7 files changed, 418 insertions, 0 deletions
diff --git a/src/fido/bio.h b/src/fido/bio.h
new file mode 100644
index 0000000..31dffe4
--- /dev/null
+++ b/src/fido/bio.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2019 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_BIO_H
+#define _FIDO_BIO_H
+#include <stdint.h>
+#include <stdlib.h>
+#include "fido/err.h"
+#include "fido/param.h"
+#ifdef _FIDO_INTERNAL
+struct fido_bio_template {
+        fido_blob_t id;
+        char *name;
+};
+struct fido_bio_template_array {
+        struct fido_bio_template *ptr;
+        size_t n_alloc; /* number of allocated entries */
+        size_t n_rx;    /* number of populated entries */
+};
+struct fido_bio_enroll {
+        uint8_t remaining_samples;
+        uint8_t last_status;
+        fido_blob_t *token;
+};
+struct fido_bio_info {
+        uint8_t type;
+        uint8_t max_samples;
+};
+#endif
+typedef struct fido_bio_template fido_bio_template_t;
+typedef struct fido_bio_template_array fido_bio_template_array_t;
+typedef struct fido_bio_enroll fido_bio_enroll_t;
+typedef struct fido_bio_info fido_bio_info_t;
+#define FIDO_BIO_ENROLL_FP_GOOD                         0x00
+#define FIDO_BIO_ENROLL_FP_TOO_HIGH                     0x01
+#define FIDO_BIO_ENROLL_FP_TOO_LOW                      0x02
+#define FIDO_BIO_ENROLL_FP_TOO_LEFT                     0x03
+#define FIDO_BIO_ENROLL_FP_TOO_RIGHT                    0x04
+#define FIDO_BIO_ENROLL_FP_TOO_FAST                     0x05
+#define FIDO_BIO_ENROLL_FP_TOO_SLOW                     0x06
+#define FIDO_BIO_ENROLL_FP_POOR_QUALITY                 0x07
+#define FIDO_BIO_ENROLL_FP_TOO_SKEWED                   0x08
+#define FIDO_BIO_ENROLL_FP_TOO_SHORT                    0x09
+#define FIDO_BIO_ENROLL_FP_MERGE_FAILURE                0x0a
+#define FIDO_BIO_ENROLL_FP_EXISTS                       0x0b
+#define FIDO_BIO_ENROLL_FP_DATABASE_FULL                0x0c
+#define FIDO_BIO_ENROLL_NO_USER_ACTIVITY                0x0d
+#define FIDO_BIO_ENROLL_NO_USER_PRESENCE_TRANSITION     0x0e
+const char *fido_bio_template_name(const fido_bio_template_t *);
+const fido_bio_template_t *fido_bio_template(const fido_bio_template_array_t *,
+    size_t);
+const unsigned char *fido_bio_template_id_ptr(const fido_bio_template_t *);
+fido_bio_enroll_t *fido_bio_enroll_new(void);
+fido_bio_info_t *fido_bio_info_new(void);
+fido_bio_template_array_t *fido_bio_template_array_new(void);
+fido_bio_template_t *fido_bio_template_new(void);
+int fido_bio_dev_enroll_begin(fido_dev_t *, fido_bio_template_t *,
+    fido_bio_enroll_t *, uint32_t, const char *);
+int fido_bio_dev_enroll_cancel(fido_dev_t *);
+int fido_bio_dev_enroll_continue(fido_dev_t *, const fido_bio_template_t *,
+    fido_bio_enroll_t *, uint32_t);
+int fido_bio_dev_enroll_remove(fido_dev_t *, const fido_bio_template_t *,
+    const char *);
+int fido_bio_dev_get_info(fido_dev_t *, fido_bio_info_t *);
+int fido_bio_dev_get_template_array(fido_dev_t *, fido_bio_template_array_t *,
+    const char *);
+int fido_bio_dev_set_template_name(fido_dev_t *, const fido_bio_template_t *,
+    const char *);
+int fido_bio_template_set_id(fido_bio_template_t *, const unsigned char *,
+    size_t);
+int fido_bio_template_set_name(fido_bio_template_t *, const char *);
+size_t fido_bio_template_array_count(const fido_bio_template_array_t *);
+size_t fido_bio_template_id_len(const fido_bio_template_t *);
+uint8_t fido_bio_enroll_last_status(const fido_bio_enroll_t *);
+uint8_t fido_bio_enroll_remaining_samples(const fido_bio_enroll_t *);
+uint8_t fido_bio_info_max_samples(const fido_bio_info_t *);
