Merge remote-tracking branch 'nitrokey/main'

This pulls in all changes from the Nitrokey/fido-authenticator
repository, improving compliance with the CTAP spec, adding support for
CTAP 2.1 and implementing new features like the largeBlob extension.

Author: robin-nitrokey

.cargo/config

@@ -0,0 +1,79 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+jobs:
+  check-fuzz:
+    name: Check fuzz targets
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: nightly
+        override: true
+    - name: Check fuzz targets
+      run: |
+        cargo check --manifest-path fuzz/Cargo.toml
+
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - x86_64-unknown-linux-gnu
+          - thumbv7em-none-eabi
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Rust toolchain
+        run: |
+          rustup show
+          rustup target add ${{ matrix.target }}
+
+      - name: Install build dependencies
+        run: >
+          sudo apt-get update -y -qq &&
+          sudo apt-get install -y -qq llvm libc6-dev-i386 libclang-dev
+
+      - uses: fiam/arm-none-eabi-gcc@v1
+        with:
+          release: "9-2020-q2"
+
+      - name: Build
+        run: cargo build --verbose --target ${{ matrix.target }}
+
+      - name: Check all targets without default features
+        run: cargo check --all-targets --no-default-features
+        if: matrix.target == 'x86_64-unknown-linux-gnu'
+
+      - name: Check all targets with default features
+        run: cargo check --all-targets
+        if: matrix.target == 'x86_64-unknown-linux-gnu'
+
+      - name: Check all features and targets
+        run: cargo check --all-features --all-targets
+        if: matrix.target == 'x86_64-unknown-linux-gnu'
+
+      - name: Run tests
+        run: cargo test --verbose --features dispatch
+        if: matrix.target == 'x86_64-unknown-linux-gnu'
+
+      - name: Check formatting
+        run: cargo fmt -- --check
+        if: matrix.target == 'x86_64-unknown-linux-gnu'
+
+      - name: Check clippy lints
+        run: cargo clippy --all-features --all-targets -- --deny warnings
+        if: matrix.target == 'x86_64-unknown-linux-gnu'
+
+      - name: Check documentation
+        run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps
+        if: matrix.target == 'x86_64-unknown-linux-gnu'

.github/workflows/ci.yml

@@ -7,25 +7,53 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## Unreleased
 - Set the `makeCredUvNotRqd` CTAP option to `true` to indicate that we support
   makeCredential operations without user verification ([#26][])
-- Ignore public key credential parameters with an unknown type, as required by
+- Ignore public key credential paramters with an unknown type, as required by
   the Webauthn spec ([#28][])
 - Reject `rk` option in getAssertion ([#31][])
 - Ignore user data with empty ID in getAssertion ([#32][])
 - Allow three instead of two PIN retries per boot ([#35][])
 - Add log messages for requests, responses and errors
+- Add config option for setting a maximum number of resident credentials.
+- Reduce ID length for new credentials ([#37][])
+- Update apdu-dispatch and reject calls to `select` ([#40][])
+- Implement the `largeBlobKey` extension and the `largeBlobs` command ([#38][])
+- Fix error type for third invalid PIN entry ([#60][])
+- Fix error type for cancelled user presence ([#61][])
+- PIN protocol changes:
+  - Extract PIN protocol implementation into separate module ([#62][])
+  - Implement PIN protocol 2 ([#63][])
+  - Implement PIN token permissions ([#63][])
+- Implement UpdateUserInformation subcommand for CredentialManagement
+- Support CTAP 2.1
+- Serialize PIN hash with `serde-bytes` ([#52][])
+- Reduce the space taken by credential serialization ([#59][])
+- Update dependencies:
+  - Replace `trussed` dependency with `trussed-core`
+  - Replace `ctaphid-dispatch` dependeny with `ctaphid-app`
+- Remove the per-relying party directory to save space ([#55][])
 
