CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
cdc::core::IChallengeResponder Class Referenceabstract

Challenge-response provider interface. More...

#include <IChallengeResponder.h>

Inheritance diagram for cdc::core::IChallengeResponder:
cdc::mod_2fa::TwoFaModule

Public Member Functions

virtual ~IChallengeResponder ()=default
virtual int challengeResponse (const char *entryName, const uint8_t *challenge, size_t clen, uint8_t *out)=0
 Computes the raw HMAC challenge-response for a named CR entry.
virtual int challengeResponseUsbSlot (const uint8_t *challenge, size_t clen, uint8_t *out, bool *touchRequiredOut)=0
 Computes the raw HMAC response for the designated USB-CR slot entry.

Static Public Attributes

static constexpr size_t MAX_RESPONSE_LEN = 32
 Largest possible raw HMAC response (SHA256). Callers size out to this.

Detailed Description

Challenge-response provider interface.

Lets transport modules (USB OTP-HID, BLE GATT) obtain a raw HMAC response for a named credential without depending on the 2FA module that computes it. The 2FA module registers an implementation via ServiceRegistry::provide(ServiceType::CHALLENGE_RESPONDER, this); consumers resolve it with request<IChallengeResponder>(ServiceType::CHALLENGE_RESPONDER).

Definition at line 17 of file IChallengeResponder.h.

Constructor & Destructor Documentation

◆ ~IChallengeResponder()

virtual cdc::core::IChallengeResponder::~IChallengeResponder ( )
virtualdefault

Member Function Documentation

◆ challengeResponse()

virtual int cdc::core::IChallengeResponder::challengeResponse ( const char * entryName,
const uint8_t * challenge,
size_t clen,
uint8_t * out )
pure virtual

Computes the raw HMAC challenge-response for a named CR entry.

Looks up the credential by name, computes HMAC(secret, challenge) with the entry's algorithm (SHA1 or SHA256), and writes the full, untruncated digest to out. The caller must satisfy any touch/PIN gate separately; this call performs no user confirmation.

Parameters
entryNameNull-terminated credential name to look up.
challengeChallenge bytes.
clenChallenge length in bytes.
outOutput buffer, must be at least MAX_RESPONSE_LEN bytes.
Returns
Response length in bytes (20 for SHA1, 32 for SHA256), or -1 on error or when no matching CR entry exists.

Implemented in cdc::mod_2fa::TwoFaModule.

◆ challengeResponseUsbSlot()

virtual int cdc::core::IChallengeResponder::challengeResponseUsbSlot ( const uint8_t * challenge,
size_t clen,
uint8_t * out,
bool * touchRequiredOut )
pure virtual

Computes the raw HMAC response for the designated USB-CR slot entry.

The USB OTP-HID transport (YubiKey slot 2) does not name a credential: it answers from the single entry the user marked as the USB-CR slot. This resolves that entry and computes HMAC(secret, challenge) (SHA1 over this path), reporting whether an on-device touch confirmation is required. The caller withholds the response until the touch gate is satisfied.

Parameters
challengeChallenge bytes.
clenChallenge length in bytes.
outOutput buffer, must be at least MAX_RESPONSE_LEN bytes.
touchRequiredOutOptional; receives the entry's touch-required flag.
Returns
Response length in bytes, or -1 when no entry is designated or computation fails.

Implemented in cdc::mod_2fa::TwoFaModule.

Member Data Documentation

◆ MAX_RESPONSE_LEN

size_t cdc::core::IChallengeResponder::MAX_RESPONSE_LEN = 32
staticconstexpr

Largest possible raw HMAC response (SHA256). Callers size out to this.

Definition at line 20 of file IChallengeResponder.h.

Referenced by cdc::mod_2fa::ble_chalresp_tick(), and cdc::mod_2fa::cmd_chalresp().

The documentation for this class was generated from the following file: