Crate webauthn_authenticator_rs

webauthn-authenticator-rs is a library for interfacing with FIDO/CTAP 2 tokens.

This performs the actions that would be taken by a client application (such as a web browser) to facilitate authentication with a remote service.

This library aims to provide abstrations over many platform-specific APIs, so that client applications don’t need to worry as much about the finer details of the protocol.

This is a “pre-1.0” library: it is still under active development, and the API is not yet stable or final. Some of the modules have edge cases which may cause you to get permanently locked out of your authenticator.

This library is not FIDO certified, and currently lacks a thorough security review.

FIDO / CTAP version support

This library currently only supports CTAP 2.0, 2.1 or 2.1-PRE.

Authenticators which only support CTAP 1.x (U2F) are unsupported. This generally only is an issue for older tokens.

The authors of this library recommend using FIDO2 certified hardware authenticators with at least Autenticator Certification Level 2. Be cautious when buying, as there are many products on the market which falsely claim certification, have implementation errors, only support U2F, or use off-the-shelf microcontrollers which do not protect key material (Level 1).

Features

Note: these links may be broken unless you build the documentation with the appropriate --features flag listed inline.

Transports and backends

• bluetooth: Bluetooth ¹
• cable: caBLE / Hybrid Authenticator ¹
  • cable-override-tunnel: Override caBLE tunnel server URLs
• mozilla: Mozilla Authenticator, formerly known as u2fhid
• nfc: NFC via PC/SC API ¹
• softpasskey: SoftPasskey (for testing) ¹
• softtoken: SoftToken (for testing) ¹
• usb: USB HID ¹
• win10: Windows 10 WebAuthn API

Miscellaneous features

• ctap2: CTAP 2.0, 2.1 and 2.1-PRE implementation ¹.

  Automatically enabled by the bluetooth, cable, ctap2-management, nfc, softtoken and usb features.

  • ctap2-management: Adds support for configuring and managing CTAP 2.x hardware authenticators to the CTAP 2.x implementation.

• crypto: Enables OpenSSL support ¹. This allows the library to avoid a hard dependency on OpenSSL on Windows, if only the win10 backend is enabled.

  Automatically enabled by the ctap2, softpasskey and softtoken features.

• qrcode: QR code display for the Cli UI, recommended for use if the cable and ui-cli features are both enabled

• ui-cli: Cli UI

---

1. Feature requires OpenSSL. ↩

Modules

• bluetoothbluetooth
  BluetoothTransport communicates with a FIDO token over Bluetooth Low Energy, using btleplug.
• cablecable
  caBLE / Hybrid Authenticator
• ctap2ctap2
  This package provides a CTAP 2.0, CTAP 2.1-PRE and CTAP 2.1 protocol implementation on top of Token, allowing you to interface with FIDO authenticators.
• error
• mozillamozilla
  Authenticator implementation using Mozilla’s authenticator-rs library.
• nfcnfc
  NFCTransport communicates with a FIDO authenticator using the PC/SC API.
• prelude
• softpasskeysoftpasskey
• softtokensofttoken
• transportctap2
  Low-level transport abstraction layer for communication with FIDO tokens.
• types
  Types used in a public API.
• u2fhidDeprecatedu2fhid
  Mozilla authenticator-rs backend. Renamed to MozillaAuthenticator.
• ui
• usbusb
  USBTransport communicates with a FIDO token over USB HID.
• win10win10
  Bindings for Windows 10 WebAuthn API.

Macros

• deserialize_cborctap2

Structs

• WebauthnAuthenticator

Traits

• AuthenticatorBackend
• AuthenticatorBackendHashedClientDatactap2
  AuthenticatorBackend with a client_data_hash parameter, for proxying requests.

Functions

• perform_auth_with_requestctap2
  Performs an authentication request, using a GetAssertionRequest.
• perform_register_with_requestctap2
  Performs a registration request, using a MakeCredentialRequest.

Type Aliases

• SHA256Hashcrypto