1 files changed, 235 insertions, 0 deletions
diff --git a/src/fido/types.h b/src/fido/types.h
new file mode 100644
index 0000000..5df5e36
--- /dev/null
+++ b/src/fido/types.h
@@ -0,0 +1,235 @@
+/*
+ * Copyright (c) 2018 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_TYPES_H
+#define _FIDO_TYPES_H
+#include <stddef.h>
+#include <stdint.h>
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+struct fido_dev;
+typedef void *fido_dev_io_open_t(const char *);
+typedef void  fido_dev_io_close_t(void *);
+typedef int   fido_dev_io_read_t(void *, unsigned char *, size_t, int);
+typedef int   fido_dev_io_write_t(void *, const unsigned char *, size_t);
+typedef int   fido_dev_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int);
+typedef int   fido_dev_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t);
+typedef struct fido_dev_io {
+        fido_dev_io_open_t  *open;
+        fido_dev_io_close_t *close;
+        fido_dev_io_read_t  *read;
+        fido_dev_io_write_t *write;
+} fido_dev_io_t;
+typedef struct fido_dev_transport {
+        fido_dev_rx_t *rx;
+        fido_dev_tx_t *tx;
+} fido_dev_transport_t;
+typedef enum {
+        FIDO_OPT_OMIT = 0, /* use authenticator's default */
+        FIDO_OPT_FALSE,    /* explicitly set option to false */
+        FIDO_OPT_TRUE,     /* explicitly set option to true */
+} fido_opt_t;
+typedef void fido_log_handler_t(const char *);
+#ifdef _FIDO_INTERNAL
+#include "packed.h"
+#include "blob.h"
+/* COSE ES256 (ECDSA over P-256 with SHA-256) public key */
+typedef struct es256_pk {
+        unsigned char   x[32];
+        unsigned char   y[32];
+} es256_pk_t;
+/* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */
+typedef struct es256_sk {
+        unsigned char   d[32];
+} es256_sk_t;
+/* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */
+typedef struct rs256_pk {
+        unsigned char n[256];
+        unsigned char e[3];
+} rs256_pk_t;
+/* COSE EDDSA (ED25519) */
+typedef struct eddsa_pk {
+        unsigned char x[32];
+} eddsa_pk_t;
+PACKED_TYPE(fido_authdata_t,
+struct fido_authdata {
+        unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */
+        uint8_t       flags;          /* user present/verified */
+        uint32_t      sigcount;       /* signature counter */
+        /* actually longer */
+})
+PACKED_TYPE(fido_attcred_raw_t,
+struct fido_attcred_raw {
+        unsigned char aaguid[16]; /* credential's aaguid */
+        uint16_t      id_len;     /* credential id length */
+        uint8_t       body[];     /* credential id + pubkey */
+})
+typedef struct fido_attcred {
+        unsigned char aaguid[16]; /* credential's aaguid */
+        fido_blob_t   id;         /* credential id */
+        int           type;       /* credential's cose algorithm */
+        union {                   /* credential's public key */
+                es256_pk_t es256;
+                rs256_pk_t rs256;
+                eddsa_pk_t eddsa;
+        } pubkey;
+} fido_attcred_t;
+typedef struct fido_attstmt {
+        fido_blob_t x5c; /* attestation certificate */
+        fido_blob_t sig; /* attestation signature */
+} fido_attstmt_t;
+typedef struct fido_rp {
+        char *id;   /* relying party id */
+        char *name; /* relying party name */
+} fido_rp_t;
+typedef struct fido_user {
+        fido_blob_t  id;           /* required */
+        char        *icon;         /* optional */
+        char        *name;         /* optional */
+        char        *display_name; /* required */
+} fido_user_t;
+typedef struct fido_cred_ext {
+        int mask; /* enabled extensions */
+        int prot; /* protection policy */
+} fido_cred_ext_t;
+typedef struct fido_cred {
+        fido_blob_t       cdh;           /* client data hash */
+        fido_rp_t         rp;            /* relying party */
+        fido_user_t       user;          /* user entity */
+        fido_blob_array_t excl;          /* list of credential ids to exclude */
+        fido_opt_t        rk;            /* resident key */
+        fido_opt_t        uv;            /* user verification */
+        fido_cred_ext_t   ext;           /* extensions */
+        int               type;          /* cose algorithm */
