RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

fido2: Change public api && return ctap_status_code_t instead of int

Browse Source
This commit is contained in:
Ollrogge 2022-10-14 10:50:47 +02:00
parent efcbc1eab8
commit 9c6051b0d3
11 changed files with 264 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
sys/fido2/ctap/ctap.c
View File

@ -248,26 +248,26 @@ static uint8_t _pin_token[CTAP_PIN_TOKEN_SZ];
*/
static int _rem_pin_att_boot = CTAP_PIN_MAX_ATTS_BOOT;
int fido2_ctap_init(void)
ctap_status_code_t fido2_ctap_init(void)
{
int ret;
ret = fido2_ctap_mem_init();
if (ret != CTAP2_OK) {
return -EPROTO;
return ret;
}
ret = fido2_ctap_mem_read_state_from_flash(&_state);
if (ret != CTAP2_OK) {
return -EPROTO;
return ret;
}
/* first startup of the device */
if (_state.initialized_marker != CTAP_INITIALIZED_MARKER) {
ret = _reset();
if (ret != CTAP2_OK) {
return -EPROTO;
return ret;
}
}
@ -275,29 +275,29 @@ int fido2_ctap_init(void)
ret = fido2_ctap_utils_init_gpio_pin(CTAP_UP_BUTTON, CTAP_UP_BUTTON_MODE,
CTAP_UP_BUTTON_FLANK);
if (ret != CTAP2_OK) {
return -EPROTO;
return ret;
}
}
ret = fido2_ctap_crypto_init();
if (ret != CTAP2_OK) {
return -EPROTO;
return ret;
}
/* initialize pin_token */
ret = fido2_ctap_crypto_prng(_pin_token, sizeof(_pin_token));
if (ret != CTAP2_OK) {
return -EPROTO;
return ret;
}
DEBUG("fido2_ctap: initialization successful \n");
return 0;
return CTAP2_OK;
}
size_t fido2_ctap_handle_request(ctap_req_t *req, ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_handle_request(ctap_req_t *req, ctap_resp_t *resp)
{
assert(req);
assert(resp);
@ -305,35 +305,36 @@ size_t fido2_ctap_handle_request(ctap_req_t *req, ctap_resp_t *resp)
switch (req->method) {
case CTAP_GET_INFO:
DEBUG("fido2_ctap: get_info req \n");
return fido2_ctap_get_info(resp);
fido2_ctap_get_info(resp);
break;
case CTAP_MAKE_CREDENTIAL:
DEBUG("fido2_ctap: make_credential req \n");
return fido2_ctap_make_credential(req, resp);
fido2_ctap_make_credential(req, resp);
break;
case CTAP_GET_ASSERTION:
DEBUG("fido2_ctap: get_assertion req \n");
return fido2_ctap_get_assertion(req, resp);
fido2_ctap_get_assertion(req, resp);
break;
case CTAP_GET_NEXT_ASSERTION:
DEBUG("fido2_ctap: get_next_assertion req \n");
return fido2_ctap_get_next_assertion(resp);
fido2_ctap_get_next_assertion(resp);
break;
case CTAP_CLIENT_PIN:
DEBUG("fido2_ctap: client_pin req \n");
return fido2_ctap_client_pin(req, resp);
fido2_ctap_client_pin(req, resp);
break;
case CTAP_RESET:
DEBUG("fido2_ctap: reset req \n");
return fido2_ctap_reset(resp);
fido2_ctap_reset(resp);
break;
default:
DEBUG("fido2_ctap: unknown req: %u \n", req->method);
resp->status = CTAP1_ERR_INVALID_COMMAND;
resp->len = 0x0;
break;
}
return 0;
return resp->status;
}
ctap_state_t *fido2_ctap_get_state(void)
@ -341,18 +342,19 @@ ctap_state_t *fido2_ctap_get_state(void)
return &_state;
}
size_t fido2_ctap_get_info(ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_get_info(ctap_resp_t *resp)
{
assert(resp);
fido2_ctap_cbor_init_encoder(resp->data, sizeof(resp->data));
resp->status = _get_info();
resp->len = fido2_ctap_cbor_get_buffer_size(resp->data);
return fido2_ctap_cbor_get_buffer_size(resp->data);
return resp->status;
}
size_t fido2_ctap_make_credential(ctap_req_t *req, ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_make_credential(ctap_req_t *req, ctap_resp_t *resp)
{
assert(req);
assert(resp);
@ -360,11 +362,12 @@ size_t fido2_ctap_make_credential(ctap_req_t *req, ctap_resp_t *resp)
fido2_ctap_cbor_init_encoder(resp->data, sizeof(resp->data));
resp->status = _make_credential(req);
resp->len = fido2_ctap_cbor_get_buffer_size(resp->data);
return fido2_ctap_cbor_get_buffer_size(resp->data);
return resp->status;
}
size_t fido2_ctap_get_assertion(ctap_req_t *req, ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_get_assertion(ctap_req_t *req, ctap_resp_t *resp)
{
assert(req);
assert(resp);
@ -372,22 +375,24 @@ size_t fido2_ctap_get_assertion(ctap_req_t *req, ctap_resp_t *resp)
fido2_ctap_cbor_init_encoder(resp->data, sizeof(resp->data));
resp->status = _get_assertion(req);
resp->len = fido2_ctap_cbor_get_buffer_size(resp->data);
return fido2_ctap_cbor_get_buffer_size(resp->data);
return resp->status;
}
size_t fido2_ctap_get_next_assertion(ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_get_next_assertion(ctap_resp_t *resp)
{
assert(resp);
fido2_ctap_cbor_init_encoder(resp->data, sizeof(resp->data));
resp->status = _get_next_assertion();
resp->len = fido2_ctap_cbor_get_buffer_size(resp->data);
return fido2_ctap_cbor_get_buffer_size(resp->data);
return resp->status;
}
size_t fido2_ctap_client_pin(ctap_req_t *req, ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_client_pin(ctap_req_t *req, ctap_resp_t *resp)
{
assert(req);
assert(resp);
@ -395,15 +400,19 @@ size_t fido2_ctap_client_pin(ctap_req_t *req, ctap_resp_t *resp)
fido2_ctap_cbor_init_encoder(resp->data, sizeof(resp->data));
resp->status = _client_pin(req);
resp->len = fido2_ctap_cbor_get_buffer_size(resp->data);
return fido2_ctap_cbor_get_buffer_size(resp->data);
return resp->status;
}
size_t fido2_ctap_reset(ctap_resp_t *resp)
ctap_status_code_t fido2_ctap_reset(ctap_resp_t *resp)
{
resp->status = _reset();
assert(resp);
return 0;
resp->status = _reset();
resp->len = 0x0;
return resp->status;
}
static uint32_t get_id(void)
@ -540,12 +549,12 @@ static int _make_credential(ctap_req_t *req_raw)
}
/* last moment where transaction can be cancelled */
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#endif
/* user presence test to create a new credential */
if (IS_ACTIVE(CONFIG_FIDO2_CTAP_DISABLE_UP)) {
@ -697,10 +706,12 @@ static int _get_assertion(ctap_req_t *req_raw)
rk = &_assert_state.rks[_assert_state.cred_counter++];
/* last moment where transaction can be cancelled */
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#endif
ret = _make_auth_data_assert(req.rp_id, req.rp_id_len, &auth_data, uv,
up,
@ -855,7 +866,7 @@ static int _client_pin(ctap_req_t *req_raw)
}
/* common error handling */
if (req.sub_command != CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES) {
if (req.sub_command != CTAP_PIN_GET_RETRIES) {
if (_is_locked()) {
return CTAP2_ERR_PIN_BLOCKED;
}
@ -870,19 +881,19 @@ static int _client_pin(ctap_req_t *req_raw)
}
switch (req.sub_command) {
case CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES:
case CTAP_PIN_GET_RETRIES:
ret = _get_retries();
break;
case CTAP_CP_REQ_SUB_COMMAND_GET_KEY_AGREEMENT:
case CTAP_PIN_GET_KEY_AGREEMENT:
ret = _get_key_agreement();
break;
case CTAP_CP_REQ_SUB_COMMAND_SET_PIN:
case CTAP_PIN_SET_PIN:
ret = _set_pin(&req);
break;
case CTAP_CP_REQ_SUB_COMMAND_CHANGE_PIN:
case CTAP_PIN_CHANGE_PIN:
ret = _change_pin(&req);
break;
case CTAP_CP_REQ_SUB_COMMAND_GET_PIN_TOKEN:
case CTAP_PIN_GET_PIN_TOKEN:
ret = _get_pin_token(&req);
break;
default:
@ -989,12 +1000,12 @@ static int _set_pin(ctap_client_pin_req_t *req)
}
/* last moment where transaction can be cancelled */
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#endif
sz = fmt_strnlen((char *)new_pin_dec, CTAP_PIN_MAX_SIZE + 1);
if (sz < CTAP_PIN_MIN_SIZE || sz > CTAP_PIN_MAX_SIZE) {
@ -1100,13 +1111,12 @@ static int _change_pin(ctap_client_pin_req_t *req)
}
/* last moment where transaction can be cancelled */
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#endif
/* verify decrypted pinHash against LEFT(SHA-256(curPin), 16) */
if (memcmp(pin_hash_dec, _state.pin_hash, CTAP_PIN_TOKEN_SZ) != 0) {
DEBUG("fido2_ctap: _get_pin_token - invalid pin \n");
@ -1198,13 +1208,12 @@ static int _get_pin_token(ctap_client_pin_req_t *req)
}
/* last moment where transaction can be cancelled */
if (IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)) {
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#if IS_USED(MODULE_FIDO2_CTAP_TRANSPORT_HID)
if (fido2_ctap_transport_hid_should_cancel()) {
ret = CTAP2_ERR_KEEPALIVE_CANCEL;
goto done;
}
#endif
/* sha256 of shared secret ((abG).x) to obtain shared key */
ret = fido2_ctap_crypto_sha256(shared_secret, sizeof(shared_secret), shared_key);

