25#ifndef FIDO2_CTAP_CTAP_H
26#define FIDO2_CTAP_CTAP_H
51#define CTAP_PIN_AUTH_SZ 16
58#define CTAP_MAKE_CREDENTIAL 0x01
59#define CTAP_GET_ASSERTION 0x02
60#define CTAP_GET_INFO 0x04
61#define CTAP_CLIENT_PIN 0x06
62#define CTAP_RESET 0x07
63#define CTAP_GET_NEXT_ASSERTION 0x08
71#define CTAP_AUTH_DATA_FLAG_UP (1 << 0)
72#define CTAP_AUTH_DATA_FLAG_UV (1 << 2)
73#define CTAP_AUTH_DATA_FLAG_AT (1 << 6)
74#define CTAP_AUTH_DATA_FLAG_ED (1 << 7)
82#define CTAP_VERSION_FLAG_FIDO_PRE 0x01
83#define CTAP_VERSION_FLAG_FIDO 0x02
84#define CTAP_VERSION_FLAG_U2F_V2 0x04
94#define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT "plat"
95#define CTAP_GET_INFO_RESP_OPTIONS_ID_RK "rk"
96#define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN "clientPin"
97#define CTAP_GET_INFO_RESP_OPTIONS_ID_UP "up"
98#define CTAP_GET_INFO_RESP_OPTIONS_ID_UV "uv"
106#define CTAP_INFO_OPTIONS_FLAG_PLAT (1 << 0)
107#define CTAP_INFO_OPTIONS_FLAG_RK (1 << 1)
108#define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN (1 << 2)
109#define CTAP_INFO_OPTIONS_FLAG_UP (1 << 3)
110#define CTAP_INFO_OPTIONS_FLAG_UV (1 << 4)
118#define CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES 0x01
119#define CTAP_CP_REQ_SUB_COMMAND_GET_KEY_AGREEMENT 0x02
120#define CTAP_CP_REQ_SUB_COMMAND_SET_PIN 0x03
121#define CTAP_CP_REQ_SUB_COMMAND_CHANGE_PIN 0x04
122#define CTAP_CP_REQ_SUB_COMMAND_GET_PIN_TOKEN 0x05
128#ifdef CONFIG_FIDO2_CTAP_STACK_SIZE
129#define CTAP_STACKSIZE CONFIG_FIDO2_CTAP_STACK_SIZE
131#define CTAP_STACKSIZE 15000
137#if defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT) && defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PIN) && \
138 (CONFIG_FIDO2_CTAP_UP_BUTTON_PORT >= 0) && (CONFIG_FIDO2_CTAP_UP_BUTTON_PIN >= 0)
139#define CTAP_UP_BUTTON GPIO_PIN(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT, CONFIG_FIDO2_CTAP_UP_BUTTON_PIN)
143#define CTAP_UP_BUTTON BTN0_PIN
145#define CTAP_UP_BUTTON 0
149#define CONFIG_FIDO2_CTAP_DISABLE_UP 1
156#if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PU)
157#define CTAP_UP_BUTTON_MODE GPIO_IN_PU
158#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PD)
159#define CTAP_UP_BUTTON_MODE GPIO_IN_PD
160#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN)
161#define CTAP_UP_BUTTON_MODE GPIO_IN
163#define CTAP_UP_BUTTON_MODE GPIO_IN_PU
169#if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_FALLING)
170#define CTAP_UP_BUTTON_FLANK GPIO_FALLING
171#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_RISING)
172#define CTAP_UP_BUTTON_FLANK GPIO_RISING
173#elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_BOTH)
174#define CTAP_UP_BUTTON_FLANK GPIO_BOTH
176#define CTAP_UP_BUTTON_FLANK GPIO_FALLING
182#ifndef CONFIG_FIDO2_CTAP_DISABLE_UP
183#define CONFIG_FIDO2_CTAP_DISABLE_UP 0
189#ifndef CONFIG_FIDO2_CTAP_DISABLE_LED
190#define CONFIG_FIDO2_CTAP_DISABLE_LED 0
196#define CTAP_RP_MAX_NAME_SIZE 32
201#define CTAP_USER_MAX_NAME_SIZE 64 + 1
