10afa8e06SEd Maste.\" Copyright (c) 2020 Yubico AB. All rights reserved. 2*2ccfa855SEd Maste.\" 3*2ccfa855SEd Maste.\" Redistribution and use in source and binary forms, with or without 4*2ccfa855SEd Maste.\" modification, are permitted provided that the following conditions are 5*2ccfa855SEd Maste.\" met: 6*2ccfa855SEd Maste.\" 7*2ccfa855SEd Maste.\" 1. Redistributions of source code must retain the above copyright 8*2ccfa855SEd Maste.\" notice, this list of conditions and the following disclaimer. 9*2ccfa855SEd Maste.\" 2. Redistributions in binary form must reproduce the above copyright 10*2ccfa855SEd Maste.\" notice, this list of conditions and the following disclaimer in 11*2ccfa855SEd Maste.\" the documentation and/or other materials provided with the 12*2ccfa855SEd Maste.\" distribution. 13*2ccfa855SEd Maste.\" 14*2ccfa855SEd Maste.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 15*2ccfa855SEd Maste.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 16*2ccfa855SEd Maste.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 17*2ccfa855SEd Maste.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 18*2ccfa855SEd Maste.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19*2ccfa855SEd Maste.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 20*2ccfa855SEd Maste.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21*2ccfa855SEd Maste.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22*2ccfa855SEd Maste.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23*2ccfa855SEd Maste.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24*2ccfa855SEd Maste.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25*2ccfa855SEd Maste.\" 26*2ccfa855SEd Maste.\" SPDX-License-Identifier: BSD-2-Clause 270afa8e06SEd Maste.\" 280afa8e06SEd Maste.Dd $Mdocdate: October 26 2020 $ 290afa8e06SEd Maste.Dt FIDO_LARGEBLOB_GET 3 300afa8e06SEd Maste.Os 310afa8e06SEd Maste.Sh NAME 320afa8e06SEd Maste.Nm fido_dev_largeblob_get , 330afa8e06SEd Maste.Nm fido_dev_largeblob_set , 340afa8e06SEd Maste.Nm fido_dev_largeblob_remove , 350afa8e06SEd Maste.Nm fido_dev_largeblob_get_array , 360afa8e06SEd Maste.Nm fido_dev_largeblob_set_array 370afa8e06SEd Maste.Nd FIDO2 large blob API 380afa8e06SEd Maste.Sh SYNOPSIS 390afa8e06SEd Maste.In fido.h 400afa8e06SEd Maste.Ft int 410afa8e06SEd Maste.Fn fido_dev_largeblob_get "fido_dev_t *dev" "const unsigned char *key_ptr" "size_t key_len" "unsigned char **blob_ptr" "size_t *blob_len" 420afa8e06SEd Maste.Ft int 430afa8e06SEd Maste.Fn fido_dev_largeblob_set "fido_dev_t *dev" "const unsigned char *key_ptr" "size_t key_len" "const unsigned char *blob_ptr" "size_t blob_len" "const char *pin" 440afa8e06SEd Maste.Ft int 450afa8e06SEd Maste.Fn fido_dev_largeblob_remove "fido_dev_t *dev" "const unsigned char *key_ptr" "size_t key_len" "const char *pin" 460afa8e06SEd Maste.Ft int 470afa8e06SEd Maste.Fn fido_dev_largeblob_get_array "fido_dev_t *dev" "unsigned char **cbor_ptr" "size_t *cbor_len" 480afa8e06SEd Maste.Ft int 490afa8e06SEd Maste.Fn fido_dev_largeblob_set_array "fido_dev_t *dev" "const unsigned char *cbor_ptr" "size_t cbor_len" "const char *pin" 500afa8e06SEd Maste.Sh DESCRIPTION 510afa8e06SEd MasteThe 520afa8e06SEd Maste.Dq largeBlobs 530afa8e06SEd MasteAPI of 540afa8e06SEd Maste.Em libfido2 553e696dfbSEd Masteallows binary blobs residing on a CTAP 2.1 authenticator to be 560afa8e06SEd Masteread, written, and inspected. 