Loading...
Searching...
No Matches

FIDO2 CTAP. More...

Detailed Description

FIDO2 CTAP.

The Client-to-Authenticator Protocol (CTAP) is an application layer protocol for the communication between an authenticator and a host.

Files

file  ctap.h
 Internal FIDO2 CTAP defines, structures and function declarations.
 

Data Structures

struct  ctap_config_t
 CTAP authenticator config struct. More...
 
struct  ctap_state_t
 CTAP state struct. More...
 
struct  ctap_options_t
 CTAP options struct. More...
 
struct  ctap_user_ent_t
 CTAP user entity struct. More...
 
struct  ctap_rp_ent_t
 CTAP relying party entity struct. More...
 
struct  ctap_public_key_cose_t
 CTAP cose key struct. More...
 
struct  ctap_cred_desc
 CTAP credential description struct. More...
 
struct  ctap_resident_key
 CTAP resident key struct. More...
 
struct  ctap_cred_id_t
 CTAP credential ID. More...
 
struct  ctap_cred_desc_alt
 CTAP credential description alternative struct. More...
 
struct  ctap_make_credential_req_t
 CTAP make credential request struct. More...
 
struct  ctap_get_assertion_req_t
 CTAP get assertion request struct. More...
 
struct  ctap_client_pin_req_t
 CTAP client pin request struct. More...
 
struct  ctap_attested_cred_data_header_t
 CTAP attested credential data header struct. More...
 
struct  ctap_attested_cred_data_t
 CTAP attested credential data struct. More...
 
struct  ctap_auth_data_header_t
 CTAP authenticator data header struct. More...
 
struct  ctap_auth_data_t
 CTAP authenticator data struct. More...
 
struct  ctap_info_t
 CTAP info struct. More...
 

Macros

#define CTAP_PIN_AUTH_SZ   16
 Size of pin auth.
 
#define CTAP_STACKSIZE   15000
 CTAP thread stack size.
 
#define CTAP_UP_BUTTON   0
 CTAP user presence button.
 
#define CONFIG_FIDO2_CTAP_DISABLE_UP   1
 Disable user presence test configuration.
 
#define CTAP_UP_BUTTON_MODE   GPIO_IN_PU
 CTAP user presence button mode.
 
#define CTAP_UP_BUTTON_FLANK   GPIO_FALLING
 CTAP user presence button flank.
 
#define CONFIG_FIDO2_CTAP_DISABLE_LED   0
 Disable user presence test configuration.
 
#define CTAP_RP_MAX_NAME_SIZE   32
 Max size of relying party name.
 
#define CTAP_USER_MAX_NAME_SIZE   64 + 1
 Max size of username including null character.
 
#define CTAP_USER_ID_MAX_SIZE   64
 Max size of user id.
 
#define CTAP_DOMAIN_NAME_MAX_SIZE   253 + 1
 Max size of a domain name including null character.
 
#define CTAP_ICON_MAX_SIZE   128 + 1
 Max size of icon including null character.
 
#define CTAP_PIN_MIN_SIZE   4
 PIN min size.
 
#define CTAP_PIN_ENC_MIN_SIZE   64
 Encrypted newPin min size.
 
#define CTAP_PIN_ENC_MAX_SIZE   256
 Encrypted newPin max size.
 
#define CTAP_PIN_MAX_SIZE   64
 PIN max size.
 
#define CTAP_PIN_MAX_ATTS   8
 Max total consecutive incorrect PIN attempts.
 
#define CTAP_PIN_MAX_ATTS_BOOT   3
 Max consecutive incorrect PIN attempts for 1 boot cycle.
 
#define CTAP_PIN_PROT_VER   1
 PIN protocol version.
 
#define CTAP_AMT_SUP_PIN_VER   1
 Total number of supported PIN protocol versions.
 
#define CTAP_PIN_TOKEN_SZ   16
 Size of pin token.
 
#define CTAP_CRED_KEY_LEN   16
 Size of key used to encrypt credential.
 
#define CTAP_AES_CCM_L   2
 AES_CCM_L parameter.
 
#define CTAP_AES_CCM_NONCE_SIZE   (15 - CTAP_AES_CCM_L)
 AES CCM nonce size.
 
