xref: /freebsd/contrib/libfido2/src/fido/param.h (revision 83823d063ab57db8d3954c1530d036f1ccdceb41)
1 /*
2  * Copyright (c) 2018-2022 Yubico AB. All rights reserved.
3  * SPDX-License-Identifier: BSD-2-Clause
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are
7  * met:
8  *
9  *    1. Redistributions of source code must retain the above copyright
10  *       notice, this list of conditions and the following disclaimer.
11  *    2. Redistributions in binary form must reproduce the above copyright
12  *       notice, this list of conditions and the following disclaimer in
13  *       the documentation and/or other materials provided with the
14  *       distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #ifndef _FIDO_PARAM_H
30 #define _FIDO_PARAM_H
31 
32 /* Authentication data flags. */
33 #define CTAP_AUTHDATA_USER_PRESENT	0x01
34 #define CTAP_AUTHDATA_USER_VERIFIED	0x04
35 #define CTAP_AUTHDATA_ATT_CRED		0x40
36 #define CTAP_AUTHDATA_EXT_DATA		0x80
37 
38 /* CTAPHID command opcodes. */
39 #define CTAP_CMD_PING			0x01
40 #define CTAP_CMD_MSG			0x03
41 #define CTAP_CMD_LOCK			0x04
42 #define CTAP_CMD_INIT			0x06
43 #define CTAP_CMD_WINK			0x08
44 #define CTAP_CMD_CBOR			0x10
45 #define CTAP_CMD_CANCEL			0x11
46 #define CTAP_KEEPALIVE			0x3b
47 #define CTAP_FRAME_INIT			0x80
48 
49 /* CTAPHID CBOR command opcodes. */
50 #define CTAP_CBOR_MAKECRED		0x01
51 #define CTAP_CBOR_ASSERT		0x02
52 #define CTAP_CBOR_GETINFO		0x04
53 #define CTAP_CBOR_CLIENT_PIN		0x06
54 #define CTAP_CBOR_RESET			0x07
55 #define CTAP_CBOR_NEXT_ASSERT		0x08
56 #define CTAP_CBOR_LARGEBLOB		0x0c
57 #define CTAP_CBOR_CONFIG		0x0d
58 #define CTAP_CBOR_BIO_ENROLL_PRE	0x40
59 #define CTAP_CBOR_CRED_MGMT_PRE		0x41
60 
61 /* Supported CTAP PIN/UV Auth Protocols. */
62 #define CTAP_PIN_PROTOCOL1		1
63 #define CTAP_PIN_PROTOCOL2		2
64 
65 /* U2F command opcodes. */
66 #define U2F_CMD_REGISTER		0x01
67 #define U2F_CMD_AUTH			0x02
68 
69 /* U2F command flags. */
70 #define U2F_AUTH_SIGN			0x03
71 #define U2F_AUTH_CHECK			0x07
72 
73 /* ISO7816-4 status words. */
74 #define SW1_MORE_DATA			0x61
75 #define SW_CONDITIONS_NOT_SATISFIED	0x6985
76 #define SW_WRONG_DATA			0x6a80
77 #define SW_NO_ERROR			0x9000
78 
79 /* HID Broadcast channel ID. */
80 #define CTAP_CID_BROADCAST		0xffffffff
81 
82 #define CTAP_INIT_HEADER_LEN		7
83 #define CTAP_CONT_HEADER_LEN		5
84 
85 /* Maximum length of a CTAP HID report in bytes. */
86 #define CTAP_MAX_REPORT_LEN		64
87 
88 /* Minimum length of a CTAP HID report in bytes. */
89 #define CTAP_MIN_REPORT_LEN		(CTAP_INIT_HEADER_LEN + 1)
90 
91 /* Randomness device on UNIX-like platforms. */
92 #ifndef FIDO_RANDOM_DEV
93 #define FIDO_RANDOM_DEV			"/dev/urandom"
94 #endif
95 
96 /* Maximum message size in bytes. */
97 #ifndef FIDO_MAXMSG
98 #define FIDO_MAXMSG	2048
99 #endif
100 
101 /* CTAP capability bits. */
102 #define FIDO_CAP_WINK	0x01 /* if set, device supports CTAP_CMD_WINK */
103 #define FIDO_CAP_CBOR	0x04 /* if set, device supports CTAP_CMD_CBOR */
104 #define FIDO_CAP_NMSG	0x08 /* if set, device doesn't support CTAP_CMD_MSG */
105 
106 /* Supported COSE algorithms. */
107 #define COSE_UNSPEC	0
108 #define COSE_ES256	-7
109 #define COSE_EDDSA	-8
110 #define COSE_ECDH_ES256	-25
111 #define COSE_ES384	-35
112 #define COSE_RS256	-257
113 #define COSE_RS1	-65535
114 
115 /* Supported COSE types. */
116 #define COSE_KTY_OKP	1
117 #define COSE_KTY_EC2	2
118 #define COSE_KTY_RSA	3
119 
120 /* Supported curves. */
121 #define COSE_P256	1
122 #define COSE_P384	2
123 #define COSE_ED25519	6
124 
125 /* Supported extensions. */
126 #define FIDO_EXT_HMAC_SECRET	0x01
127 #define FIDO_EXT_CRED_PROTECT	0x02
128 #define FIDO_EXT_LARGEBLOB_KEY	0x04
129 #define FIDO_EXT_CRED_BLOB	0x08
130 #define FIDO_EXT_MINPINLEN	0x10
131 
132 /* Supported credential protection policies. */
133 #define FIDO_CRED_PROT_UV_OPTIONAL		0x01
134 #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID	0x02
135 #define FIDO_CRED_PROT_UV_REQUIRED		0x03
136 
137 #ifdef _FIDO_INTERNAL
138 #define FIDO_EXT_ASSERT_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
139 				 FIDO_EXT_CRED_BLOB)
140 #define FIDO_EXT_CRED_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
141 				 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \
142 				 FIDO_EXT_MINPINLEN)
143 #endif /* _FIDO_INTERNAL */
144 
145 /* Recognised UV modes. */
146 #define FIDO_UV_MODE_TUP	0x0001	/* internal test of user presence */
147 #define FIDO_UV_MODE_FP		0x0002	/* internal fingerprint check */
148 #define FIDO_UV_MODE_PIN	0x0004	/* internal pin check */
149 #define FIDO_UV_MODE_VOICE	0x0008	/* internal voice recognition */
150 #define FIDO_UV_MODE_FACE	0x0010	/* internal face recognition */
151 #define FIDO_UV_MODE_LOCATION	0x0020	/* internal location check */
152 #define FIDO_UV_MODE_EYE	0x0040	/* internal eyeprint check */
153 #define FIDO_UV_MODE_DRAWN	0x0080	/* internal drawn pattern check */
154 #define FIDO_UV_MODE_HAND	0x0100	/* internal handprint verification */
155 #define FIDO_UV_MODE_NONE	0x0200	/* TUP/UV not required */
156 #define FIDO_UV_MODE_ALL	0x0400	/* all supported UV modes required */
157 #define FIDO_UV_MODE_EXT_PIN	0x0800	/* external pin verification */
158 #define FIDO_UV_MODE_EXT_DRAWN	0x1000	/* external drawn pattern check */
159 
160 #endif /* !_FIDO_PARAM_H */
161