Add PPUAT support

.github/workflows/linux_builds.yml

@@ -1,4 +1,4 @@
-# Copyright (c) 2022-2024 Yubico AB. All rights reserved.
+# Copyright (c) 2022-2025 Yubico AB. All rights reserved.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 # SPDX-License-Identifier: BSD-2-Clause
@@ -29,8 +29,6 @@ jobs:
           - { os: ubuntu-22.04, cc: clang-17 }
           - { os: ubuntu-24.04, cc: clang-18 }
           - { os: ubuntu-24.04, cc: clang-19 }
-          - { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 }
-          - { os: ubuntu-24.04, cc: i686-w64-mingw32-gcc-11 }
     steps:
     - uses: actions/checkout@v4
     - name: dependencies

fuzz/export.gnu

@@ -97,6 +97,7 @@
 		fido_cbor_info_certs_value_ptr;
 		fido_cbor_info_cfgcmds_len;
 		fido_cbor_info_cfgcmds_ptr;
+		fido_cbor_info_decrypt;
 		fido_cbor_info_encid_len;
 		fido_cbor_info_encid_ptr;
 		fido_cbor_info_encstate_len;
@@ -105,6 +106,8 @@
 		fido_cbor_info_extensions_ptr;
 		fido_cbor_info_free;
 		fido_cbor_info_fwversion;
+		fido_cbor_info_id_len;
+		fido_cbor_info_id_ptr;
 		fido_cbor_info_long_touch_reset;
 		fido_cbor_info_maxcredbloblen;
 		fido_cbor_info_maxcredcntlst;
@@ -127,6 +130,8 @@
 		fido_cbor_info_reset_transports_len;
 		fido_cbor_info_reset_transports_ptr;
 		fido_cbor_info_rk_remaining;
+		fido_cbor_info_state_len;
+		fido_cbor_info_state_ptr;
 		fido_cbor_info_transports_len;
 		fido_cbor_info_transports_ptr;
 		fido_cbor_info_uv_attempts;
@@ -232,10 +237,11 @@
 		fido_dev_free;
 		fido_dev_get_assert;
 		fido_dev_get_cbor_info;
+		fido_dev_get_puat;
 		fido_dev_get_retry_count;
-		fido_dev_get_uv_retry_count;
 		fido_dev_get_touch_begin;
 		fido_dev_get_touch_status;
+		fido_dev_get_uv_retry_count;
 		fido_dev_has_pin;
 		fido_dev_has_uv;
 		fido_dev_info_free;
@@ -255,12 +261,15 @@
 		fido_dev_new;
 		fido_dev_open;
 		fido_dev_protocol;
+		fido_dev_puat_len;
+		fido_dev_puat_ptr;
 		fido_dev_reset;
 		fido_dev_set_io_functions;
 		fido_dev_set_pcsc;
 		fido_dev_set_pin;
 		fido_dev_set_pin_minlen;
 		fido_dev_set_pin_minlen_rpid;
+		fido_dev_set_puat;
 		fido_dev_set_timeout;
 		fido_dev_set_transport_functions;
 		fido_dev_supports_cred_prot;

src/aes256.c

@@ -1,12 +1,57 @@
 /*
- * Copyright (c) 2021 Yubico AB. All rights reserved.
+ * Copyright (c) 2021-2025 Yubico AB. All rights reserved.
  * Use of this source code is governed by a BSD-style
  * license that can be found in the LICENSE file.
  * SPDX-License-Identifier: BSD-2-Clause
  */
 
 #include "fido.h"
 
