50 #define CTAP_PIN_AUTH_SZ 16
57 #define CTAP_AUTH_DATA_FLAG_UP (1 << 0)
58 #define CTAP_AUTH_DATA_FLAG_UV (1 << 2)
59 #define CTAP_AUTH_DATA_FLAG_AT (1 << 6)
60 #define CTAP_AUTH_DATA_FLAG_ED (1 << 7)
68 #define CTAP_VERSION_FLAG_FIDO_PRE 0x01
69 #define CTAP_VERSION_FLAG_FIDO 0x02
70 #define CTAP_VERSION_FLAG_U2F_V2 0x04
80 #define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT "plat"
81 #define CTAP_GET_INFO_RESP_OPTIONS_ID_RK "rk"
82 #define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN "clientPin"
83 #define CTAP_GET_INFO_RESP_OPTIONS_ID_UP "up"
84 #define CTAP_GET_INFO_RESP_OPTIONS_ID_UV "uv"
92 #define CTAP_INFO_OPTIONS_FLAG_PLAT (1 << 0)
93 #define CTAP_INFO_OPTIONS_FLAG_RK (1 << 1)
94 #define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN (1 << 2)
95 #define CTAP_INFO_OPTIONS_FLAG_UP (1 << 3)
96 #define CTAP_INFO_OPTIONS_FLAG_UV (1 << 4)
116 #ifdef CONFIG_FIDO2_CTAP_STACK_SIZE
117 #define CTAP_STACKSIZE CONFIG_FIDO2_CTAP_STACK_SIZE
119 #define CTAP_STACKSIZE 15000
125 #if defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT) && defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PIN) && \
126 (CONFIG_FIDO2_CTAP_UP_BUTTON_PORT >= 0) && (CONFIG_FIDO2_CTAP_UP_BUTTON_PIN >= 0)
127 #define CTAP_UP_BUTTON GPIO_PIN(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT, CONFIG_FIDO2_CTAP_UP_BUTTON_PIN)
131 #define CTAP_UP_BUTTON BTN0_PIN
133 #define CTAP_UP_BUTTON 0
137 #define CONFIG_FIDO2_CTAP_DISABLE_UP 1
144 #if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PU)
145 #define CTAP_UP_BUTTON_MODE GPIO_IN_PU
146 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PD)
147 #define CTAP_UP_BUTTON_MODE GPIO_IN_PD
148 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN)
149 #define CTAP_UP_BUTTON_MODE GPIO_IN
151 #define CTAP_UP_BUTTON_MODE GPIO_IN_PU
157 #if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_FALLING)
158 #define CTAP_UP_BUTTON_FLANK GPIO_FALLING
159 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_RISING)
160 #define CTAP_UP_BUTTON_FLANK GPIO_RISING
161 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_BOTH)
162 #define CTAP_UP_BUTTON_FLANK GPIO_BOTH
164 #define CTAP_UP_BUTTON_FLANK GPIO_FALLING
170 #ifndef CONFIG_FIDO2_CTAP_DISABLE_UP
171 #define CONFIG_FIDO2_CTAP_DISABLE_UP 0
177 #ifndef CONFIG_FIDO2_CTAP_DISABLE_LED
178 #define CONFIG_FIDO2_CTAP_DISABLE_LED 0
184 #define CTAP_RP_MAX_NAME_SIZE 32
189 #define CTAP_USER_MAX_NAME_SIZE 64 + 1
194 #define CTAP_USER_ID_MAX_SIZE 64
199 #define CTAP_DOMAIN_NAME_MAX_SIZE 253 + 1
204 #define CTAP_ICON_MAX_SIZE 128 + 1
209 #define CTAP_PIN_MIN_SIZE 4
217 #define CTAP_PIN_ENC_MIN_SIZE 64
223 #define CTAP_PIN_ENC_MAX_SIZE 256
228 #define CTAP_PIN_MAX_SIZE 64
233 #define CTAP_PIN_MAX_ATTS 8
238 #define CTAP_PIN_MAX_ATTS_BOOT 3
243 #define CTAP_PIN_PROT_VER 1
248 #define CTAP_AMT_SUP_PIN_VER 1
255 #define CTAP_PIN_TOKEN_SZ 16
264 #define CTAP_CRED_KEY_LEN 16
