cdc-badge-os/api/fingerprint_8cpp_source.html

#include "fingerprint.h"

#include "mod_gpg/openpgp/constants.h"

#include "mod_gpg/gpg.h"


#include <mbedtls/sha1.h>

#include <mbedtls/sha256.h>


#include <cstring>


namespace cdc::mod_gpg {


namespace {


static const uint8_t kOidEd25519[] = {0x09, 0x2B, 0x06, 0x01, 0x04, 0x01,

                                      0xDA, 0x47, 0x0F, 0x01};

static const uint8_t kOidP256[]    = {0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,

                                      0x03, 0x01, 0x07};


size_t buildPublicKeyBody(uint8_t curve,

                          const uint8_t* pubkey, size_t pubkey_len,

                          uint32_t created_at,

                          uint8_t* out, size_t out_size)

{

    if (!out || !pubkey) return 0;


    const bool is_ed25519 = (curve == CDC_CURVE_ED25519);


    if (is_ed25519 && pubkey_len < ED25519_PUBKEY_SIZE) return 0;

    if (!is_ed25519 && pubkey_len < 64) return 0;


    const uint8_t  algo    = is_ed25519 ? OPENPGP_ALGO_EDDSA : OPENPGP_ALGO_ECDSA;

    const uint8_t* oid     = is_ed25519 ? kOidEd25519 : kOidP256;

    const size_t   oid_len = is_ed25519 ? sizeof(kOidEd25519) : sizeof(kOidP256);


    uint8_t mpi[MPI_FULL_SIZE_P256];

    size_t  mpi_len;

    if (is_ed25519) {

        // RFC 4880-bis: Ed25519 MPI is 256 or 255 bits depending on MSB.

        uint16_t bits = (pubkey[0] & 0x80) ? 256 : 255;

        mpi[0] = static_cast<uint8_t>((bits >> 8) & 0xFF);

        mpi[1] = static_cast<uint8_t>(bits & 0xFF);

        std::memcpy(mpi + MPI_HEADER_SIZE, pubkey, ED25519_PUBKEY_SIZE);

        mpi_len = MPI_FULL_SIZE_ED25519;

    } else {

        // P-256 MPI: bit-length || 0x04 || X || Y.

        uint16_t bits = P256_PUBKEY_BITS;

        mpi[0] = static_cast<uint8_t>((bits >> 8) & 0xFF);

        mpi[1] = static_cast<uint8_t>(bits & 0xFF);

        mpi[MPI_HEADER_SIZE] = 0x04;

        std::memcpy(mpi + MPI_HEADER_SIZE + 1, pubkey, 64);

        mpi_len = MPI_FULL_SIZE_P256;

    }


    const size_t total = 1 + 4 + 1 + oid_len + mpi_len;

    if (total > out_size) return 0;


    size_t off = 0;

    out[off++] = 0x04;

    out[off++] = (created_at >> 24) & 0xFF;

    out[off++] = (created_at >> 16) & 0xFF;

    out[off++] = (created_at >> 8) & 0xFF;

    out[off++] = created_at & 0xFF;

    out[off++] = algo;

    std::memcpy(out + off, oid, oid_len);

    off += oid_len;

    std::memcpy(out + off, mpi, mpi_len);

    off += mpi_len;

    return off;

}


} // namespace


bool calculateFingerprintV4(uint8_t curve,

                            const uint8_t* pubkey, size_t pubkey_len,

                            uint32_t created_at,

                            uint8_t out_fp[20])

{

    if (!out_fp) return false;


    uint8_t body[128];

    const size_t body_len = buildPublicKeyBody(curve, pubkey, pubkey_len,

                                               created_at, body, sizeof(body));

    if (body_len == 0) return false;


    const uint8_t prefix[3] = {

        0x99,

        static_cast<uint8_t>((body_len >> 8) & 0xFF),

        static_cast<uint8_t>(body_len & 0xFF),

    };


    mbedtls_sha1_context ctx;

    mbedtls_sha1_init(&ctx);

    mbedtls_sha1_starts(&ctx);

    mbedtls_sha1_update(&ctx, prefix, sizeof(prefix));

    mbedtls_sha1_update(&ctx, body, body_len);

    mbedtls_sha1_finish(&ctx, out_fp);

    mbedtls_sha1_free(&ctx);

    return true;

