summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-09-20 17:48:15 +0100
committerColin Watson <cjwatson@debian.org>2020-09-20 17:48:15 +0100
commit05fa6dd7724ccfd1c183e6e4bf9d22eb12abea8c (patch)
tree71d3eccc33c93c230b021c72f1fb9cf2247bf6c0
parentb77d6ed4d47acbc836f05be0e9f4abeb104e21ff (diff)
parent173bfbf7886608a4a7abbfac6a42ac4bf4a3432d (diff)
Update upstream source from tag 'upstream/1.5.0'
Update to upstream version '1.5.0' with Debian dir 102fd7ed15b138200444754d256b136933185ec2
-rw-r--r--.github/workflows/cifuzz_oss.yml23
-rw-r--r--.github/workflows/scan.yml36
-rw-r--r--.github/workflows/windows.yml14
-rw-r--r--.gitignore9
-rw-r--r--.travis.yml86
-rw-r--r--.travis/build-linux-clang22
-rw-r--r--.travis/build-linux-gcc19
-rw-r--r--.travis/build-linux-mingw47
-rw-r--r--.travis/build-osx-clang24
-rw-r--r--.travis/fuzz-linux-asan59
-rw-r--r--.travis/fuzz-linux-msan59
-rw-r--r--CMakeLists.txt111
-rw-r--r--NEWS18
-rw-r--r--README.adoc27
-rw-r--r--debian/changelog6
-rw-r--r--debian/libfido2-1.symbols9
-rw-r--r--debian/libfido2-doc.links277
-rw-r--r--docker/bionic/Dockerfile14
-rw-r--r--examples/CMakeLists.txt16
-rw-r--r--examples/README.adoc9
-rw-r--r--examples/assert.c15
-rw-r--r--examples/cred.c15
-rw-r--r--examples/extern.h1
-rw-r--r--examples/info.c31
-rw-r--r--examples/manifest.c5
-rw-r--r--examples/reset.c9
-rw-r--r--examples/retries.c5
-rw-r--r--examples/select.c215
-rw-r--r--examples/setpin.c5
-rw-r--r--examples/util.c3
-rw-r--r--fuzz/CMakeLists.txt1
-rw-r--r--fuzz/Dockerfile9
-rw-r--r--fuzz/Makefile20
-rw-r--r--fuzz/README130
-rwxr-xr-xfuzz/build-coverage33
-rw-r--r--fuzz/dummy.h4
-rw-r--r--fuzz/export.gnu10
-rw-r--r--fuzz/functions.txt197
-rw-r--r--fuzz/fuzz_assert.c455
-rw-r--r--fuzz/fuzz_bio.c335
-rw-r--r--fuzz/fuzz_cred.c458
-rw-r--r--fuzz/fuzz_credman.c314
-rw-r--r--fuzz/fuzz_mgmt.c321
-rw-r--r--fuzz/libfuzzer.c174
-rw-r--r--fuzz/mutator_aux.c253
-rw-r--r--fuzz/mutator_aux.h49
-rw-r--r--[-rwxr-xr-x]fuzz/prng.c3
-rw-r--r--fuzz/report.tgzbin211709 -> 222723 bytes
-rw-r--r--fuzz/summary.txt31
-rw-r--r--man/CMakeLists.txt55
-rw-r--r--man/NOTES3
-rw-r--r--man/fido2-assert.133
-rw-r--r--man/fido2-cred.18
-rw-r--r--man/fido_assert_new.335
-rw-r--r--man/fido_cbor_info_new.322
-rw-r--r--man/fido_cred_new.365
-rw-r--r--man/fido_dev_get_touch_begin.373
-rw-r--r--man/fido_dev_open.333
-rw-r--r--openbsd-compat/clock_gettime.c32
-rwxr-xr-xopenbsd-compat/diff.sh24
-rw-r--r--openbsd-compat/openbsd-compat.h2
-rw-r--r--openbsd-compat/time.h46
-rw-r--r--openbsd-compat/types.h7
-rw-r--r--regress/assert.c16
-rw-r--r--regress/cred.c78
-rw-r--r--src/CMakeLists.txt17
-rw-r--r--src/assert.c2
-rw-r--r--src/cbor.c25
-rw-r--r--src/cred.c12
-rw-r--r--src/credman.c8
-rw-r--r--src/dev.c207
-rwxr-xr-xsrc/diff_exports.sh29
-rw-r--r--src/err.c4
-rw-r--r--src/es256.c2
-rw-r--r--src/export.gnu9
-rw-r--r--src/export.llvm9
-rw-r--r--src/export.msvc9
-rw-r--r--src/extern.h20
-rw-r--r--src/fido.h23
-rw-r--r--src/fido/err.h2
-rw-r--r--src/fido/param.h12
-rw-r--r--src/fido/types.h20
-rw-r--r--src/hid_hidapi.c226
-rw-r--r--src/hid_linux.c308
-rw-r--r--src/hid_openbsd.c91
-rw-r--r--src/hid_osx.c323
-rw-r--r--src/hid_win.c398
-rw-r--r--src/info.c16
-rw-r--r--src/io.c94
-rw-r--r--src/iso7816.c6
-rw-r--r--src/pin.c10
-rw-r--r--src/u2f.c100
-rw-r--r--tools/CMakeLists.txt7
-rw-r--r--tools/assert_get.c94
-rw-r--r--tools/assert_verify.c12
-rw-r--r--tools/base64.c5
-rw-r--r--tools/cred_make.c26
-rw-r--r--tools/cred_verify.c26
-rw-r--r--tools/credman.c21
-rw-r--r--tools/extern.h6
-rw-r--r--tools/fido2-assert.c6
-rwxr-xr-xtools/fido2-attach.sh14
-rw-r--r--tools/fido2-cred.c6
-rwxr-xr-xtools/fido2-detach.sh12
-rw-r--r--tools/fido2-token.c6
-rwxr-xr-xtools/fido2-unprot.sh75
-rwxr-xr-xtools/include_check.sh8
-rwxr-xr-xtools/macos_pkg.sh44
-rw-r--r--tools/token.c18
-rw-r--r--tools/util.c68
-rw-r--r--udev/70-u2f.rules192
-rwxr-xr-xudev/check.sh31
-rw-r--r--udev/fidodevs110
-rwxr-xr-xudev/genrules.awk55
-rw-r--r--windows/build.ps114
115 files changed, 4489 insertions, 2867 deletions
diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml
deleted file mode 100644
index cbb334c..0000000
--- a/.github/workflows/cifuzz_oss.yml
+++ /dev/null
@@ -1,23 +0,0 @@
1name: CIFuzz
2on: [pull_request]
3jobs:
4 Fuzzing:
5 runs-on: ubuntu-latest
6 steps:
7 - name: Build Fuzzers
8 uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
9 with:
10 oss-fuzz-project-name: 'libfido2'
11 dry-run: false
12 - name: Run Fuzzers
13 uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
14 with:
15 oss-fuzz-project-name: 'libfido2'
16 fuzz-seconds: 600
17 dry-run: false
18 - name: Upload Crash
19 uses: actions/upload-artifact@v1
20 if: failure()
21 with:
22 name: artifacts
23 path: ./out/artifacts
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
deleted file mode 100644
index 008961b..0000000
--- a/.github/workflows/scan.yml
+++ /dev/null
@@ -1,36 +0,0 @@
1name: static code analysis
2
3on:
4 push:
5 schedule:
6 - cron: '0 0 * * 1'
7
8env:
9 SCAN_IMG:
10 yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
11 SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
12
13jobs:
14 build:
15 runs-on: ubuntu-latest
16
17 steps:
18 - uses: actions/checkout@master
19
20 - name: Scan but do not fail on warnings
21 run: |
22 if [ "${SECRET}" != "" ]; then
23 docker login yes-docker-local.artifactory.in.yubico.org/ \
24 -u svc-static-code-analysis-reader \
25 -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
26 docker pull ${SCAN_IMG}
27 docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
28 -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
29 fi
30 continue-on-error: true
31
32 - uses: actions/upload-artifact@master
33 if: failure()
34 with:
35 name: suppression_files
36 path: suppression_files
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
deleted file mode 100644
index eb953db..0000000
--- a/.github/workflows/windows.yml
+++ /dev/null
@@ -1,14 +0,0 @@
1name: windows
2
3on: [push]
4
5jobs:
6 build:
7
8 runs-on: windows-latest
9
10 steps:
11 - uses: actions/checkout@v1
12 - name: build
13 run: .\windows\build.ps1
14
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 0915625..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
1build/
2cscope.out
3fuzz/build/
4fuzz/corpus.tgz-
5fuzz/fuzz_*/
6fuzz/obj/
7fuzz/report
8fuzz/*.so
9output/
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index c2bff78..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,86 +0,0 @@
1language: c
2
3matrix:
4 include:
5 - os: linux
6 compiler: clang-7
7 dist: xenial
8 sudo: required
9 addons:
10 apt:
11 sources:
12 - ubuntu-toolchain-r-test
13 - llvm-toolchain-xenial-7
14 packages:
15 - clang-7
16 - cmake
17 - libssl-dev
18 - libudev-dev
19 script: /bin/sh -eux .travis/build-linux-clang
20 - os: linux
21 compiler: gcc-7
22 dist: xenial
23 sudo: required
24 addons:
25 apt:
26 sources:
27 - ubuntu-toolchain-r-test
28 packages:
29 - gcc-7
30 - cmake
31 - libssl-dev
32 - libudev-dev
33 script: /bin/sh -eux .travis/build-linux-gcc
34 - os: linux
35 compiler: i686-w64-mingw32-gcc-4.8
36 dist: xenial
37 sudo: required
38 addons:
39 apt:
40 sources:
41 - ubuntu-toolchain-r-test
42 packages:
43 - binutils-mingw-w64-i686
44 - gcc-mingw-w64
45 - g++-mingw-w64
46 - mingw-w64-i686-dev
47 - cmake
48 script: /bin/sh -eux .travis/build-linux-mingw
49 - os: osx
50 osx_image: xcode10.2
51 compiler: clang
52 sudo: required
53 script: /bin/sh -eux .travis/build-osx-clang
54 - os: linux
55 compiler: clang-7
56 dist: bionic
57 sudo: required
58 addons:
59 apt:
60 sources:
61 - ubuntu-toolchain-r-test
62 - llvm-toolchain-xenial-7
63 packages:
64 - clang-7
65 - cmake
66 - libssl-dev
67 - libudev-dev
68 script: /bin/sh -eux .travis/fuzz-linux-asan
69 - os: linux
70 compiler: clang-7
71 dist: bionic
72 sudo: required
73 addons:
74 apt:
75 sources:
76 - ubuntu-toolchain-r-test
77 - llvm-toolchain-xenial-7
78 packages:
79 - clang-7
80 - cmake
81 - libssl-dev
82 - libudev-dev
83 script: /bin/sh -eux .travis/fuzz-linux-msan
84
85notifications:
86 email: false
diff --git a/.travis/build-linux-clang b/.travis/build-linux-clang
deleted file mode 100644
index 8938461..0000000
--- a/.travis/build-linux-clang
+++ /dev/null
@@ -1,22 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5# Check exports.
6(cd src && ./diff_exports.sh)
7
8# Build and install libcbor.
9git clone git://github.com/pjk/libcbor
10cd libcbor
11git checkout v0.5.0
12mkdir build
13(cd build && cmake ..)
14make -C build
15sudo make -C build install
16cd ..
17
18# Build, analyze, and install libfido2.
19mkdir build
20(cd build && scan-build cmake -DCMAKE_BUILD_TYPE=Debug ..)
21scan-build --status-bugs make -C build
22sudo make -C build install
diff --git a/.travis/build-linux-gcc b/.travis/build-linux-gcc
deleted file mode 100644
index be1e0a9..0000000
--- a/.travis/build-linux-gcc
+++ /dev/null
@@ -1,19 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5# Build and install libcbor.
6git clone git://github.com/pjk/libcbor
7cd libcbor
8git checkout v0.5.0
9mkdir build
10(cd build && cmake ..)
11make -C build
12sudo make -C build install
13cd ..
14
15# Build and install libfido2.
16mkdir build
17(cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..)
18make -C build
19sudo make -C build install
diff --git a/.travis/build-linux-mingw b/.travis/build-linux-mingw
deleted file mode 100644
index c88ddca..0000000
--- a/.travis/build-linux-mingw
+++ /dev/null
@@ -1,47 +0,0 @@
1#!/bin/sh -eux
2
3# XXX defining CC and cross-compiling confuses OpenSSL's build.
4unset CC
5
6sudo mkdir /fakeroot
7sudo chmod 755 /fakeroot
8
9cat << EOF > /tmp/mingw.cmake
10SET(CMAKE_SYSTEM_NAME Windows)
11SET(CMAKE_C_COMPILER i686-w64-mingw32-gcc)
12SET(CMAKE_CXX_COMPILER i686-w64-mingw32-g++)
13SET(CMAKE_RC_COMPILER i686-w64-mingw32-windres)
14SET(CMAKE_FIND_ROOT_PATH /fakeroot)
15SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
16SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
17SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
18EOF
19
20# Build and install libcbor.
21git clone git://github.com/pjk/libcbor
22cd libcbor
23git checkout v0.5.0
24mkdir build
25(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
26 -DCMAKE_INSTALL_PREFIX=/fakeroot ..)
27make -C build
28sudo make -C build install
29cd ..
30
31# Build and install OpenSSL 1.1.0j.
32git clone git://github.com/openssl/openssl
33cd openssl
34git checkout OpenSSL_1_1_0j
35./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \
36 --cross-compile-prefix=i686-w64-mingw32-
37make
38sudo make install_sw
39cd ..
40
41# Build and install libfido2.
42export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig
43mkdir build
44(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
45 -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/fakeroot ..)
46make -C build
47sudo make -C build install
diff --git a/.travis/build-osx-clang b/.travis/build-osx-clang
deleted file mode 100644
index 69a784c..0000000
--- a/.travis/build-osx-clang
+++ /dev/null
@@ -1,24 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5# Build and install libcbor.
6git clone git://github.com/pjk/libcbor
7cd libcbor
8git checkout v0.5.0
9mkdir build
10(cd build && cmake ..)
11make -C build
12sudo make -C build install
13cd ..
14
15# Install mandoc from Homebrew.
16brew install mandoc
17
18# Build and install libfido2.
19export PKG_CONFIG_PATH=/usr/local/opt/openssl@1.1/lib/pkgconfig
20mkdir build
21(cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..)
22make -C build
23make -C build man_symlink_html
24sudo make -C build install
diff --git a/.travis/fuzz-linux-asan b/.travis/fuzz-linux-asan
deleted file mode 100644
index af8a08c..0000000
--- a/.travis/fuzz-linux-asan
+++ /dev/null
@@ -1,59 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5FAKEROOT=/fakeroot
6sudo mkdir ${FAKEROOT}
7sudo chmod 755 ${FAKEROOT}
8
9# Build and install libcbor.
10git clone git://github.com/pjk/libcbor
11cd libcbor
12patch -p0 < ../fuzz/README
13mkdir build
14cd build
15cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \
16 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
17 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \
18 -DCMAKE_INSTALL_LIBDIR=lib ..
19make
20sudo make install
21cd ../..
22
23# Build and install OpenSSL 1.1.1b.
24git clone git://github.com/openssl/openssl
25cd openssl
26git checkout OpenSSL_1_1_1b
27./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \
28 --openssldir=${FAKEROOT}/openssl
29make clean
30make
31sudo make install_sw
32cd ..
33
34# Build libfido2.
35mkdir build
36cd build
37export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig
38cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
39 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
40 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
41 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
42 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
43 -DCMAKE_BUILD_TYPE=Debug ..
44make
45
46# Fuzz with ASAN.
47mkdir corpus
48curl -s https://ambientworks.net/tmp/corpus.tgz > ../fuzz/corpus.tgz
49tar -C corpus -zxf ../fuzz/corpus.tgz
50fuzz/fuzz_cred -use_value_profile=1 -reload=30 -print_pcs=1 \
51 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_cred
52fuzz/fuzz_assert -use_value_profile=1 -reload=30 -print_pcs=1 \
53 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_assert
54fuzz/fuzz_credman -use_value_profile=1 -reload=30 -print_pcs=1 \
55 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_credman
56fuzz/fuzz_mgmt -use_value_profile=1 -reload=30 -print_pcs=1 \
57 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_mgmt
58fuzz/fuzz_bio -use_value_profile=1 -reload=30 -print_pcs=1 \
59 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_bio
diff --git a/.travis/fuzz-linux-msan b/.travis/fuzz-linux-msan
deleted file mode 100644
index e67ab22..0000000
--- a/.travis/fuzz-linux-msan
+++ /dev/null
@@ -1,59 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5FAKEROOT=/fakeroot
6sudo mkdir ${FAKEROOT}
7sudo chmod 755 ${FAKEROOT}
8
9# Build and install libcbor.
10git clone git://github.com/pjk/libcbor
11cd libcbor
12patch -p0 < ../fuzz/README
13mkdir build
14cd build
15cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \
16 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
17 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \
18 -DCMAKE_INSTALL_LIBDIR=lib ..
19make
20sudo make install
21cd ../..
22
23# Build and install OpenSSL 1.1.1b.
24git clone git://github.com/openssl/openssl
25cd openssl
26git checkout OpenSSL_1_1_1b
27./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \
28 --openssldir=${FAKEROOT}/openssl
29make clean
30make
31sudo make install_sw
32cd ..
33
34# Build libfido2.
35mkdir build
36cd build
37export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig
38cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
39 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
40 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
41 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
42 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
43 -DCMAKE_BUILD_TYPE=Debug ..
44make
45
46# Fuzz with MSAN.
47mkdir corpus
48curl -s https://ambientworks.net/tmp/corpus.tgz > ../fuzz/corpus.tgz
49tar -C corpus -zxf ../fuzz/corpus.tgz
50fuzz/fuzz_cred -use_value_profile=1 -reload=30 -print_pcs=1 \
51 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_cred
52fuzz/fuzz_assert -use_value_profile=1 -reload=30 -print_pcs=1 \
53 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_assert
54fuzz/fuzz_credman -use_value_profile=1 -reload=30 -print_pcs=1 \
55 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_credman
56fuzz/fuzz_mgmt -use_value_profile=1 -reload=30 -print_pcs=1 \
57 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_mgmt
58fuzz/fuzz_bio -use_value_profile=1 -reload=30 -print_pcs=1 \
59 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_bio
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0bb2e87..dbd5fa5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,6 +10,8 @@ cmake_minimum_required(VERSION 3.0)
10 10
11include(CheckCCompilerFlag) 11include(CheckCCompilerFlag)
12include(CheckFunctionExists) 12include(CheckFunctionExists)
13include(CheckLibraryExists)
14include(CheckSymbolExists)
13include(CheckIncludeFiles) 15include(CheckIncludeFiles)
14include(CheckTypeSize) 16include(CheckTypeSize)
15include(GNUInstallDirs) 17include(GNUInstallDirs)
@@ -19,7 +21,7 @@ set(CMAKE_VERBOSE_MAKEFILE on)
19set(CMAKE_POSITION_INDEPENDENT_CODE ON) 21set(CMAKE_POSITION_INDEPENDENT_CODE ON)
20 22
21set(FIDO_MAJOR "1") 23set(FIDO_MAJOR "1")
22set(FIDO_MINOR "4") 24set(FIDO_MINOR "5")
23set(FIDO_PATCH "0") 25set(FIDO_PATCH "0")
24set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) 26set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
25 27
@@ -33,21 +35,12 @@ if(CYGWIN OR MSYS)
33endif() 35endif()
34 36
35if(WIN32) 37if(WIN32)
36 add_definitions(-DWIN32_LEAN_AND_MEAN) 38 add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
37endif() 39endif()
38 40
39if(APPLE) 41if(APPLE)
40 set(CMAKE_INSTALL_NAME_DIR 42 set(CMAKE_INSTALL_NAME_DIR
41 "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") 43 "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
42endif()
43
44# Observe OpenBSD's library versioning scheme.
45if(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
46 set(LIB_VERSION ${FIDO_MAJOR}.${FIDO_MINOR})
47 set(LIB_SOVERSION ${LIB_VERSION})
48else()
49 set(LIB_VERSION ${FIDO_VERSION})
50 set(LIB_SOVERSION ${FIDO_MAJOR})
51endif() 44endif()
52 45
53if(MSVC) 46if(MSVC)
@@ -58,7 +51,7 @@ if(MSVC)
58 "under msvc") 51 "under msvc")
59 endif() 52 endif()
60 set(CBOR_LIBRARIES cbor) 53 set(CBOR_LIBRARIES cbor)
61 set(CRYPTO_LIBRARIES crypto-45) 54 set(CRYPTO_LIBRARIES crypto-46)
62 set(MSVC_DISABLED_WARNINGS_LIST 55 set(MSVC_DISABLED_WARNINGS_LIST
63 "C4200" # nonstandard extension used: zero-sized array in 56 "C4200" # nonstandard extension used: zero-sized array in
64 # struct/union; 57 # struct/union;
@@ -71,9 +64,9 @@ if(MSVC)
71 # The construction in the following 3 lines was taken from LibreSSL's 64 # The construction in the following 3 lines was taken from LibreSSL's
72 # CMakeLists.txt. 65 # CMakeLists.txt.
73 string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR 66 string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
74 ${MSVC_DISABLED_WARNINGS_LIST}) 67 ${MSVC_DISABLED_WARNINGS_LIST})
75 string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) 68 string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
76 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}") 69 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
77 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7") 70 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7")
78 set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi") 71 set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi")
79else() 72else()
@@ -102,13 +95,18 @@ else()
102 if(CMAKE_SYSTEM_NAME STREQUAL "Linux") 95 if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
103 pkg_search_module(UDEV libudev REQUIRED) 96 pkg_search_module(UDEV libudev REQUIRED)
104 set(UDEV_NAME "udev") 97 set(UDEV_NAME "udev")
98 include_directories(${UDEV_INCLUDE_DIRS})
99 link_directories(${UDEV_LIBRARY_DIRS})
105 # Define be32toh(). 100 # Define be32toh().
106 add_definitions(-D_GNU_SOURCE) 101 add_definitions(-D_GNU_SOURCE)
107 # If using hidapi, use hidapi-hidraw. 102 # If using hidapi, use hidapi-hidraw.
108 set(HIDAPI_SUFFIX -hidraw) 103 set(HIDAPI_SUFFIX -hidraw)
109 elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR 104 # Look for clock_gettime in librt.