86
sys/fido2/ctap/ctap_cbor.c
View File

@ -33,99 +33,99 @@ typedef enum {
* data structure into @ref ctap_rp_ent_t or @ref ctap_user_ent_t struct
* respectively.
*/
static int _parse_entity(CborValue *it, void *entity, entity_type_t type);
static ctap_status_code_t _parse_entity(CborValue *it, void *entity, entity_type_t type);
/**
* @brief Parse CBOR encoded sequence of PublicKeyCredentialDescriptors into
* @ref ctap_cred_desc_alt_t struct
*/
static int _parse_exclude_list(CborValue *it, ctap_cred_desc_alt_t *exclude_list,
static ctap_status_code_t _parse_exclude_list(CborValue *it, ctap_cred_desc_alt_t *exclude_list,
size_t *exclude_list_len);
/**
* @brief Parse CBOR encoded sequence of PublicKeyCredentialDescriptors into
* @ref ctap_cred_desc_alt_t struct
*/
static int _parse_allow_list(CborValue *it, ctap_cred_desc_alt_t *allow_list,
static ctap_status_code_t _parse_allow_list(CborValue *it, ctap_cred_desc_alt_t *allow_list,
uint8_t *allow_list_len);
/**
* @brief Parse CBOR encoded sequence of PublicKeyCredentialType and cryptographic
* algorithm type pairs and check if the combination is supported
*/
static int _parse_pub_key_cred_params(CborValue *it,
static ctap_status_code_t _parse_pub_key_cred_params(CborValue *it,
ctap_make_credential_req_t *req);
/**
* @brief Parse CBOR encoded PublicKeyCredentialType and cryptographic
* algorithm type
*/
static int _parse_pub_key_cred_param(CborValue *it, uint8_t *cred_type,
static ctap_status_code_t _parse_pub_key_cred_param(CborValue *it, uint8_t *cred_type,
int32_t *alg_type);
/**
* @brief Parse CBOR encoded map of authenticator options into @ref ctap_options_t
* struct
*/
static int _parse_options(CborValue *it, ctap_options_t *options);
static ctap_status_code_t _parse_options(CborValue *it, ctap_options_t *options);
/**
* @brief Parse public key in COSE_KEY format into ctap_public_key_cose_t struct
*/
static int _parse_public_key_cose(CborValue *it, ctap_public_key_cose_t *cose_key);
static ctap_status_code_t _parse_public_key_cose(CborValue *it, ctap_public_key_cose_t *cose_key);
/**
* @brief Parse CBOR encoded fixed length array into dst
*/
static int _parse_fixed_len_byte_array(CborValue *map, uint8_t *dst,
static ctap_status_code_t _parse_fixed_len_byte_array(CborValue *map, uint8_t *dst,
size_t *len);
/**
* @brief Parse CBOR encoded unknown length array into dst
*/
static int _parse_byte_array(CborValue *it, uint8_t *dst, size_t *len);
static ctap_status_code_t _parse_byte_array(CborValue *it, uint8_t *dst, size_t *len);
/**
* @brief Parse CBOR encoded unknown length array into dst
*/
static int _parse_byte_array_u8len(CborValue *it, uint8_t *dst, uint8_t *len);
static ctap_status_code_t _parse_byte_array_u8len(CborValue *it, uint8_t *dst, uint8_t *len);
/**
* @brief Parse CBOR encoded string into dst
*/
static int _parse_text_string(CborValue *it, char *dst, size_t *len);
static ctap_status_code_t _parse_text_string(CborValue *it, char *dst, size_t *len);
/**
* @brief Parse CBOR encoded string into dst
*/
static int _parse_text_string_u8len(CborValue *it, char *dst, uint8_t *len);
static ctap_status_code_t _parse_text_string_u8len(CborValue *it, char *dst, uint8_t *len);
/**
* @brief Parse CBOR encoded int into num
*/
static int _parse_int(CborValue *it, int *num);
static ctap_status_code_t _parse_int(CborValue *it, int *num);
/**
* @brief Parse credential description
*/
static int _fido2_ctap_cbor_parse_cred_desc(CborValue *arr, ctap_cred_desc_alt_t *cred);
static ctap_status_code_t _fido2_ctap_cbor_parse_cred_desc(CborValue *arr, ctap_cred_desc_alt_t *cred);
/**
* @brief Encode public key into COSE_KEY format
*
* See https://tools.ietf.org/html/rfc8152#page-34 Section 13.1.1 for details.
*/
static int _encode_public_key_cose(CborEncoder *cose_key, const ctap_public_key_cose_t *key);
static ctap_status_code_t _encode_public_key_cose(CborEncoder *cose_key, const ctap_public_key_cose_t *key);
/**
* @brief Encode PublicKeyCredentialDescriptor into CBOR format
*/
static int _encode_credential(CborEncoder *encoder, const void *cred_ptr,
static ctap_status_code_t _encode_credential(CborEncoder *encoder, const void *cred_ptr,
bool rk);
/**
* @brief Encode PublicKeyCredentialUserEntity into CBOR format
*/
static int _encode_user_entity(CborEncoder *it, const ctap_resident_key_t *rk);
static ctap_status_code_t _encode_user_entity(CborEncoder *it, const ctap_resident_key_t *rk);
/**
* @brief CBOR encoder
@ -142,7 +142,7 @@ void fido2_ctap_cbor_init_encoder(uint8_t *buf, size_t len)
cbor_encoder_init(&_encoder, buf, len, 0);
}
int fido2_ctap_cbor_encode_info(const ctap_info_t *info)
ctap_status_code_t fido2_ctap_cbor_encode_info(const ctap_info_t *info)
{
int ret;
size_t sz = 0;
@ -339,7 +339,7 @@ int fido2_ctap_cbor_encode_info(const ctap_info_t *info)
return CTAP2_OK;
}
int fido2_ctap_cbor_encode_assertion_object(const ctap_auth_data_header_t *auth_data,
ctap_status_code_t fido2_ctap_cbor_encode_assertion_object(const ctap_auth_data_header_t *auth_data,
const uint8_t *client_data_hash,
ctap_resident_key_t *rk,
uint8_t valid_cred_count)
@ -457,7 +457,7 @@ int fido2_ctap_cbor_encode_assertion_object(const ctap_auth_data_header_t *auth_
return CTAP2_OK;
}
int fido2_ctap_cbor_encode_attestation_object(const ctap_auth_data_t *auth_data,
ctap_status_code_t fido2_ctap_cbor_encode_attestation_object(const ctap_auth_data_t *auth_data,
const uint8_t *client_data_hash,
ctap_resident_key_t *rk)
{
@ -580,7 +580,7 @@ int fido2_ctap_cbor_encode_attestation_object(const ctap_auth_data_t *auth_data,
return CTAP2_OK;
}
static int _encode_credential(CborEncoder *encoder, const void *cred_ptr,
static ctap_status_code_t _encode_credential(CborEncoder *encoder, const void *cred_ptr,
bool rk)
{
CborEncoder desc;
@ -630,7 +630,7 @@ static int _encode_credential(CborEncoder *encoder, const void *cred_ptr,
return CTAP2_OK;
}
int fido2_ctap_cbor_encode_key_agreement(const ctap_public_key_cose_t *key)
ctap_status_code_t fido2_ctap_cbor_encode_key_agreement(const ctap_public_key_cose_t *key)
{
int ret;
CborEncoder map;
@ -659,7 +659,7 @@ int fido2_ctap_cbor_encode_key_agreement(const ctap_public_key_cose_t *key)
return CTAP2_OK;
}
int fido2_ctap_cbor_encode_retries(uint8_t tries_left)
ctap_status_code_t fido2_ctap_cbor_encode_retries(uint8_t tries_left)
