2 * Copyright (c) 2018 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
7 #include <openssl/sha.h>
8 #include <openssl/x509.h>
11 #include "fido/es256.h"
14 parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg)
16 fido_cred_t *cred = arg;
18 if (cbor_isa_uint(key) == false ||
19 cbor_int_get_width(key) != CBOR_INT_8) {
20 fido_log_debug("%s: cbor type", __func__);
21 return (0); /* ignore */
24 switch (cbor_get_uint8(key)) {
26 return (cbor_decode_fmt(val, &cred->fmt));
27 case 2: /* authdata */
28 if (fido_blob_decode(val, &cred->authdata_raw) < 0) {
29 fido_log_debug("%s: fido_blob_decode", __func__);
32 return (cbor_decode_cred_authdata(val, cred->type,
33 &cred->authdata_cbor, &cred->authdata, &cred->attcred,
34 &cred->authdata_ext));
35 case 3: /* attestation statement */
36 return (cbor_decode_attstmt(val, &cred->attstmt));
37 case 5: /* large blob key */
38 return (fido_blob_decode(val, &cred->largeblob_key));
40 fido_log_debug("%s: cbor type", __func__);
46 fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
49 fido_blob_t *ecdh = NULL;
50 fido_opt_t uv = cred->uv;
51 es256_pk_t *pk = NULL;
53 const uint8_t cmd = CTAP_CBOR_MAKECRED;
56 memset(&f, 0, sizeof(f));
57 memset(argv, 0, sizeof(argv));
59 if (cred->cdh.ptr == NULL || cred->type == 0) {
60 fido_log_debug("%s: cdh=%p, type=%d", __func__,
61 (void *)cred->cdh.ptr, cred->type);
62 r = FIDO_ERR_INVALID_ARGUMENT;
66 if ((argv[0] = fido_blob_encode(&cred->cdh)) == NULL ||
67 (argv[1] = cbor_encode_rp_entity(&cred->rp)) == NULL ||
68 (argv[2] = cbor_encode_user_entity(&cred->user)) == NULL ||
69 (argv[3] = cbor_encode_pubkey_param(cred->type)) == NULL) {
70 fido_log_debug("%s: cbor encode", __func__);
71 r = FIDO_ERR_INTERNAL;
75 /* excluded credentials */
77 if ((argv[4] = cbor_encode_pubkey_list(&cred->excl)) == NULL) {
78 fido_log_debug("%s: cbor_encode_pubkey_list", __func__);
79 r = FIDO_ERR_INTERNAL;
85 if ((argv[5] = cbor_encode_cred_ext(&cred->ext,
86 &cred->blob)) == NULL) {
87 fido_log_debug("%s: cbor_encode_cred_ext", __func__);
88 r = FIDO_ERR_INTERNAL;
92 /* user verification */
93 if (pin != NULL || (uv == FIDO_OPT_TRUE &&
94 fido_dev_supports_permissions(dev))) {
95 if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) {
96 fido_log_debug("%s: fido_do_ecdh", __func__);
99 if ((r = cbor_add_uv_params(dev, cmd, &cred->cdh, pk, ecdh,
100 pin, cred->rp.id, &argv[7], &argv[8])) != FIDO_OK) {
101 fido_log_debug("%s: cbor_add_uv_params", __func__);
108 if (cred->rk != FIDO_OPT_OMIT || uv != FIDO_OPT_OMIT)
109 if ((argv[6] = cbor_encode_cred_opt(cred->rk, uv)) == NULL) {
110 fido_log_debug("%s: cbor_encode_cred_opt", __func__);
111 r = FIDO_ERR_INTERNAL;
115 /* framing and transmission */
116 if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 ||
117 fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) {
118 fido_log_debug("%s: fido_tx", __func__);
126 fido_blob_free(&ecdh);