#define CTAP_CREDENTIAL_ID_ENC_SIZE
 Total size of AES CCM credential id.
 
#define CTAP_UP_TIMEOUT   (15 * MS_PER_SEC)
 Timeout for user presence test.
 
#define CTAP_GET_NEXT_ASSERTION_TIMEOUT   (30 * MS_PER_SEC)
 Max time between call to get_assertion or get_next_assertion until error is returned.
 
#define CTAP_AAGUID   "9c295865fa2c36b705a42320af9c8f16"
 128 bit identifier of authenticator
 
#define CTAP_AAGUID_SIZE   16
 CTAP size of authenticator AAGUID in bytes.
 
#define CTAP_COSE_ALG_ES256   -7
 CTAP COSE Algorithms registry identifier for ES256.
 
#define CTAP_COSE_ALG_ECDH_ES_HKDF_256   -25
 CTAP COSE Algorithms registry identifier for ECDH ES HKDF 256.
 
#define CTAP_CREDENTIAL_ID_SIZE   16U
 CTAP size of credential id.
 
#define CTAP_INITIALIZED_MARKER   0x4e
 CTAP state initialized marker.
 
#define CTAP_MAX_EXCLUDE_LIST_SIZE   0x14
 Max size of allow list.
 

Typedefs

typedef struct ctap_cred_desc ctap_cred_desc_t
 CTAP cred struct forward declaration.
 
typedef struct ctap_cred_desc_alt ctap_cred_desc_alt_t
 Alternative CTAP cred struct forward declaration.
 
typedef struct ctap_resident_key ctap_resident_key_t
 CTAP resident key credential forward declaration.
 

Functions

int fido2_ctap_get_sig (const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
 Create signature from authenticator data.
 
bool fido2_ctap_cred_params_supported (uint8_t cred_type, int32_t alg_type)
 Check if requested algorithm is supported.
 
int fido2_ctap_encrypt_rk (ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
 Encrypt resident key with AES CCM.
 
bool fido2_ctap_pin_is_set (void)
 Check if PIN has been set on authenticator.
 
ctap_state_tfido2_ctap_get_state (void)
 Get a pointer to the authenticator state.
 
enum  ctap_pin_subcommand_t {
  CTAP_PIN_GET_RETRIES = 0x01 , CTAP_PIN_GET_KEY_AGREEMENT = 0x02 , CTAP_PIN_SET_PIN = 0x03 , CTAP_PIN_CHANGE_PIN = 0x04 ,
  CTAP_PIN_GET_PIN_TOKEN = 0x05
}
 CTAP Client PIN request subCommand CBOR key values. More...
 

CTAP authenticator data option flags

#define CTAP_AUTH_DATA_FLAG_UP   (1 << 0)
 user present
 
#define CTAP_AUTH_DATA_FLAG_UV   (1 << 2)
 user verified
 
#define CTAP_AUTH_DATA_FLAG_AT   (1 << 6)
 attested credential data included
 
#define CTAP_AUTH_DATA_FLAG_ED   (1 << 7)
 extension data included
 

CTAP version flags

#define CTAP_VERSION_FLAG_FIDO_PRE   0x01
 FIDO 2.1 flag.
 
#define CTAP_VERSION_FLAG_FIDO   0x02
 FIDO 2 flag.
 
#define CTAP_VERSION_FLAG_U2F_V2   0x04
 U2F V2 flag.
 

CTAP get info response options map CBOR key values

All options are in the form key-value pairs with string IDs and boolean values

#define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT   "plat"
 platform device string

 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_RK   "rk"
 resident key string

 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN   "clientPin"
 client PIN string
 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_UP   "up"
 user presence string
 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_UV   "uv"
 user verification string
 

CTAP get info options flags

#define CTAP_INFO_OPTIONS_FLAG_PLAT   (1 << 0)
 platform device flag

 
#define CTAP_INFO_OPTIONS_FLAG_RK   (1 << 1)
 resident key flag

 
#define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN   (1 << 2)
 clientPIN flag
 
