- Generated by
1.16.1
|
CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
|
#include <stdbool.h>#include <stddef.h>#include <stdint.h>Go to the source code of this file.
Classes | |
| struct | algo_attr_t |
| Parsed algorithm-attribute payload. More... | |
Enumerations | |
| enum | algo_attr_algo_id_t { ALGO_ATTR_ID_RSA = 0x01 , ALGO_ATTR_ID_ECDH = 0x12 , ALGO_ATTR_ID_ECDSA = 0x13 , ALGO_ATTR_ID_EDDSA = 0x16 } |
| OpenPGP algorithm-attribute codec. More... | |
| enum | algo_attr_curve_t { ALGO_ATTR_CURVE_UNKNOWN = 0 , ALGO_ATTR_CURVE_P256 , ALGO_ATTR_CURVE_ED25519 , ALGO_ATTR_CURVE_X25519 } |
| Curves the firmware recognises. UNKNOWN flags unsupported OIDs. More... | |
| enum | algo_attr_role_t { ALGO_ATTR_ROLE_SIG = 0 , ALGO_ATTR_ROLE_DEC = 1 , ALGO_ATTR_ROLE_AUT = 2 } |
| Key role (selects which DO tag is being parsed / built). More... | |
| enum | algo_attr_status_t { ALGO_ATTR_OK = 0 , ALGO_ATTR_ERR_TOO_SHORT , ALGO_ATTR_ERR_BAD_ALGO , ALGO_ATTR_ERR_BAD_CURVE , ALGO_ATTR_ERR_BAD_RSA , ALGO_ATTR_ERR_ROLE_MISMATCH , ALGO_ATTR_ERR_BUF_TOO_SMALL , ALGO_ATTR_ERR_NULL } |
| Outcome of algo-attribute operations. More... | |
Functions | |
| algo_attr_status_t | algo_attr_parse (const uint8_t *bytes, size_t len, algo_attr_t *out) |
| Parse a raw algorithm-attribute byte sequence into structured form. | |
| algo_attr_status_t | algo_attr_build (const algo_attr_t *attr, uint8_t *out, size_t out_cap, size_t *out_len) |
| Serialise an algorithm-attribute structure to bytes. | |
| algo_attr_status_t | algo_attr_validate_role (const algo_attr_t *attr, algo_attr_role_t role) |
| Check whether the parsed attribute is compatible with the key role it will be installed into. | |
| algo_attr_status_t | algo_attr_validate_capability (const algo_attr_t *attr, bool rsa_supported) |
| Check whether the badge's secure element / mbedTLS combination can actually execute this algorithm. | |
| enum algo_attr_algo_id_t |
OpenPGP algorithm-attribute codec.
Encodes / decodes / validates the byte sequences carried by Data Objects 0xC1 (SIG), 0xC2 (DEC) and 0xC3 (AUT) per OpenPGP Smart Card Application 3.4.1, §4.4.3.7-9.
Layout:
ECC (algorithm = ECDSA / EdDSA / ECDH): +---—+-------------—+-----—+ | algo | curve OID | format | +---—+-------------—+-----—+ 1B n bytes 1B (optional, 0xFF = standard)
RSA (algorithm = RSA): +---—+--—+--—+------—+ | algo | N-l | e-l | import | +---—+--—+--—+------—+ 1B 2B 2B 1B
Algorithm IDs come from RFC 4880 §9.1; curve OIDs are the DER-encoded bytes WITHOUT the leading tag/length, exactly as carried in the DO.
The CDC Badge currently honours three ECC choices: Ed25519 (SIG/AUT), P-256 ECDSA (SIG/AUT), P-256 ECDH (DEC). RSA is optional and is treated as a fallback per the plan in plan2.md §10.
RFC 4880 §9.1 algorithm IDs we care about.
| Enumerator | |
|---|---|
| ALGO_ATTR_ID_RSA | |
| ALGO_ATTR_ID_ECDH | |
| ALGO_ATTR_ID_ECDSA | |
| ALGO_ATTR_ID_EDDSA | |
Definition at line 40 of file algo_attr.h.
| enum algo_attr_curve_t |
Curves the firmware recognises. UNKNOWN flags unsupported OIDs.
| Enumerator | |
|---|---|
| ALGO_ATTR_CURVE_UNKNOWN | |
| ALGO_ATTR_CURVE_P256 | |
| ALGO_ATTR_CURVE_ED25519 | |
| ALGO_ATTR_CURVE_X25519 | Reserved for future ECDH-X25519 support. |
Definition at line 48 of file algo_attr.h.
| enum algo_attr_role_t |
Key role (selects which DO tag is being parsed / built).
| Enumerator | |
|---|---|
| ALGO_ATTR_ROLE_SIG | |
| ALGO_ATTR_ROLE_DEC | |
| ALGO_ATTR_ROLE_AUT | |
Definition at line 56 of file algo_attr.h.
| enum algo_attr_status_t |
Outcome of algo-attribute operations.
