/libfido2/src/fido/param.h
| Line | Count | Source | 
| 1 |  | /* | 
| 2 |  |  * Copyright (c) 2018-2024 Yubico AB. All rights reserved. | 
| 3 |  |  * SPDX-License-Identifier: BSD-2-Clause | 
| 4 |  |  *  | 
| 5 |  |  * Redistribution and use in source and binary forms, with or without | 
| 6 |  |  * modification, are permitted provided that the following conditions are | 
| 7 |  |  * met: | 
| 8 |  |  *  | 
| 9 |  |  *    1. Redistributions of source code must retain the above copyright | 
| 10 |  |  *       notice, this list of conditions and the following disclaimer. | 
| 11 |  |  *    2. Redistributions in binary form must reproduce the above copyright | 
| 12 |  |  *       notice, this list of conditions and the following disclaimer in | 
| 13 |  |  *       the documentation and/or other materials provided with the | 
| 14 |  |  *       distribution. | 
| 15 |  |  *  | 
| 16 |  |  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | 
| 17 |  |  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | 
| 18 |  |  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | 
| 19 |  |  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | 
| 20 |  |  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 
| 21 |  |  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | 
| 22 |  |  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 
| 23 |  |  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 
| 24 |  |  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 
| 25 |  |  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 
| 26 |  |  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 
| 27 |  |  */ | 
| 28 |  |  | 
| 29 |  | #ifndef _FIDO_PARAM_H | 
| 30 |  | #define _FIDO_PARAM_H | 
| 31 |  |  | 
| 32 |  | /* Authentication data flags. */ | 
| 33 | 8.50k | #define CTAP_AUTHDATA_USER_PRESENT      0x01 | 
| 34 | 602 | #define CTAP_AUTHDATA_USER_VERIFIED     0x04 | 
| 35 | 14.3k | #define CTAP_AUTHDATA_ATT_CRED          0x40 | 
| 36 | 23.2k | #define CTAP_AUTHDATA_EXT_DATA          0x80 | 
| 37 |  |  | 
| 38 |  | /* CTAPHID command opcodes. */ | 
| 39 |  | #define CTAP_CMD_PING                   0x01 | 
| 40 | 51.8k | #define CTAP_CMD_MSG                    0x03 | 
| 41 |  | #define CTAP_CMD_LOCK                   0x04 | 
| 42 | 1.71M | #define CTAP_CMD_INIT                   0x06 | 
| 43 | 12.5k | #define CTAP_CMD_WINK                   0x08 | 
| 44 | 835k | #define CTAP_CMD_CBOR                   0x10 | 
| 45 | 11.6k | #define CTAP_CMD_CANCEL                 0x11 | 
| 46 | 743k | #define CTAP_KEEPALIVE                  0x3b | 
| 47 | 3.47M | #define CTAP_FRAME_INIT                 0x80 | 
| 48 |  |  | 
| 49 |  | /* CTAPHID CBOR command opcodes. */ | 
| 50 | 6.90k | #define CTAP_CBOR_MAKECRED              0x01 | 
| 51 | 3.60k | #define CTAP_CBOR_ASSERT                0x02 | 
| 52 | 244k | #define CTAP_CBOR_GETINFO               0x04 | 
| 53 | 93.3k | #define CTAP_CBOR_CLIENT_PIN            0x06 | 
| 54 | 5.41k | #define CTAP_CBOR_RESET                 0x07 | 
