cdc-badge-os/api/fido2_8cpp_source.html

#include "mod_fido2/fido2.h"

#include "mod_fido2/fido2_storage.h"

#include "mod_fido2/ctap2.h"

#include "mod_fido2/ctaphid.h"

#include "mod_fido2/u2f.h"

#include "cdc_log.h"

#include <freertos/FreeRTOS.h>

#include <freertos/task.h>

#include <string.h>


// USB transport hooks implemented by Fido2Module.cpp.

namespace cdc::mod_fido2 {

    bool fido2_usb_available();

    bool fido2_usb_ready();

    uint16_t fido2_usb_read(uint8_t* buffer);

    bool fido2_usb_write(const uint8_t* buffer);

}


using namespace cdc::mod_fido2;


static const char* TAG = "FIDO2";


static struct {

    bool initialized;

    fido2_user_presence_cb_t user_presence_cb;

    TaskHandle_t task_handle;

    bool pin_verified;  // PIN was verified via ClientPIN protocol

} g_fido2 = {};


static void fido2_task(void* arg) {

    (void)arg;

    uint8_t packet[64];


    LOG_I(TAG, "Processing task started");


    while (1) {

        // Process incoming packets and drain responses immediately to avoid overwriting

        while (fido2_usb_available()) {

            // If we still owe a response and USB isn't ready, pause input to avoid overwrite

            if (ctaphid_has_response() && !fido2_usb_ready()) {

                break;

            }


            if (fido2_usb_read(packet) == 64) {

                ctaphid_process_packet(packet);

            }


            // Send pending responses before reading more packets (with brief wait)

            int inner_retry = 0;

            while (ctaphid_has_response()) {

                if (fido2_usb_ready()) {

                    uint8_t response[64];

                    if (ctaphid_get_response_packet(response)) {

                        if (!fido2_usb_write(response)) {

                            LOG_W(TAG, "USB FIDO write failed");

                            break;

                        }

                        LOG_D(TAG, "Sent response packet");

                        inner_retry = 0;

                        vTaskDelay(pdMS_TO_TICKS(1));

                    }

                } else {

                    inner_retry++;

                    if (inner_retry > 10) {  // Brief wait, then continue in outer loop

                        LOG_D(TAG, "USB not ready, deferring to outer loop");

                        break;

                    }

                    vTaskDelay(pdMS_TO_TICKS(5));

                }

            }


            // If response still pending, stop reading more packets this cycle

            if (ctaphid_has_response()) {

                break;

            }

        }


        // Send any remaining response packets (with retry on USB not ready)

        int retry_count = 0;

        while (ctaphid_has_response()) {

            if (fido2_usb_ready()) {

                uint8_t response[64];

                if (ctaphid_get_response_packet(response)) {

                    if (!fido2_usb_write(response)) {

                        LOG_W(TAG, "USB FIDO write failed (outer)");

                        break;

                    }

                    LOG_D(TAG, "Sent response packet (outer)");

                    retry_count = 0;  // Reset retry counter on success

                    vTaskDelay(pdMS_TO_TICKS(1));

                }

            } else {

                // Wait for USB to be ready instead of giving up

                retry_count++;

                if (retry_count > 100) {  // ~1 second timeout

                    LOG_W(TAG, "USB not ready timeout, aborting response");

                    break;

                }

                vTaskDelay(pdMS_TO_TICKS(10));

            }

        }


        // Check timeouts

        ctaphid_check_timeout();


        // Poll rate

        vTaskDelay(pdMS_TO_TICKS(10));

    }

}


bool fido2_init(void) {

    LOG_I(TAG, "Initializing...");


    memset(&g_fido2, 0, sizeof(g_fido2));


    // Initialize storage layer

    uint8_t cred_count = fido2_storage_init();

    LOG_I(TAG, "Storage initialized, %d credentials", cred_count);


    // Initialize CTAP2 protocol handler

    if (!ctap2_init()) {

        LOG_E(TAG, "CTAP2 init failed");

        return false;

