47 #define CTAP_PIN_AUTH_SZ 16
54 #define CTAP_AUTH_DATA_FLAG_UP (1 << 0)
55 #define CTAP_AUTH_DATA_FLAG_UV (1 << 2)
56 #define CTAP_AUTH_DATA_FLAG_AT (1 << 6)
57 #define CTAP_AUTH_DATA_FLAG_ED (1 << 7)
65 #define CTAP_VERSION_FLAG_FIDO_PRE 0x01
66 #define CTAP_VERSION_FLAG_FIDO 0x02
67 #define CTAP_VERSION_FLAG_U2F_V2 0x04
77 #define CTAP_GET_INFO_RESP_OPTIONS_ID_PLAT "plat"
78 #define CTAP_GET_INFO_RESP_OPTIONS_ID_RK "rk"
79 #define CTAP_GET_INFO_RESP_OPTIONS_ID_CLIENT_PIN "clientPin"
80 #define CTAP_GET_INFO_RESP_OPTIONS_ID_UP "up"
81 #define CTAP_GET_INFO_RESP_OPTIONS_ID_UV "uv"
89 #define CTAP_INFO_OPTIONS_FLAG_PLAT (1 << 0)
90 #define CTAP_INFO_OPTIONS_FLAG_RK (1 << 1)
91 #define CTAP_INFO_OPTIONS_FLAG_CLIENT_PIN (1 << 2)
92 #define CTAP_INFO_OPTIONS_FLAG_UP (1 << 3)
93 #define CTAP_INFO_OPTIONS_FLAG_UV (1 << 4)
113 #ifdef CONFIG_FIDO2_CTAP_STACK_SIZE
114 #define CTAP_STACKSIZE CONFIG_FIDO2_CTAP_STACK_SIZE
116 #define CTAP_STACKSIZE 15000
122 #if defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT) && defined(CONFIG_FIDO2_CTAP_UP_BUTTON_PIN) && \
123 (CONFIG_FIDO2_CTAP_UP_BUTTON_PORT >= 0) && (CONFIG_FIDO2_CTAP_UP_BUTTON_PIN >= 0)
124 #define CTAP_UP_BUTTON GPIO_PIN(CONFIG_FIDO2_CTAP_UP_BUTTON_PORT, CONFIG_FIDO2_CTAP_UP_BUTTON_PIN)
128 #define CTAP_UP_BUTTON BTN0_PIN
130 #define CTAP_UP_BUTTON 0
134 #define CONFIG_FIDO2_CTAP_DISABLE_UP 1
141 #if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PU)
142 #define CTAP_UP_BUTTON_MODE GPIO_IN_PU
143 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN_PD)
144 #define CTAP_UP_BUTTON_MODE GPIO_IN_PD
145 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_MODE_IN)
146 #define CTAP_UP_BUTTON_MODE GPIO_IN
148 #define CTAP_UP_BUTTON_MODE GPIO_IN_PU
154 #if IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_FALLING)
155 #define CTAP_UP_BUTTON_FLANK GPIO_FALLING
156 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_RISING)
157 #define CTAP_UP_BUTTON_FLANK GPIO_RISING
158 #elif IS_ACTIVE(CONFIG_FIDO2_CTAP_UP_BUTTON_FLANK_BOTH)
159 #define CTAP_UP_BUTTON_FLANK GPIO_BOTH
161 #define CTAP_UP_BUTTON_FLANK GPIO_FALLING
167 #ifndef CONFIG_FIDO2_CTAP_DISABLE_UP
168 #define CONFIG_FIDO2_CTAP_DISABLE_UP 0
174 #ifndef CONFIG_FIDO2_CTAP_DISABLE_LED
175 #define CONFIG_FIDO2_CTAP_DISABLE_LED 0
181 #define CTAP_RP_MAX_NAME_SIZE 32
186 #define CTAP_USER_MAX_NAME_SIZE 64 + 1
191 #define CTAP_USER_ID_MAX_SIZE 64
196 #define CTAP_DOMAIN_NAME_MAX_SIZE 253 + 1
201 #define CTAP_ICON_MAX_SIZE 128 + 1
206 #define CTAP_PIN_MIN_SIZE 4
214 #define CTAP_PIN_ENC_MIN_SIZE 64
220 #define CTAP_PIN_ENC_MAX_SIZE 256
225 #define CTAP_PIN_MAX_SIZE 64
230 #define CTAP_PIN_MAX_ATTS 8
235 #define CTAP_PIN_MAX_ATTS_BOOT 3
240 #define CTAP_PIN_PROT_VER 1
245 #define CTAP_AMT_SUP_PIN_VER 1
252 #define CTAP_PIN_TOKEN_SZ 16
261 #define CTAP_CRED_KEY_LEN 16
