sergey/fido2-manage
1
0
Fork 0
mirror of https://github.com/token2/fido2-manage.git synced 2026-04-09 18:55:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Token2
2024-05-24 11:46:48 +02:00
committed by GitHub
parent 976966cc30
commit 04bcffc0d2
71 changed files with 23969 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
src/fido/bio.h Normal file
View File

@@ -0,0 +1,133 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_BIO_H
#define _FIDO_BIO_H
#include <stdint.h>
#include <stdlib.h>
#ifdef _FIDO_INTERNAL
#include "blob.h"
#include "fido/err.h"
#include "fido/param.h"
#include "fido/types.h"
#else
#include <fido.h>
#include <fido/err.h>
#include <fido/param.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#ifdef _FIDO_INTERNAL
struct fido_bio_template {
fido_blob_t id;
char *name;
};
struct fido_bio_template_array {
struct fido_bio_template *ptr;
size_t n_alloc; /* number of allocated entries */
size_t n_rx; /* number of populated entries */
};
struct fido_bio_enroll {
uint8_t remaining_samples;
uint8_t last_status;
fido_blob_t *token;
};
struct fido_bio_info {
uint8_t type;
uint8_t max_samples;
};
#endif
typedef struct fido_bio_template fido_bio_template_t;
typedef struct fido_bio_template_array fido_bio_template_array_t;
typedef struct fido_bio_enroll fido_bio_enroll_t;
typedef struct fido_bio_info fido_bio_info_t;
#define FIDO_BIO_ENROLL_FP_GOOD 0x00
#define FIDO_BIO_ENROLL_FP_TOO_HIGH 0x01
#define FIDO_BIO_ENROLL_FP_TOO_LOW 0x02
#define FIDO_BIO_ENROLL_FP_TOO_LEFT 0x03
#define FIDO_BIO_ENROLL_FP_TOO_RIGHT 0x04
#define FIDO_BIO_ENROLL_FP_TOO_FAST 0x05
#define FIDO_BIO_ENROLL_FP_TOO_SLOW 0x06
#define FIDO_BIO_ENROLL_FP_POOR_QUALITY 0x07
#define FIDO_BIO_ENROLL_FP_TOO_SKEWED 0x08
#define FIDO_BIO_ENROLL_FP_TOO_SHORT 0x09
#define FIDO_BIO_ENROLL_FP_MERGE_FAILURE 0x0a
#define FIDO_BIO_ENROLL_FP_EXISTS 0x0b
#define FIDO_BIO_ENROLL_FP_DATABASE_FULL 0x0c
#define FIDO_BIO_ENROLL_NO_USER_ACTIVITY 0x0d
#define FIDO_BIO_ENROLL_NO_USER_PRESENCE_TRANSITION 0x0e
const char *fido_bio_template_name(const fido_bio_template_t *);
const fido_bio_template_t *fido_bio_template(const fido_bio_template_array_t *,
size_t);
const unsigned char *fido_bio_template_id_ptr(const fido_bio_template_t *);
fido_bio_enroll_t *fido_bio_enroll_new(void);
fido_bio_info_t *fido_bio_info_new(void);
fido_bio_template_array_t *fido_bio_template_array_new(void);
fido_bio_template_t *fido_bio_template_new(void);
int fido_bio_dev_enroll_begin(fido_dev_t *, fido_bio_template_t *,
fido_bio_enroll_t *, uint32_t, const char *);
int fido_bio_dev_enroll_cancel(fido_dev_t *);
int fido_bio_dev_enroll_continue(fido_dev_t *, const fido_bio_template_t *,
fido_bio_enroll_t *, uint32_t);
int fido_bio_dev_enroll_remove(fido_dev_t *, const fido_bio_template_t *,
const char *);
int fido_bio_dev_get_info(fido_dev_t *, fido_bio_info_t *);
int fido_bio_dev_get_template_array(fido_dev_t *, fido_bio_template_array_t *,
const char *);
int fido_bio_dev_set_template_name(fido_dev_t *, const fido_bio_template_t *,
const char *);
int fido_bio_template_set_id(fido_bio_template_t *, const unsigned char *,
size_t);
int fido_bio_template_set_name(fido_bio_template_t *, const char *);
size_t fido_bio_template_array_count(const fido_bio_template_array_t *);
size_t fido_bio_template_id_len(const fido_bio_template_t *);
uint8_t fido_bio_enroll_last_status(const fido_bio_enroll_t *);
uint8_t fido_bio_enroll_remaining_samples(const fido_bio_enroll_t *);
uint8_t fido_bio_info_max_samples(const fido_bio_info_t *);
uint8_t fido_bio_info_type(const fido_bio_info_t *);
void fido_bio_enroll_free(fido_bio_enroll_t **);
void fido_bio_info_free(fido_bio_info_t **);
void fido_bio_template_array_free(fido_bio_template_array_t **);
void fido_bio_template_free(fido_bio_template_t **);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_BIO_H */