127 cbor_vector_free(argv, nitems(argv));
134 fido_dev_make_cred_rx(fido_dev_t *dev, fido_cred_t *cred, int ms)
136 unsigned char reply[FIDO_MAXMSG];
140 fido_cred_reset_rx(cred);
142 if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply),
144 fido_log_debug("%s: fido_rx", __func__);
145 return (FIDO_ERR_RX);
148 if ((r = cbor_parse_reply(reply, (size_t)reply_len, cred,
149 parse_makecred_reply)) != FIDO_OK) {
150 fido_log_debug("%s: parse_makecred_reply", __func__);
154 if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) ||
155 fido_blob_is_empty(&cred->attcred.id)) {
156 fido_cred_reset_rx(cred);
157 return (FIDO_ERR_INVALID_CBOR);
164 fido_dev_make_cred_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin,
169 if ((r = fido_dev_make_cred_tx(dev, cred, pin)) != FIDO_OK ||
170 (r = fido_dev_make_cred_rx(dev, cred, ms)) != FIDO_OK)
177 fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
180 if (dev->flags & FIDO_DEV_WINHELLO)
181 return (fido_winhello_make_cred(dev, cred, pin));
183 if (fido_dev_is_fido2(dev) == false) {
184 if (pin != NULL || cred->rk == FIDO_OPT_TRUE ||
186 return (FIDO_ERR_UNSUPPORTED_OPTION);
187 return (u2f_register(dev, cred, -1));
190 return (fido_dev_make_cred_wait(dev, cred, pin, -1));
194 check_extensions(const fido_cred_ext_t *authdata_ext,
195 const fido_cred_ext_t *ext)
199 /* XXX: largeBlobKey is not part of the extensions map */
200 memcpy(&tmp, ext, sizeof(tmp));
201 tmp.mask &= ~FIDO_EXT_LARGEBLOB_KEY;
203 return (timingsafe_bcmp(authdata_ext, &tmp, sizeof(*authdata_ext)));
207 fido_check_rp_id(const char *id, const unsigned char *obtained_hash)
209 unsigned char expected_hash[SHA256_DIGEST_LENGTH];
211 explicit_bzero(expected_hash, sizeof(expected_hash));
213 if (SHA256((const unsigned char *)id, strlen(id),
214 expected_hash) != expected_hash) {
215 fido_log_debug("%s: sha256", __func__);
219 return (timingsafe_bcmp(expected_hash, obtained_hash,
220 SHA256_DIGEST_LENGTH));
224 get_signed_hash_u2f(fido_blob_t *dgst, const unsigned char *rp_id,
225 size_t rp_id_len, const fido_blob_t *clientdata, const fido_blob_t *id,
226 const es256_pk_t *pk)
228 const uint8_t zero = 0;
229 const uint8_t four = 4; /* uncompressed point */
232 if (dgst->len != SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 ||
233 SHA256_Update(&ctx, &zero, sizeof(zero)) == 0 ||
234 SHA256_Update(&ctx, rp_id, rp_id_len) == 0 ||
235 SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 ||
236 SHA256_Update(&ctx, id->ptr, id->len) == 0 ||
237 SHA256_Update(&ctx, &four, sizeof(four)) == 0 ||
238 SHA256_Update(&ctx, pk->x, sizeof(pk->x)) == 0 ||
239 SHA256_Update(&ctx, pk->y, sizeof(pk->y)) == 0 ||
240 SHA256_Final(dgst->ptr, &ctx) == 0) {
241 fido_log_debug("%s: sha256", __func__);
249 verify_sig(const fido_blob_t *dgst, const fido_blob_t *x5c,
250 const fido_blob_t *sig)
254 EVP_PKEY *pkey = NULL;
258 /* openssl needs ints */
259 if (dgst->len > INT_MAX || x5c->len > INT_MAX || sig->len > INT_MAX) {
