Zephyr API Documentation 4.4.99
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
fido2_types.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2026 Siratul Islam <email@sirat.me>
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
11
12#ifndef ZEPHYR_INCLUDE_AUTHENTICATION_FIDO2_FIDO2_TYPES_H_
13#define ZEPHYR_INCLUDE_AUTHENTICATION_FIDO2_FIDO2_TYPES_H_
14
15#include <stddef.h>
16#include <stdint.h>
17#include <stdbool.h>
18#include <zephyr/sys/util.h>
19
25
26#ifdef __cplusplus
27extern "C" {
28#endif
29
31#define FIDO2_CREDENTIAL_ID_MAX_SIZE 128
32
34#define FIDO2_RP_ID_MAX_LEN 128
35
37#define FIDO2_RP_NAME_MAX_LEN 64
38
40#define FIDO2_USER_NAME_MAX_LEN 64
41
43#define FIDO2_USER_DISPLAY_NAME_MAX_LEN 64
44
46#define FIDO2_USER_ID_MAX_SIZE 64
47
49#define FIDO2_AAGUID_SIZE 16
50
52#define FIDO2_SHA256_SIZE 32
53
55#define FIDO2_PIN_HASH_SIZE 16
56
58#define FIDO2_DISCOVERABLE_CRED_ID_SIZE 32
59
61#define FIDO2_NON_DISCOVERABLE_CRED_ID_SIZE 64
62
64#define FIDO2_AUTH_DATA_HEADER_SIZE 37
65
67#define FIDO2_ATTESTED_CRED_DATA_MAX_SIZE \
68 (FIDO2_AAGUID_SIZE + 2 + FIDO2_CREDENTIAL_ID_MAX_SIZE + FIDO2_COSE_KEY_MAX_SIZE)
69
71#define FIDO2_AUTH_DATA_MAX_SIZE (FIDO2_AUTH_DATA_HEADER_SIZE + FIDO2_ATTESTED_CRED_DATA_MAX_SIZE)
72
74#define FIDO2_MAX_EXTENSIONS 8
75
77#define FIDO2_MAX_VERSIONS 4
78
80#define FIDO2_EXT_HMAC_SECRET BIT(0)
82#define FIDO2_EXT_LARGE_BLOB_KEY BIT(1)
84#define FIDO2_EXT_CRED_BLOB BIT(2)
86#define FIDO2_EXT_THIRD_PARTY_PAY BIT(3)
87
89#define FIDO2_TRANSPORT_USB BIT(0)
91#define FIDO2_TRANSPORT_BLE BIT(1)
93#define FIDO2_TRANSPORT_NFC BIT(2)
94
96#define AUTH_DATA_FLAG_UP BIT(0)
98#define AUTH_DATA_FLAG_UV BIT(2)
100#define AUTH_DATA_FLAG_AT BIT(6)
102#define AUTH_DATA_FLAG_ED BIT(7)
103
105enum fido2_status {
106 FIDO2_OK = 0x00,
107 FIDO2_ERR_INVALID_COMMAND = 0x01,
108 FIDO2_ERR_INVALID_PARAMETER = 0x02,
109 FIDO2_ERR_INVALID_LENGTH = 0x03,
110 FIDO2_ERR_INVALID_SEQ = 0x04,
111 FIDO2_ERR_TIMEOUT = 0x05,
112 FIDO2_ERR_CHANNEL_BUSY = 0x06,
113 FIDO2_ERR_LOCK_REQUIRED = 0x0A,
114 FIDO2_ERR_INVALID_CHANNEL = 0x0B,
115 FIDO2_ERR_CBOR_UNEXPECTED_TYPE = 0x11,
116 FIDO2_ERR_INVALID_CBOR = 0x12,
117 FIDO2_ERR_MISSING_PARAMETER = 0x14,
118 FIDO2_ERR_LIMIT_EXCEEDED = 0x15,
119 FIDO2_ERR_UNSUPPORTED_EXTENSION = 0x16,