+        char             *fmt;           /* credential format */
+        fido_cred_ext_t   authdata_ext;  /* decoded extensions */
+        fido_blob_t       authdata_cbor; /* raw cbor payload */
+        fido_authdata_t   authdata;      /* decoded authdata payload */
+        fido_attcred_t    attcred;       /* returned credential (key + id) */
+        fido_attstmt_t    attstmt;       /* attestation statement (x509 + sig) */
+} fido_cred_t;
+typedef struct _fido_assert_stmt {
+        fido_blob_t     id;              /* credential id */
+        fido_user_t     user;            /* user attributes */
+        fido_blob_t     hmac_secret_enc; /* hmac secret, encrypted */
+        fido_blob_t     hmac_secret;     /* hmac secret */
+        int             authdata_ext;    /* decoded extensions */
+        fido_blob_t     authdata_cbor;   /* raw cbor payload */
+        fido_authdata_t authdata;        /* decoded authdata payload */
+        fido_blob_t     sig;             /* signature of cdh + authdata */
+} fido_assert_stmt;
+typedef struct fido_assert {
+        char              *rp_id;        /* relying party id */
+        fido_blob_t        cdh;          /* client data hash */
+        fido_blob_t        hmac_salt;    /* optional hmac-secret salt */
+        fido_blob_array_t  allow_list;   /* list of allowed credentials */
+        fido_opt_t         up;           /* user presence */
+        fido_opt_t         uv;           /* user verification */
+        int                ext;          /* enabled extensions */
+        fido_assert_stmt  *stmt;         /* array of expected assertions */
+        size_t             stmt_cnt;     /* number of allocated assertions */
+        size_t             stmt_len;     /* number of received assertions */
+} fido_assert_t;
+typedef struct fido_opt_array {
+        char **name;
+        bool *value;
+        size_t len;
+} fido_opt_array_t;
+typedef struct fido_str_array {
+        char **ptr;
+        size_t len;
+} fido_str_array_t;
+typedef struct fido_byte_array {
+        uint8_t *ptr;
+        size_t len;
+} fido_byte_array_t;
+typedef struct fido_cbor_info {
+        fido_str_array_t  versions;   /* supported versions: fido2|u2f */
+        fido_str_array_t  extensions; /* list of supported extensions */
+        unsigned char     aaguid[16]; /* aaguid */
+        fido_opt_array_t  options;    /* list of supported options */
+        uint64_t          maxmsgsiz;  /* maximum message size */
+        fido_byte_array_t protocols;  /* supported pin protocols */
+        uint64_t          fwversion;  /* firmware version */
+} fido_cbor_info_t;
+typedef struct fido_dev_info {
+        char                 *path;         /* device path */
+        int16_t               vendor_id;    /* 2-byte vendor id */
+        int16_t               product_id;   /* 2-byte product id */
+        char                 *manufacturer; /* manufacturer string */
+        char                 *product;      /* product string */
+        fido_dev_io_t         io;           /* i/o functions */
+        fido_dev_transport_t  transport;    /* transport functions */
+} fido_dev_info_t;
+PACKED_TYPE(fido_ctap_info_t,
+/* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */
+struct fido_ctap_info {
+        uint64_t nonce;    /* echoed nonce */
+        uint32_t cid;      /* channel id */
+        uint8_t  protocol; /* ctaphid protocol id */
+        uint8_t  major;    /* major version number */
+        uint8_t  minor;    /* minor version number */
+        uint8_t  build;    /* build version number */
+        uint8_t  flags;    /* capabilities flags; see FIDO_CAP_* */
+})
+typedef struct fido_dev {
+        uint64_t              nonce;     /* issued nonce */
+        fido_ctap_info_t      attr;      /* device attributes */
+        uint32_t              cid;       /* assigned channel id */
+        char                 *path;      /* device path */
+        void                 *io_handle; /* abstract i/o handle */
+        fido_dev_io_t         io;        /* i/o functions */
+        fido_dev_transport_t  transport; /* transport functions */
+} fido_dev_t;
+#else