{
int ret;
CborEncoder map;
@ -687,7 +687,7 @@ int fido2_ctap_cbor_encode_retries(uint8_t tries_left)
return CTAP2_OK;
}
int fido2_ctap_cbor_encode_pin_token(uint8_t *token, size_t len)
ctap_status_code_t fido2_ctap_cbor_encode_pin_token(uint8_t *token, size_t len)
{
int ret;
CborEncoder map;
@ -715,7 +715,7 @@ int fido2_ctap_cbor_encode_pin_token(uint8_t *token, size_t len)
return CTAP2_OK;
}
static int _encode_user_entity(CborEncoder *encoder,
static ctap_status_code_t _encode_user_entity(CborEncoder *encoder,
const ctap_resident_key_t *rk)
{
int ret;
@ -743,7 +743,7 @@ static int _encode_user_entity(CborEncoder *encoder,
return CTAP2_OK;
}
static int _encode_public_key_cose(CborEncoder *cose_key, const ctap_public_key_cose_t *key)
static ctap_status_code_t _encode_public_key_cose(CborEncoder *cose_key, const ctap_public_key_cose_t *key)
{
int ret;
CborEncoder map;
@ -806,7 +806,7 @@ static int _encode_public_key_cose(CborEncoder *cose_key, const ctap_public_key_
return CTAP2_OK;
}
int fido2_ctap_cbor_parse_get_assertion_req(ctap_get_assertion_req_t *req,
ctap_status_code_t fido2_ctap_cbor_parse_get_assertion_req(ctap_get_assertion_req_t *req,
const uint8_t *req_raw, size_t len)
{
uint8_t required_parsed = 0;
@ -928,7 +928,7 @@ int fido2_ctap_cbor_parse_get_assertion_req(ctap_get_assertion_req_t *req,
return CTAP2_OK;
}
int fido2_ctap_cbor_parse_client_pin_req(ctap_client_pin_req_t *req,
ctap_status_code_t fido2_ctap_cbor_parse_client_pin_req(ctap_client_pin_req_t *req,
const uint8_t *req_raw, size_t len)
{
uint8_t required_parsed = 0;
@ -1041,7 +1041,7 @@ int fido2_ctap_cbor_parse_client_pin_req(ctap_client_pin_req_t *req,
return CTAP2_OK;
}
int fido2_ctap_cbor_parse_make_credential_req(ctap_make_credential_req_t *req,
ctap_status_code_t fido2_ctap_cbor_parse_make_credential_req(ctap_make_credential_req_t *req,
const uint8_t *buf,
size_t size)
{
@ -1172,7 +1172,7 @@ int fido2_ctap_cbor_parse_make_credential_req(ctap_make_credential_req_t *req,
return CTAP2_OK;
}
static int _parse_public_key_cose(CborValue *it, ctap_public_key_cose_t *cose_key)
static ctap_status_code_t _parse_public_key_cose(CborValue *it, ctap_public_key_cose_t *cose_key)
{
int ret;
int type;
@ -1256,7 +1256,7 @@ static int _parse_public_key_cose(CborValue *it, ctap_public_key_cose_t *cose_ke
return CTAP2_OK;
}
static int _parse_entity(CborValue *it, void *entity, entity_type_t type)
static ctap_status_code_t _parse_entity(CborValue *it, void *entity, entity_type_t type)
{
int ret;
int cbor_type;
@ -1386,7 +1386,7 @@ static int _parse_entity(CborValue *it, void *entity, entity_type_t type)
return CTAP2_OK;
}
static int _parse_pub_key_cred_params(CborValue *it,
static ctap_status_code_t _parse_pub_key_cred_params(CborValue *it,
ctap_make_credential_req_t *req)
{
int type;
@ -1434,7 +1434,7 @@ static int _parse_pub_key_cred_params(CborValue *it,
return CTAP2_ERR_UNSUPPORTED_ALGORITHM;
}
static int _parse_pub_key_cred_param(CborValue *it, uint8_t *cred_type,
static ctap_status_code_t _parse_pub_key_cred_param(CborValue *it, uint8_t *cred_type,
int32_t *alg_type)
{
int ret;
@ -1490,7 +1490,7 @@ static int _parse_pub_key_cred_param(CborValue *it, uint8_t *cred_type,
return CTAP2_OK;
}
static int _parse_options(CborValue *it, ctap_options_t *options)
static ctap_status_code_t _parse_options(CborValue *it, ctap_options_t *options)
{
int ret;
int cbor_type;
@ -1569,7 +1569,7 @@ static int _parse_options(CborValue *it, ctap_options_t *options)
return CTAP2_OK;
}
static int _parse_allow_list(CborValue *it, ctap_cred_desc_alt_t *allow_list,
static ctap_status_code_t _parse_allow_list(CborValue *it, ctap_cred_desc_alt_t *allow_list,
uint8_t *allow_list_len)
{
size_t len2 = *allow_list_len;
@ -1579,7 +1579,7 @@ static int _parse_allow_list(CborValue *it, ctap_cred_desc_alt_t *allow_list,
return retval;
}
static int _parse_exclude_list(CborValue *it, ctap_cred_desc_alt_t *exclude_list,
static ctap_status_code_t _parse_exclude_list(CborValue *it, ctap_cred_desc_alt_t *exclude_list,
size_t *exclude_list_len)
{
int ret;
@ -1620,7 +1620,7 @@ static int _parse_exclude_list(CborValue *it, ctap_cred_desc_alt_t *exclude_list
return CTAP2_OK;
}
static int _fido2_ctap_cbor_parse_cred_desc(CborValue *arr, ctap_cred_desc_alt_t *cred)
static ctap_status_code_t _fido2_ctap_cbor_parse_cred_desc(CborValue *arr, ctap_cred_desc_alt_t *cred)
{
int ret;
int type;
@ -1685,7 +1685,7 @@ static int _fido2_ctap_cbor_parse_cred_desc(CborValue *arr, ctap_cred_desc_alt_t
return CTAP2_OK;
}
static int _parse_fixed_len_byte_array(CborValue *it, uint8_t *dst, size_t *len)
static ctap_status_code_t _parse_fixed_len_byte_array(CborValue *it, uint8_t *dst, size_t *len)
{
int ret;
int type;
@ -1708,7 +1708,7 @@ static int _parse_fixed_len_byte_array(CborValue *it, uint8_t *dst, size_t *len)
return CTAP2_OK;
}
static int _parse_byte_array(CborValue *it, uint8_t *dst, size_t *len)
static ctap_status_code_t _parse_byte_array(CborValue *it, uint8_t *dst, size_t *len)
{
int type;
int ret;
@ -1726,7 +1726,7 @@ static int _parse_byte_array(CborValue *it, uint8_t *dst, size_t *len)
return CTAP2_OK;
}
static int _parse_byte_array_u8len(CborValue *it, uint8_t *dst, uint8_t *len)
static ctap_status_code_t _parse_byte_array_u8len(CborValue *it, uint8_t *dst, uint8_t *len)
{
size_t len2 = *len;
int retval = _parse_byte_array(it, dst, &len2);
@ -1735,7 +1735,7 @@ static int _parse_byte_array_u8len(CborValue *it, uint8_t *dst, uint8_t *len)
return retval;
}
static int _parse_text_string(CborValue *it, char *dst, size_t *len)
static ctap_status_code_t _parse_text_string(CborValue *it, char *dst, size_t *len)
{
int type;
int ret;
@ -1755,7 +1755,7 @@ static int _parse_text_string(CborValue *it, char *dst, size_t *len)
return CTAP2_OK;
}
static int _parse_text_string_u8len(CborValue *it, char *dst, uint8_t *len)
static ctap_status_code_t _parse_text_string_u8len(CborValue *it, char *dst, uint8_t *len)
{
size_t len2 = *len;
int retval = _parse_text_string(it, dst, &len2);
@ -1764,7 +1764,7 @@ static int _parse_text_string_u8len(CborValue *it, char *dst, uint8_t *len)
return retval;
}
static int _parse_int(CborValue *it, int *num)
static ctap_status_code_t _parse_int(CborValue *it, int *num)
{
int type;
int ret;