+/* XXX */
+int
+aes128_cbc_dec(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out)
+{
+	EVP_CIPHER_CTX *ctx = NULL;
+	const EVP_CIPHER *cipher;
+	int ok = -1;
+
+	fido_blob_reset(out);
+
+	if (key->len != 16) {
+		fido_log_debug("%s: invalid key len %zu", __func__, key->len);
+		goto fail;
+	}
+	/* iv + single block */
+	if (in->len != 32) {
+		fido_log_debug("%s: invalid input len %zu", __func__, in->len);
+		goto fail;
+	}
+	out->len = 16;
+	if ((out->ptr = calloc(1, out->len)) == NULL) {
+		fido_log_debug("%s: calloc", __func__);
+		goto fail;
+	}
+	if ((ctx = EVP_CIPHER_CTX_new()) == NULL ||
+	    (cipher = EVP_aes_128_cbc()) == NULL) {
+		fido_log_debug("%s: EVP_CIPHER_CTX_new", __func__);
+		goto fail;
+	}
+	if (EVP_CipherInit(ctx, cipher, key->ptr, in->ptr, 0) == 0 ||
+	    EVP_Cipher(ctx, out->ptr, in->ptr + 16, (u_int)out->len) < 0) {
+		fido_log_debug("%s: EVP_Cipher", __func__);
+		goto fail;
+	}
+
+	ok = 0;
+fail:
+	if (ctx != NULL)
+		EVP_CIPHER_CTX_free(ctx);
+	if (ok < 0)
+		fido_blob_reset(out);
+
+	return ok;
+}
+
 static int
 aes256_cbc(const fido_blob_t *key, const u_char *iv, const fido_blob_t *in,
     fido_blob_t *out, int encrypt)

src/dev.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2022 Yubico AB. All rights reserved.
+ * Copyright (c) 2018-2026 Yubico AB. All rights reserved.
  * Use of this source code is governed by a BSD-style
  * license that can be found in the LICENSE file.
  * SPDX-License-Identifier: BSD-2-Clause
@@ -474,6 +474,7 @@ fido_dev_free(fido_dev_t **dev_p)
 	if (dev_p == NULL || (dev = *dev_p) == NULL)
 		return;
 
+	fido_blob_reset(&dev->puat);
 	free(dev->path);
 	free(dev);
 
@@ -604,3 +605,32 @@ fido_dev_set_timeout(fido_dev_t *dev, int ms)
 
 	return (FIDO_OK);
 }
+
+const unsigned char *
+fido_dev_puat_ptr(const fido_dev_t *dev)
+{
+	return dev->puat.ptr;
+}
+
+size_t
+fido_dev_puat_len(const fido_dev_t *dev)
+{
+	return dev->puat.len;
+}
+
+int
+fido_dev_set_puat(fido_dev_t *dev, unsigned char *ptr, size_t len)
+{
+	if (fido_dev_is_winhello(dev))
+		return FIDO_ERR_INVALID_ARGUMENT;
+
+	if (ptr == NULL || len == 0) {
+		fido_blob_reset(&dev->puat);
+		return FIDO_OK;
+	}
+
+	if (fido_blob_set(&dev->puat, ptr, len) != 0)
+		return FIDO_ERR_INTERNAL;
+
+	return FIDO_OK;
+}

src/ecdh.c

@@ -17,28 +17,29 @@
 #include "fido/es256.h"
 
 #if defined(LIBRESSL_VERSION_NUMBER)
-static int
-hkdf_sha256(uint8_t *key, const char *info, const fido_blob_t *secret)
+int
+hkdf_sha256(uint8_t *key, size_t keylen, const char *info,
+    const fido_blob_t *secret)
 {
 	const EVP_MD *md;
 	uint8_t salt[32];
 
 	memset(salt, 0, sizeof(salt));
 	if ((md = EVP_sha256()) == NULL ||
-	    HKDF(key, SHA256_DIGEST_LENGTH, md, secret->ptr, secret->len, salt,
+	    HKDF(key, keylen, md, secret->ptr, secret->len, salt,
 	    sizeof(salt), (const uint8_t *)info, strlen(info)) != 1)
 		return -1;
 
 	return 0;
 }
 #else
-static int
-hkdf_sha256(uint8_t *key, const char *info, const fido_blob_t *secret)
+int
+hkdf_sha256(uint8_t *key, size_t keylen, const char *info,
+    const fido_blob_t *secret)
 {
 	const EVP_MD *const_md;
 	EVP_MD *md = NULL;
 	EVP_PKEY_CTX *ctx = NULL;
-	size_t keylen = SHA256_DIGEST_LENGTH;
 	uint8_t salt[32];
 	int ok = -1;
 
