revamp extensions

This commit is contained in:
2020-04-12 20:05:38 +02:00
parent bb202c8a54
commit 5da5ac54f0
8 changed files with 249 additions and 46 deletions

View File

@@ -2,7 +2,7 @@ extern crate ctap_hmac as ctap;
use crypto::digest::Digest;
use crypto::sha2::Sha256;
use ctap::extensions::hmac::HmacExtension;
use ctap::extensions::{self, FidoExtensionResponseParserExt};
use ctap::{FidoAssertionRequestBuilder, FidoCredential, FidoCredentialRequestBuilder};
use hex;
use std::env::args;
@@ -16,14 +16,13 @@ fn main() -> ctap::FidoResult<()> {
let mut devices = ctap::get_devices()?;
let device_info = &mut devices.next().expect("No authenticator found");
let mut device = ctap::FidoDevice::new(device_info)?;
let credential = match args().skip(1).next().map(|h| FidoCredential {
let credential = match args().nth(1).map(|h| FidoCredential {
id: hex::decode(&h).expect("Invalid credential"),
public_key: None,
}) {
Some(cred) => cred,
_ => {
let req = FidoCredentialRequestBuilder::default()
let mut req = FidoCredentialRequestBuilder::default()
.rp_id(RP_ID)
.rp_name("ctap_hmac crate")
.user_name("example")
@@ -31,9 +30,16 @@ fn main() -> ctap::FidoResult<()> {
.build()
.unwrap();
assert!(
&device.supports_extension::<extensions::HmacSecret>(),
"Your device does not support the hmac extension"
);
let hmac = extensions::HmacSecret::new();
req.with_extension(&hmac)?;
dbg!(&req);
println!("Authorize using your device");
let cred = device
.make_hmac_credential(&req)
let cred = req
.make_credential(&mut device)
.expect("Failed to request credential");
println!("Credential: {}\nNote: You can pass this credential as first argument in order to reproduce results", hex::encode(&cred.id));
cred
@@ -52,12 +58,15 @@ fn main() -> ctap::FidoResult<()> {
digest.input(&message.as_bytes());
digest.result(&mut salt);
let credential = &&credential;
let request = FidoAssertionRequestBuilder::default()
let hmac = extensions::HmacSecret::new().for_device(&mut device, &salt, None)?;
let mut request = FidoAssertionRequestBuilder::default()
.rp_id(RP_ID)
.credential(credential)
.build()
.unwrap();
let (_cred, (hash1, _hash2)) = device.get_hmac_assertion(&request, &salt, None)?;
request.with_extension(&hmac)?;
let (_cred, auth_data) = device.get_assertion(&request)?;
let (hash1, _hash2) = auth_data.parse_extension_data(&hmac)?;
println!("Hash: {}", hex::encode(&hash1));
Ok(())
}