FIDO2 CTAP crypto helper. More...
FIDO2 CTAP crypto helper.
Files | |
file | ctap_crypto.h |
FIDO2 CTAP crypto helper defines, structures and function declarations. | |
Data Structures | |
struct | ctap_crypto_pub_key_t |
Elliptic curve public key. More... | |
struct | ctap_crypto_key_agreement_key_t |
Key agreement key. More... | |
Macros | |
#define | CTAP_CRYPTO_KEY_SIZE 32 |
Size in bytes of cryptographic keys used. | |
#define | CTAP_CRYPTO_ES256_DER_MAX_SIZE 72 |
Max size of ES256 signature in ASN.1 DER format. | |
Functions | |
ctap_status_code_t | fido2_ctap_crypto_init (void) |
Initialize crypto helper. | |
ctap_status_code_t | fido2_ctap_crypto_prng (uint8_t *buf, size_t len) |
Wrapper function for random_bytes. | |
ctap_status_code_t | fido2_ctap_crypto_sha256_init (sha256_context_t *ctx) |
Wrapper function for sha256_init. | |
ctap_status_code_t | fido2_ctap_crypto_sha256_update (sha256_context_t *ctx, const void *data, size_t len) |
Wrapper function for sha256_update. | |
ctap_status_code_t | fido2_ctap_crypto_sha256_final (sha256_context_t *ctx, void *digest) |
Wrapper for sha256_final. | |
ctap_status_code_t | fido2_ctap_crypto_sha256 (const void *data, size_t len, void *digest) |
Wrapper function for sha256. | |
ctap_status_code_t | fido2_ctap_crypto_hmac_sha256_init (hmac_context_t *ctx, const void *key, size_t key_length) |
Wrapper function for hmac_sha256_init. | |
ctap_status_code_t | fido2_ctap_crypto_hmac_sha256_update (hmac_context_t *ctx, const void *data, size_t len) |
Wrapper function for hmac_sha256_update. | |
ctap_status_code_t | fido2_ctap_crypto_hmac_sha256_final (hmac_context_t *ctx, void *digest) |
Wrapper function for hmac_sha256_final. | |
ctap_status_code_t | fido2_ctap_crypto_hmac_sha256 (const void *key, size_t key_length, const void *data, size_t len, void *digest) |
Wrapper function for hmac_sha256. | |
ctap_status_code_t | fido2_ctap_crypto_gen_keypair (ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t len) |
Generate cryptographic key pair. | |
ctap_status_code_t | fido2_ctap_crypto_ecdh (uint8_t *out, size_t len, ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t key_len) |
Elliptic-curve Diffie-Hellmann. | |
ctap_status_code_t | fido2_ctap_crypto_get_sig (uint8_t *hash, size_t hash_len, uint8_t *sig, size_t *sig_len, const uint8_t *key, size_t key_len) |
Create cryptographic signature. | |
ctap_status_code_t | fido2_ctap_crypto_aes_enc (uint8_t *out, size_t *out_len, uint8_t *in, size_t in_len, const uint8_t *key, size_t key_len) |
Encrypt data using AES-256-CBC. | |
ctap_status_code_t | fido2_ctap_crypto_aes_dec (uint8_t *out, size_t *out_len, uint8_t *in, size_t in_len, const uint8_t *key, size_t key_len) |
Decrypt data using AES-256-CBC. | |
ctap_status_code_t | fido2_ctap_crypto_aes_ccm_enc (uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len, uint8_t *auth_data, size_t auth_data_len, uint8_t mac_len, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, const uint8_t *key, size_t key_len) |
Encrypt data using AES-128-CCM. | |
ctap_status_code_t | fido2_ctap_crypto_aes_ccm_dec (uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len, uint8_t *auth_data, size_t auth_data_len, uint8_t mac_len, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, const uint8_t *key, size_t key_len) |
Encrypt data using AES-128-CCM. | |
#define CTAP_CRYPTO_ES256_DER_MAX_SIZE 72 |
Max size of ES256 signature in ASN.1 DER format.
