1 /* 2 * Copyright (c) 2018-2024 Yubico AB. All rights reserved. 3 * SPDX-License-Identifier: BSD-2-Clause 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 19 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 20 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 22 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 26 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #ifndef _FIDO_PARAM_H 30 #define _FIDO_PARAM_H 31 32 /* Authentication data flags. */ 33 #define CTAP_AUTHDATA_USER_PRESENT 0x01 34 #define CTAP_AUTHDATA_USER_VERIFIED 0x04 35 #define CTAP_AUTHDATA_ATT_CRED 0x40 36 #define CTAP_AUTHDATA_EXT_DATA 0x80 37 38 /* CTAPHID command opcodes. */ 39 #define CTAP_CMD_PING 0x01 40 #define CTAP_CMD_MSG 0x03 41 #define CTAP_CMD_LOCK 0x04 42 #define CTAP_CMD_INIT 0x06 43 #define CTAP_CMD_WINK 0x08 44 #define CTAP_CMD_CBOR 0x10 45 #define CTAP_CMD_CANCEL 0x11 46 #define CTAP_KEEPALIVE 0x3b 47 #define CTAP_FRAME_INIT 0x80 48 49 /* CTAPHID CBOR command opcodes. */ 50 #define CTAP_CBOR_MAKECRED 0x01 51 #define CTAP_CBOR_ASSERT 0x02 52 #define CTAP_CBOR_GETINFO 0x04 53 #define CTAP_CBOR_CLIENT_PIN 0x06 54 #define CTAP_CBOR_RESET 0x07 55 #define CTAP_CBOR_NEXT_ASSERT 0x08 56 #define CTAP_CBOR_BIO_ENROLL 0x09 57 #define CTAP_CBOR_CRED_MGMT 0x0a 58 #define CTAP_CBOR_LARGEBLOB 0x0c 59 #define CTAP_CBOR_CONFIG 0x0d 60 #define CTAP_CBOR_BIO_ENROLL_PRE 0x40 61 #define CTAP_CBOR_CRED_MGMT_PRE 0x41 62 63 /* Supported CTAP PIN/UV Auth Protocols. */ 64 #define CTAP_PIN_PROTOCOL1 1 65 #define CTAP_PIN_PROTOCOL2 2 66 67 /* U2F command opcodes. */ 68 #define U2F_CMD_REGISTER 0x01 69 #define U2F_CMD_AUTH 0x02 70 71 /* U2F command flags. */ 72 #define U2F_AUTH_SIGN 0x03 73 #define U2F_AUTH_CHECK 0x07 74 75 /* ISO7816-4 status words. */ 76 #define SW1_MORE_DATA 0x61 77 #define SW_WRONG_LENGTH 0x6700 78 #define SW_CONDITIONS_NOT_SATISFIED 0x6985 79 #define SW_WRONG_DATA 0x6a80 80 #define SW_NO_ERROR 0x9000 81 82 /* HID Broadcast channel ID. */ 83 #define CTAP_CID_BROADCAST 0xffffffff 84 85 #define CTAP_INIT_HEADER_LEN 7 86 #define CTAP_CONT_HEADER_LEN 5 87 88 /* Maximum length of a CTAP HID report in bytes. */ 89 #define CTAP_MAX_REPORT_LEN 64 90 91 /* Minimum length of a CTAP HID report in bytes. */ 92 #define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1) 93 94 /* Randomness device on UNIX-like platforms. */ 95 #ifndef FIDO_RANDOM_DEV 96 #define FIDO_RANDOM_DEV "/dev/urandom" 97 #endif 98 99 /* Maximum message size in bytes. */ 100 #ifndef FIDO_MAXMSG 101 #define FIDO_MAXMSG 2048 102 #endif 103 104 /* CTAP capability bits. */ 105 #define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */ 106 #define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */ 107 #define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */ 108 109 /* Supported COSE algorithms. */ 110 #define COSE_UNSPEC 0 111 #define COSE_ES256 -7 112 #define COSE_EDDSA -8 113 #define COSE_ECDH_ES256 -25 114 #define COSE_ES384 -35 115 #define COSE_RS256 -257 116 #define COSE_RS1 -65535 117 118 /* Supported COSE types. */ 119 #define COSE_KTY_OKP 1 120 #define COSE_KTY_EC2 2 121 #define COSE_KTY_RSA 3 122 123 /* Supported curves. */ 124 #define COSE_P256 1 125 #define COSE_P384 2 126 #define COSE_ED25519 6 127 128 /* Supported extensions. */ 129 #define FIDO_EXT_HMAC_SECRET 0x01 130 #define FIDO_EXT_CRED_PROTECT 0x02 131 #define FIDO_EXT_LARGEBLOB_KEY 0x04 132 #define FIDO_EXT_CRED_BLOB 0x08 133 #define FIDO_EXT_MINPINLEN 0x10 134 135 /* Supported credential protection policies. */ 136 #define FIDO_CRED_PROT_UV_OPTIONAL 0x01 137 #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 138 #define FIDO_CRED_PROT_UV_REQUIRED 0x03 139 140 /* Supported enterprise attestation modes. */ 141 #define FIDO_ENTATTEST_VENDOR 1 142 #define FIDO_ENTATTEST_PLATFORM 2 143 144 #ifdef _FIDO_INTERNAL 145 #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ 146 FIDO_EXT_CRED_BLOB) 147 #define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ 148 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ 149 FIDO_EXT_MINPINLEN) 150 #endif /* _FIDO_INTERNAL */ 151 152 /* Recognised UV modes. */ 153 #define FIDO_UV_MODE_TUP 0x0001 /* internal test of user presence */ 154 #define FIDO_UV_MODE_FP 0x0002 /* internal fingerprint check */ 155 #define FIDO_UV_MODE_PIN 0x0004 /* internal pin check */ 156 #define FIDO_UV_MODE_VOICE 0x0008 /* internal voice recognition */ 157 #define FIDO_UV_MODE_FACE 0x0010 /* internal face recognition */ 158 #define FIDO_UV_MODE_LOCATION 0x0020 /* internal location check */ 159 #define FIDO_UV_MODE_EYE 0x0040 /* internal eyeprint check */ 160 #define FIDO_UV_MODE_DRAWN 0x0080 /* internal drawn pattern check */ 161 #define FIDO_UV_MODE_HAND 0x0100 /* internal handprint verification */ 162 #define FIDO_UV_MODE_NONE 0x0200 /* TUP/UV not required */ 163 #define FIDO_UV_MODE_ALL 0x0400 /* all supported UV modes required */ 164 #define FIDO_UV_MODE_EXT_PIN 0x0800 /* external pin verification */ 165 #define FIDO_UV_MODE_EXT_DRAWN 0x1000 /* external drawn pattern check */ 166 167 #endif /* !_FIDO_PARAM_H */ 168