Coverage Report

Created: 2024-02-05 19:20

/libfido2/src/cred.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2018-2022 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 * SPDX-License-Identifier: BSD-2-Clause
6
 */
7
8
#include <openssl/sha.h>
9
#include <openssl/x509.h>
10
11
#include "fido.h"
12
#include "fido/es256.h"
13
14
#ifndef FIDO_MAXMSG_CRED
15
9.52k
#define FIDO_MAXMSG_CRED        4096
16
#endif
17
18
static int
19
parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg)
20
8.71k
{
21
8.71k
        fido_cred_t *cred = arg;
22
23
8.71k
        if (cbor_isa_uint(key) == false ||
24
8.71k
            cbor_int_get_width(key) != CBOR_INT_8) {
25
31
                fido_log_debug("%s: cbor type", __func__);
26
31
                return (0); /* ignore */
27
31
        }
28
29
8.67k
        switch (cbor_get_uint8(key)) {
30
3.80k
        case 1: /* fmt */
31
3.80k
                return (cbor_decode_fmt(val, &cred->fmt));
32
2.75k
        case 2: /* authdata */
33
2.75k
                if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
34
1
                        fido_log_debug("%s: fido_blob_decode", __func__);
35
1
                        return (-1);
36
1
                }
37
2.75k
                return (cbor_decode_cred_authdata(val, cred->type,
38
2.75k
                    &cred->authdata_cbor, &cred->authdata, &cred->attcred,
39
2.75k
                    &cred->authdata_ext));
40
2.07k
        case 3: /* attestation statement */
41
2.07k
                return (cbor_decode_attstmt(val, &cred->attstmt));
42
3
        case 5: /* large blob key */
43
3
                return (fido_blob_decode(val, &cred->largeblob_key));
44
39
        default: /* ignore */
45
39
                fido_log_debug("%s: cbor type", __func__);
46
39
                return (0);
47
8.67k
        }
48
8.67k
}
49
50
static int
51
fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
52
    int *ms)
53
8.39k
{
54
8.39k
        fido_blob_t      f;
55
8.39k
        fido_blob_t     *ecdh = NULL;
56
8.39k
        fido_opt_t       uv = cred->uv;
57
8.39k
        es256_pk_t      *pk = NULL;
58
8.39k
        cbor_item_t     *argv[9];
59
8.39k
        const uint8_t    cmd = CTAP_CBOR_MAKECRED;
60
8.39k
        int              r;
61
62
8.39k
        memset(&f, 0, sizeof(f));
63
8.39k
        memset(argv, 0, sizeof(argv));
64
65
8.39k
        if (cred->cdh.ptr == NULL || cred->type == 0) {
66
8
                fido_log_debug("%s: cdh=%p, type=%d", __func__,
67
8
                    (void *)cred->cdh.ptr, cred->type);
68
8
                r = FIDO_ERR_INVALID_ARGUMENT;
69
8
                goto fail;
70
8
        }
71
72
8.38k
        if ((argv[0] = fido_blob_encode(&cred->cdh)) == NULL ||
73
8.38k
            (argv[1] = cbor_encode_rp_entity(&cred->rp)) == NULL ||
74
8.38k
            (argv[2] = cbor_encode_user_entity(&cred->user)) == NULL ||
75
8.38k
            (argv[3] = cbor_encode_pubkey_param(cred->type)) == NULL) {
76
232
                fido_log_debug("%s: cbor encode", __func__);
77
232
                r = FIDO_ERR_INTERNAL;
78
232
                goto fail;
79
232
        }
80
81
        /* excluded credentials */
82
8.15k
        if (cred->excl.len)
83
5.88k
                if ((argv[4] = cbor_encode_pubkey_list(&cred->excl)) == NULL) {
84
356
                        fido_log_debug("%s: cbor_encode_pubkey_list", __func__);
85
356
                        r = FIDO_ERR_INTERNAL;
86
356
                        goto fail;
87
356
                }
88
89
        /* extensions */
90
7.79k
        if (cred->ext.mask)
91
6.24k
                if ((argv[5] = cbor_encode_cred_ext(&cred->ext,
92
6.24k
                    &cred->blob)) == NULL) {
93
77
                        fido_log_debug("%s: cbor_encode_cred_ext", __func__);
94
77
                        r = FIDO_ERR_INTERNAL;
95
77
                        goto fail;
96
77
                }
97
98
        /* user verification */
99
7.71k
        if (pin != NULL || (uv == FIDO_OPT_TRUE &&
100
5.29k
            fido_dev_supports_permissions(dev))) {
101
5.29k
                if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) {
102
934
                        fido_log_debug("%s: fido_do_ecdh", __func__);
103
934
                        goto fail;
104
934
                }
105
4.36k
                if ((r = cbor_add_uv_params(dev, cmd, &cred->cdh, pk, ecdh,
106
4.36k
                    pin, cred->rp.id, &argv[7], &argv[8], ms)) != FIDO_OK) {
107
672
                        fido_log_debug("%s: cbor_add_uv_params", __func__);
108
672
                        goto fail;
109
672
                }
110
3.68k
                uv = FIDO_OPT_OMIT;
111
3.68k
        }
112
113
        /* options */
114
6.11k
        if (cred->rk != FIDO_OPT_OMIT || uv != FIDO_OPT_OMIT)
115
2.61k
                if ((argv[6] = cbor_encode_cred_opt(cred->rk, uv)) == NULL) {
116
18
                        fido_log_debug("%s: cbor_encode_cred_opt", __func__);
117
18
                        r = FIDO_ERR_INTERNAL;
118
18
                        goto fail;
119
18
                }
120
121
        /* framing and transmission */
122
6.09k
        if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 ||
123
6.09k
            fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) {
124
1.32k
                fido_log_debug("%s: fido_tx", __func__);
125
1.32k
                r = FIDO_ERR_TX;
126
1.32k
                goto fail;
127
1.32k
        }