+uint8_t fido_bio_info_type(const fido_bio_info_t *);
+void fido_bio_enroll_free(fido_bio_enroll_t **);
+void fido_bio_info_free(fido_bio_info_t **);
+void fido_bio_template_array_free(fido_bio_template_array_t **);
+void fido_bio_template_free(fido_bio_template_t **);
+#endif /* !_FIDO_BIO_H */
diff --git a/src/fido/credman.h b/src/fido/credman.h
new file mode 100644
index 0000000..1c7cafe
--- /dev/null
+++ b/src/fido/credman.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2019 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_CREDMAN_H
+#define _FIDO_CREDMAN_H
+#include <stdint.h>
+#include <stdlib.h>
+#include "fido/err.h"
+#include "fido/param.h"
+#ifdef _FIDO_INTERNAL
+struct fido_credman_metadata {
+        uint64_t rk_existing;
+        uint64_t rk_remaining;
+};
+struct fido_credman_single_rp {
+        fido_rp_t rp_entity;
+        fido_blob_t rp_id_hash;
+};
+struct fido_credman_rp {
+        struct fido_credman_single_rp *ptr;
+        size_t n_alloc; /* number of allocated entries */
+        size_t n_rx;    /* number of populated entries */
+};
+struct fido_credman_rk {
+        fido_cred_t *ptr;
+        size_t n_alloc; /* number of allocated entries */
+        size_t n_rx;    /* number of populated entries */
+};
+#endif
+typedef struct fido_credman_metadata fido_credman_metadata_t;
+typedef struct fido_credman_rk fido_credman_rk_t;
+typedef struct fido_credman_rp fido_credman_rp_t;
+const char *fido_credman_rp_id(const fido_credman_rp_t *, size_t);
+const char *fido_credman_rp_name(const fido_credman_rp_t *, size_t);
+const fido_cred_t *fido_credman_rk(const fido_credman_rk_t *, size_t);
+const unsigned char *fido_credman_rp_id_hash_ptr(const fido_credman_rp_t *,
+    size_t);
+fido_credman_metadata_t *fido_credman_metadata_new(void);
+fido_credman_rk_t *fido_credman_rk_new(void);
+fido_credman_rp_t *fido_credman_rp_new(void);
+int fido_credman_del_dev_rk(fido_dev_t *, const unsigned char *, size_t,
+    const char *);
+int fido_credman_get_dev_metadata(fido_dev_t *, fido_credman_metadata_t *,
+    const char *);
+int fido_credman_get_dev_rk(fido_dev_t *, const char *, fido_credman_rk_t *,
+    const char *);
+int fido_credman_get_dev_rp(fido_dev_t *, fido_credman_rp_t *, const char *);
+size_t fido_credman_rk_count(const fido_credman_rk_t *);
+size_t fido_credman_rp_count(const fido_credman_rp_t *);
+size_t fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t);
+uint64_t fido_credman_rk_existing(const fido_credman_metadata_t *);
+uint64_t fido_credman_rk_remaining(const fido_credman_metadata_t *);
+void fido_credman_metadata_free(fido_credman_metadata_t **);
+void fido_credman_rk_free(fido_credman_rk_t **);
+void fido_credman_rp_free(fido_credman_rp_t **);
+#endif /* !_FIDO_CREDMAN_H */
diff --git a/src/fido/eddsa.h b/src/fido/eddsa.h
new file mode 100644
index 0000000..9de272d
--- /dev/null
+++ b/src/fido/eddsa.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2019 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_EDDSA_H
+#define _FIDO_EDDSA_H
+#include <openssl/ec.h>
+#include <stdint.h>
+#include <stdlib.h>
+eddsa_pk_t *eddsa_pk_new(void);
+void eddsa_pk_free(eddsa_pk_t **);
+EVP_PKEY *eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *);
+int eddsa_pk_from_EVP_PKEY(eddsa_pk_t *, const EVP_PKEY *);
+int eddsa_pk_from_ptr(eddsa_pk_t *, const void *, size_t);
+#ifdef _FIDO_INTERNAL
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L
+#define EVP_PKEY_ED25519 EVP_PKEY_NONE
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
+    size_t);
+int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t,
+    const unsigned char *, size_t);