58
src/fido/config.h Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (c) 2020 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_CONFIG_H
#define _FIDO_CONFIG_H
#ifdef _FIDO_INTERNAL
#include "blob.h"
#include "fido/err.h"
#include "fido/param.h"
#include "fido/types.h"
#else
#include <fido.h>
#include <fido/err.h>
#include <fido/param.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
int fido_dev_enable_entattest(fido_dev_t *, const char *);
int fido_dev_force_pin_change(fido_dev_t *, const char *);
int fido_dev_toggle_always_uv(fido_dev_t *, const char *);
int fido_dev_set_pin_minlen(fido_dev_t *, size_t, const char *);
int fido_dev_set_pin_minlen_rpid(fido_dev_t *, const char * const *, size_t,
const char *);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_CONFIG_H */

113
src/fido/credman.h Normal file
View File

@@ -0,0 +1,113 @@
/*
* Copyright (c) 2019-2021 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_CREDMAN_H
#define _FIDO_CREDMAN_H
#include <stdint.h>
#include <stdlib.h>
#ifdef _FIDO_INTERNAL
#include "blob.h"
#include "fido/err.h"
#include "fido/param.h"
#include "fido/types.h"
#else
#include <fido.h>
#include <fido/err.h>
#include <fido/param.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#ifdef _FIDO_INTERNAL
struct fido_credman_metadata {
uint64_t rk_existing;
uint64_t rk_remaining;
};
struct fido_credman_single_rp {
fido_rp_t rp_entity;
fido_blob_t rp_id_hash;
};
struct fido_credman_rp {
struct fido_credman_single_rp *ptr;
size_t n_alloc; /* number of allocated entries */
size_t n_rx; /* number of populated entries */
};
struct fido_credman_rk {
fido_cred_t *ptr;
size_t n_alloc; /* number of allocated entries */
size_t n_rx; /* number of populated entries */
};
#endif
typedef struct fido_credman_metadata fido_credman_metadata_t;
typedef struct fido_credman_rk fido_credman_rk_t;
typedef struct fido_credman_rp fido_credman_rp_t;
const char *fido_credman_rp_id(const fido_credman_rp_t *, size_t);
const char *fido_credman_rp_name(const fido_credman_rp_t *, size_t);
const fido_cred_t *fido_credman_rk(const fido_credman_rk_t *, size_t);
const unsigned char *fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *,
size_t);
fido_credman_metadata_t *fido_credman_metadata_new(void);
fido_credman_rk_t *fido_credman_rk_new(void);
fido_credman_rp_t *fido_credman_rp_new(void);
int fido_credman_del_dev_rk(fido_dev_t *, const unsigned char *, size_t,
const char *);
int fido_credman_get_dev_metadata(fido_dev_t *, fido_credman_metadata_t *,
const char *);
int fido_credman_get_dev_rk(fido_dev_t *, const char *, fido_credman_rk_t *,
const char *);
int fido_credman_get_dev_rp(fido_dev_t *, fido_credman_rp_t *, const char *);
int fido_credman_set_dev_rk(fido_dev_t *, fido_cred_t *, const char *);
size_t fido_credman_rk_count(const fido_credman_rk_t *);
size_t fido_credman_rp_count(const fido_credman_rp_t *);
size_t fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t);
uint64_t fido_credman_rk_existing(const fido_credman_metadata_t *);
uint64_t fido_credman_rk_remaining(const fido_credman_metadata_t *);
void fido_credman_metadata_free(fido_credman_metadata_t **);
void fido_credman_rk_free(fido_credman_rk_t **);
void fido_credman_rp_free(fido_credman_rp_t **);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_CREDMAN_H */

