xref: /freebsd/contrib/libfido2/src/fido/param.h (revision e7437ae907c89bf85a99c5cbb7ddd194a1ff1354)
1 /*
2  * Copyright (c) 2018 Yubico AB. All rights reserved.
3  * Use of this source code is governed by a BSD-style
4  * license that can be found in the LICENSE file.
5  */
6 
7 #ifndef _FIDO_PARAM_H
8 #define _FIDO_PARAM_H
9 
10 /* Authentication data flags. */
11 #define CTAP_AUTHDATA_USER_PRESENT	0x01
12 #define CTAP_AUTHDATA_USER_VERIFIED	0x04
13 #define CTAP_AUTHDATA_ATT_CRED		0x40
14 #define CTAP_AUTHDATA_EXT_DATA		0x80
15 
16 /* CTAPHID command opcodes. */
17 #define CTAP_CMD_PING			0x01
18 #define CTAP_CMD_MSG			0x03
19 #define CTAP_CMD_LOCK			0x04
20 #define CTAP_CMD_INIT			0x06
21 #define CTAP_CMD_WINK			0x08
22 #define CTAP_CMD_CBOR			0x10
23 #define CTAP_CMD_CANCEL			0x11
24 #define CTAP_KEEPALIVE			0x3b
25 #define CTAP_FRAME_INIT			0x80
26 
27 /* CTAPHID CBOR command opcodes. */
28 #define CTAP_CBOR_MAKECRED		0x01
29 #define CTAP_CBOR_ASSERT		0x02
30 #define CTAP_CBOR_GETINFO		0x04
31 #define CTAP_CBOR_CLIENT_PIN		0x06
32 #define CTAP_CBOR_RESET			0x07
33 #define CTAP_CBOR_NEXT_ASSERT		0x08
34 #define CTAP_CBOR_LARGEBLOB		0x0c
35 #define CTAP_CBOR_CONFIG		0x0d
36 #define CTAP_CBOR_BIO_ENROLL_PRE	0x40
37 #define CTAP_CBOR_CRED_MGMT_PRE		0x41
38 
39 /* Supported CTAP PIN/UV Auth Protocols. */
40 #define CTAP_PIN_PROTOCOL1		1
41 #define CTAP_PIN_PROTOCOL2		2
42 
43 /* U2F command opcodes. */
44 #define U2F_CMD_REGISTER		0x01
45 #define U2F_CMD_AUTH			0x02
46 
47 /* U2F command flags. */
48 #define U2F_AUTH_SIGN			0x03
49 #define U2F_AUTH_CHECK			0x07
50 
51 /* ISO7816-4 status words. */
52 #define SW1_MORE_DATA			0x61
53 #define SW_CONDITIONS_NOT_SATISFIED	0x6985
54 #define SW_WRONG_DATA			0x6a80
55 #define SW_NO_ERROR			0x9000
56 
57 /* HID Broadcast channel ID. */
58 #define CTAP_CID_BROADCAST		0xffffffff
59 
60 #define CTAP_INIT_HEADER_LEN		7
61 #define CTAP_CONT_HEADER_LEN		5
62 
63 /* Maximum length of a CTAP HID report in bytes. */
64 #define CTAP_MAX_REPORT_LEN		64
65 
66 /* Minimum length of a CTAP HID report in bytes. */
67 #define CTAP_MIN_REPORT_LEN		(CTAP_INIT_HEADER_LEN + 1)
68 
69 /* Randomness device on UNIX-like platforms. */
70 #ifndef FIDO_RANDOM_DEV
71 #define FIDO_RANDOM_DEV			"/dev/urandom"
72 #endif
73 
74 /* Maximum message size in bytes. */
75 #ifndef FIDO_MAXMSG
76 #define FIDO_MAXMSG	2048
77 #endif
78 
79 /* CTAP capability bits. */
80 #define FIDO_CAP_WINK	0x01 /* if set, device supports CTAP_CMD_WINK */
81 #define FIDO_CAP_CBOR	0x04 /* if set, device supports CTAP_CMD_CBOR */
82 #define FIDO_CAP_NMSG	0x08 /* if set, device doesn't support CTAP_CMD_MSG */
83 
84 /* Supported COSE algorithms. */
85 #define	COSE_ES256	-7
86 #define	COSE_EDDSA	-8
87 #define	COSE_ECDH_ES256	-25
88 #define	COSE_RS256	-257
89 
90 /* Supported COSE types. */
91 #define COSE_KTY_OKP	1
92 #define COSE_KTY_EC2	2
93 #define COSE_KTY_RSA	3
94 
95 /* Supported curves. */
96 #define COSE_P256	1
97 #define COSE_ED25519	6
98 
99 /* Supported extensions. */
100 #define FIDO_EXT_HMAC_SECRET	0x01
101 #define FIDO_EXT_CRED_PROTECT	0x02
102 #define FIDO_EXT_LARGEBLOB_KEY	0x04
103 #define FIDO_EXT_CRED_BLOB	0x08
104 
105 /* Supported credential protection policies. */
106 #define FIDO_CRED_PROT_UV_OPTIONAL		0x01
107 #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID	0x02
108 #define FIDO_CRED_PROT_UV_REQUIRED		0x03
109 
110 #ifdef _FIDO_INTERNAL
111 #define FIDO_EXT_ASSERT_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
112 				 FIDO_EXT_CRED_BLOB)
113 #define FIDO_EXT_CRED_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
114 				 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB)
115 #endif /* _FIDO_INTERNAL */
116 
117 #endif /* !_FIDO_PARAM_H */
118