summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-09-20 16:14:20 +0100
committerColin Watson <cjwatson@debian.org>2020-09-20 16:14:20 +0100
commit173bfbf7886608a4a7abbfac6a42ac4bf4a3432d (patch)
treeb97833d8754f257f92d99dd2f5c9e9d557e3f689
parent75073d0a8478441cc97a6efa10b566c5fb1dac81 (diff)
New upstream version 1.5.0
-rw-r--r--.github/workflows/cifuzz_oss.yml23
-rw-r--r--.github/workflows/scan.yml36
-rw-r--r--.github/workflows/windows.yml14
-rw-r--r--.gitignore9
-rw-r--r--.travis.yml86
-rw-r--r--.travis/build-linux-clang22
-rw-r--r--.travis/build-linux-gcc19
-rw-r--r--.travis/build-linux-mingw47
-rw-r--r--.travis/build-osx-clang24
-rw-r--r--.travis/fuzz-linux-asan59
-rw-r--r--.travis/fuzz-linux-msan59
-rw-r--r--CMakeLists.txt111
-rw-r--r--NEWS18
-rw-r--r--README.adoc27
-rw-r--r--debian/changelog80
-rw-r--r--debian/compat1
-rw-r--r--debian/control53
-rw-r--r--debian/copyright85
-rw-r--r--debian/fido2-tools.install1
-rw-r--r--debian/fido2-tools.manpages3
-rw-r--r--debian/libfido2-1.install1
-rw-r--r--debian/libfido2-1.symbols148
-rw-r--r--debian/libfido2-dev.install29
-rw-r--r--debian/libfido2-dev.links276
-rw-r--r--debian/libfido2-dev.manpages25
-rw-r--r--debian/libfido2-udev.install1
-rwxr-xr-xdebian/rules9
-rw-r--r--debian/source/format1
-rw-r--r--docker/bionic/Dockerfile14
-rw-r--r--examples/CMakeLists.txt16
-rw-r--r--examples/README.adoc9
-rw-r--r--examples/assert.c15
-rw-r--r--examples/cred.c15
-rw-r--r--examples/extern.h1
-rw-r--r--examples/info.c31
-rw-r--r--examples/manifest.c5
-rw-r--r--examples/reset.c9
-rw-r--r--examples/retries.c5
-rw-r--r--examples/select.c215
-rw-r--r--examples/setpin.c5
-rw-r--r--examples/util.c3
-rw-r--r--fuzz/CMakeLists.txt1
-rw-r--r--fuzz/Dockerfile9
-rw-r--r--fuzz/Makefile20
-rw-r--r--fuzz/README130
-rwxr-xr-xfuzz/build-coverage33
-rw-r--r--fuzz/dummy.h4
-rw-r--r--fuzz/export.gnu10
-rw-r--r--fuzz/functions.txt197
-rw-r--r--fuzz/fuzz_assert.c455
-rw-r--r--fuzz/fuzz_bio.c335
-rw-r--r--fuzz/fuzz_cred.c458
-rw-r--r--fuzz/fuzz_credman.c314
-rw-r--r--fuzz/fuzz_mgmt.c321
-rw-r--r--fuzz/libfuzzer.c174
-rw-r--r--fuzz/mutator_aux.c253
-rw-r--r--fuzz/mutator_aux.h49
-rw-r--r--[-rwxr-xr-x]fuzz/prng.c3
-rw-r--r--fuzz/report.tgzbin211709 -> 222723 bytes
-rw-r--r--fuzz/summary.txt31
-rw-r--r--man/CMakeLists.txt55
-rw-r--r--man/NOTES3
-rw-r--r--man/fido2-assert.133
-rw-r--r--man/fido2-cred.18
-rw-r--r--man/fido_assert_new.335
-rw-r--r--man/fido_cbor_info_new.322
-rw-r--r--man/fido_cred_new.365
-rw-r--r--man/fido_dev_get_touch_begin.373
-rw-r--r--man/fido_dev_open.333
-rw-r--r--openbsd-compat/clock_gettime.c32
-rwxr-xr-xopenbsd-compat/diff.sh24
-rw-r--r--openbsd-compat/openbsd-compat.h2
-rw-r--r--openbsd-compat/time.h46
-rw-r--r--openbsd-compat/types.h7
-rw-r--r--regress/assert.c16
-rw-r--r--regress/cred.c78
-rw-r--r--src/CMakeLists.txt17
-rw-r--r--src/assert.c2
-rw-r--r--src/cbor.c25
-rw-r--r--src/cred.c12
-rw-r--r--src/credman.c8
-rw-r--r--src/dev.c207
-rwxr-xr-xsrc/diff_exports.sh29
-rw-r--r--src/err.c4
-rw-r--r--src/es256.c2
-rw-r--r--src/export.gnu9
-rw-r--r--src/export.llvm9
-rw-r--r--src/export.msvc9
-rw-r--r--src/extern.h20
-rw-r--r--src/fido.h23
-rw-r--r--src/fido/err.h2
-rw-r--r--src/fido/param.h12
-rw-r--r--src/fido/types.h20
-rw-r--r--src/hid_hidapi.c226
-rw-r--r--src/hid_linux.c308
-rw-r--r--src/hid_openbsd.c91
-rw-r--r--src/hid_osx.c323
-rw-r--r--src/hid_win.c398
-rw-r--r--src/info.c16
-rw-r--r--src/io.c94
-rw-r--r--src/iso7816.c6
-rw-r--r--src/pin.c10
-rw-r--r--src/u2f.c100
-rw-r--r--tools/CMakeLists.txt7
-rw-r--r--tools/assert_get.c94
-rw-r--r--tools/assert_verify.c12
-rw-r--r--tools/base64.c5
-rw-r--r--tools/cred_make.c26
-rw-r--r--tools/cred_verify.c26
-rw-r--r--tools/credman.c21
-rw-r--r--tools/extern.h6
-rw-r--r--tools/fido2-assert.c6
-rwxr-xr-xtools/fido2-attach.sh14
-rw-r--r--tools/fido2-cred.c6
-rwxr-xr-xtools/fido2-detach.sh12
-rw-r--r--tools/fido2-token.c6
-rwxr-xr-xtools/fido2-unprot.sh75
-rwxr-xr-xtools/include_check.sh8
-rwxr-xr-xtools/macos_pkg.sh44
-rw-r--r--tools/token.c18
-rw-r--r--tools/util.c68
-rw-r--r--udev/70-u2f.rules192
-rwxr-xr-xudev/check.sh31
-rw-r--r--udev/fidodevs110
-rwxr-xr-xudev/genrules.awk55
-rw-r--r--windows/build.ps114
126 files changed, 4474 insertions, 3303 deletions
diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml
deleted file mode 100644
index cbb334c..0000000
--- a/.github/workflows/cifuzz_oss.yml
+++ /dev/null
@@ -1,23 +0,0 @@
1name: CIFuzz
2on: [pull_request]
3jobs:
4 Fuzzing:
5 runs-on: ubuntu-latest
6 steps:
7 - name: Build Fuzzers
8 uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
9 with:
10 oss-fuzz-project-name: 'libfido2'
11 dry-run: false
12 - name: Run Fuzzers
13 uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
14 with:
15 oss-fuzz-project-name: 'libfido2'
16 fuzz-seconds: 600
17 dry-run: false
18 - name: Upload Crash
19 uses: actions/upload-artifact@v1
20 if: failure()
21 with:
22 name: artifacts
23 path: ./out/artifacts
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
deleted file mode 100644
index 008961b..0000000
--- a/.github/workflows/scan.yml
+++ /dev/null
@@ -1,36 +0,0 @@
1name: static code analysis
2
3on:
4 push:
5 schedule:
6 - cron: '0 0 * * 1'
7
8env:
9 SCAN_IMG:
10 yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
11 SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
12
13jobs:
14 build:
15 runs-on: ubuntu-latest
16
17 steps:
18 - uses: actions/checkout@master
19
20 - name: Scan but do not fail on warnings
21 run: |
22 if [ "${SECRET}" != "" ]; then
23 docker login yes-docker-local.artifactory.in.yubico.org/ \
24 -u svc-static-code-analysis-reader \
25 -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
26 docker pull ${SCAN_IMG}
27 docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
28 -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
29 fi
30 continue-on-error: true
31
32 - uses: actions/upload-artifact@master
33 if: failure()
34 with:
35 name: suppression_files
36 path: suppression_files
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
deleted file mode 100644
index eb953db..0000000
--- a/.github/workflows/windows.yml
+++ /dev/null
@@ -1,14 +0,0 @@
1name: windows
2
3on: [push]
4
5jobs:
6 build:
7
8 runs-on: windows-latest
9
10 steps:
11 - uses: actions/checkout@v1
12 - name: build
13 run: .\windows\build.ps1
14
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 0915625..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
1build/
2cscope.out
3fuzz/build/
4fuzz/corpus.tgz-
5fuzz/fuzz_*/
6fuzz/obj/
7fuzz/report
8fuzz/*.so
9output/
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index c2bff78..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,86 +0,0 @@
1language: c
2
3matrix:
4 include:
5 - os: linux
6 compiler: clang-7
7 dist: xenial
8 sudo: required
9 addons:
10 apt:
11 sources:
12 - ubuntu-toolchain-r-test
13 - llvm-toolchain-xenial-7
14 packages:
15 - clang-7
16 - cmake
17 - libssl-dev
18 - libudev-dev
19 script: /bin/sh -eux .travis/build-linux-clang
20 - os: linux
21 compiler: gcc-7
22 dist: xenial
23 sudo: required
24 addons:
25 apt:
26 sources:
27 - ubuntu-toolchain-r-test
28 packages:
29 - gcc-7
30 - cmake
31 - libssl-dev
32 - libudev-dev
33 script: /bin/sh -eux .travis/build-linux-gcc
34 - os: linux
35 compiler: i686-w64-mingw32-gcc-4.8
36 dist: xenial
37 sudo: required
38 addons:
39 apt:
40 sources:
41 - ubuntu-toolchain-r-test
42 packages:
43 - binutils-mingw-w64-i686
44 - gcc-mingw-w64
45 - g++-mingw-w64
46 - mingw-w64-i686-dev
47 - cmake
48 script: /bin/sh -eux .travis/build-linux-mingw
49 - os: osx
50 osx_image: xcode10.2
51 compiler: clang
52 sudo: required
53 script: /bin/sh -eux .travis/build-osx-clang
54 - os: linux
55 compiler: clang-7
56 dist: bionic
57 sudo: required
58 addons:
59 apt:
60 sources:
61 - ubuntu-toolchain-r-test
62 - llvm-toolchain-xenial-7
63 packages:
64 - clang-7
65 - cmake
66 - libssl-dev
67 - libudev-dev
68 script: /bin/sh -eux .travis/fuzz-linux-asan
69 - os: linux
70 compiler: clang-7
71 dist: bionic
72 sudo: required
73 addons:
74 apt:
75 sources:
76 - ubuntu-toolchain-r-test
77 - llvm-toolchain-xenial-7
78 packages:
79 - clang-7
80 - cmake
81 - libssl-dev
82 - libudev-dev
83 script: /bin/sh -eux .travis/fuzz-linux-msan
84
85notifications:
86 email: false
diff --git a/.travis/build-linux-clang b/.travis/build-linux-clang
deleted file mode 100644
index 8938461..0000000
--- a/.travis/build-linux-clang
+++ /dev/null
@@ -1,22 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5# Check exports.
6(cd src && ./diff_exports.sh)
7
8# Build and install libcbor.
9git clone git://github.com/pjk/libcbor
10cd libcbor
11git checkout v0.5.0
12mkdir build
13(cd build && cmake ..)
14make -C build
15sudo make -C build install
16cd ..
17
18# Build, analyze, and install libfido2.
19mkdir build
20(cd build && scan-build cmake -DCMAKE_BUILD_TYPE=Debug ..)
21scan-build --status-bugs make -C build
22sudo make -C build install
diff --git a/.travis/build-linux-gcc b/.travis/build-linux-gcc
deleted file mode 100644
index be1e0a9..0000000
--- a/.travis/build-linux-gcc
+++ /dev/null
@@ -1,19 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5# Build and install libcbor.
6git clone git://github.com/pjk/libcbor
7cd libcbor
8git checkout v0.5.0
9mkdir build
10(cd build && cmake ..)
11make -C build
12sudo make -C build install
13cd ..
14
15# Build and install libfido2.
16mkdir build
17(cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..)
18make -C build
19sudo make -C build install
diff --git a/.travis/build-linux-mingw b/.travis/build-linux-mingw
deleted file mode 100644
index c88ddca..0000000
--- a/.travis/build-linux-mingw
+++ /dev/null
@@ -1,47 +0,0 @@
1#!/bin/sh -eux
2
3# XXX defining CC and cross-compiling confuses OpenSSL's build.
4unset CC
5
6sudo mkdir /fakeroot
7sudo chmod 755 /fakeroot
8
9cat << EOF > /tmp/mingw.cmake
10SET(CMAKE_SYSTEM_NAME Windows)
11SET(CMAKE_C_COMPILER i686-w64-mingw32-gcc)
12SET(CMAKE_CXX_COMPILER i686-w64-mingw32-g++)
13SET(CMAKE_RC_COMPILER i686-w64-mingw32-windres)
14SET(CMAKE_FIND_ROOT_PATH /fakeroot)
15SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
16SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
17SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
18EOF
19
20# Build and install libcbor.
21git clone git://github.com/pjk/libcbor
22cd libcbor
23git checkout v0.5.0
24mkdir build
25(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
26 -DCMAKE_INSTALL_PREFIX=/fakeroot ..)
27make -C build
28sudo make -C build install
29cd ..
30
31# Build and install OpenSSL 1.1.0j.
32git clone git://github.com/openssl/openssl
33cd openssl
34git checkout OpenSSL_1_1_0j
35./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \
36 --cross-compile-prefix=i686-w64-mingw32-
37make
38sudo make install_sw
39cd ..
40
41# Build and install libfido2.
42export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig
43mkdir build
44(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \
45 -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/fakeroot ..)
46make -C build
47sudo make -C build install
diff --git a/.travis/build-osx-clang b/.travis/build-osx-clang
deleted file mode 100644
index 69a784c..0000000
--- a/.travis/build-osx-clang
+++ /dev/null
@@ -1,24 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5# Build and install libcbor.
6git clone git://github.com/pjk/libcbor
7cd libcbor
8git checkout v0.5.0
9mkdir build
10(cd build && cmake ..)
11make -C build
12sudo make -C build install
13cd ..
14
15# Install mandoc from Homebrew.
16brew install mandoc
17
18# Build and install libfido2.
19export PKG_CONFIG_PATH=/usr/local/opt/openssl@1.1/lib/pkgconfig
20mkdir build
21(cd build && cmake -DCMAKE_BUILD_TYPE=Debug ..)
22make -C build
23make -C build man_symlink_html
24sudo make -C build install
diff --git a/.travis/fuzz-linux-asan b/.travis/fuzz-linux-asan
deleted file mode 100644
index af8a08c..0000000
--- a/.travis/fuzz-linux-asan
+++ /dev/null
@@ -1,59 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5FAKEROOT=/fakeroot
6sudo mkdir ${FAKEROOT}
7sudo chmod 755 ${FAKEROOT}
8
9# Build and install libcbor.
10git clone git://github.com/pjk/libcbor
11cd libcbor
12patch -p0 < ../fuzz/README
13mkdir build
14cd build
15cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \
16 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
17 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \
18 -DCMAKE_INSTALL_LIBDIR=lib ..
19make
20sudo make install
21cd ../..
22
23# Build and install OpenSSL 1.1.1b.
24git clone git://github.com/openssl/openssl
25cd openssl
26git checkout OpenSSL_1_1_1b
27./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \
28 --openssldir=${FAKEROOT}/openssl
29make clean
30make
31sudo make install_sw
32cd ..
33
34# Build libfido2.
35mkdir build
36cd build
37export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig
38cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
39 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
40 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
41 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
42 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
43 -DCMAKE_BUILD_TYPE=Debug ..
44make
45
46# Fuzz with ASAN.
47mkdir corpus
48curl -s https://ambientworks.net/tmp/corpus.tgz > ../fuzz/corpus.tgz
49tar -C corpus -zxf ../fuzz/corpus.tgz
50fuzz/fuzz_cred -use_value_profile=1 -reload=30 -print_pcs=1 \
51 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_cred
52fuzz/fuzz_assert -use_value_profile=1 -reload=30 -print_pcs=1 \
53 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_assert
54fuzz/fuzz_credman -use_value_profile=1 -reload=30 -print_pcs=1 \
55 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_credman
56fuzz/fuzz_mgmt -use_value_profile=1 -reload=30 -print_pcs=1 \
57 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_mgmt
58fuzz/fuzz_bio -use_value_profile=1 -reload=30 -print_pcs=1 \
59 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_bio
diff --git a/.travis/fuzz-linux-msan b/.travis/fuzz-linux-msan
deleted file mode 100644
index e67ab22..0000000
--- a/.travis/fuzz-linux-msan
+++ /dev/null
@@ -1,59 +0,0 @@
1#!/bin/sh -eux
2
3${CC} --version
4
5FAKEROOT=/fakeroot
6sudo mkdir ${FAKEROOT}
7sudo chmod 755 ${FAKEROOT}
8
9# Build and install libcbor.
10git clone git://github.com/pjk/libcbor
11cd libcbor
12patch -p0 < ../fuzz/README
13mkdir build
14cd build
15cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \
16 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
17 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \
18 -DCMAKE_INSTALL_LIBDIR=lib ..
19make
20sudo make install
21cd ../..
22
23# Build and install OpenSSL 1.1.1b.
24git clone git://github.com/openssl/openssl
25cd openssl
26git checkout OpenSSL_1_1_1b
27./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \
28 --openssldir=${FAKEROOT}/openssl
29make clean
30make
31sudo make install_sw
32cd ..
33
34# Build libfido2.
35mkdir build
36cd build
37export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig
38cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
39 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
40 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
41 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
42 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
43 -DCMAKE_BUILD_TYPE=Debug ..
44make
45
46# Fuzz with MSAN.
47mkdir corpus
48curl -s https://ambientworks.net/tmp/corpus.tgz > ../fuzz/corpus.tgz
49tar -C corpus -zxf ../fuzz/corpus.tgz
50fuzz/fuzz_cred -use_value_profile=1 -reload=30 -print_pcs=1 \
51 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_cred
52fuzz/fuzz_assert -use_value_profile=1 -reload=30 -print_pcs=1 \
53 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_assert
54fuzz/fuzz_credman -use_value_profile=1 -reload=30 -print_pcs=1 \
55 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_credman
56fuzz/fuzz_mgmt -use_value_profile=1 -reload=30 -print_pcs=1 \
57 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_mgmt
58fuzz/fuzz_bio -use_value_profile=1 -reload=30 -print_pcs=1 \
59 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_bio
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0bb2e87..dbd5fa5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,6 +10,8 @@ cmake_minimum_required(VERSION 3.0)
10 10
11include(CheckCCompilerFlag) 11include(CheckCCompilerFlag)
12include(CheckFunctionExists) 12include(CheckFunctionExists)
13include(CheckLibraryExists)
14include(CheckSymbolExists)
13include(CheckIncludeFiles) 15include(CheckIncludeFiles)
14include(CheckTypeSize) 16include(CheckTypeSize)
15include(GNUInstallDirs) 17include(GNUInstallDirs)
@@ -19,7 +21,7 @@ set(CMAKE_VERBOSE_MAKEFILE on)
19set(CMAKE_POSITION_INDEPENDENT_CODE ON) 21set(CMAKE_POSITION_INDEPENDENT_CODE ON)
20 22
21set(FIDO_MAJOR "1") 23set(FIDO_MAJOR "1")
22set(FIDO_MINOR "4") 24set(FIDO_MINOR "5")
23set(FIDO_PATCH "0") 25set(FIDO_PATCH "0")
24set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) 26set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
25 27
@@ -33,21 +35,12 @@ if(CYGWIN OR MSYS)
33endif() 35endif()
34 36
35if(WIN32) 37if(WIN32)
36 add_definitions(-DWIN32_LEAN_AND_MEAN) 38 add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
37endif() 39endif()
38 40
39if(APPLE) 41if(APPLE)
40 set(CMAKE_INSTALL_NAME_DIR 42 set(CMAKE_INSTALL_NAME_DIR
41 "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}") 43 "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}")
42endif()
43
44# Observe OpenBSD's library versioning scheme.
45if(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
46 set(LIB_VERSION ${FIDO_MAJOR}.${FIDO_MINOR})
47 set(LIB_SOVERSION ${LIB_VERSION})
48else()
49 set(LIB_VERSION ${FIDO_VERSION})
50 set(LIB_SOVERSION ${FIDO_MAJOR})
51endif() 44endif()
52 45
53if(MSVC) 46if(MSVC)
@@ -58,7 +51,7 @@ if(MSVC)
58 "under msvc") 51 "under msvc")
59 endif() 52 endif()
60 set(CBOR_LIBRARIES cbor) 53 set(CBOR_LIBRARIES cbor)
61 set(CRYPTO_LIBRARIES crypto-45) 54 set(CRYPTO_LIBRARIES crypto-46)
62 set(MSVC_DISABLED_WARNINGS_LIST 55 set(MSVC_DISABLED_WARNINGS_LIST
63 "C4200" # nonstandard extension used: zero-sized array in 56 "C4200" # nonstandard extension used: zero-sized array in
64 # struct/union; 57 # struct/union;
@@ -71,9 +64,9 @@ if(MSVC)
71 # The construction in the following 3 lines was taken from LibreSSL's 64 # The construction in the following 3 lines was taken from LibreSSL's
72 # CMakeLists.txt. 65 # CMakeLists.txt.
73 string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR 66 string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
74 ${MSVC_DISABLED_WARNINGS_LIST}) 67 ${MSVC_DISABLED_WARNINGS_LIST})
75 string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) 68 string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
76 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}") 69 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}")
77 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7") 70 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7")
78 set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi") 71 set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi")
79else() 72else()
@@ -102,13 +95,18 @@ else()
102 if(CMAKE_SYSTEM_NAME STREQUAL "Linux") 95 if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
103 pkg_search_module(UDEV libudev REQUIRED) 96 pkg_search_module(UDEV libudev REQUIRED)
104 set(UDEV_NAME "udev") 97 set(UDEV_NAME "udev")
98 include_directories(${UDEV_INCLUDE_DIRS})
99 link_directories(${UDEV_LIBRARY_DIRS})
105 # Define be32toh(). 100 # Define be32toh().
106 add_definitions(-D_GNU_SOURCE) 101 add_definitions(-D_GNU_SOURCE)
107 # If using hidapi, use hidapi-hidraw. 102 # If using hidapi, use hidapi-hidraw.
108 set(HIDAPI_SUFFIX -hidraw) 103 set(HIDAPI_SUFFIX -hidraw)
109 elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR 104 # Look for clock_gettime in librt.
