device/fido: refactor pin.cc to enable testing.

In order to test this code we'll want to implement the authenticator
side of the PIN protocol in |VirtualCtap2Device|. It'll be helpful when
doing so to have access to some code from pin.cc.

This change exposes some PIN-protocol internals via a |pin_internal.h|
header for a future implementation in |VirtualCtap2Device|.

Change-Id: I76f2441185b4d1a058240de5d2cb9bbf49dc1061
Reviewed-on: https://chromium-review.googlesource.com/c/1481083Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#634759}

device/fido/pin.h

@@ -66,6 +66,8 @@ struct KeyAgreementRequest {
 struct KeyAgreementResponse {
   static base::Optional<KeyAgreementResponse> Parse(
       base::span<const uint8_t> buffer);
+  static base::Optional<KeyAgreementResponse> ParseFromCOSE(
+      const cbor::Value::MapValue& cose_key);
 
   // x and y contain the big-endian coordinates of a P-256 point. It is ensured
   // that this is a valid point on the curve.

device/fido/pin_internal.h

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file contains additional declarations for CTAP2 PIN support. Only
+// implementations of the PIN protocol should need to include this file. For all
+// other code, see |pin.h|.
+
+#ifndef DEVICE_FIDO_PIN_INTERNAL_H_
+#define DEVICE_FIDO_PIN_INTERNAL_H_
+
+#include <stdint.h>
+
+#include "components/cbor/values.h"
+#include "device/fido/pin.h"
+#include "third_party/boringssl/src/include/openssl/ec.h"
+#include "third_party/boringssl/src/include/openssl/sha.h"
+
+namespace device {
+namespace pin {
+
+// kProtocolVersion is the version of the PIN protocol that this code
+// implements.
+constexpr int kProtocolVersion = 1;
+
+// Subcommand enumerates the subcommands to the main |authenticatorClientPIN|
+// command. See
+// https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html#authenticatorClientPIN
+enum class Subcommand : uint8_t {
+  kGetRetries = 0x01,
+  kGetKeyAgreement = 0x02,
+  kSetPIN = 0x03,
+  kChangePIN = 0x04,
+  kGetPINToken = 0x05,
+};
+
+// RequestKey enumerates the keys in the top-level CBOR map for all PIN
+// commands.
+enum class RequestKey : int {
+  kProtocol = 1,
+  kSubcommand = 2,
+  kKeyAgreement = 3,
+  kPINAuth = 4,
+  kNewPINEnc = 5,
+  kPINHashEnc = 6,
+};
+
+// ResponseKey enumerates the keys in the top-level CBOR map for all PIN
+// responses.
+enum class ResponseKey : int {
+  kKeyAgreement = 1,
+  kPINToken = 2,
+  kRetries = 3,
+};
+
+// PointFromKeyAgreementResponse returns an |EC_POINT| that represents the same
+// P-256 point as |response|. It returns |nullopt| if |response| encodes an
+// invalid point.
+base::Optional<bssl::UniquePtr<EC_POINT>> PointFromKeyAgreementResponse(
+    const EC_GROUP* group,
+    const KeyAgreementResponse& response);
+
+// CalculateSharedKey writes the CTAP2 shared key between |key| and |peers_key|
+// to |out_shared_key|.
+void CalculateSharedKey(const EC_KEY* key,
+                        const EC_POINT* peers_key,
+                        uint8_t out_shared_key[SHA256_DIGEST_LENGTH]);
+
+// EncodeCOSEPublicKey returns the public part of |key| as a COSE structure.
+cbor::Value::MapValue EncodeCOSEPublicKey(const EC_KEY* key);
+
+// Encrypt encrypts |plaintext| using |key|, writing the ciphertext to
+// |out_ciphertext|. |plaintext| must be a whole number of AES blocks.
+void Encrypt(const uint8_t key[SHA256_DIGEST_LENGTH],
+             base::span<const uint8_t> plaintext,
+             uint8_t* out_ciphertext);
+
+// Decrypt AES-256 CBC decrypts some number of whole blocks from |ciphertext|
+// into |plaintext|, using |key|.
+void Decrypt(const uint8_t key[SHA256_DIGEST_LENGTH],
+             base::span<const uint8_t> ciphertext,
+             uint8_t* out_plaintext);
+
+}  // namespace pin
+}  // namespace device
+
+#endif  // DEVICE_FIDO_PIN_INTERNAL_H_