128
129
4.76k
        r = FIDO_OK;
130
8.39k
fail:
131
8.39k
        es256_pk_free(&pk);
132
8.39k
        fido_blob_free(&ecdh);
133
8.39k
        cbor_vector_free(argv, nitems(argv));
134
8.39k
        free(f.ptr);
135
136
8.39k
        return (r);
137
4.76k
}
138
139
static int
140
fido_dev_make_cred_rx(fido_dev_t *dev, fido_cred_t *cred, int *ms)
141
4.76k
{
142
4.76k
        unsigned char   *reply;
143
4.76k
        int              reply_len;
144
4.76k
        int              r;
145
146
4.76k
        fido_cred_reset_rx(cred);
147
148
4.76k
        if ((reply = malloc(FIDO_MAXMSG_CRED)) == NULL) {
149
9
                r = FIDO_ERR_INTERNAL;
150
9
                goto fail;
151
9
        }
152
153
4.76k
        if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, reply, FIDO_MAXMSG_CRED,
154
4.76k
            ms)) < 0) {
155
670
                fido_log_debug("%s: fido_rx", __func__);
156
670
                r = FIDO_ERR_RX;
157
670
                goto fail;
158
670
        }
159
160
4.09k
        if ((r = cbor_parse_reply(reply, (size_t)reply_len, cred,
161
4.09k
            parse_makecred_reply)) != FIDO_OK) {
162
2.11k
                fido_log_debug("%s: parse_makecred_reply", __func__);
163
2.11k
                goto fail;
164
2.11k
        }
165
166
1.97k
        if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) ||
167
1.97k
            fido_blob_is_empty(&cred->attcred.id)) {
168
28
                r = FIDO_ERR_INVALID_CBOR;
169
28
                goto fail;
170
28
        }
171
172
1.94k
        r = FIDO_OK;
173
4.76k
fail:
174
4.76k
        free(reply);
175
176
4.76k
        if (r != FIDO_OK)
177
2.82k
                fido_cred_reset_rx(cred);
178
179
4.76k
        return (r);
180
1.94k
}
181
182
static int
183
fido_dev_make_cred_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
184
    int *ms)
185
8.39k
{
186
8.39k
        int  r;
187
188
8.39k
        if ((r = fido_dev_make_cred_tx(dev, cred, pin, ms)) != FIDO_OK ||
189
8.39k
            (r = fido_dev_make_cred_rx(dev, cred, ms)) != FIDO_OK)
190
6.44k
                return (r);
191
192
1.94k
        return (FIDO_OK);
193
8.39k
}
194
195
int
196
fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
197
14.5k
{
198
14.5k
        int ms = dev->timeout_ms;
199
200
#ifdef USE_WINHELLO
201
        if (dev->flags & FIDO_DEV_WINHELLO)
202
                return (fido_winhello_make_cred(dev, cred, pin, ms));
203
#endif
204
14.5k
        if (fido_dev_is_fido2(dev) == false) {
205
6.13k
                if (pin != NULL || cred->rk == FIDO_OPT_TRUE ||
206
6.13k
                    cred->ext.mask != 0)
207
2.65k
                        return (FIDO_ERR_UNSUPPORTED_OPTION);
208
3.47k
                return (u2f_register(dev, cred, &ms));
209
6.13k
        }
210
211
8.39k
        return (fido_dev_make_cred_wait(dev, cred, pin, &ms));
212
14.5k
}
213
214
static int
215
check_extensions(const fido_cred_ext_t *authdata_ext,
216
    const fido_cred_ext_t *ext)
217
1.72k
{
218
1.72k
        fido_cred_ext_t  tmp;
219
220
        /* XXX: largeBlobKey is not part of the extensions map */
221
1.72k
        memcpy(&tmp, ext, sizeof(tmp));
222
1.72k
        tmp.mask &= ~FIDO_EXT_LARGEBLOB_KEY;
223
224
1.72k
        return (timingsafe_bcmp(authdata_ext, &tmp, sizeof(*authdata_ext)));
225
1.72k
}
226
227
int
228
fido_check_rp_id(const char *id, const unsigned char *obtained_hash)
229
3.48k
{
230
3.48k
        unsigned char expected_hash[SHA256_DIGEST_LENGTH];
231
232
3.48k
        explicit_bzero(expected_hash, sizeof(expected_hash));
233
234
3.48k
        if (SHA256((const unsigned char *)id, strlen(id),
235
3.48k
            expected_hash) != expected_hash) {
236
21
                fido_log_debug("%s: sha256", __func__);
237
21
                return (-1);
238
21
        }
239
240
3.45k
        return (timingsafe_bcmp(expected_hash, obtained_hash,
241
3.45k
            SHA256_DIGEST_LENGTH));
242
3.48k
}
243
244
static int
245
get_signed_hash_u2f(fido_blob_t *dgst, const unsigned char *rp_id,
246
    size_t rp_id_len, const fido_blob_t *clientdata, const fido_blob_t *id,
247
    const es256_pk_t *pk)
248
759
{
249
759
        const uint8_t    zero = 0;
250
759
        const uint8_t    four = 4; /* uncompressed point */
251
759
        const EVP_MD    *md = NULL;
252
759
        EVP_MD_CTX      *ctx = NULL;
253
759
        int              ok = -1;
254
255
759
        if (dgst->len < SHA256_DIGEST_LENGTH ||
256
759
            (md = EVP_sha256()) == NULL ||
257
759
            (ctx = EVP_MD_CTX_new()) == NULL ||
258
759
            EVP_DigestInit_ex(ctx, md, NULL) != 1 ||
259
759
            EVP_DigestUpdate(ctx, &zero, sizeof(zero)) != 1 ||
260
759
            EVP_DigestUpdate(ctx, rp_id, rp_id_len) != 1 ||
261
759
            EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 ||
262
759
            EVP_DigestUpdate(ctx, id->ptr, id->len) != 1 ||
263
759
            EVP_DigestUpdate(ctx, &four, sizeof(four)) != 1 ||
264
759
            EVP_DigestUpdate(ctx, pk->x, sizeof(pk->x)) != 1 ||
265
759
            EVP_DigestUpdate(ctx, pk->y, sizeof(pk->y)) != 1 ||
266
759
            EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) {
267
82
                fido_log_debug("%s: sha256", __func__);
268
82
                goto fail;
269
82
        }
270
677
        dgst->len = SHA256_DIGEST_LENGTH;
271
272
677
        ok = 0;
273
759
fail:
274
759
        EVP_MD_CTX_free(ctx);
275
276
