2 * Copyright (c) 2019 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
9 #include "fido/es256.h"
11 #define CMD_ENROLL_BEGIN 0x01
12 #define CMD_ENROLL_NEXT 0x02
13 #define CMD_ENROLL_CANCEL 0x03
15 #define CMD_SET_NAME 0x05
16 #define CMD_ENROLL_REMOVE 0x06
17 #define CMD_GET_INFO 0x07
20 bio_prepare_hmac(uint8_t cmd, cbor_item_t **argv, size_t argc,
21 cbor_item_t **param, fido_blob_t *hmac_data)
23 const uint8_t prefix[2] = { 0x01 /* modality */, cmd };
25 size_t cbor_alloc_len;
27 unsigned char *cbor = NULL;
29 if (argv == NULL || param == NULL)
30 return (fido_blob_set(hmac_data, prefix, sizeof(prefix)));
32 if ((*param = cbor_flatten_vector(argv, argc)) == NULL) {
33 fido_log_debug("%s: cbor_flatten_vector", __func__);
37 if ((cbor_len = cbor_serialize_alloc(*param, &cbor,
38 &cbor_alloc_len)) == 0 || cbor_len > SIZE_MAX - sizeof(prefix)) {
39 fido_log_debug("%s: cbor_serialize_alloc", __func__);
43 if ((hmac_data->ptr = malloc(cbor_len + sizeof(prefix))) == NULL) {
44 fido_log_debug("%s: malloc", __func__);
48 memcpy(hmac_data->ptr, prefix, sizeof(prefix));
49 memcpy(hmac_data->ptr + sizeof(prefix), cbor, cbor_len);
50 hmac_data->len = cbor_len + sizeof(prefix);
60 bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc,
61 const char *pin, const fido_blob_t *token, int *ms)
64 es256_pk_t *pk = NULL;
65 fido_blob_t *ecdh = NULL;
68 const uint8_t cmd = CTAP_CBOR_BIO_ENROLL_PRE;
69 int r = FIDO_ERR_INTERNAL;
71 memset(&f, 0, sizeof(f));
72 memset(&hmac, 0, sizeof(hmac));
73 memset(&argv, 0, sizeof(argv));
75 /* modality, subCommand */
76 if ((argv[0] = cbor_build_uint8(1)) == NULL ||
77 (argv[1] = cbor_build_uint8(subcmd)) == NULL) {
78 fido_log_debug("%s: cbor encode", __func__);
84 if (bio_prepare_hmac(subcmd, sub_argv, sub_argc, &argv[2],
86 fido_log_debug("%s: bio_prepare_hmac", __func__);
91 /* pinProtocol, pinAuth */
93 if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) {
94 fido_log_debug("%s: fido_do_ecdh", __func__);
97 if ((r = cbor_add_uv_params(dev, cmd, &hmac, pk, ecdh, pin,
98 NULL, &argv[4], &argv[3], ms)) != FIDO_OK) {
99 fido_log_debug("%s: cbor_add_uv_params", __func__);
103 if ((argv[3] = cbor_encode_pin_opt(dev)) == NULL ||
104 (argv[4] = cbor_encode_pin_auth(dev, token, &hmac)) == NULL) {
105 fido_log_debug("%s: encode pin", __func__);
110 /* framing and transmission */
111 if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 ||
112 fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) {
113 fido_log_debug("%s: fido_tx", __func__);
120 cbor_vector_free(argv, nitems(argv));
122 fido_blob_free(&ecdh);
130 bio_reset_template(fido_bio_template_t *t)
134 fido_blob_reset(&t->id);
138 bio_reset_template_array(fido_bio_template_array_t *ta)
140 for (size_t i = 0; i < ta->n_alloc; i++)
141 bio_reset_template(&ta->ptr[i]);
145 memset(ta, 0, sizeof(*ta));
149 decode_template(const cbor_item_t *key, const cbor_item_t *val, void *arg)
151 fido_bio_template_t *t = arg;
153 if (cbor_isa_uint(key) == false ||
154 cbor_int_get_width(key) != CBOR_INT_8) {
155 fido_log_debug("%s: cbor type", __func__);