120 FIDO2_ERR_FP_DATABASE_FULL = 0x17,
121 FIDO2_ERR_LARGE_BLOB_STORAGE_FULL = 0x18,
122 FIDO2_ERR_CREDENTIAL_EXCLUDED = 0x19,
123 FIDO2_ERR_PROCESSING = 0x21,
124 FIDO2_ERR_INVALID_CREDENTIAL = 0x22,
125 FIDO2_ERR_USER_ACTION_PENDING = 0x23,
126 FIDO2_ERR_OPERATION_PENDING = 0x24,
127 FIDO2_ERR_NO_OPERATIONS = 0x25,
128 FIDO2_ERR_UNSUPPORTED_ALGORITHM = 0x26,
129 FIDO2_ERR_OPERATION_DENIED = 0x27,
130 FIDO2_ERR_KEY_STORE_FULL = 0x28,
131 FIDO2_ERR_UNSUPPORTED_OPTION = 0x2B,
132 FIDO2_ERR_INVALID_OPTION = 0x2C,
133 FIDO2_ERR_KEEPALIVE_CANCEL = 0x2D,
134 FIDO2_ERR_NO_CREDENTIALS = 0x2E,
135 FIDO2_ERR_USER_ACTION_TIMEOUT = 0x2F,
136 FIDO2_ERR_NOT_ALLOWED = 0x30,
137 FIDO2_ERR_PIN_INVALID = 0x31,
138 FIDO2_ERR_PIN_BLOCKED = 0x32,
139 FIDO2_ERR_PIN_AUTH_INVALID = 0x33,
140 FIDO2_ERR_PIN_AUTH_BLOCKED = 0x34,
141 FIDO2_ERR_PIN_NOT_SET = 0x35,
142 FIDO2_ERR_PUAT_REQUIRED = 0x36,
143 FIDO2_ERR_PIN_POLICY_VIOLATION = 0x37,
144 FIDO2_ERR_RESERVED = 0x38,
145 FIDO2_ERR_REQUEST_TOO_LARGE = 0x39,
146 FIDO2_ERR_ACTION_TIMEOUT = 0x3A,
147 FIDO2_ERR_UP_REQUIRED = 0x3B,
148 FIDO2_ERR_UV_BLOCKED = 0x3C,
149 FIDO2_ERR_INTEGRITY_FAILURE = 0x3D,
150 FIDO2_ERR_INVALID_SUBCOMMAND = 0x3E,
151 FIDO2_ERR_UV_INVALID = 0x3F,
152 FIDO2_ERR_UNAUTHORIZED_PERMISSION = 0x40,
153 FIDO2_ERR_OTHER = 0x7F,
154};
155
167
177
184
218
263
264#ifdef __cplusplus
265}
266#endif
267
269
270#endif /* ZEPHYR_INCLUDE_AUTHENTICATION_FIDO2_FIDO2_TYPES_H_ */
FIDO2_ERR_OPERATION_PENDING
@ FIDO2_ERR_OPERATION_PENDING
Operation pending.
Definition fido2_types.h:126
FIDO2_ERR_INVALID_OPTION
@ FIDO2_ERR_INVALID_OPTION
Option value invalid for this operation.
Definition fido2_types.h:132
FIDO2_ERR_PIN_BLOCKED
@ FIDO2_ERR_PIN_BLOCKED
PIN blocked.
Definition fido2_types.h:138
FIDO2_ERR_REQUEST_TOO_LARGE
@ FIDO2_ERR_REQUEST_TOO_LARGE
Request exceeds maxMsgSize.
Definition fido2_types.h:145
FIDO2_ERR_PROCESSING
@ FIDO2_ERR_PROCESSING
Processing.
Definition fido2_types.h:123
FIDO2_ERR_CBOR_UNEXPECTED_TYPE
@ FIDO2_ERR_CBOR_UNEXPECTED_TYPE
Unexpected CBOR type.
Definition fido2_types.h:115
FIDO2_ERR_INVALID_CHANNEL
@ FIDO2_ERR_INVALID_CHANNEL
Invalid channel.
Definition fido2_types.h:114
FIDO2_ERR_KEEPALIVE_CANCEL
@ FIDO2_ERR_KEEPALIVE_CANCEL
Keepalive cancelled by platform.
