1 files changed, 364 insertions, 0 deletions
diff --git a/tools/token.c b/tools/token.c
new file mode 100644
index 0000000..b149208
--- /dev/null
+++ b/tools/token.c
@@ -0,0 +1,364 @@
+/*
+ * Copyright (c) 2018 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#include <fido.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include "../openbsd-compat/openbsd-compat.h"
+#include "extern.h"
+static void
+format_flags(char *ret, size_t retlen, uint8_t flags)
+{
+        memset(ret, 0, retlen);
+        if (flags & FIDO_CAP_WINK) {
+                if (strlcat(ret, "wink,", retlen) >= retlen)
+                        goto toolong;
+        } else {
+                if (strlcat(ret, "nowink,", retlen) >= retlen)
+                        goto toolong;
+        }
+        if (flags & FIDO_CAP_CBOR) {
+                if (strlcat(ret, " cbor,", retlen) >= retlen)
+                        goto toolong;
+        } else {
+                if (strlcat(ret, " nocbor,", retlen) >= retlen)
+                        goto toolong;
+        }
+        if (flags & FIDO_CAP_NMSG) {
+                if (strlcat(ret, " nomsg", retlen) >= retlen)
+                        goto toolong;
+        } else {
+                if (strlcat(ret, " msg", retlen) >= retlen)
+                        goto toolong;
+        }
+        return;
+toolong:
+        strlcpy(ret, "toolong", retlen);
+}
+static void
+print_attr(const fido_dev_t *dev)
+{
+        char flags_txt[128];
+        printf("proto: 0x%02x\n", fido_dev_protocol(dev));
+        printf("major: 0x%02x\n", fido_dev_major(dev));
+        printf("minor: 0x%02x\n", fido_dev_minor(dev));
+        printf("build: 0x%02x\n", fido_dev_build(dev));
+        format_flags(flags_txt, sizeof(flags_txt), fido_dev_flags(dev));
+        printf("caps: 0x%02x (%s)\n", fido_dev_flags(dev), flags_txt);
+}
+static void
+print_str_array(const char *label, char * const *sa, size_t len)
+{
+        if (len == 0)
+                return;
+        printf("%s strings: ", label);
+        for (size_t i = 0; i < len; i++)
+                printf("%s%s", i > 0 ? ", " : "", sa[i]);
+        printf("\n");
+}
+static void
+print_opt_array(const char *label, char * const *name, const bool *value,
+    size_t len)
+{
+        if (len == 0)
+                return;
+        printf("%s: ", label);
+        for (size_t i = 0; i < len; i++)
+                printf("%s%s%s", i > 0 ? ", " : "",
+                    value[i] ? "" : "no", name[i]);
+        printf("\n");
+}
+static void
+print_aaguid(const unsigned char *buf, size_t buflen)
+{
+        printf("aaguid: ");
+        while (buflen--)
+                printf("%02x", *buf++);
+        printf("\n");
+}
+static void
+print_maxmsgsiz(uint64_t maxmsgsiz)
+{
+        printf("maxmsgsiz: %d\n", (int)maxmsgsiz);
+}
+static void
+print_byte_array(const char *label, const uint8_t *ba, size_t len)
+{
+        if (len == 0)
+                return;
+        printf("%s: ", label);
+        for (size_t i = 0; i < len; i++)
+                printf("%s%u", i > 0 ? ", " : "", (unsigned)ba[i]);
+        printf("\n");
+}
+int
+token_info(int argc, char **argv, char *path)
+{
+        char                    *cred_id = NULL;
+        char                    *rp_id = NULL;
+        fido_cbor_info_t        *ci = NULL;
+        fido_dev_t              *dev = NULL;
+        int                      ch;
+        int                      credman = 0;
+        int                      r;
+        int                      retrycnt;
+        optind = 1;
+        while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
+                switch (ch) {
+                case 'c':
