Newer
Older
SigningTool / assert.c
/* SPDX-License-Identifier: LGPL-2.1-or-later */
/* Copyright: Jookia 2021 <contact@jookia.org> */

#include <fido.h>
#include <fido/es256.h>
#include <openssl/pem.h>
#include <stdio.h>

unsigned char cred_id[96];

unsigned char cd_hash[] = {0xc0, 0x9e, 0xfa, 0x40, 0x30, 0x66, 0x31, 0xbd,
                           0xd9, 0x3a, 0xcf, 0xbd, 0xab, 0x8d, 0x63, 0xc4,
                           0x0c, 0x99, 0x43, 0x43, 0xe4, 0x13, 0x85, 0x20,
                           0xe2, 0x59, 0x2d, 0x41, 0xe9, 0xa0, 0xdd, 0xb1};
unsigned int cd_hash_len = 32;

#define MAX_FIDO_DEVICES 8

#define FIDO_CHECK(x)                                                          \
  do {                                                                         \
    int err = x;                                                               \
    if (err != FIDO_OK) {                                                      \
      printf("FIDO ERR %i line %i\n", err, __LINE__);                          \
    }                                                                          \
  } while (0)

int main(void) {
  printf("SigningTool assert\n");
  fido_init(FIDO_DEBUG);
  printf("Reading cred_id\n");
  FILE *file = fopen("cred_id.bin", "r");
  FIDO_CHECK(!file);
  size_t cred_id_len = fread(cred_id, 1, sizeof(cred_id), file);
  FIDO_CHECK(!cred_id_len);
  fclose(file);
  printf("Searching for devices\n");
  fido_dev_info_t *devs = fido_dev_info_new(MAX_FIDO_DEVICES);
  FIDO_CHECK(!devs);
  size_t found = 0;
  FIDO_CHECK(fido_dev_info_manifest(devs, MAX_FIDO_DEVICES, &found));
  printf("Found %zu devices\n", found);
  const char *path;
  for (size_t i = 0; i < found; ++i) {
    fido_dev_info_t const *dev_info = fido_dev_info_ptr(devs, i);
    FIDO_CHECK(!dev_info);
    path = fido_dev_info_path(dev_info);
    printf("Device %zu is %s\n", i, path);
  }
  printf("Opening device\n");
  fido_dev_t *dev = fido_dev_new();
  FIDO_CHECK(!dev);
  FIDO_CHECK(fido_dev_open(dev, path));
  fido_dev_info_free(&devs, MAX_FIDO_DEVICES);
  printf("Making assertion\n");
  fido_assert_t *assert = fido_assert_new();
  FIDO_CHECK(!assert);
  FIDO_CHECK(fido_assert_set_rp(assert, "id"));
  FIDO_CHECK(fido_assert_set_clientdata_hash(assert, cd_hash, cd_hash_len));
  FIDO_CHECK(fido_assert_allow_cred(assert, cred_id, cred_id_len));
  FIDO_CHECK(fido_assert_set_extensions(assert, 0));
  printf("Generating assertion\n");
  FIDO_CHECK(fido_dev_get_assert(dev, assert, NULL));
  fido_dev_close(dev);
  fido_dev_free(&dev);
  printf("Getting generated data\n");
  unsigned char const *signature = fido_assert_sig_ptr(assert, 0);
  unsigned char const *authdata = fido_assert_authdata_ptr(assert, 0);
  size_t signature_len = fido_assert_sig_len(assert, 0);
  size_t authdata_len = fido_assert_authdata_len(assert, 0);
  FIDO_CHECK(!signature);
  FIDO_CHECK(!authdata);
  printf("Write generated data\n");
  file = fopen("assert_signature.bin", "w");
  fwrite(signature, signature_len, 1, file);
  fclose(file);
  file = fopen("assert_authdata.bin", "w");
  fwrite(authdata, authdata_len, 1, file);
  fclose(file);
  file = fopen("assert_hash.bin", "w");
  fwrite(cd_hash, cd_hash_len, 1, file);
  fclose(file);
  printf("Verify assertion\n");
  file = fopen("pubkey.pem", "r");
  FIDO_CHECK(!file);
  EVP_PKEY *pubkey = PEM_read_PUBKEY(file, NULL, NULL, NULL);
  FIDO_CHECK(!pubkey);
  printf("Making ECC key\n");
  es256_pk_t *es256_pk = es256_pk_new();
  EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pubkey);
  FIDO_CHECK(!ec_key);
  FIDO_CHECK(es256_pk_from_EC_KEY(es256_pk, ec_key));
  FIDO_CHECK(fido_assert_verify(assert, 0, COSE_ES256, es256_pk));
  /* Cleanup */
  fido_assert_free(&assert);
  return 0;
}