18 files changed, 331 insertions, 123 deletions
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
index 274a799..4d08be9 100644
--- a/tools/CMakeLists.txt
+++ b/tools/CMakeLists.txt
@@ -20,6 +20,13 @@ else()
        list(APPEND COMPAT_SOURCES ../openbsd-compat/readpassphrase.c)
 endif()
+if(NOT MSVC)
+        set_source_files_properties(assert_get.c assert_verify.c base64.c bio.c
+            cred_make.c cred_verify.c credman.c fido2-assert.c fido2-cred.c
+            fido2-token.c pin.c token.c util.c PROPERTIES COMPILE_FLAGS
+            "-Wconversion -Wsign-conversion")
+endif()
 add_executable(fido2-cred
        fido2-cred.c
        cred_make.c
diff --git a/tools/assert_get.c b/tools/assert_get.c
index 5e209cd..d52cd06 100644
--- a/tools/assert_get.c
+++ b/tools/assert_get.c
@@ -15,8 +15,67 @@
 #include "../openbsd-compat/openbsd-compat.h"
 #include "extern.h"
+struct toggle {
+        fido_opt_t up;
+        fido_opt_t uv;
+        fido_opt_t pin;
+};
+static const char *
+opt2str(fido_opt_t v)
+{
+        switch (v) {
+        case FIDO_OPT_OMIT:
+                return "omit";
+        case FIDO_OPT_TRUE:
+                return "true";
+        case FIDO_OPT_FALSE:
+                return "false";
+        default:
+                return "unknown";
+        }
+}
+static void
+parse_toggle(const char *str, struct toggle *opt)
+{
+        fido_opt_t *k;
+        fido_opt_t  v;
+        char *assignment;
+        char *key;
+        char *val;
+        if ((assignment = strdup(str)) == NULL)
+                err(1, "strdup");
+        if ((val = strchr(assignment, '=')) == NULL)
+                errx(1, "invalid assignment '%s'", assignment);
+        key = assignment;
+        *val++ = '\0';
+        if (!strcmp(val, "true"))
+                v = FIDO_OPT_TRUE;
+        else if (!strcmp(val, "false"))
+                v = FIDO_OPT_FALSE;
+        else
+                errx(1, "unknown value '%s'", val);
+        if (!strcmp(key, "up"))
+                k = &opt->up;
+        else if (!strcmp(key, "uv"))
+                k = &opt->uv;
+        else if (!strcmp(key, "pin"))
+                k = &opt->pin;
+        else
+                errx(1, "unknown key '%s'", key);
+        free(assignment);
+        *k = v;
+}
 static fido_assert_t *
-prepare_assert(FILE *in_f, int flags)
+prepare_assert(FILE *in_f, int flags, const struct toggle *opt)
 {
        fido_assert_t *assert = NULL;
        struct blob cdh;
@@ -46,6 +105,9 @@ prepare_assert(FILE *in_f, int flags)
                        fprintf(stderr, "credential id:\n");
                        xxd(id.ptr, id.len);
                }
+                fprintf(stderr, "up=%s\n", opt2str(opt->up));
+                fprintf(stderr, "uv=%s\n", opt2str(opt->uv));
+                fprintf(stderr, "pin=%s\n", opt2str(opt->pin));
        }
        if ((assert = fido_assert_new()) == NULL)
@@ -55,15 +117,11 @@ prepare_assert(FILE *in_f, int flags)
            cdh.len)) != FIDO_OK ||
            (r = fido_assert_set_rp(assert, rpid)) != FIDO_OK)
                errx(1, "fido_assert_set: %s", fido_strerr(r));
+        if ((r = fido_assert_set_up(assert, opt->up)) != FIDO_OK)
+                errx(1, "fido_assert_set_up: %s", fido_strerr(r));
+        if ((r = fido_assert_set_uv(assert, opt->uv)) != FIDO_OK)
+                errx(1, "fido_assert_set_uv: %s", fido_strerr(r));
-        if (flags & FLAG_UP) {
-                if ((r = fido_assert_set_up(assert, FIDO_OPT_TRUE)) != FIDO_OK)
-                        errx(1, "fido_assert_set_up: %s", fido_strerr(r));
-        }
-        if (flags & FLAG_UV) {
-                if ((r = fido_assert_set_uv(assert, FIDO_OPT_TRUE)) != FIDO_OK)
