diff --git a/.gitignore b/.gitignore index a008418..6e4c756 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ register +assert diff --git a/Makefile b/Makefile index e5fda82..ec817a9 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ +all: assert register + assert: assert.c gcc -g -Wall -Werror -Wextra -lfido2 assert.c -o assert register: register.c - gcc -g -Wall -Werror -Wextra -lfido2 register.c -o register + gcc -g -Wall -Werror -Wextra -lfido2 -lcrypto register.c -o register diff --git a/TEST/COMBINED b/TEST/COMBINED new file mode 100644 index 0000000..1cde65c --- /dev/null +++ b/TEST/COMBINED Binary files differ diff --git a/TEST/assert_authdata.bin b/TEST/assert_authdata.bin new file mode 100644 index 0000000..536dc80 --- /dev/null +++ b/TEST/assert_authdata.bin Binary files differ diff --git a/TEST/assert_hash.bin b/TEST/assert_hash.bin new file mode 100644 index 0000000..cb65cff --- /dev/null +++ b/TEST/assert_hash.bin @@ -0,0 +1 @@ +���@0f1��:Ͻ��c� �CC�� �Y-A�ݱ \ No newline at end of file diff --git a/TEST/assert_signature.bin b/TEST/assert_signature.bin new file mode 100644 index 0000000..50cc7ed --- /dev/null +++ b/TEST/assert_signature.bin Binary files differ diff --git a/TEST/authdata.bin b/TEST/authdata.bin new file mode 100644 index 0000000..3c358fd --- /dev/null +++ b/TEST/authdata.bin Binary files differ diff --git a/TEST/cred_id.bin b/TEST/cred_id.bin new file mode 100644 index 0000000..393bbdc --- /dev/null +++ b/TEST/cred_id.bin Binary files differ diff --git a/TEST/pubkey.pem b/TEST/pubkey.pem new file mode 100644 index 0000000..069b820 --- /dev/null +++ b/TEST/pubkey.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWZjNg7EwhuP4gKmkua7m2x1WFr9o +8pal7wGAM9JWQyHkk3RWV4QHH24s+n/UmyuJfW+39PRx9lDCYXlgMN0glg== +-----END PUBLIC KEY----- diff --git a/assert.c b/assert.c index 9699e59..e752216 100644 --- a/assert.c +++ b/assert.c @@ -4,12 +4,18 @@ #include #include -unsigned char user_id[] = { - 0x15, 0xf9, 0x5d, 0x3e, 0xce, 0xe9, 0x17, 0x3e, 0x25, 0x8e, 0xe6, 0x20, - 0x92, 0xcf, 0xff, 0x9b, 0xe0, 0xcf, 0xf9, 0xca, 0x50, 0x8d, 0x1f, 0x24, - 0xf1, 0xa7, 0xeb, 0x68, 0x7d, 0xb7, 0x82, 0x5d +unsigned char cred_id[] = { + 0x91, 0x46, 0xaf, 0x4c, 0x2a, 0x36, 0xdd, 0x72, 0xc0, 0x79, 0x8f, 0x9a, + 0x1b, 0x42, 0x59, 0x2c, 0xe6, 0x49, 0xba, 0x6c, 0x29, 0x95, 0x8e, 0x98, + 0xe5, 0x44, 0x14, 0x40, 0x73, 0x42, 0x69, 0x14, 0xc6, 0x9f, 0x0c, 0xe0, + 0xcb, 0x44, 0x3e, 0x71, 0x29, 0x78, 0x01, 0xe2, 0x4a, 0xe4, 0xe4, 0xdd, + 0xea, 0x0c, 0x6b, 0xff, 0xe1, 0x86, 0x54, 0x36, 0x04, 0xb2, 0x46, 0x4c, + 0x19, 0x20, 0x7b, 0x5c, 0x4d, 0x88, 0x45, 0xdc, 0xa3, 0x2f, 0xbf, 0xb5, + 0x6c, 0xde, 0x1a, 0x49, 