759
        return (ok);
277
677
}
278
279
static int
280
verify_attstmt(const fido_blob_t *dgst, const fido_attstmt_t *attstmt)
281
1.31k
{
282
1.31k
        BIO             *rawcert = NULL;
283
1.31k
        X509            *cert = NULL;
284
1.31k
        EVP_PKEY        *pkey = NULL;
285
1.31k
        int              ok = -1;
286
287
        /* openssl needs ints */
288
1.31k
        if (attstmt->x5c.len > INT_MAX) {
289
0
                fido_log_debug("%s: x5c.len=%zu", __func__, attstmt->x5c.len);
290
0
                return (-1);
291
0
        }
292
293
        /* fetch key from x509 */
294
1.31k
        if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr,
295
1.31k
            (int)attstmt->x5c.len)) == NULL ||
296
1.31k
            (cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
297
1.31k
            (pkey = X509_get_pubkey(cert)) == NULL) {
298
349
                fido_log_debug("%s: x509 key", __func__);
299
349
                goto fail;
300
349
        }
301
302
966
        switch (attstmt->alg) {
303
14
        case COSE_UNSPEC:
304
818
        case COSE_ES256:
305
818
                ok = es256_verify_sig(dgst, pkey, &attstmt->sig);
306
818
                break;
307
5
        case COSE_ES384:
308
5
                ok = es384_verify_sig(dgst, pkey, &attstmt->sig);
309
5
                break;
310
2
        case COSE_RS256:
311
2
                ok = rs256_verify_sig(dgst, pkey, &attstmt->sig);
312
2
                break;
313
136
        case COSE_RS1:
314
136
                ok = rs1_verify_sig(dgst, pkey, &attstmt->sig);
315
136
                break;
316
5
        case COSE_EDDSA:
317
5
                ok = eddsa_verify_sig(dgst, pkey, &attstmt->sig);
318
5
                break;
319
0
        default:
320
0
                fido_log_debug("%s: unknown alg %d", __func__, attstmt->alg);
321
0
                break;
322
966
        }
323
324
1.31k
fail:
325
1.31k
        BIO_free(rawcert);
326
1.31k
        X509_free(cert);
327
1.31k
        EVP_PKEY_free(pkey);
328
329
1.31k
        return (ok);
330
966
}
331
332
int
333
fido_cred_verify(const fido_cred_t *cred)
334
15.4k
{
335
15.4k
        unsigned char   buf[1024]; /* XXX */
336
15.4k
        fido_blob_t     dgst;
337
15.4k
        int             cose_alg;
338
15.4k
        int             r;
339
340
15.4k
        dgst.ptr = buf;
341
15.4k
        dgst.len = sizeof(buf);
342
343
        /* do we have everything we need? */
344
15.4k
        if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL ||
345
15.4k
            cred->attstmt.x5c.ptr == NULL || cred->attstmt.sig.ptr == NULL ||
346
15.4k
            cred->fmt == NULL || cred->attcred.id.ptr == NULL ||
347
15.4k
            cred->rp.id == NULL) {
348
13.2k
                fido_log_debug("%s: cdh=%p, authdata=%p, x5c=%p, sig=%p, "
349
13.2k
                    "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr,
350
13.2k
                    (void *)cred->authdata_cbor.ptr,
351
13.2k
                    (void *)cred->attstmt.x5c.ptr,
352
13.2k
                    (void *)cred->attstmt.sig.ptr, (void *)cred->fmt,
353
13.2k
                    (void *)cred->attcred.id.ptr, cred->rp.id);
354
13.2k
                r = FIDO_ERR_INVALID_ARGUMENT;
355
13.2k
                goto out;
356
13.2k
        }
357
358
2.21k
        if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) {
359
701
                fido_log_debug("%s: fido_check_rp_id", __func__);
360
701
                r = FIDO_ERR_INVALID_PARAM;
361
701
                goto out;
362
701
        }
363
364
1.51k
        if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE,
365
1.51k
            cred->uv) < 0) {
366
1
                fido_log_debug("%s: fido_check_flags", __func__);
367
1
                r = FIDO_ERR_INVALID_PARAM;
368
1
                goto out;
369
1
        }
370
371
1.51k
        if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) {
372
23
                fido_log_debug("%s: check_extensions", __func__);
373
23
                r = FIDO_ERR_INVALID_PARAM;
374
23
                goto out;
375
23
        }
376
377
1.48k
        if ((cose_alg = cred->attstmt.alg) == COSE_UNSPEC)
378
51
                cose_alg = COSE_ES256; /* backwards compat */
379
380
1.48k
        if (!strcmp(cred->fmt, "packed")) {
381
530
                if (fido_get_signed_hash(cose_alg, &dgst, &cred->cdh,
382
530
                    &cred->authdata_cbor) < 0) {
383
64
                        fido_log_debug("%s: fido_get_signed_hash", __func__);
384
64
                        r = FIDO_ERR_INTERNAL;
385
64
                        goto out;
386
64
                }
387
957
        } else if (!strcmp(cred->fmt, "fido-u2f")) {
388
734
                if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash,
389
734
                    sizeof(cred->authdata.rp_id_hash), &cred->cdh,
390
734
                    &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) {
391
81
                        fido_log_debug("%s: get_signed_hash_u2f", __func__);
392
81
                        r = FIDO_ERR_INTERNAL;
393
81
                        goto out;
394
81
                }
395
734
        } else if (!strcmp(cred->fmt, "tpm")) {
396
223
                if (fido_get_signed_hash_tpm(&dgst, &cred->cdh,
397
223
                    &cred->authdata_raw, &cred->attstmt, &cred->attcred) < 0) {
398
27
                        fido_log_debug("%s: fido_get_signed_hash_tpm", __func__);
