commit 94b04c36ca444d3bc35a143f393ca96e7bf99c00 parent 7439ba9c6ed242d5f93d5e706baeaa6e141c9cfd Author: John M. Schanck <jschanck@mozilla.com> Date: Thu, 23 Oct 2025 17:38:20 +0000 Bug 1995865 - vendor authenticator-rs v0.5.0. r=keeler,supply-chain-reviewers Differential Revision: https://phabricator.services.mozilla.com/D269659 Diffstat:
26 files changed, 705 insertions(+), 100 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock @@ -334,9 +334,9 @@ dependencies = [ [[package]] name = "authenticator" -version = "0.4.1" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82d71e457dc518a15eecc90d3b0660dee4b51623b34ac4262c9326e0d7e0f8e2" +checksum = "bbd6f57365675990f2db272a6560b28945df74cf3749c70aafd9b1c7829edebc" dependencies = [ "base64 0.21.999", "bitflags 1.999.999", @@ -3391,7 +3391,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown 0.15.999", + "hashbrown 0.16.0", "serde", "serde_core", ] diff --git a/dom/webauthn/authrs_bridge/Cargo.toml b/dom/webauthn/authrs_bridge/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" authors = ["Martin Sirringhaus", "John Schanck"] [dependencies] -authenticator = { version = "0.4.1", features = ["gecko"] } +authenticator = { version = "0.5", features = ["gecko"] } base64 = "^0.22" cstr = "0.2" log = "0.4" diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml @@ -17,7 +17,7 @@ who = "John M. Schanck <jschanck@mozilla.com>" criteria = "safe-to-deploy" user-id = 175410 # John Schanck (jschanck) start = "2022-11-15" -end = "2025-09-25" +end = "2026-09-25" notes = "Maintained by the CryptoEng team at Mozilla." [[wildcard-audits.bhttp]] diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock @@ -37,8 +37,8 @@ user-login = "padenot" user-name = "Paul Adenot" [[publisher.authenticator]] -version = "0.4.1" -when = "2024-09-25" +version = "0.5.0" +when = "2025-10-22" user-id = 175410 user-login = "jschanck" user-name = "John Schanck" diff --git a/third_party/rust/authenticator/.cargo-checksum.json b/third_party/rust/authenticator/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"Cargo.lock":"761d80cd306f66dcaceed169ca6a1a777eae9bfbec6814da3cf8f6861aaf9019","Cargo.toml":"24e3f316a1c11c079192eb0857cfcf92117bf527744b00e4db7e62d1b1e7ef4e","Cross.toml":"8d132da818d48492aa9f4b78a348f0df3adfae45d988d42ebd6be8a5adadb6c3","LICENSE":"e866c8f5864d4cacfe403820e722e9dc03fe3c7565efa5e4dad9051d827bb92a","README.md":"c87d9c7cc44f1dd4ef861a3a9f8cd2eb68aedd3814768871f5fb63c2070806cd","build.rs":"5b909f42e52ed2056afa3693544ef1c1dc5e90d00e7d8730175a228bd0233b43","examples/ctap2.rs":"e83d16c1b5aaca585b7df0655a696ddfeb0529aa2f4645bd30c74f58574fc0c6","examples/ctap2_discoverable_creds.rs":"ce56390840a535f77f67e1ac64d90edcf1ba89ea9d697b32222c71c71467b789","examples/interactive_management.rs":"e164439c7925f748620540668e5fea467342a16dd062f9d08f217ffe59bf1b44","examples/prf.rs":"4f096115c35be851937a1e0bc571aee8f0e1e39e799ac082645a6ba009e1649a","examples/reset.rs":"a8ffd75b248beeede129698f2c7bc971789fda0e6e8f66ac76cc2f8ae770432d","examples/set_pin.rs":"14806b2d20034534f77dd5000c440af4dd4f1f4eedbd335942cd1cc1fcd0037a","examples/test_exclude_list.rs":"881b6c4a9e0d9bbfc6a34a8e04f62a9dc0cf743ccd0554c679915f4466f0085e","rust-toolchain.toml":"faee28253e1b6ece8840fb195d3de62e8f415aad6d39d20414eb389c291f4f12","rustfmt.toml":"ceb6615363d6fff16426eb56f5727f98a7f7ed459ba9af735b1d8b672e2c3b9b","src/authenticatorservice.rs":"59a43779765a7e40841b507eb2a23da0693e0fdfec85a0ffc4f99e66aa76391f","src/consts.rs":"44fb7c396dc87d1657d1feed08e956fc70608c0b06a034716b626419b442bcfe","src/crypto/der.rs":"7001646cf0f7421c3371f8864181049e8e2f9029676a1f37e7d02daca4d70974","src/crypto/dummy.rs":"92e5238da8e6f57bae057f564f5c84719dab6ed22c1b390884fe1a8bccb91f17","src/crypto/mod.rs":"3fb3d1a4f91529db32377095c587cd33b6b1499f644d0662b91fb76a8cbe88c5","src/crypto/nss.rs":"0dcdf2af1d49f8aa9c235c5bcdeabcf26abed219dfd84b17667cd2d0ae9d9c8c","src/crypto/openssl.rs":"b2577be577b884b569a5bc039b82e0402db097b5652d70d6320922ad6795f1c7","src/ctap2/attestation.rs":"28e95f76f954ea00c6936e22e5bc01809bc37323c57f1c59f1ff0e35adab11ad","src/ctap2/client_data.rs":"1b5ef05243ec5f5c2f3a06bf3ddbd39db9e2035a0898e2da348768d5e56311b7","src/ctap2/commands/authenticator_config.rs":"bc48e2e3b457e46c14b559861b91ba730250252fa7452745c4ce7a94f26c64a8","src/ctap2/commands/bio_enrollment.rs":"fc284b46c1acdd67a31dc18a1d1c32ea8973127a6b306437071977701fe2339e","src/ctap2/commands/client_pin.rs":"057515ae9f8dce7742891e797be9f308f3d29ac3ac0c430e48fe8f138f995b4c","src/ctap2/commands/credential_management.rs":"f78aafa5ec0b61844cce52d98e4415161d5bbf9190f58801274d1aa39b0e1d24","src/ctap2/commands/get_assertion.rs":"e113635b3ed4c4d880e3b87998db3e16d593043d3005a4b47ec6792645726b30","src/ctap2/commands/get_info.rs":"3e354be80c6afb253b472c8dda336750edddc4c2ca03ca12f68fab8920fe9744","src/ctap2/commands/get_next_assertion.rs":"fb0edd201d90f5a706edf58cdea901f8783f882968a028b466892d0a38d10ffe","src/ctap2/commands/get_version.rs":"5008dec81581d0604e000bd6f2242db06fb550b220709f6e263a9bb340570921","src/ctap2/commands/make_credentials.rs":"29c1c47f3928081df940597e2241f6588a4b30359ef9ebcb1565831d4a815336","src/ctap2/commands/mod.rs":"bee7d4f612ab3489a0ebdf9eba217ea29b70e830bb3258aa0148754d984238ce","src/ctap2/commands/reset.rs":"610a1979d20e801cb2ac4a6efe15b40699d30a70ba8c3f834c0066da10af3637","src/ctap2/commands/selection.rs":"dd7d21bd063fd618a53fd64a4e88e41e9344f335dfbcec25f8a886b6c4da8e0c","src/ctap2/mod.rs":"6456e689267a9c15fbaa68249c41460cb7094fda610e3fae959cbf5aa10e4a7f","src/ctap2/preflight.rs":"23f35714f9ec57ad603f3152b805a8a09a09e7629202be54a2ea17cded0d7bb9","src/ctap2/server.rs":"bf0c9685f72a96173822aad857a7a70de08a0c09942933975e5107f758b1c270","src/ctap2/utils.rs":"7ca56ae241f22de67047d22c6650bbe36f1268ab64bf8cc9256d2f00ef750c0a","src/errors.rs":"0639d55735b5b67562b4ff8b6b6639d1449f56cdcb0a0cdab3209d1bc972cab7","src/lib.rs":"00f2bfd489f77d9f10711983d742148a037e5989d02a44a65ae0fd3cbbd34dc0","src/manager.rs":"b7106c82c62c8bb47d3ec979f3454e0fb04dae0b32d029624b23a880819b16a7","src/statecallback.rs":"6748b74341876d7698aa3b1a6c1de002a74e201375040397255445ff4a1d7982","src/statemachine.rs":"412747465209ac080e941dae7cfdd808709803305977cfc08f349a8d2cfc61b0","src/status_update.rs":"6b8de35dbcba36dcf6ff388b73c49e04568155ed288b35ec9582001fbdd177e7","src/transport/device_selector.rs":"406b947a770ab5db939d06f720f68ddeb3be275eb4567feb96913cecf013902e","src/transport/errors.rs":"5af7cb8d22ffa63bf4264d182a0f54b9b3a2cc9d19d832b3495857229f9a2875","src/transport/freebsd/device.rs":"0aa53590382093225b6f17af4deb3224eb52a883d19dc7da520fcbfceb1cad58","src/transport/freebsd/mod.rs":"42dcb57fbeb00140003a8ad39acac9b547062b8f281a3fa5deb5f92a6169dde6","src/transport/freebsd/monitor.rs":"a6b34af4dd2e357a5775b1f3a723766107c11ef98dba859b1188ed08e0e450a2","src/transport/freebsd/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/freebsd/uhid.rs":"a194416a8bc5d428c337f8d96a2248769ca190810852bbe5ee686ab595d8eb4c","src/transport/hid.rs":"3b1e4c6a5f62faa59c964d910ad3fc5928c3e363c07c9a22cf6f43e730198a8f","src/transport/hidproto.rs":"1f36992a806f753bac6582c2263d5cc1dd2924df52af97370e55dd6c189ef545","src/transport/linux/device.rs":"206a5ae404590bc73acc03e22823ea4252848b5afab744a51f9630b0f1af813c","src/transport/linux/hidraw.rs":"c7a0df9b4e51cb2736218ffffa02b2b2547b7c515d69f9bae2c9a8c8f1cb547b","src/transport/linux/hidwrapper.h":"72785db3a9b27ea72b6cf13a958fee032af54304522d002f56322473978a20f9","src/transport/linux/hidwrapper.rs":"d203e8804e7632b8d47a224c186d1f431800f04ddc43360d5c086f71e9b0f674","src/transport/linux/ioctl_aarch64le.