Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-24 18:55:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ff469bb84f
gecko-dev/dom/webauthn/u2f-hid-rs
History
Tim Taubert c3180f09e1 Bug 1406467 - Web Authentication - WD-07 Updates to Make Assertion r=jcj,smaug 
Summary:
Add support for PublicKeyCredentialRequestOptions.userVerification. For now
this basically means that we'll abort the operation with NotAllowed, as we
don't support user verification yet.

Pass PublicKeyCredentialDescriptor.transports through to the token manager
implementations. The softoken will ignore those and pretend to support all
transports defined by the spec. The USB HID token will check for the "usb"
transport and either ignore credentials accordingly, or abort the operation.

Note: The `UserVerificationRequirement` in WebIDL is defined at https://w3c.github.io/webauthn/#assertion-options

Reviewers: jcj, smaug

Reviewed By: jcj, smaug

Bug #: 1406467

Differential Revision: https://phabricator.services.mozilla.com/D338

--HG--
extra : amend_source : 314cadb3bc40bbbee2a414bc5f13caed55f9d720
2018-01-09 07:27:35 +01:00
..
examples Bug 1406467 - Web Authentication - WD-07 Updates to Make Assertion r=jcj,smaug 2018-01-09 07:27:35 +01:00
fuzz Bug 1400513 - u2f-hid-rs: fuzzers should use a deterministic cmd byte r=jcj 2017-09-17 20:07:32 +02:00
src Bug 1406467 - Web Authentication - WD-07 Updates to Make Assertion r=jcj,smaug 2018-01-09 07:27:35 +01:00
.gitignore Bug 1398268 - [u2f-hid-rs] Rewrite macOS IOHIDManager communication and state machine r=jcj 2017-11-14 11:39:29 +01:00
.travis.yml Bug 1413598 - Pull in latest changes from u2f-hid-rs git repository r=jcj 2017-11-02 12:18:07 +01:00
Cargo.toml Bug 1406462 - Web Authentication - Add support for authenticator selection criteria and attachment types r=jcj,smaug 2017-11-29 13:58:33 +01:00
LICENSE Bug 1404556 - Support libc::ioctl() call on musl libc 2017-10-04 16:53:17 +02:00
README.md
rustfmt.toml

README.md

A Rust HID library for interacting with U2F Security Keys

Build Status Maturity Level

This is a cross-platform library for interacting with U2F Security Key-type devices via Rust.

  • Supported Platforms: Windows, Linux, and Mac OS X.
  • Supported HID Transports: USB.
  • Supported Protocols: FIDO U2F over USB.

This library currently focuses on U2F security keys, but is expected to be extended to support additional protocols and transports.

Usage

There's only a simple example function that tries to register and sign right now. It uses env_logger for logging, which you configure with the RUST_LOG environment variable:

cargo build
RUST_LOG=debug cargo run --example main

Proper usage should be to call into this library from something else - e.g., Firefox. There are some C headers exposed for the purpose.

Tests

There are some tests of the cross-platform runloop logic and the protocol decoder:

cargo test

Fuzzing

There are fuzzers for the USB protocol reader, basically fuzzing inputs from the HID layer. There are not (yet) fuzzers for the C API used by callers (such as Gecko).

To fuzz, you will need cargo-fuzz (the latest version from GitHub) as well as Rust Nightly.

rustup install nightly
cargo install --git https://github.com/rust-fuzz/cargo-fuzz/

rustup run nightly cargo fuzz run u2f_read -- -max_len=512
rustup run nightly cargo fuzz run u2f_read_write -- -max_len=512