CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
fido2.h File Reference
#include <stdint.h>
#include <stdbool.h>

Go to the source code of this file.

Classes

struct  cdc::mod_fido2::fido2_credential_info_t

Namespaces

namespace  cdc
namespace  cdc::mod_fido2

Macros

#define FIDO2_MAX_CREDENTIALS   32
#define FIDO2_RP_ID_MAX_LEN   64
#define FIDO2_USER_ID_MAX_LEN   64
#define FIDO2_USER_NAME_MAX_LEN   32
#define FIDO2_CRED_ID_LEN   64
#define CDC_CURVE_ED25519   0
#define CDC_CURVE_P256   1

Typedefs

typedef fido2_user_presence_result_t(* fido2_user_presence_cb_t) (const char *rp_id, fido2_action_t action, const char *user_name)

Enumerations

enum  fido2_user_presence_result_t { FIDO2_UP_PENDING = 0 , FIDO2_UP_APPROVED , FIDO2_UP_DENIED , FIDO2_UP_TIMEOUT }
enum  fido2_action_t { FIDO2_ACTION_REGISTER = 0 , FIDO2_ACTION_AUTHENTICATE , FIDO2_ACTION_SELECT , FIDO2_ACTION_OVERWRITE }

Functions

bool fido2_init (void)
 Initializes storage, CTAP layers, and starts the processing task.
void fido2_set_user_presence_callback (fido2_user_presence_cb_t cb)
 Sets callback used to request user presence for CTAP operations.
fido2_user_presence_result_t fido2_request_user_presence (const char *rp_id, fido2_action_t action, const char *user_name)
 Requests user presence from host/application callback.
void fido2_set_pin_verified (bool verified)
 Stores whether PIN verification was completed via ClientPIN.
bool fido2_is_pin_verified (void)
 Returns current PIN-verified state.
uint8_t fido2_get_credential_count (void)
 Returns number of stored credentials.
bool fido2_get_credential_info (uint8_t index, fido2_credential_info_t *info)
uint8_t fido2_find_credentials_by_rp (const uint8_t *rp_id_hash, uint8_t *out_indices, uint8_t max_indices)
 Finds credential slots matching RP ID hash.
bool fido2_delete_credential (uint8_t slot)
 Deletes credential in given slot.
bool fido2_factory_reset (void)
 Removes all credentials and resets FIDO2 data.
uint32_t fido2_get_auth_counter (void)
 Returns global authentication counter.
void fido2_increment_auth_counter (void)
 Increments global authentication counter.
bool fido2_is_initialized (void)
 Indicates whether FIDO2 subsystem is initialized.
uint8_t fido2_get_available_slots (void)
 Returns number of free credential slots.

Macro Definition Documentation

◆ CDC_CURVE_ED25519

#define CDC_CURVE_ED25519   0

Definition at line 23 of file fido2.h.

Referenced by cdc::mod_gpg::cmd_gpg_generate(), cdc::mod_gpg::cmd_gpg_recv_info(), cdc::mod_gpg::cmd_gpg_status(), cred_mgmt_encode_credential(), ctap2_build_attested_cred(), cdc::mod_fido2::ctap2_make_credential(), fido2_storage_create_credential(), fido2_storage_sign_raw(), gpg_export_pubkey_pem(), gpg_get_status(), cdc::mod_gpg::gpgBuildSignedKeyArmored(), cdc::mod_gpg::gpgCrossSign(), load_state_from_nvs(), cdc::mod_gpg::onWizardCurve(), openpgp_factory_reset(), put_data_algo_attr(), se_ecc_key_generate(), se_ecc_key_read(), cdc::mod_fido2::showDetail(), cdc::mod_gpg::showExport(), cdc::mod_gpg::showReceivedDetail(), and cdc::mod_gpg::showStatus().

◆ CDC_CURVE_P256

#define CDC_CURVE_P256   1

Definition at line 24 of file fido2.h.

Referenced by cmd_generate_keypair(), cdc::mod_gpg::cmd_gpg_generate(), cmd_internal_authenticate(), cmd_pso_cds(), cdc::mod_fido2::ctap2_make_credential(), encode_pubkey_with_prefix(), get_algo_attr(), gpg_export_pubkey_pem(), gpg_generate_key(), cdc::mod_fido2::handle_browser_probe(), load_state_from_nvs(), cdc::mod_gpg::onWizardCurve(), put_data_algo_attr(), read_public_key(), se_ecc_key_read(), and u2f_register().

◆ FIDO2_CRED_ID_LEN

#define FIDO2_CRED_ID_LEN   64

Definition at line 20 of file fido2.h.