110 CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") 105 check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
111 set(BASE_LIBRARIES usbhid) 106 if(HAVE_CLOCK_GETTIME)
107 set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
108 add_definitions(-DHAVE_CLOCK_GETTIME)
109 endif()
112 endif() 110 endif()
113 111
114 if(MINGW) 112 if(MINGW)
@@ -122,6 +120,8 @@ else()
122 add_definitions(-DUSE_HIDAPI) 120 add_definitions(-DUSE_HIDAPI)
123 pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED) 121 pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
124 if(HIDAPI_FOUND) 122 if(HIDAPI_FOUND)
123 include_directories(${HIDAPI_INCLUDE_DIRS})
124 link_directories(${HIDAPI_LIBRARY_DIRS})
125 set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX}) 125 set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
126 endif() 126 endif()
127 endif() 127 endif()
@@ -153,24 +153,6 @@ else()
153 endif() 153 endif()
154 add_definitions(-DFIDO_FUZZ) 154 add_definitions(-DFIDO_FUZZ)
155 endif() 155 endif()
156
157 if(ASAN)
158 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,leak")
159 endif()
160
161 if(MSAN)
162 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory")
163 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize-memory-track-origins")
164 endif()
165
166 if(UBSAN)
167 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined")
168 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize-trap=undefined")
169 endif()
170
171 if(COVERAGE)
172 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
173 endif()
174endif() 156endif()
175 157
176# Use -Wshorten-64-to-32 if available. 158# Use -Wshorten-64-to-32 if available.
@@ -333,6 +315,20 @@ if(UNIX)
333 add_definitions(-DHAVE_DEV_URANDOM) 315 add_definitions(-DHAVE_DEV_URANDOM)
334endif() 316endif()
335 317
318# clock_gettime
319if(NOT HAVE_CLOCK_GETTIME)
320 check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
321 if(HAVE_CLOCK_GETTIME)
322 add_definitions(-DHAVE_CLOCK_GETTIME)
323 endif()
324endif()
325
326# timespecsub
327check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB)
328if(HAVE_TIMESPECSUB)
329 add_definitions(-DHAVE_TIMESPECSUB)
330endif()
331
336# export list 332# export list
337if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR 333if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
338 CMAKE_C_COMPILER_ID STREQUAL "AppleClang")) 334 CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
@@ -366,7 +362,7 @@ elseif(NOT MSVC)
366 endif() 362 endif()
367else() 363else()
368 string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} 364 string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
369 " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"") 365 " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
370endif() 366endif()
371 367
372include_directories(${CMAKE_SOURCE_DIR}/src) 368include_directories(${CMAKE_SOURCE_DIR}/src)
@@ -376,38 +372,33 @@ include_directories(${CRYPTO_INCLUDE_DIRS})
376link_directories(${CBOR_LIBRARY_DIRS}) 372link_directories(${CBOR_LIBRARY_DIRS})
377link_directories(${CRYPTO_LIBRARY_DIRS}) 373link_directories(${CRYPTO_LIBRARY_DIRS})
378 374
375message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}")
376message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
377message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
378message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
379message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
379message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}") 380message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
380message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}") 381message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
381message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
382message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}") 382message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
383message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}") 383message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
384message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
385message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
386message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
387message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}") 384message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
388message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
389message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}") 385message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
390message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}") 386message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
391message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}") 387message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
392message(STATUS "VERSION: ${FIDO_VERSION}")
393message(STATUS "LIB_VERSION: ${LIB_VERSION}")
394message(STATUS "LIB_SOVERSION: ${LIB_SOVERSION}")
395message(STATUS "FUZZ: ${FUZZ}") 388message(STATUS "FUZZ: ${FUZZ}")
396message(STATUS "AFL: ${AFL}") 389if(USE_HIDAPI)
390 message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
391 message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
392 message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
393endif()
397message(STATUS "LIBFUZZER: ${LIBFUZZER}") 394message(STATUS "LIBFUZZER: ${LIBFUZZER}")
398message(STATUS "ASAN: ${ASAN}")
399message(STATUS "MSAN: ${MSAN}")
400message(STATUS "COVERAGE: ${COVERAGE}")
401message(STATUS "TLS: ${TLS}") 395message(STATUS "TLS: ${TLS}")
396message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
397message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
398message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
399message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
402message(STATUS "USE_HIDAPI: ${USE_HIDAPI}") 400message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
403 401
404if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
405 message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
406 message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
407 message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
408 message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
409endif()
410
411subdirs(src) 402subdirs(src)
412subdirs(examples) 403subdirs(examples)
413subdirs(tools) 404subdirs(tools)
@@ -415,7 +406,7 @@ subdirs(man)
415 406
416if(NOT WIN32) 407if(NOT WIN32)
417 if(CMAKE_BUILD_TYPE STREQUAL "Debug") 408 if(CMAKE_BUILD_TYPE STREQUAL "Debug")
418 if(NOT MSAN AND NOT LIBFUZZER) 409 if(NOT LIBFUZZER AND NOT FUZZ)
419 subdirs(regress) 410 subdirs(regress)
420 endif() 411 endif()
421 endif() 412 endif()
diff --git a/NEWS b/NEWS
index 153ff71..b651ca0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,21 @@
1* Version 1.5.0 (2020-09-01)
2 ** hid_linux: return FIDO_OK if no devices are found.
3 ** hid_osx:
4 - repair communication with U2F tokens, gh#166;
5 - reliability fixes.
6 ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
7 ** Support for configurable report lengths.
8 ** New API calls:
9 - fido_cbor_info_maxcredcntlst;
10 - fido_cbor_info_maxcredidlen;
11 - fido_cred_aaguid_len;
12 - fido_cred_aaguid_ptr;
13 - fido_dev_get_touch_begin;
14 - fido_dev_get_touch_status.
15 ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
16 ** Allow CTAP messages up to 2048 bytes; gh#171.
17 ** Ensure we only list USB devices by default.
18
1* Version 1.4.0 (2020-04-15) 19* Version 1.4.0 (2020-04-15)
2 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. 20 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
3 ** Fall back to U2F if the key claims to, but does not support FIDO2. 21 ** Fall back to U2F if the key claims to, but does not support FIDO2.
diff --git a/README.adoc b/README.adoc
index f389a83..6fe0272 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,8 +1,10 @@
1== libfido2 1== libfido2
2 2
3image:https://api.travis-ci.org/Yubico/libfido2.svg?branch=master["Build Status (Travis)", link="https://travis-ci.org/Yubico/libfido2"] 3image:https://github.com/yubico/libfido2/workflows/linux/badge.svg["Linux Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
4image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["windows build status (github actions)", link="https://github.com/Yubico/libfido2/actions"] 4image:https://github.com/yubico/libfido2/workflows/macos/badge.svg["macOS Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
5image:https://img.shields.io/badge/license-BSD-blue.svg["License", link="https://raw.githubusercontent.com/Yubico/libfido2/master/LICENSE"] 5image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["Windows Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
6image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
7image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"]
6 8
7*libfido2* provides library functionality and command-line tools to 9*libfido2* provides library functionality and command-line tools to
8communicate with a FIDO device over USB, and to verify attestation and 10communicate with a FIDO device over USB, and to verify attestation and
@@ -14,7 +16,7 @@ For usage, see the `examples/` directory.
14 16
15=== License 17=== License
16 18
17*libfido2* is licensed under the BSD 2-clause license. See the _LICENSE_ 19*libfido2* is licensed under the BSD 2-clause license. See the LICENSE
18file for the full license text. 20file for the full license text.
19 21
20=== Supported Platforms 22=== Supported Platforms
@@ -31,11 +33,17 @@ is also available.
31 33
32==== Releases 34==== Releases
33 35
34The current release of *libfido2* is 1.4.0. Please consult Yubico's 36The current release of *libfido2* is 1.5.0. Please consult Yubico's
35https://developers.yubico.com/libfido2/Releases[release page] for source 37https://developers.yubico.com/libfido2/Releases[release page] for source
36and binary releases. 38and binary releases.
37 39
38==== Ubuntu 40==== Ubuntu 20.04 (Focal)
41
42 $ sudo apt install libfido2-1
43 $ sudo apt install libfido2-dev
44 $ sudo apt install libfido2-doc
45
46==== Ubuntu 18.04 (Bionic) and 16.04 (Xenial)
39 47
40 $ sudo apt install software-properties-common 48 $ sudo apt install software-properties-common
41 $ sudo apt-add-repository ppa:yubico/stable 49 $ sudo apt-add-repository ppa:yubico/stable
@@ -52,15 +60,16 @@ Or from source, on UNIX-like systems:
52 $ make -C build 60 $ make -C build
53 $ sudo make -C build install 61 $ sudo make -C build install
54 62
55Depending on the platform, the PKG_CONFIG_PATH environment variable may need to 63Depending on the platform,
56be set. 64https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
65be installed, or the PKG_CONFIG_PATH environment variable set.
57 66
58*libfido2* depends on https://github.com/pjk/libcbor[libcbor] and 67*libfido2* depends on https://github.com/pjk/libcbor[libcbor] and
59https://www.openssl.org[OpenSSL]. On Linux, libudev (part of 68https://www.openssl.org[OpenSSL]. On Linux, libudev (part of
60https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also required. 69https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also required.
61 70
62For complete, OS-specific installation instructions, please refer to the 71For complete, OS-specific installation instructions, please refer to the
63`.travis/` (Linux, MacOS) and `windows/` directories. 72`.actions/` (Linux, MacOS) and `windows/` directories.
64 73
65On Linux, you will need to add a udev rule to be able to access the FIDO 74On Linux, you will need to add a udev rule to be able to access the FIDO
66device, or run as root. For example, the udev rule may contain the following: 75device, or run as root. For example, the udev rule may contain the following:
diff --git a/debian/changelog b/debian/changelog
index a93d809..bac765a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
1libfido2 (1.5.0-1) UNRELEASED; urgency=medium
2
3 * New upstream release.
4
5 -- Colin Watson <cjwatson@debian.org> Sun, 20 Sep 2020 16:15:26 +0100
6
1libfido2 (1.4.0-2) unstable; urgency=medium 7libfido2 (1.4.0-2) unstable; urgency=medium
2 8
3 [ nicoo ] 9 [ nicoo ]
diff --git a/debian/libfido2-1.symbols b/debian/libfido2-1.symbols
index 810a8fb..2b34e9b 100644
--- a/debian/libfido2-1.symbols
+++ b/debian/libfido2-1.symbols
@@ -76,6 +76,8 @@ libfido2.so.1 libfido2-1 #MINVER#
76 fido_cbor_info_extensions_ptr@Base 1.1.0 76 fido_cbor_info_extensions_ptr@Base 1.1.0
77 fido_cbor_info_free@Base 1.1.0 77 fido_cbor_info_free@Base 1.1.0
78 fido_cbor_info_fwversion@Base 1.4.0 78 fido_cbor_info_fwversion@Base 1.4.0
79 fido_cbor_info_maxcredcntlst@Base 1.5.0
80 fido_cbor_info_maxcredidlen@Base 1.5.0
79 fido_cbor_info_maxmsgsiz@Base 1.1.0 81 fido_cbor_info_maxmsgsiz@Base 1.1.0
80 fido_cbor_info_new@Base 1.1.0 82 fido_cbor_info_new@Base 1.1.0
81 fido_cbor_info_options_len@Base 1.1.0 83 fido_cbor_info_options_len@Base 1.1.0
@@ -85,6 +87,8 @@ libfido2.so.1 libfido2-1 #MINVER#
85 fido_cbor_info_protocols_ptr@Base 1.1.0 87 fido_cbor_info_protocols_ptr@Base 1.1.0
86 fido_cbor_info_versions_len@Base 1.1.0 88 fido_cbor_info_versions_len@Base 1.1.0
87 fido_cbor_info_versions_ptr@Base 1.1.0 89 fido_cbor_info_versions_ptr@Base 1.1.0
90 fido_cred_aaguid_len@Base 1.5.0
91 fido_cred_aaguid_ptr@Base 1.5.0
88 fido_cred_authdata_len@Base 1.1.0 92 fido_cred_authdata_len@Base 1.1.0
89 fido_cred_authdata_ptr@Base 1.1.0 93 fido_cred_authdata_ptr@Base 1.1.0
90 fido_cred_clientdata_hash_len@Base 1.1.0 94 fido_cred_clientdata_hash_len@Base 1.1.0
@@ -155,6 +159,9 @@ libfido2.so.1 libfido2-1 #MINVER#
155 fido_dev_get_assert@Base 1.1.0 159 fido_dev_get_assert@Base 1.1.0
156 fido_dev_get_cbor_info@Base 1.1.0 160 fido_dev_get_cbor_info@Base 1.1.0
157 fido_dev_get_retry_count@Base 1.1.0 161 fido_dev_get_retry_count@Base 1.1.0
162 fido_dev_get_touch_begin@Base 1.5.0
163 fido_dev_get_touch_status@Base 1.5.0
164 fido_dev_has_pin@Base 1.5.0
158 fido_dev_info_free@Base 1.1.0 165 fido_dev_info_free@Base 1.1.0
159 fido_dev_info_manifest@Base 1.1.0 166 fido_dev_info_manifest@Base 1.1.0
160 fido_dev_info_manufacturer_string@Base 1.1.0 167 fido_dev_info_manufacturer_string@Base 1.1.0
@@ -172,6 +179,8 @@ libfido2.so.1 libfido2-1 #MINVER#
172 fido_dev_open@Base 1.1.0 179 fido_dev_open@Base 1.1.0
173 fido_dev_protocol@Base 1.1.0 180 fido_dev_protocol@Base 1.1.0
174 fido_dev_reset@Base 1.1.0 181 fido_dev_reset@Base 1.1.0
182 fido_dev_supports_cred_prot@Base 1.5.0
183 fido_dev_supports_pin@Base 1.5.0
175 fido_dev_set_io_functions@Base 1.1.0 184 fido_dev_set_io_functions@Base 1.1.0
176 fido_dev_set_pin@Base 1.1.0 185 fido_dev_set_pin@Base 1.1.0
177 fido_dev_set_transport_functions@Base 1.4.0 186 fido_dev_set_transport_functions@Base 1.4.0
diff --git a/debian/libfido2-doc.links b/debian/libfido2-doc.links
deleted file mode 100644
index d6a52ca..0000000
--- a/debian/libfido2-doc.links
+++ /dev/null
@@ -1,277 +0,0 @@
1/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_free.3
2/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_from_ptr.3
3/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_to_EVP_PKEY.3
4/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_free.3
5/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_from_EC_KEY.3
6/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_from_ptr.3
7/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_to_EVP_PKEY.3
8/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_authdata_len.3
9/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_authdata_ptr.3
10/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_clientdata_hash_len.3
11/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_clientdata_hash_ptr.3
12/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_count.3
13/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_free.3
14/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_hmac_secret_len.3
15/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_hmac_secret_ptr.3
16/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sigcount.3
17/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sig_len.3
18/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sig_ptr.3
19/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_display_name.3
20/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_icon.3
21/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_id_len.3
22/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_id_ptr.3
23/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_name.3
24/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_clientdata_hash.3
25/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_count.3
26/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_extensions.3
27/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_hmac_salt.3
28/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_rp.3
29/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_sig.3
30/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_up.3
31/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_uv.3
32/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_begin.3
33/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_cancel.3
34/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_continue.3
35/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_remove.3
36/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_get_template_array.3
37/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_set_template_name.3
38/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_free.3
39/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_last_status.3
40/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_remaining_samples.3
41/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_free.3
42/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_max_samples.3
43/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_type.3
44/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_count.3
45/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_free.3
46/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_new.3
47/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_free.3
48/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_id_len.3
49/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_id_ptr.3
50/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_name.3
51/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_new.3
52/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_set_id.3
53/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_set_name.3
54/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_aaguid_len.3
55/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_aaguid_ptr.3
56/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_extensions_len.3
57/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_extensions_ptr.3
58/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_free.3
59/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_fwversion.3
60/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_maxmsgsiz.3
61/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_len.3
62/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_name_ptr.3
63/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_value_ptr.3
64/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_protocols_len.3
65/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_protocols_ptr.3
66/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_versions_len.3
67/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_versions_ptr.3
68/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_dev_get_cbor_info.3
69/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_authdata_len.3
70/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_authdata_ptr.3
71/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_clientdata_hash_len.3
72/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_clientdata_hash_ptr.3
73/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_fmt.3
74/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_free.3
75/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_id_len.3
76/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_id_ptr.3
77/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_prot.3
78/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_pubkey_len.3
79/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_pubkey_ptr.3
80/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_sig_len.3
81/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_sig_ptr.3
82/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_x5c_len.3
83/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_x5c_ptr.3
84/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_del_dev_rk.3
85/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_metadata.3
86/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_rk.3
87/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_rp.3
88/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_metadata_free.3
89/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk.3
90/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_count.3
91/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_existing.3
92/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_free.3
93/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_new.3
94/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_remaining.3
95/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_count.3
96/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_free.3
97/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id.3
98/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id_hash_len.3
99/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id_hash_ptr.3
100/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_name.3
101/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_new.3
102/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_authdata_raw.3
103/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_clientdata_hash.3
104/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_extensions.3
105/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_fmt.3
106/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_prot.3
107/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_rk.3
108/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_rp.3
109/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_sig.3
110/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_type.3
111/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_user.3
112/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_uv.3
113/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_x509.3
114/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_free.3
115/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_manufacturer_string.3
116/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_new.3
117/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_path.3
118/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_product.3
119/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_product_string.3
120/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_ptr.3
121/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_vendor.3
122/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_build.3
123/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_cancel.3
124/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_close.3
125/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_flags.3
126/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_force_fido2.3
127/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_force_u2f.3
128/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_free.3
129/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_is_fido2.3
130/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_major.3
131/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_minor.3
132/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_new.3
133/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_protocol.3
134/usr/share/man/man3/fido_dev_set_pin.3 /usr/share/man/man3/fido_dev_get_retry_count.3
135/usr/share/man/man3/fido_dev_set_pin.3 /usr/share/man/man3/fido_dev_reset.3
136/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_free.3
137/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_from_ptr.3
138/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_from_RSA.3
139/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_to_EVP_PKEY.3
140/usr/share/doc/libfido2/html/eddsa_pk_new.html /usr/share/doc/libfido2/html/eddsa_pk_free.html
141/usr/share/doc/libfido2/html/eddsa_pk_new.html /usr/share/doc/libfido2/html/eddsa_pk_from_ptr.html
142/usr/share/doc/libfido2/html/eddsa_pk_new.html /usr/share/doc/libfido2/html/eddsa_pk_to_EVP_PKEY.html
143/usr/share/doc/libfido2/html/es256_pk_new.html /usr/share/doc/libfido2/html/es256_pk_free.html
144/usr/share/doc/libfido2/html/es256_pk_new.html /usr/share/doc/libfido2/html/es256_pk_from_EC_KEY.html
145/usr/share/doc/libfido2/html/es256_pk_new.html /usr/share/doc/libfido2/html/es256_pk_from_ptr.html
146/usr/share/doc/libfido2/html/es256_pk_new.html /usr/share/doc/libfido2/html/es256_pk_to_EVP_PKEY.html
147/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_authdata_len.html
148/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_authdata_ptr.html
149/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_clientdata_hash_len.html
150/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_clientdata_hash_ptr.html
151/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_count.html
152/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_free.html
153/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_hmac_secret_len.html
154/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_hmac_secret_ptr.html
155/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_sigcount.html
156/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_sig_len.html
157/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_sig_ptr.html
158/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_user_display_name.html
159/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_user_icon.html
160/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_user_id_len.html
161/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_user_id_ptr.html
162/usr/share/doc/libfido2/html/fido_assert_new.html /usr/share/doc/libfido2/html/fido_assert_user_name.html
163/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_clientdata_hash.html
164/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_count.html
165/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_extensions.html
166/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_hmac_salt.html
167/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_rp.html
168/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_sig.html
169/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_up.html
170/usr/share/doc/libfido2/html/fido_assert_set_authdata.html /usr/share/doc/libfido2/html/fido_assert_set_uv.html
171/usr/share/doc/libfido2/html/fido_bio_dev_get_info.html /usr/share/doc/libfido2/html/fido_bio_dev_enroll_begin.html
172/usr/share/doc/libfido2/html/fido_bio_dev_get_info.html /usr/share/doc/libfido2/html/fido_bio_dev_enroll_cancel.html
173/usr/share/doc/libfido2/html/fido_bio_dev_get_info.html /usr/share/doc/libfido2/html/fido_bio_dev_enroll_continue.html
174/usr/share/doc/libfido2/html/fido_bio_dev_get_info.html /usr/share/doc/libfido2/html/fido_bio_dev_enroll_remove.html
175/usr/share/doc/libfido2/html/fido_bio_dev_get_info.html /usr/share/doc/libfido2/html/fido_bio_dev_get_template_array.html
176/usr/share/doc/libfido2/html/fido_bio_dev_get_info.html /usr/share/doc/libfido2/html/fido_bio_dev_set_template_name.html
177/usr/share/doc/libfido2/html/fido_bio_enroll_new.html /usr/share/doc/libfido2/html/fido_bio_enroll_free.html
178/usr/share/doc/libfido2/html/fido_bio_enroll_new.html /usr/share/doc/libfido2/html/fido_bio_enroll_last_status.html
179/usr/share/doc/libfido2/html/fido_bio_enroll_new.html /usr/share/doc/libfido2/html/fido_bio_enroll_remaining_samples.html
180/usr/share/doc/libfido2/html/fido_bio_info_new.html /usr/share/doc/libfido2/html/fido_bio_info_free.html
181/usr/share/doc/libfido2/html/fido_bio_info_new.html /usr/share/doc/libfido2/html/fido_bio_info_max_samples.html
182/usr/share/doc/libfido2/html/fido_bio_info_new.html /usr/share/doc/libfido2/html/fido_bio_info_type.html
183/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_array_count.html
184/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_array_free.html
185/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_array_new.html
186/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_free.html
187/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_id_len.html
188/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_id_ptr.html
189/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_name.html
190/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_new.html
191/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_set_id.html
192/usr/share/doc/libfido2/html/fido_bio_template.html /usr/share/doc/libfido2/html/fido_bio_template_set_name.html
193/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_aaguid_len.html
194/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_aaguid_ptr.html
195/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_extensions_len.html
196/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_extensions_ptr.html
197/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_free.html
198/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_maxmsgsiz.html
199/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_options_len.html
200/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_options_name_ptr.html
201/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_options_value_ptr.html
202/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_protocols_len.html
203/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_protocols_ptr.html
204/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_versions_len.html
205/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_cbor_info_versions_ptr.html
206/usr/share/doc/libfido2/html/fido_cbor_info_new.html /usr/share/doc/libfido2/html/fido_dev_get_cbor_info.html
207/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_authdata_len.html
208/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_authdata_ptr.html
209/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_clientdata_hash_len.html
210/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_clientdata_hash_ptr.html
211/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_fmt.html
212/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_free.html
213/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_id_len.html
214/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_id_ptr.html
215/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_prot.html
216/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_pubkey_len.html
217/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_pubkey_ptr.html
218/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_sig_len.html
219/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_sig_ptr.html
220/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_x5c_len.html
221/usr/share/doc/libfido2/html/fido_cred_new.html /usr/share/doc/libfido2/html/fido_cred_x5c_ptr.html
222/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_del_dev_rk.html
223/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_get_dev_metadata.html
224/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_get_dev_rk.html
225/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_get_dev_rp.html
226/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_metadata_free.html
227/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rk.html
228/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rk_count.html
229/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rk_existing.html
230/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rk_free.html
231/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rk_new.html
232/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rk_remaining.html
233/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_count.html
234/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_free.html
235/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_id.html
236/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_id_hash_len.html
237/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_id_hash_ptr.html
238/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_name.html
239/usr/share/doc/libfido2/html/fido_credman_metadata_new.html /usr/share/doc/libfido2/html/fido_credman_rp_new.html
240/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_authdata_raw.html
241/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_clientdata_hash.html
242/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_extensions.html
243/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_fmt.html
244/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_prot.html
245/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_rk.html
246/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_rp.html
247/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_sig.html
248/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_type.html
249/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_user.html
250/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_uv.html
251/usr/share/doc/libfido2/html/fido_cred_set_authdata.html /usr/share/doc/libfido2/html/fido_cred_set_x509.html
252/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_free.html
253/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_manufacturer_string.html
254/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_new.html
255/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_path.html
256/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_product.html
257/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_product_string.html
258/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_ptr.html
259/usr/share/doc/libfido2/html/fido_dev_info_manifest.html /usr/share/doc/libfido2/html/fido_dev_info_vendor.html
260/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_build.html
261/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_cancel.html
262/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_close.html
263/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_flags.html
264/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_force_fido2.html
265/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_force_u2f.html
266/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_free.html
267/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_is_fido2.html
268/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_major.html
269/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_minor.html
270/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_new.html
271/usr/share/doc/libfido2/html/fido_dev_open.html /usr/share/doc/libfido2/html/fido_dev_protocol.html
272/usr/share/doc/libfido2/html/fido_dev_set_pin.html /usr/share/doc/libfido2/html/fido_dev_get_retry_count.html
273/usr/share/doc/libfido2/html/fido_dev_set_pin.html /usr/share/doc/libfido2/html/fido_dev_reset.html
274/usr/share/doc/libfido2/html/rs256_pk_new.html /usr/share/doc/libfido2/html/rs256_pk_free.html
275/usr/share/doc/libfido2/html/rs256_pk_new.html /usr/share/doc/libfido2/html/rs256_pk_from_ptr.html
276/usr/share/doc/libfido2/html/rs256_pk_new.html /usr/share/doc/libfido2/html/rs256_pk_from_RSA.html
277/usr/share/doc/libfido2/html/rs256_pk_new.html /usr/share/doc/libfido2/html/rs256_pk_to_EVP_PKEY.html
diff --git a/docker/bionic/Dockerfile b/docker/bionic/Dockerfile
deleted file mode 100644
index 9225ed8..0000000
--- a/docker/bionic/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
1# unlock-yk
2# docker run --rm --volume=/home/pedro/projects/libfido2:/workdir \
3# --volume=$(gpgconf --list-dirs socketdir):/root/.gnupg \
4# --volume=$(gpgconf --list-dirs homedir)/pubring.kbx:/root/.gnupg/pubring.kbx \
5# -it libfido2-staging --install-deps --ppa martelletto/ppa \
6# --key pedro@yubico.com
7FROM ubuntu:bionic
8ENV DEBIAN_FRONTEND noninteractive
9RUN apt-get -qq update && apt-get -qq upgrade
10RUN apt-get install -qq packaging-dev debian-keyring devscripts equivs gnupg python sudo
11ADD https://raw.githubusercontent.com/dainnilsson/scripts/master/make-ppa /make-ppa
12RUN chmod +x /make-ppa
13WORKDIR /workdir
14ENTRYPOINT ["/make-ppa"]
diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
index 1203592..7228860 100644
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -3,6 +3,7 @@
3# license that can be found in the LICENSE file. 3# license that can be found in the LICENSE file.