206#define CTAP_USER_ID_MAX_SIZE 64
211#define CTAP_DOMAIN_NAME_MAX_SIZE 253 + 1
216#define CTAP_ICON_MAX_SIZE 128 + 1
221#define CTAP_PIN_MIN_SIZE 4
229#define CTAP_PIN_ENC_MIN_SIZE 64
235#define CTAP_PIN_ENC_MAX_SIZE 256
240#define CTAP_PIN_MAX_SIZE 64
245#define CTAP_PIN_MAX_ATTS 8
250#define CTAP_PIN_MAX_ATTS_BOOT 3
255#define CTAP_PIN_PROT_VER 1
260#define CTAP_AMT_SUP_PIN_VER 1
267#define CTAP_PIN_TOKEN_SZ 16
276#define CTAP_CRED_KEY_LEN 16
285#define CTAP_AES_CCM_L 2
290#define CTAP_AES_CCM_NONCE_SIZE (15 - CTAP_AES_CCM_L)
297#define CTAP_CREDENTIAL_ID_ENC_SIZE (sizeof(struct ctap_resident_key) - \
298 sizeof(((struct ctap_resident_key *)0)-> \
299 cred_desc.cred_id) - \
300 sizeof(((struct ctap_resident_key *)0)-> \
301 cred_desc.has_nonce))
306#ifdef CONFIG_FIDO2_CTAP_UP_TIMEOUT
307#define CTAP_UP_TIMEOUT (CONFIG_FIDO2_CTAP_UP_TIMEOUT * MS_PER_SEC)
309#define CTAP_UP_TIMEOUT (15 * MS_PER_SEC)
316#define CTAP_GET_NEXT_ASSERTION_TIMEOUT (30 * MS_PER_SEC)
321#ifdef CONFIG_FIDO2_CTAP_DEVICE_AAGUID
322#define CTAP_AAGUID CONFIG_FIDO2_CTAP_DEVICE_AAGUID
325#define CTAP_AAGUID "9c295865fa2c36b705a42320af9c8f16"
333#define CTAP_PUB_KEY_CRED_PUB_KEY 0x01
334#define CTAP_PUB_KEY_CRED_UNKNOWN 0x02
342#define CTAP_COSE_KEY_LABEL_KTY 1
343#define CTAP_COSE_KEY_LABEL_ALG 3
344#define CTAP_COSE_KEY_LABEL_CRV -1
345#define CTAP_COSE_KEY_LABEL_X -2
346#define CTAP_COSE_KEY_LABEL_Y -3
347#define CTAP_COSE_KEY_KTY_EC2 2
348#define CTAP_COSE_KEY_CRV_P256 1
354#define CTAP_AAGUID_SIZE 16
359#define CTAP_COSE_ALG_ES256 -7
364#define CTAP_COSE_ALG_ECDH_ES_HKDF_256 -25
370#define CTAP_CREDENTIAL_ID_SIZE 16U
378#define CTAP_INITIALIZED_MARKER 0x4e
383#define CTAP_MAX_EXCLUDE_LIST_SIZE 0x14
516typedef struct __attribute__((packed)) {
587typedef struct __attribute__((packed)){
607typedef struct __attribute__((packed)){
648 const uint8_t *client_data_hash,
650 uint8_t *sig,
size_t *sig_len);
POSIX.1-2008 compliant version of the assert macro.
Functionality for encoding SenML values as CBOR.
Counter with CBC-MAC mode of operation for block ciphers.
#define CCM_MAC_MAX_LEN
Maximum length for the appended MAC.
Public FIDO2 CTAP defines, structures and function declarations.
FIDO2 CTAP crypto helper defines, structures and function declarations.
#define CTAP_CRYPTO_KEY_SIZE
Size in bytes of cryptographic keys used.
bool fido2_ctap_cred_params_supported(uint8_t cred_type, int32_t alg_type)
Check if requested algorithm is supported.
#define CTAP_CREDENTIAL_ID_SIZE
CTAP size of credential id.
int fido2_ctap_encrypt_rk(ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
Encrypt resident key with AES CCM.
int fido2_ctap_get_sig(const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
Create signature from authenticator data.
#define CTAP_CREDENTIAL_ID_ENC_SIZE
Total size of AES CCM credential id.
#define CTAP_PIN_AUTH_SZ
Size of pin auth.
#define CTAP_RP_MAX_NAME_SIZE
Max size of relying party name.