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_armle.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_loongarch64.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_mips64le.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_mipsbe.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_mipsle.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_powerpc64be.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_powerpc64le.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_powerpcbe.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_riscv64.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_s390xbe.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_x86.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_x86_64.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/mod.rs":"446e435126d2a58f167f648dd95cba28e8ac9c17f1f799e1eaeab80ea800fc57","src/transport/linux/monitor.rs":"5e3ec2618dd74027ae6ca1527991254e3271cce59106d4920ce0414094e22f64","src/transport/linux/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/macos/device.rs":"cef7cec681d9c777aac16e662bcbe8ff0d39efb2116086bf9f792945f1454c96","src/transport/macos/iokit.rs":"7dc4e7bbf8e42e2fcde0cee8e48d14d6234a5a910bd5d3c4e966d8ba6b73992f","src/transport/macos/mod.rs":"333e561554fc901d4f6092f6e4c85823e2b0c4ff31c9188d0e6d542b71a0a07c","src/transport/macos/monitor.rs":"e02288454bb4010e06b705d82646abddb3799f0cd655f574aa19f9d91485a4a2","src/transport/macos/transaction.rs":"9dcdebd13d5fd5a185b5ad777a80c825a6ba5e76b141c238aa115b451b9a72fa","src/transport/mock/device.rs":"c0993f719ea179a6244f1d7aee237ba1b43a130f9c02ce955fea0147318df463","src/transport/mock/mod.rs":"9c4c87efd19adddc1a91c699a6c328063cfbac5531b76346a5ff92e986aded8f","src/transport/mock/transaction.rs":"be3ed8c389dfa04122364b82515edd76fad6f5d5f72d15cacd45a84fb8397292","src/transport/mod.rs":"eacb0071e41a567ae0066ebebd6edf9001475f6a3f806f7df2aac7823aa86c9a","src/transport/netbsd/device.rs":"4c8404683c1fe07e562ec7126538643278e632f20e1f38b909a02526ef50d8e4","src/transport/netbsd/fd.rs":"5464019025d03ea2a39c82f76b238bbbdb0ea63f5a5fc7c9d974e235139cd53b","src/transport/netbsd/mod.rs":"b1c52aa29537330cebe67427062d6c94871cab2a9b0c04b2305d686f07e88fd5","src/transport/netbsd/monitor.rs":"fb2917e4ba53cc9867987a539061f82d011f4c6e478df1157d965d32df2eb922","src/transport/netbsd/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/netbsd/uhid.rs":"d15be35e2413240066a8f086bb8846b08a6a92bf6a1941c3eec1329dd3a4f9ce","src/transport/openbsd/device.rs":"8fcd46ae1e1df4434aa93e629ec379f7944a0120c3e75b0ee4f9f2afa3a187be","src/transport/openbsd/mod.rs":"514274d414042ff84b3667a41a736e78581e22fda87ccc97c2bc05617e381a30","src/transport/openbsd/monitor.rs":"2e0ba6ecc69b450be9cbfd21a7c65036ed2ce593b12363596d3eae0b5bfb79e8","src/transport/openbsd/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/stub/device.rs":"d064faee6c5e4681e6b81878aa419de54c9df9a7eb805336d0cfda82318253d1","src/transport/stub/mod.rs":"6a7fec504a52d403b0241b18cd8b95088a31807571f4c0a67e4055afc74f4453","src/transport/stub/transaction.rs":"c9a3ade9562468163f28fd51e7ff3e0bf5854b7edade9e987000d11c5d0e62d2","src/transport/windows/device.rs":"a5e997dc84acf526cbd23d0228d6182ab23d0e56a9314349e5066457502e10a7","src/transport/windows/mod.rs":"218e7f2fe91ecb390c12bba5a5ffdad2c1f0b22861c937f4d386262e5b3dd617","src/transport/windows/monitor.rs":"95913d49e7d83482e420493d89b53ffceb6a49e646a87de934dff507b3092b4c","src/transport/windows/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/windows/winapi.rs":"b2a4cc85f14e39cadfbf068ee001c9d776f028d3cf09cb926d4364c5b437c112","src/u2ftypes.rs":"b9c96004c13a8c2cf510983bfb701909c8f5953dfbb5764040d54814bb05f370","src/util.rs":"10300471d568a03558f3b6b9b093005072130c4b68a476ef80d9c4a064a175f0","testing/cross/powerpc64le-unknown-linux-gnu.Dockerfile":"d7463ff4376e3e0ca3fed879fab4aa975c4c0a3e7924c5b88aef9381a5d013de","testing/cross/x86_64-unknown-linux-gnu.Dockerfile":"11c79c04b07a171b0c9b63ef75fa75f33263ce76e3c1eda0879a3e723ebd0c24","testing/run_cross.sh":"cc2a7e0359f210eba2e7121f81eb8ab0125cea6e0d0f2698177b0fe2ad0c33d8"},"package":"82d71e457dc518a15eecc90d3b0660dee4b51623b34ac4262c9326e0d7e0f8e2"} -\ No newline at end of file +{"files":{"Cargo.lock":"5b7b72a9f647c7d1daa5643615d0b879d267d79f55a69d4723e484250474b7ff","Cargo.toml":"4b6948368be022d2ce05d63edb629d3bd2882c7d4b01ae13b9ceaa4a1dec16e2","Cross.toml":"8d132da818d48492aa9f4b78a348f0df3adfae45d988d42ebd6be8a5adadb6c3","LICENSE":"e866c8f5864d4cacfe403820e722e9dc03fe3c7565efa5e4dad9051d827bb92a","README.md":"c87d9c7cc44f1dd4ef861a3a9f8cd2eb68aedd3814768871f5fb63c2070806cd","build.rs":"856c5f20d2980f23852c2bcbcd7446adf2f1c13f9202d3d68875e4e4ea37b9de","examples/ctap2.rs":"e83d16c1b5aaca585b7df0655a696ddfeb0529aa2f4645bd30c74f58574fc0c6","examples/ctap2_discoverable_creds.rs":"ce56390840a535f77f67e1ac64d90edcf1ba89ea9d697b32222c71c71467b789","examples/interactive_management.rs":"e164439c7925f748620540668e5fea467342a16dd062f9d08f217ffe59bf1b44","examples/prf.rs":"4f096115c35be851937a1e0bc571aee8f0e1e39e799ac082645a6ba009e1649a","examples/reset.rs":"a8ffd75b248beeede129698f2c7bc971789fda0e6e8f66ac76cc2f8ae770432d","examples/set_pin.rs":"14806b2d20034534f77dd5000c440af4dd4f1f4eedbd335942cd1cc1fcd0037a","examples/test_exclude_list.rs":"881b6c4a9e0d9bbfc6a34a8e04f62a9dc0cf743ccd0554c679915f4466f0085e","rust-toolchain.toml":"faee28253e1b6ece8840fb195d3de62e8f415aad6d39d20414eb389c291f4f12","rustfmt.toml":"ceb6615363d6fff16426eb56f5727f98a7f7ed459ba9af735b1d8b672e2c3b9b","src/authenticatorservice.rs":"59a43779765a7e40841b507eb2a23da0693e0fdfec85a0ffc4f99e66aa76391f","src/consts.rs":"44fb7c396dc87d1657d1feed08e956fc70608c0b06a034716b626419b442bcfe","src/crypto/der.rs":"7001646cf0f7421c3371f8864181049e8e2f9029676a1f37e7d02daca4d70974","src/crypto/dummy.rs":"cf31e3e6f96689e717e0079543cfd464acc3434e3c3ce2de3b3e9d4436b94164","src/crypto/mod.rs":"a80d8d7609110bde0050545e1659e828bbd97adc9701dc85400ff28dd7728bab","src/crypto/nss.rs":"c518fb2df8db8deabddda58275cc8c4f08dea0fd1b4050c7697caa12c12db068","src/crypto/openssl.rs":"b615195d32a584b7fd5e48dc480ad22c352729bb8de732ced46268426acb04d4","src/crypto/rustcrypto.rs":"efcd71178654221b3892c8c89bf1870dc21cce18b8f01715f101be00277ebb1c","src/ctap2/attestation.rs":"28e95f76f954ea00c6936e22e5bc01809bc37323c57f1c59f1ff0e35adab11ad","src/ctap2/client_data.rs":"1b5ef05243ec5f5c2f3a06bf3ddbd39db9e2035a0898e2da348768d5e56311b7","src/ctap2/commands/authenticator_config.rs":"ae60b35ac9ff370388338aeef913e977b71269d4289d209f34d340f8ab6eaade","src/ctap2/commands/bio_enrollment.rs":"2b31e068975069364ee9523193e6087764b1d2ebc1585dde277bfd648fa4feb3","src/ctap2/commands/client_pin.rs":"057515ae9f8dce7742891e797be9f308f3d29ac3ac0c430e48fe8f138f995b4c","src/ctap2/commands/credential_management.rs":"02a3ba538867ee5b743dff757500e5673ec361a417db3147d9e8168451685e0b","src/ctap2/commands/get_assertion.rs":"d6e7255168bfaa4af797fe26af7fc80b1268113c4919e92be63a5092969d6fd9","src/ctap2/commands/get_info.rs":"c7a76aa0fd0bfe2b26494a824c84b56367e49edaf7e0ab1be9da576dbb3441bd","src/ctap2/commands/get_next_assertion.rs":"fb0edd201d90f5a706edf58cdea901f8783f882968a028b466892d0a38d10ffe","src/ctap2/commands/get_version.rs":"5008dec81581d0604e000bd6f2242db06fb550b220709f6e263a9bb340570921","src/ctap2/commands/make_credentials.rs":"074b8bb267058e36b252f878188c54718bfb16961fea42016ff9b57b2bea00d7","src/ctap2/commands/mod.rs":"5fe99a79ca3cccf1950e16b36244296e59c28479cb2f0a54ef70a95ea8634745","src/ctap2/commands/reset.rs":"610a1979d20e801cb2ac4a6efe15b40699d30a70ba8c3f834c0066da10af3637","src/ctap2/commands/selection.rs":"dd7d21bd063fd618a53fd64a4e88e41e9344f335dfbcec25f8a886b6c4da8e0c","src/ctap2/mod.rs":"92db5b0bf8927b1affc395a79662f6c7653f43a3da3e86eae9b0cb249a3ceb6c","src/ctap2/preflight.rs":"23f35714f9ec57ad603f3152b805a8a09a09e7629202be54a2ea17cded0d7bb9","src/ctap2/server.rs":"bf0c9685f72a96173822aad857a7a70de08a0c09942933975e5107f758b1c270","src/ctap2/utils.rs":"7ca56ae241f22de67047d22c6650bbe36f1268ab64bf8cc9256d2f00ef750c0a","src/errors.rs":"0639d55735b5b67562b4ff8b6b6639d1449f56cdcb0a0cdab3209d1bc972cab7","src/lib.rs":"00f2bfd489f77d9f10711983d742148a037e5989d02a44a65ae0fd3cbbd34dc0","src/manager.rs":"b7106c82c62c8bb47d3ec979f3454e0fb04dae0b32d029624b23a880819b16a7","src/statecallback.rs":"6748b74341876d7698aa3b1a6c1de002a74e201375040397255445ff4a1d7982","src/statemachine.rs":"412747465209ac080e941dae7cfdd808709803305977cfc08f349a8d2cfc61b0","src/status_update.rs":"6b8de35dbcba36dcf6ff388b73c49e04568155ed288b35ec9582001fbdd177e7","src/transport/device_selector.rs":"0bd8ba200b94ee260c3adbb607ff0a85b3d038678a728a99c8a336fe83e23110","src/transport/errors.rs":"5af7cb8d22ffa63bf4264d182a0f54b9b3a2cc9d19d832b3495857229f9a2875","src/transport/freebsd/device.rs":"0aa53590382093225b6f17af4deb3224eb52a883d19dc7da520fcbfceb1cad58","src/transport/freebsd/mod.rs":"42dcb57fbeb00140003a8ad39acac9b547062b8f281a3fa5deb5f92a6169dde6","src/transport/freebsd/monitor.rs":"a6b34af4dd2e357a5775b1f3a723766107c11ef98dba859b1188ed08e0e450a2","src/transport/freebsd/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/freebsd/uhid.rs":"a194416a8bc5d428c337f8d96a2248769ca190810852bbe5ee686ab595d8eb4c","src/transport/hid.rs":"3b1e4c6a5f62faa59c964d910ad3fc5928c3e363c07c9a22cf6f43e730198a8f","src/transport/hidproto.rs":"6b9bcf2e16859d93eaf410cc75d8f8690a2045d333efac42a18ada3e6114b9b2","src/transport/linux/device.rs":"206a5ae404590bc73acc03e22823ea4252848b5afab744a51f9630b0f1af813c","src/transport/linux/hidraw.rs":"7f49a34747b537aaf11bbf75a913f48ed47b2d8e6b40a05f2a301a7be0c84312","src/transport/linux/hidwrapper.h":"72785db3a9b27ea72b6cf13a958fee032af54304522d002f56322473978a20f9","src/transport/linux/hidwrapper.rs":"a8cc88cc9744395d3d0db175688f4d356a2adb82108bdf804dd892c1b893108f","src/transport/linux/ioctl_aarch64le.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_armle.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_loongarch64.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_mips64le.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_mipsbe.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_mipsle.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_powerpc64be.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_powerpc64le.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_powerpcbe.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_riscv64.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_s390xbe.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_sparc64.rs":"fbda309934ad8bda689cd4fb5c0ca696fe26dedb493fe9d5a5322c3047d474fd","src/transport/linux/ioctl_x86.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/ioctl_x86_64.rs":"2d8b265cd39a9f46816f83d5a5df0701c13eb842bc609325bad42ce50add3bf0","src/transport/linux/mod.rs":"446e435126d2a58f167f648dd95cba28e8ac9c17f1f799e1eaeab80ea800fc57","src/transport/linux/monitor.rs":"5e3ec2618dd74027ae6ca1527991254e3271cce59106d4920ce0414094e22f64","src/transport/linux/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/macos/device.rs":"cef7cec681d9c777aac16e662bcbe8ff0d39efb2116086bf9f792945f1454c96","src/transport/macos/iokit.rs":"7dc4e7bbf8e42e2fcde0cee8e48d14d6234a5a910bd5d3c4e966d8ba6b73992f","src/transport/macos/mod.rs":"333e561554fc901d4f6092f6e4c85823e2b0c4ff31c9188d0e6d542b71a0a07c","src/transport/macos/monitor.rs":"e02288454bb4010e06b705d82646abddb3799f0cd655f574aa19f9d91485a4a2","src/transport/macos/transaction.rs":"9dcdebd13d5fd5a185b5ad777a80c825a6ba5e76b141c238aa115b451b9a72fa","src/transport/mock/device.rs":"c0993f719ea179a6244f1d7aee237ba1b43a130f9c02ce955fea0147318df463","src/transport/mock/mod.rs":"9c4c87efd19adddc1a91c699a6c328063cfbac5531b76346a5ff92e986aded8f","src/transport/mock/transaction.rs":"be3ed8c389dfa04122364b82515edd76fad6f5d5f72d15cacd45a84fb8397292","src/transport/mod.rs":"eacb0071e41a567ae0066ebebd6edf9001475f6a3f806f7df2aac7823aa86c9a","src/transport/netbsd/device.rs":"4c8404683c1fe07e562ec7126538643278e632f20e1f38b909a02526ef50d8e4","src/transport/netbsd/fd.rs":"5464019025d03ea2a39c82f76b238bbbdb0ea63f5a5fc7c9d974e235139cd53b","src/transport/netbsd/mod.rs":"b1c52aa29537330cebe67427062d6c94871cab2a9b0c04b2305d686f07e88fd5","src/transport/netbsd/monitor.rs":"fb2917e4ba53cc9867987a539061f82d011f4c6e478df1157d965d32df2eb922","src/transport/netbsd/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/netbsd/uhid.rs":"d15be35e2413240066a8f086bb8846b08a6a92bf6a1941c3eec1329dd3a4f9ce","src/transport/openbsd/device.rs":"8fcd46ae1e1df4434aa93e629ec379f7944a0120c3e75b0ee4f9f2afa3a187be","src/transport/openbsd/mod.rs":"514274d414042ff84b3667a41a736e78581e22fda87ccc97c2bc05617e381a30","src/transport/openbsd/monitor.rs":"2e0ba6ecc69b450be9cbfd21a7c65036ed2ce593b12363596d3eae0