110 CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") 105 check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
111 set(BASE_LIBRARIES usbhid) 106 if(HAVE_CLOCK_GETTIME)
107 set(BASE_LIBRARIES ${BASE_LIBRARIES} rt)
108 add_definitions(-DHAVE_CLOCK_GETTIME)
109 endif()
112 endif() 110 endif()
113 111
114 if(MINGW) 112 if(MINGW)
@@ -122,6 +120,8 @@ else()
122 add_definitions(-DUSE_HIDAPI) 120 add_definitions(-DUSE_HIDAPI)
123 pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED) 121 pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
124 if(HIDAPI_FOUND) 122 if(HIDAPI_FOUND)
123 include_directories(${HIDAPI_INCLUDE_DIRS})
124 link_directories(${HIDAPI_LIBRARY_DIRS})
125 set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX}) 125 set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
126 endif() 126 endif()
127 endif() 127 endif()
@@ -153,24 +153,6 @@ else()
153 endif() 153 endif()
154 add_definitions(-DFIDO_FUZZ) 154 add_definitions(-DFIDO_FUZZ)
155 endif() 155 endif()
156
157 if(ASAN)
158 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,leak")
159 endif()
160
161 if(MSAN)
162 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory")
163 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize-memory-track-origins")
164 endif()
165
166 if(UBSAN)
167 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined")
168 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize-trap=undefined")
169 endif()
170
171 if(COVERAGE)
172 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-instr-generate -fcoverage-mapping")
173 endif()
174endif() 156endif()
175 157
176# Use -Wshorten-64-to-32 if available. 158# Use -Wshorten-64-to-32 if available.
@@ -333,6 +315,20 @@ if(UNIX)
333 add_definitions(-DHAVE_DEV_URANDOM) 315 add_definitions(-DHAVE_DEV_URANDOM)
334endif() 316endif()
335 317
318# clock_gettime
319if(NOT HAVE_CLOCK_GETTIME)
320 check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
321 if(HAVE_CLOCK_GETTIME)
322 add_definitions(-DHAVE_CLOCK_GETTIME)
323 endif()
324endif()
325
326# timespecsub
327check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB)
328if(HAVE_TIMESPECSUB)
329 add_definitions(-DHAVE_TIMESPECSUB)
330endif()
331
336# export list 332# export list
337if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR 333if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
338 CMAKE_C_COMPILER_ID STREQUAL "AppleClang")) 334 CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
@@ -366,7 +362,7 @@ elseif(NOT MSVC)
366 endif() 362 endif()
367else() 363else()
368 string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS} 364 string(CONCAT CMAKE_SHARED_LINKER_FLAGS ${CMAKE_SHARED_LINKER_FLAGS}
369 " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"") 365 " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
370endif() 366endif()
371 367
372include_directories(${CMAKE_SOURCE_DIR}/src) 368include_directories(${CMAKE_SOURCE_DIR}/src)
@@ -376,38 +372,33 @@ include_directories(${CRYPTO_INCLUDE_DIRS})
376link_directories(${CBOR_LIBRARY_DIRS}) 372link_directories(${CBOR_LIBRARY_DIRS})
377link_directories(${CRYPTO_LIBRARY_DIRS}) 373link_directories(${CRYPTO_LIBRARY_DIRS})
378 374
375message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}")
376message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
377message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
378message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
379message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
379message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}") 380message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
380message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}") 381message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
381message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
382message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}") 382message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
383message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}") 383message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
384message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
385message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
386message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
387message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}") 384message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
388message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
389message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}") 385message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
390message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}") 386message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
391message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}") 387message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
392message(STATUS "VERSION: ${FIDO_VERSION}")
393message(STATUS "LIB_VERSION: ${LIB_VERSION}")
394message(STATUS "LIB_SOVERSION: ${LIB_SOVERSION}")
395message(STATUS "FUZZ: ${FUZZ}") 388message(STATUS "FUZZ: ${FUZZ}")
396message(STATUS "AFL: ${AFL}") 389if(USE_HIDAPI)
390 message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
391 message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
392 message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
393endif()
397message(STATUS "LIBFUZZER: ${LIBFUZZER}") 394message(STATUS "LIBFUZZER: ${LIBFUZZER}")
398message(STATUS "ASAN: ${ASAN}")
399message(STATUS "MSAN: ${MSAN}")
400message(STATUS "COVERAGE: ${COVERAGE}")
401message(STATUS "TLS: ${TLS}") 395message(STATUS "TLS: ${TLS}")
396message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
397message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
398message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
399message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
402message(STATUS "USE_HIDAPI: ${USE_HIDAPI}") 400message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
403 401
404if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
405 message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
406 message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
407 message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
408 message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
409endif()
410
411subdirs(src) 402subdirs(src)
412subdirs(examples) 403subdirs(examples)
413subdirs(tools) 404subdirs(tools)
@@ -415,7 +406,7 @@ subdirs(man)
415 406
416if(NOT WIN32) 407if(NOT WIN32)
417 if(CMAKE_BUILD_TYPE STREQUAL "Debug") 408 if(CMAKE_BUILD_TYPE STREQUAL "Debug")
418 if(NOT MSAN AND NOT LIBFUZZER) 409 if(NOT LIBFUZZER AND NOT FUZZ)
419 subdirs(regress) 410 subdirs(regress)
420 endif() 411 endif()
421 endif() 412 endif()
diff --git a/NEWS b/NEWS
index 153ff71..b651ca0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,21 @@
1* Version 1.5.0 (2020-09-01)
2 ** hid_linux: return FIDO_OK if no devices are found.
3 ** hid_osx:
4 - repair communication with U2F tokens, gh#166;
5 - reliability fixes.
6 ** fido2-{assert,cred}: new options to explicitly toggle UP, UV.
7 ** Support for configurable report lengths.
8 ** New API calls:
9 - fido_cbor_info_maxcredcntlst;
10 - fido_cbor_info_maxcredidlen;
11 - fido_cred_aaguid_len;
12 - fido_cred_aaguid_ptr;
13 - fido_dev_get_touch_begin;
14 - fido_dev_get_touch_status.
15 ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
16 ** Allow CTAP messages up to 2048 bytes; gh#171.
17 ** Ensure we only list USB devices by default.
18
1* Version 1.4.0 (2020-04-15) 19* Version 1.4.0 (2020-04-15)
2 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. 20 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
3 ** Fall back to U2F if the key claims to, but does not support FIDO2. 21 ** Fall back to U2F if the key claims to, but does not support FIDO2.
diff --git a/README.adoc b/README.adoc
index f389a83..6fe0272 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,8 +1,10 @@
1== libfido2 1== libfido2
2 2
3image:https://api.travis-ci.org/Yubico/libfido2.svg?branch=master["Build Status (Travis)", link="https://travis-ci.org/Yubico/libfido2"] 3image:https://github.com/yubico/libfido2/workflows/linux/badge.svg["Linux Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
4image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["windows build status (github actions)", link="https://github.com/Yubico/libfido2/actions"] 4image:https://github.com/yubico/libfido2/workflows/macos/badge.svg["macOS Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
5image:https://img.shields.io/badge/license-BSD-blue.svg["License", link="https://raw.githubusercontent.com/Yubico/libfido2/master/LICENSE"] 5image:https://github.com/yubico/libfido2/workflows/windows/badge.svg["Windows Build Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
6image:https://github.com/yubico/libfido2/workflows/fuzzer/badge.svg["Fuzz Status (github actions)", link="https://github.com/Yubico/libfido2/actions"]
7image:https://oss-fuzz-build-logs.storage.googleapis.com/badges/libfido2.svg["Fuzz Status (oss-fuzz)", link="https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libfido2"]
6 8
7*libfido2* provides library functionality and command-line tools to 9*libfido2* provides library functionality and command-line tools to
8communicate with a FIDO device over USB, and to verify attestation and 10communicate with a FIDO device over USB, and to verify attestation and
@@ -14,7 +16,7 @@ For usage, see the `examples/` directory.
14 16
15=== License 17=== License
16 18
17*libfido2* is licensed under the BSD 2-clause license. See the _LICENSE_ 19*libfido2* is licensed under the BSD 2-clause license. See the LICENSE
18file for the full license text. 20file for the full license text.
19 21
20=== Supported Platforms 22=== Supported Platforms
@@ -31,11 +33,17 @@ is also available.
31 33
32==== Releases 34==== Releases
33 35
34The current release of *libfido2* is 1.4.0. Please consult Yubico's 36The current release of *libfido2* is 1.5.0. Please consult Yubico's
35https://developers.yubico.com/libfido2/Releases[release page] for source 37https://developers.yubico.com/libfido2/Releases[release page] for source
36and binary releases. 38and binary releases.
37 39
38==== Ubuntu 40==== Ubuntu 20.04 (Focal)
41
42 $ sudo apt install libfido2-1
43 $ sudo apt install libfido2-dev
44 $ sudo apt install libfido2-doc
45
46==== Ubuntu 18.04 (Bionic) and 16.04 (Xenial)
39 47
40 $ sudo apt install software-properties-common 48 $ sudo apt install software-properties-common
41 $ sudo apt-add-repository ppa:yubico/stable 49 $ sudo apt-add-repository ppa:yubico/stable
@@ -52,15 +60,16 @@ Or from source, on UNIX-like systems:
52 $ make -C build 60 $ make -C build
53 $ sudo make -C build install 61 $ sudo make -C build install
54 62
55Depending on the platform, the PKG_CONFIG_PATH environment variable may need to 63Depending on the platform,
56be set. 64https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to
65be installed, or the PKG_CONFIG_PATH environment variable set.
57 66
58*libfido2* depends on https://github.com/pjk/libcbor[libcbor] and 67*libfido2* depends on https://github.com/pjk/libcbor[libcbor] and
59https://www.openssl.org[OpenSSL]. On Linux, libudev (part of 68https://www.openssl.org[OpenSSL]. On Linux, libudev (part of
60https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also required. 69https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also required.
61 70
62For complete, OS-specific installation instructions, please refer to the 71For complete, OS-specific installation instructions, please refer to the
63`.travis/` (Linux, MacOS) and `windows/` directories. 72`.actions/` (Linux, MacOS) and `windows/` directories.
64 73
65On Linux, you will need to add a udev rule to be able to access the FIDO 74On Linux, you will need to add a udev rule to be able to access the FIDO
66device, or run as root. For example, the udev rule may contain the following: 75device, or run as root. For example, the udev rule may contain the following:
diff --git a/debian/changelog b/debian/changelog
deleted file mode 100644
index 7502d61..0000000
--- a/debian/changelog
+++ /dev/null
@@ -1,80 +0,0 @@
1libfido2 (1.2.0~ppa1~bionic1) bionic; urgency=low
2
3 * Credential management support.
4 * New API reflecting FIDO's 3-state booleans (true, false, absent):
5 - fido_assert_set_up;
6 - fido_assert_set_uv;
7 - fido_cred_set_rk;
8 - fido_cred_set_uv.
9 * Command-line tools for Windows.
10 * Documentation and reliability fixes.
11 * fido_{assert,cred}_set_options() are now marked as deprecated.
12
13 -- pedro martelletto <pedro@yubico.com> Fri, 23 Aug 2019 12:08:02 +0000
14
15libfido2 (1.1.0) bionic; urgency=low
16
17 * MacOS: fix IOKit crash on HID read.
18 * Windows: fix contents of release file.
19 * EdDSA (Ed25519) support.
20 * fido_dev_make_cred: fix order of CBOR map keys.
21 * fido_dev_get_assert: plug memory leak when operating on U2F devices.
22
23 -- pedro martelletto <pedro@yubico.com> Tue, 07 May 2019 08:03:21 +0000
24
25libfido2 (1.0.0) bionic; urgency=low
26
27 * Native HID support on Linux, MacOS, and Windows.
28 * fido2-{assert,cred}: new -u option to force U2F on dual authenticators.
29 * fido2-assert: support for multiple resident keys with the same RP.
30 * Strict checks for CTAP2 compliance on received CBOR payloads.
31 * Better fuzzing harnesses.
32 * Documentation and reliability fixes.
33
34 -- pedro martelletto <pedro@yubico.com> Tue, 19 Mar 2019 07:38:36 +0000
35
36libfido2 (0.4.0) bionic; urgency=low
37
38 * fido2-assert: print the user id for resident credentials.
39 * Fix encoding of COSE algorithms when making a credential.
40 * Rework purpose of fido_cred_set_type; no ABI change.
41 * Minor documentation and code fixes.
42
43 -- pedro martelletto <pedro@yubico.com> Mon, 07 Jan 2019 08:22:01 +0000
44
45libfido2 (0.3.0) bionic; urgency=low
46
47 * Various reliability fixes.
48 * Merged fuzzing instrumentation.
49 * Added regress tests.
50 * Added support for FIDO 2's hmac-secret extension.
51 * New API calls:
52 - fido_assert_hmac_secret_len;
53 - fido_assert_hmac_secret_ptr;
54 - fido_assert_set_extensions;
55 - fido_assert_set_hmac_salt;
56 - fido_cred_set_extensions;
57 - fido_dev_force_fido2.
58 * Support for native builds with Microsoft Visual Studio 17.
59
60 -- pedro martelletto <pedro@yubico.com> Tue, 11 Sep 2018 09:05:32 +0000
61
62libfido2 (0.2.0) bionic; urgency=low
63
64 * Added command-line tools.
65 * Added a couple of missing get functions.
66
67 -- pedro martelletto <pedro@yubico.com> Mon, 18 Jun 2018 10:44:11 +0000
68
69libfido2 (0.1.1~dev) bionic; urgency=low
70
71 * Added documentation.
72 * Minor fixes.
73
74 -- pedro martelletto <pedro@yubico.com> Wed, 30 May 2018 13:16:28 +0000
75
76libfido2 (0.1.0~dev) bionic; urgency=low
77
78 * Initial release.
79
80 -- pedro martelletto <pedro@yubico.com> Fri, 18 May 2018 08:47:01 +0000
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index ec63514..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
19
diff --git a/debian/control b/debian/control
deleted file mode 100644
index 50b9482..0000000
--- a/debian/control
+++ /dev/null
@@ -1,53 +0,0 @@
1Source: libfido2
2Priority: optional
3Maintainer: Yubico Open Source Maintainers <ossmaint@yubico.com>
4Uploaders: pedro martelletto <pedro@yubico.com>
5Standards-Version: 4.1.2
6Section: libs
7Homepage: https://github.com/yubico/libfido2
8Build-Depends: debhelper (>= 9),
9 pkg-config,
10 cmake,
11 mandoc,
12 libcbor-dev,
13 libssl-dev,
14 libudev-dev
15
16Package: libfido2-1
17Architecture: any
18Multi-Arch: same
19Depends: libcbor0, libssl1.1, libudev1, ${shlibs:Depends}, ${misc:Depends}
20Description: library for generating and verifying FIDO 2.0 objects
21 A library for communicating with a FIDO device over USB, and for verifying
22 attestation and assertion signatures. FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
23 are supported. This package contains the runtime library.
24
25Package: libfido2-dev
26Section: libdevel
27Architecture: any
28Multi-Arch: same
29Depends: libfido2-1 (= ${binary:Version}), ${misc:Depends}
30Suggests: libssl-dev
31Description: library for generating and verifying FIDO 2.0 objects (development headers)
32 A library for communicating with a FIDO device over USB, and for verifying
33 attestation and assertion signatures. FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
34 are supported. This package contains the development headers.
35
36Package: fido2-tools
37Section: utils
38Architecture: any
39Multi-Arch: foreign
40Depends: libfido2-1 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
41Description: command-line tools to configure and use a FIDO 2 token
42 A set of tools to manage a FIDO 2 token, generate credentials and
43 assertions, and verify them.
44
45Package: libfido2-udev
46Section: libs
47Architecture: all
48Multi-Arch: foreign
49Depends: ${misc:Depends}
50Conflicts: libu2f-udev
51Description: udev rules for access to U2F and FIDO2 devices
52 A set of udev rules allowing unprivileged system-level access
53 to U2F and FIDO2 USB devices for logged-on users.
diff --git a/debian/copyright b/debian/copyright
deleted file mode 100644
index 3ba51ef..0000000
--- a/debian/copyright
+++ /dev/null
@@ -1,85 +0,0 @@
1Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
2Upstream-Name: libfido2
3Source: https://github.com/yubico/libfido2
4
5Files: *
6Copyright: Copyright (c) 2018 Yubico AB. All rights reserved.
7License: BSD-2-clause
8
9Files: openbsd-compat/strlcpy.c openbsd-compat/strlcat.c
10Copyright: Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
11License: ISC
12
13Files: src/compat/timingsafe_bcmp.c
14Copyright: Copyright (c) 2010 Damien Miller. All rights reserved.
15License: ISC
16
17Files:
18 openbsd-compat/bsd-getpagesize.c
19 openbsd-compat/err.h
20 openbsd-compat/explicit_bzero.c
21 openbsd-compat/explicit_bzero_win32.c
22 openbsd-compat/types.h
23Copyright: Public domain
24License: public-domain
25
26Files: openbsd-compat/recallocarray.c
27Copyright: Copyright (c) 2008, 2017 Otto Moerbeek <otto@drijf.net>
28License: ISC
29
30Files: openbsd-compat/readpassphrase.h
31Copyright: Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
32License: ISC
33
34Files: openbsd-compat/readpassphrase.c
35Copyright: Copyright (c) 2000-2002, 2007, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
36License: ISC
37
38Files: openbsd-compat/getopt.h
39Copyright: Copyright (c) 2000 The NetBSD Foundation, Inc. All rights reserved.
40License: BSD-2-clause
41
42Files: openbsd-compat/getopt_long.c
43Copyright: Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
44 Copyright (c) 2000 The NetBSD Foundation, Inc. All rights reserved.
45License: ISC and BSD-2-clause
46
47License: BSD-2-clause
48 Redistribution and use in source and binary forms, with or without
49 modification, are permitted provided that the following conditions are
50 met:
51 .
52 1. Redistributions of source code must retain the above copyright
53 notice, this list of conditions and the following disclaimer.
54 2. Redistributions in binary form must reproduce the above copyright
55 notice, this list of conditions and the following disclaimer in
56 the documentation and/or other materials provided with the
57 distribution.
58 .
59 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
60 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
61 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
62 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
63 HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
64 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
65 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
66 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
67 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
68 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
69 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
70
71License: public-domain
72 Public domain.
73
74License: ISC
75 Permission to use, copy, modify, and distribute this software for any
76 purpose with or without fee is hereby granted, provided that the above
77 copyright notice and this permission notice appear in all copies.
78 .