260 fido_log_debug("%s: dgst->len=%zu, x5c->len=%zu, sig->len=%zu",
261 __func__, dgst->len, x5c->len, sig->len);
265 /* fetch key from x509 */
266 if ((rawcert = BIO_new_mem_buf(x5c->ptr, (int)x5c->len)) == NULL ||
267 (cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
268 (pkey = X509_get_pubkey(cert)) == NULL ||
269 (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
270 fido_log_debug("%s: x509 key", __func__);
274 if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr,
275 (int)sig->len, ec) != 1) {
276 fido_log_debug("%s: ECDSA_verify", __func__);
293 fido_cred_verify(const fido_cred_t *cred)
295 unsigned char buf[SHA256_DIGEST_LENGTH];
300 dgst.len = sizeof(buf);
302 /* do we have everything we need? */
303 if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL ||
304 cred->attstmt.x5c.ptr == NULL || cred->attstmt.sig.ptr == NULL ||
305 cred->fmt == NULL || cred->attcred.id.ptr == NULL ||
306 cred->rp.id == NULL) {
307 fido_log_debug("%s: cdh=%p, authdata=%p, x5c=%p, sig=%p, "
308 "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr,
309 (void *)cred->authdata_cbor.ptr,
310 (void *)cred->attstmt.x5c.ptr,
311 (void *)cred->attstmt.sig.ptr, (void *)cred->fmt,
312 (void *)cred->attcred.id.ptr, cred->rp.id);
313 r = FIDO_ERR_INVALID_ARGUMENT;
317 if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) {
318 fido_log_debug("%s: fido_check_rp_id", __func__);
319 r = FIDO_ERR_INVALID_PARAM;
323 if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE,
325 fido_log_debug("%s: fido_check_flags", __func__);
326 r = FIDO_ERR_INVALID_PARAM;
330 if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) {
331 fido_log_debug("%s: check_extensions", __func__);
332 r = FIDO_ERR_INVALID_PARAM;
336 if (!strcmp(cred->fmt, "packed")) {
337 if (fido_get_signed_hash(COSE_ES256, &dgst, &cred->cdh,
338 &cred->authdata_cbor) < 0) {
339 fido_log_debug("%s: fido_get_signed_hash", __func__);
340 r = FIDO_ERR_INTERNAL;
343 } else if (!strcmp(cred->fmt, "fido-u2f")) {
344 if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash,
345 sizeof(cred->authdata.rp_id_hash), &cred->cdh,
346 &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) {
347 fido_log_debug("%s: get_signed_hash_u2f", __func__);
348 r = FIDO_ERR_INTERNAL;
352 fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt);
353 r = FIDO_ERR_INVALID_ARGUMENT;
357 if (verify_sig(&dgst, &cred->attstmt.x5c, &cred->attstmt.sig) < 0) {
358 fido_log_debug("%s: verify_sig", __func__);
359 r = FIDO_ERR_INVALID_SIG;
365 explicit_bzero(buf, sizeof(buf));
371 fido_cred_verify_self(const fido_cred_t *cred)
373 unsigned char buf[1024]; /* XXX */
379 dgst.len = sizeof(buf);
381 /* do we have everything we need? */
382 if (cred->cdh.ptr == NULL || cred->authdata_cbor.ptr == NULL ||
383 cred->attstmt.x5c.ptr != NULL || cred->attstmt.sig.ptr == NULL ||
384 cred->fmt == NULL || cred->attcred.id.ptr == NULL ||
