CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
cdc::mod_fido2 Namespace Reference

Classes

struct  cbor_writer_t
struct  cbor_reader_t
struct  cbor_item_t
struct  ctaphid_channel_t
struct  fido2_credential_info_t
class  Fido2Module
struct  MakeCredentialParams
 Parsed parameters for authenticatorMakeCredential. More...
struct  GetAssertionParams
 Parsed parameters for authenticatorGetAssertion. More...
struct  AssertionCredentials
 Credential-selection result used to build assertion responses. More...
struct  fido2_stored_cred_t
struct  FidoPacket

Functions

void cbor_writer_init (cbor_writer_t *w, uint8_t *buffer, size_t size)
size_t cbor_writer_length (const cbor_writer_t *w)
bool cbor_writer_error (const cbor_writer_t *w)
void cbor_encode_uint (cbor_writer_t *w, uint64_t value)
void cbor_encode_int (cbor_writer_t *w, int64_t value)
void cbor_encode_bytes (cbor_writer_t *w, const uint8_t *data, size_t len)
void cbor_encode_text (cbor_writer_t *w, const char *str)
void cbor_encode_text_len (cbor_writer_t *w, const char *str, size_t len)
void cbor_encode_bool (cbor_writer_t *w, bool value)
void cbor_encode_null (cbor_writer_t *w)
void cbor_encode_array (cbor_writer_t *w, size_t count)
void cbor_encode_map (cbor_writer_t *w, size_t count)
void cbor_encode_cose_key_p256 (cbor_writer_t *w, const uint8_t *x, const uint8_t *y)
void cbor_encode_cose_key_ed25519 (cbor_writer_t *w, const uint8_t *pubkey)
void sha256 (const uint8_t *data, size_t len, uint8_t out[32])
void sha256_str (const char *str, uint8_t out[32])
void fido2_ui_init ()
 Initializes FIDO2 UI resources and list views.
cdc::ui::IViewfido2_ui_get_list_view ()
 Returns FIDO2 credential list view.
const char * fido2_ui_get_label ()
 Returns localized module label for menus.
fido2_user_presence_result_t fido2_ui_user_presence_callback (const char *rp_id, fido2_action_t action, const char *user_name)
 User-presence callback used by FIDO2 core for approval prompts.
bool fido2_ui_abort_prompt ()
 Forcibly denies any in-flight user-presence prompt.
static bool parse_rp_map (cbor_reader_t *r, MakeCredentialParams *p)
 Parses the RP map from a makeCredential CBOR request.
static bool parse_user_map (cbor_reader_t *r, MakeCredentialParams *p)
 Parses the user map from a makeCredential CBOR request.
static bool parse_pubkey_cred_params (cbor_reader_t *r, MakeCredentialParams *p)
 Parses pubKeyCredParams and selects a supported algorithm.
static bool parse_extensions_map (cbor_reader_t *r, MakeCredentialParams *p)
 Parses makeCredential extensions map from CBOR.
static bool parse_options_map (cbor_reader_t *r, MakeCredentialParams *p)
 Parses makeCredential options map from CBOR.
static uint8_t parse_make_credential_params (const uint8_t *data, uint16_t data_len, MakeCredentialParams *p)
 Parses complete makeCredential request map from CBOR payload.
static uint8_t verify_pin_uv_auth (const MakeCredentialParams *p)
 Verifies pinUvAuthParam for makeCredential.
static uint8_t check_appid_exclude (const MakeCredentialParams *p)
 Validates the appidExclude extension against existing credentials.
static uint8_t handle_browser_probe (const MakeCredentialParams *p, uint8_t *response, uint16_t *response_len)
 Handles browser probe RP IDs by returning a synthetic attested response.
static bool is_browser_probe (const char *rp_id)
 Detects known browser probe RP IDs.
static uint8_t mc_rollback_credential (uint8_t slot, uint8_t *response, uint16_t *response_len)
 Deletes a just-created credential and reports CTAP2_ERR_OTHER.
static uint8_t create_credential_and_respond (const MakeCredentialParams *p, uint8_t curve, uint8_t *response, uint16_t *response_len)
 Creates credential, signs attestation statement, and builds response.
uint8_t ctap2_make_credential (const uint8_t *params, uint16_t params_len, uint8_t *response, uint16_t *response_len)
 Handles CTAP2 authenticatorMakeCredential (0x01).
bool fido2_usb_write (const uint8_t *buffer)
 Sends one CTAPHID packet over USB HID.
bool fido2_usb_available ()
 Indicates whether at least one USB HID packet is queued for FIDO2.
bool fido2_usb_ready ()
 Reports whether USB HID endpoint is ready for transmission.
uint16_t fido2_usb_read (uint8_t *buffer)
 Reads one queued CTAPHID packet from USB RX queue.
static uint16_t onFidoGetReport (uint8_t report_id, uint8_t report_type, uint8_t *buffer, uint16_t reqlen)
 USB HID callbacks for FIDO transport.
static void onFidoSetReport (uint8_t report_id, uint8_t report_type, uint8_t const *buffer, uint16_t bufsize)
 HID SET_REPORT callback queuing incoming CTAPHID packets.
static void onFidoReportComplete (uint8_t const *report, uint16_t len)
 HID transfer-complete callback (currently unused).
static void registerStrings ()
static void ensurePromptMutex ()
static void onOverwriteConfirm (void *)
static void onOverwriteCancel (void *)
static int strcasecmp_safe (const char *a, const char *b)
 Null-safe ASCII case-insensitive comparison.
static void rebuildList ()
 Rebuilds credential list view from current storage contents.
static void showDetail (uint16_t display_index)
 Shows detailed view for selected credential.
static void handleDelete (uint16_t display_index)
 Deletes selected credential and refreshes list.
static void onListSelect (uint16_t index, void *userData)
 List selection callback opening credential detail view.
static void onListMenu (uint16_t index, void *userData)
 List menu callback opening context actions for selected credential.
static void restoreView ()
 Restores view stack to pre-prompt depth.
static void promptComplete (fido2_user_presence_result_t result)
 Completes user-presence prompt flow with result handling.
static bool onPinVerify (const char *pin)
 PIN verification callback for locked-screen approval flow.
static void onPinSuccess ()
 PIN success callback approving user presence.
static void onPinCancel ()
 PIN cancel callback denying user presence.
static void onPinFailure (bool lockedOut)
 PIN failure callback handling lockout vs retry messaging.
static void onPromptApprove (void *userData)
 Prompt approve callback; optionally triggers PIN entry on lock screen.
static void onPromptDeny (void *userData)
 Prompt deny callback.

