All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Modules Pages
Loading...
Searching...
No Matches

Internal FIDO2 CTAP defines, structures and function declarations. More...

Detailed Description

Internal FIDO2 CTAP defines, structures and function declarations.

Author
Nils Ollrogge nils..nosp@m.ollr.nosp@m.ogge@.nosp@m.fu-b.nosp@m.erlin.nosp@m..de

Definition in file ctap.h.

#include <stdint.h>
#include "mutex.h"
#include "cbor.h"
#include "assert.h"
#include "crypto/modes/ccm.h"
#include "timex.h"
#include "board.h"
#include "fido2/ctap.h"
#include "fido2/ctap/ctap_crypto.h"
+ Include dependency graph for ctap.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ctap_config_t
 CTAP authenticator config struct. More...
 
struct  ctap_state_t
 CTAP state struct. More...
 
struct  ctap_options_t
 CTAP options struct. More...
 
struct  ctap_user_ent_t
 CTAP user entity struct. More...
 
struct  ctap_rp_ent_t
 CTAP relying party entity struct. More...
 
struct  ctap_public_key_cose_t
 CTAP cose key struct. More...
 
struct  ctap_cred_desc
 CTAP credential description struct. More...
 
struct  ctap_resident_key
 CTAP resident key struct. More...
 
struct  ctap_cred_id_t
 CTAP credential ID. More...
 
struct  ctap_cred_desc_alt
 CTAP credential description alternative struct. More...
 
struct  ctap_make_credential_req_t
 CTAP make credential request struct. More...
 
struct  ctap_get_assertion_req_t
 CTAP get assertion request struct. More...
 
struct  ctap_client_pin_req_t
 CTAP client pin request struct. More...
 
struct  ctap_attested_cred_data_header_t
 CTAP attested credential data header struct. More...
 
struct  ctap_attested_cred_data_t
 CTAP attested credential data struct. More...
 
struct  ctap_auth_data_header_t
 CTAP authenticator data header struct. More...
 
struct  ctap_auth_data_t
 CTAP authenticator data struct. More...
 
struct  ctap_info_t
 CTAP info struct. More...
 

Macros

#define CTAP_PIN_AUTH_SZ   16
 Size of pin auth.
 
#define CTAP_STACKSIZE   15000
 CTAP thread stack size.
 
#define CTAP_UP_BUTTON   0
 CTAP user presence button.
 
#define CONFIG_FIDO2_CTAP_DISABLE_UP   1
 Disable user presence test configuration.
 
#define CTAP_UP_BUTTON_MODE   GPIO_IN_PU
 CTAP user presence button mode.
 
#define CTAP_UP_BUTTON_FLANK   GPIO_FALLING
 CTAP user presence button flank.
 
#define CONFIG_FIDO2_CTAP_DISABLE_LED   0
 Disable user presence test configuration.
 
#define CTAP_RP_MAX_NAME_SIZE   32
 Max size of relying party name.
 
#define CTAP_USER_MAX_NAME_SIZE   64 + 1
 Max size of username including null character.
 
#define CTAP_USER_ID_MAX_SIZE   64
 Max size of user id.
 
#define CTAP_DOMAIN_NAME_MAX_SIZE   253 + 1
 Max size of a domain name including null character.
 
#define CTAP_ICON_MAX_SIZE   128 + 1
 Max size of icon including null character.
 
#define CTAP_PIN_MIN_SIZE   4
 PIN min size.
 
#define CTAP_PIN_ENC_MIN_SIZE   64
 Encrypted newPin min size.
 
#define CTAP_PIN_ENC_MAX_SIZE   256
 Encrypted newPin max size.
 
#define CTAP_PIN_MAX_SIZE   64
 PIN max size.
 
#define CTAP_PIN_MAX_ATTS   8
 Max total consecutive incorrect PIN attempts.
 
#define CTAP_PIN_MAX_ATTS_BOOT   3
 Max consecutive incorrect PIN attempts for 1 boot cycle.
 
#define CTAP_PIN_PROT_VER   1
 PIN protocol version.
 
#define CTAP_AMT_SUP_PIN_VER   1
 Total number of supported PIN protocol versions.
 
#define CTAP_PIN_TOKEN_SZ   16
 Size of pin token.
 
#define CTAP_CRED_KEY_LEN   16
 Size of key used to encrypt credential.
 
#define CTAP_AES_CCM_L   2
 AES_CCM_L parameter.
 
#define CTAP_AES_CCM_NONCE_SIZE   (15 - CTAP_AES_CCM_L)
 AES CCM nonce size.
 
#define CTAP_CREDENTIAL_ID_ENC_SIZE
 Total size of AES CCM credential id.
 
#define CTAP_UP_TIMEOUT   (15 * MS_PER_SEC)
 Timeout for user presence test.
 
#define CTAP_GET_NEXT_ASSERTION_TIMEOUT   (30 * MS_PER_SEC)
 Max time between call to get_assertion or get_next_assertion until error is returned.
 
