Merge branch 'solokeys/main'

CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+- use 2021 edition
+- use @szszszsz's credential ID shortening
+- get rid of the two big heaps, only cache timestamp + filename in GetAssertion
+- bump to the released dependencies
+- integrate `dispatch-fido`

Cargo.toml

@@ -1,34 +1,46 @@
 [package]
 name = "fido-authenticator"
-version = "0.0.0-unreleased"
+version = "0.1.0"
 authors = ["Nicolas Stalder <[email protected]>"]
-edition = "2018"
+edition = "2021"
 license = "Apache-2.0 OR MIT"
 repository = "https://github.com/solokeys/fido-authenticator"
 documentation = "https://docs.rs/fido-authenticator"
+description = "FIDO authenticator Trussed app"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+ctap-types = "0.1.0"
 delog = "0.1.0"
 heapless = "0.7"
 interchange = "0.2.0"
 littlefs2 = "0.3.1"
 serde = { version = "1.0", default-features = false }
 serde_cbor = { version = "0.11.0", default-features = false }
 serde-indexed = "0.1.0"
+trussed = "0.1"
 
-ctap-types = { git = "https://github.com/solokeys/ctap-types" }
-trussed = { git = "https://github.com/trussed-dev/trussed" }
+apdu-dispatch = { version = "0.1", optional = true }
+ctaphid-dispatch = { version = "0.1", optional = true }
+iso7816 = { version = "0.1", optional = true }
 
 [features]
-enable-fido-pre = []
-
+default = []
+dispatch = ["apdu-dispatch", "ctaphid-dispatch", "iso7816"]
 disable-reset-time-window = []
+enable-fido-pre = []
 
 log-all = []
 log-none = []
 log-info = []
 log-debug = []
 log-warn = []
 log-error = []
+
+[dev-dependencies]
+# quickcheck = "1"
+rand = "0.8.4"
+
+[package.metadata.docs.rs]
+features = ["dispatch"]

README.md

@@ -1,6 +1,6 @@
 # fido-authenticator
 
-Open source [FIDO][fido] authenticator implementation.
+[FIDO][fido] authenticator [Trussed][trussed]<sup>®</sup> app.
 
 Built with [Trussed][trussed].
 
@@ -19,6 +19,21 @@ As used in the [SoloKeys][solokeys] [Solo 2][solo2] and [Nitrokey 3][nitro3].
 [ctap21ps]: https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html
 [webauthnl2]: https://www.w3.org/TR/webauthn-2/
 
+### Setup
+
+For attestation to work, the authenticator's state needs to be provisioned with a batch
+attestation key and certificate. They are expected in files `/fido/sec/00` and `/fido/x5c/00`,
+respectively.
+
+In the context of the SoloKeys Solo 2, "secure" devices are pre-provisioned; for "unlocked" devices,
+if the firmware contains the provisioner app, this can be done with the CLI:
+
+```sh
+solo2 pki dev fido batch.key batch.cert
+solo2 app provision store-fido-batch-key batch.key
+solo2 app provision store-fido-batch-cert batch.cert
+```
+
 #### License
 
 `fido-authenticator` is fully open source.

src/constants.rs

@@ -1,7 +1,9 @@
+//! Constants.
+
 use trussed::types::{CertId, KeyId};
 
 pub const FIDO2_UP_TIMEOUT: u32 = 30_000;
-pub const U2F_UP_TIMEOUT: u32 =    0_250;
+pub const U2F_UP_TIMEOUT: u32 = 250;
 
 pub const ATTESTATION_CERT_ID: CertId = CertId::from_special(0);
 pub const ATTESTATION_KEY_ID: KeyId = KeyId::from_special(0);