156 return (0); /* ignore */
159 switch (cbor_get_uint8(key)) {
161 return (fido_blob_decode(val, &t->id));
163 return (cbor_string_copy(val, &t->name));
166 return (0); /* ignore */
170 decode_template_array(const cbor_item_t *item, void *arg)
172 fido_bio_template_array_t *ta = arg;
174 if (cbor_isa_map(item) == false ||
175 cbor_map_is_definite(item) == false) {
176 fido_log_debug("%s: cbor type", __func__);
180 if (ta->n_rx >= ta->n_alloc) {
181 fido_log_debug("%s: n_rx >= n_alloc", __func__);
185 if (cbor_map_iter(item, &ta->ptr[ta->n_rx], decode_template) < 0) {
186 fido_log_debug("%s: decode_template", __func__);
196 bio_parse_template_array(const cbor_item_t *key, const cbor_item_t *val,
199 fido_bio_template_array_t *ta = arg;
201 if (cbor_isa_uint(key) == false ||
202 cbor_int_get_width(key) != CBOR_INT_8 ||
203 cbor_get_uint8(key) != 7) {
204 fido_log_debug("%s: cbor type", __func__);
205 return (0); /* ignore */
208 if (cbor_isa_array(val) == false ||
209 cbor_array_is_definite(val) == false) {
210 fido_log_debug("%s: cbor type", __func__);
214 if (ta->ptr != NULL || ta->n_alloc != 0 || ta->n_rx != 0) {
215 fido_log_debug("%s: ptr != NULL || n_alloc != 0 || n_rx != 0",
220 if ((ta->ptr = calloc(cbor_array_size(val), sizeof(*ta->ptr))) == NULL)
223 ta->n_alloc = cbor_array_size(val);
225 if (cbor_array_iter(val, ta, decode_template_array) < 0) {
226 fido_log_debug("%s: decode_template_array", __func__);
234 bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int *ms)
236 unsigned char reply[FIDO_MAXMSG];
240 bio_reset_template_array(ta);
242 if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
244 fido_log_debug("%s: fido_rx", __func__);
245 return (FIDO_ERR_RX);
248 if ((r = cbor_parse_reply(reply, (size_t)reply_len, ta,
249 bio_parse_template_array)) != FIDO_OK) {
250 fido_log_debug("%s: bio_parse_template_array" , __func__);
258 bio_get_template_array_wait(fido_dev_t *dev, fido_bio_template_array_t *ta,
259 const char *pin, int *ms)
263 if ((r = bio_tx(dev, CMD_ENUM, NULL, 0, pin, NULL, ms)) != FIDO_OK ||
264 (r = bio_rx_template_array(dev, ta, ms)) != FIDO_OK)
271 fido_bio_dev_get_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta,
274 int ms = dev->timeout_ms;
277 return (FIDO_ERR_INVALID_ARGUMENT);
279 return (bio_get_template_array_wait(dev, ta, pin, &ms));
283 bio_set_template_name_wait(fido_dev_t *dev, const fido_bio_template_t *t,
284 const char *pin, int *ms)
286 cbor_item_t *argv[2];
287 int r = FIDO_ERR_INTERNAL;
289 memset(&argv, 0, sizeof(argv));
291 if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
292 (argv[1] = cbor_build_string(t->name)) == NULL) {
293 fido_log_debug("%s: cbor encode", __func__);
297 if ((r = bio_tx(dev, CMD_SET_NAME, argv, 2, pin, NULL,
299 (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
300 fido_log_debug("%s: tx/rx", __func__);
306 cbor_vector_free(argv, nitems(argv));
312 fido_bio_dev_set_template_name(fido_dev_t *dev, const fido_bio_template_t *t,
315 int ms = dev->timeout_ms;
317 if (pin == NULL || t->name == NULL)
