1c4a807edSdjm.\" Copyright (c) 2020 Yubico AB. All rights reserved. 2c4a807edSdjm.\" Use of this source code is governed by a BSD-style 3c4a807edSdjm.\" license that can be found in the LICENSE file. 4c4a807edSdjm.\" 5*f79b181dSjsg.Dd $Mdocdate: August 31 2022 $ 6c4a807edSdjm.Dt FIDO_LARGEBLOB_GET 3 7c4a807edSdjm.Os 8c4a807edSdjm.Sh NAME 9c4a807edSdjm.Nm fido_dev_largeblob_get , 10c4a807edSdjm.Nm fido_dev_largeblob_set , 11c4a807edSdjm.Nm fido_dev_largeblob_remove , 12c4a807edSdjm.Nm fido_dev_largeblob_get_array , 13c4a807edSdjm.Nm fido_dev_largeblob_set_array 14c4a807edSdjm.Nd FIDO2 large blob API 15c4a807edSdjm.Sh SYNOPSIS 16c4a807edSdjm.In fido.h 17c4a807edSdjm.Ft int 18c4a807edSdjm.Fn fido_dev_largeblob_get "fido_dev_t *dev" "const unsigned char *key_ptr" "size_t key_len" "unsigned char **blob_ptr" "size_t *blob_len" 19c4a807edSdjm.Ft int 20c4a807edSdjm.Fn fido_dev_largeblob_set "fido_dev_t *dev" "const unsigned char *key_ptr" "size_t key_len" "const unsigned char *blob_ptr" "size_t blob_len" "const char *pin" 21c4a807edSdjm.Ft int 22c4a807edSdjm.Fn fido_dev_largeblob_remove "fido_dev_t *dev" "const unsigned char *key_ptr" "size_t key_len" "const char *pin" 23c4a807edSdjm.Ft int 24c4a807edSdjm.Fn fido_dev_largeblob_get_array "fido_dev_t *dev" "unsigned char **cbor_ptr" "size_t *cbor_len" 25c4a807edSdjm.Ft int 26c4a807edSdjm.Fn fido_dev_largeblob_set_array "fido_dev_t *dev" "const unsigned char *cbor_ptr" "size_t cbor_len" "const char *pin" 27c4a807edSdjm.Sh DESCRIPTION 28c4a807edSdjmThe 29c4a807edSdjm.Dq largeBlobs 30c4a807edSdjmAPI of 31c4a807edSdjm.Em libfido2 32ab19a69eSdjmallows binary blobs residing on a CTAP 2.1 authenticator to be 33c4a807edSdjmread, written, and inspected. 34c4a807edSdjm.Dq largeBlobs 35ab19a69eSdjmis a CTAP 2.1 extension. 36c4a807edSdjm.Pp 37c4a807edSdjm.Dq largeBlobs 38c4a807edSdjmare stored as elements of a CBOR array. 39c4a807edSdjmConfidentiality is ensured by encrypting each element with a 40c4a807edSdjmdistinct, credential-bound 256-bit AES-GCM key. 41c4a807edSdjmThe array is otherwise shared between different credentials and 42c4a807edSdjmFIDO2 relying parties. 43c4a807edSdjm.Pp 44c4a807edSdjmRetrieval of a credential's encryption key is possible during 45c4a807edSdjmenrollment with 46c4a807edSdjm.Xr fido_cred_set_extensions 3 47c4a807edSdjmand 48c4a807edSdjm.Xr fido_cred_largeblob_key_ptr 3 , 49c4a807edSdjmduring assertion with 50c4a807edSdjm.Xr fido_assert_set_extensions 3 51c4a807edSdjmand 52c4a807edSdjm.Xr fido_assert_largeblob_key_ptr 3 , 53c4a807edSdjmor, in the case of a resident credential, via 54c4a807edSdjm.Em libfido2's 55c4a807edSdjmcredential management API. 56c4a807edSdjm.Pp 57c4a807edSdjmThe 58c4a807edSdjm.Dq largeBlobs 59c4a807edSdjmCBOR array is opaque to the authenticator. 60c4a807edSdjmManagement of the array is left at the discretion of FIDO2 clients. 61ab19a69eSdjmFor further details on CTAP 2.1's 62c4a807edSdjm.Dq largeBlobs 63ab19a69eSdjmextension, please refer to the CTAP 2.1 spec. 64c4a807edSdjm.Pp 65c4a807edSdjmThe 66c4a807edSdjm.Fn fido_dev_largeblob_get 67c4a807edSdjmfunction retrieves the authenticator's 68c4a807edSdjm.Dq largeBlobs 69c4a807edSdjmCBOR array and, on success, returns the first blob 70c4a807edSdjm.Pq iterating from array index zero 71c4a807edSdjmthat can be 72c4a807edSdjmdecrypted by 73c4a807edSdjm.Fa key_ptr , 74c4a807edSdjmwhere 75c4a807edSdjm.Fa key_ptr 76c4a807edSdjmpoints to 77c4a807edSdjm.Fa key_len 78c4a807edSdjmbytes. 79c4a807edSdjmOn success, 80c4a807edSdjm.Fn fido_dev_largeblob_get 81c4a807edSdjmsets 82c4a807edSdjm.Fa blob_ptr 83c4a807edSdjmto the body of the decrypted blob, and 84c4a807edSdjm.Fa blob_len 85c4a807edSdjmto the length of the decrypted blob in bytes. 86c4a807edSdjmIt is the caller's responsibility to free 87c4a807edSdjm.Fa blob_ptr . 