Struct ctap::FidoDevice
source · pub struct FidoDevice { /* private fields */ }
Expand description
An opened FIDO authenticator.
Implementations
sourceimpl FidoDevice
impl FidoDevice
sourcepub fn new(device: &DeviceInfo) -> FidoResult<Self>
pub fn new(device: &DeviceInfo) -> FidoResult<Self>
Open and initialize a given device. DeviceInfo is provided by the get_devices
function. This method will allocate a channel for this application, verify that
it supports FIDO2, and checks if a PIN is set.
This method will fail if the device can’t be opened, if the device returns malformed data or if the device is not supported.
sourcepub fn unlock(&mut self, pin: &str) -> FidoResult<()>
pub fn unlock(&mut self, pin: &str) -> FidoResult<()>
Unlock the device with the provided PIN. Internally this will generate an ECDH keypair, send the encrypted PIN to the device and store the PIN token that the device generates on every power cycle. The PIN itself is not stored.
This method will fail if the device returns malformed data or the PIN is incorrect.
sourcepub fn make_credential(
&mut self,
rp_id: &str,
user_id: &[u8],
user_name: &str,
client_data_hash: &[u8]
) -> FidoResult<FidoCredential>
pub fn make_credential(
&mut self,
rp_id: &str,
user_id: &[u8],
user_name: &str,
client_data_hash: &[u8]
) -> FidoResult<FidoCredential>
Request a new credential from the authenticator. The rp_id
should be
a stable string used to identify the party for whom the credential is
created, for convenience it will be returned with the credential.
user_id
and user_name
are not required when requesting attestations
but they MAY be displayed to the user and MAY be stored on the device
to be returned with an attestation if the device supports this.
client_data_hash
SHOULD be a SHA256 hash of provided client_data
,
this is only used to verify the attestation provided by the
authenticator. When not implementing WebAuthN this can be any random
32-byte array.
This method will fail if a PIN is required but the device is not unlocked or if the device returns malformed data.
sourcepub fn get_assertion(
&mut self,
credential: &FidoCredential,
client_data_hash: &[u8]
) -> FidoResult<bool>
pub fn get_assertion(
&mut self,
credential: &FidoCredential,
client_data_hash: &[u8]
) -> FidoResult<bool>
Request an assertion from the authenticator for a given credential.
client_data_hash
SHOULD be a SHA256 hash of provided client_data
,
this is signed and verified as part of the attestation. When not
implementing WebAuthN this can be any random 32-byte array.
This method will return whether the assertion matches the credential provided, and will fail if a PIN is required but not provided or if the device returns malformed data.