fido_cred_x5c_len , .Nm fido_cred_attstmt_len , +.Nm fido_cred_entattest , .Nm fido_cred_type , .Nm fido_cred_flags , .Nm fido_cred_sigcount @@ -102,6 +106,10 @@ .Fn fido_cred_sig_ptr "const fido_cred_t *cred" .Ft const unsigned char * .Fn fido_cred_user_id_ptr "const fido_cred_t *cred" +.Ft size_t +.Fn fido_cred_x5c_list_count "const fido_cred_t *cred" +.Ft const unsigned char * +.Fn fido_cred_x5c_list_ptr "const fido_cred_t *cred" "size_t idx" .Ft const unsigned char * .Fn fido_cred_x5c_ptr "const fido_cred_t *cred" .Ft const unsigned char * @@ -125,9 +133,13 @@ .Ft size_t .Fn fido_cred_user_id_len "const fido_cred_t *cred" .Ft size_t +.Fn fido_cred_x5c_list_len "const fido_cred_t *cred" "size_t idx" +.Ft size_t .Fn fido_cred_x5c_len "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_attstmt_len "const fido_cred_t *cred" +.Ft bool +.Fn fido_cred_entattest "const fido_cred_t *cred" .Ft int .Fn fido_cred_type "const fido_cred_t *cred" .Ft uint8_t @@ -246,7 +258,7 @@ and functions return pointers to the CBOR-encoded and raw authenticator data, client data hash, ID, authenticator attestation GUID, .Dq largeBlobKey , -public key, signature, user ID, x509 certificate, and attestation +public key, signature, user ID, x509 leaf certificate, and attestation statement parts of .Fa cred , or NULL if the respective entry is not set. @@ -265,10 +277,48 @@ The corresponding length can be obtained by and .Fn fido_cred_attstmt_len . .Pp +The +.Fn fido_cred_x5c_list_count +function returns the length of the x509 certificate chain in +.Fa cred +and the +.Fn fido_cred_x5c_list_ptr +and +.Fn fido_cred_x5c_list_len +functions return a pointer to and length of the x509 certificate at index +.Fa idx +respectively. +Please note that the leaf certificate has an +.Fa idx +(index) value of 0 and calling +.Fn fido_cred_x5c_list_ptr cred 0 +and +.Fn fido_cred_x5c_list_len cred 0 +is equivalent to +.Fn fido_cred_x5c_ptr cred +and +.Fn fido_cred_x5c_len cred +respectively. +If +.Fa idx +exceeds the return value of +.Fn fido_cred_x5c_list_count , +.Fn fido_cred_x5c_list_ptr +returns NULL and +.Fn fido_cred_x5c_list_len +returns 0. +.Pp The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO2 server for verification. .Pp The +.Fn fido_cred_entattest +function returns +.Dv true +if an enterprise attestation was returned for +.Fa cred . +.Pp +The .Fn fido_cred_type function returns the COSE algorithm of .Fa cred . diff --git a/contrib/libfido2/man/fido_cred_set_authdata.3 b/contrib/libfido2/man/fido_cred_set_authdata.3 index e4538325b291..a5898774ee11 100644 --- a/contrib/libfido2/man/fido_cred_set_authdata.3 +++ b/contrib/libfido2/man/fido_cred_set_authdata.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018-2022 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2024 Yubico AB. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are @@ -32,6 +32,7 @@ .Nm fido_cred_set_authdata , .Nm fido_cred_set_authdata_raw , .Nm fido_cred_set_attstmt , +.Nm fido_cred_set_attobj , .Nm fido_cred_set_x509 , .Nm fido_cred_set_sig , .Nm fido_cred_set_id , @@ -39,6 +40,7 @@ .Nm fido_cred_set_clientdata_hash , .Nm fido_cred_set_rp , .Nm fido_cred_set_user , +.Nm fido_cred_set_entattest , .Nm fido_cred_set_extensions , .Nm fido_cred_set_blob , .Nm fido_cred_set_pin_minlen , @@ -64,6 +66,8 @@ typedef enum { .Ft int .Fn fido_cred_set_attstmt "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" .Ft int +.Fn fido_cred_set_attobj "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" +.Ft int .Fn fido_cred_set_x509 "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" .Ft int .Fn fido_cred_set_sig "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" @@ -78,6 +82,8 @@ typedef enum { .Ft int .Fn fido_cred_set_user "fido_cred_t *cred" "const unsigned char *user_id" "size_t user_id_len" "const char *name" "const char *display_name" "const char *icon" .Ft int +.Fn fido_cred_set_entattest "fido_cred_t *cred" "int ea" +.Ft int .Fn fido_cred_set_extensions "fido_cred_t *cred" "int flags" .Ft int .Fn fido_cred_set_blob "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" @@ -110,14 +116,15 @@ of its constituent parts, please refer to the Web Authentication The .Fn fido_cred_set_authdata , .Fn fido_cred_set_attstmt , +.Fn fido_cred_set_attobj , .Fn fido_cred_set_x509 , .Fn fido_cred_set_sig , .Fn fido_cred_set_id , and .Fn fido_cred_set_clientdata_hash functions set the authenticator data, attestation statement, -attestation certificate, attestation signature, id, and client -data hash parts of +attestation object, attestation certificate, attestation signature, +id, and client data hash parts of .Fa cred to .Fa ptr , @@ -157,6 +164,26 @@ The latter two are meant to be used in contexts where the credential's complete attestation statement is not available or required. .Pp +The attestation object passed to +.Fn fido_cred_set_attobj +must be a CBOR-encoded map containing +.Dq authData , +.Dq fmt , +and +.Dq attStmt . +An application calling +.Fn fido_cred_set_attobj +does not need to call +.Fn fido_cred_set_fmt , +.Fn fido_cred_set_attstmt , +.Fn fido_cred_set_authdata , +or +.Fn fido_cred_set_authdata_raw . +.Fn fido_cred_set_attobj +may be useful in applications interfacing with the WebAuthn API, +removing the need to first parse the attestation object to verify the +credential. +.Pp The .Fn fido_cred_set_clientdata function allows an application to set the client data hash of @@ -219,6 +246,21 @@ and parameters may be NULL. .Pp The +.Fn fido_cred_set_entattest +function sets the enterprise attestation mode of +.Fa cred +to +.Fa ea . +At the moment, only the +.Dv FIDO_ENTATTEST_VENDOR +and +.Dv FIDO_ENTATTEST_PLATFORM +modes are supported. +By default, or if +.Fa ea +is zero, no enterprise attestation is requested. +.Pp +The .Fn fido_cred_set_extensions function sets the extensions of .Fa cred diff --git a/contrib/libfido2/regress/CMakeLists.txt b/contrib/libfido2/regress/CMakeLists.txt index 246bffa175c4..25b52c5431bd 100644 --- a/contrib/libfido2/regress/CMakeLists.txt +++ b/contrib/libfido2/regress/CMakeLists.txt @@ -1,22 +1,24 @@ -# Copyright (c) 2018-2022 Yubico AB. All rights reserved. +# Copyright (c) 2018-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause add_custom_target(regress) -macro(add_regress_test NAME SOURCES LIB) - add_executable(${NAME} ${SOURCES}) +function(add_regress_test NAME) + set(MULTIVAL_KEYWORDS "SOURCES" "LIBS") + cmake_parse_arguments(PARSE_ARGV 1 arg "" "" "${MULTIVAL_KEYWORDS}") + add_executable(${NAME} ${arg_SOURCES}) add_test(${NAME} ${NAME}) add_dependencies(regress ${NAME}) - target_link_libraries(${NAME} ${LIB}) -endmacro() + target_link_libraries(${NAME} ${arg_LIBS}) +endfunction() if(MSVC AND BUILD_SHARED_LIBS) add_custom_command(TARGET regress POST_BUILD COMMAND "${CMAKE_COMMAND}" -E copy "${CBOR_BIN_DIRS}/${CBOR_LIBRARIES}.dll" - "${CRYPTO_BIN_DIRS}/${CRYPTO_LIBRARIES}.dll" + "${CRYPTO_BIN_DIRS}/${CRYPTO_DLL}.dll" "${ZLIB_BIN_DIRS}/${ZLIB_LIBRARIES}.dll" "$<TARGET_FILE:${_FIDO2_LIBRARY}>" "${CMAKE_CURRENT_BINARY_DIR}") @@ -40,18 +42,19 @@ else() WORKING_DIRECTORY ${PROJECT_BINARY_DIR}) endif() -add_regress_test(regress_assert assert.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_cred cred.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_dev dev.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_eddsa eddsa.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_es256 es256.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_es384 es384.c ${_FIDO2_LIBRARY}) -add_regress_test(regress_rs256 rs256.c ${_FIDO2_LIBRARY}) +add_regress_test(regress_assert SOURCES assert.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_cred SOURCES cred.c mock.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_dev SOURCES dev.c mock.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_eddsa SOURCES eddsa.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_es256 SOURCES es256.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_es384 SOURCES es384.c LIBS ${_FIDO2_LIBRARY}) +add_regress_test(regress_rs256 SOURCES rs256.c LIBS ${_FIDO2_LIBRARY}) if(BUILD_STATIC_LIBS) - add_regress_test(regress_compress compress.c fido2) + add_regress_test(regress_compress SOURCES compress.c LIBS fido2) endif() if(MINGW) # needed for nanosleep() in mingw target_link_libraries(regress_dev winpthread) + target_link_libraries(regress_cred winpthread) endif() diff --git a/contrib/libfido2/regress/cred.c b/contrib/libfido2/regress/cred.c index 61e603d1db1a..a9be954d3d51 100644 --- a/contrib/libfido2/regress/cred.c +++ b/contrib/libfido2/regress/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2021 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -15,8 +15,292 @@ #define _FIDO_INTERNAL #include <fido.h> - -static int fake_dev_handle; +#include "extern.h" +#include "../fuzz/wiredata_fido2.h" + +#define REGRESS_WIREDATA_MAKECRED \ + 0x00, 0x22, 0x00, 0x02, 0x90, 0x04, 0x13, 0x00, \ + 0xa3, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \ + 0x64, 0x02, 0x58, 0xc4, 0x49, 0x96, 0x0d, 0xe5, \ + 0x88, 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, \ + 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, \ + 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, \ + 0x83, 0x1d, 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, \ + 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \ + 0x00, 0x22, 0x00, 0x02, 0x00, 0x15, 0x80, 0x06, \ + 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \ + 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, 0x38, \ + 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, 0x95, \ + 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, 0xbb, \ + 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, 0x20, \ + 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, 0xd6, \ + 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, 0x35, \ + 0x00, 0x22, 0x00, 0x02, 0x01, 0x29, 0xf5, 0x09, \ + 0x76, 0x91, 0x20, 0x94, 0x42, 0xc4, 0x52, 0x8b, \ + 0x18, 0xca, 0xe1, 0x3d, 0x12, 0xa5, 0x01, 0x02, \ + 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf8, \ + 0x28, 0x2e, 0x88, 0x10, 0xfe, 0xa4, 0xda, 0x50, \ + 0x6c, 0xef, 0x2d, 0x48, 0x0d, 0xba, 0x71, 0xaf, \ + 0xb8, 0x76, 0x78, 0xb8, 0xc3, 0x32, 0x80, 0x0d, \ + 0x8c, 0x1f, 0xba, 0xb4, 0xbf, 0xa0, 0xa1, 0x22, \ + 0x00, 0x22, 0x00, 0x02, 0x02, 0x58, 0x20, 0xc3, \ + 0x88, 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, 0x21, \ + 0xf3, 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, 0x6b, \ + 0x30, 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, 0xc7, \ + 0xe8, 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d, 0x03, \ + 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \ + 0x69, 0x67, 0x58, 0x47, 0x30, 0x45, 0x02, 0x21, \ + 0x00, 0x89, 0xec, 0x44, 0xbc, 0xa9, 0x4a, 0x8d, \ + 0x00, 0x22, 0x00, 0x02, 0x03, 0xf8, 0x38, 0xa1, \ + 0x86, 0x39, 0x8f, 0xbd, 0xca, 0x4f, 0x0c, 0xe4, \ + 0x60, 0xa1, 0x62, 0xb7, 0x93, 0x9a, 0x42, 0x8a, \ + 0xcc, 0x74, 0x6c, 0x9e, 0x6e, 0xc2, 0x02, 0x20, \ + 0x64, 0x04, 0x4a, 0xfb, 0x7c, 0xcf, 0x94, 0x12, \ + 0xef, 0x17, 0xc5, 0x4f, 0x48, 0xb6, 0xbc, 0x72, \ + 0xc8, 0x39, 0x6d, 0x64, 0xb6, 0x23, 0xe3, 0xc8, \ + 0xcb, 0x62, 0xd8, 0x6b, 0x90, 0x32, 0xc7, 0x99, \ + 0x00, 0x22, 0x00, 0x02, 0x04, 0x63, 0x78, 0x35, \ + 0x63, 0x81, 0x59, 0x02, 0xe6, 0x30, 0x82, 0x02, \ + 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, \ + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x1d, \ + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x12, 0x59, 0x75, 0x62, 0x69, 0x63, \ + 0x6f, 0x20, 0x55, 0x32, 0x46, 0x20, 0x54, 0x65, \ + 0x00, 0x22, 0x00, 0x02, 0x05, 0x73, 0x74, 0x20, \ + 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, \ + 0x30, 0x35, 0x31, 0x35, 0x31, 0x32, 0x35, 0x38, \ + 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x31, 0x34, 0x30, \ + 0x36, 0x31, 0x34, 0x31, 0x32, 0x35, 0x38, 0x35, \ + 0x34, 0x5a, 0x30, 0x1d, 0x31, 0x1b, 0x30, 0x19, \ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x59, \ + 0x75, 0x62, 0x69, 0x63, 0x6f, 0x20, 0x55, 0x32, \ + 0x00, 0x22, 0x00, 0x02, 0x06, 0x46, 0x20, 0x54, \ + 0x65, 0x73, 0x74, 0x20, 0x45, 0x45, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, \ + 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0xdb, 0x0a, 0xdb, 0xf5, 0x21, 0xc7, 0x5c, \ + 0xce, 0x63, 0xdc, 0xa6, 0xe1, 0xe8, 0x25, 0x06, \ + 0x0d, 0x94, 0xe6, 0x27, 0x54, 0x19, 0x4f, 0x9d, \ + 0x00, 0x22, 0x00, 0x02, 0x07, 0x24, 0xaf, 0x26, \ + 0x1a, 0xbe, 0xad, 0x99, 0x44, 0x1f, 0x95, 0xa3, \ + 0x71, 0x91, 0x0a, 0x3a, 0x20, 0xe7, 0x3e, 0x91, \ + 0x5e, 0x13, 0xe8, 0xbe, 0x38, 0x05, 0x7a, 0xd5, \ + 0x7a, 0xa3, 0x7e, 0x76, 0x90, 0x8f, 0xaf, 0xe2, \ + 0x8a, 0x94, 0xb6, 0x30, 0xeb, 0x9d, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, \ + 0x00, 0x22, 0x00, 0x02, 0x08, 0x01, 0x00, 0x95, \ + 0x40, 0x6b, 0x50, 0x61, 0x7d, 0xad, 0x84, 0xa3, \ + 0xb4, 0xeb, 0x88, 0x0f, 0xe3, 0x30, 0x0f, 0x2d, \ + 0xa2, 0x0a, 0x00, 0xd9, 0x25, 0x04, 0xee, 0x72, \ + 0xfa, 0x67, 0xdf, 0x58, 0x51, 0x0f, 0x0b, 0x47, \ + 0x02, 0x9c, 0x3e, 0x41, 0x29, 0x4a, 0x93, 0xac, \ + 0x29, 0x85, 0x89, 0x2d, 0xa4, 0x7a, 0x81, 0x32, \ + 0x28, 0x57, 0x71, 0x01, 0xef, 0xa8, 0x42, 0x88, \ + 0x00, 0x22, 0x00, 0x02, 0x09, 0x16, 0x96, 0x37, \ + 0x91, 0xd5, 0xdf, 0xe0, 0x8f, 0xc9, 0x3c, 0x8d, \ + 0xb0, 0xcd, 0x89, 0x70, 0x82, 0xec, 0x79, 0xd3, \ + 0xc6, 0x78, 0x73, 0x29, 0x32, 0xe5, 0xab, 0x6c, \ + 0xbd, 0x56, 0x9f, 0xd5, 0x45, 0x91, 0xce, 0xc1, \ + 0xdd, 0x8d, 0x64, 0xdc, 0xe9, 0x9c, 0x1f, 0x5e, \ + 0x3c, 0xd2, 0xaf, 0x51, 0xa5, 0x82, 0x18, 0xaf, \ + 0xe0, 0x37, 0xe7, 0x32, 0x9e, 0x76, 0x05, 0x77, \ + 0x00, 0x22, 0x00, 0x02, 0x0a, 0x02, 0x7b, 0xe6, \ + 0x24, 0xa0, 0x31, 0x56, 0x1b, 0xfd, 0x19, 0xc5, \ + 0x71, 0xd3, 0xf0, 0x9e, 0xc0, 0x73, 0x05, 0x4e, \ + 0xbc, 0x85, 0xb8, 0x53, 0x9e, 0xef, 0xc5, 0xbc, \ + 0x9c, 0x56, 0xa3, 0xba, 0xd9, 0x27, 0x6a, 0xbb, \ + 0xa9, 0x7a, 0x40, 0xd7, 0x47, 0x8b, 0x55, 0x72, \ + 0x6b, 0xe3, 0xfe, 0x28, 0x49, 0x71, 0x24, 0xf4, \ + 0x8f, 0xf4, 0x20, 0x81, 0xea, 0x38, 0xff, 0x7c, \ + 0x00, 0x22, 0x00, 0x02, 0x0b, 0x0a, 0x4f, 0xdf, \ + 0x02, 0x82, 0x39, 0x81, 0x82, 0x3b, 0xca, 0x09, \ + 0xdd, 0xca, 0xaa, 0x0f, 0x27, 0xf5, 0xa4, 0x83, \ + 0x55, 0x6c, 0x9a, 0x39, 0x9b, 0x15, 0x3a, 0x16, \ + 0x63, 0xdc, 0x5b, 0xf9, 0xac, 0x5b, 0xbc, 0xf7, \ + 0x9f, 0xbe, 0x0f, 0x8a, 0xa2, 0x3c, 0x31, 0x13, \ + 0xa3, 0x32, 0x48, 0xca, 0x58, 0x87, 0xf8, 0x7b, \ + 0xa0, 0xa1, 0x0a, 0x6a, 0x60, 0x96, 0x93, 0x5f, \ + 0x00, 0x22, 0x00, 0x02, 0x0c, 0x5d, 0x26, 0x9e, \ + 0x63, 0x1d, 0x09, 0xae, 0x9a, 0x41, 0xe5, 0xbd, \ + 0x08, 0x47, 0xfe, 0xe5, 0x09, 0x9b, 0x20, 0xfd, \ + 0x12, 0xe2, 0xe6, 0x40, 0x7f, 0xba, 0x4a, 0x61, \ + 0x33, 0x66, 0x0d, 0x0e, 0x73, 0xdb, 0xb0, 0xd5, \ + 0xa2, 0x9a, 0x9a, 0x17, 0x0d, 0x34, 0x30, 0x85, \ + 0x6a, 0x42, 0x46, 0x9e, 0xff, 0x34, 0x8f, 0x5f, \ + 0x87, 0x6c, 0x35, 0xe7, 0xa8, 0x4d, 0x35, 0xeb, \ + 0x00, 0x22, 0x00, 0x02, 0x0d, 0xc1, 0x41, 0xaa, \ + 0x8a, 0xd2, 0xda, 0x19, 0xaa, 0x79, 0xa2, 0x5f, \ + 0x35, 0x2c, 0xa0, 0xfd, 0x25, 0xd3, 0xf7, 0x9d, \ + 0x25, 0x18, 0x2d, 0xfa, 0xb4, 0xbc, 0xbb, 0x07, \ + 0x34, 0x3c, 0x8d, 0x81, 0xbd, 0xf4, 0xe9, 0x37, \ + 0xdb, 0x39, 0xe9, 0xd1, 0x45, 0x5b, 0x20, 0x41, \ + 0x2f, 0x2d, 0x27, 0x22, 0xdc, 0x92, 0x74, 0x8a, \ + 0x92, 0xd5, 0x83, 0xfd, 0x09, 0xfb, 0x13, 0x9b, \ + 0x00, 0x22, 0x00, 0x02, 0x0e, 0xe3, 0x39, 0x7a, \ + 0x6b, 0x5c, 0xfa, 0xe6, 0x76, 0x9e, 0xe0, 0xe4, \ + 0xe3, 0xef, 0xad, 0xbc, 0xfd, 0x42, 0x45, 0x9a, \ + 0xd4, 0x94, 0xd1, 0x7e, 0x8d, 0xa7, 0xd8, 0x05, \ + 0xd5, 0xd3, 0x62, 0xcf, 0x15, 0xcf, 0x94, 0x7d, \ + 0x1f, 0x5b, 0x58, 0x20, 0x44, 0x20, 0x90, 0x71, \ + 0xbe, 0x66, 0xe9, 0x9a, 0xab, 0x74, 0x32, 0x70, \ + 0x53, 0x1d, 0x69, 0xed, 0x87, 0x66, 0xf4, 0x09, \ + 0x00, 0x22, 0x00, 0x02, 0x0f, 0x4f, 0xca, 0x25, \ + 0x30, 0xc2, 0x63, 0x79, 0x00, 0x3c, 0xb1, 0x9b, \ + 0x39, 0x3f, 0x00, 0xe0, 0xa8, 0x88, 0xef, 0x7a, \ + 0x51, 0x5b, 0xe7, 0xbd, 0x49, 0x64, 0xda, 0x41, \ + 0x7b, 0x24, 0xc3, 0x71, 0x22, 0xfd, 0xd1, 0xd1, \ + 0x20, 0xb3, 0x3f, 0x97, 0xd3, 0x97, 0xb2, 0xaa, \ + 0x18, 0x1c, 0x9e, 0x03, 0x77, 0x7b, 0x5b, 0x7e, \ + 0xf9, 0xa3, 0xa0, 0xd6, 0x20, 0x81, 0x2c, 0x38, \ + 0x00, 0x22, 0x00, 0x02, 0x10, 0x8f, 0x9d, 0x25, \ + 0xde, 0xe9, 0xc8, 0xf5, 0xdd, 0x6a, 0x47, 0x9c, \ + 0x65, 0x04, 0x5a, 0x56, 0xe6, 0xc2, 0xeb, 0xf2, \ + 0x02, 0x97, 0xe1, 0xb9, 0xd8, 0xe1, 0x24, 0x76, \ + 0x9f, 0x23, 0x62, 0x39, 0x03, 0x4b, 0xc8, 0xf7, \ + 0x34, 0x07, 0x49, 0xd6, 0xe7, 0x4d, 0x9a, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + +#define REGRESS_WIREDATA_MAKECRED_ENTATTEST \ + 0x00, 0x22, 0x00, 0x02, 0x90, 0x03, 0xcd, 0x00, \ + 0xa4, 0x01, 0x66, 0x70, 0x61, 0x63, 0x6b, 0x65, \ + 0x64, 0x02, 0x58, 0xc4, 0x92, 0x36, 0x01, 0x1e, \ + 0x1f, 0xd0, 0x97, 0x79, 0xef, 0xba, 0x2f, 0x03, \ + 0xa6, 0xa0, 0x74, 0x65, 0xc2, 0x1c, 0x8d, 0x11, \ + 0x8e, 0x40, 0x5e, 0x87, 0xfd, 0xe4, 0x43, 0xf2, \ + 0x78, 0x18, 0xa4, 0xa7, 0x41, 0x00, 0x00, 0x00, \ + 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, \ + 0x00, 0x22, 0x00, 0x02, 0x00, 0x15, 0x80, 0x06, \ + 