Internal FIDO2 CTAP defines, structures and function declarations. More...
Internal FIDO2 CTAP defines, structures and function declarations.
Definition in file ctap.h.
#include <stdint.h>
#include "mutex.h"
#include "cbor.h"
#include "assert.h"
#include "crypto/modes/ccm.h"
#include "timex.h"
#include "board.h"
#include "fido2/ctap.h"
#include "fido2/ctap/ctap_crypto.h"
Go to the source code of this file.
Data Structures | |
struct | ctap_config_t |
CTAP authenticator config struct. More... | |
struct | ctap_state_t |
CTAP state struct. More... | |
struct | ctap_options_t |
CTAP options struct. More... | |
struct | ctap_user_ent_t |
CTAP user entity struct. More... | |
struct | ctap_rp_ent_t |
CTAP relying party entity struct. More... | |
struct | ctap_public_key_cose_t |
CTAP cose key struct. More... | |
struct | ctap_cred_desc |
CTAP credential description struct. More... | |
struct | ctap_resident_key |
CTAP resident key struct. More... | |
struct | ctap_cred_id_t |
CTAP credential ID. More... | |
struct | ctap_cred_desc_alt |
CTAP credential description alternative struct. More... | |
struct | ctap_make_credential_req_t |
CTAP make credential request struct. More... | |
struct | ctap_get_assertion_req_t |
CTAP get assertion request struct. More... | |
struct | ctap_client_pin_req_t |
CTAP client pin request struct. More... | |
struct | ctap_attested_cred_data_header_t |
CTAP attested credential data header struct. More... | |
struct | ctap_attested_cred_data_t |
CTAP attested credential data struct. More... | |
struct | ctap_auth_data_header_t |
CTAP authenticator data header struct. More... | |
struct | ctap_auth_data_t |
CTAP authenticator data struct. More... | |
struct | ctap_info_t |
CTAP info struct. More... | |
Macros | |
#define | CTAP_PIN_AUTH_SZ 16 |
Size of pin auth. | |
#define | CTAP_STACKSIZE 15000 |
CTAP thread stack size. | |
#define | CTAP_UP_BUTTON 0 |
CTAP user presence button. | |
#define | CONFIG_FIDO2_CTAP_DISABLE_UP 1 |
Disable user presence test configuration. | |
#define | CTAP_UP_BUTTON_MODE GPIO_IN_PU |
CTAP user presence button mode. | |
#define | CTAP_UP_BUTTON_FLANK GPIO_FALLING |
CTAP user presence button flank. | |
#define | CONFIG_FIDO2_CTAP_DISABLE_LED 0 |
Disable user presence test configuration. | |
#define | CTAP_RP_MAX_NAME_SIZE 32 |
Max size of relying party name. | |
#define | CTAP_USER_MAX_NAME_SIZE 64 + 1 |
Max size of username including null character. | |
#define | CTAP_USER_ID_MAX_SIZE 64 |
Max size of user id. | |
#define | CTAP_DOMAIN_NAME_MAX_SIZE 253 + 1 |
Max size of a domain name including null character. | |
#define | CTAP_ICON_MAX_SIZE 128 + 1 |
Max size of icon including null character. | |
#define | CTAP_PIN_MIN_SIZE 4 |
PIN min size. | |
#define | CTAP_PIN_ENC_MIN_SIZE 64 |
Encrypted newPin min size. | |
#define | CTAP_PIN_ENC_MAX_SIZE 256 |
Encrypted newPin max size. | |
#define | CTAP_PIN_MAX_SIZE 64 |
PIN max size. | |
#define | CTAP_PIN_MAX_ATTS 8 |
Max total consecutive incorrect PIN attempts. | |
#define | CTAP_PIN_MAX_ATTS_BOOT 3 |
Max consecutive incorrect PIN attempts for 1 boot cycle. | |
#define | CTAP_PIN_PROT_VER 1 |
PIN protocol version. | |
#define | CTAP_AMT_SUP_PIN_VER 1 |
Total number of supported PIN protocol versions. | |
#define | CTAP_PIN_TOKEN_SZ 16 |
Size of pin token. | |
#define | CTAP_CRED_KEY_LEN 16 |
Size of key used to encrypt credential. | |
#define | CTAP_AES_CCM_L 2 |
AES_CCM_L parameter. | |
#define | CTAP_AES_CCM_NONCE_SIZE (15 - CTAP_AES_CCM_L) |
AES CCM nonce size. | |
#define | CTAP_CREDENTIAL_ID_ENC_SIZE |
Total size of AES CCM credential id. | |
#define | CTAP_UP_TIMEOUT (15 * MS_PER_SEC) |
Timeout for user presence test. | |
#define | CTAP_GET_NEXT_ASSERTION_TIMEOUT (30 * MS_PER_SEC) |
Max time between call to get_assertion or get_next_assertion until error is returned. | |
#define | CTAP_AAGUID "9c295865fa2c36b705a42320af9c8f16" |
128 bit identifier of authenticator | |
#define | CTAP_AAGUID_SIZE 16 |
CTAP size of authenticator AAGUID in bytes. | |
#define | CTAP_COSE_ALG_ES256 -7 |
CTAP COSE Algorithms registry identifier for ES256. | |
#define | CTAP_COSE_ALG_ECDH_ES_HKDF_256 -25 |
CTAP COSE Algorithms registry identifier for ECDH ES HKDF 256. | |