Variables

static const uint8_t s_fido_report_desc []
 FIDO U2F HID report descriptor (CTAPHID standard).
static constexpr size_t FIDO_QUEUE_SIZE = 8
 Queue for incoming HID reports.
static QueueHandle_t s_rx_queue = nullptr
static uint8_t s_hid_instance = 0
 HID interface instance index assigned at registration time.
constexpr ui::I18nEntry kStrings []
static ui::ListViews_listView = nullptr
 FIDO2 UI view and list state.
static ui::InfoViews_detailView = nullptr
static ui::InfoViews_promptView = nullptr
static ui::PinEntryViews_pinEntry = nullptr
static ui::ListItem s_listItems [FIDO2_MAX_CREDENTIALS]
static char s_labels [FIDO2_MAX_CREDENTIALS][100]
static uint8_t s_sortMap [FIDO2_MAX_CREDENTIALS]
static uint8_t s_listCount = 0
static SemaphoreHandle_t s_promptSem = nullptr
 User-presence prompt state shared across callback and UI flow.
static SemaphoreHandle_t s_promptMutex = nullptr
static volatile fido2_user_presence_result_t s_promptResult = FIDO2_UP_PENDING
static char s_promptRpId [FIDO2_RP_ID_MAX_LEN] = {}
static fido2_action_t s_promptAction = FIDO2_ACTION_AUTHENTICATE
static uint8_t s_promptReturnDepth = 0
static ui::IViews_promptReturnView = nullptr
static bool s_promptWasLocked = false
static bool s_promptBacklightWasOn = false
static volatile bool s_promptActive = false
static SemaphoreHandle_t s_overwriteSem = nullptr
 Pre-confirm modal state for overwrite warning.
static volatile bool s_overwriteApproved = false

Function Documentation

◆ cbor_encode_array()

void cdc::mod_fido2::cbor_encode_array ( cbor_writer_t * w,
size_t count )

◆ cbor_encode_bool()

void cdc::mod_fido2::cbor_encode_bool ( cbor_writer_t * w,
bool value )

◆ cbor_encode_bytes()

void cdc::mod_fido2::cbor_encode_bytes ( cbor_writer_t * w,
const uint8_t * data,
size_t len )

◆ cbor_encode_cose_key_ed25519()

void cdc::mod_fido2::cbor_encode_cose_key_ed25519 ( cbor_writer_t * w,
const uint8_t * pubkey )

◆ cbor_encode_cose_key_p256()

void cdc::mod_fido2::cbor_encode_cose_key_p256 ( cbor_writer_t * w,
const uint8_t * x,
const uint8_t * y )

◆ cbor_encode_int()

void cdc::mod_fido2::cbor_encode_int ( cbor_writer_t * w,
int64_t value )

◆ cbor_encode_map()

void cdc::mod_fido2::cbor_encode_map ( cbor_writer_t * w,
size_t count )

◆ cbor_encode_null()

void cdc::mod_fido2::cbor_encode_null ( cbor_writer_t * w)

◆ cbor_encode_text()

void cdc::mod_fido2::cbor_encode_text ( cbor_writer_t * w,
const char * str )

◆ cbor_encode_text_len()

void cdc::mod_fido2::cbor_encode_text_len ( cbor_writer_t * w,
const char * str,
size_t len )

◆ cbor_encode_uint()

void cdc::mod_fido2::cbor_encode_uint ( cbor_writer_t * w,
uint64_t value )

◆ cbor_writer_error()

bool cdc::mod_fido2::cbor_writer_error ( const cbor_writer_t * w)

Check for write errors.

◆ cbor_writer_init()

void cdc::mod_fido2::cbor_writer_init ( cbor_writer_t * w,
uint8_t * buffer,
size_t size )

Initialize CBOR writer.

Parameters
wWriter context
bufferOutput buffer
sizeBuffer size

◆ cbor_writer_length()

size_t cdc::mod_fido2::cbor_writer_length ( const cbor_writer_t * w)

Get current written length.

◆ check_appid_exclude()

uint8_t cdc::mod_fido2::check_appid_exclude ( const MakeCredentialParams * p)
static

Validates the appidExclude extension against existing credentials.

Parameters
pParsed makeCredential parameters.
Returns
CTAP2 status code.

Definition at line 1009 of file ctap2.cpp.

References cdc::mod_fido2::MakeCredentialParams::appid_exclude, CTAP2_ERR_CREDENTIAL_EXCLUDED, CTAP2_OK, FIDO2_MAX_CREDENTIALS, fido2_storage_find_by_rp(), g_ctap2, cdc::mod_fido2::MakeCredentialParams::has_appid_exclude, and sha256_str().

Referenced by ctap2_make_credential().

◆ create_credential_and_respond()

uint8_t cdc::mod_fido2::create_credential_and_respond ( const MakeCredentialParams * p,
uint8_t curve,
uint8_t * response,
uint16_t * response_len )
static

Creates credential, signs attestation statement, and builds response.