-                        errx(1, "fido_assert_set_uv: %s", fido_strerr(r));
-        }
        if (flags & FLAG_HMAC) {
                if ((r = fido_assert_set_extensions(assert,
                    FIDO_EXT_HMAC_SECRET)) != FIDO_OK)
@@ -136,6 +194,7 @@ assert_get(int argc, char **argv)
 {
        fido_dev_t *dev = NULL;
        fido_assert_t *assert = NULL;
+        struct toggle opt;
        char pin[1024];
        char prompt[1024];
        char *in_path = NULL;
@@ -146,7 +205,9 @@ assert_get(int argc, char **argv)
        int ch;
        int r;
-        while ((ch = getopt(argc, argv, "dhi:o:pruv")) != -1) {
+        opt.up = opt.uv = opt.pin = FIDO_OPT_OMIT;
+        while ((ch = getopt(argc, argv, "dhi:o:prt:uv")) != -1) {
                switch (ch) {
                case 'd':
                        flags |= FLAG_DEBUG;
@@ -161,16 +222,21 @@ assert_get(int argc, char **argv)
                        out_path = optarg;
                        break;
                case 'p':
-                        flags |= FLAG_UP;
+                        opt.up = FIDO_OPT_TRUE;
                        break;
                case 'r':
                        flags |= FLAG_RK;
                        break;
+                case 't' :
+                        parse_toggle(optarg, &opt);
+                        break;
                case 'u':
                        flags |= FLAG_U2F;
                        break;
                case 'v':
-                        flags |= FLAG_UV;
+                        /* -v implies both pin and uv for historical reasons */
+                        opt.pin = FIDO_OPT_TRUE;
+                        opt.uv = FIDO_OPT_TRUE;
                        break;
                default:
                        usage();
@@ -188,13 +254,13 @@ assert_get(int argc, char **argv)
        fido_init((flags & FLAG_DEBUG) ? FIDO_DEBUG : 0);
-        assert = prepare_assert(in_f, flags);
+        assert = prepare_assert(in_f, flags, &opt);
        dev = open_dev(argv[0]);
        if (flags & FLAG_U2F)
                fido_dev_force_u2f(dev);
-        if (flags & FLAG_UV) {
+        if (opt.pin == FIDO_OPT_TRUE) {
                r = snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
                    argv[0]);
                if (r < 0 || (size_t)r >= sizeof(prompt))
diff --git a/tools/assert_verify.c b/tools/assert_verify.c
index ccff57a..fb96b65 100644
--- a/tools/assert_verify.c
+++ b/tools/assert_verify.c
@@ -175,16 +175,8 @@ assert_verify(int argc, char **argv)
        in_f = open_read(in_path);
-        if (argc > 1) {
+        if (argc > 1 && cose_type(argv[1], &type) < 0)
-                if (strcmp(argv[1], "es256") == 0)
+                errx(1, "unknown type %s", argv[1]);
-                        type = COSE_ES256;
-                else if (strcmp(argv[1], "rs256") == 0)
-                        type = COSE_RS256;
-                else if (strcmp(argv[1], "eddsa") == 0)
-                        type = COSE_EDDSA;
-                else
-                        errx(1, "unknown type %s", argv[1]);
-        }
        fido_init((flags & FLAG_DEBUG) ? FIDO_DEBUG : 0);
diff --git a/tools/base64.c b/tools/base64.c
index 9f31def..e131198 100644
--- a/tools/base64.c
+++ b/tools/base64.c
@@ -7,7 +7,6 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>
-#include <fido.h>
 #include <limits.h>
 #include <stdint.h>
 #include <string.h>
@@ -62,7 +61,7 @@ fail:
 }
 int
-base64_decode(char *in, void **ptr, size_t *len)
+base64_decode(const char *in, void **ptr, size_t *len)
 {
        BIO    *bio_mem = NULL;
        BIO    *bio_b64 = NULL;
@@ -78,7 +77,7 @@ base64_decode(char *in, void **ptr, size_t *len)
