Skip to content

Commit

Permalink
examples: add cred -a toggle
Browse files Browse the repository at this point in the history 
To request enterprise attestation.
  • Loading branch information
@LDVG
LDVG committed Aug 21, 2024
1 parent bd553bd commit ae9d48e
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
3 changes: 2 additions & 1 deletion examples/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ The following examples are provided:
The -T option may be used to enforce a timeout of <seconds>. If the
option -b is specified, the credential's "largeBlob" key is stored in
<blobkey>. If the option -c is specified the the generated credential
will be bound by the specified protection policy.
will be bound by the specified protection policy. If the option -a is
specified, enterprise attestation will be requested.

- assert [-t es256|es384|rs256|eddsa] [-a cred_id] [-h hmac_secret] [-P pin]
[-s hmac_salt] [-T seconds] [-b blobkey] [-puv] <pubkey> <device>
Expand Down
13 changes: 12 additions & 1 deletion examples/cred.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ static void
usage(void)
{
fprintf(stderr, "usage: cred [-t es256|es384|rs256|eddsa] [-k pubkey] "
"[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] [-hruv] "
"[-ei cred_id] [-P pin] [-T seconds] [-b blobkey] [-c cred_protect] "
"[-a mode] [-hruv] "
"<device>\n");
exit(EXIT_FAILURE);
}
Expand Down Expand Up @@ -166,6 +167,7 @@ main(int argc, char **argv)
int ch;
int r;
long long cred_protect = 0;
long long ea = 0;

if ((cred = fido_cred_new()) == NULL)
errx(1, "fido_cred_new");
Expand All @@ -182,6 +184,12 @@ main(int argc, char **argv)
errx(1, "-T: %s must be in (0,30]", optarg);
ms *= 1000; /* seconds to milliseconds */
break;
case 'a':
if (base10(optarg, &ea) < 0)
errx(1, "base10: %s", optarg);
if (ea <= 0 || ea > 2)
errx(1, "-a: %s must be in (0,2]", optarg);
break;
case 'b':
ext |= FIDO_EXT_LARGEBLOB_KEY;
blobkey_out = optarg;
Expand Down Expand Up @@ -293,6 +301,9 @@ main(int argc, char **argv)
if (cred_protect != 0 && (r = fido_cred_set_prot(cred,
(int)cred_protect)) != FIDO_OK)
errx(1, "fido_cred_set_prot: %s (0x%x)", fido_strerr(r), r);

if (ea != 0 && (r = fido_cred_set_entattest(cred, (int)ea)) != FIDO_OK)
errx(1, "fido_cred_set_entattest: %s (0x%x)", fido_strerr(r), r);

/* timeout */
if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK)
Expand Down

0 comments on commit ae9d48e

Please sign in to comment.