| Enumerator | |
|---|---|
| ALGO_ATTR_OK | |
| ALGO_ATTR_ERR_TOO_SHORT | |
| ALGO_ATTR_ERR_BAD_ALGO | |
| ALGO_ATTR_ERR_BAD_CURVE | |
| ALGO_ATTR_ERR_BAD_RSA | |
| ALGO_ATTR_ERR_ROLE_MISMATCH | |
| ALGO_ATTR_ERR_BUF_TOO_SMALL | |
| ALGO_ATTR_ERR_NULL | |
Definition at line 77 of file algo_attr.h.
| algo_attr_status_t algo_attr_build | ( | const algo_attr_t * | attr, |
| uint8_t * | out, | ||
| size_t | out_cap, | ||
| size_t * | out_len ) |
Serialise an algorithm-attribute structure to bytes.
The trailing 0xFF "import format" byte for ECC is emitted only when attr->has_import_format is set. RSA values are encoded in network byte order (big-endian) per spec.
Definition at line 86 of file algo_attr.cpp.
References ALGO_ATTR_ERR_BAD_ALGO, ALGO_ATTR_ERR_BAD_CURVE, ALGO_ATTR_ERR_BAD_RSA, ALGO_ATTR_ERR_BUF_TOO_SMALL, ALGO_ATTR_ERR_NULL, ALGO_ATTR_ID_RSA, ALGO_ATTR_OK, algo_attr_t::algo_id, algo_attr_t::curve, algo_attr_t::has_import_format, algo_attr_t::import_format, algo_attr_t::rsa_e_bits, algo_attr_t::rsa_import_fmt, and algo_attr_t::rsa_n_bits.
| algo_attr_status_t algo_attr_parse | ( | const uint8_t * | bytes, |
| size_t | len, | ||
| algo_attr_t * | out ) |
Parse a raw algorithm-attribute byte sequence into structured form.
The function recognises the three supported curves by OID match. Any other OID lands as ALGO_ATTR_CURVE_UNKNOWN with the call still succeeding so the caller can choose between rejection (6A80) and a permissive accept.
Definition at line 53 of file algo_attr.cpp.
References ALGO_ATTR_ERR_BAD_ALGO, ALGO_ATTR_ERR_BAD_RSA, ALGO_ATTR_ERR_NULL, ALGO_ATTR_ERR_TOO_SHORT, ALGO_ATTR_ID_RSA, ALGO_ATTR_OK, algo_attr_t::algo_id, algo_attr_t::curve, algo_attr_t::has_import_format, algo_attr_t::import_format, algo_attr_t::is_rsa, algo_attr_t::rsa_e_bits, algo_attr_t::rsa_import_fmt, and algo_attr_t::rsa_n_bits.
Referenced by put_data_algo_attr().
| algo_attr_status_t algo_attr_validate_capability | ( | const algo_attr_t * | attr, |
| bool | rsa_supported ) |
Check whether the badge's secure element / mbedTLS combination can actually execute this algorithm.
Returns ALGO_ATTR_OK for Ed25519, P-256 ECDSA, P-256 ECDH, and (if rsa_supported is true) RSA 2048/3072/4096. Anything else yields ALGO_ATTR_ERR_BAD_CURVE or ALGO_ATTR_ERR_BAD_RSA.
Definition at line 138 of file algo_attr.cpp.
References ALGO_ATTR_CURVE_ED25519, ALGO_ATTR_CURVE_P256, ALGO_ATTR_CURVE_UNKNOWN, ALGO_ATTR_CURVE_X25519, ALGO_ATTR_ERR_BAD_CURVE, ALGO_ATTR_ERR_BAD_RSA, ALGO_ATTR_ERR_NULL, ALGO_ATTR_ID_ECDH, ALGO_ATTR_ID_ECDSA, ALGO_ATTR_ID_EDDSA, ALGO_ATTR_OK, algo_attr_t::algo_id, algo_attr_t::curve, and algo_attr_t::is_rsa.
Referenced by put_data_algo_attr().
| algo_attr_status_t algo_attr_validate_role | ( | const algo_attr_t * | attr, |
| algo_attr_role_t | role ) |
Check whether the parsed attribute is compatible with the key role it will be installed into.
Encodes the badge-specific policy: ECDSA + EdDSA only for SIG/AUT, ECDH only for DEC; RSA is acceptable for any role when enabled.
Definition at line 119 of file algo_attr.cpp.
References ALGO_ATTR_ERR_NULL, ALGO_ATTR_ERR_ROLE_MISMATCH, ALGO_ATTR_ID_ECDH, ALGO_ATTR_ID_ECDSA, ALGO_ATTR_ID_EDDSA, ALGO_ATTR_OK, ALGO_ATTR_ROLE_AUT, ALGO_ATTR_ROLE_DEC, ALGO_ATTR_ROLE_SIG, algo_attr_t::algo_id, and algo_attr_t::is_rsa.
Referenced by put_data_algo_attr().
1.16.1