318 return (FIDO_ERR_INVALID_ARGUMENT);
320 return (bio_set_template_name_wait(dev, t, pin, &ms));
324 bio_reset_enroll(fido_bio_enroll_t *e)
326 e->remaining_samples = 0;
330 fido_blob_free(&e->token);
334 bio_parse_enroll_status(const cbor_item_t *key, const cbor_item_t *val,
337 fido_bio_enroll_t *e = arg;
340 if (cbor_isa_uint(key) == false ||
341 cbor_int_get_width(key) != CBOR_INT_8) {
342 fido_log_debug("%s: cbor type", __func__);
343 return (0); /* ignore */
346 switch (cbor_get_uint8(key)) {
348 if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
349 fido_log_debug("%s: cbor_decode_uint64", __func__);
352 e->last_status = (uint8_t)x;
355 if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
356 fido_log_debug("%s: cbor_decode_uint64", __func__);
359 e->remaining_samples = (uint8_t)x;
362 return (0); /* ignore */
369 bio_parse_template_id(const cbor_item_t *key, const cbor_item_t *val,
372 fido_blob_t *id = arg;
374 if (cbor_isa_uint(key) == false ||
375 cbor_int_get_width(key) != CBOR_INT_8 ||
376 cbor_get_uint8(key) != 4) {
377 fido_log_debug("%s: cbor type", __func__);
378 return (0); /* ignore */
381 return (fido_blob_decode(val, id));
385 bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
386 fido_bio_enroll_t *e, int *ms)
388 unsigned char reply[FIDO_MAXMSG];
392 bio_reset_template(t);
394 e->remaining_samples = 0;
397 if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
399 fido_log_debug("%s: fido_rx", __func__);
400 return (FIDO_ERR_RX);
403 if ((r = cbor_parse_reply(reply, (size_t)reply_len, e,
404 bio_parse_enroll_status)) != FIDO_OK) {
405 fido_log_debug("%s: bio_parse_enroll_status", __func__);
408 if ((r = cbor_parse_reply(reply, (size_t)reply_len, &t->id,
409 bio_parse_template_id)) != FIDO_OK) {
410 fido_log_debug("%s: bio_parse_template_id", __func__);
418 bio_enroll_begin_wait(fido_dev_t *dev, fido_bio_template_t *t,
419 fido_bio_enroll_t *e, uint32_t timo_ms, int *ms)
421 cbor_item_t *argv[3];
422 const uint8_t cmd = CMD_ENROLL_BEGIN;
423 int r = FIDO_ERR_INTERNAL;
425 memset(&argv, 0, sizeof(argv));
427 if ((argv[2] = cbor_build_uint(timo_ms)) == NULL) {
428 fido_log_debug("%s: cbor encode", __func__);
432 if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token, ms)) != FIDO_OK ||
433 (r = bio_rx_enroll_begin(dev, t, e, ms)) != FIDO_OK) {
434 fido_log_debug("%s: tx/rx", __func__);
440 cbor_vector_free(argv, nitems(argv));
446 fido_bio_dev_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t,
447 fido_bio_enroll_t *e, uint32_t timo_ms, const char *pin)
449 es256_pk_t *pk = NULL;
450 fido_blob_t *ecdh = NULL;
451 fido_blob_t *token = NULL;
452 int ms = dev->timeout_ms;
455 if (pin == NULL || e->token != NULL)
456 return (FIDO_ERR_INVALID_ARGUMENT);
458 if ((token = fido_blob_new()) == NULL) {
459 r = FIDO_ERR_INTERNAL;
463 if ((r = fido_do_ecdh(dev, &pk, &ecdh, &ms)) != FIDO_OK) {
464 fido_log_debug("%s: fido_do_ecdh", __func__);
468 if ((r = fido_dev_get_uv_token(dev, CTAP_CBOR_BIO_ENROLL_PRE, pin, ecdh,
469 pk, NULL, token, &ms)) != FIDO_OK) {