71
src/fido/eddsa.h Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (c) 2019 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_EDDSA_H
#define _FIDO_EDDSA_H
#include <openssl/ec.h>
#include <stdint.h>
#include <stdlib.h>
#ifdef _FIDO_INTERNAL
#include "types.h"
#else
#include <fido.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
eddsa_pk_t *eddsa_pk_new(void);
void eddsa_pk_free(eddsa_pk_t **);
EVP_PKEY *eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *);
int eddsa_pk_from_EVP_PKEY(eddsa_pk_t *, const EVP_PKEY *);
int eddsa_pk_from_ptr(eddsa_pk_t *, const void *, size_t);
#ifdef _FIDO_INTERNAL
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000f
#define EVP_PKEY_ED25519 EVP_PKEY_NONE
int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
size_t);
int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t,
const unsigned char *, size_t);
#endif /* LIBRESSL_VERSION_NUMBER */
#endif /* _FIDO_INTERNAL */
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_EDDSA_H */

106
src/fido/err.h Normal file
View File

@@ -0,0 +1,106 @@
/*
* Copyright (c) 2018 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_ERR_H
#define _FIDO_ERR_H
#define FIDO_ERR_SUCCESS 0x00
#define FIDO_ERR_INVALID_COMMAND 0x01
#define FIDO_ERR_INVALID_PARAMETER 0x02
#define FIDO_ERR_INVALID_LENGTH 0x03
#define FIDO_ERR_INVALID_SEQ 0x04
#define FIDO_ERR_TIMEOUT 0x05
#define FIDO_ERR_CHANNEL_BUSY 0x06
#define FIDO_ERR_LOCK_REQUIRED 0x0a
#define FIDO_ERR_INVALID_CHANNEL 0x0b
#define FIDO_ERR_CBOR_UNEXPECTED_TYPE 0x11
#define FIDO_ERR_INVALID_CBOR 0x12
#define FIDO_ERR_MISSING_PARAMETER 0x14
#define FIDO_ERR_LIMIT_EXCEEDED 0x15
#define FIDO_ERR_UNSUPPORTED_EXTENSION 0x16
#define FIDO_ERR_FP_DATABASE_FULL 0x17
#define FIDO_ERR_LARGEBLOB_STORAGE_FULL 0x18
#define FIDO_ERR_CREDENTIAL_EXCLUDED 0x19
#define FIDO_ERR_PROCESSING 0x21
#define FIDO_ERR_INVALID_CREDENTIAL 0x22
#define FIDO_ERR_USER_ACTION_PENDING 0x23
#define FIDO_ERR_OPERATION_PENDING 0x24
#define FIDO_ERR_NO_OPERATIONS 0x25
#define FIDO_ERR_UNSUPPORTED_ALGORITHM 0x26
#define FIDO_ERR_OPERATION_DENIED 0x27
#define FIDO_ERR_KEY_STORE_FULL 0x28
#define FIDO_ERR_NOT_BUSY 0x29
#define FIDO_ERR_NO_OPERATION_PENDING 0x2a
#define FIDO_ERR_UNSUPPORTED_OPTION 0x2b
#define FIDO_ERR_INVALID_OPTION 0x2c
#define FIDO_ERR_KEEPALIVE_CANCEL 0x2d
#define FIDO_ERR_NO_CREDENTIALS 0x2e
#define FIDO_ERR_USER_ACTION_TIMEOUT 0x2f
#define FIDO_ERR_NOT_ALLOWED 0x30
#define FIDO_ERR_PIN_INVALID 0x31
#define FIDO_ERR_PIN_BLOCKED 0x32
#define FIDO_ERR_PIN_AUTH_INVALID 0x33
#define FIDO_ERR_PIN_AUTH_BLOCKED 0x34
#define FIDO_ERR_PIN_NOT_SET 0x35
#define FIDO_ERR_PIN_REQUIRED 0x36
#define FIDO_ERR_PIN_POLICY_VIOLATION 0x37
#define FIDO_ERR_PIN_TOKEN_EXPIRED 0x38
#define FIDO_ERR_REQUEST_TOO_LARGE 0x39
#define FIDO_ERR_ACTION_TIMEOUT 0x3a
#define FIDO_ERR_UP_REQUIRED 0x3b
#define FIDO_ERR_UV_BLOCKED 0x3c
#define FIDO_ERR_UV_INVALID 0x3f
#define FIDO_ERR_UNAUTHORIZED_PERM 0x40
#define FIDO_ERR_ERR_OTHER 0x7f
#define FIDO_ERR_SPEC_LAST 0xdf
/* defined internally */
#define FIDO_OK FIDO_ERR_SUCCESS
#define FIDO_ERR_TX -1
#define FIDO_ERR_RX -2
#define FIDO_ERR_RX_NOT_CBOR -3
#define FIDO_ERR_RX_INVALID_CBOR -4
#define FIDO_ERR_INVALID_PARAM -5
#define FIDO_ERR_INVALID_SIG -6
#define FIDO_ERR_INVALID_ARGUMENT -7
#define FIDO_ERR_USER_PRESENCE_REQUIRED -8
#define FIDO_ERR_INTERNAL -9
#define FIDO_ERR_NOTFOUND -10
#define FIDO_ERR_COMPRESS -11
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
const char *fido_strerr(int);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* _FIDO_ERR_H */