    }


    // Initialize CTAPHID transport

    if (!ctaphid_init()) {

        LOG_E(TAG, "CTAPHID init failed");

        return false;

    }


    // Initialize U2F attestation certificate

    if (!u2f_init_attestation()) {

        LOG_W(TAG, "U2F attestation init failed (non-fatal)");

        // Continue anyway - FIDO2 will still work, U2F might not

    }


    // Start FIDO2 processing task

    xTaskCreate(fido2_task, "fido2", 6144, nullptr,

                configMAX_PRIORITIES - 2, &g_fido2.task_handle);


    g_fido2.initialized = true;

    LOG_I(TAG, "Initialized");

    return true;

}


void fido2_set_user_presence_callback(fido2_user_presence_cb_t cb) {

    g_fido2.user_presence_cb = cb;

}


fido2_user_presence_result_t fido2_request_user_presence(

    const char *rp_id,

    fido2_action_t action,

    const char *user_name

) {

    if (g_fido2.user_presence_cb) {

        return g_fido2.user_presence_cb(rp_id, action, user_name);

    }

    // No callback set - auto-approve (unsafe, but allows testing)

    LOG_W(TAG, "No user presence callback - auto-approving");

    return FIDO2_UP_APPROVED;

}


void fido2_set_pin_verified(bool verified) {

    g_fido2.pin_verified = verified;

    if (verified) {

        LOG_I(TAG, "PIN verified via ClientPIN - device PIN will be skipped");

    }

}


bool fido2_is_pin_verified(void) {

    return g_fido2.pin_verified;

}


uint8_t fido2_get_credential_count(void) {

    return fido2_storage_count();

}


bool fido2_get_credential_info(uint8_t index, fido2_credential_info_t *info) {

    if (!info) return false;


    // Map index to slot

    uint8_t found = 0;

    for (uint8_t slot = 0; slot < FIDO2_MAX_CREDENTIALS; slot++) {

        if (fido2_storage_slot_used(slot)) {

            if (found == index) {

                return fido2_storage_get_credential(slot, info);

            }

            found++;

        }

    }


    return false;

}


uint8_t fido2_find_credentials_by_rp(const uint8_t *rp_id_hash,

                                      uint8_t *out_indices, uint8_t max_indices) {

    return fido2_storage_find_by_rp(rp_id_hash, out_indices, max_indices);

}


bool fido2_delete_credential(uint8_t slot) {

    return fido2_storage_delete_credential(slot);

}


bool fido2_factory_reset(void) {

    LOG_W(TAG, "Factory reset requested");


    // Delete all credentials

    for (uint8_t slot = 0; slot < FIDO2_MAX_CREDENTIALS; slot++) {

        if (fido2_storage_slot_used(slot)) {

            fido2_storage_delete_credential(slot);

        }

    }


    LOG_I(TAG, "Factory reset complete");

    return true;

}


uint32_t fido2_get_auth_counter(void) {

    return fido2_storage_counter_get();

}


void fido2_increment_auth_counter(void) {

    fido2_storage_counter_increment();

}


bool fido2_is_initialized(void) {

    return g_fido2.initialized;

}


uint8_t fido2_get_available_slots(void) {

    uint16_t ecc_start = fido2_storage_ecc_start();

    uint16_t ecc_end = fido2_storage_ecc_end();

    if (ecc_end < ecc_start) return 0;

    uint16_t total = static_cast<uint16_t>(ecc_end - ecc_start + 1);

    uint8_t used = fido2_storage_count();

    return (total > used) ? static_cast<uint8_t>(total - used) : 0;

}


TAG
static const char * TAG
Definition AttestationKeyService.cpp:9

cdc_log.h
CDC Log: logging over TinyUSB CDC and UART.