470 fido_log_debug("%s: fido_dev_get_uv_token", __func__);
478 fido_blob_free(&ecdh);
479 fido_blob_free(&token);
484 return (bio_enroll_begin_wait(dev, t, e, timo_ms, &ms));
488 bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int *ms)
490 unsigned char reply[FIDO_MAXMSG];
494 e->remaining_samples = 0;
497 if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
499 fido_log_debug("%s: fido_rx", __func__);
500 return (FIDO_ERR_RX);
503 if ((r = cbor_parse_reply(reply, (size_t)reply_len, e,
504 bio_parse_enroll_status)) != FIDO_OK) {
505 fido_log_debug("%s: bio_parse_enroll_status", __func__);
513 bio_enroll_continue_wait(fido_dev_t *dev, const fido_bio_template_t *t,
514 fido_bio_enroll_t *e, uint32_t timo_ms, int *ms)
516 cbor_item_t *argv[3];
517 const uint8_t cmd = CMD_ENROLL_NEXT;
518 int r = FIDO_ERR_INTERNAL;
520 memset(&argv, 0, sizeof(argv));
522 if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
523 (argv[2] = cbor_build_uint(timo_ms)) == NULL) {
524 fido_log_debug("%s: cbor encode", __func__);
528 if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token, ms)) != FIDO_OK ||
529 (r = bio_rx_enroll_continue(dev, e, ms)) != FIDO_OK) {
530 fido_log_debug("%s: tx/rx", __func__);
536 cbor_vector_free(argv, nitems(argv));
542 fido_bio_dev_enroll_continue(fido_dev_t *dev, const fido_bio_template_t *t,
543 fido_bio_enroll_t *e, uint32_t timo_ms)
545 int ms = dev->timeout_ms;
547 if (e->token == NULL)
548 return (FIDO_ERR_INVALID_ARGUMENT);
550 return (bio_enroll_continue_wait(dev, t, e, timo_ms, &ms));
554 bio_enroll_cancel_wait(fido_dev_t *dev, int *ms)
556 const uint8_t cmd = CMD_ENROLL_CANCEL;
559 if ((r = bio_tx(dev, cmd, NULL, 0, NULL, NULL, ms)) != FIDO_OK ||
560 (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
561 fido_log_debug("%s: tx/rx", __func__);
569 fido_bio_dev_enroll_cancel(fido_dev_t *dev)
571 int ms = dev->timeout_ms;
573 return (bio_enroll_cancel_wait(dev, &ms));
577 bio_enroll_remove_wait(fido_dev_t *dev, const fido_bio_template_t *t,
578 const char *pin, int *ms)
580 cbor_item_t *argv[1];
581 const uint8_t cmd = CMD_ENROLL_REMOVE;
582 int r = FIDO_ERR_INTERNAL;
584 memset(&argv, 0, sizeof(argv));
586 if ((argv[0] = fido_blob_encode(&t->id)) == NULL) {
587 fido_log_debug("%s: cbor encode", __func__);
591 if ((r = bio_tx(dev, cmd, argv, 1, pin, NULL, ms)) != FIDO_OK ||
592 (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) {
593 fido_log_debug("%s: tx/rx", __func__);
599 cbor_vector_free(argv, nitems(argv));
605 fido_bio_dev_enroll_remove(fido_dev_t *dev, const fido_bio_template_t *t,
608 int ms = dev->timeout_ms;
610 return (bio_enroll_remove_wait(dev, t, pin, &ms));
614 bio_reset_info(fido_bio_info_t *i)
621 bio_parse_info(const cbor_item_t *key, const cbor_item_t *val, void *arg)
623 fido_bio_info_t *i = arg;
626 if (cbor_isa_uint(key) == false ||
627 cbor_int_get_width(key) != CBOR_INT_8) {
628 fido_log_debug("%s: cbor type", __func__);
629 return (0); /* ignore */
632 switch (cbor_get_uint8(key)) {
634 if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