        if ((bio_b64 = BIO_new(BIO_f_base64())) == NULL)
                goto fail;
-        if ((bio_mem = BIO_new_mem_buf((void *)in, -1)) == NULL)
+        if ((bio_mem = BIO_new_mem_buf((const void *)in, -1)) == NULL)
                goto fail;
        BIO_set_flags(bio_b64, BIO_FLAGS_BASE64_NO_NL);
diff --git a/tools/cred_make.c b/tools/cred_make.c
index 380c67a..255a488 100644
--- a/tools/cred_make.c
+++ b/tools/cred_make.c
@@ -130,11 +130,16 @@ cred_make(int argc, char **argv)
        FILE *out_f = NULL;
        int type = COSE_ES256;
        int flags = 0;
+        int cred_protect = -1;
        int ch;
        int r;
-        while ((ch = getopt(argc, argv, "dhi:o:qruv")) != -1) {
+        while ((ch = getopt(argc, argv, "c:dhi:o:qruv")) != -1) {
                switch (ch) {
+                case 'c':
+                        if ((cred_protect = base10(optarg)) < 0)
+                                errx(1, "-c: invalid argument '%s'", optarg);
+                        break;
                case 'd':
                        flags |= FLAG_DEBUG;
                        break;
@@ -173,16 +178,8 @@ cred_make(int argc, char **argv)
        in_f = open_read(in_path);
        out_f = open_write(out_path);
-        if (argc > 1) {
+        if (argc > 1 && cose_type(argv[1], &type) < 0)
-                if (strcmp(argv[1], "es256") == 0)
+                errx(1, "unknown type %s", argv[1]);
-                        type = COSE_ES256;
-                else if (strcmp(argv[1], "rs256") == 0)
-                        type = COSE_RS256;
-                else if (strcmp(argv[1], "eddsa") == 0)
-                        type = COSE_EDDSA;
-                else
-                        errx(1, "unknown type %s", argv[1]);
-        }
        fido_init((flags & FLAG_DEBUG) ? FIDO_DEBUG : 0);
@@ -192,6 +189,13 @@ cred_make(int argc, char **argv)
        if (flags & FLAG_U2F)
                fido_dev_force_u2f(dev);
+        if (cred_protect > 0) {
+                r = fido_cred_set_prot(cred, cred_protect);
+                if (r != FIDO_OK) {
+                        errx(1, "fido_cred_set_prot: %s", fido_strerr(r));
+                }
+        }
        r = fido_dev_make_cred(dev, cred, NULL);
        if (r == FIDO_ERR_PIN_REQUIRED && !(flags & FLAG_QUIET)) {
                r = snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
diff --git a/tools/cred_verify.c b/tools/cred_verify.c
index 3f7a400..d622ed7 100644
--- a/tools/cred_verify.c
+++ b/tools/cred_verify.c
@@ -109,11 +109,16 @@ cred_verify(int argc, char **argv)
        FILE *out_f = NULL;
        int type = COSE_ES256;
        int flags = 0;
+        int cred_prot = -1;
        int ch;
        int r;
-        while ((ch = getopt(argc, argv, "dhi:o:v")) != -1) {
+        while ((ch = getopt(argc, argv, "c:dhi:o:v")) != -1) {
                switch (ch) {
+                case 'c':
+                        if ((cred_prot = base10(optarg)) < 0)
+                                errx(1, "-c: invalid argument '%s'", optarg);
+                        break;
                case 'd':
                        flags |= FLAG_DEBUG;
                        break;
@@ -143,20 +148,19 @@ cred_verify(int argc, char **argv)
        in_f = open_read(in_path);
        out_f = open_write(out_path);
-        if (argc > 0) {
+        if (argc > 0 && cose_type(argv[0], &type) < 0)
-                if (strcmp(argv[0], "es256") == 0)
+                errx(1, "unknown type %s", argv[0]);
-                        type = COSE_ES256;
-                else if (strcmp(argv[0], "rs256") == 0)
-                        type = COSE_RS256;
-                else if (strcmp(argv[0], "eddsa") == 0)