Definition fido2_types.h:133
FIDO2_ERR_UNSUPPORTED_ALGORITHM
@ FIDO2_ERR_UNSUPPORTED_ALGORITHM
Unsupported algorithm.
Definition fido2_types.h:128
FIDO2_ERR_ACTION_TIMEOUT
@ FIDO2_ERR_ACTION_TIMEOUT
Platform response timed out.
Definition fido2_types.h:146
FIDO2_ERR_NO_OPERATIONS
@ FIDO2_ERR_NO_OPERATIONS
No operations pending.
Definition fido2_types.h:127
FIDO2_ERR_USER_ACTION_TIMEOUT
@ FIDO2_ERR_USER_ACTION_TIMEOUT
User action timed out.
Definition fido2_types.h:135
FIDO2_ERR_INTEGRITY_FAILURE
@ FIDO2_ERR_INTEGRITY_FAILURE
Authenticator integrity check failed.
Definition fido2_types.h:149
FIDO2_ERR_INVALID_CREDENTIAL
@ FIDO2_ERR_INVALID_CREDENTIAL
Invalid credential.
Definition fido2_types.h:124
FIDO2_ERR_OPERATION_DENIED
@ FIDO2_ERR_OPERATION_DENIED
Operation denied.
Definition fido2_types.h:129
FIDO2_ERR_INVALID_SUBCOMMAND
@ FIDO2_ERR_INVALID_SUBCOMMAND
Invalid subcommand for this command.
Definition fido2_types.h:150
FIDO2_ERR_PIN_AUTH_BLOCKED
@ FIDO2_ERR_PIN_AUTH_BLOCKED
PIN auth blocked.
Definition fido2_types.h:140
FIDO2_ERR_PUAT_REQUIRED
@ FIDO2_ERR_PUAT_REQUIRED
PIN/UV auth token required.
Definition fido2_types.h:142
FIDO2_ERR_CREDENTIAL_EXCLUDED
@ FIDO2_ERR_CREDENTIAL_EXCLUDED
Credential in excludeList found.
Definition fido2_types.h:122
FIDO2_ERR_UV_INVALID
@ FIDO2_ERR_UV_INVALID
User verification failed.
Definition fido2_types.h:151
FIDO2_ERR_PIN_AUTH_INVALID
@ FIDO2_ERR_PIN_AUTH_INVALID
PIN auth verification failed.
Definition fido2_types.h:139
FIDO2_ERR_UNAUTHORIZED_PERMISSION
@ FIDO2_ERR_UNAUTHORIZED_PERMISSION
PIN/UV token missing permission.
Definition fido2_types.h:152
FIDO2_ERR_PIN_INVALID
@ FIDO2_ERR_PIN_INVALID
Invalid PIN.
Definition fido2_types.h:137
FIDO2_ERR_NOT_ALLOWED
@ FIDO2_ERR_NOT_ALLOWED
Operation not allowed.
Definition fido2_types.h:136
FIDO2_ERR_INVALID_SEQ
@ FIDO2_ERR_INVALID_SEQ
Invalid sequence number.
Definition fido2_types.h:110
FIDO2_ERR_PIN_POLICY_VIOLATION
@ FIDO2_ERR_PIN_POLICY_VIOLATION
PIN policy violation.
Definition fido2_types.h:143
FIDO2_ERR_USER_ACTION_PENDING
@ FIDO2_ERR_USER_ACTION_PENDING
Waiting for user action.
Definition fido2_types.h:125
FIDO2_ERR_RESERVED
@ FIDO2_ERR_RESERVED
PIN/UV auth token expired.
Definition fido2_types.h:144
FIDO2_OK
@ FIDO2_OK
Success.
Definition fido2_types.h:106
FIDO2_ERR_UP_REQUIRED
@ FIDO2_ERR_UP_REQUIRED
User presence required.
Definition fido2_types.h:147
FIDO2_ERR_UNSUPPORTED_OPTION
@ FIDO2_ERR_UNSUPPORTED_OPTION
Unsupported option.
Definition fido2_types.h:131
FIDO2_ERR_INVALID_COMMAND
@ FIDO2_ERR_INVALID_COMMAND
Invalid command.