399
27
                        r = FIDO_ERR_INTERNAL;
400
27
                        goto out;
401
27
                }
402
223
        } else {
403
0
                fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt);
404
0
                r = FIDO_ERR_INVALID_ARGUMENT;
405
0
                goto out;
406
0
        }
407
408
1.31k
        if (verify_attstmt(&dgst, &cred->attstmt) < 0) {
409
1.31k
                fido_log_debug("%s: verify_attstmt", __func__);
410
1.31k
                r = FIDO_ERR_INVALID_SIG;
411
1.31k
                goto out;
412
1.31k
        }
413
414
1
        r = FIDO_OK;
415
15.4k
out:
416
15.4k
        explicit_bzero(buf, sizeof(buf));
417
418
15.4k
        return (r);
419
1
}
420
421
int
422
fido_cred_verify_self(const fido_cred_t *cred)
423
15.4k
{
424
15.4k
        unsigned char   buf[1024]; /* XXX */
425
15.4k
        fido_blob_t     dgst;
426
15.4k
        int             ok = -1;
427
15.4k
        int             r;
428
429
15.4k
        dgst.ptr = buf;
430
15.4k
        dgst.len = sizeof(buf);
431
432
        /* do we have everything we need? */
433
15.4k
        if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL ||
434
15.4k
            cred->attstmt.x5c.ptr != NULL || cred->attstmt.sig.ptr == NULL ||
435
15.4k
            cred->fmt == NULL || cred->attcred.id.ptr == NULL ||
436
15.4k
            cred->rp.id == NULL) {
437
15.1k
                fido_log_debug("%s: cdh=%p, authdata=%p, x5c=%p, sig=%p, "
438
15.1k
                    "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr,
439
15.1k
                    (void *)cred->authdata_cbor.ptr,
440
15.1k
                    (void *)cred->attstmt.x5c.ptr,
441
15.1k
                    (void *)cred->attstmt.sig.ptr, (void *)cred->fmt,
442
15.1k
                    (void *)cred->attcred.id.ptr, cred->rp.id);
443
15.1k
                r = FIDO_ERR_INVALID_ARGUMENT;
444
15.1k
                goto out;
445
15.1k
        }
446
447
300
        if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) {
448
80
                fido_log_debug("%s: fido_check_rp_id", __func__);
449
80
                r = FIDO_ERR_INVALID_PARAM;
450
80
                goto out;
451
80
        }
452
453
220
        if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE,
454
220
            cred->uv) < 0) {
455
3
                fido_log_debug("%s: fido_check_flags", __func__);
456
3
                r = FIDO_ERR_INVALID_PARAM;
457
3
                goto out;
458
3
        }
459
460
217
        if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) {
461
2
                fido_log_debug("%s: check_extensions", __func__);
462
2
                r = FIDO_ERR_INVALID_PARAM;
463
2
                goto out;
464
2
        }
465
466
215
        if (!strcmp(cred->fmt, "packed")) {
467
188
                if (fido_get_signed_hash(cred->attcred.type, &dgst, &cred->cdh,
468
188
                    &cred->authdata_cbor) < 0) {
469
10
                        fido_log_debug("%s: fido_get_signed_hash", __func__);
470
10
                        r = FIDO_ERR_INTERNAL;
471
10
                        goto out;
472
10
                }
473
188
        } else if (!strcmp(cred->fmt, "fido-u2f")) {
474
25
                if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash,
475
25
                    sizeof(cred->authdata.rp_id_hash), &cred->cdh,
476
25
                    &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) {
477
1
                        fido_log_debug("%s: get_signed_hash_u2f", __func__);
478
1
                        r = FIDO_ERR_INTERNAL;
479
1
                        goto out;
480
1
                }
481
25
        } else {
482
2
                fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt);
483
2
                r = FIDO_ERR_INVALID_ARGUMENT;
484
2
                goto out;
485
2
        }
486
487
202
        switch (cred->attcred.type) {
488
50
        case COSE_ES256:
489
50
                ok = es256_pk_verify_sig(&dgst, &cred->attcred.pubkey.es256,
490
50
                    &cred->attstmt.sig);
491
50
                break;
492
54
        case COSE_ES384:
493
54
                ok = es384_pk_verify_sig(&dgst, &cred->attcred.pubkey.es384,
494
54
                    &cred->attstmt.sig);
495
54
                break;
496
29
        case COSE_RS256:
497
29
                ok = rs256_pk_verify_sig(&dgst, &cred->attcred.pubkey.rs256,
498
29
                    &cred->attstmt.sig);
499
29
                break;
500
69
        case COSE_EDDSA:
501
69
                ok = eddsa_pk_verify_sig(&dgst, &cred->attcred.pubkey.eddsa,
502
69
                    &cred->attstmt.sig);
503
69
                break;
504
0
        default:
505
0
                fido_log_debug("%s: unsupported cose_alg %d", __func__,
506
0
                    cred->attcred.type);
507
0
                r = FIDO_ERR_UNSUPPORTED_OPTION;
508
0
                goto out;
509
202
        }
510
511
202
        if (ok < 0)
512
202
                r = FIDO_ERR_INVALID_SIG;
513
0
        else
514
0
                r = FIDO_OK;
515
516
15.4k
out:
517
15.4k
        explicit_bzero(buf, sizeof(buf));
518
519
15.4k
        return (r);
520
202
}
521
522
fido_cred_t *
523
fido_cred_new(void)
524
70.0k
{
525
70.0k
        return (calloc(1, sizeof(fido_cred_t)));
526
70.0k
}
527
528
static void
529
fido_cred_clean_authdata(fido_cred_t *cred)
530
564k
{
531
564k
        fido_blob_reset(&cred->authdata_cbor);