51
sys/fido2/ctap/ctap_crypto.c
View File

@ -28,7 +28,6 @@
#include "tiny-asn1.h"
#include "fido2/ctap/ctap_crypto.h"
#include "fido2/ctap.h"
#include "fido2/ctap/ctap_utils.h"
#define ENABLE_DEBUG (0)
@ -37,7 +36,7 @@
/**
* @brief Parse signature into ASN.1 DER format
*/
static int _sig_to_der_format(uint8_t *r, uint8_t *s, uint8_t *sig,
static ctap_status_code_t _sig_to_der_format(uint8_t *r, uint8_t *s, uint8_t *sig,
size_t *sig_len);
/**
@ -47,70 +46,70 @@ static int _sig_to_der_format(uint8_t *r, uint8_t *s, uint8_t *sig,
*/
static int _RNG(uint8_t *dest, unsigned size);
int fido2_ctap_crypto_init(void)
{
uECC_set_rng(&_RNG);
return CTAP2_OK;
}
static int _RNG(uint8_t *dest, unsigned size)
{
fido2_ctap_crypto_prng(dest, (size_t)size);
return 1;
}
int fido2_ctap_crypto_prng(uint8_t *buf, size_t len)
ctap_status_code_t fido2_ctap_crypto_init(void)
{
uECC_set_rng(&_RNG);
return CTAP2_OK;
}
ctap_status_code_t fido2_ctap_crypto_prng(uint8_t *buf, size_t len)
{
random_bytes(buf, len);
return CTAP2_OK;
}
int fido2_ctap_crypto_sha256_init(sha256_context_t *ctx)
ctap_status_code_t fido2_ctap_crypto_sha256_init(sha256_context_t *ctx)
{
sha256_init(ctx);
return CTAP2_OK;
}
int fido2_ctap_crypto_sha256_update(sha256_context_t *ctx, const void *data, size_t len)
ctap_status_code_t fido2_ctap_crypto_sha256_update(sha256_context_t *ctx, const void *data, size_t len)
{
sha256_update(ctx, data, len);
return CTAP2_OK;
}
int fido2_ctap_crypto_sha256_final(sha256_context_t *ctx, void *digest)
ctap_status_code_t fido2_ctap_crypto_sha256_final(sha256_context_t *ctx, void *digest)
{
sha256_final(ctx, digest);
return CTAP2_OK;
}
int fido2_ctap_crypto_sha256(const void *data, size_t len,
ctap_status_code_t fido2_ctap_crypto_sha256(const void *data, size_t len,
void *digest)
{
sha256(data, len, digest);
return CTAP2_OK;
}
int fido2_ctap_crypto_hmac_sha256_init(hmac_context_t *ctx, const void *key,
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_init(hmac_context_t *ctx, const void *key,
size_t key_length)
{
hmac_sha256_init(ctx, key, key_length);
return CTAP2_OK;
}
int fido2_ctap_crypto_hmac_sha256_update(hmac_context_t *ctx, const void *data, size_t len)
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_update(hmac_context_t *ctx, const void *data, size_t len)
{
hmac_sha256_update(ctx, data, len);
return CTAP2_OK;
}
int fido2_ctap_crypto_hmac_sha256_final(hmac_context_t *ctx, void *digest)
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_final(hmac_context_t *ctx, void *digest)
{
hmac_sha256_final(ctx, digest);
return CTAP2_OK;
}
int fido2_ctap_crypto_hmac_sha256(const void *key,
ctap_status_code_t fido2_ctap_crypto_hmac_sha256(const void *key,
size_t key_length, const void *data, size_t len,
void *digest)
{
@ -118,7 +117,7 @@ int fido2_ctap_crypto_hmac_sha256(const void *key,
return CTAP2_OK;
}
int fido2_ctap_crypto_ecdh(uint8_t *out, size_t len,
ctap_status_code_t fido2_ctap_crypto_ecdh(uint8_t *out, size_t len,
ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t key_len)
{
assert(len == CTAP_CRYPTO_KEY_SIZE);
@ -136,7 +135,7 @@ int fido2_ctap_crypto_ecdh(uint8_t *out, size_t len,
return CTAP2_OK;
}
int fido2_ctap_crypto_aes_enc(uint8_t *out, size_t *out_len, uint8_t *in,
ctap_status_code_t fido2_ctap_crypto_aes_enc(uint8_t *out, size_t *out_len, uint8_t *in,
size_t in_len, const uint8_t *key,
size_t key_len)
{
@ -160,7 +159,7 @@ int fido2_ctap_crypto_aes_enc(uint8_t *out, size_t *out_len, uint8_t *in,
return CTAP2_OK;
}
int fido2_ctap_crypto_aes_dec(uint8_t *out, size_t *out_len, uint8_t *in,
ctap_status_code_t fido2_ctap_crypto_aes_dec(uint8_t *out, size_t *out_len, uint8_t *in,
size_t in_len, const uint8_t *key,
size_t key_len)
{
@ -184,7 +183,7 @@ int fido2_ctap_crypto_aes_dec(uint8_t *out, size_t *out_len, uint8_t *in,
return CTAP2_OK;
}
int fido2_ctap_crypto_aes_ccm_enc(uint8_t *out, size_t out_len,
ctap_status_code_t fido2_ctap_crypto_aes_ccm_enc(uint8_t *out, size_t out_len,
const uint8_t *in, size_t in_len,
uint8_t *auth_data, size_t auth_data_len,
uint8_t mac_len, uint8_t length_encoding,
@ -213,7 +212,7 @@ int fido2_ctap_crypto_aes_ccm_enc(uint8_t *out, size_t out_len,
return CTAP2_OK;
}
int fido2_ctap_crypto_aes_ccm_dec(uint8_t *out, size_t out_len,
ctap_status_code_t fido2_ctap_crypto_aes_ccm_dec(uint8_t *out, size_t out_len,
const uint8_t *in, size_t in_len,
uint8_t *auth_data, size_t auth_data_len,
uint8_t mac_len, uint8_t length_encoding,
@ -242,7 +241,7 @@ int fido2_ctap_crypto_aes_ccm_dec(uint8_t *out, size_t out_len,
return CTAP2_OK;
}
int fido2_ctap_crypto_gen_keypair(ctap_crypto_pub_key_t *pub_key,
ctap_status_code_t fido2_ctap_crypto_gen_keypair(ctap_crypto_pub_key_t *pub_key,
uint8_t *priv_key, size_t len)
{
assert(len == CTAP_CRYPTO_KEY_SIZE);
@ -258,7 +257,7 @@ int fido2_ctap_crypto_gen_keypair(ctap_crypto_pub_key_t *pub_key,
return CTAP2_OK;
}
int fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
ctap_status_code_t fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
size_t *sig_len, const uint8_t *key,
size_t key_len)
{
@ -293,7 +292,7 @@ int fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
return CTAP2_OK;
}
static int _sig_to_der_format(uint8_t *r, uint8_t *s, uint8_t *sig,
static ctap_status_code_t _sig_to_der_format(uint8_t *r, uint8_t *s, uint8_t *sig,
size_t *sig_len)
{
asn1_tree t;

