From 3f7a27dee02fe2f6cba169f970f404ed41e4c5ea Mon Sep 17 00:00:00 2001 From: Ludvig Michaelsson Date: Wed, 21 Aug 2024 14:44:39 +0200 Subject: [PATCH] fido2-cred: add -M -a toggle To request enterprise attestation. --- tools/cred_make.c | 14 ++++++++++++-- tools/fido2-cred.c | 4 ++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/tools/cred_make.c b/tools/cred_make.c index 66c8b52d..6d335a5c 100644 --- a/tools/cred_make.c +++ b/tools/cred_make.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -151,11 +151,16 @@ cred_make(int argc, char **argv) int type = COSE_ES256; int flags = 0; int cred_protect = -1; + int ea = 0; int ch; int r; - while ((ch = getopt(argc, argv, "bc:dhi:o:qruvw")) != -1) { + while ((ch = getopt(argc, argv, "a:bc:dhi:o:qruvw")) != -1) { switch (ch) { + case 'a': + if ((ea = base10(optarg)) < 0) + errx(1, "-a: invalid argument '%s'", optarg); + break; case 'b': flags |= FLAG_LARGEBLOB; break; @@ -221,6 +226,11 @@ cred_make(int argc, char **argv) errx(1, "fido_cred_set_prot: %s", fido_strerr(r)); } } + if (ea > 0) { + r = fido_cred_set_entattest(cred, ea); + if (r != FIDO_OK) + errx(1, "fido_cred_set_entattest: %s", fido_strerr(r)); + } r = fido_dev_make_cred(dev, cred, NULL); if (r == FIDO_ERR_PIN_REQUIRED && !(flags & FLAG_QUIET)) { diff --git a/tools/fido2-cred.c b/tools/fido2-cred.c index 76081c68..a819bd11 100644 --- a/tools/fido2-cred.c +++ b/tools/fido2-cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2023 Yubico AB. All rights reserved. + * Copyright (c) 2018-2024 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. * SPDX-License-Identifier: BSD-2-Clause @@ -27,7 +27,7 @@ void usage(void) { fprintf(stderr, -"usage: fido2-cred -M [-bdhqruvw] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" +"usage: fido2-cred -M [-bdhqruvw] [-a mode] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n" " fido2-cred -V [-dhv] [-c cred_protect] [-i input_file] [-o output_file] [type]\n" );