25#ifndef FIDO2_CTAP_CTAP_H
26#define FIDO2_CTAP_CTAP_H
51#define CTAP_PIN_AUTH_SZ 16
58#define CTAP_AUTH_DATA_FLAG_UP (1 << 0)
59#define CTAP_AUTH_DATA_FLAG_UV (1 << 2)
60#define CTAP_AUTH_DATA_FLAG_AT (1 << 6)
61#define CTAP_AUTH_DATA_FLAG_ED (1 << 7)
69#define CTAP_VERSION_FLAG_FIDO_PRE 0x01
70#define CTAP_VERSION_FLAG_FIDO 0x02
71#define CTAP_VERSION_FLAG_U2F_V2 0x04
81#define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT "plat"
82#define CTAP_GET_INFO_RESP_OPTIONS_ID_RK "rk"
83#define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN "clientPin"
84#define CTAP_GET_INFO_RESP_OPTIONS_ID_UP "up"
85#define CTAP_GET_INFO_RESP_OPTIONS_ID_UV "uv"
93#define CTAP_INFO_OPTIONS_FLAG_PLAT (1 << 0)
94#define CTAP_INFO_OPTIONS_FLAG_RK (1 << 1)
95#define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN (1 << 2)
96#define CTAP_INFO_OPTIONS_FLAG_UP (1 << 3)
97#define CTAP_INFO_OPTIONS_FLAG_UV (1 << 4)
117#ifdef CONFIG_FIDO2_CTAP_STACK_SIZE
118#define CTAP_STACKSIZE CONFIG_FIDO2_CTAP_STACK_SIZE
120#define CTAP_STACKSIZE 15000
126#if defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT) && defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PIN) && \
127 (CONFIG_FIDO2_CTAP_UP_BUTTON_PORT >= 0) && (CONFIG_FIDO2_CTAP_UP_BUTTON_PIN >= 0)
128#define CTAP_UP_BUTTON GPIO_PIN(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT, CONFIG_FIDO2_CTAP_UP_BUTTON_PIN)
132#define CTAP_UP_BUTTON BTN0_PIN
134#define CTAP_UP_BUTTON 0
138#define CONFIG_FIDO2_CTAP_DISABLE_UP 1
145#if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PU)
146#define CTAP_UP_BUTTON_MODE GPIO_IN_PU
147#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PD)
148#define CTAP_UP_BUTTON_MODE GPIO_IN_PD
149#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN)
150#define CTAP_UP_BUTTON_MODE GPIO_IN
152#define CTAP_UP_BUTTON_MODE GPIO_IN_PU
158#if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_FALLING)
159#define CTAP_UP_BUTTON_FLANK GPIO_FALLING
160#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_RISING)
161#define CTAP_UP_BUTTON_FLANK GPIO_RISING
162#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_BOTH)
163#define CTAP_UP_BUTTON_FLANK GPIO_BOTH
165#define CTAP_UP_BUTTON_FLANK GPIO_FALLING
171#ifndef CONFIG_FIDO2_CTAP_DISABLE_UP
172#define CONFIG_FIDO2_CTAP_DISABLE_UP 0
178#ifndef CONFIG_FIDO2_CTAP_DISABLE_LED
179#define CONFIG_FIDO2_CTAP_DISABLE_LED 0
185#define CTAP_RP_MAX_NAME_SIZE 32
190#define CTAP_USER_MAX_NAME_SIZE 64 + 1
195#define CTAP_USER_ID_MAX_SIZE 64
200#define CTAP_DOMAIN_NAME_MAX_SIZE 253 + 1
205#define CTAP_ICON_MAX_SIZE 128 + 1
210#define CTAP_PIN_MIN_SIZE 4
218#define CTAP_PIN_ENC_MIN_SIZE 64
224#define CTAP_PIN_ENC_MAX_SIZE 256
229#define CTAP_PIN_MAX_SIZE 64
234#define CTAP_PIN_MAX_ATTS 8
239#define CTAP_PIN_MAX_ATTS_BOOT 3
244#define CTAP_PIN_PROT_VER 1
249#define CTAP_AMT_SUP_PIN_VER 1
256#define CTAP_PIN_TOKEN_SZ 16
265#define CTAP_CRED_KEY_LEN 16