79 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
80 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
81 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
82 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
83 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
84 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
85 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/debian/fido2-tools.install b/debian/fido2-tools.install
deleted file mode 100644
index e772481..0000000
--- a/debian/fido2-tools.install
+++ /dev/null
@@ -1 +0,0 @@
1usr/bin
diff --git a/debian/fido2-tools.manpages b/debian/fido2-tools.manpages
deleted file mode 100644
index fc19867..0000000
--- a/debian/fido2-tools.manpages
+++ /dev/null
@@ -1,3 +0,0 @@
1man/fido2-assert.1
2man/fido2-cred.1
3man/fido2-token.1
diff --git a/debian/libfido2-1.install b/debian/libfido2-1.install
deleted file mode 100644
index a080fbe..0000000
--- a/debian/libfido2-1.install
+++ /dev/null
@@ -1 +0,0 @@
1usr/lib/*/libfido2.so.*
diff --git a/debian/libfido2-1.symbols b/debian/libfido2-1.symbols
deleted file mode 100644
index afbf449..0000000
--- a/debian/libfido2-1.symbols
+++ /dev/null
@@ -1,148 +0,0 @@
1libfido2.so.1 libfido2-1 #MINVER#
2 eddsa_pk_free@Base 1.1.0
3 eddsa_pk_from_EVP_PKEY@Base 1.1.0
4 eddsa_pk_from_ptr@Base 1.1.0
5 eddsa_pk_new@Base 1.1.0
6 eddsa_pk_to_EVP_PKEY@Base 1.1.0
7 es256_pk_free@Base 1.1.0
8 es256_pk_from_EC_KEY@Base 1.1.0
9 es256_pk_from_ptr@Base 1.1.0
10 es256_pk_new@Base 1.1.0
11 es256_pk_to_EVP_PKEY@Base 1.1.0
12 fido_assert_allow_cred@Base 1.1.0
13 fido_assert_authdata_len@Base 1.1.0
14 fido_assert_authdata_ptr@Base 1.1.0
15 fido_assert_clientdata_hash_len@Base 1.1.0
16 fido_assert_clientdata_hash_ptr@Base 1.1.0
17 fido_assert_count@Base 1.1.0
18 fido_assert_flags@Base 1.1.0
19 fido_assert_free@Base 1.1.0
20 fido_assert_hmac_secret_len@Base 1.1.0
21 fido_assert_hmac_secret_ptr@Base 1.1.0
22 fido_assert_id_len@Base 1.1.0
23 fido_assert_id_ptr@Base 1.1.0
24 fido_assert_new@Base 1.1.0
25 fido_assert_rp_id@Base 1.1.0
26 fido_assert_set_authdata@Base 1.1.0
27 fido_assert_set_clientdata_hash@Base 1.1.0
28 fido_assert_set_count@Base 1.1.0
29 fido_assert_set_extensions@Base 1.1.0
30 fido_assert_set_hmac_salt@Base 1.1.0
31 fido_assert_set_options@Base 1.1.0
32 fido_assert_set_rp@Base 1.1.0
33 fido_assert_set_sig@Base 1.1.0
34 fido_assert_set_up@Base 1.2.0
35 fido_assert_set_uv@Base 1.2.0
36 fido_assert_sig_len@Base 1.1.0
37 fido_assert_sig_ptr@Base 1.1.0
38 fido_assert_user_display_name@Base 1.1.0
39 fido_assert_user_icon@Base 1.1.0
40 fido_assert_user_id_len@Base 1.1.0
41 fido_assert_user_id_ptr@Base 1.1.0
42 fido_assert_user_name@Base 1.1.0
43 fido_assert_verify@Base 1.1.0
44 fido_cbor_info_aaguid_len@Base 1.1.0
45 fido_cbor_info_aaguid_ptr@Base 1.1.0
46 fido_cbor_info_extensions_len@Base 1.1.0
47 fido_cbor_info_extensions_ptr@Base 1.1.0
48 fido_cbor_info_free@Base 1.1.0
49 fido_cbor_info_maxmsgsiz@Base 1.1.0
50 fido_cbor_info_new@Base 1.1.0
51 fido_cbor_info_options_len@Base 1.1.0
52 fido_cbor_info_options_name_ptr@Base 1.1.0
53 fido_cbor_info_options_value_ptr@Base 1.1.0
54 fido_cbor_info_protocols_len@Base 1.1.0
55 fido_cbor_info_protocols_ptr@Base 1.1.0
56 fido_cbor_info_versions_len@Base 1.1.0
57 fido_cbor_info_versions_ptr@Base 1.1.0
58 fido_cred_authdata_len@Base 1.1.0
59 fido_cred_authdata_ptr@Base 1.1.0
60 fido_cred_clientdata_hash_len@Base 1.1.0
61 fido_cred_clientdata_hash_ptr@Base 1.1.0
62 fido_cred_display_name@Base 1.2.0
63 fido_cred_exclude@Base 1.1.0
64 fido_cred_flags@Base 1.1.0
65 fido_cred_fmt@Base 1.1.0
66 fido_cred_free@Base 1.1.0
67 fido_cred_id_len@Base 1.1.0
68 fido_cred_id_ptr@Base 1.1.0
69 fido_cred_new@Base 1.1.0
70 fido_cred_pubkey_len@Base 1.1.0
71 fido_cred_pubkey_ptr@Base 1.1.0
72 fido_cred_rp_id@Base 1.1.0
73 fido_cred_rp_name@Base 1.1.0
74 fido_cred_set_authdata@Base 1.1.0
75 fido_cred_set_clientdata_hash@Base 1.1.0
76 fido_cred_set_extensions@Base 1.1.0
77 fido_cred_set_fmt@Base 1.1.0
78 fido_cred_set_options@Base 1.1.0
79 fido_cred_set_rk@Base 1.2.0
80 fido_cred_set_rp@Base 1.1.0
81 fido_cred_set_sig@Base 1.1.0
82 fido_cred_set_type@Base 1.1.0
83 fido_cred_set_user@Base 1.1.0
84 fido_cred_set_uv@Base 1.2.0
85 fido_cred_set_x509@Base 1.1.0
86 fido_cred_sig_len@Base 1.1.0
87 fido_cred_sig_ptr@Base 1.1.0
88 fido_cred_type@Base 1.2.0
89 fido_cred_user_id_len@Base 1.2.0
90 fido_cred_user_id_ptr@Base 1.2.0
91 fido_cred_user_name@Base 1.2.0
92 fido_cred_verify@Base 1.1.0
93 fido_cred_x5c_len@Base 1.1.0
94 fido_cred_x5c_ptr@Base 1.1.0
95 fido_credman_del_dev_rk@Base 1.2.0
96 fido_credman_get_dev_metadata@Base 1.2.0
97 fido_credman_get_dev_rk@Base 1.2.0
98 fido_credman_get_dev_rp@Base 1.2.0
99 fido_credman_metadata_free@Base 1.2.0
100 fido_credman_metadata_new@Base 1.2.0
101 fido_credman_rk@Base 1.2.0
102 fido_credman_rk_count@Base 1.2.0
103 fido_credman_rk_existing@Base 1.2.0
104 fido_credman_rk_free@Base 1.2.0
105 fido_credman_rk_new@Base 1.2.0
106 fido_credman_rk_remaining@Base 1.2.0
107 fido_credman_rp_count@Base 1.2.0
108 fido_credman_rp_free@Base 1.2.0
109 fido_credman_rp_id@Base 1.2.0
110 fido_credman_rp_id_hash_len@Base 1.2.0
111 fido_credman_rp_id_hash_ptr@Base 1.2.0
112 fido_credman_rp_name@Base 1.2.0
113 fido_credman_rp_new@Base 1.2.0
114 fido_dev_build@Base 1.1.0
115 fido_dev_close@Base 1.1.0
116 fido_dev_flags@Base 1.1.0
117 fido_dev_force_fido2@Base 1.1.0
118 fido_dev_force_u2f@Base 1.1.0
119 fido_dev_free@Base 1.1.0
120 fido_dev_get_assert@Base 1.1.0
121 fido_dev_get_cbor_info@Base 1.1.0
122 fido_dev_get_retry_count@Base 1.1.0
123 fido_dev_info_free@Base 1.1.0
124 fido_dev_info_manifest@Base 1.1.0
125 fido_dev_info_manufacturer_string@Base 1.1.0
126 fido_dev_info_new@Base 1.1.0
127 fido_dev_info_path@Base 1.1.0
128 fido_dev_info_product@Base 1.1.0
129 fido_dev_info_product_string@Base 1.1.0
130 fido_dev_info_ptr@Base 1.1.0
131 fido_dev_info_vendor@Base 1.1.0
132 fido_dev_is_fido2@Base 1.1.0
133 fido_dev_major@Base 1.1.0
134 fido_dev_make_cred@Base 1.1.0
135 fido_dev_minor@Base 1.1.0
136 fido_dev_new@Base 1.1.0
137 fido_dev_open@Base 1.1.0
138 fido_dev_protocol@Base 1.1.0
139 fido_dev_reset@Base 1.1.0
140 fido_dev_set_io_functions@Base 1.1.0
141 fido_dev_set_pin@Base 1.1.0
142 fido_init@Base 1.1.0
143 fido_strerr@Base 1.1.0
144 rs256_pk_free@Base 1.1.0
145 rs256_pk_from_RSA@Base 1.1.0
146 rs256_pk_from_ptr@Base 1.1.0
147 rs256_pk_new@Base 1.1.0
148 rs256_pk_to_EVP_PKEY@Base 1.1.0
diff --git a/debian/libfido2-dev.install b/debian/libfido2-dev.install
deleted file mode 100644
index c1c34e7..0000000
--- a/debian/libfido2-dev.install
+++ /dev/null
@@ -1,29 +0,0 @@
1usr/include
2usr/lib/*/*.so
3usr/lib/*/pkgconfig/*.pc
4usr/share/doc/libfido2/html/eddsa_pk_new.html
5usr/share/doc/libfido2/html/es256_pk_new.html
6usr/share/doc/libfido2/html/fido_init.html
7usr/share/doc/libfido2/html/fido_assert_new.html
8usr/share/doc/libfido2/html/fido_assert_allow_cred.html
9usr/share/doc/libfido2/html/fido_assert_set_authdata.html
10usr/share/doc/libfido2/html/fido_assert_verify.html
11usr/share/doc/libfido2/html/fido_bio_dev_get_info.html
12usr/share/doc/libfido2/html/fido_bio_enroll_new.html
13usr/share/doc/libfido2/html/fido_bio_info_new.html
14usr/share/doc/libfido2/html/fido_bio_template.html
15usr/share/doc/libfido2/html/fido_cbor_info_new.html
16usr/share/doc/libfido2/html/fido_cred_new.html
17usr/share/doc/libfido2/html/fido_cred_exclude.html
18usr/share/doc/libfido2/html/fido_credman_metadata_new.html
19usr/share/doc/libfido2/html/fido_cred_set_authdata.html
20usr/share/doc/libfido2/html/fido_cred_verify.html
21usr/share/doc/libfido2/html/fido_dev_get_assert.html
22usr/share/doc/libfido2/html/fido_dev_info_manifest.html
23usr/share/doc/libfido2/html/fido_dev_make_cred.html
24usr/share/doc/libfido2/html/fido_dev_open.html
25usr/share/doc/libfido2/html/fido_dev_set_io_functions.html
26usr/share/doc/libfido2/html/fido_dev_set_pin.html
27usr/share/doc/libfido2/html/fido_strerr.html
28usr/share/doc/libfido2/html/rs256_pk_new.html
29usr/share/doc/libfido2/html/style.css
diff --git a/debian/libfido2-dev.links b/debian/libfido2-dev.links
deleted file mode 100644
index b23b8a0..0000000
--- a/debian/libfido2-dev.links
+++ /dev/null
@@ -1,276 +0,0 @@
1/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_free.3
2/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_from_ptr.3
3/usr/share/man/man3/eddsa_pk_new.3 /usr/share/man/man3/eddsa_pk_to_EVP_PKEY.3
4/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_free.3
5/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_from_EC_KEY.3
6/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_from_ptr.3
7/usr/share/man/man3/es256_pk_new.3 /usr/share/man/man3/es256_pk_to_EVP_PKEY.3
8/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_authdata_len.3
9/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_authdata_ptr.3
10/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_clientdata_hash_len.3
11/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_clientdata_hash_ptr.3
12/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_count.3
13/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_free.3
14/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_hmac_secret_len.3
15/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_hmac_secret_ptr.3
16/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sigcount.3
17/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sig_len.3
18/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_sig_ptr.3
19/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_display_name.3
20/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_icon.3
21/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_id_len.3
22/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_id_ptr.3
23/usr/share/man/man3/fido_assert_new.3 /usr/share/man/man3/fido_assert_user_name.3
24/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_clientdata_hash.3
25/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_count.3
26/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_extensions.3
27/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_hmac_salt.3
28/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_rp.3
29/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_sig.3
30/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_up.3
31/usr/share/man/man3/fido_assert_set_authdata.3 /usr/share/man/man3/fido_assert_set_uv.3
32/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_begin.3
33/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_cancel.3
34/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_continue.3
35/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_enroll_remove.3
36/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_get_template_array.3
37/usr/share/man/man3/fido_bio_dev_get_info.3 /usr/share/man/man3/fido_bio_dev_set_template_name.3
38/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_free.3
39/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_last_status.3
40/usr/share/man/man3/fido_bio_enroll_new.3 /usr/share/man/man3/fido_bio_enroll_remaining_samples.3
41/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_free.3
42/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_max_samples.3
43/usr/share/man/man3/fido_bio_info_new.3 /usr/share/man/man3/fido_bio_info_type.3
44/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_count.3
45/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_free.3
46/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_array_new.3
47/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_free.3
48/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_id_len.3
49/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_id_ptr.3
50/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_name.3
51/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_new.3
52/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_set_id.3
53/usr/share/man/man3/fido_bio_template.3 /usr/share/man/man3/fido_bio_template_set_name.3
54/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_aaguid_len.3
55/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_aaguid_ptr.3
56/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_extensions_len.3
57/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_extensions_ptr.3
58/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_free.3
59/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_maxmsgsiz.3
60/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_len.3
61/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_name_ptr.3
62/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_options_value_ptr.3
63/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_protocols_len.3
64/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_protocols_ptr.3
65/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_versions_len.3
66/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_cbor_info_versions_ptr.3
67/usr/share/man/man3/fido_cbor_info_new.3 /usr/share/man/man3/fido_dev_get_cbor_info.3
68/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_authdata_len.3
69/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_authdata_ptr.3
70/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_clientdata_hash_len.3
71/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_clientdata_hash_ptr.3
72/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_fmt.3
73/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_free.3
74/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_id_len.3
75/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_id_ptr.3
76/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_prot.3
77/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_pubkey_len.3
78/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_pubkey_ptr.3
79/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_sig_len.3
80/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_sig_ptr.3
81/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_x5c_len.3
82/usr/share/man/man3/fido_cred_new.3 /usr/share/man/man3/fido_cred_x5c_ptr.3
83/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_del_dev_rk.3
84/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_metadata.3
85/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_rk.3
86/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_get_dev_rp.3
87/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_metadata_free.3
88/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk.3
89/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_count.3
90/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_existing.3
91/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_free.3
92/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_new.3
93/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rk_remaining.3
94/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_count.3
95/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_free.3
96/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id.3
97/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id_hash_len.3
98/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_id_hash_ptr.3
99/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_name.3
100/usr/share/man/man3/fido_credman_metadata_new.3 /usr/share/man/man3/fido_credman_rp_new.3
101/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_authdata_raw.3
102/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_clientdata_hash.3
103/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_extensions.3
104/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_fmt.3
105/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_prot.3
106/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_rk.3
107/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_rp.3
108/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_sig.3
109/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_type.3
110/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_user.3
111/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_uv.3
112/usr/share/man/man3/fido_cred_set_authdata.3 /usr/share/man/man3/fido_cred_set_x509.3
113/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_free.3
114/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_manufacturer_string.3
115/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_new.3
116/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_path.3
117/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_product.3
118/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_product_string.3
119/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_ptr.3
120/usr/share/man/man3/fido_dev_info_manifest.3 /usr/share/man/man3/fido_dev_info_vendor.3
121/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_build.3
122/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_cancel.3
123/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_close.3
124/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_flags.3
125/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_force_fido2.3
126/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_force_u2f.3
127/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_free.3
128/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_is_fido2.3
129/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_major.3
130/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_minor.3
131/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_new.3
132/usr/share/man/man3/fido_dev_open.3 /usr/share/man/man3/fido_dev_protocol.3
133/usr/share/man/man3/fido_dev_set_pin.3 /usr/share/man/man3/fido_dev_get_retry_count.3
134/usr/share/man/man3/fido_dev_set_pin.3 /usr/share/man/man3/fido_dev_reset.3
135/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_free.3
136/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_from_ptr.3
137/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_from_RSA.3
138/usr/share/man/man3/rs256_pk_new.3 /usr/share/man/man3/rs256_pk_to_EVP_PKEY.3
139/usr/share/doc/libfido2/eddsa_pk_new.html /usr/share/doc/libfido2/eddsa_pk_free.html
140/usr/share/doc/libfido2/eddsa_pk_new.html /usr/share/doc/libfido2/eddsa_pk_from_ptr.html
141/usr/share/doc/libfido2/eddsa_pk_new.html /usr/share/doc/libfido2/eddsa_pk_to_EVP_PKEY.html
142/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_free.html
143/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_from_EC_KEY.html
144/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_from_ptr.html
145/usr/share/doc/libfido2/es256_pk_new.html /usr/share/doc/libfido2/es256_pk_to_EVP_PKEY.html
146/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_authdata_len.html
147/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_authdata_ptr.html
148/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_clientdata_hash_len.html
149/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_clientdata_hash_ptr.html
150/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_count.html
151/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_free.html
152/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_hmac_secret_len.html
153/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_hmac_secret_ptr.html
154/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_sigcount.html
155/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_sig_len.html
156/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_sig_ptr.html
157/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_display_name.html
158/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_icon.html
159/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_id_len.html
160/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_id_ptr.html
161/usr/share/doc/libfido2/fido_assert_new.html /usr/share/doc/libfido2/fido_assert_user_name.html
162/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_clientdata_hash.html
163/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_count.html
164/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_extensions.html
165/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_hmac_salt.html
166/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_rp.html
167/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_sig.html
168/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_up.html
169/usr/share/doc/libfido2/fido_assert_set_authdata.html /usr/share/doc/libfido2/fido_assert_set_uv.html
170/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_begin.html
171/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_cancel.html
172/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_continue.html
173/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_enroll_remove.html
174/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_get_template_array.html
175/usr/share/doc/libfido2/fido_bio_dev_get_info.html /usr/share/doc/libfido2/fido_bio_dev_set_template_name.html
176/usr/share/doc/libfido2/fido_bio_enroll_new.html /usr/share/doc/libfido2/fido_bio_enroll_free.html
177/usr/share/doc/libfido2/fido_bio_enroll_new.html /usr/share/doc/libfido2/fido_bio_enroll_last_status.html
178/usr/share/doc/libfido2/fido_bio_enroll_new.html /usr/share/doc/libfido2/fido_bio_enroll_remaining_samples.html
179/usr/share/doc/libfido2/fido_bio_info_new.html /usr/share/doc/libfido2/fido_bio_info_free.html
180/usr/share/doc/libfido2/fido_bio_info_new.html /usr/share/doc/libfido2/fido_bio_info_max_samples.html
181/usr/share/doc/libfido2/fido_bio_info_new.html /usr/share/doc/libfido2/fido_bio_info_type.html
182/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_array_count.html
183/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_array_free.html
184/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_array_new.html
185/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_free.html
186/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_id_len.html
187/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_id_ptr.html
188/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_name.html
189/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_new.html
190/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_set_id.html
191/usr/share/doc/libfido2/fido_bio_template.html /usr/share/doc/libfido2/fido_bio_template_set_name.html
192/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_aaguid_len.html
193/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_aaguid_ptr.html
194/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_extensions_len.html
195/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_extensions_ptr.html
196/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_free.html
197/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_maxmsgsiz.html
198/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_options_len.html
199/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_options_name_ptr.html
200/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_options_value_ptr.html
201/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_protocols_len.html
202/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_protocols_ptr.html
203/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_versions_len.html
204/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_cbor_info_versions_ptr.html
205/usr/share/doc/libfido2/fido_cbor_info_new.html /usr/share/doc/libfido2/fido_dev_get_cbor_info.html
206/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_authdata_len.html
207/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_authdata_ptr.html
208/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_clientdata_hash_len.html
209/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_clientdata_hash_ptr.html
210/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_fmt.html
211/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_free.html
212/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_id_len.html
213/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_id_ptr.html
214/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_prot.html
215/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_pubkey_len.html
216/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_pubkey_ptr.html
217/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_sig_len.html
218/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_sig_ptr.html
219/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_x5c_len.html
220/usr/share/doc/libfido2/fido_cred_new.html /usr/share/doc/libfido2/fido_cred_x5c_ptr.html
221/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_del_dev_rk.html
222/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_get_dev_metadata.html
223/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_get_dev_rk.html
224/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_get_dev_rp.html
225/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_metadata_free.html
226/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk.html
227/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_count.html
228/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_existing.html
229/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_free.html
230/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_new.html
231/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rk_remaining.html
232/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_count.html
233/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_free.html
234/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_id.html
235/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_id_hash_len.html
236/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_id_hash_ptr.html
237/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_name.html
238/usr/share/doc/libfido2/fido_credman_metadata_new.html /usr/share/doc/libfido2/fido_credman_rp_new.html
239/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_authdata_raw.html
240/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_clientdata_hash.html
241/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_extensions.html
242/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_fmt.html
243/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_prot.html
244/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_rk.html
245/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_rp.html
246/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_sig.html
247/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_type.html
248/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_user.html
249/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_uv.html
250/usr/share/doc/libfido2/fido_cred_set_authdata.html /usr/share/doc/libfido2/fido_cred_set_x509.html
251/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_free.html
252/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_manufacturer_string.html
253/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_new.html
254/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_path.html
255/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_product.html
256/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_product_string.html
257/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_ptr.html
258/usr/share/doc/libfido2/fido_dev_info_manifest.html /usr/share/doc/libfido2/fido_dev_info_vendor.html
259/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_build.html
260/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_cancel.html
261/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_close.html
262/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_flags.html
263/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_force_fido2.html
264/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_force_u2f.html
265/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_free.html
266/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_is_fido2.html
267/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_major.html
268/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_minor.html
269/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_new.html
270/usr/share/doc/libfido2/fido_dev_open.html /usr/share/doc/libfido2/fido_dev_protocol.html
271/usr/share/doc/libfido2/fido_dev_set_pin.html /usr/share/doc/libfido2/fido_dev_get_retry_count.html
272/usr/share/doc/libfido2/fido_dev_set_pin.html /usr/share/doc/libfido2/fido_dev_reset.html
273/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_free.html
274/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_from_ptr.html
275/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_from_RSA.html
276/usr/share/doc/libfido2/rs256_pk_new.html /usr/share/doc/libfido2/rs256_pk_to_EVP_PKEY.html
diff --git a/debian/libfido2-dev.manpages b/debian/libfido2-dev.manpages
deleted file mode 100644
index 228a13e..0000000
--- a/debian/libfido2-dev.manpages
+++ /dev/null
@@ -1,25 +0,0 @@
1man/eddsa_pk_new.3
2man/es256_pk_new.3
3man/fido_init.3
4man/fido_assert_new.3
5man/fido_assert_allow_cred.3
6man/fido_assert_set_authdata.3
7man/fido_assert_verify.3
8man/fido_bio_dev_get_info.3
9man/fido_bio_enroll_new.3
10man/fido_bio_info_new.3
11man/fido_bio_template.3
12man/fido_cbor_info_new.3
13man/fido_cred_new.3
14man/fido_cred_exclude.3
15man/fido_credman_metadata_new.3
16man/fido_cred_set_authdata.3
17man/fido_cred_verify.3
18man/fido_dev_get_assert.3
19man/fido_dev_info_manifest.3
20man/fido_dev_make_cred.3
21man/fido_dev_open.3
22man/fido_dev_set_io_functions.3
23man/fido_dev_set_pin.3
24man/fido_strerr.3
25man/rs256_pk_new.3
diff --git a/debian/libfido2-udev.install b/debian/libfido2-udev.install
deleted file mode 100644
index 528cb53..0000000
--- a/debian/libfido2-udev.install
+++ /dev/null
@@ -1 +0,0 @@
1lib/udev/rules.d
diff --git a/debian/rules b/debian/rules
deleted file mode 100755
index bb7acbc..0000000
--- a/debian/rules
+++ /dev/null
@@ -1,9 +0,0 @@
1#!/usr/bin/make -f
2
3DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
4
5%:
6 dh $@
7
8override_dh_auto_configure:
9 dh_auto_configure -- -DUDEV_RULES_DIR=/lib/udev/rules.d
diff --git a/debian/source/format b/debian/source/format
deleted file mode 100644
index 89ae9db..0000000
--- a/debian/source/format
+++ /dev/null
@@ -1 +0,0 @@
13.0 (native)
diff --git a/docker/bionic/Dockerfile b/docker/bionic/Dockerfile
deleted file mode 100644
index 9225ed8..0000000
--- a/docker/bionic/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
1# unlock-yk
2# docker run --rm --volume=/home/pedro/projects/libfido2:/workdir \
3# --volume=$(gpgconf --list-dirs socketdir):/root/.gnupg \
4# --volume=$(gpgconf --list-dirs homedir)/pubring.kbx:/root/.gnupg/pubring.kbx \
5# -it libfido2-staging --install-deps --ppa martelletto/ppa \
6# --key pedro@yubico.com
7FROM ubuntu:bionic
8ENV DEBIAN_FRONTEND noninteractive
9RUN apt-get -qq update && apt-get -qq upgrade
10RUN apt-get install -qq packaging-dev debian-keyring devscripts equivs gnupg python sudo
11ADD https://raw.githubusercontent.com/dainnilsson/scripts/master/make-ppa /make-ppa
12RUN chmod +x /make-ppa
13WORKDIR /workdir
14ENTRYPOINT ["/make-ppa"]
diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
index 1203592..7228860 100644
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -3,6 +3,7 @@
3# license that can be found in the LICENSE file. 3# license that can be found in the LICENSE file.
4 4
5list(APPEND COMPAT_SOURCES 5list(APPEND COMPAT_SOURCES
6 ../openbsd-compat/clock_gettime.c
6 ../openbsd-compat/getopt_long.c 7 ../openbsd-compat/getopt_long.c
7 ../openbsd-compat/strlcat.c 8 ../openbsd-compat/strlcat.c
8 ../openbsd-compat/strlcpy.c 9 ../openbsd-compat/strlcpy.c
@@ -15,6 +16,13 @@ endif()
15# drop -rdynamic 16# drop -rdynamic
16set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") 17set(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
17 18
19# enable -Wconversion -Wsign-conversion
20if(NOT MSVC)
21 set_source_files_properties(assert.c cred.c info.c manifest.c reset.c
22 retries.c setpin.c util.c PROPERTIES COMPILE_FLAGS
23 "-Wconversion -Wsign-conversion")
24endif()
25
18# manifest 26# manifest
19add_executable(manifest manifest.c ${COMPAT_SOURCES}) 27add_executable(manifest manifest.c ${COMPAT_SOURCES})
20target_link_libraries(manifest fido2) 28target_link_libraries(manifest fido2)
@@ -42,3 +50,11 @@ target_link_libraries(setpin fido2)
42# retries 50# retries
43add_executable(retries retries.c ${COMPAT_SOURCES}) 51add_executable(retries retries.c ${COMPAT_SOURCES})
44target_link_libraries(retries fido2) 52target_link_libraries(retries fido2)
53
54# select
55add_executable(select select.c ${COMPAT_SOURCES})
56target_link_libraries(select fido2)
57if(MINGW)
58 # needed for nanosleep() in mingw
59 target_link_libraries(select winpthread)
60endif()
diff --git a/examples/README.adoc b/examples/README.adoc
index 091c6bc..b7b73d8 100644
--- a/examples/README.adoc
+++ b/examples/README.adoc
@@ -77,5 +77,14 @@ The following examples are provided:
77- retries <device> 77- retries <device>
78 Get the number of PIN attempts left on <device> before lockout. 78 Get the number of PIN attempts left on <device> before lockout.
79 79
80- select
81
82 Enumerates available FIDO devices and, if more than one is present,
83 simultaneously requests touch on all of them, printing information
84 about the device touched.
85
80Debugging is possible through the use of the FIDO_DEBUG environment variable. 86Debugging is possible through the use of the FIDO_DEBUG environment variable.