22
sys/fido2/ctap/ctap_mem.c
View File

@ -52,14 +52,14 @@ static unsigned _amount_flashpages_rk(void);
/**
* @brief Write to flash memory
*/
static int _flash_write(const void *buf, uint32_t addr, size_t len);
static ctap_status_code_t _flash_write(const void *buf, uint32_t addr, size_t len);
/**
* @brief Get start address of reserved flash memory region
*/
static unsigned _flash_start(void);
int fido2_ctap_mem_init(void)
ctap_status_code_t fido2_ctap_mem_init(void)
{
int ret = mtd_init(_mtd_dev);
@ -75,7 +75,7 @@ static unsigned _amount_flashpages_rk(void)
return _mtd_dev->sector_count * _mtd_dev->pages_per_sector;
}
int fido2_ctap_mem_read(void *buf, uint32_t page, uint32_t offset, uint32_t len)
ctap_status_code_t fido2_ctap_mem_read(void *buf, uint32_t page, uint32_t offset, uint32_t len)
{
assert(buf);
@ -90,7 +90,7 @@ int fido2_ctap_mem_read(void *buf, uint32_t page, uint32_t offset, uint32_t len)
return CTAP2_OK;
}
static int _flash_write(const void *buf, uint32_t addr, size_t len)
static ctap_status_code_t _flash_write(const void *buf, uint32_t addr, size_t len)
{
assert(buf);
int ret;
@ -133,7 +133,7 @@ static unsigned _flash_start(void)
return flashpage_page((void *)_backing_memory);
}
int fido2_ctap_mem_erase_flash(void)
ctap_status_code_t fido2_ctap_mem_erase_flash(void)
{
unsigned start = _flash_start();
unsigned end = start + CONFIG_FIDO2_CTAP_NUM_FLASHPAGES;
@ -149,11 +149,13 @@ int fido2_ctap_mem_erase_flash(void)
* CTAP state information is stored at flashpage 0 of the memory area
* dedicated for storing CTAP data
*/
int fido2_ctap_mem_read_state_from_flash(ctap_state_t *state)
ctap_status_code_t fido2_ctap_mem_read_state_from_flash(ctap_state_t *state)
{
uint32_t addr = (uint32_t)flashpage_addr(_flash_start());
return mtd_read(_mtd_dev, state, addr, sizeof(ctap_state_t));
int ret = mtd_read(_mtd_dev, state, addr, sizeof(ctap_state_t));
return ret == 0 ? CTAP2_OK : CTAP1_ERR_OTHER;
}
/**
@ -163,7 +165,7 @@ int fido2_ctap_mem_read_state_from_flash(ctap_state_t *state)
* so rk's can't be deleted, only overwritten => we can be sure that there are
* no holes when reading keys from flash memory
*/
int fido2_ctap_mem_write_rk_to_flash(ctap_resident_key_t *rk)
ctap_status_code_t fido2_ctap_mem_write_rk_to_flash(ctap_resident_key_t *rk)
{
int ret;
uint32_t addr = (uint32_t)flashpage_addr(_flash_start() + CTAP_FLASH_RK_OFF);
@ -205,14 +207,14 @@ int fido2_ctap_mem_write_rk_to_flash(ctap_resident_key_t *rk)
return _flash_write(rk, addr, CTAP_FLASH_RK_SZ);
}
int fido2_ctap_mem_write_state_to_flash(ctap_state_t *state)
ctap_status_code_t fido2_ctap_mem_write_state_to_flash(ctap_state_t *state)
{
uint32_t addr = (uint32_t)flashpage_addr(_flash_start());
return _flash_write(state, addr, CTAP_FLASH_STATE_SZ);
}
int fido2_ctap_mem_read_rk_from_flash(ctap_resident_key_t *key, uint8_t *rp_id_hash, uint32_t *addr)
ctap_status_code_t fido2_ctap_mem_read_rk_from_flash(ctap_resident_key_t *key, uint8_t *rp_id_hash, uint32_t *addr)
{
uint16_t end;
uint16_t amt_stored = fido2_ctap_get_state()->rk_amount_stored;

