-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transport/Token AuthenticatorBackend for CTAP 2.0/2.1 #215
Conversation
8a9d1b2
to
297ecc7
Compare
…is wrong due to padding
…ls with invalid types, maybe it needs decryption or something?
This is now in a feature-complete state, and I'm not planning to add any more significant features to this PR. Right now it needs some eyes over it to make sure this is all reasonable, and needs some testing with real devices and different platforms to what I've been using. |
It'd also be good to test this (and the win10 stuff) against whatever kanidm is using the library for: |
we just use it in the kanidm_tools binaries for CLI admin. It's not in the main server. |
@micolous Is this in a mergeable state? |
This can be merged as-is. However, I intend to change the API again for caBLE (it's weird) -- but that's still some ways off. |
Targeting FIDOv2 tokens.
The goal is to build base functionality, similar to the existing Windows support in #204; but it will require implementing a bunch of other "support things" like PIN management and fingerprint support.
What this PR adds:
AuthenticatorBackend
ontop ofTransport
/Token
. This supports core FIDO 2.0 and 2.1 functionality, with some exceptionsTransport
to beasync
UiCallback
to provide a UI for things the library needskey_manager
example, which can use new library featureshack_make_cred
(we can do it for reals now)nfc_raw_transmit
feature (needed for conformance example)Current TODO list (which will change):
getPinToken
getPinUvAuthTokenUsingPinWithPermissions
getPinUvAuthTokenUsingUvWithPermissions
authenticatorReset
)Platform tests needed:
Transport tests needed:
Things that will be considered out of scope for this PR, and are to be addressed later for #214 :
authenticatorCredentialManagement
)authenticatorLargeBlobs
)authenticatorSelection
only works in CTAP 2.1, so need something else:wait_for_token
)pin_uv_auth_token
andiface
)#214