570afa8e06SEd Maste.Dq largeBlobs 583e696dfbSEd Masteis a CTAP 2.1 extension. 590afa8e06SEd Maste.Pp 600afa8e06SEd Maste.Dq largeBlobs 610afa8e06SEd Masteare stored as elements of a CBOR array. 620afa8e06SEd MasteConfidentiality is ensured by encrypting each element with a 630afa8e06SEd Mastedistinct, credential-bound 256-bit AES-GCM key. 640afa8e06SEd MasteThe array is otherwise shared between different credentials and 650afa8e06SEd MasteFIDO2 relying parties. 660afa8e06SEd Maste.Pp 670afa8e06SEd MasteRetrieval of a credential's encryption key is possible during 680afa8e06SEd Masteenrollment with 690afa8e06SEd Maste.Xr fido_cred_set_extensions 3 700afa8e06SEd Masteand 710afa8e06SEd Maste.Xr fido_cred_largeblob_key_ptr 3 , 720afa8e06SEd Masteduring assertion with 730afa8e06SEd Maste.Xr fido_assert_set_extensions 3 740afa8e06SEd Masteand 750afa8e06SEd Maste.Xr fido_assert_largeblob_key_ptr 3 , 760afa8e06SEd Masteor, in the case of a resident credential, via 770afa8e06SEd Maste.Em libfido2's 780afa8e06SEd Mastecredential management API. 790afa8e06SEd Maste.Pp 800afa8e06SEd MasteThe 810afa8e06SEd Maste.Dq largeBlobs 820afa8e06SEd MasteCBOR array is opaque to the authenticator. 830afa8e06SEd MasteManagement of the array is left at the discretion of FIDO2 clients. 843e696dfbSEd MasteFor further details on CTAP 2.1's 850afa8e06SEd Maste.Dq largeBlobs 863e696dfbSEd Masteextension, please refer to the CTAP 2.1 spec. 870afa8e06SEd Maste.Pp 880afa8e06SEd MasteThe 890afa8e06SEd Maste.Fn fido_dev_largeblob_get 900afa8e06SEd Mastefunction retrieves the authenticator's 910afa8e06SEd Maste.Dq largeBlobs 920afa8e06SEd MasteCBOR array and, on success, returns the first blob 930afa8e06SEd Maste.Pq iterating from array index zero 94*2ccfa855SEd Mastethat can be decrypted by 950afa8e06SEd Maste.Fa key_ptr , 960afa8e06SEd Mastewhere 970afa8e06SEd Maste.Fa key_ptr 980afa8e06SEd Mastepoints to 990afa8e06SEd Maste.Fa key_len 1000afa8e06SEd Mastebytes. 1010afa8e06SEd MasteOn success, 1020afa8e06SEd Maste.Fn fido_dev_largeblob_get 1030afa8e06SEd Mastesets 1040afa8e06SEd Maste.Fa blob_ptr 1050afa8e06SEd Masteto the body of the decrypted blob, and 1060afa8e06SEd Maste.Fa blob_len 1070afa8e06SEd Masteto the length of the decrypted blob in bytes. 1080afa8e06SEd MasteIt is the caller's responsibility to free 1090afa8e06SEd Maste.Fa blob_ptr . 1100afa8e06SEd Maste.Pp 1110afa8e06SEd MasteThe 1120afa8e06SEd Maste.Fn fido_dev_largeblob_set 1130afa8e06SEd Mastefunction uses 1140afa8e06SEd Maste.Fa key_ptr 1150afa8e06SEd Masteto encrypt 1160afa8e06SEd Maste.Fa blob_ptr 1170afa8e06SEd Masteand inserts the result in the authenticator's 1180afa8e06SEd Maste.Dq largeBlobs 1190afa8e06SEd MasteCBOR array. 1200afa8e06SEd MasteInsertion happens at the end of the array if no existing element 1210afa8e06SEd Mastecan be decrypted by 1220afa8e06SEd Maste.Fa key_ptr , 1230afa8e06SEd Masteor at the position of the first element 1240afa8e06SEd Maste.Pq iterating from array index zero 1250afa8e06SEd Mastethat can be decrypted by 1260afa8e06SEd Maste.Fa key_ptr . 1270afa8e06SEd Maste.Fa key_len 1280afa8e06SEd Masteholds the length of 1290afa8e06SEd Maste.Fa key_ptr 1300afa8e06SEd Mastein bytes, and 1310afa8e06SEd Maste.Fa blob_len 1320afa8e06SEd Mastethe length of 1330afa8e06SEd Maste.Fa blob_ptr 1340afa8e06SEd Mastein bytes. 1350afa8e06SEd MasteA 1360afa8e06SEd Maste.Fa pin 1370afa8e06SEd Masteor equivalent user-verification gesture is required. 