Parameters
pParsed makeCredential parameters.
curveSelected key curve.
responseOutput response buffer.
response_lenIn/out response length.
Returns
CTAP2 status code.

Definition at line 1143 of file ctap2.cpp.

References cdc::mod_fido2::MakeCredentialParams::client_data_hash, cdc::mod_fido2::MakeCredentialParams::cred_protect, ctap2_build_attested_cred(), ctap2_build_auth_data_for_cred(), ctap2_build_make_credential_response_packed(), CTAP2_ERR_KEY_STORE_FULL, CTAP2_OK, ctap2_send_keepalive(), CTAPHID_STATUS_PROCESSING, curve, FIDO2_CRED_ID_LEN, fido2_is_pin_verified(), fido2_storage_create_credential(), g_client_pin, LOG_D, LOG_E, LOG_I, mc_rollback_credential(), cdc::mod_fido2::MakeCredentialParams::rk, cdc::mod_fido2::MakeCredentialParams::rp_id, cdc::mod_fido2::MakeCredentialParams::rp_id_hash, TAG, u2f_attestation_sign(), u2f_get_attestation_cert(), cdc::mod_fido2::MakeCredentialParams::user_id, cdc::mod_fido2::MakeCredentialParams::user_id_len, and cdc::mod_fido2::MakeCredentialParams::user_name.

Referenced by ctap2_make_credential().

◆ ctap2_make_credential()

uint8_t cdc::mod_fido2::ctap2_make_credential ( const uint8_t * params,
uint16_t params_len,
uint8_t * response,
uint16_t * response_len )

Handles CTAP2 authenticatorMakeCredential (0x01).

Parameters
paramsCBOR request payload.
params_lenLength of params.
responseOutput response buffer.
response_lenIn/out response length.
Returns
CTAP2 status code.

Definition at line 1241 of file ctap2.cpp.

References cdc::mod_fido2::MakeCredentialParams::alg, CDC_CURVE_ED25519, CDC_CURVE_P256, check_appid_exclude(), COSE_ALG_EDDSA, COSE_ALG_ES256, create_credential_and_respond(), CTAP2_ERR_INVALID_OPTION, CTAP2_ERR_OPERATION_DENIED, CTAP2_ERR_UNSUPPORTED_ALGORITHM, CTAP2_ERR_UNSUPPORTED_OPTION, CTAP2_OK, curve, FIDO2_ACTION_OVERWRITE, FIDO2_ACTION_REGISTER, fido2_storage_find_by_rp_user(), handle_browser_probe(), is_browser_probe(), LOG_I, cdc::mod_fido2::MakeCredentialParams::option_up, cdc::mod_fido2::MakeCredentialParams::option_uv, parse_make_credential_params(), cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_param_len, cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_protocol, cdc::mod_fido2::MakeCredentialParams::rk, cdc::mod_fido2::MakeCredentialParams::rp_id, cdc::mod_fido2::MakeCredentialParams::rp_id_hash, TAG, cdc::mod_fido2::MakeCredentialParams::user_id, cdc::mod_fido2::MakeCredentialParams::user_id_len, cdc::mod_fido2::MakeCredentialParams::user_name, verify_pin_uv_auth(), and wait_for_user_presence().

◆ ensurePromptMutex()

void cdc::mod_fido2::ensurePromptMutex ( )
static

Definition at line 76 of file Fido2Ui.cpp.

References s_promptMutex.

Referenced by fido2_ui_user_presence_callback().

◆ fido2_ui_abort_prompt()

bool cdc::mod_fido2::fido2_ui_abort_prompt ( )

Forcibly denies any in-flight user-presence prompt.

Returns
true if a prompt was active and got denied, false otherwise.

Definition at line 677 of file Fido2Ui.cpp.

References FIDO2_UP_DENIED, LOG_W, promptComplete(), s_promptActive, and TAG.

Referenced by fido2_ui_user_presence_callback(), handle_cancel(), and cdc::mod_fido2::Fido2Module::start().

◆ fido2_ui_get_label()

const char * cdc::mod_fido2::fido2_ui_get_label ( )

Returns localized module label for menus.

Returns
Label string.

Definition at line 452 of file Fido2Ui.cpp.

References cdc::ui::tr().

Referenced by cdc::mod_fido2::Fido2Module::getMenuItems().

◆ fido2_ui_get_list_view()

cdc::ui::IView * cdc::mod_fido2::fido2_ui_get_list_view ( )

Returns FIDO2 credential list view.

Returns
Pointer to list view instance.

Definition at line 440 of file Fido2Ui.cpp.

References fido2_ui_init(), rebuildList(), and s_listView.

Referenced by cdc::mod_fido2::Fido2Module::getMenuItems().

◆ fido2_ui_init()

void cdc::mod_fido2::fido2_ui_init ( )

Initializes FIDO2 UI resources and list views.

Definition at line 422 of file Fido2Ui.cpp.

References onListMenu(), onListSelect(), rebuildList(), registerStrings(), s_listView, and s_promptSem.

Referenced by fido2_ui_get_list_view(), and cdc::mod_fido2::Fido2Module::init().

◆ fido2_ui_user_presence_callback()

fido2_user_presence_result_t cdc::mod_fido2::fido2_ui_user_presence_callback ( const char * rp_id,
fido2_action_t action,
const char * user_name )

User-presence callback used by FIDO2 core for approval prompts.

Parameters
rp_idRelying-party identifier.
actionRequested action type.
user_nameOptional user-name hint.
Returns
Final presence decision.

Definition at line 463 of file Fido2Ui.cpp.