@@ -98,9 +99,9 @@ kdf(uint8_t prot, fido_blob_t *key, const fido_blob_t *secret)
 		/* use two instances of hkdf-sha256 on the resulting secret */
 		key->len = 2 * SHA256_DIGEST_LENGTH;
 		if ((key->ptr = calloc(1, key->len)) == NULL ||
-		    hkdf_sha256(key->ptr, hmac_info, secret) < 0 ||
-		    hkdf_sha256(key->ptr + SHA256_DIGEST_LENGTH, aes_info,
-		    secret) < 0) {
+		    hkdf_sha256(key->ptr, SHA256_DIGEST_LENGTH, hmac_info, secret) < 0 ||
+		    hkdf_sha256(key->ptr + SHA256_DIGEST_LENGTH, SHA256_DIGEST_LENGTH,
+		    aes_info, secret) < 0) {
 			fido_log_debug("%s: hkdf", __func__);
 			return -1;
 		}

src/export.gnu

@@ -99,6 +99,7 @@
 		fido_cbor_info_certs_value_ptr;
 		fido_cbor_info_cfgcmds_len;
 		fido_cbor_info_cfgcmds_ptr;
+		fido_cbor_info_decrypt;
 		fido_cbor_info_encid_len;
 		fido_cbor_info_encid_ptr;
 		fido_cbor_info_encstate_len;
@@ -107,6 +108,8 @@
 		fido_cbor_info_extensions_ptr;
 		fido_cbor_info_free;
 		fido_cbor_info_fwversion;
+		fido_cbor_info_id_len;
+		fido_cbor_info_id_ptr;
 		fido_cbor_info_long_touch_reset;
 		fido_cbor_info_maxcredbloblen;
 		fido_cbor_info_maxcredcntlst;
@@ -129,6 +132,8 @@
 		fido_cbor_info_reset_transports_len;
 		fido_cbor_info_reset_transports_ptr;
 		fido_cbor_info_rk_remaining;
+		fido_cbor_info_state_len;
+		fido_cbor_info_state_ptr;
 		fido_cbor_info_transports_len;
 		fido_cbor_info_transports_ptr;
 		fido_cbor_info_uv_attempts;
@@ -235,10 +240,11 @@
 		fido_dev_free;
 		fido_dev_get_assert;
 		fido_dev_get_cbor_info;
+		fido_dev_get_puat;
 		fido_dev_get_retry_count;
-		fido_dev_get_uv_retry_count;
 		fido_dev_get_touch_begin;
 		fido_dev_get_touch_status;
+		fido_dev_get_uv_retry_count;
 		fido_dev_has_pin;
 		fido_dev_has_uv;
 		fido_dev_info_free;
@@ -262,11 +268,14 @@
 		fido_dev_open;
 		fido_dev_open_with_info;
 		fido_dev_protocol;
+		fido_dev_puat_len;
+		fido_dev_puat_ptr;
 		fido_dev_reset;
 		fido_dev_set_io_functions;
 		fido_dev_set_pin;
 		fido_dev_set_pin_minlen;
 		fido_dev_set_pin_minlen_rpid;
+		fido_dev_set_puat;
 		fido_dev_set_sigmask;
 		fido_dev_set_timeout;
 		fido_dev_set_transport_functions;