#define CTAP_INFO_OPTIONS_FLAG_UP   (1 << 3)
 user presence flag
 
#define CTAP_INFO_OPTIONS_FLAG_UV   (1 << 4)
 user verification flag
 

CTAP credential types

#define CTAP_PUB_KEY_CRED_PUB_KEY   0x01
 public key credential type
 
#define CTAP_PUB_KEY_CRED_UNKNOWN   0x02
 unknown credential type
 

CTAP COSE key CBOR map key values

#define CTAP_COSE_KEY_LABEL_KTY   1
 key type identifier
 
#define CTAP_COSE_KEY_LABEL_ALG   3
 algorithm identifier
 
#define CTAP_COSE_KEY_LABEL_CRV   -1
 elliptic curve identifier
 
#define CTAP_COSE_KEY_LABEL_X   -2
 x coordinate
 
#define CTAP_COSE_KEY_LABEL_Y   -3
 y coordinate
 
#define CTAP_COSE_KEY_KTY_EC2   2
 2 coordinate elliptic curve key identifier
 
#define CTAP_COSE_KEY_CRV_P256   1
 secp256r1 elliptic curve key identifier
 

Macro Definition Documentation

◆ CONFIG_FIDO2_CTAP_DISABLE_LED

#define CONFIG_FIDO2_CTAP_DISABLE_LED   0

Disable user presence test configuration.

Disable user LED animation configuration

Definition at line 179 of file ctap.h.

◆ CONFIG_FIDO2_CTAP_DISABLE_UP

#define CONFIG_FIDO2_CTAP_DISABLE_UP   1

Disable user presence test configuration.

Definition at line 138 of file ctap.h.

◆ CTAP_AAGUID

#define CTAP_AAGUID   "9c295865fa2c36b705a42320af9c8f16"

128 bit identifier of authenticator

Definition at line 314 of file ctap.h.

◆ CTAP_AAGUID_SIZE

#define CTAP_AAGUID_SIZE   16

CTAP size of authenticator AAGUID in bytes.

Definition at line 343 of file ctap.h.

◆ CTAP_AES_CCM_L

#define CTAP_AES_CCM_L   2

AES_CCM_L parameter.

L has to be between 2 and 8. Value of 2 means that message has to be in the range 0 <= l(m) < 2^(16) = 65536. This should always be sufficient to send an encrypted resident key.

Definition at line 274 of file ctap.h.

◆ CTAP_AES_CCM_NONCE_SIZE

#define CTAP_AES_CCM_NONCE_SIZE   (15 - CTAP_AES_CCM_L)

AES CCM nonce size.

Definition at line 279 of file ctap.h.

◆ CTAP_AMT_SUP_PIN_VER

#define CTAP_AMT_SUP_PIN_VER   1

Total number of supported PIN protocol versions.

Definition at line 249 of file ctap.h.

◆ CTAP_AUTH_DATA_FLAG_AT

#define CTAP_AUTH_DATA_FLAG_AT   (1 << 6)

attested credential data included

Definition at line 60 of file ctap.h.

◆ CTAP_AUTH_DATA_FLAG_ED

#define CTAP_AUTH_DATA_FLAG_ED   (1 << 7)

extension data included

Definition at line 61 of file ctap.h.

◆ CTAP_AUTH_DATA_FLAG_UP

#define CTAP_AUTH_DATA_FLAG_UP   (1 << 0)

user present

Definition at line 58 of file ctap.h.

◆ CTAP_AUTH_DATA_FLAG_UV

#define CTAP_AUTH_DATA_FLAG_UV   (1 << 2)

user verified

Definition at line 59 of file ctap.h.

◆ CTAP_COSE_ALG_ECDH_ES_HKDF_256

#define CTAP_COSE_ALG_ECDH_ES_HKDF_256   -25

CTAP COSE Algorithms registry identifier for ECDH ES HKDF 256.

Definition at line 353 of file ctap.h.

◆ CTAP_COSE_ALG_ES256

#define CTAP_COSE_ALG_ES256   -7

CTAP COSE Algorithms registry identifier for ES256.

Definition at line 348 of file ctap.h.

◆ CTAP_COSE_KEY_CRV_P256

#define CTAP_COSE_KEY_CRV_P256   1

secp256r1 elliptic curve key identifier

Definition at line 337 of file ctap.h.

◆ CTAP_COSE_KEY_KTY_EC2

#define CTAP_COSE_KEY_KTY_EC2   2

2 coordinate elliptic curve key identifier

Definition at line 336 of file ctap.h.