References ctap2_clear_cancel(), ctap2_is_cancelled(), ctaphid_get_current_cid(), ctaphid_send_keepalive(), CTAPHID_STATUS_UPNEEDED, ensurePromptMutex(), FIDO2_ACTION_OVERWRITE, FIDO2_ACTION_REGISTER, FIDO2_ACTION_SELECT, fido2_ui_abort_prompt(), FIDO2_UP_APPROVED, FIDO2_UP_DENIED, FIDO2_UP_PENDING, FIDO2_UP_TIMEOUT, cdc::hal::getDisplayInstance(), cdc::ui::ViewStack::instance(), LOG_I, LOG_W, onOverwriteCancel(), onOverwriteConfirm(), onPromptApprove(), onPromptDeny(), restoreView(), rp_id, s_overwriteApproved, s_overwriteSem, s_promptAction, s_promptActive, s_promptBacklightWasOn, s_promptMutex, s_promptResult, s_promptReturnDepth, s_promptReturnView, s_promptRpId, s_promptSem, s_promptView, s_promptWasLocked, cdc::ui::showConfirm(), TAG, cdc::ui::tr(), user_name, and cdc::ui::ConfirmView::WARNING.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ fido2_usb_available()

bool cdc::mod_fido2::fido2_usb_available ( )

Indicates whether at least one USB HID packet is queued for FIDO2.

Returns
true if queued input is available, otherwise false.

Definition at line 259 of file Fido2Module.cpp.

References s_rx_queue.

Referenced by fido2_task().

◆ fido2_usb_read()

uint16_t cdc::mod_fido2::fido2_usb_read ( uint8_t * buffer)

Reads one queued CTAPHID packet from USB RX queue.

Parameters
bufferOutput packet buffer.
Returns
Packet size (CTAPHID_PACKET_SIZE) or 0 when queue is empty.

Definition at line 277 of file Fido2Module.cpp.

References CTAPHID_PACKET_SIZE, cdc::mod_fido2::FidoPacket::data, and s_rx_queue.

Referenced by fido2_task().

◆ fido2_usb_ready()

bool cdc::mod_fido2::fido2_usb_ready ( )

Reports whether USB HID endpoint is ready for transmission.

Returns
true if endpoint is ready, otherwise false.

Definition at line 268 of file Fido2Module.cpp.

References s_hid_instance, and usb_hid_instance_ready().

Referenced by fido2_task().

◆ fido2_usb_write()

bool cdc::mod_fido2::fido2_usb_write ( const uint8_t * buffer)

Sends one CTAPHID packet over USB HID.

Parameters
bufferPacket data buffer.
Returns
true if report submission succeeded.

Definition at line 293 of file Fido2Module.cpp.

References CTAPHID_PACKET_SIZE, s_hid_instance, and usb_hid_send_report().

Referenced by fido2_task().

◆ handle_browser_probe()

uint8_t cdc::mod_fido2::handle_browser_probe ( const MakeCredentialParams * p,
uint8_t * response,
uint16_t * response_len )
static

Handles browser probe RP IDs by returning a synthetic attested response.

Parameters
pParsed makeCredential parameters.
responseOutput response buffer.
response_lenIn/out response length.
Returns
CTAP2 status code.

Definition at line 1029 of file ctap2.cpp.

References CDC_CURVE_P256, cdc::mod_fido2::MakeCredentialParams::client_data_hash, ctap2_build_attested_cred(), ctap2_build_auth_data_for_cred(), ctap2_build_make_credential_response_packed(), CTAP2_ERR_OPERATION_DENIED, CTAP2_ERR_OTHER, ctap2_generate_ephemeral_keypair(), ctap2_random(), ctap2_sign_with_keypair(), FIDO2_ACTION_SELECT, FIDO2_CRED_ID_LEN, LOG_I, cdc::mod_fido2::MakeCredentialParams::rp_id, cdc::mod_fido2::MakeCredentialParams::rp_id_hash, TAG, and wait_for_user_presence().

Referenced by ctap2_make_credential().

◆ handleDelete()

void cdc::mod_fido2::handleDelete ( uint16_t display_index)
static

Deletes selected credential and refreshes list.

Parameters
display_indexDisplay-order index.

Definition at line 219 of file Fido2Ui.cpp.

References fido2_delete_credential(), fido2_get_credential_count(), fido2_get_credential_info(), rebuildList(), s_listCount, s_listItems, s_listView, s_sortMap, cdc::mod_fido2::fido2_credential_info_t::slot, and cdc::ui::tr().

Referenced by onListMenu().

◆ is_browser_probe()

bool cdc::mod_fido2::is_browser_probe ( const char * rp_id)
static

Detects known browser probe RP IDs.

Parameters
rp_idRP ID string to test.
Returns
true if this RP ID is treated as a probe, otherwise false.

Definition at line 1116 of file ctap2.cpp.

References rp_id.

Referenced by ctap2_make_credential().

◆ mc_rollback_credential()

uint8_t cdc::mod_fido2::mc_rollback_credential ( uint8_t slot,
uint8_t * response,
uint16_t * response_len )
static

Deletes a just-created credential and reports CTAP2_ERR_OTHER.

Parameters
slotCredential slot to roll back.
responseOutput response buffer.
response_lenIn/out response length.
Returns
CTAP2_ERR_OTHER.

Definition at line 1127 of file ctap2.cpp.

References CTAP2_ERR_OTHER, and fido2_storage_delete_credential().

Referenced by create_credential_and_respond().

◆ onFidoGetReport()

uint16_t cdc::mod_fido2::onFidoGetReport ( uint8_t report_id,
uint8_t report_type,
uint8_t * buffer,
uint16_t reqlen )
static

USB HID callbacks for FIDO transport.

HID GET_REPORT callback (unused for FIDO).