635 fido_log_debug("%s: cbor_decode_uint64", __func__);
638 i->type = (uint8_t)x;
641 if (cbor_decode_uint64(val, &x) < 0 || x > UINT8_MAX) {
642 fido_log_debug("%s: cbor_decode_uint64", __func__);
645 i->max_samples = (uint8_t)x;
648 return (0); /* ignore */
655 bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int *ms)
657 unsigned char reply[FIDO_MAXMSG];
663 if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
665 fido_log_debug("%s: fido_rx", __func__);
666 return (FIDO_ERR_RX);
669 if ((r = cbor_parse_reply(reply, (size_t)reply_len, i,
670 bio_parse_info)) != FIDO_OK) {
671 fido_log_debug("%s: bio_parse_info" , __func__);
679 bio_get_info_wait(fido_dev_t *dev, fido_bio_info_t *i, int *ms)
683 if ((r = bio_tx(dev, CMD_GET_INFO, NULL, 0, NULL, NULL,
685 (r = bio_rx_info(dev, i, ms)) != FIDO_OK) {
686 fido_log_debug("%s: tx/rx", __func__);
694 fido_bio_dev_get_info(fido_dev_t *dev, fido_bio_info_t *i)
696 int ms = dev->timeout_ms;
698 return (bio_get_info_wait(dev, i, &ms));
702 fido_bio_template_name(const fido_bio_template_t *t)
707 const unsigned char *
708 fido_bio_template_id_ptr(const fido_bio_template_t *t)
714 fido_bio_template_id_len(const fido_bio_template_t *t)
720 fido_bio_template_array_count(const fido_bio_template_array_t *ta)
725 fido_bio_template_array_t *
726 fido_bio_template_array_new(void)
728 return (calloc(1, sizeof(fido_bio_template_array_t)));
731 fido_bio_template_t *
732 fido_bio_template_new(void)
734 return (calloc(1, sizeof(fido_bio_template_t)));
738 fido_bio_template_array_free(fido_bio_template_array_t **tap)
740 fido_bio_template_array_t *ta;
742 if (tap == NULL || (ta = *tap) == NULL)
745 bio_reset_template_array(ta);
751 fido_bio_template_free(fido_bio_template_t **tp)
753 fido_bio_template_t *t;
755 if (tp == NULL || (t = *tp) == NULL)
758 bio_reset_template(t);
764 fido_bio_template_set_name(fido_bio_template_t *t, const char *name)
769 if (name && (t->name = strdup(name)) == NULL)
770 return (FIDO_ERR_INTERNAL);
776 fido_bio_template_set_id(fido_bio_template_t *t, const unsigned char *ptr,
779 fido_blob_reset(&t->id);
781 if (ptr && fido_blob_set(&t->id, ptr, len) < 0)
782 return (FIDO_ERR_INTERNAL);
787 const fido_bio_template_t *
788 fido_bio_template(const fido_bio_template_array_t *ta, size_t idx)
790 if (idx >= ta->n_alloc)
793 return (&ta->ptr[idx]);
797 fido_bio_enroll_new(void)
799 return (calloc(1, sizeof(fido_bio_enroll_t)));
803 fido_bio_info_new(void)
805 return (calloc(1, sizeof(fido_bio_info_t)));
809 fido_bio_info_type(const fido_bio_info_t *i)
815 fido_bio_info_max_samples(const fido_bio_info_t *i)
817 return (i->max_samples);
821 fido_bio_enroll_free(fido_bio_enroll_t **ep)
823 fido_bio_enroll_t *e;
825 if (ep == NULL || (e = *ep) == NULL)
835 fido_bio_info_free(fido_bio_info_t **ip)
839 if (ip == NULL || (i = *ip) == NULL)
847 fido_bio_enroll_remaining_samples(const fido_bio_enroll_t *e)
849 return (e->remaining_samples);
853 fido_bio_enroll_last_status(const fido_bio_enroll_t *e)
855 return (e->last_status);
projects / FreeBSD / FreeBSD.git / blob