xref: /netbsd/external/bsd/libfido2/dist/src/fido/types.h (revision b93b3e8c)
1 /*
2  * Copyright (c) 2018 Yubico AB. All rights reserved.
3  * Use of this source code is governed by a BSD-style
4  * license that can be found in the LICENSE file.
5  */
6 
7 #ifndef _FIDO_TYPES_H
8 #define _FIDO_TYPES_H
9 
10 #ifdef __MINGW32__
11 #include <sys/types.h>
12 #endif
13 
14 #include <signal.h>
15 #include <stddef.h>
16 #include <stdint.h>
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21 
22 struct fido_dev;
23 
24 typedef void *fido_dev_io_open_t(const char *);
25 typedef void  fido_dev_io_close_t(void *);
26 typedef int   fido_dev_io_read_t(void *, unsigned char *, size_t, int);
27 typedef int   fido_dev_io_write_t(void *, const unsigned char *, size_t);
28 typedef int   fido_dev_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int);
29 typedef int   fido_dev_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t);
30 
31 typedef struct fido_dev_io {
32 	fido_dev_io_open_t  *open;
33 	fido_dev_io_close_t *close;
34 	fido_dev_io_read_t  *read;
35 	fido_dev_io_write_t *write;
36 } fido_dev_io_t;
37 
38 typedef struct fido_dev_transport {
39 	fido_dev_rx_t *rx;
40 	fido_dev_tx_t *tx;
41 } fido_dev_transport_t;
42 
43 typedef enum {
44 	FIDO_OPT_OMIT = 0, /* use authenticator's default */
45 	FIDO_OPT_FALSE,    /* explicitly set option to false */
46 	FIDO_OPT_TRUE,     /* explicitly set option to true */
47 } fido_opt_t;
48 
49 typedef void fido_log_handler_t(const char *);
50 
51 #ifdef _WIN32
52 typedef int fido_sigset_t;
53 #else
54 typedef sigset_t fido_sigset_t;
55 #endif
56 
57 #ifdef _FIDO_INTERNAL
58 #include "packed.h"
59 #include "blob.h"
60 
61 /* COSE ES256 (ECDSA over P-256 with SHA-256) public key */
62 typedef struct es256_pk {
63 	unsigned char	x[32];
64 	unsigned char	y[32];
65 } es256_pk_t;
66 
67 /* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */
68 typedef struct es256_sk {
69 	unsigned char	d[32];
70 } es256_sk_t;
71 
72 /* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */
73 typedef struct rs256_pk {
74 	unsigned char n[256];
75 	unsigned char e[3];
76 } rs256_pk_t;
77 
78 /* COSE EDDSA (ED25519) */
79 typedef struct eddsa_pk {
80 	unsigned char x[32];
81 } eddsa_pk_t;
82 
83 PACKED_TYPE(fido_authdata_t,
84 struct fido_authdata {
85 	unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */
86 	uint8_t       flags;          /* user present/verified */
87 	uint32_t      sigcount;       /* signature counter */
88 	/* actually longer */
89 })
90 
91 PACKED_TYPE(fido_attcred_raw_t,
92 struct fido_attcred_raw {
93 	unsigned char aaguid[16]; /* credential's aaguid */
94 	uint16_t      id_len;     /* credential id length */
95 	uint8_t       body[];     /* credential id + pubkey */
96 })
97 
98 typedef struct fido_attcred {
99 	unsigned char aaguid[16]; /* credential's aaguid */
100 	fido_blob_t   id;         /* credential id */
101 	int           type;       /* credential's cose algorithm */
102 	union {                   /* credential's public key */
103 		es256_pk_t es256;
104 		rs256_pk_t rs256;
105 		eddsa_pk_t eddsa;
106 	} pubkey;
107 } fido_attcred_t;
108 
109 typedef struct fido_attstmt {
110 	fido_blob_t x5c; /* attestation certificate */
111 	fido_blob_t sig; /* attestation signature */
112 } fido_attstmt_t;
113 
114 typedef struct fido_rp {
115 	char *id;   /* relying party id */
116 	char *name; /* relying party name */
117 } fido_rp_t;
118 
119 typedef struct fido_user {
120 	fido_blob_t  id;           /* required */
