libfido2 icon indicating copy to clipboard operation
libfido2 copied to clipboard

Published 20 hours ago verified publisher icon Yubico

cred: support for enterprise attestation

Open LDVG opened this issue 4 months ago • 5 comments

In short, the following user visible changes are applied:

  • fido_cred_set_entattest() is added for the client to be able to request enterprise attestation;
  • fido_cred_entattest() is added to query whether the authenticator performed enterprise attestation; and
  • fido2-cred -M -a is added to request enterprise attestation (dito examples/cred).

Internally,

  • fido_dev_make_cred_tx() learned how to encode the enterprise attestation parameter;
  • fido_dev_make_cred_rx() learned how to decode the response; and
  • likewise for the winhello.c equivalents.

Finally, the fuzzer and manual pages are updated accordingly.

Further resources:

  • https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-feature-descriptions-enterp-attstn
  • https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#op-makecred-step-if-enterpriseAttestation

LDVG avatar Oct 02 '24 09:10 LDVG