274#define CTAP_AES_CCM_L 2
279#define CTAP_AES_CCM_NONCE_SIZE (15 - CTAP_AES_CCM_L)
286#define CTAP_CREDENTIAL_ID_ENC_SIZE (sizeof(struct ctap_resident_key) - \
287 sizeof(((struct ctap_resident_key *)0)-> \
288 cred_desc.cred_id) - \
289 sizeof(((struct ctap_resident_key *)0)-> \
290 cred_desc.has_nonce))
295#ifdef CONFIG_FIDO2_CTAP_UP_TIMEOUT
296#define CTAP_UP_TIMEOUT (CONFIG_FIDO2_CTAP_UP_TIMEOUT * MS_PER_SEC)
298#define CTAP_UP_TIMEOUT (15 * MS_PER_SEC)
305#define CTAP_GET_NEXT_ASSERTION_TIMEOUT (30 * MS_PER_SEC)
310#ifdef CONFIG_FIDO2_CTAP_DEVICE_AAGUID
311#define CTAP_AAGUID CONFIG_FIDO2_CTAP_DEVICE_AAGUID
314#define CTAP_AAGUID "9c295865fa2c36b705a42320af9c8f16"
322#define CTAP_PUB_KEY_CRED_PUB_KEY 0x01
323#define CTAP_PUB_KEY_CRED_UNKNOWN 0x02
331#define CTAP_COSE_KEY_LABEL_KTY 1
332#define CTAP_COSE_KEY_LABEL_ALG 3
333#define CTAP_COSE_KEY_LABEL_CRV -1
334#define CTAP_COSE_KEY_LABEL_X -2
335#define CTAP_COSE_KEY_LABEL_Y -3
336#define CTAP_COSE_KEY_KTY_EC2 2
337#define CTAP_COSE_KEY_CRV_P256 1
343#define CTAP_AAGUID_SIZE 16
348#define CTAP_COSE_ALG_ES256 -7
353#define CTAP_COSE_ALG_ECDH_ES_HKDF_256 -25
359#define CTAP_CREDENTIAL_ID_SIZE 16U
367#define CTAP_INITIALIZED_MARKER 0x4e
372#define CTAP_MAX_EXCLUDE_LIST_SIZE 0x14
505typedef struct __attribute__((packed)) {
576typedef struct __attribute__((packed)){
596typedef struct __attribute__((packed)){
637 const uint8_t *client_data_hash,
639 uint8_t *sig,
size_t *sig_len);
POSIX.1-2008 compliant version of the assert macro.
Functionality for encoding SenML values as CBOR.
Counter with CBC-MAC mode of operation for block ciphers.
#define CCM_MAC_MAX_LEN
Maximum length for the appended MAC.
Public FIDO2 CTAP defines, structures and function declarations.
FIDO2 CTAP crypto helper defines, structures and function declarations.
#define CTAP_CRYPTO_KEY_SIZE
Size in bytes of cryptographic keys used.
bool fido2_ctap_cred_params_supported(uint8_t cred_type, int32_t alg_type)
Check if requested algorithm is supported.
#define CTAP_CREDENTIAL_ID_SIZE
CTAP size of credential id.
int fido2_ctap_encrypt_rk(ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
Encrypt resident key with AES CCM.
int fido2_ctap_get_sig(const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
Create signature from authenticator data.
#define CTAP_CREDENTIAL_ID_ENC_SIZE
Total size of AES CCM credential id.
#define CTAP_PIN_AUTH_SZ
Size of pin auth.
#define CTAP_RP_MAX_NAME_SIZE
Max size of relying party name.
#define CTAP_PIN_ENC_MAX_SIZE
Encrypted newPin max size.
ctap_pin_subcommand_t
CTAP Client PIN request subCommand CBOR key values.
#define CTAP_AAGUID_SIZE
CTAP size of authenticator AAGUID in bytes.
ctap_state_t * fido2_ctap_get_state(void)
Get a pointer to the authenticator state.
#define CTAP_DOMAIN_NAME_MAX_SIZE
Max size of a domain name including null character.
#define CTAP_MAX_EXCLUDE_LIST_SIZE
Max size of allow list.
