libfido2 icon indicating copy to clipboard operation
libfido2 copied to clipboard

Published 20 hours ago verified publisher icon Yubico

Set attestation object containing CBOR encoded authData, fmt and attStmt

Open yesvivek opened this issue 1 year ago • 4 comments

Applications using Javascript WebAuthn APIs to communicate with FIDO2 devices get CBOR encoded attestation object containing authData, fmt and attStmt; more details about the JS API are given at MDN. Since there are no straight ways to set this value, I have updated libfido to set internal values after parsing the CBOR encoded attestation-object. This will mean that the applications using libfido doesn't have to handle CBOR data at all, just like how other high level libraries in other languages behave. Summary of changes:

  • fido_cred_set_attobj API is added to set attestation object containing CBOR encoded authData, fmt and attStmt
  • Supporting routines to parse and set the internal structure.

Relevant issue #749 .

yesvivek avatar Feb 07 '24 09:02 yesvivek

Assuming this change will be merged, any idea when the next release is?

yesvivek avatar Feb 09 '24 10:02 yesvivek

@LDVG is there anything needed that is blocking merge with main?

yesvivek avatar Feb 19 '24 05:02 yesvivek

@LDVG is there anything needed that is blocking merge with main?

Apologies for the delays. There shouldn't be much more needed to get this through, though a final review may take a little bit longer. I squashed some of the intermediate commits, I hope that is fine with you.

(note that the currently failing pipeline appears unrelated to these changes)

LDVG avatar Feb 23 '24 10:02 LDVG

Note (mostly to myself): Pushed a tentative fuzzer harness; needs seed corpora.

LDVG avatar Mar 07 '24 13:03 LDVG

Seed corpora updated.

LDVG avatar Mar 20 '24 07:03 LDVG