Parameters
report_idReport id.
report_typeReport type.
bufferOutput buffer.
reqlenRequested length.
Returns
Always 0.

Definition at line 60 of file Fido2Module.cpp.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ onFidoReportComplete()

void cdc::mod_fido2::onFidoReportComplete ( uint8_t const * report,
uint16_t len )
static

HID transfer-complete callback (currently unused).

Parameters
reportCompleted report payload.
lenPayload length.

Definition at line 99 of file Fido2Module.cpp.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ onFidoSetReport()

void cdc::mod_fido2::onFidoSetReport ( uint8_t report_id,
uint8_t report_type,
uint8_t const * buffer,
uint16_t bufsize )
static

HID SET_REPORT callback queuing incoming CTAPHID packets.

Parameters
report_idReport id.
report_typeReport type.
bufferInput packet buffer.
bufsizePacket size.

Definition at line 76 of file Fido2Module.cpp.

References CTAPHID_PACKET_SIZE, cdc::mod_fido2::FidoPacket::data, LOG_W, s_rx_queue, and TAG.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ onListMenu()

void cdc::mod_fido2::onListMenu ( uint16_t index,
void * userData )
static

List menu callback opening context actions for selected credential.

Parameters
indexSelected row index.
userDataOptional callback context (unused).

Definition at line 253 of file Fido2Ui.cpp.

References fido2_get_credential_info(), FIDO2_RP_ID_MAX_LEN, handleDelete(), cdc::mod_fido2::fido2_credential_info_t::rp_id, s_labels, s_listCount, s_listView, s_sortMap, showDetail(), and cdc::ui::tr().

Referenced by fido2_ui_init().

◆ onListSelect()

void cdc::mod_fido2::onListSelect ( uint16_t index,
void * userData )
static

List selection callback opening credential detail view.

Parameters
indexSelected row index.
userDataOptional callback context (unused).

Definition at line 243 of file Fido2Ui.cpp.

References showDetail().

Referenced by fido2_ui_init().

◆ onOverwriteCancel()

void cdc::mod_fido2::onOverwriteCancel ( void * )
static

Definition at line 90 of file Fido2Ui.cpp.

References s_overwriteApproved, and s_overwriteSem.

Referenced by fido2_ui_user_presence_callback().

◆ onOverwriteConfirm()

void cdc::mod_fido2::onOverwriteConfirm ( void * )
static

Definition at line 86 of file Fido2Ui.cpp.

References s_overwriteApproved, and s_overwriteSem.

Referenced by fido2_ui_user_presence_callback().

◆ onPinCancel()

void cdc::mod_fido2::onPinCancel ( )
static

PIN cancel callback denying user presence.

Definition at line 346 of file Fido2Ui.cpp.

References FIDO2_UP_DENIED, cdc::ui::ViewStack::instance(), promptComplete(), s_pinEntry, and s_promptView.

Referenced by onPromptApprove().

◆ onPinFailure()

void cdc::mod_fido2::onPinFailure ( bool lockedOut)
static

PIN failure callback handling lockout vs retry messaging.

Parameters
lockedOuttrue when retries are exhausted.

Definition at line 357 of file Fido2Ui.cpp.

References FIDO2_UP_DENIED, cdc::ui::ViewStack::instance(), promptComplete(), s_pinEntry, s_promptView, cdc::ui::showToastError(), and cdc::ui::tr().

Referenced by onPromptApprove().

◆ onPinSuccess()

void cdc::mod_fido2::onPinSuccess ( )
static

PIN success callback approving user presence.

Definition at line 336 of file Fido2Ui.cpp.

References FIDO2_UP_APPROVED, cdc::ui::ViewStack::instance(), promptComplete(), s_pinEntry, and s_promptView.

Referenced by onPromptApprove().

◆ onPinVerify()

bool cdc::mod_fido2::onPinVerify ( const char * pin)
static

PIN verification callback for locked-screen approval flow.

Parameters
pinEntered PIN string.
Returns
true when badge PIN is valid.

Definition at line 329 of file Fido2Ui.cpp.

References cdc::core::PinManager::instance(), and cdc::core::PinManager::verifyBadgePin().

Referenced by onPromptApprove().

◆ onPromptApprove()

void cdc::mod_fido2::onPromptApprove ( void * userData)
static

Prompt approve callback; optionally triggers PIN entry on lock screen.

Parameters
userDataOptional callback context (unused).

Definition at line 373 of file Fido2Ui.cpp.

References cdc::core::PinManager::BADGE_PIN_MAX, cdc::core::PinManager::BADGE_PIN_MIN, fido2_is_pin_verified(), FIDO2_UP_APPROVED, cdc::core::PinManager::instance(), cdc::ui::ViewStack::instance(), onPinCancel(), onPinFailure(), onPinSuccess(), onPinVerify(), promptComplete(), s_pinEntry, s_promptView, s_promptWasLocked, and cdc::ui::tr().

Referenced by fido2_ui_user_presence_callback().

◆ onPromptDeny()

void cdc::mod_fido2::onPromptDeny ( void * userData)
static

Prompt deny callback.

Parameters
userDataOptional callback context (unused).

Definition at line 413 of file Fido2Ui.cpp.

References fido2_set_pin_verified(), FIDO2_UP_DENIED, and promptComplete().

Referenced by fido2_ui_user_presence_callback().

◆ parse_extensions_map()

bool cdc::mod_fido2::parse_extensions_map ( cbor_reader_t * r,
MakeCredentialParams * p )
static

Parses makeCredential extensions map from CBOR.

Parameters
rCBOR reader positioned at the extensions map.
pOutput parameter structure to fill.
Returns
true on success, otherwise false.

Definition at line 835 of file ctap2.cpp.