src/export.llvm

@@ -97,6 +97,7 @@ _fido_cbor_info_certs_name_ptr
 _fido_cbor_info_certs_value_ptr
 _fido_cbor_info_cfgcmds_len
 _fido_cbor_info_cfgcmds_ptr
+_fido_cbor_info_decrypt
 _fido_cbor_info_encid_len
 _fido_cbor_info_encid_ptr
 _fido_cbor_info_encstate_len
@@ -105,6 +106,8 @@ _fido_cbor_info_extensions_len
 _fido_cbor_info_extensions_ptr
 _fido_cbor_info_free
 _fido_cbor_info_fwversion
+_fido_cbor_info_id_len
+_fido_cbor_info_id_ptr
 _fido_cbor_info_long_touch_reset
 _fido_cbor_info_maxcredbloblen
 _fido_cbor_info_maxcredcntlst
@@ -127,6 +130,8 @@ _fido_cbor_info_protocols_ptr
 _fido_cbor_info_reset_transports_len
 _fido_cbor_info_reset_transports_ptr
 _fido_cbor_info_rk_remaining
+_fido_cbor_info_state_len
+_fido_cbor_info_state_ptr
 _fido_cbor_info_transports_len
 _fido_cbor_info_transports_ptr
 _fido_cbor_info_uv_attempts
@@ -233,10 +238,11 @@ _fido_dev_force_u2f
 _fido_dev_free
 _fido_dev_get_assert
 _fido_dev_get_cbor_info
+_fido_dev_get_puat
 _fido_dev_get_retry_count
-_fido_dev_get_uv_retry_count
 _fido_dev_get_touch_begin
 _fido_dev_get_touch_status
+_fido_dev_get_uv_retry_count
 _fido_dev_has_pin
 _fido_dev_has_uv
 _fido_dev_info_free
@@ -260,11 +266,14 @@ _fido_dev_new_with_info
 _fido_dev_open
 _fido_dev_open_with_info
 _fido_dev_protocol
+_fido_dev_puat_len
+_fido_dev_puat_ptr
 _fido_dev_reset
 _fido_dev_set_io_functions
 _fido_dev_set_pin
 _fido_dev_set_pin_minlen
 _fido_dev_set_pin_minlen_rpid
+_fido_dev_set_puat
 _fido_dev_set_sigmask
 _fido_dev_set_timeout
 _fido_dev_set_transport_functions

src/export.msvc

@@ -98,6 +98,7 @@ fido_cbor_info_certs_name_ptr
 fido_cbor_info_certs_value_ptr
 fido_cbor_info_cfgcmds_len
 fido_cbor_info_cfgcmds_ptr
+fido_cbor_info_decrypt
 fido_cbor_info_encid_len
 fido_cbor_info_encid_ptr
 fido_cbor_info_encstate_len
@@ -106,6 +107,8 @@ fido_cbor_info_extensions_len
 fido_cbor_info_extensions_ptr
 fido_cbor_info_free
 fido_cbor_info_fwversion
+fido_cbor_info_id_len
+fido_cbor_info_id_ptr
 fido_cbor_info_long_touch_reset
 fido_cbor_info_maxcredbloblen
 fido_cbor_info_maxcredcntlst
@@ -128,6 +131,8 @@ fido_cbor_info_protocols_ptr
 fido_cbor_info_reset_transports_len
 fido_cbor_info_reset_transports_ptr
 fido_cbor_info_rk_remaining
+fido_cbor_info_state_len
+fido_cbor_info_state_ptr
 fido_cbor_info_transports_len
 fido_cbor_info_transports_ptr
 fido_cbor_info_uv_attempts
@@ -234,10 +239,11 @@ fido_dev_force_u2f
 fido_dev_free
 fido_dev_get_assert
 fido_dev_get_cbor_info
+fido_dev_get_puat
 fido_dev_get_retry_count
-fido_dev_get_uv_retry_count
 fido_dev_get_touch_begin
 fido_dev_get_touch_status
+fido_dev_get_uv_retry_count
 fido_dev_has_pin
 fido_dev_has_uv
 fido_dev_info_free
@@ -261,11 +267,14 @@ fido_dev_new_with_info
 fido_dev_open
 fido_dev_open_with_info
 fido_dev_protocol
+fido_dev_puat_len
+fido_dev_puat_ptr
 fido_dev_reset
 fido_dev_set_io_functions
 fido_dev_set_pin
 fido_dev_set_pin_minlen
 fido_dev_set_pin_minlen_rpid
+fido_dev_set_puat
 fido_dev_set_sigmask
 fido_dev_set_timeout
 fido_dev_set_transport_functions