1380afa8e06SEd Maste.Pp 1390afa8e06SEd MasteThe 1400afa8e06SEd Maste.Fn fido_dev_largeblob_remove 1410afa8e06SEd Mastefunction retrieves the authenticator's 1420afa8e06SEd Maste.Dq largeBlobs 1430afa8e06SEd MasteCBOR array and, on success, drops the first blob 1440afa8e06SEd Maste.Pq iterating from array index zero 1450afa8e06SEd Mastethat can be decrypted by 1460afa8e06SEd Maste.Fa key_ptr , 1470afa8e06SEd Mastewhere 1480afa8e06SEd Maste.Fa key_ptr 1490afa8e06SEd Mastepoints to 1500afa8e06SEd Maste.Fa key_len 1510afa8e06SEd Mastebytes. 1520afa8e06SEd MasteA 1530afa8e06SEd Maste.Fa pin 1540afa8e06SEd Masteor equivalent user-verification gesture is required. 1550afa8e06SEd Maste.Pp 1560afa8e06SEd MasteThe 1570afa8e06SEd Maste.Fn fido_dev_largeblob_get_array 1580afa8e06SEd Mastefunction retrieves the authenticator's 1590afa8e06SEd Maste.Dq largeBlobs 1600afa8e06SEd MasteCBOR array and, on success, 1610afa8e06SEd Mastesets 1620afa8e06SEd Maste.Fa cbor_ptr 1630afa8e06SEd Masteto the body of the CBOR array, and 1640afa8e06SEd Maste.Fa cbor_len 1650afa8e06SEd Masteto its corresponding length in bytes. 1660afa8e06SEd MasteIt is the caller's responsibility to free 1670afa8e06SEd Maste.Fa cbor_ptr . 1680afa8e06SEd Maste.Pp 1690afa8e06SEd MasteFinally, the 1700afa8e06SEd Maste.Fn fido_dev_largeblob_set_array 1710afa8e06SEd Mastefunction sets the authenticator's 1720afa8e06SEd Maste.Dq largeBlobs 1730afa8e06SEd MasteCBOR array to the data pointed to by 1740afa8e06SEd Maste.Fa cbor_ptr , 1750afa8e06SEd Mastewhere 1760afa8e06SEd Maste.Fa cbor_ptr 1770afa8e06SEd Mastepoints to 1780afa8e06SEd Maste.Fa cbor_len 1790afa8e06SEd Mastebytes. 1800afa8e06SEd MasteA 1810afa8e06SEd Maste.Fa pin 1820afa8e06SEd Masteor equivalent user-verification gesture is required. 1830afa8e06SEd Maste.Sh RETURN VALUES 1840afa8e06SEd MasteThe functions 1850afa8e06SEd Maste.Fn fido_dev_largeblob_set , 1860afa8e06SEd Maste.Fn fido_dev_largeblob_get , 1870afa8e06SEd Maste.Fn fido_dev_largeblob_remove , 1880afa8e06SEd Maste.Fn fido_dev_largeblob_get_array , 1890afa8e06SEd Masteand 1900afa8e06SEd Maste.Fn fido_dev_largeblob_set_array 1910afa8e06SEd Mastereturn 1920afa8e06SEd Maste.Dv FIDO_OK 1930afa8e06SEd Masteon success. 1940afa8e06SEd MasteOn error, an error code defined in 1950afa8e06SEd Maste.In fido/err.h 1960afa8e06SEd Masteis returned. 1970afa8e06SEd Maste.Sh SEE ALSO 1980afa8e06SEd Maste.Xr fido_assert_largeblob_key_len 3 , 1990afa8e06SEd Maste.Xr fido_assert_largeblob_key_ptr 3 , 2000afa8e06SEd Maste.Xr fido_assert_set_extensions 3 , 2010afa8e06SEd Maste.Xr fido_cred_largeblob_key_len 3 , 2020afa8e06SEd Maste.Xr fido_cred_largeblob_key_ptr 3 , 2030afa8e06SEd Maste.Xr fido_cred_set_extensions 3 , 204*2ccfa855SEd Maste.Xr fido_credman_get_dev_rk 3 , 205*2ccfa855SEd Maste.Xr fido_credman_get_dev_rp 3 , 2060afa8e06SEd Maste.Xr fido_dev_get_assert 3 , 2070afa8e06SEd Maste.Xr fido_dev_make_cred 3 2080afa8e06SEd Maste.Sh CAVEATS 2090afa8e06SEd MasteThe 2100afa8e06SEd Maste.Dq largeBlobs 2110afa8e06SEd Masteextension is not meant to be used to store sensitive data. 2120afa8e06SEd MasteWhen retrieved, a credential's 2130afa8e06SEd Maste.Dq largeBlobs 2140afa8e06SEd Masteencryption key is transmitted in the clear, and an authenticator's 2150afa8e06SEd Maste.Dq largeBlobs 2160afa8e06SEd MasteCBOR array can be read without user interaction or verification. 217