ctap.h File Reference
Internal FIDO2 CTAP defines, structures and function declarations. More...
Detailed Description
Internal FIDO2 CTAP defines, structures and function declarations.
Definition in file ctap.h.
#include <stdint.h>#include "mutex.h"#include "cbor.h"#include "assert.h"#include "crypto/modes/ccm.h"#include "timex.h"#include "board.h"#include "fido2/ctap.h"#include "fido2/ctap/ctap_crypto.h"
Include dependency graph for ctap.h: This graph shows which files directly or indirectly include this file:Go to the source code of this file.
Data Structures | |
| struct | ctap_config_t |
| CTAP authenticator config struct. More... | |
| struct | ctap_state_t |
| CTAP state struct. More... | |
| struct | ctap_options_t |
| CTAP options struct. More... | |
| struct | ctap_user_ent_t |
| CTAP user entity struct. More... | |
| struct | ctap_rp_ent_t |
| CTAP relying party entity struct. More... | |
| struct | ctap_public_key_cose_t |
| CTAP cose key struct. More... | |
| struct | ctap_cred_desc |
| CTAP credential description struct. More... | |
| struct | ctap_resident_key |
| CTAP resident key struct. More... | |
| struct | ctap_cred_id_t |
| CTAP credential ID. More... | |
| struct | ctap_cred_desc_alt |
| CTAP credential description alternative struct. More... | |
| struct | ctap_make_credential_req_t |
| CTAP make credential request struct. More... | |
| struct | ctap_get_assertion_req_t |
| CTAP get assertion request struct. More... | |
| struct | ctap_client_pin_req_t |
| CTAP client pin request struct. More... | |
| struct | ctap_attested_cred_data_header_t |
| CTAP attested credential data header struct. More... | |
| struct | ctap_attested_cred_data_t |
| CTAP attested credential data struct. More... | |
| struct | ctap_auth_data_header_t |
| CTAP authenticator data header struct. More... | |
| struct | ctap_auth_data_t |
| CTAP authenticator data struct. More... | |
| struct | ctap_info_t |
| CTAP info struct. More... | |
Macros | |
| #define | CTAP_PIN_AUTH_SZ 16 |
| Size of pin auth. More... | |
| #define | CTAP_STACKSIZE 15000 |
| CTAP thread stack size. | |
| #define | CTAP_UP_BUTTON 0 |
| CTAP user presence button. | |
| #define | CONFIG_FIDO2_CTAP_DISABLE_UP 1 |
| Disable user presence test configuration. | |
| #define | CTAP_UP_BUTTON_MODE GPIO_IN_PU |
| CTAP user presence button mode. | |
| #define | CTAP_UP_BUTTON_FLANK GPIO_FALLING |
| CTAP user presence button flank. | |
| #define | CONFIG_FIDO2_CTAP_DISABLE_LED 0 |
| Disable user presence test configuration. More... | |
| #define | CTAP_RP_MAX_NAME_SIZE 32 |
| Max size of relying party name. | |
| #define | CTAP_USER_MAX_NAME_SIZE 64 + 1 |
| Max size of username including null character. | |
| #define | CTAP_USER_ID_MAX_SIZE 64 |
| Max size of user id. | |
| #define | CTAP_DOMAIN_NAME_MAX_SIZE 253 + 1 |
| Max size of a domain name including null character. | |
| #define | CTAP_ICON_MAX_SIZE 128 + 1 |
| Max size of icon including null character. | |
| #define | CTAP_PIN_MIN_SIZE 4 |
| PIN min size. | |
| #define | CTAP_PIN_ENC_MIN_SIZE 64 |
| Encrypted newPin min size. More... | |
| #define | CTAP_PIN_ENC_MAX_SIZE 256 |
| Encrypted newPin max size. | |
| #define | CTAP_PIN_MAX_SIZE 64 |
| PIN max size. | |
| #define | CTAP_PIN_MAX_ATTS 8 |
| Max total consecutive incorrect PIN attempts. | |
| #define | CTAP_PIN_MAX_ATTS_BOOT 3 |
| Max consecutive incorrect PIN attempts for 1 boot cycle. | |
| #define | CTAP_PIN_PROT_VER 1 |
| PIN protocol version. | |
| #define | CTAP_AMT_SUP_PIN_VER 1 |
| Total number of supported PIN protocol versions. | |
| #define | CTAP_PIN_TOKEN_SZ 16 |
| Size of pin token. More... | |
| #define | CTAP_CRED_KEY_LEN 16 |
| Size of key used to encrypt credential. More... | |
| #define | CTAP_AES_CCM_L 2 |
| AES_CCM_L parameter. More... | |
| #define | CTAP_AES_CCM_NONCE_SIZE (15 - CTAP_AES_CCM_L) |
| AES CCM nonce size. | |
| #define | CTAP_CREDENTIAL_ID_ENC_SIZE |
| Total size of AES CCM credential id. More... | |
| #define | CTAP_UP_TIMEOUT (15 * MS_PER_SEC) |
| Timeout for user presence test. | |
| #define | CTAP_GET_NEXT_ASSERTION_TIMEOUT (30 * MS_PER_SEC) |
| Max time between call to get_assertion or get_next_assertion until error is returned. | |