273 #define CTAP_AES_CCM_L 2
278 #define CTAP_AES_CCM_NONCE_SIZE (15 - CTAP_AES_CCM_L)
285 #define CTAP_CREDENTIAL_ID_ENC_SIZE (sizeof(struct ctap_resident_key) - \
286 sizeof(((struct ctap_resident_key *)0)-> \
287 cred_desc.cred_id) - \
288 sizeof(((struct ctap_resident_key *)0)-> \
289 cred_desc.has_nonce))
294 #ifdef CONFIG_FIDO2_CTAP_UP_TIMEOUT
295 #define CTAP_UP_TIMEOUT (CONFIG_FIDO2_CTAP_UP_TIMEOUT * MS_PER_SEC)
297 #define CTAP_UP_TIMEOUT (15 * MS_PER_SEC)
304 #define CTAP_GET_NEXT_ASSERTION_TIMEOUT (30 * MS_PER_SEC)
309 #ifdef CONFIG_FIDO2_CTAP_DEVICE_AAGUID
310 #define CTAP_AAGUID CONFIG_FIDO2_CTAP_DEVICE_AAGUID
313 #define CTAP_AAGUID "9c295865fa2c36b705a42320af9c8f16"
321 #define CTAP_PUB_KEY_CRED_PUB_KEY 0x01
322 #define CTAP_PUB_KEY_CRED_UNKNOWN 0x02
330 #define CTAP_COSE_KEY_LABEL_KTY 1
331 #define CTAP_COSE_KEY_LABEL_ALG 3
332 #define CTAP_COSE_KEY_LABEL_CRV -1
333 #define CTAP_COSE_KEY_LABEL_X -2
334 #define CTAP_COSE_KEY_LABEL_Y -3
335 #define CTAP_COSE_KEY_KTY_EC2 2
336 #define CTAP_COSE_KEY_CRV_P256 1
342 #define CTAP_AAGUID_SIZE 16
347 #define CTAP_COSE_ALG_ES256 -7
352 #define CTAP_COSE_ALG_ECDH_ES_HKDF_256 -25
358 #define CTAP_CREDENTIAL_ID_SIZE 16U
366 #define CTAP_INITIALIZED_MARKER 0x4e
371 #define CTAP_MAX_EXCLUDE_LIST_SIZE 0x14
504 typedef struct __attribute__((packed)) {
575 typedef struct __attribute__((packed)){
595 typedef struct __attribute__((packed)){
636 const uint8_t *client_data_hash,
638 uint8_t *sig,
size_t *sig_len);
POSIX.1-2008 compliant version of the assert macro.
Functionality for encoding SenML values as CBOR.
Counter with CBC-MAC mode of operation for block ciphers.
#define CCM_MAC_MAX_LEN
Maximum length for the appended MAC.
Public FIDO2 CTAP defines, structures and function declarations.
FIDO2 CTAP crypto helper defines, structures and function declarations.
#define CTAP_CRYPTO_KEY_SIZE
Size in bytes of cryptographic keys used.
bool fido2_ctap_cred_params_supported(uint8_t cred_type, int32_t alg_type)
Check if requested algorithm is supported.
#define CTAP_CREDENTIAL_ID_SIZE
CTAP size of credential id.
int fido2_ctap_encrypt_rk(ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
Encrypt resident key with AES CCM.
int fido2_ctap_get_sig(const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
Create signature from authenticator data.
#define CTAP_CREDENTIAL_ID_ENC_SIZE
Total size of AES CCM credential id.
#define CTAP_PIN_AUTH_SZ
Size of pin auth.
ctap_state_t * fido2_ctap_get_state(void)
Get a pointer to the authenticator state.
#define CTAP_RP_MAX_NAME_SIZE
Max size of relying party name.
#define CTAP_PIN_ENC_MAX_SIZE
Encrypted newPin max size.
ctap_pin_subcommand_t
CTAP Client PIN request subCommand CBOR key values.
#define CTAP_AAGUID_SIZE
CTAP size of authenticator AAGUID in bytes.
#define CTAP_DOMAIN_NAME_MAX_SIZE
Max size of a domain name including null character.
#define CTAP_MAX_EXCLUDE_LIST_SIZE
Max size of allow list.
