The Wayback Machine - https://web.archive.org/web/20230128221333/https://github.com/mozilla/authenticator-rs
Skip to content

mozilla/authenticator-rs

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
9 branches 17 tags
Code

Latest commit

@micolous
micolous Rename and document U2FAPDUHeader and fix Nc=0. (#191)
47d6920 Oct 13, 2022
Rename and document `U2FAPDUHeader` and fix Nc=0. (#191) 
* Fixes an issue where Lc bytes would be included when Nc = 0 (zero command data length). This is incorrect in ISO 7816-4:2005 (which FIDO v1.1 and v1.2 correctly describe).

  This affected the `GetVersion` command; and tests have been updated accordingly.

* Renames `U2FAPDUHeader` to `CTAP1RequestAPDU`.

  Using the name "CTAP1" rather than "U2F" follows the convention put forward in FIDO v2.x specs, which avoids confusion like "U2Fv2" = "CTAP1".

  The previous implementation wasn't just "a header", but rather the complete APDU.

* Renames `FidoDevice::send_apdu` to `FidoDevice::send_ctap1`. This makes it more like `RequestCtap2`, and avoids confusion later on when adding support for CTAP2 over NFC (which still uses ISO 7816-4 APDUs).

* Documents and add tests for `CTAP1RequestAPDU`, explaining the confusing state of affairs.
47d6920

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
examples
Fix panic msg is not a string literal warning (#149)
Feb 22, 2022
fuzz
Add authenticator USB and Firmware details to the C API
Aug 10, 2020
src
Rename and document U2FAPDUHeader and fix Nc=0. (#191)
Oct 13, 2022
testing
edition 2018 fix for OpenBSD
Aug 6, 2020
webdriver-tools
Add all WebDriver methods to control TestToken
Sep 17, 2020
.clippy.toml
Rebase on v0.3.0 new errors, etc.
Sep 17, 2020
.flake8
WebDriver implementation
Sep 17, 2020
.gitignore
Fix #35 - Run Clippy at TravisCI, and clean up Clippy warnings (#70)
Oct 25, 2018
.pre-commit-config.yaml
WebDriver implementation
Sep 17, 2020
.travis.yml
Rust 1.46 clippy fixes (#135)
Sep 17, 2020
Cargo.toml
Bump tokio to 1.17, which is current version in mozilla-central (#176)
Jun 20, 2022
Cross.toml
Add cross cross-platform testing tools
Jul 27, 2020
LICENSE
Add pre-commit
Jan 22, 2020
README.md
Fix fuzzing targets to use stable cargo-fuzz
Jul 27, 2020
build.rs
Add support for SPARC64 (#193)
Oct 13, 2022
rustfmt.toml
Add all WebDriver methods to control TestToken
Sep 17, 2020
A Rust library for interacting with CTAP1/CTAP2 Security Keys Usage Tests Fuzzing

README.md

A Rust library for interacting with CTAP1/CTAP2 Security Keys

Build Status Maturity Level

This is a cross-platform library for interacting with Security Key-type devices via Rust.

  • Supported Platforms: Windows, Linux, FreeBSD, NetBSD, OpenBSD, and macOS.
  • Supported Transports: USB HID.
  • Supported Protocols: FIDO U2F over USB. CTAP2 support is forthcoming, with work being done in the unstable ctap2 branch.

This library currently focuses on USB security keys, but is expected to be extended to support additional transports.

Usage

There's only a simple example function that tries to register and sign right now. It uses env_logger for logging, which you configure with the RUST_LOG environment variable:

cargo build --example main
RUST_LOG=debug cargo run --example main

Proper usage should be to call into this library from something else - e.g., Firefox. There are some C headers exposed for the purpose.

Tests

There are some tests of the cross-platform runloop logic and the protocol decoder:

cargo test

Fuzzing

There are fuzzers for the USB protocol reader, basically fuzzing inputs from the HID layer. There are not (yet) fuzzers for the C API used by callers (such as Gecko).

To fuzz, you will need cargo-fuzz (the latest version from GitHub) as well as Rust Nightly.

rustup install nightly
cargo install cargo-fuzz

cargo +nightly fuzz run u2f_read -- -max_len=512
cargo +nightly fuzz run u2f_read_write -- -max_len=512

About

Rust library to interact with Security Keys, used by Firefox

crates.io/crates/authenticator

Topics

rust hid u2f

Resources

Readme

License

MPL-2.0 license

Stars

227 stars

Watchers

17 watching

Forks

64 forks

Releases

17 tags

Packages

No packages published

Used by 124

  • @mtwebster
  • @innexgo
  • @animeavi
  • @Centaurioun
  • @PLSysSec
  • @wonlee2019
  • @sagudev
  • @tauri-apps
+ 116

Contributors 31

+ 20 contributors

Languages