4
sys/fido2/ctap/ctap_utils.c
View File

@ -44,7 +44,7 @@ static gpio_t _pin;
*/
static void _gpio_cb(void *arg);
int fido2_ctap_utils_init_gpio_pin(gpio_t pin, gpio_mode_t mode, gpio_flank_t flank)
ctap_status_code_t fido2_ctap_utils_init_gpio_pin(gpio_t pin, gpio_mode_t mode, gpio_flank_t flank)
{
if (gpio_init_int(pin, mode, flank, _gpio_cb, NULL) < 0) {
return CTAP1_ERR_OTHER;
@ -55,7 +55,7 @@ int fido2_ctap_utils_init_gpio_pin(gpio_t pin, gpio_mode_t mode, gpio_flank_t fl
return CTAP2_OK;
}
int fido2_ctap_utils_user_presence_test(void)
ctap_status_code_t fido2_ctap_utils_user_presence_test(void)
{
int ret;

53
sys/include/fido2/ctap.h
View File

@ -98,7 +98,22 @@ typedef enum {
CTAP2_ERR_EXTENSION_LAST = 0xEF,
CTAP2_ERR_VENDOR_FIRST = 0xF0,
CTAP2_ERR_VENDOR_LAST = 0xFF
} ctap_status_codes_t;
} ctap_status_code_t;
/** @} */
/**
* @brief CTAP methods
*
* @{
*/
typedef enum {
CTAP_MAKE_CREDENTIAL = 0x01,
CTAP_GET_ASSERTION = 0x02,
CTAP_GET_INFO = 0x04,
CTAP_CLIENT_PIN = 0x06,
CTAP_RESET = 0x07,
CTAP_GET_NEXT_ASSERTION = 0x08
} ctap_method_t;
/** @} */
/**
@ -118,17 +133,17 @@ typedef struct {
* CTAP specification (version 20190130) section 6.2
*/
typedef struct {
uint8_t status; /**< response status */
ctap_status_code_t status; /**< response status */
uint8_t data[CTAP_MAX_MSG_SIZE]; /**< response data */
size_t len; /**< length of response data */
} ctap_resp_t;
/**
* @brief Initialize ctap
*
* @return 0 for success
* @return negative error code otherwise
* @return @ref ctap_status_code_t
*/
int fido2_ctap_init(void);
ctap_status_code_t fido2_ctap_init(void);
/**
* @brief Handle CBOR encoded ctap request.
@ -139,9 +154,9 @@ int fido2_ctap_init(void);
* @param[in] req request struct
* @param[in] resp response struct
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_handle_request(ctap_req_t *req, ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_handle_request(ctap_req_t *req, ctap_resp_t *resp);
/**
* @brief MakeCredential method
@ -151,9 +166,9 @@ size_t fido2_ctap_handle_request(ctap_req_t *req, ctap_resp_t *resp);
* @param[in] req CTAP request
* @param[in, out] resp CTAP response
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_make_credential(ctap_req_t *req, ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_make_credential(ctap_req_t *req, ctap_resp_t *resp);
/**
* @brief GetAssertion method
@ -163,9 +178,9 @@ size_t fido2_ctap_make_credential(ctap_req_t *req, ctap_resp_t *resp);
* @param[in] req CTAP request
* @param[in, out] resp CTAP response
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_get_assertion(ctap_req_t *req, ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_get_assertion(ctap_req_t *req, ctap_resp_t *resp);
/**
* @brief GetNextAssertion method
@ -174,9 +189,9 @@ size_t fido2_ctap_get_assertion(ctap_req_t *req, ctap_resp_t *resp);
*
* @param[in, out] resp CTAP response
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_get_next_assertion(ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_get_next_assertion(ctap_resp_t *resp);
/**
* @brief GetInfo method
@ -185,9 +200,9 @@ size_t fido2_ctap_get_next_assertion(ctap_resp_t *resp);
*
* @param[in, out] resp CTAP response
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_get_info(ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_get_info(ctap_resp_t *resp);
/**
* @brief ClientPIN method
@ -197,9 +212,9 @@ size_t fido2_ctap_get_info(ctap_resp_t *resp);
* @param[in] req CTAP request
* @param[in, out] resp CTAP response
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_client_pin(ctap_req_t *req, ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_client_pin(ctap_req_t *req, ctap_resp_t *resp);
/**
* @brief Reset method
@ -208,9 +223,9 @@ size_t fido2_ctap_client_pin(ctap_req_t *req, ctap_resp_t *resp);
*
* @param[in, out] resp CTAP response
*
* @return Length of @p resp->data
* @return @ref ctap_status_code_t
*/
size_t fido2_ctap_reset(ctap_resp_t *resp);
ctap_status_code_t fido2_ctap_reset(ctap_resp_t *resp);
#ifdef __cplusplus
}

33
sys/include/fido2/ctap/ctap.h
View File

@ -50,19 +50,6 @@ extern "C" {
*/
#define CTAP_PIN_AUTH_SZ 16
/**
* @name CTAP methods
*
* @{
*/
#define CTAP_MAKE_CREDENTIAL 0x01 /**< authenticatorMakeCredential method */
#define CTAP_GET_ASSERTION 0x02 /**< authenticatorGetAssertion method */
#define CTAP_GET_INFO 0x04 /**< authenticatorGetInfo method */
#define CTAP_CLIENT_PIN 0x06 /**< authenticatorClientPIN method */
#define CTAP_RESET 0x07 /**< authenticatorReset method */
#define CTAP_GET_NEXT_ASSERTION 0x08 /**< authenticatorGetNextAssertion method */
/** @} */
/**
* @name CTAP authenticator data option flags
*
@ -111,15 +98,17 @@ extern "C" {
/** @} */
/**
* @name CTAP Client PIN request subCommand CBOR key values
* @brief CTAP Client PIN request subCommand CBOR key values
*
* @{
*/
#define CTAP_CP_REQ_SUB_COMMAND_GET_RETRIES 0x01 /**< getRetries subCommand */
#define CTAP_CP_REQ_SUB_COMMAND_GET_KEY_AGREEMENT 0x02 /**< getKeyAgreement subCommand */
#define CTAP_CP_REQ_SUB_COMMAND_SET_PIN 0x03 /**< setPIN subCommand */
#define CTAP_CP_REQ_SUB_COMMAND_CHANGE_PIN 0x04 /**< changePIN subCommand */
#define CTAP_CP_REQ_SUB_COMMAND_GET_PIN_TOKEN 0x05 /**< getPinToken subCommand */
typedef enum {
CTAP_PIN_GET_RETRIES = 0x01, /**< getRetries subCommand */
CTAP_PIN_GET_KEY_AGREEMENT = 0x02, /**< getKeyAgreement subCommand */
CTAP_PIN_SET_PIN = 0x03, /**< setPIN subCommand */
CTAP_PIN_CHANGE_PIN = 0x04, /**< changePIN subCommand */
CTAP_PIN_GET_PIN_TOKEN = 0x05 /**< getPinToken subCommand */
} ctap_pin_subcommand_t;
/** @} */
/**
@ -572,7 +561,7 @@ typedef struct {
uint8_t pin_auth[CTAP_PIN_AUTH_SZ]; /**< first 16 bytes of HMAC-SHA-256 of encrypted contents */
uint8_t new_pin_enc[CTAP_PIN_ENC_MAX_SIZE]; /**< Encrypted new PIN using sharedSecret. */
uint8_t pin_hash_enc[SHA256_DIGEST_LENGTH / 2]; /**< Encrypted first 16 bytes of SHA-256 of PIN using sharedSecret. */
uint8_t sub_command; /**< authenticator Client PIN sub command */
ctap_pin_subcommand_t sub_command; /**< ClientPIN sub command */
uint8_t pin_protocol; /**< PIN protocol version chosen by the client */
bool pin_hash_enc_present; /**< indicate pin_hash_enc is present */
bool pin_auth_present; /**< indicate if pin_auth present */
@ -642,7 +631,7 @@ typedef struct {
* @param[in] sig signature buffer
* @param[in] sig_len length of @p sig
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_get_sig(const uint8_t *auth_data, size_t auth_data_len,
const uint8_t *client_data_hash,
@ -668,7 +657,7 @@ bool fido2_ctap_cred_params_supported(uint8_t cred_type, int32_t alg_type);
* @param[in] nonce_len length of @p nonce
* @param[in] id credential id struct storing encrypted resident key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_encrypt_rk(ctap_resident_key_t *rk, uint8_t *nonce,
size_t nonce_len, ctap_cred_id_t *id);