#define CTAP_USER_ID_MAX_SIZE
Max size of user id.
bool fido2_ctap_pin_is_set(void)
Check if PIN has been set on authenticator.
#define CTAP_AES_CCM_NONCE_SIZE
AES CCM nonce size.
#define CTAP_USER_MAX_NAME_SIZE
Max size of username including null character.
#define CTAP_CRED_KEY_LEN
Size of key used to encrypt credential.
@ CTAP_PIN_SET_PIN
setPIN subCommand
@ CTAP_PIN_GET_PIN_TOKEN
getPinToken subCommand
@ CTAP_PIN_CHANGE_PIN
changePIN subCommand
@ CTAP_PIN_GET_KEY_AGREEMENT
getKeyAgreement subCommand
@ CTAP_PIN_GET_RETRIES
getRetries subCommand
#define SHA256_DIGEST_LENGTH
Length of SHA256 digests in bytes.
Mutex for thread synchronization.
CTAP attested credential data struct.
ctap_public_key_cose_t key
cose key
ctap_attested_cred_data_header_t header
attested credential data header
CTAP authenticator data struct.
ctap_attested_cred_data_t attested_cred_data
attested credential data
ctap_auth_data_header_t header
auth data header
CTAP client pin request struct.
bool key_agreement_present
indicate if key_agreement present
uint16_t new_pin_enc_size
size of encrypted new pin
ctap_pin_subcommand_t sub_command
ClientPIN sub command.
ctap_public_key_cose_t key_agreement
public key of platform_key_agreement_key
bool pin_auth_present
indicate if pin_auth present
uint8_t pin_protocol
PIN protocol version chosen by the client.
bool pin_hash_enc_present
indicate pin_hash_enc is present
CTAP authenticator config struct.
CTAP credential description alternative struct.
uint8_t cred_type
type of credential
ctap_cred_id_t cred_id
credential id
CTAP credential description struct.
uint8_t cred_id[CTAP_CREDENTIAL_ID_SIZE]
credential identifier
uint8_t nonce[CTAP_AES_CCM_NONCE_SIZE]
CTAP AES CCM nonce.
uint8_t cred_type
type of credential
bool has_nonce
Indicate if nonce or cred_id
Elliptic curve public key.
CTAP get assertion request struct.
uint8_t pin_protocol
PIN protocol version.
bool pin_auth_present
indicate if pin_auth present
size_t pin_auth_len
pin_auth length
uint8_t rp_id_len
Actual Length of Relying Party Identifier.
uint8_t allow_list_len
length of CBOR allow list array
ctap_options_t options
parameters to influence authenticator operation
bool pin_is_set
PIN is set or not.
uint8_t options
supported options
uint8_t pin_protocol
supported PIN protocol versions
uint8_t versions
supported versions of FIDO
uint16_t max_msg_size
max message size
CTAP make credential request struct.
bool pin_auth_present
pin_auth present
int32_t alg_type
cryptographic algorithm identifier
size_t exclude_list_len
length of CBOR exclude list array
ctap_rp_ent_t rp
relying party
size_t pin_auth_len
pin_auth len
uint8_t cred_type
type of credential
ctap_options_t options
parameters to influence authenticator operation
uint8_t pin_protocol
PIN protocol version.
int32_t alg_type
COSEAlgorithmIdentifier.
int kty
identification of key type
ctap_crypto_pub_key_t pubkey
public key
uint8_t cred_type
type of credential
CTAP resident key struct.
ctap_cred_desc_t cred_desc
credential descriptor
uint32_t sign_count
signature counter.
uint8_t user_id_len
length of the user id
uint16_t id
internal id of key
CTAP relying party entity struct.
uint8_t id_len
actual length of relying party identifier
uint16_t rk_amount_stored
total number of resident keys stored on device
int rem_pin_att
remaining PIN tries
bool pin_is_set
PIN is set or not.
ctap_config_t config
configuration of authenticator
bool cred_key_is_initialized
AES CCM key initialized flag.
uint8_t initialized_marker
CTAP initialized marker.
ctap_crypto_key_agreement_key_t ag_key
Platform key agreement key.
uint32_t id_cnt
id counter for credential id
uint8_t id_len
actual length of user id
Utility library for comparing and computing timestamps.
1.9.1