b5bfb79e8","src/transport/openbsd/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/stub/device.rs":"d064faee6c5e4681e6b81878aa419de54c9df9a7eb805336d0cfda82318253d1","src/transport/stub/mod.rs":"6a7fec504a52d403b0241b18cd8b95088a31807571f4c0a67e4055afc74f4453","src/transport/stub/transaction.rs":"c9a3ade9562468163f28fd51e7ff3e0bf5854b7edade9e987000d11c5d0e62d2","src/transport/windows/device.rs":"a5e997dc84acf526cbd23d0228d6182ab23d0e56a9314349e5066457502e10a7","src/transport/windows/mod.rs":"218e7f2fe91ecb390c12bba5a5ffdad2c1f0b22861c937f4d386262e5b3dd617","src/transport/windows/monitor.rs":"95913d49e7d83482e420493d89b53ffceb6a49e646a87de934dff507b3092b4c","src/transport/windows/transaction.rs":"ec28475a70dded260f9a7908c7f88dd3771f5d64b9a5dda835411d13b713c39a","src/transport/windows/winapi.rs":"b2a4cc85f14e39cadfbf068ee001c9d776f028d3cf09cb926d4364c5b437c112","src/u2ftypes.rs":"b9c96004c13a8c2cf510983bfb701909c8f5953dfbb5764040d54814bb05f370","src/util.rs":"10300471d568a03558f3b6b9b093005072130c4b68a476ef80d9c4a064a175f0","testing/cross/powerpc64le-unknown-linux-gnu.Dockerfile":"d7463ff4376e3e0ca3fed879fab4aa975c4c0a3e7924c5b88aef9381a5d013de","testing/cross/x86_64-unknown-linux-gnu.Dockerfile":"11c79c04b07a171b0c9b63ef75fa75f33263ce76e3c1eda0879a3e723ebd0c24","testing/run_cross.sh":"cc2a7e0359f210eba2e7121f81eb8ab0125cea6e0d0f2698177b0fe2ad0c33d8"},"package":"bbd6f57365675990f2db272a6560b28945df74cf3749c70aafd9b1c7829edebc"} +\ No newline at end of file diff --git a/third_party/rust/authenticator/Cargo.lock b/third_party/rust/authenticator/Cargo.lock @@ -3,6 +3,17 @@ version = 3 [[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] name = "aho-corasick" version = "0.7.19" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -39,18 +50,21 @@ dependencies = [ [[package]] name = "authenticator" -version = "0.4.1" +version = "0.5.0" dependencies = [ + "aes", "assert_matches", "base64", "bindgen 0.58.1", - "bitflags", + "bitflags 1.3.2", "bytes", + "cbc", "cfg-if", "core-foundation", "devd-rs", "env_logger 0.6.2", "getopts", + "hmac", "libc", "libudev", "log", @@ -58,8 +72,10 @@ dependencies = [ "nss-gk-api", "openssl", "openssl-sys", + "p256", "pkcs11-bindings", "rand", + "rand_core", "rpassword", "runloop", "serde", @@ -77,18 +93,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] name = "base64" version = "0.21.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" [[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] name = "bindgen" version = "0.58.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f8523b410d7187a43085e7e064416ea32ded16bd0a4e6fc025e21616d01258f" dependencies = [ - "bitflags", + "bitflags 1.3.2", "cexpr 0.4.0", "clang-sys", "clap", @@ -107,22 +135,22 @@ dependencies = [ [[package]] name = "bindgen" -version = "0.61.0" +version = "0.69.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a022e58a142a46fea340d68012b9201c094e93ec3d033a944a24f8fd4a4f09a" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" dependencies = [ - "bitflags", + "bitflags 2.6.0", "cexpr 0.6.0", "clang-sys", + "itertools", "lazy_static", "lazycell", - "peeking_take_while", "proc-macro2", "quote", "regex", "rustc-hash", "shlex", - "syn", + "syn 2.0.72", ] [[package]] @@ -132,6 +160,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] +name = "bitflags" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" + +[[package]] name = "block-buffer" version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -141,6 +175,15 @@ dependencies = [ ] [[package]] +name = "block-padding" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93" +dependencies = [ + "generic-array", +] + +[[package]] name = "bytes" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -150,10 +193,19 @@ dependencies = [ ] [[package]] +name = "cbc" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" +dependencies = [ + "cipher", +] + +[[package]] name = "cc" -version = "1.0.76" +version = "1.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76a284da2e6fe2092f2353e51713435363112dfd60030e22add80be333fb928f" +checksum = "581f5dba903aac52ea3feb5ec4810848460ee833876f1f9b0fdeab1f19091574" [[package]] name = "cexpr" @@ -161,7 +213,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f4aedb84272dbe89af497cf81375129abda4fc0a9e7c5d317498c15cc30c0d27" dependencies = [ - "nom 5.1.2", + "nom 5.1.3", ] [[package]] @@ -180,6 +232,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] name = "clang-sys" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -198,7 +260,7 @@ checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" dependencies = [ "ansi_term", "atty", - "bitflags", + "bitflags 1.3.2", "strsim", "textwrap", "unicode-width", @@ -206,6 +268,12 @@ dependencies = [ ] [[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] name = "core-foundation" version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -231,6 +299,18 @@ dependencies = [ ] [[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] name = "crypto-common" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -241,6 +321,16 @@ dependencies = [ ] [[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "zeroize", +] + +[[package]] name = "devd-rs" version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -252,12 +342,54 @@ dependencies = [ [[package]] name = "digest" -version = "0.10.5" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", + "const-oid", "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "either" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff", + "generic-array", + "group", + "hkdf", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", ] [[package]] @@ -287,6 +419,16 @@ dependencies = [ ] [[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] name = "foreign-types" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -303,12 +445,13 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "generic-array" -version = "0.14.6" +version = "0.14.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" +checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -338,6 +481,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" [[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] name = "half" version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -353,6 +507,24 @@ dependencies = [ ] [[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] name = "humantime" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -368,6 +540,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "block-padding", + "generic-array", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] name = "itoa" version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -387,15 +578,15 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.136" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55edcf6c0bb319052dea84732cf99db461780fd5e8d3eb46ab6ff312ab31f197" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libloading" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd" +checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" dependencies = [ "cfg-if", "winapi", @@ -459,9 +650,9 @@ checksum = "903970ae2f248d7275214cf8f387f8ba0c4ea7e3d87a320e85493db60ce28616" [[package]] name = "nom" -version = "5.1.2" +version = "5.