0x94, 0x3b, 0x30, 0xe6, 0xe4, 0xfe, 0x88, 0x57, + 0xee, 0x38, 0x01, 0x0b, 0x88, 0x1e, 0xf5, 0x81, 0x9a, 0x73, 0x2b, 0x1a }; -unsigned int user_id_len = 32; +unsigned int cred_id_len = 96; + unsigned char cd_hash[] = { 0xc0, 0x9e, 0xfa, 0x40, 0x30, 0x66, 0x31, 0xbd, 0xd9, 0x3a, 0xcf, 0xbd, 0xab, 0x8d, 0x63, 0xc4, 0x0c, 0x99, 0x43, 0x43, 0xe4, 0x13, 0x85, 0x20, @@ -46,25 +52,30 @@ fido_assert_t* assert = fido_assert_new(); FIDO_CHECK(!assert); FIDO_CHECK(fido_assert_set_rp(assert, "id")); - FIDO_CHECK(fido_assert_clientdata_hash(cred, cd_hash, cd_hash_len)); + FIDO_CHECK(fido_assert_set_clientdata_hash(assert, cd_hash, cd_hash_len)); + FIDO_CHECK(fido_assert_allow_cred(assert, cred_id, cred_id_len)); + FIDO_CHECK(fido_assert_set_extensions(assert, 0)); printf("Generating assertion\n"); - FIDO_CHECK(fido_dev_get_assert(dev, assertion, NULL)); + FIDO_CHECK(fido_dev_get_assert(dev, assert, NULL)); fido_dev_close(dev); fido_dev_free(&dev); printf("Getting generated data\n"); - unsigned char const *signature = fido_assert_sig_ptr(cred); - unsigned char const *authdata = fido_assert_authdata_ptr(cred); - size_t signature_len = fido_assert_sig_len(cred); - size_t authdata_len = fido_assert_authdata_len(cred); + unsigned char const *signature = fido_assert_sig_ptr(assert, 0); + unsigned char const *authdata = fido_assert_authdata_ptr(assert, 0); + size_t signature_len = fido_assert_sig_len(assert, 0); + size_t authdata_len = fido_assert_authdata_len(assert, 0); FIDO_CHECK(!signature); FIDO_CHECK(!authdata); printf("Write generated data\n"); - FILE *file = fopen("generated.bin", "w"); - fwrite("JOOKIA_SIG", sizeof("JOOKIA_SIG"), 1, file); + FILE *file = fopen("assert_signature.bin", "w"); fwrite(signature, signature_len, 1, file); - fwrite("JOOKIA_AUTHDATA", sizeof("JOOKIA_AUTHDATA"), 1, file); + fclose(file); + file = fopen("assert_authdata.bin", "w"); fwrite(authdata, authdata_len, 1, file); fclose(file); + file = fopen("assert_hash.bin", "w"); + fwrite(cd_hash, cd_hash_len, 1, file); + fclose(file); /* Cleanup */ fido_assert_free(&assert); return 0; diff --git a/register.c b/register.c index bdd2ba3..844f738 100644 --- a/register.c +++ b/register.c @@ -3,13 +3,16 @@ #include #include +#include +#include +#include -unsigned char user_id[] = { +unsigned char my_user_id[] = { 0x15, 0xf9, 0x5d, 0x3e, 0xce, 0xe9, 0x17, 0x3e, 0x25, 0x8e, 0xe6, 0x20, 0x92, 0xcf, 0xff, 0x9b, 0xe0, 0xcf, 0xf9, 0xca, 0x50, 0x8d, 0x1f, 0x24, 0xf1, 0xa7, 0xeb, 0x68, 0x7d, 0xb7, 0x82, 0x5d }; -unsigned int user_id_len = 32; +unsigned int my_user_id_len = 32; unsigned char cd_hash[] = { 0xc0, 0x9e, 0xfa, 0x40, 0x30, 0x66, 0x31, 0xbd, 0xd9, 0x3a, 