Definition fido2_types.h:107
FIDO2_ERR_INVALID_PARAMETER
@ FIDO2_ERR_INVALID_PARAMETER
Invalid parameter.
Definition fido2_types.h:108
FIDO2_ERR_OTHER
@ FIDO2_ERR_OTHER
Other unspecified error.
Definition fido2_types.h:153
FIDO2_ERR_PIN_NOT_SET
@ FIDO2_ERR_PIN_NOT_SET
PIN not set.
Definition fido2_types.h:141
FIDO2_ERR_UNSUPPORTED_EXTENSION
@ FIDO2_ERR_UNSUPPORTED_EXTENSION
Unsupported extension.
Definition fido2_types.h:119
FIDO2_ERR_CHANNEL_BUSY
@ FIDO2_ERR_CHANNEL_BUSY
Channel busy.
Definition fido2_types.h:112
FIDO2_ERR_INVALID_CBOR
@ FIDO2_ERR_INVALID_CBOR
Invalid CBOR encoding.
Definition fido2_types.h:116
FIDO2_ERR_KEY_STORE_FULL
@ FIDO2_ERR_KEY_STORE_FULL
Key store full.
Definition fido2_types.h:130
FIDO2_ERR_INVALID_LENGTH
@ FIDO2_ERR_INVALID_LENGTH
Invalid message length.
Definition fido2_types.h:109
FIDO2_ERR_FP_DATABASE_FULL
@ FIDO2_ERR_FP_DATABASE_FULL
Fingerprint database full.
Definition fido2_types.h:120
FIDO2_ERR_LOCK_REQUIRED
@ FIDO2_ERR_LOCK_REQUIRED
Command requires lock.
Definition fido2_types.h:113
FIDO2_ERR_MISSING_PARAMETER
@ FIDO2_ERR_MISSING_PARAMETER
Required parameter missing.
Definition fido2_types.h:117
FIDO2_ERR_UV_BLOCKED
@ FIDO2_ERR_UV_BLOCKED
User verification blocked.
Definition fido2_types.h:148
FIDO2_ERR_LIMIT_EXCEEDED
@ FIDO2_ERR_LIMIT_EXCEEDED
Limit exceeded.
Definition fido2_types.h:118
FIDO2_ERR_TIMEOUT
@ FIDO2_ERR_TIMEOUT
Request timed out.
Definition fido2_types.h:111
FIDO2_ERR_NO_CREDENTIALS
@ FIDO2_ERR_NO_CREDENTIALS
No credentials found.
Definition fido2_types.h:134
FIDO2_ERR_LARGE_BLOB_STORAGE_FULL
@ FIDO2_ERR_LARGE_BLOB_STORAGE_FULL
Large blob storage full.
Definition fido2_types.h:121
FIDO2_COSE_EDDSA
@ FIDO2_COSE_EDDSA
EdDSA.
Definition fido2_types.h:181
FIDO2_COSE_ES256
@ FIDO2_COSE_ES256
ECDSA w/ SHA-256.
Definition fido2_types.h:180
FIDO2_COSE_RS256
@ FIDO2_COSE_RS256
RSASSA-PKCS1-v1_5 w/ SHA-256.
Definition fido2_types.h:182
FIDO2_CRED_PROTECT_UV_OPTIONAL
@ FIDO2_CRED_PROTECT_UV_OPTIONAL
UV optional; credential usable without verification.
Definition fido2_types.h:171
FIDO2_CRED_PROTECT_UV_OPTIONAL_WITH_LIST
@ FIDO2_CRED_PROTECT_UV_OPTIONAL_WITH_LIST
UV optional; credential usable only with credential ID list.
Definition fido2_types.h:173
FIDO2_CRED_PROTECT_UV_REQUIRED
@ FIDO2_CRED_PROTECT_UV_REQUIRED
UV required; credential always requires user verification.
Definition fido2_types.h:175
FIDO2_CMD_GET_INFO
@ FIDO2_CMD_GET_INFO
Get authenticator info.
Definition fido2_types.h:160
FIDO2_CMD_SELECTION
@ FIDO2_CMD_SELECTION
Authenticator selection.