}


bool calculateFingerprintV5(uint8_t curve,

                            const uint8_t* pubkey, size_t pubkey_len,

                            uint32_t created_at,

                            uint8_t out_fp[32])

{

    if (!out_fp) return false;


    uint8_t body[128];

    const size_t body_len = buildPublicKeyBody(curve, pubkey, pubkey_len,

                                               created_at, body, sizeof(body));

    if (body_len == 0) return false;


    // V5 indicator 0x9A + 4-byte big-endian length, then body, then SHA-256.

    const uint8_t prefix[5] = {

        0x9A,

        static_cast<uint8_t>((body_len >> 24) & 0xFF),

        static_cast<uint8_t>((body_len >> 16) & 0xFF),

        static_cast<uint8_t>((body_len >> 8)  & 0xFF),

        static_cast<uint8_t>(body_len & 0xFF),

    };


    mbedtls_sha256_context ctx;

    mbedtls_sha256_init(&ctx);

    mbedtls_sha256_starts(&ctx, 0);

    mbedtls_sha256_update(&ctx, prefix, sizeof(prefix));

    mbedtls_sha256_update(&ctx, body, body_len);

    mbedtls_sha256_finish(&ctx, out_fp);

    mbedtls_sha256_free(&ctx);

    return true;

}


bool gpgCrossSignDigest(const uint8_t fp_v4[20],

                        const char* user_id,

                        uint8_t out_hash[32])

{

    if (!fp_v4 || !user_id || !out_hash) return false;


    uint8_t input[84] = {0};

    std::memcpy(input, fp_v4, 20);

    const size_t uid_len = std::strlen(user_id);

    std::memcpy(input + 20, user_id, uid_len > 64 ? 64 : uid_len);


    mbedtls_sha256(input, sizeof(input), out_hash, 0);

    return true;

}


} // namespace cdc::mod_gpg

constants.h

ED25519_PUBKEY_SIZE
#define ED25519_PUBKEY_SIZE
Ed25519 raw public key size in bytes.
Definition constants.h:56

MPI_FULL_SIZE_ED25519
#define MPI_FULL_SIZE_ED25519
Full Ed25519 MPI buffer size: 2 byte length prefix + 32 byte key.
Definition constants.h:64

OPENPGP_ALGO_ECDSA
#define OPENPGP_ALGO_ECDSA
Centralized magic-value constants for the OpenPGP smart-card application.
Definition constants.h:26

P256_PUBKEY_BITS
#define P256_PUBKEY_BITS
P-256 public key bit-length (used as MPI bit count).
Definition constants.h:51

MPI_HEADER_SIZE
#define MPI_HEADER_SIZE
OpenPGP MPI header size (2-byte length prefix).
Definition constants.h:61

OPENPGP_ALGO_EDDSA
#define OPENPGP_ALGO_EDDSA
OpenPGP algorithm ID for EdDSA (Ed25519).
Definition constants.h:29

MPI_FULL_SIZE_P256
#define MPI_FULL_SIZE_P256
Full P-256 MPI buffer size: 2 byte length prefix + 65 byte uncompressed key.
Definition constants.h:67

CDC_CURVE_ED25519
#define CDC_CURVE_ED25519
Definition fido2.h:23

curve
uint8_t curve
Definition fido2_storage.cpp:75

user_id
uint8_t user_id[FIDO2_USER_ID_MAX_LEN]
Definition fido2_storage.cpp:70

fingerprint.h

gpg.h

cdc::mod_gpg
Definition ble_gpg_xsig.h:7

cdc::mod_gpg::calculateFingerprintV4
bool calculateFingerprintV4(uint8_t curve, const uint8_t *pubkey, size_t pubkey_len, uint32_t created_at, uint8_t out_fp[20])
Compute the RFC 4880 V4 OpenPGP fingerprint (SHA-1, 20 bytes).
Definition fingerprint.cpp:75

cdc::mod_gpg::gpgCrossSignDigest
bool gpgCrossSignDigest(const uint8_t fp_v4[20], const char *user_id, uint8_t out_hash[32])
Build the digest input for a cross-signature.
Definition fingerprint.cpp:134

cdc::mod_gpg::calculateFingerprintV5
bool calculateFingerprintV5(uint8_t curve, const uint8_t *pubkey, size_t pubkey_len, uint32_t created_at, uint8_t out_fp[32])
Compute the V5 / RFC 9580 OpenPGP fingerprint (SHA-256, 32 bytes).
Definition fingerprint.cpp:103