Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Common API changes needed to (later) add caBLE support. #251

Merged
merged 1 commit into from
Jan 10, 2023
Merged

Common API changes needed to (later) add caBLE support. #251

merged 1 commit into from
Jan 10, 2023

Conversation

micolous
Copy link
Collaborator

@micolous micolous commented Jan 7, 2023
edited
Loading

This adds functionality, changes APIs and refactors webauthn-authenticator-rs in ways that's necessary (or useful) for caBLE support (#232), without actually adding support for caBLE itself.

  • AuthenticatorBackendHashedClientData: new trait for AuthenticatorBackends which accepts client_data_hash directly. This de-duplicates the client_data_json handling, and allows the library to proxy requests from a caBLE initiator.
  • perform_register_with_request, perform_auth_with_request: Accepts MakeCredentialRequest and GetAssertionRequest commands directly, mapping them onto AuthenticatorBackendHashedClientData. This allows it to act as a caBLE authenticator, while also handling PIN/UV auth internally when proxying to physical authenticators (as browsers don't attempt it!)
  • crypto: new module for common cryptographic operations, shared between caBLE and CTAP2 implementation.
  • CTAP2:
    • implement AuthenticatorBackendHashedClientData instead of AuthenticatorBackend
    • adds serialisation for Map<u32, String> to GetAssertionResponse and MakeCredentialResponse and from GetAssertionRequest and MakeCredentialRequest for perform_*_with_request.
    • allow for both Map<String, String> and Map<u32, String> representations of CBORRequest and CBORResponse for perform_*_with_request.
    • add GetInfoResponse serialisation
    • make to_short_apdus and to_long_apdu stand-alone methods
    • Token is now mutable, and Token::close is now async
    • use short APDUs for selecting FIDO2 applet over NFC, because Feitian tokens don't support extended APDUs (in violation of the FIDO specification!)
  • SoftPasskey:
    • implement AuthenticatorBackendHashedClientData instead of AuthenticatorBackend
  • SoftToken:
    • implement AuthenticatorBackendHashedClientData instead of AuthenticatorBackend
    • add support for persisting the SoftToken (as SoftTokenFile)
    • add examples/softtoken for creating a persisted SoftToken
  • ui: Add methods for caBLE (displaying QR codes and reporting status)
  • examples/authenticate:
    • refactor to use command line arguments, rather than interactive text UI
    • re-open the connection to the key after every operation (needed for Feitian NFC keys, and also caBLE)
  • clean up some dead/commented code that was from testing earlier features
  • fix some documentation formatting errors

Fixes #

  • cargo test has been run and passes
  • documentation has been updated with relevant examples (if relevant)

@micolous micolous force-pushed the cable-common branch 2 times, most recently from 6e86048 to f060585 Compare January 7, 2023 07:40
@micolous micolous mentioned this pull request Jan 7, 2023
Merged
3 tasks
@micolous micolous force-pushed the cable-common branch 4 times, most recently from 3d66bca to 83e4bf4 Compare January 7, 2023 12:40
@micolous micolous marked this pull request as ready for review January 7, 2023 13:00
@micolous
Copy link
Collaborator Author

micolous commented Jan 8, 2023

This should be good to go now.

@micolous micolous merged commit 04c3bf3 into kanidm:master Jan 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Firstyear Firstyear Firstyear approved these changes

@yaleman yaleman Awaiting requested review from yaleman yaleman is a code owner

@agrinman agrinman Awaiting requested review from agrinman agrinman is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@micolous @Firstyear