1d75efeb7Sdjm /* 2*ab19a69eSdjm * Copyright (c) 2018-2021 Yubico AB. All rights reserved. 3d75efeb7Sdjm * Use of this source code is governed by a BSD-style 4d75efeb7Sdjm * license that can be found in the LICENSE file. 5d75efeb7Sdjm */ 6d75efeb7Sdjm 7d75efeb7Sdjm #ifndef _FIDO_PARAM_H 8d75efeb7Sdjm #define _FIDO_PARAM_H 9d75efeb7Sdjm 10d75efeb7Sdjm /* Authentication data flags. */ 11d75efeb7Sdjm #define CTAP_AUTHDATA_USER_PRESENT 0x01 12d75efeb7Sdjm #define CTAP_AUTHDATA_USER_VERIFIED 0x04 13d75efeb7Sdjm #define CTAP_AUTHDATA_ATT_CRED 0x40 14d75efeb7Sdjm #define CTAP_AUTHDATA_EXT_DATA 0x80 15d75efeb7Sdjm 16d75efeb7Sdjm /* CTAPHID command opcodes. */ 17d75efeb7Sdjm #define CTAP_CMD_PING 0x01 18d75efeb7Sdjm #define CTAP_CMD_MSG 0x03 19d75efeb7Sdjm #define CTAP_CMD_LOCK 0x04 20d75efeb7Sdjm #define CTAP_CMD_INIT 0x06 21d75efeb7Sdjm #define CTAP_CMD_WINK 0x08 22d75efeb7Sdjm #define CTAP_CMD_CBOR 0x10 23d75efeb7Sdjm #define CTAP_CMD_CANCEL 0x11 24d75efeb7Sdjm #define CTAP_KEEPALIVE 0x3b 25d75efeb7Sdjm #define CTAP_FRAME_INIT 0x80 26d75efeb7Sdjm 27d75efeb7Sdjm /* CTAPHID CBOR command opcodes. */ 28d75efeb7Sdjm #define CTAP_CBOR_MAKECRED 0x01 29d75efeb7Sdjm #define CTAP_CBOR_ASSERT 0x02 30d75efeb7Sdjm #define CTAP_CBOR_GETINFO 0x04 31d75efeb7Sdjm #define CTAP_CBOR_CLIENT_PIN 0x06 32d75efeb7Sdjm #define CTAP_CBOR_RESET 0x07 33d75efeb7Sdjm #define CTAP_CBOR_NEXT_ASSERT 0x08 34c4a807edSdjm #define CTAP_CBOR_LARGEBLOB 0x0c 35c4a807edSdjm #define CTAP_CBOR_CONFIG 0x0d 36d75efeb7Sdjm #define CTAP_CBOR_BIO_ENROLL_PRE 0x40 37d75efeb7Sdjm #define CTAP_CBOR_CRED_MGMT_PRE 0x41 38d75efeb7Sdjm 39c4a807edSdjm /* Supported CTAP PIN/UV Auth Protocols. */ 40c4a807edSdjm #define CTAP_PIN_PROTOCOL1 1 41c4a807edSdjm #define CTAP_PIN_PROTOCOL2 2 42c4a807edSdjm 43d75efeb7Sdjm /* U2F command opcodes. */ 44d75efeb7Sdjm #define U2F_CMD_REGISTER 0x01 45d75efeb7Sdjm #define U2F_CMD_AUTH 0x02 46d75efeb7Sdjm 47d75efeb7Sdjm /* U2F command flags. */ 48d75efeb7Sdjm #define U2F_AUTH_SIGN 0x03 49d75efeb7Sdjm #define U2F_AUTH_CHECK 0x07 50d75efeb7Sdjm 51d75efeb7Sdjm /* ISO7816-4 status words. */ 52c4a807edSdjm #define SW1_MORE_DATA 0x61 53d75efeb7Sdjm #define SW_CONDITIONS_NOT_SATISFIED 0x6985 54d75efeb7Sdjm #define SW_WRONG_DATA 0x6a80 55d75efeb7Sdjm #define SW_NO_ERROR 0x9000 56d75efeb7Sdjm 57d75efeb7Sdjm /* HID Broadcast channel ID. */ 58d75efeb7Sdjm #define CTAP_CID_BROADCAST 0xffffffff 59d75efeb7Sdjm 60739189a3Sdjm #define CTAP_INIT_HEADER_LEN 7 61739189a3Sdjm #define CTAP_CONT_HEADER_LEN 5 62739189a3Sdjm 638b51a2b1Sdjm /* Maximum length of a CTAP HID report in bytes. */ 64739189a3Sdjm #define CTAP_MAX_REPORT_LEN 64 65739189a3Sdjm 668b51a2b1Sdjm /* Minimum length of a CTAP HID report in bytes. */ 67739189a3Sdjm #define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1) 68d75efeb7Sdjm 69d75efeb7Sdjm /* Randomness device on UNIX-like platforms. */ 70d75efeb7Sdjm #ifndef FIDO_RANDOM_DEV 71d75efeb7Sdjm #define FIDO_RANDOM_DEV "/dev/urandom" 72d75efeb7Sdjm #endif 73d75efeb7Sdjm 7432a20e26Sdjm /* Maximum message size in bytes. */ 7532a20e26Sdjm #ifndef FIDO_MAXMSG 76739189a3Sdjm #define FIDO_MAXMSG 2048 7732a20e26Sdjm #endif 7832a20e26Sdjm 79d75efeb7Sdjm /* CTAP capability bits. */ 80d75efeb7Sdjm #define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */ 81d75efeb7Sdjm #define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */ 82d75efeb7Sdjm #define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */ 83d75efeb7Sdjm 84d75efeb7Sdjm /* Supported COSE algorithms. */ 85*ab19a69eSdjm #define COSE_UNSPEC 0 86d75efeb7Sdjm #define COSE_ES256 -7 87d75efeb7Sdjm #define COSE_EDDSA -8 88d75efeb7Sdjm #define COSE_ECDH_ES256 -25 89d75efeb7Sdjm #define COSE_RS256 -257 90*ab19a69eSdjm #define COSE_RS1 -65535 91d75efeb7Sdjm 92d75efeb7Sdjm /* Supported COSE types. */ 93d75efeb7Sdjm #define COSE_KTY_OKP 1 94d75efeb7Sdjm #define COSE_KTY_EC2 2 95d75efeb7Sdjm #define COSE_KTY_RSA 3 96d75efeb7Sdjm 97d75efeb7Sdjm /* Supported curves. */ 98d75efeb7Sdjm #define COSE_P256 1 99d75efeb7Sdjm #define COSE_ED25519 6 100d75efeb7Sdjm 101d75efeb7Sdjm /* Supported extensions. */ 102d75efeb7Sdjm #define FIDO_EXT_HMAC_SECRET 0x01 10332a20e26Sdjm #define FIDO_EXT_CRED_PROTECT 0x02 104c4a807edSdjm #define FIDO_EXT_LARGEBLOB_KEY 0x04 105c4a807edSdjm #define FIDO_EXT_CRED_BLOB 0x08 106*ab19a69eSdjm #define FIDO_EXT_MINPINLEN 0x10 10732a20e26Sdjm 10832a20e26Sdjm /* Supported credential protection policies. */ 10932a20e26Sdjm #define FIDO_CRED_PROT_UV_OPTIONAL 0x01 11032a20e26Sdjm #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02 11132a20e26Sdjm #define FIDO_CRED_PROT_UV_REQUIRED 0x03 112d75efeb7Sdjm 113c4a807edSdjm #ifdef _FIDO_INTERNAL 114c4a807edSdjm #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ 115c4a807edSdjm FIDO_EXT_CRED_BLOB) 116c4a807edSdjm #define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ 117*ab19a69eSdjm FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ 118*ab19a69eSdjm FIDO_EXT_MINPINLEN) 119c4a807edSdjm #endif /* _FIDO_INTERNAL */ 120c4a807edSdjm 121d75efeb7Sdjm #endif /* !_FIDO_PARAM_H */ 122