Set attestation object containing CBOR encoded authData, fmt and attStmt #782
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LDVG
reviewed
Feb 7, 2024
LDVG
reviewed
Feb 8, 2024
|
Assuming this change will be merged, any idea when the next release is? |
LDVG
reviewed
Feb 9, 2024
|
@LDVG is there anything needed that is blocking merge with main? |
LDVG
force-pushed
the
support-attestation-object-input
branch
from
1ad623c
to
4e7a885
Compare
Apologies for the delays. There shouldn't be much more needed to get this through, though a final review may take a little bit longer. I squashed some of the intermediate commits, I hope that is fine with you. (note that the currently failing pipeline appears unrelated to these changes) |
New routines to set attestation object containing CBOR encoded authData, fmt and attStmt.
LDVG
force-pushed
the
support-attestation-object-input
branch
from
4e7a885
to
f82ea7f
Compare
|
Note (mostly to myself): Pushed a tentative fuzzer harness; needs seed corpora. |
martelletto
reviewed
Mar 12, 2024
LDVG
force-pushed
the
support-attestation-object-input
branch
from
b7e5fbd
to
3fe9f9e
Compare
|
Seed corpora updated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Applications using Javascript WebAuthn APIs to communicate with FIDO2 devices get CBOR encoded attestation object containing authData, fmt and attStmt; more details about the JS API are given at MDN. Since there are no straight ways to set this value, I have updated libfido to set internal values after parsing the CBOR encoded attestation-object.
This will mean that the applications using libfido doesn't have to handle CBOR data at all, just like how other high level libraries in other languages behave.
Summary of changes:
fido_cred_set_attobjAPI is added to set attestation object containing CBOR encoded authData, fmt and attStmtRelevant issue #749 .