4 4
5list(APPEND COMPAT_SOURCES 5list(APPEND COMPAT_SOURCES
6 ../openbsd-compat/clock_gettime.c
6 ../openbsd-compat/getopt_long.c 7 ../openbsd-compat/getopt_long.c
7 ../openbsd-compat/strlcat.c 8 ../openbsd-compat/strlcat.c
8 ../openbsd-compat/strlcpy.c 9 ../openbsd-compat/strlcpy.c
@@ -15,6 +16,13 @@ endif()
15# drop -rdynamic 16# drop -rdynamic
16set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") 17set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
17 18
19# enable -Wconversion -Wsign-conversion
20if(NOT MSVC)
21 set_source_files_properties(assert.c cred.c info.c manifest.c reset.c
22 retries.c setpin.c util.c PROPERTIES COMPILE_FLAGS
23 "-Wconversion -Wsign-conversion")
24endif()
25
18# manifest 26# manifest
19add_executable(manifest manifest.c ${COMPAT_SOURCES}) 27add_executable(manifest manifest.c ${COMPAT_SOURCES})
20target_link_libraries(manifest fido2) 28target_link_libraries(manifest fido2)
@@ -42,3 +50,11 @@ target_link_libraries(setpin fido2)
42# retries 50# retries
43add_executable(retries retries.c ${COMPAT_SOURCES}) 51add_executable(retries retries.c ${COMPAT_SOURCES})
44target_link_libraries(retries fido2) 52target_link_libraries(retries fido2)
53
54# select
55add_executable(select select.c ${COMPAT_SOURCES})
56target_link_libraries(select fido2)
57if(MINGW)
58 # needed for nanosleep() in mingw
59 target_link_libraries(select winpthread)
60endif()
diff --git a/examples/README.adoc b/examples/README.adoc
index 091c6bc..b7b73d8 100644
--- a/examples/README.adoc
+++ b/examples/README.adoc
@@ -77,5 +77,14 @@ The following examples are provided:
77- retries <device> 77- retries <device>
78 Get the number of PIN attempts left on <device> before lockout. 78 Get the number of PIN attempts left on <device> before lockout.
79 79
80- select
81
82 Enumerates available FIDO devices and, if more than one is present,
83 simultaneously requests touch on all of them, printing information
84 about the device touched.
85
80Debugging is possible through the use of the FIDO_DEBUG environment variable. 86Debugging is possible through the use of the FIDO_DEBUG environment variable.
81If set, libfido2 will produce a log of its transactions with the authenticator. 87If set, libfido2 will produce a log of its transactions with the authenticator.
88
89Additionally, an example of a WebAuthn client using libfido2 is available at
90https://github.com/martelletto/fido2-webauthn-client.
diff --git a/examples/assert.c b/examples/assert.c
index a421a51..a18d8af 100644
--- a/examples/assert.c
+++ b/examples/assert.c
@@ -14,17 +14,12 @@
14#include <unistd.h> 14#include <unistd.h>
15#endif 15#endif
16 16
17#include "../openbsd-compat/openbsd-compat.h"
18
19#include "fido.h" 17#include "fido.h"
20#include "fido/es256.h" 18#include "fido/es256.h"
21#include "fido/rs256.h" 19#include "fido/rs256.h"
22#include "fido/eddsa.h" 20#include "fido/eddsa.h"
23#include "extern.h" 21#include "extern.h"
24 22#include "../openbsd-compat/openbsd-compat.h"
25#ifdef SIGNAL_EXAMPLE
26extern volatile sig_atomic_t got_signal;
27#endif
28 23
29static const unsigned char cdh[32] = { 24static const unsigned char cdh[32] = {
30 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7, 25 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7,
@@ -188,13 +183,15 @@ main(int argc, char **argv)
188 break; 183 break;
189 case 'T': 184 case 'T':
190#ifndef SIGNAL_EXAMPLE 185#ifndef SIGNAL_EXAMPLE
186 (void)seconds;
191 errx(1, "-T not supported"); 187 errx(1, "-T not supported");
192#endif 188#else
193 if (base10(optarg, &seconds) < 0) 189 if (base10(optarg, &seconds) < 0)
194 errx(1, "base10: %s", optarg); 190 errx(1, "base10: %s", optarg);
195 if (seconds <= 0 || seconds > 30) 191 if (seconds <= 0 || seconds > 30)
196 errx(1, "-T: %s must be in (0,30]", optarg); 192 errx(1, "-T: %s must be in (0,30]", optarg);
197 break; 193 break;
194#endif
198 case 'a': 195 case 'a':
199 if (read_blob(optarg, &body, &len) < 0) 196 if (read_blob(optarg, &body, &len) < 0)
200 errx(1, "read_blob: %s", optarg); 197 errx(1, "read_blob: %s", optarg);
@@ -312,6 +309,10 @@ main(int argc, char **argv)
312 errx(1, "fido_assert_count: %d signatures returned", 309 errx(1, "fido_assert_count: %d signatures returned",
313 (int)fido_assert_count(assert)); 310 (int)fido_assert_count(assert));
314 311
312 /* when verifying, pin implies uv */
313 if (pin)
314 uv = true;
315
315 verify_assert(type, fido_assert_authdata_ptr(assert, 0), 316 verify_assert(type, fido_assert_authdata_ptr(assert, 0),
316 fido_assert_authdata_len(assert, 0), fido_assert_sig_ptr(assert, 0), 317 fido_assert_authdata_len(assert, 0), fido_assert_sig_ptr(assert, 0),
317 fido_assert_sig_len(assert, 0), up, uv, ext, argv[0]); 318 fido_assert_sig_len(assert, 0), up, uv, ext, argv[0]);
diff --git a/examples/cred.c b/examples/cred.c
index 3e0a30f..6bd0faf 100644
--- a/examples/cred.c
+++ b/examples/cred.c
@@ -16,14 +16,9 @@
16#include <unistd.h> 16#include <unistd.h>
17#endif 17#endif
18 18
19#include "../openbsd-compat/openbsd-compat.h"
20
21#include "fido.h" 19#include "fido.h"
22#include "extern.h" 20#include "extern.h"
23 21#include "../openbsd-compat/openbsd-compat.h"
24#ifdef SIGNAL_EXAMPLE
25extern volatile sig_atomic_t got_signal;
26#endif
27 22
28static const unsigned char cdh[32] = { 23static const unsigned char cdh[32] = {
29 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, 24 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb,
@@ -192,13 +187,15 @@ main(int argc, char **argv)
192 break; 187 break;
193 case 'T': 188 case 'T':
194#ifndef SIGNAL_EXAMPLE 189#ifndef SIGNAL_EXAMPLE
190 (void)seconds;
195 errx(1, "-T not supported"); 191 errx(1, "-T not supported");
196#endif 192#else
197 if (base10(optarg, &seconds) < 0) 193 if (base10(optarg, &seconds) < 0)
198 errx(1, "base10: %s", optarg); 194 errx(1, "base10: %s", optarg);
199 if (seconds <= 0 || seconds > 30) 195 if (seconds <= 0 || seconds > 30)
200 errx(1, "-T: %s must be in (0,30]", optarg); 196 errx(1, "-T: %s must be in (0,30]", optarg);
201 break; 197 break;
198#endif
202 case 'e': 199 case 'e':
203 if (read_blob(optarg, &body, &len) < 0) 200 if (read_blob(optarg, &body, &len) < 0)
204 errx(1, "read_blob: %s", optarg); 201 errx(1, "read_blob: %s", optarg);
@@ -318,6 +315,10 @@ main(int argc, char **argv)
318 315
319 fido_dev_free(&dev); 316 fido_dev_free(&dev);
320 317
318 /* when verifying, pin implies uv */
319 if (pin)
320 uv = true;
321
321 verify_cred(type, fido_cred_fmt(cred), fido_cred_authdata_ptr(cred), 322 verify_cred(type, fido_cred_fmt(cred), fido_cred_authdata_ptr(cred),
322 fido_cred_authdata_len(cred), fido_cred_x5c_ptr(cred), 323 fido_cred_authdata_len(cred), fido_cred_x5c_ptr(cred),
323 fido_cred_x5c_len(cred), fido_cred_sig_ptr(cred), 324 fido_cred_x5c_len(cred), fido_cred_sig_ptr(cred),
diff --git a/examples/extern.h b/examples/extern.h
index 578b8c4..0ea68c4 100644
--- a/examples/extern.h
+++ b/examples/extern.h
@@ -27,6 +27,7 @@ int write_rsa_pubkey(const char *, const void *, size_t);
27int write_eddsa_pubkey(const char *, const void *, size_t); 27int write_eddsa_pubkey(const char *, const void *, size_t);
28#ifdef SIGNAL_EXAMPLE 28#ifdef SIGNAL_EXAMPLE
29void prepare_signal_handler(int); 29void prepare_signal_handler(int);
30extern volatile sig_atomic_t got_signal;
30#endif 31#endif
31 32
32#endif /* _EXTERN_H_ */ 33#endif /* _EXTERN_H_ */
diff --git a/examples/info.c b/examples/info.c
index ef0d97e..d81de85 100644
--- a/examples/info.c
+++ b/examples/info.c
@@ -4,17 +4,14 @@
4 * license that can be found in the LICENSE file. 4 * license that can be found in the LICENSE file.
5 */ 5 */
6 6
7#include <openssl/ec.h>
8
9#include <stdbool.h> 7#include <stdbool.h>
10#include <stdint.h> 8#include <stdint.h>
11#include <stdio.h> 9#include <stdio.h>
12#include <stdlib.h> 10#include <stdlib.h>
13#include <string.h> 11#include <string.h>
14 12
15#include "../openbsd-compat/openbsd-compat.h"
16
17#include "fido.h" 13#include "fido.h"
14#include "../openbsd-compat/openbsd-compat.h"
18 15
19/* 16/*
20 * Pretty-print a device's capabilities flags and return the result. 17 * Pretty-print a device's capabilities flags and return the result.
@@ -131,6 +128,26 @@ print_maxmsgsiz(uint64_t maxmsgsiz)
131} 128}
132 129
133/* 130/*
131 * Auxiliary function to print an authenticator's maximum number of credentials
132 * in a credential list on stdout.
133 */
134static void
135print_maxcredcntlst(uint64_t maxcredcntlst)
136{
137 printf("maxcredcntlst: %d\n", (int)maxcredcntlst);
138}
139
140/*
141 * Auxiliary function to print an authenticator's maximum credential ID length
142 * on stdout.
143 */
144static void
145print_maxcredidlen(uint64_t maxcredidlen)
146{
147 printf("maxcredlen: %d\n", (int)maxcredidlen);
148}
149
150/*
134 * Auxiliary function to print an authenticator's firmware version on stdout. 151 * Auxiliary function to print an authenticator's firmware version on stdout.
135 */ 152 */
136static void 153static void
@@ -199,6 +216,12 @@ getinfo(const char *path)
199 /* print maximum message size */ 216 /* print maximum message size */
200 print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci)); 217 print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
201 218
219 /* print maximum number of credentials allowed in credential lists */
220 print_maxcredcntlst(fido_cbor_info_maxcredcntlst(ci));
221
222 /* print maximum length of a credential ID */
223 print_maxcredidlen(fido_cbor_info_maxcredidlen(ci));
224
202 /* print firmware version */ 225 /* print firmware version */
203 print_fwversion(fido_cbor_info_fwversion(ci)); 226 print_fwversion(fido_cbor_info_fwversion(ci));
204 227
diff --git a/examples/manifest.c b/examples/manifest.c
index 895447a..d5ebda2 100644
--- a/examples/manifest.c
+++ b/examples/manifest.c
@@ -4,15 +4,12 @@
4 * license that can be found in the LICENSE file. 4 * license that can be found in the LICENSE file.
5 */ 5 */
6 6
7#include <openssl/ec.h>
8
9#include <stdbool.h> 7#include <stdbool.h>
10#include <stdio.h> 8#include <stdio.h>
11#include <stdlib.h> 9#include <stdlib.h>
12 10
13#include "../openbsd-compat/openbsd-compat.h"
14
15#include "fido.h" 11#include "fido.h"
12#include "../openbsd-compat/openbsd-compat.h"
16 13
17int 14int
18main(void) 15main(void)
diff --git a/examples/reset.c b/examples/reset.c
index 36a7de2..3e715c4 100644
--- a/examples/reset.c
+++ b/examples/reset.c
@@ -8,21 +8,14 @@
8 * Perform a factory reset on a given authenticator. 8 * Perform a factory reset on a given authenticator.
9 */ 9 */
10 10
11#include <openssl/ec.h>
12
13#include <stdbool.h> 11#include <stdbool.h>
14#include <stdint.h> 12#include <stdint.h>
15#include <stdio.h> 13#include <stdio.h>
16#include <stdlib.h> 14#include <stdlib.h>
17 15
18#include "../openbsd-compat/openbsd-compat.h"
19
20#include "fido.h" 16#include "fido.h"
21#include "extern.h" 17#include "extern.h"
22 18#include "../openbsd-compat/openbsd-compat.h"
23#ifdef SIGNAL_EXAMPLE
24extern volatile sig_atomic_t got_signal;
25#endif
26 19
27int 20int
28main(int argc, char **argv) 21main(int argc, char **argv)
diff --git a/examples/retries.c b/examples/retries.c
index 3ed7558..5cc116c 100644
--- a/examples/retries.c
+++ b/examples/retries.c
@@ -8,15 +8,12 @@
8 * Get an authenticator's number of PIN attempts left. 8 * Get an authenticator's number of PIN attempts left.
9 */ 9 */
10 10
11#include <openssl/ec.h>
12
13#include <stdbool.h> 11#include <stdbool.h>
14#include <stdio.h> 12#include <stdio.h>
15#include <stdlib.h> 13#include <stdlib.h>
16 14
17#include "../openbsd-compat/openbsd-compat.h"
18
19#include "fido.h" 15#include "fido.h"
16#include "../openbsd-compat/openbsd-compat.h"
20 17
21int 18int
22main(int argc, char **argv) 19main(int argc, char **argv)
diff --git a/examples/select.c b/examples/select.c
new file mode 100644
index 0000000..1fb2960
--- /dev/null
+++ b/examples/select.c
@@ -0,0 +1,215 @@
1/*
2 * Copyright (c) 2020 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
5 */
6
7#include <errno.h>
8#include <stdbool.h>
9#include <stdio.h>
10#include <stdlib.h>
11#include <time.h>
12
13#include "fido.h"
14#include "../openbsd-compat/openbsd-compat.h"
15
16#define FIDO_POLL_MS 50
17
18#if defined(_MSC_VER)
19static int
20nanosleep(const struct timespec *rqtp, struct timespec *rmtp)
21{
22 if (rmtp != NULL) {
23 errno = EINVAL;
24 return (-1);
25 }
26
27 Sleep(rqtp->tv_nsec / 1000000);
28
29 return (0);
30}
31#endif
32
33static fido_dev_t *
34open_dev(const fido_dev_info_t *di)
35{
36 fido_dev_t *dev;
37 int r;
38
39 if ((dev = fido_dev_new()) == NULL) {
40 warnx("%s: fido_dev_new", __func__);
41 return (NULL);
42 }
43
44 if ((r = fido_dev_open(dev, fido_dev_info_path(di))) != FIDO_OK) {
45 warnx("%s: fido_dev_open %s: %s", __func__,
46 fido_dev_info_path(di), fido_strerr(r));
47 fido_dev_free(&dev);
48 return (NULL);
49 }
50
51 printf("%s (0x%04x:0x%04x) is %s\n", fido_dev_info_path(di),
52 fido_dev_info_vendor(di), fido_dev_info_product(di),
53 fido_dev_is_fido2(dev) ? "fido2" : "u2f");
54
55 return (dev);
56}
57
58static int
59select_dev(const fido_dev_info_t *devlist, size_t ndevs, fido_dev_t **dev,
60 size_t *idx, int secs)
61{
62 const fido_dev_info_t *di;
63 fido_dev_t **devtab;
64 struct timespec ts_start;
65 struct timespec ts_now;
66 struct timespec ts_delta;
67 struct timespec ts_pause;
68 size_t nopen = 0;
69 int touched;
70 int r;
71 long ms_remain;
72
73 *dev = NULL;
74 *idx = 0;
75
76 printf("%u authenticator(s) detected\n", (unsigned)ndevs);
77
78 if (ndevs == 0)
79 return (0); /* nothing to do */
80
81 if ((devtab = calloc(ndevs, sizeof(*devtab))) == NULL) {
82 warn("%s: calloc", __func__);
83 return (-1);
84 }
85
86 for (size_t i = 0; i < ndevs; i++) {
87 di = fido_dev_info_ptr(devlist, i);
88 if ((devtab[i] = open_dev(di)) != NULL) {
89 *idx = i;
90 nopen++;
91 }
92 }
93
94 printf("%u authenticator(s) opened\n", (unsigned)nopen);
95
96 if (nopen < 2) {
97 if (nopen == 1)
98 *dev = devtab[*idx]; /* single candidate */
99 r = 0;
100 goto out;
101 }
102
103 for (size_t i = 0; i < ndevs; i++) {
104 di = fido_dev_info_ptr(devlist, i);
105 if (devtab[i] == NULL)
106 continue; /* failed to open */
107 if ((r = fido_dev_get_touch_begin(devtab[i])) != FIDO_OK) {
108 warnx("%s: fido_dev_get_touch_begin %s: %s", __func__,
109 fido_dev_info_path(di), fido_strerr(r));
110 r = -1;
111 goto out;
112 }
113 }
114
115 if (clock_gettime(CLOCK_MONOTONIC, &ts_start) != 0) {
116 warn("%s: clock_gettime", __func__);
117 r = -1;
118 goto out;
119 }
120
121 ts_pause.tv_sec = 0;
122 ts_pause.tv_nsec = 200000000; /* 200ms */
123
124 do {
125 nanosleep(&ts_pause, NULL);
126
127 for (size_t i = 0; i < ndevs; i++) {
128 di = fido_dev_info_ptr(devlist, i);
129 if (devtab[i] == NULL) {
130 /* failed to open or discarded */
131 continue;
132 }
133 if ((r = fido_dev_get_touch_status(devtab[i], &touched,
134 FIDO_POLL_MS)) != FIDO_OK) {
135 warnx("%s: fido_dev_get_touch_status %s: %s",
136 __func__, fido_dev_info_path(di),
137 fido_strerr(r));
138 fido_dev_close(devtab[i]);
139 fido_dev_free(&devtab[i]);
140 continue; /* discard */
141 }
142 if (touched) {
143 *dev = devtab[i];
144 *idx = i;
145 r = 0;
146 goto out;
147 }
148 }
149
150 if (clock_gettime(CLOCK_MONOTONIC, &ts_now) != 0) {
151 warn("%s: clock_gettime", __func__);
152 r = -1;
153 goto out;
154 }
155
156 timespecsub(&ts_now, &ts_start, &ts_delta);
157 ms_remain = (secs * 1000) - ((long)ts_delta.tv_sec * 1000) +
158 ((long)ts_delta.tv_nsec / 1000000);
159 } while (ms_remain > FIDO_POLL_MS);
160
161 printf("timeout after %d seconds\n", secs);
162 r = -1;
163out:
164 if (r != 0) {
165 *dev = NULL;
166 *idx = 0;
167 }
168
169 for (size_t i = 0; i < ndevs; i++) {
170 if (devtab[i] && devtab[i] != *dev) {
171 fido_dev_cancel(devtab[i]);
172 fido_dev_close(devtab[i]);
173 fido_dev_free(&devtab[i]);
174 }
175 }
176
177 free(devtab);
178
179 return (r);
180}
181
182int
183main(void)
184{
185 const fido_dev_info_t *di;
186 fido_dev_info_t *devlist;
187 fido_dev_t *dev;
188 size_t idx;
189 size_t ndevs;
190 int r;
191
192 fido_init(0);
193
194 if ((devlist = fido_dev_info_new(64)) == NULL)
195 errx(1, "fido_dev_info_new");
196
197 if ((r = fido_dev_info_manifest(devlist, 64, &ndevs)) != FIDO_OK)
198 errx(1, "fido_dev_info_manifest: %s (0x%x)", fido_strerr(r), r);
199 if (select_dev(devlist, ndevs, &dev, &idx, 15) != 0)
200 errx(1, "select_dev");
201 if (dev == NULL)
202 errx(1, "no authenticator found");
203
204 di = fido_dev_info_ptr(devlist, idx);
205 printf("%s: %s by %s (PIN %sset)\n", fido_dev_info_path(di),
206 fido_dev_info_product_string(di),
207 fido_dev_info_manufacturer_string(di),
208 fido_dev_has_pin(dev) ? "" : "un");
209
210 fido_dev_close(dev);
211 fido_dev_free(&dev);
212 fido_dev_info_free(&devlist, ndevs);
213
214 exit(0);
215}
diff --git a/examples/setpin.c b/examples/setpin.c
index 75d3d4a..5413bf9 100644
--- a/examples/setpin.c
+++ b/examples/setpin.c
@@ -8,16 +8,13 @@
8 * Configure a PIN on a given authenticator. 8 * Configure a PIN on a given authenticator.