 [#26]: https://github.com/solokeys/fido-authenticator/issues/26
 [#28]: https://github.com/solokeys/fido-authenticator/issues/28
 [#31]: https://github.com/solokeys/fido-authenticator/issues/31
 [#32]: https://github.com/solokeys/fido-authenticator/issues/32
 [#35]: https://github.com/solokeys/fido-authenticator/issues/35
+[#37]: https://github.com/solokeys/fido-authenticator/issues/37
+[#40]: https://github.com/nitrokey/fido-authenticator/pull/40
+[#38]: https://github.com/Nitrokey/fido-authenticator/issues/38
+[#60]: https://github.com/Nitrokey/fido-authenticator/pull/60
+[#61]: https://github.com/Nitrokey/fido-authenticator/pull/61
+[#62]: https://github.com/Nitrokey/fido-authenticator/pull/62
+[#63]: https://github.com/Nitrokey/fido-authenticator/pull/63
+[#52]: https://github.com/Nitrokey/fido-authenticator/issues/52
+[#59]: https://github.com/Nitrokey/fido-authenticator/issues/59
+[#55]: https://github.com/Nitrokey/fido-authenticator/issues/55
 
 ## [0.1.1] - 2022-08-22
 - Fix bug that treated U2F payloads as APDU over APDU in NFC transport @conorpp
 - Add config option to skip UP when device was just booted,
   as insertion is a kind of UP check @robin-nitrokey
 
-## [Unreleased]
+## [0.1.0] - 2022-03-17
 
 - use 2021 edition
 - use @szszszsz's credential ID shortening

CHANGELOG.md

@@ -8,39 +8,80 @@ repository = "https://github.com/solokeys/fido-authenticator"
 documentation = "https://docs.rs/fido-authenticator"
 description = "FIDO authenticator Trussed app"
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
 [dependencies]
-ctap-types = "0.1.0"
+cbor-smol = { version = "0.5" }
+ctap-types = { version = "0.4", features = ["get-info-full", "large-blobs", "third-party-payment"] }
+cosey = "0.3"
 delog = "0.1.0"
 heapless = "0.7"
-interchange = "0.2.0"
-littlefs2 = "0.3.1"
+heapless-bytes = "0.3"
+littlefs2-core = "0.1"
 serde = { version = "1.0", default-features = false }
-serde_cbor = { version = "0.11.0", default-features = false }
+serde_bytes = { version = "0.11.14", default-features = false }
 serde-indexed = "0.1.0"
-trussed = "0.1"
+sha2 = { version = "0.10", default-features = false }
+trussed-core = { version = "0.1.0", features = ["aes256-cbc", "certificate-client", "chacha8-poly1305", "crypto-client", "ed255", "filesystem-client", "hmac-sha256", "management-client", "p256", "sha256", "ui-client"] }
+trussed-fs-info = "0.2.0"
+trussed-hkdf = { version = "0.3.0" }
+trussed-chunked = { version = "0.2.0", optional = true }
 
-apdu-dispatch = { version = "0.1", optional = true }
-ctaphid-dispatch = { version = "0.1", optional = true }
-iso7816 = { version = "0.1", optional = true }
+apdu-app = { version = "0.1", optional = true }
+ctaphid-app = { version = "0.1.0-rc.1", optional = true }
+iso7816 = { version = "0.1.2", optional = true }
 
 [features]
-default = []
 dispatch = ["apdu-dispatch", "ctaphid-dispatch", "iso7816"]
+apdu-dispatch = ["dep:apdu-app"]
+ctaphid-dispatch = ["dep:ctaphid-app"]
 disable-reset-time-window = []
-enable-fido-pre = []
+
+# enables support for a large-blob array longer than 1024 bytes
+chunked = ["trussed-chunked"]
 
 log-all = []
 log-none = []
+log-trace = []
 log-info = []
 log-debug = []
 log-warn = []
 log-error = []
 