-                        type = COSE_EDDSA;
-                else
-                        errx(1, "unknown type %s", argv[0]);
-        }
        fido_init((flags & FLAG_DEBUG) ? FIDO_DEBUG : 0);
        cred = prepare_cred(in_f, type, flags);
+        if (cred_prot > 0) {
+                r = fido_cred_set_prot(cred, cred_prot);
+                if (r != FIDO_OK) {
+                        errx(1, "fido_cred_set_prot: %s", fido_strerr(r));
+                }
+        }
        if (fido_cred_x5c_ptr(cred) == NULL) {
                if ((r = fido_cred_verify_self(cred)) != FIDO_OK)
                        errx(1, "fido_cred_verify_self: %s", fido_strerr(r));
diff --git a/tools/credman.c b/tools/credman.c
index 6eda245..ea913bb 100644
--- a/tools/credman.c
+++ b/tools/credman.c
@@ -101,6 +101,7 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
        char *id = NULL;
        char *user_id = NULL;
        const char *type;
+        const char *prot;
        if ((cred = fido_credman_rk(rk, idx)) == NULL)
                errx(1, "fido_credman_rk");
@@ -109,23 +110,11 @@ print_rk(const fido_credman_rk_t *rk, size_t idx)
            fido_cred_user_id_len(cred), &user_id) < 0)
                errx(1, "output error");
-        switch (fido_cred_type(cred)) {
+        type = cose_string(fido_cred_type(cred));
-        case COSE_EDDSA:
+        prot = prot_string(fido_cred_prot(cred));
-                type = "eddsa";
-                break;
-        case COSE_ES256:
-                type = "es256";
-                break;
-        case COSE_RS256:
-                type = "rs256";
-                break;
-        default:
-                type = "unknown";
-                break;
-        }
-        printf("%02u: %s %s (%s) %s\n", (unsigned)idx, id,
+        printf("%02u: %s %s %s %s %s\n", (unsigned)idx, id,
-            fido_cred_display_name(cred), user_id, type);
+            fido_cred_display_name(cred), user_id, type, prot);
        free(user_id);
        free(id);
diff --git a/tools/extern.h b/tools/extern.h
index be01046..df5fcd8 100644
--- a/tools/extern.h
+++ b/tools/extern.h
@@ -32,9 +32,11 @@ EC_KEY *read_ec_pubkey(const char *);
 fido_dev_t *open_dev(const char *);
 FILE *open_read(const char *);
 FILE *open_write(const char *);
+const char *cose_string(int);
+const char *prot_string(int);
 int assert_get(int, char **);
 int assert_verify(int, char **);
-int base64_decode(char *, void **, size_t *);
+int base64_decode(const char *, void **, size_t *);
 int base64_encode(const void *, size_t, char **);
 int base64_read(FILE *, struct blob *);
 int bio_delete(fido_dev_t *, char *, char *);
@@ -42,6 +44,7 @@ int bio_enroll(char *);
 void bio_info(fido_dev_t *);
 int bio_list(char *);
 int bio_set_name(char *, char *, char *);
+int cose_type(const char *, int *);
 int cred_make(int, char **);
 int cred_verify(int, char **);
 int credman_delete_rk(fido_dev_t *, const char *, char *);
@@ -66,5 +69,6 @@ void print_cred(FILE *, int, const fido_cred_t *);
 void read_pin(const char *, char *, size_t);
 void usage(void);
 void xxd(const void *, size_t);
+int base10(const char *);
 #endif /* _EXTERN_H_ */
diff --git a/tools/fido2-assert.c b/tools/fido2-assert.c
index 9ce537a..7fd7632 100644
--- a/tools/fido2-assert.c
+++ b/tools/fido2-assert.c
@@ -11,10 +11,10 @@
 * $ echo relying party >> assert_param
 * $ head -1 cred >> assert_param # credential id
 * $ tail -n +2 cred > pubkey # credential pubkey
- * $ fido2-assert -G -i assert_param /dev/hidraw5 | fido2-assert -V pubkey rs256 
+ * $ fido2-assert -G -i assert_param /dev/hidraw5 | fido2-assert -V pubkey rs256
 *
 * See blurb in fido2-cred.c on how to obtain cred.
