1/* 2 * Copyright (c) 2018-2021 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 */ 6 7#ifndef _FIDO_PARAM_H 8#define _FIDO_PARAM_H 9 10/* Authentication data flags. */ 11#define CTAP_AUTHDATA_USER_PRESENT 0x01 12#define CTAP_AUTHDATA_USER_VERIFIED 0x04 13#define CTAP_AUTHDATA_ATT_CRED 0x40 14#define CTAP_AUTHDATA_EXT_DATA 0x80 15 16/* CTAPHID command opcodes. */ 17#define CTAP_CMD_PING 0x01 18#define CTAP_CMD_MSG 0x03 19#define CTAP_CMD_LOCK 0x04 20#define CTAP_CMD_INIT 0x06 21#define CTAP_CMD_WINK 0x08 22#define CTAP_CMD_CBOR 0x10 23#define CTAP_CMD_CANCEL 0x11 24#define CTAP_KEEPALIVE 0x3b 25#define CTAP_FRAME_INIT 0x80 26 27/* CTAPHID CBOR command opcodes. */ 28#define CTAP_CBOR_MAKECRED 0x01 29#define CTAP_CBOR_ASSERT 0x02 30#define CTAP_CBOR_GETINFO 0x04 31#define CTAP_CBOR_CLIENT_PIN 0x06 32#define CTAP_CBOR_RESET 0x07 33#define CTAP_CBOR_NEXT_ASSERT 0x08 34#define CTAP_CBOR_LARGEBLOB 0x0c 35#define CTAP_CBOR_CONFIG 0x0d 36#define CTAP_CBOR_BIO_ENROLL_PRE 0x40 37#define CTAP_CBOR_CRED_MGMT_PRE 0x41 38 39/* Supported CTAP PIN/UV Auth Protocols. */ 40#define CTAP_PIN_PROTOCOL1 1 41#define CTAP_PIN_PROTOCOL2 2 42 43/* U2F command opcodes. */ 44#define U2F_CMD_REGISTER 0x01 45#define U2F_CMD_AUTH 0x02 46 47/* U2F command flags. */ 48#define U2F_AUTH_SIGN 0x03 49#define U2F_AUTH_CHECK 0x07 50 51/* ISO7816-4 status words. */ 52#define SW1_MORE_DATA 0x61 53#define SW_CONDITIONS_NOT_SATISFIED 0x6985 54#define SW_WRONG_DATA 0x6a80 55#define SW_NO_ERROR 0x9000 56 57/* HID Broadcast channel ID. */ 58#define CTAP_CID_BROADCAST 0xffffffff 59 60#define CTAP_INIT_HEADER_LEN 7 61#define CTAP_CONT_HEADER_LEN 5 62 63/* Maximum length of a CTAP HID report in bytes. */ 64#define CTAP_MAX_REPORT_LEN 64 65 66/* Minimum length of a CTAP HID report in bytes. */ 67#define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1) 68 69/* Randomness device on UNIX-like platforms. */ 70#ifndef FIDO_RANDOM_DEV 71#define FIDO_RANDOM_DEV "/dev/urandom" 72#endif 73 74/* Maximum message size in bytes. */ 75#ifndef FIDO_MAXMSG 76#define FIDO_MAXMSG 2048 77#endif 78 79/* CTAP capability bits. */ 80#define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */ 81#define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */ 82#define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */ 83 84/* Supported COSE algorithms. */ 85#define COSE_UNSPEC 0 86#define COSE_ES256 -7 87#define COSE_EDDSA -8 88#define COSE_ECDH_ES256 -25 89#define COSE_RS256 -257 90#define COSE_RS1 -65535 91 92/* Supported COSE types. */ 93#define COSE_KTY_OKP 1 94#define COSE_KTY_EC2 2 95#define COSE_KTY_RSA 3 96 97/* Supported curves. */ 98#define COSE_P256 1 99#define COSE_ED25519 6 100 101/* Supported extensions. */ 102#define FIDO_EXT_HMAC_SECRET 0x01 103#define FIDO_EXT_CRED_PROTECT 0x02 104#define FIDO_EXT_LARGEBLOB_KEY 0x04 105#define FIDO_EXT_CRED_BLOB 0x08 106#define FIDO_EXT_MINPINLEN 0x10 107 108/* Supported credential protection policies. */ 109#define FIDO_CRED_PROT_UV_OPTIONAL 0x01 110#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 111#define FIDO_CRED_PROT_UV_REQUIRED 0x03 112 113#ifdef _FIDO_INTERNAL 114#define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ 115 FIDO_EXT_CRED_BLOB) 116#define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ 117 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ 118 FIDO_EXT_MINPINLEN) 119#endif /* _FIDO_INTERNAL */ 120 121#endif /* !_FIDO_PARAM_H */ 122