532
564k
        fido_blob_reset(&cred->authdata_raw);
533
564k
        fido_blob_reset(&cred->attcred.id);
534
535
564k
        memset(&cred->authdata_ext, 0, sizeof(cred->authdata_ext));
536
564k
        memset(&cred->authdata, 0, sizeof(cred->authdata));
537
564k
        memset(&cred->attcred, 0, sizeof(cred->attcred));
538
564k
}
539
540
static void
541
fido_cred_clean_attstmt(fido_attstmt_t *attstmt)
542
513k
{
543
513k
        fido_blob_reset(&attstmt->certinfo);
544
513k
        fido_blob_reset(&attstmt->pubarea);
545
513k
        fido_blob_reset(&attstmt->cbor);
546
513k
        fido_blob_reset(&attstmt->x5c);
547
513k
        fido_blob_reset(&attstmt->sig);
548
549
513k
        memset(attstmt, 0, sizeof(*attstmt));
550
513k
}
551
552
void
553
fido_cred_reset_tx(fido_cred_t *cred)
554
448k
{
555
448k
        fido_blob_reset(&cred->cd);
556
448k
        fido_blob_reset(&cred->cdh);
557
448k
        fido_blob_reset(&cred->user.id);
558
448k
        fido_blob_reset(&cred->blob);
559
560
448k
        free(cred->rp.id);
561
448k
        free(cred->rp.name);
562
448k
        free(cred->user.icon);
563
448k
        free(cred->user.name);
564
448k
        free(cred->user.display_name);
565
448k
        fido_cred_empty_exclude_list(cred);
566
567
448k
        memset(&cred->rp, 0, sizeof(cred->rp));
568
448k
        memset(&cred->user, 0, sizeof(cred->user));
569
448k
        memset(&cred->ext, 0, sizeof(cred->ext));
570
571
448k
        cred->type = 0;
572
448k
        cred->rk = FIDO_OPT_OMIT;
573
448k
        cred->uv = FIDO_OPT_OMIT;
574
448k
}
575
576
void
577
fido_cred_reset_rx(fido_cred_t *cred)
578
456k
{
579
456k
        free(cred->fmt);
580
456k
        cred->fmt = NULL;
581
456k
        fido_cred_clean_authdata(cred);
582
456k
        fido_cred_clean_attstmt(&cred->attstmt);
583
456k
        fido_blob_reset(&cred->largeblob_key);
584
456k
}
585
586
void
587
fido_cred_free(fido_cred_t **cred_p)
588
69.8k
{
589
69.8k
        fido_cred_t *cred;
590
591
69.8k
        if (cred_p == NULL || (cred = *cred_p) == NULL)
592
13
                return;
593
69.8k
        fido_cred_reset_tx(cred);
594
69.8k
        fido_cred_reset_rx(cred);
595
69.8k
        free(cred);
596
69.8k
        *cred_p = NULL;
597
69.8k
}
598
599
int
600
fido_cred_set_authdata(fido_cred_t *cred, const unsigned char *ptr, size_t len)
601
31.7k
{
602
31.7k
        cbor_item_t             *item = NULL;
603
31.7k
        struct cbor_load_result  cbor;
604
31.7k
        int                      r = FIDO_ERR_INVALID_ARGUMENT;
605
606
31.7k
        fido_cred_clean_authdata(cred);
607
608
31.7k
        if (ptr == NULL || len == 0)
609
25.2k
                goto fail;
610
611
6.50k
        if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
612
50
                fido_log_debug("%s: cbor_load", __func__);
613
50
                goto fail;
614
50
        }
615
616
6.45k
        if (fido_blob_decode(item, &cred->authdata_raw) < 0) {
617
172
                fido_log_debug("%s: fido_blob_decode", __func__);
618
172
                goto fail;
619
172
        }
620
621
6.28k
        if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor,
622
6.28k
            &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) {
623
234
                fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
624
234
                goto fail;
625
234
        }
626
627
6.04k
        r = FIDO_OK;
628
31.7k
fail:
629
31.7k
        if (item != NULL)
630
6.45k
                cbor_decref(&item);
631
632
31.7k
        if (r != FIDO_OK)
633
25.7k
                fido_cred_clean_authdata(cred);
634
635
31.7k
        return (r);
636
6.04k
}
637
638
int
639
fido_cred_set_authdata_raw(fido_cred_t *cred, const unsigned char *ptr,
640
    size_t len)
641
25.7k
{
642
25.7k
        cbor_item_t     *item = NULL;
643
25.7k
        int              r = FIDO_ERR_INVALID_ARGUMENT;
644
645
25.7k
        fido_cred_clean_authdata(cred);
646
647
25.7k
        if (ptr == NULL || len == 0)
648
25.2k
                goto fail;
649
650
425
        if (fido_blob_set(&cred->authdata_raw, ptr, len) < 0) {
651
10
                fido_log_debug("%s: fido_blob_set", __func__);
652
10
                r = FIDO_ERR_INTERNAL;
653
10
                goto fail;
654
10
        }
655
656
415
        if ((item = cbor_build_bytestring(ptr, len)) == NULL) {
657
7
                fido_log_debug("%s: cbor_build_bytestring", __func__);
658
7
                r = FIDO_ERR_INTERNAL;
659
7
                goto fail;
660
7
        }
661
662
408
        if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor,
663
408
            &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) {
664
106
                fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
665
106
                goto fail;
666
106
        }
667
668
302
        r = FIDO_OK;
669
25.7k
fail:
670
25.7k
        if (item != NULL)
671
408
                cbor_decref(&item);
672
673
25.7k
        if (r != FIDO_OK)
674
25.4k
                fido_cred_clean_authdata(cred);
675
676
25.7k
        return (r);
677
302
}
678
679
int
680
fido_cred_set_id(fido_cred_t *cred, const unsigned char *ptr, size_t len)
681
38.9k
{
682
38.9k
        if (fido_blob_set(&cred->attcred.id, ptr, len) < 0)
683
105
                return (FIDO_ERR_INVALID_ARGUMENT);
684
685
38.8k
        return (FIDO_OK);
686
38.9k
}
687
688
int
689
fido_cred_set_x509(fido_cred_t *cred, const unsigned char *ptr, size_t len)