- */ 
+ */
 #include <fido.h>
 #include <stdio.h>
@@ -28,7 +28,7 @@ void
 usage(void)
 {
        fprintf(stderr,
-"usage: fido2-assert -G [-dhpruv] [-i input_file] [-o output_file] device\n"
+"usage: fido2-assert -G [-dhpruv] [-t option] [-i input_file] [-o output_file] device\n"
 "       fido2-assert -V [-dhpv] [-i input_file] key_file [type]\n"
        );
diff --git a/tools/fido2-attach.sh b/tools/fido2-attach.sh
new file mode 100755
index 0000000..d4bc449
--- /dev/null
+++ b/tools/fido2-attach.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+# Copyright (c) 2020 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+DEV=""
+while [ -z "${DEV}" ]; do
+        sleep .5
+        DEV="$(fido2-token -L | sed 's/^\(.*\): .*$/\1/;q')"
+done
+printf '%s\n' "${DEV}"
diff --git a/tools/fido2-cred.c b/tools/fido2-cred.c
index 45efca0..ce277f5 100644
--- a/tools/fido2-cred.c
+++ b/tools/fido2-cred.c
@@ -12,7 +12,7 @@
 * $ echo user name >> cred_param
 * $ dd if=/dev/urandom bs=1 count=32 | base64 >> cred_param
 * $ fido2-cred -M -i cred_param /dev/hidraw5 | fido2-cred -V -o cred
- */ 
+ */
 #include <fido.h>
 #include <stdio.h>
@@ -26,8 +26,8 @@ void
 usage(void)
 {
        fprintf(stderr,
-"usage: fido2-cred -M [-dhqruv] [-i input_file] [-o output_file] device [type]\n"
+"usage: fido2-cred -M [-dhqruv] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n"
-"       fido2-cred -V [-dhv] [-i input_file] [-o output_file] [type]\n"
+"       fido2-cred -V [-dhv] [-c cred_protect] [-i input_file] [-o output_file] [type]\n"
        );
        exit(1);
diff --git a/tools/fido2-detach.sh b/tools/fido2-detach.sh
new file mode 100755
index 0000000..9cd2e64
--- /dev/null
+++ b/tools/fido2-detach.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# Copyright (c) 2020 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+DEV="$(fido2-token -L | sed 's/^\(.*\): .*$/\1/;q')"
+while [ -n "${DEV}" ]; do
+        sleep .5
+        DEV="$(fido2-token -L | sed 's/^\(.*\): .*$/\1/;q')"
+done
diff --git a/tools/fido2-token.c b/tools/fido2-token.c
index 0b02fea..a1e6594 100644
--- a/tools/fido2-token.c
+++ b/tools/fido2-token.c
@@ -19,11 +19,11 @@ usage(void)
 {
        fprintf(stderr,
 "usage: fido2-token [-CR] [-d] device\n"
-"       fido2-token -D [-de] -i id device\n" 
+"       fido2-token -D [-de] -i id device\n"
 "       fido2-token -I [-cd] [-k rp_id -i cred_id] device\n"
-"       fido2-token -L [-der] [-k rp_id] [device]\n" 
+"       fido2-token -L [-der] [-k rp_id] [device]\n"
 "       fido2-token -S [-de] [-i template_id -n template_name] device\n"
-"       fido2-token -V\n" 
+"       fido2-token -V\n"
        );
        exit(1);
diff --git a/tools/fido2-unprot.sh b/tools/fido2-unprot.sh
new file mode 100755
index 0000000..44b28b8
--- /dev/null
+++ b/tools/fido2-unprot.sh
@@ -0,0 +1,75 @@
+#!/bin/sh
+# Copyright (c) 2020 Fabian Henneke.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+if [ $(uname) != "Linux" ] ; then
+   echo "Can only run on Linux"
+   exit 1
+fi
+TOKEN_VERSION=$(${FIDO_TOOLS_PREFIX}fido2-token -V 2>&1)
+if [ $? -ne 0 ] ; then
+    echo "Please install libfido2 1.5.0 or higher"
+    exit
+fi
+TOKEN_VERSION_MAJOR=$(echo "$TOKEN_VERSION" | cut -d. -f1)
+TOKEN_VERSION_MINOR=$(echo "$TOKEN_VERSION" | cut -d. -f2)
+if [ $TOKEN_VERSION_MAJOR -eq 0 -o $TOKEN_VERSION_MAJOR -eq 1 -a $TOKEN_VERSION_MINOR -lt 5 ] ; then
+    echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)"
+    exit 1
+fi
+set -e
+TOKEN_OUTPUT=$(${FIDO_TOOLS_PREFIX}fido2-token -L)
+DEV_PATH_NAMES=$(echo "$TOKEN_OUTPUT" | sed -r 's/^(.*): .*\((.*)\)$/\1 \2/g')
+DEV_COUNT=$(echo "$DEV_PATH_NAMES" | wc -l)
+for i in $(seq 1 $DEV_COUNT)
+do
+    DEV_PATH_NAME=$(echo "$DEV_PATH_NAMES" | sed "${i}q;d")
