Struct Authenticator

pub struct Authenticator<UP, T>
where
    UP: UserPresence,
{ /* private fields */ }

Trussed® app implementing a FIDO authenticator.

It implements the ctap_types::ctap1::Authenticator and ctap_types::ctap2::Authenticator traits, which, in turn, express the interfaces defined in the CTAP specification.

The type parameter T selects a Trussed® client implementation, which must meet the TrussedRequirements in our implementation.

NB: T should be the first parameter, UP should default to Conforming, and probably UP shouldn’t be a generic parameter at all, at least not this kind.

Implementations

impl<UP, T> Authenticator<UP, T>

where UP: UserPresence, T: TrussedRequirements,

pub fn new(trussed: T, up: UP, config: Config) -> Self

Trait Implementations

impl<UP, T> App<{ apdu_dispatch::command::SIZE }, { apdu_dispatch::response::SIZE }> for Authenticator<UP, T>

where UP: UserPresence, T: TrussedRequirements,

fn select(&mut self, _: &Command, reply: &mut Data) -> Result

Given parsed APDU for select command. Write response data back to buf, and return length of payload. Return APDU Error code on error. Alternatively, the app can defer the response until later by returning it in poll().

fn deselect(&mut self)

Deselects the app. This is the result of another app getting selected. App should clear any sensitive state and reset security indicators.

fn call( &mut self, interface: Interface, apdu: &Command, response: &mut Data, ) -> Result

Given parsed APDU for app when selected. Write response data back to buf, and return length of payload. Return APDU Error code on error.

impl<UP, T> App for Authenticator<UP, T>

where UP: UserPresence, T: TrussedRequirements,

fn commands(&self) -> &'static [Command]

Define which CTAPHID commands to register to.

fn call( &mut self, command: Command, request: &Message, response: &mut Message, ) -> AppResult

Application is called here when one of it’s register commands occurs. Application must put response in @message, or decide to return an error.

impl<UP, T> App for Authenticator<UP, T>

where UP: UserPresence,

fn aid(&self) -> Aid

impl<UP: UserPresence, T: TrussedRequirements> Authenticator for Authenticator<UP, T>

Implement ctap1::Authenticator for our Authenticator.

References

The “proposed standard” of U2F V1.2 applies to CTAP1.

• Message formats
• App ID

fn register(&mut self, reg: &Request) -> Result<Response>

Register a new credential, this always uses P-256 keys.

Note that attestation is mandatory in CTAP1/U2F, so if the state is not provisioned with a key/cert, this method will fail. https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-request-message---u2f_register

Also note that CTAP1 credentials should be assertable over CTAP2. I believe this is currently not the case.

fn authenticate(&mut self, auth: &Request) -> Result<Response>

Authenticate with a U2F credential.

fn version() -> [u8; 6]

Supported U2F version.

fn call_ctap1(&mut self, request: &Request) -> Result<Response, Status>

impl<UP: UserPresence, T: TrussedRequirements> Authenticator for Authenticator<UP, T>

Implement ctap2::Authenticator for our Authenticator.

fn get_info(&mut self) -> Response

fn get_next_assertion(&mut self) -> Result<Response>

fn make_credential(&mut self, parameters: &Request) -> Result<Response>

fn reset(&mut self) -> Result<()>

fn selection(&mut self) -> Result<()>

fn client_pin(&mut self, parameters: &Request) -> Result<Response>

fn credential_management(&mut self, parameters: &Request) -> Result<Response>

fn vendor(&mut self, op: VendorOperation) -> Result<()>

fn get_assertion(&mut self, parameters: &Request) -> Result<Response>

fn call_ctap2(&mut self, request: &Request) -> Result<Response, Error>

Dispatches the enum of possible requests into the appropriate trait method.