Definition fido2_types.h:165
FIDO2_CMD_CREDENTIAL_MGMT
@ FIDO2_CMD_CREDENTIAL_MGMT
Credential management.
Definition fido2_types.h:164
FIDO2_CMD_GET_ASSERTION
@ FIDO2_CMD_GET_ASSERTION
Authenticate with a credential.
Definition fido2_types.h:159
FIDO2_CMD_CLIENT_PIN
@ FIDO2_CMD_CLIENT_PIN
Client PIN operations.
Definition fido2_types.h:161
FIDO2_CMD_RESET
@ FIDO2_CMD_RESET
Factory reset.
Definition fido2_types.h:162
FIDO2_CMD_MAKE_CREDENTIAL
@ FIDO2_CMD_MAKE_CREDENTIAL
Create a new credential.
Definition fido2_types.h:158
FIDO2_CMD_GET_NEXT_ASSERTION
@ FIDO2_CMD_GET_NEXT_ASSERTION
Get next assertion.
Definition fido2_types.h:163
FIDO2_MAX_VERSIONS
#define FIDO2_MAX_VERSIONS
Maximum number of supported versions.
Definition fido2_types.h:77
FIDO2_RP_ID_MAX_LEN
#define FIDO2_RP_ID_MAX_LEN
Maximum relying party ID length.
Definition fido2_types.h:34
FIDO2_USER_NAME_MAX_LEN
#define FIDO2_USER_NAME_MAX_LEN
Maximum user name length.
Definition fido2_types.h:40
FIDO2_AAGUID_SIZE
#define FIDO2_AAGUID_SIZE
AAGUID size in bytes.
Definition fido2_types.h:49
fido2_status
fido2_status
CTAP2 status codes.
Definition fido2_types.h:105
FIDO2_MAX_EXTENSIONS
#define FIDO2_MAX_EXTENSIONS
Maximum number of supported extensions.
Definition fido2_types.h:74
FIDO2_CREDENTIAL_ID_MAX_SIZE
#define FIDO2_CREDENTIAL_ID_MAX_SIZE
FIDO2 shared types.
Definition fido2_types.h:31
fido2_cose_alg
fido2_cose_alg
COSE algorithm identifiers.
Definition fido2_types.h:179
FIDO2_RP_NAME_MAX_LEN
#define FIDO2_RP_NAME_MAX_LEN
Maximum relying party name length.
Definition fido2_types.h:37
FIDO2_USER_DISPLAY_NAME_MAX_LEN
#define FIDO2_USER_DISPLAY_NAME_MAX_LEN
Maximum user display name length.
Definition fido2_types.h:43
fido2_cred_protect
fido2_cred_protect
Credential protection levels.
Definition fido2_types.h:169
FIDO2_SHA256_SIZE
#define FIDO2_SHA256_SIZE
SHA-256 hash size.
Definition fido2_types.h:52
fido2_cmd
fido2_cmd
CTAP2 command codes.
Definition fido2_types.h:157
FIDO2_USER_ID_MAX_SIZE
#define FIDO2_USER_ID_MAX_SIZE
Maximum user ID size in bytes.
Definition fido2_types.h:46
uint32_t
__UINT32_TYPE__ uint32_t
Definition stdint.h:90
int32_t
__INT32_TYPE__ int32_t
Definition stdint.h:74
uint8_t
__UINT8_TYPE__ uint8_t
Definition stdint.h:88
uint16_t
__UINT16_TYPE__ uint16_t
Definition stdint.h:89
fido2_credential
A stored FIDO2 credential.
Definition fido2_types.h:186
fido2_credential::user_id
uint8_t user_id[64]
User handle.
Definition fido2_types.h:202
fido2_credential::rp_name
char rp_name[64]
Relying party display name.
Definition fido2_types.h:196
fido2_credential::sign_count
uint32_t sign_count
Signature counter.
Definition fido2_types.h:208
fido2_credential::user_display_name
char user_display_name[64]
User display name.
Definition fido2_types.h:200
fido2_credential::cred_protect
uint8_t cred_protect
Credential protection level.
Definition fido2_types.h:216
fido2_credential::rp_id_hash
uint8_t rp_id_hash[32]
SHA-256 hash of the relying party ID.