270 #define CTAP_AES_CCM_L 2
275 #define CTAP_AES_CCM_NONCE_SIZE (15 - CTAP_AES_CCM_L)
282 #define CTAP_CREDENTIAL_ID_ENC_SIZE (sizeof(struct ctap_resident_key) - \
283 sizeof(((struct ctap_resident_key *)0)-> \
284 cred_desc.cred_id) - \
285 sizeof(((struct ctap_resident_key *)0)-> \
286 cred_desc.has_nonce))
291 #ifdef CONFIG_FIDO2_CTAP_UP_TIMEOUT
292 #define CTAP_UP_TIMEOUT (CONFIG_FIDO2_CTAP_UP_TIMEOUT * MS_PER_SEC)
294 #define CTAP_UP_TIMEOUT (15 * MS_PER_SEC)
301 #define CTAP_GET_NEXT_ASSERTION_TIMEOUT (30 * MS_PER_SEC)
306 #ifdef CONFIG_FIDO2_CTAP_DEVICE_AAGUID
307 #define CTAP_AAGUID CONFIG_FIDO2_CTAP_DEVICE_AAGUID
310 #define CTAP_AAGUID "9c295865fa2c36b705a42320af9c8f16"
318 #define CTAP_PUB_KEY_CRED_PUB_KEY 0x01
319 #define CTAP_PUB_KEY_CRED_UNKNOWN 0x02
327 #define CTAP_COSE_KEY_LABEL_KTY 1
328 #define CTAP_COSE_KEY_LABEL_ALG 3
329 #define CTAP_COSE_KEY_LABEL_CRV -1
330 #define CTAP_COSE_KEY_LABEL_X -2
331 #define CTAP_COSE_KEY_LABEL_Y -3
332 #define CTAP_COSE_KEY_KTY_EC2 2
333 #define CTAP_COSE_KEY_CRV_P256 1
339 #define CTAP_AAGUID_SIZE 16
344 #define CTAP_COSE_ALG_ES256 -7
349 #define CTAP_COSE_ALG_ECDH_ES_HKDF_256 -25
355 #define CTAP_CREDENTIAL_ID_SIZE 16U
363 #define CTAP_INITIALIZED_MARKER 0x4e
368 #define CTAP_MAX_EXCLUDE_LIST_SIZE 0x14
501 typedef struct __attribute__((packed)) {
572 typedef struct __attribute__((packed)){
592 typedef struct __attribute__((packed)){
633 const uint8_t *client_data_hash,
635 uint8_t *sig,
size_t *sig_len);
POSIX.1-2008 compliant version of the assert macro.
Functionality for encoding SenML values as CBOR.
Counter with CBC-MAC mode of operation for block ciphers.
#define CCM_MAC_MAX_LEN
Maximum length for the appended MAC.
Public FIDO2 CTAP defines, structures and function declarations.
FIDO2 CTAP crypto helper defines, structures and function declarations.
#define CTAP_CRYPTO_KEY_SIZE
Size in bytes of cryptographic keys used.
bool fido2_ctap_cred_params_supported(uint8_t cred_type, int32_t alg_type)
Check if requested algorithm is supported.
#define CTAP_CREDENTIAL_ID_SIZE
CTAP size of credential id.
int fido2_ctap_encrypt_rk(ctap_resident_key_t *rk, uint8_t *nonce, size_t nonce_len, ctap_cred_id_t *id)
Encrypt resident key with AES CCM.
int fido2_ctap_get_sig(const uint8_t *auth_data, size_t auth_data_len, const uint8_t *client_data_hash, const ctap_resident_key_t *rk, uint8_t *sig, size_t *sig_len)
Create signature from authenticator data.
#define CTAP_CREDENTIAL_ID_ENC_SIZE
Total size of AES CCM credential id.
#define CTAP_PIN_AUTH_SZ
Size of pin auth.
ctap_state_t * fido2_ctap_get_state(void)
Get a pointer to the authenticator state.
#define CTAP_RP_MAX_NAME_SIZE
Max size of relying party name.
#define CTAP_PIN_ENC_MAX_SIZE
Encrypted newPin max size.
ctap_pin_subcommand_t
CTAP Client PIN request subCommand CBOR key values.
