1 /* 2 * Copyright (c) 2018 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 */ 6 7 #ifndef _FIDO_TYPES_H 8 #define _FIDO_TYPES_H 9 10 #ifdef __MINGW32__ 11 #include <sys/types.h> 12 #endif 13 14 #include <signal.h> 15 #include <stddef.h> 16 #include <stdint.h> 17 18 #ifdef __cplusplus 19 extern "C" { 20 #endif /* __cplusplus */ 21 22 struct fido_dev; 23 24 typedef void *fido_dev_io_open_t(const char *); 25 typedef void fido_dev_io_close_t(void *); 26 typedef int fido_dev_io_read_t(void *, unsigned char *, size_t, int); 27 typedef int fido_dev_io_write_t(void *, const unsigned char *, size_t); 28 typedef int fido_dev_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int); 29 typedef int fido_dev_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t); 30 31 typedef struct fido_dev_io { 32 fido_dev_io_open_t *open; 33 fido_dev_io_close_t *close; 34 fido_dev_io_read_t *read; 35 fido_dev_io_write_t *write; 36 } fido_dev_io_t; 37 38 typedef struct fido_dev_transport { 39 fido_dev_rx_t *rx; 40 fido_dev_tx_t *tx; 41 } fido_dev_transport_t; 42 43 typedef enum { 44 FIDO_OPT_OMIT = 0, /* use authenticator's default */ 45 FIDO_OPT_FALSE, /* explicitly set option to false */ 46 FIDO_OPT_TRUE, /* explicitly set option to true */ 47 } fido_opt_t; 48 49 typedef void fido_log_handler_t(const char *); 50 51 #ifdef _WIN32 52 typedef int fido_sigset_t; 53 #else 54 typedef sigset_t fido_sigset_t; 55 #endif 56 57 #ifdef _FIDO_INTERNAL 58 #include "packed.h" 59 #include "blob.h" 60 61 /* COSE ES256 (ECDSA over P-256 with SHA-256) public key */ 62 typedef struct es256_pk { 63 unsigned char x[32]; 64 unsigned char y[32]; 65 } es256_pk_t; 66 67 /* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */ 68 typedef struct es256_sk { 69 unsigned char d[32]; 70 } es256_sk_t; 71 72 /* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */ 73 typedef struct rs256_pk { 74 unsigned char n[256]; 75 unsigned char e[3]; 76 } rs256_pk_t; 77 78 /* COSE EDDSA (ED25519) */ 79 typedef struct eddsa_pk { 80 unsigned char x[32]; 81 } eddsa_pk_t; 82 83 PACKED_TYPE(fido_authdata_t, 84 struct fido_authdata { 85 unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */ 86 uint8_t flags; /* user present/verified */ 87 uint32_t sigcount; /* signature counter */ 88 /* actually longer */ 89 }) 90 91 PACKED_TYPE(fido_attcred_raw_t, 92 struct fido_attcred_raw { 93 unsigned char aaguid[16]; /* credential's aaguid */ 94 uint16_t id_len; /* credential id length */ 95 uint8_t body[]; /* credential id + pubkey */ 96 }) 97 98 typedef struct fido_attcred { 99 unsigned char aaguid[16]; /* credential's aaguid */ 100 fido_blob_t id; /* credential id */ 101 int type; /* credential's cose algorithm */ 102 union { /* credential's public key */ 103 es256_pk_t es256; 104 rs256_pk_t rs256; 105 eddsa_pk_t eddsa; 106 } pubkey; 107 } fido_attcred_t; 108 109 typedef struct fido_attstmt { 110 fido_blob_t x5c; /* attestation certificate */ 111 fido_blob_t sig; /* attestation signature */ 112 } fido_attstmt_t; 113 114 typedef struct fido_rp { 115 char *id; /* relying party id */ 116 char *name; /* relying party name */ 117 } fido_rp_t; 118 119 typedef struct fido_user { 120 fido_blob_t id; /* required */ 121 char *icon; /* optional */ 122 char *name; /* optional */ 123 char *display_name; /* required */ 124 } fido_user_t; 125 126 typedef struct fido_cred_ext { 127 int mask; /* enabled extensions */ 128 int prot; /* protection policy */ 129 } fido_cred_ext_t; 130 131 typedef struct fido_cred { 132 fido_blob_t cd; /* client data */ 133 fido_blob_t cdh; /* client data hash */ 134 fido_rp_t rp; /* relying party */ 135 fido_user_t user; /* user entity */ 136 fido_blob_array_t excl; /* list of credential ids to exclude */ 137 fido_opt_t rk; /* resident key */ 138 fido_opt_t uv; /* user verification */ 139 fido_cred_ext_t ext; /* extensions */ 140 int type; /* cose algorithm */ 141 char *fmt; /* credential format */ 142 fido_cred_ext_t authdata_ext; /* decoded extensions */ 143 fido_blob_t authdata_cbor; /* cbor-encoded payload */ 144 fido_blob_t authdata_raw; /* cbor-decoded payload */ 145 fido_authdata_t authdata; /* decoded authdata payload */ 146 fido_attcred_t attcred; /* returned credential (key + id) */ 147 fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */ 148 fido_blob_t largeblob_key; /* decoded large blob key */ 149 fido_blob_t blob; /* FIDO 2.1 credBlob */ 150 } fido_cred_t; 151 152 typedef struct fido_assert_extattr { 153 int mask; /* decoded extensions */ 154 fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */ 155 fido_blob_t blob; /* decoded