690
40.9k
{
691
40.9k
        if (fido_blob_set(&cred->attstmt.x5c, ptr, len) < 0)
692
38.4k
                return (FIDO_ERR_INVALID_ARGUMENT);
693
694
2.57k
        return (FIDO_OK);
695
40.9k
}
696
697
int
698
fido_cred_set_sig(fido_cred_t *cred, const unsigned char *ptr, size_t len)
699
40.9k
{
700
40.9k
        if (fido_blob_set(&cred->attstmt.sig, ptr, len) < 0)
701
38.1k
                return (FIDO_ERR_INVALID_ARGUMENT);
702
703
2.84k
        return (FIDO_OK);
704
40.9k
}
705
706
int
707
fido_cred_set_attstmt(fido_cred_t *cred, const unsigned char *ptr, size_t len)
708
31.7k
{
709
31.7k
        cbor_item_t             *item = NULL;
710
31.7k
        struct cbor_load_result  cbor;
711
31.7k
        int                      r = FIDO_ERR_INVALID_ARGUMENT;
712
713
31.7k
        fido_cred_clean_attstmt(&cred->attstmt);
714
715
31.7k
        if (ptr == NULL || len == 0)
716
25.3k
                goto fail;
717
718
6.40k
        if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
719
44
                fido_log_debug("%s: cbor_load", __func__);
720
44
                goto fail;
721
44
        }
722
723
6.35k
        if (cbor_decode_attstmt(item, &cred->attstmt) < 0) {
724
158
                fido_log_debug("%s: cbor_decode_attstmt", __func__);
725
158
                goto fail;
726
158
        }
727
728
6.19k
        r = FIDO_OK;
729
31.7k
fail:
730
31.7k
        if (item != NULL)
731
6.35k
                cbor_decref(&item);
732
733
31.7k
        if (r != FIDO_OK)
734
25.5k
                fido_cred_clean_attstmt(&cred->attstmt);
735
736
31.7k
        return (r);
737
6.19k
}
738
739
int
740
fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
741
601k
{
742
601k
        fido_blob_t id_blob;
743
601k
        fido_blob_t *list_ptr;
744
745
601k
        memset(&id_blob, 0, sizeof(id_blob));
746
747
601k
        if (fido_blob_set(&id_blob, id_ptr, id_len) < 0)
748
2.06k
                return (FIDO_ERR_INVALID_ARGUMENT);
749
750
599k
        if (cred->excl.len == SIZE_MAX) {
751
0
                free(id_blob.ptr);
752
0
                return (FIDO_ERR_INVALID_ARGUMENT);
753
0
        }
754
755
599k
        if ((list_ptr = recallocarray(cred->excl.ptr, cred->excl.len,
756
599k
            cred->excl.len + 1, sizeof(fido_blob_t))) == NULL) {
757
1.43k
                free(id_blob.ptr);
758
1.43k
                return (FIDO_ERR_INTERNAL);
759
1.43k
        }
760
761
597k
        list_ptr[cred->excl.len++] = id_blob;
762
597k
        cred->excl.ptr = list_ptr;
763
764
597k
        return (FIDO_OK);
765
599k
}
766
767
int
768
fido_cred_empty_exclude_list(fido_cred_t *cred)
769
448k
{
770
448k
        fido_free_blob_array(&cred->excl);
771
448k
        memset(&cred->excl, 0, sizeof(cred->excl));
772
773
448k
        return (FIDO_OK);
774
448k
}
775
776
int
777
fido_cred_set_clientdata(fido_cred_t *cred, const unsigned char *data,
778
    size_t data_len)
779
0
{
780
0
        if (!fido_blob_is_empty(&cred->cdh) ||
781
0
            fido_blob_set(&cred->cd, data, data_len) < 0) {
782
0
                return (FIDO_ERR_INVALID_ARGUMENT);
783
0
        }
784
0
        if (fido_sha256(&cred->cdh, data, data_len) < 0) {
785
0
                fido_blob_reset(&cred->cd);
786
0
                return (FIDO_ERR_INTERNAL);
787
0
        }
788
789
0
        return (FIDO_OK);
790
0
}
791
792
int
793
fido_cred_set_clientdata_hash(fido_cred_t *cred, const unsigned char *hash,
794
    size_t hash_len)
795
44.5k
{
796
44.5k
        if (!fido_blob_is_empty(&cred->cd) ||
797
44.5k
            fido_blob_set(&cred->cdh, hash, hash_len) < 0)
798
1.06k
                return (FIDO_ERR_INVALID_ARGUMENT);
799
800
43.4k
        return (FIDO_OK);
801
44.5k
}
802
803
int
804
fido_cred_set_rp(fido_cred_t *cred, const char *id, const char *name)
805
44.5k
{
806
44.5k
        fido_rp_t *rp = &cred->rp;
807
808
44.5k
        if (rp->id != NULL) {
809
14.4k
                free(rp->id);
810
14.4k
                rp->id = NULL;
811
14.4k
        }
812
44.5k
        if (rp->name != NULL) {
813
14.4k
                free(rp->name);
814
14.4k
                rp->name = NULL;
815
14.4k
        }
816
817
44.5k
        if (id != NULL && (rp->id = strdup(id)) == NULL)
818
234
                goto fail;
819
44.2k
        if (name != NULL && (rp->name = strdup(name)) == NULL)
820
71
                goto fail;
821
822
44.1k
        return (FIDO_OK);
823
305
fail:
824
305
        free(rp->id);
825
305
        free(rp->name);
826
305
        rp->id = NULL;
827
305
        rp->name = NULL;
828
829
305
        return (FIDO_ERR_INTERNAL);
830
44.2k
}
831
832
int
833
fido_cred_set_user(fido_cred_t *cred, const unsigned char *user_id,
834
    size_t user_id_len, const char *name, const char *display_name,
835
    const char *icon)
836
52.4k
{
837
52.4k
        fido_user_t *up = &cred->user;
838
839
52.4k
        if (up->id.ptr != NULL) {
840
14.3k
                free(up->id.ptr);
841
14.3k
                up->id.ptr = NULL;
842
14.3k
                up->id.len = 0;
843
14.3k
        }
844
52.4k
        if (up->name != NULL) {
845
14.3k
                free(up->name);
846
14.3k
                up->name = NULL;
847
14.3k
        }
848
52.4k
        if (up->display_name != NULL) {
849
14.3k
                free(up->display_name);
850
14.3k
                up->display_name = NULL;
851
14.3k
        }
852
52.4k
        if (up->icon != NULL) {
853
14.3k
                free(up->icon);
854
14.3k