36
sys/include/fido2/ctap/ctap_cbor.h
View File

@ -212,9 +212,9 @@ extern "C" {
* @param[in] req_raw raw request
* @param[in] len length of @p req_raw
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_parse_make_credential_req(ctap_make_credential_req_t *req,
ctap_status_code_t fido2_ctap_cbor_parse_make_credential_req(ctap_make_credential_req_t *req,
const uint8_t *req_raw, size_t len);
/**
@ -226,9 +226,9 @@ int fido2_ctap_cbor_parse_make_credential_req(ctap_make_credential_req_t *req,
* @param[in] req_raw raw request
* @param[in] len length of @p req_raw
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_parse_get_assertion_req(ctap_get_assertion_req_t *req,
ctap_status_code_t fido2_ctap_cbor_parse_get_assertion_req(ctap_get_assertion_req_t *req,
const uint8_t *req_raw, size_t len);
/**
@ -238,10 +238,10 @@ int fido2_ctap_cbor_parse_get_assertion_req(ctap_get_assertion_req_t *req,
*
* @param[in] info information about capabilities
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_encode_info(const ctap_info_t *info);
ctap_status_code_t fido2_ctap_cbor_encode_info(const ctap_info_t *info);
/**
* @brief Parse ClientPIN method
*
@ -251,9 +251,9 @@ int fido2_ctap_cbor_encode_info(const ctap_info_t *info);
* @param[in] req_raw raw request
* @param[in] len length of @p req_raw
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_parse_client_pin_req(ctap_client_pin_req_t *req,
ctap_status_code_t fido2_ctap_cbor_parse_client_pin_req(ctap_client_pin_req_t *req,
const uint8_t *req_raw, size_t len);
/**
* @brief Encode attestation object
@ -264,9 +264,9 @@ int fido2_ctap_cbor_parse_client_pin_req(ctap_client_pin_req_t *req,
* @param[in] client_data_hash SHA-256 hash of JSON serialized client data
* @param[in] rk resident key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_encode_attestation_object(const ctap_auth_data_t *auth_data,
ctap_status_code_t fido2_ctap_cbor_encode_attestation_object(const ctap_auth_data_t *auth_data,
const uint8_t *client_data_hash,
ctap_resident_key_t *rk);
@ -280,9 +280,9 @@ int fido2_ctap_cbor_encode_attestation_object(const ctap_auth_data_t *auth_data,
* @param[in] rk resident key
* @param[in] valid_cred_count amount of valid credentials found in allow list
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_encode_assertion_object(const ctap_auth_data_header_t *auth_data,
ctap_status_code_t fido2_ctap_cbor_encode_assertion_object(const ctap_auth_data_header_t *auth_data,
const uint8_t *client_data_hash,
ctap_resident_key_t *rk,
uint8_t valid_cred_count);
@ -291,9 +291,9 @@ int fido2_ctap_cbor_encode_assertion_object(const ctap_auth_data_header_t *auth_
*
* @param[in] key Public key in COSE format
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_encode_key_agreement(const ctap_public_key_cose_t *key);
ctap_status_code_t fido2_ctap_cbor_encode_key_agreement(const ctap_public_key_cose_t *key);
/**
* @brief Encode encrypted pin token
@ -301,18 +301,18 @@ int fido2_ctap_cbor_encode_key_agreement(const ctap_public_key_cose_t *key);
* @param[in] token encrypted pin token
* @param[in] len length of @p token
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_encode_pin_token(uint8_t *token, size_t len);
ctap_status_code_t fido2_ctap_cbor_encode_pin_token(uint8_t *token, size_t len);
/**
* @brief Encode PIN tries left
*
* @param[in] tries_left amount of tries left
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_cbor_encode_retries(uint8_t tries_left);
ctap_status_code_t fido2_ctap_cbor_encode_retries(uint8_t tries_left);
/**
* @brief Get size of CBOR encoded data

