CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
fido2.cpp File Reference

FIDO2/WebAuthn runtime entry points and processing task. More...

#include "mod_fido2/fido2.h"
#include "mod_fido2/fido2_storage.h"
#include "mod_fido2/ctap2.h"
#include "mod_fido2/ctaphid.h"
#include "mod_fido2/u2f.h"
#include "cdc_log.h"
#include <freertos/FreeRTOS.h>
#include <freertos/task.h>
#include <string.h>

Go to the source code of this file.

Namespaces

namespace  cdc
namespace  cdc::mod_fido2

Functions

bool cdc::mod_fido2::fido2_usb_available ()
 Indicates whether at least one USB HID packet is queued for FIDO2.
bool cdc::mod_fido2::fido2_usb_ready ()
 Reports whether USB HID endpoint is ready for transmission.
uint16_t cdc::mod_fido2::fido2_usb_read (uint8_t *buffer)
 Reads one queued CTAPHID packet from USB RX queue.
bool cdc::mod_fido2::fido2_usb_write (const uint8_t *buffer)
 Sends one CTAPHID packet over USB HID.
static void fido2_task (void *arg)
 Background task that receives CTAPHID packets and sends responses.
bool fido2_init (void)
 Initializes storage, CTAP layers, and starts the processing task.
void fido2_set_user_presence_callback (fido2_user_presence_cb_t cb)
 Sets callback used to request user presence for CTAP operations.
fido2_user_presence_result_t fido2_request_user_presence (const char *rp_id, fido2_action_t action, const char *user_name)
 Requests user presence from host/application callback.
void fido2_set_pin_verified (bool verified)
 Stores whether PIN verification was completed via ClientPIN.
bool fido2_is_pin_verified (void)
 Returns current PIN-verified state.
uint8_t fido2_get_credential_count (void)
 Returns number of stored credentials.
bool fido2_get_credential_info (uint8_t index, fido2_credential_info_t *info)
 Retrieves credential metadata by visible index.
uint8_t fido2_find_credentials_by_rp (const uint8_t *rp_id_hash, uint8_t *out_indices, uint8_t max_indices)
 Finds credential slots matching RP ID hash.
bool fido2_delete_credential (uint8_t slot)
 Deletes credential in given slot.
bool fido2_factory_reset (void)
 Removes all credentials and resets FIDO2 data.
uint32_t fido2_get_auth_counter (void)
 Returns global authentication counter.
void fido2_increment_auth_counter (void)
 Increments global authentication counter.
bool fido2_is_initialized (void)
 Indicates whether FIDO2 subsystem is initialized.
uint8_t fido2_get_available_slots (void)
 Returns number of free credential slots.

Variables

static const char * TAG = "FIDO2"
struct { 
   bool   initialized 
   fido2_user_presence_cb_t   user_presence_cb 
   TaskHandle_t   task_handle 
   bool   pin_verified 
g_fido2 = {}
 Global FIDO2 runtime state.

Detailed Description

FIDO2/WebAuthn runtime entry points and processing task.

Definition in file fido2.cpp.

Function Documentation

◆ fido2_delete_credential()

bool fido2_delete_credential ( uint8_t slot)

Deletes credential in given slot.

Parameters
slotCredential slot index.
Returns
true on success, otherwise false.

Definition at line 257 of file fido2.cpp.

References fido2_storage_delete_credential().

Referenced by cdc::mod_fido2::handleDelete().

◆ fido2_factory_reset()

bool fido2_factory_reset ( void )

Removes all credentials and resets FIDO2 data.

Returns
true on success.

Definition at line 265 of file fido2.cpp.

References FIDO2_MAX_CREDENTIALS, fido2_storage_delete_credential(), fido2_storage_slot_used(), LOG_I, LOG_W, and TAG.

Referenced by ctap2_reset().

◆ fido2_find_credentials_by_rp()

uint8_t fido2_find_credentials_by_rp ( const uint8_t * rp_id_hash,
uint8_t * out_indices,
uint8_t max_indices )

Finds credential slots matching RP ID hash.

Parameters
rp_id_hash32-byte RP hash.
out_indicesDestination slot list.
max_indicesCapacity of out_indices.
Returns
Number of matching credentials.

Definition at line 247 of file fido2.cpp.

References fido2_storage_find_by_rp(), and rp_id_hash.

◆ fido2_get_auth_counter()

uint32_t fido2_get_auth_counter ( void )

Returns global authentication counter.

Returns
Counter value.

Definition at line 283 of file fido2.cpp.

References fido2_storage_counter_get().

◆ fido2_get_available_slots()

uint8_t fido2_get_available_slots ( void )

Returns number of free credential slots.

Returns
Available slot count.

Definition at line 306 of file fido2.cpp.

References fido2_storage_count(), fido2_storage_ecc_end(), and fido2_storage_ecc_start().

