CDC Badge OS
Firmware for the CDC Badge v1.0 hardware security key
Loading...
Searching...
No Matches
u2f.h File Reference
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>

Go to the source code of this file.

Macros

#define U2F_INS_REGISTER   0x01
#define U2F_INS_AUTHENTICATE   0x02
#define U2F_INS_VERSION   0x03
#define U2F_AUTH_CHECK_ONLY   0x07
#define U2F_AUTH_ENFORCE   0x03
#define U2F_AUTH_DONT_ENFORCE   0x08
#define U2F_SW_NO_ERROR   0x9000
#define U2F_SW_CONDITIONS_NOT_SATISFIED   0x6985
#define U2F_SW_WRONG_DATA   0x6A80
#define U2F_SW_WRONG_LENGTH   0x6700
#define U2F_SW_CLA_NOT_SUPPORTED   0x6E00
#define U2F_SW_INS_NOT_SUPPORTED   0x6D00
#define U2F_SW_WRONG_P1P2   0x6B00
#define U2F_SW_WTF   0x6F00
#define U2F_CHALLENGE_SIZE   32
#define U2F_APPLICATION_SIZE   32
#define U2F_KEY_HANDLE_SIZE   64
#define U2F_REGISTER_ID   0x05
#define U2F_EC_POINT_SIZE   65
#define U2F_EC_KEY_SIZE   32
#define U2F_MAX_ATT_CERT_SIZE   1024
#define U2F_MAX_EC_SIG_SIZE   72
#define U2F_CTR_SIZE   4

Functions

bool u2f_init_attestation (void)
 Initializes attestation key material and builds self-signed attestation certificate.
bool u2f_get_attestation_cert (const uint8_t **cert, uint16_t *cert_len)
 Returns attestation certificate pointer and length, initializing attestation on demand if the boot-time init did not complete.
bool u2f_attestation_sign (const uint8_t *data, size_t data_len, uint8_t *signature, uint8_t *sig_len)
 Signs payload using the attestation key, initializing attestation on demand if the boot-time init did not complete.
uint16_t u2f_process_apdu (const uint8_t *apdu, uint16_t apdu_len, uint8_t *response, uint16_t response_max)
 Parses U2F APDU and dispatches to instruction handlers.

Macro Definition Documentation

◆ U2F_APPLICATION_SIZE

#define U2F_APPLICATION_SIZE   32

Definition at line 39 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_AUTH_CHECK_ONLY

#define U2F_AUTH_CHECK_ONLY   0x07

Definition at line 23 of file u2f.h.

Referenced by u2f_authenticate().

◆ U2F_AUTH_DONT_ENFORCE

#define U2F_AUTH_DONT_ENFORCE   0x08

Definition at line 25 of file u2f.h.

◆ U2F_AUTH_ENFORCE

#define U2F_AUTH_ENFORCE   0x03

Definition at line 24 of file u2f.h.

Referenced by u2f_authenticate().

◆ U2F_CHALLENGE_SIZE

#define U2F_CHALLENGE_SIZE   32

Definition at line 38 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_CTR_SIZE

#define U2F_CTR_SIZE   4

Definition at line 46 of file u2f.h.

◆ U2F_EC_KEY_SIZE

#define U2F_EC_KEY_SIZE   32

Definition at line 43 of file u2f.h.

◆ U2F_EC_POINT_SIZE

#define U2F_EC_POINT_SIZE   65

Definition at line 42 of file u2f.h.

◆ U2F_INS_AUTHENTICATE

#define U2F_INS_AUTHENTICATE   0x02

Definition at line 19 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_INS_REGISTER

#define U2F_INS_REGISTER   0x01

Definition at line 18 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_INS_VERSION

#define U2F_INS_VERSION   0x03

Definition at line 20 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_KEY_HANDLE_SIZE

#define U2F_KEY_HANDLE_SIZE   64

Definition at line 40 of file u2f.h.

Referenced by u2f_authenticate(), and u2f_register().

◆ U2F_MAX_ATT_CERT_SIZE

#define U2F_MAX_ATT_CERT_SIZE   1024

Definition at line 44 of file u2f.h.

◆ U2F_MAX_EC_SIG_SIZE

#define U2F_MAX_EC_SIG_SIZE   72

Definition at line 45 of file u2f.h.

Referenced by u2f_authenticate(), u2f_init_attestation(), and u2f_register().

◆ U2F_REGISTER_ID

#define U2F_REGISTER_ID   0x05

Definition at line 41 of file u2f.h.

Referenced by u2f_register().

◆ U2F_SW_CLA_NOT_SUPPORTED

#define U2F_SW_CLA_NOT_SUPPORTED   0x6E00

Definition at line 32 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_SW_CONDITIONS_NOT_SATISFIED

#define U2F_SW_CONDITIONS_NOT_SATISFIED   0x6985

Definition at line 29 of file u2f.h.

Referenced by u2f_authenticate(), and u2f_register().

