document yubikey commands, fix warnings

micolous · Jan 29, 2024 · b28b737 · b28b737
1 parent 47bc20b
commit b28b737
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 7 deletions.
diff --git a/fido-key-manager/README.md b/fido-key-manager/README.md
@@ -115,6 +115,26 @@ Command | Description
 `solo-key-info` | get all connected SoloKeys' unique ID, firmware version and secure boot status
 `solo-key-random` | get some random bytes from a SoloKey
 
+### YubiKey
+
+> **Tip:** this functionality is only available when `fido-key-manager` is built
+> with `--features yubikey`.
+
+This only supports [YubiKey 5 series][yk5] and [Security Key by Yubico][sky]
+devices via USB HID with the CTAP 2.0 interface (FIDO2) enabled. NFC support may
+be added in future.
+
+YubiKey 4 and earlier support is not planned - they do not support CTAP 2.0,
+they use a different config format and protocol, and some firmware versions
+report bogus data.
+
+Command | Description
+------- | -----------
+`yubikey-get-config` | gets a connected YubiKey's device info, firmware version and interface configuration
+
+[yk5]: https://www.yubico.com/products/yubikey-5-overview/
+[sky]: https://www.yubico.com/products/security-key/
+
 ## Platform-specific notes
 
 Bluetooth is currently disabled by default, as it's not particularly reliable on

diff --git a/fido-key-manager/src/main.rs b/fido-key-manager/src/main.rs
@@ -12,11 +12,9 @@ use std::io::{stdin, stdout, Write};
 use std::time::Duration;
 use tokio_stream::StreamExt;
 #[cfg(feature = "solokey")]
-use webauthn_authenticator_rs::ctap2::SoloKeyAuthenticator;
+use webauthn_authenticator_rs::{ctap2::SoloKeyAuthenticator, prelude::WebauthnCError};
 #[cfg(feature = "yubikey")]
 use webauthn_authenticator_rs::ctap2::YubiKeyAuthenticator;
-#[cfg(any(feature = "solokey", feature = "yubikey"))]
-use webauthn_authenticator_rs::prelude::WebauthnCError;
 use webauthn_authenticator_rs::{
     ctap2::{
         commands::UserCM, select_one_device, select_one_device_predicate,

diff --git a/webauthn-authenticator-rs/src/ctap2/yubikey.rs b/webauthn-authenticator-rs/src/ctap2/yubikey.rs
@@ -20,7 +20,7 @@ use super::Ctap20Authenticator;
 /// vendor-specific commands, this may cause unexpected or undesirable behaviour
 /// on other vendors' keys.
 ///
-/// Protocol notes are in TODO
+/// Protocol notes are in [`crate::transport::yubikey`].
 #[async_trait]
 pub trait YubiKeyAuthenticator {
     async fn get_yubikey_config(&mut self) -> Result<YubiKeyConfig, WebauthnCError>;

diff --git a/webauthn-authenticator-rs/src/lib.rs b/webauthn-authenticator-rs/src/lib.rs
@@ -129,6 +129,7 @@ mod crypto;
 #[cfg(any(all(doc, not(doctest)), feature = "ctap2"))]
 pub mod ctap2;
 pub mod error;
+#[cfg(any(all(doc, not(doctest)), feature = "vendor-yubikey"))]
 mod tlv;
 #[cfg(any(all(doc, not(doctest)), feature = "ctap2"))]
 pub mod transport;

diff --git a/webauthn-authenticator-rs/src/transport/yubikey.rs b/webauthn-authenticator-rs/src/transport/yubikey.rs
@@ -16,24 +16,26 @@
 //!
 //! ## NFC
 //!
+//! **NFC support is not yet implemented.**
+//!
 //! Management app AID: `a000000527471117`
 //!
+//! All commands sent with CLA = `0x00`, P2 = `0x00`.
+//!
 //! INS    | P1     | Description | Request | Response
 //! ------ | ------ | ----------- | ------- | --------
 //! `0x16` | `0x11` | Set legacy device config | ... | ...
 //! `0x1D` | `0x00` | Get device config | _none_ | [`YubiKeyConfig`]
 //! `0x1C` | `0x00` | Set device config | [`YubiKeyConfig`] | none?
 //!
-//! All commands sent with CLA = `0x00`, P2 = `0x00`.
-//!
 //! ## References
 //!
 //! * [DeviceInfo structure][0] (includes config)
 //!
 //! [0]: https://github.com/Yubico/yubikey-manager/blob/51a7ae438c923189788a1e31d3de18d452131942/yubikit/management.py#L223
 use async_trait::async_trait;
 use bitflags::bitflags;
-use num_traits::cast::{FromPrimitive, ToPrimitive};
+use num_traits::cast::FromPrimitive;
 
 use crate::{prelude::WebauthnCError, tlv::ber::BerTlvParser};