+#endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX *);
+#endif
+#endif /* _FIDO_INTERNAL */
+#endif /* !_FIDO_EDDSA_H */
diff --git a/src/fido/err.h b/src/fido/err.h
new file mode 100644
index 0000000..11f52bc
--- /dev/null
+++ b/src/fido/err.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2018 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_ERR_H
+#define _FIDO_ERR_H
+#define FIDO_ERR_SUCCESS                0x00
+#define FIDO_ERR_INVALID_COMMAND        0x01
+#define FIDO_ERR_INVALID_PARAMETER      0x02
+#define FIDO_ERR_INVALID_LENGTH         0x03
+#define FIDO_ERR_INVALID_SEQ            0x04
+#define FIDO_ERR_TIMEOUT                0x05
+#define FIDO_ERR_CHANNEL_BUSY           0x06
+#define FIDO_ERR_LOCK_REQUIRED          0x0a
+#define FIDO_ERR_INVALID_CHANNEL        0x0b
+#define FIDO_ERR_CBOR_UNEXPECTED_TYPE   0x11
+#define FIDO_ERR_INVALID_CBOR           0x12
+#define FIDO_ERR_MISSING_PARAMETER      0x14
+#define FIDO_ERR_LIMIT_EXCEEDED         0x15
+#define FIDO_ERR_UNSUPPORTED_EXTENSION  0x16
+#define FIDO_ERR_CREDENTIAL_EXCLUDED    0x19
+#define FIDO_ERR_PROCESSING             0x21
+#define FIDO_ERR_INVALID_CREDENTIAL     0x22
+#define FIDO_ERR_USER_ACTION_PENDING    0x23
+#define FIDO_ERR_OPERATION_PENDING      0x24
+#define FIDO_ERR_NO_OPERATIONS          0x25
+#define FIDO_ERR_UNSUPPORTED_ALGORITHM  0x26
+#define FIDO_ERR_OPERATION_DENIED       0x27
+#define FIDO_ERR_KEY_STORE_FULL         0x28
+#define FIDO_ERR_NOT_BUSY               0x29
+#define FIDO_ERR_NO_OPERATION_PENDING   0x2a
+#define FIDO_ERR_UNSUPPORTED_OPTION     0x2b
+#define FIDO_ERR_INVALID_OPTION         0x2c
+#define FIDO_ERR_KEEPALIVE_CANCEL       0x2d
+#define FIDO_ERR_NO_CREDENTIALS         0x2e
+#define FIDO_ERR_USER_ACTION_TIMEOUT    0x2f
+#define FIDO_ERR_NOT_ALLOWED            0x30
+#define FIDO_ERR_PIN_INVALID            0x31
+#define FIDO_ERR_PIN_BLOCKED            0x32
+#define FIDO_ERR_PIN_AUTH_INVALID       0x33
+#define FIDO_ERR_PIN_AUTH_BLOCKED       0x34
+#define FIDO_ERR_PIN_NOT_SET            0x35
+#define FIDO_ERR_PIN_REQUIRED           0x36
+#define FIDO_ERR_PIN_POLICY_VIOLATION   0x37
+#define FIDO_ERR_PIN_TOKEN_EXPIRED      0x38
+#define FIDO_ERR_REQUEST_TOO_LARGE      0x39
+#define FIDO_ERR_ACTION_TIMEOUT         0x3a
+#define FIDO_ERR_UP_REQUIRED            0x3b
+#define FIDO_ERR_ERR_OTHER              0x7f
+#define FIDO_ERR_SPEC_LAST              0xdf
+/* defined internally */
+#define FIDO_OK                         FIDO_ERR_SUCCESS
+#define FIDO_ERR_TX                     -1
+#define FIDO_ERR_RX                     -2
+#define FIDO_ERR_RX_NOT_CBOR            -3
+#define FIDO_ERR_RX_INVALID_CBOR        -4
+#define FIDO_ERR_INVALID_PARAM          -5
+#define FIDO_ERR_INVALID_SIG            -6
+#define FIDO_ERR_INVALID_ARGUMENT       -7
+#define FIDO_ERR_USER_PRESENCE_REQUIRED -8
+#define FIDO_ERR_INTERNAL               -9
+const char *fido_strerr(int);
+#endif /* _FIDO_ERR_H */
diff --git a/src/fido/es256.h b/src/fido/es256.h
new file mode 100644
index 0000000..d3d13dd
--- /dev/null
+++ b/src/fido/es256.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2018 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_ES256_H
+#define _FIDO_ES256_H
+#include <openssl/ec.h>
+#include <stdint.h>
+#include <stdlib.h>
+es256_pk_t *es256_pk_new(void);
+void es256_pk_free(es256_pk_t **);
+EVP_PKEY *es256_pk_to_EVP_PKEY(const es256_pk_t *);
+int es256_pk_from_EC_KEY(es256_pk_t *, const EC_KEY *);
+int es256_pk_from_ptr(es256_pk_t *, const void *, size_t);
+#ifdef _FIDO_INTERNAL
+es256_sk_t *es256_sk_new(void);
+void es256_sk_free(es256_sk_t **);
