All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Modules Pages
Loading...
Searching...
No Matches

FIDO2 CTAP crypto helper More...

Detailed Description

FIDO2 CTAP crypto helper

Files

file  ctap_crypto.h
 FIDO2 CTAP crypto helper defines, structures and function declarations.
 

Data Structures

struct  ctap_crypto_pub_key_t
 Elliptic curve public key. More...
 
struct  ctap_crypto_key_agreement_key_t
 Key agreement key. More...
 

Macros

#define CTAP_CRYPTO_KEY_SIZE   32
 Size in bytes of cryptographic keys used.
 
#define CTAP_CRYPTO_ES256_DER_MAX_SIZE   72
 Max size of ES256 signature in ASN.1 DER format.
 

Functions

ctap_status_code_t fido2_ctap_crypto_init (void)
 Initialize crypto helper.
 
ctap_status_code_t fido2_ctap_crypto_prng (uint8_t *buf, size_t len)
 Wrapper function for random_bytes.
 
ctap_status_code_t fido2_ctap_crypto_sha256_init (sha256_context_t *ctx)
 Wrapper function for sha256_init.
 
ctap_status_code_t fido2_ctap_crypto_sha256_update (sha256_context_t *ctx, const void *data, size_t len)
 Wrapper function for sha256_update.
 
ctap_status_code_t fido2_ctap_crypto_sha256_final (sha256_context_t *ctx, void *digest)
 Wrapper for sha256_final.
 
ctap_status_code_t fido2_ctap_crypto_sha256 (const void *data, size_t len, void *digest)
 Wrapper function for sha256.
 
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_init (hmac_context_t *ctx, const void *key, size_t key_length)
 Wrapper function for hmac_sha256_init.
 
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_update (hmac_context_t *ctx, const void *data, size_t len)
 Wrapper function for hmac_sha256_update.
 
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_final (hmac_context_t *ctx, void *digest)
 Wrapper function for hmac_sha256_final.
 
ctap_status_code_t fido2_ctap_crypto_hmac_sha256 (const void *key, size_t key_length, const void *data, size_t len, void *digest)
 Wrapper function for hmac_sha256.
 
ctap_status_code_t fido2_ctap_crypto_gen_keypair (ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t len)
 Generate cryptographic key pair.
 
ctap_status_code_t fido2_ctap_crypto_ecdh (uint8_t *out, size_t len, ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t key_len)
 Elliptic-curve Diffie-Hellmann.
 
ctap_status_code_t fido2_ctap_crypto_get_sig (uint8_t *hash, size_t hash_len, uint8_t *sig, size_t *sig_len, const uint8_t *key, size_t key_len)
 Create cryptographic signature.
 
ctap_status_code_t fido2_ctap_crypto_aes_enc (uint8_t *out, size_t *out_len, uint8_t *in, size_t in_len, const uint8_t *key, size_t key_len)
 Encrypt data using AES-256-CBC.
 
ctap_status_code_t fido2_ctap_crypto_aes_dec (uint8_t *out, size_t *out_len, uint8_t *in, size_t in_len, const uint8_t *key, size_t key_len)
 Decrypt data using AES-256-CBC.
 
ctap_status_code_t fido2_ctap_crypto_aes_ccm_enc (uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len, uint8_t *auth_data, size_t auth_data_len, uint8_t mac_len, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, const uint8_t *key, size_t key_len)
 Encrypt data using AES-128-CCM.
 
ctap_status_code_t fido2_ctap_crypto_aes_ccm_dec (uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len, uint8_t *auth_data, size_t auth_data_len, uint8_t mac_len, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, const uint8_t *key, size_t key_len)
 Encrypt data using AES-128-CCM.
 

Macro Definition Documentation

◆ CTAP_CRYPTO_ES256_DER_MAX_SIZE

#define CTAP_CRYPTO_ES256_DER_MAX_SIZE   72

Max size of ES256 signature in ASN.1 DER format.