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af" +checksum = "08959a387a676302eebf4ddbcbc611da04285579f76f88ee0506c63b1a61dd4b" dependencies = [ "memchr", "version_check", @@ -483,7 +674,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4c17aec6d4e1822c023689899f09311592a36cbf6de8f85dfaf5f01976790d8d" dependencies = [ - "bindgen 0.61.0", + "bindgen 0.69.4", "mozbuild", "once_cell", "pkcs11-bindings", @@ -494,9 +685,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" +checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860" [[package]] name = "openssl" @@ -504,7 +695,7 @@ version = "0.10.42" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "12fc0523e3bd51a692c8850d075d74dc062ccf251c0110668cbd921917118a13" dependencies = [ - "bitflags", + "bitflags 1.3.2", "cfg-if", "foreign-types", "libc", @@ -521,7 +712,7 @@ checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -538,6 +729,18 @@ dependencies = [ ] [[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] name = "peeking_take_while" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -549,26 +752,45 @@ version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c20556de5b64f5d7213b8ea103b92261cac789b59978652d9cd831ba9f477c53" dependencies = [ - "bindgen 0.61.0", + "bindgen 0.69.4", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", ] [[package]] name = "pkg-config" -version = "0.3.25" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" [[package]] name = "ppv-lite86" -version = "0.2.16" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "primeorder" +version = "0.13.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -581,9 +803,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.32" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -620,9 +842,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b" +checksum = "e076559ef8e241f2ae3479e36f97bd5741c0330689e217ad51ce2c76808b868a" dependencies = [ "aho-corasick", "memchr", @@ -631,9 +853,19 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.6.27" +version = "0.6.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244" +checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] [[package]] name = "rpassword" @@ -664,6 +896,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4501abdff3ae82a1c1b477a17252eb69cee9e66eb915c1abaa4f44d873df9f09" [[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] name = "serde" version = "1.0.147" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -699,7 +945,7 @@ checksum = "4f1d362ca8fc9c3e3a7484440752472d68a6caa98f1ab81d99b5dfe517cec852" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 1.0.103", ] [[package]] @@ -731,12 +977,38 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" [[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] name = "strsim" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" [[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] name = "syn" version = "1.0.103" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -748,6 +1020,17 @@ dependencies = [ ] [[package]] +name = "syn" +version = "2.0.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] name = "termcolor" version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -855,3 +1138,9 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" diff --git a/third_party/rust/authenticator/Cargo.toml b/third_party/rust/authenticator/Cargo.toml @@ -12,7 +12,7 @@ [package] edition = "2018" name = "authenticator" -version = "0.4.1" +version = "0.5.0" authors = [ "Dana Keeler <dkeeler@mozilla.com>", "J.C. Jones <jc@mozilla.com>", @@ -37,6 +37,10 @@ categories = [ license = "MPL-2.0" repository = "https://github.com/mozilla/authenticator-rs/" +[dependencies.aes] +version = "0.8" +optional = true + [dependencies.base64] version = "^0.21" @@ -48,9 +52,19 @@ version = "0.5" features = ["serde"] optional = true +[dependencies.cbc] +version = "0.1" +features = ["std"] +optional = true +default-features = false + [dependencies.cfg-if] version = "1.0" +[dependencies.hmac] +version = "0.12" +optional = true + [dependencies.libc] version = "0.2" @@ -69,6 +83,17 @@ optional = true version = "0.9" optional = true +[dependencies.p256] +version = "0.13" +features = [ + "arithmetic", + "ecdsa", + "ecdh", + "std", +] +optional = true +default-features = false + [dependencies.pkcs11-bindings] version = "0.1.4" optional = true @@ -76,6 +101,11 @@ optional = true [dependencies.rand] version = "0.8" +[dependencies.rand_core] +version = "0.6" +features = ["getrandom"] +optional = true + [dependencies.runloop] version = "0.1.0" @@ -122,6 +152,13 @@ crypto_openssl = [ "openssl", "openssl-sys", ] +crypto_rust = [ + "aes", + "cbc", + "rand_core", + "p256", + "hmac", +] default = ["crypto_nss"] gecko = ["nss-gk-api/gecko"] diff --git a/third_party/rust/authenticator/build.rs b/third_party/rust/authenticator/build.rs @@ -49,6 +49,8 @@ fn main() { "ioctl_riscv64.rs" } else if cfg!(all(target_arch = "loongarch64", target_endian = "little")) { "ioctl_loongarch64.rs" + } else if cfg!(all(target_arch = "sparc64", target_endian = "big")) { + "ioctl_sparc64.rs" } else { panic!("architecture not supported"); }; diff --git a/third_party/rust/authenticator/src/crypto/dummy.rs b/third_party/rust/authenticator/src/crypto/dummy.rs @@ -6,7 +6,7 @@ This is a dummy implementation for CI, to avoid having to install NSS or openSSL pub type Result<T> = std::result::Result<T, CryptoError>; -pub fn ecdhe_p256_raw(_peer_spki: &[u8]) -> Result<(Vec<u8>, Vec<u8>)> { +pub fn ecdhe_p256_raw(_peer: &super::COSEEC2Key) -> Result<(Vec<u8>, Vec<u8>)> { unimplemented!