+EVP_PKEY *es256_sk_to_EVP_PKEY(const es256_sk_t *);
+int es256_derive_pk(const es256_sk_t *, es256_pk_t *);
+int es256_sk_create(es256_sk_t *);
+int es256_pk_set_x(es256_pk_t *, const unsigned char *);
+int es256_pk_set_y(es256_pk_t *, const unsigned char *);
+#endif
+#endif /* !_FIDO_ES256_H */
diff --git a/src/fido/param.h b/src/fido/param.h
new file mode 100644
index 0000000..9e12ac6
--- /dev/null
+++ b/src/fido/param.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2018 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_PARAM_H
+#define _FIDO_PARAM_H
+/* Authentication data flags. */
+#define CTAP_AUTHDATA_USER_PRESENT      0x01
+#define CTAP_AUTHDATA_USER_VERIFIED     0x04
+#define CTAP_AUTHDATA_ATT_CRED          0x40
+#define CTAP_AUTHDATA_EXT_DATA          0x80
+/* CTAPHID command opcodes. */
+#define CTAP_CMD_PING                   0x01
+#define CTAP_CMD_MSG                    0x03
+#define CTAP_CMD_LOCK                   0x04
+#define CTAP_CMD_INIT                   0x06
+#define CTAP_CMD_WINK                   0x08
+#define CTAP_CMD_CBOR                   0x10
+#define CTAP_CMD_CANCEL                 0x11
+#define CTAP_KEEPALIVE                  0x3b
+#define CTAP_FRAME_INIT                 0x80
+/* CTAPHID CBOR command opcodes. */
+#define CTAP_CBOR_MAKECRED              0x01
+#define CTAP_CBOR_ASSERT                0x02
+#define CTAP_CBOR_GETINFO               0x04
+#define CTAP_CBOR_CLIENT_PIN            0x06
+#define CTAP_CBOR_RESET                 0x07
+#define CTAP_CBOR_NEXT_ASSERT           0x08
+#define CTAP_CBOR_BIO_ENROLL_PRE        0x40
+#define CTAP_CBOR_CRED_MGMT_PRE         0x41
+/* U2F command opcodes. */
+#define U2F_CMD_REGISTER                0x01
+#define U2F_CMD_AUTH                    0x02
+/* U2F command flags. */
+#define U2F_AUTH_SIGN                   0x03
+#define U2F_AUTH_CHECK                  0x07
+/* ISO7816-4 status words. */
+#define SW_CONDITIONS_NOT_SATISFIED     0x6985
+#define SW_WRONG_DATA                   0x6a80
+#define SW_NO_ERROR                     0x9000
+/* HID Broadcast channel ID. */
+#define CTAP_CID_BROADCAST              0xffffffff
+/* Expected size of a HID report in bytes. */
+#define CTAP_RPT_SIZE                   64
+/* Randomness device on UNIX-like platforms. */
+#ifndef FIDO_RANDOM_DEV
+#define FIDO_RANDOM_DEV                 "/dev/urandom"
+#endif
+/* CTAP capability bits. */
+#define FIDO_CAP_WINK   0x01 /* if set, device supports CTAP_CMD_WINK */
+#define FIDO_CAP_CBOR   0x04 /* if set, device supports CTAP_CMD_CBOR */
+#define FIDO_CAP_NMSG   0x08 /* if set, device doesn't support CTAP_CMD_MSG */
+/* Supported COSE algorithms. */
+#define COSE_ES256      -7
+#define COSE_EDDSA      -8
+#define COSE_ECDH_ES256 -25
+#define COSE_RS256      -257
+/* Supported COSE types. */
+#define COSE_KTY_OKP    1
+#define COSE_KTY_EC2    2
+#define COSE_KTY_RSA    3
+/* Supported curves. */
+#define COSE_P256       1
+#define COSE_ED25519    6
+/* Supported extensions. */
+#define FIDO_EXT_HMAC_SECRET    0x01
+#endif /* !_FIDO_PARAM_H */
diff --git a/src/fido/rs256.h b/src/fido/rs256.h
new file mode 100644
index 0000000..d2fa162
--- /dev/null
+++ b/src/fido/rs256.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2018 Yubico AB. All rights reserved.
+ * Use of this source code is governed by a BSD-style
+ * license that can be found in the LICENSE file.
+ */
+#ifndef _FIDO_RS256_H
+#define _FIDO_RS256_H
+#include <openssl/rsa.h>
+#include <stdint.h>
+#include <stdlib.h>
+rs256_pk_t *rs256_pk_new(void);
+void rs256_pk_free(rs256_pk_t **);
+EVP_PKEY *rs256_pk_to_EVP_PKEY(const rs256_pk_t *);
+int rs256_pk_from_RSA(rs256_pk_t *, const RSA *);