71
src/fido/es256.h Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_ES256_H
#define _FIDO_ES256_H
#include <openssl/ec.h>
#include <stdint.h>
#include <stdlib.h>
#ifdef _FIDO_INTERNAL
#include "types.h"
#else
#include <fido.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
es256_pk_t *es256_pk_new(void);
void es256_pk_free(es256_pk_t **);
EVP_PKEY *es256_pk_to_EVP_PKEY(const es256_pk_t *);
int es256_pk_from_EC_KEY(es256_pk_t *, const EC_KEY *);
int es256_pk_from_EVP_PKEY(es256_pk_t *, const EVP_PKEY *);
int es256_pk_from_ptr(es256_pk_t *, const void *, size_t);
#ifdef _FIDO_INTERNAL
es256_sk_t *es256_sk_new(void);
void es256_sk_free(es256_sk_t **);
EVP_PKEY *es256_sk_to_EVP_PKEY(const es256_sk_t *);
int es256_derive_pk(const es256_sk_t *, es256_pk_t *);
int es256_sk_create(es256_sk_t *);
int es256_pk_set_x(es256_pk_t *, const unsigned char *);
int es256_pk_set_y(es256_pk_t *, const unsigned char *);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_ES256_H */

59
src/fido/es384.h Normal file
View File

@@ -0,0 +1,59 @@
/*
* Copyright (c) 2022 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_ES384_H
#define _FIDO_ES384_H
#include <openssl/ec.h>
#include <stdint.h>
#include <stdlib.h>
#ifdef _FIDO_INTERNAL
#include "types.h"
#else
#include <fido.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
es384_pk_t *es384_pk_new(void);
void es384_pk_free(es384_pk_t **);
EVP_PKEY *es384_pk_to_EVP_PKEY(const es384_pk_t *);
int es384_pk_from_EC_KEY(es384_pk_t *, const EC_KEY *);
int es384_pk_from_EVP_PKEY(es384_pk_t *, const EVP_PKEY *);
int es384_pk_from_ptr(es384_pk_t *, const void *, size_t);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_ES384_H */