385 cred->rp.id == NULL) {
386 fido_log_debug("%s: cdh=%p, authdata=%p, x5c=%p, sig=%p, "
387 "fmt=%p id=%p, rp.id=%s", __func__, (void *)cred->cdh.ptr,
388 (void *)cred->authdata_cbor.ptr,
389 (void *)cred->attstmt.x5c.ptr,
390 (void *)cred->attstmt.sig.ptr, (void *)cred->fmt,
391 (void *)cred->attcred.id.ptr, cred->rp.id);
392 r = FIDO_ERR_INVALID_ARGUMENT;
396 if (fido_check_rp_id(cred->rp.id, cred->authdata.rp_id_hash) != 0) {
397 fido_log_debug("%s: fido_check_rp_id", __func__);
398 r = FIDO_ERR_INVALID_PARAM;
402 if (fido_check_flags(cred->authdata.flags, FIDO_OPT_TRUE,
404 fido_log_debug("%s: fido_check_flags", __func__);
405 r = FIDO_ERR_INVALID_PARAM;
409 if (check_extensions(&cred->authdata_ext, &cred->ext) != 0) {
410 fido_log_debug("%s: check_extensions", __func__);
411 r = FIDO_ERR_INVALID_PARAM;
415 if (!strcmp(cred->fmt, "packed")) {
416 if (fido_get_signed_hash(cred->attcred.type, &dgst, &cred->cdh,
417 &cred->authdata_cbor) < 0) {
418 fido_log_debug("%s: fido_get_signed_hash", __func__);
419 r = FIDO_ERR_INTERNAL;
422 } else if (!strcmp(cred->fmt, "fido-u2f")) {
423 if (get_signed_hash_u2f(&dgst, cred->authdata.rp_id_hash,
424 sizeof(cred->authdata.rp_id_hash), &cred->cdh,
425 &cred->attcred.id, &cred->attcred.pubkey.es256) < 0) {
426 fido_log_debug("%s: get_signed_hash_u2f", __func__);
427 r = FIDO_ERR_INTERNAL;
431 fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt);
432 r = FIDO_ERR_INVALID_ARGUMENT;
436 switch (cred->attcred.type) {
438 ok = fido_verify_sig_es256(&dgst, &cred->attcred.pubkey.es256,
442 ok = fido_verify_sig_rs256(&dgst, &cred->attcred.pubkey.rs256,
446 ok = fido_verify_sig_eddsa(&dgst, &cred->attcred.pubkey.eddsa,
450 fido_log_debug("%s: unsupported cose_alg %d", __func__,
452 r = FIDO_ERR_UNSUPPORTED_OPTION;
457 r = FIDO_ERR_INVALID_SIG;
462 explicit_bzero(buf, sizeof(buf));
470 return (calloc(1, sizeof(fido_cred_t)));
474 fido_cred_clean_authdata(fido_cred_t *cred)
476 fido_blob_reset(&cred->authdata_cbor);
477 fido_blob_reset(&cred->authdata_raw);
478 fido_blob_reset(&cred->attcred.id);
480 memset(&cred->authdata_ext, 0, sizeof(cred->authdata_ext));
481 memset(&cred->authdata, 0, sizeof(cred->authdata));
482 memset(&cred->attcred, 0, sizeof(cred->attcred));
486 fido_cred_reset_tx(fido_cred_t *cred)
488 fido_blob_reset(&cred->cd);
489 fido_blob_reset(&cred->cdh);
490 fido_blob_reset(&cred->user.id);
491 fido_blob_reset(&cred->blob);
495 free(cred->user.icon);
496 free(cred->user.name);
497 free(cred->user.display_name);
498 fido_free_blob_array(&cred->excl);
500 memset(&cred->rp, 0, sizeof(cred->rp));
501 memset(&cred->user, 0, sizeof(cred->user));
502 memset(&cred->excl, 0, sizeof(cred->excl));
503 memset(&cred->ext, 0, sizeof(cred->ext));
506 cred->rk = FIDO_OPT_OMIT;
507 cred->uv = FIDO_OPT_OMIT;
511 fido_cred_reset_rx(fido_cred_t *cred)
515 fido_cred_clean_authdata(cred);
516 fido_blob_reset(&cred->attstmt.x5c);
517 fido_blob_reset(&cred->attstmt.sig);