81If set, libfido2 will produce a log of its transactions with the authenticator. 87If set, libfido2 will produce a log of its transactions with the authenticator.
88
89Additionally, an example of a WebAuthn client using libfido2 is available at
90https://github.com/martelletto/fido2-webauthn-client.
diff --git a/examples/assert.c b/examples/assert.c
index a421a51..a18d8af 100644
--- a/examples/assert.c
+++ b/examples/assert.c
@@ -14,17 +14,12 @@
14#include <unistd.h> 14#include <unistd.h>
15#endif 15#endif
16 16
17#include "../openbsd-compat/openbsd-compat.h"
18
19#include "fido.h" 17#include "fido.h"
20#include "fido/es256.h" 18#include "fido/es256.h"
21#include "fido/rs256.h" 19#include "fido/rs256.h"
22#include "fido/eddsa.h" 20#include "fido/eddsa.h"
23#include "extern.h" 21#include "extern.h"
24 22#include "../openbsd-compat/openbsd-compat.h"
25#ifdef SIGNAL_EXAMPLE
26extern volatile sig_atomic_t got_signal;
27#endif
28 23
29static const unsigned char cdh[32] = { 24static const unsigned char cdh[32] = {
30 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7, 25 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7,
@@ -188,13 +183,15 @@ main(int argc, char **argv)
188 break; 183 break;
189 case 'T': 184 case 'T':
190#ifndef SIGNAL_EXAMPLE 185#ifndef SIGNAL_EXAMPLE
186 (void)seconds;
191 errx(1, "-T not supported"); 187 errx(1, "-T not supported");
192#endif 188#else
193 if (base10(optarg, &seconds) < 0) 189 if (base10(optarg, &seconds) < 0)
194 errx(1, "base10: %s", optarg); 190 errx(1, "base10: %s", optarg);
195 if (seconds <= 0 || seconds > 30) 191 if (seconds <= 0 || seconds > 30)
196 errx(1, "-T: %s must be in (0,30]", optarg); 192 errx(1, "-T: %s must be in (0,30]", optarg);
197 break; 193 break;
194#endif
198 case 'a': 195 case 'a':
199 if (read_blob(optarg, &body, &len) < 0) 196 if (read_blob(optarg, &body, &len) < 0)
200 errx(1, "read_blob: %s", optarg); 197 errx(1, "read_blob: %s", optarg);
@@ -312,6 +309,10 @@ main(int argc, char **argv)
312 errx(1, "fido_assert_count: %d signatures returned", 309 errx(1, "fido_assert_count: %d signatures returned",
313 (int)fido_assert_count(assert)); 310 (int)fido_assert_count(assert));
314 311
312 /* when verifying, pin implies uv */
313 if (pin)
314 uv = true;
315
315 verify_assert(type, fido_assert_authdata_ptr(assert, 0), 316 verify_assert(type, fido_assert_authdata_ptr(assert, 0),
316 fido_assert_authdata_len(assert, 0), fido_assert_sig_ptr(assert, 0), 317 fido_assert_authdata_len(assert, 0), fido_assert_sig_ptr(assert, 0),
317 fido_assert_sig_len(assert, 0), up, uv, ext, argv[0]); 318 fido_assert_sig_len(assert, 0), up, uv, ext, argv[0]);
diff --git a/examples/cred.c b/examples/cred.c
index 3e0a30f..6bd0faf 100644
--- a/examples/cred.c
+++ b/examples/cred.c
@@ -16,14 +16,9 @@
16#include <unistd.h> 16#include <unistd.h>
17#endif 17#endif
18 18
19#include "../openbsd-compat/openbsd-compat.h"
20
21#include "fido.h" 19#include "fido.h"
22#include "extern.h" 20#include "extern.h"
23 21#include "../openbsd-compat/openbsd-compat.h"
24#ifdef SIGNAL_EXAMPLE
25extern volatile sig_atomic_t got_signal;
26#endif
27 22
28static const unsigned char cdh[32] = { 23static const unsigned char cdh[32] = {
29 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, 24 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb,
@@ -192,13 +187,15 @@ main(int argc, char **argv)
192 break; 187 break;
193 case 'T': 188 case 'T':
194#ifndef SIGNAL_EXAMPLE 189#ifndef SIGNAL_EXAMPLE
190 (void)seconds;
195 errx(1, "-T not supported"); 191 errx(1, "-T not supported");
196#endif 192#else
197 if (base10(optarg, &seconds) < 0) 193 if (base10(optarg, &seconds) < 0)
198 errx(1, "base10: %s", optarg); 194 errx(1, "base10: %s", optarg);
199 if (seconds <= 0 || seconds > 30) 195 if (seconds <= 0 || seconds > 30)
200 errx(1, "-T: %s must be in (0,30]", optarg); 196 errx(1, "-T: %s must be in (0,30]", optarg);
201 break; 197 break;
198#endif
202 case 'e': 199 case 'e':
203 if (read_blob(optarg, &body, &len) < 0) 200 if (read_blob(optarg, &body, &len) < 0)
204 errx(1, "read_blob: %s", optarg); 201 errx(1, "read_blob: %s", optarg);
@@ -318,6 +315,10 @@ main(int argc, char **argv)
318 315
319 fido_dev_free(&dev); 316 fido_dev_free(&dev);
320 317
318 /* when verifying, pin implies uv */
319 if (pin)
320 uv = true;
321
321 verify_cred(type, fido_cred_fmt(cred), fido_cred_authdata_ptr(cred), 322 verify_cred(type, fido_cred_fmt(cred), fido_cred_authdata_ptr(cred),
322 fido_cred_authdata_len(cred), fido_cred_x5c_ptr(cred), 323 fido_cred_authdata_len(cred), fido_cred_x5c_ptr(cred),
323 fido_cred_x5c_len(cred), fido_cred_sig_ptr(cred), 324 fido_cred_x5c_len(cred), fido_cred_sig_ptr(cred),
diff --git a/examples/extern.h b/examples/extern.h
index 578b8c4..0ea68c4 100644
--- a/examples/extern.h
+++ b/examples/extern.h
@@ -27,6 +27,7 @@ int write_rsa_pubkey(const char *, const void *, size_t);
27int write_eddsa_pubkey(const char *, const void *, size_t); 27int write_eddsa_pubkey(const char *, const void *, size_t);
28#ifdef SIGNAL_EXAMPLE 28#ifdef SIGNAL_EXAMPLE
29void prepare_signal_handler(int); 29void prepare_signal_handler(int);
30extern volatile sig_atomic_t got_signal;
30#endif 31#endif
31 32
32#endif /* _EXTERN_H_ */ 33#endif /* _EXTERN_H_ */
diff --git a/examples/info.c b/examples/info.c
index ef0d97e..d81de85 100644
--- a/examples/info.c
+++ b/examples/info.c
@@ -4,17 +4,14 @@
4 * license that can be found in the LICENSE file. 4 * license that can be found in the LICENSE file.
5 */ 5 */
6 6
7#include <openssl/ec.h>
8
9#include <stdbool.h> 7#include <stdbool.h>
10#include <stdint.h> 8#include <stdint.h>
11#include <stdio.h> 9#include <stdio.h>
12#include <stdlib.h> 10#include <stdlib.h>
13#include <string.h> 11#include <string.h>
14 12
15#include "../openbsd-compat/openbsd-compat.h"
16
17#include "fido.h" 13#include "fido.h"
14#include "../openbsd-compat/openbsd-compat.h"
18 15
19/* 16/*
20 * Pretty-print a device's capabilities flags and return the result. 17 * Pretty-print a device's capabilities flags and return the result.
@@ -131,6 +128,26 @@ print_maxmsgsiz(uint64_t maxmsgsiz)
131} 128}
132 129
133/* 130/*
131 * Auxiliary function to print an authenticator's maximum number of credentials
132 * in a credential list on stdout.
133 */
134static void
135print_maxcredcntlst(uint64_t maxcredcntlst)
136{
137 printf("maxcredcntlst: %d\n", (int)maxcredcntlst);
138}
139
140/*
141 * Auxiliary function to print an authenticator's maximum credential ID length
142 * on stdout.
143 */
144static void
145print_maxcredidlen(uint64_t maxcredidlen)
146{
147 printf("maxcredlen: %d\n", (int)maxcredidlen);
148}
149
150/*
134 * Auxiliary function to print an authenticator's firmware version on stdout. 151 * Auxiliary function to print an authenticator's firmware version on stdout.
135 */ 152 */
136static void 153static void
@@ -199,6 +216,12 @@ getinfo(const char *path)
199 /* print maximum message size */ 216 /* print maximum message size */
200 print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci)); 217 print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
201 218
219 /* print maximum number of credentials allowed in credential lists */
220 print_maxcredcntlst(fido_cbor_info_maxcredcntlst(ci));
221
222 /* print maximum length of a credential ID */
223 print_maxcredidlen(fido_cbor_info_maxcredidlen(ci));
224
202 /* print firmware version */ 225 /* print firmware version */
203 print_fwversion(fido_cbor_info_fwversion(ci)); 226 print_fwversion(fido_cbor_info_fwversion(ci));
204 227
diff --git a/examples/manifest.c b/examples/manifest.c
index 895447a..d5ebda2 100644
--- a/examples/manifest.c
+++ b/examples/manifest.c
@@ -4,15 +4,12 @@
4 * license that can be found in the LICENSE file. 4 * license that can be found in the LICENSE file.
5 */ 5 */
6 6
7#include <openssl/ec.h>
8
9#include <stdbool.h> 7#include <stdbool.h>
10#include <stdio.h> 8#include <stdio.h>
11#include <stdlib.h> 9#include <stdlib.h>
12 10
13#include "../openbsd-compat/openbsd-compat.h"
14
15#include "fido.h" 11#include "fido.h"
12#include "../openbsd-compat/openbsd-compat.h"
16 13
17int 14int
18main(void) 15main(void)
diff --git a/examples/reset.c b/examples/reset.c
index 36a7de2..3e715c4 100644
--- a/examples/reset.c
+++ b/examples/reset.c
@@ -8,21 +8,14 @@
8 * Perform a factory reset on a given authenticator. 8 * Perform a factory reset on a given authenticator.
9 */ 9 */
10 10
11#include <openssl/ec.h>
12
13#include <stdbool.h> 11#include <stdbool.h>
14#include <stdint.h> 12#include <stdint.h>
15#include <stdio.h> 13#include <stdio.h>
16#include <stdlib.h> 14#include <stdlib.h>
17 15
18#include "../openbsd-compat/openbsd-compat.h"
19
20#include "fido.h" 16#include "fido.h"
21#include "extern.h" 17#include "extern.h"
22 18#include "../openbsd-compat/openbsd-compat.h"
23#ifdef SIGNAL_EXAMPLE
24extern volatile sig_atomic_t got_signal;
25#endif
26 19
27int 20int
28main(int argc, char **argv) 21main(int argc, char **argv)
diff --git a/examples/retries.c b/examples/retries.c
index 3ed7558..5cc116c 100644
--- a/examples/retries.c
+++ b/examples/retries.c
@@ -8,15 +8,12 @@
8 * Get an authenticator's number of PIN attempts left. 8 * Get an authenticator's number of PIN attempts left.
9 */ 9 */
10 10
11#include <openssl/ec.h>
12
13#include <stdbool.h> 11#include <stdbool.h>
14#include <stdio.h> 12#include <stdio.h>
15#include <stdlib.h> 13#include <stdlib.h>
16 14
17#include "../openbsd-compat/openbsd-compat.h"
18
19#include "fido.h" 15#include "fido.h"
16#include "../openbsd-compat/openbsd-compat.h"
20 17
21int 18int
22main(int argc, char **argv) 19main(int argc, char **argv)
diff --git a/examples/select.c b/examples/select.c
new file mode 100644
index 0000000..1fb2960
--- /dev/null
+++ b/examples/select.c
@@ -0,0 +1,215 @@
1/*
2 * Copyright (c) 2020 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
5 */
6
7#include <errno.h>
8#include <stdbool.h>
9#include <stdio.h>
10#include <stdlib.h>
11#include <time.h>
12
13#include "fido.h"
14#include "../openbsd-compat/openbsd-compat.h"
15
16#define FIDO_POLL_MS 50
17
18#if defined(_MSC_VER)
19static int
20nanosleep(const struct timespec *rqtp, struct timespec *rmtp)
21{
22 if (rmtp != NULL) {
23 errno = EINVAL;
24 return (-1);
25 }
26
27 Sleep(rqtp->tv_nsec / 1000000);
28
29 return (0);
30}
31#endif
32
33static fido_dev_t *
34open_dev(const fido_dev_info_t *di)
35{
36 fido_dev_t *dev;
37 int r;
38
39 if ((dev = fido_dev_new()) == NULL) {
40 warnx("%s: fido_dev_new", __func__);
41 return (NULL);
42 }
43
44 if ((r = fido_dev_open(dev, fido_dev_info_path(di))) != FIDO_OK) {
45 warnx("%s: fido_dev_open %s: %s", __func__,
46 fido_dev_info_path(di), fido_strerr(r));
47 fido_dev_free(&dev);
48 return (NULL);
49 }
50
51 printf("%s (0x%04x:0x%04x) is %s\n", fido_dev_info_path(di),
52 fido_dev_info_vendor(di), fido_dev_info_product(di),
53 fido_dev_is_fido2(dev) ? "fido2" : "u2f");
54
55 return (dev);
56}
57
58static int
59select_dev(const fido_dev_info_t *devlist, size_t ndevs, fido_dev_t **dev,
60 size_t *idx, int secs)
61{
62 const fido_dev_info_t *di;
63 fido_dev_t **devtab;
64 struct timespec ts_start;
65 struct timespec ts_now;
66 struct timespec ts_delta;
67 struct timespec ts_pause;
68 size_t nopen = 0;
69 int touched;
70 int r;
71 long ms_remain;
72
73 *dev = NULL;
74 *idx = 0;
75
76 printf("%u authenticator(s) detected\n", (unsigned)ndevs);
77
78 if (ndevs == 0)
79 return (0); /* nothing to do */
80
81 if ((devtab = calloc(ndevs, sizeof(*devtab))) == NULL) {
82 warn("%s: calloc", __func__);
83 return (-1);
84 }
85
86 for (size_t i = 0; i < ndevs; i++) {
87 di = fido_dev_info_ptr(devlist, i);
88 if ((devtab[i] = open_dev(di)) != NULL) {
89 *idx = i;
90 nopen++;
91 }
92 }
93
94 printf("%u authenticator(s) opened\n", (unsigned)nopen);
95
96 if (nopen < 2) {
97 if (nopen == 1)
98 *dev = devtab[*idx]; /* single candidate */
99 r = 0;
100 goto out;
101 }
102
103 for (size_t i = 0; i < ndevs; i++) {
104 di = fido_dev_info_ptr(devlist, i);
105 if (devtab[i] == NULL)
106 continue; /* failed to open */
107 if ((r = fido_dev_get_touch_begin(devtab[i])) != FIDO_OK) {
108 warnx("%s: fido_dev_get_touch_begin %s: %s", __func__,
109 fido_dev_info_path(di), fido_strerr(r));
110 r = -1;
111 goto out;
112 }
113 }
114
115 if (clock_gettime(CLOCK_MONOTONIC, &ts_start) != 0) {
116 warn("%s: clock_gettime", __func__);
117 r = -1;
118 goto out;
119 }
120
121 ts_pause.tv_sec = 0;
122 ts_pause.tv_nsec = 200000000; /* 200ms */
123
124 do {
125 nanosleep(&ts_pause, NULL);
126
127 for (size_t i = 0; i < ndevs; i++) {
128 di = fido_dev_info_ptr(devlist, i);
129 if (devtab[i] == NULL) {
130 /* failed to open or discarded */
131 continue;
132 }
133 if ((r = fido_dev_get_touch_status(devtab[i], &touched,
134 FIDO_POLL_MS)) != FIDO_OK) {
135 warnx("%s: fido_dev_get_touch_status %s: %s",
136 __func__, fido_dev_info_path(di),
137 fido_strerr(r));
138 fido_dev_close(devtab[i]);
139 fido_dev_free(&devtab[i]);
140 continue; /* discard */
141 }
142 if (touched) {
143 *dev = devtab[i];
144 *idx = i;
145 r = 0;
146 goto out;
147 }
148 }
149
150 if (clock_gettime(CLOCK_MONOTONIC, &ts_now) != 0) {
151 warn("%s: clock_gettime", __func__);
152 r = -1;
153 goto out;
154 }
155
156 timespecsub(&ts_now, &ts_start, &ts_delta);
157 ms_remain = (secs * 1000) - ((long)ts_delta.tv_sec * 1000) +
158 ((long)ts_delta.tv_nsec / 1000000);
159 } while (ms_remain > FIDO_POLL_MS);
160
161 printf("timeout after %d seconds\n", secs);
162 r = -1;
163out:
164 if (r != 0) {
165 *dev = NULL;
166 *idx = 0;
167 }
168
169 for (size_t i = 0; i < ndevs; i++) {
170 if (devtab[i] && devtab[i] != *dev) {
171 fido_dev_cancel(devtab[i]);
172 fido_dev_close(devtab[i]);
173 fido_dev_free(&devtab[i]);
174 }
175 }
176
177 free(devtab);
178
179 return (r);
180}
181
182int
183main(void)
184{
185 const fido_dev_info_t *di;
186 fido_dev_info_t *devlist;
187 fido_dev_t *dev;
188 size_t idx;
189 size_t ndevs;
190 int r;
191
192 fido_init(0);
193
194 if ((devlist = fido_dev_info_new(64)) == NULL)
195 errx(1, "fido_dev_info_new");
196
197 if ((r = fido_dev_info_manifest(devlist, 64, &ndevs)) != FIDO_OK)
198 errx(1, "fido_dev_info_manifest: %s (0x%x)", fido_strerr(r), r);
199 if (select_dev(devlist, ndevs, &dev, &idx, 15) != 0)
200 errx(1, "select_dev");
201 if (dev == NULL)
202 errx(1, "no authenticator found");
203
204 di = fido_dev_info_ptr(devlist, idx);
205 printf("%s: %s by %s (PIN %sset)\n", fido_dev_info_path(di),
206 fido_dev_info_product_string(di),
207 fido_dev_info_manufacturer_string(di),
208 fido_dev_has_pin(dev) ? "" : "un");
209
210 fido_dev_close(dev);
211 fido_dev_free(&dev);
212 fido_dev_info_free(&devlist, ndevs);
213
214 exit(0);
215}
diff --git a/examples/setpin.c b/examples/setpin.c
index 75d3d4a..5413bf9 100644
--- a/examples/setpin.c
+++ b/examples/setpin.c
@@ -8,16 +8,13 @@
8 * Configure a PIN on a given authenticator. 8 * Configure a PIN on a given authenticator.
9 */ 9 */
10 10
11#include <openssl/ec.h>
12
13#include <stdbool.h> 11#include <stdbool.h>
14#include <stdint.h> 12#include <stdint.h>
15#include <stdio.h> 13#include <stdio.h>
16#include <stdlib.h> 14#include <stdlib.h>
17 15
18#include "../openbsd-compat/openbsd-compat.h"
19
20#include "fido.h" 16#include "fido.h"
17#include "../openbsd-compat/openbsd-compat.h"
21 18
22static void 19static void
23setpin(const char *path, const char *pin, const char *oldpin) 20setpin(const char *path, const char *pin, const char *oldpin)
diff --git a/examples/util.c b/examples/util.c
index 2f6a845..5291cd8 100644
--- a/examples/util.c
+++ b/examples/util.c
@@ -27,13 +27,12 @@
27#include "../openbsd-compat/posix_win.h" 27#include "../openbsd-compat/posix_win.h"
28#endif 28#endif
29 29
30#include "../openbsd-compat/openbsd-compat.h"
31
32#include "fido.h" 30#include "fido.h"
33#include "fido/es256.h" 31#include "fido/es256.h"
34#include "fido/rs256.h" 32#include "fido/rs256.h"
35#include "fido/eddsa.h" 33#include "fido/eddsa.h"
36#include "extern.h" 34#include "extern.h"
35#include "../openbsd-compat/openbsd-compat.h"
37 36
38#ifdef SIGNAL_EXAMPLE 37#ifdef SIGNAL_EXAMPLE
39volatile sig_atomic_t got_signal = 0; 38volatile sig_atomic_t got_signal = 0;
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index 241cdc7..70c5eec 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -8,6 +8,7 @@ list(APPEND COMPAT_SOURCES
8) 8)
9 9
10list(APPEND COMMON_SOURCES 10list(APPEND COMMON_SOURCES
11 libfuzzer.c
11 mutator_aux.c 12 mutator_aux.c
12) 13)
13 14
diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile
index 68afd99..f9152f8 100644
--- a/fuzz/Dockerfile
+++ b/fuzz/Dockerfile
@@ -2,9 +2,10 @@
2# Use of this source code is governed by a BSD-style 2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file. 3# license that can be found in the LICENSE file.
4 4
5FROM ubuntu:bionic 5FROM ubuntu:focal
6ENV DEBIAN_FRONTEND=noninteractive
6RUN apt-get update 7RUN apt-get update
7RUN apt-get install -y clang-9 cmake git libssl-dev libudev-dev make pkg-config 8RUN apt-get install -y clang-10 cmake git libssl-dev libudev-dev make pkg-config
8RUN git clone --branch v0.5.0 https://github.com/PJK/libcbor 9RUN git clone --branch v0.7.0 https://github.com/PJK/libcbor
9RUN git clone https://github.com/yubico/libfido2 10RUN git clone https://github.com/yubico/libfido2
10RUN CC=clang-9 /libfido2/fuzz/build-coverage /libcbor /libfido2 11RUN CC=clang-10 CXX=clang++-10 /libfido2/fuzz/build-coverage /libcbor /libfido2
diff --git a/fuzz/Makefile b/fuzz/Makefile
index c8fe0b8..77699ac 100644
--- a/fuzz/Makefile
+++ b/fuzz/Makefile
@@ -2,10 +2,10 @@
2# Use of this source code is governed by a BSD-style 2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file. 3# license that can be found in the LICENSE file.