162
src/fido/param.h Normal file
View File

@@ -0,0 +1,162 @@
/*
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_PARAM_H
#define _FIDO_PARAM_H
/* Authentication data flags. */
#define CTAP_AUTHDATA_USER_PRESENT 0x01
#define CTAP_AUTHDATA_USER_VERIFIED 0x04
#define CTAP_AUTHDATA_ATT_CRED 0x40
#define CTAP_AUTHDATA_EXT_DATA 0x80
/* CTAPHID command opcodes. */
#define CTAP_CMD_PING 0x01
#define CTAP_CMD_MSG 0x03
#define CTAP_CMD_LOCK 0x04
#define CTAP_CMD_INIT 0x06
#define CTAP_CMD_WINK 0x08
#define CTAP_CMD_CBOR 0x10
#define CTAP_CMD_CANCEL 0x11
#define CTAP_KEEPALIVE 0x3b
#define CTAP_FRAME_INIT 0x80
/* CTAPHID CBOR command opcodes. */
#define CTAP_CBOR_MAKECRED 0x01
#define CTAP_CBOR_ASSERT 0x02
#define CTAP_CBOR_GETINFO 0x04
#define CTAP_CBOR_CLIENT_PIN 0x06
#define CTAP_CBOR_RESET 0x07
#define CTAP_CBOR_NEXT_ASSERT 0x08
#define CTAP_CBOR_BIO_ENROLL 0x09
#define CTAP_CBOR_CRED_MGMT 0x0a
#define CTAP_CBOR_LARGEBLOB 0x0c
#define CTAP_CBOR_CONFIG 0x0d
#define CTAP_CBOR_BIO_ENROLL_PRE 0x40
#define CTAP_CBOR_CRED_MGMT_PRE 0x41
/* Supported CTAP PIN/UV Auth Protocols. */
#define CTAP_PIN_PROTOCOL1 1
#define CTAP_PIN_PROTOCOL2 2
/* U2F command opcodes. */
#define U2F_CMD_REGISTER 0x01
#define U2F_CMD_AUTH 0x02
/* U2F command flags. */
#define U2F_AUTH_SIGN 0x03
#define U2F_AUTH_CHECK 0x07
/* ISO7816-4 status words. */
#define SW1_MORE_DATA 0x61
#define SW_CONDITIONS_NOT_SATISFIED 0x6985
#define SW_WRONG_DATA 0x6a80
#define SW_NO_ERROR 0x9000
/* HID Broadcast channel ID. */
#define CTAP_CID_BROADCAST 0xffffffff
#define CTAP_INIT_HEADER_LEN 7
#define CTAP_CONT_HEADER_LEN 5
/* Maximum length of a CTAP HID report in bytes. */
#define CTAP_MAX_REPORT_LEN 64
/* Minimum length of a CTAP HID report in bytes. */
#define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1)
/* Randomness device on UNIX-like platforms. */
#ifndef FIDO_RANDOM_DEV
#define FIDO_RANDOM_DEV "/dev/urandom"
#endif
/* Maximum message size in bytes. */
#ifndef FIDO_MAXMSG
#define FIDO_MAXMSG 2048
#endif
/* CTAP capability bits. */
#define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */
#define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */
#define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */
/* Supported COSE algorithms. */
#define COSE_UNSPEC 0
#define COSE_ES256 -7
#define COSE_EDDSA -8
#define COSE_ECDH_ES256 -25
#define COSE_ES384 -35
#define COSE_RS256 -257
#define COSE_RS1 -65535
/* Supported COSE types. */
#define COSE_KTY_OKP 1
#define COSE_KTY_EC2 2
#define COSE_KTY_RSA 3
/* Supported curves. */
#define COSE_P256 1
#define COSE_P384 2
#define COSE_ED25519 6
/* Supported extensions. */
#define FIDO_EXT_HMAC_SECRET 0x01
#define FIDO_EXT_CRED_PROTECT 0x02
#define FIDO_EXT_LARGEBLOB_KEY 0x04
#define FIDO_EXT_CRED_BLOB 0x08
#define FIDO_EXT_MINPINLEN 0x10
/* Supported credential protection policies. */
#define FIDO_CRED_PROT_UV_OPTIONAL 0x01
#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02
#define FIDO_CRED_PROT_UV_REQUIRED 0x03
#ifdef _FIDO_INTERNAL
#define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
FIDO_EXT_CRED_BLOB)
#define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \
FIDO_EXT_MINPINLEN)
#endif /* _FIDO_INTERNAL */
/* Recognised UV modes. */
#define FIDO_UV_MODE_TUP 0x0001 /* internal test of user presence */
#define FIDO_UV_MODE_FP 0x0002 /* internal fingerprint check */
#define FIDO_UV_MODE_PIN 0x0004 /* internal pin check */
#define FIDO_UV_MODE_VOICE 0x0008 /* internal voice recognition */
#define FIDO_UV_MODE_FACE 0x0010 /* internal face recognition */
#define FIDO_UV_MODE_LOCATION 0x0020 /* internal location check */
#define FIDO_UV_MODE_EYE 0x0040 /* internal eyeprint check */
#define FIDO_UV_MODE_DRAWN 0x0080 /* internal drawn pattern check */
#define FIDO_UV_MODE_HAND 0x0100 /* internal handprint verification */
#define FIDO_UV_MODE_NONE 0x0200 /* TUP/UV not required */
#define FIDO_UV_MODE_ALL 0x0400 /* all supported UV modes required */
#define FIDO_UV_MODE_EXT_PIN 0x0800 /* external pin verification */
#define FIDO_UV_MODE_EXT_DRAWN 0x1000 /* external drawn pattern check */
#endif /* !_FIDO_PARAM_H */

