1/* 2 * Copyright (c) 2018-2022 Yubico AB. All rights reserved. 3 * SPDX-License-Identifier: BSD-2-Clause 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 19 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 20 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 22 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 26 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29#ifndef _FIDO_PARAM_H 30#define _FIDO_PARAM_H 31 32/* Authentication data flags. */ 33#define CTAP_AUTHDATA_USER_PRESENT 0x01 34#define CTAP_AUTHDATA_USER_VERIFIED 0x04 35#define CTAP_AUTHDATA_ATT_CRED 0x40 36#define CTAP_AUTHDATA_EXT_DATA 0x80 37 38/* CTAPHID command opcodes. */ 39#define CTAP_CMD_PING 0x01 40#define CTAP_CMD_MSG 0x03 41#define CTAP_CMD_LOCK 0x04 42#define CTAP_CMD_INIT 0x06 43#define CTAP_CMD_WINK 0x08 44#define CTAP_CMD_CBOR 0x10 45#define CTAP_CMD_CANCEL 0x11 46#define CTAP_KEEPALIVE 0x3b 47#define CTAP_FRAME_INIT 0x80 48 49/* CTAPHID CBOR command opcodes. */ 50#define CTAP_CBOR_MAKECRED 0x01 51#define CTAP_CBOR_ASSERT 0x02 52#define CTAP_CBOR_GETINFO 0x04 53#define CTAP_CBOR_CLIENT_PIN 0x06 54#define CTAP_CBOR_RESET 0x07 55#define CTAP_CBOR_NEXT_ASSERT 0x08 56#define CTAP_CBOR_LARGEBLOB 0x0c 57#define CTAP_CBOR_CONFIG 0x0d 58#define CTAP_CBOR_BIO_ENROLL_PRE 0x40 59#define CTAP_CBOR_CRED_MGMT_PRE 0x41 60 61/* Supported CTAP PIN/UV Auth Protocols. */ 62#define CTAP_PIN_PROTOCOL1 1 63#define CTAP_PIN_PROTOCOL2 2 64 65/* U2F command opcodes. */ 66#define U2F_CMD_REGISTER 0x01 67#define U2F_CMD_AUTH 0x02 68 69/* U2F command flags. */ 70#define U2F_AUTH_SIGN 0x03 71#define U2F_AUTH_CHECK 0x07 72 73/* ISO7816-4 status words. */ 74#define SW1_MORE_DATA 0x61 75#define SW_CONDITIONS_NOT_SATISFIED 0x6985 76#define SW_WRONG_DATA 0x6a80 77#define SW_NO_ERROR 0x9000 78 79/* HID Broadcast channel ID. */ 80#define CTAP_CID_BROADCAST 0xffffffff 81 82#define CTAP_INIT_HEADER_LEN 7 83#define CTAP_CONT_HEADER_LEN 5 84 85/* Maximum length of a CTAP HID report in bytes. */ 86#define CTAP_MAX_REPORT_LEN 64 87 88/* Minimum length of a CTAP HID report in bytes. */ 89#define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1) 90 91/* Randomness device on UNIX-like platforms. */ 92#ifndef FIDO_RANDOM_DEV 93#define FIDO_RANDOM_DEV "/dev/urandom" 94#endif 95 96/* Maximum message size in bytes. */ 97#ifndef FIDO_MAXMSG 98#define FIDO_MAXMSG 2048 99#endif 100 101/* CTAP capability bits. */ 102#define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */ 103#define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */ 104#define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */ 105 106/* Supported COSE algorithms. */ 107#define COSE_UNSPEC 0 108#define COSE_ES256 -7 109#define COSE_EDDSA -8 110#define COSE_ECDH_ES256 -25 111#define COSE_ES384 -35 112#define COSE_RS256 -257 113#define COSE_RS1 -65535 114 115/* Supported COSE types. */ 116#define COSE_KTY_OKP 1 117#define COSE_KTY_EC2 2 118#define COSE_KTY_RSA 3 119 120/* Supported curves. */ 121#define COSE_P256 1 122#define COSE_P384 2 123#define COSE_ED25519 6 124 125/* Supported extensions. */ 126#define FIDO_EXT_HMAC_SECRET 0x01 127#define FIDO_EXT_CRED_PROTECT 0x02 128#define FIDO_EXT_LARGEBLOB_KEY 0x04 129#define FIDO_EXT_CRED_BLOB 0x08 130#define FIDO_EXT_MINPINLEN 0x10 131 132/* Supported credential protection policies. */ 133#define FIDO_CRED_PROT_UV_OPTIONAL 0x01 134#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 135#define FIDO_CRED_PROT_UV_REQUIRED 0x03 136 137#ifdef _FIDO_INTERNAL 138#define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ 139 FIDO_EXT_CRED_BLOB) 140#define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ 141 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ 142 FIDO_EXT_MINPINLEN) 143#endif /* _FIDO_INTERNAL */ 144 145/* Recognised UV modes. */ 146#define FIDO_UV_MODE_TUP 0x0001 /* internal test of user presence */ 147#define FIDO_UV_MODE_FP 0x0002 /* internal fingerprint check */ 148#define FIDO_UV_MODE_PIN 0x0004 /* internal pin check */ 149#define FIDO_UV_MODE_VOICE 0x0008 /* internal voice recognition */ 150#define FIDO_UV_MODE_FACE 0x0010 /* internal face recognition */ 151#define FIDO_UV_MODE_LOCATION 0x0020 /* internal location check */ 152#define FIDO_UV_MODE_EYE 0x0040 /* internal eyeprint check */ 153#define FIDO_UV_MODE_DRAWN 0x0080 /* internal drawn pattern check */ 154#define FIDO_UV_MODE_HAND 0x0100 /* internal handprint verification */ 155#define FIDO_UV_MODE_NONE 0x0200 /* TUP/UV not required */ 156#define FIDO_UV_MODE_ALL 0x0400 /* all supported UV modes required */ 157#define FIDO_UV_MODE_EXT_PIN 0x0800 /* external pin verification */ 158#define FIDO_UV_MODE_EXT_DRAWN 0x1000 /* external drawn pattern check */ 159 160#endif /* !_FIDO_PARAM_H */ 161