+                        credman = 1;
+                        break;
+                case 'i':
+                        cred_id = optarg;
+                        break;
+                case 'k':
+                        rp_id = optarg;
+                        break;
+                default:
+                        break; /* ignore */
+                }
+        }
+        if (path == NULL || (credman && (cred_id != NULL || rp_id != NULL)))
+                usage();
+        dev = open_dev(path);
+        if (credman)
+                return (credman_get_metadata(dev, path));
+        if (cred_id && rp_id)
+                return (credman_print_rk(dev, path, rp_id, cred_id));
+        if (cred_id || rp_id)
+                usage();
+                
+        print_attr(dev);
+        if (fido_dev_is_fido2(dev) == false)
+                goto end;
+        if ((ci = fido_cbor_info_new()) == NULL)
+                errx(1, "fido_cbor_info_new");
+        if ((r = fido_dev_get_cbor_info(dev, ci)) != FIDO_OK)
+                errx(1, "fido_dev_get_cbor_info: %s (0x%x)", fido_strerr(r), r);
+        /* print supported protocol versions */
+        print_str_array("version", fido_cbor_info_versions_ptr(ci),
+            fido_cbor_info_versions_len(ci));
+        /* print supported extensions */
+        print_str_array("extension", fido_cbor_info_extensions_ptr(ci),
+            fido_cbor_info_extensions_len(ci));
+        /* print aaguid */
+        print_aaguid(fido_cbor_info_aaguid_ptr(ci),
+            fido_cbor_info_aaguid_len(ci));
+        /* print supported options */
+        print_opt_array("options", fido_cbor_info_options_name_ptr(ci),
+            fido_cbor_info_options_value_ptr(ci),
+            fido_cbor_info_options_len(ci));
+        /* print maximum message size */
+        print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
+        /* print supported pin protocols */
+        print_byte_array("pin protocols", fido_cbor_info_protocols_ptr(ci),
+            fido_cbor_info_protocols_len(ci));
+        if ((r = fido_dev_get_retry_count(dev, &retrycnt)) != FIDO_OK)
+                printf("pin retries: undefined\n");
+        else
+                printf("pin retries: %d\n", retrycnt);
+        bio_info(dev);
+        fido_cbor_info_free(&ci);
+end:
+        fido_dev_close(dev);
+        fido_dev_free(&dev);
+        exit(0);
+}
+int
+token_reset(char *path)
+{
+        fido_dev_t *dev = NULL;
+        int r;
+        if (path == NULL)
+                usage();
+        dev = open_dev(path);
+        if ((r = fido_dev_reset(dev)) != FIDO_OK)
+                errx(1, "fido_dev_reset: %s", fido_strerr(r));
+        fido_dev_close(dev);
+        fido_dev_free(&dev);
+        exit(0);
+}
+int
+token_set(int argc, char **argv, char *path)
+{
+        char    *id = NULL;
+        char    *name = NULL;
+        int      ch;
+        int      enroll = 0;
+        optind = 1;
+        while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
+                switch (ch) {
+                case 'e':
+                        enroll = 1;
+                        break;
+                case 'i':
+                        id = optarg;
+                        break;
+                case 'n':
+                        name = optarg;
+                        break;
+                default:
+                        break; /* ignore */
+                }
+        }
+        if (enroll) {
+                if (id && name)
+                        return (bio_set_name(path, id, name));
+                if (!id && !name)
+                        return (bio_enroll(path));
+                usage();