+int rs256_pk_from_ptr(rs256_pk_t *, const void *, size_t);
+#endif /* !_FIDO_RS256_H */

diff --git a/src/fido/bio.h b/src/fido/bio.h new file mode 100644 index 0000000..31dffe4 --- /dev/null +++ b/src/fido/bio.h
@@ -0,0 +1,95 @@
	1	/*
	2	* Copyright (c) 2019 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_BIO_H
	8	#define _FIDO_BIO_H
	9
	10	#include <stdint.h>
	11	#include <stdlib.h>
	12
	13	#include "fido/err.h"
	14	#include "fido/param.h"
	15
	16	#ifdef _FIDO_INTERNAL
	17	struct fido_bio_template {
	18	fido_blob_t id;
	19	char *name;
	20	};
	21
	22	struct fido_bio_template_array {
	23	struct fido_bio_template *ptr;
	24	size_t n_alloc; /* number of allocated entries */
	25	size_t n_rx; /* number of populated entries */
	26	};
	27
	28	struct fido_bio_enroll {
	29	uint8_t remaining_samples;
	30	uint8_t last_status;
	31	fido_blob_t *token;
	32	};
	33
	34	struct fido_bio_info {
	35	uint8_t type;
	36	uint8_t max_samples;
	37	};
	38	#endif
	39
	40	typedef struct fido_bio_template fido_bio_template_t;
	41	typedef struct fido_bio_template_array fido_bio_template_array_t;
	42	typedef struct fido_bio_enroll fido_bio_enroll_t;
	43	typedef struct fido_bio_info fido_bio_info_t;
	44
	45	#define FIDO_BIO_ENROLL_FP_GOOD 0x00
	46	#define FIDO_BIO_ENROLL_FP_TOO_HIGH 0x01
	47	#define FIDO_BIO_ENROLL_FP_TOO_LOW 0x02
	48	#define FIDO_BIO_ENROLL_FP_TOO_LEFT 0x03
	49	#define FIDO_BIO_ENROLL_FP_TOO_RIGHT 0x04
	50	#define FIDO_BIO_ENROLL_FP_TOO_FAST 0x05
	51	#define FIDO_BIO_ENROLL_FP_TOO_SLOW 0x06
	52	#define FIDO_BIO_ENROLL_FP_POOR_QUALITY 0x07
	53	#define FIDO_BIO_ENROLL_FP_TOO_SKEWED 0x08
	54	#define FIDO_BIO_ENROLL_FP_TOO_SHORT 0x09
	55	#define FIDO_BIO_ENROLL_FP_MERGE_FAILURE 0x0a
	56	#define FIDO_BIO_ENROLL_FP_EXISTS 0x0b
	57	#define FIDO_BIO_ENROLL_FP_DATABASE_FULL 0x0c
	58	#define FIDO_BIO_ENROLL_NO_USER_ACTIVITY 0x0d
	59	#define FIDO_BIO_ENROLL_NO_USER_PRESENCE_TRANSITION 0x0e
	60
	61	const char fido_bio_template_name(const fido_bio_template_t );
	62	const fido_bio_template_t fido_bio_template(const fido_bio_template_array_t ,
	63	size_t);
	64	const unsigned char fido_bio_template_id_ptr(const fido_bio_template_t );
	65	fido_bio_enroll_t *fido_bio_enroll_new(void);
	66	fido_bio_info_t *fido_bio_info_new(void);
	67	fido_bio_template_array_t *fido_bio_template_array_new(void);
	68	fido_bio_template_t *fido_bio_template_new(void);
	69	int fido_bio_dev_enroll_begin(fido_dev_t , fido_bio_template_t ,
	70	fido_bio_enroll_t , uint32_t, const char );
	71	int fido_bio_dev_enroll_cancel(fido_dev_t *);
	72	int fido_bio_dev_enroll_continue(fido_dev_t , const fido_bio_template_t ,
	73	fido_bio_enroll_t *, uint32_t);
	74	int fido_bio_dev_enroll_remove(fido_dev_t , const fido_bio_template_t ,
	75	const char *);
	76	int fido_bio_dev_get_info(fido_dev_t , fido_bio_info_t );
	77	int fido_bio_dev_get_template_array(fido_dev_t , fido_bio_template_array_t ,
	78	const char *);
	79	int fido_bio_dev_set_template_name(fido_dev_t , const fido_bio_template_t ,
	80	const char *);
	81	int fido_bio_template_set_id(fido_bio_template_t , const unsigned char ,
	82	size_t);
	83	int fido_bio_template_set_name(fido_bio_template_t , const char );
	84	size_t fido_bio_template_array_count(const fido_bio_template_array_t *);
	85	size_t fido_bio_template_id_len(const fido_bio_template_t *);
	86	uint8_t fido_bio_enroll_last_status(const fido_bio_enroll_t *);
	87	uint8_t fido_bio_enroll_remaining_samples(const fido_bio_enroll_t *);
	88	uint8_t fido_bio_info_max_samples(const fido_bio_info_t *);
	89	uint8_t fido_bio_info_type(const fido_bio_info_t *);
	90	void fido_bio_enroll_free(fido_bio_enroll_t **);
	91	void fido_bio_info_free(fido_bio_info_t **);
	92	void fido_bio_template_array_free(fido_bio_template_array_t **);
	93	void fido_bio_template_free(fido_bio_template_t **);
	94
	95	#endif /* !_FIDO_BIO_H */


diff --git a/src/fido/credman.h b/src/fido/credman.h new file mode 100644 index 0000000..1c7cafe --- /dev/null +++ b/src/fido/credman.h
@@ -0,0 +1,74 @@
	1	/*
	2	* Copyright (c) 2019 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_CREDMAN_H
	8	#define _FIDO_CREDMAN_H
	9
	10	#include <stdint.h>
	11	#include <stdlib.h>
	12
	13	#include "fido/err.h"
	14	#include "fido/param.h"
	15
	16	#ifdef _FIDO_INTERNAL
	17	struct fido_credman_metadata {
	18	uint64_t rk_existing;
	19	uint64_t rk_remaining;
	20	};
	21
	22	struct fido_credman_single_rp {
	23	fido_rp_t rp_entity;
	24	fido_blob_t rp_id_hash;
	25	};
	26
	27	struct fido_credman_rp {
	28	struct fido_credman_single_rp *ptr;
	29	size_t n_alloc; /* number of allocated entries */
	30	size_t n_rx; /* number of populated entries */
	31	};
	32
	33	struct fido_credman_rk {
	34	fido_cred_t *ptr;
	35	size_t n_alloc; /* number of allocated entries */
	36	size_t n_rx; /* number of populated entries */
	37	};
	38	#endif
	39
	40	typedef struct fido_credman_metadata fido_credman_metadata_t;
	41	typedef struct fido_credman_rk fido_credman_rk_t;
	42	typedef struct fido_credman_rp fido_credman_rp_t;
	43
	44	const char fido_credman_rp_id(const fido_credman_rp_t , size_t);
	45	const char fido_credman_rp_name(const fido_credman_rp_t , size_t);
	46
	47	const fido_cred_t fido_credman_rk(const fido_credman_rk_t , size_t);
	48	const unsigned char fido_credman_rp_id_hash_ptr(const fido_credman_rp_t ,
	49	size_t);
	50
	51	fido_credman_metadata_t *fido_credman_metadata_new(void);
	52	fido_credman_rk_t *fido_credman_rk_new(void);
	53	fido_credman_rp_t *fido_credman_rp_new(void);
	54
	55	int fido_credman_del_dev_rk(fido_dev_t , const unsigned char , size_t,
	56	const char *);
	57	int fido_credman_get_dev_metadata(fido_dev_t , fido_credman_metadata_t ,
	58	const char *);
	59	int fido_credman_get_dev_rk(fido_dev_t , const char , fido_credman_rk_t *,
	60	const char *);
	61	int fido_credman_get_dev_rp(fido_dev_t , fido_credman_rp_t , const char *);
	62
	63	size_t fido_credman_rk_count(const fido_credman_rk_t *);
	64	size_t fido_credman_rp_count(const fido_credman_rp_t *);
	65	size_t fido_credman_rp_id_hash_len(const fido_credman_rp_t *, size_t);
	66
	67	uint64_t fido_credman_rk_existing(const fido_credman_metadata_t *);
	68	uint64_t fido_credman_rk_remaining(const fido_credman_metadata_t *);
	69
	70	void fido_credman_metadata_free(fido_credman_metadata_t **);
	71	void fido_credman_rk_free(fido_credman_rk_t **);
	72	void fido_credman_rp_free(fido_credman_rp_t **);
	73
	74	#endif /* !_FIDO_CREDMAN_H */


diff --git a/src/fido/eddsa.h b/src/fido/eddsa.h new file mode 100644 index 0000000..9de272d --- /dev/null +++ b/src/fido/eddsa.h
@@ -0,0 +1,40 @@
	1	/*
	2	* Copyright (c) 2019 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_EDDSA_H
	8	#define _FIDO_EDDSA_H
	9
	10	#include <openssl/ec.h>
	11
	12	#include <stdint.h>
	13	#include <stdlib.h>
	14
	15	eddsa_pk_t *eddsa_pk_new(void);
	16	void eddsa_pk_free(eddsa_pk_t **);
	17	EVP_PKEY eddsa_pk_to_EVP_PKEY(const eddsa_pk_t );
	18
	19	int eddsa_pk_from_EVP_PKEY(eddsa_pk_t , const EVP_PKEY );
	20	int eddsa_pk_from_ptr(eddsa_pk_t , const void , size_t);
	21
	22	#ifdef _FIDO_INTERNAL
	23
	24	#if defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10101000L
	25	#define EVP_PKEY_ED25519 EVP_PKEY_NONE
	26	int EVP_PKEY_get_raw_public_key(const EVP_PKEY , unsigned char , size_t *);