#define CTAP_PIN_ENC_MAX_SIZE
Encrypted newPin max size.
#define CTAP_AAGUID_SIZE
CTAP size of authenticator AAGUID in bytes.
ctap_state_t * fido2_ctap_get_state(void)
Get a pointer to the authenticator state.
#define CTAP_DOMAIN_NAME_MAX_SIZE
Max size of a domain name including null character.
#define CTAP_MAX_EXCLUDE_LIST_SIZE
Max size of allow list.
#define CTAP_USER_ID_MAX_SIZE
Max size of user id.
bool fido2_ctap_pin_is_set(void)
Check if PIN has been set on authenticator.
#define CTAP_AES_CCM_NONCE_SIZE
AES CCM nonce size.
#define CTAP_USER_MAX_NAME_SIZE
Max size of username including null character.
#define CTAP_CRED_KEY_LEN
Size of key used to encrypt credential.
#define SHA256_DIGEST_LENGTH
Length of SHA256 digests in bytes.
Mutex for thread synchronization.
CTAP attested credential data struct.
ctap_public_key_cose_t key
cose key
ctap_attested_cred_data_header_t header
attested credential data header
CTAP authenticator data struct.
ctap_attested_cred_data_t attested_cred_data
attested credential data
ctap_auth_data_header_t header
auth data header
CTAP client pin request struct.
bool key_agreement_present
indicate if key_agreement present
uint16_t new_pin_enc_size
size of encrypted new pin
ctap_public_key_cose_t key_agreement
public key of platform_key_agreement_key
uint8_t sub_command
authenticator Client PIN sub command
bool pin_auth_present
indicate if pin_auth present
uint8_t pin_protocol
PIN protocol version chosen by the client.
bool pin_hash_enc_present
indicate pin_hash_enc is present
CTAP authenticator config struct.
CTAP credential description alternative struct.
uint8_t cred_type
type of credential
ctap_cred_id_t cred_id
credential id
CTAP credential description struct.
uint8_t cred_id[CTAP_CREDENTIAL_ID_SIZE]
credential identifier
uint8_t nonce[CTAP_AES_CCM_NONCE_SIZE]
CTAP AES CCM nonce.
uint8_t cred_type
type of credential
bool has_nonce
Indicate if nonce or cred_id
Elliptic curve public key.
CTAP get assertion request struct.
uint8_t pin_protocol
PIN protocol version.
bool pin_auth_present
indicate if pin_auth present
size_t pin_auth_len
pin_auth length
uint8_t rp_id_len
Actual Length of Relying Party Identifier.
uint8_t allow_list_len
length of CBOR allow list array
ctap_options_t options
parameters to influence authenticator operation
bool pin_is_set
PIN is set or not.
uint8_t options
supported options
uint8_t pin_protocol
supported PIN protocol versions
uint8_t versions
supported versions of FIDO
uint16_t max_msg_size
max message size
CTAP make credential request struct.
bool pin_auth_present
pin_auth present
int32_t alg_type
cryptographic algorithm identifier
size_t exclude_list_len
length of CBOR exclude list array
ctap_rp_ent_t rp
relying party
size_t pin_auth_len
pin_auth len
uint8_t cred_type
type of credential
ctap_options_t options
parameters to influence authenticator operation
uint8_t pin_protocol
PIN protocol version.
int32_t alg_type
COSEAlgorithmIdentifier.
int kty
identification of key type
ctap_crypto_pub_key_t pubkey
public key
uint8_t cred_type
type of credential
CTAP resident key struct.
ctap_cred_desc_t cred_desc
credential descriptor
uint32_t sign_count
signature counter.
uint8_t user_id_len
length of the user id
uint16_t id
internal id of key
CTAP relying party entity struct.
uint8_t id_len
actual length of relying party identifier
uint16_t rk_amount_stored
total number of resident keys stored on device
int rem_pin_att
remaining PIN tries
bool pin_is_set
PIN is set or not.
ctap_config_t config
configuration of authenticator
bool cred_key_is_initialized
AES CCM key initialized flag.
uint8_t initialized_marker
CTAP initialized marker.
ctap_crypto_key_agreement_key_t ag_key
Platform key agreement key.
uint32_t id_cnt
id counter for credential id
uint8_t id_len
actual length of user id
Utility library for comparing and computing timestamps.
1.9.8