+        }
+        return (pin_set(path));
+}
+int
+token_list(int argc, char **argv, char *path)
+{
+        fido_dev_info_t *devlist;
+        size_t ndevs;
+        const char *rp_id = NULL;
+        int enrolls = 0;
+        int keys = 0;
+        int rplist = 0;
+        int ch;
+        int r;
+        optind = 1;
+        while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
+                switch (ch) {
+                case 'e':
+                        enrolls = 1;
+                        break;
+                case 'k':
+                        keys = 1;
+                        rp_id = optarg;
+                        break;
+                case 'r':
+                        rplist = 1;
+                        break;
+                default:
+                        break; /* ignore */
+                }
+        }
+        if (enrolls)
+                return (bio_list(path));
+        if (keys)
+                return (credman_list_rk(path, rp_id));
+        if (rplist)
+                return (credman_list_rp(path));
+        if ((devlist = fido_dev_info_new(64)) == NULL)
+                errx(1, "fido_dev_info_new");
+        if ((r = fido_dev_info_manifest(devlist, 64, &ndevs)) != FIDO_OK)
+                errx(1, "fido_dev_info_manifest: %s (0x%x)", fido_strerr(r), r);
+        for (size_t i = 0; i < ndevs; i++) {
+                const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
+                printf("%s: vendor=0x%04x, product=0x%04x (%s %s)\n",
+                    fido_dev_info_path(di),
+                    (uint16_t)fido_dev_info_vendor(di),
+                    (uint16_t)fido_dev_info_product(di),
+                    fido_dev_info_manufacturer_string(di),
+                    fido_dev_info_product_string(di));
+        }
+        fido_dev_info_free(&devlist, ndevs);
+        exit(0);
+}
+int
+token_delete(int argc, char **argv, char *path)
+{
+        char            *id = NULL;
+        fido_dev_t      *dev = NULL;
+        int              ch;
+        int              enroll = 0;
+        optind = 1;
+        while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
+                switch (ch) {
+                case 'e':
+                        enroll = 1;
+                        break;
+                case 'i':
+                        id = optarg;
+                        break;
+                default:
+                        break; /* ignore */
+                }
+        }
+        if (path == NULL || id == NULL)
+                usage();
+        dev = open_dev(path);
+        if (id && !enroll)
+                return (credman_delete_rk(dev, path, id));
+        return (bio_delete(dev, path, id));
+}

diff --git a/tools/token.c b/tools/token.c new file mode 100644 index 0000000..b149208 --- /dev/null +++ b/tools/token.c
@@ -0,0 +1,364 @@
	1	/*
	2	* Copyright (c) 2018 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#include <fido.h>
	8	#include <stdbool.h>
	9	#include <stdio.h>
	10	#include <stdlib.h>
	11	#include <string.h>
	12	#ifdef HAVE_UNISTD_H
	13	#include <unistd.h>
	14	#endif
	15
	16	#include "../openbsd-compat/openbsd-compat.h"
	17	#include "extern.h"
	18
	19	static void
	20	format_flags(char *ret, size_t retlen, uint8_t flags)
	21	{
	22	memset(ret, 0, retlen);
	23
	24	if (flags & FIDO_CAP_WINK) {
	25	if (strlcat(ret, "wink,", retlen) >= retlen)
	26	goto toolong;
	27	} else {
	28	if (strlcat(ret, "nowink,", retlen) >= retlen)
	29	goto toolong;
	30	}
	31
	32	if (flags & FIDO_CAP_CBOR) {
	33	if (strlcat(ret, " cbor,", retlen) >= retlen)
	34	goto toolong;
	35	} else {
	36	if (strlcat(ret, " nocbor,", retlen) >= retlen)
	37	goto toolong;
