Age | Commit message (Collapse) | Author | Files | Lines |
|
The base system is now working with the online webauthn demo, so it's
time to declare a release.
The current prototype only works with the FIDO-U2F protocol but it
will communicate with firefox over the USB hid gadget
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
With descriptions of how to set up the daemon and the HID Gadget
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Make the source base much less chatty and now identify incoming
messages by the start of the appId hash.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
If we find the requested index doesn't exist, simply create it so that
the user really has to do nothing in the default case.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
TODO: create the index if it doesn't exist.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The key handle now contains the TPM representation of an elliptic
curve key, so unpack this key and use it to sign the incoming
challenge. This scheme is now sufficient to pass the
https://webauthn.org test for both registration and login. However,
the counter is ephemeral to the hidgd so we need a permanent solution
for that as well.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
The certificate key is really only used for an attestation and doesn't
necessarily need TPM protection, so make it an openssl key for now
(potentially later adding the engine).
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Use the TPM to obtain a static EC key at 81000101 as the public point
and signature for registration. We assume the DER certificate is a
signed version of this. Currently, I'm just using a self signed
certificate which the webauthn demo site seems to accept.
https://webauthn.org/
This commit of code passes registration, but obviously not login
because signing is currently unimplemented.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Still using dummy values. However, the design is to get
cargo run --example main
of gecko-dev/dom/webauthn/u2f-hid-rs all the way through an
authenticator transaction, even if the returned values are currently
bogus (the main.rs example doesn't check the values).
Next step is to add cryptography
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Response is still a dummy message with no cryptographic content.
The response is also crafted to work with Mozilla which seems to
ignore the standards requirement of a response length maximum in the
register message.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
This is the daemon that simulates the FIDO2 authenticator protocol
CTAP2 over HID.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Make the structures all __attribute__((packed)) because that's what
the standard requires. The only structure this seems to make a
material difference to is U2FHID_INIT_RESP and then only in the size.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add a generator for the fido2 report descriptor and an initial script
to build and configure the gadget device. No listener for the packets
yet.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|
|
Add the .gitignore for a autoconf project and GPL-2.0-only as the LICENSE.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
|