Crate webauthn_authenticator_rs
source ·Expand description
webauthn-authenticator-rs is a library for interfacing with FIDO/CTAP 2 tokens.
This performs the actions that would be taken by a client application (such as a web browser) to facilitate authentication with a remote service.
This library aims to provide abstrations over many platform-specific APIs, so that client applications don’t need to worry as much about the finer details of the protocol.
This is a “pre-1.0” library: it is still under active development, and the API is not yet stable or final. Some of the modules have edge cases which may cause you to get permanently locked out of your authenticator.
This library is not FIDO certified, and currently lacks a thorough security review.
§FIDO / CTAP version support
This library currently only supports CTAP 2.0, 2.1 or 2.1-PRE.
Authenticators which only support CTAP 1.x (U2F) are unsupported. This generally only is an issue for older tokens.
The authors of this library recommend using FIDO2 certified hardware authenticators with at least Autenticator Certification Level 2. Be cautious when buying, as there are many products on the market which falsely claim certification, have implementation errors, only support U2F, or use off-the-shelf microcontrollers which do not protect key material (Level 1).
§Features
Note: these links may be broken unless you build the documentation with
the appropriate --features
flag listed inline.
§Transports and backends
bluetooth
: Bluetooth 1cable
: caBLE / Hybrid Authenticator 1cable-override-tunnel
: Override caBLE tunnel server URLs
mozilla
: Mozilla Authenticator, formerly known asu2fhid
nfc
: NFC via PC/SC API 1softpasskey
: SoftPasskey (for testing) 1softtoken
: SoftToken (for testing) 1usb
: USB HID 1win10
: Windows 10 WebAuthn API
§Miscellaneous features
-
ctap2
: CTAP 2.0, 2.1 and 2.1-PRE implementation 1.Automatically enabled by the
bluetooth
,cable
,ctap2-management
,nfc
,softtoken
andusb
features.ctap2-management
: Adds support for configuring and managing CTAP 2.x hardware authenticators to the CTAP 2.x implementation.
-
crypto
: Enables OpenSSL support 1. This allows the library to avoid a hard dependency on OpenSSL on Windows, if only thewin10
backend is enabled.Automatically enabled by the
ctap2
,softpasskey
andsofttoken
features. -
qrcode
: QR code display for the Cli UI, recommended for use if thecable
andui-cli
features are both enabled -
ui-cli
: Cli UI
Feature requires OpenSSL. ↩
Modules§
- bluetooth
bluetooth
BluetoothTransport communicates with a FIDO token over Bluetooth Low Energy, using btleplug. - cable
cable
caBLE / Hybrid Authenticator - ctap2
ctap2
This package provides a CTAP 2.0, CTAP 2.1-PRE and CTAP 2.1 protocol implementation on top of Token, allowing you to interface with FIDO authenticators. - mozilla
mozilla
Authenticator implementation using Mozilla’sauthenticator-rs
library. - nfc
nfc
NFCTransport communicates with a FIDO authenticator using the PC/SC API. - softpasskey
softpasskey
- softtoken
softtoken
- transport
ctap2
Low-level transport abstraction layer for communication with FIDO tokens. - Types used in a public API.
- Mozilla
authenticator-rs
backend. Renamed to MozillaAuthenticator. - usb
usb
USBTransport communicates with a FIDO token over USB HID. - win10
win10
Bindings for Windows 10 WebAuthn API.
Macros§
- deserialize_cbor
ctap2
Structs§
Traits§
- AuthenticatorBackend with a
client_data_hash
parameter, for proxying requests.
Functions§
- Performs an authentication request, using a GetAssertionRequest.
- Performs a registration request, using a MakeCredentialRequest.
Type Aliases§
- SHA256Hash
crypto