◆ U2F_SW_INS_NOT_SUPPORTED

#define U2F_SW_INS_NOT_SUPPORTED   0x6D00

Definition at line 33 of file u2f.h.

Referenced by u2f_process_apdu().

◆ U2F_SW_NO_ERROR

#define U2F_SW_NO_ERROR   0x9000

Definition at line 28 of file u2f.h.

◆ U2F_SW_WRONG_DATA

#define U2F_SW_WRONG_DATA   0x6A80

Definition at line 30 of file u2f.h.

Referenced by u2f_authenticate(), and u2f_register().

◆ U2F_SW_WRONG_LENGTH

#define U2F_SW_WRONG_LENGTH   0x6700

Definition at line 31 of file u2f.h.

Referenced by u2f_process_apdu(), u2f_register(), and u2f_version().

◆ U2F_SW_WRONG_P1P2

#define U2F_SW_WRONG_P1P2   0x6B00

Definition at line 34 of file u2f.h.

◆ U2F_SW_WTF

#define U2F_SW_WTF   0x6F00

Definition at line 35 of file u2f.h.

Referenced by u2f_register().

Function Documentation

◆ u2f_attestation_sign()

bool u2f_attestation_sign ( const uint8_t * data,
size_t data_len,
uint8_t * signature,
uint8_t * sig_len )

Signs payload using the attestation key, initializing attestation on demand if the boot-time init did not complete.

Sign data with attestation key (slot 30). Must call u2f_init_attestation() first.

Parameters
dataData to sign
data_lenData length
signatureOutput DER-encoded signature
sig_lenOutput signature length
Returns
true on success
Parameters
dataData to sign.
data_lenLength of data.
signatureDestination signature buffer.
sig_lenOutput signature length.
Returns
true on success, otherwise false.

Definition at line 359 of file u2f.cpp.

References u2f_attest_sign(), and u2f_init_attestation().

Referenced by cdc::mod_fido2::create_credential_and_respond().

◆ u2f_get_attestation_cert()

bool u2f_get_attestation_cert ( const uint8_t ** cert,
uint16_t * cert_len )

Returns attestation certificate pointer and length, initializing attestation on demand if the boot-time init did not complete.

Get attestation certificate (DER encoded). Must call u2f_init_attestation() first.

Parameters
certOutput buffer for certificate
cert_lenOutput certificate length
Returns
true if attestation is initialized
Parameters
certOutput pointer to DER certificate.
cert_lenOutput certificate length.
Returns
true on success, otherwise false.

Definition at line 338 of file u2f.cpp.

References g_attest_cert, g_attest_cert_len, and u2f_init_attestation().

Referenced by cdc::mod_fido2::create_credential_and_respond().

◆ u2f_init_attestation()

bool u2f_init_attestation ( void )

Initializes attestation key material and builds self-signed attestation certificate.

Initialize U2F attestation. Generates attestation key in slot 30 if not present. Must be called before using U2F.

Returns
true on success
true on success, otherwise false.

Definition at line 122 of file u2f.cpp.

References curve, DER_BIT_STRING_TAG, DER_ENSURE_POSITIVE_MASK, DER_EXPLICIT_TAG_0, DER_INTEGER_TAG, DER_LENGTH_TWO_BYTES, DER_SEQUENCE_TAG, EC_POINT_UNCOMPRESSED, g_attest_cert, g_attest_cert_len, g_attest_initialized, g_attest_pubkey, cdc::hal::getSecureElementInstance(), LOG_E, LOG_I, cdc::hal::OK, cdc::hal::P256, TAG, u2f_attest_sign(), U2F_ATTEST_SLOT, and U2F_MAX_EC_SIG_SIZE.

Referenced by fido2_init(), u2f_attestation_sign(), u2f_get_attestation_cert(), and u2f_register().

◆ u2f_process_apdu()

uint16_t u2f_process_apdu ( const uint8_t * apdu,
uint16_t apdu_len,
uint8_t * response,
uint16_t response_max )

Parses U2F APDU and dispatches to instruction handlers.

Process a U2F APDU message.

Parameters
apduInput APDU (CLA INS P1 P2 [Lc DATA Le])
apdu_lenLength of input APDU
responseOutput buffer for response
response_maxMaximum response size
Returns
Actual response length (including SW1 SW2)
Parameters
apduInput APDU bytes.
apdu_lenLength of apdu.
responseDestination response buffer.
response_maxCapacity of response.
Returns
Number of response bytes written.

Definition at line 738 of file u2f.cpp.

References LOG_I, LOG_W, TAG, U2F_APPLICATION_SIZE, u2f_authenticate(), U2F_CHALLENGE_SIZE, U2F_INS_AUTHENTICATE, U2F_INS_REGISTER, U2F_INS_VERSION, u2f_register(), u2f_response_error(), U2F_SW_CLA_NOT_SUPPORTED, U2F_SW_INS_NOT_SUPPORTED, U2F_SW_WRONG_LENGTH, and u2f_version().

Referenced by process_complete_message().