Loading...
Searching...
No Matches

Internal FIDO2 CTAP defines, structures and function declarations. More...

Detailed Description

Internal FIDO2 CTAP defines, structures and function declarations.

Author
Nils Ollrogge nils..nosp@m.ollr.nosp@m.ogge@.nosp@m.fu-b.nosp@m.erlin.nosp@m..de

Definition in file ctap.h.

#include <stdint.h>
#include "mutex.h"
#include "cbor.h"
#include "assert.h"
#include "crypto/modes/ccm.h"
#include "timex.h"
#include "board.h"
#include "fido2/ctap.h"
#include "fido2/ctap/ctap_crypto.h"
+ Include dependency graph for ctap.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ctap_config_t
 CTAP authenticator config struct. More...
 
struct  ctap_state_t
 CTAP state struct. More...
 
struct  ctap_options_t
 CTAP options struct. More...
 
struct  ctap_user_ent_t
 CTAP user entity struct. More...
 
struct  ctap_rp_ent_t
 CTAP relying party entity struct. More...
 
struct  ctap_public_key_cose_t
 CTAP cose key struct. More...
 
struct  ctap_cred_desc
 CTAP credential description struct. More...
 
struct  ctap_resident_key
 CTAP resident key struct. More...
 
struct  ctap_cred_id_t
 CTAP credential ID. More...
 
struct  ctap_cred_desc_alt
 CTAP credential description alternative struct. More...
 
struct  ctap_make_credential_req_t
 CTAP make credential request struct. More...
 
struct  ctap_get_assertion_req_t
 CTAP get assertion request struct. More...
 
struct  ctap_client_pin_req_t
 CTAP client pin request struct. More...
 
struct  ctap_attested_cred_data_header_t
 CTAP attested credential data header struct. More...
 
struct  ctap_attested_cred_data_t
 CTAP attested credential data struct. More...
 
struct  ctap_auth_data_header_t
 CTAP authenticator data header struct. More...
 
struct  ctap_auth_data_t
 CTAP authenticator data struct. More...
 
struct  ctap_info_t
 CTAP info struct. More...
 

Macros

#define CTAP_PIN_AUTH_SZ   16
 Size of pin auth.
 
#define CTAP_STACKSIZE   15000
 CTAP thread stack size.
 
#define CTAP_UP_BUTTON   0
 CTAP user presence button.
 
#define CONFIG_FIDO2_CTAP_DISABLE_UP   1
 Disable user presence test configuration.
 
#define CTAP_UP_BUTTON_MODE   GPIO_IN_PU
 CTAP user presence button mode.
 
#define CTAP_UP_BUTTON_FLANK   GPIO_FALLING
 CTAP user presence button flank.
 
#define CONFIG_FIDO2_CTAP_DISABLE_LED   0
 Disable user presence test configuration.
 
#define CTAP_RP_MAX_NAME_SIZE   32
 Max size of relying party name.
 
#define CTAP_USER_MAX_NAME_SIZE   64 + 1
 Max size of username including null character.
 
#define CTAP_USER_ID_MAX_SIZE   64
 Max size of user id.
 
#define CTAP_DOMAIN_NAME_MAX_SIZE   253 + 1
 Max size of a domain name including null character.
 
#define CTAP_ICON_MAX_SIZE   128 + 1
 Max size of icon including null character.
 
#define CTAP_PIN_MIN_SIZE   4
 PIN min size.
 
#define CTAP_PIN_ENC_MIN_SIZE   64
 Encrypted newPin min size.
 
#define CTAP_PIN_ENC_MAX_SIZE   256
 Encrypted newPin max size.
 
#define CTAP_PIN_MAX_SIZE   64
 PIN max size.
 
#define CTAP_PIN_MAX_ATTS   8
 Max total consecutive incorrect PIN attempts.
 
#define CTAP_PIN_MAX_ATTS_BOOT   3
 Max consecutive incorrect PIN attempts for 1 boot cycle.
 
#define CTAP_PIN_PROT_VER   1
 PIN protocol version.
 
#define CTAP_AMT_SUP_PIN_VER   1
 Total number of supported PIN protocol versions.
 
#define CTAP_PIN_TOKEN_SZ   16
 Size of pin token.
 
#define CTAP_CRED_KEY_LEN   16
 Size of key used to encrypt credential.
 
#define CTAP_AES_CCM_L   2
 AES_CCM_L parameter.
 
#define CTAP_AES_CCM_NONCE_SIZE   (15 - CTAP_AES_CCM_L)
 AES CCM nonce size.
 
#define CTAP_CREDENTIAL_ID_ENC_SIZE
 Total size of AES CCM credential id.
 
#define CTAP_UP_TIMEOUT   (15 * MS_PER_SEC)
 Timeout for user presence test.
 