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, 0x40, \ + 0xdf, 0x57, 0x2d, 0x2d, 0x1f, 0x2f, 0x0a, 0x70, \ + 0x12, 0xe3, 0x69, 0x3e, 0x98, 0x96, 0xdb, 0xbb, \ + 0x5a, 0x80, 0xdc, 0x5e, 0x98, 0x58, 0x3b, 0x4e, \ + 0x23, 0xb8, 0x07, 0xc6, 0x84, 0x64, 0x2d, 0x39, \ + 0xf1, 0x76, 0x8b, 0x80, 0xcb, 0xb8, 0x09, 0x1d, \ + 0x0b, 0xcb, 0xad, 0x7f, 0x18, 0xce, 0x3b, 0xc9, \ + 0x00, 0x22, 0x00, 0x02, 0x01, 0x1c, 0x3f, 0xda, \ + 0x9e, 0x03, 0x5f, 0xce, 0xee, 0x7c, 0xcd, 0x65, \ + 0x77, 0xff, 0x0a, 0xd3, 0x08, 0xa5, 0x01, 0x02, \ + 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xa2, \ + 0xdb, 0x38, 0xba, 0x4b, 0x61, 0x81, 0x05, 0x97, \ + 0xf2, 0xdf, 0x48, 0xfd, 0x4d, 0xf5, 0x3f, 0x07, \ + 0x86, 0x44, 0x8e, 0xdb, 0x07, 0x69, 0x12, 0x42, \ + 0xac, 0x81, 0x2a, 0x2c, 0x46, 0xcf, 0xea, 0x22, \ + 0x00, 0x22, 0x00, 0x02, 0x02, 0x58, 0x20, 0xef, \ + 0x31, 0x8d, 0xc9, 0x7e, 0xda, 0xfd, 0x5b, 0x7d, \ + 0x68, 0xe0, 0x41, 0x40, 0xb2, 0x27, 0xdd, 0x8e, \ + 0x6d, 0x6b, 0xc4, 0x51, 0xe5, 0x36, 0xb6, 0x99, \ + 0xda, 0x71, 0xdb, 0x5d, 0xed, 0x0d, 0x51, 0x03, \ + 0xa3, 0x63, 0x61, 0x6c, 0x67, 0x26, 0x63, 0x73, \ + 0x69, 0x67, 0x58, 0x47, 0x30, 0x45, 0x02, 0x20, \ + 0x17, 0x04, 0x53, 0x07, 0xcd, 0x3d, 0x45, 0xc9, \ + 0x00, 0x22, 0x00, 0x02, 0x03, 0x98, 0x50, 0x38, \ + 0xa5, 0x30, 0x9e, 0x53, 0xd9, 0xe1, 0xfe, 0xd0, \ + 0xde, 0xca, 0xbd, 0x38, 0x99, 0x0b, 0xec, 0x9e, \ + 0xe6, 0xb8, 0xd3, 0x35, 0x82, 0x02, 0x21, 0x00, \ + 0xb3, 0x3a, 0xf7, 0xb9, 0x30, 0x4e, 0x7a, 0xc4, \ + 0x7f, 0xa7, 0xdc, 0x85, 0x2f, 0x4e, 0x26, 0x06, \ + 0xb0, 0xd4, 0xa7, 0x3a, 0x1a, 0x48, 0xf8, 0x11, \ + 0x5f, 0x9b, 0x5f, 0xd3, 0x5e, 0xf4, 0x1b, 0xce, \ + 0x00, 0x22, 0x00, 0x02, 0x04, 0x63, 0x78, 0x35, \ + 0x63, 0x81, 0x59, 0x02, 0x9e, 0x30, 0x82, 0x02, \ + 0x9a, 0x30, 0x82, 0x02, 0x40, 0xa0, 0x03, 0x02, \ + 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, \ + 0x02, 0x30, 0x81, 0xb0, 0x31, 0x2f, 0x30, 0x2d, \ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x46, \ + 0x49, 0x44, 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, \ + 0x00, 0x22, 0x00, 0x02, 0x05, 0x65, 0x72, 0x70, \ + 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, 0x74, 0x74, \ + 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, \ + 0x20, 0x54, 0x45, 0x53, 0x54, 0x20, 0x52, 0x4f, \ + 0x4f, 0x54, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, \ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, \ + 0x01, 0x16, 0x16, 0x74, 0x6f, 0x6f, 0x6c, 0x73, \ + 0x40, 0x66, 0x69, 0x64, 0x6f, 0x61, 0x6c, 0x6c, \ + 0x00, 0x22, 0x00, 0x02, 0x06, 0x69, 0x61, 0x6e, \ + 0x63, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x16, \ + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, \ + 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, 0x6c, \ + 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, 0x0c, \ + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, \ + 0x03, 0x43, 0x57, 0x47, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, \ + 0x00, 0x22, 0x00, 0x02, 0x07, 0x53, 0x31, 0x0b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, \ + 0x02, 0x43, 0x41, 0x31, 0x16, 0x30, 0x14, 0x06, \ + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, \ + 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, \ + 0x69, 0x65, 0x77, 0x30, 0x1e, 0x17, 0x0d, 0x32, \ + 0x31, 0x30, 0x35, 0x31, 0x33, 0x31, 0x33, 0x31, \ + 0x39, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x32, 0x36, \ + 0x00, 0x22, 0x00, 0x02, 0x08, 0x31, 0x31, 0x30, \ + 0x33, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, \ + 0x30, 0x81, 0xcd, 0x31, 0x3a, 0x30, 0x38, 0x06, \ + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x31, 0x46, 0x49, \ + 0x44, 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, 0x65, \ + 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, \ + 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, \ + 0x6f, 0x6e, 0x20, 0x42, 0x41, 0x54, 0x43, 0x48, \ + 0x00, 0x22, 0x00, 0x02, 0x09, 0x20, 0x4b, 0x45, \ + 0x59, 0x20, 0x70, 0x72, 0x69, 0x6d, 0x65, 0x32, \ + 0x35, 0x36, 0x76, 0x31, 0x31, 0x25, 0x30, 0x23, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x09, 0x01, 0x16, 0x16, 0x74, 0x6f, 0x6f, \ + 0x6c, 0x73, 0x40, 0x66, 0x69, 0x64, 0x6f, 0x61, \ + 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x2e, \ + 0x6f, 0x72, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, \ + 0x00, 0x22, 0x00, 0x02, 0x0a, 0x03, 0x55, 0x04, \ + 0x0a, 0x0c, 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, \ + 0x41, 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, \ + 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, \ + 0x0b, 0x0c, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65, \ + 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x6f, 0x72, \ + 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, \ + 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x0b, 0x30, 0x09, \ + 0x00, 0x22, 0x00, 0x02, 0x0b, 0x06, 0x03, 0x55, \ + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, \ + 0x02, 0x4d, 0x59, 0x31, 0x12, 0x30, 0x10, 0x06, \ + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x57, 0x61, \ + 0x6b, 0x65, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x30, \ + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, \ + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, \ + 0x00, 0x22, 0x00, 0x02, 0x0c, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xad, \ + 0x51, 0xdc, 0x74, 0x2c, 0x37, 0x7f, 0x78, 0x38, \ + 0x2d, 0x2a, 0x3f, 0x40, 0xe9, 0xe3, 0xae, 0xb5, \ + 0x9e, 0x45, 0x93, 0xf2, 0x82, 0xc6, 0xc4, 0x82, \ + 0xfb, 0xd6, 0xd7, 0x1b, 0xda, 0x7c, 0xec, 0x0c, \ + 0x5c, 0x8e, 0x8a, 0xd3, 0xdd, 0x0a, 0xf5, 0x56, \ + 0x43, 0xf0, 0xfc, 0x0b, 0x0d, 0xd7, 0xe9, 0x0a, \ + 0x00, 0x22, 0x00, 0x02, 0x0d, 0xeb, 0x0e, 0xbc, \ + 0x4f, 0x12, 0x27, 0xd7, 0xbc, 0xb0, 0xa9, 0x15, \ + 0x1f, 0x49, 0x6e, 0x10, 0xa3, 0x2c, 0x30, 0x2a, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1e, 0xd3, \ + 0xe9, 0x9a, 0xaf, 0x89, 0x9a, 0xb7, 0x10, 0x61, \ + 0xa3, 0xae, 0x74, 0x7f, 0x3a, 0x96, 0x96, 0xda, \ + 0x00, 0x22, 0x00, 0x02, 0x0e, 0xce, 0x61, 0x30, \ + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, \ + 0x02, 0x21, 0x00, 0x8e, 0xd7, 0x9c, 0xbe, 0x8f, \ + 0x99, 0xe0, 0xcf, 0x88, 0x04, 0x7e, 0xc0, 0xe1, \ + 0x5a, 0xaa, 0x4a, 0xa3, 0xd7, 0xfc, 0x53, 0x9f, \ + 0x8f, 0x13, 0x66, 0xe7, 0x03, 0x8f, 0xb8, 0x6d, \ + 0x8b, 0xb1, 0x44, 0x02, 0x20, 0x16, 0x68, 0xa5, \ + 0x00, 0x22, 0x00, 0x02, 0x0f, 0xf9, 0x62, 0x9a, \ + 0xc9, 0xf9, 0x27, 0x88, 0x38, 0x91, 0x69, 0x2f, \ + 0x1f, 0xdf, 0xb0, 0xe3, 0x49, 0x0c, 0xaa, 0x3d, \ + 0x4c, 0x10, 0xf4, 0x9c, 0xee, 0xd8, 0xd8, 0x28, \ + 0x01, 0x26, 0x04, 0xf5, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 static const unsigned char cdh[32] = { 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, @@ -30,27 +314,27 @@ static const unsigned char authdata[198] = { 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64, 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2, 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, 0x83, 0x1d, - 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, 0x00, 0xf8, + 0x97, 0x63, 0x41, 0x00, 0x00, 0x00, 0x04, 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, 0x00, - 0x40, 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, - 0xc5, 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, - 0x53, 0xa8, 0xbf, 0x9d, 0xd6, 0x09, 0x6b, 0x5e, - 0x7f, 0xe0, 0x0d, 0x51, 0x30, 0x85, 0x6a, 0xda, - 0x68, 0x70, 0x85, 0xb0, 0xdb, 0x08, 0x0b, 0x83, - 0x2c, 0xef, 0x44, 0xe2, 0x36, 0x88, 0xee, 0x76, - 0x90, 0x6e, 0x7b, 0x50, 0x3e, 0x9a, 0xa0, 0xd6, - 0x3c, 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, - 0x25, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, - 0x21, 0x58, 0x20, 0x17, 0x5b, 0x27, 0xa6, 0x56, - 0xb2, 0x26, 0x0c, 0x26, 0x0c, 0x55, 0x42, 0x78, - 0x17, 0x5d, 0x4c, 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, - 0x54, 0xdf, 0xd5, 0xeb, 0xbf, 0x22, 0x64, 0xf5, - 0x21, 0x9a, 0xc6, 0x22, 0x58, 0x20, 0x87, 0x5f, - 0x90, 0xe6, 0xfd, 0x71, 0x27, 0x9f, 0xeb, 0xe3, - 0x03, 0x44, 0xbc, 0x8d, 0x49, 0xc6, 0x1c, 0x31, - 0x3b, 0x72, 0xae, 0xd4, 0x53, 0xb1, 0xfe, 0x5d, - 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, + 0x40, 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, + 0x38, 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, + 0x95, 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, + 0xbb, 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, + 0x20, 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, + 0xd6, 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, + 0x35, 0x29, 0xf5, 0x09, 0x76, 0x91, 0x20, 0x94, + 0x42, 0xc4, 0x52, 0x8b, 0x18, 0xca, 0xe1, 0x3d, + 0x12, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, + 0x21, 0x58, 0x20, 0xf8, 0x28, 0x2e, 0x88, 0x10, + 0xfe, 0xa4, 0xda, 0x50, 0x6c, 0xef, 0x2d, 0x48, + 0x0d, 0xba, 0x71, 0xaf, 0xb8, 0x76, 0x78, 0xb8, + 0xc3, 0x32, 0x80, 0x0d, 0x8c, 0x1f, 0xba, 0xb4, + 0xbf, 0xa0, 0xa1, 0x22, 0x58, 0x20, 0xc3, 0x88, + 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, 0x21, 0xf3, + 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, 0x6b, 0x30, + 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, 0xc7, 0xe8, + 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d }; static const unsigned char authdata_dupkeys[200] = { @@ -278,27 +562,27 @@ static const unsigned char x509[742] = { 0x07, 0x49, 0xd6, 0xe7, 0x4d, 0x9a, }; -const unsigned char sig[70] = { - 0x30, 0x44, 0x02, 0x20, 0x54, 0x92, 0x28, 0x3b, - 0x83, 0x33, 0x47, 0x56, 0x68, 0x79, 0xb2, 0x0c, - 0x84, 0x80, 0xcc, 0x67, 0x27, 0x8b, 0xfa, 0x48, - 0x43, 0x0d, 0x3c, 0xb4, 0x02, 0x36, 0x87, 0x97, - 0x3e, 0xdf, 0x2f, 0x65, 0x02, 0x20, 0x1b, 0x56, - 0x17, 0x06, 0xe2, 0x26, 0x0f, 0x6a, 0xe9, 0xa9, - 0x70, 0x99, 0x62, 0xeb, 0x3a, 0x04, 0x1a, 0xc4, - 0xa7, 0x03, 0x28, 0x56, 0x7c, 0xed, 0x47, 0x08, - 0x68, 0x73, 0x6a, 0xb6, 0x89, 0x0d, +const unsigned char sig[71] = { + 0x30, 0x45, 0x02, 0x21, 0x00, 0x89, 0xec, 0x44, + 0xbc, 0xa9, 0x4a, 0x8d, 0xf8, 0x38, 0xa1, 0x86, + 0x39, 0x8f, 0xbd, 0xca, 0x4f, 0x0c, 0xe4, 0x60, + 0xa1, 0x62, 0xb7, 0x93, 0x9a, 0x42, 0x8a, 0xcc, + 0x74, 0x6c, 0x9e, 0x6e, 0xc2, 0x02, 0x20, 0x64, + 0x04, 0x4a, 0xfb, 0x7c, 0xcf, 0x94, 0x12, 0xef, + 0x17, 0xc5, 0x4f, 0x48, 0xb6, 0xbc, 0x72, 0xc8, + 0x39, 0x6d, 0x64, 0xb6, 0x23, 0xe3, 0xc8, 0xcb, + 0x62, 0xd8, 0x6b, 0x90, 0x32, 0xc7, 0x99, }; const unsigned char pubkey[64] = { - 0x17, 0x5b, 0x27, 0xa6, 0x56, 0xb2, 0x26, 0x0c, - 0x26, 0x0c, 0x55, 0x42, 0x78, 0x17, 0x5d, 0x4c, - 0xf8, 0xa2, 0xfd, 0x1b, 0xb9, 0x54, 0xdf, 0xd5, - 0xeb, 0xbf, 0x22, 0x64, 0xf5, 0x21, 0x9a, 0xc6, - 0x87, 0x5f, 0x90, 0xe6, 0xfd, 0x71, 0x27, 0x9f, - 0xeb, 0xe3, 0x03, 0x44, 0xbc, 0x8d, 0x49, 0xc6, - 0x1c, 0x31, 0x3b, 0x72, 0xae, 0xd4, 0x53, 0xb1, - 0xfe, 0x5d, 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, + 0xf8, 0x28, 0x2e, 0x88, 0x10, 0xfe, 0xa4, 0xda, + 0x50, 0x6c, 0xef, 0x2d, 0x48, 0x0d, 0xba, 0x71, + 0xaf, 0xb8, 0x76, 0x78, 0xb8, 0xc3, 0x32, 0x80, + 0x0d, 0x8c, 0x1f, 0xba, 0xb4, 0xbf, 0xa0, 0xa1, + 0xc3, 0x88, 0x0f, 0x7e, 0x87, 0x05, 0x98, 0x32, + 0x21, 0xf3, 0x2d, 0xaf, 0x23, 0x8c, 0x08, 0x49, + 0x6b, 0x30, 0x6d, 0x8a, 0x53, 0x8a, 0xb2, 0xed, + 0xc7, 0xe8, 0xdf, 0x8a, 0x54, 0xf3, 0x0f, 0x8d, }; const unsigned char pubkey_tpm_rs256[259] = { @@ -349,14 +633,14 @@ const unsigned char pubkey_tpm_es256[64] = { }; const unsigned char id[64] = { - 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, - 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, - 0xa8, 0xbf, 0x9d, 0xd6, 0x09, 0x6b, 0x5e, 0x7f, - 0xe0, 0x0d, 0x51, 0x30, 0x85, 0x6a, 0xda, 0x68, - 0x70, 0x85, 0xb0, 0xdb, 0x08, 0x0b, 0x83, 0x2c, - 0xef, 0x44, 0xe2, 0x36, 0x88, 0xee, 0x76, 0x90, - 0x6e, 0x7b, 0x50, 0x3e, 0x9a, 0xa0, 0xd6, 0x3c, - 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, + 0x19, 0x6a, 0xa6, 0xa4, 0xff, 0xa7, 0x1d, 0x38, + 0xf2, 0xa6, 0x87, 0x98, 0xf7, 0xf7, 0xc0, 0x95, + 0x57, 0x78, 0xda, 0xec, 0xb9, 0x73, 0xb7, 0xbb, + 0x97, 0x40, 0x31, 0x0d, 0xec, 0xc1, 0x5b, 0x20, + 0x84, 0x87, 0xae, 0xa8, 0xb7, 0xd0, 0x94, 0xd6, + 0xfc, 0x1d, 0x37, 0xbf, 0xaa, 0x33, 0x12, 0x35, + 0x29, 0xf5, 0x09, 0x76, 0x91, 0x20, 0x94, 0x42, + 0xc4, 0x52, 0x8b, 0x18, 0xca, 0xe1, 0x3d, 0x12, }; const unsigned char id_tpm_rs256[32] = { @@ -1365,6 +1649,506 @@ const unsigned char attstmt_tpm_es256[3841] = { 0x4e }; +const unsigned char x509_0_tpm_es256[1476] = { + 0x30, 0x82, 0x05, 0xc0, 0x30, 0x82, 0x03, 0xa8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x30, + 0xcd, 0xf2, 0x7e, 0x81, 0xc0, 0x43, 0x85, 0xa2, + 0xd7, 0x29, 0xef, 0xf7, 0x9f, 0xa5, 0x2b, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x41, + 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53, + 0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44, + 0x2d, 0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34, + 0x41, 0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37, + 0x41, 0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30, + 0x30, 0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31, + 0x41, 0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36, + 0x30, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x31, + 0x31, 0x30, 0x32, 0x31, 0x35, 0x30, 0x36, 0x35, + 0x33, 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36, + 0x30, 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36, + 0x5a, 0x30, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xdb, 0xd5, 0x9a, 0xfc, + 0x09, 0xa7, 0xc4, 0xa5, 0x5f, 0xbe, 0x5f, 0xa2, + 0xeb, 0xd6, 0x8e, 0xed, 0xc5, 0x67, 0xa6, 0xa7, + 0xd9, 0xb2, 0x46, 0xc6, 0xe0, 0xae, 0x0c, 0x02, + 0x25, 0x0a, 0xf2, 0xc5, 0x96, 0xdc, 0xb7, 0x0e, + 0xb9, 0x86, 0xd3, 0x51, 0xbb, 0x63, 0xf0, 0x4f, + 0x8a, 0x5e, 0xd7, 0xf7, 0xff, 0xbb, 0x29, 0xbd, + 0x58, 0xcf, 0x75, 0x02, 0x39, 0xcb, 0x80, 0xf1, + 0xd4, 0xb6, 0x75, 0x67, 0x2f, 0x27, 0x4d, 0x0c, + 0xcc, 0x18, 0x59, 0x87, 0xfa, 0x51, 0xd1, 0x80, + 0xb5, 0x1a, 0xac, 0xac, 0x29, 0x51, 0xcf, 0x27, + 0xaa, 0x74, 0xac, 0x3e, 0x59, 0x56, 0x67, 0xe4, + 0x42, 0xe8, 0x30, 0x35, 0xb2, 0xf6, 0x27, 0x91, + 0x62, 0x60, 0x42, 0x42, 0x12, 0xde, 0xfe, 0xdd, + 0xee, 0xe8, 0xa8, 0x82, 0xf9, 0xb1, 0x08, 0xd5, + 0x8d, 0x57, 0x9a, 0x29, 0xb9, 0xb4, 0xe9, 0x19, + 0x1e, 0x33, 0x7d, 0x37, 0xa0, 0xce, 0x2e, 0x53, + 0x13, 0x39, 0xb6, 0x12, 0x61, 0x63, 0xbf, 0xd3, + 0x42, 0xeb, 0x6f, 0xed, 0xc1, 0x8e, 0x26, 0xba, + 0x7d, 0x8b, 0x37, 0x7c, 0xbb, 0x42, 0x1e, 0x56, + 0x76, 0xda, 0xdb, 0x35, 0x6b, 0x80, 0xe1, 0x8e, + 0x00, 0xac, 0xd2, 0xfc, 0x22, 0x96, 0x14, 0x0c, + 0xf4, 0xe4, 0xc5, 0xad, 0x14, 0xb7, 0x4d, 0x46, + 0x63, 0x30, 0x79, 0x3a, 0x7c, 0x33, 0xb5, 0xe5, + 0x2e, 0xbb, 0x5f, 0xca, 0xf2, 0x75, 0xe3, 0x4e, + 0x99, 0x64, 0x1b, 0x26, 0x99, 0x60, 0x1a, 0x79, + 0xcc, 0x30, 0x2c, 0xb3, 0x4c, 0x59, 0xf7, 0x77, + 0x59, 0xd5, 0x90, 0x70, 0x21, 0x79, 0x8c, 0x1f, + 0x79, 0x0a, 0x12, 0x8b, 0x3b, 0x37, 0x2d, 0x97, + 0x39, 0x89, 0x92, 0x0c, 0x44, 0x7c, 0xe9, 0x9f, + 0xce, 0x6d, 0xad, 0xc5, 0xae, 0xea, 0x8e, 0x50, + 0x22, 0x37, 0xe0, 0xd1, 0x9e, 0xd6, 0xe6, 0xa8, + 0xcc, 0x21, 0xfb, 0xff, 0x02, 0x03, 0x01, 0x00, + 0x01, 0xa3, 0x82, 0x01, 0xf3, 0x30, 0x82, 0x01, + 0xef, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, + 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, + 0x80, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, + 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, + 0x6d, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01, + 0xff, 0x04, 0x63, 0x30, 0x61, 0x30, 0x5f, 0x06, + 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, + 0x15, 0x1f, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, + 0x30, 0x44, 0x1e, 0x42, 0x00, 0x54, 0x00, 0x43, + 0x00, 0x50, 0x00, 0x41, 0x00, 0x20, 0x00, 0x20, + 0x00, 0x54, 0x00, 0x72, 0x00, 0x75, 0x00, 0x73, + 0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, + 0x00, 0x20, 0x00, 0x50, 0x00, 0x6c, 0x00, 0x61, + 0x00, 0x74, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x72, + 0x00, 0x6d, 0x00, 0x20, 0x00, 0x20, 0x00, 0x49, + 0x00, 0x64, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, + 0x00, 0x69, 0x00, 0x74, 0x00, 0x79, 0x30, 0x10, + 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x09, 0x30, + 0x07, 0x06, 0x05, 0x67, 0x81, 0x05, 0x08, 0x03, + 0x30, 0x59, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x01, + 0x01, 0xff, 0x04, 0x4f, 0x30, 0x4d, 0xa4, 0x4b, + 0x30, 0x49, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05, + 0x67, 0x81, 0x05, 0x02, 0x01, 0x0c, 0x0b, 0x69, + 0x64, 0x3a, 0x35, 0x33, 0x35, 0x34, 0x34, 0x44, + 0x32, 0x30, 0x31, 0x17, 0x30, 0x15, 0x06, 0x05, + 0x67, 0x81, 0x05, 0x02, 0x02, 0x0c, 0x0c, 0x53, + 0x54, 0x33, 0x33, 0x48, 0x54, 0x50, 0x48, 0x41, + 0x48, 0x42, 0x34, 0x31, 0x16, 0x30, 0x14, 0x06, + 0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0c, 0x0b, + 0x69, 0x64, 0x3a, 0x30, 0x30, 0x34, 0x39, 0x30, + 0x30, 0x30, 0x34, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, + 0x45, 0x1a, 0xec, 0xfc, 0x91, 0x70, 0xf8, 0x83, + 0x8b, 0x9c, 0x47, 0x2f, 0x0b, 0x9f, 0x07, 0xf3, + 0x2f, 0x7c, 0xa2, 0x8a, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, + 0xa6, 0xee, 