#define | CTAP_CREDENTIAL_ID_SIZE 16U |
CTAP size of credential id. | |
#define | CTAP_INITIALIZED_MARKER 0x4e |
CTAP state initialized marker. | |
#define | CTAP_MAX_EXCLUDE_LIST_SIZE 0x14 |
Max size of allow list. | |
Typedefs | |
typedef struct ctap_cred_desc | ctap_cred_desc_t |
CTAP cred struct forward declaration. | |
typedef struct ctap_cred_desc_alt | ctap_cred_desc_alt_t |
Alternative CTAP cred struct forward declaration. | |
typedef struct ctap_resident_key | ctap_resident_key_t |
CTAP resident key credential forward declaration. | |
Functions | |
int | fido2_ctap_get_sig (const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len) |
Create signature from authenticator data. | |
bool | fido2_ctap_cred_params_supported (uint8_t cred_type, int32_t alg_type) |
Check if requested algorithm is supported. | |
int | fido2_ctap_encrypt_rk (ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id) |
Encrypt resident key with AES CCM. | |
bool | fido2_ctap_pin_is_set (void) |
Check if PIN has been set on authenticator. | |
ctap_state_t * | fido2_ctap_get_state (void) |
Get a pointer to the authenticator state. | |
CTAP methods | |
#define | CTAP_MAKE_CREDENTIAL 0x01 |
authenticatorMakeCredential method | |
#define | CTAP_GET_ASSERTION 0x02 |
authenticatorGetAssertion method | |
#define | CTAP_GET_INFO 0x04 |
authenticatorGetInfo method | |
#define | CTAP_CLIENT_PIN 0x06 |
authenticatorClientPIN method | |
#define | CTAP_RESET 0x07 |
authenticatorReset method | |
#define | CTAP_GET_NEXT_ASSERTION 0x08 |
authenticatorGetNextAssertion method | |
CTAP authenticator data option flags | |
#define | CTAP_AUTH_DATA_FLAG_UP (1 << 0) |
user present | |
#define | CTAP_AUTH_DATA_FLAG_UV (1 << 2) |
user verified | |
#define | CTAP_AUTH_DATA_FLAG_AT (1 << 6) |
attested credential data included | |
#define | CTAP_AUTH_DATA_FLAG_ED (1 << 7) |
extension data included | |
CTAP version flags | |
#define | CTAP_VERSION_FLAG_FIDO_PRE 0x01 |
FIDO 2.1 flag. | |
#define | CTAP_VERSION_FLAG_FIDO 0x02 |
FIDO 2 flag. | |
#define | CTAP_VERSION_FLAG_U2F_V2 0x04 |
U2F V2 flag. | |
CTAP get info response options map CBOR key values | |
All options are in the form key-value pairs with string IDs and boolean values | |
#define | CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT "plat" |
platform device string | |
#define | CTAP_GET_INFO_RESP_OPTIONS_ID_RK "rk" |
resident key string | |
#define | CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN "clientPin" |
client PIN string | |
#define | CTAP_GET_INFO_RESP_OPTIONS_ID_UP "up" |
user presence string | |
#define | CTAP_GET_INFO_RESP_OPTIONS_ID_UV "uv" |
user verification string | |
CTAP get info options flags | |
#define | CTAP_INFO_OPTIONS_FLAG_PLAT (1 << 0) |
platform device flag | |
#define | CTAP_INFO_OPTIONS_FLAG_RK (1 << 1) |
resident key flag | |
#define | CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN (1 << 2) |
clientPIN flag | |
#define | CTAP_INFO_OPTIONS_FLAG_UP (1 << 3) |
user presence flag | |
#define | CTAP_INFO_OPTIONS_FLAG_UV (1 << 4) |
user verification flag | |
CTAP Client PIN request subCommand CBOR key values | |
#define | CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES 0x01 |
getRetries subCommand | |
#define | CTAP_CP_REQ_SUB_COMMAND_GET_KEY_AGREEMENT 0x02 |
getKeyAgreement subCommand | |
#define | CTAP_CP_REQ_SUB_COMMAND_SET_PIN 0x03 |
setPIN subCommand | |
#define | CTAP_CP_REQ_SUB_COMMAND_CHANGE_PIN 0x04 |
changePIN subCommand | |
#define | CTAP_CP_REQ_SUB_COMMAND_GET_PIN_TOKEN 0x05 |
getPinToken subCommand | |
CTAP credential types | |
#define | CTAP_PUB_KEY_CRED_PUB_KEY 0x01 |
public key credential type | |
#define | CTAP_PUB_KEY_CRED_UNKNOWN 0x02 |
unknown credential type | |
CTAP COSE key CBOR map key values | |
#define | CTAP_COSE_KEY_LABEL_KTY 1 |
key type identifier | |
#define | CTAP_COSE_KEY_LABEL_ALG 3 |
algorithm identifier | |
#define | CTAP_COSE_KEY_LABEL_CRV -1 |
elliptic curve identifier | |
#define | CTAP_COSE_KEY_LABEL_X -2 |
x coordinate | |
#define | CTAP_COSE_KEY_LABEL_Y -3 |
y coordinate | |
#define | CTAP_COSE_KEY_KTY_EC2 2 |
2 coordinate elliptic curve key identifier | |
#define | CTAP_COSE_KEY_CRV_P256 1 |
secp256r1 elliptic curve key identifier | |