4 4
5IMAGE := libfido2-coverage:1.3.0 5IMAGE := libfido2-coverage:1.5.0
6RUNNER := libfido2-runner 6RUNNER := libfido2-runner
7PROFDATA := llvm-profdata-9 7PROFDATA := llvm-profdata-10
8COV := llvm-cov-9 8COV := llvm-cov-10
9TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_mgmt 9TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_mgmt
10CORPORA := $(foreach f,${TARGETS},${f}/corpus) 10CORPORA := $(foreach f,${TARGETS},${f}/corpus)
11MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus) 11MINIFY := $(foreach f,${TARGETS},/minify/${f}/corpus)
@@ -26,16 +26,16 @@ sync: run
26 docker exec ${RUNNER} make -C libfido2/build 26 docker exec ${RUNNER} make -C libfido2/build
27 27
28corpus: sync 28corpus: sync
29 docker exec ${RUNNER} /bin/bash -c 'cd /libfido2/fuzz && rm -rf ${TARGETS}' 29 docker exec ${RUNNER} /bin/sh -c 'cd /libfido2/fuzz && rm -rf ${TARGETS}'
30 docker exec ${RUNNER} tar Czxf /libfido2/fuzz /libfido2/fuzz/corpus.tgz 30 docker exec ${RUNNER} tar Czxf /libfido2/fuzz /libfido2/fuzz/corpus.tgz
31 31
32${TARGETS}: corpus sync 32${TARGETS}: corpus sync
33 docker exec -e LLVM_PROFILE_FILE=/profraw/$@ ${RUNNER} \ 33 docker exec -e LLVM_PROFILE_FILE=/profraw/$@ ${RUNNER} \
34 /bin/bash -c 'rm -f /profraw/$@ && /libfido2/build/fuzz/$@ \ 34 /bin/sh -c 'rm -f /profraw/$@ && /libfido2/build/fuzz/$@ \
35 -runs=1 /libfido2/fuzz/$@' 35 -runs=1 /libfido2/fuzz/$@'
36 36
37${MINIFY}: /minify/%/corpus: % 37${MINIFY}: /minify/%/corpus: %
38 docker exec ${RUNNER} /bin/bash -c 'rm -rf $@ && mkdir -p $@ && \ 38 docker exec ${RUNNER} /bin/sh -c 'rm -rf $@ && mkdir -p $@ && \
39 /libfido2/build/fuzz/$< -use_value_profile=1 -merge=1 $@ \ 39 /libfido2/build/fuzz/$< -use_value_profile=1 -merge=1 $@ \
40 /libfido2/fuzz/$</corpus' 40 /libfido2/fuzz/$</corpus'
41 41
@@ -43,11 +43,11 @@ corpus.tgz-: ${MINIFY}
43 docker exec -i ${RUNNER} tar Czcf /minify - ${TARGETS} > $@ 43 docker exec -i ${RUNNER} tar Czcf /minify - ${TARGETS} > $@
44 44
45profdata: run 45profdata: run
46 docker exec ${RUNNER} /bin/bash -c 'rm -f /$@ && ${PROFDATA} \ 46 docker exec ${RUNNER} /bin/sh -c 'rm -f /$@ && ${PROFDATA} \
47 merge -sparse profraw/* -o $@' 47 merge -sparse profraw/* -o $@'
48 48
49report.tgz: profdata 49report.tgz: profdata
50 docker exec ${RUNNER} /bin/bash -c 'rm -rf /report && mkdir /report && \ 50 docker exec ${RUNNER} /bin/sh -c 'rm -rf /report && mkdir /report && \
51 ${COV} show -format=html -tab-size=8 -instr-profile=/$< \ 51 ${COV} show -format=html -tab-size=8 -instr-profile=/$< \
52 -output-dir=/report /libfido2/build/src/libfido2.so' 52 -output-dir=/report /libfido2/build/src/libfido2.so'
53 docker exec -i ${RUNNER} tar Czcf / - report > $@ 53 docker exec -i ${RUNNER} tar Czcf / - report > $@
@@ -57,12 +57,12 @@ summary.txt: profdata
57 /libfido2/build/src/libfido2.so -instr-profile=/$< > $@ 57 /libfido2/build/src/libfido2.so -instr-profile=/$< > $@
58 58
59functions.txt: profdata 59functions.txt: profdata
60 docker exec ${RUNNER} /bin/bash -c '${COV} report -use-color=false \ 60 docker exec ${RUNNER} /bin/sh -c '${COV} report -use-color=false \
61 -show-functions -instr-profile=/$< \ 61 -show-functions -instr-profile=/$< \
62 /libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@ 62 /libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@
63 63
64clean: run 64clean: run
65 docker exec ${RUNNER} /bin/bash -c 'rm -rf /profraw /profdata && \ 65 docker exec ${RUNNER} /bin/sh -c 'rm -rf /profraw /profdata && \
66 make -C /libfido2/build clean' 66 make -C /libfido2/build clean'
67 -docker stop ${RUNNER} 67 -docker stop ${RUNNER}
68 rm -rf ${TARGETS} 68 rm -rf ${TARGETS}
diff --git a/fuzz/README b/fuzz/README
index 42646e4..03de9d0 100644
--- a/fuzz/README
+++ b/fuzz/README
@@ -3,10 +3,8 @@ ASAN/MSAN/UBSAN.
3 3
4AFL is more convenient when fuzzing the path from the authenticator to 4AFL is more convenient when fuzzing the path from the authenticator to
5libfido2 in an existing application. To do so, use preload-snoop.c with a real 5libfido2 in an existing application. To do so, use preload-snoop.c with a real
6authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1 6authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1, and
7-DAFL=1, and use preload-fuzz.c to read device data from stdin. Examples of 7use preload-fuzz.c to read device data from stdin.
8this approach can be found in the harnesses under fuzz/harnesses/ that fuzz
9the standalone examples and tools bundled with libfido2.
10 8
11libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c, 9libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
12fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses, 10fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses,
@@ -15,129 +13,7 @@ use -DFUZZ=1 -DLIBFUZZER=1.
15To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of 13To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
16libcbor and OpenSSL built with the respective sanitiser. In order to keep 14libcbor and OpenSSL built with the respective sanitiser. In order to keep
17memory utilisation at a manageable level, you can either enforce limits at 15memory utilisation at a manageable level, you can either enforce limits at
18the OS level (e.g. cgroups on Linux) or, alternatively, patch libcbor with 16the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
19the diff at the bottom of this file.
20
211. Using ASAN + UBSAN
22
23- Make sure you have libcbor built with -fsanitize=address;
24- Make sure you have OpenSSL built with -fsanitize=address;
25- Rebuild libfido2 with -DASAN=1 -DUBSAN=1.
26
271.1 Decide where your workspace will live
28
29$ export FAKEROOT=/home/pedro/fakeroot
30$ mkdir -p ${FAKEROOT}/src
31
321.2 Building libcbor with ASAN
33
34$ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor
35$ cd ${FAKEROOT}/src/libcbor
36
37Assuming libfido2 is under ${FAKEROOT}/src/libfido2:
38
39$ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README
40$ mkdir build
41$ cd build
42$ cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \
43 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
44 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \
45 -DCMAKE_INSTALL_LIBDIR=lib ..
46$ make
47$ make install
48
491.3 Building OpenSSL with ASAN
50
51$ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl
52$ cd ${FAKEROOT}/src/openssl
53$ ./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \
54 --openssldir=${FAKEROOT}/openssl
55$ make clean
56$ make
57$ make install_sw
58
591.4 Building libfido2 with libFuzzer and ASAN + UBSAN
60
61$ cd ${FAKEROOT}/src/libfido2
62$ mkdir build
63$ cd build
64$ cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
65 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
66 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
67 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
68 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
69 -DCMAKE_BUILD_TYPE=Debug ..
70$ make
71
722. Using MSAN + UBSAN
73
74- Make sure you have libcbor built with -fsanitize=memory;
75- Make sure you have OpenSSL built with -fsanitize=memory;
76- Rebuild libfido2 with -DMSAN=1 -DUBSAN=1.
77
782.1 Decide where your workspace will live
79
80$ export FAKEROOT=/home/pedro/fakeroot
81$ mkdir -p ${FAKEROOT}/src
82
832.2 Building libcbor with MSAN
84
85$ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor
86$ cd ${FAKEROOT}/src/libcbor
87
88Assuming libfido2 is under ${FAKEROOT}/src/libfido2:
89
90$ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README
91$ mkdir build
92$ cd build
93$ cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \
94 -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \
95 -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \
96 -DCMAKE_INSTALL_LIBDIR=lib ..
97$ make
98$ make install
99
1002.2 Building OpenSSL with MSAN
101
102$ mkdir -p ${FAKEROOT}/src
103$ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl
104$ cd ${FAKEROOT}/src/openssl
105$ ./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \
106 --openssldir=${FAKEROOT}/openssl
107$ make clean
108$ make
109$ make install_sw
110
1112.3 Building libfido2 with libFuzzer and MSAN + UBSAN
112
113$ cd ${FAKEROOT}/src/libfido2
114$ mkdir build
115$ cd build
116$ cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \
117 -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \
118 -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \
119 -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \
120 -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \
121 -DCMAKE_BUILD_TYPE=Debug ..
122$ make
123
1243. Running the libFuzzer harnesses
125
126When running under ASAN, you may want to set ASAN_OPTIONS to
127'allocator_may_return_null=1:detect_stack_use_after_return=1'.
128
129The recommended way to run the harnesses is:
130
131$ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \
132 -print_pcs=1 -print_funcs=30 -timeout=10 CORPUS_DIR
133
134You may want to use -jobs or -workers depending on the number of logical
135cores available for fuzzing.
136
1374. Auxiliary scripts
138
139A set of harnesses and auxiliary scripts can be found under harnesses/. To
140compile coverage reports, adjust the harnesses to your setup and run 'report'.
141 17
142diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c 18diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
143index aa049a2..e294b38 100644 19index aa049a2..e294b38 100644
diff --git a/fuzz/build-coverage b/fuzz/build-coverage
index af9f8df..0f8310d 100755
--- a/fuzz/build-coverage
+++ b/fuzz/build-coverage
@@ -1,27 +1,30 @@
1#!/bin/bash -eux 1#!/bin/sh -eux
2# 2
3# Copyright (c) 2019 Yubico AB. All rights reserved. 3# Copyright (c) 2019 Yubico AB. All rights reserved.
4# Use of this source code is governed by a BSD-style 4# Use of this source code is governed by a BSD-style
5# license that can be found in the LICENSE file. 5# license that can be found in the LICENSE file.
6 6
7LIBCBOR=$1 7LIBCBOR="$1"
8LIBFIDO2=$2 8LIBFIDO2="$2"
9 9
10CC=${CC:-clang} 10CC="${CC:-clang}"
11PKG_CONFIG_PATH=${PKG_CONFIG_PATH:-${LIBCBOR}/install/lib/pkgconfig} 11CXX="${CXX:-clang++}"
12PKG_CONFIG_PATH="${PKG_CONFIG_PATH:-${LIBCBOR}/install/lib/pkgconfig}"
12export CC PKG_CONFIG_PATH 13export CC PKG_CONFIG_PATH
13 14
14# Clean up. 15# Clean up.
15rm -rf ${LIBCBOR}/build ${LIBCBOR}/install ${LIBFIDO2}/build 16rm -rf "${LIBCBOR}/build" "${LIBCBOR}/install" "${LIBFIDO2}/build"
16 17
17# Patch, build, and install libcbor. 18# Patch, build, and install libcbor.
18(cd ${LIBCBOR} && patch -N -l -s -p0 < ${LIBFIDO2}/fuzz/README) || true 19(cd "${LIBCBOR}" && patch -N -l -s -p0 < "${LIBFIDO2}/fuzz/README") || true
19mkdir ${LIBCBOR}/build ${LIBCBOR}/install 20mkdir "${LIBCBOR}/build" "${LIBCBOR}/install"
20(cd ${LIBCBOR}/build && cmake -DCMAKE_INSTALL_PREFIX=${LIBCBOR}/install ..) 21(cd "${LIBCBOR}/build" && cmake -DCMAKE_INSTALL_PREFIX="${LIBCBOR}/install" ..)
21make -C ${LIBCBOR}/build all install 22make -C "${LIBCBOR}/build" all install
22 23
23# Build libfido2. 24# Build libfido2.
24mkdir -p ${LIBFIDO2}/build 25mkdir -p "${LIBFIDO2}/build"
25(cd ${LIBFIDO2}/build && cmake -DFUZZ=1 -DLIBFUZZER=1 -DCOVERAGE=1 \ 26export CFLAGS="-fprofile-instr-generate -fcoverage-mapping"
26 -DCMAKE_BUILD_TYPE=Debug ..) 27export LDFLAGS="${CFLAGS}"
27make -C ${LIBFIDO2}/build 28(cd "${LIBFIDO2}/build" && cmake -DFUZZ=1 -DLIBFUZZER=1 \
29 -DCMAKE_BUILD_TYPE=Debug ..)
30make -C "${LIBFIDO2}/build"
diff --git a/fuzz/dummy.h b/fuzz/dummy.h
index a899e4a..981ccee 100644
--- a/fuzz/dummy.h
+++ b/fuzz/dummy.h
@@ -10,6 +10,8 @@
10#include <stdint.h> 10#include <stdint.h>
11 11
12const char dummy_name[] = "finger1"; 12const char dummy_name[] = "finger1";
13const char dummy_pin1[] = "skepp cg0u3;Y..";
14const char dummy_pin2[] = "bastilha 6rJrfQZI.";
13const char dummy_pin[] = "9}4gT:8d=A37Dh}U"; 15const char dummy_pin[] = "9}4gT:8d=A37Dh}U";
14const char dummy_rp_id[] = "localhost"; 16const char dummy_rp_id[] = "localhost";
15const char dummy_rp_name[] = "sweet home localhost"; 17const char dummy_rp_name[] = "sweet home localhost";
@@ -17,8 +19,6 @@ const char dummy_user_icon[] = "an icon";
17const char dummy_user_name[] = "john smith"; 19const char dummy_user_name[] = "john smith";
18const char dummy_user_nick[] = "jsmith"; 20const char dummy_user_nick[] = "jsmith";
19const uint8_t dummy_id[] = { 0x5e, 0xd2 }; 21const uint8_t dummy_id[] = { 0x5e, 0xd2 };
20const char dummy_pin1[] = "skepp cg0u3;Y..";
21const char dummy_pin2[] = "bastilha 6rJrfQZI.";
22 22
23const uint8_t dummy_user_id[] = { 23const uint8_t dummy_user_id[] = {
24 0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63, 24 0x78, 0x1c, 0x78, 0x60, 0xad, 0x88, 0xd2, 0x63,
diff --git a/fuzz/export.gnu b/fuzz/export.gnu
index 68463ff..80941e4 100644
--- a/fuzz/export.gnu
+++ b/fuzz/export.gnu
@@ -76,6 +76,8 @@
76 fido_cbor_info_extensions_ptr; 76 fido_cbor_info_extensions_ptr;
77 fido_cbor_info_free; 77 fido_cbor_info_free;
78 fido_cbor_info_maxmsgsiz; 78 fido_cbor_info_maxmsgsiz;
79 fido_cbor_info_maxcredcntlst;
80 fido_cbor_info_maxcredidlen;
79 fido_cbor_info_fwversion; 81 fido_cbor_info_fwversion;
80 fido_cbor_info_new; 82 fido_cbor_info_new;
81 fido_cbor_info_options_len; 83 fido_cbor_info_options_len;
@@ -96,6 +98,8 @@
96 fido_cred_free; 98 fido_cred_free;
97 fido_cred_id_len; 99 fido_cred_id_len;
98 fido_cred_id_ptr; 100 fido_cred_id_ptr;
101 fido_cred_aaguid_len;
102 fido_cred_aaguid_ptr;
99 fido_credman_del_dev_rk; 103 fido_credman_del_dev_rk;
100 fido_credman_get_dev_metadata; 104 fido_credman_get_dev_metadata;
101 fido_credman_get_dev_rk; 105 fido_credman_get_dev_rk;
@@ -155,6 +159,9 @@
155 fido_dev_get_assert; 159 fido_dev_get_assert;
156 fido_dev_get_cbor_info; 160 fido_dev_get_cbor_info;
157 fido_dev_get_retry_count; 161 fido_dev_get_retry_count;
162 fido_dev_get_touch_begin;
163 fido_dev_get_touch_status;
164 fido_dev_has_pin;
158 fido_dev_info_free; 165 fido_dev_info_free;
159 fido_dev_info_manifest; 166 fido_dev_info_manifest;
160 fido_dev_info_manufacturer_string; 167 fido_dev_info_manufacturer_string;
@@ -174,6 +181,9 @@
174 fido_dev_reset; 181 fido_dev_reset;
175 fido_dev_set_io_functions; 182 fido_dev_set_io_functions;
176 fido_dev_set_pin; 183 fido_dev_set_pin;
184 fido_dev_set_transport_functions;
185 fido_dev_supports_cred_prot;
186 fido_dev_supports_pin;
177 fido_init; 187 fido_init;
178 fido_set_log_handler; 188 fido_set_log_handler;
179 fido_strerr; 189 fido_strerr;
diff --git a/fuzz/functions.txt b/fuzz/functions.txt
index 27a9608..90284dd 100644
--- a/fuzz/functions.txt
+++ b/fuzz/functions.txt
@@ -9,16 +9,16 @@ TOTAL 56 0 100.00% 82 0 100.00%
9File '/libfido2/src/assert.c': 9File '/libfido2/src/assert.c':
10Name Regions Miss Cover Lines Miss Cover 10Name Regions Miss Cover Lines Miss Cover
11--------------------------------------------------------------------------------------- 11---------------------------------------------------------------------------------------
12fido_dev_get_assert 35 3 91.43% 38 4 89.47% 12fido_dev_get_assert 35 0 100.00% 38 0 100.00%
13fido_check_flags 13 0 100.00% 18 0 100.00% 13fido_check_flags 13 0 100.00% 18 0 100.00%
14fido_get_signed_hash 32 0 100.00% 46 0 100.00% 14fido_get_signed_hash 32 0 100.00% 46 0 100.00%
15fido_verify_sig_es256 17 2 88.24% 31 7 77.42% 15fido_verify_sig_es256 17 2 88.24% 31 7 77.42%
16fido_verify_sig_rs256 17 2 88.24% 31 7 77.42% 16fido_verify_sig_rs256 17 2 88.24% 31 7 77.42%
17fido_verify_sig_eddsa 23 4 82.61% 43 13 69.77% 17fido_verify_sig_eddsa 23 2 91.30% 43 7 83.72%
18fido_assert_verify 48 4 91.67% 79 4 94.94% 18fido_assert_verify 48 4 91.67% 79 5 93.67%
19fido_assert_set_clientdata_hash 6 0 100.00% 6 0 100.00% 19fido_assert_set_clientdata_hash 6 0 100.00% 6 0 100.00%
20fido_assert_set_hmac_salt 10 0 100.00% 7 0 100.00% 20fido_assert_set_hmac_salt 10 0 100.00% 7 0 100.00%
21fido_assert_set_rp 12 1 91.67% 14 3 78.57% 21fido_assert_set_rp 12 0 100.00% 14 0 100.00%
22fido_assert_allow_cred 13 2 84.62% 29 3 89.66% 22fido_assert_allow_cred 13 2 84.62% 29 3 89.66%
23fido_assert_set_extensions 9 0 100.00% 8 0 100.00% 23fido_assert_set_extensions 9 0 100.00% 8 0 100.00%
24fido_assert_set_options 6 6 0.00% 6 6 0.00% 24fido_assert_set_options 6 6 0.00% 6 6 0.00%
@@ -28,7 +28,7 @@ fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0
28fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00% 28fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00%
29fido_assert_new 1 0 100.00% 3 0 100.00% 29fido_assert_new 1 0 100.00% 3 0 100.00%
30fido_assert_reset_tx 1 0 100.00% 15 0 100.00% 30fido_assert_reset_tx 1 0 100.00% 15 0 100.00%
31fido_assert_reset_rx 6 1 83.33% 24 3 87.50% 31fido_assert_reset_rx 6 0 100.00% 24 0 100.00%
32fido_assert_free 6 0 100.00% 13 0 100.00% 32fido_assert_free 6 0 100.00% 13 0 100.00%
33fido_assert_count 1 0 100.00% 3 0 100.00% 33fido_assert_count 1 0 100.00% 3 0 100.00%
34fido_assert_rp_id 1 0 100.00% 3 0 100.00% 34fido_assert_rp_id 1 0 100.00% 3 0 100.00%
@@ -48,22 +48,22 @@ fido_assert_user_display_name 4 0 100.00% 6 0
48fido_assert_hmac_secret_ptr 4 0 100.00% 6 0 100.00% 48fido_assert_hmac_secret_ptr 4 0 100.00% 6 0 100.00%
49fido_assert_hmac_secret_len 4 0 100.00% 6 0 100.00% 49fido_assert_hmac_secret_len 4 0 100.00% 6 0 100.00%
50fido_assert_set_authdata 24 0 100.00% 35 0 100.00% 50fido_assert_set_authdata 24 0 100.00% 35 0 100.00%
51fido_assert_set_authdata_raw 24 4 83.33% 34 7 79.41% 51fido_assert_set_authdata_raw 24 0 100.00% 34 0 100.00%
52fido_assert_set_sig 14 0 100.00% 17 0 100.00% 52fido_assert_set_sig 14 0 100.00% 17 0 100.00%
53fido_assert_set_count 10 0 100.00% 21 0 100.00% 53fido_assert_set_count 10 0 100.00% 21 0 100.00%
54assert.c:fido_dev_get_assert_wait 21 1 95.24% 16 2 87.50% 54assert.c:fido_dev_get_assert_wait 21 0 100.00% 16 0 100.00%
55assert.c:fido_dev_get_assert_tx 58 4 93.10% 84 11 86.90% 55assert.c:fido_dev_get_assert_tx 58 4 93.10% 84 11 86.90%
