WIP: CTAP2 support (#150)

* Moving platform specific modules into new module 'transport'

* Replace capability-defines with bitflags (and add ctap2 capabilities)

* Make HID commands its own type

* Run cargo fmt and clippy

* Add test for U2F_VERSION

* CTAP2: Implement first ctap2-command GetInfo as well as ctap1-fallback GetVersion, plus tests

* Sort CTAPHID const values according to value

Co-authored-by: Martin Sirringhaus <>

Author: msirringhaus

Cargo.toml

@@ -15,7 +15,7 @@ maintenance = { status = "actively-developed" }
 
 [features]
 binding-recompile = ["bindgen"]
-webdriver = ["base64", "bytes", "warp", "tokio", "serde", "serde_json"]
+webdriver = ["base64", "bytes", "warp", "tokio", "serde_json"]
 
 [target.'cfg(target_os = "linux")'.dependencies]
 libudev = "^0.2"
@@ -47,7 +47,8 @@ runloop = "0.1.0"
 bitflags = "1.0"
 tokio = { version = "0.2", optional = true, features = ["macros"] }
 warp = { version = "0.2.4", optional = true }
-serde = { version = "1.0", optional = true, features = ["derive"] }
+serde = { version = "1.0", features = ["derive"] }
+serde_cbor = "0.11"
 serde_json = { version = "1.0", optional = true }
 bytes = { version = "0.5", optional = true, features = ["serde"] }
 base64 = { version = "^0.10", optional = true }

src/authenticatorservice.rs

@@ -222,6 +222,7 @@ impl AuthenticatorService {
 #[cfg(test)]
 mod tests {
     use super::{AuthenticatorService, AuthenticatorTransport};
+    use crate::consts::Capability;
     use crate::consts::PARAMETER_SIZE;
     use crate::statecallback::StateCallback;
     use crate::{AuthenticatorTransports, KeyHandle, RegisterFlags, SignFlags, StatusUpdate};
@@ -257,7 +258,7 @@ mod tests {
                 version_major: 1,
                 version_minor: 2,
                 version_build: 3,
-                cap_flags: 0,
+                cap_flags: Capability::empty(),
             }
         }
     }

src/consts.rs

@@ -30,13 +30,65 @@ pub const U2FHID_IF_VERSION: u32 = 2; // Current interface implementation versio
 pub const U2FHID_FRAME_TIMEOUT: u32 = 500; // Default frame timeout in ms
 pub const U2FHID_TRANS_TIMEOUT: u32 = 3000; // Default message timeout in ms
 
-// U2FHID native commands
-pub const U2FHID_PING: u8 = TYPE_INIT | 0x01; // Echo data through local processor only
-pub const U2FHID_MSG: u8 = TYPE_INIT | 0x03; // Send U2F message frame
-pub const U2FHID_LOCK: u8 = TYPE_INIT | 0x04; // Send lock channel command
-pub const U2FHID_INIT: u8 = TYPE_INIT | 0x06; // Channel initialization
-pub const U2FHID_WINK: u8 = TYPE_INIT | 0x08; // Send device identification wink
-pub const U2FHID_ERROR: u8 = TYPE_INIT | 0x3f; // Error response
+// CTAPHID native commands
+const CTAPHID_PING: u8 = TYPE_INIT | 0x01; // Echo data through local processor only
+const CTAPHID_MSG: u8 = TYPE_INIT | 0x03; // Send U2F message frame
+const CTAPHID_LOCK: u8 = TYPE_INIT | 0x04; // Send lock channel command
+const CTAPHID_INIT: u8 = TYPE_INIT | 0x06; // Channel initialization
+const CTAPHID_WINK: u8 = TYPE_INIT | 0x08; // Send device identification wink
+const CTAPHID_CBOR: u8 = TYPE_INIT | 0x10; // Encapsulated CBOR encoded message
+const CTAPHID_CANCEL: u8 = TYPE_INIT | 0x11; // Cancel outstanding requests
+const CTAPHID_KEEPALIVE: u8 = TYPE_INIT | 0x3b; // Keepalive sent to authenticator every 100ms and whenever a status changes
+const CTAPHID_ERROR: u8 = TYPE_INIT | 0x3f; // Error response
+
+#[derive(Debug, PartialEq, Eq, Copy, Clone)]
+#[repr(u8)]
+pub enum HIDCmd {
+    Ping,
+    Msg,
+    Lock,
+    Init,
+    Wink,
+    Cbor,
+    Cancel,
+    Keepalive,
+    Error,
+    Unknown(u8),
+}
+
+impl Into<u8> for HIDCmd {
+    fn into(self) -> u8 {
+        match self {
+            HIDCmd::Ping => CTAPHID_PING,
+            HIDCmd::Msg => CTAPHID_MSG,
+            HIDCmd::Lock => CTAPHID_LOCK,
+            HIDCmd::Init => CTAPHID_INIT,
+            HIDCmd::Wink => CTAPHID_WINK,
+            HIDCmd::Cbor => CTAPHID_CBOR,
+            HIDCmd::Cancel => CTAPHID_CANCEL,
+            HIDCmd::Keepalive => CTAPHID_KEEPALIVE,
+            HIDCmd::Error => CTAPHID_ERROR,
+            HIDCmd::Unknown(v) => v,
+        }
+    }
+}
+
+impl From<u8> for HIDCmd {
+    fn from(v: u8) -> HIDCmd {
+        match v {
+            CTAPHID_PING => HIDCmd::Ping,
+            CTAPHID_MSG => HIDCmd::Msg,
+            CTAPHID_LOCK => HIDCmd::Lock,
+            CTAPHID_INIT => HIDCmd::Init,
+            CTAPHID_WINK => HIDCmd::Wink,
+            CTAPHID_CBOR => HIDCmd::Cbor,
+            CTAPHID_CANCEL => HIDCmd::Cancel,
+            CTAPHID_KEEPALIVE => HIDCmd::Keepalive,
+            CTAPHID_ERROR => HIDCmd::Error,
+            v => HIDCmd::Unknown(v),
+        }
+    }
+}
 
 // U2FHID_MSG commands
 pub const U2F_VENDOR_FIRST: u8 = TYPE_INIT | 0x40; // First vendor defined command
@@ -57,8 +109,25 @@ pub const U2F_CHECK_IS_REGISTERED: u8 = 0x07; // Check if the key handle is regi
 
 // U2FHID_INIT command defines
 pub const INIT_NONCE_SIZE: usize = 8; // Size of channel initialization challenge
-pub const CAPFLAG_WINK: u8 = 0x01; // Device supports WINK command
-pub const CAPFLAG_LOCK: u8 = 0x02; // Device supports LOCK command
+
+bitflags! {
+    pub struct Capability: u8 {
+        const WINK = 0x01;
+        const LOCK = 0x02;
+        const CBOR = 0x04;
+        const NMSG = 0x08;
+    }
+}
+
+impl Capability {
+    pub fn has_fido1(self) -> bool {
+        !self.contains(Capability::NMSG)
+    }
+
+    pub fn has_fido2(self) -> bool {
+        self.contains(Capability::CBOR)
+    }
+}
 
 // Low-level error codes. Return as negatives.