                up->icon = NULL;
855
14.3k
        }
856
857
52.4k
        if (user_id != NULL && fido_blob_set(&up->id, user_id, user_id_len) < 0)
858
170
                goto fail;
859
52.2k
        if (name != NULL && (up->name = strdup(name)) == NULL)
860
120
                goto fail;
861
52.1k
        if (display_name != NULL &&
862
52.1k
            (up->display_name = strdup(display_name)) == NULL)
863
77
                goto fail;
864
52.0k
        if (icon != NULL && (up->icon = strdup(icon)) == NULL)
865
106
                goto fail;
866
867
51.9k
        return (FIDO_OK);
868
473
fail:
869
473
        free(up->id.ptr);
870
473
        free(up->name);
871
473
        free(up->display_name);
872
473
        free(up->icon);
873
874
473
        up->id.ptr = NULL;
875
473
        up->id.len = 0;
876
473
        up->name = NULL;
877
473
        up->display_name = NULL;
878
473
        up->icon = NULL;
879
880
473
        return (FIDO_ERR_INTERNAL);
881
52.0k
}
882
883
int
884
fido_cred_set_extensions(fido_cred_t *cred, int ext)
885
23.5k
{
886
23.5k
        if (ext == 0)
887
939
                cred->ext.mask = 0;
888
22.6k
        else {
889
22.6k
                if ((ext & FIDO_EXT_CRED_MASK) != ext)
890
14.2k
                        return (FIDO_ERR_INVALID_ARGUMENT);
891
8.41k
                cred->ext.mask |= ext;
892
8.41k
        }
893
894
9.35k
        return (FIDO_OK);
895
23.5k
}
896
897
int
898
fido_cred_set_options(fido_cred_t *cred, bool rk, bool uv)
899
0
{
900
0
        cred->rk = rk ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
901
0
        cred->uv = uv ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
902
903
0
        return (FIDO_OK);
904
0
}
905
906
int
907
fido_cred_set_rk(fido_cred_t *cred, fido_opt_t rk)
908
8.17k
{
909
8.17k
        cred->rk = rk;
910
911
8.17k
        return (FIDO_OK);
912
8.17k
}
913
914
int
915
fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv)
916
8.45k
{
917
8.45k
        cred->uv = uv;
918
919
8.45k
        return (FIDO_OK);
920
8.45k
}
921
922
int
923
fido_cred_set_prot(fido_cred_t *cred, int prot)
924
34.9k
{
925
34.9k
        if (prot == 0) {
926
18.0k
                cred->ext.mask &= ~FIDO_EXT_CRED_PROTECT;
927
18.0k
                cred->ext.prot = 0;
928
18.0k
        } else {
929
16.8k
                if (prot != FIDO_CRED_PROT_UV_OPTIONAL &&
930
16.8k
                    prot != FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID &&
931
16.8k
                    prot != FIDO_CRED_PROT_UV_REQUIRED)
932
98
                        return (FIDO_ERR_INVALID_ARGUMENT);
933
934
16.7k
                cred->ext.mask |= FIDO_EXT_CRED_PROTECT;
935
16.7k
                cred->ext.prot = prot;
936
16.7k
        }
937
938
34.8k
        return (FIDO_OK);
939
34.9k
}
940
941
int
942
fido_cred_set_pin_minlen(fido_cred_t *cred, size_t len)
943
19.0k
{
944
19.0k
        if (len == 0)
945
15.0k
                cred->ext.mask &= ~FIDO_EXT_MINPINLEN;
946
3.97k
        else
947
3.97k
                cred->ext.mask |= FIDO_EXT_MINPINLEN;
948
949
19.0k
        cred->ext.minpinlen = len;
950
951
19.0k
        return (FIDO_OK);
952
19.0k
}
953
954
int
955
fido_cred_set_blob(fido_cred_t *cred, const unsigned char *ptr, size_t len)
956
3.32k
{
957
3.32k
        if (ptr == NULL || len == 0)
958
1
                return (FIDO_ERR_INVALID_ARGUMENT);
959
3.32k
        if (fido_blob_set(&cred->blob, ptr, len) < 0)
960
4
                return (FIDO_ERR_INTERNAL);
961
962
3.31k
        cred->ext.mask |= FIDO_EXT_CRED_BLOB;
963
964
3.31k
        return (FIDO_OK);
965
3.32k
}
966
967
int
968
fido_cred_set_fmt(fido_cred_t *cred, const char *fmt)
969
3.73k
{
970
3.73k
        free(cred->fmt);
971
3.73k
        cred->fmt = NULL;
972
973
3.73k
        if (fmt == NULL)
974
0
                return (FIDO_ERR_INVALID_ARGUMENT);
975
976
3.73k
        if (strcmp(fmt, "packed") && strcmp(fmt, "fido-u2f") &&
977
3.73k
            strcmp(fmt, "none") && strcmp(fmt, "tpm"))
978
0
                return (FIDO_ERR_INVALID_ARGUMENT);
979
980
3.73k
        if ((cred->fmt = strdup(fmt)) == NULL)
981
17
                return (FIDO_ERR_INTERNAL);
982
983
3.72k
        return (FIDO_OK);
984
3.73k
}
985
986
int
987
fido_cred_set_type(fido_cred_t *cred, int cose_alg)
988
44.5k
{
989
44.5k
        if (cred->type != 0)
990
14.5k
                return (FIDO_ERR_INVALID_ARGUMENT);
991
29.9k
        if (cose_alg != COSE_ES256 && cose_alg != COSE_ES384 &&
992
29.9k
            cose_alg != COSE_RS256 && cose_alg != COSE_EDDSA)
993
0
                return (FIDO_ERR_INVALID_ARGUMENT);
994
995
29.9k
        cred->type = cose_alg;
996
997
29.9k
        return (FIDO_OK);
998
29.9k
}
999
1000
int
1001
fido_cred_type(const fido_cred_t *cred)
1002
39.4k
{
1003
39.4k
        return (cred->type);
1004
39.4k
}
1005
1006
uint8_t
1007
fido_cred_flags(const fido_cred_t *cred)
1008
15.4k
{
1009
15.4k
        return (cred->authdata.flags);
1010
15.4k
}
1011
1012
uint32_t
1013
fido_cred_sigcount(const fido_cred_t *cred)
1014
15.4k
{
1015
15.4k
        return (cred->authdata.sigcount);
1016
15.4k
}
1017
1018
const unsigned char *
1019
fido_cred_clientdata_hash_ptr(const fido_cred_t *cred)
1020
15.5k
{
1021
15.5k
        return (cred->cdh.ptr);
1022
15.5k
}
1023
1024
size_t
1025
fido_cred_clientdata_hash_len(const fido_cred_t *cred)
1026
15.5k
{
1027
15.5k
        return (cred->cdh.len);
1028
15.5k
}
1029
1030
const unsigned char *
1031
