1/*
2 * Copyright (c) 2018-2021 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
5 */
6
7#ifndef _FIDO_PARAM_H
8#define _FIDO_PARAM_H
9
10/* Authentication data flags. */
11#define CTAP_AUTHDATA_USER_PRESENT	0x01
12#define CTAP_AUTHDATA_USER_VERIFIED	0x04
13#define CTAP_AUTHDATA_ATT_CRED		0x40
14#define CTAP_AUTHDATA_EXT_DATA		0x80
15
16/* CTAPHID command opcodes. */
17#define CTAP_CMD_PING			0x01
18#define CTAP_CMD_MSG			0x03
19#define CTAP_CMD_LOCK			0x04
20#define CTAP_CMD_INIT			0x06
21#define CTAP_CMD_WINK			0x08
22#define CTAP_CMD_CBOR			0x10
23#define CTAP_CMD_CANCEL			0x11
24#define CTAP_KEEPALIVE			0x3b
25#define CTAP_FRAME_INIT			0x80
26
27/* CTAPHID CBOR command opcodes. */
28#define CTAP_CBOR_MAKECRED		0x01
29#define CTAP_CBOR_ASSERT		0x02
30#define CTAP_CBOR_GETINFO		0x04
31#define CTAP_CBOR_CLIENT_PIN		0x06
32#define CTAP_CBOR_RESET			0x07
33#define CTAP_CBOR_NEXT_ASSERT		0x08
34#define CTAP_CBOR_LARGEBLOB		0x0c
35#define CTAP_CBOR_CONFIG		0x0d
36#define CTAP_CBOR_BIO_ENROLL_PRE	0x40
37#define CTAP_CBOR_CRED_MGMT_PRE		0x41
38
39/* Supported CTAP PIN/UV Auth Protocols. */
40#define CTAP_PIN_PROTOCOL1		1
41#define CTAP_PIN_PROTOCOL2		2
42
43/* U2F command opcodes. */
44#define U2F_CMD_REGISTER		0x01
45#define U2F_CMD_AUTH			0x02
46
47/* U2F command flags. */
48#define U2F_AUTH_SIGN			0x03
49#define U2F_AUTH_CHECK			0x07
50
51/* ISO7816-4 status words. */
52#define SW1_MORE_DATA			0x61
53#define SW_CONDITIONS_NOT_SATISFIED	0x6985
54#define SW_WRONG_DATA			0x6a80
55#define SW_NO_ERROR			0x9000
56
57/* HID Broadcast channel ID. */
58#define CTAP_CID_BROADCAST		0xffffffff
59
60#define CTAP_INIT_HEADER_LEN		7
61#define CTAP_CONT_HEADER_LEN		5
62
63/* Maximum length of a CTAP HID report in bytes. */
64#define CTAP_MAX_REPORT_LEN		64
65
66/* Minimum length of a CTAP HID report in bytes. */
67#define CTAP_MIN_REPORT_LEN		(CTAP_INIT_HEADER_LEN + 1)
68
69/* Randomness device on UNIX-like platforms. */
70#ifndef FIDO_RANDOM_DEV
71#define FIDO_RANDOM_DEV			"/dev/urandom"
72#endif
73
74/* Maximum message size in bytes. */
75#ifndef FIDO_MAXMSG
76#define FIDO_MAXMSG	2048
77#endif
78
79/* CTAP capability bits. */
80#define FIDO_CAP_WINK	0x01 /* if set, device supports CTAP_CMD_WINK */
81#define FIDO_CAP_CBOR	0x04 /* if set, device supports CTAP_CMD_CBOR */
82#define FIDO_CAP_NMSG	0x08 /* if set, device doesn't support CTAP_CMD_MSG */
83
84/* Supported COSE algorithms. */
85#define	COSE_UNSPEC	0
86#define	COSE_ES256	-7
87#define	COSE_EDDSA	-8
88#define	COSE_ECDH_ES256	-25
89#define	COSE_RS256	-257
90#define	COSE_RS1	-65535
91
92/* Supported COSE types. */
93#define COSE_KTY_OKP	1
94#define COSE_KTY_EC2	2
95#define COSE_KTY_RSA	3
96
97/* Supported curves. */
98#define COSE_P256	1
99#define COSE_ED25519	6
100
101/* Supported extensions. */
102#define FIDO_EXT_HMAC_SECRET	0x01
103#define FIDO_EXT_CRED_PROTECT	0x02
104#define FIDO_EXT_LARGEBLOB_KEY	0x04
105#define FIDO_EXT_CRED_BLOB	0x08
106#define FIDO_EXT_MINPINLEN	0x10
107
108/* Supported credential protection policies. */
109#define FIDO_CRED_PROT_UV_OPTIONAL		0x01
110#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID	0x02
111#define FIDO_CRED_PROT_UV_REQUIRED		0x03
112
113#ifdef _FIDO_INTERNAL
114#define FIDO_EXT_ASSERT_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
115				 FIDO_EXT_CRED_BLOB)
116#define FIDO_EXT_CRED_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
117				 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \
118				 FIDO_EXT_MINPINLEN)
119#endif /* _FIDO_INTERNAL */
120
121#endif /* !_FIDO_PARAM_H */
122