Referenced by cdc::mod_fido2::create_credential_and_respond(), cred_mgmt_encode_credential(), ctap2_cred_management(), ctap2_get_assertion(), ctap2_get_next_assertion(), encode_info_max_cred_id_length(), fido2_storage_create_credential(), fido2_storage_find_slot_by_cred_id(), fido2_storage_get_cred_id(), fido2_storage_verify_cred_id(), ga_build_response(), ga_parse_allow_list(), ga_parse_allow_list_credential(), and cdc::mod_fido2::handle_browser_probe().

◆ FIDO2_MAX_CREDENTIALS

#define FIDO2_MAX_CREDENTIALS   32

Definition at line 16 of file fido2.h.

Referenced by cdc::mod_fido2::check_appid_exclude(), cred_mgmt_count_unique_rps(), cred_mgmt_find_creds_for_rp(), ctap2_cred_management(), fido2_factory_reset(), fido2_get_credential_info(), fido2_storage_find_by_rp(), fido2_storage_find_by_rp_resident(), fido2_storage_find_by_rp_user(), fido2_storage_find_free_slot(), fido2_storage_init(), ga_find_credentials(), ga_parse_allow_list(), and cdc::mod_fido2::rebuildList().

◆ FIDO2_RP_ID_MAX_LEN

#define FIDO2_RP_ID_MAX_LEN   64

Definition at line 17 of file fido2.h.

Referenced by fido2_storage_create_credential(), fido2_storage_get_credential(), cdc::mod_fido2::onListMenu(), and update_cache_from_stored().

◆ FIDO2_USER_ID_MAX_LEN

#define FIDO2_USER_ID_MAX_LEN   64

Definition at line 18 of file fido2.h.

Referenced by fido2_storage_create_credential(), and fido2_storage_get_user().

◆ FIDO2_USER_NAME_MAX_LEN

#define FIDO2_USER_NAME_MAX_LEN   32

Definition at line 19 of file fido2.h.

Referenced by fido2_storage_create_credential(), fido2_storage_get_credential(), fido2_storage_get_user(), and update_cache_from_stored().

Typedef Documentation

◆ fido2_user_presence_cb_t

typedef fido2_user_presence_result_t(* fido2_user_presence_cb_t) (const char *rp_id, fido2_action_t action, const char *user_name)

Definition at line 67 of file fido2.h.

Enumeration Type Documentation

◆ fido2_action_t

enum fido2_action_t
Enumerator
FIDO2_ACTION_REGISTER 
FIDO2_ACTION_AUTHENTICATE 
FIDO2_ACTION_SELECT 
FIDO2_ACTION_OVERWRITE 

Definition at line 37 of file fido2.h.

◆ fido2_user_presence_result_t

enum fido2_user_presence_result_t
Enumerator
FIDO2_UP_PENDING 
FIDO2_UP_APPROVED 
FIDO2_UP_DENIED 
FIDO2_UP_TIMEOUT 

Definition at line 30 of file fido2.h.

Function Documentation

◆ fido2_delete_credential()

bool fido2_delete_credential ( uint8_t slot)

Deletes credential in given slot.

Delete credential by slot.

Parameters
slotECC slot index (0-28)
Returns
true on success
Parameters
slotCredential slot index.
Returns
true on success, otherwise false.

Definition at line 257 of file fido2.cpp.

References fido2_storage_delete_credential().

Referenced by cdc::mod_fido2::handleDelete().

◆ fido2_factory_reset()

bool fido2_factory_reset ( void )

Removes all credentials and resets FIDO2 data.

Factory reset - delete all credentials.

Returns
true on success
true on success.

Definition at line 265 of file fido2.cpp.

References FIDO2_MAX_CREDENTIALS, fido2_storage_delete_credential(), fido2_storage_slot_used(), LOG_I, LOG_W, and TAG.

Referenced by ctap2_reset().

◆ fido2_find_credentials_by_rp()

uint8_t fido2_find_credentials_by_rp ( const uint8_t * rp_id_hash,
uint8_t * out_indices,
uint8_t max_indices )

Finds credential slots matching RP ID hash.

Find credential by RP ID hash.

Parameters
rp_id_hashSHA-256 of RP ID (32 bytes)
out_indicesArray to store matching indices
max_indicesMaximum number of indices to return
Returns
Number of matching credentials
Parameters
rp_id_hash32-byte RP hash.
out_indicesDestination slot list.
max_indicesCapacity of out_indices.
Returns
Number of matching credentials.

Definition at line 247 of file fido2.cpp.

References fido2_storage_find_by_rp(), and rp_id_hash.

◆ fido2_get_auth_counter()

uint32_t fido2_get_auth_counter ( void )

Returns global authentication counter.