9 */ 9 */
10 10
11#include <openssl/ec.h>
12
13#include <stdbool.h> 11#include <stdbool.h>
14#include <stdint.h> 12#include <stdint.h>
15#include <stdio.h> 13#include <stdio.h>
16#include <stdlib.h> 14#include <stdlib.h>
17 15
18#include "../openbsd-compat/openbsd-compat.h"
19
20#include "fido.h" 16#include "fido.h"
17#include "../openbsd-compat/openbsd-compat.h"
21 18
22static void 19static void
23setpin(const char *path, const char *pin, const char *oldpin) 20setpin(const char *path, const char *pin, const char *oldpin)
diff --git a/examples/util.c b/examples/util.c
index 2f6a845..5291cd8 100644
--- a/examples/util.c
+++ b/examples/util.c
@@ -27,13 +27,12 @@
27#include "../openbsd-compat/posix_win.h" 27#include "../openbsd-compat/posix_win.h"
28#endif 28#endif
29 29
30#include "../openbsd-compat/openbsd-compat.h"
31
32#include "fido.h" 30#include "fido.h"
33#include "fido/es256.h" 31#include "fido/es256.h"
34#include "fido/rs256.h" 32#include "fido/rs256.h"
35#include "fido/eddsa.h" 33#include "fido/eddsa.h"
36#include "extern.h" 34#include "extern.h"
35#include "../openbsd-compat/openbsd-compat.h"
37 36
38#ifdef SIGNAL_EXAMPLE 37#ifdef SIGNAL_EXAMPLE
39volatile sig_atomic_t got_signal = 0; 38volatile sig_atomic_t got_signal = 0;
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index 241cdc7..70c5eec 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -8,6 +8,7 @@ list(APPEND COMPAT_SOURCES
8) 8)
9 9
10list(APPEND COMMON_SOURCES 10list(APPEND COMMON_SOURCES
11 libfuzzer.c
11 mutator_aux.c 12 mutator_aux.c
12) 13)
13 14
diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile
index 68afd99..f9152f8 100644
--- a/fuzz/Dockerfile
+++ b/fuzz/Dockerfile
@@ -2,9 +2,10 @@
2# Use of this source code is governed by a BSD-style 2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file. 3# license that can be found in the LICENSE file.
4 4
5FROM ubuntu:bionic 5FROM ubuntu:focal
6ENV DEBIAN_FRONTEND=noninteractive
6RUN apt-get update 7RUN apt-get update
7RUN apt-get install -y clang-9 cmake git libssl-dev libudev-dev make pkg-config 8RUN apt-get install -y clang-10 cmake git libssl-dev libudev-dev make pkg-config
8RUN git clone --branch v0.5.0 https://github.com/PJK/libcbor 9RUN git clone --branch v0.7.0 https://github.com/PJK/libcbor
9RUN git clone https://github.com/yubico/libfido2 10RUN git clone https://github.com/yubico/libfido2
10RUN CC=clang-9 /libfido2/fuzz/build-coverage /libcbor /libfido2 11RUN CC=clang-10 CXX=clang++-10 /libfido2/fuzz/build-coverage /libcbor /libfido2
diff --git a/fuzz/Makefile b/fuzz/Makefile
index c8fe0b8..77699ac 100644
--- a/fuzz/Makefile
+++ b/fuzz/Makefile
@@ -2,10 +2,10 @@
2# Use of this source code is governed by a BSD-style 2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file. 3# license that can be found in the LICENSE file.
4 4
5IMAGE := libfido2-coverage:1.3.0 5IMAGE := libfido2-coverage:1.5.0
6RUNNER := libfido2-runner 6RUNNER := libfido2-runner
7PROFDATA := llvm-profdata-9 7PROFDATA := llvm-profdata-10
8COV := llvm-cov-9 8COV := llvm-cov-10
9TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_mgmt 9TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_mgmt
10CORPORA := $(foreach f,${TARGETS},${f}/corpus) 10CORPORA := $(foreach f,${TARGETS},${f}/corpus)
11MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus) 11MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus)
@@ -26,16 +26,16 @@ sync: run
26 docker exec ${RUNNER} make -C libfido2/build 26 docker exec ${RUNNER} make -C libfido2/build
27 27
28corpus: sync 28corpus: sync
29 docker exec ${RUNNER} /bin/bash -c 'cd /libfido2/fuzz && rm -rf ${TARGETS}' 29 docker exec ${RUNNER} /bin/sh -c 'cd /libfido2/fuzz && rm -rf ${TARGETS}'
30 docker exec ${RUNNER} tar Czxf /libfido2/fuzz /libfido2/fuzz/corpus.tgz 30 docker exec ${RUNNER} tar Czxf /libfido2/fuzz /libfido2/fuzz/corpus.tgz
31 31
32${TARGETS}: corpus sync 32${TARGETS}: corpus sync
33 docker exec -e LLVM_PROFILE_FILE=/profraw/$@ ${RUNNER} \ 33 docker exec -e LLVM_PROFILE_FILE=/profraw/$@ ${RUNNER} \
34 /bin/bash -c 'rm -f /profraw/$@ && /libfido2/build/fuzz/$@ \ 34 /bin/sh -c 'rm -f /profraw/$@ && /libfido2/build/fuzz/$@ \
35 -runs=1 /libfido2/fuzz/$@' 35 -runs=1 /libfido2/fuzz/$@'
36 36
37${MINIFY}: /minify/%/corpus: % 37${MINIFY}: /minify/%/corpus: %
38 docker exec ${RUNNER} /bin/bash -c 'rm -rf $@ && mkdir -p $@ && \ 38 docker exec ${RUNNER} /bin/sh -c 'rm -rf $@ && mkdir -p $@ && \
39 /libfido2/build/fuzz/$< -use_value_profile=1 -merge=1 $@ \ 39 /libfido2/build/fuzz/$< -use_value_profile=1 -merge=1 $@ \
40 /libfido2/fuzz/$</corpus' 40 /libfido2/fuzz/$</corpus'
41 41
@@ -43,11 +43,11 @@ corpus.tgz-: ${MINIFY}
43 docker exec -i ${RUNNER} tar Czcf /minify - ${TARGETS} > $@ 43 docker exec -i ${RUNNER} tar Czcf /minify - ${TARGETS} > $@
44 44
45profdata: run 45profdata: run
46 docker exec ${RUNNER} /bin/bash -c 'rm -f /$@ && ${PROFDATA} \ 46 docker exec ${RUNNER} /bin/sh -c 'rm -f /$@ && ${PROFDATA} \
47 merge -sparse profraw/* -o $@' 47 merge -sparse profraw/* -o $@'
48 48
49report.tgz: profdata 49report.tgz: profdata
50 docker exec ${RUNNER} /bin/bash -c 'rm -rf /report && mkdir /report && \ 50 docker exec ${RUNNER} /bin/sh -c 'rm -rf /report && mkdir /report && \
51 ${COV} show -format=html -tab-size=8 -instr-profile=/$< \ 51 ${COV} show -format=html -tab-size=8 -instr-profile=/$< \
52 -output-dir=/report /libfido2/build/src/libfido2.so' 52 -output-dir=/report /libfido2/build/src/libfido2.so'
53 docker exec -i ${RUNNER} tar Czcf / - report > $@ 53 docker exec -i ${RUNNER} tar Czcf / - report > $@
@@ -57,12 +57,12 @@ summary.txt: profdata
57 /libfido2/build/src/libfido2.so -instr-profile=/$< > $@ 57 /libfido2/build/src/libfido2.so -instr-profile=/$< > $@
58 58
59functions.txt: profdata 59functions.txt: profdata
60 docker exec ${RUNNER} /bin/bash -c '${COV} report -use-color=false \ 60 docker exec ${RUNNER} /bin/sh -c '${COV} report -use-color=false \
61 -show-functions -instr-profile=/$< \ 61 -show-functions -instr-profile=/$< \
62 /libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@ 62 /libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@
63 63
64clean: run 64clean: run
65 docker exec ${RUNNER} /bin/bash -c 'rm -rf /profraw /profdata && \ 65 docker exec ${RUNNER} /bin/sh -c 'rm -rf /profraw /profdata && \
66 make -C /libfido2/build clean' 66 make -C /libfido2/build clean'
67 -docker stop ${RUNNER} 67 -docker stop ${RUNNER}
68 rm -rf ${TARGETS} 68 rm -rf ${TARGETS}
diff --git a/fuzz/README b/fuzz/README
index 42646e4..03de9d0 100644
--- a/fuzz/README
+++ b/fuzz/README
@@ -3,10 +3,8 @@ ASAN/MSAN/UBSAN.
3 3
4AFL is more convenient when fuzzing the path from the authenticator to 4AFL is more convenient when fuzzing the path from the authenticator to
5libfido2 in an existing application. To do so, use preload-snoop.c with a real 5libfido2 in an existing application. To do so, use preload-snoop.c with a real
6authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1 6authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1, and
7-DAFL=1, and use preload-fuzz.c to read device data from stdin. Examples of 7use preload-fuzz.c to read device data from stdin.
8this approach can be found in the harnesses under fuzz/harnesses/ that fuzz
9the standalone examples and tools bundled with libfido2.
10 8
11libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c, 9libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
12fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses, 10fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses,
@@ -15,129 +13,7 @@ use -DFUZZ=1 -DLIBFUZZER=1.
15To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of 13To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
16libcbor and OpenSSL built with the respective sanitiser. In order to keep 14libcbor and OpenSSL built with the respective sanitiser. In order to keep
17memory utilisation at a manageable level, you can either enforce limits at 15memory utilisation at a manageable level, you can either enforce limits at
18the OS level (e.g. cgroups on Linux) or, alternatively, patch libcbor with 16the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
19the diff at the bottom of this file.
20
211. Using ASAN + UBSAN
22
23- Make sure you have libcbor built with -fsanitize=address;
24- Make sure you have OpenSSL built with -fsanitize=address;
25- Rebuild libfido2 with -DASAN=1 -DUBSAN=1.
26
271.1 Decide where your workspace will live
28
29$ export FAKEROOT=/home/pedro/fakeroot
30$ mkdir -p ${FAKEROOT}/src
31
321.2 Building libcbor with ASAN
33
34$ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor
35$ cd ${FAKEROOT}/src/libcbor
36
37Assuming libfido2 is under ${FAKEROOT}/src/libfido2:
38
39$ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README
40$ mkdir build
41$ cd build
42$ cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \
43 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
44 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \
45 -DCMAKE_INSTALL_LIBDIR=lib ..
46$ make
47$ make install
48
491.3 Building OpenSSL with ASAN
50
51$ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl
52$ cd ${FAKEROOT}/src/openssl
53$ ./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \
54 --openssldir=${FAKEROOT}/openssl
55$ make clean
56$ make
57$ make install_sw
58
591.4 Building libfido2 with libFuzzer and ASAN + UBSAN
60
61$ cd ${FAKEROOT}/src/libfido2
62$ mkdir build
63$ cd build
64$ cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
65 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
66 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
67 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
68 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
69 -DCMAKE_BUILD_TYPE=Debug ..
70$ make
71
722. Using MSAN + UBSAN
73
74- Make sure you have libcbor built with -fsanitize=memory;
75- Make sure you have OpenSSL built with -fsanitize=memory;
76- Rebuild libfido2 with -DMSAN=1 -DUBSAN=1.
77
782.1 Decide where your workspace will live
79
80$ export FAKEROOT=/home/pedro/fakeroot
81$ mkdir -p ${FAKEROOT}/src
82
832.2 Building libcbor with MSAN
84
85$ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor
86$ cd ${FAKEROOT}/src/libcbor
87
88Assuming libfido2 is under ${FAKEROOT}/src/libfido2:
89
90$ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README
91$ mkdir build
92$ cd build
93$ cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \
94 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
95 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \
96 -DCMAKE_INSTALL_LIBDIR=lib ..
97$ make
98$ make install
99
1002.2 Building OpenSSL with MSAN
101
102$ mkdir -p ${FAKEROOT}/src
103$ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl
104$ cd ${FAKEROOT}/src/openssl
105$ ./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \
106 --openssldir=${FAKEROOT}/openssl
107$ make clean
108$ make
109$ make install_sw
110
1112.3 Building libfido2 with libFuzzer and MSAN + UBSAN
112
113$ cd ${FAKEROOT}/src/libfido2
114$ mkdir build
115$ cd build
116$ cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
117 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
118 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
119 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
120 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
121 -DCMAKE_BUILD_TYPE=Debug ..
122$ make
123
1243. Running the libFuzzer harnesses
125
126When running under ASAN, you may want to set ASAN_OPTIONS to
127'allocator_may_return_null=1:detect_stack_use_after_return=1'.
128
129The recommended way to run the harnesses is:
130
131$ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \
132 -print_pcs=1 -print_funcs=30 -timeout=10 CORPUS_DIR
133
134You may want to use -jobs or -workers depending on the number of logical
135cores available for fuzzing.
136
1374. Auxiliary scripts
138
139A set of harnesses and auxiliary scripts can be found under harnesses/. To
140compile coverage reports, adjust the harnesses to your setup and run 'report'.
141 17
142diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c 18diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
143index aa049a2..e294b38 100644 19index aa049a2..e294b38 100644
diff --git a/fuzz/build-coverage b/fuzz/build-coverage
index af9f8df..0f8310d 100755
--- a/fuzz/build-coverage
+++ b/fuzz/build-coverage
@@ -1,27 +1,30 @@
1#!/bin/bash -eux 1#!/bin/sh -eux
2# 2
3# Copyright (c) 2019 Yubico AB. All rights reserved. 3# Copyright (c) 2019 Yubico AB. All rights reserved.
4# Use of this source code is governed by a BSD-style 4# Use of this source code is governed by a BSD-style
5# license that can be found in the LICENSE file. 5# license that can be found in the LICENSE file.
6 6
7LIBCBOR=$1 7LIBCBOR="$1"
8LIBFIDO2=$2 8LIBFIDO2="$2"
9 9
10CC=${CC:-clang} 10CC="${CC:-clang}"
11PKG_CONFIG_PATH=${PKG_CONFIG_PATH:-${LIBCBOR}/install/lib/pkgconfig} 11CXX="${CXX:-clang++}"
12PKG_CONFIG_PATH="${PKG_CONFIG_PATH:-${LIBCBOR}/install/lib/pkgconfig}"
12export CC PKG_CONFIG_PATH 13export CC PKG_CONFIG_PATH
13 14
14# Clean up. 15# Clean up.
15rm -rf ${LIBCBOR}/build ${LIBCBOR}/install ${LIBFIDO2}/build 16rm -rf "${LIBCBOR}/build" "${LIBCBOR}/install" "${LIBFIDO2}/build"
16 17
17# Patch, build, and install libcbor. 18# Patch, build, and install libcbor.
18(cd ${LIBCBOR} && patch -N -l -s -p0 < ${LIBFIDO2}/fuzz/README) || true 19(cd "${LIBCBOR}" && patch -N -l -s -p0 < "${LIBFIDO2}/fuzz/README") || true
19mkdir ${LIBCBOR}/build ${LIBCBOR}/install 20mkdir "${LIBCBOR}/build" "${LIBCBOR}/install"
20(cd ${LIBCBOR}/build && cmake -DCMAKE_INSTALL_PREFIX=${LIBCBOR}/install ..) 21(cd "${LIBCBOR}/build" && cmake -DCMAKE_INSTALL_PREFIX="${LIBCBOR}/install" ..)
21make -C ${LIBCBOR}/build all install 22make -C "${LIBCBOR}/build" all install
22 23
23# Build libfido2. 24# Build libfido2.
24mkdir -p ${LIBFIDO2}/build 25mkdir -p "${LIBFIDO2}/build"
25(cd ${LIBFIDO2}/build && cmake -DFUZZ=1 -DLIBFUZZER=1 -DCOVERAGE=1 \ 26export CFLAGS="-fprofile-instr-generate -fcoverage-mapping"
26 -DCMAKE_BUILD_TYPE=Debug ..) 27export LDFLAGS="${CFLAGS}"
27make -C ${LIBFIDO2}/build 28(cd "${LIBFIDO2}/build" && cmake -DFUZZ=1 -DLIBFUZZER=1 \
29 -DCMAKE_BUILD_TYPE=Debug ..)
