1/* 2 * Copyright (c) 2018-2022 Yubico AB. All rights reserved. 3 * SPDX-License-Identifier: BSD-2-Clause 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 19 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 20 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 22 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 26 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29#ifndef _FIDO_H 30#define _FIDO_H 31 32#include <openssl/ec.h> 33#include <openssl/evp.h> 34 35#include <stdbool.h> 36#include <stdint.h> 37#include <stdlib.h> 38 39#ifdef _FIDO_INTERNAL 40#include <sys/types.h> 41 42#include <cbor.h> 43#include <limits.h> 44 45#include "../openbsd-compat/openbsd-compat.h" 46#include "blob.h" 47#include "iso7816.h" 48#include "extern.h" 49#endif 50 51#include "fido/err.h" 52#include "fido/param.h" 53#include "fido/types.h" 54 55#ifdef __cplusplus 56extern "C" { 57#endif /* __cplusplus */ 58 59fido_assert_t *fido_assert_new(void); 60fido_cred_t *fido_cred_new(void); 61fido_dev_t *fido_dev_new(void); 62fido_dev_t *fido_dev_new_with_info(const fido_dev_info_t *); 63fido_dev_info_t *fido_dev_info_new(size_t); 64fido_cbor_info_t *fido_cbor_info_new(void); 65void *fido_dev_io_handle(const fido_dev_t *); 66 67void fido_assert_free(fido_assert_t **); 68void fido_cbor_info_free(fido_cbor_info_t **); 69void fido_cred_free(fido_cred_t **); 70void fido_dev_force_fido2(fido_dev_t *); 71void fido_dev_force_u2f(fido_dev_t *); 72void fido_dev_free(fido_dev_t **); 73void fido_dev_info_free(fido_dev_info_t **, size_t); 74 75/* fido_init() flags. */ 76#define FIDO_DEBUG 0x01 77#define FIDO_DISABLE_U2F_FALLBACK 0x02 78 79void fido_init(int); 80void fido_set_log_handler(fido_log_handler_t *); 81 82const unsigned char *fido_assert_authdata_ptr(const fido_assert_t *, size_t); 83const unsigned char *fido_assert_clientdata_hash_ptr(const fido_assert_t *); 84const unsigned char *fido_assert_hmac_secret_ptr(const fido_assert_t *, size_t); 85const unsigned char *fido_assert_id_ptr(const fido_assert_t *, size_t); 86const unsigned char *fido_assert_largeblob_key_ptr(const fido_assert_t *, size_t); 87const unsigned char *fido_assert_sig_ptr(const fido_assert_t *, size_t); 88const unsigned char *fido_assert_user_id_ptr(const fido_assert_t *, size_t); 89const unsigned char *fido_assert_blob_ptr(const fido_assert_t *, size_t); 90 91char **fido_cbor_info_certs_name_ptr(const fido_cbor_info_t *); 92char **fido_cbor_info_extensions_ptr(const fido_cbor_info_t *); 93char **fido_cbor_info_options_name_ptr(const fido_cbor_info_t *); 94char **fido_cbor_info_transports_ptr(const fido_cbor_info_t *); 95char **fido_cbor_info_versions_ptr(const fido_cbor_info_t *); 96const bool *fido_cbor_info_options_value_ptr(const fido_cbor_info_t *); 97const char *fido_assert_rp_id(const fido_assert_t *); 98const char *fido_assert_user_display_name(const fido_assert_t *, size_t); 99const char *fido_assert_user_icon(const fido_assert_t *, size_t); 100const char *fido_assert_user_name(const fido_assert_t *, size_t); 101const char *fido_cbor_info_algorithm_type(const fido_cbor_info_t *, size_t); 102const char *fido_cred_display_name(const fido_cred_t *); 103const char *fido_cred_fmt(const fido_cred_t *); 104const char *fido_cred_rp_id(const fido_cred_t *); 105const char *fido_cred_rp_name(const fido_cred_t *); 106const char *fido_cred_user_name(const fido_cred_t *); 107const char *fido_dev_info_manufacturer_string(const fido_dev_info_t *); 108const char *fido_dev_info_path(const fido_dev_info_t *); 109const char *fido_dev_info_product_string(const fido_dev_info_t *); 110const fido_dev_info_t *fido_dev_info_ptr(const fido_dev_info_t *, size_t); 111const uint8_t *fido_cbor_info_protocols_ptr(const fido_cbor_info_t *); 112const uint64_t *fido_cbor_info_certs_value_ptr(const fido_cbor_info_t *); 113const unsigned char *fido_cbor_info_aaguid_ptr(const fido_cbor_info_t *); 114const unsigned char *fido_cred_aaguid_ptr(const fido_cred_t *); 115const unsigned char *fido_cred_attstmt_ptr(const fido_cred_t *); 116const unsigned char *fido_cred_authdata_ptr(const fido_cred_t *); 117const unsigned char *fido_cred_authdata_raw_ptr(const fido_cred_t *); 118const unsigned char *fido_cred_clientdata_hash_ptr(const fido_cred_t *); 119const unsigned char *fido_cred_id_ptr(const