0xe3, 0x28, 0xdd, 0x40, 0x7f, 0x21, + 0xd2, 0x7b, 0x8c, 0x69, 0x2f, 0x8c, 0x08, 0x29, + 0xbc, 0x95, 0xb8, 0x30, 0x81, 0xb2, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, + 0x04, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x81, + 0x9f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x30, 0x02, 0x86, 0x81, 0x92, 0x68, 0x74, + 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x7a, 0x63, + 0x73, 0x70, 0x72, 0x6f, 0x64, 0x65, 0x75, 0x73, + 0x61, 0x69, 0x6b, 0x70, 0x75, 0x62, 0x6c, 0x69, + 0x73, 0x68, 0x2e, 0x62, 0x6c, 0x6f, 0x62, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x77, 0x69, 0x6e, + 0x64, 0x6f, 0x77, 0x73, 0x2e, 0x6e, 0x65, 0x74, + 0x2f, 0x65, 0x75, 0x73, 0x2d, 0x73, 0x74, 0x6d, + 0x2d, 0x6b, 0x65, 0x79, 0x69, 0x64, 0x2d, 0x31, + 0x61, 0x64, 0x62, 0x39, 0x39, 0x34, 0x61, 0x62, + 0x35, 0x38, 0x62, 0x65, 0x35, 0x37, 0x61, 0x30, + 0x63, 0x63, 0x39, 0x62, 0x39, 0x30, 0x30, 0x65, + 0x37, 0x38, 0x35, 0x31, 0x65, 0x31, 0x61, 0x34, + 0x33, 0x63, 0x30, 0x38, 0x36, 0x36, 0x30, 0x2f, + 0x62, 0x36, 0x63, 0x30, 0x64, 0x39, 0x38, 0x64, + 0x2d, 0x35, 0x37, 0x38, 0x61, 0x2d, 0x34, 0x62, + 0x66, 0x62, 0x2d, 0x61, 0x32, 0x64, 0x33, 0x2d, + 0x65, 0x64, 0x66, 0x65, 0x35, 0x66, 0x38, 0x32, + 0x30, 0x36, 0x30, 0x31, 0x2e, 0x63, 0x65, 0x72, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x02, 0x01, 0x00, 0x2a, 0x08, 0x30, 0x1f, + 0xfd, 0x8f, 0x80, 0x9b, 0x4b, 0x37, 0x82, 0x61, + 0x86, 0x36, 0x57, 0x90, 0xb5, 0x1d, 0x1f, 0xa3, + 0xae, 0x68, 0xac, 0xa7, 0x96, 0x6a, 0x25, 0x5e, + 0xc5, 0x82, 0x7c, 0x36, 0x64, 0x58, 0x11, 0xcb, + 0xa5, 0xee, 0xbf, 0xc4, 0xdb, 0xa0, 0xc7, 0x82, + 0x3b, 0xa3, 0x85, 0x9b, 0xc4, 0xee, 0x07, 0x36, + 0xd7, 0xc7, 0xb6, 0x23, 0xed, 0xc2, 0x73, 0xab, + 0xbe, 0xbe, 0xee, 0x63, 0x17, 0xf9, 0xd7, 0x7a, + 0x23, 0x7b, 0xf8, 0x09, 0x7a, 0xaa, 0x7f, 0x67, + 0xc3, 0x04, 0x84, 0x71, 0x9b, 0x06, 0x9c, 0x07, + 0x42, 0x4b, 0x65, 0x41, 0x56, 0x58, 0x14, 0x92, + 0xb0, 0xb9, 0xaf, 0xa1, 0x39, 0xd4, 0x08, 0x2d, + 0x71, 0xd5, 0x6c, 0x56, 0xb9, 0x2b, 0x1e, 0xf3, + 0x93, 0xa5, 0xe9, 0xb2, 0x9b, 0x4d, 0x05, 0x2b, + 0xbc, 0xd2, 0x20, 0x57, 0x3b, 0xa4, 0x01, 0x68, + 0x8c, 0x23, 0x20, 0x7d, 0xbb, 0x71, 0xe4, 0x2a, + 0x24, 0xba, 0x75, 0x0c, 0x89, 0x54, 0x22, 0xeb, + 0x0e, 0xb2, 0xf4, 0xc2, 0x1f, 0x02, 0xb7, 0xe3, + 0x06, 0x41, 0x15, 0x6b, 0xf3, 0xc8, 0x2d, 0x5b, + 0xc2, 0x21, 0x82, 0x3e, 0xe8, 0x95, 0x40, 0x39, + 0x9e, 0x91, 0x68, 0x33, 0x0c, 0x3d, 0x45, 0xef, + 0x99, 0x79, 0xe6, 0x32, 0xc9, 0x00, 0x84, 0x36, + 0xfb, 0x0a, 0x8d, 0x41, 0x1c, 0x32, 0x64, 0x06, + 0x9e, 0x0f, 0xb5, 0x04, 0xcc, 0x08, 0xb1, 0xb6, + 0x2b, 0xcf, 0x36, 0x0f, 0x73, 0x14, 0x8e, 0x25, + 0x44, 0xb3, 0x0c, 0x34, 0x14, 0x96, 0x0c, 0x8a, + 0x65, 0xa1, 0xde, 0x8e, 0xc8, 0x9d, 0xbe, 0x66, + 0xdf, 0x06, 0x91, 0xca, 0x15, 0x0f, 0x92, 0xd5, + 0x2a, 0x0b, 0xdc, 0x4c, 0x6a, 0xf3, 0x16, 0x4a, + 0x3e, 0xb9, 0x76, 0xbc, 0xfe, 0x62, 0xd4, 0xa8, + 0xcd, 0x94, 0x78, 0x0d, 0xdd, 0x94, 0xfd, 0x5e, + 0x63, 0x57, 0x27, 0x05, 0x9c, 0xd0, 0x80, 0x91, + 0x91, 0x79, 0xe8, 0x5e, 0x18, 0x64, 0x22, 0xe4, + 0x2c, 0x13, 0x65, 0xa4, 0x51, 0x5a, 0x1e, 0x3b, + 0x71, 0x2e, 0x70, 0x9f, 0xc4, 0xa5, 0x20, 0xcd, + 0xef, 0xd8, 0x3f, 0xa4, 0xf5, 0x89, 0x8a, 0xa5, + 0x4f, 0x76, 0x2d, 0x49, 0x56, 0x00, 0x8d, 0xde, + 0x40, 0xba, 0x24, 0x46, 0x51, 0x38, 0xad, 0xdb, + 0xc4, 0x04, 0xf4, 0x6e, 0xc0, 0x29, 0x48, 0x07, + 0x6a, 0x1b, 0x26, 0x32, 0x0a, 0xfb, 0xea, 0x71, + 0x2a, 0x11, 0xfc, 0x98, 0x7c, 0x44, 0x87, 0xbc, + 0x06, 0x3a, 0x4d, 0xbd, 0x91, 0x63, 0x4f, 0x26, + 0x48, 0x54, 0x47, 0x1b, 0xbd, 0xf0, 0xf1, 0x56, + 0x05, 0xc5, 0x0f, 0x8f, 0x20, 0xa5, 0xcc, 0xfb, + 0x76, 0xb0, 0xbd, 0x83, 0xde, 0x7f, 0x39, 0x4f, + 0xcf, 0x61, 0x74, 0x52, 0xa7, 0x1d, 0xf6, 0xb5, + 0x5e, 0x4a, 0x82, 0x20, 0xc1, 0x94, 0xaa, 0x2c, + 0x33, 0xd6, 0x0a, 0xf9, 0x8f, 0x92, 0xc6, 0x29, + 0x80, 0xf5, 0xa2, 0xb1, 0xff, 0xb6, 0x2b, 0xaa, + 0x04, 0x00, 0x72, 0xb4, 0x12, 0xbb, 0xb1, 0xf1, + 0x3c, 0x88, 0xa3, 0xab, 0x49, 0x17, 0x90, 0x80, + 0x59, 0xa2, 0x96, 0x41, 0x69, 0x74, 0x33, 0x8a, + 0x28, 0x33, 0x7e, 0xb3, 0x19, 0x92, 0x28, 0xc1, + 0xf0, 0xd1, 0x82, 0xd5, 0x42, 0xff, 0xe7, 0xa5, + 0x3f, 0x1e, 0xb6, 0x4a, 0x23, 0xcc, 0x6a, 0x7f, + 0x15, 0x15, 0x52, 0x25, 0xb1, 0xca, 0x21, 0x95, + 0x11, 0x53, 0x3e, 0x1f, 0x50, 0x33, 0x12, 0x7a, + 0x62, 0xce, 0xcc, 0x71, 0xc2, 0x5f, 0x34, 0x47, + 0xc6, 0x7c, 0x71, 0xfa, 0xa0, 0x54, 0x00, 0xb2, + 0xdf, 0xc5, 0x54, 0xac, 0x6c, 0x53, 0xef, 0x64, + 0x6b, 0x08, 0x82, 0xd8, 0x16, 0x1e, 0xca, 0x40, + 0xf3, 0x1f, 0xdf, 0x56, 0x63, 0x10, 0xbc, 0xd7, + 0xa0, 0xeb, 0xee, 0xd1, 0x95, 0xe5, 0xef, 0xf1, + 0x6a, 0x83, 0x2d, 0x5a +}; + +const unsigned char x509_1_tpm_es256[1775] = { + 0x30, 0x82, 0x06, 0xeb, 0x30, 0x82, 0x04, 0xd3, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x33, + 0x00, 0x00, 0x05, 0x23, 0xbf, 0xe8, 0xa1, 0x1a, + 0x2a, 0x68, 0xbd, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x05, 0x23, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, + 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, + 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, + 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x2d, 0x4d, 0x69, 0x63, 0x72, 0x6f, + 0x73, 0x6f, 0x66, 0x74, 0x20, 0x54, 0x50, 0x4d, + 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x34, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, + 0x30, 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36, + 0x5a, 0x17, 0x0d, 0x32, 0x37, 0x30, 0x36, 0x30, + 0x33, 0x31, 0x39, 0x34, 0x30, 0x31, 0x36, 0x5a, + 0x30, 0x41, 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x36, 0x45, 0x55, 0x53, + 0x2d, 0x53, 0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59, + 0x49, 0x44, 0x2d, 0x31, 0x41, 0x44, 0x42, 0x39, + 0x39, 0x34, 0x41, 0x42, 0x35, 0x38, 0x42, 0x45, + 0x35, 0x37, 0x41, 0x30, 0x43, 0x43, 0x39, 0x42, + 0x39, 0x30, 0x30, 0x45, 0x37, 0x38, 0x35, 0x31, + 0x45, 0x31, 0x41, 0x34, 0x33, 0x43, 0x30, 0x38, + 0x36, 0x36, 0x30, 0x30, 0x82, 0x02, 0x22, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, + 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, + 0x82, 0x02, 0x01, 0x00, 0xdb, 0x03, 0x34, 0x82, + 0xfa, 0x81, 0x1c, 0x84, 0x0b, 0xa0, 0x0e, 0x60, + 0xd8, 0x9d, 0x84, 0xf4, 0x81, 0xc4, 0xe9, 0xff, + 0xcf, 0xe9, 0xa3, 0x57, 0x53, 0x60, 0xa8, 0x19, + 0xce, 0xbe, 0xe1, 0x97, 0xee, 0x5d, 0x8c, 0x9f, + 0xe4, 0xbd, 0xef, 0xbd, 0x94, 0x14, 0xe4, 0x74, + 0x41, 0x02, 0xe9, 0x03, 0x19, 0x9f, 0xdd, 0x48, + 0x2d, 0xbd, 0xca, 0x26, 0x47, 0x2c, 0x01, 0x31, + 0x5f, 0x34, 0xef, 0x59, 0x35, 0x48, 0x36, 0x3d, + 0x1e, 0xdf, 0xd8, 0x13, 0xf0, 0xd0, 0x67, 0xc1, + 0xb0, 0x47, 0x67, 0xa2, 0xd6, 0x62, 0xc8, 0xe1, + 0x00, 0x36, 0x8b, 0x45, 0xf6, 0x3b, 0x96, 0x60, + 0xa0, 0x45, 0x26, 0xcb, 0xc7, 0x0b, 0x5b, 0x97, + 0xd1, 0xaf, 0x54, 0x25, 0x7a, 0x67, 0xe4, 0x2a, + 0xd8, 0x9d, 0x53, 0x05, 0xbd, 0x12, 0xac, 0xa2, + 0x8e, 0x95, 0xb4, 0x2a, 0xca, 0x89, 0x93, 0x64, + 0x97, 0x25, 0xdc, 0x1f, 0xa9, 0xe0, 0x55, 0x07, + 0x38, 0x1d, 0xee, 0x02, 0x90, 0x22, 0xf5, 0xad, + 0x4e, 0x5c, 0xf8, 0xc5, 0x1f, 0x9e, 0x84, 0x7e, + 0x13, 0x47, 0x52, 0xa2, 0x36, 0xf9, 0xf6, 0xbf, + 0x76, 0x9e, 0x0f, 0xdd, 0x14, 0x99, 0xb9, 0xd8, + 0x5a, 0x42, 0x3d, 0xd8, 0xbf, 0xdd, 0xb4, 0x9b, + 0xbf, 0x6a, 0x9f, 0x89, 0x13, 0x75, 0xaf, 0x96, + 0xd2, 0x72, 0xdf, 0xb3, 0x80, 0x6f, 0x84, 0x1a, + 0x9d, 0x06, 0x55, 0x09, 0x29, 0xea, 0xa7, 0x05, + 0x31, 0xec, 0x47, 0x3a, 0xcf, 0x3f, 0x9c, 0x2c, + 0xbd, 0xd0, 0x7d, 0xe4, 0x75, 0x5b, 0x33, 0xbe, + 0x12, 0x86, 0x09, 0xcf, 0x66, 0x9a, 0xeb, 0xf8, + 0xf8, 0x72, 0x91, 0x88, 0x4a, 0x5e, 0x89, 0x62, + 0x6a, 0x94, 0xdc, 0x48, 0x37, 0x13, 0xd8, 0x91, + 0x02, 0xe3, 0x42, 0x41, 0x7c, 0x2f, 0xe3, 0xb6, + 0x0f, 0xb4, 0x96, 0x06, 0x80, 0xca, 0x28, 0x01, + 0x6f, 0x4b, 0xcd, 0x28, 0xd4, 0x2c, 0x94, 0x7e, + 0x40, 0x7e, 0xdf, 0x01, 0xe5, 0xf2, 0x33, 0xd4, + 0xda, 0xf4, 0x1a, 0x17, 0xf7, 0x5d, 0xcb, 0x66, + 0x2c, 0x2a, 0xeb, 0xe1, 0xb1, 0x4a, 0xc3, 0x85, + 0x63, 0xb2, 0xac, 0xd0, 0x3f, 0x1a, 0x8d, 0xa5, + 0x0c, 0xee, 0x4f, 0xde, 0x74, 0x9c, 0xe0, 0x5a, + 0x10, 0xc7, 0xb8, 0xe4, 0xec, 0xe7, 0x73, 0xa6, + 0x41, 0x42, 0x37, 0xe1, 0xdf, 0xb9, 0xc7, 0xb5, + 0x14, 0xa8, 0x80, 0x95, 0xa0, 0x12, 0x67, 0x99, + 0xf5, 0xba, 0x25, 0x0a, 0x74, 0x86, 0x71, 0x9c, + 0x7f, 0x59, 0x97, 0xd2, 0x3f, 0x10, 0xfe, 0x6a, + 0xb9, 0xe4, 0x47, 0x36, 0xfb, 0x0f, 0x50, 0xee, + 0xfc, 0x87, 0x99, 0x7e, 0x36, 0x64, 0x1b, 0xc7, + 0x13, 0xb3, 0x33, 0x18, 0x71, 0xa4, 0xc3, 0xb0, + 0xfc, 0x45, 0x37, 0x11, 0x40, 0xb3, 0xde, 0x2c, + 0x9f, 0x0a, 0xcd, 0xaf, 0x5e, 0xfb, 0xd5, 0x9c, + 0xea, 0xd7, 0x24, 0x19, 0x3a, 0x92, 0x80, 0xa5, + 0x63, 0xc5, 0x3e, 0xdd, 0x51, 0xd0, 0x9f, 0xb8, + 0x5e, 0xd5, 0xf1, 0xfe, 0xa5, 0x93, 0xfb, 0x7f, + 0xd9, 0xb8, 0xb7, 0x0e, 0x0d, 0x12, 0x71, 0xf0, + 0x52, 0x9d, 0xe9, 0xd0, 0xd2, 0x8b, 0x38, 0x8b, + 0x85, 0x83, 0x98, 0x24, 0x88, 0xe8, 0x42, 0x30, + 0x83, 0x12, 0xef, 0x09, 0x96, 0x2f, 0x21, 0x81, + 0x05, 0x30, 0x0c, 0xbb, 0xba, 0x21, 0x39, 0x16, + 0x12, 0xe8, 0x4b, 0x7b, 0x7a, 0x66, 0xb8, 0x22, + 0x2c, 0x71, 0xaf, 0x59, 0xa1, 0xfc, 0x61, 0xf1, + 0xb4, 0x5e, 0xfc, 0x43, 0x19, 0x45, 0x6e, 0xa3, + 0x45, 0xe4, 0xcb, 0x66, 0x5f, 0xe0, 0x57, 0xf6, + 0x0a, 0x30, 0xa3, 0xd6, 0x51, 0x24, 0xc9, 0x07, + 0x55, 0x82, 0x4a, 0x66, 0x0e, 0x9d, 0xb2, 0x2f, + 0x84, 0x56, 0x6c, 0x3e, 0x71, 0xef, 0x9b, 0x35, + 0x4d, 0x72, 0xdc, 0x46, 0x2a, 0xe3, 0x7b, 0x13, + 0x20, 0xbf, 0xab, 0x77, 0x02, 0x03, 0x01, 0x00, + 0x01, 0xa3, 0x82, 0x01, 0x8e, 0x30, 0x82, 0x01, + 0x8a, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, + 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, + 0x84, 0x30, 0x1b, 0x06, 0x03, 0x55, 0x1d, 0x25, + 0x04, 0x14, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, + 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x24, 0x06, + 0x05, 0x67, 0x81, 0x05, 0x08, 0x03, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x0f, 0x30, + 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, + 0x04, 0x01, 0x82, 0x37, 0x15, 0x1f, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, + 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, + 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, + 0x0e, 0x04, 0x16, 0x04, 0x14, 0x45, 0x1a, 0xec, + 0xfc, 0x91, 0x70, 0xf8, 0x83, 0x8b, 0x9c, 0x47, + 0x2f, 0x0b, 0x9f, 0x07, 0xf3, 0x2f, 0x7c, 0xa2, + 0x8a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7a, 0x8c, + 0x0a, 0xce, 0x2f, 0x48, 0x62, 0x17, 0xe2, 0x94, + 0xd1, 0xae, 0x55, 0xc1, 0x52, 0xec, 0x71, 0x74, + 0xa4, 0x56, 0x30, 0x70, 0x06, 0x03, 0x55, 0x1d, + 0x1f, 0x04, 0x69, 0x30, 0x67, 0x30, 0x65, 0xa0, + 0x63, 0xa0, 0x61, 0x86, 0x5f, 0x68, 0x74, 0x74, + 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, + 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, + 0x69, 0x6f, 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c, + 0x2f, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, + 0x66, 0x74, 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d, + 0x25, 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, + 0x32, 0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x34, + 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x7d, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, + 0x04, 0x71, 0x30, 0x6f, 0x30, 0x6d, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, + 0x86, 0x61, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, + 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, + 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, + 0x73, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, + 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, + 0x74, 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d, 0x25, + 0x32, 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32, + 0x30, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x25, 0x32, 0x30, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x25, 0x32, 0x30, 0x32, 0x30, 0x31, 0x34, 0x2e, + 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x48, + 0x24, 0x32, 0xe8, 0xd6, 0x38, 0xda, 0x65, 0xec, + 0x1b, 0x18, 0x8e, 0x37, 0x07, 0xd5, 0x18, 0x5a, + 0xc8, 0xb9, 0xbb, 0x24, 0x8a, 0x4d, 0xa1, 0x3c, + 0x9e, 0x46, 0x76, 0xcf, 0xa5, 0xdf, 0xd7, 0x61, + 0xba, 0x05, 0x89, 0x3c, 0x13, 0xc2, 0x1f, 0x71, + 0xe3, 0xec, 0x5d, 0x54, 0x9e, 0xd9, 0x01, 0x5a, + 0x10, 0x3b, 0x17, 0x75, 0xde, 0xa1, 0x45, 0xbf, + 0x1d, 0x1b, 0x41, 0x21, 0x42, 0x68, 0x22, 0x6b, + 0xbb, 0xcb, 0x11, 0x04, 0xd2, 0xae, 0x86, 0xcf, + 0x73, 0x5a, 0xf2, 0x80, 0x18, 0x00, 0xf0, 0xd6, + 0x6c, 0x5a, 0x1e, 0xb3, 0x4d, 0x30, 0x02, 0x4a, + 0x6a, 0x03, 0x36, 0x42, 0xde, 0xb2, 0x52, 0x55, + 0xff, 0x71, 0xeb, 0x7b, 0x8b, 0x55, 0x6c, 0xdf, + 0x05, 0x35, 0x47, 0x70, 0x53, 0xfb, 0x6c, 0xba, + 0x06, 0xb2, 0x61, 0x86, 0xdc, 0x2a, 0x64, 0x81, + 0x24, 0x79, 0x46, 0x73, 0x04, 0x55, 0x59, 0xed, + 0xd6, 0x06, 0x61, 0x15, 0xf9, 0x8d, 0x78, 0x39, + 0x7b, 0x84, 0x7a, 0x40, 0x45, 0x13, 0x1a, 0x91, + 0x71, 0x8f, 0xd1, 0x4f, 0x78, 0x10, 0x68, 0x9b, + 0x15, 0x79, 0x3f, 0x79, 0x2d, 0x9b, 0xc7, 0x5d, + 0xa3, 0xcf, 0xa9, 0x14, 0xb0, 0xc4, 0xdb, 0xa9, + 0x45, 0x6a, 0x6e, 0x60, 0x45, 0x0b, 0x14, 0x25, + 0xc7, 0x74, 0xd0, 0x36, 0xaf, 0xc5, 0xbd, 0x4f, + 0x7b, 0xc0, 0x04, 0x43, 0x85, 0xbb, 0x06, 0x36, + 0x77, 0x26, 0x02, 0x23, 0x0b, 0xf8, 0x57, 0x8f, + 0x1f, 0x27, 0x30, 0x95, 0xff, 0x83, 0x23, 0x2b, + 0x49, 0x33, 0x43, 0x62, 0x87, 0x5d, 0x27, 0x12, + 0x1a, 0x68, 0x7b, 0xba, 0x2d, 0xf6, 0xed, 0x2c, + 0x26, 0xb5, 0xbb, 0xe2, 0x6f, 0xc2, 0x61, 0x17, + 0xfc, 0x72, 0x14, 0x57, 0x2c, 0x2c, 0x5a, 0x92, + 0x13, 0x41, 0xc4, 0x7e, 0xb5, 0x64, 0x5b, 0x86, + 0x57, 0x13, 0x14, 0xff, 0xf5, 0x04, 0xb9, 0x3d, + 0x2d, 0xc3, 0xe9, 0x75, 0x1f, 0x68, 0x0b, 0xb5, + 0x76, 0xe1, 0x7d, 0xe3, 0xb0, 0x14, 0xa8, 0x45, + 0x05, 0x98, 0x81, 0x32, 0xc1, 0xf5, 0x49, 0x4d, + 0x58, 0xa4, 0xee, 0xd8, 0x84, 0xba, 0x65, 0x07, + 0x8d, 0xf7, 0x9a, 0xff, 0x7d, 0xa5, 0xbc, 0x9a, + 0xed, 0x4a, 0x5d, 0xa4, 0x97, 0x4b, 0x4d, 0x31, + 0x90, 0xb5, 0x7d, 0x28, 0x77, 0x25, 0x88, 0x1c, + 0xbf, 0x78, 0x22, 0xb2, 0xb5, 0x5c, 0x9a, 0xc9, + 0x63, 0x17, 0x96, 0xe9, 0xc2, 0x52, 0x30, 0xb8, + 0x9b, 0x37, 0x69, 0x1a, 0x6a, 0x66, 0x76, 0x18, + 0xac, 0xc0, 0x48, 0xee, 0x46, 0x5b, 0xbe, 0x6a, + 0xd5, 0x72, 0x07, 0xdc, 0x7d, 0x05, 0xbe, 0x76, + 0x7d, 0xa5, 0x5e, 0x53, 0xb5, 0x47, 0x80, 0x58, + 0xf0, 0xaf, 0x6f, 0x4e, 0xc0, 0xf1, 0x1e, 0x37, + 0x64, 0x15, 0x42, 0x96, 0x18, 0x3a, 0x89, 0xc8, + 0x14, 0x48, 0x89, 0x5c, 0x12, 0x88, 0x98, 0x0b, + 0x7b, 0x4e, 0xce, 0x1c, 0xda, 0xd5, 0xa4, 0xd3, + 0x32, 0x32, 0x74, 0x5b, 0xcc, 0xfd, 0x2b, 0x02, + 0xfb, 0xae, 0xd0, 0x5a, 0x4c, 0xc9, 0xc1, 0x35, + 0x19, 0x90, 0x5f, 0xca, 0x14, 0xeb, 0x4c, 0x17, + 0xd7, 0xe3, 0xe2, 0x5d, 0xb4, 0x49, 0xaa, 0xf0, + 0x50, 0x87, 0xc3, 0x20, 0x00, 0xda, 0xe9, 0x04, + 0x80, 0x64, 0xac, 0x9f, 0xcd, 0x26, 0x41, 0x48, + 0xe8, 0x4c, 0x46, 0xcc, 0x5b, 0xd7, 0xca, 0x4c, + 0x1b, 0x43, 0x43, 0x1e, 0xbd, 0x94, 0xe7, 0xa7, + 0xa6, 0x86, 0xe5, 0xd1, 0x78, 0x29, 0xa2, 0x40, + 0xc5, 0xc5, 0x47, 0xb6, 0x6d, 0x53, 0xde, 0xac, + 0x97, 0x74, 0x24, 0x57, 0xcc, 0x05, 0x93, 0xfd, + 0x52, 0x35, 0x29, 0xd5, 0xe0, 0xfa, 0x23, 0x0d, + 0xd7, 0xaa, 0x8b, 0x07, 0x4b, 0xf6, 0x64, 0xc7, + 0xad, 0x3c, 0xa1, 0xb5, 0xc5, 0x70, 0xaf, 0x46, + 0xfe, 0x9a, 0x82, 0x4d, 0x75, 0xb8, 0x6d +}; + +static const uint8_t x509_entattest[] = { + 0x30, 0x82, 0x02, 0x9a, 0x30, 0x82, 0x02, 0x40, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0xb0, 0x31, + 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x26, 0x46, 0x49, 0x44, 0x4f, 0x32, 0x20, + 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, + 0x73, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x54, + 0x45, 0x53, 0x54, 0x20, 0x52, 0x4f, 0x4f, 0x54, + 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x16, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x40, 0x66, + 0x69, 0x64, 0x6f, 0x61, 0x6c, 0x6c, 0x69, 0x61, + 0x6e, 0x63, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x0d, 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, + 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x03, 0x43, 0x57, 0x47, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, + 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x35, 0x31, + 0x33, 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, + 0x17, 0x0d, 0x32, 0x36, 0x31, 0x31, 0x30, 0x33, + 0x31, 0x33, 0x31, 0x39, 0x30, 0x38, 0x5a, 0x30, + 0x81, 0xcd, 0x31, 0x3a, 0x30, 0x38, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x31, 0x46, 0x49, 0x44, + 0x4f, 0x32, 0x20, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x20, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x42, 0x41, 0x54, 0x43, 0x48, 0x20, + 0x4b, 0x45, 0x59, 0x20, 0x70, 0x72, 0x69, 0x6d, + 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x31, 0x25, + 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x16, 0x74, + 0x6f, 0x6f, 0x6c, 0x73, 0x40, 0x66, 0x69, 0x64, + 0x6f, 0x61, 0x6c, 0x6c, 0x69, 0x61, 0x6e, 0x63, + 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x16, 0x30, + 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, + 0x46, 0x49, 0x44, 0x4f, 0x20, 0x41, 0x6c, 0x6c, + 0x69, 0x61, 0x6e, 0x63, 0x65, 0x31, 0x22, 0x30, + 0x20, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x19, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x6f, 0x72, 