88c4a807edSdjm.Pp 89c4a807edSdjmThe 90c4a807edSdjm.Fn fido_dev_largeblob_set 91c4a807edSdjmfunction uses 92c4a807edSdjm.Fa key_ptr 93c4a807edSdjmto encrypt 94c4a807edSdjm.Fa blob_ptr 95c4a807edSdjmand inserts the result in the authenticator's 96c4a807edSdjm.Dq largeBlobs 97c4a807edSdjmCBOR array. 98c4a807edSdjmInsertion happens at the end of the array if no existing element 99c4a807edSdjmcan be decrypted by 100c4a807edSdjm.Fa key_ptr , 101c4a807edSdjmor at the position of the first element 102c4a807edSdjm.Pq iterating from array index zero 103c4a807edSdjmthat can be decrypted by 104c4a807edSdjm.Fa key_ptr . 105c4a807edSdjm.Fa key_len 106c4a807edSdjmholds the length of 107c4a807edSdjm.Fa key_ptr 108c4a807edSdjmin bytes, and 109c4a807edSdjm.Fa blob_len 110c4a807edSdjmthe length of 111c4a807edSdjm.Fa blob_ptr 112c4a807edSdjmin bytes. 113c4a807edSdjmA 114c4a807edSdjm.Fa pin 115c4a807edSdjmor equivalent user-verification gesture is required. 116c4a807edSdjm.Pp 117c4a807edSdjmThe 118c4a807edSdjm.Fn fido_dev_largeblob_remove 119c4a807edSdjmfunction retrieves the authenticator's 120c4a807edSdjm.Dq largeBlobs 121c4a807edSdjmCBOR array and, on success, drops the first blob 122c4a807edSdjm.Pq iterating from array index zero 123c4a807edSdjmthat can be decrypted by 124c4a807edSdjm.Fa key_ptr , 125c4a807edSdjmwhere 126c4a807edSdjm.Fa key_ptr 127c4a807edSdjmpoints to 128c4a807edSdjm.Fa key_len 129c4a807edSdjmbytes. 130c4a807edSdjmA 131c4a807edSdjm.Fa pin 132c4a807edSdjmor equivalent user-verification gesture is required. 133c4a807edSdjm.Pp 134c4a807edSdjmThe 135c4a807edSdjm.Fn fido_dev_largeblob_get_array 136c4a807edSdjmfunction retrieves the authenticator's 137c4a807edSdjm.Dq largeBlobs 138c4a807edSdjmCBOR array and, on success, 139c4a807edSdjmsets 140c4a807edSdjm.Fa cbor_ptr 141c4a807edSdjmto the body of the CBOR array, and 142c4a807edSdjm.Fa cbor_len 143c4a807edSdjmto its corresponding length in bytes. 144c4a807edSdjmIt is the caller's responsibility to free 145c4a807edSdjm.Fa cbor_ptr . 146c4a807edSdjm.Pp 147c4a807edSdjmFinally, the 148c4a807edSdjm.Fn fido_dev_largeblob_set_array 149c4a807edSdjmfunction sets the authenticator's 150c4a807edSdjm.Dq largeBlobs 151c4a807edSdjmCBOR array to the data pointed to by 152c4a807edSdjm.Fa cbor_ptr , 153c4a807edSdjmwhere 154c4a807edSdjm.Fa cbor_ptr 155c4a807edSdjmpoints to 156c4a807edSdjm.Fa cbor_len 157c4a807edSdjmbytes. 158c4a807edSdjmA 159c4a807edSdjm.Fa pin 160c4a807edSdjmor equivalent user-verification gesture is required. 161c4a807edSdjm.Sh RETURN VALUES 162c4a807edSdjmThe functions 163c4a807edSdjm.Fn fido_dev_largeblob_set , 164c4a807edSdjm.Fn fido_dev_largeblob_get , 165c4a807edSdjm.Fn fido_dev_largeblob_remove , 166c4a807edSdjm.Fn fido_dev_largeblob_get_array , 167c4a807edSdjmand 168c4a807edSdjm.Fn fido_dev_largeblob_set_array 169c4a807edSdjmreturn 170c4a807edSdjm.Dv FIDO_OK 171c4a807edSdjmon success. 172c4a807edSdjmOn error, an error code defined in 173c4a807edSdjm.In fido/err.h 174c4a807edSdjmis returned. 175c4a807edSdjm.Sh SEE ALSO 176c4a807edSdjm.Xr fido_assert_largeblob_key_len 3 , 177c4a807edSdjm.Xr fido_assert_largeblob_key_ptr 3 , 178c4a807edSdjm.Xr fido_assert_set_extensions 3 , 179c4a807edSdjm.Xr fido_cred_largeblob_key_len 3 , 180c4a807edSdjm.Xr fido_cred_largeblob_key_ptr 3 , 181c4a807edSdjm.Xr fido_cred_set_extensions 3 , 182*f79b181dSjsg.Xr fido_credman_get_dev_rk 3 , 183*f79b181dSjsg.Xr fido_credman_get_dev_rp 3 , 184c4a807edSdjm.Xr fido_dev_get_assert 3 , 185c4a807edSdjm.Xr fido_dev_make_cred 3 186c4a807edSdjm.Sh CAVEATS 187c4a807edSdjmThe 188c4a807edSdjm.Dq largeBlobs 189c4a807edSdjmextension is not meant to be used to store sensitive data. 190c4a807edSdjmWhen retrieved, a credential's 191c4a807edSdjm.Dq largeBlobs 192c4a807edSdjmencryption key is transmitted in the clear, and an authenticator's 193c4a807edSdjm.Dq largeBlobs 194c4a807edSdjmCBOR array can be read without user interaction or verification. 195