diff options
Diffstat (limited to 'src/types.h')
-rw-r--r-- | src/types.h | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/src/types.h b/src/types.h new file mode 100644 index 0000000..42ed1b7 --- /dev/null +++ b/src/types.h | |||
@@ -0,0 +1,171 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2018 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #ifndef _TYPES_H | ||
8 | #define _TYPES_H | ||
9 | |||
10 | #include "packed.h" | ||
11 | |||
12 | /* COSE ES256 (ECDSA over P-256 with SHA-256) public key */ | ||
13 | typedef struct es256_pk { | ||
14 | unsigned char x[32]; | ||
15 | unsigned char y[32]; | ||
16 | } es256_pk_t; | ||
17 | |||
18 | /* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */ | ||
19 | typedef struct es256_sk { | ||
20 | unsigned char d[32]; | ||
21 | } es256_sk_t; | ||
22 | |||
23 | /* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */ | ||
24 | typedef struct rs256_pk { | ||
25 | unsigned char n[256]; | ||
26 | unsigned char e[3]; | ||
27 | } rs256_pk_t; | ||
28 | |||
29 | /* COSE EDDSA (ED25519) */ | ||
30 | typedef struct eddsa_pk { | ||
31 | unsigned char x[32]; | ||
32 | } eddsa_pk_t; | ||
33 | |||
34 | PACKED_TYPE(fido_authdata_t, | ||
35 | struct fido_authdata { | ||
36 | unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */ | ||
37 | uint8_t flags; /* user present/verified */ | ||
38 | uint32_t sigcount; /* signature counter */ | ||
39 | /* actually longer */ | ||
40 | }) | ||
41 | |||
42 | PACKED_TYPE(fido_attcred_raw_t, | ||
43 | struct fido_attcred_raw { | ||
44 | unsigned char aaguid[16]; /* credential's aaguid */ | ||
45 | uint16_t id_len; /* credential id length */ | ||
46 | uint8_t body[]; /* credential id + pubkey */ | ||
47 | }) | ||
48 | |||
49 | typedef struct fido_attcred { | ||
50 | unsigned char aaguid[16]; /* credential's aaguid */ | ||
51 | fido_blob_t id; /* credential id */ | ||
52 | int type; /* credential's cose algorithm */ | ||
53 | union { /* credential's public key */ | ||
54 | es256_pk_t es256; | ||
55 | rs256_pk_t rs256; | ||
56 | eddsa_pk_t eddsa; | ||
57 | } pubkey; | ||
58 | } fido_attcred_t; | ||
59 | |||
60 | typedef struct fido_attstmt { | ||
61 | fido_blob_t x5c; /* attestation certificate */ | ||
62 | fido_blob_t sig; /* attestation signature */ | ||
63 | } fido_attstmt_t; | ||
64 | |||
65 | typedef struct fido_rp { | ||
66 | char *id; /* relying party id */ | ||
67 | char *name; /* relying party name */ | ||
68 | } fido_rp_t; | ||
69 | |||
70 | typedef struct fido_user { | ||
71 | fido_blob_t id; /* required */ | ||
72 | char *icon; /* optional */ | ||
73 | char *name; /* optional */ | ||
74 | char *display_name; /* required */ | ||
75 | } fido_user_t; | ||
76 | |||
77 | typedef struct fido_cred { | ||
78 | fido_blob_t cdh; /* client data hash */ | ||
79 | fido_rp_t rp; /* relying party */ | ||
80 | fido_user_t user; /* user entity */ | ||
81 | fido_blob_array_t excl; /* list of credential ids to exclude */ | ||
82 | fido_opt_t rk; /* resident key */ | ||
83 | fido_opt_t uv; /* user verification */ | ||
84 | int ext; /* enabled extensions */ | ||
85 | int type; /* cose algorithm */ | ||
86 | char *fmt; /* credential format */ | ||
87 | int authdata_ext; /* decoded extensions */ | ||
88 | fido_blob_t authdata_cbor; /* raw cbor payload */ | ||
89 | fido_authdata_t authdata; /* decoded authdata payload */ | ||
90 | fido_attcred_t attcred; /* returned credential (key + id) */ | ||