Get global authentication counter. Stored in NVS (not TROPIC01 to prevent lockout).

Returns
Counter value.

Definition at line 283 of file fido2.cpp.

References fido2_storage_counter_get().

◆ fido2_get_available_slots()

uint8_t fido2_get_available_slots ( void )

Returns number of free credential slots.

Get available credential slots.

Returns
Available slot count.

Definition at line 306 of file fido2.cpp.

References fido2_storage_count(), fido2_storage_ecc_end(), and fido2_storage_ecc_start().

◆ fido2_get_credential_count()

uint8_t fido2_get_credential_count ( void )

Returns number of stored credentials.

Get number of stored credentials.

Returns
Credential count.

Definition at line 213 of file fido2.cpp.

References fido2_storage_count().

Referenced by cdc::mod_fido2::handleDelete(), cdc::mod_fido2::rebuildList(), and cdc::mod_fido2::showDetail().

◆ fido2_get_credential_info()

bool fido2_get_credential_info ( uint8_t index,
fido2_credential_info_t * info )

Get credential info by index.

Parameters
indexCredential index (0 to count-1)
infoOutput structure
Returns
true if credential exists

References rp_id_hash.

Referenced by cdc::mod_fido2::handleDelete(), cdc::mod_fido2::onListMenu(), cdc::mod_fido2::rebuildList(), and cdc::mod_fido2::showDetail().

◆ fido2_increment_auth_counter()

void fido2_increment_auth_counter ( void )

Increments global authentication counter.

Increment global authentication counter.

Definition at line 290 of file fido2.cpp.

References fido2_storage_counter_increment().

Referenced by ctap2_get_assertion(), and u2f_authenticate().

◆ fido2_init()

bool fido2_init ( void )

Initializes storage, CTAP layers, and starts the processing task.

Initialize FIDO2 module. Loads credential list from cache.

Returns
true on success
true on success, otherwise false.

Definition at line 126 of file fido2.cpp.

References cred_count, ctap2_init(), ctaphid_init(), fido2_storage_init(), fido2_task(), g_fido2, LOG_E, LOG_I, LOG_W, TAG, and u2f_init_attestation().

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ fido2_is_initialized()

bool fido2_is_initialized ( void )

Indicates whether FIDO2 subsystem is initialized.

Check if FIDO2 module is initialized.

Returns
true when initialized, otherwise false.

Definition at line 298 of file fido2.cpp.

References g_fido2.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ fido2_is_pin_verified()

bool fido2_is_pin_verified ( void )

Returns current PIN-verified state.

Returns
true if PIN was verified, otherwise false.

Definition at line 205 of file fido2.cpp.

References g_fido2.

Referenced by cdc::mod_fido2::create_credential_and_respond(), ctap2_build_auth_data_for_cred(), and cdc::mod_fido2::onPromptApprove().

◆ fido2_request_user_presence()

fido2_user_presence_result_t fido2_request_user_presence ( const char * rp_id,
fido2_action_t action,
const char * user_name )

Requests user presence from host/application callback.

Request user presence (called from CTAP2). Invokes the registered callback if set.

Parameters
rp_idRelying party identifier
actionRegistration or authentication
user_nameUser display name (optional, may be NULL)
Returns
User presence result
Parameters
rp_idRelying-party identifier.
actionRequested user action.
user_nameOptional user name.
Returns
User presence decision.

Definition at line 177 of file fido2.cpp.

References FIDO2_UP_APPROVED, g_fido2, LOG_W, rp_id, TAG, and user_name.

Referenced by u2f_authenticate(), u2f_register(), and wait_for_user_presence().

◆ fido2_set_pin_verified()

void fido2_set_pin_verified ( bool verified)

Stores whether PIN verification was completed via ClientPIN.

Set/check PIN verification status (from ClientPIN protocol). When PIN was verified via ClientPIN, device PIN entry can be skipped.

Parameters
verifiedPIN verification state.

Definition at line 194 of file fido2.cpp.

References g_fido2, LOG_I, and TAG.

Referenced by ga_verify_pin_auth(), cdc::mod_fido2::onPromptDeny(), and cdc::mod_fido2::verify_pin_uv_auth().

◆ fido2_set_user_presence_callback()

void fido2_set_user_presence_callback ( fido2_user_presence_cb_t cb)

Sets callback used to request user presence for CTAP operations.

Set user presence callback. Called when authentication requires user confirmation.

Parameters
cbCallback function (NULL to disable prompts)
cbUser-presence callback.

Definition at line 166 of file fido2.cpp.

References g_fido2.

Referenced by cdc::mod_fido2::Fido2Module::start().