59
src/fido/rs256.h Normal file
View File

@@ -0,0 +1,59 @@
/*
* Copyright (c) 2018-2021 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_RS256_H
#define _FIDO_RS256_H
#include <openssl/rsa.h>
#include <stdint.h>
#include <stdlib.h>
#ifdef _FIDO_INTERNAL
#include "types.h"
#else
#include <fido.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
rs256_pk_t *rs256_pk_new(void);
void rs256_pk_free(rs256_pk_t **);
EVP_PKEY *rs256_pk_to_EVP_PKEY(const rs256_pk_t *);
int rs256_pk_from_EVP_PKEY(rs256_pk_t *, const EVP_PKEY *);
int rs256_pk_from_RSA(rs256_pk_t *, const RSA *);
int rs256_pk_from_ptr(rs256_pk_t *, const void *, size_t);
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_RS256_H */

337
src/fido/types.h Normal file
View File

@@ -0,0 +1,337 @@
/*
* Copyright (c) 2018-2022 Yubico AB. All rights reserved.
* SPDX-License-Identifier: BSD-2-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _FIDO_TYPES_H
#define _FIDO_TYPES_H
#ifdef __MINGW32__
#include <sys/types.h>
#endif
#include <signal.h>
#include <stddef.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
struct fido_dev;
typedef void *fido_dev_io_open_t(const char *);
typedef void fido_dev_io_close_t(void *);
typedef int fido_dev_io_read_t(void *, unsigned char *, size_t, int);
typedef int fido_dev_io_write_t(void *, const unsigned char *, size_t);
typedef int fido_dev_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int);
typedef int fido_dev_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t);
typedef struct fido_dev_io {
fido_dev_io_open_t *open;
fido_dev_io_close_t *close;
fido_dev_io_read_t *read;
fido_dev_io_write_t *write;
} fido_dev_io_t;
typedef struct fido_dev_transport {
fido_dev_rx_t *rx;
fido_dev_tx_t *tx;
} fido_dev_transport_t;
typedef enum {
FIDO_OPT_OMIT = 0, /* use authenticator's default */
FIDO_OPT_FALSE, /* explicitly set option to false */
FIDO_OPT_TRUE, /* explicitly set option to true */
} fido_opt_t;
typedef void fido_log_handler_t(const char *);
#undef _FIDO_SIGSET_DEFINED
#define _FIDO_SIGSET_DEFINED
#ifdef _WIN32
typedef int fido_sigset_t;
#elif defined(SIG_BLOCK)
typedef sigset_t fido_sigset_t;
#else
#undef _FIDO_SIGSET_DEFINED
#endif
#ifdef _FIDO_INTERNAL
#include "packed.h"
#include "blob.h"
/* COSE ES256 (ECDSA over P-256 with SHA-256) public key */
typedef struct es256_pk {
unsigned char x[32];
unsigned char y[32];
} es256_pk_t;
/* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */
typedef struct es256_sk {
unsigned char d[32];
} es256_sk_t;
/* COSE ES384 (ECDSA over P-384 with SHA-384) public key */
typedef struct es384_pk {
unsigned char x[48];
unsigned char y[48];
} es384_pk_t;
/* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */
typedef struct rs256_pk {
unsigned char n[256];
unsigned char e[3];
} rs256_pk_t;
/* COSE EDDSA (ED25519) */
typedef struct eddsa_pk {
unsigned char x[32];
} eddsa_pk_t;
PACKED_TYPE(fido_authdata_t,
struct fido_authdata {
unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */
uint8_t flags; /* user present/verified */
uint32_t sigcount; /* signature counter */
/* actually longer */
})
PACKED_TYPE(fido_attcred_raw_t,
struct fido_attcred_raw {
unsigned char aaguid[16]; /* credential's aaguid */
uint16_t id_len; /* credential id length */
uint8_t body[]; /* credential id + pubkey */
})
typedef struct fido_attcred {
unsigned char aaguid[16]; /* credential's aaguid */