56assert.c:fido_dev_get_assert_rx 19 0 100.00% 38 0 100.00% 56assert.c:fido_dev_get_assert_rx 19 0 100.00% 38 0 100.00%
57assert.c:adjust_assert_count 24 0 100.00% 33 0 100.00% 57assert.c:adjust_assert_count 24 0 100.00% 33 0 100.00%
58assert.c:parse_assert_reply 11 0 100.00% 25 0 100.00% 58assert.c:parse_assert_reply 11 0 100.00% 25 0 100.00%
59assert.c:fido_get_next_assert_tx 8 2 75.00% 10 3 70.00% 59assert.c:fido_get_next_assert_tx 8 0 100.00% 10 0 100.00%
60assert.c:fido_get_next_assert_rx 15 4 73.33% 26 7 73.08% 60assert.c:fido_get_next_assert_rx 15 2 86.67% 26 4 84.62%
61assert.c:decrypt_hmac_secrets 9 3 66.67% 15 7 53.33% 61assert.c:decrypt_hmac_secrets 9 0 100.00% 15 0 100.00%
62assert.c:check_extensions 4 0 100.00% 9 0 100.00% 62assert.c:check_extensions 4 0 100.00% 9 0 100.00%
63assert.c:fido_assert_clean_authdata 1 0 100.00% 9 0 100.00% 63assert.c:fido_assert_clean_authdata 1 0 100.00% 9 0 100.00%
64assert.c:fido_assert_clean_sig 1 0 100.00% 5 0 100.00% 64assert.c:fido_assert_clean_sig 1 0 100.00% 5 0 100.00%
65--------------------------------------------------------------------------------------- 65---------------------------------------------------------------------------------------
66TOTAL 566 43 92.40% 900 87 90.33% 66TOTAL 566 24 95.76% 900 50 94.44%
67 67
68File '/libfido2/src/authkey.c': 68File '/libfido2/src/authkey.c':
69Name Regions Miss Cover Lines Miss Cover 69Name Regions Miss Cover Lines Miss Cover
@@ -135,14 +135,14 @@ File '/libfido2/src/blob.c':
135Name Regions Miss Cover Lines Miss Cover 135Name Regions Miss Cover Lines Miss Cover
136--------------------------------------------------------------------------------------- 136---------------------------------------------------------------------------------------
137fido_blob_new 1 0 100.00% 3 0 100.00% 137fido_blob_new 1 0 100.00% 3 0 100.00%
138fido_blob_set 11 1 90.91% 25 4 84.00% 138fido_blob_set 11 0 100.00% 25 0 100.00%
139fido_blob_free 8 0 100.00% 16 0 100.00% 139fido_blob_free 8 0 100.00% 16 0 100.00%
140fido_free_blob_array 9 0 100.00% 17 0 100.00% 140fido_free_blob_array 9 0 100.00% 17 0 100.00%
141fido_blob_encode 6 0 100.00% 6 0 100.00% 141fido_blob_encode 6 0 100.00% 6 0 100.00%
142fido_blob_decode 1 0 100.00% 3 0 100.00% 142fido_blob_decode 1 0 100.00% 3 0 100.00%
143fido_blob_is_empty 3 0 100.00% 3 0 100.00% 143fido_blob_is_empty 3 0 100.00% 3 0 100.00%
144--------------------------------------------------------------------------------------- 144---------------------------------------------------------------------------------------
145TOTAL 39 1 97.44% 73 4 94.52% 145TOTAL 39 0 100.00% 73 0 100.00%
146 146
147File '/libfido2/src/buf.c': 147File '/libfido2/src/buf.c':
148Name Regions Miss Cover Lines Miss Cover 148Name Regions Miss Cover Lines Miss Cover
@@ -155,7 +155,7 @@ TOTAL 8 1 87.50% 20 1
155File '/libfido2/src/cbor.c': 155File '/libfido2/src/cbor.c':
156Name Regions Miss Cover Lines Miss Cover 156Name Regions Miss Cover Lines Miss Cover
157--------------------------------------------------------------------------------------- 157---------------------------------------------------------------------------------------
158cbor_map_iter 20 0 100.00% 30 0 100.00% 158cbor_map_iter 20 1 95.00% 30 4 86.67%
159cbor_array_iter 12 0 100.00% 20 0 100.00% 159cbor_array_iter 12 0 100.00% 20 0 100.00%
160cbor_parse_reply 27 0 100.00% 43 0 100.00% 160cbor_parse_reply 27 0 100.00% 43 0 100.00%
161cbor_vector_free 6 0 100.00% 5 0 100.00% 161cbor_vector_free 6 0 100.00% 5 0 100.00%
@@ -168,23 +168,23 @@ cbor_flatten_vector 14 1 92.86% 21 1
168cbor_build_frame 15 0 100.00% 32 0 100.00% 168cbor_build_frame 15 0 100.00% 32 0 100.00%
169cbor_encode_rp_entity 13 0 100.00% 14 0 100.00% 169cbor_encode_rp_entity 13 0 100.00% 14 0 100.00%
170cbor_encode_user_entity 21 0 100.00% 18 0 100.00% 170cbor_encode_user_entity 21 0 100.00% 18 0 100.00%
171cbor_encode_pubkey_param 36 1 97.22% 48 0 100.00% 171cbor_encode_pubkey_param 36 0 100.00% 48 0 100.00%
172cbor_encode_pubkey 10 0 100.00% 13 0 100.00% 172cbor_encode_pubkey 10 0 100.00% 13 0 100.00%
173cbor_encode_pubkey_list 18 1 94.44% 23 0 100.00% 173cbor_encode_pubkey_list 18 0 100.00% 23 0 100.00%
174cbor_encode_extensions 24 2 91.67% 26 3 88.46% 174cbor_encode_extensions 28 0 100.00% 28 0 100.00%
175cbor_encode_options 13 0 100.00% 14 0 100.00% 175cbor_encode_options 13 0 100.00% 14 0 100.00%
176cbor_encode_assert_options 13 0 100.00% 14 0 100.00% 176cbor_encode_assert_options 13 0 100.00% 14 0 100.00%
177cbor_encode_pin_auth 8 0 100.00% 12 0 100.00% 177cbor_encode_pin_auth 8 0 100.00% 12 0 100.00%
178cbor_encode_pin_opt 1 0 100.00% 3 0 100.00% 178cbor_encode_pin_opt 1 0 100.00% 3 0 100.00%
179cbor_encode_pin_enc 4 0 100.00% 12 0 100.00% 179cbor_encode_pin_enc 4 0 100.00% 12 0 100.00%
180cbor_encode_change_pin_auth 44 1 97.73% 69 3 95.65% 180cbor_encode_change_pin_auth 39 0 100.00% 60 0 100.00%
181cbor_encode_set_pin_auth 17 0 100.00% 28 0 100.00% 181cbor_encode_set_pin_auth 17 0 100.00% 28 0 100.00%
182cbor_encode_pin_hash_enc 15 0 100.00% 27 0 100.00% 182cbor_encode_pin_hash_enc 15 0 100.00% 27 0 100.00%
183cbor_encode_hmac_secret_param 41 2 95.12% 66 9 86.36% 183cbor_encode_hmac_secret_param 41 1 97.56% 66 4 93.94%
184cbor_decode_fmt 9 0 100.00% 18 0 100.00% 184cbor_decode_fmt 9 0 100.00% 18 0 100.00%
185cbor_decode_pubkey 21 6 71.43% 32 7 78.12% 185cbor_decode_pubkey 21 1 95.24% 32 2 93.75%
186cbor_decode_cred_authdata 31 0 100.00% 47 0 100.00% 186cbor_decode_cred_authdata 31 0 100.00% 47 0 100.00%
187cbor_decode_assert_authdata 23 2 91.30% 44 2 95.45% 187cbor_decode_assert_authdata 23 0 100.00% 44 0 100.00%
188cbor_decode_attstmt 8 0 100.00% 10 0 100.00% 188cbor_decode_attstmt 8 0 100.00% 10 0 100.00%
189cbor_decode_uint64 4 0 100.00% 10 0 100.00% 189cbor_decode_uint64 4 0 100.00% 10 0 100.00%
190cbor_decode_cred_id 8 0 100.00% 10 0 100.00% 190cbor_decode_cred_id 8 0 100.00% 10 0 100.00%
@@ -193,30 +193,30 @@ cbor_decode_rp_entity 8 0 100.00% 10 0
193cbor.c:ctap_check_cbor 28 0 100.00% 32 0 100.00% 193cbor.c:ctap_check_cbor 28 0 100.00% 32 0 100.00%
194cbor.c:check_key_type 8 0 100.00% 9 0 100.00% 194cbor.c:check_key_type 8 0 100.00% 9 0 100.00%
195cbor.c:cbor_add_arg 13 0 100.00% 28 0 100.00% 195cbor.c:cbor_add_arg 13 0 100.00% 28 0 100.00%
196cbor.c:cbor_add_uint8 14 1 92.86% 26 3 88.46% 196cbor.c:cbor_add_uint8 14 0 100.00% 26 0 100.00%
197cbor.c:sha256 7 0 100.00% 15 0 100.00% 197cbor.c:sha256 7 0 100.00% 15 0 100.00%
198cbor.c:get_cose_alg 36 6 83.33% 48 6 87.50% 198cbor.c:get_cose_alg 36 0 100.00% 48 0 100.00%
199cbor.c:find_cose_alg 35 0 100.00% 40 0 100.00% 199cbor.c:find_cose_alg 35 0 100.00% 40 0 100.00%
200cbor.c:decode_attcred 25 0 100.00% 58 0 100.00% 200cbor.c:decode_attcred 25 0 100.00% 58 0 100.00%
201cbor.c:decode_extensions 14 9 35.71% 34 13 61.76% 201cbor.c:decode_extensions 14 0 100.00% 34 0 100.00%
202cbor.c:decode_extension 27 27 0.00% 36 36 0.00% 202cbor.c:decode_extension 27 2 92.59% 36 6 83.33%
203cbor.c:decode_hmac_secret 16 4 75.00% 32 6 81.25% 203cbor.c:decode_hmac_secret 16 0 100.00% 32 0 100.00%
204cbor.c:decode_hmac_secret_aux 7 7 0.00% 17 17 0.00% 204cbor.c:decode_hmac_secret_aux 7 0 100.00% 17 0 100.00%
205cbor.c:decode_attstmt_entry 38 0 100.00% 45 0 100.00% 205cbor.c:decode_attstmt_entry 38 0 100.00% 45 0 100.00%
206cbor.c:decode_x5c 4 0 100.00% 8 0 100.00% 206cbor.c:decode_x5c 4 0 100.00% 8 0 100.00%
207cbor.c:decode_cred_id_entry 10 0 100.00% 23 0 100.00% 207cbor.c:decode_cred_id_entry 10 0 100.00% 23 0 100.00%
208cbor.c:decode_user_entry 25 0 100.00% 39 0 100.00% 208cbor.c:decode_user_entry 25 0 100.00% 39 0 100.00%
209cbor.c:decode_rp_entity_entry 15 0 100.00% 29 0 100.00% 209cbor.c:decode_rp_entity_entry 15 0 100.00% 29 0 100.00%
210--------------------------------------------------------------------------------------- 210---------------------------------------------------------------------------------------
211TOTAL 884 70 92.08% 1371 106 92.27% 211TOTAL 883 6 99.32% 1364 17 98.75%
212 212
213File '/libfido2/src/cred.c': 213File '/libfido2/src/cred.c':
214Name Regions Miss Cover Lines Miss Cover 214Name Regions Miss Cover Lines Miss Cover
215--------------------------------------------------------------------------------------- 215---------------------------------------------------------------------------------------
216fido_dev_make_cred 12 0 100.00% 10 0 100.00% 216fido_dev_make_cred 12 0 100.00% 10 0 100.00%
217fido_check_rp_id 4 0 100.00% 14 0 100.00% 217fido_check_rp_id 4 0 100.00% 14 0 100.00%
218fido_cred_verify 46 6 86.96% 71 11 84.51% 218fido_cred_verify 46 2 95.65% 71 3 95.77%
219fido_cred_verify_self 54 14 74.07% 90 22 75.56% 219fido_cred_verify_self 54 4 92.59% 90 5 94.44%
220fido_cred_new 1 0 100.00% 3 0 100.00% 220fido_cred_new 1 0 100.00% 3 0 100.00%
221fido_cred_reset_tx 1 0 100.00% 20 0 100.00% 221fido_cred_reset_tx 1 0 100.00% 20 0 100.00%
222fido_cred_reset_rx 1 0 100.00% 8 0 100.00% 222fido_cred_reset_rx 1 0 100.00% 8 0 100.00%
@@ -227,15 +227,15 @@ fido_cred_set_x509 12 0 100.00% 16 0
227fido_cred_set_sig 12 0 100.00% 16 0 100.00% 227fido_cred_set_sig 12 0 100.00% 16 0 100.00%
228fido_cred_exclude 14 2 85.71% 25 3 88.00% 228fido_cred_exclude 14 2 85.71% 25 3 88.00%
229fido_cred_set_clientdata_hash 6 0 100.00% 6 0 100.00% 229fido_cred_set_clientdata_hash 6 0 100.00% 6 0 100.00%
230fido_cred_set_rp 18 2 88.89% 26 6 76.92% 230fido_cred_set_rp 18 0 100.00% 26 0 100.00%
231fido_cred_set_user 33 4 87.88% 50 13 74.00% 231fido_cred_set_user 33 0 100.00% 50 0 100.00%
232fido_cred_set_extensions 15 0 100.00% 12 0 100.00% 232fido_cred_set_extensions 15 0 100.00% 12 0 100.00%
233fido_cred_set_options 6 6 0.00% 6 6 0.00% 233fido_cred_set_options 6 6 0.00% 6 6 0.00%
234fido_cred_set_rk 2 0 100.00% 5 0 100.00% 234fido_cred_set_rk 2 0 100.00% 5 0 100.00%
235fido_cred_set_uv 2 0 100.00% 5 0 100.00% 235fido_cred_set_uv 2 0 100.00% 5 0 100.00%
236fido_cred_set_prot 21 2 90.48% 16 0 100.00% 236fido_cred_set_prot 21 0 100.00% 16 0 100.00%
237fido_cred_set_fmt 16 4 75.00% 15 1 93.33% 237fido_cred_set_fmt 16 4 75.00% 15 1 93.33%
238fido_cred_set_type 17 2 88.24% 9 1 88.89% 238fido_cred_set_type 17 0 100.00% 9 0 100.00%
239fido_cred_type 1 0 100.00% 3 0 100.00% 239fido_cred_type 1 0 100.00% 3 0 100.00%
240fido_cred_flags 1 0 100.00% 3 0 100.00% 240fido_cred_flags 1 0 100.00% 3 0 100.00%
241fido_cred_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% 241fido_cred_clientdata_hash_ptr 1 0 100.00% 3 0 100.00%
@@ -246,10 +246,12 @@ fido_cred_sig_ptr 1 0 100.00% 3 0
246fido_cred_sig_len 1 0 100.00% 3 0 100.00% 246fido_cred_sig_len 1 0 100.00% 3 0 100.00%
247fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00% 247fido_cred_authdata_ptr 1 0 100.00% 3 0 100.00%
248fido_cred_authdata_len 1 0 100.00% 3 0 100.00% 248fido_cred_authdata_len 1 0 100.00% 3 0 100.00%
249fido_cred_pubkey_ptr 9 2 77.78% 20 2 90.00% 249fido_cred_pubkey_ptr 9 0 100.00% 20 0 100.00%
250fido_cred_pubkey_len 9 2 77.78% 20 2 90.00% 250fido_cred_pubkey_len 9 0 100.00% 20 0 100.00%
251fido_cred_id_ptr 1 0 100.00% 3 0 100.00% 251fido_cred_id_ptr 1 0 100.00% 3 0 100.00%
252fido_cred_id_len 1 0 100.00% 3 0 100.00% 252fido_cred_id_len 1 0 100.00% 3 0 100.00%
253fido_cred_aaguid_ptr 1 0 100.00% 3 0 100.00%
254fido_cred_aaguid_len 1 0 100.00% 3 0 100.00%
253fido_cred_prot 1 0 100.00% 3 0 100.00% 255fido_cred_prot 1 0 100.00% 3 0 100.00%
254fido_cred_fmt 1 0 100.00% 3 0 100.00% 256fido_cred_fmt 1 0 100.00% 3 0 100.00%
255fido_cred_rp_id 1 0 100.00% 3 0 100.00% 257fido_cred_rp_id 1 0 100.00% 3 0 100.00%
@@ -269,7 +271,7 @@ cred.c:fido_cred_clean_authdata 1 0 100.00% 9 0
269cred.c:fido_cred_clean_x509 1 0 100.00% 5 0 100.00% 271cred.c:fido_cred_clean_x509 1 0 100.00% 5 0 100.00%
270cred.c:fido_cred_clean_sig 1 0 100.00% 5 0 100.00% 272cred.c:fido_cred_clean_sig 1 0 100.00% 5 0 100.00%
271--------------------------------------------------------------------------------------- 273---------------------------------------------------------------------------------------
272TOTAL 534 51 90.45% 830 78 90.60% 274TOTAL 536 23 95.71% 836 29 96.53%
273 275
274File '/libfido2/src/credman.c': 276File '/libfido2/src/credman.c':
275Name Regions Miss Cover Lines Miss Cover 277Name Regions Miss Cover Lines Miss Cover
@@ -295,14 +297,14 @@ fido_credman_rp_id_hash_len 4 0 100.00% 6 0
295fido_credman_rp_id_hash_ptr 4 0 100.00% 6 0 100.00% 297fido_credman_rp_id_hash_ptr 4 0 100.00% 6 0 100.00%
296credman.c:credman_get_metadata_wait 11 0 100.00% 9 0 100.00% 298credman.c:credman_get_metadata_wait 11 0 100.00% 9 0 100.00%
297credman.c:credman_tx 30 0 100.00% 53 0 100.00% 299credman.c:credman_tx 30 0 100.00% 53 0 100.00%
298credman.c:credman_prepare_hmac 21 1 95.24% 43 2 95.35% 300credman.c:credman_prepare_hmac 21 1 95.24% 43 3 93.02%
299credman.c:credman_rx_metadata 11 0 100.00% 21 0 100.00% 301credman.c:credman_rx_metadata 11 0 100.00% 21 0 100.00%
300credman.c:credman_parse_metadata 9 0 100.00% 19 0 100.00% 302credman.c:credman_parse_metadata 9 0 100.00% 19 0 100.00%
301credman.c:credman_get_rk_wait 27 0 100.00% 26 0 100.00% 303credman.c:credman_get_rk_wait 27 0 100.00% 26 0 100.00%
302credman.c:credman_rx_rk 19 0 100.00% 36 0 100.00% 304credman.c:credman_rx_rk 19 0 100.00% 36 0 100.00%
303credman.c:credman_parse_rk_count 16 0 100.00% 25 0 100.00% 305credman.c:credman_parse_rk_count 16 0 100.00% 25 0 100.00%
304credman.c:credman_grow_array 17 2 88.24% 28 5 82.14% 306credman.c:credman_grow_array 17 2 88.24% 28 5 82.14%
305credman.c:credman_parse_rk 13 0 100.00% 25 0 100.00% 307credman.c:credman_parse_rk 22 0 100.00% 31 0 100.00%
306credman.c:credman_rx_next_rk 15 2 86.67% 26 4 84.62% 308credman.c:credman_rx_next_rk 15 2 86.67% 26 4 84.62%
307credman.c:credman_del_rk_wait 16 0 100.00% 19 0 100.00% 309credman.c:credman_del_rk_wait 16 0 100.00% 19 0 100.00%
308credman.c:credman_get_rp_wait 23 0 100.00% 16 0 100.00% 310credman.c:credman_get_rp_wait 23 0 100.00% 16 0 100.00%
@@ -313,7 +315,7 @@ credman.c:credman_rx_next_rp 15 2 86.67% 26 4
313credman.c:credman_reset_rk 4 0 100.00% 10 0 100.00% 315credman.c:credman_reset_rk 4 0 100.00% 10 0 100.00%
314credman.c:credman_reset_rp 4 0 100.00% 15 0 100.00% 316credman.c:credman_reset_rp 4 0 100.00% 15 0 100.00%
315--------------------------------------------------------------------------------------- 317---------------------------------------------------------------------------------------
316TOTAL 376 18 95.21% 589 15 97.45% 318TOTAL 385 18 95.32% 595 16 97.31%
317 319
318File '/libfido2/src/dev.c': 320File '/libfido2/src/dev.c':
319Name Regions Miss Cover Lines Miss Cover 321Name Regions Miss Cover Lines Miss Cover
@@ -324,9 +326,11 @@ fido_dev_info_manifest 17 17 0.00% 24 24
324fido_dev_open_with_info 5 5 0.00% 6 6 0.00% 326fido_dev_open_with_info 5 5 0.00% 6 6 0.00%
325fido_dev_open 1 0 100.00% 3 0 100.00% 327fido_dev_open 1 0 100.00% 3 0 100.00%
326fido_dev_close 8 2 75.00% 9 0 100.00% 328fido_dev_close 8 2 75.00% 9 0 100.00%
327fido_dev_cancel 7 0 100.00% 6 0 100.00% 329fido_dev_cancel 11 0 100.00% 9 0 100.00%
328fido_dev_set_io_functions 18 4 77.78% 16 6 62.50% 330fido_dev_get_touch_begin 50 0 100.00% 68 0 100.00%
329fido_dev_set_transport_functions 6 6 0.00% 10 10 0.00% 331fido_dev_get_touch_status 17 0 100.00% 25 0 100.00%
332fido_dev_set_io_functions 18 4 77.78% 17 6 64.71%
333fido_dev_set_transport_functions 6 6 0.00% 11 11 0.00%
330fido_init 7 1 85.71% 4 0 100.00% 334fido_init 7 1 85.71% 4 0 100.00%
331fido_dev_new 5 0 100.00% 16 0 100.00% 335fido_dev_new 5 0 100.00% 16 0 100.00%
332fido_dev_new_with_info 17 17 0.00% 26 26 0.00% 336fido_dev_new_with_info 17 17 0.00% 26 26 0.00%
@@ -337,15 +341,20 @@ fido_dev_minor 1 0 100.00% 3 0
337fido_dev_build 1 0 100.00% 3 0 100.00% 341fido_dev_build 1 0 100.00% 3 0 100.00%
338fido_dev_flags 1 0 100.00% 3 0 100.00% 342fido_dev_flags 1 0 100.00% 3 0 100.00%
339fido_dev_is_fido2 2 0 100.00% 3 0 100.00% 343fido_dev_is_fido2 2 0 100.00% 3 0 100.00%
340fido_dev_force_u2f 2 0 100.00% 3 0 100.00% 344fido_dev_supports_pin 3 0 100.00% 3 0 100.00%
345fido_dev_has_pin 2 0 100.00% 3 0 100.00%
346fido_dev_supports_cred_prot 2 0 100.00% 3 0 100.00%
347fido_dev_force_u2f 2 0 100.00% 4 0 100.00%
341fido_dev_force_fido2 2 2 0.00% 3 3 0.00% 348fido_dev_force_fido2 2 2 0.00% 3 3 0.00%
342dev.c:find_manifest_func_node 5 5 0.00% 9 9 0.00% 349dev.c:find_manifest_func_node 5 5 0.00% 9 9 0.00%
343dev.c:fido_dev_open_wait 10 0 100.00% 9 0 100.00% 350dev.c:fido_dev_open_wait 10 0 100.00% 9 0 100.00%
344dev.c:fido_dev_open_tx 25 8 68.00% 32 12 62.50% 351dev.c:fido_dev_open_tx 51 13 74.51% 63 23 63.49%
345dev.c:obtain_nonce 4 1 75.00% 5 1 80.00% 352dev.c:obtain_nonce 4 1 75.00% 5 1 80.00%
346dev.c:fido_dev_open_rx 32 0 100.00% 53 0 100.00% 353dev.c:set_random_report_len 11 0 100.00% 6 0 100.00%
354dev.c:fido_dev_open_rx 33 0 100.00% 56 0 100.00%
355dev.c:fido_dev_set_flags 17 0 100.00% 24 0 100.00%
347--------------------------------------------------------------------------------------- 356---------------------------------------------------------------------------------------
348TOTAL 201 85 57.71% 294 128 56.46% 357TOTAL 334 90 73.05% 466 140 69.96%
349 358
350File '/libfido2/src/ecdh.c': 359File '/libfido2/src/ecdh.c':
351Name Regions Miss Cover Lines Miss Cover 360Name Regions Miss Cover Lines Miss Cover
@@ -372,9 +381,9 @@ TOTAL 54 0 100.00% 79 0
372File '/libfido2/src/err.c': 381File '/libfido2/src/err.c':
373Name Regions Miss Cover Lines Miss Cover 382Name Regions Miss Cover Lines Miss Cover
374--------------------------------------------------------------------------------------- 383---------------------------------------------------------------------------------------
375fido_strerr 108 108 0.00% 112 112 0.00% 384fido_strerr 112 8 92.86% 116 8 93.10%
376--------------------------------------------------------------------------------------- 385---------------------------------------------------------------------------------------