LOG_W
#define LOG_W(tag, fmt,...)
Definition cdc_log.h:146

LOG_D
#define LOG_D(tag, fmt,...)
Definition cdc_log.h:148

LOG_I
#define LOG_I(tag, fmt,...)
Definition cdc_log.h:147

LOG_E
#define LOG_E(tag, fmt,...)
Definition cdc_log.h:145

cred_count
uint8_t cred_count
Definition ctap2.cpp:136

initialized
bool initialized
Definition ctap2.cpp:61

ctap2.h

ctap2_init
bool ctap2_init(void)
Initializes CTAP2 runtime state.
Definition ctap2.cpp:3513

ctaphid.h

ctaphid_init
bool ctaphid_init(void)
Initializes CTAPHID transport state and synchronization primitives.
Definition ctaphid.cpp:434

ctaphid_check_timeout
void ctaphid_check_timeout(void)
Expires active channels whose message assembly timeout elapsed.
Definition ctaphid.cpp:730

ctaphid_has_response
bool ctaphid_has_response(void)
Indicates whether any channel has a response queued for host retrieval.
Definition ctaphid.cpp:607

ctaphid_get_response_packet
bool ctaphid_get_response_packet(uint8_t *packet)
Retrieves the next response HID packet from a per-channel response queue.
Definition ctaphid.cpp:634

ctaphid_process_packet
bool ctaphid_process_packet(const uint8_t *packet)
Processes one incoming 64-byte CTAPHID packet.
Definition ctaphid.cpp:474

task_handle
TaskHandle_t task_handle
Definition fido2.cpp:33

fido2_find_credentials_by_rp
uint8_t fido2_find_credentials_by_rp(const uint8_t *rp_id_hash, uint8_t *out_indices, uint8_t max_indices)
Finds credential slots matching RP ID hash.
Definition fido2.cpp:247

fido2_get_auth_counter
uint32_t fido2_get_auth_counter(void)
Returns global authentication counter.
Definition fido2.cpp:283

fido2_set_pin_verified
void fido2_set_pin_verified(bool verified)
Stores whether PIN verification was completed via ClientPIN.
Definition fido2.cpp:194

fido2_is_initialized
bool fido2_is_initialized(void)
Indicates whether FIDO2 subsystem is initialized.
Definition fido2.cpp:298

user_presence_cb
fido2_user_presence_cb_t user_presence_cb
Definition fido2.cpp:32

fido2_get_credential_info
bool fido2_get_credential_info(uint8_t index, fido2_credential_info_t *info)
Retrieves credential metadata by visible index.
Definition fido2.cpp:223

fido2_init
bool fido2_init(void)
Initializes storage, CTAP layers, and starts the processing task.
Definition fido2.cpp:126

fido2_set_user_presence_callback
void fido2_set_user_presence_callback(fido2_user_presence_cb_t cb)
Sets callback used to request user presence for CTAP operations.
Definition fido2.cpp:166

fido2_task
static void fido2_task(void *arg)
Background task that receives CTAPHID packets and sends responses.
Definition fido2.cpp:41

fido2_delete_credential
bool fido2_delete_credential(uint8_t slot)
Deletes credential in given slot.
Definition fido2.cpp:257

fido2_get_available_slots
uint8_t fido2_get_available_slots(void)
Returns number of free credential slots.
Definition fido2.cpp:306

fido2_increment_auth_counter
void fido2_increment_auth_counter(void)
Increments global authentication counter.
Definition fido2.cpp:290

fido2_request_user_presence
fido2_user_presence_result_t fido2_request_user_presence(const char *rp_id, fido2_action_t action, const char *user_name)
Requests user presence from host/application callback.
Definition fido2.cpp:177

g_fido2
static struct @140260313112121147203143015136154100311031123103 g_fido2
Global FIDO2 runtime state.