30make -C "${LIBFIDO2}/build"
diff --git a/fuzz/dummy.h b/fuzz/dummy.h
index a899e4a..981ccee 100644
--- a/fuzz/dummy.h
+++ b/fuzz/dummy.h
@@ -10,6 +10,8 @@
10#include <stdint.h> 10#include <stdint.h>
11 11
12const char dummy_name[] = "finger1"; 12const char dummy_name[] = "finger1";
13const char dummy_pin1[] = "skepp cg0u3;Y..";
14const char dummy_pin2[] = "bastilha 6rJrfQZI.";
13const char dummy_pin[] = "9}4gT:8d=A37Dh}U"; 15const char dummy_pin[] = "9}4gT:8d=A37Dh}U";
14const char dummy_rp_id[] = "localhost"; 16const char dummy_rp_id[] = "localhost";
15const char dummy_rp_name[] = "sweet home localhost"; 17const char dummy_rp_name[] = "sweet home localhost";
@@ -17,8 +19,6 @@ const char dummy_user_icon[] = "an icon";
17const char dummy_user_name[] = "john smith"; 19const char dummy_user_name[] = "john smith";
18const char dummy_user_nick[] = "jsmith"; 20const char dummy_user_nick[] = "jsmith";
19const uint8_t dummy_id[] = { 0x5e, 0xd2 }; 21const uint8_t dummy_id[] = { 0x5e, 0xd2 };
20const char dummy_pin1[] = "skepp cg0u3;Y..";
21const char dummy_pin2[] = "bastilha 6rJrfQZI.";
22 22
23const uint8_t dummy_user_id[] = { 23const uint8_t dummy_user_id[] = {
24 0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63, 24 0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63,
diff --git a/fuzz/export.gnu b/fuzz/export.gnu
index 68463ff..80941e4 100644
--- a/fuzz/export.gnu
+++ b/fuzz/export.gnu
@@ -76,6 +76,8 @@
76 fido_cbor_info_extensions_ptr; 76 fido_cbor_info_extensions_ptr;
77 fido_cbor_info_free; 77 fido_cbor_info_free;
78 fido_cbor_info_maxmsgsiz; 78 fido_cbor_info_maxmsgsiz;
79 fido_cbor_info_maxcredcntlst;
80 fido_cbor_info_maxcredidlen;
79 fido_cbor_info_fwversion; 81 fido_cbor_info_fwversion;
80 fido_cbor_info_new; 82 fido_cbor_info_new;
81 fido_cbor_info_options_len; 83 fido_cbor_info_options_len;
@@ -96,6 +98,8 @@
96 fido_cred_free; 98 fido_cred_free;
97 fido_cred_id_len; 99 fido_cred_id_len;
98 fido_cred_id_ptr; 100 fido_cred_id_ptr;
101 fido_cred_aaguid_len;
102 fido_cred_aaguid_ptr;
99 fido_credman_del_dev_rk; 103 fido_credman_del_dev_rk;
100 fido_credman_get_dev_metadata; 104 fido_credman_get_dev_metadata;
101 fido_credman_get_dev_rk; 105 fido_credman_get_dev_rk;
@@ -155,6 +159,9 @@
155 fido_dev_get_assert; 159 fido_dev_get_assert;
156 fido_dev_get_cbor_info; 160 fido_dev_get_cbor_info;
157 fido_dev_get_retry_count; 161 fido_dev_get_retry_count;
162 fido_dev_get_touch_begin;
163 fido_dev_get_touch_status;
164 fido_dev_has_pin;
158 fido_dev_info_free; 165 fido_dev_info_free;
159 fido_dev_info_manifest; 166 fido_dev_info_manifest;
160 fido_dev_info_manufacturer_string; 167 fido_dev_info_manufacturer_string;
@@ -174,6 +181,9 @@
174 fido_dev_reset; 181 fido_dev_reset;
175 fido_dev_set_io_functions; 182 fido_dev_set_io_functions;
176 fido_dev_set_pin; 183 fido_dev_set_pin;
184 fido_dev_set_transport_functions;
185 fido_dev_supports_cred_prot;
186 fido_dev_supports_pin;
177 fido_init; 187 fido_init;
178 fido_set_log_handler; 188 fido_set_log_handler;
179 fido_strerr; 189 fido_strerr;
diff --git a/fuzz/functions.txt b/fuzz/functions.txt
index 27a9608..90284dd 100644
--- a/fuzz/functions.txt
+++ b/fuzz/functions.txt
@@ -9,16 +9,16 @@ TOTAL 56 0 100.00% 82 0 100.00%
9File '/libfido2/src/assert.c': 9File '/libfido2/src/assert.c':
10Name Regions Miss Cover Lines Miss Cover 10Name Regions Miss Cover Lines Miss Cover
11--------------------------------------------------------------------------------------- 11---------------------------------------------------------------------------------------
12fido_dev_get_assert 35 3 91.43% 38 4 89.47% 12fido_dev_get_assert 35 0 100.00% 38 0 100.00%
13fido_check_flags 13 0 100.00% 18 0 100.00% 13fido_check_flags 13 0 100.00% 18 0 100.00%
14fido_get_signed_hash 32 0 100.00% 46 0 100.00% 14fido_get_signed_hash 32 0 100.00% 46 0 100.00%
15fido_verify_sig_es256 17 2 88.24% 31 7 77.42% 15fido_verify_sig_es256 17 2 88.24% 31 7 77.42%
16fido_verify_sig_rs256 17 2 88.24% 31 7 77.42% 16fido_verify_sig_rs256 17 2 88.24% 31 7 77.42%
17fido_verify_sig_eddsa 23 4 82.61% 43 13 69.77% 17fido_verify_sig_eddsa 23 2 91.30% 43 7 83.72%
18fido_assert_verify 48 4 91.67% 79 4 94.94% 18fido_assert_verify 48 4 91.67% 79 5 93.67%
19fido_assert_set_clientdata_hash 6 0 100.00% 6 0 100.00% 19fido_assert_set_clientdata_hash 6 0 100.00% 6 0 100.00%
20fido_assert_set_hmac_salt 10 0 100.00% 7 0 100.00% 20fido_assert_set_hmac_salt 10 0 100.00% 7 0 100.00%
21fido_assert_set_rp 12 1 91.67% 14 3 78.57% 21fido_assert_set_rp 12 0 100.00% 14 0 100.00%
22fido_assert_allow_cred 13 2 84.62% 29 3 89.66% 22fido_assert_allow_cred 13 2 84.62% 29 3 89.66%
23fido_assert_set_extensions 9 0 100.00% 8 0 100.00% 23fido_assert_set_extensions 9 0 100.00% 8 0 100.00%
24fido_assert_set_options 6 6 0.00% 6 6 0.00% 24fido_assert_set_options 6 6 0.00% 6 6 0.00%
@@ -28,7 +28,7 @@ fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0
28fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00% 28fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00%
29fido_assert_new 1 0 100.00% 3 0 100.00% 29fido_assert_new 1 0 100.00% 3 0 100.00%
30fido_assert_reset_tx 1 0 100.00% 15 0 100.00% 30fido_assert_reset_tx 1 0 100.00% 15 0 100.00%
31fido_assert_reset_rx 6 1 83.33% 24 3 87.50% 31fido_assert_reset_rx 6 0 100.00% 24 0 100.00%
32fido_assert_free 6 0 100.00% 13 0 100.00% 32fido_assert_free 6 0 100.00% 13 0 100.00%
33fido_assert_count 1 0 100.00% 3 0 100.00% 33fido_assert_count 1 0 100.00% 3 0 100.00%
34fido_assert_rp_id 1 0 100.00% 3 0 100.00% 34fido_assert_rp_id 1 0 100.00% 3 0 100.00%
@@ -48,22 +48,22 @@ fido_assert_user_display_name 4 0 100.00% 6 0
48fido_assert_hmac_secret_ptr 4 0 100.00% 6 0 100.00% 48fido_assert_hmac_secret_ptr 4 0 100.00% 6 0 100.00%
49fido_assert_hmac_secret_len 4 0 100.00% 6 0 100.00% 49fido_assert_hmac_secret_len 4 0 100.00% 6 0 100.00%
50fido_assert_set_authdata 24 0 100.00% 35 0 100.00% 50fido_assert_set_authdata 24 0 100.00% 35 0 100.00%
51fido_assert_set_authdata_raw 24 4 83.33% 34 7 79.41% 51fido_assert_set_authdata_raw 24 0 100.00% 34 0 100.00%
52fido_assert_set_sig 14 0 100.00% 17 0 100.00% 52fido_assert_set_sig 14 0 100.00% 17 0 100.00%
53fido_assert_set_count 10 0 100.00% 21 0 100.00% 53fido_assert_set_count 10 0 100.00% 21 0 100.00%
54assert.c:fido_dev_get_assert_wait 21 1 95.24% 16 2 87.50% 54assert.c:fido_dev_get_assert_wait 21 0 100.00% 16 0 100.00%
55assert.c:fido_dev_get_assert_tx 58 4 93.10% 84 11 86.90% 55assert.c:fido_dev_get_assert_tx 58 4 93.10% 84 11 86.90%
56assert.c:fido_dev_get_assert_rx 19 0 100.00% 38 0 100.00% 56assert.c:fido_dev_get_assert_rx 19 0 100.00% 38 0 100.00%
57assert.c:adjust_assert_count 24 0 100.00% 33 0 100.00% 57assert.c:adjust_assert_count 24 0 100.00% 33 0 100.00%
58assert.c:parse_assert_reply 11 0 100.00% 25 0 100.00% 58assert.c:parse_assert_reply 11 0 100.00% 25 0 100.00%
59assert.c:fido_get_next_assert_tx 8 2 75.00% 10 3 70.00% 59assert.c:fido_get_next_assert_tx 8 0 100.00% 10 0 100.00%
60assert.c:fido_get_next_assert_rx 15 4 73.33% 26 7 73.08% 60assert.c:fido_get_next_assert_rx 15 2 86.67% 26 4 84.62%
61assert.c:decrypt_hmac_secrets 9 3 66.67% 15 7 53.33% 61assert.c:decrypt_hmac_secrets 9 0 100.00% 15 0 100.00%
62assert.c:check_extensions 4 0 100.00% 9 0 100.00% 62assert.c:check_extensions 4 0 100.00% 9 0 100.00%
63assert.c:fido_assert_clean_authdata 1 0 100.00% 9 0 100.00% 63assert.c:fido_assert_clean_authdata 1 0 100.00% 9 0 100.00%
64assert.c:fido_assert_clean_sig 1 0 100.00% 5 0 100.00% 64assert.c:fido_assert_clean_sig 1 0 100.00% 5 0 100.00%
65--------------------------------------------------------------------------------------- 65---------------------------------------------------------------------------------------
66TOTAL 566 43 92.40% 900 87 90.33% 66TOTAL 566 24 95.76% 900 50 94.44%
67 67
68File '/libfido2/src/authkey.c': 68File '/libfido2/src/authkey.c':
69Name Regions Miss Cover Lines Miss Cover 69Name Regions Miss Cover Lines Miss Cover
@@ -135,14 +135,14 @@ File '/libfido2/src/blob.c':
135Name Regions Miss Cover Lines Miss Cover 135Name Regions Miss Cover Lines Miss Cover
136--------------------------------------------------------------------------------------- 136---------------------------------------------------------------------------------------
137fido_blob_new 1 0 100.00% 3 0 100.00% 137fido_blob_new 1 0 100.00% 3 0 100.00%
138fido_blob_set 11 1 90.91% 25 4 84.00% 138fido_blob_set 11 0 100.00% 25 0 100.00%
139fido_blob_free 8 0 100.00% 16 0 100.00% 139fido_blob_free 8 0 100.00% 16 0 100.00%
140fido_free_blob_array 9 0 100.00% 17 0 100.00% 140fido_free_blob_array 9 0 100.00% 17 0 100.00%
141fido_blob_encode 6 0 100.00% 6 0 100.00% 141fido_blob_encode 6 0 100.00% 6 0 100.00%
142fido_blob_decode 1 0 100.00% 3 0 100.00% 142fido_blob_decode 1 0 100.00% 3 0 100.00%
143fido_blob_is_empty 3 0 100.00% 3 0 100.00% 143fido_blob_is_empty 3 0 100.00% 3 0 100.00%
144--------------------------------------------------------------------------------------- 144---------------------------------------------------------------------------------------
145TOTAL 39 1 97.44% 73 4 94.52% 145TOTAL 39 0 100.00% 73 0 100.00%
146 146
147File '/libfido2/src/buf.c': 147File '/libfido2/src/buf.c':
148Name Regions Miss Cover Lines Miss Cover 148Name Regions Miss Cover Lines Miss Cover
@@ -155,7 +155,7 @@ TOTAL 8 1 87.50% 20 1
155File '/libfido2/src/cbor.c': 155File '/libfido2/src/cbor.c':
156Name Regions Miss Cover Lines Miss Cover 156Name Regions Miss Cover Lines Miss Cover
157--------------------------------------------------------------------------------------- 157---------------------------------------------------------------------------------------
158cbor_map_iter 20 0 100.00% 30 0 100.00% 158cbor_map_iter 20 1 95.00% 30 4 86.67%
159cbor_array_iter 12 0 100.00% 20 0 100.00% 159cbor_array_iter 12 0 100.00% 20 0 100.00%
160cbor_parse_reply 27 0 100.00% 43 0 100.00% 160cbor_parse_reply 27 0 100.00% 43 0 100.00%
161cbor_vector_free 6 0 100.00% 5 0 100.00% 161cbor_vector_free 6 0 100.00% 5 0 100.00%
@@ -168,23 +168,23 @@ cbor_flatten_vector 14 1 92.86% 21 1
168cbor_build_frame 15 0 100.00% 32 0 100.00% 168cbor_build_frame 15 0 100.00% 32 0 100.00%
169cbor_encode_rp_entity 13 0 100.00% 14 0 100.00% 169cbor_encode_rp_entity 13 0 100.00% 14 0 100.00%
170cbor_encode_user_entity 21 0 100.00% 18 0 100.00% 170cbor_encode_user_entity 21 0 100.00% 18 0 100.00%
171cbor_encode_pubkey_param 36 1 97.22% 48 0 100.00% 171cbor_encode_pubkey_param 36 0 100.00% 48 0 100.00%
172cbor_encode_pubkey 10 0 100.00% 13 0 100.00% 172cbor_encode_pubkey 10 0 100.00% 13 0 100.00%
173cbor_encode_pubkey_list 18 1 94.44% 23 0 100.00% 173cbor_encode_pubkey_list 18 0 100.00% 23 0 100.00%
174cbor_encode_extensions 24 2 91.67% 26 3 88.46% 174cbor_encode_extensions 28 0 100.00% 28 0 100.00%
175cbor_encode_options 13 0 100.00% 14 0 100.00% 175cbor_encode_options 13 0 100.00% 14 0 100.00%
176cbor_encode_assert_options 13 0 100.00% 14 0 100.00% 176cbor_encode_assert_options 13 0 100.00% 14 0 100.00%
177cbor_encode_pin_auth 8 0 100.00% 12 0 100.00% 177cbor_encode_pin_auth 8 0 100.00% 12 0 100.00%
178cbor_encode_pin_opt 1 0 100.00% 3 0 100.00% 178cbor_encode_pin_opt 1 0 100.00% 3 0 100.00%
179cbor_encode_pin_enc 4 0 100.00% 12 0 100.00% 179cbor_encode_pin_enc 4 0 100.00% 12 0 100.00%
180cbor_encode_change_pin_auth 44 1 97.73% 69 3 95.65% 180cbor_encode_change_pin_auth 39 0 100.00% 60 0 100.00%
181cbor_encode_set_pin_auth 17 0 100.00% 28 0 100.00% 181cbor_encode_set_pin_auth 17 0 100.00% 28 0 100.00%
182cbor_encode_pin_hash_enc 15 0 100.00% 27 0 100.00% 182cbor_encode_pin_hash_enc 15 0 100.00% 27 0 100.00%
183cbor_encode_hmac_secret_param 41 2 95.12% 66 9 86.36% 183cbor_encode_hmac_secret_param 41 1 97.56% 66 4 93.94%
184cbor_decode_fmt 9 0 100.00% 18 0 100.00% 184cbor_decode_fmt 9 0 100.00% 18 0 100.00%
185cbor_decode_pubkey 21 6 71.43% 32 7 78.12% 185cbor_decode_pubkey 21 1 95.24% 32 2 93.75%
186cbor_decode_cred_authdata 31 0 100.00% 47 0 100.00% 186cbor_decode_cred_authdata 31 0 100.00% 47 0 100.00%
187cbor_decode_assert_authdata 23 2 91.30% 44 2 95.45% 187cbor_decode_assert_authdata 23 0 100.00% 44 0 100.00%
188cbor_decode_attstmt 8 0 100.00% 10 0 100.00% 188cbor_decode_attstmt 8 0 100.00% 10 0 100.00%
189cbor_decode_uint64 4 0 100.00% 10 0 100.00% 189cbor_decode_uint64 4 0 100.00% 10 0 100.00%
190cbor_decode_cred_id 8 0 100.00% 10 0 100.00% 190cbor_decode_cred_id 8 0 100.00% 10 0 100.00%
@@ -193,30 +193,30 @@ cbor_decode_rp_entity 8 0 100.00% 10 0
193cbor.c:ctap_check_cbor 28 0 100.00% 32 0 100.00% 193cbor.c:ctap_check_cbor 28 0 100.00% 32 0 100.00%
194cbor.c:check_key_type 8 0 100.00% 9 0 100.00% 194cbor.c:check_key_type 8 0 100.00% 9 0 100.00%
195cbor.c:cbor_add_arg 13 0 100.00% 28 0 100.00% 195cbor.c:cbor_add_arg 13 0 100.00% 28 0 100.00%
196cbor.c:cbor_add_uint8 14 1 92.86% 26 3 88.46% 196cbor.c:cbor_add_uint8 14 0 100.00% 26 0 100.00%
197cbor.c:sha256 7 0 100.00% 15 0 100.00% 197cbor.c:sha256 7 0 100.00% 15 0 100.00%
198cbor.c:get_cose_alg 36 6 83.33% 48 6 87.50% 198cbor.c:get_cose_alg 36 0 100.00% 48 0 100.00%
199cbor.c:find_cose_alg 35 0 100.00% 40 0 100.00% 199cbor.c:find_cose_alg 35 0 100.00% 40 0 100.00%
200cbor.c:decode_attcred 25 0 100.00% 58 0 100.00% 200cbor.c:decode_attcred 25 0 100.00% 58 0 100.00%
201cbor.c:decode_extensions 14 9 35.71% 34 13 61.76% 201cbor.c:decode_extensions 14 0 100.00% 34 0 100.00%
202cbor.c:decode_extension 27 27 0.00% 36 36 0.00% 202cbor.c:decode_extension 27 2 92.59% 36 6 83.33%
203cbor.c:decode_hmac_secret 16 4 75.00% 32 6 81.25% 203cbor.c:decode_hmac_secret 16 0 100.00% 32 0 100.00%
204cbor.c:decode_hmac_secret_aux 7 7 0.00% 17 17 0.00% 204cbor.c:decode_hmac_secret_aux 7 0 100.00% 17 0 100.00%
205cbor.c:decode_attstmt_entry 38 0 100.00% 45 0 100.00% 205cbor.c:decode_attstmt_entry 38 0 100.00% 45 0 100.00%
206cbor.c:decode_x5c 4 0 100.00% 8 0 100.00% 206cbor.c:decode_x5c 4 0 100.00% 8 0 100.00%
207cbor.c:decode_cred_id_entry 10 0 100.00% 23 0 100.00% 207cbor.c:decode_cred_id_entry 10 0 100.00% 23 0 100.00%
208cbor.c:decode_user_entry 25 0 100.00% 39 0 100.00% 208cbor.c:decode_user_entry 25 0 100.00% 39 0 100.00%
209cbor.c:decode_rp_entity_entry 15 0 100.00% 29 0 100.00% 209cbor.c:decode_rp_entity_entry 15 0 100.00% 29 0 100.00%
210--------------------------------------------------------------------------------------- 210---------------------------------------------------------------------------------------
211TOTAL 884 70 92.08% 1371 106 92.27% 211TOTAL 883 6 99.32% 1364 17 98.75%
212 212
213File '/libfido2/src/cred.c': 213File '/libfido2/src/cred.c':
214Name Regions Miss Cover Lines Miss Cover 214Name Regions Miss Cover Lines Miss Cover
215--------------------------------------------------------------------------------------- 215---------------------------------------------------------------------------------------
216fido_dev_make_cred 12 0 100.00% 10 0 100.00% 216fido_dev_make_cred 12 0 100.00% 10 0 100.00%
217fido_check_rp_id 4 0 100.00% 14 0 100.00% 217fido_check_rp_id 4 0 100.00% 14 0 100.00%
218fido_cred_verify 46 6 86.96% 71 11 84.51% 218fido_cred_verify 46 2 95.65% 71 3 95.77%
219fido_cred_verify_self 54 14 74.07% 90 22 75.56% 219fido_cred_verify_self 54 4 92.59% 90 5 94.44%
220fido_cred_new 1 0 100.00% 3 0 100.00% 220fido_cred_new 1 0 100.00% 3 0 100.00%
221fido_cred_reset_tx 1 0 100.00% 20 0 100.00% 221fido_cred_reset_tx 1 0 100.00% 20 0 100.00%
222fido_cred_reset_rx 1 0 100.00% 8 0 100.00% 222fido_cred_reset_rx 1 0 100.00% 8 0 100.00%
@@ -227,15 +227,15 @@ fido_cred_set_x509 12 0 100.00% 16 0
227fido_cred_set_sig 12 0 100.00% 16 0 100.00% 227fido_cred_set_sig 12 0 100.00% 16 0 100.00%
228fido_cred_exclude 14 2 85.71% 25 3 88.00% 228fido_cred_exclude 14 2 85.71% 25 3 88.00%
229fido_cred_set_clientdata_hash 6 0 100.00% 6 0 100.00% 229fido_cred_set_clientdata_hash 6 0 100.00% 6 0 100.00%
230fido_cred_set_rp 18 2 88.89% 26 6 76.92% 230fido_cred_set_rp 18 0 100.00% 26 0 100.00%
231fido_cred_set_user 33 4 87.88% 50 13 74.00% 231fido_cred_set_user 33 0 100.00% 50 0 100.00%
232fido_cred_set_extensions 15 0 100.00% 12 0 100.00% 232fido_cred_set_extensions 15 0 100.00% 12 0 100.00%
233fido_cred_set_options 6 6 0.00% 6 6 0.00% 233fido_cred_set_options 6 6 0.00% 6 6 0.00%
234fido_cred_set_rk 2 0 100.00% 5 0 100.00% 234fido_cred_set_rk 2 0 100.00% 5 0 100.00%
235fido_cred_set_uv 2 0 100.00% 5 0 100.00% 235fido_cred_set_uv 2 0 100.00% 5 0 100.00%
236fido_cred_set_prot 21 2 90.48% 16 0 100.00% 236fido_cred_set_prot 21 0 100.00% 16 0 100.00%
237fido_cred_set_fmt 16 4 75.00% 15 1 93.33% 237fido_cred_set_fmt 16 4 75.00% 15 1 93.33%
238fido_cred_set_type 17 2 88.24% 9 1 88.89% 238fido_cred_set_type 17 0 100.00% 9 0 100.00%
239fido_cred_type 1 0 100.00% 3 0 100.00% 239fido_cred_type 1 0 100.00% 3 0 100.00%
240fido_cred_flags 1 0 100.00% 3 0 100.00% 240fido_cred_flags 1 0 100.00% 3 0 100.00%
241fido_cred_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% 241fido_cred_clientdata_hash_ptr 1 0 100.00% 3 0 100.00%
@@ -246,10 +246,12 @@ fido_cred_sig_ptr 1 0 100.00% 3 0
246fido_cred_sig_len 1 0 100.00% 3 0 100.00% 246fido_cred_sig_len 1 0 100.00% 3 0 100.00%
247fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00% 247fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00%
248fido_cred_authdata_len 1 0 100.00% 3 0 100.00% 248fido_cred_authdata_len 1 0 100.00% 3 0 100.00%
249fido_cred_pubkey_ptr 9 2 77.78% 20 2 90.00% 249fido_cred_pubkey_ptr 9 0 100.00% 20 0 100.00%
250fido_cred_pubkey_len 9 2 77.78% 20 2 90.00% 250fido_cred_pubkey_len 9 0 100.00% 20 0 100.00%
251fido_cred_id_ptr 1 0 100.00% 3 0 100.00% 251fido_cred_id_ptr 1 0 100.00% 3 0 100.00%
252fido_cred_id_len 1 0 100.00% 3 0 100.00% 252fido_cred_id_len 1 0 100.00% 3 0 100.00%
253fido_cred_aaguid_ptr 1 0 100.00% 3 0 100.00%
254fido_cred_aaguid_len 1 0 100.00% 3 0 100.00%
253fido_cred_prot 1 0 100.00% 3 0 100.00% 255fido_cred_prot 1 0 100.00% 3 0 100.00%
254fido_cred_fmt 1 0 100.00% 3 0 100.00% 256fido_cred_fmt 1 0 100.00% 3 0 100.00%
255fido_cred_rp_id 1 0 100.00% 3 0 100.00% 257fido_cred_rp_id 1 0 100.00% 3 0 100.00%
@@ -269,7 +271,7 @@ cred.c:fido_cred_clean_authdata 1 0 100.00% 9 0
269cred.c:fido_cred_clean_x509 1 0 100.00% 5 0 100.00% 271cred.c:fido_cred_clean_x509 1 0 100.00% 5 0 100.00%