377TOTAL 108 108 0.00% 112 112 0.00% 386TOTAL 112 8 92.86% 116 8 93.10%
378 387
379File '/libfido2/src/es256.c': 388File '/libfido2/src/es256.c':
380Name Regions Miss Cover Lines Miss Cover 389Name Regions Miss Cover Lines Miss Cover
@@ -389,14 +398,14 @@ es256_pk_from_ptr 11 0 100.00% 13 0
389es256_pk_set_x 1 0 100.00% 5 0 100.00% 398es256_pk_set_x 1 0 100.00% 5 0 100.00%
390es256_pk_set_y 1 0 100.00% 5 0 100.00% 399es256_pk_set_y 1 0 100.00% 5 0 100.00%
391es256_sk_create 39 0 100.00% 46 0 100.00% 400es256_sk_create 39 0 100.00% 46 0 100.00%
392es256_pk_to_EVP_PKEY 41 0 100.00% 58 0 100.00% 401es256_pk_to_EVP_PKEY 42 0 100.00% 66 0 100.00%
393es256_pk_from_EC_KEY 38 0 100.00% 39 0 100.00% 402es256_pk_from_EC_KEY 38 0 100.00% 43 0 100.00%
394es256_sk_to_EVP_PKEY 27 0 100.00% 41 0 100.00% 403es256_sk_to_EVP_PKEY 28 0 100.00% 50 0 100.00%
395es256_derive_pk 25 0 100.00% 34 0 100.00% 404es256_derive_pk 25 0 100.00% 34 0 100.00%
396es256.c:decode_pubkey_point 9 0 100.00% 16 0 100.00% 405es256.c:decode_pubkey_point 9 0 100.00% 16 0 100.00%
397es256.c:decode_coord 8 0 100.00% 12 0 100.00% 406es256.c:decode_coord 8 0 100.00% 12 0 100.00%
398--------------------------------------------------------------------------------------- 407---------------------------------------------------------------------------------------
399TOTAL 278 0 100.00% 377 0 100.00% 408TOTAL 280 0 100.00% 398 0 100.00%
400 409
401File '/libfido2/src/extern.h': 410File '/libfido2/src/extern.h':
402Name Regions Miss Cover Lines Miss Cover 411Name Regions Miss Cover Lines Miss Cover
@@ -423,20 +432,27 @@ TOTAL 16 16 0.00% 38 38
423File '/libfido2/src/hid_linux.c': 432File '/libfido2/src/hid_linux.c':
424Name Regions Miss Cover Lines Miss Cover 433Name Regions Miss Cover Lines Miss Cover
425--------------------------------------------------------------------------------------- 434---------------------------------------------------------------------------------------
426fido_hid_manifest 33 33 0.00% 46 46 0.00% 435fido_hid_manifest 35 35 0.00% 50 50 0.00%
427fido_hid_open 6 6 0.00% 11 11 0.00% 436fido_hid_open 17 17 0.00% 22 22 0.00%
428fido_hid_close 1 1 0.00% 6 6 0.00% 437fido_hid_close 1 1 0.00% 6 6 0.00%
429fido_hid_read 12 12 0.00% 16 16 0.00% 438fido_hid_read 12 12 0.00% 21 21 0.00%
430fido_hid_write 12 12 0.00% 16 16 0.00% 439fido_hid_write 9 9 0.00% 16 16 0.00%
431hid_linux.c:copy_info 35 35 0.00% 56 56 0.00% 440fido_hid_report_in_len 1 1 0.00% 5 5 0.00%
432hid_linux.c:is_fido 6 6 0.00% 14 14 0.00% 441fido_hid_report_out_len 1 1 0.00% 5 5 0.00%
433hid_linux.c:get_report_descriptor 17 17 0.00% 30 30 0.00% 442hid_linux.c:copy_info 30 30 0.00% 52 52 0.00%
434hid_linux.c:get_usage_info 16 16 0.00% 33 33 0.00% 443hid_linux.c:is_fido 9 9 0.00% 23 23 0.00%
444hid_linux.c:get_usage_info 16 16 0.00% 30 30 0.00%
435hid_linux.c:get_key_len 6 6 0.00% 14 14 0.00% 445hid_linux.c:get_key_len 6 6 0.00% 14 14 0.00%
436hid_linux.c:get_key_val 6 6 0.00% 20 20 0.00% 446hid_linux.c:get_key_val 6 6 0.00% 20 20 0.00%
437hid_linux.c:parse_uevent 16 16 0.00% 30 30 0.00% 447hid_linux.c:get_parent_attr 6 6 0.00% 11 11 0.00%
438--------------------------------------------------------------------------------------- 448hid_linux.c:parse_uevent 12 12 0.00% 28 28 0.00%
439TOTAL 166 166 0.00% 292 292 0.00% 449hid_linux.c:get_usb_attr 1 1 0.00% 3 3 0.00%
450hid_linux.c:get_report_descriptor 11 11 0.00% 18 18 0.00%
451hid_linux.c:get_report_sizes 19 19 0.00% 33 33 0.00%
452hid_linux.c:waitfd 28 28 0.00% 43 43 0.00%
453hid_linux.c:timespec_to_ms 15 15 0.00% 16 16 0.00%
454---------------------------------------------------------------------------------------
455TOTAL 235 235 0.00% 416 416 0.00%
440 456
441File '/libfido2/src/info.c': 457File '/libfido2/src/info.c':
442Name Regions Miss Cover Lines Miss Cover 458Name Regions Miss Cover Lines Miss Cover
@@ -455,11 +471,14 @@ fido_cbor_info_options_name_ptr 1 0 100.00% 3 0
455fido_cbor_info_options_value_ptr 1 0 100.00% 3 0 100.00% 471fido_cbor_info_options_value_ptr 1 0 100.00% 3 0 100.00%
456fido_cbor_info_options_len 1 0 100.00% 3 0 100.00% 472fido_cbor_info_options_len 1 0 100.00% 3 0 100.00%
457fido_cbor_info_maxmsgsiz 1 0 100.00% 3 0 100.00% 473fido_cbor_info_maxmsgsiz 1 0 100.00% 3 0 100.00%
474fido_cbor_info_maxcredcntlst 1 0 100.00% 3 0 100.00%
475fido_cbor_info_maxcredidlen 1 0 100.00% 3 0 100.00%
476fido_cbor_info_fwversion 1 0 100.00% 3 0 100.00%
458fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00% 477fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00%
459fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00% 478fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00%
460info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 12 0 100.00% 479info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 12 0 100.00%
461info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 18 0 100.00% 480info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 18 0 100.00%
462info.c:parse_reply_element 13 0 100.00% 27 0 100.00% 481info.c:parse_reply_element 16 0 100.00% 33 0 100.00%
463info.c:decode_versions 12 0 100.00% 21 0 100.00% 482info.c:decode_versions 12 0 100.00% 21 0 100.00%
464info.c:decode_version 4 0 100.00% 14 0 100.00% 483info.c:decode_version 4 0 100.00% 14 0 100.00%
465info.c:decode_extensions 12 0 100.00% 21 0 100.00% 484info.c:decode_extensions 12 0 100.00% 21 0 100.00%
@@ -473,23 +492,23 @@ info.c:free_str_array 4 0 100.00% 8 0
473info.c:free_opt_array 4 0 100.00% 9 0 100.00% 492info.c:free_opt_array 4 0 100.00% 9 0 100.00%
474info.c:free_byte_array 1 0 100.00% 6 0 100.00% 493info.c:free_byte_array 1 0 100.00% 6 0 100.00%
475--------------------------------------------------------------------------------------- 494---------------------------------------------------------------------------------------
476TOTAL 146 0 100.00% 304 0 100.00% 495TOTAL 152 0 100.00% 319 0 100.00%
477 496
478File '/libfido2/src/io.c': 497File '/libfido2/src/io.c':
479Name Regions Miss Cover Lines Miss Cover 498Name Regions Miss Cover Lines Miss Cover
480--------------------------------------------------------------------------------------- 499---------------------------------------------------------------------------------------
481fido_tx 14 1 92.86% 18 0 100.00% 500fido_tx 13 1 92.31% 14 0 100.00%
482fido_rx 13 2 84.62% 21 3 85.71% 501fido_rx 13 2 84.62% 19 3 84.21%
483fido_rx_cbor_status 8 0 100.00% 12 0 100.00% 502fido_rx_cbor_status 8 0 100.00% 12 0 100.00%
484io.c:tx_empty 7 0 100.00% 16 0 100.00% 503io.c:tx_empty 9 0 100.00% 17 0 100.00%
485io.c:tx 13 0 100.00% 21 0 100.00% 504io.c:tx 13 0 100.00% 21 0 100.00%
486io.c:tx_preamble 10 0 100.00% 20 0 100.00% 505io.c:tx_preamble 16 1 93.75% 24 1 95.83%
487io.c:tx_frame 9 0 100.00% 18 0 100.00% 506io.c:tx_frame 15 1 93.33% 22 1 95.45%
488io.c:rx 25 1 96.00% 58 4 93.10% 507io.c:rx 40 2 95.00% 68 1 98.53%
489io.c:rx_preamble 18 1 94.44% 25 4 84.00% 508io.c:rx_preamble 21 2 90.48% 28 5 82.14%
490io.c:rx_frame 6 0 100.00% 9 0 100.00% 509io.c:rx_frame 8 0 100.00% 11 0 100.00%
491--------------------------------------------------------------------------------------- 510---------------------------------------------------------------------------------------
492TOTAL 123 5 95.93% 218 11 94.95% 511TOTAL 156 9 94.23% 236 11 95.34%
493 512
494File '/libfido2/src/iso7816.c': 513File '/libfido2/src/iso7816.c':
495Name Regions Miss Cover Lines Miss Cover 514Name Regions Miss Cover Lines Miss Cover
@@ -547,32 +566,34 @@ TOTAL 19 0 100.00% 22 0
547File '/libfido2/src/rs256.c': 566File '/libfido2/src/rs256.c':
548Name Regions Miss Cover Lines Miss Cover 567Name Regions Miss Cover Lines Miss Cover
549--------------------------------------------------------------------------------------- 568---------------------------------------------------------------------------------------
550rs256_pk_decode 8 8 0.00% 10 10 0.00% 569rs256_pk_decode 8 0 100.00% 10 0 100.00%
551rs256_pk_new 1 0 100.00% 3 0 100.00% 570rs256_pk_new 1 0 100.00% 3 0 100.00%
552rs256_pk_free 6 0 100.00% 11 0 100.00% 571rs256_pk_free 6 0 100.00% 11 0 100.00%
553rs256_pk_from_ptr 6 0 100.00% 8 0 100.00% 572rs256_pk_from_ptr 6 0 100.00% 8 0 100.00%
554rs256_pk_to_EVP_PKEY 32 0 100.00% 48 0 100.00% 573rs256_pk_to_EVP_PKEY 32 0 100.00% 48 0 100.00%
555rs256_pk_from_RSA 32 4 87.50% 32 6 81.25% 574rs256_pk_from_RSA 32 4 87.50% 32 6 81.25%
556rs256.c:decode_rsa_pubkey 9 9 0.00% 16 16 0.00% 575rs256.c:decode_rsa_pubkey 9 1 88.89% 16 4 75.00%
557rs256.c:decode_bignum 8 8 0.00% 12 12 0.00% 576rs256.c:decode_bignum 8 1 87.50% 12 3 75.00%
558--------------------------------------------------------------------------------------- 577---------------------------------------------------------------------------------------
559TOTAL 102 29 71.57% 140 44 68.57% 578TOTAL 102 6 94.12% 140 13 90.71%
560 579
561File '/libfido2/src/u2f.c': 580File '/libfido2/src/u2f.c':
562Name Regions Miss Cover Lines Miss Cover 581Name Regions Miss Cover Lines Miss Cover
563--------------------------------------------------------------------------------------- 582---------------------------------------------------------------------------------------
564u2f_register 70 5 92.86% 88 7 92.05% 583u2f_register 70 1 98.57% 88 0 100.00%
565u2f_authenticate 32 4 87.50% 44 2 95.45% 584u2f_authenticate 32 0 100.00% 44 0 100.00%
585u2f_get_touch_begin 30 0 100.00% 46 0 100.00%
586u2f_get_touch_status 18 0 100.00% 29 0 100.00%
566u2f.c:key_lookup 44 0 100.00% 69 0 100.00% 587u2f.c:key_lookup 44 0 100.00% 69 0 100.00%
567u2f.c:send_dummy_register 31 5 83.87% 49 8 83.67% 588u2f.c:send_dummy_register 31 1 96.77% 49 0 100.00%
568u2f.c:parse_register_reply 57 0 100.00% 83 0 100.00% 589u2f.c:parse_register_reply 57 0 100.00% 83 0 100.00%
569u2f.c:x5c_get 21 2 90.48% 37 6 83.78% 590u2f.c:x5c_get 21 1 95.24% 37 3 91.89%
570u2f.c:sig_get 8 1 87.50% 16 6 62.50% 591u2f.c:sig_get 8 1 87.50% 16 6 62.50%
571u2f.c:encode_cred_authdata 37 3 91.89% 82 9 89.02% 592u2f.c:encode_cred_authdata 37 2 94.59% 82 6 92.68%
572u2f.c:cbor_blob_from_ec_point 22 1 95.45% 39 3 92.31% 593u2f.c:cbor_blob_from_ec_point 22 0 100.00% 39 0 100.00%
573u2f.c:u2f_authenticate_single 36 2 94.44% 58 4 93.10% 594u2f.c:u2f_authenticate_single 36 0 100.00% 58 0 100.00%
574u2f.c:do_auth 50 3 94.00% 71 4 94.37% 595u2f.c:do_auth 50 1 98.00% 71 0 100.00%
575u2f.c:parse_auth_reply 23 2 91.30% 29 3 89.66% 596u2f.c:parse_auth_reply 23 2 91.30% 29 3 89.66%
576u2f.c:authdata_fake 12 0 100.00% 34 0 100.00% 597u2f.c:authdata_fake 12 0 100.00% 34 0 100.00%
577--------------------------------------------------------------------------------------- 598---------------------------------------------------------------------------------------
578TOTAL 443 28 93.68% 699 52 92.56% 599TOTAL 491 9 98.17% 774 18 97.67%
diff --git a/fuzz/fuzz_assert.c b/fuzz/fuzz_assert.c
index 5b72658..3ae54eb 100644
--- a/fuzz/fuzz_assert.c
+++ b/fuzz/fuzz_assert.c
@@ -23,39 +23,23 @@
23 23
24#include "../openbsd-compat/openbsd-compat.h" 24#include "../openbsd-compat/openbsd-compat.h"
25 25
26#define TAG_U2F 0x01
27#define TAG_TYPE 0x02
28#define TAG_CDH 0x03
29#define TAG_RP_ID 0x04
30#define TAG_EXT 0x05
31#define TAG_SEED 0x06
32#define TAG_UP 0x07
33#define TAG_UV 0x08
34#define TAG_WIRE_DATA 0x09
35#define TAG_CRED_COUNT 0x0a
36#define TAG_CRED 0x0b
37#define TAG_ES256 0x0c
38#define TAG_RS256 0x0d
39#define TAG_PIN 0x0e
40#define TAG_EDDSA 0x0f
41
42/* Parameter set defining a FIDO2 get assertion operation. */ 26/* Parameter set defining a FIDO2 get assertion operation. */
43struct param { 27struct param {
44 char pin[MAXSTR]; 28 char pin[MAXSTR];
45 char rp_id[MAXSTR]; 29 char rp_id[MAXSTR];
46 int ext; 30 int ext;
47 int seed; 31 int seed;
48 struct blob cdh; 32 struct blob cdh;
49 struct blob cred; 33 struct blob cred;
50 struct blob es256; 34 struct blob es256;
51 struct blob rs256; 35 struct blob rs256;
52 struct blob eddsa; 36 struct blob eddsa;
53 struct blob wire_data; 37 struct blob wire_data;
54 uint8_t cred_count; 38 uint8_t cred_count;
55 uint8_t type; 39 uint8_t type;
56 uint8_t u2f; 40 uint8_t u2f;
57 uint8_t up; 41 uint8_t up;
58 uint8_t uv; 42 uint8_t uv;
59}; 43};
60 44
61/* 45/*
@@ -83,73 +67,153 @@ static const uint8_t dummy_wire_data_u2f[] = {
83 WIREDATA_CTAP_U2F_AUTH, 67 WIREDATA_CTAP_U2F_AUTH,
84}; 68};
85 69
86int LLVMFuzzerTestOneInput(const uint8_t *, size_t); 70struct param *
87size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); 71unpack(const uint8_t *ptr, size_t len)
88
89static int
90unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
91{ 72{
92 uint8_t **pp = (void *)&ptr; 73 cbor_item_t *item = NULL, **v;
93 74 struct cbor_load_result cbor;
94 if (unpack_byte(TAG_UV, pp, &len, &p->uv) < 0 || 75 struct param *p;
95 unpack_byte(TAG_UP, pp, &len, &p->up) < 0 || 76 int ok = -1;
96 unpack_byte(TAG_U2F, pp, &len, &p->u2f) < 0 || 77
97 unpack_byte(TAG_TYPE, pp, &len, &p->type) < 0 || 78 if ((p = calloc(1, sizeof(*p))) == NULL ||
98 unpack_byte(TAG_CRED_COUNT, pp, &len, &p->cred_count) < 0 || 79 (item = cbor_load(ptr, len, &cbor)) == NULL ||
99 unpack_int(TAG_EXT, pp, &len, &p->ext) < 0 || 80 cbor.read != len ||
100 unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || 81 cbor_isa_array(item) == false ||
101 unpack_string(TAG_RP_ID, pp, &len, p->rp_id) < 0 || 82 cbor_array_is_definite(item) == false ||
102 unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || 83 cbor_array_size(item) != 15 ||
103 unpack_blob(TAG_WIRE_DATA, pp, &len, &p->wire_data) < 0 || 84 (v = cbor_array_handle(item)) == NULL)
104 unpack_blob(TAG_RS256, pp, &len, &p->rs256) < 0 || 85 goto fail;
105 unpack_blob(TAG_ES256, pp, &len, &p->es256) < 0 || 86
106 unpack_blob(TAG_EDDSA, pp, &len, &p->eddsa) < 0 || 87 if (unpack_byte(v[0], &p->uv) < 0 ||
107 unpack_blob(TAG_CRED, pp, &len, &p->cred) < 0 || 88 unpack_byte(v[1], &p->up) < 0 ||
108 unpack_blob(TAG_CDH, pp, &len, &p->cdh) < 0) 89 unpack_byte(v[2], &p->u2f) < 0 ||
109 return (-1); 90 unpack_byte(v[3], &p->type) < 0 ||
110 91 unpack_byte(v[4], &p->cred_count) < 0 ||
111 return (0); 92 unpack_int(v[5], &p->ext) < 0 ||
93 unpack_int(v[6], &p->seed) < 0 ||
94 unpack_string(v[7], p->rp_id) < 0 ||
95 unpack_string(v[8], p->pin) < 0 ||
96 unpack_blob(v[9], &p->wire_data) < 0 ||
97 unpack_blob(v[10], &p->rs256) < 0 ||
98 unpack_blob(v[11], &p->es256) < 0 ||
99 unpack_blob(v[12], &p->eddsa) < 0 ||
100 unpack_blob(v[13], &p->cred) < 0 ||
101 unpack_blob(v[14], &p->cdh) < 0)
102 goto fail;
103
104 ok = 0;
105fail:
106 if (ok < 0) {
107 free(p);
108 p = NULL;
109 }
110
111 if (item)
112 cbor_decref(&item);
113
114 return p;
112} 115}
113 116
114static size_t 117size_t
115pack(uint8_t *ptr, size_t len, const struct param *p) 118pack(uint8_t *ptr, size_t len, const struct param *p)
116{ 119{
117 const size_t max = len; 120 cbor_item_t *argv[15], *array = NULL;
118 121 size_t cbor_alloc_len, cbor_len = 0;
119 if (pack_byte(TAG_UV, &ptr, &len, p->uv) < 0 || 122 unsigned char *cbor = NULL;
120 pack_byte(TAG_UP, &ptr, &len, p->up) < 0 || 123
121 pack_byte(TAG_U2F, &ptr, &len, p->u2f) < 0 || 124 memset(argv, 0, sizeof(argv));
122 pack_byte(TAG_TYPE, &ptr, &len, p->type) < 0 || 125
123 pack_byte(TAG_CRED_COUNT, &ptr, &len, p->cred_count) < 0 || 126 if ((array = cbor_new_definite_array(15)) == NULL ||
124 pack_int(TAG_EXT, &ptr, &len, p->ext) < 0 || 127 (argv[0] = pack_byte(p->uv)) == NULL ||
125 pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || 128 (argv[1] = pack_byte(p->up)) == NULL ||
126 pack_string(TAG_RP_ID, &ptr, &len, p->rp_id) < 0 || 129 (argv[2] = pack_byte(p->u2f)) == NULL ||
127 pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || 130 (argv[3] = pack_byte(p->type)) == NULL ||
128 pack_blob(TAG_WIRE_DATA, &ptr, &len, &p->wire_data) < 0 || 131 (argv[4] = pack_byte(p->cred_count)) == NULL ||
129 pack_blob(TAG_RS256, &ptr, &len, &p->rs256) < 0 || 132 (argv[5] = pack_int(p->ext)) == NULL ||
130 pack_blob(TAG_ES256, &ptr, &len, &p->es256) < 0 || 133 (argv[6] = pack_int(p->seed)) == NULL ||
131 pack_blob(TAG_EDDSA, &ptr, &len, &p->eddsa) < 0 || 134 (argv[7] = pack_string(p->rp_id)) == NULL ||
132 pack_blob(TAG_CRED, &ptr, &len, &p->cred) < 0 || 135 (argv[8] = pack_string(p->pin)) == NULL ||
133 pack_blob(TAG_CDH, &ptr, &len, &p->cdh) < 0) 136 (argv[9] = pack_blob(&p->wire_data)) == NULL ||
134 return (0); 137 (argv[10] = pack_blob(&p->rs256)) == NULL ||
135 138 (argv[11] = pack_blob(&p->es256)) == NULL ||
136 return (max - len); 139 (argv[12] = pack_blob(&p->eddsa)) == NULL ||
140 (argv[13] = pack_blob(&p->cred)) == NULL ||
141 (argv[14] = pack_blob(&p->cdh)) == NULL)
142 goto fail;
143
144 for (size_t i = 0; i < 15; i++)
145 if (cbor_array_push(array, argv[i]) == false)
146 goto fail;
147
148 if ((cbor_len = cbor_serialize_alloc(array, &cbor,
149 &cbor_alloc_len)) > len) {
150 cbor_len = 0;
151 goto fail;
152 }
153
154 memcpy(ptr, cbor, cbor_len);
155fail:
156 for (size_t i = 0; i < 15; i++)
157 if (argv[i])
158 cbor_decref(&argv[i]);
159
160 if (array)
161 cbor_decref(&array);
162
163 free(cbor);
164
165 return cbor_len;
137} 166}
138 167
139static size_t 168size_t
140input_len(int max) 169pack_dummy(uint8_t *ptr, size_t len)
141{ 170{
142 return (5 * len_byte() + 2 * len_int() + 2 * len_string(max) + 171 struct param dummy;
143 6 * len_blob(max)); 172 uint8_t blob[4096];
173 size_t blob_len;
174
175 memset(&dummy, 0, sizeof(dummy));
176
177 dummy.type = 1; /* rsa */
178 dummy.ext = FIDO_EXT_HMAC_SECRET;
179
180 strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin));
181 strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id));
182
183 dummy.cred.len = sizeof(dummy_cdh); /* XXX */
184 dummy.cdh.len = sizeof(dummy_cdh);
185 dummy.es256.len = sizeof(dummy_es256);
186 dummy.rs256.len = sizeof(dummy_rs256);