	27	EVP_PKEY EVP_PKEY_new_raw_public_key(int, ENGINE , const unsigned char *,
	28	size_t);
	29	int EVP_DigestVerify(EVP_MD_CTX , const unsigned char , size_t,
	30	const unsigned char *, size_t);
	31	#endif /* LIBRESSL_VERSION_NUMBER \|\| OPENSSL_VERSION_NUMBER < 0x10101000L */
	32
	33	#if OPENSSL_VERSION_NUMBER < 0x10100000L
	34	EVP_MD_CTX *EVP_MD_CTX_new(void);
	35	void EVP_MD_CTX_free(EVP_MD_CTX *);
	36	#endif
	37
	38	#endif /* _FIDO_INTERNAL */
	39
	40	#endif /* !_FIDO_EDDSA_H */


diff --git a/src/fido/err.h b/src/fido/err.h new file mode 100644 index 0000000..11f52bc --- /dev/null +++ b/src/fido/err.h
@@ -0,0 +1,69 @@
	1	/*
	2	* Copyright (c) 2018 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_ERR_H
	8	#define _FIDO_ERR_H
	9
	10	#define FIDO_ERR_SUCCESS 0x00
	11	#define FIDO_ERR_INVALID_COMMAND 0x01
	12	#define FIDO_ERR_INVALID_PARAMETER 0x02
	13	#define FIDO_ERR_INVALID_LENGTH 0x03
	14	#define FIDO_ERR_INVALID_SEQ 0x04
	15	#define FIDO_ERR_TIMEOUT 0x05
	16	#define FIDO_ERR_CHANNEL_BUSY 0x06
	17	#define FIDO_ERR_LOCK_REQUIRED 0x0a
	18	#define FIDO_ERR_INVALID_CHANNEL 0x0b
	19	#define FIDO_ERR_CBOR_UNEXPECTED_TYPE 0x11
	20	#define FIDO_ERR_INVALID_CBOR 0x12
	21	#define FIDO_ERR_MISSING_PARAMETER 0x14
	22	#define FIDO_ERR_LIMIT_EXCEEDED 0x15
	23	#define FIDO_ERR_UNSUPPORTED_EXTENSION 0x16
	24	#define FIDO_ERR_CREDENTIAL_EXCLUDED 0x19
	25	#define FIDO_ERR_PROCESSING 0x21
	26	#define FIDO_ERR_INVALID_CREDENTIAL 0x22
	27	#define FIDO_ERR_USER_ACTION_PENDING 0x23
	28	#define FIDO_ERR_OPERATION_PENDING 0x24
	29	#define FIDO_ERR_NO_OPERATIONS 0x25
	30	#define FIDO_ERR_UNSUPPORTED_ALGORITHM 0x26
	31	#define FIDO_ERR_OPERATION_DENIED 0x27
	32	#define FIDO_ERR_KEY_STORE_FULL 0x28
	33	#define FIDO_ERR_NOT_BUSY 0x29
	34	#define FIDO_ERR_NO_OPERATION_PENDING 0x2a
	35	#define FIDO_ERR_UNSUPPORTED_OPTION 0x2b
	36	#define FIDO_ERR_INVALID_OPTION 0x2c
	37	#define FIDO_ERR_KEEPALIVE_CANCEL 0x2d
	38	#define FIDO_ERR_NO_CREDENTIALS 0x2e
	39	#define FIDO_ERR_USER_ACTION_TIMEOUT 0x2f
	40	#define FIDO_ERR_NOT_ALLOWED 0x30
	41	#define FIDO_ERR_PIN_INVALID 0x31
	42	#define FIDO_ERR_PIN_BLOCKED 0x32
	43	#define FIDO_ERR_PIN_AUTH_INVALID 0x33
	44	#define FIDO_ERR_PIN_AUTH_BLOCKED 0x34
	45	#define FIDO_ERR_PIN_NOT_SET 0x35
	46	#define FIDO_ERR_PIN_REQUIRED 0x36
	47	#define FIDO_ERR_PIN_POLICY_VIOLATION 0x37
	48	#define FIDO_ERR_PIN_TOKEN_EXPIRED 0x38
	49	#define FIDO_ERR_REQUEST_TOO_LARGE 0x39
	50	#define FIDO_ERR_ACTION_TIMEOUT 0x3a
	51	#define FIDO_ERR_UP_REQUIRED 0x3b
	52	#define FIDO_ERR_ERR_OTHER 0x7f
	53	#define FIDO_ERR_SPEC_LAST 0xdf
	54
	55	/* defined internally */
	56	#define FIDO_OK FIDO_ERR_SUCCESS
	57	#define FIDO_ERR_TX -1
	58	#define FIDO_ERR_RX -2
	59	#define FIDO_ERR_RX_NOT_CBOR -3
	60	#define FIDO_ERR_RX_INVALID_CBOR -4
	61	#define FIDO_ERR_INVALID_PARAM -5
	62	#define FIDO_ERR_INVALID_SIG -6
	63	#define FIDO_ERR_INVALID_ARGUMENT -7
	64	#define FIDO_ERR_USER_PRESENCE_REQUIRED -8
	65	#define FIDO_ERR_INTERNAL -9
	66
	67	const char *fido_strerr(int);
	68
	69	#endif /* _FIDO_ERR_H */


diff --git a/src/fido/es256.h b/src/fido/es256.h new file mode 100644 index 0000000..d3d13dd --- /dev/null +++ b/src/fido/es256.h
@@ -0,0 +1,34 @@
	1	/*
	2	* Copyright (c) 2018 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_ES256_H
	8	#define _FIDO_ES256_H
	9
	10	#include <openssl/ec.h>
	11
	12	#include <stdint.h>
	13	#include <stdlib.h>
	14
	15	es256_pk_t *es256_pk_new(void);
	16	void es256_pk_free(es256_pk_t **);
	17	EVP_PKEY es256_pk_to_EVP_PKEY(const es256_pk_t );
	18
	19	int es256_pk_from_EC_KEY(es256_pk_t , const EC_KEY );
	20	int es256_pk_from_ptr(es256_pk_t , const void , size_t);
	21
	22	#ifdef _FIDO_INTERNAL