fido_blob_t id; /* credential id */
int type; /* credential's cose algorithm */
union { /* credential's public key */
es256_pk_t es256;
es384_pk_t es384;
rs256_pk_t rs256;
eddsa_pk_t eddsa;
} pubkey;
} fido_attcred_t;
typedef struct fido_attstmt {
fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */
fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */
fido_blob_t cbor; /* cbor-encoded attestation statement */
fido_blob_array_t x5c; /* attestation certificate chain */
fido_blob_t sig; /* attestation signature */
int alg; /* attestation algorithm (cose) */
} fido_attstmt_t;
typedef struct fido_rp {
char *id; /* relying party id */
char *name; /* relying party name */
} fido_rp_t;
typedef struct fido_user {
fido_blob_t id; /* required */
char *icon; /* optional */
char *name; /* optional */
char *display_name; /* required */
} fido_user_t;
typedef struct fido_cred_ext {
int mask; /* enabled extensions */
int prot; /* protection policy */
size_t minpinlen; /* minimum pin length */
} fido_cred_ext_t;
typedef struct fido_cred {
fido_blob_t cd; /* client data */
fido_blob_t cdh; /* client data hash */
fido_rp_t rp; /* relying party */
fido_user_t user; /* user entity */
fido_blob_array_t excl; /* list of credential ids to exclude */
fido_opt_t rk; /* resident key */
fido_opt_t uv; /* user verification */
fido_cred_ext_t ext; /* extensions */
int type; /* cose algorithm */
char *fmt; /* credential format */
fido_cred_ext_t authdata_ext; /* decoded extensions */
fido_blob_t authdata_cbor; /* cbor-encoded payload */
fido_blob_t authdata_raw; /* cbor-decoded payload */
fido_authdata_t authdata; /* decoded authdata payload */
fido_attcred_t attcred; /* returned credential (key + id) */
fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */
fido_blob_t largeblob_key; /* decoded large blob key */
fido_blob_t blob; /* CTAP 2.1 credBlob */
} fido_cred_t;
typedef struct fido_assert_extattr {
int mask; /* decoded extensions */
fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */
fido_blob_t blob; /* decoded CTAP 2.1 credBlob */
} fido_assert_extattr_t;
typedef struct _fido_assert_stmt {
fido_blob_t id; /* credential id */
fido_user_t user; /* user attributes */
fido_blob_t hmac_secret; /* hmac secret */
fido_assert_extattr_t authdata_ext; /* decoded extensions */
fido_blob_t authdata_cbor; /* raw cbor payload */
fido_blob_t authdata_raw; /* raw authdata */
fido_authdata_t authdata; /* decoded authdata payload */
fido_blob_t sig; /* signature of cdh + authdata */
fido_blob_t largeblob_key; /* decoded large blob key */
} fido_assert_stmt;
typedef struct fido_assert_ext {
int mask; /* enabled extensions */
fido_blob_t hmac_salt; /* optional hmac-secret salt */
} fido_assert_ext_t;
typedef struct fido_assert {
char *rp_id; /* relying party id */
char *appid; /* winhello u2f appid */
fido_blob_t cd; /* client data */
fido_blob_t cdh; /* client data hash */
fido_blob_array_t allow_list; /* list of allowed credentials */
fido_opt_t up; /* user presence */
fido_opt_t uv; /* user verification */
fido_assert_ext_t ext; /* enabled extensions */
fido_assert_stmt *stmt; /* array of expected assertions */
size_t stmt_cnt; /* number of allocated assertions */
size_t stmt_len; /* number of received assertions */
} fido_assert_t;
typedef struct fido_opt_array {
char **name;
bool *value;
size_t len;
} fido_opt_array_t;
typedef struct fido_str_array {