◆ CTAP_COSE_KEY_LABEL_ALG

#define CTAP_COSE_KEY_LABEL_ALG   3

algorithm identifier

Definition at line 332 of file ctap.h.

◆ CTAP_COSE_KEY_LABEL_CRV

#define CTAP_COSE_KEY_LABEL_CRV   -1

elliptic curve identifier

Definition at line 333 of file ctap.h.

◆ CTAP_COSE_KEY_LABEL_KTY

#define CTAP_COSE_KEY_LABEL_KTY   1

key type identifier

Definition at line 331 of file ctap.h.

◆ CTAP_COSE_KEY_LABEL_X

#define CTAP_COSE_KEY_LABEL_X   -2

x coordinate

Definition at line 334 of file ctap.h.

◆ CTAP_COSE_KEY_LABEL_Y

#define CTAP_COSE_KEY_LABEL_Y   -3

y coordinate

Definition at line 335 of file ctap.h.

◆ CTAP_CRED_KEY_LEN

#define CTAP_CRED_KEY_LEN   16

Size of key used to encrypt credential.

Needed if authenticator is unable to store resident keys. See webauthn specification (version 20190304) section 4 (Credential ID) for details.

Definition at line 265 of file ctap.h.

◆ CTAP_CREDENTIAL_ID_ENC_SIZE

#define CTAP_CREDENTIAL_ID_ENC_SIZE
Value:
(sizeof(struct ctap_resident_key) - \
sizeof(((struct ctap_resident_key *)0)-> \
sizeof(((struct ctap_resident_key *)0)-> \
uint8_t cred_id[CTAP_CREDENTIAL_ID_SIZE]
credential identifier
Definition ctap.h:473
bool has_nonce
Indicate if nonce or cred_id
Definition ctap.h:476
CTAP resident key struct.
Definition ctap.h:486
ctap_cred_desc_t cred_desc
credential descriptor
Definition ctap.h:496

Total size of AES CCM credential id.

Size of encrypted resident key = resident key - cred id - has_nonce

Definition at line 286 of file ctap.h.

◆ CTAP_CREDENTIAL_ID_SIZE

#define CTAP_CREDENTIAL_ID_SIZE   16U

CTAP size of credential id.

Definition at line 359 of file ctap.h.

◆ CTAP_DOMAIN_NAME_MAX_SIZE

#define CTAP_DOMAIN_NAME_MAX_SIZE   253 + 1

Max size of a domain name including null character.

Definition at line 200 of file ctap.h.

◆ CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN

#define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN   "clientPin"

client PIN string

Definition at line 83 of file ctap.h.

◆ CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT

#define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT   "plat"

platform device string

Definition at line 81 of file ctap.h.

◆ CTAP_GET_INFO_RESP_OPTIONS_ID_RK

#define CTAP_GET_INFO_RESP_OPTIONS_ID_RK   "rk"

resident key string

Definition at line 82 of file ctap.h.

◆ CTAP_GET_INFO_RESP_OPTIONS_ID_UP

#define CTAP_GET_INFO_RESP_OPTIONS_ID_UP   "up"

user presence string

Definition at line 84 of file ctap.h.

◆ CTAP_GET_INFO_RESP_OPTIONS_ID_UV

#define CTAP_GET_INFO_RESP_OPTIONS_ID_UV   "uv"

user verification string

Definition at line 85 of file ctap.h.

◆ CTAP_GET_NEXT_ASSERTION_TIMEOUT

#define CTAP_GET_NEXT_ASSERTION_TIMEOUT   (30 * MS_PER_SEC)

Max time between call to get_assertion or get_next_assertion until error is returned.

Definition at line 305 of file ctap.h.

◆ CTAP_ICON_MAX_SIZE

#define CTAP_ICON_MAX_SIZE   128 + 1

Max size of icon including null character.

Definition at line 205 of file ctap.h.

◆ CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN

#define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN   (1 << 2)

clientPIN flag

Definition at line 95 of file ctap.h.

◆ CTAP_INFO_OPTIONS_FLAG_PLAT

#define CTAP_INFO_OPTIONS_FLAG_PLAT   (1 << 0)

platform device flag

Definition at line 93 of file ctap.h.

