Home

Awesome

fido2 authenticator library

GitHub GitHub Workflow Status

Warning: NOT PRODUCTION READY!

Getting started

The following steps are required to get started:

  1. Add this repository to your project (make sure you call the pull-deps.sh script to fetch the required cbor library)
  2. Implement a basic application that acts as a raw usb hid device
  3. Define the following functions (take a look at the example here):
  1. On startup call fido.Authenticator.new_default to instantiate an authenticator
// call this on start up
auth = fido.Authenticator.new_default(
    [_]u8{
        ...      
    },                                                                          
    .{                          
        .rand = Impl.rand,
        .millis = Impl.millis,
        .load = Impl.load,     
        .store = Impl.store,
        .request_permission = Impl.requestPermission,
    },
);
  1. On receiving a usb packet call fido.transport_specific_bindings.ctaphid.handle(buffer[0..bufsize], &auth) where buffer contains the raw data and auth is the authenticator instance
  2. ctaphid.handle will either return null (if its still in the process of assembling the request) or an iterator (containing the response). You can call next() on the iterator to get the next CTAPHID packet to send to the client.
// example of sending a CTAPHID response (tinyusb)
if (response != null) {
    while (response.?.next()) |r| {
        while (!tudHidReady()) {
            tudTask();
            // wait until ready
        }

        _ = tudHidReport(0, r);
    }
}

Examples

PlatformArchitectureLink
nRF52840-MDK USB DongleArmcandy-stick-nrf

Supported transport specific bindings

bindingsupported?
USB
NFC
Bluetooth

Supported commands

commandsupported?
authenticatorMakeCredential
authenticatorGetAssertion
authenticatorGetNextAssertion
authenticatorGetInfo
authenticatorClientPin
authenticatorReset
authenticatorBioEnrollment
authenticatorCredentialManagement
authenticatorSelection
authenticatorLargeBlobs
authenticatorConfig

Crypto

TODO: rewrite this section

Resources