() } diff --git a/third_party/rust/authenticator/src/crypto/mod.rs b/third_party/rust/authenticator/src/crypto/mod.rs @@ -3,7 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ use crate::ctap2::commands::client_pin::PinUvAuthTokenPermission; -use crate::ctap2::commands::get_info::AuthenticatorInfo; +use crate::ctap2::commands::get_info::{AuthenticatorInfo, AuthenticatorVersion}; use crate::errors::AuthenticatorError; use crate::{ctap2::commands::CommandError, transport::errors::HIDError}; use serde::{ @@ -24,6 +24,11 @@ mod openssl; #[cfg(feature = "crypto_openssl")] use self::openssl as backend; +#[cfg(feature = "crypto_rust")] +mod rustcrypto; +#[cfg(feature = "crypto_rust")] +use rustcrypto as backend; + #[cfg(feature = "crypto_dummy")] mod dummy; #[cfg(feature = "crypto_dummy")] @@ -40,9 +45,18 @@ pub use backend::ecdsa_p256_sha256_sign_raw; pub struct PinUvAuthProtocol(Box<dyn PinProtocolImpl + Send + Sync>); impl PinUvAuthProtocol { + pub fn from_id(id: u64) -> Option<Self> { + match id { + 1 => Some(Self(Box::new(PinUvAuth1 {}))), + 2 => Some(Self(Box::new(PinUvAuth2 {}))), + _ => None, + } + } + pub fn id(&self) -> u64 { self.0.protocol_id() } + pub fn encapsulate(&self, peer_cose_key: &COSEKey) -> Result<SharedSecret, CryptoError> { self.0.encapsulate(peer_cose_key) } @@ -74,7 +88,6 @@ impl Clone for PinUvAuthProtocol { /// CTAP 2.1, Section 6.5.4. PIN/UV Auth Protocol Abstract Definition trait PinProtocolImpl: ClonablePinProtocolImpl { fn protocol_id(&self) -> u64; - fn initialize(&self); fn encrypt(&self, key: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, CryptoError>; fn decrypt(&self, key: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>, CryptoError>; fn authenticate(&self, key: &[u8], message: &[u8]) -> Result<Vec<u8>, CryptoError>; @@ -107,9 +120,7 @@ trait PinProtocolImpl: ClonablePinProtocolImpl { _ => return Err(CryptoError::UnsupportedKeyType), }; - let peer_spki = peer_cose_ec2_key.der_spki()?; - - let (shared_point, client_public_sec1) = ecdhe_p256_raw(&peer_spki)?; + let (shared_point, client_public_sec1) = ecdhe_p256_raw(peer_cose_ec2_key)?; let client_cose_ec2_key = COSEEC2Key::from_sec1_uncompressed(Curve::SECP256R1, &client_public_sec1)?; @@ -141,28 +152,22 @@ impl TryFrom<&AuthenticatorInfo> for PinUvAuthProtocol { // has no preference, it SHOULD select the one listed first in // pinUvAuthProtocols." if let Some(pin_protocols) = &info.pin_protocols { - for proto_id in pin_protocols.iter() { - match proto_id { - 1 => return Ok(PinUvAuthProtocol(Box::new(PinUvAuth1 {}))), - 2 => return Ok(PinUvAuthProtocol(Box::new(PinUvAuth2 {}))), - _ => continue, - } - } + pin_protocols + .iter() + .copied() + .find_map(PinUvAuthProtocol::from_id) + .ok_or(CommandError::UnsupportedPinProtocol) } else { match info.max_supported_version() { - crate::ctap2::commands::get_info::AuthenticatorVersion::U2F_V2 => { - return Err(CommandError::UnsupportedPinProtocol) - } - crate::ctap2::commands::get_info::AuthenticatorVersion::FIDO_2_0 => { - return Ok(PinUvAuthProtocol(Box::new(PinUvAuth1 {}))) + AuthenticatorVersion::U2F_V2 | AuthenticatorVersion::Unknown => { + Err(CommandError::UnsupportedPinProtocol) } - crate::ctap2::commands::get_info::AuthenticatorVersion::FIDO_2_1_PRE - | crate::ctap2::commands::get_info::AuthenticatorVersion::FIDO_2_1 => { - return Ok(PinUvAuthProtocol(Box::new(PinUvAuth2 {}))) + AuthenticatorVersion::FIDO_2_0 => Ok(PinUvAuthProtocol(Box::new(PinUvAuth1 {}))), + AuthenticatorVersion::FIDO_2_1_PRE | AuthenticatorVersion::FIDO_2_1 => { + Ok(PinUvAuthProtocol(Box::new(PinUvAuth2 {}))) } } } - Err(CommandError::UnsupportedPinProtocol) } } @@ -183,8 +188,6 @@ impl PinProtocolImpl for PinUvAuth1 { 1 } - fn initialize(&self) {} - fn encrypt(&self, key: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, CryptoError> { // [CTAP 2.1] // encrypt(key, demPlaintext) → ciphertext @@ -228,8 +231,6 @@ impl PinProtocolImpl for PinUvAuth2 { 2 } - fn initialize(&self) {} - fn encrypt(&self, key: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, CryptoError> { // [CTAP 2.1] // encrypt(key, demPlaintext) → ciphertext @@ -1452,8 +1453,8 @@ mod test { // We are using `test_cose_ec2_p256_ecdh_sha256()` here, because we need a way to hand in // the private key which would be generated on the fly otherwise (ephemeral keys), // to predict the outputs - let peer_spki = peer_ec2_key.der_spki().unwrap(); - let shared_point = test_ecdh_p256_raw(&peer_spki, &EC_PUB_X, &EC_PUB_Y, &EC_PRIV).unwrap(); + let shared_point = + test_ecdh_p256_raw(&peer_ec2_key, &EC_PUB_X, &EC_PUB_Y, &EC_PRIV).unwrap(); let shared_secret = SharedSecret { pin_protocol: PinUvAuthProtocol(Box::new(PinUvAuth1 {})), key: sha256(&shared_point).unwrap(), diff --git a/third_party/rust/authenticator/src/crypto/nss.rs b/third_party/rust/authenticator/src/crypto/nss.rs @@ -158,14 +158,15 @@ pub fn ecdsa_p256_sha256_sign_raw(private: &[u8], data: &[u8]) -> Result<Vec<u8> der::sequence(&[&der::integer(r)?, &der::integer(s)?]) } -/// Ephemeral ECDH over P256. Takes a DER SubjectPublicKeyInfo that encodes a public key. Generates -/// an ephemeral P256 key pair. Returns +/// Ephemeral ECDH over P256. Generates an ephemeral P256 key pair. Returns /// 1) the x coordinate of the shared point, and /// 2) the uncompressed SEC 1 encoding of the ephemeral public key. -pub fn ecdhe_p256_raw(peer_spki: &[u8]) -> Result<(Vec<u8>, Vec<u8>)> { +pub fn ecdhe_p256_raw(peer: &super::COSEEC2Key) -> Result<(Vec<u8>, Vec<u8>)> { + let peer_spki = peer.der_spki()?; + nss_gk_api::init(); - let peer_public = nss_public_key_from_der_spki(peer_spki)?; + let peer_public = nss_public_key_from_der_spki(&peer_spki)?; let (client_private, client_public) = generate_p256_nss()?; @@ -374,14 +375,15 @@ pub fn random_bytes(count: usize) -> Result<Vec<u8>> { #[cfg(test)] pub fn test_ecdh_p256_raw( - peer_spki: &[u8], + peer: &super::COSEEC2Key, client_public_x: &[u8], client_public_y: &[u8], client_private: &[u8], ) -> Result<Vec<u8>> { nss_gk_api::init(); - let peer_public = nss_public_key_from_der_spki(peer_spki)?; + let peer_spki = peer.der_spki()?; + let peer_public = nss_public_key_from_der_spki(&peer_spki)?; // NSS has no mechanism to import a raw elliptic curve coordinate as a private key. // We need to encode it in an RFC 5208 PrivateKeyInfo: diff --git a/third_party/rust/authenticator/src/crypto/openssl.rs b/third_party/rust/authenticator/src/crypto/openssl.rs @@ -44,12 +44,12 @@ fn ecdh_openssl_raw(client_private: EcKey<Private>, peer_public: EcKey<Public>) Ok(shared_point) } -/// Ephemeral ECDH over P256. Takes a DER SubjectPublicKeyInfo that encodes a public key. Generates -/// an ephemeral P256 key pair. Returns +/// Ephemeral ECDH over P256. Generates an ephemeral P256 key pair. Returns /// 1) the x coordinate of the shared point, and /// 2) the uncompressed SEC 1 encoding of the ephemeral public key. -pub fn ecdhe_p256_raw(peer_spki: &[u8]) -> Result<(Vec<u8>, Vec<u8>)> { - let peer_public = EcKey::public_key_from_der(peer_spki)?; +pub fn ecdhe_p256_raw(peer: &super::COSEEC2Key) -> Result<(Vec<u8>, Vec<u8>)> { + let peer_spki = peer.der_spki()?; + let peer_public = EcKey::public_key_from_der(&peer_spki)?; // Hard-coding the P256 group here is easier than extracting a group name from peer_public and // comparing it with P256. We'll fail in key derivation if peer_public is on the wrong curve. @@ -140,12 +140,13 @@ pub fn random_bytes(count: usize) -> Result<Vec<u8>> { #[cfg(test)] pub fn test_ecdh_p256_raw( - peer_spki: &[u8], + peer: &super::COSEEC2Key, client_public_x: &[u8], client_public_y: &[u8], client_private: &[u8], ) -> Result<Vec<u8>> { - let peer_public = EcKey::public_key_from_der(peer_spki)?; + let peer_spki = peer.der_spki()?; + let peer_public = EcKey::public_key_from_der(&peer_spki)?; let group = peer_public.group(); let mut client_pub_sec1 = vec![]; diff --git a/third_party/rust/authenticator/src/crypto/rustcrypto.rs b/third_party/rust/authenticator/src/crypto/rustcrypto.rs @@ -0,0 +1,176 @@ +use super::CryptoError; +use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit}; +use hmac::Mac; +use p256::elliptic_curve::sec1::FromEncodedPoint; +use rand_core::RngCore; +use sha2::Digest; +use std::convert::TryInto; + +pub type Result<T> = std::result::Result<T, CryptoError>; + +fn cose_key_to_public(peer: &super::COSEEC2Key) -> Result<p256::PublicKey> { + // SEC 1 encoded uncompressed point + let peer = p256::EncodedPoint::from_affine_coordinates( + peer.x + .as_slice() + .try_into() + .map_err(|_| CryptoError::MalformedInput)?, + peer.y + .as_slice() + .try_into() + .map_err(|_| CryptoError::MalformedInput)?, + false, + ); + p256::PublicKey::from_encoded_point(&peer) + .into_option() + .ok_or(CryptoError::LibraryFailure) +} + +/// Ephemeral ECDH over P256. Generates an ephemeral P256 key pair. Returns +/// 1) the x coordinate of the shared point, and +/// 2) the uncompressed SEC 1 encoding of the ephemeral public key. +pub fn ecdhe_p256_raw(peer: &super::COSEEC2Key) -> Result<(Vec<u8>, Vec<u8>)> { + let peer_public = cose_key_to_public(peer)?; + + let internal_private = p256::ecdh::EphemeralSecret::random(&mut rand_core::OsRng); + let internal_public = internal_private.public_key().to_sec1_bytes().into_vec(); + + let shared_point = internal_private.diffie_hellman(&peer_public); + + Ok((shared_point.raw_secret_bytes().to_vec(), internal_public)) +} + +type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>; +type Aes256CbcDec = cbc::Decryptor<aes::Aes256>; + +const AES_BLOCK_SIZE: usize = 16; + +pub fn encrypt_aes_256_cbc_no_pad(key: &[u8], iv: Option<&[u8]>, data: &[u8]) -> Result<Vec<u8>> { + let key: [u8; 32] = match key.try_into() { + Ok(key) => key, + Err(_) => return Err(CryptoError::LibraryFailure), + }; + + let iv = iv.unwrap_or(&[0u8; AES_BLOCK_SIZE]); + let iv = match iv.try_into() { + Ok(iv) => iv, + Err(_) => return Err(CryptoError::LibraryFailure), + }; + + // Validate that the data is an exact multiple of the block size since we have no + // padding available. + let blocks = data.chunks_exact(AES_BLOCK_SIZE); + if !blocks.remainder().is_empty() { + return Err(CryptoError::LibraryFailure); + } + + let mut encryptor = Aes256CbcEnc::new(&key.into(), iv); + + // Since we now know that `data` is a multiple of `AES_BLOCK_SIZE`, so this will always have the + // same number of blocks as it. + let mut ciphertext = vec![0u8; data.len()]; + // XXX: `slice::as_chunks` would be better but it requires an MSRV of 1.88. + for (input_block, output_block) in blocks + .into_iter() + .zip(ciphertext.chunks_exact_mut(AES_BLOCK_SIZE)) + { + let input: &[u8; AES_BLOCK_SIZE] = input_block.try_into().unwrap(); + let output: &mut [u8; AES_BLOCK_SIZE] = output_block.try_into().unwrap(); + + encryptor.encrypt_block_b2b_mut(input.into(), output.into()); + debug_assert_ne!(output, &[0u8; AES_BLOCK_SIZE]); + } + + Ok(ciphertext) +} + +pub fn decrypt_aes_256_cbc_no_pad(key: &[u8], iv: Option<&[u8]>, data: &[u8]) -> Result<Vec<u8>> { + let key: [u8; 32] = match key.try_into() { + Ok(key) => key, + Err(_) => return Err(CryptoError::LibraryFailure), + }; + + let iv = iv.unwrap_or(&[0u8; AES_BLOCK_SIZE]); + let iv = match iv.try_into() { + Ok(iv) => iv, + Err(_) => return Err(CryptoError::LibraryFailure), + }; + + // See comments in `encrypt_aes_256_cbc_no_pad` for rationale. + let blocks = data.chunks_exact(AES_BLOCK_SIZE); + if !blocks.remainder().is_empty() { + return Err(CryptoError::LibraryFailure); + } + + let mut decryptor = Aes256CbcDec::new(&key.into(), iv); + let mut plaintext = vec![0u8; data.len()]; + for (input_block, output_block) in blocks + .into_iter() + .zip(plaintext.chunks_exact_mut(AES_BLOCK_SIZE)) + { + let input: &[u8; AES_BLOCK_SIZE] = input_block.try_into().unwrap(); + let output: &mut [u8; AES_BLOCK_SIZE] = output_block.try_into().unwrap(); + + decryptor.decrypt_block_b2b_mut(input.into(), output.into()); + debug_assert_ne!(output, &[0u8; AES_BLOCK_SIZE]); + } + + Ok(plaintext) +} + +type HmacSha256 = hmac::Hmac<sha2::Sha256>; + +pub fn hmac_sha256(key: &[u8], data: &[u8]) -> Result<Vec<u8>> { + let mut key = HmacSha256::new_from_slice(key) + .map_err(|_| CryptoError::Backend(String::from("InvalidLength")))?; + + key.update(data); + Ok(key.finalize().into_bytes().to_vec()) +} + +pub fn sha256(data: &[u8]) -> Result<Vec<u8>> { + let digest = sha2::Sha256::digest(data); + Ok(digest.to_vec()) +} + +pub fn random_bytes(count: usize) -> Result<Vec<u8>> { + let mut rng = rand_core::OsRng; + let mut out = vec![0u8; count]; + rng.try_fill_bytes(out.as_mut_slice()) + .map_err(|_| CryptoError::LibraryFailure)?; + Ok(out) +} + +#[cfg(test)] +pub fn test_ecdh_p256_raw( + peer: &super::COSEEC2Key, + _client_public_x: &[u8], + _client_public_y: &[u8], + client_private: &[u8], +) -> Result<Vec<u8>> { + let peer_public = cose_key_to_public(peer)?; + + let client_private = p256::SecretKey::from_slice(client_private).unwrap(); + let shared_point = + p256::ecdh::diffie_hellman(client_private.to_nonzero_scalar(), peer_public.as_affine()); + + Ok(shared_point.raw_secret_bytes().to_vec()) +} + +pub fn gen_p256() -> Result<(Vec<u8>, Vec<u8>)> { + unimplemented!() +} + +pub fn ecdsa_p256_sha256_sign_raw(_private: &[u8], _data: &[u8]) -> Result<Vec<u8>> { + unimplemented!() +} + +#[allow(dead_code)] +#[cfg(test)] +pub fn test_ecdsa_p256_sha256_verify_raw( + _public: &[u8], + _signature: &[u8], + _data: &[u8], +) -> Result<()> { + unimplemented!