summaryrefslogtreecommitdiffstats
path: root/src/fido/param.h
blob: fb66abfd2d007f33da29d43f7092d3cb3717fe72 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
/*
 * Copyright (c) 2018-2022 Yubico AB. All rights reserved.
 * SPDX-License-Identifier: BSD-2-Clause
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * 
 *    1. Redistributions of source code must retain the above copyright
 *       notice, this list of conditions and the following disclaimer.
 *    2. Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in
 *       the documentation and/or other materials provided with the
 *       distribution.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef _FIDO_PARAM_H
#define _FIDO_PARAM_H

/* Authentication data flags. */
#define CTAP_AUTHDATA_USER_PRESENT	0x01
#define CTAP_AUTHDATA_USER_VERIFIED	0x04
#define CTAP_AUTHDATA_ATT_CRED		0x40
#define CTAP_AUTHDATA_EXT_DATA		0x80

/* CTAPHID command opcodes. */
#define CTAP_CMD_PING			0x01
#define CTAP_CMD_MSG			0x03
#define CTAP_CMD_LOCK			0x04
#define CTAP_CMD_INIT			0x06
#define CTAP_CMD_WINK			0x08
#define CTAP_CMD_CBOR			0x10
#define CTAP_CMD_CANCEL			0x11
#define CTAP_KEEPALIVE			0x3b
#define CTAP_FRAME_INIT			0x80

/* CTAPHID CBOR command opcodes. */
#define CTAP_CBOR_MAKECRED		0x01
#define CTAP_CBOR_ASSERT		0x02
#define CTAP_CBOR_GETINFO		0x04
#define CTAP_CBOR_CLIENT_PIN		0x06
#define CTAP_CBOR_RESET			0x07
#define CTAP_CBOR_NEXT_ASSERT		0x08
#define CTAP_CBOR_BIO_ENROLL		0x09
#define CTAP_CBOR_CRED_MGMT		0x0a
#define CTAP_CBOR_LARGEBLOB		0x0c
#define CTAP_CBOR_CONFIG		0x0d
#define CTAP_CBOR_BIO_ENROLL_PRE	0x40
#define CTAP_CBOR_CRED_MGMT_PRE		0x41

/* Supported CTAP PIN/UV Auth Protocols. */
#define CTAP_PIN_PROTOCOL1		1
#define CTAP_PIN_PROTOCOL2		2

/* U2F command opcodes. */
#define U2F_CMD_REGISTER		0x01
#define U2F_CMD_AUTH			0x02

/* U2F command flags. */
#define U2F_AUTH_SIGN			0x03
#define U2F_AUTH_CHECK			0x07

/* ISO7816-4 status words. */
#define SW1_MORE_DATA			0x61
#define SW_CONDITIONS_NOT_SATISFIED	0x6985
#define SW_WRONG_DATA			0x6a80
#define SW_NO_ERROR			0x9000

/* HID Broadcast channel ID. */
#define CTAP_CID_BROADCAST		0xffffffff

#define CTAP_INIT_HEADER_LEN		7
#define CTAP_CONT_HEADER_LEN		5

/* Maximum length of a CTAP HID report in bytes. */
#define CTAP_MAX_REPORT_LEN		64

/* Minimum length of a CTAP HID report in bytes. */
#define CTAP_MIN_REPORT_LEN		(CTAP_INIT_HEADER_LEN + 1)

/* Randomness device on UNIX-like platforms. */
#ifndef FIDO_RANDOM_DEV
#define FIDO_RANDOM_DEV			"/dev/urandom"
#endif

/* Maximum message size in bytes. */
#ifndef FIDO_MAXMSG
#define FIDO_MAXMSG	2048
#endif

/* CTAP capability bits. */
#define FIDO_CAP_WINK	0x01 /* if set, device supports CTAP_CMD_WINK */
#define FIDO_CAP_CBOR	0x04 /* if set, device supports CTAP_CMD_CBOR */
#define FIDO_CAP_NMSG	0x08 /* if set, device doesn't support CTAP_CMD_MSG */

/* Supported COSE algorithms. */
#define COSE_UNSPEC	0
#define COSE_ES256	-7
#define COSE_EDDSA	-8
#define COSE_ECDH_ES256	-25
#define COSE_ES384	-35
#define COSE_RS256	-257
#define COSE_RS1	-65535

/* Supported COSE types. */
#define COSE_KTY_OKP	1
#define COSE_KTY_EC2	2
#define COSE_KTY_RSA	3

/* Supported curves. */
#define COSE_P256	1
#define COSE_P384	2
#define COSE_ED25519	6

/* Supported extensions. */
#define FIDO_EXT_HMAC_SECRET	0x01
#define FIDO_EXT_CRED_PROTECT	0x02
#define FIDO_EXT_LARGEBLOB_KEY	0x04
#define FIDO_EXT_CRED_BLOB	0x08
#define FIDO_EXT_MINPINLEN	0x10

/* Supported credential protection policies. */
#define FIDO_CRED_PROT_UV_OPTIONAL		0x01
#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID	0x02
#define FIDO_CRED_PROT_UV_REQUIRED		0x03

#ifdef _FIDO_INTERNAL
#define FIDO_EXT_ASSERT_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
				 FIDO_EXT_CRED_BLOB)
#define FIDO_EXT_CRED_MASK	(FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
				 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \
				 FIDO_EXT_MINPINLEN)
#endif /* _FIDO_INTERNAL */

/* Recognised UV modes. */
#define FIDO_UV_MODE_TUP	0x0001	/* internal test of user presence */
#define FIDO_UV_MODE_FP		0x0002	/* internal fingerprint check */
#define FIDO_UV_MODE_PIN	0x0004	/* internal pin check */
#define FIDO_UV_MODE_VOICE	0x0008	/* internal voice recognition */
#define FIDO_UV_MODE_FACE	0x0010	/* internal face recognition */
#define FIDO_UV_MODE_LOCATION	0x0020	/* internal location check */
#define FIDO_UV_MODE_EYE	0x0040	/* internal eyeprint check */
#define FIDO_UV_MODE_DRAWN	0x0080	/* internal drawn pattern check */
#define FIDO_UV_MODE_HAND	0x0100	/* internal handprint verification */
#define FIDO_UV_MODE_NONE	0x0200	/* TUP/UV not required */
#define FIDO_UV_MODE_ALL	0x0400	/* all supported UV modes required */
#define FIDO_UV_MODE_EXT_PIN	0x0800	/* external pin verification */
#define FIDO_UV_MODE_EXT_DRAWN	0x1000	/* external drawn pattern check */

#endif /* !_FIDO_PARAM_H */