Home | History | Annotate | Line # | Download | only in fido 
      1 /*
      2  * Copyright (c) 2018-2024 Yubico AB. All rights reserved.
      3  * SPDX-License-Identifier: BSD-2-Clause
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions are
      7  * met:
      8  *
      9  *    1. Redistributions of source code must retain the above copyright
     10  *       notice, this list of conditions and the following disclaimer.
     11  *    2. Redistributions in binary form must reproduce the above copyright
     12  *       notice, this list of conditions and the following disclaimer in
     13  *       the documentation and/or other materials provided with the
     14  *       distribution.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     17  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     18  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     19  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     20  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     21  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     22  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     26  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     27  */
     28 
     29 #ifndef _FIDO_PARAM_H
     30 #define _FIDO_PARAM_H
     31 
     32 /* Authentication data flags. */
     33 #define CTAP_AUTHDATA_USER_PRESENT	0x01
     34 #define CTAP_AUTHDATA_USER_VERIFIED	0x04
     35 #define CTAP_AUTHDATA_ATT_CRED		0x40
     36 #define CTAP_AUTHDATA_EXT_DATA		0x80
     37 
     38 /* CTAPHID command opcodes. */
     39 #define CTAP_CMD_PING			0x01
     40 #define CTAP_CMD_MSG			0x03
     41 #define CTAP_CMD_LOCK			0x04
     42 #define CTAP_CMD_INIT			0x06
     43 #define CTAP_CMD_WINK			0x08
     44 #define CTAP_CMD_CBOR			0x10
     45 #define CTAP_CMD_CANCEL			0x11
     46 #define CTAP_KEEPALIVE			0x3b
     47 #define CTAP_FRAME_INIT			0x80
     48 
     49 /* CTAPHID CBOR command opcodes. */
     50 #define CTAP_CBOR_MAKECRED		0x01
     51 #define CTAP_CBOR_ASSERT		0x02
     52 #define CTAP_CBOR_GETINFO		0x04
     53 #define CTAP_CBOR_CLIENT_PIN		0x06
     54 #define CTAP_CBOR_RESET			0x07
     55 #define CTAP_CBOR_NEXT_ASSERT		0x08
     56 #define CTAP_CBOR_BIO_ENROLL		0x09
     57 #define CTAP_CBOR_CRED_MGMT		0x0a
     58 #define CTAP_CBOR_LARGEBLOB		0x0c
     59 #define CTAP_CBOR_CONFIG		0x0d
     60 #define CTAP_CBOR_BIO_ENROLL_PRE	0x40
     61 #define CTAP_CBOR_CRED_MGMT_PRE		0x41
     62 
     63 /* Supported CTAP PIN/UV Auth Protocols. */
     64 #define CTAP_PIN_PROTOCOL1		1
     65 #define CTAP_PIN_PROTOCOL2		2
     66 
     67 /* U2F command opcodes. */
     68 #define U2F_CMD_REGISTER		0x01
     69 #define U2F_CMD_AUTH			0x02
     70 
     71 /* U2F command flags. */
     72 #define U2F_AUTH_SIGN			0x03
     73 #define U2F_AUTH_CHECK			0x07
     74 
     75 /* ISO7816-4 status words. */
     76 #define SW1_MORE_DATA			0x61
     77 #define SW_WRONG_LENGTH			0x6700
     78 #define SW_CONDITIONS_NOT_SATISFIED	0x6985
     79 #define SW_WRONG_DATA			0x6a80
     80 #define SW_NO_ERROR			0x9000
     81 
     82 /* HID Broadcast channel ID. */
     83 #define CTAP_CID_BROADCAST		0xffffffff
     84 
     85 #define CTAP_INIT_HEADER_LEN		7
     86 #define CTAP_CONT_HEADER_LEN		5
     87 
     88 /* Maximum length of a CTAP HID report in bytes. */