| #define | CTAP_AAGUID "9c295865fa2c36b705a42320af9c8f16" |
| 128 bit identifier of authenticator | |
| #define | CTAP_AAGUID_SIZE 16 |
| CTAP size of authenticator AAGUID in bytes. | |
| #define | CTAP_COSE_ALG_ES256 -7 |
| CTAP COSE Algorithms registry identifier for ES256. | |
| #define | CTAP_COSE_ALG_ECDH_ES_HKDF_256 -25 |
| CTAP COSE Algorithms registry identifier for ECDH ES HKDF 256. | |
| #define | CTAP_CREDENTIAL_ID_SIZE 16U |
| CTAP size of credential id. | |
| #define | CTAP_INITIALIZED_MARKER 0x4e |
| CTAP state initialized marker. More... | |
| #define | CTAP_MAX_EXCLUDE_LIST_SIZE 0x14 |
| Max size of allow list. | |
Typedefs | |
| typedef struct ctap_cred_desc | ctap_cred_desc_t |
| CTAP cred struct forward declaration. | |
| typedef struct ctap_cred_desc_alt | ctap_cred_desc_alt_t |
| Alternative CTAP cred struct forward declaration. | |
| typedef struct ctap_resident_key | ctap_resident_key_t |
| CTAP resident key credential forward declaration. | |
Functions | |
| int | fido2_ctap_get_sig (const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len) |
| Create signature from authenticator data. More... | |
| bool | fido2_ctap_cred_params_supported (uint8_t cred_type, int32_t alg_type) |
| Check if requested algorithm is supported. More... | |
| int | fido2_ctap_encrypt_rk (ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id) |
| Encrypt resident key with AES CCM. More... | |
| bool | fido2_ctap_pin_is_set (void) |
| Check if PIN has been set on authenticator. More... | |
| ctap_state_t * | fido2_ctap_get_state (void) |
| Get a pointer to the authenticator state. More... | |
CTAP authenticator data option flags | |
| #define | CTAP_AUTH_DATA_FLAG_UP (1 << 0) |
| user present | |
| #define | CTAP_AUTH_DATA_FLAG_UV (1 << 2) |
| user verified | |
| #define | CTAP_AUTH_DATA_FLAG_AT (1 << 6) |
| attested credential data included | |
| #define | CTAP_AUTH_DATA_FLAG_ED (1 << 7) |
| extension data included | |
CTAP version flags | |
| #define | CTAP_VERSION_FLAG_FIDO_PRE 0x01 |
| FIDO 2.1 flag. | |
| #define | CTAP_VERSION_FLAG_FIDO 0x02 |
| FIDO 2 flag. | |
| #define | CTAP_VERSION_FLAG_U2F_V2 0x04 |
| U2F V2 flag. | |
CTAP get info response options map CBOR key values | |
All options are in the form key-value pairs with string IDs and boolean values | |
| #define | CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT "plat" |
| platform device string | |
| #define | CTAP_GET_INFO_RESP_OPTIONS_ID_RK "rk" |
| resident key string | |
| #define | CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN "clientPin" |
| client PIN string | |
| #define | CTAP_GET_INFO_RESP_OPTIONS_ID_UP "up" |
| user presence string | |
| #define | CTAP_GET_INFO_RESP_OPTIONS_ID_UV "uv" |
| user verification string | |
CTAP get info options flags | |
| #define | CTAP_INFO_OPTIONS_FLAG_PLAT (1 << 0) |
| platform device flag | |
| #define | CTAP_INFO_OPTIONS_FLAG_RK (1 << 1) |
| resident key flag | |
| #define | CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN (1 << 2) |
| clientPIN flag | |
| #define | CTAP_INFO_OPTIONS_FLAG_UP (1 << 3) |
| user presence flag | |
| #define | CTAP_INFO_OPTIONS_FLAG_UV (1 << 4) |
| user verification flag | |
CTAP credential types | |
| #define | CTAP_PUB_KEY_CRED_PUB_KEY 0x01 |
| public key credential type | |
| #define | CTAP_PUB_KEY_CRED_UNKNOWN 0x02 |
| unknown credential type | |
CTAP COSE key CBOR map key values | |
| #define | CTAP_COSE_KEY_LABEL_KTY 1 |
| key type identifier | |
| #define | CTAP_COSE_KEY_LABEL_ALG 3 |
| algorithm identifier | |
| #define | CTAP_COSE_KEY_LABEL_CRV -1 |
| elliptic curve identifier | |
| #define | CTAP_COSE_KEY_LABEL_X -2 |
| x coordinate | |
| #define | CTAP_COSE_KEY_LABEL_Y -3 |
| y coordinate | |
| #define | CTAP_COSE_KEY_KTY_EC2 2 |
| 2 coordinate elliptic curve key identifier | |
| #define | CTAP_COSE_KEY_CRV_P256 1 |
| secp256r1 elliptic curve key identifier | |
| enum | ctap_pin_subcommand_t { CTAP_PIN_GET_RETRIES = 0x01 , CTAP_PIN_GET_KEY_AGREEMENT = 0x02 , CTAP_PIN_SET_PIN = 0x03 , CTAP_PIN_CHANGE_PIN = 0x04 , CTAP_PIN_GET_PIN_TOKEN = 0x05 } |
| CTAP Client PIN request subCommand CBOR key values. More... | |