91 | fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */ | ||
92 | } fido_cred_t; | ||
93 | |||
94 | typedef struct _fido_assert_stmt { | ||
95 | fido_blob_t id; /* credential id */ | ||
96 | fido_user_t user; /* user attributes */ | ||
97 | fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */ | ||
98 | fido_blob_t hmac_secret; /* hmac secret */ | ||
99 | int authdata_ext; /* decoded extensions */ | ||
100 | fido_blob_t authdata_cbor; /* raw cbor payload */ | ||
101 | fido_authdata_t authdata; /* decoded authdata payload */ | ||
102 | fido_blob_t sig; /* signature of cdh + authdata */ | ||
103 | } fido_assert_stmt; | ||
104 | |||
105 | typedef struct fido_assert { | ||
106 | char *rp_id; /* relying party id */ | ||
107 | fido_blob_t cdh; /* client data hash */ | ||
108 | fido_blob_t hmac_salt; /* optional hmac-secret salt */ | ||
109 | fido_blob_array_t allow_list; /* list of allowed credentials */ | ||
110 | fido_opt_t up; /* user presence */ | ||
111 | fido_opt_t uv; /* user verification */ | ||
112 | int ext; /* enabled extensions */ | ||
113 | fido_assert_stmt *stmt; /* array of expected assertions */ | ||
114 | size_t stmt_cnt; /* number of allocated assertions */ | ||
115 | size_t stmt_len; /* number of received assertions */ | ||
116 | } fido_assert_t; | ||
117 | |||
118 | typedef struct fido_opt_array { | ||
119 | char **name; | ||
120 | bool *value; | ||
121 | size_t len; | ||
122 | } fido_opt_array_t; | ||
123 | |||
124 | typedef struct fido_str_array { | ||
125 | char **ptr; | ||
126 | size_t len; | ||
127 | } fido_str_array_t; | ||
128 | |||
129 | typedef struct fido_byte_array { | ||
130 | uint8_t *ptr; | ||
131 | size_t len; | ||
132 | } fido_byte_array_t; | ||
133 | |||
134 | typedef struct fido_cbor_info { | ||
135 | fido_str_array_t versions; /* supported versions: fido2|u2f */ | ||
136 | fido_str_array_t extensions; /* list of supported extensions */ | ||
137 | unsigned char aaguid[16]; /* aaguid */ | ||
138 | fido_opt_array_t options; /* list of supported options */ | ||
139 | uint64_t maxmsgsiz; /* maximum message size */ | ||
140 | fido_byte_array_t protocols; /* supported pin protocols */ | ||
141 | } fido_cbor_info_t; | ||
142 | |||
143 | typedef struct fido_dev_info { | ||
144 | char *path; /* device path */ | ||
145 | int16_t vendor_id; /* 2-byte vendor id */ | ||
146 | int16_t product_id; /* 2-byte product id */ | ||
147 | char *manufacturer; /* manufacturer string */ | ||
148 | char *product; /* product string */ | ||
149 | } fido_dev_info_t; | ||
150 | |||
151 | PACKED_TYPE(fido_ctap_info_t, | ||
152 | /* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */ | ||
153 | struct fido_ctap_info { | ||
154 | uint64_t nonce; /* echoed nonce */ | ||
155 | uint32_t cid; /* channel id */ | ||
156 | uint8_t protocol; /* ctaphid protocol id */ | ||
157 | uint8_t major; /* major version number */ | ||
158 | uint8_t minor; /* minor version number */ | ||
159 | uint8_t build; /* build version number */ | ||
160 | uint8_t flags; /* capabilities flags; see FIDO_CAP_* */ | ||
161 | }) | ||
162 | |||
163 | typedef struct fido_dev { | ||
164 | uint64_t nonce; /* issued nonce */ | ||
165 | fido_ctap_info_t attr; /* device attributes */ | ||
166 | uint32_t cid; /* assigned channel id */ | ||
167 | void *io_handle; /* abstract i/o handle */ | ||
168 | fido_dev_io_t io; /* i/o functions & data */ | ||
169 | } fido_dev_t; | ||
170 | |||
171 | #endif /* !_TYPES_H */ | ||