69
sys/include/fido2/ctap/ctap_crypto.h
View File

@ -26,6 +26,7 @@
#include <stdint.h>
#include "hashes/sha256.h"
#include "fido2/ctap.h"
#ifdef __cplusplus
extern "C" {
@ -64,9 +65,9 @@ typedef struct {
*
* Initializes crypto libs and creates key_agreement key pair
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_init(void);
ctap_status_code_t fido2_ctap_crypto_init(void);
/**
* @brief Wrapper function for @ref random_bytes
@ -74,18 +75,18 @@ int fido2_ctap_crypto_init(void);
* @param[in] buf buffer to hold random bytes
* @param[in] len length of @p buf
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_prng(uint8_t *buf, size_t len);
ctap_status_code_t fido2_ctap_crypto_prng(uint8_t *buf, size_t len);
/**
* @brief Wrapper function for @ref sha256_init
*
* @param ctx sha256_context_t handle to init
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_sha256_init(sha256_context_t *ctx);
ctap_status_code_t fido2_ctap_crypto_sha256_init(sha256_context_t *ctx);
/**
* @brief Wrapper function for @ref sha256_update
@ -94,9 +95,9 @@ int fido2_ctap_crypto_sha256_init(sha256_context_t *ctx);
* @param[in] data Input data
* @param[in] len Length of @p data
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_sha256_update(sha256_context_t *ctx, const void *data, size_t len);
ctap_status_code_t fido2_ctap_crypto_sha256_update(sha256_context_t *ctx, const void *data, size_t len);
/**
* @brief Wrapper for @ref sha256_final
@ -104,9 +105,9 @@ int fido2_ctap_crypto_sha256_update(sha256_context_t *ctx, const void *data, siz
* @param ctx sha256_context_t handle to use
* @param digest resulting digest, this is the hash of all the bytes
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_sha256_final(sha256_context_t *ctx, void *digest);
ctap_status_code_t fido2_ctap_crypto_sha256_final(sha256_context_t *ctx, void *digest);
/**
* @brief Wrapper function for @ref sha256
@ -118,9 +119,9 @@ int fido2_ctap_crypto_sha256_final(sha256_context_t *ctx, void *digest);
*
* @note discards the pointer returned by @ref sha256
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_sha256(const void *data, size_t len,
ctap_status_code_t fido2_ctap_crypto_sha256(const void *data, size_t len,
void *digest);
/**
@ -130,9 +131,9 @@ int fido2_ctap_crypto_sha256(const void *data, size_t len,
* @param[in] key key used in the hmac-sha256 computation
* @param[in] key_length length of @p key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_hmac_sha256_init(hmac_context_t *ctx, const void *key,
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_init(hmac_context_t *ctx, const void *key,
size_t key_length);
/**
@ -142,9 +143,9 @@ int fido2_ctap_crypto_hmac_sha256_init(hmac_context_t *ctx, const void *key,
* @param[in] data pointer to the buffer to generate hash from
* @param[in] len length of @p data
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_hmac_sha256_update(hmac_context_t *ctx, const void *data, size_t len);
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_update(hmac_context_t *ctx, const void *data, size_t len);
/**
* @brief Wrapper function for @ref hmac_sha256_final
@ -153,9 +154,9 @@ int fido2_ctap_crypto_hmac_sha256_update(hmac_context_t *ctx, const void *data,
* @param[out] digest the computed hmac-sha256,
* length MUST be SHA256_DIGEST_LENGTH
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_hmac_sha256_final(hmac_context_t *ctx, void *digest);
ctap_status_code_t fido2_ctap_crypto_hmac_sha256_final(hmac_context_t *ctx, void *digest);
/**
* @brief Wrapper function for @ref hmac_sha256
@ -169,9 +170,9 @@ int fido2_ctap_crypto_hmac_sha256_final(hmac_context_t *ctx, void *digest);
*
* @note discards the pointer returned by @ref hmac_sha256
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_hmac_sha256(const void *key,
ctap_status_code_t fido2_ctap_crypto_hmac_sha256(const void *key,
size_t key_length, const void *data, size_t len,
void *digest);
@ -182,9 +183,9 @@ int fido2_ctap_crypto_hmac_sha256(const void *key,
* @param[in] priv_key private key buffer
* @param[in] len length of @p priv_key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_gen_keypair(ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t len);
ctap_status_code_t fido2_ctap_crypto_gen_keypair(ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t len);
/**
* @brief Elliptic-curve Diffie-Hellmann
@ -195,9 +196,9 @@ int fido2_ctap_crypto_gen_keypair(ctap_crypto_pub_key_t *pub_key, uint8_t *priv_
* @param[in] priv_key private key
* @param[in] key_len length of @p priv_key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_ecdh(uint8_t *out, size_t len,
ctap_status_code_t fido2_ctap_crypto_ecdh(uint8_t *out, size_t len,
ctap_crypto_pub_key_t *pub_key, uint8_t *priv_key, size_t key_len);
/**
@ -210,9 +211,9 @@ int fido2_ctap_crypto_ecdh(uint8_t *out, size_t len,
* @param[in] key private key to use for signature
* @param[in] key_len length of @p key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
ctap_status_code_t fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
size_t *sig_len, const uint8_t *key, size_t key_len);
/**
@ -225,9 +226,9 @@ int fido2_ctap_crypto_get_sig(uint8_t *hash, size_t hash_len, uint8_t *sig,
* @param[in] key symmetric key to use for encryption
* @param[in] key_len length of @p key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_aes_enc(uint8_t * out, size_t *out_len, uint8_t * in,
ctap_status_code_t fido2_ctap_crypto_aes_enc(uint8_t * out, size_t *out_len, uint8_t * in,
size_t in_len, const uint8_t * key, size_t key_len);
/**
@ -240,9 +241,9 @@ int fido2_ctap_crypto_aes_enc(uint8_t * out, size_t *out_len, uint8_t * in,
* @param[in] key symmetric key to use for decryption
* @param[in] key_len length of @p key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_aes_dec(uint8_t * out, size_t *out_len, uint8_t * in,
ctap_status_code_t fido2_ctap_crypto_aes_dec(uint8_t * out, size_t *out_len, uint8_t * in,
size_t in_len, const uint8_t * key, size_t key_len);
/**
@ -261,9 +262,9 @@ int fido2_ctap_crypto_aes_dec(uint8_t * out, size_t *out_len, uint8_t * in,
* @param[in] key symmetric key to use for encryption
* @param[in] key_len length of @p key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_aes_ccm_enc(uint8_t *out, size_t out_len,
ctap_status_code_t fido2_ctap_crypto_aes_ccm_enc(uint8_t *out, size_t out_len,
const uint8_t *in, size_t in_len,
uint8_t *auth_data, size_t auth_data_len,
uint8_t mac_len, uint8_t length_encoding,
@ -286,9 +287,9 @@ int fido2_ctap_crypto_aes_ccm_enc(uint8_t *out, size_t out_len,
* @param[in] key symmetric key to use for encryption
* @param[in] key_len length of @p key
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_crypto_aes_ccm_dec(uint8_t *out, size_t out_len,
ctap_status_code_t fido2_ctap_crypto_aes_ccm_dec(uint8_t *out, size_t out_len,
const uint8_t *in, size_t in_len,
uint8_t *auth_data, size_t auth_data_len,
uint8_t mac_len, uint8_t length_encoding,

28
sys/include/fido2/ctap/ctap_mem.h
View File

@ -100,9 +100,9 @@ extern "C" {
/**
* @brief Initialize memory helper
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_init(void);
ctap_status_code_t fido2_ctap_mem_init(void);
/**
* @brief Read from flash memory
@ -112,34 +112,34 @@ int fido2_ctap_mem_init(void);
* @param[in] offset offset from the start of the page (in bytes)
* @param[in] len number of bytes to write
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_read(void *buf, uint32_t page, uint32_t offset, uint32_t len);
ctap_status_code_t fido2_ctap_mem_read(void *buf, uint32_t page, uint32_t offset, uint32_t len);
/**
* @brief Erase all flashpages containing CTAP data
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_erase_flash(void);
ctap_status_code_t fido2_ctap_mem_erase_flash(void);
/**
* @brief Read authenticator state from flash
*
* @param[in] state pointer to authenticator state
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_read_state_from_flash(ctap_state_t *state);
ctap_status_code_t fido2_ctap_mem_read_state_from_flash(ctap_state_t *state);
/**
* @brief Write authenticator state to flash
*
* @param[in] state pointer to authenticator state
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_write_state_to_flash(ctap_state_t *state);
ctap_status_code_t fido2_ctap_mem_write_state_to_flash(ctap_state_t *state);
/**
* @brief Find resident credential for @p rp_id_hash in flash
@ -153,9 +153,9 @@ int fido2_ctap_mem_write_state_to_flash(ctap_state_t *state);
* @param[in] rp_id_hash pointer to hash of rp domain string
* @param[in] addr pointer to address where to read from
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_read_rk_from_flash(ctap_resident_key_t *key, uint8_t *rp_id_hash,
ctap_status_code_t fido2_ctap_mem_read_rk_from_flash(ctap_resident_key_t *key, uint8_t *rp_id_hash,
uint32_t *addr);
/**
@ -163,9 +163,9 @@ int fido2_ctap_mem_read_rk_from_flash(ctap_resident_key_t *key, uint8_t *rp_id_h
*
* @param[in] rk pointer to resident credential
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_mem_write_rk_to_flash(ctap_resident_key_t *rk);
ctap_status_code_t fido2_ctap_mem_write_rk_to_flash(ctap_resident_key_t *rk);
#ifdef __cplusplus
}

8
sys/include/fido2/ctap/ctap_utils.h
View File

@ -38,18 +38,18 @@ void fido2_ctap_utils_led_animation(void);
/**
* @brief Initialize button to be used for user presence test
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_utils_init_gpio_pin(gpio_t pin, gpio_mode_t mode, gpio_flank_t flank);
ctap_status_code_t fido2_ctap_utils_init_gpio_pin(gpio_t pin, gpio_mode_t mode, gpio_flank_t flank);
/**
* @brief Test user presence
*
* Successful if user clicks button in less than @ref CTAP_UP_TIMEOUT
*
* @return @ref ctap_status_codes_t
* @return @ref ctap_status_code_t
*/
int fido2_ctap_utils_user_presence_test(void);
ctap_status_code_t fido2_ctap_utils_user_presence_test(void);
/**
* @brief Compare fido2 credentials based on id to find more recent one