#define CTAP_AAGUID_SIZE
CTAP size of authenticator AAGUID in bytes.
#define CTAP_DOMAIN_NAME_MAX_SIZE
Max size of a domain name including null character.
#define CTAP_MAX_EXCLUDE_LIST_SIZE
Max size of allow list.
#define CTAP_USER_ID_MAX_SIZE
Max size of user id.
bool fido2_ctap_pin_is_set(void)
Check if PIN has been set on authenticator.
#define CTAP_AES_CCM_NONCE_SIZE
AES CCM nonce size.
#define CTAP_USER_MAX_NAME_SIZE
Max size of username including null character.
#define CTAP_CRED_KEY_LEN
Size of key used to encrypt credential.
@ CTAP_PIN_SET_PIN
setPIN subCommand
@ CTAP_PIN_GET_PIN_TOKEN
getPinToken subCommand
@ CTAP_PIN_CHANGE_PIN
changePIN subCommand
@ CTAP_PIN_GET_KEY_AGREEMENT
getKeyAgreement subCommand
@ CTAP_PIN_GET_RETRIES
getRetries subCommand
#define SHA256_DIGEST_LENGTH
Length of SHA256 digests in bytes.
Mutex for thread synchronization.
CTAP attested credential data struct.
ctap_public_key_cose_t key
cose key
ctap_attested_cred_data_header_t header
attested credential data header
CTAP authenticator data struct.
ctap_attested_cred_data_t attested_cred_data
attested credential data
ctap_auth_data_header_t header
auth data header
CTAP client pin request struct.
bool key_agreement_present
indicate if key_agreement present
uint16_t new_pin_enc_size
size of encrypted new pin
ctap_pin_subcommand_t sub_command
ClientPIN sub command.
ctap_public_key_cose_t key_agreement
public key of platform_key_agreement_key
bool pin_auth_present
indicate if pin_auth present
uint8_t pin_protocol
PIN protocol version chosen by the client.
bool pin_hash_enc_present
indicate pin_hash_enc is present
CTAP authenticator config struct.
CTAP credential description alternative struct.
uint8_t cred_type
type of credential
ctap_cred_id_t cred_id
credential id
CTAP credential description struct.
uint8_t cred_id[CTAP_CREDENTIAL_ID_SIZE]
credential identifier
uint8_t nonce[CTAP_AES_CCM_NONCE_SIZE]
CTAP AES CCM nonce.
uint8_t cred_type
type of credential
bool has_nonce
Indicate if nonce or cred_id
Elliptic curve public key.
CTAP get assertion request struct.
uint8_t pin_protocol
PIN protocol version.
bool pin_auth_present
indicate if pin_auth present
size_t pin_auth_len
pin_auth length
uint8_t rp_id_len
Actual Length of Relying Party Identifier.
uint8_t allow_list_len
length of CBOR allow list array
ctap_options_t options
parameters to influence authenticator operation
bool pin_is_set
PIN is set or not.
uint8_t options
supported options
uint8_t pin_protocol
supported PIN protocol versions
uint8_t versions
supported versions of FIDO
uint16_t max_msg_size
max message size
CTAP make credential request struct.
bool pin_auth_present
pin_auth present
int32_t alg_type
cryptographic algorithm identifier
size_t exclude_list_len
length of CBOR exclude list array
ctap_rp_ent_t rp
relying party
size_t pin_auth_len
pin_auth len
uint8_t cred_type
type of credential
ctap_options_t options
parameters to influence authenticator operation
uint8_t pin_protocol
PIN protocol version.
int32_t alg_type
COSEAlgorithmIdentifier.
int kty
identification of key type
ctap_crypto_pub_key_t pubkey
public key
uint8_t cred_type
type of credential
CTAP resident key struct.
ctap_cred_desc_t cred_desc
credential descriptor
uint32_t sign_count
signature counter.
uint8_t user_id_len
length of the user id
uint16_t id
internal id of key
CTAP relying party entity struct.
uint8_t id_len
actual length of relying party identifier
uint16_t rk_amount_stored
total number of resident keys stored on device
int rem_pin_att
remaining PIN tries
bool pin_is_set
PIN is set or not.
ctap_config_t config
configuration of authenticator
bool cred_key_is_initialized
AES CCM key initialized flag.
uint8_t initialized_marker
CTAP initialized marker.
ctap_crypto_key_agreement_key_t ag_key
Platform key agreement key.
uint32_t id_cnt
id counter for credential id
uint8_t id_len
actual length of user id
Utility library for comparing and computing timestamps.
1.9.1