References cdc::mod_fido2::MakeCredentialParams::appid_exclude, cbor_read_map(), cbor_read_text(), cbor_read_uint(), cbor_skip_item(), cdc::mod_fido2::MakeCredentialParams::cred_protect, cdc::mod_fido2::MakeCredentialParams::has_appid_exclude, LOG_I, and TAG.

Referenced by parse_make_credential_params().

◆ parse_make_credential_params()

uint8_t cdc::mod_fido2::parse_make_credential_params ( const uint8_t * data,
uint16_t data_len,
MakeCredentialParams * p )
static

Parses complete makeCredential request map from CBOR payload.

Parameters
dataCBOR request payload.
data_lenLength of data.
pOutput parameter structure.
Returns
CTAP2 status code.

Definition at line 901 of file ctap2.cpp.

References cbor_read_bytes(), cbor_read_map(), cbor_read_uint(), cbor_reader_init(), cbor_skip_item(), cdc::mod_fido2::MakeCredentialParams::clear(), cdc::mod_fido2::MakeCredentialParams::client_data_hash, CTAP2_ERR_INVALID_CBOR, CTAP2_ERR_MISSING_PARAMETER, CTAP2_MC_CLIENT_DATA_HASH, CTAP2_MC_EXTENSIONS, CTAP2_MC_OPTIONS, CTAP2_MC_PIN_UV_AUTH_PARAM, CTAP2_MC_PIN_UV_AUTH_PROTOCOL, CTAP2_MC_PUB_KEY_CRED_PARAMS, CTAP2_MC_RP, CTAP2_MC_USER, CTAP2_OK, cdc::mod_fido2::MakeCredentialParams::has_alg, cdc::mod_fido2::MakeCredentialParams::has_client_data, cdc::mod_fido2::MakeCredentialParams::has_rp, cdc::mod_fido2::MakeCredentialParams::has_user, parse_extensions_map(), parse_options_map(), parse_pubkey_cred_params(), parse_rp_map(), parse_user_map(), cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_param, cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_param_len, and cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_protocol.

Referenced by ctap2_make_credential().

◆ parse_options_map()

bool cdc::mod_fido2::parse_options_map ( cbor_reader_t * r,
MakeCredentialParams * p )
static

Parses makeCredential options map from CBOR.

Parameters
rCBOR reader positioned at the options map.
pOutput parameter structure to fill.
Returns
true on success, otherwise false.

Definition at line 870 of file ctap2.cpp.

References cbor_read_bool(), cbor_read_map(), cbor_read_text(), cbor_skip_item(), cdc::mod_fido2::MakeCredentialParams::option_up, cdc::mod_fido2::MakeCredentialParams::option_uv, and cdc::mod_fido2::MakeCredentialParams::rk.

Referenced by parse_make_credential_params().

◆ parse_pubkey_cred_params()

bool cdc::mod_fido2::parse_pubkey_cred_params ( cbor_reader_t * r,
MakeCredentialParams * p )
static

Parses pubKeyCredParams and selects a supported algorithm.

Parameters
rCBOR reader positioned at the params array.
pOutput parameter structure to fill.
Returns
true on success, otherwise false.

Definition at line 800 of file ctap2.cpp.

References cdc::mod_fido2::MakeCredentialParams::alg, cbor_read_array(), cbor_read_int(), cbor_read_map(), cbor_read_text(), cbor_skip_item(), COSE_ALG_EDDSA, COSE_ALG_ES256, and cdc::mod_fido2::MakeCredentialParams::has_alg.

Referenced by parse_make_credential_params().

◆ parse_rp_map()

bool cdc::mod_fido2::parse_rp_map ( cbor_reader_t * r,
MakeCredentialParams * p )
static

Parses the RP map from a makeCredential CBOR request.

Parameters
rCBOR reader positioned at the RP map.
pOutput parameter structure to fill.
Returns
true on success, otherwise false.

Definition at line 739 of file ctap2.cpp.

References cbor_read_map(), cbor_read_text(), cbor_skip_item(), cdc::mod_fido2::MakeCredentialParams::has_rp, rp_count, cdc::mod_fido2::MakeCredentialParams::rp_id, cdc::mod_fido2::MakeCredentialParams::rp_id_hash, and sha256_str().

Referenced by parse_make_credential_params().

◆ parse_user_map()

bool cdc::mod_fido2::parse_user_map ( cbor_reader_t * r,
MakeCredentialParams * p )
static

Parses the user map from a makeCredential CBOR request.

Parameters
rCBOR reader positioned at the user map.
pOutput parameter structure to fill.
Returns
true on success, otherwise false.

Definition at line 768 of file ctap2.cpp.

References cbor_read_bytes(), cbor_read_map(), cbor_read_text(), cbor_skip_item(), cdc::mod_fido2::MakeCredentialParams::has_user, cdc::mod_fido2::MakeCredentialParams::user_id, cdc::mod_fido2::MakeCredentialParams::user_id_len, and cdc::mod_fido2::MakeCredentialParams::user_name.

Referenced by parse_make_credential_params().

◆ promptComplete()

void cdc::mod_fido2::promptComplete ( fido2_user_presence_result_t result)
static

Completes user-presence prompt flow with result handling.

Parameters
resultFinal user-presence result.

Definition at line 291 of file Fido2Ui.cpp.

References FIDO2_ACTION_OVERWRITE, FIDO2_ACTION_REGISTER, FIDO2_UP_APPROVED, cdc::hal::getDisplayInstance(), cdc::ui::ViewStack::instance(), rebuildList(), restoreView(), s_listView, s_promptAction, s_promptActive, s_promptBacklightWasOn, s_promptResult, s_promptReturnView, s_promptSem, s_promptView, cdc::ui::showToastError(), cdc::ui::showToastSuccess(), and cdc::ui::tr().