fido_cred_t *); 120const unsigned char *fido_cred_largeblob_key_ptr(const fido_cred_t *); 121const unsigned char *fido_cred_pubkey_ptr(const fido_cred_t *); 122const unsigned char *fido_cred_sig_ptr(const fido_cred_t *); 123const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *); 124const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *); 125 126int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t); 127int fido_assert_empty_allow_list(fido_assert_t *); 128int fido_assert_set_authdata(fido_assert_t *, size_t, const unsigned char *, 129 size_t); 130int fido_assert_set_authdata_raw(fido_assert_t *, size_t, const unsigned char *, 131 size_t); 132int fido_assert_set_clientdata(fido_assert_t *, const unsigned char *, size_t); 133int fido_assert_set_clientdata_hash(fido_assert_t *, const unsigned char *, 134 size_t); 135int fido_assert_set_count(fido_assert_t *, size_t); 136int fido_assert_set_extensions(fido_assert_t *, int); 137int fido_assert_set_hmac_salt(fido_assert_t *, const unsigned char *, size_t); 138int fido_assert_set_hmac_secret(fido_assert_t *, size_t, const unsigned char *, 139 size_t); 140int fido_assert_set_options(fido_assert_t *, bool, bool); 141int fido_assert_set_rp(fido_assert_t *, const char *); 142int fido_assert_set_up(fido_assert_t *, fido_opt_t); 143int fido_assert_set_uv(fido_assert_t *, fido_opt_t); 144int fido_assert_set_sig(fido_assert_t *, size_t, const unsigned char *, size_t); 145int fido_assert_verify(const fido_assert_t *, size_t, int, const void *); 146int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t); 147int fido_cred_empty_exclude_list(fido_cred_t *); 148int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t); 149int fido_cred_prot(const fido_cred_t *); 150int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t); 151int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t); 152int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t); 153int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t); 154int fido_cred_set_clientdata(fido_cred_t *, const unsigned char *, size_t); 155int fido_cred_set_clientdata_hash(fido_cred_t *, const unsigned char *, size_t); 156int fido_cred_set_extensions(fido_cred_t *, int); 157int fido_cred_set_fmt(fido_cred_t *, const char *); 158int fido_cred_set_id(fido_cred_t *, const unsigned char *, size_t); 159int fido_cred_set_options(fido_cred_t *, bool, bool); 160int fido_cred_set_pin_minlen(fido_cred_t *, size_t); 161int fido_cred_set_prot(fido_cred_t *, int); 162int fido_cred_set_rk(fido_cred_t *, fido_opt_t); 163int fido_cred_set_rp(fido_cred_t *, const char *, const char *); 164int fido_cred_set_sig(fido_cred_t *, const unsigned char *, size_t); 165int fido_cred_set_type(fido_cred_t *, int); 166int fido_cred_set_uv(fido_cred_t *, fido_opt_t); 167int fido_cred_type(const fido_cred_t *); 168int fido_cred_set_user(fido_cred_t *, const unsigned char *, size_t, 169 const char *, const char *, const char *); 170int fido_cred_set_x509(fido_cred_t *, const unsigned char *, size_t); 171int fido_cred_verify(const fido_cred_t *); 172int fido_cred_verify_self(const fido_cred_t *); 173#ifdef _FIDO_SIGSET_DEFINED 174int fido_dev_set_sigmask(fido_dev_t *, const fido_sigset_t *); 175#endif 176int fido_dev_cancel(fido_dev_t *); 177int fido_dev_close(fido_dev_t *); 178int fido_dev_get_assert(fido_dev_t *, fido_assert_t *, const char *); 179int fido_dev_get_cbor_info(fido_dev_t *, fido_cbor_info_t *); 180int fido_dev_get_retry_count(fido_dev_t *, int *); 181int fido_dev_get_uv_retry_count(fido_dev_t *, int *); 182int fido_dev_get_touch_begin(fido_dev_t *); 183int fido_dev_get_touch_status(fido_dev_t *, int *, int); 184int fido_dev_info_manifest(fido_dev_info_t *, size_t, size_t *); 185int fido_dev_info_set(fido_dev_info_t *, size_t, const char *, const char *, 186 const char *, const fido_dev_io_t *, const fido_dev_transport_t *); 187int fido_dev_make_cred(fido_dev_t *, fido_cred_t *, const char *); 188int fido_dev_open_with_info(fido_dev_t *); 189int fido_dev_open(fido_dev_t *, const char *); 190int fido_dev_reset(fido_dev_t *); 191int fido_dev_set_io_functions(fido_dev_t *, const fido_dev_io_t *); 192int fido_dev_set_pin(fido_dev_t *, const char *, const char *); 193int fido_dev_set_transport_functions(fido_dev_t *, const fido_dev_transport_t *); 194int fido_dev_set_timeout(fido_dev_t *, int); 195 196size_t fido_assert_authdata_len(const fido_assert_t *, size_t); 197size_t fido_assert_clientdata_hash_len(const fido_assert_t *); 198size_t fido_assert_count(const fido_assert_t *); 199size_t fido_assert_hmac_secret_len(const fido_assert_t *, size_t); 200size_t fido_assert_id_len(const fido_assert_t *, size_t); 201size_t fido_assert_largeblob_key_len(const fido_assert_t *, size_t); 202size_t fido_assert_sig_len(const fido_assert_t *, size_t); 203size_t fido_assert_user_id_len(const fido_assert_t *, size_t); 204size_t fido_assert_blob_len(const fido_assert_t *, size_t); 205size_t fido_cbor_info_aaguid_len(const fido_cbor_info_t *); 206size_t fido_cbor_info_algorithm_count(const fido_cbor_info_t *); 207size_t fido_cbor_info_certs_len(const fido_cbor_info_t *); 208size_t fido_cbor_info_extensions_len(const fido_cbor_info_t *); 209size_t fido_cbor_info_options_len(const fido_cbor_info_t *); 210size_t fido_cbor_info_protocols_len(const fido_cbor_info_t *); 211size_t fido_cbor_info_transports_len(const fido_cbor_info_t *); 212size_t fido_cbor_info_versions_len(const fido_cbor_info_t *); 213size_t fido_cred_aaguid_len(const fido_cred_t *); 214size_t fido_cred_attstmt_len(const fido_cred_t *); 215size_t fido_cred_authdata_len(const fido_cred_t *); 216size_t fido_cred_authdata_raw_len(const fido_cred_t *); 217size_t fido_cred_clientdata_hash_len(const fido_cred_t *); 218size_t fido_cred_id_len(const fido_cred_t *); 219size_t fido_cred_largeblob_key_len(const fido_cred_t *); 220size_t fido_cred_pin_minlen(const fido_cred_t *); 221size_t fido_cred_pubkey_len(const fido_cred_t *); 222size_t fido_cred_sig_len(const fido_cred_t *); 223size_t fido_cred_user_id_len(const fido_cred_t *); 224size_t fido_cred_x5c_len(const fido_cred_t *); 225 226uint8_t fido_assert_flags(const fido_assert_t *, size_t); 227uint32_t fido_assert_sigcount(const fido_assert_t *, size_t); 228uint8_t fido_cred_flags(const fido_cred_t *); 229uint32_t fido_cred_sigcount(const fido_cred_t *); 230uint8_t fido_dev_protocol(const fido_dev_t *); 231uint8_t fido_dev_major(const fido_dev_t *); 232uint8_t fido_dev_minor(const fido_dev_t *); 233uint8_t fido_dev_build(const fido_dev_t *); 234uint8_t fido_dev_flags(const fido_dev_t *); 235int16_t fido_dev_info_vendor(const fido_dev_info_t *); 236int16_t fido_dev_info_product(const fido_dev_info_t *); 237uint64_t fido_cbor_info_fwversion(const fido_cbor_info_t *); 238uint64_t fido_cbor_info_maxcredbloblen(const fido_cbor_info_t *); 239uint64_t fido_cbor_info_maxcredcntlst(const fido_cbor_info_t *); 240uint64_t fido_cbor_info_maxcredidlen(const fido_cbor_info_t *); 241uint64_t fido_cbor_info_maxlargeblob(const fido_cbor_info_t *); 242uint64_t fido_cbor_info_maxmsgsiz(const fido_cbor_info_t *); 243uint64_t fido_cbor_info_maxrpid_minpinlen(const fido_cbor_info_t *); 244uint64_t fido_cbor_info_minpinlen(const fido_cbor_info_t *); 245uint64_t fido_cbor_info_uv_attempts(const fido_cbor_info_t *); 246uint64_t fido_cbor_info_uv_modality(const fido_cbor_info_t *); 247int64_t fido_cbor_info_rk_remaining(const fido_cbor_info_t *); 248 249bool fido_dev_has_pin(const fido_dev_t *); 250bool fido_dev_has_uv(const fido_dev_t *); 251bool fido_dev_is_fido2(const fido_dev_t *); 252bool fido_dev_is_winhello(const fido_dev_t *); 253bool fido_dev_supports_credman(const fido_dev_t *); 254bool fido_dev_supports_cred_prot(const fido_dev_t *); 255bool fido_dev_supports_permissions(const fido_dev_t *); 256bool fido_dev_supports_pin(const fido_dev_t *); 257bool fido_dev_supports_uv(const fido_dev_t *); 258bool fido_cbor_info_new_pin_required(const fido_cbor_info_t *); 259 260int fido_dev_largeblob_get(fido_dev_t *, const unsigned char *, size_t, 261 unsigned char **, size_t *); 262int fido_dev_largeblob_set(fido_dev_t *, const unsigned char *, size_t, 263 const unsigned char *, size_t, const char *); 264int fido_dev_largeblob_remove(fido_dev_t *, const unsigned char *, size_t, 265 const char *); 266int fido_dev_largeblob_get_array(fido_dev_t *, unsigned char **, size_t *); 267int fido_dev_largeblob_set_array(fido_dev_t *, const unsigned char *, size_t, 268 const char *); 269 270#ifdef __cplusplus 271} /* extern "C" */ 272#endif /* __cplusplus */ 273 274#endif /* !_FIDO_H */ 275