Rust FIDO2 CTAP library for Mac & Win
Sorry, Linux is not yet supported.
gebo
```Rust use ctaphidfido2;
fn main() { println!("getinfo()"); let infos = match ctaphidfido2::getinfo(&ctaphidfido2::HidParam::getdefaultparams()) { Ok(result) => result, Err(error) => { println!("error: {:?}", error); return; } }; for (key, value) in infos { println!("- {} / {}", key, value); } } ```
console
sh
get_info()
- versions / U2F_V2
- versions / FIDO_2_0
- extensions / hmac-secret
- aaguid / FA2B99DC9E3942578F924A30D23C4118
- options-rk / true
- options-up / true
- options-plat / false
- options-clientPin / true
- max_msg_size / 1200
- pin_protocols / 1
```Rust use ctaphidfido2;
fn main() { println!("getpinretries()"); let retry = match ctaphidfido2::getpinretries(&ctaphidfido2::HidParam::getdefaultparams()) { Ok(result) => result, Err(error) => { println!("error: {:?}", error); return; } }; println!("- pin retry = {}", retry); } ```
console
sh
get_pin_retries()
- pin retry = 8
```Rust use ctaphidfido2; use ctaphidfido2::util; use ctaphidfido2::verifier;
fn main() { println!("----- test-with-pin-non-rk start -----");
// parameter
let rpid = "test.com";
let pin = "1234";
let challenge = verifier::create_challenge();
println!("Register - make_credential()");
println!("- rpid = {:?}", rpid);
println!(
"- challenge({:02}) = {:?}",
challenge.len(),
util::to_hex_str(&challenge)
);
let att = match ctap_hid_fido2::make_credential(
&ctap_hid_fido2::HidParam::get_default_params(),
rpid,
&challenge,
Some(pin),
) {
Ok(result) => result,
Err(err) => {
println!("- error {:?}", err);
return;
}
};
println!("- Register Success!!");
att.print("Attestation");
println!("Verify");
let verify_result = verifier::verify_attestation(rpid, &challenge, &att);
println!(
"- is_success = {:?}",
verify_result.is_success
);
println!(
"- credential_id({:02}) = {:?}",
verify_result.credential_id.len(),
util::to_hex_str(&verify_result.credential_id)
);
println!(
"- credential_publickey_der({:02}) = {:?}",
verify_result.credential_publickey_der.len(),
util::to_hex_str(&verify_result.credential_publickey_der)
);
println!("Authenticate - get_assertion_with_pin()");
let challenge = verifier::create_challenge();
println!(
"- challenge({:02}) = {:?}",
challenge.len(),
util::to_hex_str(&challenge)
);
let ass = match ctap_hid_fido2::get_assertion(
&ctap_hid_fido2::HidParam::get_default_params(),
rpid,
&challenge,
&verify_result.credential_id,
Some(pin),
) {
Ok(result) => result,
Err(err) => {
println!("- Authenticate Error {:?}", err);
return;
}
};
println!("- Authenticate Success!!");
ass.print("Assertion");
println!("Verify");
let is_success = verifier::verify_assertion(
rpid,
&verify_result.credential_publickey_der,
&challenge,
&ass,
);
println!("- is_success = {:?}", is_success);
println!("----- test-with-pin-non-rk end -----");
} ```
console
```sh ----- test-with-pin-non-rk start -----
Register - make_credential() - rpid = "test.com" - challenge(32) = "769448B3A7F951DEABC96358BFCB897F0336AA63FBE9227625529FDC96317950" - touch fido key - Register Success!!
Verify - issuccess = true - credentialid(64) = "FA02C83CC646726A763035221E4C9CBE23A864D14CCD2CA6116FF8FE6FC5A98BEAB88E160F1FDE88A6955B9DE5BE0896EA1EDEF4F79950FD83427ADC48C84F0C" - credentialpublickeyder(65) = "04BDE029737A3B8546FDE3EF565CBACA9946F29C6865033942918826ACCAC5465E7F8F130455C2C7DE86DBA25CBDBA5BDBE701E22051FE2070B9689FECBF7C6027"
Authenticate - getassertionwith_pin() - challenge(32) = "01E2EE84FCA308F66417BBDDD05D27399BF9306707C0B85813CB0679EBBB494F" - touch fido key - Authenticate Success!!