+typedef struct fido_assert fido_assert_t;
+typedef struct fido_cbor_info fido_cbor_info_t;
+typedef struct fido_cred fido_cred_t;
+typedef struct fido_dev fido_dev_t;
+typedef struct fido_dev_info fido_dev_info_t;
+typedef struct es256_pk es256_pk_t;
+typedef struct es256_sk es256_sk_t;
+typedef struct rs256_pk rs256_pk_t;
+typedef struct eddsa_pk eddsa_pk_t;
+#endif /* _FIDO_INTERNAL */
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+#endif /* !_FIDO_TYPES_H */

diff --git a/src/fido/types.h b/src/fido/types.h new file mode 100644 index 0000000..5df5e36 --- /dev/null +++ b/src/fido/types.h
@@ -0,0 +1,235 @@
	1	/*
	2	* Copyright (c) 2018 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_TYPES_H
	8	#define _FIDO_TYPES_H
	9
	10	#include <stddef.h>
	11	#include <stdint.h>
	12
	13	#ifdef __cplusplus
	14	extern "C" {
	15	#endif /* __cplusplus */
	16
	17	struct fido_dev;
	18
	19	typedef void fido_dev_io_open_t(const char );
	20	typedef void fido_dev_io_close_t(void *);
	21	typedef int fido_dev_io_read_t(void , unsigned char , size_t, int);
	22	typedef int fido_dev_io_write_t(void , const unsigned char , size_t);
	23	typedef int fido_dev_rx_t(struct fido_dev , uint8_t, unsigned char , size_t, int);
	24	typedef int fido_dev_tx_t(struct fido_dev , uint8_t, const unsigned char , size_t);
	25
	26	typedef struct fido_dev_io {
	27	fido_dev_io_open_t *open;
	28	fido_dev_io_close_t *close;
	29	fido_dev_io_read_t *read;
	30	fido_dev_io_write_t *write;
	31	} fido_dev_io_t;
	32
	33	typedef struct fido_dev_transport {
	34	fido_dev_rx_t *rx;
	35	fido_dev_tx_t *tx;
	36	} fido_dev_transport_t;
	37
	38	typedef enum {
	39	FIDO_OPT_OMIT = 0, /* use authenticator's default */
	40	FIDO_OPT_FALSE, /* explicitly set option to false */
	41	FIDO_OPT_TRUE, /* explicitly set option to true */
	42	} fido_opt_t;
	43
	44	typedef void fido_log_handler_t(const char *);
	45
	46	#ifdef _FIDO_INTERNAL
	47	#include "packed.h"
	48	#include "blob.h"
	49
	50	/* COSE ES256 (ECDSA over P-256 with SHA-256) public key */
	51	typedef struct es256_pk {
	52	unsigned char x[32];
	53	unsigned char y[32];
	54	} es256_pk_t;
	55
	56	/* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */
	57	typedef struct es256_sk {
	58	unsigned char d[32];
	59	} es256_sk_t;
	60
	61	/* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */
	62	typedef struct rs256_pk {
	63	unsigned char n[256];
	64	unsigned char e[3];
	65	} rs256_pk_t;
	66
	67	/* COSE EDDSA (ED25519) */
	68	typedef struct eddsa_pk {
	69	unsigned char x[32];
	70	} eddsa_pk_t;
	71
	72	PACKED_TYPE(fido_authdata_t,
	73	struct fido_authdata {
	74	unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */
	75	uint8_t flags; /* user present/verified */
	76	uint32_t sigcount; /* signature counter */
	77	/* actually longer */
	78	})
	79
	80	PACKED_TYPE(fido_attcred_raw_t,
	81	struct fido_attcred_raw {
	82	unsigned char aaguid[16]; /* credential's aaguid */
	83	uint16_t id_len; /* credential id length */
	84	uint8_t body[]; /* credential id + pubkey */
	85	})
	86
	87	typedef struct fido_attcred {
	88	unsigned char aaguid[16]; /* credential's aaguid */
	89	fido_blob_t id; /* credential id */
	90	int type; /* credential's cose algorithm */
	91	union { /* credential's public key */
	92	es256_pk_t es256;
	93	rs256_pk_t rs256;
	94	eddsa_pk_t eddsa;
	95	} pubkey;
	96	} fido_attcred_t;
	97
	98	typedef struct fido_attstmt {
	99	fido_blob_t x5c; /* attestation certificate */
	100	fido_blob_t sig; /* attestation signature */
	101	} fido_attstmt_t;
	102
	103	typedef struct fido_rp {
	104	char id; / relying party id */
	105	char name; / relying party name */
	106	} fido_rp_t;
	107
	108	typedef struct fido_user {
	109	fido_blob_t id; /* required */
	110	char icon; / optional */
	111	char name; / optional */
	112	char display_name; / required */
	113	} fido_user_t;
	114
	115	typedef struct fido_cred_ext {
	116	int mask; /* enabled extensions */
	117	int prot; /* protection policy */
	118	} fido_cred_ext_t;
	119
	120	typedef struct fido_cred {
	121	fido_blob_t cdh; /* client data hash */
	122	fido_rp_t rp; /* relying party */
	123	fido_user_t user; /* user entity */
	124	fido_blob_array_t excl; /* list of credential ids to exclude */