Referenced by fido2_ui_abort_prompt(), onPinCancel(), onPinFailure(), onPinSuccess(), onPromptApprove(), and onPromptDeny().

◆ rebuildList()

void cdc::mod_fido2::rebuildList ( )
static

Rebuilds credential list view from current storage contents.

Definition at line 111 of file Fido2Ui.cpp.

References fido2_get_credential_count(), fido2_get_credential_info(), FIDO2_MAX_CREDENTIALS, cdc::mod_fido2::fido2_credential_info_t::rp_id, s_labels, s_listCount, s_listItems, s_listView, s_sortMap, strcasecmp_safe(), cdc::ui::tr(), and cdc::mod_fido2::fido2_credential_info_t::user_name.

Referenced by fido2_ui_get_list_view(), fido2_ui_init(), handleDelete(), and promptComplete().

◆ registerStrings()

void cdc::mod_fido2::registerStrings ( )
static

Definition at line 49 of file Fido2Ui.cpp.

References cdc::ui::I18n::instance(), kStrings, and cdc::ui::I18n::registerEnglishTable().

Referenced by fido2_ui_init().

◆ restoreView()

void cdc::mod_fido2::restoreView ( )
static

Restores view stack to pre-prompt depth.

Definition at line 280 of file Fido2Ui.cpp.

References cdc::ui::ViewStack::instance(), and s_promptReturnDepth.

Referenced by fido2_ui_user_presence_callback(), and promptComplete().

◆ sha256()

void cdc::mod_fido2::sha256 ( const uint8_t * data,
size_t len,
uint8_t out[32] )
inline

Definition at line 29 of file fido2_common.h.

References FIDO2_SHA256_DIGEST_SIZE.

Referenced by sha256_str().

◆ sha256_str()

void cdc::mod_fido2::sha256_str ( const char * str,
uint8_t out[32] )
inline

Definition at line 34 of file fido2_common.h.

References FIDO2_SHA256_DIGEST_SIZE, and sha256().

Referenced by check_appid_exclude(), and parse_rp_map().

◆ showDetail()

void cdc::mod_fido2::showDetail ( uint16_t display_index)
static

Shows detailed view for selected credential.

Parameters
display_indexDisplay-order index.

Definition at line 166 of file Fido2Ui.cpp.

References CDC_CURVE_ED25519, cdc::mod_fido2::fido2_credential_info_t::curve, fido2_get_credential_count(), fido2_get_credential_info(), fido2_storage_ecc_start(), fido2_storage_get_pubkey(), cdc::ui::ViewStack::instance(), key_fingerprint_from_pubkey(), KEY_FINGERPRINT_MAX_LEN, cdc::ui::ViewStack::push(), cdc::mod_fido2::fido2_credential_info_t::resident_key, cdc::mod_fido2::fido2_credential_info_t::rp_id, s_detailView, s_sortMap, cdc::mod_fido2::fido2_credential_info_t::sign_count, cdc::mod_fido2::fido2_credential_info_t::slot, cdc::ui::tr(), and cdc::mod_fido2::fido2_credential_info_t::user_name.

Referenced by onListMenu(), and onListSelect().

◆ strcasecmp_safe()

int cdc::mod_fido2::strcasecmp_safe ( const char * a,
const char * b )
static

Null-safe ASCII case-insensitive comparison.

Parameters
aFirst string.
bSecond string.
Returns
Compare result (<0, 0, >0).

Definition at line 101 of file Fido2Ui.cpp.

Referenced by rebuildList().

◆ verify_pin_uv_auth()

uint8_t cdc::mod_fido2::verify_pin_uv_auth ( const MakeCredentialParams * p)
static

Verifies pinUvAuthParam for makeCredential.

Parameters
pParsed makeCredential parameters.
Returns
CTAP2 status code.

Definition at line 972 of file ctap2.cpp.

References cdc::mod_fido2::MakeCredentialParams::client_data_hash, CTAP2_ERR_PIN_AUTH_INVALID, CTAP2_OK, fido2_set_pin_verified(), g_client_pin, LOG_D, LOG_I, LOG_W, cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_param, cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_param_len, cdc::mod_fido2::MakeCredentialParams::pin_uv_auth_protocol, and TAG.

Referenced by ctap2_make_credential().

Variable Documentation

◆ FIDO_QUEUE_SIZE

size_t cdc::mod_fido2::FIDO_QUEUE_SIZE = 8
staticconstexpr

Queue for incoming HID reports.

Definition at line 41 of file Fido2Module.cpp.

Referenced by cdc::mod_fido2::Fido2Module::init().

◆ kStrings

ui::I18nEntry cdc::mod_fido2::kStrings[]
constexpr
Initial value:
= {
{"mod_fido2.title", "WebAuthn"},
{"mod_fido2.details", "Details"},
{"mod_fido2.fido2_key", "FIDO2 Key"},
{"mod_fido2.sign_in_to", "Sign in to"},
{"mod_fido2.register_key", "Register Key"},
{"mod_fido2.sign_in", "Sign In"},
{"mod_fido2.use_device", "Use this device?"},
{"mod_fido2.no_entries", "No entries"},
{"mod_fido2.overwrite_key", "OVERWRITE KEY!"},
{"mod_fido2.overwrite_warning", "Overwrite existing key?"},
}

Definition at line 36 of file Fido2Ui.cpp.

Referenced by registerStrings().

◆ s_detailView

ui::InfoView* cdc::mod_fido2::s_detailView = nullptr
static

Definition at line 55 of file Fido2Ui.cpp.

Referenced by showDetail().