270cred.c:fido_cred_clean_sig 1 0 100.00% 5 0 100.00% 272cred.c:fido_cred_clean_sig 1 0 100.00% 5 0 100.00%
271--------------------------------------------------------------------------------------- 273---------------------------------------------------------------------------------------
272TOTAL 534 51 90.45% 830 78 90.60% 274TOTAL 536 23 95.71% 836 29 96.53%
273 275
274File '/libfido2/src/credman.c': 276File '/libfido2/src/credman.c':
275Name Regions Miss Cover Lines Miss Cover 277Name Regions Miss Cover Lines Miss Cover
@@ -295,14 +297,14 @@ fido_credman_rp_id_hash_len 4 0 100.00% 6 0
295fido_credman_rp_id_hash_ptr 4 0 100.00% 6 0 100.00% 297fido_credman_rp_id_hash_ptr 4 0 100.00% 6 0 100.00%
296credman.c:credman_get_metadata_wait 11 0 100.00% 9 0 100.00% 298credman.c:credman_get_metadata_wait 11 0 100.00% 9 0 100.00%
297credman.c:credman_tx 30 0 100.00% 53 0 100.00% 299credman.c:credman_tx 30 0 100.00% 53 0 100.00%
298credman.c:credman_prepare_hmac 21 1 95.24% 43 2 95.35% 300credman.c:credman_prepare_hmac 21 1 95.24% 43 3 93.02%
299credman.c:credman_rx_metadata 11 0 100.00% 21 0 100.00% 301credman.c:credman_rx_metadata 11 0 100.00% 21 0 100.00%
300credman.c:credman_parse_metadata 9 0 100.00% 19 0 100.00% 302credman.c:credman_parse_metadata 9 0 100.00% 19 0 100.00%
301credman.c:credman_get_rk_wait 27 0 100.00% 26 0 100.00% 303credman.c:credman_get_rk_wait 27 0 100.00% 26 0 100.00%
302credman.c:credman_rx_rk 19 0 100.00% 36 0 100.00% 304credman.c:credman_rx_rk 19 0 100.00% 36 0 100.00%
303credman.c:credman_parse_rk_count 16 0 100.00% 25 0 100.00% 305credman.c:credman_parse_rk_count 16 0 100.00% 25 0 100.00%
304credman.c:credman_grow_array 17 2 88.24% 28 5 82.14% 306credman.c:credman_grow_array 17 2 88.24% 28 5 82.14%
305credman.c:credman_parse_rk 13 0 100.00% 25 0 100.00% 307credman.c:credman_parse_rk 22 0 100.00% 31 0 100.00%
306credman.c:credman_rx_next_rk 15 2 86.67% 26 4 84.62% 308credman.c:credman_rx_next_rk 15 2 86.67% 26 4 84.62%
307credman.c:credman_del_rk_wait 16 0 100.00% 19 0 100.00% 309credman.c:credman_del_rk_wait 16 0 100.00% 19 0 100.00%
308credman.c:credman_get_rp_wait 23 0 100.00% 16 0 100.00% 310credman.c:credman_get_rp_wait 23 0 100.00% 16 0 100.00%
@@ -313,7 +315,7 @@ credman.c:credman_rx_next_rp 15 2 86.67% 26 4
313credman.c:credman_reset_rk 4 0 100.00% 10 0 100.00% 315credman.c:credman_reset_rk 4 0 100.00% 10 0 100.00%
314credman.c:credman_reset_rp 4 0 100.00% 15 0 100.00% 316credman.c:credman_reset_rp 4 0 100.00% 15 0 100.00%
315--------------------------------------------------------------------------------------- 317---------------------------------------------------------------------------------------
316TOTAL 376 18 95.21% 589 15 97.45% 318TOTAL 385 18 95.32% 595 16 97.31%
317 319
318File '/libfido2/src/dev.c': 320File '/libfido2/src/dev.c':
319Name Regions Miss Cover Lines Miss Cover 321Name Regions Miss Cover Lines Miss Cover
@@ -324,9 +326,11 @@ fido_dev_info_manifest 17 17 0.00% 24 24
324fido_dev_open_with_info 5 5 0.00% 6 6 0.00% 326fido_dev_open_with_info 5 5 0.00% 6 6 0.00%
325fido_dev_open 1 0 100.00% 3 0 100.00% 327fido_dev_open 1 0 100.00% 3 0 100.00%
326fido_dev_close 8 2 75.00% 9 0 100.00% 328fido_dev_close 8 2 75.00% 9 0 100.00%
327fido_dev_cancel 7 0 100.00% 6 0 100.00% 329fido_dev_cancel 11 0 100.00% 9 0 100.00%
328fido_dev_set_io_functions 18 4 77.78% 16 6 62.50% 330fido_dev_get_touch_begin 50 0 100.00% 68 0 100.00%
329fido_dev_set_transport_functions 6 6 0.00% 10 10 0.00% 331fido_dev_get_touch_status 17 0 100.00% 25 0 100.00%
332fido_dev_set_io_functions 18 4 77.78% 17 6 64.71%
333fido_dev_set_transport_functions 6 6 0.00% 11 11 0.00%
330fido_init 7 1 85.71% 4 0 100.00% 334fido_init 7 1 85.71% 4 0 100.00%
331fido_dev_new 5 0 100.00% 16 0 100.00% 335fido_dev_new 5 0 100.00% 16 0 100.00%
332fido_dev_new_with_info 17 17 0.00% 26 26 0.00% 336fido_dev_new_with_info 17 17 0.00% 26 26 0.00%
@@ -337,15 +341,20 @@ fido_dev_minor 1 0 100.00% 3 0
337fido_dev_build 1 0 100.00% 3 0 100.00% 341fido_dev_build 1 0 100.00% 3 0 100.00%
338fido_dev_flags 1 0 100.00% 3 0 100.00% 342fido_dev_flags 1 0 100.00% 3 0 100.00%
339fido_dev_is_fido2 2 0 100.00% 3 0 100.00% 343fido_dev_is_fido2 2 0 100.00% 3 0 100.00%
340fido_dev_force_u2f 2 0 100.00% 3 0 100.00% 344fido_dev_supports_pin 3 0 100.00% 3 0 100.00%
345fido_dev_has_pin 2 0 100.00% 3 0 100.00%
346fido_dev_supports_cred_prot 2 0 100.00% 3 0 100.00%
347fido_dev_force_u2f 2 0 100.00% 4 0 100.00%
341fido_dev_force_fido2 2 2 0.00% 3 3 0.00% 348fido_dev_force_fido2 2 2 0.00% 3 3 0.00%
342dev.c:find_manifest_func_node 5 5 0.00% 9 9 0.00% 349dev.c:find_manifest_func_node 5 5 0.00% 9 9 0.00%
343dev.c:fido_dev_open_wait 10 0 100.00% 9 0 100.00% 350dev.c:fido_dev_open_wait 10 0 100.00% 9 0 100.00%
344dev.c:fido_dev_open_tx 25 8 68.00% 32 12 62.50% 351dev.c:fido_dev_open_tx 51 13 74.51% 63 23 63.49%
345dev.c:obtain_nonce 4 1 75.00% 5 1 80.00% 352dev.c:obtain_nonce 4 1 75.00% 5 1 80.00%
346dev.c:fido_dev_open_rx 32 0 100.00% 53 0 100.00% 353dev.c:set_random_report_len 11 0 100.00% 6 0 100.00%
354dev.c:fido_dev_open_rx 33 0 100.00% 56 0 100.00%
355dev.c:fido_dev_set_flags 17 0 100.00% 24 0 100.00%
347--------------------------------------------------------------------------------------- 356---------------------------------------------------------------------------------------
348TOTAL 201 85 57.71% 294 128 56.46% 357TOTAL 334 90 73.05% 466 140 69.96%
349 358
350File '/libfido2/src/ecdh.c': 359File '/libfido2/src/ecdh.c':
351Name Regions Miss Cover Lines Miss Cover 360Name Regions Miss Cover Lines Miss Cover
@@ -372,9 +381,9 @@ TOTAL 54 0 100.00% 79 0
372File '/libfido2/src/err.c': 381File '/libfido2/src/err.c':
373Name Regions Miss Cover Lines Miss Cover 382Name Regions Miss Cover Lines Miss Cover
374--------------------------------------------------------------------------------------- 383---------------------------------------------------------------------------------------
375fido_strerr 108 108 0.00% 112 112 0.00% 384fido_strerr 112 8 92.86% 116 8 93.10%
376--------------------------------------------------------------------------------------- 385---------------------------------------------------------------------------------------
377TOTAL 108 108 0.00% 112 112 0.00% 386TOTAL 112 8 92.86% 116 8 93.10%
378 387
379File '/libfido2/src/es256.c': 388File '/libfido2/src/es256.c':
380Name Regions Miss Cover Lines Miss Cover 389Name Regions Miss Cover Lines Miss Cover
@@ -389,14 +398,14 @@ es256_pk_from_ptr 11 0 100.00% 13 0
389es256_pk_set_x 1 0 100.00% 5 0 100.00% 398es256_pk_set_x 1 0 100.00% 5 0 100.00%
390es256_pk_set_y 1 0 100.00% 5 0 100.00% 399es256_pk_set_y 1 0 100.00% 5 0 100.00%
391es256_sk_create 39 0 100.00% 46 0 100.00% 400es256_sk_create 39 0 100.00% 46 0 100.00%
392es256_pk_to_EVP_PKEY 41 0 100.00% 58 0 100.00% 401es256_pk_to_EVP_PKEY 42 0 100.00% 66 0 100.00%
393es256_pk_from_EC_KEY 38 0 100.00% 39 0 100.00% 402es256_pk_from_EC_KEY 38 0 100.00% 43 0 100.00%
394es256_sk_to_EVP_PKEY 27 0 100.00% 41 0 100.00% 403es256_sk_to_EVP_PKEY 28 0 100.00% 50 0 100.00%
395es256_derive_pk 25 0 100.00% 34 0 100.00% 404es256_derive_pk 25 0 100.00% 34 0 100.00%
396es256.c:decode_pubkey_point 9 0 100.00% 16 0 100.00% 405es256.c:decode_pubkey_point 9 0 100.00% 16 0 100.00%
397es256.c:decode_coord 8 0 100.00% 12 0 100.00% 406es256.c:decode_coord 8 0 100.00% 12 0 100.00%
398--------------------------------------------------------------------------------------- 407---------------------------------------------------------------------------------------
399TOTAL 278 0 100.00% 377 0 100.00% 408TOTAL 280 0 100.00% 398 0 100.00%
400 409
401File '/libfido2/src/extern.h': 410File '/libfido2/src/extern.h':
402Name Regions Miss Cover Lines Miss Cover 411Name Regions Miss Cover Lines Miss Cover
@@ -423,20 +432,27 @@ TOTAL 16 16 0.00% 38 38
423File '/libfido2/src/hid_linux.c': 432File '/libfido2/src/hid_linux.c':
424Name Regions Miss Cover Lines Miss Cover 433Name Regions Miss Cover Lines Miss Cover
425--------------------------------------------------------------------------------------- 434---------------------------------------------------------------------------------------
426fido_hid_manifest 33 33 0.00% 46 46 0.00% 435fido_hid_manifest 35 35 0.00% 50 50 0.00%
427fido_hid_open 6 6 0.00% 11 11 0.00% 436fido_hid_open 17 17 0.00% 22 22 0.00%
428fido_hid_close 1 1 0.00% 6 6 0.00% 437fido_hid_close 1 1 0.00% 6 6 0.00%
429fido_hid_read 12 12 0.00% 16 16 0.00% 438fido_hid_read 12 12 0.00% 21 21 0.00%
430fido_hid_write 12 12 0.00% 16 16 0.00% 439fido_hid_write 9 9 0.00% 16 16 0.00%
431hid_linux.c:copy_info 35 35 0.00% 56 56 0.00% 440fido_hid_report_in_len 1 1 0.00% 5 5 0.00%
432hid_linux.c:is_fido 6 6 0.00% 14 14 0.00% 441fido_hid_report_out_len 1 1 0.00% 5 5 0.00%
433hid_linux.c:get_report_descriptor 17 17 0.00% 30 30 0.00% 442hid_linux.c:copy_info 30 30 0.00% 52 52 0.00%
434hid_linux.c:get_usage_info 16 16 0.00% 33 33 0.00% 443hid_linux.c:is_fido 9 9 0.00% 23 23 0.00%
444hid_linux.c:get_usage_info 16 16 0.00% 30 30 0.00%
435hid_linux.c:get_key_len 6 6 0.00% 14 14 0.00% 445hid_linux.c:get_key_len 6 6 0.00% 14 14 0.00%
436hid_linux.c:get_key_val 6 6 0.00% 20 20 0.00% 446hid_linux.c:get_key_val 6 6 0.00% 20 20 0.00%
437hid_linux.c:parse_uevent 16 16 0.00% 30 30 0.00% 447hid_linux.c:get_parent_attr 6 6 0.00% 11 11 0.00%
438--------------------------------------------------------------------------------------- 448hid_linux.c:parse_uevent 12 12 0.00% 28 28 0.00%
439TOTAL 166 166 0.00% 292 292 0.00% 449hid_linux.c:get_usb_attr 1 1 0.00% 3 3 0.00%
450hid_linux.c:get_report_descriptor 11 11 0.00% 18 18 0.00%
451hid_linux.c:get_report_sizes 19 19 0.00% 33 33 0.00%
452hid_linux.c:waitfd 28 28 0.00% 43 43 0.00%
453hid_linux.c:timespec_to_ms 15 15 0.00% 16 16 0.00%
454---------------------------------------------------------------------------------------
455TOTAL 235 235 0.00% 416 416 0.00%
440 456
441File '/libfido2/src/info.c': 457File '/libfido2/src/info.c':
442Name Regions Miss Cover Lines Miss Cover 458Name Regions Miss Cover Lines Miss Cover
@@ -455,11 +471,14 @@ fido_cbor_info_options_name_ptr 1 0 100.00% 3 0
455fido_cbor_info_options_value_ptr 1 0 100.00% 3 0 100.00% 471fido_cbor_info_options_value_ptr 1 0 100.00% 3 0 100.00%
456fido_cbor_info_options_len 1 0 100.00% 3 0 100.00% 472fido_cbor_info_options_len 1 0 100.00% 3 0 100.00%
457fido_cbor_info_maxmsgsiz 1 0 100.00% 3 0 100.00% 473fido_cbor_info_maxmsgsiz 1 0 100.00% 3 0 100.00%
474fido_cbor_info_maxcredcntlst 1 0 100.00% 3 0 100.00%
475fido_cbor_info_maxcredidlen 1 0 100.00% 3 0 100.00%
476fido_cbor_info_fwversion 1 0 100.00% 3 0 100.00%
458fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00% 477fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00%
459fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00% 478fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00%
460info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 12 0 100.00% 479info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 12 0 100.00%
461info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 18 0 100.00% 480info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 18 0 100.00%
462info.c:parse_reply_element 13 0 100.00% 27 0 100.00% 481info.c:parse_reply_element 16 0 100.00% 33 0 100.00%
463info.c:decode_versions 12 0 100.00% 21 0 100.00% 482info.c:decode_versions 12 0 100.00% 21 0 100.00%
464info.c:decode_version 4 0 100.00% 14 0 100.00% 483info.c:decode_version 4 0 100.00% 14 0 100.00%
465info.c:decode_extensions 12 0 100.00% 21 0 100.00% 484info.c:decode_extensions 12 0 100.00% 21 0 100.00%
@@ -473,23 +492,23 @@ info.c:free_str_array 4 0 100.00% 8 0
473info.c:free_opt_array 4 0 100.00% 9 0 100.00% 492info.c:free_opt_array 4 0 100.00% 9 0 100.00%
474info.c:free_byte_array 1 0 100.00% 6 0 100.00% 493info.c:free_byte_array 1 0 100.00% 6 0 100.00%
475--------------------------------------------------------------------------------------- 494---------------------------------------------------------------------------------------
476TOTAL 146 0 100.00% 304 0 100.00% 495TOTAL 152 0 100.00% 319 0 100.00%
477 496
478File '/libfido2/src/io.c': 497File '/libfido2/src/io.c':
479Name Regions Miss Cover Lines Miss Cover 498Name Regions Miss Cover Lines Miss Cover
480--------------------------------------------------------------------------------------- 499---------------------------------------------------------------------------------------
481fido_tx 14 1 92.86% 18 0 100.00% 500fido_tx 13 1 92.31% 14 0 100.00%
482fido_rx 13 2 84.62% 21 3 85.71% 501fido_rx 13 2 84.62% 19 3 84.21%
483fido_rx_cbor_status 8 0 100.00% 12 0 100.00% 502fido_rx_cbor_status 8 0 100.00% 12 0 100.00%
484io.c:tx_empty 7 0 100.00% 16 0 100.00% 503io.c:tx_empty 9 0 100.00% 17 0 100.00%
485io.c:tx 13 0 100.00% 21 0 100.00% 504io.c:tx 13 0 100.00% 21 0 100.00%
486io.c:tx_preamble 10 0 100.00% 20 0 100.00% 505io.c:tx_preamble 16 1 93.75% 24 1 95.83%
487io.c:tx_frame 9 0 100.00% 18 0 100.00% 506io.c:tx_frame 15 1 93.33% 22 1 95.45%
488io.c:rx 25 1 96.00% 58 4 93.10% 507io.c:rx 40 2 95.00% 68 1 98.53%
489io.c:rx_preamble 18 1 94.44% 25 4 84.00% 508io.c:rx_preamble 21 2 90.48% 28 5 82.14%
490io.c:rx_frame 6 0 100.00% 9 0 100.00% 509io.c:rx_frame 8 0 100.00% 11 0 100.00%
491--------------------------------------------------------------------------------------- 510---------------------------------------------------------------------------------------
492TOTAL 123 5 95.93% 218 11 94.95% 511TOTAL 156 9 94.23% 236 11 95.34%
493 512
494File '/libfido2/src/iso7816.c': 513File '/libfido2/src/iso7816.c':
495Name Regions Miss Cover Lines Miss Cover 514Name Regions Miss Cover Lines Miss Cover
@@ -547,32 +566,34 @@ TOTAL 19 0 100.00% 22 0
547File '/libfido2/src/rs256.c': 566File '/libfido2/src/rs256.c':
548Name Regions Miss Cover Lines Miss Cover 567Name Regions Miss Cover Lines Miss Cover
549--------------------------------------------------------------------------------------- 568---------------------------------------------------------------------------------------
550rs256_pk_decode 8 8 0.00% 10 10 0.00% 569rs256_pk_decode 8 0 100.00% 10 0 100.00%
551rs256_pk_new 1 0 100.00% 3 0 100.00% 570rs256_pk_new 1 0 100.00% 3 0 100.00%
552rs256_pk_free 6 0 100.00% 11 0 100.00% 571rs256_pk_free 6 0 100.00% 11 0 100.00%
553rs256_pk_from_ptr 6 0 100.00% 8 0 100.00% 572rs256_pk_from_ptr 6 0 100.00% 8 0 100.00%
554rs256_pk_to_EVP_PKEY 32 0 100.00% 48 0 100.00% 573rs256_pk_to_EVP_PKEY 32 0 100.00% 48 0 100.00%
555rs256_pk_from_RSA 32 4 87.50% 32 6 81.25% 574rs256_pk_from_RSA 32 4 87.50% 32 6 81.25%
556rs256.c:decode_rsa_pubkey 9 9 0.00% 16 16 0.00% 575rs256.c:decode_rsa_pubkey 9 1 88.89% 16 4 75.00%
557rs256.c:decode_bignum 8 8 0.00% 12 12 0.00% 576rs256.c:decode_bignum 8 1 87.50% 12 3 75.00%
558--------------------------------------------------------------------------------------- 577---------------------------------------------------------------------------------------
559TOTAL 102 29 71.57% 140 44 68.57% 578TOTAL 102 6 94.12% 140 13 90.71%
560 579
561File '/libfido2/src/u2f.c': 580File '/libfido2/src/u2f.c':
562Name Regions Miss Cover Lines Miss Cover 581Name Regions Miss Cover Lines Miss Cover
563--------------------------------------------------------------------------------------- 582---------------------------------------------------------------------------------------
564u2f_register 70 5 92.86% 88 7 92.05% 583u2f_register 70 1 98.57% 88 0 100.00%
565u2f_authenticate 32 4 87.50% 44 2 95.45% 584u2f_authenticate 32 0 100.00% 44 0 100.00%
585u2f_get_touch_begin 30 0 100.00% 46 0 100.00%
586u2f_get_touch_status 18 0 100.00% 29 0 100.00%
566u2f.c:key_lookup 44 0 100.00% 69 0 100.00% 587u2f.c:key_lookup 44 0 100.00% 69 0 100.00%
567u2f.c:send_dummy_register 31 5 83.87% 49 8 83.67% 588u2f.c:send_dummy_register 31 1 96.77% 49 0 100.00%
568u2f.c:parse_register_reply 57 0 100.00% 83 0 100.00% 589u2f.c:parse_register_reply 57 0 100.00% 83 0 100.00%
569u2f.c:x5c_get 21 2 90.48% 37 6 83.78% 590u2f.c:x5c_get 21 1 95.24% 37 3 91.89%
570u2f.c:sig_get 8 1 87.50% 16 6 62.50% 591u2f.c:sig_get 8 1 87.50% 16 6 62.50%
571u2f.c:encode_cred_authdata 37 3 91.89% 82 9 89.02% 592u2f.c:encode_cred_authdata 37 2 94.59% 82 6 92.68%
572u2f.c:cbor_blob_from_ec_point 22 1 95.45% 39 3 92.31% 593u2f.c:cbor_blob_from_ec_point 22 0 100.00% 39 0 100.00%
573u2f.c:u2f_authenticate_single 36 2 94.44% 58 4 93.10% 594u2f.c:u2f_authenticate_single 36 0 100.00% 58 0 100.00%
574u2f.c:do_auth 50 3 94.00% 71 4 94.37% 595u2f.c:do_auth 50 1 98.00% 71 0 100.00%
575u2f.c:parse_auth_reply 23 2 91.30% 29 3 89.66% 596u2f.c:parse_auth_reply 23 2 91.30% 29 3 89.66%
576u2f.c:authdata_fake 12 0 100.00% 34 0 100.00% 597u2f.c:authdata_fake 12 0 100.00% 34 0 100.00%
577--------------------------------------------------------------------------------------- 598---------------------------------------------------------------------------------------
578TOTAL 443 28 93.68% 699 52 92.56% 599TOTAL 491 9 98.17% 774 18 97.67%
diff --git a/fuzz/fuzz_assert.c b/fuzz/fuzz_assert.c
index 5b72658..3ae54eb 100644
--- a/fuzz/fuzz_assert.c
+++ b/fuzz/fuzz_assert.c
@@ -23,39 +23,23 @@
23 23
24#include "../openbsd-compat/openbsd-compat.h" 24#include "../openbsd-compat/openbsd-compat.h"
25 25
26#define TAG_U2F 0x01
27#define TAG_TYPE 0x02
28#define TAG_CDH 0x03
29#define TAG_RP_ID 0x04
30#define TAG_EXT 0x05
31#define TAG_SEED 0x06
32#define TAG_UP 0x07
33#define TAG_UV 0x08
34#define TAG_WIRE_DATA 0x09
35#define TAG_CRED_COUNT 0x0a
36#define TAG_CRED 0x0b
37#define TAG_ES256 0x0c
38#define TAG_RS256 0x0d
39#define TAG_PIN 0x0e
40#define TAG_EDDSA 0x0f
41
42/* Parameter set defining a FIDO2 get assertion operation. */ 26/* Parameter set defining a FIDO2 get assertion operation. */
43struct param { 27struct param {
44 char pin[MAXSTR]; 28 char pin[MAXSTR];
45 char rp_id[MAXSTR]; 29 char rp_id[MAXSTR];
46 int ext; 30 int ext;
47 int seed; 31 int seed;
48 struct blob cdh; 32 struct blob cdh;
49 struct blob cred; 33 struct blob cred;
50 struct blob es256; 34 struct blob es256;
51 struct blob rs256; 35 struct blob rs256;
52 struct blob eddsa; 36 struct blob eddsa;