     89 #define CTAP_MAX_REPORT_LEN		64
     90 
     91 /* Minimum length of a CTAP HID report in bytes. */
     92 #define CTAP_MIN_REPORT_LEN		(CTAP_INIT_HEADER_LEN + 1)
     93 
     94 /* Randomness device on UNIX-like platforms. */
     95 #ifndef FIDO_RANDOM_DEV
     96 #define FIDO_RANDOM_DEV			"/dev/urandom"
     97 #endif
     98 
     99 /* Maximum message size in bytes. */
    100 #ifndef FIDO_MAXMSG
    101 #define FIDO_MAXMSG	2048
    102 #endif
    103 
    104 /* CTAP capability bits. */
    105 #define FIDO_CAP_WINK	0x01 /* if set, device supports CTAP_CMD_WINK */
    106 #define FIDO_CAP_CBOR	0x04 /* if set, device supports CTAP_CMD_CBOR */
    107 #define FIDO_CAP_NMSG	0x08 /* if set, device doesn't support CTAP_CMD_MSG */
    108 
    109 /* Supported COSE algorithms. */
    110 #define COSE_UNSPEC	0
    111 #define COSE_ES256	-7
    112 #define COSE_EDDSA	-8
    113 #define COSE_ECDH_ES256	-25
    114 #define COSE_ES384	-35
    115 #define COSE_RS256	-257
    116 #define COSE_RS1	-65535
    117 
    118 /* Supported COSE types. */
    119 #define COSE_KTY_OKP	1
    120 #define COSE_KTY_EC2	2
    121 #define COSE_KTY_RSA	3
    122 
    123 /* Supported curves. */
    124 #define COSE_P256	1
    125 #define COSE_P384	2
    126 #define COSE_ED25519	6
    127 
    128 /* Supported extensions. */
    129 #define FIDO_EXT_HMAC_SECRET	0x01
    130 #define FIDO_EXT_CRED_PROTECT	0x02
    131 #define FIDO_EXT_LARGEBLOB_KEY	0x04
    132 #define FIDO_EXT_CRED_BLOB	0x08
    133 #define FIDO_EXT_MINPINLEN	0x10
    134 
    135 /* Supported credential protection policies. */
    136 #define FIDO_CRED_PROT_UV_OPTIONAL		0x01
    137 #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID	0x02
    138 #define FIDO_CRED_PROT_UV_REQUIRED		0x03
    139 
    140 /* Supported enterprise attestation modes. */
    141 #define FIDO_ENTATTEST_VENDOR	1
    142 #define FIDO_ENTATTEST_PLATFORM	2
    143 
    144 #ifdef _FIDO_INTERNAL
    145 #define FIDO_EXT_ASSERT_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
    146 				 FIDO_EXT_CRED_BLOB)
    147 #define FIDO_EXT_CRED_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
    148 				 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \
    149 				 FIDO_EXT_MINPINLEN)
    150 #endif /* _FIDO_INTERNAL */
    151 
    152 /* Recognised UV modes. */
    153 #define FIDO_UV_MODE_TUP	0x0001	/* internal test of user presence */
    154 #define FIDO_UV_MODE_FP		0x0002	/* internal fingerprint check */
    155 #define FIDO_UV_MODE_PIN	0x0004	/* internal pin check */
    156 #define FIDO_UV_MODE_VOICE	0x0008	/* internal voice recognition */
    157 #define FIDO_UV_MODE_FACE	0x0010	/* internal face recognition */
    158 #define FIDO_UV_MODE_LOCATION	0x0020	/* internal location check */
    159 #define FIDO_UV_MODE_EYE	0x0040	/* internal eyeprint check */
    160 #define FIDO_UV_MODE_DRAWN	0x0080	/* internal drawn pattern check */
    161 #define FIDO_UV_MODE_HAND	0x0100	/* internal handprint verification */
    162 #define FIDO_UV_MODE_NONE	0x0200	/* TUP/UV not required */
    163 #define FIDO_UV_MODE_ALL	0x0400	/* all supported UV modes required */
    164 #define FIDO_UV_MODE_EXT_PIN	0x0800	/* external pin verification */
    165 #define FIDO_UV_MODE_EXT_DRAWN	0x1000	/* external drawn pattern check */
    166 
    167 #endif /* !_FIDO_PARAM_H */
    168