	23	es256_sk_t *es256_sk_new(void);
	24	void es256_sk_free(es256_sk_t **);
	25	EVP_PKEY es256_sk_to_EVP_PKEY(const es256_sk_t );
	26
	27	int es256_derive_pk(const es256_sk_t , es256_pk_t );
	28	int es256_sk_create(es256_sk_t *);
	29
	30	int es256_pk_set_x(es256_pk_t , const unsigned char );
	31	int es256_pk_set_y(es256_pk_t , const unsigned char );
	32	#endif
	33
	34	#endif /* !_FIDO_ES256_H */


diff --git a/src/fido/param.h b/src/fido/param.h new file mode 100644 index 0000000..9e12ac6 --- /dev/null +++ b/src/fido/param.h
@@ -0,0 +1,84 @@
	1	/*
	2	* Copyright (c) 2018 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_PARAM_H
	8	#define _FIDO_PARAM_H
	9
	10	/* Authentication data flags. */
	11	#define CTAP_AUTHDATA_USER_PRESENT 0x01
	12	#define CTAP_AUTHDATA_USER_VERIFIED 0x04
	13	#define CTAP_AUTHDATA_ATT_CRED 0x40
	14	#define CTAP_AUTHDATA_EXT_DATA 0x80
	15
	16	/* CTAPHID command opcodes. */
	17	#define CTAP_CMD_PING 0x01
	18	#define CTAP_CMD_MSG 0x03
	19	#define CTAP_CMD_LOCK 0x04
	20	#define CTAP_CMD_INIT 0x06
	21	#define CTAP_CMD_WINK 0x08
	22	#define CTAP_CMD_CBOR 0x10
	23	#define CTAP_CMD_CANCEL 0x11
	24	#define CTAP_KEEPALIVE 0x3b
	25	#define CTAP_FRAME_INIT 0x80
	26
	27	/* CTAPHID CBOR command opcodes. */
	28	#define CTAP_CBOR_MAKECRED 0x01
	29	#define CTAP_CBOR_ASSERT 0x02
	30	#define CTAP_CBOR_GETINFO 0x04
	31	#define CTAP_CBOR_CLIENT_PIN 0x06
	32	#define CTAP_CBOR_RESET 0x07
	33	#define CTAP_CBOR_NEXT_ASSERT 0x08
	34	#define CTAP_CBOR_BIO_ENROLL_PRE 0x40
	35	#define CTAP_CBOR_CRED_MGMT_PRE 0x41
	36
	37	/* U2F command opcodes. */
	38	#define U2F_CMD_REGISTER 0x01
	39	#define U2F_CMD_AUTH 0x02
	40
	41	/* U2F command flags. */
	42	#define U2F_AUTH_SIGN 0x03
	43	#define U2F_AUTH_CHECK 0x07
	44
	45	/* ISO7816-4 status words. */
	46	#define SW_CONDITIONS_NOT_SATISFIED 0x6985
	47	#define SW_WRONG_DATA 0x6a80
	48	#define SW_NO_ERROR 0x9000
	49
	50	/* HID Broadcast channel ID. */
	51	#define CTAP_CID_BROADCAST 0xffffffff
	52
	53	/* Expected size of a HID report in bytes. */
	54	#define CTAP_RPT_SIZE 64
	55
	56	/* Randomness device on UNIX-like platforms. */
	57	#ifndef FIDO_RANDOM_DEV
	58	#define FIDO_RANDOM_DEV "/dev/urandom"
	59	#endif
	60
	61	/* CTAP capability bits. */
	62	#define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */
	63	#define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */
	64	#define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */
	65
	66	/* Supported COSE algorithms. */
	67	#define COSE_ES256 -7
	68	#define COSE_EDDSA -8
	69	#define COSE_ECDH_ES256 -25
	70	#define COSE_RS256 -257
	71
	72	/* Supported COSE types. */
	73	#define COSE_KTY_OKP 1
	74	#define COSE_KTY_EC2 2
	75	#define COSE_KTY_RSA 3
	76
	77	/* Supported curves. */
	78	#define COSE_P256 1
	79	#define COSE_ED25519 6
	80
	81	/* Supported extensions. */
	82	#define FIDO_EXT_HMAC_SECRET 0x01
	83
	84	#endif /* !_FIDO_PARAM_H */


diff --git a/src/fido/rs256.h b/src/fido/rs256.h new file mode 100644 index 0000000..d2fa162 --- /dev/null +++ b/src/fido/rs256.h
@@ -0,0 +1,22 @@
	1	/*
	2	* Copyright (c) 2018 Yubico AB. All rights reserved.
	3	* Use of this source code is governed by a BSD-style
	4	* license that can be found in the LICENSE file.
	5	*/
	6
	7	#ifndef _FIDO_RS256_H
	8	#define _FIDO_RS256_H
	9
	10	#include <openssl/rsa.h>
	11
	12	#include <stdint.h>
	13	#include <stdlib.h>
	14
	15	rs256_pk_t *rs256_pk_new(void);
	16	void rs256_pk_free(rs256_pk_t **);
	17	EVP_PKEY rs256_pk_to_EVP_PKEY(const rs256_pk_t );
	18
	19	int rs256_pk_from_RSA(rs256_pk_t , const RSA );
	20	int rs256_pk_from_ptr(rs256_pk_t , const void , size_t);
	21
	22	#endif /* !_FIDO_RS256_H */