53 struct blob wire_data; 37 struct blob wire_data;
54 uint8_t cred_count; 38 uint8_t cred_count;
55 uint8_t type; 39 uint8_t type;
56 uint8_t u2f; 40 uint8_t u2f;
57 uint8_t up; 41 uint8_t up;
58 uint8_t uv; 42 uint8_t uv;
59}; 43};
60 44
61/* 45/*
@@ -83,73 +67,153 @@ static const uint8_t dummy_wire_data_u2f[] = {
83 WIREDATA_CTAP_U2F_AUTH, 67 WIREDATA_CTAP_U2F_AUTH,
84}; 68};
85 69
86int LLVMFuzzerTestOneInput(const uint8_t *, size_t); 70struct param *
87size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); 71unpack(const uint8_t *ptr, size_t len)
88
89static int
90unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
91{ 72{
92 uint8_t **pp = (void *)&ptr; 73 cbor_item_t *item = NULL, **v;
93 74 struct cbor_load_result cbor;
94 if (unpack_byte(TAG_UV, pp, &len, &p->uv) < 0 || 75 struct param *p;
95 unpack_byte(TAG_UP, pp, &len, &p->up) < 0 || 76 int ok = -1;
96 unpack_byte(TAG_U2F, pp, &len, &p->u2f) < 0 || 77
97 unpack_byte(TAG_TYPE, pp, &len, &p->type) < 0 || 78 if ((p = calloc(1, sizeof(*p))) == NULL ||
98 unpack_byte(TAG_CRED_COUNT, pp, &len, &p->cred_count) < 0 || 79 (item = cbor_load(ptr, len, &cbor)) == NULL ||
99 unpack_int(TAG_EXT, pp, &len, &p->ext) < 0 || 80 cbor.read != len ||
100 unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || 81 cbor_isa_array(item) == false ||
101 unpack_string(TAG_RP_ID, pp, &len, p->rp_id) < 0 || 82 cbor_array_is_definite(item) == false ||
102 unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || 83 cbor_array_size(item) != 15 ||
103 unpack_blob(TAG_WIRE_DATA, pp, &len, &p->wire_data) < 0 || 84 (v = cbor_array_handle(item)) == NULL)
104 unpack_blob(TAG_RS256, pp, &len, &p->rs256) < 0 || 85 goto fail;
105 unpack_blob(TAG_ES256, pp, &len, &p->es256) < 0 || 86
106 unpack_blob(TAG_EDDSA, pp, &len, &p->eddsa) < 0 || 87 if (unpack_byte(v[0], &p->uv) < 0 ||
107 unpack_blob(TAG_CRED, pp, &len, &p->cred) < 0 || 88 unpack_byte(v[1], &p->up) < 0 ||
108 unpack_blob(TAG_CDH, pp, &len, &p->cdh) < 0) 89 unpack_byte(v[2], &p->u2f) < 0 ||
109 return (-1); 90 unpack_byte(v[3], &p->type) < 0 ||
110 91 unpack_byte(v[4], &p->cred_count) < 0 ||
111 return (0); 92 unpack_int(v[5], &p->ext) < 0 ||
93 unpack_int(v[6], &p->seed) < 0 ||
94 unpack_string(v[7], p->rp_id) < 0 ||
95 unpack_string(v[8], p->pin) < 0 ||
96 unpack_blob(v[9], &p->wire_data) < 0 ||
97 unpack_blob(v[10], &p->rs256) < 0 ||
98 unpack_blob(v[11], &p->es256) < 0 ||
99 unpack_blob(v[12], &p->eddsa) < 0 ||
100 unpack_blob(v[13], &p->cred) < 0 ||
101 unpack_blob(v[14], &p->cdh) < 0)
102 goto fail;
103
104 ok = 0;
105fail:
106 if (ok < 0) {
107 free(p);
108 p = NULL;
109 }
110
111 if (item)
112 cbor_decref(&item);
113
114 return p;
112} 115}
113 116
114static size_t 117size_t
115pack(uint8_t *ptr, size_t len, const struct param *p) 118pack(uint8_t *ptr, size_t len, const struct param *p)
116{ 119{
117 const size_t max = len; 120 cbor_item_t *argv[15], *array = NULL;
118 121 size_t cbor_alloc_len, cbor_len = 0;
119 if (pack_byte(TAG_UV, &ptr, &len, p->uv) < 0 || 122 unsigned char *cbor = NULL;
120 pack_byte(TAG_UP, &ptr, &len, p->up) < 0 || 123
121 pack_byte(TAG_U2F, &ptr, &len, p->u2f) < 0 || 124 memset(argv, 0, sizeof(argv));
122 pack_byte(TAG_TYPE, &ptr, &len, p->type) < 0 || 125
123 pack_byte(TAG_CRED_COUNT, &ptr, &len, p->cred_count) < 0 || 126 if ((array = cbor_new_definite_array(15)) == NULL ||
124 pack_int(TAG_EXT, &ptr, &len, p->ext) < 0 || 127 (argv[0] = pack_byte(p->uv)) == NULL ||
125 pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || 128 (argv[1] = pack_byte(p->up)) == NULL ||
126 pack_string(TAG_RP_ID, &ptr, &len, p->rp_id) < 0 || 129 (argv[2] = pack_byte(p->u2f)) == NULL ||
127 pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || 130 (argv[3] = pack_byte(p->type)) == NULL ||
128 pack_blob(TAG_WIRE_DATA, &ptr, &len, &p->wire_data) < 0 || 131 (argv[4] = pack_byte(p->cred_count)) == NULL ||
129 pack_blob(TAG_RS256, &ptr, &len, &p->rs256) < 0 || 132 (argv[5] = pack_int(p->ext)) == NULL ||
130 pack_blob(TAG_ES256, &ptr, &len, &p->es256) < 0 || 133 (argv[6] = pack_int(p->seed)) == NULL ||
131 pack_blob(TAG_EDDSA, &ptr, &len, &p->eddsa) < 0 || 134 (argv[7] = pack_string(p->rp_id)) == NULL ||
132 pack_blob(TAG_CRED, &ptr, &len, &p->cred) < 0 || 135 (argv[8] = pack_string(p->pin)) == NULL ||
133 pack_blob(TAG_CDH, &ptr, &len, &p->cdh) < 0) 136 (argv[9] = pack_blob(&p->wire_data)) == NULL ||
134 return (0); 137 (argv[10] = pack_blob(&p->rs256)) == NULL ||
135 138 (argv[11] = pack_blob(&p->es256)) == NULL ||
136 return (max - len); 139 (argv[12] = pack_blob(&p->eddsa)) == NULL ||
140 (argv[13] = pack_blob(&p->cred)) == NULL ||
141 (argv[14] = pack_blob(&p->cdh)) == NULL)
142 goto fail;
143
144 for (size_t i = 0; i < 15; i++)
145 if (cbor_array_push(array, argv[i]) == false)
146 goto fail;
147
148 if ((cbor_len = cbor_serialize_alloc(array, &cbor,
149 &cbor_alloc_len)) > len) {
150 cbor_len = 0;
151 goto fail;
152 }
153
154 memcpy(ptr, cbor, cbor_len);
155fail:
156 for (size_t i = 0; i < 15; i++)
157 if (argv[i])
158 cbor_decref(&argv[i]);
159
160 if (array)
161 cbor_decref(&array);
162
163 free(cbor);
164
165 return cbor_len;
137} 166}
138 167
139static size_t 168size_t
140input_len(int max) 169pack_dummy(uint8_t *ptr, size_t len)
141{ 170{
142 return (5 * len_byte() + 2 * len_int() + 2 * len_string(max) + 171 struct param dummy;
143 6 * len_blob(max)); 172 uint8_t blob[4096];
173 size_t blob_len;
174
175 memset(&dummy, 0, sizeof(dummy));
176
177 dummy.type = 1; /* rsa */
178 dummy.ext = FIDO_EXT_HMAC_SECRET;
179
180 strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin));
181 strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id));
182
183 dummy.cred.len = sizeof(dummy_cdh); /* XXX */
184 dummy.cdh.len = sizeof(dummy_cdh);
185 dummy.es256.len = sizeof(dummy_es256);
186 dummy.rs256.len = sizeof(dummy_rs256);
187 dummy.eddsa.len = sizeof(dummy_eddsa);
188 dummy.wire_data.len = sizeof(dummy_wire_data_fido);
189
190 memcpy(&dummy.cred.body, &dummy_cdh, dummy.cred.len); /* XXX */
191 memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
192 memcpy(&dummy.wire_data.body, &dummy_wire_data_fido,
193 dummy.wire_data.len);
194 memcpy(&dummy.es256.body, &dummy_es256, dummy.es256.len);
195 memcpy(&dummy.rs256.body, &dummy_rs256, dummy.rs256.len);
196 memcpy(&dummy.eddsa.body, &dummy_eddsa, dummy.eddsa.len);
197
198 assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0);
199
200 if (blob_len > len) {
201 memcpy(ptr, blob, len);
202 return len;
203 }
204
205 memcpy(ptr, blob, blob_len);
206
207 return blob_len;
144} 208}
145 209
146static void 210static void
147get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh, 211get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh,
148 const char *rp_id, int ext, uint8_t up, uint8_t uv, const char *pin, 212 const char *rp_id, int ext, uint8_t up, uint8_t uv, const char *pin,
149 uint8_t cred_count, struct blob *cred) 213 uint8_t cred_count, const struct blob *cred)
150{ 214{
151 fido_dev_t *dev; 215 fido_dev_t *dev;
152 fido_dev_io_t io; 216 fido_dev_io_t io;
153 217
154 memset(&io, 0, sizeof(io)); 218 memset(&io, 0, sizeof(io));
155 219
@@ -166,21 +230,31 @@ get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh,
166 230
167 if (u2f & 1) 231 if (u2f & 1)
168 fido_dev_force_u2f(dev); 232 fido_dev_force_u2f(dev);
169
170 for (uint8_t i = 0; i < cred_count; i++)
171 fido_assert_allow_cred(assert, cred->body, cred->len);
172
173 fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len);
174 fido_assert_set_rp(assert, rp_id);
175 if (ext & 1) 233 if (ext & 1)
176 fido_assert_set_extensions(assert, FIDO_EXT_HMAC_SECRET); 234 fido_assert_set_extensions(assert, FIDO_EXT_HMAC_SECRET);
177 if (up & 1) 235 if (up & 1)
178 fido_assert_set_up(assert, FIDO_OPT_TRUE); 236 fido_assert_set_up(assert, FIDO_OPT_TRUE);
237 else if (u2f &1)
238 fido_assert_set_up(assert, FIDO_OPT_FALSE);
179 if (uv & 1) 239 if (uv & 1)
180 fido_assert_set_uv(assert, FIDO_OPT_TRUE); 240 fido_assert_set_uv(assert, FIDO_OPT_TRUE);
181 /* XXX reuse cred as hmac salt to keep struct param small */ 241
242 for (uint8_t i = 0; i < cred_count; i++)
243 fido_assert_allow_cred(assert, cred->body, cred->len);
244
245 fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len);
246 fido_assert_set_rp(assert, rp_id);
247 /* XXX reuse cred as hmac salt */
182 fido_assert_set_hmac_salt(assert, cred->body, cred->len); 248 fido_assert_set_hmac_salt(assert, cred->body, cred->len);
183 249
250 /* repeat memory operations to trigger reallocation paths */
251 fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len);
252 fido_assert_set_rp(assert, rp_id);
253 fido_assert_set_hmac_salt(assert, cred->body, cred->len);
254
255 if (strlen(pin) == 0)
256 pin = NULL;
257
184 fido_dev_get_assert(dev, assert, u2f & 1 ? NULL : pin); 258 fido_dev_get_assert(dev, assert, u2f & 1 ? NULL : pin);
185 259
186 fido_dev_cancel(dev); 260 fido_dev_cancel(dev);
@@ -194,7 +268,7 @@ verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len,
194 const unsigned char *sig_ptr, size_t sig_len, uint8_t up, uint8_t uv, 268 const unsigned char *sig_ptr, size_t sig_len, uint8_t up, uint8_t uv,
195 int ext, void *pk) 269 int ext, void *pk)
196{ 270{
197 fido_assert_t *assert = NULL; 271 fido_assert_t *assert = NULL;
198 272
199 if ((assert = fido_assert_new()) == NULL) 273 if ((assert = fido_assert_new()) == NULL)
200 return; 274 return;
@@ -202,16 +276,30 @@ verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len,
202 fido_assert_set_clientdata_hash(assert, cdh_ptr, cdh_len); 276 fido_assert_set_clientdata_hash(assert, cdh_ptr, cdh_len);
203 fido_assert_set_rp(assert, rp_id); 277 fido_assert_set_rp(assert, rp_id);
204 fido_assert_set_count(assert, 1); 278 fido_assert_set_count(assert, 1);
279
205 if (fido_assert_set_authdata(assert, 0, authdata_ptr, 280 if (fido_assert_set_authdata(assert, 0, authdata_ptr,
206 authdata_len) != FIDO_OK) { 281 authdata_len) != FIDO_OK) {
207 fido_assert_set_authdata_raw(assert, 0, authdata_ptr, 282 fido_assert_set_authdata_raw(assert, 0, authdata_ptr,
208 authdata_len); 283 authdata_len);
209 } 284 }
285
286 if (up & 1)
287 fido_assert_set_up(assert, FIDO_OPT_TRUE);
288 if (uv & 1)
289 fido_assert_set_uv(assert, FIDO_OPT_TRUE);
290
210 fido_assert_set_extensions(assert, ext); 291 fido_assert_set_extensions(assert, ext);
211 if (up & 1) fido_assert_set_up(assert, FIDO_OPT_TRUE);
212 if (uv & 1) fido_assert_set_uv(assert, FIDO_OPT_TRUE);
213 fido_assert_set_sig(assert, 0, sig_ptr, sig_len); 292 fido_assert_set_sig(assert, 0, sig_ptr, sig_len);
214 fido_assert_verify(assert, 0, type, pk); 293
294 /* repeat memory operations to trigger reallocation paths */
295 if (fido_assert_set_authdata(assert, 0, authdata_ptr,
296 authdata_len) != FIDO_OK) {
297 fido_assert_set_authdata_raw(assert, 0, authdata_ptr,
298 authdata_len);
299 }
300 fido_assert_set_sig(assert, 0, sig_ptr, sig_len);
301
302 assert(fido_assert_verify(assert, 0, type, pk) != FIDO_OK);
215 303
216 fido_assert_free(&assert); 304 fido_assert_free(&assert);
217} 305}
@@ -262,38 +350,30 @@ out:
262 EVP_PKEY_free(pkey); 350 EVP_PKEY_free(pkey);
263} 351}
264 352
265int 353void
266LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 354test(const struct param *p)
267{ 355{
268 struct param p; 356 fido_assert_t *assert = NULL;
269 fido_assert_t *assert = NULL; 357 es256_pk_t *es256_pk = NULL;
270 es256_pk_t *es256_pk = NULL; 358 rs256_pk_t *rs256_pk = NULL;
271 rs256_pk_t *rs256_pk = NULL; 359 eddsa_pk_t *eddsa_pk = NULL;
272 eddsa_pk_t *eddsa_pk = NULL; 360 uint8_t flags;
273 uint8_t flags; 361 uint32_t sigcount;
274 uint32_t sigcount; 362 int cose_alg = 0;
275 int cose_alg = 0; 363 void *pk;
276 void *pk; 364
277 365 prng_init((unsigned int)p->seed);
278 memset(&p, 0, sizeof(p));
279
280 if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
281 unpack(data, size, &p) < 0)
282 return (0);
283
284 prng_init((unsigned int)p.seed);
285
286 fido_init(FIDO_DEBUG); 366 fido_init(FIDO_DEBUG);
287 fido_set_log_handler(consume_str); 367 fido_set_log_handler(consume_str);
288 368
289 switch (p.type & 3) { 369 switch (p->type & 3) {
290 case 0: 370 case 0:
291 cose_alg = COSE_ES256; 371 cose_alg = COSE_ES256;
292 372
293 if ((es256_pk = es256_pk_new()) == NULL) 373 if ((es256_pk = es256_pk_new()) == NULL)
294 return (0); 374 return;
295 375
296 es256_pk_from_ptr(es256_pk, p.es256.body, p.es256.len); 376 es256_pk_from_ptr(es256_pk, p->es256.body, p->es256.len);
297 pk = es256_pk; 377 pk = es256_pk;
298 378
299 break; 379 break;
@@ -301,9 +381,9 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
301 cose_alg = COSE_RS256; 381 cose_alg = COSE_RS256;
302 382
303 if ((rs256_pk = rs256_pk_new()) == NULL) 383 if ((rs256_pk = rs256_pk_new()) == NULL)
304 return (0); 384 return;
305 385
306 rs256_pk_from_ptr(rs256_pk, p.rs256.body, p.rs256.len); 386 rs256_pk_from_ptr(rs256_pk, p->rs256.body, p->rs256.len);
307 pk = rs256_pk; 387 pk = rs256_pk;
308 388
309 rs256_convert(pk); 389 rs256_convert(pk);
@@ -313,9 +393,9 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
313 cose_alg = COSE_EDDSA; 393 cose_alg = COSE_EDDSA;
314 394
315 if ((eddsa_pk = eddsa_pk_new()) == NULL) 395 if ((eddsa_pk = eddsa_pk_new()) == NULL)
316 return (0); 396 return;
317 397
318 eddsa_pk_from_ptr(eddsa_pk, p.eddsa.body, p.eddsa.len); 398 eddsa_pk_from_ptr(eddsa_pk, p->eddsa.body, p->eddsa.len);
319 pk = eddsa_pk; 399 pk = eddsa_pk;
320 400
321 eddsa_convert(pk); 401 eddsa_convert(pk);
@@ -326,10 +406,10 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
326 if ((assert = fido_assert_new()) == NULL) 406 if ((assert = fido_assert_new()) == NULL)
327 goto out; 407 goto out;
328 408
329 set_wire_data(p.wire_data.body, p.wire_data.len); 409 set_wire_data(p->wire_data.body, p->wire_data.len);
330 410
331 get_assert(assert, p.u2f, &p.cdh, p.rp_id, p.ext, p.up, p.uv, p.pin, 411 get_assert(assert, p->u2f, &p->cdh, p->rp_id, p->ext, p->up, p->uv,
332 p.cred_count, &p.cred); 412 p->pin, p->cred_count, &p->cred);
333 413
334 /* XXX +1 on purpose */ 414 /* XXX +1 on purpose */
335 for (size_t i = 0; i <= fido_assert_count(assert); i++) { 415 for (size_t i = 0; i <= fido_assert_count(assert); i++) {
@@ -340,7 +420,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
340 fido_assert_authdata_ptr(assert, i), 420 fido_assert_authdata_ptr(assert, i),
341 fido_assert_authdata_len(assert, i), 421 fido_assert_authdata_len(assert, i),
342 fido_assert_sig_ptr(assert, i), 422 fido_assert_sig_ptr(assert, i),
343 fido_assert_sig_len(assert, i), p.up, p.uv, p.ext, pk); 423 fido_assert_sig_len(assert, i), p->up, p->uv, p->ext, pk);
344 consume(fido_assert_id_ptr(assert, i), 424 consume(fido_assert_id_ptr(assert, i),
345 fido_assert_id_len(assert, i)); 425 fido_assert_id_len(assert, i));
346 consume(fido_assert_user_id_ptr(assert, i), 426 consume(fido_assert_user_id_ptr(assert, i),
@@ -365,103 +445,40 @@ out:
365 eddsa_pk_free(&eddsa_pk); 445 eddsa_pk_free(&eddsa_pk);
366 446
367 fido_assert_free(&assert); 447 fido_assert_free(&assert);
368
369 return (0);
370} 448}
371 449
372static size_t 450void
373pack_dummy(uint8_t *ptr, size_t len) 451mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN
374{ 452{
375 struct param dummy; 453 if (flags & MUTATE_SEED)
376 uint8_t blob[16384]; 454 p->seed = (int)seed;
377 size_t blob_len; 455
378 456 if (flags & MUTATE_PARAM) {
379 memset(&dummy, 0, sizeof(dummy)); 457 mutate_byte(&p->uv);
380 458 mutate_byte(&p->up);
381 dummy.type = 1; /* rsa */ 459 mutate_byte(&p->u2f);
382 dummy.ext = FIDO_EXT_HMAC_SECRET; 460 mutate_byte(&p->type);
383 461 mutate_byte(&p->cred_count);
384 strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin)); 462 mutate_int(&p->ext);
385 strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id)); 463 mutate_blob(&p->rs256);
386 464 mutate_blob(&p->es256);
387 dummy.cred.len = sizeof(dummy_cdh); /* XXX */ 465 mutate_blob(&p->eddsa);
388 dummy.cdh.len = sizeof(dummy_cdh); 466 mutate_blob(&p->cred);
389 dummy.es256.len = sizeof(dummy_es256); 467 mutate_blob(&p->cdh);
390 dummy.rs256.len = sizeof(dummy_rs256); 468 mutate_string(p->rp_id);
391 dummy.eddsa.len = sizeof(dummy_eddsa); 469 mutate_string(p->pin);
392 dummy.wire_data.len = sizeof(dummy_wire_data_fido);
393
394 memcpy(&dummy.cred.body, &dummy_cdh, dummy.cred.len); /* XXX */
395 memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
396 memcpy(&dummy.wire_data.body, &dummy_wire_data_fido,
397 dummy.wire_data.len);
398 memcpy(&dummy.es256.body, &dummy_es256, dummy.es256.len);
399 memcpy(&dummy.rs256.body, &dummy_rs256, dummy.rs256.len);
400 memcpy(&dummy.eddsa.body, &dummy_eddsa, dummy.eddsa.len);
401
402 blob_len = pack(blob, sizeof(blob), &dummy);
403 assert(blob_len != 0);
404
405 if (blob_len > len) {
406 memcpy(ptr, blob, len);
407 return (len);
408 } 470 }
409 471
410 memcpy(ptr, blob, blob_len); 472 if (flags & MUTATE_WIREDATA) {
411 473 if (p->u2f & 1) {
412 return (blob_len); 474 p->wire_data.len = sizeof(dummy_wire_data_u2f);
413} 475 memcpy(&p->wire_data.body, &dummy_wire_data_u2f,
414 476 p->wire_data.len);
415size_t 477 } else {
416LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, 478 p->wire_data.len = sizeof(dummy_wire_data_fido);
417 unsigned int seed) NO_MSAN 479 memcpy(&p->wire_data.body, &dummy_wire_data_fido,
418{ 480 p->wire_data.len);
419 struct param p; 481 }
420 uint8_t blob[16384]; 482 mutate_blob(&p->wire_data);
421 size_t blob_len;
422
423 (void)seed;
424
425 memset(&p, 0, sizeof(p));
426
427 if (unpack(data, size, &p) < 0)
428 return (pack_dummy(data, maxsize));
429
430 mutate_byte(&p.uv);
431 mutate_byte(&p.up);
432 mutate_byte(&p.u2f);
433 mutate_byte(&p.type);
434 mutate_byte(&p.cred_count);
435
436 mutate_int(&p.ext);
437 p.seed = (int)seed;
438
439 if (p.u2f & 1) {
440 p.wire_data.len = sizeof(dummy_wire_data_u2f);
441 memcpy(&p.wire_data.body, &dummy_wire_data_u2f,
442 p.wire_data.len);
443 } else {
444 p.wire_data.len = sizeof(dummy_wire_data_fido);
445 memcpy(&p.wire_data.body, &dummy_wire_data_fido,
446 p.wire_data.len);
447 } 483 }
448
449 mutate_blob(&p.wire_data);
450 mutate_blob(&p.rs256);
451 mutate_blob(&p.es256);
452 mutate_blob(&p.eddsa);
453 mutate_blob(&p.cred);
454 mutate_blob(&p.cdh);
455
