Repository files navigation

This is a cross-platform library for interacting with Security Key-type devices via Rust.

• Supported Platforms: Windows, Linux, FreeBSD, NetBSD, OpenBSD, and macOS.
• Supported Transports: USB HID.
• Supported Protocols:FIDO U2F over USB.CTAP2 support is forthcoming, with work being done in theunstablectap2 branch.

This library currently focuses on USB security keys, but is expected to be extended tosupport additional transports.

There's only a simple example function that tries to register and sign right now. It usesenv_logger for logging, which youconfigure with theRUST_LOG environment variable:

cargo build --example mainRUST_LOG=debug cargo run --example main

Proper usage should be to call into this library from something else - e.g., Firefox. There aresomeC headers exposed for the purpose.

There are some tests of the cross-platform runloop logic and the protocol decoder:

cargo test

There are fuzzers for the USB protocol reader, basically fuzzing inputs from the HID layer.There are not (yet) fuzzers for the C API used by callers (such as Gecko).

To fuzz, you will need cargo-fuzz (the latest version from GitHub) as well as Rust Nightly.

rustup install nightlycargo install cargo-fuzzcargo +nightly fuzz run u2f_read -- -max_len=512cargo +nightly fuzz run u2f_read_write -- -max_len=512