all-your-locks-are-belong-to-us / libmicrofido2 Goto Github PK
View Code? Open in Web Editor NEWMinimal FIDO2 library for microcontrollers
License: Other
Minimal FIDO2 library for microcontrollers
License: Other
Use a structure similar to libfido2, as usual.
Currently, we only have an avr.toolchain
file to build the lib for the ATmega.
It would be nice if we could use the same system to build the library for the ESP and nRF as well (provided that the compilers are installed, of course).
Currently, we haven't implemented any randomness in the software. Nevertheless, we should allow users to define their own RNG implementation, possibly based on hardware support.
On macOS, the LLVM linker does not have the -Map
flag. Thus, in the feature/example-application
branch, the link map generation does not work.
As a developer on an Arch Distro, I want to be able to develop the library in VSCode.
Thus, we need a configuration for VSCode that allows for better IntelliSense.
For testing the library on different platforms, it would be great to have a simulator that simulates the FIDO messages according to the standard.
This can be helpful when no real NFC connection is available.
As we are actively developing this library and are hugely influenced by Yubico's libfido2 and also copied some code, we need to match their license (or something compatible).
They use a BSD 2-Clause license. I would therefore vote for the same license.
However, I would be glad for how to also attribute our own code. Dual-Copyright? How do we show which parts are from libfido2 and which changes are from us. This is pretty intermingled.
We should probably use a PRNG with a truly random seed.
To improve and enforce code quality, it would be nice to have no warnings during compilation.
Thus, turning warnings into errors when compiling would be a good first step.
It may be desirable to write data, such as un-/locking events, back to the large blob. That way, the data can be transported over the virtual network to some central system.
You'll likely want a structure similar to the already existing fido_dev_largeblob_get
.
You might want to take a look at the implementation of the libfido2
in fido_dev_largeblob_set
.
When trying to build the library for x86 (cmake ..
), the compilation process fails due to the measurements
that are built for AVR and include avr/io.h
.
ed25519
Currently, we do not support any authenticator preference when choosing a cryptographic algorithm as well as a PIN protocol.
While the platform may specify its own preference, supporting the preference of the authenticator may be desirable to improve the speed (in case the authenticator has hardware support for certain algorithms for example).
Currently, we use bitfields to store the support of certain algorithms. These bitfiels, however, do not provide any ranking.
As we only need the first algorithm from the authenticators list, which both parties support, a single additional field containing the preferred algorithm may be enough.
The struct is defined here and should likely be extended:
Lines 94 to 111 in bb3678d
We currently do not support the extensions
and attestedCredentialData
in the authenticator data structure, as specified in WebAuthn § 6.1 Authenticator Data and CTAP 2.1 § 6.2.2 authenticatorGetAssertion Algorithm.
This is mostly due to its variable length, which makes it hard to store in fixed size stack-allocated structures, and also that we didn't need it for our PoC.
However, it might be desirable in the future to receive this data (such as extension outputs) and parse it in the relying party.
The struct is defined here:
libmicrofido2/include/assertion.h
Lines 69 to 74 in bb3678d
The processing may happen here:
Lines 479 to 489 in bb3678d
Currently, we do not provide any RNG implementation in software.
It may be useful to add one, which, however, would require some sort of entropy function. This must be implemented by the user of the library for the respective board.
See the following section in the code:
Lines 14 to 17 in 1916feb
To reduce the amount of memory required on the stack, we may find a way to prevent copying the data when transmitting short APDUs.
The copying happens in the tx_short_apdu
function.
Lines 150 to 161 in bb3678d
This currently allocates (mostly, depending on the platform) 263
bytes, which may not be toooo bad.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.