Definition fido2_types.h:192
fido2_credential::algorithm
int32_t algorithm
COSE algorithm identifier.
Definition fido2_types.h:212
fido2_credential::discoverable
bool discoverable
Discoverable (resident) credential.
Definition fido2_types.h:214
fido2_credential::extensions
uint32_t extensions
Credential extensions bitmask (e.g.
Definition fido2_types.h:210
fido2_credential::key_id
uint32_t key_id
PSA Crypto key identifier for this credential.
Definition fido2_types.h:206
fido2_credential::id_len
uint16_t id_len
Credential identifier length.
Definition fido2_types.h:190
fido2_credential::user_name
char user_name[64]
User account name.
Definition fido2_types.h:198
fido2_credential::user_id_len
uint16_t user_id_len
User handle length.
Definition fido2_types.h:204
fido2_credential::rp_id
char rp_id[128]
Relying party identifier.
Definition fido2_types.h:194
fido2_device_info
Device information returned by authenticatorGetInfo.
Definition fido2_types.h:222
fido2_device_info::num_extensions
uint8_t num_extensions
Number of supported extensions.
Definition fido2_types.h:230
fido2_device_info::client_pin
bool client_pin
Client PIN supported.
Definition fido2_types.h:245
fido2_device_info::uv
bool uv
Built-in user verification support.
Definition fido2_types.h:247
fido2_device_info::up
bool up
User presence support.
Definition fido2_types.h:246
fido2_device_info::transports
uint8_t transports
Supported transports bitmask.
Definition fido2_types.h:240
fido2_device_info::versions
const char * versions[4]
Supported protocol versions.
Definition fido2_types.h:224
fido2_device_info::extensions
const char * extensions[8]
Supported extensions.
Definition fido2_types.h:228
fido2_device_info::plat
bool plat
Platform device.
Definition fido2_types.h:243
fido2_device_info::max_credential_id_length
uint16_t max_credential_id_length
Maximum credential ID length.
Definition fido2_types.h:236
fido2_device_info::pin_uv_auth_protocols
uint8_t pin_uv_auth_protocols[2]
Supported PIN/UV auth protocol versions.
Definition fido2_types.h:257
fido2_device_info::max_credential_count
uint16_t max_credential_count
Maximum credential count.
Definition fido2_types.h:234
fido2_device_info::pin_retries
uint8_t pin_retries
Remaining PIN retry attempts.
Definition fido2_types.h:261
fido2_device_info::num_pin_uv_auth_protocols
uint8_t num_pin_uv_auth_protocols
Number of supported PIN/UV auth protocols.
Definition fido2_types.h:259
fido2_device_info::always_uv
bool always_uv
Authenticator always requires UV.
Definition fido2_types.h:251
fido2_device_info::pin_uv_auth_token
bool pin_uv_auth_token
pinUvAuthToken support
Definition fido2_types.h:249
fido2_device_info::firmware_version
uint32_t firmware_version
Firmware version.
Definition fido2_types.h:255
fido2_device_info::aaguid
uint8_t aaguid[16]
Authenticator Attestation GUID.
Definition fido2_types.h:232
fido2_device_info::make_cred_uv_not_rqd
bool make_cred_uv_not_rqd
makeCredUvNotRqd support
Definition fido2_types.h:250
fido2_device_info::no_mc_ga_permissions_with_client_pin
bool no_mc_ga_permissions_with_client_pin
Only if clientPin present.
Definition fido2_types.h:252
fido2_device_info::rk
bool rk
Resident key support.
Definition fido2_types.h:244
fido2_device_info::cred_mgmt
bool cred_mgmt
Credential management support.
Definition fido2_types.h:248
fido2_device_info::max_msg_size
uint16_t max_msg_size
Maximum CBOR message size in bytes.
Definition fido2_types.h:238
fido2_device_info::num_versions
uint8_t num_versions
Number of supported versions.
Definition fido2_types.h:226
fido2_device_info::options
struct fido2_device_info::@263367117337362161200252061145100352376301326151 options
CTAP 2.1 Options Map.
util.h
Misc utilities.