char **ptr;
size_t len;
} fido_str_array_t;
typedef struct fido_byte_array {
uint8_t *ptr;
size_t len;
} fido_byte_array_t;
typedef struct fido_algo {
char *type;
int cose;
} fido_algo_t;
typedef struct fido_algo_array {
fido_algo_t *ptr;
size_t len;
} fido_algo_array_t;
typedef struct fido_cert_array {
char **name;
uint64_t *value;
size_t len;
} fido_cert_array_t;
typedef struct fido_cbor_info {
fido_str_array_t versions; /* supported versions: fido2|u2f */
fido_str_array_t extensions; /* list of supported extensions */
fido_str_array_t transports; /* list of supported transports */
unsigned char aaguid[16]; /* aaguid */
fido_opt_array_t options; /* list of supported options */
uint64_t maxmsgsiz; /* maximum message size */
fido_byte_array_t protocols; /* supported pin protocols */
fido_algo_array_t algorithms; /* list of supported algorithms */
uint64_t maxcredcntlst; /* max credentials in list */
uint64_t maxcredidlen; /* max credential ID length */
uint64_t fwversion; /* firmware version */
uint64_t maxcredbloblen; /* max credBlob length */
uint64_t maxlargeblob; /* max largeBlob array length */
uint64_t maxrpid_minlen; /* max rpid in set_pin_minlen_rpid */
uint64_t minpinlen; /* min pin len enforced */
uint64_t uv_attempts; /* platform uv attempts */
uint64_t uv_modality; /* bitmask of supported uv types */
int64_t rk_remaining; /* remaining resident credentials */
bool new_pin_reqd; /* new pin required */
fido_cert_array_t certs; /* associated certifications */
} fido_cbor_info_t;
typedef struct fido_dev_info {
char *path; /* device path */
int16_t vendor_id; /* 2-byte vendor id */
int16_t product_id; /* 2-byte product id */
char *manufacturer; /* manufacturer string */
char *product; /* product string */
fido_dev_io_t io; /* i/o functions */
fido_dev_transport_t transport; /* transport functions */
} fido_dev_info_t;
PACKED_TYPE(fido_ctap_info_t,
/* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */
struct fido_ctap_info {
uint64_t nonce; /* echoed nonce */
uint32_t cid; /* channel id */
uint8_t protocol; /* ctaphid protocol id */
uint8_t major; /* major version number */
uint8_t minor; /* minor version number */
uint8_t build; /* build version number */
uint8_t flags; /* capabilities flags; see FIDO_CAP_* */
})
typedef struct fido_dev {
uint64_t nonce; /* issued nonce */
fido_ctap_info_t attr; /* device attributes */
uint32_t cid; /* assigned channel id */
char *path; /* device path */
void *io_handle; /* abstract i/o handle */
fido_dev_io_t io; /* i/o functions */
bool io_own; /* device has own io/transport */
size_t rx_len; /* length of HID input reports */
size_t tx_len; /* length of HID output reports */
int flags; /* internal flags; see FIDO_DEV_* */
fido_dev_transport_t transport; /* transport functions */
uint64_t maxmsgsize; /* max message size */
int timeout_ms; /* read timeout in ms */
} fido_dev_t;
#else
typedef struct fido_assert fido_assert_t;
typedef struct fido_cbor_info fido_cbor_info_t;
typedef struct fido_cred fido_cred_t;
typedef struct fido_dev fido_dev_t;
typedef struct fido_dev_info fido_dev_info_t;
typedef struct es256_pk es256_pk_t;
typedef struct es256_sk es256_sk_t;
typedef struct es384_pk es384_pk_t;
typedef struct rs256_pk rs256_pk_t;
typedef struct eddsa_pk eddsa_pk_t;
#endif /* _FIDO_INTERNAL */
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
#endif /* !_FIDO_TYPES_H */