CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
fido2.h
Go to the documentation of this file.
1// FIDO2/WebAuthn Module
2// Main interface for credential management and user presence
3
4#pragma once
5#include <stdint.h>
6#include <stdbool.h>
7
8#ifdef __cplusplus
9extern "C" {
10#endif
11
12// ============================================================================
13// Constants
14// ============================================================================
15
16#define FIDO2_MAX_CREDENTIALS 32 // Max ECC slots (runtime range provided by module registry)
17#define FIDO2_RP_ID_MAX_LEN 64
18#define FIDO2_USER_ID_MAX_LEN 64
19#define FIDO2_USER_NAME_MAX_LEN 32
20#define FIDO2_CRED_ID_LEN 64 // Credential ID length
21
22// Curve identifiers
23#define CDC_CURVE_ED25519 0
24#define CDC_CURVE_P256 1
25
26// ============================================================================
27// Types
28// ============================================================================
29
30typedef enum {
31 FIDO2_UP_PENDING = 0, // Waiting for user
32 FIDO2_UP_APPROVED, // User approved
33 FIDO2_UP_DENIED, // User denied
34 FIDO2_UP_TIMEOUT // Timeout waiting for user
35} fido2_user_presence_result_t;
36
37typedef enum {
38 FIDO2_ACTION_REGISTER = 0, // makeCredential, new credential
39 FIDO2_ACTION_AUTHENTICATE, // getAssertion
40 FIDO2_ACTION_SELECT, // Device selection (authenticatorSelection 0x0B / make.me.blink probe) - user presence only, no PIN
41 FIDO2_ACTION_OVERWRITE // makeCredential replacing an existing resident credential
42} fido2_action_t;
43
44#ifdef __DOXYGEN__
45namespace cdc::mod_fido2 {
46#endif
47
48// Credential info (for listing - no private key data)
49typedef struct {
50 uint8_t slot; // Logical slot index (0..count-1)
51 char rp_id[FIDO2_RP_ID_MAX_LEN]; // Relying Party ID (e.g., "github.com" or "ssh:server")
52 uint8_t rp_id_hash[32]; // SHA-256 of RP ID
53 char user_name[FIDO2_USER_NAME_MAX_LEN]; // Display name
54 uint8_t user_id[FIDO2_USER_ID_MAX_LEN]; // User handle
55 uint8_t user_id_len;
56 uint32_t sign_count; // Per-credential counter
57 bool resident_key; // Is discoverable credential
58 uint8_t cred_protect; // Credential protection level
59 uint8_t curve; // CDC_CURVE_P256 or CDC_CURVE_ED25519
60} fido2_credential_info_t;
61
62#ifdef __DOXYGEN__
63} // namespace cdc::mod_fido2
64#endif
65
66// User presence callback type
67typedef fido2_user_presence_result_t (*fido2_user_presence_cb_t)(
68 const char *rp_id,
69 fido2_action_t action,
70 const char *user_name
71);
72
73// ============================================================================
74// Initialization
75// ============================================================================
76
83bool fido2_init(void);
84
91void fido2_set_user_presence_callback(fido2_user_presence_cb_t cb);
92
102fido2_user_presence_result_t fido2_request_user_presence(
103 const char *rp_id,
104 fido2_action_t action,
105 const char *user_name
106);
107
112void fido2_set_pin_verified(bool verified);
113bool fido2_is_pin_verified(void);
114
115// ============================================================================
116// Credential Management
117// ============================================================================
118
122uint8_t fido2_get_credential_count(void);
123
131bool fido2_get_credential_info(uint8_t index, fido2_credential_info_t *info);
132
141uint8_t fido2_find_credentials_by_rp(const uint8_t *rp_id_hash,
142 uint8_t *out_indices, uint8_t max_indices);
143
150bool fido2_delete_credential(uint8_t slot);
151
157bool fido2_factory_reset(void);
158
159// ============================================================================
160// Authentication Counter
161// ============================================================================
162
167uint32_t fido2_get_auth_counter(void);
168
172void fido2_increment_auth_counter(void);
173
174// ============================================================================
175// Status
176// ============================================================================
177
181bool fido2_is_initialized(void);
182
186uint8_t fido2_get_available_slots(void);
187
188#ifdef __cplusplus
189}
190#endif
191
fido2_find_credentials_by_rp
uint8_t fido2_find_credentials_by_rp(const uint8_t *rp_id_hash, uint8_t *out_indices, uint8_t max_indices)
Finds credential slots matching RP ID hash.
Definition fido2.cpp:247
fido2_get_auth_counter
uint32_t fido2_get_auth_counter(void)
Returns global authentication counter.
Definition fido2.cpp:283
fido2_set_pin_verified
void fido2_set_pin_verified(bool verified)
Stores whether PIN verification was completed via ClientPIN.
Definition fido2.cpp:194
fido2_is_initialized
bool fido2_is_initialized(void)
Indicates whether FIDO2 subsystem is initialized.