#define CTAP_AAGUID   "9c295865fa2c36b705a42320af9c8f16"
 128 bit identifier of authenticator
 
#define CTAP_AAGUID_SIZE   16
 CTAP size of authenticator AAGUID in bytes.
 
#define CTAP_COSE_ALG_ES256   -7
 CTAP COSE Algorithms registry identifier for ES256.
 
#define CTAP_COSE_ALG_ECDH_ES_HKDF_256   -25
 CTAP COSE Algorithms registry identifier for ECDH ES HKDF 256.
 
#define CTAP_CREDENTIAL_ID_SIZE   16U
 CTAP size of credential id.
 
#define CTAP_INITIALIZED_MARKER   0x4e
 CTAP state initialized marker.
 
#define CTAP_MAX_EXCLUDE_LIST_SIZE   0x14
 Max size of allow list.
 

Typedefs

typedef struct ctap_cred_desc ctap_cred_desc_t
 CTAP cred struct forward declaration.
 
typedef struct ctap_cred_desc_alt ctap_cred_desc_alt_t
 Alternative CTAP cred struct forward declaration.
 
typedef struct ctap_resident_key ctap_resident_key_t
 CTAP resident key credential forward declaration.
 

Functions

int fido2_ctap_get_sig (const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
 Create signature from authenticator data.
 
bool fido2_ctap_cred_params_supported (uint8_t cred_type, int32_t alg_type)
 Check if requested algorithm is supported.
 
int fido2_ctap_encrypt_rk (ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
 Encrypt resident key with AES CCM.
 
bool fido2_ctap_pin_is_set (void)
 Check if PIN has been set on authenticator.
 
ctap_state_tfido2_ctap_get_state (void)
 Get a pointer to the authenticator state.
 

CTAP authenticator data option flags

#define CTAP_AUTH_DATA_FLAG_UP   (1 << 0)
 user present
 
#define CTAP_AUTH_DATA_FLAG_UV   (1 << 2)
 user verified
 
#define CTAP_AUTH_DATA_FLAG_AT   (1 << 6)
 attested credential data included
 
#define CTAP_AUTH_DATA_FLAG_ED   (1 << 7)
 extension data included
 

CTAP version flags

#define CTAP_VERSION_FLAG_FIDO_PRE   0x01
 FIDO 2.1 flag.
 
#define CTAP_VERSION_FLAG_FIDO   0x02
 FIDO 2 flag.
 
#define CTAP_VERSION_FLAG_U2F_V2   0x04
 U2F V2 flag.
 

CTAP get info response options map CBOR key values

All options are in the form key-value pairs with string IDs and boolean values

#define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT   "plat"
 platform device string

 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_RK   "rk"
 resident key string

 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN   "clientPin"
 client PIN string
 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_UP   "up"
 user presence string
 
#define CTAP_GET_INFO_RESP_OPTIONS_ID_UV   "uv"
 user verification string
 

CTAP get info options flags

#define CTAP_INFO_OPTIONS_FLAG_PLAT   (1 << 0)
 platform device flag

 
#define CTAP_INFO_OPTIONS_FLAG_RK   (1 << 1)
 resident key flag

 
#define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN   (1 << 2)
 clientPIN flag
 
#define CTAP_INFO_OPTIONS_FLAG_UP   (1 << 3)
 user presence flag
 
#define CTAP_INFO_OPTIONS_FLAG_UV   (1 << 4)
 user verification flag
 

CTAP credential types

#define CTAP_PUB_KEY_CRED_PUB_KEY   0x01
 public key credential type
 
#define CTAP_PUB_KEY_CRED_UNKNOWN   0x02
 unknown credential type
 

CTAP COSE key CBOR map key values

#define CTAP_COSE_KEY_LABEL_KTY   1
 key type identifier
 
#define CTAP_COSE_KEY_LABEL_ALG   3
 algorithm identifier
 
#define CTAP_COSE_KEY_LABEL_CRV   -1
 elliptic curve identifier
 
#define CTAP_COSE_KEY_LABEL_X   -2
 x coordinate
 
#define CTAP_COSE_KEY_LABEL_Y   -3
 y coordinate
 
#define CTAP_COSE_KEY_KTY_EC2   2
 2 coordinate elliptic curve key identifier
 
#define CTAP_COSE_KEY_CRV_P256   1
 secp256r1 elliptic curve key identifier
 
enum  ctap_pin_subcommand_t {
  CTAP_PIN_GET_RETRIES = 0x01 , CTAP_PIN_GET_KEY_AGREEMENT = 0x02 , CTAP_PIN_SET_PIN = 0x03 , CTAP_PIN_CHANGE_PIN = 0x04 ,
  CTAP_PIN_GET_PIN_TOKEN = 0x05
}
 CTAP Client PIN request subCommand CBOR key values. More...