xref: /freebsd/contrib/libfido2/src/fido/param.h (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1 /*
2  * Copyright (c) 2018-2021 Yubico AB. All rights reserved.
3  * Use of this source code is governed by a BSD-style
4  * license that can be found in the LICENSE file.
5  */
6 
7 #ifndef _FIDO_PARAM_H
8 #define _FIDO_PARAM_H
9 
10 /* Authentication data flags. */
11 #define CTAP_AUTHDATA_USER_PRESENT	0x01
12 #define CTAP_AUTHDATA_USER_VERIFIED	0x04
13 #define CTAP_AUTHDATA_ATT_CRED		0x40
14 #define CTAP_AUTHDATA_EXT_DATA		0x80
15 
16 /* CTAPHID command opcodes. */
17 #define CTAP_CMD_PING			0x01
18 #define CTAP_CMD_MSG			0x03
19 #define CTAP_CMD_LOCK			0x04
20 #define CTAP_CMD_INIT			0x06
21 #define CTAP_CMD_WINK			0x08
22 #define CTAP_CMD_CBOR			0x10
23 #define CTAP_CMD_CANCEL			0x11
24 #define CTAP_KEEPALIVE			0x3b
25 #define CTAP_FRAME_INIT			0x80
26 
27 /* CTAPHID CBOR command opcodes. */
28 #define CTAP_CBOR_MAKECRED		0x01
29 #define CTAP_CBOR_ASSERT		0x02
30 #define CTAP_CBOR_GETINFO		0x04
31 #define CTAP_CBOR_CLIENT_PIN		0x06
32 #define CTAP_CBOR_RESET			0x07
33 #define CTAP_CBOR_NEXT_ASSERT		0x08
34 #define CTAP_CBOR_LARGEBLOB		0x0c
35 #define CTAP_CBOR_CONFIG		0x0d
36 #define CTAP_CBOR_BIO_ENROLL_PRE	0x40
37 #define CTAP_CBOR_CRED_MGMT_PRE		0x41
38 
39 /* Supported CTAP PIN/UV Auth Protocols. */
40 #define CTAP_PIN_PROTOCOL1		1
41 #define CTAP_PIN_PROTOCOL2		2
42 
43 /* U2F command opcodes. */
44 #define U2F_CMD_REGISTER		0x01
45 #define U2F_CMD_AUTH			0x02
46 
47 /* U2F command flags. */
48 #define U2F_AUTH_SIGN			0x03
49 #define U2F_AUTH_CHECK			0x07
50 
51 /* ISO7816-4 status words. */
52 #define SW1_MORE_DATA			0x61
53 #define SW_CONDITIONS_NOT_SATISFIED	0x6985
54 #define SW_WRONG_DATA			0x6a80
55 #define SW_NO_ERROR			0x9000
56 
57 /* HID Broadcast channel ID. */
58 #define CTAP_CID_BROADCAST		0xffffffff
59 
60 #define CTAP_INIT_HEADER_LEN		7
61 #define CTAP_CONT_HEADER_LEN		5
62 
63 /* Maximum length of a CTAP HID report in bytes. */
64 #define CTAP_MAX_REPORT_LEN		64
65 
66 /* Minimum length of a CTAP HID report in bytes. */
67 #define CTAP_MIN_REPORT_LEN		(CTAP_INIT_HEADER_LEN + 1)
68 
69 /* Randomness device on UNIX-like platforms. */
70 #ifndef FIDO_RANDOM_DEV
71 #define FIDO_RANDOM_DEV			"/dev/urandom"
72 #endif
73 
74 /* Maximum message size in bytes. */
75 #ifndef FIDO_MAXMSG
76 #define FIDO_MAXMSG	2048
77 #endif
78 
79 /* CTAP capability bits. */
80 #define FIDO_CAP_WINK	0x01 /* if set, device supports CTAP_CMD_WINK */
81 #define FIDO_CAP_CBOR	0x04 /* if set, device supports CTAP_CMD_CBOR */
82 #define FIDO_CAP_NMSG	0x08 /* if set, device doesn't support CTAP_CMD_MSG */
83 
84 /* Supported COSE algorithms. */
85 #define	COSE_UNSPEC	0
86 #define	COSE_ES256	-7
87 #define	COSE_EDDSA	-8
88 #define	COSE_ECDH_ES256	-25
89 #define	COSE_RS256	-257
90 #define	COSE_RS1	-65535
91 
92 /* Supported COSE types. */
93 #define COSE_KTY_OKP	1
94 #define COSE_KTY_EC2	2
95 #define COSE_KTY_RSA	3
96 
97 /* Supported curves. */
98 #define COSE_P256	1
99 #define COSE_ED25519	6
100 
101 /* Supported extensions. */
102 #define FIDO_EXT_HMAC_SECRET	0x01
103 #define FIDO_EXT_CRED_PROTECT	0x02
104 #define FIDO_EXT_LARGEBLOB_KEY	0x04
105 #define FIDO_EXT_CRED_BLOB	0x08
106 #define FIDO_EXT_MINPINLEN	0x10
107 
108 /* Supported credential protection policies. */
109 #define FIDO_CRED_PROT_UV_OPTIONAL		0x01
110 #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID	0x02
111 #define FIDO_CRED_PROT_UV_REQUIRED		0x03
112 
113 #ifdef _FIDO_INTERNAL
114 #define FIDO_EXT_ASSERT_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
115 				 FIDO_EXT_CRED_BLOB)
116 #define FIDO_EXT_CRED_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
117 				 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \
118 				 FIDO_EXT_MINPINLEN)
119 #endif /* _FIDO_INTERNAL */
120 
121 #endif /* !_FIDO_PARAM_H */
122