aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-03-21Version 0.1.0HEADv0.1.0masterJames Bottomley1-1/+1
The base system is now working with the online webauthn demo, so it's time to declare a release. The current prototype only works with the FIDO-U2F protocol but it will communicate with firefox over the USB hid gadget Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-21Add READMEJames Bottomley1-0/+35
With descriptions of how to set up the daemon and the HID Gadget Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-21Clean up debugging printsJames Bottomley2-35/+14
Make the source base much less chatty and now identify incoming messages by the start of the appId hash. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-21tpm: Create the NV index counter if it doesn't existJames Bottomley1-1/+26
If we find the requested index doesn't exist, simply create it so that the user really has to do nothing in the default case. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-21tpm: correctly check for and use a NV index for the authenticate counterJames Bottomley4-13/+169
TODO: create the index if it doesn't exist. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-21hidgd: add correct AUTHENTICATE responseJames Bottomley3-15/+183
The key handle now contains the TPM representation of an elliptic curve key, so unpack this key and use it to sign the incoming challenge. This scheme is now sufficient to pass the https://webauthn.org test for both registration and login. However, the counter is ephemeral to the hidgd so we need a permanent solution for that as well. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-20hidgd: use default volatile TPM parentJames Bottomley2-3/+95
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-20crypto: make certificate key an openssl one and split out crypto processingJames Bottomley7-107/+161
The certificate key is really only used for an attestation and doesn't necessarily need TPM protection, so make it an openssl key for now (potentially later adding the engine). Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-19hidgd: allow parent to be specified as an optionJames Bottomley1-2/+7
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-19hidgd: add TPM functions to give correct registrationJames Bottomley6-3/+224
Use the TPM to obtain a static EC key at 81000101 as the public point and signature for registration. We assume the DER certificate is a signed version of this. Currently, I'm just using a self signed certificate which the webauthn demo site seems to accept. https://webauthn.org/ This commit of code passes registration, but obviously not login because signing is currently unimplemented. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-19hidgd: add certificate to registration messageJames Bottomley2-4/+22
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18hidgd: add man pageJames Bottomley4-0/+14
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18hidgd: Add usage and versionJames Bottomley1-5/+61
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18hidgd: get all the way through an authenticator transactionJames Bottomley1-8/+59
Still using dummy values. However, the design is to get cargo run --example main of gecko-dev/dom/webauthn/u2f-hid-rs all the way through an authenticator transaction, even if the returned values are currently bogus (the main.rs example doesn't check the values). Next step is to add cryptography Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18hidgd: add processing of U2F_REGISTERJames Bottomley1-7/+99
Response is still a dummy message with no cryptographic content. The response is also crafted to work with Mozilla which seems to ignore the standards requirement of a response length maximum in the register message. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18hidg: add unpacking of u2f packets and process U2F_VERSIONJames Bottomley2-1/+85
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18Add -Wall -Werror and clean up the errors they reportJames Bottomley3-4/+6
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-18hidgd: add a daemon for driving the hid gadget deviceJames Bottomley3-1/+112
This is the daemon that simulates the FIDO2 authenticator protocol CTAP2 over HID. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-14Add u2f headers from FIDO allianceJames Bottomley2-0/+232
Make the structures all __attribute__((packed)) because that's what the standard requires. The only structure this seems to make a material difference to is U2FHID_INIT_RESP and then only in the size. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-14Add configuration scriptsJames Bottomley5-0/+134
Add a generator for the fido2 report descriptor and an initial script to build and configure the gadget device. No listener for the packets yet. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-03-14Initial commitJames Bottomley2-0/+360
Add the .gitignore for a autoconf project and GPL-2.0-only as the LICENSE. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-16 20:26:14 +0000