/libfido2/src/fido/param.h
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2018-2024 Yubico AB. All rights reserved. |
3 | | * SPDX-License-Identifier: BSD-2-Clause |
4 | | * |
5 | | * Redistribution and use in source and binary forms, with or without |
6 | | * modification, are permitted provided that the following conditions are |
7 | | * met: |
8 | | * |
9 | | * 1. Redistributions of source code must retain the above copyright |
10 | | * notice, this list of conditions and the following disclaimer. |
11 | | * 2. Redistributions in binary form must reproduce the above copyright |
12 | | * notice, this list of conditions and the following disclaimer in |
13 | | * the documentation and/or other materials provided with the |
14 | | * distribution. |
15 | | * |
16 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
17 | | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
18 | | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
19 | | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
20 | | * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
21 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
22 | | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
23 | | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
24 | | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 | | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
26 | | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | | */ |
28 | | |
29 | | #ifndef _FIDO_PARAM_H |
30 | | #define _FIDO_PARAM_H |
31 | | |
32 | | /* Authentication data flags. */ |
33 | 8.50k | #define CTAP_AUTHDATA_USER_PRESENT 0x01 |
34 | 602 | #define CTAP_AUTHDATA_USER_VERIFIED 0x04 |
35 | 14.3k | #define CTAP_AUTHDATA_ATT_CRED 0x40 |
36 | 23.2k | #define CTAP_AUTHDATA_EXT_DATA 0x80 |
37 | | |
38 | | /* CTAPHID command opcodes. */ |
39 | | #define CTAP_CMD_PING 0x01 |
40 | 51.8k | #define CTAP_CMD_MSG 0x03 |
41 | | #define CTAP_CMD_LOCK 0x04 |
42 | 1.71M | #define CTAP_CMD_INIT 0x06 |
43 | 12.5k | #define CTAP_CMD_WINK 0x08 |
44 | 835k | #define CTAP_CMD_CBOR 0x10 |
45 | 11.6k | #define CTAP_CMD_CANCEL 0x11 |
46 | 743k | #define CTAP_KEEPALIVE 0x3b |
47 | 3.47M | #define CTAP_FRAME_INIT 0x80 |
48 | | |
49 | | /* CTAPHID CBOR command opcodes. */ |
50 | 6.90k | #define CTAP_CBOR_MAKECRED 0x01 |
51 | 3.60k | #define CTAP_CBOR_ASSERT 0x02 |
52 | 244k | #define CTAP_CBOR_GETINFO 0x04 |
53 | 93.3k | #define CTAP_CBOR_CLIENT_PIN 0x06 |
54 | 5.41k | #define CTAP_CBOR_RESET 0x07 |
55 | 1.22k | #define CTAP_CBOR_NEXT_ASSERT 0x08 |
56 | 153 | #define CTAP_CBOR_BIO_ENROLL 0x09 |
57 | 120 | #define CTAP_CBOR_CRED_MGMT 0x0a |
58 | 14.5k | #define CTAP_CBOR_LARGEBLOB 0x0c |
59 | 104k | #define CTAP_CBOR_CONFIG 0x0d |
60 | 34.3k | #define CTAP_CBOR_BIO_ENROLL_PRE 0x40 |
61 | 55.8k | #define CTAP_CBOR_CRED_MGMT_PRE 0x41 |
62 | | |
63 | | /* Supported CTAP PIN/UV Auth Protocols. */ |
64 | 268k | #define CTAP_PIN_PROTOCOL1 1 |
65 | 77.7k | #define CTAP_PIN_PROTOCOL2 2 |
66 | | |
67 | | /* U2F command opcodes. */ |
68 | 13.0k | #define U2F_CMD_REGISTER 0x01 |
69 | 7.83k | #define U2F_CMD_AUTH 0x02 |
70 | | |
71 | | /* U2F command flags. */ |
72 | 2.28k | #define U2F_AUTH_SIGN 0x03 |
73 | 5.55k | #define U2F_AUTH_CHECK 0x07 |
74 | | |
75 | | /* ISO7816-4 status words. */ |
76 | 6.15k | #define SW1_MORE_DATA 0x61 |
77 | 72 | #define SW_WRONG_LENGTH 0x6700 |
78 | 10.6k | #define SW_CONDITIONS_NOT_SATISFIED 0x6985 |
79 | 67 | #define SW_WRONG_DATA 0x6a80 |
80 | 8.81k | #define SW_NO_ERROR 0x9000 |
81 | | |
82 | | /* HID Broadcast channel ID. */ |
83 | 6.98M | #define CTAP_CID_BROADCAST 0xffffffff |
84 | | |
85 | 10.0M | #define CTAP_INIT_HEADER_LEN 7 |
86 | 3.04M | #define CTAP_CONT_HEADER_LEN 5 |