	38	}
	39
	40	if (flags & FIDO_CAP_NMSG) {
	41	if (strlcat(ret, " nomsg", retlen) >= retlen)
	42	goto toolong;
	43	} else {
	44	if (strlcat(ret, " msg", retlen) >= retlen)
	45	goto toolong;
	46	}
	47
	48	return;
	49	toolong:
	50	strlcpy(ret, "toolong", retlen);
	51	}
	52
	53	static void
	54	print_attr(const fido_dev_t *dev)
	55	{
	56	char flags_txt[128];
	57
	58	printf("proto: 0x%02x\n", fido_dev_protocol(dev));
	59	printf("major: 0x%02x\n", fido_dev_major(dev));
	60	printf("minor: 0x%02x\n", fido_dev_minor(dev));
	61	printf("build: 0x%02x\n", fido_dev_build(dev));
	62
	63	format_flags(flags_txt, sizeof(flags_txt), fido_dev_flags(dev));
	64	printf("caps: 0x%02x (%s)\n", fido_dev_flags(dev), flags_txt);
	65	}
	66
	67	static void
	68	print_str_array(const char label, char const *sa, size_t len)
	69	{
	70	if (len == 0)
	71	return;
	72
	73	printf("%s strings: ", label);
	74
	75	for (size_t i = 0; i < len; i++)
	76	printf("%s%s", i > 0 ? ", " : "", sa[i]);
	77
	78	printf("\n");
	79	}
	80
	81	static void
	82	print_opt_array(const char label, char const name, const bool value,
	83	size_t len)
	84	{
	85	if (len == 0)
	86	return;
	87
	88	printf("%s: ", label);
	89
	90	for (size_t i = 0; i < len; i++)
	91	printf("%s%s%s", i > 0 ? ", " : "",
	92	value[i] ? "" : "no", name[i]);
	93
	94	printf("\n");
	95	}
	96
	97	static void
	98	print_aaguid(const unsigned char *buf, size_t buflen)
	99	{
	100	printf("aaguid: ");
	101
	102	while (buflen--)
	103	printf("%02x", *buf++);
	104
	105	printf("\n");
	106	}
	107
	108	static void
	109	print_maxmsgsiz(uint64_t maxmsgsiz)
	110	{
	111	printf("maxmsgsiz: %d\n", (int)maxmsgsiz);
	112	}
	113
	114	static void
	115	print_byte_array(const char label, const uint8_t ba, size_t len)
	116	{
	117	if (len == 0)
	118	return;
	119
	120	printf("%s: ", label);
	121
	122	for (size_t i = 0; i < len; i++)
	123	printf("%s%u", i > 0 ? ", " : "", (unsigned)ba[i]);
	124
	125	printf("\n");
	126	}
	127
	128	int
	129	token_info(int argc, char *argv, char path)
	130	{
	131	char *cred_id = NULL;
	132	char *rp_id = NULL;
	133	fido_cbor_info_t *ci = NULL;
	134	fido_dev_t *dev = NULL;
	135	int ch;
	136	int credman = 0;
	137	int r;
	138	int retrycnt;
	139
	140	optind = 1;
	141
	142	while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
	143	switch (ch) {
	144	case 'c':
	145	credman = 1;
	146	break;
	147	case 'i':
	148	cred_id = optarg;
	149	break;
	150	case 'k':
	151	rp_id = optarg;
	152	break;
	153	default:
	154	break; /* ignore */
	155	}
	156	}
	157
	158	if (path == NULL \|\| (credman && (cred_id != NULL \|\| rp_id != NULL)))
	159	usage();
	160
	161	dev = open_dev(path);
	162
	163	if (credman)
	164	return (credman_get_metadata(dev, path));
	165	if (cred_id && rp_id)
	166	return (credman_print_rk(dev, path, rp_id, cred_id));
	167	if (cred_id \|\| rp_id)
	168	usage();
	169
	170	print_attr(dev);
	171
	172	if (fido_dev_is_fido2(dev) == false)
	173	goto end;
	174	if ((ci = fido_cbor_info_new()) == NULL)
	175	errx(1, "fido_cbor_info_new");
	176	if ((r = fido_dev_get_cbor_info(dev, ci)) != FIDO_OK)
	177	errx(1, "fido_dev_get_cbor_info: %s (0x%x)", fido_strerr(r), r);
	178
	179	/* print supported protocol versions */
	180	print_str_array("version", fido_cbor_info_versions_ptr(ci),
	181	fido_cbor_info_versions_len(ci));
	182
	183	/* print supported extensions */
	184	print_str_array("extension", fido_cbor_info_extensions_ptr(ci),
	185	fido_cbor_info_extensions_len(ci));
	186
	187	/* print aaguid */
	188	print_aaguid(fido_cbor_info_aaguid_ptr(ci),
	189	fido_cbor_info_aaguid_len(ci));
	190
	191	/* print supported options */
	192	print_opt_array("options", fido_cbor_info_options_name_ptr(ci),