	125	fido_opt_t rk; /* resident key */
	126	fido_opt_t uv; /* user verification */
	127	fido_cred_ext_t ext; /* extensions */
	128	int type; /* cose algorithm */
	129	char fmt; / credential format */
	130	fido_cred_ext_t authdata_ext; /* decoded extensions */
	131	fido_blob_t authdata_cbor; /* raw cbor payload */
	132	fido_authdata_t authdata; /* decoded authdata payload */
	133	fido_attcred_t attcred; /* returned credential (key + id) */
	134	fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */
	135	} fido_cred_t;
	136
	137	typedef struct _fido_assert_stmt {
	138	fido_blob_t id; /* credential id */
	139	fido_user_t user; /* user attributes */
	140	fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */
	141	fido_blob_t hmac_secret; /* hmac secret */
	142	int authdata_ext; /* decoded extensions */
	143	fido_blob_t authdata_cbor; /* raw cbor payload */
	144	fido_authdata_t authdata; /* decoded authdata payload */
	145	fido_blob_t sig; /* signature of cdh + authdata */
	146	} fido_assert_stmt;
	147
	148	typedef struct fido_assert {
	149	char rp_id; / relying party id */
	150	fido_blob_t cdh; /* client data hash */
	151	fido_blob_t hmac_salt; /* optional hmac-secret salt */
	152	fido_blob_array_t allow_list; /* list of allowed credentials */
	153	fido_opt_t up; /* user presence */
	154	fido_opt_t uv; /* user verification */
	155	int ext; /* enabled extensions */
	156	fido_assert_stmt stmt; / array of expected assertions */
	157	size_t stmt_cnt; /* number of allocated assertions */
	158	size_t stmt_len; /* number of received assertions */
	159	} fido_assert_t;
	160
	161	typedef struct fido_opt_array {
	162	char **name;
	163	bool *value;
	164	size_t len;
	165	} fido_opt_array_t;
	166
	167	typedef struct fido_str_array {
	168	char **ptr;
	169	size_t len;
	170	} fido_str_array_t;
	171
	172	typedef struct fido_byte_array {
	173	uint8_t *ptr;
	174	size_t len;
	175	} fido_byte_array_t;
	176
	177	typedef struct fido_cbor_info {
	178	fido_str_array_t versions; /* supported versions: fido2\|u2f */
	179	fido_str_array_t extensions; /* list of supported extensions */
	180	unsigned char aaguid[16]; /* aaguid */
	181	fido_opt_array_t options; /* list of supported options */
	182	uint64_t maxmsgsiz; /* maximum message size */
	183	fido_byte_array_t protocols; /* supported pin protocols */
	184	uint64_t fwversion; /* firmware version */
	185	} fido_cbor_info_t;
	186
	187	typedef struct fido_dev_info {
	188	char path; / device path */
	189	int16_t vendor_id; /* 2-byte vendor id */
	190	int16_t product_id; /* 2-byte product id */
	191	char manufacturer; / manufacturer string */
	192	char product; / product string */
	193	fido_dev_io_t io; /* i/o functions */
	194	fido_dev_transport_t transport; /* transport functions */
	195	} fido_dev_info_t;
	196
	197	PACKED_TYPE(fido_ctap_info_t,
	198	/* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */
	199	struct fido_ctap_info {
	200	uint64_t nonce; /* echoed nonce */
	201	uint32_t cid; /* channel id */
	202	uint8_t protocol; /* ctaphid protocol id */
	203	uint8_t major; /* major version number */
	204	uint8_t minor; /* minor version number */
	205	uint8_t build; /* build version number */
	206	uint8_t flags; /* capabilities flags; see FIDO_CAP_* */
	207	})
	208
	209	typedef struct fido_dev {
	210	uint64_t nonce; /* issued nonce */
	211	fido_ctap_info_t attr; /* device attributes */
	212	uint32_t cid; /* assigned channel id */
	213	char path; / device path */
	214	void io_handle; / abstract i/o handle */
	215	fido_dev_io_t io; /* i/o functions */
	216	fido_dev_transport_t transport; /* transport functions */
	217	} fido_dev_t;
	218
	219	#else
	220	typedef struct fido_assert fido_assert_t;
	221	typedef struct fido_cbor_info fido_cbor_info_t;
	222	typedef struct fido_cred fido_cred_t;
	223	typedef struct fido_dev fido_dev_t;
	224	typedef struct fido_dev_info fido_dev_info_t;
	225	typedef struct es256_pk es256_pk_t;
	226	typedef struct es256_sk es256_sk_t;
	227	typedef struct rs256_pk rs256_pk_t;
	228	typedef struct eddsa_pk eddsa_pk_t;
	229	#endif /* _FIDO_INTERNAL */
	230
	231	#ifdef __cplusplus
	232	} /* extern "C" */
	233	#endif /* __cplusplus */
	234
	235	#endif /* !_FIDO_TYPES_H */