0xcf, 0xbd, 0xab, 0x8d, 0x63, 0xc4, 0x0c, 0x99, 0x43, 0x43, 0xe4, 0x13, 0x85, 0x20, @@ -47,34 +50,42 @@ FIDO_CHECK(!cred); FIDO_CHECK(fido_cred_set_type(cred, COSE_ES256)); /* COSE_ES256, COSE_RS256, COSE_EDDSA */ FIDO_CHECK(fido_cred_set_clientdata_hash(cred, cd_hash, cd_hash_len)); - FIDO_CHECK(fido_cred_set_user(cred, user_id, user_id_len, NULL, NULL, NULL)); + FIDO_CHECK(fido_cred_set_user(cred, my_user_id, my_user_id_len, NULL, NULL, NULL)); FIDO_CHECK(fido_cred_set_rp(cred, "id", "name")); FIDO_CHECK(fido_cred_set_fmt(cred, "packed")); printf("Generating credential\n"); FIDO_CHECK(fido_dev_make_cred(dev, cred, NULL)); fido_dev_close(dev); fido_dev_free(&dev); - printf("Getting generated data\n"); - unsigned char const *signature = fido_cred_sig_ptr(cred); - unsigned char const *pubkey = fido_cred_pubkey_ptr(cred); - unsigned char const *authdata = fido_cred_authdata_ptr(cred); - size_t signature_len = fido_cred_sig_len(cred); - size_t pubkey_len = fido_cred_pubkey_len(cred); - size_t authdata_len = fido_cred_authdata_len(cred); - FIDO_CHECK(!signature); - FIDO_CHECK(!pubkey); - FIDO_CHECK(!authdata); - printf("Write generated data\n"); - FILE *file = fopen("generated.bin", "w"); - fwrite("JOOKIA_SIG", sizeof("JOOKIA_SIG"), 1, file); - fwrite(signature, signature_len, 1, file); - fwrite("JOOKIA_PUBKEY", sizeof("JOOKIA_PUBKEY"), 1, file); - fwrite(pubkey, pubkey_len, 1, file); - fwrite("JOOKIA_AUTHDATA", sizeof("JOOKIA_AUTHDATA"), 1, file); - fwrite(authdata, authdata_len, 1, file); - fclose(file); printf("Verifying attestation\n"); FIDO_CHECK(fido_cred_verify(cred)); + printf("Getting generated data\n"); + unsigned char const *pubkey = fido_cred_pubkey_ptr(cred); + unsigned char const *authdata = fido_cred_authdata_ptr(cred); + unsigned char const *cred_id = fido_cred_id_ptr(cred); + size_t pubkey_len = fido_cred_pubkey_len(cred); + size_t authdata_len = fido_cred_authdata_len(cred); + size_t cred_id_len = fido_cred_id_len(cred); + FIDO_CHECK(!pubkey); + FIDO_CHECK(!authdata); + FIDO_CHECK(!cred_id); + printf("Write generated data\n"); + FILE *file = fopen("cred_id.bin", "w"); + fwrite(cred_id, cred_id_len, 1, file); + fclose(file); + file = fopen("authdata.bin", "w"); + fwrite(authdata, authdata_len, 1, file); + fclose(file); + printf("Write pubkey\n"); + es256_pk_t *key = es256_pk_new(); + FIDO_CHECK(!key); + FIDO_CHECK(es256_pk_from_ptr(key, pubkey, pubkey_len)); + EVP_PKEY *evp_pkey = es256_pk_to_EVP_PKEY(key); + FIDO_CHECK(evp_pkey == 0); + es256_pk_free(&key); + file = fopen("pubkey.pem", "w"); + PEM_write_PUBKEY(file, evp_pkey); + fclose(file); /* Cleanup */ fido_cred_free(&cred); return 0;