	193	fido_cbor_info_options_value_ptr(ci),
	194	fido_cbor_info_options_len(ci));
	195
	196	/* print maximum message size */
	197	print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
	198
	199	/* print supported pin protocols */
	200	print_byte_array("pin protocols", fido_cbor_info_protocols_ptr(ci),
	201	fido_cbor_info_protocols_len(ci));
	202
	203	if ((r = fido_dev_get_retry_count(dev, &retrycnt)) != FIDO_OK)
	204	printf("pin retries: undefined\n");
	205	else
	206	printf("pin retries: %d\n", retrycnt);
	207
	208	bio_info(dev);
	209
	210	fido_cbor_info_free(&ci);
	211	end:
	212	fido_dev_close(dev);
	213	fido_dev_free(&dev);
	214
	215	exit(0);
	216	}
	217
	218	int
	219	token_reset(char *path)
	220	{
	221	fido_dev_t *dev = NULL;
	222	int r;
	223
	224	if (path == NULL)
	225	usage();
	226
	227	dev = open_dev(path);
	228	if ((r = fido_dev_reset(dev)) != FIDO_OK)
	229	errx(1, "fido_dev_reset: %s", fido_strerr(r));
	230
	231	fido_dev_close(dev);
	232	fido_dev_free(&dev);
	233
	234	exit(0);
	235	}
	236
	237	int
	238	token_set(int argc, char *argv, char path)
	239	{
	240	char *id = NULL;
	241	char *name = NULL;
	242	int ch;
	243	int enroll = 0;
	244
	245	optind = 1;
	246
	247	while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
	248	switch (ch) {
	249	case 'e':
	250	enroll = 1;
	251	break;
	252	case 'i':
	253	id = optarg;
	254	break;
	255	case 'n':
	256	name = optarg;
	257	break;
	258	default:
	259	break; /* ignore */
	260	}
	261	}
	262
	263	if (enroll) {
	264	if (id && name)
	265	return (bio_set_name(path, id, name));
	266	if (!id && !name)
	267	return (bio_enroll(path));
	268	usage();
	269	}
	270
	271	return (pin_set(path));
	272	}
	273
	274	int
	275	token_list(int argc, char *argv, char path)
	276	{
	277	fido_dev_info_t *devlist;
	278	size_t ndevs;
	279	const char *rp_id = NULL;
	280	int enrolls = 0;
	281	int keys = 0;
	282	int rplist = 0;
	283	int ch;
	284	int r;
	285
	286	optind = 1;
	287
	288	while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
	289	switch (ch) {
	290	case 'e':
	291	enrolls = 1;
	292	break;
	293	case 'k':
	294	keys = 1;
	295	rp_id = optarg;
	296	break;
	297	case 'r':
	298	rplist = 1;
	299	break;
	300	default:
	301	break; /* ignore */
	302	}
	303	}
	304
	305	if (enrolls)
	306	return (bio_list(path));
	307	if (keys)
	308	return (credman_list_rk(path, rp_id));
	309	if (rplist)
	310	return (credman_list_rp(path));
	311
	312	if ((devlist = fido_dev_info_new(64)) == NULL)
	313	errx(1, "fido_dev_info_new");
	314	if ((r = fido_dev_info_manifest(devlist, 64, &ndevs)) != FIDO_OK)
	315	errx(1, "fido_dev_info_manifest: %s (0x%x)", fido_strerr(r), r);
	316
	317	for (size_t i = 0; i < ndevs; i++) {
	318	const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
	319	printf("%s: vendor=0x%04x, product=0x%04x (%s %s)\n",
	320	fido_dev_info_path(di),
	321	(uint16_t)fido_dev_info_vendor(di),
	322	(uint16_t)fido_dev_info_product(di),
	323	fido_dev_info_manufacturer_string(di),
	324	fido_dev_info_product_string(di));
	325	}
	326
	327	fido_dev_info_free(&devlist, ndevs);
	328
	329	exit(0);
	330	}
	331
	332	int
	333	token_delete(int argc, char *argv, char path)
	334	{
	335	char *id = NULL;
	336	fido_dev_t *dev = NULL;
	337	int ch;
	338	int enroll = 0;
	339
	340	optind = 1;
	341
	342	while ((ch = getopt(argc, argv, TOKEN_OPT)) != -1) {
	343	switch (ch) {
	344	case 'e':
	345	enroll = 1;
	346	break;
	347	case 'i':
	348	id = optarg;
	349	break;
	350	default:
	351	break; /* ignore */
	352	}
	353	}
	354
	355	if (path == NULL \|\| id == NULL)
	356	usage();
	357
	358	dev = open_dev(path);
	359
	360	if (id && !enroll)
	361	return (credman_delete_rk(dev, path, id));
	362
	363	return (bio_delete(dev, path, id));
	364	}