Definition at line 43 of file ctap_crypto.h.

◆ CTAP_CRYPTO_KEY_SIZE

#define CTAP_CRYPTO_KEY_SIZE   32

Size in bytes of cryptographic keys used.

Definition at line 38 of file ctap_crypto.h.

Function Documentation

◆ fido2_ctap_crypto_aes_ccm_dec()

ctap_status_code_t fido2_ctap_crypto_aes_ccm_dec ( uint8_t * out,
size_t out_len,
const uint8_t * in,
size_t in_len,
uint8_t * auth_data,
size_t auth_data_len,
uint8_t mac_len,
uint8_t length_encoding,
const uint8_t * nonce,
size_t nonce_len,
const uint8_t * key,
size_t key_len )

Encrypt data using AES-128-CCM.

Parameters
[in]outencrypted data
[in]out_lenlength of out
[in]indata to be encrypted
[in]in_lenlength of in
[in]auth_dataadditional data to authenticate in MAC
[in]auth_data_lenlength of auth_data
[in]mac_lenlength of appended MAC
[in]length_encodingmax supported length of plaintext
[in]noncenonce for ctr mode encryption
[in]nonce_lenlength of nonce
[in]keysymmetric key to use for encryption
[in]key_lenlength of key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_aes_ccm_enc()

ctap_status_code_t fido2_ctap_crypto_aes_ccm_enc ( uint8_t * out,
size_t out_len,
const uint8_t * in,
size_t in_len,
uint8_t * auth_data,
size_t auth_data_len,
uint8_t mac_len,
uint8_t length_encoding,
const uint8_t * nonce,
size_t nonce_len,
const uint8_t * key,
size_t key_len )

Encrypt data using AES-128-CCM.

Parameters
[in]outencrypted data
[in]out_lenlength of out
[in]indata to be encrypted
[in]in_lenlength of in
[in]auth_dataadditional data to authenticate in MAC
[in]auth_data_lenlength of auth_data
[in]mac_lenlength of appended MAC
[in]length_encodingmax supported length of plaintext
[in]noncenonce for ctr mode encryption
[in]nonce_lenlength of nonce
[in]keysymmetric key to use for encryption
[in]key_lenlength of key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_aes_dec()

ctap_status_code_t fido2_ctap_crypto_aes_dec ( uint8_t * out,
size_t * out_len,
uint8_t * in,
size_t in_len,
const uint8_t * key,
size_t key_len )

Decrypt data using AES-256-CBC.

Parameters
[in]outdecrypted data
[in]out_lenlength of out
[in]inencrypted data
[in]in_lenlen of in
[in]keysymmetric key to use for decryption
[in]key_lenlength of key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_aes_enc()

ctap_status_code_t fido2_ctap_crypto_aes_enc ( uint8_t * out,
size_t * out_len,
uint8_t * in,
size_t in_len,
const uint8_t * key,
size_t key_len )

Encrypt data using AES-256-CBC.

Parameters
[in]outencrypted data
[in]out_lenlength of out
[in]indata to be encrypted
[in]in_lenlength of in
[in]keysymmetric key to use for encryption
[in]key_lenlength of key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_ecdh()

ctap_status_code_t fido2_ctap_crypto_ecdh ( uint8_t * out,
size_t len,
ctap_crypto_pub_key_t * pub_key,
uint8_t * priv_key,
size_t key_len )

Elliptic-curve Diffie-Hellmann.

Parameters
[in]outshared secret buffer
[in]lenlength of out
[in]pub_keypublic key of other party
[in]priv_keyprivate key
[in]key_lenlength of priv_key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_gen_keypair()

ctap_status_code_t fido2_ctap_crypto_gen_keypair ( ctap_crypto_pub_key_t * pub_key,
uint8_t * priv_key,
size_t len )

Generate cryptographic key pair.