◆ s_fido_report_desc

const uint8_t cdc::mod_fido2::s_fido_report_desc[]
static
Initial value:
= {
0x06, 0xD0, 0xF1,
0x09, 0x01,
0xA1, 0x01,
0x09, 0x20,
0x15, 0x00,
0x26, 0xFF, 0x00,
0x75, 0x08,
0x95, CTAPHID_PACKET_SIZE,
0x81, 0x02,
0x09, 0x21,
0x15, 0x00,
0x26, 0xFF, 0x00,
0x75, 0x08,
0x95, CTAPHID_PACKET_SIZE,
0x91, 0x02,
0xC0
}
CTAPHID_PACKET_SIZE
#define CTAPHID_PACKET_SIZE
Definition ctaphid.h:13

FIDO U2F HID report descriptor (CTAPHID standard).

Definition at line 21 of file Fido2Module.cpp.

Referenced by cdc::mod_fido2::Fido2Module::start().

◆ s_hid_instance

uint8_t cdc::mod_fido2::s_hid_instance = 0
static

HID interface instance index assigned at registration time.

Definition at line 49 of file Fido2Module.cpp.

Referenced by fido2_usb_ready(), fido2_usb_write(), and cdc::mod_fido2::Fido2Module::start().

◆ s_labels

char cdc::mod_fido2::s_labels[FIDO2_MAX_CREDENTIALS][100]
static

Definition at line 60 of file Fido2Ui.cpp.

Referenced by onListMenu(), and rebuildList().

◆ s_listCount

uint8_t cdc::mod_fido2::s_listCount = 0
static

Definition at line 62 of file Fido2Ui.cpp.

Referenced by handleDelete(), onListMenu(), and rebuildList().

◆ s_listItems

ui::ListItem cdc::mod_fido2::s_listItems[FIDO2_MAX_CREDENTIALS]
static

Definition at line 59 of file Fido2Ui.cpp.

Referenced by handleDelete(), and rebuildList().

◆ s_listView

ui::ListView* cdc::mod_fido2::s_listView = nullptr
static

FIDO2 UI view and list state.

Definition at line 54 of file Fido2Ui.cpp.

Referenced by fido2_ui_get_list_view(), fido2_ui_init(), handleDelete(), onListMenu(), promptComplete(), and rebuildList().

◆ s_overwriteApproved

volatile bool cdc::mod_fido2::s_overwriteApproved = false
static

Definition at line 84 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), onOverwriteCancel(), and onOverwriteConfirm().

◆ s_overwriteSem

SemaphoreHandle_t cdc::mod_fido2::s_overwriteSem = nullptr
static

Pre-confirm modal state for overwrite warning.

Definition at line 83 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), onOverwriteCancel(), and onOverwriteConfirm().

◆ s_pinEntry

ui::PinEntryView* cdc::mod_fido2::s_pinEntry = nullptr
static

Definition at line 57 of file Fido2Ui.cpp.

Referenced by onPinCancel(), onPinFailure(), onPinSuccess(), and onPromptApprove().

◆ s_promptAction

fido2_action_t cdc::mod_fido2::s_promptAction = FIDO2_ACTION_AUTHENTICATE
static

Definition at line 69 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), and promptComplete().

◆ s_promptActive

volatile bool cdc::mod_fido2::s_promptActive = false
static

Definition at line 74 of file Fido2Ui.cpp.

Referenced by fido2_ui_abort_prompt(), fido2_ui_user_presence_callback(), and promptComplete().

◆ s_promptBacklightWasOn

bool cdc::mod_fido2::s_promptBacklightWasOn = false
static

Definition at line 73 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), and promptComplete().

◆ s_promptMutex

SemaphoreHandle_t cdc::mod_fido2::s_promptMutex = nullptr
static

Definition at line 66 of file Fido2Ui.cpp.

Referenced by ensurePromptMutex(), and fido2_ui_user_presence_callback().

◆ s_promptResult

volatile fido2_user_presence_result_t cdc::mod_fido2::s_promptResult = FIDO2_UP_PENDING
static

Definition at line 67 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), and promptComplete().

◆ s_promptReturnDepth

uint8_t cdc::mod_fido2::s_promptReturnDepth = 0
static

Definition at line 70 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), and restoreView().

◆ s_promptReturnView

ui::IView* cdc::mod_fido2::s_promptReturnView = nullptr
static

Definition at line 71 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), and promptComplete().

◆ s_promptRpId

char cdc::mod_fido2::s_promptRpId[FIDO2_RP_ID_MAX_LEN] = {}
static

Definition at line 68 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback().

◆ s_promptSem

SemaphoreHandle_t cdc::mod_fido2::s_promptSem = nullptr
static

User-presence prompt state shared across callback and UI flow.

Definition at line 65 of file Fido2Ui.cpp.

Referenced by fido2_ui_init(), fido2_ui_user_presence_callback(), and promptComplete().

◆ s_promptView

ui::InfoView* cdc::mod_fido2::s_promptView = nullptr
static

Definition at line 56 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), onPinCancel(), onPinFailure(), onPinSuccess(), onPromptApprove(), and promptComplete().

◆ s_promptWasLocked

bool cdc::mod_fido2::s_promptWasLocked = false
static

Definition at line 72 of file Fido2Ui.cpp.

Referenced by fido2_ui_user_presence_callback(), and onPromptApprove().

◆ s_rx_queue

QueueHandle_t cdc::mod_fido2::s_rx_queue = nullptr
static

Definition at line 42 of file Fido2Module.cpp.

Referenced by fido2_usb_available(), fido2_usb_read(), cdc::mod_fido2::Fido2Module::init(), and onFidoSetReport().

◆ s_sortMap

uint8_t cdc::mod_fido2::s_sortMap[FIDO2_MAX_CREDENTIALS]
static

Definition at line 61 of file Fido2Ui.cpp.

Referenced by handleDelete(), onListMenu(), rebuildList(), and showDetail().