Definition at line 43 of file ctap_crypto.h.
#define CTAP_CRYPTO_KEY_SIZE 32 |
Size in bytes of cryptographic keys used.
Definition at line 38 of file ctap_crypto.h.
ctap_status_code_t fido2_ctap_crypto_aes_ccm_dec | ( | uint8_t * | out, |
size_t | out_len, | ||
const uint8_t * | in, | ||
size_t | in_len, | ||
uint8_t * | auth_data, | ||
size_t | auth_data_len, | ||
uint8_t | mac_len, | ||
uint8_t | length_encoding, | ||
const uint8_t * | nonce, | ||
size_t | nonce_len, | ||
const uint8_t * | key, | ||
size_t | key_len | ||
) |
Encrypt data using AES-128-CCM.
[in] | out | encrypted data |
[in] | out_len | length of out |
[in] | in | data to be encrypted |
[in] | in_len | length of in |
[in] | auth_data | additional data to authenticate in MAC |
[in] | auth_data_len | length of auth_data |
[in] | mac_len | length of appended MAC |
[in] | length_encoding | max supported length of plaintext |
[in] | nonce | nonce for ctr mode encryption |
[in] | nonce_len | length of nonce |
[in] | key | symmetric key to use for encryption |
[in] | key_len | length of key |
ctap_status_code_t fido2_ctap_crypto_aes_ccm_enc | ( | uint8_t * | out, |
size_t | out_len, | ||
const uint8_t * | in, | ||
size_t | in_len, | ||
uint8_t * | auth_data, | ||
size_t | auth_data_len, | ||
uint8_t | mac_len, | ||
uint8_t | length_encoding, | ||
const uint8_t * | nonce, | ||
size_t | nonce_len, | ||
const uint8_t * | key, | ||
size_t | key_len | ||
) |
Encrypt data using AES-128-CCM.
[in] | out | encrypted data |
[in] | out_len | length of out |
[in] | in | data to be encrypted |
[in] | in_len | length of in |
[in] | auth_data | additional data to authenticate in MAC |
[in] | auth_data_len | length of auth_data |
[in] | mac_len | length of appended MAC |
[in] | length_encoding | max supported length of plaintext |
[in] | nonce | nonce for ctr mode encryption |
[in] | nonce_len | length of nonce |
[in] | key | symmetric key to use for encryption |
[in] | key_len | length of key |
ctap_status_code_t fido2_ctap_crypto_aes_dec | ( | uint8_t * | out, |
size_t * | out_len, | ||
uint8_t * | in, | ||
size_t | in_len, | ||
const uint8_t * | key, | ||
size_t | key_len | ||
) |
Decrypt data using AES-256-CBC.
[in] | out | decrypted data |
[in] | out_len | length of out |
[in] | in | encrypted data |
[in] | in_len | len of in |
[in] | key | symmetric key to use for decryption |
[in] | key_len | length of key |
ctap_status_code_t fido2_ctap_crypto_aes_enc | ( | uint8_t * | out, |
size_t * | out_len, | ||
uint8_t * | in, | ||
size_t | in_len, | ||
const uint8_t * | key, | ||
size_t | key_len | ||
) |
Encrypt data using AES-256-CBC.
[in] | out | encrypted data |
[in] | out_len | length of out |
[in] | in | data to be encrypted |
[in] | in_len | length of in |
[in] | key | symmetric key to use for encryption |
[in] | key_len | length of key |
ctap_status_code_t fido2_ctap_crypto_ecdh | ( | uint8_t * | out, |
size_t | len, | ||
ctap_crypto_pub_key_t * | pub_key, | ||
uint8_t * | priv_key, | ||
size_t | key_len | ||
) |
Elliptic-curve Diffie-Hellmann.