Verify - is_success = true
----- test-with-pin-non-rk end ----- ```
Just blink the LED on the FIDO key
```Rust use ctaphidfido2;
fn main() { println!("----- wink start -----"); if let Err(msg) = ctaphidfido2::wink(&ctaphidfido2::HidParam::getdefaultparams()){ println!("error: {:?}", msg); } println!("----- wink end -----"); } ```
```Rust use ctaphidfido2; use ctaphidfido2::makecredentialparams; use ctaphidfido2::util; use ctaphidfido2::verifier;
fn main() { println!("----- test-with-pin-rk start -----");
// parameter
let rpid = "ge.com";
let pin = "1234";
let challenge = verifier::create_challenge();
let mut rkparam = make_credential_params::RkParam::default();
rkparam.user_id = b"11111".to_vec();
rkparam.user_name = "gebo".to_string();
rkparam.user_display_name = "GEBO GEBO".to_string();
println!("Register - make_credential()");
println!("- rpid = {:?}", rpid);
println!(
"- challenge({:02}) = {:?}",
challenge.len(),
util::to_hex_str(&challenge)
);
rkparam.print("RkParam");
let att = match ctap_hid_fido2::make_credential_rk(
&ctap_hid_fido2::HidParam::get_default_params(),
rpid,
&challenge,
Some(pin),
&rkparam
) {
Ok(result) => result,
Err(err) => {
println!("- Register Error {:?}", err);
return;
}
};
println!("- Register Success!!");
att.print("Attestation");
println!("Verify");
let verify_result = verifier::verify_attestation(rpid, &challenge, &att);
println!(
"- is_success = {:?}",
verify_result.is_success
);
println!(
"- credential_publickey_der({:02}) = {:?}",
verify_result.credential_publickey_der.len(),
util::to_hex_str(&verify_result.credential_publickey_der)
);
println!("----- test-with-pin-rk end -----");
} ```
console
```sh ----- test-with-pin-rk start -----
Register - make_credential() - rpid = "ge.com" - challenge(32) = "FC0644242F0C3FADFD4E5EBEEF4B0CED629C7E76D50417148E5BF5D59EE67298"
RkParam - userid(05) = "3131313131" - username = "gebo" - userdisplayname = "GEBO GEBO"
Verify - issuccess = true - credentialpublickey_der(65) = "045751B33677185635A8136668A64EABEED8DB7350C19E1804B67E66350B297BE0B64EE29ADBF64FE74DA684A2E8BB7F87314BD301C512E660E3C258FDA93C5C5D"
----- test-with-pin-rk end ----- ```
```Rust use ctaphidfido2; use ctaphidfido2::util; use ctaphidfido2::verifier;
fn main() { println!("----- test-with-pin-rk start -----");
// parameter
let rpid = "ge.com";
let pin = "1234";
println!("Authenticate - get_assertions_rk()");
let challenge = verifier::create_challenge();
let asss = match ctap_hid_fido2::get_assertions_rk(
&ctap_hid_fido2::HidParam::get_default_params(),
rpid,
&challenge,
Some(pin),
) {
Ok(asss) => asss,
Err(err) => {
println!("- Authenticate Error {:?}", err);
return;
}
};
println!("Authenticate Success!!");
println!("- Assertion Num = {:?}",asss.len());
for ass in asss {
ass.print("Assertion");
println!(
"- user_id({:02}) = {:?}",
ass.user_id.len(),
util::to_hex_str(&ass.user_id)
);
}
println!("----- test-with-pin-rk end -----");
} ```
console
username and userdisplay_name are set only when multiple Assertions are acquired.
```sh ----- test-with-pin-rk start ----- Authenticate - getassertionsrk() - touch fido key
Authenticate Success!! - Assertion Num = 1 - userid(05) = "3131313131" - username = "" - userdisplayname = "" ----- test-with-pin-rk end ----- ```
If you want to enable UV-user verification, please specify None instead of a PIN. makecredential(),getassertion()
```rust let att = match ctaphidfido2::makecredential( &ctaphidfido2::HidParam::getdefault_params(), rpid, &challenge, None, ) { Ok(result) => result, Err(err) => { println!("- error {:?}", err); return; } };
let ass = match ctap_hid_fido2::get_assertion(
&ctap_hid_fido2::HidParam::get_default_params(),
rpid,
&challenge,
&verify_result.credential_id,
None,
) {
Ok(result) => result,
Err(err) => {
println!("- Authenticate Error {:?}", err);
return;
}
};
```
for Nitrokey FIDO2 only.
Query the firmware version of Nitrokey.
rust
fn main() {
println!("----- Nitrokey GETVERSION start -----");
// get 4byte payload "2001" -> ver 2.0.0.1
match ctap_hid_fido2::nitrokey::get_version(&ctap_hid_fido2::HidParam::get_default_params()) {
Ok(version) => println!("version = {}", version),
Err(err) => println!("version = {}", err),
};
println!("----- Nitrokey GETVERSION end -----");
}
console
sh
----- Nitrokey GETVERSION start -----
version = 2.2.0.1
----- Nitrokey GETVERSION end -----
Query the Status of Nitrokey.
rust
fn main() {
println!("----- Nitrokey GETSTATUS start -----");
match ctap_hid_fido2::nitrokey::get_status(&ctap_hid_fido2::HidParam::get_default_params()) {
Ok(status) => status.print("status"),
Err(err) => println!("status = {}", err),
};
println!("----- Nitrokey GETSTATUS end -----");
}
console
sh
----- Nitrokey GETSTATUS start -----
status
- is_button_pressed_raw = false
- button_state = 3
- button_state = BstUnpressed
- last_button_cleared_time_delta = 131
- last_button_pushed_time_delta = 131
- led_is_blinking = false
- u2f_ms_clear_button_period = 200
- u2f_ms_init_button_period = 5
- button_min_press_t_ms = 100
----- Nitrokey GETSTATUS end -----
Generate a random number.
rust
fn main() {
println!("----- Nitrokey GETRNG start -----");
// get 8 byte rundom data
match ctap_hid_fido2::nitrokey::get_rng(&ctap_hid_fido2::HidParam::get_default_params(), 8) {
Ok(rng) => println!("rng = {}", rng),
Err(err) => println!("rng = {}", err),
};
println!("----- Nitrokey GETRNG end -----");
}
console
sh
----- Nitrokey GETRNG start -----
rng = D93C4D39DAA8FEF8
----- Nitrokey GETRNG end -----