◆ CTAP_INFO_OPTIONS_FLAG_RK

#define CTAP_INFO_OPTIONS_FLAG_RK   (1 << 1)

resident key flag

Definition at line 94 of file ctap.h.

◆ CTAP_INFO_OPTIONS_FLAG_UP

#define CTAP_INFO_OPTIONS_FLAG_UP   (1 << 3)

user presence flag

Definition at line 96 of file ctap.h.

◆ CTAP_INFO_OPTIONS_FLAG_UV

#define CTAP_INFO_OPTIONS_FLAG_UV   (1 << 4)

user verification flag

Definition at line 97 of file ctap.h.

◆ CTAP_INITIALIZED_MARKER

#define CTAP_INITIALIZED_MARKER   0x4e

CTAP state initialized marker.

Used to check if authenticator state has already been initialized when reading data from flash.

Definition at line 367 of file ctap.h.

◆ CTAP_MAX_EXCLUDE_LIST_SIZE

#define CTAP_MAX_EXCLUDE_LIST_SIZE   0x14

Max size of allow list.

Definition at line 372 of file ctap.h.

◆ CTAP_PIN_AUTH_SZ

#define CTAP_PIN_AUTH_SZ   16

Size of pin auth.

First 16 bytes of a HMAC-256.

CTAP specification (version 20190130) section 5.5.8.2.

Definition at line 51 of file ctap.h.

◆ CTAP_PIN_ENC_MAX_SIZE

#define CTAP_PIN_ENC_MAX_SIZE   256

Encrypted newPin max size.

Definition at line 224 of file ctap.h.

◆ CTAP_PIN_ENC_MIN_SIZE

#define CTAP_PIN_ENC_MIN_SIZE   64

Encrypted newPin min size.

Encrypted PIN is padded with trailing 0x00 bytes to a minimum length of 64 in order to prevent leak of PIN length.

Definition at line 218 of file ctap.h.

◆ CTAP_PIN_MAX_ATTS

#define CTAP_PIN_MAX_ATTS   8

Max total consecutive incorrect PIN attempts.

Definition at line 234 of file ctap.h.

◆ CTAP_PIN_MAX_ATTS_BOOT

#define CTAP_PIN_MAX_ATTS_BOOT   3

Max consecutive incorrect PIN attempts for 1 boot cycle.

Definition at line 239 of file ctap.h.

◆ CTAP_PIN_MAX_SIZE

#define CTAP_PIN_MAX_SIZE   64

PIN max size.

Definition at line 229 of file ctap.h.

◆ CTAP_PIN_MIN_SIZE

#define CTAP_PIN_MIN_SIZE   4

PIN min size.

Definition at line 210 of file ctap.h.

◆ CTAP_PIN_PROT_VER

#define CTAP_PIN_PROT_VER   1

PIN protocol version.

Definition at line 244 of file ctap.h.

◆ CTAP_PIN_TOKEN_SZ

#define CTAP_PIN_TOKEN_SZ   16

Size of pin token.

Needs to be a multiple of 16 bytes (AES block length).

Definition at line 256 of file ctap.h.

◆ CTAP_PUB_KEY_CRED_PUB_KEY

#define CTAP_PUB_KEY_CRED_PUB_KEY   0x01

public key credential type

Definition at line 322 of file ctap.h.

◆ CTAP_PUB_KEY_CRED_UNKNOWN

#define CTAP_PUB_KEY_CRED_UNKNOWN   0x02

unknown credential type

Definition at line 323 of file ctap.h.

◆ CTAP_RP_MAX_NAME_SIZE

#define CTAP_RP_MAX_NAME_SIZE   32

Max size of relying party name.

Definition at line 185 of file ctap.h.

◆ CTAP_STACKSIZE

#define CTAP_STACKSIZE   15000

CTAP thread stack size.

Definition at line 120 of file ctap.h.

◆ CTAP_UP_BUTTON

#define CTAP_UP_BUTTON   0

CTAP user presence button.

Definition at line 134 of file ctap.h.

◆ CTAP_UP_BUTTON_FLANK

#define CTAP_UP_BUTTON_FLANK   GPIO_FALLING

CTAP user presence button flank.

Definition at line 165 of file ctap.h.