 [dev-dependencies]
-# quickcheck = "1"
+admin-app = { version = "0.1.0", features = ["migration-tests"] }
+aes = "0.8.4"
+cbc = { version = "0.1.2", features = ["alloc"] }
+ciborium = { version = "0.2.2" }
+ciborium-io = "0.2.2"
+cipher = "0.4.4"
+ctaphid = { version = "0.3.1", default-features = false }
+ctaphid-dispatch = "0.3"
+delog = { version = "0.1.6", features = ["std-log"] }
+env_logger = "0.11.0"
+hex-literal = "0.4.1"
+hmac = "0.12.1"
+interchange = "0.3.0"
+itertools = "0.14.0"
+littlefs2 = "0.6.0"
+log = "0.4.21"
+p256 = { version = "0.13.2", features = ["ecdh"] }
 rand = "0.8.4"
+rand_chacha = "0.3"
+sha2 = "0.10"
+serde_test = "1.0.176"
+trussed = { version = "0.1", features = ["virt"] }
+trussed-staging = { version = "0.3.0", features = ["chunked", "hkdf", "virt", "fs-info"] }
+trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"] }
+usbd-ctaphid = "0.3.0"
+x509-parser = "0.16.0"
 
 [package.metadata.docs.rs]
 features = ["dispatch"]
+
+[patch.crates-io]
+admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.20" }
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "024e0eca5fb7dbd2457831f7c7bffe4341e08775" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "7922d67e9637a87e5625aaff9e5111f0d4ec0346" }
+trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "504674453c9573a30aa2f155101df49eb2af1ba7" }
+
+[profile.test]
+opt-level = 2

Cargo.toml

@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage

fuzz/.gitignore

@@ -0,0 +1,28 @@
+[package]
+name = "fido-authenticator-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+ctap-types = { version = "0.4", features = ["arbitrary"] }
+libfuzzer-sys = "0.4"
+trussed = { version = "0.1", features = ["clients-1", "certificate-client", "crypto-client", "filesystem-client", "management-client", "aes256-cbc", "ed255", "p256", "sha256"] }
+trussed-staging = { version = "0.3.0", features = ["chunked", "hkdf", "virt", "fs-info"] }
+
+[dependencies.fido-authenticator]
+path = ".."
+
+[[bin]]
+name = "ctap"
+path = "fuzz_targets/ctap.rs"
+test = false
+doc = false
+bench = false
+
+[patch.crates-io]
+trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" }
+trussed-staging = { git = "https://github.com/trussed-dev/trussed-staging.git", rev = "1e1ca03a3a62ea9b802f4070ea4bce002eeb4bec" }

fuzz/Cargo.toml

@@ -0,0 +1,34 @@
+#![no_main]
+
+use ctap_types::{authenticator::Request, ctap1::Authenticator as _, ctap2::Authenticator as _};
+use fido_authenticator::{Authenticator, Config, Conforming};
+use trussed_staging::virt;
+
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|requests: Vec<Request<'_>>| {
+    virt::with_ram_client("fido", |client| {
+        let mut authenticator = Authenticator::new(
+            client,
+            Conforming {},
+            Config {
+                max_msg_size: 0,
+                skip_up_timeout: None,
+                max_resident_credential_count: None,
+                large_blobs: None,
+                nfc_transport: false,
+            },
+        );
+
+        for request in requests {
+            match request {
+                Request::Ctap1(request) => {
+                    authenticator.call_ctap1(&request).ok();
+                }
+                Request::Ctap2(request) => {
+                    authenticator.call_ctap2(&request).ok();
+                }
+            }
+        }
+    });
+});

fuzz/fuzz_targets/ctap.rs

@@ -1,9 +1,11 @@
 //! Constants.
 
-use trussed::types::{CertId, KeyId};
+use trussed_core::types::{CertId, KeyId};
 
 pub const FIDO2_UP_TIMEOUT: u32 = 30_000;
 pub const U2F_UP_TIMEOUT: u32 = 250;
 
 pub const ATTESTATION_CERT_ID: CertId = CertId::from_special(0);
 pub const ATTESTATION_KEY_ID: KeyId = KeyId::from_special(0);
+
+pub const MAX_RESIDENT_CREDENTIALS_GUESSTIMATE: u32 = 100;