22 uint16_t rmem_start, uint16_t rmem_end);
137 uint8_t *out_slots, uint8_t max_slots);
148 uint8_t *out_slots, uint8_t max_slots);
191 size_t user_name_max);
227 uint8_t *signature, uint8_t *sig_len);
241 uint8_t *signature, uint8_t *sig_len);
255 uint8_t *signature, uint8_t *sig_len);
uint8_t user_id[FIDO2_USER_ID_MAX_LEN]
char rp_id[FIDO2_RP_ID_MAX_LEN]
char user_name[FIDO2_USER_NAME_MAX_LEN]
uint8_t fido2_storage_ecc_end(void)
Returns configured ECC end slot.
bool fido2_storage_counter_flush(void)
No-op flush retained for API stability; per-increment path commits.
uint16_t fido2_storage_rmem_start(void)
Returns configured RMEM start slot.
uint8_t fido2_storage_count(void)
Credential lookup operations using in-memory cache only.
bool fido2_storage_sign(uint8_t slot, const uint8_t *msg, uint16_t msg_len, uint8_t *signature, uint8_t *sig_len)
Signing operations requiring secure-element access.
bool fido2_storage_sign_raw(uint8_t slot, const uint8_t *msg, uint16_t msg_len, uint8_t *signature, uint8_t *sig_len)
Signs message and returns raw signature (EdDSA/ECDSA).
bool fido2_storage_get_user(uint8_t slot, uint8_t *user_id, uint8_t *user_id_len, char *user_name, size_t user_name_max)
Loads user handle and optional user name for a credential slot.
bool fido2_storage_sign_der(uint8_t slot, const uint8_t *msg, uint16_t msg_len, uint8_t *signature, uint8_t *sig_len)
Signs data and returns DER-encoded signature for U2F compatibility.
uint32_t fido2_storage_counter_get(void)
Returns current global authentication counter.
uint8_t fido2_storage_ecc_start(void)
Returns configured ECC start slot.
bool fido2_storage_get_credential(uint8_t slot, fido2_credential_info_t *info)
Credential create/read/delete operations.
bool fido2_storage_verify_cred_id(uint8_t slot, const uint8_t *cred_id)
Verifies credential-id for logical slot.
bool fido2_storage_delete_credential(uint8_t slot)
Deletes credential and associated slot data.
bool fido2_storage_counter_increment(void)
Increments and persists global authentication counter.
uint8_t fido2_storage_find_by_rp_resident(const uint8_t *rp_id_hash, uint8_t *out_slots, uint8_t max_slots)
Finds resident credentials matching RP hash.
bool fido2_storage_get_cred_id(uint8_t slot, uint8_t *out_cred_id)
Builds credential-id blob for logical slot.
int8_t fido2_storage_find_slot_by_cred_id(const uint8_t *cred_id, uint16_t cred_id_len)
Resolves and verifies logical slot from credential-id blob.
bool fido2_storage_get_pubkey(uint8_t slot, uint8_t *pubkey)
Reads public key from secure-element slot.
void fido2_storage_set_slot_range(uint8_t ecc_start, uint8_t ecc_end, uint16_t rmem_start, uint16_t rmem_end)
Configures FIDO2 storage slot ranges.
uint8_t fido2_storage_get_curve(uint8_t slot)
Returns stored curve identifier for slot.
bool fido2_storage_create_credential(const char *rp_id, const uint8_t *rp_id_hash, const uint8_t *user_id, uint8_t user_id_len, const char *user_name, bool resident_key, uint8_t cred_protect, uint8_t curve, uint8_t *out_slot, uint8_t *out_cred_id, uint8_t *out_pubkey)
Creates or replaces credential in secure-element storage.
uint16_t fido2_storage_rmem_end(void)
Returns configured RMEM end slot.
uint8_t fido2_storage_find_by_rp(const uint8_t *rp_id_hash, uint8_t *out_slots, uint8_t max_slots)
Finds credentials matching RP hash.
uint32_t fido2_storage_increment_sign_count(uint8_t slot)
Increments per-credential sign counter and persists metadata.
bool fido2_storage_slot_used(uint8_t slot)
Checks whether logical slot is occupied.
uint8_t fido2_storage_init(void)
Initialization and cache rebuild routines.
int8_t fido2_storage_find_free_slot(void)
Finds first unused logical slot.
bool fido2_storage_is_resident(uint8_t slot)
Returns resident-key flag for slot.
int8_t fido2_storage_find_by_rp_user(const uint8_t *rp_id_hash, const uint8_t *user_id, uint8_t user_id_len)
Finds credential by RP hash and user handle for replacement logic.
void fido2_storage_counter_load(void)
NVS-backed global authentication counter operations.
1.16.1