0x20, 0x41, 0x74, + 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x02, 0x4d, 0x59, 0x31, 0x12, 0x30, 0x10, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x09, 0x57, 0x61, + 0x6b, 0x65, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x30, + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, + 0x00, 0x04, 0xad, 0x51, 0xdc, 0x74, 0x2c, 0x37, + 0x7f, 0x78, 0x38, 0x2d, 0x2a, 0x3f, 0x40, 0xe9, + 0xe3, 0xae, 0xb5, 0x9e, 0x45, 0x93, 0xf2, 0x82, + 0xc6, 0xc4, 0x82, 0xfb, 0xd6, 0xd7, 0x1b, 0xda, + 0x7c, 0xec, 0x0c, 0x5c, 0x8e, 0x8a, 0xd3, 0xdd, + 0x0a, 0xf5, 0x56, 0x43, 0xf0, 0xfc, 0x0b, 0x0d, + 0xd7, 0xe9, 0x0a, 0xeb, 0x0e, 0xbc, 0x4f, 0x12, + 0x27, 0xd7, 0xbc, 0xb0, 0xa9, 0x15, 0x1f, 0x49, + 0x6e, 0x10, 0xa3, 0x2c, 0x30, 0x2a, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x1e, 0xd3, 0xe9, 0x9a, + 0xaf, 0x89, 0x9a, 0xb7, 0x10, 0x61, 0xa3, 0xae, + 0x74, 0x7f, 0x3a, 0x96, 0x96, 0xda, 0xce, 0x61, + 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, + 0x45, 0x02, 0x21, 0x00, 0x8e, 0xd7, 0x9c, 0xbe, + 0x8f, 0x99, 0xe0, 0xcf, 0x88, 0x04, 0x7e, 0xc0, + 0xe1, 0x5a, 0xaa, 0x4a, 0xa3, 0xd7, 0xfc, 0x53, + 0x9f, 0x8f, 0x13, 0x66, 0xe7, 0x03, 0x8f, 0xb8, + 0x6d, 0x8b, 0xb1, 0x44, 0x02, 0x20, 0x16, 0x68, + 0xa5, 0xf9, 0x62, 0x9a, 0xc9, 0xf9, 0x27, 0x88, + 0x38, 0x91, 0x69, 0x2f, 0x1f, 0xdf, 0xb0, 0xe3, + 0x49, 0x0c, 0xaa, 0x3d, 0x4c, 0x10, 0xf4, 0x9c, + 0xee, 0xd8, 0xd8, 0x28, 0x01, 0x26 +}; + /* * Security Key By Yubico * 5.1.X @@ -1386,43 +2170,6 @@ const unsigned char aaguid_tpm[16] = { const char rp_id[] = "localhost"; const char rp_name[] = "sweet home localhost"; -static void * -dummy_open(const char *path) -{ - (void)path; - - return (&fake_dev_handle); -} - -static void -dummy_close(void *handle) -{ - assert(handle == &fake_dev_handle); -} - -static int -dummy_read(void *handle, unsigned char *buf, size_t len, int ms) -{ - (void)handle; - (void)buf; - (void)len; - (void)ms; - - abort(); - /* NOTREACHED */ -} - -static int -dummy_write(void *handle, const unsigned char *buf, size_t len) -{ - (void)handle; - (void)buf; - (void)len; - - abort(); - /* NOTREACHED */ -} - static fido_cred_t * alloc_cred(void) { @@ -1464,7 +2211,6 @@ empty_cred(void) { fido_cred_t *c; fido_dev_t *d; - fido_dev_io_t io_f; c = alloc_cred(); assert(fido_cred_authdata_len(c) == 0); @@ -1488,23 +2234,15 @@ empty_cred(void) assert(fido_cred_x5c_ptr(c) == NULL); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); - memset(&io_f, 0, sizeof(io_f)); - - io_f.open = dummy_open; - io_f.close = dummy_close; - io_f.read = dummy_read; - io_f.write = dummy_write; - d = alloc_dev(); + setup_dummy_io(d); fido_dev_force_u2f(d); - assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK); assert(fido_dev_make_cred(d, c, NULL) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_make_cred(d, c, "") == FIDO_ERR_UNSUPPORTED_OPTION); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); fido_dev_force_fido2(d); - assert(fido_dev_set_io_functions(d, &io_f) == FIDO_OK); assert(fido_dev_make_cred(d, c, NULL) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_make_cred(d, c, "") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_cred_verify(c) == FIDO_ERR_INVALID_ARGUMENT); @@ -2135,6 +2873,13 @@ valid_tpm_es256_cred(bool xfail) assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK); assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK); assert(fido_cred_set_attstmt(c, attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == FIDO_OK); + assert(fido_cred_x5c_list_count(c) == 2); + assert(fido_cred_x5c_list_len(c, 0) == sizeof(x509_0_tpm_es256)); + assert(memcmp(fido_cred_x5c_list_ptr(c, 0), x509_0_tpm_es256, sizeof(x509_0_tpm_es256)) == 0); + assert(fido_cred_x5c_list_len(c, 1) == sizeof(x509_1_tpm_es256)); + assert(memcmp(fido_cred_x5c_list_ptr(c, 1), x509_1_tpm_es256, sizeof(x509_1_tpm_es256)) == 0); + assert(fido_cred_x5c_list_len(c, 2) == 0); + assert(fido_cred_x5c_list_ptr(c, 2) == NULL); // XXX: RHEL9 has deprecated SHA-1 for signing. assert(fido_cred_verify(c) == (xfail ? FIDO_ERR_INVALID_SIG : FIDO_OK)); assert(fido_cred_prot(c) == 0); @@ -2147,6 +2892,136 @@ valid_tpm_es256_cred(bool xfail) free_cred(c); } +static void +push_kv(cbor_item_t *map, const char *key, cbor_item_t *value) +{ + struct cbor_pair kv; + cbor_item_t *tmp; + + memset(&kv, 0, sizeof(kv)); + assert(map != NULL && key != NULL && value != NULL); + assert((tmp = cbor_build_string(key)) != NULL); + /* XXX transfers ownership */ + kv.key = cbor_move(tmp); + kv.value = cbor_move(value); + assert(cbor_map_add(map, kv)); +} + +static void +attestation_object(void) +{ + struct cbor_load_result cbor; + unsigned char *attobj = NULL; + size_t len, alloclen = 0; + cbor_item_t *map; + fido_cred_t *c; + + assert((map = cbor_new_definite_map(3)) != NULL); + push_kv(map, "fmt", cbor_build_string("tpm")); + push_kv(map, "attStmt", cbor_load(attstmt_tpm_es256, + sizeof(attstmt_tpm_es256), &cbor)); + push_kv(map, "authData", cbor_load(authdata_tpm_es256, + sizeof(authdata_tpm_es256), &cbor)); + assert((len = cbor_serialize_alloc(map, &attobj, &alloclen))); + cbor_decref(&map); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); + assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK); + assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK); + assert(fido_cred_set_attobj(c, attobj, len) == FIDO_OK); + assert(strcmp(fido_cred_fmt(c), "tpm") == 0); + assert(fido_cred_attstmt_len(c) == sizeof(attstmt_tpm_es256)); + assert(memcmp(fido_cred_attstmt_ptr(c), attstmt_tpm_es256, sizeof(attstmt_tpm_es256)) == 0); + assert(fido_cred_authdata_len(c) == sizeof(authdata_tpm_es256)); + assert(memcmp(fido_cred_authdata_ptr(c), authdata_tpm_es256, sizeof(authdata_tpm_es256)) == 0); + assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm_es256)); + assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm_es256, sizeof(pubkey_tpm_es256)) == 0); + assert(fido_cred_id_len(c) == sizeof(id_tpm_es256)); + assert(memcmp(fido_cred_id_ptr(c), id_tpm_es256, sizeof(id_tpm_es256)) == 0); + assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm)); + assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0); + free_cred(c); + free(attobj); +} + +static void +makecred(void) +{ + const uint8_t makecred_wiredata[] = { + WIREDATA_CTAP_CBOR_INFO, + REGRESS_WIREDATA_MAKECRED, + }; + uint8_t *wiredata; + fido_cred_t *c; + fido_dev_t *dev; + + assert((dev = fido_dev_new())); + wiredata = wiredata_setup(makecred_wiredata, sizeof(makecred_wiredata)); + setup_dummy_io(dev); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); + assert(fido_dev_make_cred(dev, c, NULL) == FIDO_OK); + assert(memcmp(fido_cred_pubkey_ptr(c), pubkey, sizeof(pubkey)) == 0); + assert(fido_cred_authdata_len(c) == sizeof(authdata)); + assert(memcmp(fido_cred_authdata_ptr(c), authdata, sizeof(authdata)) == 0); + assert(fido_cred_id_len(c) == sizeof(id)); + assert(memcmp(fido_cred_id_ptr(c), id, sizeof(id)) == 0); + assert(fido_cred_aaguid_len(c) == sizeof(aaguid)); + assert(memcmp(fido_cred_aaguid_ptr(c), aaguid, sizeof(aaguid)) == 0); + assert(fido_cred_x5c_len(c) == sizeof(x509)); + assert(memcmp(fido_cred_x5c_ptr(c), x509, sizeof(x509)) == 0); + assert(fido_cred_sig_len(c) == sizeof(sig)); + assert(memcmp(fido_cred_sig_ptr(c), sig, sizeof(sig)) == 0); + assert(fido_cred_verify(c) == FIDO_OK); + assert(!fido_cred_entattest(c)); + + fido_cred_free(&c); + wiredata_clear(&wiredata); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); +} + +static void +entattest(void) +{ + const uint8_t makecred_wiredata[] = { + WIREDATA_CTAP_CBOR_INFO, + REGRESS_WIREDATA_MAKECRED_ENTATTEST, + }; + uint8_t *wiredata; + fido_cred_t *c; + fido_dev_t *dev; + + assert((dev = fido_dev_new())); + wiredata = wiredata_setup(makecred_wiredata, sizeof(makecred_wiredata)); + setup_dummy_io(dev); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); + assert(fido_cred_set_entattest(c, 3) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_cred_set_entattest(c, FIDO_ENTATTEST_VENDOR) == FIDO_OK); + assert(fido_cred_set_clientdata_hash(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, "ep.fidoalliance.co.nz", NULL) == FIDO_OK); + assert(fido_dev_make_cred(dev, c, NULL) == FIDO_OK); + assert(fido_cred_x5c_len(c) == sizeof(x509_entattest)); + assert(memcmp(fido_cred_x5c_ptr(c), x509_entattest, sizeof(x509_entattest)) == 0); + assert(fido_cred_verify(c) == FIDO_OK); + assert(fido_cred_entattest(c)); + + fido_cred_free(&c); + wiredata_clear(&wiredata); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); +} + int main(void) { @@ -2180,6 +3055,9 @@ main(void) fmt_none(); valid_tpm_rs256_cred(xfail); valid_tpm_es256_cred(xfail); + attestation_object(); + makecred(); + entattest(); exit(0); } diff --git a/contrib/libfido2/regress/dev.c b/contrib/libfido2/regress/dev.c index 0ba552b70552..55107df34c71 100644 --- a/contrib/libfido2/regress/dev.c +++ b/contrib/libfido2/regress/dev.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -16,166 +16,16 @@ #include <fido.h> #include "../fuzz/wiredata_fido2.h" - -#define REPORT_LEN (64 + 1) - -static uint8_t ctap_nonce[8]; -static uint8_t *wiredata_ptr; -static size_t wiredata_len; -static int fake_dev_handle; -static int initialised; -static long interval_ms; - -#if defined(_MSC_VER) -static int -nanosleep(const struct timespec *rqtp, struct timespec *rmtp) -{ - if (rmtp != NULL) { - errno = EINVAL; - return (-1); - } - - Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000)); - - return (0); -} -#endif - -static void * -dummy_open(const char *path) -{ - (void)path; - - return (&fake_dev_handle); -} - -static void -dummy_close(void *handle) -{ - assert(handle == &fake_dev_handle); -} - -static int -dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) -{ - struct timespec tv; - size_t n; - long d; - - assert(handle == &fake_dev_handle); - assert(ptr != NULL); - assert(len == REPORT_LEN - 1); - - if (wiredata_ptr == NULL) - return (-1); - - if (!initialised) { - assert(wiredata_len >= REPORT_LEN - 1); - memcpy(&wiredata_ptr[7], &ctap_nonce, sizeof(ctap_nonce)); - initialised = 1; - } - - if (ms >= 0 && ms < interval_ms) - d = ms; - else - d = interval_ms; - - if (d) { - tv.tv_sec = d / 1000; - tv.tv_nsec = (d % 1000) * 1000000; - if (nanosleep(&tv, NULL) == -1) - err(1, "nanosleep"); - } - - if (d != interval_ms) - return (-1); /* timeout */ - - if (wiredata_len < len) - n = wiredata_len; - else - n = len; - - memcpy(ptr, wiredata_ptr, n); - wiredata_ptr += n; - wiredata_len -= n; - - return ((int)n); -} - -static int -dummy_write(void *handle, const unsigned char *ptr, size_t len) -{ - struct timespec tv; - - assert(handle == &fake_dev_handle); - assert(ptr != NULL); - assert(len == REPORT_LEN); - - if (!initialised) - memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); - - if (interval_ms) { - tv.tv_sec = interval_ms / 1000; - tv.tv_nsec = (interval_ms % 1000) * 1000000; - if (nanosleep(&tv, NULL) == -1) - err(1, "nanosleep"); - } - - return ((int)len); -} - -static uint8_t * -wiredata_setup(const uint8_t *data, size_t len) -{ - const uint8_t ctap_init_data[] = { WIREDATA_CTAP_INIT }; - - assert(wiredata_ptr == NULL); - assert(SIZE_MAX - len > sizeof(ctap_init_data)); - assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL); - -#if defined(_MSC_VER) -#pragma warning(push) -#pragma warning(disable:6386) -#endif - memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data)); -#if defined(_MSC_VER) -#pragma warning(pop) -#endif - - if (len) - memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len); - - wiredata_len = sizeof(ctap_init_data) + len; - - return (wiredata_ptr); -} - -static void -wiredata_clear(uint8_t **wiredata) -{ - free(*wiredata); - *wiredata = NULL; - wiredata_ptr = NULL; - wiredata_len = 0; - initialised = 0; -} +#include "extern.h" /* gh#56 */ static void open_iff_ok(void) { fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_RX); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); @@ -188,18 +38,10 @@ reopen(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); wiredata_clear(&wiredata); @@ -217,18 +59,10 @@ double_open(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_close(dev) == FIDO_OK); @@ -242,19 +76,11 @@ double_close(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); @@ -269,18 +95,10 @@ is_fido2(void) const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_is_fido2(dev) == true); assert(fido_dev_supports_pin(dev) == true); @@ -313,18 +131,10 @@ has_pin(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(set_pin_data, sizeof(set_pin_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_has_pin(dev) == false); assert(fido_dev_set_pin(dev, "top secret", NULL) == FIDO_OK); @@ -350,26 +160,18 @@ timeout_rx(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(timeout_rx_data, sizeof(timeout_rx_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_set_timeout(dev, 3 * 1000) == FIDO_OK); - interval_ms = 1000; + set_read_interval(1000); assert(fido_dev_reset(dev) == FIDO_ERR_RX); assert(fido_dev_close(dev) == FIDO_OK); fido_dev_free(&dev); wiredata_clear(&wiredata); - interval_ms = 0; + set_read_interval(0); } static void @@ -386,26 +188,18 @@ timeout_ok(void) }; uint8_t *wiredata; fido_dev_t *dev = NULL; - fido_dev_io_t io; - - memset(&io, 0, sizeof(io)); - - io.open = dummy_open; - io.close = dummy_close; - io.read = dummy_read; - io.write = dummy_write; wiredata = wiredata_setup(timeout_ok_data, sizeof(timeout_ok_data)); assert((dev = fido_dev_new()) != NULL); - assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + setup_dummy_io(dev); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_set_timeout(dev, 30 * 1000) == FIDO_OK); - interval_ms = 1000; + set_read_interval(1000); assert(fido_dev_reset(dev) == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); fido_dev_free(&dev); wiredata_clear(&wiredata); - interval_ms = 0; + set_read_interval(0); } static void diff --git a/contrib/libfido2/regress/extern.h b/contrib/libfido2/regress/extern.h new file mode 100644 index 000000000000..8bab9d4ae667 --- /dev/null +++ b/contrib/libfido2/regress/extern.h @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ +#ifndef REGRESS_EXTERN_H +#define REGRESS_EXTERN_H + +#include <fido.h> + +void setup_dummy_io(fido_dev_t *); +void set_read_interval(long); +uint8_t *wiredata_setup(const uint8_t *, size_t); +void wiredata_clear(uint8_t **); + +#endif diff --git a/contrib/libfido2/regress/mock.c b/contrib/libfido2/regress/mock.c new file mode 100644 index 000000000000..cfaeffc9a3d9 --- /dev/null +++ b/contrib/libfido2/regress/mock.c @@ -0,0 +1,182 @@ +/* + * Copyright (c) 2024 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + * SPDX-License-Identifier: BSD-2-Clause + */ + +#undef NDEBUG + +#include <assert.h> +#include <string.h> +#include <time.h> +#include <stdint.h> + +#define _FIDO_INTERNAL +#include <fido.h> + +#include "extern.h" +#include "../fuzz/wiredata_fido2.h" + +#define REPORT_LEN (64 + 1) + +static uint8_t ctap_nonce[8]; +static uint8_t *wiredata_ptr; +static size_t wiredata_len; +static int fake_dev_handle; +static int initialised; +static long interval_ms; + +#if defined(_MSC_VER) +static int +nanosleep(const struct timespec *rqtp, struct timespec *rmtp) +{ + if (rmtp != NULL) { + errno = EINVAL; + return (-1); + } + + Sleep((DWORD)(rqtp->tv_sec * 1000) + (DWORD)(rqtp->tv_nsec / 1000000)); + + return (0); +} +#endif + +static void * +dummy_open(const char *path) +{ + (void)path; + + return (&fake_dev_handle); +} + +static void +dummy_close(void *handle) +{ + assert(handle == &fake_dev_handle); +} + +static int +dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) +{ + struct timespec tv; + size_t n; + long d; + + assert(handle == &fake_dev_handle); + assert(ptr != NULL); + assert(len == REPORT_LEN - 1); + + if (wiredata_ptr == NULL) + return (-1); + + if (!initialised) { + assert(wiredata_len >= REPORT_LEN - 1); + memcpy(&wiredata_ptr[7], &ctap_nonce, sizeof(ctap_nonce)); + initialised = 1; + } + + if (ms >= 0 && ms < interval_ms) + d = ms; + else + d = interval_ms; + + if (d) { + tv.tv_sec = d / 1000; + tv.tv_nsec = (d % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + if (d != interval_ms) + return (-1); /* timeout */ + + if (wiredata_len < len) + n = wiredata_len; + else + n = len; + + memcpy(ptr, wiredata_ptr, n); + wiredata_ptr += n; + wiredata_len -= n; + + return ((int)n); +} + +static int +dummy_write(void *handle, const unsigned char *ptr, size_t len) +{ + struct timespec tv; + + assert(handle == &fake_dev_handle); + assert(ptr != NULL); + assert(len == REPORT_LEN); + + if (!initialised) + memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); + + if (interval_ms) { + tv.tv_sec = interval_ms / 1000; + tv.tv_nsec = (interval_ms % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + return ((int)len); +} + +uint8_t * +wiredata_setup(const uint8_t *data, size_t len) +{ + const uint8_t ctap_init_data[] = { WIREDATA_CTAP_INIT }; + + assert(wiredata_ptr == NULL); + assert(SIZE_MAX - len > sizeof(ctap_init_data)); + assert((wiredata_ptr = malloc(sizeof(ctap_init_data) + len)) != NULL); + +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable:6386) +#endif + memcpy(wiredata_ptr, ctap_init_data, sizeof(ctap_init_data)); +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + + if (len) + memcpy(wiredata_ptr + sizeof(ctap_init_data), data, len); + + wiredata_len = sizeof(ctap_init_data) + len; + + return (wiredata_ptr); +} + +void +wiredata_clear(uint8_t **wiredata) +{ + free(*wiredata); + *wiredata = NULL; + wiredata_ptr = NULL; + wiredata_len = 0; + initialised = 0; +} + +void +setup_dummy_io(fido_dev_t *dev) +{ + fido_dev_io_t io; + + memset(&io, 0, sizeof(io)); + io.open = dummy_open; + io.close = dummy_close; + io.read = dummy_read; + io.write = dummy_write; + + assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); +} + +void +set_read_interval(long ms) +{ + interval_ms = ms; +} diff --git a/contrib/libfido2/src/CMakeLists.txt b/contrib/libfido2/src/CMakeLists.txt index 73493b1ea8e4..4c54198907c6 100644 --- a/contrib/libfido2/src/CMakeLists.txt +++ b/contrib/libfido2/src/CMakeLists.txt @@ -151,8 +151,6 @@ endif() install(FILES fido.h DESTINATION include) install(DIRECTORY fido DESTINATION include) -if(NOT MSVC) - configure_file(libfido2.pc.in libfido2.pc @ONLY) - install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc" - DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig") -endif() +configure_file(libfido2.pc.in libfido2.pc @ONLY) +install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libfido2.pc" + DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig") diff --git a/contrib/libfido2/src/aes256.c b/contrib/libfido2/src/aes256.c index dcf716d65abb..0e4a34ddeb72 100644 --- a/contrib/libfido2/src/aes256.c +++ b/contrib/libfido2/src/aes256.c @@ -128,7 +128,11 @@ aes256_gcm(const fido_blob_t *key, const fido_blob_t *nonce, nonce->len, key->len, aad->len); goto fail; } - if (in->len > UINT_MAX || in->len > SIZE_MAX - 16 || in->len < 16) { + if (in->len > UINT_MAX || in->len > SIZE_MAX - 16) { + fido_log_debug("%s: invalid input len %zu", __func__, in->len); + goto fail; + } + if (!encrypt && in->len < 16) { fido_log_debug("%s: invalid input len %zu", __func__, in->len); goto fail; } diff --git a/contrib/libfido2/src/bio.c b/contrib/libfido2/src/bio.c index 57db85f53b23..3d73bf0007b1 100644 --- a/contrib/libfido2/src/bio.c +++ b/contrib/libfido2/src/bio.c @@ -57,6 +57,15 @@ fail: return (ok); } +static uint8_t +bio_get_cmd(const fido_dev_t *dev) +{ + if (dev->flags & (FIDO_DEV_BIO_SET|FIDO_DEV_BIO_UNSET)) + return (CTAP_CBOR_BIO_ENROLL); + + return (CTAP_CBOR_BIO_ENROLL_PRE); +} + static int bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc, const char *pin, const fido_blob_t *token, int *ms) @@ -66,7 +75,7 @@ bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc, fido_blob_t *ecdh = NULL; fido_blob_t f; fido_blob_t hmac; - const uint8_t cmd = CTAP_CBOR_BIO_ENROLL_PRE; + const uint8_t cmd = bio_get_cmd(dev); int r = FIDO_ERR_INTERNAL; memset(&f, 0, sizeof(f)); diff --git a/contrib/libfido2/src/cbor.c b/contrib/libfido2/src/cbor.c index ab99b34da085..b242cfa91e73 100644 --- a/contrib/libfido2/src/cbor.c +++ b/contrib/libfido2/src/cbor.c @@ -1133,6 +1133,64 @@ fail: } static int +decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg) +{ + fido_cred_t *cred = arg; + char *name = NULL; + int ok = -1; + + if (cbor_string_copy(key, &name) < 0) { + fido_log_debug("%s: cbor type", __func__); + ok = 0; /* ignore */ + goto fail; + } + + if (!strcmp(name, "fmt")) { + if (cbor_decode_fmt(val, &cred->fmt) < 0) { + fido_log_debug("%s: cbor_decode_fmt", __func__); + goto fail; + } + } else if (!strcmp(name, "attStmt")) { + if (cbor_decode_attstmt(val, &cred->attstmt) < 0) { + fido_log_debug("%s: cbor_decode_attstmt", __func__); + goto fail; + } + } else if (!strcmp(name, "authData")) { + if (fido_blob_decode(val, &cred->authdata_raw) < 0) { + fido_log_debug("%s: fido_blob_decode", __func__); + goto fail; + } + if (cbor_decode_cred_authdata(val, cred->type, + &cred->authdata_cbor, &cred->authdata, &cred->attcred, + &cred->authdata_ext) < 0) { + fido_log_debug("%s: cbor_decode_cred_authdata", + __func__); + goto fail; + } + } + + ok = 0; +fail: + free(name); + + return (ok); +} + +/* XXX introduce fido_attobj_t? */ +int +cbor_decode_attobj(const cbor_item_t *item, fido_cred_t *cred) +{ + if (cbor_isa_map(item) == false || + cbor_map_is_definite(item) == false || + cbor_map_iter(item, cred, decode_attobj) < 0) { + fido_log_debug("%s: cbor type", __func__); + return (-1); + } + + return (0); +} + +static int decode_cred_extension(const cbor_item_t *key, const cbor_item_t *val, void *arg) { fido_cred_ext_t *authdata_ext = arg; @@ -1386,12 +1444,47 @@ cbor_decode_assert_authdata(const cbor_item_t *item, fido_blob_t *authdata_cbor, static int decode_x5c(const cbor_item_t *item, void *arg) { - fido_blob_t *x5c = arg; + fido_blob_array_t *x5c = arg; + fido_blob_t *list_ptr = NULL; + fido_blob_t x5c_blob; + + memset(&x5c_blob, 0, sizeof(x5c_blob)); + + if (fido_blob_decode(item, &x5c_blob) < 0) { + fido_log_debug("%s: fido_blob_decode", __func__); + return (-1); + } + + if (x5c->len == SIZE_MAX) { + fido_blob_reset(&x5c_blob); + return (-1); + } + + if ((list_ptr = recallocarray(x5c->ptr, x5c->len, + x5c->len + 1, sizeof(x5c_blob))) == NULL) { + fido_blob_reset(&x5c_blob); + return (-1); + } + + list_ptr[x5c->len++] = x5c_blob; + x5c->ptr = list_ptr; - if (x5c->len) - return (0); /* ignore */ + return (0); +} - return (fido_blob_decode(item, x5c)); +static int +decode_x5c_array(const cbor_item_t *item, fido_blob_array_t *arr) +{ + if (arr->len) { + fido_log_debug("%s: dup", __func__); + return (-1); + } + if (cbor_isa_array(item) == false || + cbor_array_is_definite(item) == false) { + fido_log_debug("%s: cbor", __func__); + return (-1); + } + return (cbor_array_iter(item, arr, decode_x5c)); } static int @@ -1427,9 +1520,7 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg) goto out; } } else if (!strcmp(name, "x5c")) { - if (cbor_isa_array(val) == false || - cbor_array_is_definite(val) == false || - cbor_array_iter(val, &attstmt->x5c, decode_x5c) < 0) { + if (decode_x5c_array(val, &attstmt->x5c)) { fido_log_debug("%s: x5c", __func__); goto out; } diff --git a/contrib/libfido2/src/cred.c b/contrib/libfido2/src/cred.c index 4a7a7257c985..1fb0dfbd5cfa 100644 --- a/contrib/libfido2/src/cred.c +++ b/contrib/libfido2/src/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -39,6 +39,8 @@ parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg) &cred->authdata_ext)); case 3: /* attestation statement */ return (cbor_decode_attstmt(val, &cred->attstmt)); + case 4: /* enterprise attestation */ + return (cbor_decode_bool(val, &cred->ea.att)); case 5: /* large blob key */ return (fido_blob_decode(val, &cred->largeblob_key)); default: /* ignore */ @@ -55,7 +57,7 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, fido_blob_t *ecdh = NULL; fido_opt_t uv = cred->uv; es256_pk_t *pk = NULL; - cbor_item_t *argv[9]; + cbor_item_t *argv[10]; const uint8_t cmd = CTAP_CBOR_MAKECRED; int r; @@ -118,6 +120,15 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, goto fail; } + /* enterprise attestation */ + if (cred->ea.mode != 0) + if ((argv[9] = cbor_build_uint8((uint8_t)cred->ea.mode)) == + NULL) { + fido_log_debug("%s: cbor_build_uint8", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } + /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { @@ -284,15 +295,21 @@ verify_attstmt(const fido_blob_t *dgst, const fido_attstmt_t *attstmt) EVP_PKEY *pkey = NULL; int ok = -1; - /* openssl needs ints */ - if (attstmt->x5c.len > INT_MAX) { + if (!attstmt->x5c.len) { fido_log_debug("%s: x5c.len=%zu", __func__, attstmt->x5c.len); return (-1); } + /* openssl needs ints */ + if (attstmt->x5c.ptr[0].len > INT_MAX) { + fido_log_debug("%s: x5c[0].len=%zu", __func__, + attstmt->x5c.ptr[0].len); + return (-1); + } + /* fetch key from x509 */ - if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr, - (int)attstmt->x5c.len)) == NULL || + if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr[0].ptr, + (int)attstmt->x5c.ptr[0].len)) == NULL || (cert = d2i_X509_bio(rawcert, NULL)) == NULL || (pkey = X509_get_pubkey(cert)) == NULL) { fido_log_debug("%s: x509 key", __func__); @@ -543,12 +560,21 @@ fido_cred_clean_attstmt(fido_attstmt_t *attstmt) fido_blob_reset(&attstmt->certinfo); fido_blob_reset(&attstmt->pubarea); fido_blob_reset(&attstmt->cbor); - fido_blob_reset(&attstmt->x5c); + fido_free_blob_array(&attstmt->x5c); fido_blob_reset(&attstmt->sig); memset(attstmt, 0, sizeof(*attstmt)); } +static void +fido_cred_clean_attobj(fido_cred_t *cred) +{ + free(cred->fmt); + cred->fmt = NULL; + fido_cred_clean_authdata(cred); + fido_cred_clean_attstmt(&cred->attstmt); +} + void fido_cred_reset_tx(fido_cred_t *cred) { @@ -571,16 +597,15 @@ fido_cred_reset_tx(fido_cred_t *cred) cred->type = 0; cred->rk = FIDO_OPT_OMIT; cred->uv = FIDO_OPT_OMIT; + cred->ea.mode = 0; } void fido_cred_reset_rx(fido_cred_t *cred) { - free(cred->fmt); - cred->fmt = NULL; - fido_cred_clean_authdata(cred); - fido_cred_clean_attstmt(&cred->attstmt); + fido_cred_clean_attobj(cred); fido_blob_reset(&cred->largeblob_key); + cred->ea.att = false; } void @@ -688,9 +713,30 @@ fido_cred_set_id(fido_cred_t *cred, const unsigned char *ptr, size_t len) int fido_cred_set_x509(fido_cred_t *cred, const unsigned char *ptr, size_t len) { - if (fido_blob_set(&cred->attstmt.x5c, ptr, len) < 0) + fido_blob_t x5c_blob; + fido_blob_t *list_ptr = NULL; + + memset(&x5c_blob, 0, sizeof(x5c_blob)); + fido_free_blob_array(&cred->attstmt.x5c); + + if (fido_blob_set(&x5c_blob, ptr, len) < 0) return (FIDO_ERR_INVALID_ARGUMENT); + if (cred->attstmt.x5c.len == SIZE_MAX) { + fido_blob_reset(&x5c_blob); + return (FIDO_ERR_INVALID_ARGUMENT); + } + + if ((list_ptr = recallocarray(cred->attstmt.x5c.ptr, + cred->attstmt.x5c.len, cred->attstmt.x5c.len + 1, + sizeof(x5c_blob))) == NULL) { + fido_blob_reset(&x5c_blob); + return (FIDO_ERR_INTERNAL); + } + + list_ptr[cred->attstmt.x5c.len++] = x5c_blob; + cred->attstmt.x5c.ptr = list_ptr; + return (FIDO_OK); } @@ -737,6 +783,35 @@ fail: } int +fido_cred_set_attobj(fido_cred_t *cred, const unsigned char *ptr, size_t len) +{ + cbor_item_t *item = NULL; + struct cbor_load_result cbor; + int r = FIDO_ERR_INVALID_ARGUMENT; + + fido_cred_clean_attobj(cred); + + if (ptr == NULL || len == 0) + goto fail; + + if ((item = cbor_load(ptr, len, &cbor)) == NULL) { + fido_log_debug("%s: cbor_load", __func__); + goto fail; + } + if (cbor_decode_attobj(item, cred) != 0) { + fido_log_debug("%s: cbor_decode_attobj", __func__); + goto fail; + } + + r = FIDO_OK; +fail: + if (item != NULL) + cbor_decref(&item); + + return (r); +} + +int fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len) { fido_blob_t id_blob; @@ -920,6 +995,18 @@ fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv) } int +fido_cred_set_entattest(fido_cred_t *cred, int ea) +{ + if (ea != 0 && ea != FIDO_ENTATTEST_VENDOR && + ea != FIDO_ENTATTEST_PLATFORM) + return (FIDO_ERR_INVALID_ARGUMENT); + + cred->ea.mode = ea; + + return (FIDO_OK); +} + +int fido_cred_set_prot(fido_cred_t *cred, int prot) { if (prot == 0) { @@ -1030,16 +1117,40 @@ fido_cred_clientdata_hash_len(const fido_cred_t *cred) const unsigned char * fido_cred_x5c_ptr(const fido_cred_t *cred) { - return (cred->attstmt.x5c.ptr); + return (fido_cred_x5c_list_ptr(cred, 0)); } size_t fido_cred_x5c_len(const fido_cred_t *cred) { + return (fido_cred_x5c_list_len(cred, 0)); +} + +size_t +fido_cred_x5c_list_count(const fido_cred_t *cred) +{ return (cred->attstmt.x5c.len); } const unsigned char * +fido_cred_x5c_list_ptr(const fido_cred_t *cred, size_t i) +{ + if (i >= cred->attstmt.x5c.len) + return (NULL); + + return (cred->attstmt.x5c.ptr[i].ptr); +} + +size_t +fido_cred_x5c_list_len(const fido_cred_t *cred, size_t i) +{ + if (i >= cred->attstmt.x5c.len) + return (0); + + return (cred->attstmt.x5c.ptr[i].len); +} + +const unsigned char * fido_cred_sig_ptr(const fido_cred_t *cred) { return (cred->attstmt.sig.ptr); @@ -1228,3 +1339,9 @@ fido_cred_largeblob_key_len(const fido_cred_t *cred) { return (cred->largeblob_key.len); } + +bool +fido_cred_entattest(const fido_cred_t *cred) +{ + return (cred->ea.att); +} diff --git a/contrib/libfido2/src/credman.c b/contrib/libfido2/src/credman.c index c36424233816..898de1482061 100644 --- a/contrib/libfido2/src/credman.c +++ b/contrib/libfido2/src/credman.c @@ -111,6 +111,15 @@ fail: return (ok); } +static uint8_t +credman_get_cmd(const fido_dev_t *dev) +{ + if (dev->flags & FIDO_DEV_CREDMAN) + return (CTAP_CBOR_CRED_MGMT); + + return (CTAP_CBOR_CRED_MGMT_PRE); +} + static int credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin, const char *rp_id, fido_opt_t uv, int *ms) @@ -120,7 +129,7 @@ credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin, fido_blob_t hmac; es256_pk_t *pk = NULL; cbor_item_t *argv[4]; - const uint8_t cmd = CTAP_CBOR_CRED_MGMT_PRE; + const uint8_t cmd = credman_get_cmd(dev); int r = FIDO_ERR_INTERNAL; memset(&f, 0, sizeof(f)); diff --git a/contrib/libfido2/src/dev.c b/contrib/libfido2/src/dev.c index 2d662a6cc48b..e9e26e78bf7e 100644 --- a/contrib/libfido2/src/dev.c +++ b/contrib/libfido2/src/dev.c @@ -46,16 +46,21 @@ fido_dev_set_option_flags(fido_dev_t *dev, const fido_cbor_info_t *info) if (strcmp(ptr[i], "clientPin") == 0) { dev->flags |= val[i] ? FIDO_DEV_PIN_SET : FIDO_DEV_PIN_UNSET; - } else if (strcmp(ptr[i], "credMgmt") == 0 || - strcmp(ptr[i], "credentialMgmtPreview") == 0) { + } else if (strcmp(ptr[i], "credMgmt") == 0) { if (val[i]) dev->flags |= FIDO_DEV_CREDMAN; + } else if (strcmp(ptr[i], "credentialMgmtPreview") == 0) { + if (val[i]) + dev->flags |= FIDO_DEV_CREDMAN_PRE; } else if (strcmp(ptr[i], "uv") == 0) { dev->flags |= val[i] ? FIDO_DEV_UV_SET : FIDO_DEV_UV_UNSET; } else if (strcmp(ptr[i], "pinUvAuthToken") == 0) { if (val[i]) dev->flags |= FIDO_DEV_TOKEN_PERMS; + } else if (strcmp(ptr[i], "bioEnroll") == 0) { + dev->flags |= val[i] ? + FIDO_DEV_BIO_SET : FIDO_DEV_BIO_UNSET; } } @@ -538,7 +543,7 @@ fido_dev_supports_cred_prot(const fido_dev_t *dev) bool fido_dev_supports_credman(const fido_dev_t *dev) { - return (dev->flags & FIDO_DEV_CREDMAN); + return (dev->flags & (FIDO_DEV_CREDMAN|FIDO_DEV_CREDMAN_PRE)); } bool diff --git a/contrib/libfido2/src/export.gnu b/contrib/libfido2/src/export.gnu index ea6ca7d373ef..f22d663bf0ba 100644 --- a/contrib/libfido2/src/export.gnu +++ b/contrib/libfido2/src/export.gnu @@ -130,6 +130,7 @@ fido_cred_clientdata_hash_ptr; fido_cred_display_name; fido_cred_empty_exclude_list; + fido_cred_entattest; fido_cred_exclude; fido_cred_flags; fido_cred_largeblob_key_len; @@ -169,11 +170,13 @@ fido_cred_rp_id; fido_cred_rp_name; fido_cred_set_attstmt; + fido_cred_set_attobj; fido_cred_set_authdata; fido_cred_set_authdata_raw; fido_cred_set_blob; fido_cred_set_clientdata; fido_cred_set_clientdata_hash; + fido_cred_set_entattest; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; @@ -196,6 +199,9 @@ fido_cred_verify; fido_cred_verify_self; fido_cred_x5c_len; + fido_cred_x5c_list_count; + fido_cred_x5c_list_len; + fido_cred_x5c_list_ptr; fido_cred_x5c_ptr; fido_dev_build; fido_dev_cancel; diff --git a/contrib/libfido2/src/export.llvm b/contrib/libfido2/src/export.llvm index 2a9238141937..b1b1cdf34285 100644 --- a/contrib/libfido2/src/export.llvm +++ b/contrib/libfido2/src/export.llvm @@ -128,6 +128,7 @@ _fido_cred_clientdata_hash_len _fido_cred_clientdata_hash_ptr _fido_cred_display_name _fido_cred_empty_exclude_list +_fido_cred_entattest _fido_cred_exclude _fido_cred_flags _fido_cred_largeblob_key_len @@ -167,11 +168,13 @@ _fido_cred_pubkey_ptr _fido_cred_rp_id _fido_cred_rp_name _fido_cred_set_attstmt +_fido_cred_set_attobj _fido_cred_set_authdata _fido_cred_set_authdata_raw _fido_cred_set_blob _fido_cred_set_clientdata _fido_cred_set_clientdata_hash +_fido_cred_set_entattest _fido_cred_set_extensions _fido_cred_set_fmt _fido_cred_set_id @@ -194,6 +197,9 @@ _fido_cred_user_name _fido_cred_verify _fido_cred_verify_self _fido_cred_x5c_len +_fido_cred_x5c_list_count +_fido_cred_x5c_list_len +_fido_cred_x5c_list_ptr _fido_cred_x5c_ptr _fido_dev_build _fido_dev_cancel diff --git a/contrib/libfido2/src/export.msvc b/contrib/libfido2/src/export.msvc index c5b2edc0b5c8..449f1eaf6bc1 100644 --- a/contrib/libfido2/src/export.msvc +++ b/contrib/libfido2/src/export.msvc @@ -129,6 +129,7 @@ fido_cred_clientdata_hash_len fido_cred_clientdata_hash_ptr fido_cred_display_name fido_cred_empty_exclude_list +fido_cred_entattest fido_cred_exclude fido_cred_flags fido_cred_largeblob_key_len @@ -168,11 +169,13 @@ fido_cred_pubkey_ptr fido_cred_rp_id fido_cred_rp_name fido_cred_set_attstmt +fido_cred_set_attobj fido_cred_set_authdata fido_cred_set_authdata_raw fido_cred_set_blob fido_cred_set_clientdata fido_cred_set_clientdata_hash +fido_cred_set_entattest fido_cred_set_extensions fido_cred_set_fmt fido_cred_set_id @@ -195,6 +198,9 @@ fido_cred_user_name fido_cred_verify fido_cred_verify_self fido_cred_x5c_len +fido_cred_x5c_list_count +fido_cred_x5c_list_len +fido_cred_x5c_list_ptr fido_cred_x5c_ptr fido_dev_build fido_dev_cancel diff --git a/contrib/libfido2/src/extern.h b/contrib/libfido2/src/extern.h index 1bc95b27805d..93b209d4d56a 100644 --- a/contrib/libfido2/src/extern.h +++ b/contrib/libfido2/src/extern.h @@ -58,6 +58,7 @@ cbor_item_t *es256_pk_encode(const es256_pk_t *, int); /* cbor decoding functions */ int cbor_decode_attstmt(const cbor_item_t *, fido_attstmt_t *); +int cbor_decode_attobj(const cbor_item_t *, fido_cred_t *); int cbor_decode_bool(const cbor_item_t *, bool *); int cbor_decode_cred_authdata(const cbor_item_t *, int, fido_blob_t *, fido_authdata_t *, fido_attcred_t *, fido_cred_ext_t *); @@ -249,16 +250,19 @@ uint32_t uniform_random(uint32_t); #endif /* internal device capability flags */ -#define FIDO_DEV_PIN_SET 0x001 -#define FIDO_DEV_PIN_UNSET 0x002 -#define FIDO_DEV_CRED_PROT 0x004 -#define FIDO_DEV_CREDMAN 0x008 -#define FIDO_DEV_PIN_PROTOCOL1 0x010 -#define FIDO_DEV_PIN_PROTOCOL2 0x020 -#define FIDO_DEV_UV_SET 0x040 -#define FIDO_DEV_UV_UNSET 0x080 -#define FIDO_DEV_TOKEN_PERMS 0x100 -#define FIDO_DEV_WINHELLO 0x200 +#define FIDO_DEV_PIN_SET 0x0001 +#define FIDO_DEV_PIN_UNSET 0x0002 +#define FIDO_DEV_CRED_PROT 0x0004 +#define FIDO_DEV_CREDMAN 0x0008 +#define FIDO_DEV_PIN_PROTOCOL1 0x0010 +#define FIDO_DEV_PIN_PROTOCOL2 0x0020 +#define FIDO_DEV_UV_SET 0x0040 +#define FIDO_DEV_UV_UNSET 0x0080 +#define FIDO_DEV_TOKEN_PERMS 0x0100 +#define FIDO_DEV_WINHELLO 0x0200 +#define FIDO_DEV_CREDMAN_PRE 0x0400 +#define FIDO_DEV_BIO_SET 0x0800 +#define FIDO_DEV_BIO_UNSET 0x1000 /* miscellanea */ #define FIDO_DUMMY_CLIENTDATA "" diff --git a/contrib/libfido2/src/fido.h b/contrib/libfido2/src/fido.h index 914e37762870..3f7f1e5b674a 100644 --- a/contrib/libfido2/src/fido.h +++ b/contrib/libfido2/src/fido.