You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

91 lines
3.4 KiB
Rust

#![feature(cfg_eval, adt_const_params)]
pub mod prelude {
pub use crate::{
authenticator::{
assertion::get,
bio_enrollment, client_pin, config,
credential::{make, management},
device, reset, selection,
},
Command, Ctap2_2Authenticator,
};
pub use fido_common::*;
}
use prelude::*;
pub mod authenticator;
pub mod extensions;
/// Defines the raw CTAP operations
pub trait Ctap2_2Authenticator {
/// > This method is invoked by the host to request generation of a new
/// > credential in the authenticator.
fn make_credential(&mut self, request: make::Request) -> Result<make::Response, make::Error>;
/// > This method is used by a host to request cryptographic proof of user
/// > authentication as well as user consent to a given transaction, using a
/// > previously generated credential that is bound to the authenticator and
/// > relying party identifier.
fn get_assertion(&mut self, request: get::Request) -> Result<get::Response, get::Error>;
/// > Using this method, platforms can request that the authenticator report
/// > a list of its supported protocol versions and extensions, its AAGUID,
/// > and other aspects of its overall capabilities. Platforms should use
/// > this information to tailor their command parameters choices.
fn get_info(&self) -> device::Info;
/// > This command exists so that plaintext PINs are not sent to the
/// > authenticator. Instead, a PIN/UV auth protocol (aka
/// > `pinUvAuthProtocol`) ensures that PINs are encrypted when sent to an
/// > authenticator and are exchanged for a `pinUvAuthToken` that serves to
/// > authenticate subsequent commands.
fn client_pin(
&mut self,
request: client_pin::Request,
) -> Result<client_pin::Response, client_pin::Error>;
/// > This method is used by the client to reset an authenticator back to a
/// > factory default state.
fn reset(&mut self) -> Result<(), reset::Error>;
fn bio_enrollment(
&mut self,
request: bio_enrollment::Request,
) -> Result<bio_enrollment::Response, bio_enrollment::Error>;
// > This command is used by the platform to manage discoverable
// > credentials on the authenticator.
fn credential_management(
&mut self,
request: management::Request,
) -> Result<management::Response, management::Error>;
/// > This command allows the platform to let a user select a certain
/// > authenticator by asking for user presence.
fn selection(&mut self) -> Result<(), authenticator::selection::Error>;
// fn large_blobs() -> Result<(), ()>;
// > This command is used to configure various authenticator features
// > through the use of its subcommands.
fn authenticator_config(&mut self, request: config::Request) -> Result<(), config::Error>;
}
#[repr(u8)]
pub enum Command {
AuthenticatorMakeCredential = 0x01,
AuthenticatorGetAssertion = 0x02,
AuthenticatorGetNextAssertion = 0x08,
AuthenticatorGetInfo = 0x04,
AuthenticatorClientPin = 0x06,
AuthenticatorReset = 0x07,
AuthenticatorBioEnrollment = 0x09,
AuthenticatorCredentialManagement = 0x0A,
AuthenticatorSelection = 0x0B,
AuthenticatorLargeBlobs = 0x0C,
AuthenticatorConfig = 0x0D,
PrototypeAuthenticatorBioEnrollment = 0x40,
PrototypeAuthenticatorCredentialmanagement = 0x41,
}