Rust FIDO2 CTAP library
gebo
sh
$ cargo build
$ cargo run
```toml [dependencies]
serde_cbor = "0.11.1" ```
Register and Authenticate Examples
6.4. authenticatorGetInfo (0x04)
```rust use ctaphidfido2; use ctaphidfido2::Cfg;
fn main() { println!("getinfo()"); match ctaphidfido2::getinfo(&Cfg::init()) { Ok(info) => println!("{}", info), Err(e) => println!("error: {:?}", e), } } ```
console
sh
get_info()
- versions = ["U2F_V2", "FIDO_2_0", "FIDO_2_1_PRE"]
- extensions = ["credProtect", "hmac-secret"]
- aaguid(16) = EE882879721C491397753DFCCE97072A
- options = [("rk", true), ("up", true), ("plat", false), ("clientPin", true), ("credentialMgmtPreview", true)]
- max_msg_size = 1200
- pin_uv_auth_protocols = [1]
- max_credential_count_in_list = 8
- max_credential_id_length = 128
- transports = ["usb"]
- algorithms = [("alg", "-7"), ("type", "public-key"), ("alg", "-8"), ("type", "public-key")]
Created to test CTAPHID_MSG.
```rust use ctaphidfido2; use ctaphidfido2::Cfg;
fn main() { println!("getinfou2f()"); match ctaphidfido2::getinfou2f(&Cfg::init()) { Ok(result) => println!("{:?}", result), Err(e) => println!("error: {:?}", e), } } ```
console
sh
get_info_u2f()
"U2F_V2"
6.5.5.2. Platform getting PIN retries from Authenticator
pinRetries counter represents the number of attempts left before PIN is disabled.
```Rust use ctaphidfido2; use ctaphidfido2::Cfg;
fn main() { println!("getpinretries()"); match ctaphidfido2::getpinretries(&Cfg::init()) { Ok(retry) => println!("{}", retry), Err(e) => println!("error: {:?}", e), }; } ```
console
sh
get_pin_retries()
8
Yubikey Bio Only
6.5.5.3. Platform getting UV Retries from Authenticator
UV retries count is the number of built-in UV attempts remaining before built-in UV is disabled on the device.
```rust use ctaphidfido2; use ctaphidfido2::Cfg;
fn main() { println!("getuvretries()"); match ctaphidfido2::getuvretries(&Cfg::init()) { Ok(retry) => println!("{}", retry), Err(e) => println!("error: {:?}", e), }; } ```
Same as get_info(), but checks if it has a specific feature/version.
It is specified by the enum of InfoParam.
rust
match ctap_hid_fido2::enable_info_param(&Cfg::init(),InfoParam::VersionsFIDO21PRE) {
Ok(result) => println!("FIDO 2.1 PRE = {:?}", result),
Err(e) => println!("- error: {:?}", e),
};
Same as get_info(), but checks if it has a specific option.
It is specified by the enum of InfoOption.
Option<bool>
Some(true) : option is present and set to trueSome(false) : option is present and set to falseNone : option is absentrust
match ctap_hid_fido2::enable_info_option(&Cfg::init(),InfoOption::BioEnroll) {
Ok(result) => println!("BioEnroll = {:?}", result),
Err(e) => println!("- error: {:?}", e),
};
Just blink the LED on the FIDO key.
```Rust use ctaphidfido2; use ctaphidfido2::Cfg;
fn main() { if let Err(msg) = ctaphidfido2::wink(&Cfg::init()){ println!("error: {:?}", msg); } } ```
This command manages discoverable credentials(resident key) in the authenticator.
6.8. authenticatorCredentialManagement (0x0A)
Get discoverable credentials metadata.
rust
match ctap_hid_fido2::credential_management_get_creds_metadata(
&Cfg::init(),
pin,
) {
Ok(result) => println!("{}", result),
Err(e) => println!("- error: {:?}", e),
};
Enumerate RPs present on the authenticator.
rust
match ctap_hid_fido2::credential_management_enumerate_rps(&Cfg::init(), pin)
{
Ok(results) => {
for r in results {
println!("## rps\n{}", r);
}
}
Err(e) => println!("- error: {:?}", e),
}
Enumerate the credentials for a RP.
rust
match ctap_hid_fido2::credential_management_enumerate_credentials(
&Cfg::init(),
pin,
rpid_hash_bytes,
) {
Ok(results) => {
for c in results {
println!("## credentials\n{}", c);
}
}
Err(e) => println!("- error: {:?}", e),
}
Delete a credential.
```rust let mut pkcd = PublicKeyCredentialDescriptor::default(); pkcd.id = util::tostrhex(credentialid.unwrap()); pkcd.ctype = "publickey".to_string();
match ctaphidfido2::credentialmanagementdeletecredential( &Cfg::init(), pin, Some(pkcd), ) { Ok() => println!("- success"), Err(e) => println!("- error: {:?}",e), } ```
This command manages the fingerprints in the authenticator.
6.7. authenticatorBioEnrollment (0x09)
Get fingerprint sensor information.
Rust
match ctap_hid_fido2::bio_enrollment_get_fingerprint_sensor_info(
&Cfg::init(),
) {
Ok(result) => println!("- {:?}", result),
Err(e) => println!("- error: {:?}", e),
}
Enumurate a list of registered fingerprints.
Rust
match ctap_hid_fido2::bio_enrollment_enumerate_enrollments(
&Cfg::init(),
pin,
) {
Ok(infos) => for i in infos {println!("- {}", i)},
Err(e) => println!("- error: {:?}", e)
}
Enroll one fingerprint.
run bio_enrollment_begin first and then bio_enrollment_next several times.is_finish detects the completion of registration.
```rust fn bioenrollment(pin: &str) -> Result<(), String> { println!("bioenrollmentbegin"); let result = ctaphidfido2::bioenrollment_begin( &Cfg::init(), pin, Some(10000), )?; println!("{}", result.1); println!("");
for _counter in 0..10 {
if bio_enrollment_next(&result.0)? {
break;
}
}
Ok(())
}
fn bioenrollmentnext(enrollstatus: &EnrollStatus1) -> Result
Update the registered name of the fingerprint.
rust
match ctap_hid_fido2::bio_enrollment_set_friendly_name(
&Cfg::init(),
pin,
template_id, "display-name",
) {
Ok(()) => println!("- Success"),
Err(e) => println!("- error: {:?}", e),
}
Delete a fingerprint.
rust
match ctap_hid_fido2::bio_enrollment_remove(
&Cfg::init(),
pin,
template_id,
) {
Ok(_) => println!("- Success"),
Err(e) => println!("- error: {:?}", e),
}