121 	char        *icon;         /* optional */
122 	char        *name;         /* optional */
123 	char        *display_name; /* required */
124 } fido_user_t;
125 
126 typedef struct fido_cred_ext {
127 	int mask; /* enabled extensions */
128 	int prot; /* protection policy */
129 } fido_cred_ext_t;
130 
131 typedef struct fido_cred {
132 	fido_blob_t       cd;            /* client data */
133 	fido_blob_t       cdh;           /* client data hash */
134 	fido_rp_t         rp;            /* relying party */
135 	fido_user_t       user;          /* user entity */
136 	fido_blob_array_t excl;          /* list of credential ids to exclude */
137 	fido_opt_t        rk;            /* resident key */
138 	fido_opt_t        uv;            /* user verification */
139 	fido_cred_ext_t   ext;           /* extensions */
140 	int               type;          /* cose algorithm */
141 	char             *fmt;           /* credential format */
142 	fido_cred_ext_t   authdata_ext;  /* decoded extensions */
143 	fido_blob_t       authdata_cbor; /* cbor-encoded payload */
144 	fido_blob_t       authdata_raw;  /* cbor-decoded payload */
145 	fido_authdata_t   authdata;      /* decoded authdata payload */
146 	fido_attcred_t    attcred;       /* returned credential (key + id) */
147 	fido_attstmt_t    attstmt;       /* attestation statement (x509 + sig) */
148 	fido_blob_t       largeblob_key; /* decoded large blob key */
149 	fido_blob_t       blob;          /* FIDO 2.1 credBlob */
150 } fido_cred_t;
151 
152 typedef struct fido_assert_extattr {
153 	int         mask;            /* decoded extensions */
154 	fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */
155 	fido_blob_t blob;            /* decoded FIDO 2.1 credBlob */
156 } fido_assert_extattr_t;
157 
158 typedef struct _fido_assert_stmt {
159 	fido_blob_t           id;            /* credential id */
160 	fido_user_t           user;          /* user attributes */
161 	fido_blob_t           hmac_secret;   /* hmac secret */
162 	fido_assert_extattr_t authdata_ext;  /* decoded extensions */
163 	fido_blob_t           authdata_cbor; /* raw cbor payload */
164 	fido_authdata_t       authdata;      /* decoded authdata payload */
165 	fido_blob_t           sig;           /* signature of cdh + authdata */
166 	fido_blob_t           largeblob_key; /* decoded large blob key */
167 } fido_assert_stmt;
168 
169 typedef struct fido_assert_ext {
170 	int         mask;                /* enabled extensions */
171 	fido_blob_t hmac_salt;           /* optional hmac-secret salt */
172 } fido_assert_ext_t;
173 
174 typedef struct fido_assert {
175 	char              *rp_id;        /* relying party id */
176 	fido_blob_t        cd;           /* client data */
177 	fido_blob_t        cdh;          /* client data hash */
178 	fido_blob_array_t  allow_list;   /* list of allowed credentials */
179 	fido_opt_t         up;           /* user presence */
180 	fido_opt_t         uv;           /* user verification */
181 	fido_assert_ext_t  ext;          /* enabled extensions */
182 	fido_assert_stmt  *stmt;         /* array of expected assertions */
183 	size_t             stmt_cnt;     /* number of allocated assertions */
184 	size_t             stmt_len;     /* number of received assertions */
185 } fido_assert_t;
186 
187 typedef struct fido_opt_array {
188 	char **name;
189 	bool *value;
190 	size_t len;
191 } fido_opt_array_t;
192 
193 typedef struct fido_str_array {
194 	char **ptr;
195 	size_t len;
196 } fido_str_array_t;
197 
198 typedef struct fido_byte_array {