#define CTAP_USER_ID_MAX_SIZE
Max size of user id.
bool fido2_ctap_pin_is_set(void)
Check if PIN has been set on authenticator.
#define CTAP_AES_CCM_NONCE_SIZE
AES CCM nonce size.
#define CTAP_USER_MAX_NAME_SIZE
Max size of username including null character.
#define CTAP_CRED_KEY_LEN
Size of key used to encrypt credential.
@ CTAP_PIN_SET_PIN
setPIN subCommand
@ CTAP_PIN_GET_PIN_TOKEN
getPinToken subCommand
@ CTAP_PIN_CHANGE_PIN
changePIN subCommand
@ CTAP_PIN_GET_KEY_AGREEMENT
getKeyAgreement subCommand
@ CTAP_PIN_GET_RETRIES
getRetries subCommand
#define SHA256_DIGEST_LENGTH
Length of SHA256 digests in bytes.
Mutex for thread synchronization.
CTAP attested credential data struct.
ctap_public_key_cose_t key
cose key
ctap_attested_cred_data_header_t header
attested credential data header
CTAP authenticator data struct.
ctap_attested_cred_data_t attested_cred_data
attested credential data
ctap_auth_data_header_t header
auth data header
CTAP client pin request struct.
bool key_agreement_present
indicate if key_agreement present
uint16_t new_pin_enc_size
size of encrypted new pin
ctap_pin_subcommand_t sub_command
ClientPIN sub command.
ctap_public_key_cose_t key_agreement
public key of platform_key_agreement_key
bool pin_auth_present
indicate if pin_auth present
uint8_t pin_protocol
PIN protocol version chosen by the client.
bool pin_hash_enc_present
indicate pin_hash_enc is present
CTAP authenticator config struct.
CTAP credential description alternative struct.
uint8_t cred_type
type of credential
ctap_cred_id_t cred_id
credential id
CTAP credential description struct.
uint8_t cred_id[CTAP_CREDENTIAL_ID_SIZE]
credential identifier
uint8_t nonce[CTAP_AES_CCM_NONCE_SIZE]
CTAP AES CCM nonce.
uint8_t cred_type
type of credential
bool has_nonce
Indicate if nonce or cred_id
Elliptic curve public key.
CTAP get assertion request struct.
uint8_t pin_protocol
PIN protocol version.
bool pin_auth_present
indicate if pin_auth present
size_t pin_auth_len
pin_auth length
uint8_t rp_id_len
Actual Length of Relying Party Identifier.
uint8_t allow_list_len
length of CBOR allow list array
ctap_options_t options
parameters to influence authenticator operation
bool pin_is_set
PIN is set or not.
uint8_t options
supported options
uint8_t pin_protocol
supported PIN protocol versions
uint8_t versions
supported versions of FIDO
uint16_t max_msg_size
max message size
CTAP make credential request struct.
bool pin_auth_present
pin_auth present
int32_t alg_type
cryptographic algorithm identifier
size_t exclude_list_len
length of CBOR exclude list array
ctap_rp_ent_t rp
relying party
size_t pin_auth_len
pin_auth len
uint8_t cred_type
type of credential
ctap_options_t options
parameters to influence authenticator operation
uint8_t pin_protocol
PIN protocol version.
int32_t alg_type
COSEAlgorithmIdentifier.
int kty
identification of key type
ctap_crypto_pub_key_t pubkey
public key
uint8_t cred_type
type of credential
CTAP resident key struct.
ctap_cred_desc_t cred_desc
credential descriptor
uint32_t sign_count
signature counter.
uint8_t user_id_len
length of the user id
uint16_t id
internal id of key
CTAP relying party entity struct.
uint8_t id_len
actual length of relying party identifier
uint16_t rk_amount_stored
total number of resident keys stored on device
int rem_pin_att
remaining PIN tries
bool pin_is_set
PIN is set or not.
ctap_config_t config
configuration of authenticator
bool cred_key_is_initialized
AES CCM key initialized flag.
uint8_t initialized_marker
CTAP initialized marker.
ctap_crypto_key_agreement_key_t ag_key
Platform key agreement key.
uint32_t id_cnt
id counter for credential id
uint8_t id_len
actual length of user id
Utility library for comparing and computing timestamps.
1.9.8