Definition fido2.cpp:298
FIDO2_RP_ID_MAX_LEN
#define FIDO2_RP_ID_MAX_LEN
Definition fido2.h:17
fido2_get_credential_info
bool fido2_get_credential_info(uint8_t index, fido2_credential_info_t *info)
FIDO2_USER_NAME_MAX_LEN
#define FIDO2_USER_NAME_MAX_LEN
Definition fido2.h:19
fido2_init
bool fido2_init(void)
Initializes storage, CTAP layers, and starts the processing task.
Definition fido2.cpp:126
fido2_set_user_presence_callback
void fido2_set_user_presence_callback(fido2_user_presence_cb_t cb)
Sets callback used to request user presence for CTAP operations.
Definition fido2.cpp:166
fido2_delete_credential
bool fido2_delete_credential(uint8_t slot)
Deletes credential in given slot.
Definition fido2.cpp:257
fido2_get_available_slots
uint8_t fido2_get_available_slots(void)
Returns number of free credential slots.
Definition fido2.cpp:306
fido2_increment_auth_counter
void fido2_increment_auth_counter(void)
Increments global authentication counter.
Definition fido2.cpp:290
fido2_request_user_presence
fido2_user_presence_result_t fido2_request_user_presence(const char *rp_id, fido2_action_t action, const char *user_name)
Requests user presence from host/application callback.
Definition fido2.cpp:177
fido2_user_presence_result_t
fido2_user_presence_result_t
Definition fido2.h:30
FIDO2_UP_DENIED
@ FIDO2_UP_DENIED
Definition fido2.h:33
FIDO2_UP_TIMEOUT
@ FIDO2_UP_TIMEOUT
Definition fido2.h:34
FIDO2_UP_PENDING
@ FIDO2_UP_PENDING
Definition fido2.h:31
FIDO2_UP_APPROVED
@ FIDO2_UP_APPROVED
Definition fido2.h:32
fido2_user_presence_cb_t
fido2_user_presence_result_t(* fido2_user_presence_cb_t)(const char *rp_id, fido2_action_t action, const char *user_name)
Definition fido2.h:67
fido2_factory_reset
bool fido2_factory_reset(void)
Removes all credentials and resets FIDO2 data.
Definition fido2.cpp:265
fido2_is_pin_verified
bool fido2_is_pin_verified(void)
Returns current PIN-verified state.
Definition fido2.cpp:205
FIDO2_USER_ID_MAX_LEN
#define FIDO2_USER_ID_MAX_LEN
Definition fido2.h:18
fido2_get_credential_count
uint8_t fido2_get_credential_count(void)
Returns number of stored credentials.
Definition fido2.cpp:213
fido2_action_t
fido2_action_t
Definition fido2.h:37
FIDO2_ACTION_SELECT
@ FIDO2_ACTION_SELECT
Definition fido2.h:40
FIDO2_ACTION_REGISTER
@ FIDO2_ACTION_REGISTER
Definition fido2.h:38
FIDO2_ACTION_OVERWRITE
@ FIDO2_ACTION_OVERWRITE
Definition fido2.h:41
FIDO2_ACTION_AUTHENTICATE
@ FIDO2_ACTION_AUTHENTICATE
Definition fido2.h:39
rp_id
char rp_id[FIDO2_RP_ID_MAX_LEN]
Definition fido2_storage.cpp:68
rp_id_hash
uint8_t rp_id_hash[32]
Definition fido2_storage.cpp:67
user_name
char user_name[FIDO2_USER_NAME_MAX_LEN]
Definition fido2_storage.cpp:69
cdc::mod_fido2
Definition cbor_helpers.h:37
cdc::mod_fido2::fido2_credential_info_t
Definition fido2.h:49
cdc::mod_fido2::fido2_credential_info_t::user_name
char user_name[32]
Definition fido2.h:53
cdc::mod_fido2::fido2_credential_info_t::user_id
uint8_t user_id[64]
Definition fido2.h:54
cdc::mod_fido2::fido2_credential_info_t::cred_protect
uint8_t cred_protect
Definition fido2.h:58
cdc::mod_fido2::fido2_credential_info_t::rp_id_hash
uint8_t rp_id_hash[32]
Definition fido2.h:52
cdc::mod_fido2::fido2_credential_info_t::curve
uint8_t curve
Definition fido2.h:59
cdc::mod_fido2::fido2_credential_info_t::rp_id
char rp_id[64]
Definition fido2.h:51
cdc::mod_fido2::fido2_credential_info_t::sign_count
uint32_t sign_count
Definition fido2.h:56
cdc::mod_fido2::fido2_credential_info_t::slot
uint8_t slot
Definition fido2.h:50
cdc::mod_fido2::fido2_credential_info_t::user_id_len
uint8_t user_id_len
Definition fido2.h:55
cdc::mod_fido2::fido2_credential_info_t::resident_key
bool resident_key
Definition fido2.h:57