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -124,6 +124,7 @@ const unsigned char *fido_cred_pubkey_ptr(const fido_cred_t *); const unsigned char *fido_cred_sig_ptr(const fido_cred_t *); const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *); const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *); +const unsigned char *fido_cred_x5c_list_ptr(const fido_cred_t *, size_t); int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t); int fido_assert_empty_allow_list(fido_assert_t *); @@ -148,14 +149,17 @@ int fido_assert_set_winhello_appid(fido_assert_t *, const char *); int fido_assert_verify(const fido_assert_t *, size_t, int, const void *); int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t); int fido_cred_empty_exclude_list(fido_cred_t *); +bool fido_cred_entattest(const fido_cred_t *); int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t); int fido_cred_prot(const fido_cred_t *); int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t); +int fido_cred_set_attobj(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_clientdata(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_clientdata_hash(fido_cred_t *, const unsigned char *, size_t); +int fido_cred_set_entattest(fido_cred_t *, int); int fido_cred_set_extensions(fido_cred_t *, int); int fido_cred_set_fmt(fido_cred_t *, const char *); int fido_cred_set_id(fido_cred_t *, const unsigned char *, size_t); @@ -226,6 +230,8 @@ size_t fido_cred_pubkey_len(const fido_cred_t *); size_t fido_cred_sig_len(const fido_cred_t *); size_t fido_cred_user_id_len(const fido_cred_t *); size_t fido_cred_x5c_len(const fido_cred_t *); +size_t fido_cred_x5c_list_count(const fido_cred_t *); +size_t fido_cred_x5c_list_len(const fido_cred_t *, size_t); uint8_t fido_assert_flags(const fido_assert_t *, size_t); uint32_t fido_assert_sigcount(const fido_assert_t *, size_t); diff --git a/contrib/libfido2/src/fido/param.h b/contrib/libfido2/src/fido/param.h index 511370bca272..cf1dcd886684 100644 --- a/contrib/libfido2/src/fido/param.h +++ b/contrib/libfido2/src/fido/param.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -53,6 +53,8 @@ #define CTAP_CBOR_CLIENT_PIN 0x06 #define CTAP_CBOR_RESET 0x07 #define CTAP_CBOR_NEXT_ASSERT 0x08 +#define CTAP_CBOR_BIO_ENROLL 0x09 +#define CTAP_CBOR_CRED_MGMT 0x0a #define CTAP_CBOR_LARGEBLOB 0x0c #define CTAP_CBOR_CONFIG 0x0d #define CTAP_CBOR_BIO_ENROLL_PRE 0x40 @@ -72,6 +74,7 @@ /* ISO7816-4 status words. */ #define SW1_MORE_DATA 0x61 +#define SW_WRONG_LENGTH 0x6700 #define SW_CONDITIONS_NOT_SATISFIED 0x6985 #define SW_WRONG_DATA 0x6a80 #define SW_NO_ERROR 0x9000 @@ -134,6 +137,10 @@ #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 #define FIDO_CRED_PROT_UV_REQUIRED 0x03 +/* Supported enterprise attestation modes. */ +#define FIDO_ENTATTEST_VENDOR 1 +#define FIDO_ENTATTEST_PLATFORM 2 + #ifdef _FIDO_INTERNAL #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ FIDO_EXT_CRED_BLOB) diff --git a/contrib/libfido2/src/fido/types.h b/contrib/libfido2/src/fido/types.h index 01d68200c19c..ab9b02a66487 100644 --- a/contrib/libfido2/src/fido/types.h +++ b/contrib/libfido2/src/fido/types.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * SPDX-License-Identifier: BSD-2-Clause * * Redistribution and use in source and binary forms, with or without @@ -140,12 +140,12 @@ typedef struct fido_attcred { } fido_attcred_t; typedef struct fido_attstmt { - fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */ - fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */ - fido_blob_t cbor; /* cbor-encoded attestation statement */ - fido_blob_t x5c; /* attestation certificate */ - fido_blob_t sig; /* attestation signature */ - int alg; /* attestation algorithm (cose) */ + fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */ + fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */ + fido_blob_t cbor; /* cbor-encoded attestation statement */ + fido_blob_array_t x5c; /* attestation certificate chain */ + fido_blob_t sig; /* attestation signature */ + int alg; /* attestation algorithm (cose) */ } fido_attstmt_t; typedef struct fido_rp { @@ -166,6 +166,11 @@ typedef struct fido_cred_ext { size_t minpinlen; /* minimum pin length */ } fido_cred_ext_t; +typedef struct fido_cred_ea { + int mode; + bool att; +} fido_cred_ea_t; + typedef struct fido_cred { fido_blob_t cd; /* client data */ fido_blob_t cdh; /* client data hash */ @@ -185,6 +190,7 @@ typedef struct fido_cred { fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */ fido_blob_t largeblob_key; /* decoded large blob key */ fido_blob_t blob; /* CTAP 2.1 credBlob */ + fido_cred_ea_t ea; /* enterprise attestation */ } fido_cred_t; typedef struct fido_assert_extattr { diff --git a/contrib/libfido2/src/hid_linux.c b/contrib/libfido2/src/hid_linux.c index 841a95b08e41..cc6957ac8c31 100644 --- a/contrib/libfido2/src/hid_linux.c +++ b/contrib/libfido2/src/hid_linux.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -77,12 +77,13 @@ out: static int parse_uevent(const char *uevent, int *bus, int16_t *vendor_id, - int16_t *product_id) + int16_t *product_id, char **hid_name) { char *cp; char *p; char *s; - int ok = -1; + bool found_id = false; + bool found_name = false; short unsigned int x; short unsigned int y; short unsigned int z; @@ -91,20 +92,25 @@ parse_uevent(const char *uevent, int *bus, int16_t *vendor_id, return (-1); while ((p = strsep(&cp, "\n")) != NULL && *p != '\0') { - if (strncmp(p, "HID_ID=", 7) == 0) { + if (!found_id && strncmp(p, "HID_ID=", 7) == 0) { if (sscanf(p + 7, "%hx:%hx:%hx", &x, &y, &z) == 3) { *bus = (int)x; *vendor_id = (int16_t)y; *product_id = (int16_t)z; - ok = 0; - break; + found_id = true; } + } else if (!found_name && strncmp(p, "HID_NAME=", 9) == 0) { + if ((*hid_name = strdup(p + 9)) != NULL) + found_name = true; } } free(s); - return (ok); + if (!found_name || !found_id) + return (-1); + + return (0); } static char * @@ -137,6 +143,7 @@ copy_info(fido_dev_info_t *di, struct udev *udev, char *uevent = NULL; struct udev_device *dev = NULL; int bus = 0; + char *hid_name = NULL; int ok = -1; memset(di, 0, sizeof(*di)); @@ -148,7 +155,8 @@ copy_info(fido_dev_info_t *di, struct udev *udev, goto fail; if ((uevent = get_parent_attr(dev, "hid", NULL, "uevent")) == NULL || - parse_uevent(uevent, &bus, &di->vendor_id, &di->product_id) < 0) { + parse_uevent(uevent, &bus, &di->vendor_id, &di->product_id, + &hid_name) < 0) { fido_log_debug("%s: uevent", __func__); goto fail; } @@ -161,9 +169,16 @@ copy_info(fido_dev_info_t *di, struct udev *udev, #endif di->path = strdup(path); - if ((di->manufacturer = get_usb_attr(dev, "manufacturer")) == NULL) + di->manufacturer = get_usb_attr(dev, "manufacturer"); + di->product = get_usb_attr(dev, "product"); + + if (di->manufacturer == NULL && di->product == NULL) { + di->product = hid_name; /* fallback */ + hid_name = NULL; + } + if (di->manufacturer == NULL) di->manufacturer = strdup(""); - if ((di->product = get_usb_attr(dev, "product")) == NULL) + if (di->product == NULL) di->product = strdup(""); if (di->path == NULL || di->manufacturer == NULL || di->product == NULL) goto fail; @@ -174,6 +189,7 @@ fail: udev_device_unref(dev); free(uevent); + free(hid_name); if (ok < 0) { free(di->path); diff --git a/contrib/libfido2/src/hid_netbsd.c b/contrib/libfido2/src/hid_netbsd.c index d5b9fad33412..df85282e5fe4 100644 --- a/contrib/libfido2/src/hid_netbsd.c +++ b/contrib/libfido2/src/hid_netbsd.c @@ -127,14 +127,14 @@ fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) char path[64]; size_t i; + if (devlist == NULL || olen == NULL) + return (FIDO_ERR_INVALID_ARGUMENT); + *olen = 0; if (ilen == 0) return (FIDO_OK); /* nothing to do */ - if (devlist == NULL || olen == NULL) - return (FIDO_ERR_INVALID_ARGUMENT); - for (i = *olen = 0; i < MAX_UHID && *olen < ilen; i++) { snprintf(path, sizeof(path), "/dev/uhid%zu", i); if (copy_info(&devlist[*olen], path) == 0) { diff --git a/contrib/libfido2/src/hid_osx.c b/contrib/libfido2/src/hid_osx.c index 9309762f163c..41e9d1715bb6 100644 --- a/contrib/libfido2/src/hid_osx.c +++ b/contrib/libfido2/src/hid_osx.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2022 Yubico AB. All rights reserved. + * Copyright (c) 2019-2023 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -523,6 +523,21 @@ fido_hid_set_sigmask(void *handle, const fido_sigset_t *sigmask) return (FIDO_ERR_INTERNAL); } +static void +schedule_io_loop(struct hid_osx *ctx, int ms) +{ + IOHIDDeviceScheduleWithRunLoop(ctx->ref, CFRunLoopGetCurrent(), + ctx->loop_id); + + if (ms == -1) + ms = 5000; /* wait 5 seconds by default */ + + CFRunLoopRunInMode(ctx->loop_id, (double)ms/1000.0, true); + + IOHIDDeviceUnscheduleFromRunLoop(ctx->ref, CFRunLoopGetCurrent(), + ctx->loop_id); +} + int fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms) { @@ -537,20 +552,19 @@ fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms) return (-1); } - IOHIDDeviceScheduleWithRunLoop(ctx->ref, CFRunLoopGetCurrent(), - ctx->loop_id); - - if (ms == -1) - ms = 5000; /* wait 5 seconds by default */ - - CFRunLoopRunInMode(ctx->loop_id, (double)ms/1000.0, true); + /* check for pending frame */ + if ((r = read(ctx->report_pipe[0], buf, len)) == -1) { + if (errno != EAGAIN && errno != EWOULDBLOCK) { + fido_log_error(errno, "%s: read", __func__); + return (-1); + } - IOHIDDeviceUnscheduleFromRunLoop(ctx->ref, CFRunLoopGetCurrent(), - ctx->loop_id); + schedule_io_loop(ctx, ms); - if ((r = read(ctx->report_pipe[0], buf, len)) == -1) { - fido_log_error(errno, "%s: read", __func__); - return (-1); + if ((r = read(ctx->report_pipe[0], buf, len)) == -1) { + fido_log_error(errno, "%s: read", __func__); + return (-1); + } } if (r < 0 || (size_t)r != len) { diff --git a/contrib/libfido2/src/nfc.c b/contrib/libfido2/src/nfc.c index 2e97d5fc50da..f2f65a237d3e 100644 --- a/contrib/libfido2/src/nfc.c +++ b/contrib/libfido2/src/nfc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2022 Yubico AB. All rights reserved. + * Copyright (c) 2020-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -34,7 +34,10 @@ tx_short_apdu(fido_dev_t *d, const iso7816_header_t *h, const uint8_t *payload, apdu[3] = h->p2; apdu[4] = payload_len; memcpy(&apdu[5], payload, payload_len); - apdu_len = (size_t)(5 + payload_len + 1); + apdu_len = (size_t)(5 + payload_len); + + if (!(cla_flags & 0x10)) + apdu_len += 1; if (d->io.write(d->io_handle, apdu, apdu_len) < 0) { fido_log_debug("%s: write", __func__); @@ -144,51 +147,12 @@ fail: } static int -rx_init(fido_dev_t *d, unsigned char *buf, size_t count, int ms) -{ - fido_ctap_info_t *attr = (fido_ctap_info_t *)buf; - uint8_t f[64]; - int n; - - if (count != sizeof(*attr)) { - fido_log_debug("%s: count=%zu", __func__, count); - return -1; - } - - memset(attr, 0, sizeof(*attr)); - - if ((n = d->io.read(d->io_handle, f, sizeof(f), ms)) < 2 || - (f[n - 2] << 8 | f[n - 1]) != SW_NO_ERROR) { - fido_log_debug("%s: read", __func__); - return -1; - } - - n -= 2; - - if (n == sizeof(v_u2f) && memcmp(f, v_u2f, sizeof(v_u2f)) == 0) - attr->flags = FIDO_CAP_CBOR; - else if (n == sizeof(v_fido) && memcmp(f, v_fido, sizeof(v_fido)) == 0) - attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; - else { - fido_log_debug("%s: unknown version string", __func__); -#ifdef FIDO_FUZZ - attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; -#else - return -1; -#endif - } - - memcpy(&attr->nonce, &d->nonce, sizeof(attr->nonce)); /* XXX */ - - return (int)count; -} - -static int -tx_get_response(fido_dev_t *d, uint8_t count) +tx_get_response(fido_dev_t *d, uint8_t count, bool cbor) { uint8_t apdu[5]; memset(apdu, 0, sizeof(apdu)); + apdu[0] = cbor ? 0x80 : 0x00; apdu[1] = 0xc0; /* GET_RESPONSE */ apdu[4] = count; @@ -233,7 +197,7 @@ fail: } static int -rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms) +rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms, bool cbor) { uint8_t sw[2]; const size_t bufsiz = count; @@ -244,7 +208,7 @@ rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms) } while (sw[0] == SW1_MORE_DATA) - if (tx_get_response(d, sw[1]) < 0 || + if (tx_get_response(d, sw[1], cbor) < 0 || rx_apdu(d, sw, &buf, &count, &ms) < 0) { fido_log_debug("%s: chain", __func__); return -1; @@ -268,12 +232,52 @@ rx_cbor(fido_dev_t *d, unsigned char *buf, size_t count, int ms) { int r; - if ((r = rx_msg(d, buf, count, ms)) < 2) + if ((r = rx_msg(d, buf, count, ms, true)) < 2) return -1; return r - 2; } +static int +rx_init(fido_dev_t *d, unsigned char *buf, size_t count, int ms) +{ + fido_ctap_info_t *attr = (fido_ctap_info_t *)buf; + uint8_t f[64]; + int n; + + if (count != sizeof(*attr)) { + fido_log_debug("%s: count=%zu", __func__, count); + return -1; + } + + memset(attr, 0, sizeof(*attr)); + + if ((n = rx_msg(d, f, sizeof(f), ms, false)) < 2 || + (f[n - 2] << 8 | f[n - 1]) != SW_NO_ERROR) { + fido_log_debug("%s: read", __func__); + return -1; + } + + n -= 2; + + if (n == sizeof(v_u2f) && memcmp(f, v_u2f, sizeof(v_u2f)) == 0) + attr->flags = FIDO_CAP_CBOR; + else if (n == sizeof(v_fido) && memcmp(f, v_fido, sizeof(v_fido)) == 0) + attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; + else { + fido_log_debug("%s: unknown version string", __func__); +#ifdef FIDO_FUZZ + attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG; +#else + return -1; +#endif + } + + memcpy(&attr->nonce, &d->nonce, sizeof(attr->nonce)); /* XXX */ + + return (int)count; +} + int fido_nfc_rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) { @@ -283,7 +287,7 @@ fido_nfc_rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms case CTAP_CMD_CBOR: return rx_cbor(d, buf, count, ms); case CTAP_CMD_MSG: - return rx_msg(d, buf, count, ms); + return rx_msg(d, buf, count, ms, false); default: fido_log_debug("%s: cmd=%02x", __func__, cmd); return -1; diff --git a/contrib/libfido2/src/pin.c b/contrib/libfido2/src/pin.c index c3dd9271ed71..7f7df007bc52 100644 --- a/contrib/libfido2/src/pin.c +++ b/contrib/libfido2/src/pin.c @@ -131,12 +131,14 @@ encode_uv_permission(uint8_t cmd) case CTAP_CBOR_ASSERT: return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_ASSERT)); case CTAP_CBOR_BIO_ENROLL_PRE: + case CTAP_CBOR_BIO_ENROLL: return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_BIO)); case CTAP_CBOR_CONFIG: return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_CONFIG)); case CTAP_CBOR_MAKECRED: return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_MAKECRED)); case CTAP_CBOR_CRED_MGMT_PRE: + case CTAP_CBOR_CRED_MGMT: return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_CRED_MGMT)); case CTAP_CBOR_LARGEBLOB: return (cbor_build_uint8(CTAP21_UV_TOKEN_PERM_LARGEBLOB)); diff --git a/contrib/libfido2/src/random.c b/contrib/libfido2/src/random.c index 9688d35ca945..187fe09a79d5 100644 --- a/contrib/libfido2/src/random.c +++ b/contrib/libfido2/src/random.