diff options
Diffstat (limited to 'contrib/libfido2/examples/cred.c')
-rw-r--r-- | contrib/libfido2/examples/cred.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/contrib/libfido2/examples/cred.c b/contrib/libfido2/examples/cred.c index 576900d97786..5a2a27fd7771 100644 --- a/contrib/libfido2/examples/cred.c +++ b/contrib/libfido2/examples/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2022 Yubico AB. All rights reserved. + * Copyright (c) 2018-2023 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -36,7 +36,7 @@ static void usage(void) { fprintf(stderr, "usage: cred [-t es256|es384|rs256|eddsa] [-k pubkey] " - "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-hruv] " + "[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] [-hruv] " "<device>\n"); exit(EXIT_FAILURE); } @@ -44,7 +44,8 @@ usage(void) static void verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, size_t authdata_len, const unsigned char *attstmt_ptr, size_t attstmt_len, - bool rk, bool uv, int ext, const char *key_out, const char *id_out) + bool rk, bool uv, int ext, int cred_protect, const char *key_out, + const char *id_out) { fido_cred_t *cred; int r; @@ -85,6 +86,11 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, if (uv && (r = fido_cred_set_uv(cred, FIDO_OPT_TRUE)) != FIDO_OK) errx(1, "fido_cred_set_uv: %s (0x%x)", fido_strerr(r), r); + /* credProt */ + if (cred_protect != 0 && (r = fido_cred_set_prot(cred, + cred_protect)) != FIDO_OK) + errx(1, "fido_cred_set_prot: %s (0x%x)", fido_strerr(r), r); + /* fmt */ r = fido_cred_set_fmt(cred, fmt); if (r != FIDO_OK) @@ -159,11 +165,12 @@ main(int argc, char **argv) int ext = 0; int ch; int r; + long long cred_protect = 0; if ((cred = fido_cred_new()) == NULL) errx(1, "fido_cred_new"); - while ((ch = getopt(argc, argv, "P:T:b:e:hi:k:rt:uv")) != -1) { + while ((ch = getopt(argc, argv, "P:T:b:e:hi:k:rt:uvc:")) != -1) { switch (ch) { case 'P': pin = optarg; @@ -192,6 +199,13 @@ main(int argc, char **argv) case 'h': ext |= FIDO_EXT_HMAC_SECRET; break; + case 'c': + if (base10(optarg, &cred_protect) < 0) + errx(1, "base10: %s", optarg); + if (cred_protect <= 0 || cred_protect > 3) + errx(1, "-c: %s must be in (1,3)", optarg); + ext |= FIDO_EXT_CRED_PROTECT; + break; case 'i': id_out = optarg; break; @@ -275,6 +289,11 @@ main(int argc, char **argv) if (uv && (r = fido_cred_set_uv(cred, FIDO_OPT_TRUE)) != FIDO_OK) errx(1, "fido_cred_set_uv: %s (0x%x)", fido_strerr(r), r); + /* credProt */ + if (cred_protect != 0 && (r = fido_cred_set_prot(cred, + (int)cred_protect)) != FIDO_OK) + errx(1, "fido_cred_set_prot: %s (0x%x)", fido_strerr(r), r); + /* timeout */ if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK) errx(1, "fido_dev_set_timeout: %s (0x%x)", fido_strerr(r), r); @@ -296,7 +315,8 @@ main(int argc, char **argv) verify_cred(type, fido_cred_fmt(cred), fido_cred_authdata_ptr(cred), fido_cred_authdata_len(cred), fido_cred_attstmt_ptr(cred), - fido_cred_attstmt_len(cred), rk, uv, ext, key_out, id_out); + fido_cred_attstmt_len(cred), rk, uv, ext, fido_cred_prot(cred), + key_out, id_out); if (blobkey_out != NULL) { /* extract the "largeBlob" key */ |