Parameters
[in]pub_keypublic key buffer
[in]priv_keyprivate key buffer
[in]lenlength of priv_key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_get_sig()

ctap_status_code_t fido2_ctap_crypto_get_sig ( uint8_t * hash,
size_t hash_len,
uint8_t * sig,
size_t * sig_len,
const uint8_t * key,
size_t key_len )

Create cryptographic signature.

Parameters
[in]hashHash to be signed
[in]hash_lenlength of hash
[in]sigsignature buffer
[in]sig_lenlength of sig
[in]keyprivate key to use for signature
[in]key_lenlength of key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_hmac_sha256()

ctap_status_code_t fido2_ctap_crypto_hmac_sha256 ( const void * key,
size_t key_length,
const void * data,
size_t len,
void * digest )

Wrapper function for hmac_sha256.

Parameters
[in]keykey used in the hmac-sha256 computation
[in]key_lengthlength of key
[in]datapointer to the buffer to generate the hmac-sha256
[in]lenlength of data
[out]digestthe computed hmac-sha256, length MUST be SHA256_DIGEST_LENGTH
Note
discards the pointer returned by hmac_sha256
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_hmac_sha256_final()

ctap_status_code_t fido2_ctap_crypto_hmac_sha256_final ( hmac_context_t * ctx,
void * digest )

Wrapper function for hmac_sha256_final.

Parameters
[in]ctxhmac_context_t handle to use
[out]digestthe computed hmac-sha256, length MUST be SHA256_DIGEST_LENGTH
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_hmac_sha256_init()

ctap_status_code_t fido2_ctap_crypto_hmac_sha256_init ( hmac_context_t * ctx,
const void * key,
size_t key_length )

Wrapper function for hmac_sha256_init.

Parameters
[in]ctxhmac_context_t handle to use
[in]keykey used in the hmac-sha256 computation
[in]key_lengthlength of key
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_hmac_sha256_update()

ctap_status_code_t fido2_ctap_crypto_hmac_sha256_update ( hmac_context_t * ctx,
const void * data,
size_t len )

Wrapper function for hmac_sha256_update.

Parameters
[in]ctxhmac_context_t handle to use
[in]datapointer to the buffer to generate hash from
[in]lenlength of data
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_init()

ctap_status_code_t fido2_ctap_crypto_init ( void )

Initialize crypto helper.

Initializes crypto libs and creates key_agreement key pair

Returns
ctap_status_code_t

◆ fido2_ctap_crypto_prng()

ctap_status_code_t fido2_ctap_crypto_prng ( uint8_t * buf,
size_t len )

Wrapper function for random_bytes.

Parameters
[in]bufbuffer to hold random bytes
[in]lenlength of buf
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_sha256()

ctap_status_code_t fido2_ctap_crypto_sha256 ( const void * data,
size_t len,
void * digest )

Wrapper function for sha256.

Parameters
[in]datapointer to the buffer to generate hash from
[in]lenlength of data
[out]digestoptional pointer to an array for the result, length must be SHA256_DIGEST_LENGTH
Note
discards the pointer returned by sha256
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_sha256_final()

ctap_status_code_t fido2_ctap_crypto_sha256_final ( sha256_context_t * ctx,
void * digest )

Wrapper for sha256_final.

Parameters
ctxsha256_context_t handle to use
digestresulting digest, this is the hash of all the bytes
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_sha256_init()

ctap_status_code_t fido2_ctap_crypto_sha256_init ( sha256_context_t * ctx)

Wrapper function for sha256_init.

Parameters
ctxsha256_context_t handle to init
Returns
ctap_status_code_t

◆ fido2_ctap_crypto_sha256_update()

ctap_status_code_t fido2_ctap_crypto_sha256_update ( sha256_context_t * ctx,
const void * data,
size_t len )

Wrapper function for sha256_update.

Parameters
ctxsha256_context_t handle to use
[in]dataInput data
[in]lenLength of data
Returns
ctap_status_code_t