456 mutate_string(p.rp_id);
457 mutate_string(p.pin);
458
459 blob_len = pack(blob, sizeof(blob), &p);
460
461 if (blob_len == 0 || blob_len > maxsize)
462 return (0);
463
464 memcpy(data, blob, blob_len);
465
466 return (blob_len);
467} 484}
diff --git a/fuzz/fuzz_bio.c b/fuzz/fuzz_bio.c
index 05f6ce3..5051a34 100644
--- a/fuzz/fuzz_bio.c
+++ b/fuzz/fuzz_bio.c
@@ -19,27 +19,17 @@
19 19
20#include "../openbsd-compat/openbsd-compat.h" 20#include "../openbsd-compat/openbsd-compat.h"
21 21
22#define TAG_PIN 0x01
23#define TAG_NAME 0x02
24#define TAG_SEED 0x03
25#define TAG_ID 0x04
26#define TAG_INFO_WIRE_DATA 0x05
27#define TAG_ENROLL_WIRE_DATA 0x06
28#define TAG_LIST_WIRE_DATA 0x07
29#define TAG_SET_NAME_WIRE_DATA 0x08
30#define TAG_REMOVE_WIRE_DATA 0x09
31
32/* Parameter set defining a FIDO2 credential management operation. */ 22/* Parameter set defining a FIDO2 credential management operation. */
33struct param { 23struct param {
34 char pin[MAXSTR]; 24 char pin[MAXSTR];
35 char name[MAXSTR]; 25 char name[MAXSTR];
36 int seed; 26 int seed;
37 struct blob id; 27 struct blob id;
38 struct blob info_wire_data; 28 struct blob info_wire_data;
39 struct blob enroll_wire_data; 29 struct blob enroll_wire_data;
40 struct blob list_wire_data; 30 struct blob list_wire_data;
41 struct blob set_name_wire_data; 31 struct blob set_name_wire_data;
42 struct blob remove_wire_data; 32 struct blob remove_wire_data;
43}; 33};
44 34
45/* 35/*
@@ -100,58 +90,141 @@ static const uint8_t dummy_remove_wire_data[] = {
100 WIREDATA_CTAP_CBOR_STATUS, 90 WIREDATA_CTAP_CBOR_STATUS,
101}; 91};
102 92
103int LLVMFuzzerTestOneInput(const uint8_t *, size_t); 93struct param *
104size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); 94unpack(const uint8_t *ptr, size_t len)
105
106static int
107unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
108{ 95{
109 uint8_t **pp = (void *)&ptr; 96 cbor_item_t *item = NULL, **v;
110 97 struct cbor_load_result cbor;
111 if (unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || 98 struct param *p;
112 unpack_string(TAG_NAME, pp, &len, p->name) < 0 || 99 int ok = -1;
113 unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || 100
114 unpack_blob(TAG_ID, pp, &len, &p->id) < 0 || 101 if ((p = calloc(1, sizeof(*p))) == NULL ||
115 unpack_blob(TAG_INFO_WIRE_DATA, pp, &len, &p->info_wire_data) < 0 || 102 (item = cbor_load(ptr, len, &cbor)) == NULL ||
116 unpack_blob(TAG_ENROLL_WIRE_DATA, pp, &len, &p->enroll_wire_data) < 0 || 103 cbor.read != len ||
117 unpack_blob(TAG_LIST_WIRE_DATA, pp, &len, &p->list_wire_data) < 0 || 104 cbor_isa_array(item) == false ||
118 unpack_blob(TAG_SET_NAME_WIRE_DATA, pp, &len, &p->set_name_wire_data) < 0 || 105 cbor_array_is_definite(item) == false ||
119 unpack_blob(TAG_REMOVE_WIRE_DATA, pp, &len, &p->remove_wire_data) < 0) 106 cbor_array_size(item) != 9 ||
120 return (-1); 107 (v = cbor_array_handle(item)) == NULL)
121 108 goto fail;
122 return (0); 109
110 if (unpack_int(v[0], &p->seed) < 0 ||
111 unpack_string(v[1], p->pin) < 0 ||
112 unpack_string(v[2], p->name) < 0 ||
113 unpack_blob(v[3], &p->id) < 0 ||
114 unpack_blob(v[4], &p->info_wire_data) < 0 ||
115 unpack_blob(v[5], &p->enroll_wire_data) < 0 ||
116 unpack_blob(v[6], &p->list_wire_data) < 0 ||
117 unpack_blob(v[7], &p->set_name_wire_data) < 0 ||
118 unpack_blob(v[8], &p->remove_wire_data) < 0)
119 goto fail;
120
121 ok = 0;
122fail:
123 if (ok < 0) {
124 free(p);
125 p = NULL;
126 }
127
128 if (item)
129 cbor_decref(&item);
130
131 return p;
123} 132}
124 133
125static size_t 134size_t
126pack(uint8_t *ptr, size_t len, const struct param *p) 135pack(uint8_t *ptr, size_t len, const struct param *p)
127{ 136{
128 const size_t max = len; 137 cbor_item_t *argv[9], *array = NULL;
129 138 size_t cbor_alloc_len, cbor_len = 0;
130 if (pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || 139 unsigned char *cbor = NULL;
131 pack_string(TAG_NAME, &ptr, &len, p->name) < 0 || 140
132 pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || 141 memset(argv, 0, sizeof(argv));
133 pack_blob(TAG_ID, &ptr, &len, &p->id) < 0 || 142
134 pack_blob(TAG_INFO_WIRE_DATA, &ptr, &len, &p->info_wire_data) < 0 || 143 if ((array = cbor_new_definite_array(9)) == NULL ||
135 pack_blob(TAG_ENROLL_WIRE_DATA, &ptr, &len, &p->enroll_wire_data) < 0 || 144 (argv[0] = pack_int(p->seed)) == NULL ||
136 pack_blob(TAG_LIST_WIRE_DATA, &ptr, &len, &p->list_wire_data) < 0 || 145 (argv[1] = pack_string(p->pin)) == NULL ||
137 pack_blob(TAG_SET_NAME_WIRE_DATA, &ptr, &len, &p->set_name_wire_data) < 0 || 146 (argv[2] = pack_string(p->name)) == NULL ||
138 pack_blob(TAG_REMOVE_WIRE_DATA, &ptr, &len, &p->remove_wire_data) < 0) 147 (argv[3] = pack_blob(&p->id)) == NULL ||
139 return (0); 148 (argv[4] = pack_blob(&p->info_wire_data)) == NULL ||
140 149 (argv[5] = pack_blob(&p->enroll_wire_data)) == NULL ||
141 return (max - len); 150 (argv[6] = pack_blob(&p->list_wire_data)) == NULL ||
151 (argv[7] = pack_blob(&p->set_name_wire_data)) == NULL ||
152 (argv[8] = pack_blob(&p->remove_wire_data)) == NULL)
153 goto fail;
154
155 for (size_t i = 0; i < 9; i++)
156 if (cbor_array_push(array, argv[i]) == false)
157 goto fail;
158
159 if ((cbor_len = cbor_serialize_alloc(array, &cbor,
160 &cbor_alloc_len)) > len) {
161 cbor_len = 0;
162 goto fail;
163 }
164
165 memcpy(ptr, cbor, cbor_len);
166fail:
167 for (size_t i = 0; i < 9; i++)
168 if (argv[i])
169 cbor_decref(&argv[i]);
170
171 if (array)
172 cbor_decref(&array);
173
174 free(cbor);
175
176 return cbor_len;
142} 177}
143 178
144static size_t 179size_t
145input_len(int max) 180pack_dummy(uint8_t *ptr, size_t len)
146{ 181{
147 return (2 * len_string(max) + len_int() + 6 * len_blob(max)); 182 struct param dummy;
183 uint8_t blob[4096];
184 size_t blob_len;
185
186 memset(&dummy, 0, sizeof(dummy));
187
188 strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin));
189 strlcpy(dummy.name, dummy_name, sizeof(dummy.name));
190
191 dummy.info_wire_data.len = sizeof(dummy_info_wire_data);
192 dummy.enroll_wire_data.len = sizeof(dummy_enroll_wire_data);
193 dummy.list_wire_data.len = sizeof(dummy_list_wire_data);
194 dummy.set_name_wire_data.len = sizeof(dummy_set_name_wire_data);
195 dummy.remove_wire_data.len = sizeof(dummy_remove_wire_data);
196 dummy.id.len = sizeof(dummy_id);
197
198 memcpy(&dummy.info_wire_data.body, &dummy_info_wire_data,
199 dummy.info_wire_data.len);
200 memcpy(&dummy.enroll_wire_data.body, &dummy_enroll_wire_data,
201 dummy.enroll_wire_data.len);
202 memcpy(&dummy.list_wire_data.body, &dummy_list_wire_data,
203 dummy.list_wire_data.len);
204 memcpy(&dummy.set_name_wire_data.body, &dummy_set_name_wire_data,
205 dummy.set_name_wire_data.len);
206 memcpy(&dummy.remove_wire_data.body, &dummy_remove_wire_data,
207 dummy.remove_wire_data.len);
208 memcpy(&dummy.id.body, &dummy_id, dummy.id.len);
209
210 assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0);
211
212 if (blob_len > len) {
213 memcpy(ptr, blob, len);
214 return len;
215 }
216
217 memcpy(ptr, blob, blob_len);
218
219 return blob_len;
148} 220}
149 221
150static fido_dev_t * 222static fido_dev_t *
151prepare_dev() 223prepare_dev(void)
152{ 224{
153 fido_dev_t *dev; 225 fido_dev_t *dev;
154 fido_dev_io_t io; 226 fido_dev_io_t io;
227 bool x;
155 228
156 memset(&io, 0, sizeof(io)); 229 memset(&io, 0, sizeof(io));
157 230
@@ -163,26 +236,35 @@ prepare_dev()
163 if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev, 236 if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev,
164 &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) { 237 &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) {
165 fido_dev_free(&dev); 238 fido_dev_free(&dev);
166 return (NULL); 239 return NULL;
167 } 240 }
168 241
169 return (dev); 242 x = fido_dev_is_fido2(dev);
243 consume(&x, sizeof(x));
244 x = fido_dev_supports_pin(dev);
245 consume(&x, sizeof(x));
246 x = fido_dev_has_pin(dev);
247 consume(&x, sizeof(x));
248
249 return dev;
170} 250}
171 251
172static void 252static void
173get_info(struct param *p) 253get_info(const struct param *p)
174{ 254{
175 fido_dev_t *dev = NULL; 255 fido_dev_t *dev = NULL;
176 fido_bio_info_t *i = NULL; 256 fido_bio_info_t *i = NULL;
177 uint8_t type; 257 uint8_t type;
178 uint8_t max_samples; 258 uint8_t max_samples;
259 int r;
179 260
180 set_wire_data(p->info_wire_data.body, p->info_wire_data.len); 261 set_wire_data(p->info_wire_data.body, p->info_wire_data.len);
181 262
182 if ((dev = prepare_dev()) == NULL || (i = fido_bio_info_new()) == NULL) 263 if ((dev = prepare_dev()) == NULL || (i = fido_bio_info_new()) == NULL)
183 goto done; 264 goto done;
184 265
185 fido_bio_dev_get_info(dev, i); 266 r = fido_bio_dev_get_info(dev, i);
267 consume_str(fido_strerr(r));
186 268
187 type = fido_bio_info_type(i); 269 type = fido_bio_info_type(i);
188 max_samples = fido_bio_info_max_samples(i); 270 max_samples = fido_bio_info_max_samples(i);
@@ -217,7 +299,7 @@ consume_enroll(fido_bio_enroll_t *e)
217} 299}
218 300
219static void 301static void
220enroll(struct param *p) 302enroll(const struct param *p)
221{ 303{
222 fido_dev_t *dev = NULL; 304 fido_dev_t *dev = NULL;
223 fido_bio_template_t *t = NULL; 305 fido_bio_template_t *t = NULL;
@@ -252,7 +334,7 @@ done:
252} 334}
253 335
254static void 336static void
255list(struct param *p) 337list(const struct param *p)
256{ 338{
257 fido_dev_t *dev = NULL; 339 fido_dev_t *dev = NULL;
258 fido_bio_template_array_t *ta = NULL; 340 fido_bio_template_array_t *ta = NULL;
@@ -280,7 +362,7 @@ done:
280} 362}
281 363
282static void 364static void
283set_name(struct param *p) 365set_name(const struct param *p)
284{ 366{
285 fido_dev_t *dev = NULL; 367 fido_dev_t *dev = NULL;
286 fido_bio_template_t *t = NULL; 368 fido_bio_template_t *t = NULL;
@@ -306,10 +388,11 @@ done:
306} 388}
307 389
308static void 390static void
309del(struct param *p) 391del(const struct param *p)
310{ 392{
311 fido_dev_t *dev = NULL; 393 fido_dev_t *dev = NULL;
312 fido_bio_template_t *t = NULL; 394 fido_bio_template_t *t = NULL;
395 int r;
313 396
314 set_wire_data(p->remove_wire_data.body, p->remove_wire_data.len); 397 set_wire_data(p->remove_wire_data.body, p->remove_wire_data.len);
315 398
@@ -317,8 +400,9 @@ del(struct param *p)
317 (t = fido_bio_template_new()) == NULL) 400 (t = fido_bio_template_new()) == NULL)
318 goto done; 401 goto done;
319 402
320 fido_bio_template_set_id(t, p->id.body, p->id.len); 403 r = fido_bio_template_set_id(t, p->id.body, p->id.len);
321 consume_template(t); 404 consume_template(t);
405 consume_str(fido_strerr(r));
322 406
323 fido_bio_dev_enroll_remove(dev, t, p->pin); 407 fido_bio_dev_enroll_remove(dev, t, p->pin);
324 408
@@ -330,106 +414,37 @@ done:
330 fido_bio_template_free(&t); 414 fido_bio_template_free(&t);
331} 415}
332 416
333int 417void
334LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 418test(const struct param *p)
335{ 419{
336 struct param p; 420 prng_init((unsigned int)p->seed);
337
338 memset(&p, 0, sizeof(p));
339
340 if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
341 unpack(data, size, &p) < 0)
342 return (0);
343
344 prng_init((unsigned int)p.seed);
345
346 fido_init(FIDO_DEBUG); 421 fido_init(FIDO_DEBUG);
347 fido_set_log_handler(consume_str); 422 fido_set_log_handler(consume_str);
348 423
349 get_info(&p); 424 get_info(p);
350 enroll(&p); 425 enroll(p);
351 list(&p); 426 list(p);
352 set_name(&p); 427 set_name(p);
353 del(&p); 428 del(p);
354
355 return (0);
356} 429}
357 430
358static size_t 431void
359pack_dummy(uint8_t *ptr, size_t len) 432mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN
360{ 433{
361 struct param dummy; 434 if (flags & MUTATE_SEED)
362 uint8_t blob[32768]; 435 p->seed = (int)seed;
363 size_t blob_len;
364
365 memset(&dummy, 0, sizeof(dummy));
366
367 strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin));
368 strlcpy(dummy.name, dummy_name, sizeof(dummy.name));
369
370 dummy.info_wire_data.len = sizeof(dummy_info_wire_data);
371 dummy.enroll_wire_data.len = sizeof(dummy_enroll_wire_data);
372 dummy.list_wire_data.len = sizeof(dummy_list_wire_data);
373 dummy.set_name_wire_data.len = sizeof(dummy_set_name_wire_data);
374 dummy.remove_wire_data.len = sizeof(dummy_remove_wire_data);
375 dummy.id.len = sizeof(dummy_id);
376
377 memcpy(&dummy.info_wire_data.body, &dummy_info_wire_data,
378 dummy.info_wire_data.len);
379 memcpy(&dummy.enroll_wire_data.body, &dummy_enroll_wire_data,
380 dummy.enroll_wire_data.len);
381 memcpy(&dummy.list_wire_data.body, &dummy_list_wire_data,
382 dummy.list_wire_data.len);
383 memcpy(&dummy.set_name_wire_data.body, &dummy_set_name_wire_data,
384 dummy.set_name_wire_data.len);
385 memcpy(&dummy.remove_wire_data.body, &dummy_remove_wire_data,
386 dummy.remove_wire_data.len);
387 memcpy(&dummy.id.body, &dummy_id, dummy.id.len);
388
389 blob_len = pack(blob, sizeof(blob), &dummy);
390 assert(blob_len != 0);
391 436
392 if (blob_len > len) { 437 if (flags & MUTATE_PARAM) {
393 memcpy(ptr, blob, len); 438 mutate_blob(&p->id);
394 return (len); 439 mutate_string(p->pin);
440 mutate_string(p->name);
395 } 441 }
396 442
397 memcpy(ptr, blob, blob_len); 443 if (flags & MUTATE_WIREDATA) {
398 444 mutate_blob(&p->info_wire_data);
399 return (blob_len); 445 mutate_blob(&p->enroll_wire_data);
400} 446 mutate_blob(&p->list_wire_data);
401 447 mutate_blob(&p->set_name_wire_data);
402size_t 448 mutate_blob(&p->remove_wire_data);
403LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, 449 }
404 unsigned int seed) NO_MSAN
405{
406 struct param p;
407 uint8_t blob[16384];
408 size_t blob_len;
409
410 memset(&p, 0, sizeof(p));
411
412 if (unpack(data, size, &p) < 0)
413 return (pack_dummy(data, maxsize));
414
415 p.seed = (int)seed;
416
417 mutate_blob(&p.id);
418 mutate_blob(&p.info_wire_data);
419 mutate_blob(&p.enroll_wire_data);
420 mutate_blob(&p.list_wire_data);
421 mutate_blob(&p.set_name_wire_data);
422 mutate_blob(&p.remove_wire_data);
423
424 mutate_string(p.pin);
425 mutate_string(p.name);
426
427 blob_len = pack(blob, sizeof(blob), &p);
428
429 if (blob_len == 0 || blob_len > maxsize)
430 return (0);
431
432 memcpy(data, blob, blob_len);
433
434 return (blob_len);
435} 450}
diff --git a/fuzz/fuzz_cred.c b/fuzz/fuzz_cred.c
index cc37903..87a877a 100644
--- a/fuzz/fuzz_cred.c
+++ b/fuzz/fuzz_cred.c
@@ -18,43 +18,25 @@
18 18
19#include "../openbsd-compat/openbsd-compat.h" 19#include "../openbsd-compat/openbsd-compat.h"
20 20
21#define TAG_U2F 0x01
22#define TAG_TYPE 0x02
23#define TAG_CDH 0x03
24#define TAG_RP_ID 0x04
25#define TAG_RP_NAME 0x05
26#define TAG_USER_ID 0x06
27#define TAG_USER_NAME 0x07
28#define TAG_USER_NICK 0x08
29#define TAG_USER_ICON 0x09
30#define TAG_EXT 0x0a
31#define TAG_SEED 0x0b
32#define TAG_RK 0x0c
33#define TAG_UV 0x0d
34#define TAG_PIN 0x0e
35#define TAG_WIRE_DATA 0x0f
36#define TAG_EXCL_COUNT 0x10
37#define TAG_EXCL_CRED 0x11
38
39/* Parameter set defining a FIDO2 make credential operation. */ 21/* Parameter set defining a FIDO2 make credential operation. */
40struct param { 22struct param {
41 char pin[MAXSTR]; 23 char pin[MAXSTR];
42 char rp_id[MAXSTR]; 24 char rp_id[MAXSTR];
43 char rp_name[MAXSTR]; 25 char rp_name[MAXSTR];
44 char user_icon[MAXSTR]; 26 char user_icon[MAXSTR];
45 char user_name[MAXSTR]; 27 char user_name[MAXSTR];
46 char user_nick[MAXSTR]; 28 char user_nick[MAXSTR];
47 int ext; 29 int ext;
48 int seed; 30 int seed;
49 struct blob cdh; 31 struct blob cdh;
50 struct blob excl_cred; 32 struct blob excl_cred;
51 struct blob user_id; 33 struct blob user_id;
52 struct blob wire_data; 34 struct blob wire_data;
53 uint8_t excl_count; 35 uint8_t excl_count;
54 uint8_t rk; 36 uint8_t rk;
55 uint8_t type; 37 uint8_t type;
56 uint8_t u2f; 38 uint8_t u2f;
57 uint8_t uv; 39 uint8_t uv;
58}; 40};
59 41
60/* 42/*
@@ -86,79 +68,157 @@ static const uint8_t dummy_wire_data_u2f[] = {
86 WIREDATA_CTAP_U2F_REGISTER, 68 WIREDATA_CTAP_U2F_REGISTER,
87}; 69};
88 70
89int LLVMFuzzerTestOneInput(const uint8_t *, size_t); 71struct param *
90size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); 72unpack(const uint8_t *ptr, size_t len)
91
92static int
93unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
94{ 73{
95 uint8_t **pp = (void *)&ptr; 74 cbor_item_t *item = NULL, **v;
96 75 struct cbor_load_result cbor;
97 if (unpack_byte(TAG_RK, pp, &len, &p->rk) < 0 || 76 struct param *p;
98 unpack_byte(TAG_TYPE, pp, &len, &p->type) < 0 || 77 int ok = -1;
99 unpack_byte(TAG_U2F, pp, &len, &p->u2f) < 0 || 78
100 unpack_byte(TAG_UV, pp, &len, &p->uv) < 0 || 79 if ((p = calloc(1, sizeof(*p))) == NULL ||
101 unpack_byte(TAG_EXCL_COUNT, pp, &len, &p->excl_count) < 0 || 80 (item = cbor_load(ptr, len, &cbor)) == NULL ||
102 unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || 81 cbor.read != len ||
103 unpack_string(TAG_RP_ID, pp, &len, p->rp_id) < 0 || 82 cbor_isa_array(item) == false ||
104 unpack_string(TAG_RP_NAME, pp, &len, p->rp_name) < 0 || 83 cbor_array_is_definite(item) == false ||
105 unpack_string(TAG_USER_ICON, pp, &len, p->user_icon) < 0 || 84 cbor_array_size(item) != 17 ||
106 unpack_string(TAG_USER_NAME, pp, &len, p->user_name) < 0 || 85 (v = cbor_array_handle(item)) == NULL)
107 unpack_string(TAG_USER_NICK, pp, &len, p->user_nick) < 0 || 86 goto fail;
108 unpack_int(TAG_EXT, pp, &len, &p->ext) < 0 || 87
109 unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || 88 if (unpack_byte(v[0], &p->rk) < 0 ||
110 unpack_blob(TAG_CDH, pp, &len, &p->cdh) < 0 || 89 unpack_byte(v[1], &p->type) < 0 ||
111 unpack_blob(TAG_USER_ID, pp, &len, &p->user_id) < 0 || 90 unpack_byte(v[2], &p->u2f) < 0 ||
112 unpack_blob(TAG_WIRE_DATA, pp, &len, &p->wire_data) < 0 || 91 unpack_byte(v[3], &p->uv) < 0 ||
113 unpack_blob(TAG_EXCL_CRED, pp, &len, &p->excl_cred) < 0) 92 unpack_byte(v[4], &p->excl_count) < 0 ||
114 return (-1); 93 unpack_int(v[5], &p->ext) < 0 ||
115 94 unpack_int(v[6], &p->seed) < 0 ||
116 return (0); 95 unpack_string(v[7], p->pin) < 0 ||
96 unpack_string(v[8], p->rp_id) < 0 ||
97 unpack_string(v[9], p->rp_name) < 0 ||
98 unpack_string(v[10], p->user_icon) < 0 ||
99 unpack_string(v[11], p->user_name) < 0 ||
100 unpack_string(v[12], p->user_nick) < 0 ||
101 unpack_blob(v[13], &p->cdh) < 0 ||