#define CTAP_GET_NEXT_ASSERTION_TIMEOUT   (30 * MS_PER_SEC)
 Max time between call to get_assertion or get_next_assertion until error is returned.
 
#define CTAP_AAGUID   "9c295865fa2c36b705a42320af9c8f16"
 128 bit identifier of authenticator
 
#define CTAP_AAGUID_SIZE   16
 CTAP size of authenticator AAGUID in bytes.
 
#define CTAP_COSE_ALG_ES256   -7
 CTAP COSE Algorithms registry identifier for ES256.
 
#define CTAP_COSE_ALG_ECDH_ES_HKDF_256   -25
 CTAP COSE Algorithms registry identifier for ECDH ES HKDF 256.
 
#define CTAP_CREDENTIAL_ID_SIZE   16U
 CTAP size of credential id.
 
#define CTAP_INITIALIZED_MARKER   0x4e
 CTAP state initialized marker.
 
#define CTAP_MAX_EXCLUDE_LIST_SIZE   0x14
 Max size of allow list.
 

Typedefs

typedef struct ctap_cred_desc ctap_cred_desc_t
 CTAP cred struct forward declaration.
 
typedef struct ctap_cred_desc_alt ctap_cred_desc_alt_t
 Alternative CTAP cred struct forward declaration.
 
typedef struct ctap_resident_key ctap_resident_key_t
 CTAP resident key credential forward declaration.
 

Functions

int fido2_ctap_get_sig (const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
 Create signature from authenticator data.
 
bool fido2_ctap_cred_params_supported (uint8_t cred_type, int32_t alg_type)
 Check if requested algorithm is supported.
 
int fido2_ctap_encrypt_rk (ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
 Encrypt resident key with AES CCM.
 
bool fido2_ctap_pin_is_set (void)
 Check if PIN has been set on authenticator.
 
ctap_state_tfido2_ctap_get_state (void)
 Get a pointer to the authenticator state.
 

CTAP authenticator data option flags

#define CTAP_AUTH_DATA_FLAG_UP   (1 << 0)
 user present
 
#define CTAP_AUTH_DATA_FLAG_UV   (1 << 2)
 user verified
 
#define CTAP_AUTH_DATA_FLAG_AT   (1 << 6)
 attested credential data included
 
#define CTAP_AUTH_DATA_FLAG_ED   (1 << 7)
 extension data included
 

CTAP version flags

#define CTAP_VERSION_FLAG_FIDO_PRE   0x01
 FIDO 2.1 flag.
 
#define CTAP_VERSION_FLAG_FIDO   0x02
 FIDO 2 flag.
 
#define CTAP_VERSION_FLAG_U2F_V2   0x04
 U2F V2 flag.
 

CTAP get info response options map CBOR key values

All options are in the form key-value pairs with string IDs and boolean values

#define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT   "plat"
 platform device string

 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_RK   "rk"
 resident key string

 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN   "clientPin"
 client PIN string
 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_UP   "up"
 user presence string
 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_UV   "uv"
 user verification string
 

CTAP get info options flags

#define CTAP_INFO_OPTIONS_FLAG_PLAT   (1 << 0)
 platform device flag

 
#define CTAP_INFO_OPTIONS_FLAG_RK   (1 << 1)
 resident key flag

 
#define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN   (1 << 2)
 clientPIN flag
 
#define CTAP_INFO_OPTIONS_FLAG_UP   (1 << 3)
 user presence flag
 
#define CTAP_INFO_OPTIONS_FLAG_UV   (1 << 4)
 user verification flag
 

CTAP credential types

#define CTAP_PUB_KEY_CRED_PUB_KEY   0x01
 public key credential type
 
#define CTAP_PUB_KEY_CRED_UNKNOWN   0x02
 unknown credential type
 

CTAP COSE key CBOR map key values

#define CTAP_COSE_KEY_LABEL_KTY   1
 key type identifier
 
#define CTAP_COSE_KEY_LABEL_ALG   3
 algorithm identifier
 
#define CTAP_COSE_KEY_LABEL_CRV   -1
 elliptic curve identifier
 
#define CTAP_COSE_KEY_LABEL_X   -2
 x coordinate
 
#define CTAP_COSE_KEY_LABEL_Y   -3
 y coordinate
 
#define CTAP_COSE_KEY_KTY_EC2   2
 2 coordinate elliptic curve key identifier
 
#define CTAP_COSE_KEY_CRV_P256   1
 secp256r1 elliptic curve key identifier
 
enum  ctap_pin_subcommand_t {
  CTAP_PIN_GET_RETRIES = 0x01 , CTAP_PIN_GET_KEY_AGREEMENT = 0x02 , CTAP_PIN_SET_PIN = 0x03 , CTAP_PIN_CHANGE_PIN = 0x04 ,
  CTAP_PIN_GET_PIN_TOKEN = 0x05
}
 CTAP Client PIN request subCommand CBOR key values. More...