() +} diff --git a/third_party/rust/authenticator/src/ctap2/commands/authenticator_config.rs b/third_party/rust/authenticator/src/ctap2/commands/authenticator_config.rs @@ -188,6 +188,10 @@ impl PinUvAuthCommand for AuthenticatorConfig { fn get_rp_id(&self) -> Option<&String> { None } + + fn hmac_requested(&self) -> bool { + false + } } #[cfg(test)] diff --git a/third_party/rust/authenticator/src/ctap2/commands/bio_enrollment.rs b/third_party/rust/authenticator/src/ctap2/commands/bio_enrollment.rs @@ -224,6 +224,10 @@ impl PinUvAuthCommand for BioEnrollment { fn get_pin_uv_auth_param(&self) -> Option<&PinUvAuthParam> { self.pin_uv_auth_param.as_ref() } + + fn hmac_requested(&self) -> bool { + false + } } impl RequestCtap2 for BioEnrollment { diff --git a/third_party/rust/authenticator/src/ctap2/commands/credential_management.rs b/third_party/rust/authenticator/src/ctap2/commands/credential_management.rs @@ -421,6 +421,10 @@ impl PinUvAuthCommand for CredentialManagement { fn get_pin_uv_auth_param(&self) -> Option<&PinUvAuthParam> { self.pin_uv_auth_param.as_ref() } + + fn hmac_requested(&self) -> bool { + false + } } #[cfg(test)] diff --git a/third_party/rust/authenticator/src/ctap2/commands/get_assertion.rs b/third_party/rust/authenticator/src/ctap2/commands/get_assertion.rs @@ -477,6 +477,10 @@ impl PinUvAuthCommand for GetAssertion { fn get_pin_uv_auth_param(&self) -> Option<&PinUvAuthParam> { self.pin_uv_auth_param.as_ref() } + + fn hmac_requested(&self) -> bool { + self.extensions.hmac_secret.is_some() + } } impl Serialize for GetAssertion { diff --git a/third_party/rust/authenticator/src/ctap2/commands/get_info.rs b/third_party/rust/authenticator/src/ctap2/commands/get_info.rs @@ -311,6 +311,8 @@ pub enum AuthenticatorVersion { FIDO_2_0, FIDO_2_1_PRE, FIDO_2_1, + #[serde(other)] + Unknown, } #[derive(Clone, Debug, Default, Eq, PartialEq, Serialize)] @@ -742,6 +744,40 @@ pub mod tests { 0x18, 0x18, // unsigned(24) ]; + pub const AUTHENTICATOR_INFO_FIDO_2_2: &[u8] = &[ + 0xa2, // map(2) + 0x01, // unsigned(1) + 0x83, // array(3) + 0x66, // text(6) + 0x55, 0x32, 0x46, 0x5f, 0x56, 0x32, // "U2F_V2" + 0x68, // text(8) + 0x46, 0x49, 0x44, 0x4f, 0x5f, 0x32, 0x5f, 0x30, // "FIDO_2_0" + 0x68, // text(8) + 0x46, 0x49, 0x44, 0x4f, 0x5f, 0x32, 0x5f, 0x32, // "FIDO_2_2" + 0x03, // unsigned(3) + 0x50, // bytes(16) + 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, 0x1f, 0x9e, 0xdc, + 0x7d, // "\xF8\xA0\u0011\xF3\x8C\nM\u0015\x80\u0006\u0017\u0011\u001F\x9E\xDC}" + ]; + + pub const AUTHENTICATOR_INFO_UNKNOWN_VERSIONS: &[u8] = &[ + 0xa2, // map(2) + 0x01, // unsigned(1) + 0x84, // array(4) + 0x63, // text(3) + 0x66, 0x6f, 0x6f, // "foo" + 0x66, // text(6) + 0x55, 0x32, 0x46, 0x5f, 0x56, 0x32, // "U2F_V2" + 0x68, // text(8) + 0x46, 0x49, 0x44, 0x4f, 0x5f, 0x32, 0x5f, 0x30, // "FIDO_2_0" + 0x63, // text(3) + 0x62, 0x61, 0x72, // "bar" + 0x03, // unsigned(3) + 0x50, // bytes(16) + 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, 0x1f, 0x9e, 0xdc, + 0x7d, // "\xF8\xA0\u0011\xF3\x8C\nM\u0015\x80\u0006\u0017\u0011\u001F\x9E\xDC}" + ]; + #[test] fn parse_authenticator_info() { let authenticator_info: AuthenticatorInfo = @@ -1051,4 +1087,37 @@ pub mod tests { let authenticator_info: AuthenticatorInfo = from_slice(&raw_list).unwrap(); assert_eq!(authenticator_info, expected); } + + #[test] + fn parse_authenticator_info_fido_2_2() { + assert_eq!( + from_slice::<AuthenticatorInfo>(&AUTHENTICATOR_INFO_FIDO_2_2).unwrap(), + AuthenticatorInfo { + versions: vec![ + AuthenticatorVersion::U2F_V2, + AuthenticatorVersion::FIDO_2_0, + AuthenticatorVersion::Unknown, + ], + aaguid: AAGuid(AAGUID_RAW), + ..Default::default() + }, + ); + } + + #[test] + fn parse_authenticator_info_unknown_versions() { + assert_eq!( + from_slice::<AuthenticatorInfo>(&AUTHENTICATOR_INFO_UNKNOWN_VERSIONS).unwrap(), + AuthenticatorInfo { + versions: vec![ + AuthenticatorVersion::Unknown, + AuthenticatorVersion::U2F_V2, + AuthenticatorVersion::FIDO_2_0, + AuthenticatorVersion::Unknown, + ], + aaguid: AAGuid(AAGUID_RAW), + ..Default::default() + }, + ); + } } diff --git a/third_party/rust/authenticator/src/ctap2/commands/make_credentials.rs b/third_party/rust/authenticator/src/ctap2/commands/make_credentials.rs @@ -468,6 +468,14 @@ impl PinUvAuthCommand for MakeCredentials { fn get_pin_uv_auth_param(&self) -> Option<&PinUvAuthParam> { self.pin_uv_auth_param.as_ref() } + + fn hmac_requested(&self) -> bool { + !(self.extensions.hmac_secret.is_none() + || matches!( + self.extensions.hmac_secret, + Some(HmacCreateSecretOrPrf::HmacCreateSecret(false)) + )) + } } impl Serialize for MakeCredentials { diff --git a/third_party/rust/authenticator/src/ctap2/commands/mod.rs b/third_party/rust/authenticator/src/ctap2/commands/mod.rs @@ -143,6 +143,7 @@ pub(crate) trait PinUvAuthCommand: RequestCtap2 { fn get_pin_uv_auth_param(&self) -> Option<&PinUvAuthParam>; fn set_uv_option(&mut self, uv: Option<bool>); fn get_rp_id(&self) -> Option<&String>; + fn hmac_requested(&self) -> bool; fn can_skip_user_verification( &mut self, info: &AuthenticatorInfo, diff --git a/third_party/rust/authenticator/src/ctap2/mod.rs b/third_party/rust/authenticator/src/ctap2/mod.rs @@ -288,9 +288,9 @@ fn get_pin_uv_auth_param<Dev: FidoDevice, T: PinUvAuthCommand + RequestCtap2>( // If the device supports internal user-verification (e.g. fingerprints), // skip PIN-stuff - // We may need the shared secret for HMAC-extension, so we + // We need the shared secret for HMAC-extension, if it was requested, so we // have to establish one - if info.supports_hmac_secret() { + if cmd.hmac_requested() && info.supports_hmac_secret() { let _shared_secret = dev.establish_shared_secret(alive)?; } // CTAP 2.1, Section 6.1.1, Step 1.1.2.1.2. diff --git a/third_party/rust/authenticator/src/transport/device_selector.rs b/third_party/rust/authenticator/src/transport/device_selector.rs @@ -10,8 +10,6 @@ use std::time::Duration; pub type DeviceID = <Device as HIDDevice>::Id; pub type DeviceBuildParameters = <Device as HIDDevice>::BuildParameters; -trait DeviceSelectorEventMarker {} - #[derive(Debug, Clone, Copy, PartialEq, Eq)] pub enum BlinkResult { DeviceSelected, diff --git a/third_party/rust/authenticator/src/transport/hidproto.rs b/third_party/rust/authenticator/src/transport/hidproto.rs @@ -4,10 +4,7 @@ // Shared code for platforms that use raw HID access (Linux, FreeBSD, etc.) -#![cfg_attr( - feature = "cargo-clippy", - allow(clippy::cast_lossless, clippy::needless_lifetimes) -)] +#![allow(clippy::cast_lossless, clippy::needless_lifetimes)] #[cfg(target_os = "linux")] use std::io; diff --git a/third_party/rust/authenticator/src/transport/linux/hidraw.rs b/third_party/rust/authenticator/src/transport/linux/hidraw.rs @@ -1,7 +1,7 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#![cfg_attr(feature = "cargo-clippy", allow(clippy::cast_lossless))] +#![allow(clippy::cast_lossless)] extern crate libc; diff --git a/third_party/rust/authenticator/src/transport/linux/hidwrapper.rs b/third_party/rust/authenticator/src/transport/linux/hidwrapper.rs @@ -52,3 +52,6 @@ include!("ioctl_riscv64.rs"); #[cfg(all(target_arch = "loongarch64", target_endian = "little"))] include!("ioctl_loongarch64.rs"); + +#[cfg(all(target_arch = "sparc64", target_endian = "big"))] +include!("ioctl_sparc64.rs"); diff --git a/third_party/rust/authenticator/src/transport/linux/ioctl_sparc64.rs b/third_party/rust/authenticator/src/transport/linux/ioctl_sparc64.rs @@ -0,0 +1,5 @@ +/* automatically generated by rust-bindgen */ + +pub type __u32 = ::std::os::raw::c_uint; +pub const _HIDIOCGRDESCSIZE: __u32 = 1074022401; +pub const _HIDIOCGRDESC: __u32 = 1342457858;