[in] | out | shared secret buffer |
[in] | len | length of out |
[in] | pub_key | public key of other party |
[in] | priv_key | private key |
[in] | key_len | length of priv_key |
ctap_status_code_t fido2_ctap_crypto_gen_keypair | ( | ctap_crypto_pub_key_t * | pub_key, |
uint8_t * | priv_key, | ||
size_t | len | ||
) |
Generate cryptographic key pair.
[in] | pub_key | public key buffer |
[in] | priv_key | private key buffer |
[in] | len | length of priv_key |
ctap_status_code_t fido2_ctap_crypto_get_sig | ( | uint8_t * | hash, |
size_t | hash_len, | ||
uint8_t * | sig, | ||
size_t * | sig_len, | ||
const uint8_t * | key, | ||
size_t | key_len | ||
) |
Create cryptographic signature.
[in] | hash | Hash to be signed |
[in] | hash_len | length of hash |
[in] | sig | signature buffer |
[in] | sig_len | length of sig |
[in] | key | private key to use for signature |
[in] | key_len | length of key |
ctap_status_code_t fido2_ctap_crypto_hmac_sha256 | ( | const void * | key, |
size_t | key_length, | ||
const void * | data, | ||
size_t | len, | ||
void * | digest | ||
) |
Wrapper function for hmac_sha256.
[in] | key | key used in the hmac-sha256 computation |
[in] | key_length | length of key |
[in] | data | pointer to the buffer to generate the hmac-sha256 |
[in] | len | length of data |
[out] | digest | the computed hmac-sha256, length MUST be SHA256_DIGEST_LENGTH |
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_final | ( | hmac_context_t * | ctx, |
void * | digest | ||
) |
Wrapper function for hmac_sha256_final.
[in] | ctx | hmac_context_t handle to use |
[out] | digest | the computed hmac-sha256, length MUST be SHA256_DIGEST_LENGTH |
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_init | ( | hmac_context_t * | ctx, |
const void * | key, | ||
size_t | key_length | ||
) |
Wrapper function for hmac_sha256_init.
[in] | ctx | hmac_context_t handle to use |
[in] | key | key used in the hmac-sha256 computation |
[in] | key_length | length of key |
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_update | ( | hmac_context_t * | ctx, |
const void * | data, | ||
size_t | len | ||
) |
Wrapper function for hmac_sha256_update.
[in] | ctx | hmac_context_t handle to use |
[in] | data | pointer to the buffer to generate hash from |
[in] | len | length of data |
ctap_status_code_t fido2_ctap_crypto_init | ( | void | ) |
Initialize crypto helper.
Initializes crypto libs and creates key_agreement key pair
ctap_status_code_t fido2_ctap_crypto_prng | ( | uint8_t * | buf, |
size_t | len | ||
) |
Wrapper function for random_bytes.
[in] | buf | buffer to hold random bytes |
[in] | len | length of buf |
ctap_status_code_t fido2_ctap_crypto_sha256 | ( | const void * | data, |
size_t | len, | ||
void * | digest | ||
) |
Wrapper function for sha256.
[in] | data | pointer to the buffer to generate hash from |
[in] | len | length of data |
[out] | digest | optional pointer to an array for the result, length must be SHA256_DIGEST_LENGTH |
ctap_status_code_t fido2_ctap_crypto_sha256_final | ( | sha256_context_t * | ctx, |
void * | digest | ||
) |
Wrapper for sha256_final.
ctx | sha256_context_t handle to use |
digest | resulting digest, this is the hash of all the bytes |
ctap_status_code_t fido2_ctap_crypto_sha256_init | ( | sha256_context_t * | ctx | ) |
Wrapper function for sha256_init.
ctx | sha256_context_t handle to init |
ctap_status_code_t fido2_ctap_crypto_sha256_update | ( | sha256_context_t * | ctx, |
const void * | data, | ||
size_t | len | ||
) |
Wrapper function for sha256_update.
ctx | sha256_context_t handle to use | |
[in] | data | Input data |
[in] | len | Length of data |