fido_cred_x5c_ptr(const fido_cred_t *cred)
1032
15.5k
{
1033
15.5k
        return (cred->attstmt.x5c.ptr);
1034
15.5k
}
1035
1036
size_t
1037
fido_cred_x5c_len(const fido_cred_t *cred)
1038
15.5k
{
1039
15.5k
        return (cred->attstmt.x5c.len);
1040
15.5k
}
1041
1042
const unsigned char *
1043
fido_cred_sig_ptr(const fido_cred_t *cred)
1044
15.5k
{
1045
15.5k
        return (cred->attstmt.sig.ptr);
1046
15.5k
}
1047
1048
size_t
1049
fido_cred_sig_len(const fido_cred_t *cred)
1050
15.5k
{
1051
15.5k
        return (cred->attstmt.sig.len);
1052
15.5k
}
1053
1054
const unsigned char *
1055
fido_cred_authdata_ptr(const fido_cred_t *cred)
1056
15.5k
{
1057
15.5k
        return (cred->authdata_cbor.ptr);
1058
15.5k
}
1059
1060
size_t
1061
fido_cred_authdata_len(const fido_cred_t *cred)
1062
15.5k
{
1063
15.5k
        return (cred->authdata_cbor.len);
1064
15.5k
}
1065
1066
const unsigned char *
1067
fido_cred_authdata_raw_ptr(const fido_cred_t *cred)
1068
15.5k
{
1069
15.5k
        return (cred->authdata_raw.ptr);
1070
15.5k
}
1071
1072
size_t
1073
fido_cred_authdata_raw_len(const fido_cred_t *cred)
1074
15.5k
{
1075
15.5k
        return (cred->authdata_raw.len);
1076
15.5k
}
1077
1078
const unsigned char *
1079
fido_cred_attstmt_ptr(const fido_cred_t *cred)
1080
15.5k
{
1081
15.5k
        return (cred->attstmt.cbor.ptr);
1082
15.5k
}
1083
1084
size_t
1085
fido_cred_attstmt_len(const fido_cred_t *cred)
1086
15.5k
{
1087
15.5k
        return (cred->attstmt.cbor.len);
1088
15.5k
}
1089
1090
const unsigned char *
1091
fido_cred_pubkey_ptr(const fido_cred_t *cred)
1092
39.4k
{
1093
39.4k
        const void *ptr;
1094
1095
39.4k
        switch (cred->attcred.type) {
1096
10.1k
        case COSE_ES256:
1097
10.1k
                ptr = &cred->attcred.pubkey.es256;
1098
10.1k
                break;
1099
86
        case COSE_ES384:
1100
86
                ptr = &cred->attcred.pubkey.es384;
1101
86
                break;
1102
422
        case COSE_RS256:
1103
422
                ptr = &cred->attcred.pubkey.rs256;
1104
422
                break;
1105
1.00k
        case COSE_EDDSA:
1106
1.00k
                ptr = &cred->attcred.pubkey.eddsa;
1107
1.00k
                break;
1108
27.7k
        default:
1109
27.7k
                ptr = NULL;
1110
27.7k
                break;
1111
39.4k
        }
1112
1113
39.4k
        return (ptr);
1114
39.4k
}
1115
1116
size_t
1117
fido_cred_pubkey_len(const fido_cred_t *cred)
1118
39.4k
{
1119
39.4k
        size_t len;
1120
1121
39.4k
        switch (cred->attcred.type) {
1122
10.1k
        case COSE_ES256:
1123
10.1k
                len = sizeof(cred->attcred.pubkey.es256);
1124
10.1k
                break;
1125
86
        case COSE_ES384:
1126
86
                len = sizeof(cred->attcred.pubkey.es384);
1127
86
                break;
1128
422
        case COSE_RS256:
1129
422
                len = sizeof(cred->attcred.pubkey.rs256);
1130
422
                break;
1131
1.00k
        case COSE_EDDSA:
1132
1.00k
                len = sizeof(cred->attcred.pubkey.eddsa);
1133
1.00k
                break;
1134
27.7k
        default:
1135
27.7k
                len = 0;
1136
27.7k
                break;
1137
39.4k
        }
1138
1139
39.4k
        return (len);
1140
39.4k
}
1141
1142
const unsigned char *
1143
fido_cred_id_ptr(const fido_cred_t *cred)
1144
54.9k
{
1145
54.9k
        return (cred->attcred.id.ptr);
1146
54.9k
}
1147
1148
size_t
1149
fido_cred_id_len(const fido_cred_t *cred)
1150
54.9k
{
1151
54.9k
        return (cred->attcred.id.len);
1152
54.9k
}
1153
1154
const unsigned char *
1155
fido_cred_aaguid_ptr(const fido_cred_t *cred)
1156
15.4k
{
1157
15.4k
        return (cred->attcred.aaguid);
1158
15.4k
}
1159
1160
size_t
1161
fido_cred_aaguid_len(const fido_cred_t *cred)
1162
15.4k
{
1163
15.4k
        return (sizeof(cred->attcred.aaguid));
1164
15.4k
}
1165
1166
int
1167
fido_cred_prot(const fido_cred_t *cred)
1168
39.5k
{
1169
39.5k
        return (cred->ext.prot);
1170
39.5k
}
1171
1172
size_t
1173
fido_cred_pin_minlen(const fido_cred_t *cred)
1174
30.9k
{
1175
30.9k
        return (cred->ext.minpinlen);
1176
30.9k
}
1177
1178
const char *
1179
fido_cred_fmt(const fido_cred_t *cred)
1180
15.5k
{
1181
15.5k
        return (cred->fmt);
1182
15.5k
}
1183
1184
const char *
1185
fido_cred_rp_id(const fido_cred_t *cred)
1186
15.5k
{
1187
15.5k
        return (cred->rp.id);
1188
15.5k
}
1189
1190
const char *
1191
fido_cred_rp_name(const fido_cred_t *cred)
1192
15.5k
{
1193
15.5k
        return (cred->rp.name);
1194
15.5k
}
1195
1196
const char *
1197
fido_cred_user_name(const fido_cred_t *cred)
1198
39.4k
{
1199
39.4k
        return (cred->user.name);
1200
39.4k
}
1201
1202
const char *
1203
fido_cred_display_name(const fido_cred_t *cred)
1204
39.4k
{
1205
39.4k
        return (cred->user.display_name);
1206
39.4k
}
1207
1208
const unsigned char *
1209
fido_cred_user_id_ptr(const fido_cred_t *cred)
1210
39.4k
{
1211
39.4k
        return (cred->user.id.ptr);
1212
39.4k
}
1213
1214
size_t
1215
fido_cred_user_id_len(const fido_cred_t *cred)
1216
39.4k
{
1217
39.4k
        return (cred->user.id.len);
1218
39.4k
}
1219
1220
const unsigned char *
1221
fido_cred_largeblob_key_ptr(const fido_cred_t *cred)
1222
15.4k
{
1223
15.4k
        return (cred->largeblob_key.ptr);
1224
15.4k
}
1225
1226
size_t
1227
fido_cred_largeblob_key_len(const fido_cred_t *cred)
1228
15.4k
{
1229
15.4k
        return (cred->largeblob_key.len);
1230
15.4k
}