87 | | |
88 | | /* Maximum length of a CTAP HID report in bytes. */ |
89 | 5.07M | #define CTAP_MAX_REPORT_LEN 64 |
90 | | |
91 | | /* Minimum length of a CTAP HID report in bytes. */ |
92 | 6.76M | #define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1) |
93 | | |
94 | | /* Randomness device on UNIX-like platforms. */ |
95 | | #ifndef FIDO_RANDOM_DEV |
96 | | #define FIDO_RANDOM_DEV "/dev/urandom" |
97 | | #endif |
98 | | |
99 | | /* Maximum message size in bytes. */ |
100 | | #ifndef FIDO_MAXMSG |
101 | 1.45M | #define FIDO_MAXMSG 2048 |
102 | | #endif |
103 | | |
104 | | /* CTAP capability bits. */ |
105 | 10.5k | #define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */ |
106 | 975k | #define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */ |
107 | 2.02k | #define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */ |
108 | | |
109 | | /* Supported COSE algorithms. */ |
110 | 4.80k | #define COSE_UNSPEC 0 |
111 | 145k | #define COSE_ES256 -7 |
112 | 28.9k | #define COSE_EDDSA -8 |
113 | 19.8k | #define COSE_ECDH_ES256 -25 |
114 | 68.7k | #define COSE_ES384 -35 |
115 | 64.9k | #define COSE_RS256 -257 |
116 | 3.81k | #define COSE_RS1 -65535 |
117 | | |
118 | | /* Supported COSE types. */ |
119 | 4.89k | #define COSE_KTY_OKP 1 |
120 | 29.4k | #define COSE_KTY_EC2 2 |
121 | 577 | #define COSE_KTY_RSA 3 |
122 | | |
123 | | /* Supported curves. */ |
124 | 13.8k | #define COSE_P256 1 |
125 | 783 | #define COSE_P384 2 |
126 | 2.38k | #define COSE_ED25519 6 |
127 | | |
128 | | /* Supported extensions. */ |
129 | 186k | #define FIDO_EXT_HMAC_SECRET 0x01 |
130 | 55.1k | #define FIDO_EXT_CRED_PROTECT 0x02 |
131 | 190k | #define FIDO_EXT_LARGEBLOB_KEY 0x04 |
132 | 184k | #define FIDO_EXT_CRED_BLOB 0x08 |
133 | 42.2k | #define FIDO_EXT_MINPINLEN 0x10 |
134 | | |
135 | | /* Supported credential protection policies. */ |
136 | 24.2k | #define FIDO_CRED_PROT_UV_OPTIONAL 0x01 |
137 | 18.0k | #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 |
138 | 3.21k | #define FIDO_CRED_PROT_UV_REQUIRED 0x03 |
139 | | |
140 | | /* Supported enterprise attestation modes. */ |
141 | 19.5k | #define FIDO_ENTATTEST_VENDOR 1 |
142 | 4.16k | #define FIDO_ENTATTEST_PLATFORM 2 |
143 | | |
144 | | #ifdef _FIDO_INTERNAL |
145 | 152k | #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ |
146 | 152k | FIDO_EXT_CRED_BLOB) |
147 | 17.9k | #define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ |
148 | 17.9k | FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ |
149 | 17.9k | FIDO_EXT_MINPINLEN) |
150 | | #endif /* _FIDO_INTERNAL */ |
151 | | |
152 | | /* Recognised UV modes. */ |
153 | | #define FIDO_UV_MODE_TUP 0x0001 /* internal test of user presence */ |
154 | | #define FIDO_UV_MODE_FP 0x0002 /* internal fingerprint check */ |
155 | | #define FIDO_UV_MODE_PIN 0x0004 /* internal pin check */ |
156 | | #define FIDO_UV_MODE_VOICE 0x0008 /* internal voice recognition */ |
157 | | #define FIDO_UV_MODE_FACE 0x0010 /* internal face recognition */ |
158 | | #define FIDO_UV_MODE_LOCATION 0x0020 /* internal location check */ |
159 | | #define FIDO_UV_MODE_EYE 0x0040 /* internal eyeprint check */ |
160 | | #define FIDO_UV_MODE_DRAWN 0x0080 /* internal drawn pattern check */ |
161 | | #define FIDO_UV_MODE_HAND 0x0100 /* internal handprint verification */ |
162 | | #define FIDO_UV_MODE_NONE 0x0200 /* TUP/UV not required */ |
163 | | #define FIDO_UV_MODE_ALL 0x0400 /* all supported UV modes required */ |
164 | | #define FIDO_UV_MODE_EXT_PIN 0x0800 /* external pin verification */ |
165 | | #define FIDO_UV_MODE_EXT_DRAWN 0x1000 /* external drawn pattern check */ |
166 | | |
167 | | #endif /* !_FIDO_PARAM_H */ |