199 	uint8_t *ptr;
200 	size_t len;
201 } fido_byte_array_t;
202 
203 typedef struct fido_algo {
204 	char *type;
205 	int cose;
206 } fido_algo_t;
207 
208 typedef struct fido_algo_array {
209 	fido_algo_t *ptr;
210 	size_t len;
211 } fido_algo_array_t;
212 
213 typedef struct fido_cbor_info {
214 	fido_str_array_t  versions;      /* supported versions: fido2|u2f */
215 	fido_str_array_t  extensions;    /* list of supported extensions */
216 	fido_str_array_t  transports;    /* list of supported transports */
217 	unsigned char     aaguid[16];    /* aaguid */
218 	fido_opt_array_t  options;       /* list of supported options */
219 	uint64_t          maxmsgsiz;     /* maximum message size */
220 	fido_byte_array_t protocols;     /* supported pin protocols */
221 	fido_algo_array_t algorithms;    /* list of supported algorithms */
222 	uint64_t          maxcredcntlst; /* max number of credentials in list */
223 	uint64_t          maxcredidlen;  /* max credential ID length */
224 	uint64_t          fwversion;     /* firmware version */
225 	uint64_t          maxcredbloblen; /* max credBlob length */
226 } fido_cbor_info_t;
227 
228 typedef struct fido_dev_info {
229 	char                 *path;         /* device path */
230 	int16_t               vendor_id;    /* 2-byte vendor id */
231 	int16_t               product_id;   /* 2-byte product id */
232 	char                 *manufacturer; /* manufacturer string */
233 	char                 *product;      /* product string */
234 	fido_dev_io_t         io;           /* i/o functions */
235 	fido_dev_transport_t  transport;    /* transport functions */
236 } fido_dev_info_t;
237 
238 PACKED_TYPE(fido_ctap_info_t,
239 /* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */
240 struct fido_ctap_info {
241 	uint64_t nonce;    /* echoed nonce */
242 	uint32_t cid;      /* channel id */
243 	uint8_t  protocol; /* ctaphid protocol id */
244 	uint8_t  major;    /* major version number */
245 	uint8_t  minor;    /* minor version number */
246 	uint8_t  build;    /* build version number */
247 	uint8_t  flags;    /* capabilities flags; see FIDO_CAP_* */
248 })
249 
250 typedef struct fido_dev {
251 	uint64_t              nonce;      /* issued nonce */
252 	fido_ctap_info_t      attr;       /* device attributes */
253 	uint32_t              cid;        /* assigned channel id */
254 	char                 *path;       /* device path */
255 	void                 *io_handle;  /* abstract i/o handle */
256 	fido_dev_io_t         io;         /* i/o functions */
257 	bool                  io_own;     /* device has own io/transport */
258 	size_t                rx_len;     /* length of HID input reports */
259 	size_t                tx_len;     /* length of HID output reports */
260 	int                   flags;      /* internal flags; see FIDO_DEV_* */
261 	fido_dev_transport_t  transport;  /* transport functions */
262 	uint64_t	      maxmsgsize; /* max message size */
263 } fido_dev_t;
264 
265 #else
266 typedef struct fido_assert fido_assert_t;
267 typedef struct fido_cbor_info fido_cbor_info_t;
268 typedef struct fido_cred fido_cred_t;
269 typedef struct fido_dev fido_dev_t;
270 typedef struct fido_dev_info fido_dev_info_t;
271 typedef struct es256_pk es256_pk_t;
272 typedef struct es256_sk es256_sk_t;
273 typedef struct rs256_pk rs256_pk_t;
274 typedef struct eddsa_pk eddsa_pk_t;
275 #endif /* _FIDO_INTERNAL */
276 
277 #ifdef __cplusplus
278 } /* extern "C" */
279 #endif /* __cplusplus */
280 
281 #endif /* !_FIDO_TYPES_H */
282