187 dummy.eddsa.len = sizeof(dummy_eddsa);
188 dummy.wire_data.len = sizeof(dummy_wire_data_fido);
189
190 memcpy(&dummy.cred.body, &dummy_cdh, dummy.cred.len); /* XXX */
191 memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
192 memcpy(&dummy.wire_data.body, &dummy_wire_data_fido,
193 dummy.wire_data.len);
194 memcpy(&dummy.es256.body, &dummy_es256, dummy.es256.len);
195 memcpy(&dummy.rs256.body, &dummy_rs256, dummy.rs256.len);
196 memcpy(&dummy.eddsa.body, &dummy_eddsa, dummy.eddsa.len);
197
198 assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0);
199
200 if (blob_len > len) {
201 memcpy(ptr, blob, len);
202 return len;
203 }
204
205 memcpy(ptr, blob, blob_len);
206
207 return blob_len;
144} 208}
145 209
146static void 210static void
147get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh, 211get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh,
148 const char *rp_id, int ext, uint8_t up, uint8_t uv, const char *pin, 212 const char *rp_id, int ext, uint8_t up, uint8_t uv, const char *pin,
149 uint8_t cred_count, struct blob *cred) 213 uint8_t cred_count, const struct blob *cred)
150{ 214{
151 fido_dev_t *dev; 215 fido_dev_t *dev;
152 fido_dev_io_t io; 216 fido_dev_io_t io;
153 217
154 memset(&io, 0, sizeof(io)); 218 memset(&io, 0, sizeof(io));
155 219
@@ -166,21 +230,31 @@ get_assert(fido_assert_t *assert, uint8_t u2f, const struct blob *cdh,
166 230
167 if (u2f & 1) 231 if (u2f & 1)
168 fido_dev_force_u2f(dev); 232 fido_dev_force_u2f(dev);
169
170 for (uint8_t i = 0; i < cred_count; i++)
171 fido_assert_allow_cred(assert, cred->body, cred->len);
172
173 fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len);
174 fido_assert_set_rp(assert, rp_id);
175 if (ext & 1) 233 if (ext & 1)
176 fido_assert_set_extensions(assert, FIDO_EXT_HMAC_SECRET); 234 fido_assert_set_extensions(assert, FIDO_EXT_HMAC_SECRET);
177 if (up & 1) 235 if (up & 1)
178 fido_assert_set_up(assert, FIDO_OPT_TRUE); 236 fido_assert_set_up(assert, FIDO_OPT_TRUE);
237 else if (u2f &1)
238 fido_assert_set_up(assert, FIDO_OPT_FALSE);
179 if (uv & 1) 239 if (uv & 1)
180 fido_assert_set_uv(assert, FIDO_OPT_TRUE); 240 fido_assert_set_uv(assert, FIDO_OPT_TRUE);
181 /* XXX reuse cred as hmac salt to keep struct param small */ 241
242 for (uint8_t i = 0; i < cred_count; i++)
243 fido_assert_allow_cred(assert, cred->body, cred->len);
244
245 fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len);
246 fido_assert_set_rp(assert, rp_id);
247 /* XXX reuse cred as hmac salt */
182 fido_assert_set_hmac_salt(assert, cred->body, cred->len); 248 fido_assert_set_hmac_salt(assert, cred->body, cred->len);
183 249
250 /* repeat memory operations to trigger reallocation paths */
251 fido_assert_set_clientdata_hash(assert, cdh->body, cdh->len);
252 fido_assert_set_rp(assert, rp_id);
253 fido_assert_set_hmac_salt(assert, cred->body, cred->len);
254
255 if (strlen(pin) == 0)
256 pin = NULL;
257
184 fido_dev_get_assert(dev, assert, u2f & 1 ? NULL : pin); 258 fido_dev_get_assert(dev, assert, u2f & 1 ? NULL : pin);
185 259
186 fido_dev_cancel(dev); 260 fido_dev_cancel(dev);
@@ -194,7 +268,7 @@ verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len,
194 const unsigned char *sig_ptr, size_t sig_len, uint8_t up, uint8_t uv, 268 const unsigned char *sig_ptr, size_t sig_len, uint8_t up, uint8_t uv,
195 int ext, void *pk) 269 int ext, void *pk)
196{ 270{
197 fido_assert_t *assert = NULL; 271 fido_assert_t *assert = NULL;
198 272
199 if ((assert = fido_assert_new()) == NULL) 273 if ((assert = fido_assert_new()) == NULL)
200 return; 274 return;
@@ -202,16 +276,30 @@ verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len,
202 fido_assert_set_clientdata_hash(assert, cdh_ptr, cdh_len); 276 fido_assert_set_clientdata_hash(assert, cdh_ptr, cdh_len);
203 fido_assert_set_rp(assert, rp_id); 277 fido_assert_set_rp(assert, rp_id);
204 fido_assert_set_count(assert, 1); 278 fido_assert_set_count(assert, 1);
279
205 if (fido_assert_set_authdata(assert, 0, authdata_ptr, 280 if (fido_assert_set_authdata(assert, 0, authdata_ptr,
206 authdata_len) != FIDO_OK) { 281 authdata_len) != FIDO_OK) {
207 fido_assert_set_authdata_raw(assert, 0, authdata_ptr, 282 fido_assert_set_authdata_raw(assert, 0, authdata_ptr,
208 authdata_len); 283 authdata_len);
209 } 284 }
285
286 if (up & 1)
287 fido_assert_set_up(assert, FIDO_OPT_TRUE);
288 if (uv & 1)
289 fido_assert_set_uv(assert, FIDO_OPT_TRUE);
290
210 fido_assert_set_extensions(assert, ext); 291 fido_assert_set_extensions(assert, ext);
211 if (up & 1) fido_assert_set_up(assert, FIDO_OPT_TRUE);
212 if (uv & 1) fido_assert_set_uv(assert, FIDO_OPT_TRUE);
213 fido_assert_set_sig(assert, 0, sig_ptr, sig_len); 292 fido_assert_set_sig(assert, 0, sig_ptr, sig_len);
214 fido_assert_verify(assert, 0, type, pk); 293
294 /* repeat memory operations to trigger reallocation paths */
295 if (fido_assert_set_authdata(assert, 0, authdata_ptr,
296 authdata_len) != FIDO_OK) {
297 fido_assert_set_authdata_raw(assert, 0, authdata_ptr,
298 authdata_len);
299 }
300 fido_assert_set_sig(assert, 0, sig_ptr, sig_len);
301
302 assert(fido_assert_verify(assert, 0, type, pk) != FIDO_OK);
215 303
216 fido_assert_free(&assert); 304 fido_assert_free(&assert);
217} 305}
@@ -262,38 +350,30 @@ out:
262 EVP_PKEY_free(pkey); 350 EVP_PKEY_free(pkey);
263} 351}
264 352
265int 353void
266LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 354test(const struct param *p)
267{ 355{
268 struct param p; 356 fido_assert_t *assert = NULL;
269 fido_assert_t *assert = NULL; 357 es256_pk_t *es256_pk = NULL;
270 es256_pk_t *es256_pk = NULL; 358 rs256_pk_t *rs256_pk = NULL;
271 rs256_pk_t *rs256_pk = NULL; 359 eddsa_pk_t *eddsa_pk = NULL;
272 eddsa_pk_t *eddsa_pk = NULL; 360 uint8_t flags;
273 uint8_t flags; 361 uint32_t sigcount;
274 uint32_t sigcount; 362 int cose_alg = 0;
275 int cose_alg = 0; 363 void *pk;
276 void *pk; 364
277 365 prng_init((unsigned int)p->seed);
278 memset(&p, 0, sizeof(p));
279
280 if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
281 unpack(data, size, &p) < 0)
282 return (0);
283
284 prng_init((unsigned int)p.seed);
285
286 fido_init(FIDO_DEBUG); 366 fido_init(FIDO_DEBUG);
287 fido_set_log_handler(consume_str); 367 fido_set_log_handler(consume_str);
288 368
289 switch (p.type & 3) { 369 switch (p->type & 3) {
290 case 0: 370 case 0:
291 cose_alg = COSE_ES256; 371 cose_alg = COSE_ES256;
292 372
293 if ((es256_pk = es256_pk_new()) == NULL) 373 if ((es256_pk = es256_pk_new()) == NULL)
294 return (0); 374 return;
295 375
296 es256_pk_from_ptr(es256_pk, p.es256.body, p.es256.len); 376 es256_pk_from_ptr(es256_pk, p->es256.body, p->es256.len);
297 pk = es256_pk; 377 pk = es256_pk;
298 378
299 break; 379 break;
@@ -301,9 +381,9 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
301 cose_alg = COSE_RS256; 381 cose_alg = COSE_RS256;
302 382
303 if ((rs256_pk = rs256_pk_new()) == NULL) 383 if ((rs256_pk = rs256_pk_new()) == NULL)
304 return (0); 384 return;
305 385
306 rs256_pk_from_ptr(rs256_pk, p.rs256.body, p.rs256.len); 386 rs256_pk_from_ptr(rs256_pk, p->rs256.body, p->rs256.len);
307 pk = rs256_pk; 387 pk = rs256_pk;
308 388
309 rs256_convert(pk); 389 rs256_convert(pk);
@@ -313,9 +393,9 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
313 cose_alg = COSE_EDDSA; 393 cose_alg = COSE_EDDSA;
314 394
315 if ((eddsa_pk = eddsa_pk_new()) == NULL) 395 if ((eddsa_pk = eddsa_pk_new()) == NULL)
316 return (0); 396 return;
317 397
318 eddsa_pk_from_ptr(eddsa_pk, p.eddsa.body, p.eddsa.len); 398 eddsa_pk_from_ptr(eddsa_pk, p->eddsa.body, p->eddsa.len);
319 pk = eddsa_pk; 399 pk = eddsa_pk;
320 400
321 eddsa_convert(pk); 401 eddsa_convert(pk);
@@ -326,10 +406,10 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
326 if ((assert = fido_assert_new()) == NULL) 406 if ((assert = fido_assert_new()) == NULL)
327 goto out; 407 goto out;
328 408
329 set_wire_data(p.wire_data.body, p.wire_data.len); 409 set_wire_data(p->wire_data.body, p->wire_data.len);
330 410
331 get_assert(assert, p.u2f, &p.cdh, p.rp_id, p.ext, p.up, p.uv, p.pin, 411 get_assert(assert, p->u2f, &p->cdh, p->rp_id, p->ext, p->up, p->uv,
332 p.cred_count, &p.cred); 412 p->pin, p->cred_count, &p->cred);
333 413
334 /* XXX +1 on purpose */ 414 /* XXX +1 on purpose */
335 for (size_t i = 0; i <= fido_assert_count(assert); i++) { 415 for (size_t i = 0; i <= fido_assert_count(assert); i++) {
@@ -340,7 +420,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
340 fido_assert_authdata_ptr(assert, i), 420 fido_assert_authdata_ptr(assert, i),
341 fido_assert_authdata_len(assert, i), 421 fido_assert_authdata_len(assert, i),
342 fido_assert_sig_ptr(assert, i), 422 fido_assert_sig_ptr(assert, i),
343 fido_assert_sig_len(assert, i), p.up, p.uv, p.ext, pk); 423 fido_assert_sig_len(assert, i), p->up, p->uv, p->ext, pk);
344 consume(fido_assert_id_ptr(assert, i), 424 consume(fido_assert_id_ptr(assert, i),
345 fido_assert_id_len(assert, i)); 425 fido_assert_id_len(assert, i));
346 consume(fido_assert_user_id_ptr(assert, i), 426 consume(fido_assert_user_id_ptr(assert, i),
@@ -365,103 +445,40 @@ out:
365 eddsa_pk_free(&eddsa_pk); 445 eddsa_pk_free(&eddsa_pk);
366 446
367 fido_assert_free(&assert); 447 fido_assert_free(&assert);
368
369 return (0);
370} 448}
371 449
372static size_t 450void
373pack_dummy(uint8_t *ptr, size_t len) 451mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN
374{ 452{
375 struct param dummy; 453 if (flags & MUTATE_SEED)
376 uint8_t blob[16384]; 454 p->seed = (int)seed;
377 size_t blob_len; 455
378 456 if (flags & MUTATE_PARAM) {
379 memset(&dummy, 0, sizeof(dummy)); 457 mutate_byte(&p->uv);
380 458 mutate_byte(&p->up);
381 dummy.type = 1; /* rsa */ 459 mutate_byte(&p->u2f);
382 dummy.ext = FIDO_EXT_HMAC_SECRET; 460 mutate_byte(&p->type);
383 461 mutate_byte(&p->cred_count);
384 strlcpy(dummy.pin, dummy_pin, sizeof(dummy.pin)); 462 mutate_int(&p->ext);
385 strlcpy(dummy.rp_id, dummy_rp_id, sizeof(dummy.rp_id)); 463 mutate_blob(&p->rs256);
386 464 mutate_blob(&p->es256);
387 dummy.cred.len = sizeof(dummy_cdh); /* XXX */ 465 mutate_blob(&p->eddsa);
388 dummy.cdh.len = sizeof(dummy_cdh); 466 mutate_blob(&p->cred);
389 dummy.es256.len = sizeof(dummy_es256); 467 mutate_blob(&p->cdh);
390 dummy.rs256.len = sizeof(dummy_rs256); 468 mutate_string(p->rp_id);
391 dummy.eddsa.len = sizeof(dummy_eddsa); 469 mutate_string(p->pin);
392 dummy.wire_data.len = sizeof(dummy_wire_data_fido);
393
394 memcpy(&dummy.cred.body, &dummy_cdh, dummy.cred.len); /* XXX */
395 memcpy(&dummy.cdh.body, &dummy_cdh, dummy.cdh.len);
396 memcpy(&dummy.wire_data.body, &dummy_wire_data_fido,
397 dummy.wire_data.len);
398 memcpy(&dummy.es256.body, &dummy_es256, dummy.es256.len);
399 memcpy(&dummy.rs256.body, &dummy_rs256, dummy.rs256.len);
400 memcpy(&dummy.eddsa.body, &dummy_eddsa, dummy.eddsa.len);
401
402 blob_len = pack(blob, sizeof(blob), &dummy);
403 assert(blob_len != 0);
404
405 if (blob_len > len) {
406 memcpy(ptr, blob, len);
407 return (len);
408 } 470 }
409 471
410 memcpy(ptr, blob, blob_len); 472 if (flags & MUTATE_WIREDATA) {
411 473 if (p->u2f & 1) {
412 return (blob_len); 474 p->wire_data.len = sizeof(dummy_wire_data_u2f);
413} 475 memcpy(&p->wire_data.body, &dummy_wire_data_u2f,
414 476 p->wire_data.len);
415size_t 477 } else {
416LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize, 478 p->wire_data.len = sizeof(dummy_wire_data_fido);
417 unsigned int seed) NO_MSAN 479 memcpy(&p->wire_data.body, &dummy_wire_data_fido,
418{ 480 p->wire_data.len);
419 struct param p; 481 }
420 uint8_t blob[16384]; 482 mutate_blob(&p->wire_data);
421 size_t blob_len;
422
423 (void)seed;
424
425 memset(&p, 0, sizeof(p));
426
427 if (unpack(data, size, &p) < 0)
428 return (pack_dummy(data, maxsize));
429
430 mutate_byte(&p.uv);
431 mutate_byte(&p.up);
432 mutate_byte(&p.u2f);
433 mutate_byte(&p.type);
434 mutate_byte(&p.cred_count);
435
436 mutate_int(&p.ext);
437 p.seed = (int)seed;
438
439 if (p.u2f & 1) {
440 p.wire_data.len = sizeof(dummy_wire_data_u2f);
441 memcpy(&p.wire_data.body, &dummy_wire_data_u2f,
442 p.wire_data.len);
443 } else {
444 p.wire_data.len = sizeof(dummy_wire_data_fido);
445 memcpy(&p.wire_data.body, &dummy_wire_data_fido,
446 p.wire_data.len);
447 } 483 }
448
449 mutate_blob(&p.wire_data);
450 mutate_blob(&p.rs256);
451 mutate_blob(&p.es256);
452 mutate_blob(&p.eddsa);
453 mutate_blob(&p.cred);
454 mutate_blob(&p.cdh);
455
456 mutate_string(p.rp_id);
457 mutate_string(p.pin);
458
459 blob_len = pack(blob, sizeof(blob), &p);
460
461 if (blob_len == 0 || blob_len > maxsize)
462 return (0);
463
464 memcpy(data, blob, blob_len);
465
466 return (blob_len);
467} 484}
diff --git a/fuzz/fuzz_bio.c b/fuzz/fuzz_bio.c
index 05f6ce3..5051a34 100644
--- a/fuzz/fuzz_bio.c
+++ b/fuzz/fuzz_bio.c
@@ -19,27 +19,17 @@
19 19
20#include "../openbsd-compat/openbsd-compat.h" 20#include "../openbsd-compat/openbsd-compat.h"
21 21
22#define TAG_PIN 0x01
23#define TAG_NAME 0x02
24#define TAG_SEED 0x03
25#define TAG_ID 0x04
26#define TAG_INFO_WIRE_DATA 0x05
27#define TAG_ENROLL_WIRE_DATA 0x06
28#define TAG_LIST_WIRE_DATA 0x07
29#define TAG_SET_NAME_WIRE_DATA 0x08
30#define TAG_REMOVE_WIRE_DATA 0x09
31
32/* Parameter set defining a FIDO2 credential management operation. */ 22/* Parameter set defining a FIDO2 credential management operation. */
33struct param { 23struct param {
34 char pin[MAXSTR]; 24 char pin[MAXSTR];
35 char name[MAXSTR]; 25 char name[MAXSTR];
36 int seed; 26 int seed;
37 struct blob id; 27 struct blob id;
38 struct blob info_wire_data; 28 struct blob info_wire_data;
39 struct blob enroll_wire_data; 29 struct blob enroll_wire_data;
40 struct blob list_wire_data; 30 struct blob list_wire_data;
41 struct blob set_name_wire_data; 31 struct blob set_name_wire_data;
42 struct blob remove_wire_data; 32 struct blob remove_wire_data;
43}; 33};
44 34
45/* 35/*
@@ -100,58 +90,141 @@ static const uint8_t dummy_remove_wire_data[] = {
100 WIREDATA_CTAP_CBOR_STATUS, 90 WIREDATA_CTAP_CBOR_STATUS,
101}; 91};
102 92
103int LLVMFuzzerTestOneInput(const uint8_t *, size_t); 93struct param *
104size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int); 94unpack(const uint8_t *ptr, size_t len)
105
106static int
107unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
108{ 95{
109 uint8_t **pp = (void *)&ptr; 96 cbor_item_t *item = NULL, **v;
110 97 struct cbor_load_result cbor;
111 if (unpack_string(TAG_PIN, pp, &len, p->pin) < 0 || 98 struct param *p;
112 unpack_string(TAG_NAME, pp, &len, p->name) < 0 || 99 int ok = -1;
113 unpack_int(TAG_SEED, pp, &len, &p->seed) < 0 || 100
114 unpack_blob(TAG_ID, pp, &len, &p->id) < 0 || 101 if ((p = calloc(1, sizeof(*p))) == NULL ||
115 unpack_blob(TAG_INFO_WIRE_DATA, pp, &len, &p->info_wire_data) < 0 || 102 (item = cbor_load(ptr, len, &cbor)) == NULL ||
116 unpack_blob(TAG_ENROLL_WIRE_DATA, pp, &len, &p->enroll_wire_data) < 0 || 103 cbor.read != len ||
117 unpack_blob(TAG_LIST_WIRE_DATA, pp, &len, &p->list_wire_data) < 0 || 104 cbor_isa_array(item) == false ||
118 unpack_blob(TAG_SET_NAME_WIRE_DATA, pp, &len, &p->set_name_wire_data) < 0 || 105 cbor_array_is_definite(item) == false ||
119 unpack_blob(TAG_REMOVE_WIRE_DATA, pp, &len, &p->remove_wire_data) < 0) 106 cbor_array_size(item) != 9 ||
120 return (-1); 107 (v = cbor_array_handle(item)) == NULL)
121 108 goto fail;
122 return (0); 109
110 if (unpack_int(v[0], &p->seed) < 0 ||
111 unpack_string(v[1], p->pin) < 0 ||
112 unpack_string(v[2], p->name) < 0 ||
113 unpack_blob(v[3], &p->id) < 0 ||
114 unpack_blob(v[4], &p->info_wire_data) < 0 ||
115 unpack_blob(v[5], &p->enroll_wire_data) < 0 ||
116 unpack_blob(v[6], &p->list_wire_data) < 0 ||
117 unpack_blob(v[7], &p->set_name_wire_data) < 0 ||
118 unpack_blob(v[8], &p->remove_wire_data) < 0)
119 goto fail;
120
121 ok = 0;
122fail:
123 if (ok < 0) {
124 free(p);
125 p = NULL;
126 }
127
128 if (item)
129 cbor_decref(&item);
130
131 return p;
123} 132}
124 133
125static size_t 134size_t
126pack(uint8_t *ptr, size_t len, const struct param *p) 135pack(uint8_t *ptr, size_t len, const struct param *p)
127{ 136{
128 const size_t max = len; 137 cbor_item_t *argv[9], *array = NULL;
129 138 size_t cbor_alloc_len, cbor_len = 0;
130 if (pack_string(TAG_PIN, &ptr, &len, p->pin) < 0 || 139 unsigned char *cbor = NULL;
131 pack_string(TAG_NAME, &ptr, &len, p->name) < 0 || 140
132 pack_int(TAG_SEED, &ptr, &len, p->seed) < 0 || 141 memset(argv, 0, sizeof(argv));
133 pack_blob(TAG_ID, &ptr, &len, &p->id) < 0 || 142
134 pack_blob(TAG_INFO_WIRE_DATA, &ptr, &len, &p->info_wire_data) < 0 || 143 if ((array = cbor_new_definite_array(9)) == NULL ||
135 pack_blob(TAG_ENROLL_WIRE_DATA, &ptr, &len, &p->enroll_wire_data) < 0 || 144 (argv[0] = pack_int(p->seed)) == NULL ||
136 pack_blob(TAG_LIST_WIRE_DATA, &ptr, &len, &p->list_wire_data) < 0 || 145 (argv[1] = pack_string(p->pin)) == NULL ||
137 pack_blob(TAG_SET_NAME_WIRE_DATA, &ptr, &len, &p->set_name_wire_data) < 0 || 146 (argv[2] = pack_string(p->name)) == NULL ||
138 pack_blob(TAG_REMOVE_WIRE_DATA, &ptr, &len, &p->remove_wire_data) < 0) 147 (argv[3] = pack_blob(&p->id)) == NULL ||
139 return (0); 148 (argv[4] = pack_blob(&p->info_wire_data)) == NULL ||
140 149 (argv[5] = pack_blob(&p->enroll_wire_data)) == NULL ||
141 return (max - len); 150 (argv[6] = pack_blob(&p->list_wire_data)) == NULL ||
151 (argv[7] = pack_blob(&p->set_name_wire_data)) == NULL ||
152 (argv[8] = pack_blob(&p->remove_wire_data)) == NULL)
153 goto fail;
154
155 for (size_t i = 0; i < 9; i++)
156 if (cbor_array_push(array, argv[i]) == false)
157 goto fail;
158
159 if ((cbor_len = cbor_serialize_alloc(array, &cbor,
160 &cbor_alloc_len)) > len) {
161 cbor_len = 0;
162 goto fail;
163 }
164
165 memcpy(ptr, cbor, cbor_len);
166fail:
167 for (size_t i = 0; i < 9; i++)
168 if (argv[i])
169 cbor_decref(&argv[i]);
170
171 if (array)
172 cbor_decref(&array);
173
174 free(cbor);
175
176 return cbor_len;
142} 177}
143