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -16,6 +16,13 @@ #include <unistd.h> #endif +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) +# include <sanitizer/msan_interface.h> +# define WITH_MSAN 1 +# endif +#endif + #include "fido.h" #if defined(_WIN32) @@ -45,6 +52,9 @@ int fido_get_random(void *buf, size_t len) { arc4random_buf(buf, len); +#ifdef WITH_MSAN + __msan_unpoison(buf, len); /* XXX */ +#endif return (0); } #elif defined(HAVE_GETRANDOM) diff --git a/contrib/libfido2/src/rs1.c b/contrib/libfido2/src/rs1.c index 03636b5cdf42..7db7f83e7da4 100644 --- a/contrib/libfido2/src/rs1.c +++ b/contrib/libfido2/src/rs1.c @@ -10,54 +10,20 @@ #include "fido.h" -#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL -static EVP_MD * -rs1_get_EVP_MD(void) -{ - const EVP_MD *from; - EVP_MD *to = NULL; - - if ((from = EVP_sha1()) != NULL && (to = malloc(sizeof(*to))) != NULL) - memcpy(to, from, sizeof(*to)); - - return (to); -} - -static void -rs1_free_EVP_MD(EVP_MD *md) -{ - freezero(md, sizeof(*md)); -} -#elif OPENSSL_VERSION_NUMBER >= 0x30000000 -static EVP_MD * -rs1_get_EVP_MD(void) -{ - return (EVP_MD_fetch(NULL, "SHA-1", NULL)); -} - -static void -rs1_free_EVP_MD(EVP_MD *md) -{ - EVP_MD_free(md); -} +#if defined(__GNUC__) +#define PRAGMA(s) _Pragma(s) #else +#define PRAGMA(s) +#endif + static EVP_MD * rs1_get_EVP_MD(void) { - const EVP_MD *md; - - if ((md = EVP_sha1()) == NULL) - return (NULL); - - return (EVP_MD_meth_dup(md)); -} - -static void -rs1_free_EVP_MD(EVP_MD *md) -{ - EVP_MD_meth_free(md); +PRAGMA("GCC diagnostic push") +PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"") + return ((EVP_MD *)EVP_sha1()); +PRAGMA("GCC diagnostic pop") } -#endif /* LIBRESSL_VERSION_NUMBER */ int rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, @@ -94,7 +60,6 @@ rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, ok = 0; fail: EVP_PKEY_CTX_free(pctx); - rs1_free_EVP_MD(md); return (ok); } diff --git a/contrib/libfido2/src/rs256.c b/contrib/libfido2/src/rs256.c index 59ceb948fa07..8873db4a3c53 100644 --- a/contrib/libfido2/src/rs256.c +++ b/contrib/libfido2/src/rs256.c @@ -18,54 +18,20 @@ #define get0_RSA(x) EVP_PKEY_get0((x)) #endif -#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050200fL -static EVP_MD * -rs256_get_EVP_MD(void) -{ - const EVP_MD *from; - EVP_MD *to = NULL; - - if ((from = EVP_sha256()) != NULL && (to = malloc(sizeof(*to))) != NULL) - memcpy(to, from, sizeof(*to)); - - return (to); -} - -static void -rs256_free_EVP_MD(EVP_MD *md) -{ - freezero(md, sizeof(*md)); -} -#elif OPENSSL_VERSION_NUMBER >= 0x30000000 -static EVP_MD * -rs256_get_EVP_MD(void) -{ - return (EVP_MD_fetch(NULL, "SHA2-256", NULL)); -} - -static void -rs256_free_EVP_MD(EVP_MD *md) -{ - EVP_MD_free(md); -} +#if defined(__GNUC__) +#define PRAGMA(s) _Pragma(s) #else +#define PRAGMA(s) +#endif + static EVP_MD * rs256_get_EVP_MD(void) { - const EVP_MD *md; - - if ((md = EVP_sha256()) == NULL) - return (NULL); - - return (EVP_MD_meth_dup(md)); -} - -static void -rs256_free_EVP_MD(EVP_MD *md) -{ - EVP_MD_meth_free(md); +PRAGMA("GCC diagnostic push") +PRAGMA("GCC diagnostic ignored \"-Wcast-qual\"") + return ((EVP_MD *)EVP_sha256()); +PRAGMA("GCC diagnostic pop") } -#endif /* LIBRESSL_VERSION_NUMBER */ static int decode_bignum(const cbor_item_t *item, void *ptr, size_t len) @@ -290,7 +256,6 @@ rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, ok = 0; fail: EVP_PKEY_CTX_free(pctx); - rs256_free_EVP_MD(md); return (ok); } diff --git a/contrib/libfido2/src/u2f.c b/contrib/libfido2/src/u2f.c index b1f7bce3b7ab..2620a2eb49c9 100644 --- a/contrib/libfido2/src/u2f.c +++ b/contrib/libfido2/src/u2f.c @@ -260,6 +260,7 @@ key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id, *found = 1; /* key exists */ break; case SW_WRONG_DATA: + case SW_WRONG_LENGTH: *found = 0; /* key does not exist */ break; default: diff --git a/contrib/libfido2/src/winhello.c b/contrib/libfido2/src/winhello.c index ff969a4f6f73..7805976b0e0d 100644 --- a/contrib/libfido2/src/winhello.c +++ b/contrib/libfido2/src/winhello.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Yubico AB. All rights reserved. + * Copyright (c) 2021-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -735,52 +735,12 @@ translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred, if (cred->rk == FIDO_OPT_TRUE) { opt->bRequireResidentKey = true; } - - return FIDO_OK; -} - -static int -decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg) -{ - fido_cred_t *cred = arg; - char *name = NULL; - int ok = -1; - - if (cbor_string_copy(key, &name) < 0) { - fido_log_debug("%s: cbor type", __func__); - ok = 0; /* ignore */ - goto fail; + if (cred->ea.mode != 0) { + opt->dwVersion = WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4; + opt->dwEnterpriseAttestation = (DWORD)cred->ea.mode; } - if (!strcmp(name, "fmt")) { - if (cbor_decode_fmt(val, &cred->fmt) < 0) { - fido_log_debug("%s: cbor_decode_fmt", __func__); - goto fail; - } - } else if (!strcmp(name, "attStmt")) { - if (cbor_decode_attstmt(val, &cred->attstmt) < 0) { - fido_log_debug("%s: cbor_decode_attstmt", __func__); - goto fail; - } - } else if (!strcmp(name, "authData")) { - if (fido_blob_decode(val, &cred->authdata_raw) < 0) { - fido_log_debug("%s: fido_blob_decode", __func__); - goto fail; - } - if (cbor_decode_cred_authdata(val, cred->type, - &cred->authdata_cbor, &cred->authdata, &cred->attcred, - &cred->authdata_ext) < 0) { - fido_log_debug("%s: cbor_decode_cred_authdata", - __func__); - goto fail; - } - } - - ok = 0; -fail: - free(name); - - return (ok); + return FIDO_OK; } static int @@ -800,12 +760,12 @@ translate_winhello_cred(fido_cred_t *cred, fido_log_debug("%s: cbor_load", __func__); goto fail; } - if (cbor_isa_map(item) == false || - cbor_map_is_definite(item) == false || - cbor_map_iter(item, cred, decode_attobj) < 0) { - fido_log_debug("%s: cbor type", __func__); + if (cbor_decode_attobj(item, cred) != 0) { + fido_log_debug("%s: cbor_decode_attobj", __func__); goto fail; } + if (att->dwVersion >= WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4) + cred->ea.att = att->bEpAtt; r = FIDO_OK; fail: diff --git a/contrib/libfido2/tools/cred_make.c b/contrib/libfido2/tools/cred_make.c index 66c8b52d8e38..6d335a5c58b1 100644 --- a/contrib/libfido2/tools/cred_make.c +++ b/contrib/libfido2/tools/cred_make.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -151,11 +151,16 @@ cred_make(int argc, char **argv) int type = COSE_ES256; int flags = 0; int cred_protect = -1; + int ea = 0; int ch; int r; - while ((ch = getopt(argc, argv, "bc:dhi:o:qruvw")) != -1) { + while ((ch = getopt(argc, argv, "a:bc:dhi:o:qruvw")) != -1) { switch (ch) { + case 'a': + if ((ea = base10(optarg)) < 0) + errx(1, "-a: invalid argument '%s'", optarg); + break; case 'b': flags |= FLAG_LARGEBLOB; break; @@ -221,6 +226,11 @@ cred_make(int argc, char **argv) errx(1, "fido_cred_set_prot: %s", fido_strerr(r)); } } + if (ea > 0) { + r = fido_cred_set_entattest(cred, ea); + if (r != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s", fido_strerr(r)); + } r = fido_dev_make_cred(dev, cred, NULL); if (r == FIDO_ERR_PIN_REQUIRED && !(flags & FLAG_QUIET)) { diff --git a/contrib/libfido2/tools/credman.c b/contrib/libfido2/tools/credman.c index a0a3149d5dfb..9f6072f7cc37 100644 --- a/contrib/libfido2/tools/credman.c +++ b/contrib/libfido2/tools/credman.c @@ -119,6 +119,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx) char *user_id = NULL; const char *type; const char *prot; + int r = -1; if ((cred = fido_credman_rk(rk, idx)) == NULL) { warnx("fido_credman_rk"); @@ -128,7 +129,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx) &id) < 0 || base64_encode(fido_cred_user_id_ptr(cred), fido_cred_user_id_len(cred), &user_id) < 0) { warnx("output error"); - return -1; + goto out; } type = cose_string(fido_cred_type(cred)); @@ -137,10 +138,12 @@ print_rk(const fido_credman_rk_t *rk, size_t idx) printf("%02u: %s %s %s %s %s\n", (unsigned)idx, id, fido_cred_display_name(cred), user_id, type, prot); + r = 0; +out: free(user_id); free(id); - return 0; + return r; } int diff --git a/contrib/libfido2/tools/fido2-cred.c b/contrib/libfido2/tools/fido2-cred.c index 76081c6856e9..a819bd118d12 100644 --- a/contrib/libfido2/tools/fido2-cred.c +++ b/contrib/libfido2/tools/fido2-cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -27,7 +27,7 @@ void usage(void) { fprintf(stderr, -"usage: fido2-cred -M [-bdhqruvw] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" +"usage: fido2-cred -M [-bdhqruvw] [-a mode] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" " fido2-cred -V [-dhv] [-c cred_protect] [-i input_file] [-o output_file] [type]\n" ); diff --git a/contrib/libfido2/tools/fido2-unprot.sh b/contrib/libfido2/tools/fido2-unprot.sh index 7d8c77936ee9..06b52232c6be 100755 --- a/contrib/libfido2/tools/fido2-unprot.sh +++ b/contrib/libfido2/tools/fido2-unprot.sh @@ -6,53 +6,56 @@ # SPDX-License-Identifier: BSD-2-Clause -if [ $(uname) != "Linux" ] ; then +if [ "$(uname)" != "Linux" ] ; then echo "Can only run on Linux" exit 1 fi -TOKEN_VERSION=$(${FIDO_TOOLS_PREFIX}fido2-token -V 2>&1) -if [ $? -ne 0 ] ; then +if ! TOKEN_VERSION=$("${FIDO_TOOLS_PREFIX}"fido2-token -V 2>&1); then echo "Please install libfido2 1.5.0 or higher" - exit + exit 1 fi TOKEN_VERSION_MAJOR=$(echo "$TOKEN_VERSION" | cut -d. -f1) TOKEN_VERSION_MINOR=$(echo "$TOKEN_VERSION" | cut -d. -f2) -if [ $TOKEN_VERSION_MAJOR -eq 0 -o $TOKEN_VERSION_MAJOR -eq 1 -a $TOKEN_VERSION_MINOR -lt 5 ] ; then +if [ "$TOKEN_VERSION_MAJOR" -eq 0 ] ; then + echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)" + exit 1 +fi +if [ "$TOKEN_VERSION_MAJOR" -eq 1 ] && [ "$TOKEN_VERSION_MINOR" -lt 5 ] ; then echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)" exit 1 fi set -e -TOKEN_OUTPUT=$(${FIDO_TOOLS_PREFIX}fido2-token -L) +TOKEN_OUTPUT=$("${FIDO_TOOLS_PREFIX}"fido2-token -L) DEV_PATH_NAMES=$(echo "$TOKEN_OUTPUT" | sed -r 's/^(.*): .*\((.*)\)$/\1 \2/g') DEV_COUNT=$(echo "$DEV_PATH_NAMES" | wc -l) -for i in $(seq 1 $DEV_COUNT) +for i in $(seq 1 "$DEV_COUNT") do DEV_PATH_NAME=$(echo "$DEV_PATH_NAMES" | sed "${i}q;d") DEV_PATH=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1) DEV_NAME=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1 --complement) - DEV_PRETTY=$(echo "$DEV_NAME (at '$DEV_PATH')") - if expr match "$(${FIDO_TOOLS_PREFIX}fido2-token -I $DEV_PATH)" ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then - printf "Enter PIN for $DEV_PRETTY once (ignore further prompts): " + DEV_PRETTY="$DEV_NAME (at '$DEV_PATH')" + if expr "$("${FIDO_TOOLS_PREFIX}"fido2-token -I "$DEV_PATH")" : ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then + printf "Enter PIN for %s once (ignore further prompts): " "$DEV_PRETTY" stty -echo - read PIN + IFS= read -r PIN stty echo printf "\n" - RESIDENT_RPS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -r $DEV_PATH | cut -d' ' -f3) + RESIDENT_RPS=$(printf "%s\n" "$PIN" | setsid -w "${FIDO_TOOLS_PREFIX}"fido2-token -L -r "$DEV_PATH" | cut -d' ' -f3) printf "\n" RESIDENT_RPS_COUNT=$(echo "$RESIDENT_RPS" | wc -l) FOUND=0 - for j in $(seq 1 $DEV_RESIDENT_RPS_COUNT) + for j in $(seq 1 "$RESIDENT_RPS_COUNT") do RESIDENT_RP=$(echo "$RESIDENT_RPS" | sed "${j}q;d") - UNPROT_CREDS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -k $RESIDENT_RP $DEV_PATH | grep ' uvopt$' | cut -d' ' -f2,3,4) + UNPROT_CREDS=$(printf "%s\n" "$PIN" | setsid -w "${FIDO_TOOLS_PREFIX}"fido2-token -L -k "$RESIDENT_RP" "$DEV_PATH" | grep ' uvopt$' | cut -d' ' -f2,3,4) printf "\n" UNPROT_CREDS_COUNT=$(echo "$UNPROT_CREDS" | wc -l) - if [ $UNPROT_CREDS_COUNT -gt 0 ] ; then + if [ "$UNPROT_CREDS_COUNT" -gt 0 ] ; then FOUND=1 echo "Unprotected credentials on $DEV_PRETTY for '$RESIDENT_RP':" echo "$UNPROT_CREDS" @@ -64,9 +67,9 @@ do else echo "$DEV_PRETTY cannot enumerate credentials" echo "Discovering unprotected SSH credentials only..." - STUB_HASH=$(echo -n "" | openssl sha256 -binary | base64) - printf "$STUB_HASH\nssh:\n" | ${FIDO_TOOLS_PREFIX}fido2-assert -G -r -t up=false $DEV_PATH 2> /dev/null || ASSERT_EXIT_CODE=$? - if [ $ASSERT_EXIT_CODE -eq 0 ] ; then + STUB_HASH=$(printf "" | openssl sha256 -binary | base64) + printf "%s\nssh:\n" "$STUB_HASH" | "${FIDO_TOOLS_PREFIX}"fido2-assert -G -r -t up=false "$DEV_PATH" 2> /dev/null || ASSERT_EXIT_CODE=$? + if [ "$ASSERT_EXIT_CODE" -eq 0 ] ; then echo "Found an unprotected SSH credential on $DEV_PRETTY!" else echo "No unprotected SSH credentials (default settings) on $DEV_PRETTY" diff --git a/contrib/libfido2/tools/include_check.sh b/contrib/libfido2/tools/include_check.sh index 70abada1640d..a9a9873ca7df 100755 --- a/contrib/libfido2/tools/include_check.sh +++ b/contrib/libfido2/tools/include_check.sh @@ -1,15 +1,22 @@ -#!/bin/sh +#!/bin/sh -u # Copyright (c) 2019 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause +SKIP='(webauthn.h)' + check() { - for f in $(find $1 -maxdepth 1 -name '*.h'); do - echo "#include \"$f\"" | \ - cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1 - echo "$f $CFLAGS $?" + try="cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1" + git ls-files "$1" | grep '.*\.h$' | while read -r header; do + if echo "$header" | grep -Eq "$SKIP"; then + echo "Skipping $header" + else + body="#include \"$header\"" + echo "echo $body | $try" + echo "$body" | eval "$try" + fi done } diff --git a/contrib/libfido2/tools/test.sh b/contrib/libfido2/tools/test.sh index 67b757e80a8d..28b3facca570 100755 --- a/contrib/libfido2/tools/test.sh +++ b/contrib/libfido2/tools/test.sh @@ -13,7 +13,7 @@ # - should pass as-is on a YubiKey with a PIN set; # - may otherwise require set +e above; # - can be executed with UV=1 to run additional UV tests; -# - was last tested on 2022-01-11 with firmware 5.4.3. +# - was last tested on 2024-06-15 with firmware 5.7.1. cd "$1" DEV="$2" @@ -28,11 +28,11 @@ $1 some user name $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) EOF - fido2-cred -M $2 "${DEV}" "${TYPE}" > "$3" < cred_param + fido2-cred -M "$2" "${DEV}" "${TYPE}" > "$3" < cred_param } verify_cred() { - fido2-cred -V $1 "${TYPE}" > cred_out < "$2" + fido2-cred -V "$1" "${TYPE}" > cred_out < "$2" || return 1 head -1 cred_out > "$3" tail -n +2 cred_out > "$4" } @@ -41,79 +41,84 @@ get_assert() { sed /^$/d > assert_param << EOF $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) $1 -$(cat $3) -$(cat $4) +$(cat "$3") +$(cat "$4") EOF + # we want to expand $2 + # shellcheck disable=SC2086 fido2-assert -G $2 "${DEV}" > "$5" < assert_param } verify_assert() { - fido2-assert -V $1 "$2" "${TYPE}" < "$3" + fido2-assert -V "$1" "$2" "${TYPE}" < "$3" } dd if=/dev/urandom bs=32 count=1 | base64 > hmac-salt # u2f -if [ "x${TYPE}" = "xes256" ]; then +if [ "${TYPE}" = "es256" ]; then make_cred no.tld "-u" u2f - ! make_cred no.tld "-ru" /dev/null - ! make_cred no.tld "-uc1" /dev/null - ! make_cred no.tld "-uc2" /dev/null + make_cred no.tld "-ru" /dev/null && exit 1 + make_cred no.tld "-uc1" /dev/null && exit 1 + make_cred no.tld "-uc2" /dev/null && exit 1 verify_cred "--" u2f u2f-cred u2f-pubkey - ! verify_cred "-h" u2f /dev/null /dev/null - ! verify_cred "-v" u2f /dev/null /dev/null + verify_cred "-h" u2f /dev/null /dev/null && exit 1 + verify_cred "-v" u2f /dev/null /dev/null && exit 1 verify_cred "-c0" u2f /dev/null /dev/null - ! verify_cred "-c1" u2f /dev/null /dev/null - ! verify_cred "-c2" u2f /dev/null /dev/null - ! verify_cred "-c3" u2f /dev/null /dev/null + verify_cred "-c1" u2f /dev/null /dev/null && exit 1 + verify_cred "-c2" u2f /dev/null /dev/null && exit 1 + verify_cred "-c3" u2f /dev/null /dev/null && exit 1 fi # wrap (non-resident) make_cred no.tld "--" wrap -verify_cred "--" wrap wrap-cred wrap-pubkey -! verify_cred "-h" wrap /dev/null /dev/null -! verify_cred "-v" wrap /dev/null /dev/null +verify_cred "--" wrap wrap-cred wrap-pubkey +verify_cred "-h" wrap /dev/null /dev/null && exit 1 +verify_cred "-v" wrap /dev/null /dev/null && exit 1 verify_cred "-c0" wrap /dev/null /dev/null -! verify_cred "-c1" wrap /dev/null /dev/null -! verify_cred "-c2" wrap /dev/null /dev/null -! verify_cred "-c3" wrap /dev/null /dev/null +verify_cred "-c1" wrap /dev/null /dev/null && exit 1 +verify_cred "-c2" wrap /dev/null /dev/null && exit 1 +verify_cred "-c3" wrap /dev/null /dev/null && exit 1 # wrap (non-resident) + hmac-secret make_cred no.tld "-h" wrap-hs -! verify_cred "--" wrap-hs /dev/null /dev/null +verify_cred "--" wrap-hs /dev/null /dev/null && exit 1 verify_cred "-h" wrap-hs wrap-hs-cred wrap-hs-pubkey -! verify_cred "-v" wrap-hs /dev/null /dev/null +verify_cred "-v" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-hv" wrap-hs /dev/null /dev/null && exit 1 verify_cred "-hc0" wrap-hs /dev/null /dev/null -! verify_cred "-c0" wrap-hs /dev/null /dev/null -! verify_cred "-c1" wrap-hs /dev/null /dev/null -! verify_cred "-c2" wrap-hs /dev/null /dev/null -! verify_cred "-c3" wrap-hs /dev/null /dev/null +verify_cred "-c0" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-c1" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-c2" wrap-hs /dev/null /dev/null && exit 1 +verify_cred "-c3" wrap-hs /dev/null /dev/null && exit 1 # resident make_cred no.tld "-r" rk verify_cred "--" rk rk-cred rk-pubkey -! verify_cred "-h" rk /dev/null /dev/null -! verify_cred "-v" rk /dev/null /dev/null +verify_cred "-h" rk /dev/null /dev/null && exit 1 +verify_cred "-v" rk /dev/null /dev/null +verify_cred "-hv" rk /dev/null /dev/null && exit 1 verify_cred "-c0" rk /dev/null /dev/null -! verify_cred "-c1" rk /dev/null /dev/null -! verify_cred "-c2" rk /dev/null /dev/null -! verify_cred "-c3" rk /dev/null /dev/null +verify_cred "-c1" rk /dev/null /dev/null && exit 1 +verify_cred "-c2" rk /dev/null /dev/null && exit 1 +verify_cred "-c3" rk /dev/null /dev/null && exit 1 # resident + hmac-secret make_cred no.tld "-hr" rk-hs -! verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey +verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey && exit 1 verify_cred "-h" rk-hs /dev/null /dev/null -! verify_cred "-v" rk-hs /dev/null /dev/null +verify_cred "-v" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-hv" rk-hs /dev/null /dev/null verify_cred "-hc0" rk-hs /dev/null /dev/null -! verify_cred "-c0" rk-hs /dev/null /dev/null -! verify_cred "-c1" rk-hs /dev/null /dev/null -! verify_cred "-c2" rk-hs /dev/null /dev/null -! verify_cred "-c3" rk-hs /dev/null /dev/null +verify_cred "-c0" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-c1" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-c2" rk-hs /dev/null /dev/null && exit 1 +verify_cred "-c3" rk-hs /dev/null /dev/null && exit 1 # u2f -if [ "x${TYPE}" = "xes256" ]; then +if [ "${TYPE}" = "es256" ]; then get_assert no.tld "-u" u2f-cred /dev/null u2f-assert - ! get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null + get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null && exit 1 verify_assert "--" u2f-pubkey u2f-assert verify_assert "-p" u2f-pubkey u2f-assert fi @@ -138,40 +143,40 @@ verify_assert "--" wrap-pubkey wrap-assert verify_assert "-p" wrap-pubkey wrap-assert get_assert no.tld "-t up=false" wrap-cred /dev/null wrap-assert verify_assert "--" wrap-pubkey wrap-assert -! verify_assert "-p" wrap-pubkey wrap-assert +verify_assert "-p" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-t up=false -t pin=true" wrap-cred /dev/null wrap-assert -! verify_assert "-p" wrap-pubkey wrap-assert +verify_assert "-p" wrap-pubkey wrap-assert && exit 1 verify_assert "-v" wrap-pubkey wrap-assert -! verify_assert "-pv" wrap-pubkey wrap-assert +verify_assert "-pv" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-t up=false -t pin=false" wrap-cred /dev/null wrap-assert -! verify_assert "-p" wrap-pubkey wrap-assert +verify_assert "-p" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-h" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert get_assert no.tld "-h -t pin=true" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hv" wrap-pubkey wrap-assert get_assert no.tld "-h -t pin=false" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true -t pin=true" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert verify_assert "-hv" wrap-pubkey wrap-assert verify_assert "-hpv" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true -t pin=false" wrap-cred hmac-salt wrap-assert -! verify_assert "--" wrap-pubkey wrap-assert +verify_assert "--" wrap-pubkey wrap-assert && exit 1 verify_assert "-h" wrap-pubkey wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert -! get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert -! get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert -! get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert +get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert && exit 1 +get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1 +get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1 if [ "x${UV}" != "x" ]; then get_assert no.tld "-t uv=true" wrap-cred /dev/null wrap-assert @@ -205,11 +210,11 @@ if [ "x${UV}" != "x" ]; then get_assert no.tld "-t up=false -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert verify_assert "-v" wrap-pubkey wrap-assert get_assert no.tld "-t up=false -t uv=false" wrap-cred /dev/null wrap-assert - ! verify_assert "--" wrap-pubkey wrap-assert + verify_assert "--" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-t up=false -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert verify_assert "-v" wrap-pubkey wrap-assert get_assert no.tld "-t up=false -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert - ! verify_assert "--" wrap-pubkey wrap-assert + verify_assert "--" wrap-pubkey wrap-assert && exit 1 get_assert no.tld "-h -t uv=true" wrap-cred hmac-salt wrap-assert verify_assert "-hv" wrap-pubkey wrap-assert get_assert no.tld "-h -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert @@ -234,12 +239,12 @@ if [ "x${UV}" != "x" ]; then verify_assert "-hpv" wrap-pubkey wrap-assert get_assert no.tld "-h -t up=true -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert verify_assert "-hp" wrap-pubkey wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert - ! get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert + get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1 + get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1 fi # resident @@ -258,9 +263,9 @@ get_assert no.tld "-r -h -t pin=false" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t pin=true" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t pin=false" /dev/null hmac-salt wrap-assert -! get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert -! get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert -! get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert +get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert && exit 1 +get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert && exit 1 +get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert && exit 1 if [ "x${UV}" != "x" ]; then get_assert no.tld "-r -t uv=true" /dev/null /dev/null wrap-assert @@ -293,12 +298,12 @@ if [ "x${UV}" != "x" ]; then get_assert no.tld "-r -h -t up=true -t uv=false" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert get_assert no.tld "-r -h -t up=true -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert - ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert + get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert && exit 1 + get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert && exit 1 fi exit 0 diff --git a/contrib/libfido2/tools/token.c b/contrib/libfido2/tools/token.c index 366d5a15ab04..12fcb2d22104 100644 --- a/contrib/libfido2/tools/token.c +++ b/contrib/libfido2/tools/token.c @@ -170,6 +170,12 @@ print_maxcredcntlst(uint64_t maxcredcntlst) } static void +print_maxcredblob(uint64_t maxcredblob) +{ + printf("maxcredblob: %d\n", (int)maxcredblob); +} + +static void print_maxcredidlen(uint64_t maxcredidlen) { printf("maxcredlen: %d\n", (int)maxcredidlen); @@ -388,6 +394,9 @@ token_info(int argc, char **argv, char *path) /* print maximum length of a credential ID */ print_maxcredidlen(fido_cbor_info_maxcredidlen(ci)); + /* print maximum length of credBlob */ + print_maxcredblob(fido_cbor_info_maxcredbloblen(ci)); + /* print maximum length of serialized largeBlob array */ print_maxlargeblob(fido_cbor_info_maxlargeblob(ci)); diff --git a/contrib/libfido2/udev/check.sh b/contrib/libfido2/udev/check.sh index 804a8843b378..5f2ed131ce34 100755 --- a/contrib/libfido2/udev/check.sh +++ b/contrib/libfido2/udev/check.sh @@ -1,12 +1,12 @@ #!/bin/sh -u -# Copyright (c) 2020 Yubico AB. All rights reserved. +# Copyright (c) 2020-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause sort_by_id() { - awk '{ printf "%d\n", $3 }' | sort -Cnu + awk '{ printf "%s\n", $3 }' | xargs printf '%d\n' | sort -Cnu } if ! grep '^vendor' "$1" | sort_by_id; then diff --git a/contrib/libfido2/windows/build.ps1 b/contrib/libfido2/windows/build.ps1 index ff43d8b8962f..a26ae1bfd6e8 100644 --- a/contrib/libfido2/windows/build.ps1 +++ b/contrib/libfido2/windows/build.ps1 @@ -74,11 +74,9 @@ if (-Not (Test-Path $GPG)) { throw "Unable to find GPG at $GPG" } -# Override CMAKE_SYSTEM_VERSION if $WinSDK is set. -if (-Not ([string]::IsNullOrEmpty($WinSDK))) { - $CMAKE_SYSTEM_VERSION = "-DCMAKE_SYSTEM_VERSION='$WinSDK'" -} else { - $CMAKE_SYSTEM_VERSION = '' +# 10.0.261000.0 appear to have dropped ARM32 support, pin the SDK version +if ($Arch -eq "ARM" -and [string]::IsNullOrEmpty($WinSDK)) { + $WinSDK = '10.0.22621.0' } Write-Host "WinSDK: $WinSDK" @@ -98,11 +96,23 @@ New-Item -Type Directory "${STAGE}\${LIBRESSL}" -Force New-Item -Type Directory "${STAGE}\${LIBCBOR}" -Force New-Item -Type Directory "${STAGE}\${ZLIB}" -Force +# Create GNUPGHOME with an empty common.conf to disable use-keyboxd. +# Recent default is to enable keyboxd which in turn ignores --keyring +# arguments. +$GpgHome = "${BUILD}\.gnupg" +New-Item -Type Directory "${GpgHome}" -Force +New-Item -Type File "${GpgHome}\common.conf" -Force + # Create output directories. New-Item -Type Directory "${OUTPUT}" -Force New-Item -Type Directory "${OUTPUT}\${Arch}" -Force New-Item -Type Directory "${OUTPUT}\${Arch}\${Type}" -force +# Override Windows SDK version if $WinSDK is set. +if (-Not ([string]::IsNullOrEmpty($WinSDK))) { + $Arch = "$Arch,version=$WinSDK" +} + # Fetch and verify dependencies. Push-Location ${BUILD} try { @@ -117,8 +127,9 @@ try { } Copy-Item "$PSScriptRoot\libressl.gpg" -Destination "${BUILD}" - & $GPG --list-keys - & $GPG --quiet --no-default-keyring --keyring ./libressl.gpg ` + & $GPG --homedir ${GpgHome} --list-keys + & $GPG --homedir ${GpgHome} --quiet --no-default-keyring ` + --keyring ./libressl.gpg ` --verify .\${LIBRESSL}.tar.gz.asc .\${LIBRESSL}.tar.gz if ($LastExitCode -ne 0) { throw "GPG signature verification failed" @@ -144,9 +155,10 @@ Push-Location ${STAGE}\${LIBRESSL} try { & $CMake ..\..\..\${LIBRESSL} -A "${Arch}" ` -DBUILD_SHARED_LIBS="${SHARED}" -DLIBRESSL_TESTS=OFF ` - -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` + -DLIBRESSL_APPS=OFF -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_MSVC_RUNTIME_LIBRARY="${CMAKE_MSVC_RUNTIME_LIBRARY}" ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target install --verbose; ` @@ -165,7 +177,7 @@ try { -DBUILD_SHARED_LIBS="${SHARED}" ` -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} /wd4703" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} /wd4703" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target install --verbose; ` @@ -184,7 +196,7 @@ try { -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` -DCMAKE_MSVC_RUNTIME_LIBRARY="${CMAKE_MSVC_RUNTIME_LIBRARY}" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target install --verbose; ` @@ -220,10 +232,11 @@ try { -DCRYPTO_INCLUDE_DIRS="${PREFIX}\include" ` -DCRYPTO_LIBRARY_DIRS="${PREFIX}\lib" ` -DCRYPTO_BIN_DIRS="${PREFIX}\bin" ` - -DCRYPTO_LIBRARIES="${CRYPTO_LIBRARIES}" ` + -DCRYPTO_LIBRARIES="${CRYPTO_LIB}" ` + -DCRYPTO_DLL="${CRYPTO_DLL}" ` -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} ${Fido2Flags}" ` -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} ${Fido2Flags}" ` - -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}"; ` ExitOnError & $CMake --build . --config ${Config} --verbose; ExitOnError & $CMake --build . --config ${Config} --target regress --verbose; ` @@ -232,7 +245,7 @@ try { ExitOnError # Copy DLLs. if ("${SHARED}" -eq "ON") { - "cbor.dll", "${CRYPTO_LIBRARIES}.dll", "zlib1.dll" | ` + "cbor.dll", "${CRYPTO_DLL}.dll", "zlib1.dll" | ` %{ Copy-Item "${PREFIX}\bin\$_" ` -Destination "examples\${Config}" } } diff --git a/contrib/libfido2/windows/const.ps1 b/contrib/libfido2/windows/const.ps1 index 7fac21e93df0..787fe5badf20 100644 --- a/contrib/libfido2/windows/const.ps1 +++ b/contrib/libfido2/windows/const.ps1 @@ -1,24 +1,25 @@ -# Copyright (c) 2021-2023 Yubico AB. All rights reserved. +# Copyright (c) 2021-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause # LibreSSL coordinates. New-Variable -Name 'LIBRESSL_URL' ` - -Value 'https://cloudflare.cdn.openbsd.org/pub/OpenBSD/LibreSSL' ` + -Value 'https://ftp.openbsd.org/pub/OpenBSD/LibreSSL' ` -Option Constant -New-Variable -Name 'LIBRESSL' -Value 'libressl-3.7.3' -Option Constant -New-Variable -Name 'CRYPTO_LIBRARIES' -Value 'crypto-50' -Option Constant +New-Variable -Name 'LIBRESSL' -Value 'libressl-4.0.0' -Option Constant +New-Variable -Name 'CRYPTO_LIB' -Value 'crypto' -Option Constant +New-Variable -Name 'CRYPTO_DLL' -Value 'crypto-55' -Option Constant # libcbor coordinates. -New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.10.2' -Option Constant -New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.10.2' -Option Constant +New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.12.0' -Option Constant +New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.12.0' -Option Constant New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' ` -Option Constant # zlib coordinates. -New-Variable -Name 'ZLIB' -Value 'zlib-1.3' -Option Constant -New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.3' -Option Constant +New-Variable -Name 'ZLIB' -Value 'zlib-1.3.1' -Option Constant +New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.3.1' -Option Constant New-Variable -Name 'ZLIB_GIT' -Value 'https://github.com/madler/zlib' ` -Option Constant diff --git a/contrib/libfido2/windows/cygwin.ps1 b/contrib/libfido2/windows/cygwin.ps1 index 0681830a911d..253b4529dba0 100755 --- a/contrib/libfido2/windows/cygwin.ps1 +++ b/contrib/libfido2/windows/cygwin.ps1 @@ -38,6 +38,13 @@ Write-Host "GPG: $GPG" New-Item -Type Directory "${Cygwin}" -Force New-Item -Type Directory "${Root}" -Force +# Create GNUPGHOME with an empty common.conf to disable use-keyboxd. +# Recent default is to enable keyboxd which in turn ignores --keyring +# arguments. +$GpgHome = "${Cygwin}\.gnupg" +New-Item -Type Directory "${GpgHome}" -Force +New-Item -Type File "${GpgHome}\common.conf" -Force + # Fetch and verify Cygwin. try { if (-Not (Test-Path ${Cygwin}\${Setup} -PathType leaf)) { @@ -48,8 +55,8 @@ try { Invoke-WebRequest ${URL}/${Setup}.sig ` -OutFile ${Cygwin}\${Setup}.sig } - & $GPG --list-keys - & $GPG --quiet --no-default-keyring ` + & $GPG --homedir ${GpgHome} --list-keys + & $GPG --homedir ${GpgHome} --quiet --no-default-keyring ` --keyring ${PSScriptRoot}/cygwin.gpg ` --verify ${Cygwin}\${Setup}.sig ${Cygwin}\${Setup} if ($LastExitCode -ne 0) { diff --git a/contrib/libfido2/windows/release.ps1 b/contrib/libfido2/windows/release.ps1 index cc5f635b8faa..07bc2d45a964 100644 --- a/contrib/libfido2/windows/release.ps1 +++ b/contrib/libfido2/windows/release.ps1 @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2022 Yubico AB. All rights reserved. +# Copyright (c) 2021-2024 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. # SPDX-License-Identifier: BSD-2-Clause @@ -35,8 +35,8 @@ Function Package-Dynamic(${SRC}, ${DEST}) { Copy-Item "${SRC}\lib\cbor.lib" "${DEST}" Copy-Item "${SRC}\bin\zlib1.dll" "${DEST}" Copy-Item "${SRC}\lib\zlib1.lib" "${DEST}" - Copy-Item "${SRC}\bin\${CRYPTO_LIBRARIES}.dll" "${DEST}" - Copy-Item "${SRC}\lib\${CRYPTO_LIBRARIES}.lib" "${DEST}" + Copy-Item "${SRC}\bin\${CRYPTO_DLL}.dll" "${DEST}" + Copy-Item "${SRC}\lib\${CRYPTO_LIB}.lib" "${DEST}" Copy-Item "${SRC}\bin\fido2.dll" "${DEST}" Copy-Item "${SRC}\lib\fido2.lib" "${DEST}" } @@ -44,13 +44,13 @@ Function Package-Dynamic(${SRC}, ${DEST}) { Function Package-Static(${SRC}, ${DEST}) { Copy-Item "${SRC}/lib/cbor.lib" "${DEST}" Copy-Item "${SRC}/lib/zlib1.lib" "${DEST}" - Copy-Item "${SRC}/lib/${CRYPTO_LIBRARIES}.lib" "${DEST}" + Copy-Item "${SRC}/lib/${CRYPTO_LIB}.lib" "${DEST}" Copy-Item "${SRC}/lib/fido2_static.lib" "${DEST}/fido2.lib" } Function Package-PDBs(${SRC}, ${DEST}) { Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" ` - "${DEST}\${CRYPTO_LIBRARIES}.pdb" + "${DEST}\${CRYPTO_LIB}.pdb" Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\${Config}\vc${SDK}.pdb" ` "${DEST}\cbor.pdb" Copy-Item "${SRC}\${ZLIB}\zlib.dir\${Config}\vc${SDK}.pdb" ` @@ -60,14 +60,12 @@ Function Package-PDBs(${SRC}, ${DEST}) { } Function Package-StaticPDBs(${SRC}, ${DEST}) { + # NOTE: original file names must be preserved Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto_obj.dir\${Config}\crypto_obj.pdb" ` - "${DEST}\${CRYPTO_LIBRARIES}.pdb" - Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" ` - "${DEST}\cbor.pdb" - Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" ` - "${DEST}\zlib1.pdb" - Copy-Item "${SRC}\src\${Config}\fido2_static.pdb" ` - "${DEST}\fido2.pdb" + "${DEST}" + Copy-Item "${SRC}\${LIBCBOR}\src\${Config}\cbor.pdb" "${DEST}" + Copy-Item "${SRC}\${ZLIB}\${Config}\zlibstatic.pdb" "${DEST}" + Copy-Item "${SRC}\src\${Config}\fido2_static.pdb" "${DEST}" } Function Package-Tools(${SRC}, ${DEST}) { |