+    DEV_PATH=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1)
+    DEV_NAME=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1 --complement)
+    DEV_PRETTY=$(echo "$DEV_NAME (at '$DEV_PATH')")
+    if expr match "$(${FIDO_TOOLS_PREFIX}fido2-token -I $DEV_PATH)" ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then
+        printf "Enter PIN for $DEV_PRETTY once (ignore further prompts): "
+        stty -echo
+        read PIN
+        stty echo
+        printf "\n"
+        RESIDENT_RPS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -r $DEV_PATH | cut -d' ' -f3)
+        printf "\n"
+        RESIDENT_RPS_COUNT=$(echo "$RESIDENT_RPS" | wc -l)
+        FOUND=0
+        for j in $(seq 1 $DEV_RESIDENT_RPS_COUNT)
+        do
+            RESIDENT_RP=$(echo "$RESIDENT_RPS" | sed "${j}q;d")
+            UNPROT_CREDS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -k $RESIDENT_RP $DEV_PATH | grep ' uvopt$' | cut -d' ' -f2,3,4)
+            printf "\n"
+            UNPROT_CREDS_COUNT=$(echo "$UNPROT_CREDS" | wc -l)
+            if [ $UNPROT_CREDS_COUNT -gt 0 ] ; then
+                FOUND=1
+                echo "Unprotected credentials on $DEV_PRETTY for '$RESIDENT_RP':"
+                echo "$UNPROT_CREDS"
+            fi
+        done
+        if [ $FOUND -eq 0 ] ; then
+            echo "No unprotected credentials on $DEV_PRETTY"
+        fi
+    else
+        echo "$DEV_PRETTY cannot enumerate credentials"
+        echo "Discovering unprotected SSH credentials only..."
+        STUB_HASH=$(echo -n "" | openssl sha256 -binary | base64)
+        printf "$STUB_HASH\nssh:\n" | ${FIDO_TOOLS_PREFIX}fido2-assert -G -r -t up=false $DEV_PATH 2> /dev/null || ASSERT_EXIT_CODE=$?
+        if [ $ASSERT_EXIT_CODE -eq 0 ] ; then
+            echo "Found an unprotected SSH credential on $DEV_PRETTY!"
+        else
+            echo "No unprotected SSH credentials (default settings) on $DEV_PRETTY"
+        fi
+    fi
+    printf "\n"
+done
diff --git a/tools/include_check.sh b/tools/include_check.sh
index 9958c9a..e684d0b 100755
--- a/tools/include_check.sh
+++ b/tools/include_check.sh
@@ -1,5 +1,5 @@
-#!/bin/bash
+#!/bin/sh
-#
 # Copyright (c) 2019 Yubico AB. All rights reserved.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
@@ -8,14 +8,14 @@ check() {
        for f in $(find $1 -maxdepth 1 -name '*.h'); do
                echo "#include \"$f\"" | \
                        cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1
-                echo $f $CFLAGS $?
+                echo "$f $CFLAGS $?"
        done
 }
 check examples
 check fuzz
 check openbsd-compat
-CFLAGS=-D_FIDO_INTERNAL check src
+CFLAGS="${CFLAGS} -D_FIDO_INTERNAL" check src
 check src/fido.h
 check src/fido
 check tools
diff --git a/tools/macos_pkg.sh b/tools/macos_pkg.sh
deleted file mode 100755
index 4313c27..0000000
--- a/tools/macos_pkg.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash -e
-# Copyright (c) 2019 Yubico AB. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-if [[ "$#" -ne 2 ]]; then
-        echo usage: $0 version directory 1>&2
-        exit 1
-fi
-V=$1
-D=$2
-FIDO_PATH=$(realpath ${D}/lib/libfido2.${V}.dylib)
-CBOR_PATH=$(otool -L "${FIDO_PATH}" | grep cbor | awk '{ print $1 }')
-CRYPTO_PATH=$(otool -L "${FIDO_PATH}" | grep crypto | awk '{ print $1 }')
-cp -p "${CBOR_PATH}" "${CRYPTO_PATH}" "${D}/lib"
-chmod 755 "${D}/lib/"*dylib
-rm "${D}/lib/pkgconfig/libfido2.pc"
-rmdir "${D}/lib/pkgconfig"
-CBOR_NAME=$(echo "${CBOR_PATH}" | grep -o 'libcbor.*dylib')
-CRYPTO_NAME=$(echo "${CRYPTO_PATH}" | grep -o 'libcrypto.*dylib')
-FIDO_NAME="libfido2.${V}.dylib"
-install_name_tool -id "@loader_path/${CBOR_NAME}" "${D}/lib/${CBOR_NAME}"
-install_name_tool -id "@loader_path/${CRYPTO_NAME}" "${D}/lib/${CRYPTO_NAME}"