◆ CTAP_UP_BUTTON_MODE

#define CTAP_UP_BUTTON_MODE   GPIO_IN_PU

CTAP user presence button mode.

Definition at line 152 of file ctap.h.

◆ CTAP_UP_TIMEOUT

#define CTAP_UP_TIMEOUT   (15 * MS_PER_SEC)

Timeout for user presence test.

Definition at line 298 of file ctap.h.

◆ CTAP_USER_ID_MAX_SIZE

#define CTAP_USER_ID_MAX_SIZE   64

Max size of user id.

Definition at line 195 of file ctap.h.

◆ CTAP_USER_MAX_NAME_SIZE

#define CTAP_USER_MAX_NAME_SIZE   64 + 1

Max size of username including null character.

Definition at line 190 of file ctap.h.

◆ CTAP_VERSION_FLAG_FIDO

#define CTAP_VERSION_FLAG_FIDO   0x02

FIDO 2 flag.

Definition at line 70 of file ctap.h.

◆ CTAP_VERSION_FLAG_FIDO_PRE

#define CTAP_VERSION_FLAG_FIDO_PRE   0x01

FIDO 2.1 flag.

Definition at line 69 of file ctap.h.

◆ CTAP_VERSION_FLAG_U2F_V2

#define CTAP_VERSION_FLAG_U2F_V2   0x04

U2F V2 flag.

Definition at line 71 of file ctap.h.

Typedef Documentation

◆ ctap_cred_desc_alt_t

Alternative CTAP cred struct forward declaration.

Definition at line 382 of file ctap.h.

◆ ctap_cred_desc_t

CTAP cred struct forward declaration.

Definition at line 377 of file ctap.h.

◆ ctap_resident_key_t

CTAP resident key credential forward declaration.

Definition at line 387 of file ctap.h.

Enumeration Type Documentation

◆ ctap_pin_subcommand_t

CTAP Client PIN request subCommand CBOR key values.

Enumerator
CTAP_PIN_GET_RETRIES 

getRetries subCommand

CTAP_PIN_GET_KEY_AGREEMENT 

getKeyAgreement subCommand

CTAP_PIN_SET_PIN 

setPIN subCommand

CTAP_PIN_CHANGE_PIN 

changePIN subCommand

CTAP_PIN_GET_PIN_TOKEN 

getPinToken subCommand

Definition at line 105 of file ctap.h.

Function Documentation

◆ fido2_ctap_cred_params_supported()

bool fido2_ctap_cred_params_supported ( uint8_t  cred_type,
int32_t  alg_type 
)

Check if requested algorithm is supported.

Parameters
[in]cred_typetype of credential
[in]alg_typecryptographic algorithm identifier
Returns
true if algorithm is supported
false otherwise

◆ fido2_ctap_encrypt_rk()

int fido2_ctap_encrypt_rk ( ctap_resident_key_t rk,
uint8_t *  nonce,
size_t  nonce_len,
ctap_cred_id_t id 
)

Encrypt resident key with AES CCM.

Parameters
[in]rktype of credential
[in]nonceCCM nonce
[in]nonce_lenlength of nonce
[in]idcredential id struct storing encrypted resident key
Returns
ctap_status_code_t

◆ fido2_ctap_get_sig()

int fido2_ctap_get_sig ( const uint8_t *  auth_data,
size_t  auth_data_len,
const uint8_t *  client_data_hash,
const ctap_resident_key_t rk,
uint8_t *  sig,
size_t *  sig_len 
)

Create signature from authenticator data.

Used for attestation and assertion statement.

Parameters
[in]auth_dataauthenticator data
[in]auth_data_lenlength of auth_data
[in]client_data_hashhash of client data sent by relying party in request
[in]rkresident key used to sign the data
[in]sigsignature buffer
[in]sig_lenlength of sig
Returns
ctap_status_code_t

◆ fido2_ctap_get_state()

ctap_state_t * fido2_ctap_get_state ( void  )

Get a pointer to the authenticator state.

Returns
pointer to ctap_state_t

◆ fido2_ctap_pin_is_set()

bool fido2_ctap_pin_is_set ( void  )

Check if PIN has been set on authenticator.

Returns
true if PIN has been set
false otherwise