FIDO 2.1 credBlob */ 156 } fido_assert_extattr_t; 157 158 typedef struct _fido_assert_stmt { 159 fido_blob_t id; /* credential id */ 160 fido_user_t user; /* user attributes */ 161 fido_blob_t hmac_secret; /* hmac secret */ 162 fido_assert_extattr_t authdata_ext; /* decoded extensions */ 163 fido_blob_t authdata_cbor; /* raw cbor payload */ 164 fido_authdata_t authdata; /* decoded authdata payload */ 165 fido_blob_t sig; /* signature of cdh + authdata */ 166 fido_blob_t largeblob_key; /* decoded large blob key */ 167 } fido_assert_stmt; 168 169 typedef struct fido_assert_ext { 170 int mask; /* enabled extensions */ 171 fido_blob_t hmac_salt; /* optional hmac-secret salt */ 172 } fido_assert_ext_t; 173 174 typedef struct fido_assert { 175 char *rp_id; /* relying party id */ 176 fido_blob_t cd; /* client data */ 177 fido_blob_t cdh; /* client data hash */ 178 fido_blob_array_t allow_list; /* list of allowed credentials */ 179 fido_opt_t up; /* user presence */ 180 fido_opt_t uv; /* user verification */ 181 fido_assert_ext_t ext; /* enabled extensions */ 182 fido_assert_stmt *stmt; /* array of expected assertions */ 183 size_t stmt_cnt; /* number of allocated assertions */ 184 size_t stmt_len; /* number of received assertions */ 185 } fido_assert_t; 186 187 typedef struct fido_opt_array { 188 char **name; 189 bool *value; 190 size_t len; 191 } fido_opt_array_t; 192 193 typedef struct fido_str_array { 194 char **ptr; 195 size_t len; 196 } fido_str_array_t; 197 198 typedef struct fido_byte_array { 199 uint8_t *ptr; 200 size_t len; 201 } fido_byte_array_t; 202 203 typedef struct fido_algo { 204 char *type; 205 int cose; 206 } fido_algo_t; 207 208 typedef struct fido_algo_array { 209 fido_algo_t *ptr; 210 size_t len; 211 } fido_algo_array_t; 212 213 typedef struct fido_cbor_info { 214 fido_str_array_t versions; /* supported versions: fido2|u2f */ 215 fido_str_array_t extensions; /* list of supported extensions */ 216 fido_str_array_t transports; /* list of supported transports */ 217 unsigned char aaguid[16]; /* aaguid */ 218 fido_opt_array_t options; /* list of supported options */ 219 uint64_t maxmsgsiz; /* maximum message size */ 220 fido_byte_array_t protocols; /* supported pin protocols */ 221 fido_algo_array_t algorithms; /* list of supported algorithms */ 222 uint64_t maxcredcntlst; /* max number of credentials in list */ 223 uint64_t maxcredidlen; /* max credential ID length */ 224 uint64_t fwversion; /* firmware version */ 225 uint64_t maxcredbloblen; /* max credBlob length */ 226 } fido_cbor_info_t; 227 228 typedef struct fido_dev_info { 229 char *path; /* device path */ 230 int16_t vendor_id; /* 2-byte vendor id */ 231 int16_t product_id; /* 2-byte product id */ 232 char *manufacturer; /* manufacturer string */ 233 char *product; /* product string */ 234 fido_dev_io_t io; /* i/o functions */ 235 fido_dev_transport_t transport; /* transport functions */ 236 } fido_dev_info_t; 237 238 PACKED_TYPE(fido_ctap_info_t, 239 /* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */ 240 struct fido_ctap_info { 241 uint64_t nonce; /* echoed nonce */ 242 uint32_t cid; /* channel id */ 243 uint8_t protocol; /* ctaphid protocol id */ 244 uint8_t major; /* major version number */ 245 uint8_t minor; /* minor version number */ 246 uint8_t build; /* build version number */ 247 uint8_t flags; /* capabilities flags; see FIDO_CAP_* */ 248 }) 249 250 typedef struct fido_dev { 251 uint64_t nonce; /* issued nonce */ 252 fido_ctap_info_t attr; /* device attributes */ 253 uint32_t cid; /* assigned channel id */ 254 char *path; /* device path */ 255 void *io_handle; /* abstract i/o handle */ 256 fido_dev_io_t io; /* i/o functions */ 257 bool io_own; /* device has own io/transport */ 258 size_t rx_len; /* length of HID input reports */ 259 size_t tx_len; /* length of HID output reports */ 260 int flags; /* internal flags; see FIDO_DEV_* */ 261 fido_dev_transport_t transport; /* transport functions */ 262 uint64_t maxmsgsize; /* max message size */ 263 } fido_dev_t; 264 265 #else 266 typedef struct fido_assert fido_assert_t; 267 typedef struct fido_cbor_info fido_cbor_info_t; 268 typedef struct fido_cred fido_cred_t; 269 typedef struct fido_dev fido_dev_t; 270 typedef struct fido_dev_info fido_dev_info_t; 271 typedef struct es256_pk es256_pk_t; 272 typedef struct es256_sk es256_sk_t; 273 typedef struct rs256_pk rs256_pk_t; 274 typedef struct eddsa_pk eddsa_pk_t; 275 #endif /* _FIDO_INTERNAL */ 276 277 #ifdef __cplusplus 278 } /* extern "C" */ 279 #endif /* __cplusplus */ 280 281 #endif /* !_FIDO_TYPES_H */ 282