-install_name_tool -id "@loader_path/libfido2.${V}.dylib" "${FIDO_PATH}"
-install_name_tool -change "${CBOR_PATH}" "@loader_path/${CBOR_NAME}" \
-        "${FIDO_PATH}"
-install_name_tool -change "${CRYPTO_PATH}" "@loader_path/${CRYPTO_NAME}" \
-        "${FIDO_PATH}"
-for f in $(find "${D}/bin" -type f); do
-        FIDO_PATH=$(otool -L "${f}" | grep libfido2 | awk '{ print $1 }')
-        install_name_tool -change "${CBOR_PATH}" \
-                "@executable_path/../lib/${CBOR_NAME}" "${f}"
-        install_name_tool -change "${CRYPTO_PATH}" \
-                "@executable_path/../lib/${CRYPTO_NAME}" "${f}"
-        install_name_tool -change "${FIDO_PATH}" \
-                "@executable_path/../lib/${FIDO_NAME}" "${f}"
-done
diff --git a/tools/token.c b/tools/token.c
index e65f09f..28e4512 100644
--- a/tools/token.c
+++ b/tools/token.c
@@ -112,6 +112,18 @@ print_maxmsgsiz(uint64_t maxmsgsiz)
 }
 static void
+print_maxcredcntlst(uint64_t maxcredcntlst)
+{
+        printf("maxcredcntlst: %d\n", (int)maxcredcntlst);
+}
+static void
+print_maxcredidlen(uint64_t maxcredidlen)
+{
+        printf("maxcredlen: %d\n", (int)maxcredidlen);
+}
+static void
 print_fwversion(uint64_t fwversion)
 {
        printf("fwversion: 0x%x\n", (int)fwversion);
@@ -202,6 +214,12 @@ token_info(int argc, char **argv, char *path)
        /* print maximum message size */
        print_maxmsgsiz(fido_cbor_info_maxmsgsiz(ci));
+        /* print maximum number of credentials allowed in credential lists */
+        print_maxcredcntlst(fido_cbor_info_maxcredcntlst(ci));
+        /* print maximum length of a credential ID */
+        print_maxcredidlen(fido_cbor_info_maxcredidlen(ci));
        /* print firmware version */
        print_fwversion(fido_cbor_info_fwversion(ci));
diff --git a/tools/util.c b/tools/util.c
index de70388..7ed59e4 100644
--- a/tools/util.c
+++ b/tools/util.c
@@ -16,7 +16,9 @@
 #include <fido/rs256.h>
 #include <fido/eddsa.h>
+#include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -78,6 +80,25 @@ open_read(const char *file)
        return (f);
 }
+int
+base10(const char *str)
+{
+        char *ep;
+        long long ll;
+        ll = strtoll(str, &ep, 10);
+        if (str == ep || *ep != '\0')
+                return (-1);
+        else if (ll == LLONG_MIN && errno == ERANGE)
+                return (-1);
+        else if (ll == LLONG_MAX && errno == ERANGE)
+                return (-1);
+        else if (ll < 0 || ll > INT_MAX)
+                return (-1);
+        return ((int)ll);
+}
 void
 xxd(const void *buf, size_t count)
 {
@@ -362,3 +383,50 @@ print_cred(FILE *out_f, int type, const fido_cred_t *cred)
        free(id);
 }
+int
+cose_type(const char *str, int *type)
+{
+        if (strcmp(str, "es256") == 0)
+                *type = COSE_ES256;
+        else if (strcmp(str, "rs256") == 0)
+                *type = COSE_RS256;
+        else if (strcmp(str, "eddsa") == 0)
+                *type = COSE_EDDSA;
+        else {
+                *type = 0;
+                return (-1);
+        }
+        return (0);
+}
+const char *
+cose_string(int type)
+{
+        switch (type) {
+        case COSE_EDDSA:
+                return ("eddsa");
+        case COSE_ES256:
+                return ("es256");
+        case COSE_RS256:
+                return ("rs256");
+        default:
+                return ("unknown");
+        }
+}
+const char *
+prot_string(int prot)
+{
+        switch (prot) {
+        case FIDO_CRED_PROT_UV_OPTIONAL:
+                return ("uvopt");
+        case FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID:
+                return ("uvopt+id");
+        case FIDO_CRED_PROT_UV_REQUIRED:
+                return ("uvreq");
+        default:
+                return ("unknown");
+        }
+}