fido2_factory_reset
bool fido2_factory_reset(void)
Removes all credentials and resets FIDO2 data.
Definition fido2.cpp:265

fido2_is_pin_verified
bool fido2_is_pin_verified(void)
Returns current PIN-verified state.
Definition fido2.cpp:205

pin_verified
bool pin_verified
Definition fido2.cpp:34

fido2_get_credential_count
uint8_t fido2_get_credential_count(void)
Returns number of stored credentials.
Definition fido2.cpp:213

fido2.h

FIDO2_MAX_CREDENTIALS
#define FIDO2_MAX_CREDENTIALS
Definition fido2.h:16

fido2_user_presence_result_t
fido2_user_presence_result_t
Definition fido2.h:30

FIDO2_UP_APPROVED
@ FIDO2_UP_APPROVED
Definition fido2.h:32

fido2_user_presence_cb_t
fido2_user_presence_result_t(* fido2_user_presence_cb_t)(const char *rp_id, fido2_action_t action, const char *user_name)
Definition fido2.h:67

fido2_action_t
fido2_action_t
Definition fido2.h:37

rp_id
char rp_id[FIDO2_RP_ID_MAX_LEN]
Definition fido2_storage.cpp:68

rp_id_hash
uint8_t rp_id_hash[32]
Definition fido2_storage.cpp:67

user_name
char user_name[FIDO2_USER_NAME_MAX_LEN]
Definition fido2_storage.cpp:69

fido2_storage.h

fido2_storage_ecc_end
uint8_t fido2_storage_ecc_end(void)
Returns configured ECC end slot.
Definition fido2_storage.cpp:111

fido2_storage_count
uint8_t fido2_storage_count(void)
Credential lookup operations using in-memory cache only.
Definition fido2_storage.cpp:469

fido2_storage_counter_get
uint32_t fido2_storage_counter_get(void)
Returns current global authentication counter.
Definition fido2_storage.cpp:366

fido2_storage_ecc_start
uint8_t fido2_storage_ecc_start(void)
Returns configured ECC start slot.
Definition fido2_storage.cpp:105

fido2_storage_get_credential
bool fido2_storage_get_credential(uint8_t slot, fido2_credential_info_t *info)
Credential create/read/delete operations.
Definition fido2_storage.cpp:706

fido2_storage_delete_credential
bool fido2_storage_delete_credential(uint8_t slot)
Deletes credential and associated slot data.
Definition fido2_storage.cpp:892

fido2_storage_counter_increment
bool fido2_storage_counter_increment(void)
Increments and persists global authentication counter.
Definition fido2_storage.cpp:377

fido2_storage_find_by_rp
uint8_t fido2_storage_find_by_rp(const uint8_t *rp_id_hash, uint8_t *out_slots, uint8_t max_slots)
Finds credentials matching RP hash.
Definition fido2_storage.cpp:504

fido2_storage_slot_used
bool fido2_storage_slot_used(uint8_t slot)
Checks whether logical slot is occupied.
Definition fido2_storage.cpp:478

fido2_storage_init
uint8_t fido2_storage_init(void)
Initialization and cache rebuild routines.
Definition fido2_storage.cpp:423

cdc::mod_fido2
Definition cbor_helpers.h:37

cdc::mod_fido2::fido2_usb_available
bool fido2_usb_available()
Indicates whether at least one USB HID packet is queued for FIDO2.
Definition Fido2Module.cpp:259

cdc::mod_fido2::fido2_usb_ready
bool fido2_usb_ready()
Reports whether USB HID endpoint is ready for transmission.
Definition Fido2Module.cpp:268

cdc::mod_fido2::fido2_usb_read
uint16_t fido2_usb_read(uint8_t *buffer)
Reads one queued CTAPHID packet from USB RX queue.
Definition Fido2Module.cpp:277

cdc::mod_fido2::fido2_usb_write
bool fido2_usb_write(const uint8_t *buffer)
Sends one CTAPHID packet over USB HID.
Definition Fido2Module.cpp:293

cdc::mod_fido2::fido2_credential_info_t
Definition fido2.h:49

u2f.h

u2f_init_attestation
bool u2f_init_attestation(void)
Initializes attestation key material and builds self-signed attestation certificate.
Definition u2f.cpp:122