518 fido_blob_reset(&cred->largeblob_key);
522 fido_cred_free(fido_cred_t **cred_p)
526 if (cred_p == NULL || (cred = *cred_p) == NULL)
528 fido_cred_reset_tx(cred);
529 fido_cred_reset_rx(cred);
535 fido_cred_set_authdata(fido_cred_t *cred, const unsigned char *ptr, size_t len)
537 cbor_item_t *item = NULL;
538 struct cbor_load_result cbor;
539 int r = FIDO_ERR_INVALID_ARGUMENT;
541 fido_cred_clean_authdata(cred);
543 if (ptr == NULL || len == 0)
546 if ((item = cbor_load(ptr, len, &cbor)) == NULL) {
547 fido_log_debug("%s: cbor_load", __func__);
551 if (fido_blob_decode(item, &cred->authdata_raw) < 0) {
552 fido_log_debug("%s: fido_blob_decode", __func__);
556 if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor,
557 &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) {
558 fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
568 fido_cred_clean_authdata(cred);
575 fido_cred_set_authdata_raw(fido_cred_t *cred, const unsigned char *ptr,
578 cbor_item_t *item = NULL;
579 int r = FIDO_ERR_INVALID_ARGUMENT;
581 fido_cred_clean_authdata(cred);
583 if (ptr == NULL || len == 0)
586 if (fido_blob_set(&cred->authdata_raw, ptr, len) < 0) {
587 fido_log_debug("%s: fido_blob_set", __func__);
588 r = FIDO_ERR_INTERNAL;
592 if ((item = cbor_build_bytestring(ptr, len)) == NULL) {
593 fido_log_debug("%s: cbor_build_bytestring", __func__);
594 r = FIDO_ERR_INTERNAL;
598 if (cbor_decode_cred_authdata(item, cred->type, &cred->authdata_cbor,
599 &cred->authdata, &cred->attcred, &cred->authdata_ext) < 0) {
600 fido_log_debug("%s: cbor_decode_cred_authdata", __func__);
610 fido_cred_clean_authdata(cred);
617 fido_cred_set_id(fido_cred_t *cred, const unsigned char *ptr, size_t len)
619 if (fido_blob_set(&cred->attcred.id, ptr, len) < 0)
620 return (FIDO_ERR_INVALID_ARGUMENT);
626 fido_cred_set_x509(fido_cred_t *cred, const unsigned char *ptr, size_t len)
628 if (fido_blob_set(&cred->attstmt.x5c, ptr, len) < 0)
629 return (FIDO_ERR_INVALID_ARGUMENT);
635 fido_cred_set_sig(fido_cred_t *cred, const unsigned char *ptr, size_t len)
637 if (fido_blob_set(&cred->attstmt.sig, ptr, len) < 0)
638 return (FIDO_ERR_INVALID_ARGUMENT);
644 fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
647 fido_blob_t *list_ptr;
649 memset(&id_blob, 0, sizeof(id_blob));
651 if (fido_blob_set(&id_blob, id_ptr, id_len) < 0)
652 return (FIDO_ERR_INVALID_ARGUMENT);
654 if (cred->excl.len == SIZE_MAX) {
656 return (FIDO_ERR_INVALID_ARGUMENT);
659 if ((list_ptr = recallocarray(cred->excl.ptr, cred->excl.len,
660 cred->excl.len + 1, sizeof(fido_blob_t))) == NULL) {
662 return (FIDO_ERR_INTERNAL);
665 list_ptr[cred->excl.len++] = id_blob;
666 cred->excl.ptr = list_ptr;
672 fido_cred_set_clientdata(fido_cred_t *cred, const unsigned char *data,
675 if (!fido_blob_is_empty(&cred->cdh) ||
676 fido_blob_set(&cred->cd, data, data_len) < 0) {
677 return (FIDO_ERR_INVALID_ARGUMENT);
679 if (fido_sha256(&cred->cdh, data, data_len) < 0) {