◆ fido2_get_credential_count()

uint8_t fido2_get_credential_count ( void )

Returns number of stored credentials.

Returns
Credential count.

Definition at line 213 of file fido2.cpp.

References fido2_storage_count().

Referenced by cdc::mod_fido2::handleDelete(), cdc::mod_fido2::rebuildList(), and cdc::mod_fido2::showDetail().

◆ fido2_get_credential_info()

bool fido2_get_credential_info ( uint8_t index,
fido2_credential_info_t * info )

Retrieves credential metadata by visible index.

Parameters
indexZero-based visible credential index.
infoDestination structure.
Returns
true on success, otherwise false.

Definition at line 223 of file fido2.cpp.

References FIDO2_MAX_CREDENTIALS, fido2_storage_get_credential(), and fido2_storage_slot_used().

◆ fido2_increment_auth_counter()

void fido2_increment_auth_counter ( void )

Increments global authentication counter.

Increment global authentication counter.

Definition at line 290 of file fido2.cpp.

References fido2_storage_counter_increment().

Referenced by ctap2_get_assertion(), and u2f_authenticate().

◆ fido2_init()

bool fido2_init ( void )

Initializes storage, CTAP layers, and starts the processing task.

Returns
true on success, otherwise false.

Definition at line 126 of file fido2.cpp.

References cred_count, ctap2_init(), ctaphid_init(), fido2_storage_init(), fido2_task(), g_fido2, LOG_E, LOG_I, LOG_W, TAG, and u2f_init_attestation().

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ fido2_is_initialized()

bool fido2_is_initialized ( void )

Indicates whether FIDO2 subsystem is initialized.

Returns
true when initialized, otherwise false.

Definition at line 298 of file fido2.cpp.

References g_fido2.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ fido2_is_pin_verified()

bool fido2_is_pin_verified ( void )

Returns current PIN-verified state.

Returns
true if PIN was verified, otherwise false.

Definition at line 205 of file fido2.cpp.

References g_fido2.

Referenced by cdc::mod_fido2::create_credential_and_respond(), ctap2_build_auth_data_for_cred(), and cdc::mod_fido2::onPromptApprove().

◆ fido2_request_user_presence()

fido2_user_presence_result_t fido2_request_user_presence ( const char * rp_id,
fido2_action_t action,
const char * user_name )

Requests user presence from host/application callback.

Parameters
rp_idRelying-party identifier.
actionRequested user action.
user_nameOptional user name.
Returns
User presence decision.

Definition at line 177 of file fido2.cpp.

References FIDO2_UP_APPROVED, g_fido2, LOG_W, rp_id, TAG, and user_name.

Referenced by u2f_authenticate(), u2f_register(), and wait_for_user_presence().

◆ fido2_set_pin_verified()

void fido2_set_pin_verified ( bool verified)

Stores whether PIN verification was completed via ClientPIN.

Parameters
verifiedPIN verification state.

Definition at line 194 of file fido2.cpp.

References g_fido2, LOG_I, and TAG.

Referenced by ga_verify_pin_auth(), cdc::mod_fido2::onPromptDeny(), and cdc::mod_fido2::verify_pin_uv_auth().

◆ fido2_set_user_presence_callback()

void fido2_set_user_presence_callback ( fido2_user_presence_cb_t cb)

Sets callback used to request user presence for CTAP operations.

Parameters
cbUser-presence callback.

Definition at line 166 of file fido2.cpp.

References g_fido2.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ fido2_task()

void fido2_task ( void * arg)
static

Background task that receives CTAPHID packets and sends responses.

Parameters
argUnused task argument.

Definition at line 41 of file fido2.cpp.

References ctaphid_check_timeout(), ctaphid_get_response_packet(), ctaphid_has_response(), ctaphid_process_packet(), cdc::mod_fido2::fido2_usb_available(), cdc::mod_fido2::fido2_usb_read(), cdc::mod_fido2::fido2_usb_ready(), cdc::mod_fido2::fido2_usb_write(), LOG_D, LOG_I, LOG_W, and TAG.

Referenced by fido2_init().

Variable Documentation

◆ [struct]

struct { ... } g_fido2

Global FIDO2 runtime state.

Referenced by fido2_init(), fido2_is_initialized(), fido2_is_pin_verified(), fido2_request_user_presence(), fido2_set_pin_verified(), and fido2_set_user_presence_callback().

◆ initialized

bool initialized

Definition at line 31 of file fido2.cpp.

◆ pin_verified

bool pin_verified

Definition at line 34 of file fido2.cpp.

Referenced by ctap2_build_auth_data_for_cred().

◆ TAG

const char* TAG = "FIDO2"
static

Definition at line 26 of file fido2.cpp.

◆ task_handle

TaskHandle_t task_handle

Definition at line 33 of file fido2.cpp.

◆ user_presence_cb

fido2_user_presence_cb_t user_presence_cb

Definition at line 32 of file fido2.cpp.