680 fido_blob_reset(&cred->cd);
681 return (FIDO_ERR_INTERNAL);
688 fido_cred_set_clientdata_hash(fido_cred_t *cred, const unsigned char *hash,
691 if (!fido_blob_is_empty(&cred->cd) ||
692 fido_blob_set(&cred->cdh, hash, hash_len) < 0)
693 return (FIDO_ERR_INVALID_ARGUMENT);
699 fido_cred_set_rp(fido_cred_t *cred, const char *id, const char *name)
701 fido_rp_t *rp = &cred->rp;
703 if (rp->id != NULL) {
707 if (rp->name != NULL) {
712 if (id != NULL && (rp->id = strdup(id)) == NULL)
714 if (name != NULL && (rp->name = strdup(name)) == NULL)
724 return (FIDO_ERR_INTERNAL);
728 fido_cred_set_user(fido_cred_t *cred, const unsigned char *user_id,
729 size_t user_id_len, const char *name, const char *display_name,
732 fido_user_t *up = &cred->user;
734 if (up->id.ptr != NULL) {
739 if (up->name != NULL) {
743 if (up->display_name != NULL) {
744 free(up->display_name);
745 up->display_name = NULL;
747 if (up->icon != NULL) {
752 if (user_id != NULL && fido_blob_set(&up->id, user_id, user_id_len) < 0)
754 if (name != NULL && (up->name = strdup(name)) == NULL)
756 if (display_name != NULL &&
757 (up->display_name = strdup(display_name)) == NULL)
759 if (icon != NULL && (up->icon = strdup(icon)) == NULL)
766 free(up->display_name);
772 up->display_name = NULL;
775 return (FIDO_ERR_INTERNAL);
779 fido_cred_set_extensions(fido_cred_t *cred, int ext)
784 if ((ext & FIDO_EXT_CRED_MASK) != ext)
785 return (FIDO_ERR_INVALID_ARGUMENT);
786 cred->ext.mask |= ext;
793 fido_cred_set_options(fido_cred_t *cred, bool rk, bool uv)
795 cred->rk = rk ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
796 cred->uv = uv ? FIDO_OPT_TRUE : FIDO_OPT_FALSE;
802 fido_cred_set_rk(fido_cred_t *cred, fido_opt_t rk)
810 fido_cred_set_uv(fido_cred_t *cred, fido_opt_t uv)
818 fido_cred_set_prot(fido_cred_t *cred, int prot)
821 cred->ext.mask &= ~FIDO_EXT_CRED_PROTECT;
824 if (prot != FIDO_CRED_PROT_UV_OPTIONAL &&
825 prot != FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID &&
826 prot != FIDO_CRED_PROT_UV_REQUIRED)
827 return (FIDO_ERR_INVALID_ARGUMENT);
829 cred->ext.mask |= FIDO_EXT_CRED_PROTECT;
830 cred->ext.prot = prot;
837 fido_cred_set_blob(fido_cred_t *cred, const unsigned char *ptr, size_t len)
839 if (ptr == NULL || len == 0)
840 return (FIDO_ERR_INVALID_ARGUMENT);
841 if (fido_blob_set(&cred->blob, ptr, len) < 0)
842 return (FIDO_ERR_INTERNAL);
844 cred->ext.mask |= FIDO_EXT_CRED_BLOB;
850 fido_cred_set_fmt(fido_cred_t *cred, const char *fmt)
856 return (FIDO_ERR_INVALID_ARGUMENT);
858 if (strcmp(fmt, "packed") && strcmp(fmt, "fido-u2f") &&
860 return (FIDO_ERR_INVALID_ARGUMENT);
862 if ((cred->fmt = strdup(fmt)) == NULL)
863 return (FIDO_ERR_INTERNAL);
869 fido_cred_set_type(fido_cred_t *cred, int cose_alg)
871 if ((cose_alg != COSE_ES256 && cose_alg != COSE_RS256 &&
872 cose_alg != COSE_EDDSA) || cred->type != 0)
873 return (FIDO_ERR_INVALID_ARGUMENT);
875 cred->type = cose_alg;
881 fido_cred_type(const fido_cred_t *cred)
887 fido_cred_flags(const fido_cred_t *cred)
889 return (cred->authdata.flags);
893 fido_cred_sigcount(const fido_cred_t *cred)
895 return (cred->authdata.sigcount);
898 const unsigned char *
899 fido_cred_clientdata_hash_ptr(const fido_cred_t *cred)
901 return (cred->cdh.ptr);
905 fido_cred_clientdata_hash_len(const fido_cred_t *cred)
907 return (cred->cdh.len);
910 const unsigned char *
911 fido_cred_x5c_ptr(const fido_cred_t *cred)
913 return (cred->attstmt.x5c.ptr);
917 fido_cred_x5c_len(const fido_cred_t *cred)
919 return (cred->attstmt.x5c.len);
922 const unsigned char *
923 fido_cred_sig_ptr(const fido_cred_t *cred)
925 return (cred->attstmt.sig.ptr);
929 fido_cred_sig_len(const fido_cred_t *cred)
931 return (cred->attstmt.sig.len);
934 const unsigned char *
935 fido_cred_authdata_ptr(const fido_cred_t *cred)
937 return (cred->authdata_cbor.ptr);
941 fido_cred_authdata_len(const fido_cred_t *cred)
943 return (cred->authdata_cbor.len);
946 const unsigned char *
947 fido_cred_authdata_raw_ptr(const fido_cred_t *cred)
949 return (cred->authdata_raw.ptr);
953 fido_cred_authdata_raw_len(const fido_cred_t *cred)
955 return (cred->authdata_raw.len);
958 const unsigned char *
959 fido_cred_pubkey_ptr(const fido_cred_t *cred)
963 switch (cred->attcred.type) {
965 ptr = &cred->attcred.pubkey.es256;
968 ptr = &cred->attcred.pubkey.rs256;
971 ptr = &cred->attcred.pubkey.eddsa;
982 fido_cred_pubkey_len(const fido_cred_t *cred)
986 switch (cred->attcred.type) {
988 len = sizeof(cred->attcred.pubkey.es256);
991 len = sizeof(cred->attcred.pubkey.rs256);
994 len = sizeof(cred->attcred.pubkey.eddsa);
1004 const unsigned char *
1005 fido_cred_id_ptr(const fido_cred_t *cred)
1007 return (cred->attcred.id.ptr);
1011 fido_cred_id_len(const fido_cred_t *cred)
1013 return (cred->attcred.id.len);
1016 const unsigned char *
1017 fido_cred_aaguid_ptr(const fido_cred_t *cred)
1019 return (cred->attcred.aaguid);
1023 fido_cred_aaguid_len(const fido_cred_t *cred)
1025 return (sizeof(cred->attcred.aaguid));
1029 fido_cred_prot(const fido_cred_t *cred)
1031 return (cred->ext.prot);
1035 fido_cred_fmt(const fido_cred_t *cred)
1041 fido_cred_rp_id(const fido_cred_t *cred)
1043 return (cred->rp.id);
1047 fido_cred_rp_name(const fido_cred_t *cred)
1049 return (cred->rp.name);
1053 fido_cred_user_name(const fido_cred_t *cred)
1055 return (cred->user.name);
1059 fido_cred_display_name(const fido_cred_t *cred)
1061 return (cred->user.display_name);
1064 const unsigned char *
1065 fido_cred_user_id_ptr(const fido_cred_t *cred)
1067 return (cred->user.id.ptr);
1071 fido_cred_user_id_len(const fido_cred_t *cred)
1073 return (cred->user.id.len);
1076 const unsigned char *
1077 fido_cred_largeblob_key_ptr(const fido_cred_t *cred)
1079 return (cred->largeblob_key.ptr);
1083 fido_cred_largeblob_key_len(const fido_cred_t *cred)
1085 return (cred->largeblob_key.len);