| 55 | 1.22k | #define CTAP_CBOR_NEXT_ASSERT           0x08 | 
| 56 | 153 | #define CTAP_CBOR_BIO_ENROLL            0x09 | 
| 57 | 120 | #define CTAP_CBOR_CRED_MGMT             0x0a | 
| 58 | 14.5k | #define CTAP_CBOR_LARGEBLOB             0x0c | 
| 59 | 104k | #define CTAP_CBOR_CONFIG                0x0d | 
| 60 | 34.3k | #define CTAP_CBOR_BIO_ENROLL_PRE        0x40 | 
| 61 | 55.8k | #define CTAP_CBOR_CRED_MGMT_PRE         0x41 | 
| 62 |  |  | 
| 63 |  | /* Supported CTAP PIN/UV Auth Protocols. */ | 
| 64 | 268k | #define CTAP_PIN_PROTOCOL1              1 | 
| 65 | 77.7k | #define CTAP_PIN_PROTOCOL2              2 | 
| 66 |  |  | 
| 67 |  | /* U2F command opcodes. */ | 
| 68 | 13.0k | #define U2F_CMD_REGISTER                0x01 | 
| 69 | 7.83k | #define U2F_CMD_AUTH                    0x02 | 
| 70 |  |  | 
| 71 |  | /* U2F command flags. */ | 
| 72 | 2.28k | #define U2F_AUTH_SIGN                   0x03 | 
| 73 | 5.55k | #define U2F_AUTH_CHECK                  0x07 | 
| 74 |  |  | 
| 75 |  | /* ISO7816-4 status words. */ | 
| 76 | 6.15k | #define SW1_MORE_DATA                   0x61 | 
| 77 | 72 | #define SW_WRONG_LENGTH                 0x6700 | 
| 78 | 10.6k | #define SW_CONDITIONS_NOT_SATISFIED     0x6985 | 
| 79 | 67 | #define SW_WRONG_DATA                   0x6a80 | 
| 80 | 8.81k | #define SW_NO_ERROR                     0x9000 | 
| 81 |  |  | 
| 82 |  | /* HID Broadcast channel ID. */ | 
| 83 | 6.98M | #define CTAP_CID_BROADCAST              0xffffffff | 
| 84 |  |  | 
| 85 | 10.0M | #define CTAP_INIT_HEADER_LEN            7 | 
| 86 | 3.04M | #define CTAP_CONT_HEADER_LEN            5 | 
| 87 |  |  | 
| 88 |  | /* Maximum length of a CTAP HID report in bytes. */ | 
| 89 | 5.07M | #define CTAP_MAX_REPORT_LEN             64 | 
| 90 |  |  | 
| 91 |  | /* Minimum length of a CTAP HID report in bytes. */ | 
| 92 | 6.76M | #define CTAP_MIN_REPORT_LEN             (CTAP_INIT_HEADER_LEN + 1) | 
| 93 |  |  | 
| 94 |  | /* Randomness device on UNIX-like platforms. */ | 
| 95 |  | #ifndef FIDO_RANDOM_DEV | 
| 96 |  | #define FIDO_RANDOM_DEV                 "/dev/urandom" | 
| 97 |  | #endif | 
| 98 |  |  | 
| 99 |  | /* Maximum message size in bytes. */ | 
| 100 |  | #ifndef FIDO_MAXMSG | 
| 101 | 1.45M | #define FIDO_MAXMSG     2048 | 
| 102 |  | #endif | 
| 103 |  |  | 
| 104 |  | /* CTAP capability bits. */ | 
| 105 | 10.5k | #define FIDO_CAP_WINK   0x01 /* if set, device supports CTAP_CMD_WINK */ | 
| 106 | 975k | #define FIDO_CAP_CBOR   0x04 /* if set, device supports CTAP_CMD_CBOR */ | 
| 107 | 2.02k | #define FIDO_CAP_NMSG   0x08 /* if set, device doesn't support CTAP_CMD_MSG */ | 
| 108 |  |  | 
| 109 |  | /* Supported COSE algorithms. */ | 
| 110 | 4.80k | #define COSE_UNSPEC     0 | 
| 111 | 145k | #define COSE_ES256      -7 | 
| 112 | 28.9k | #define COSE_EDDSA      -8 | 
| 113 | 19.8k | #define COSE_ECDH_ES256 -25 | 
| 114 | 68.7k | #define COSE_ES384      -35 | 
| 115 | 64.9k | #define COSE_RS256      -257 | 
| 116 | 3.81k | #define COSE_RS1        -65535 | 
| 117 |  |  | 
| 118 |  | /* Supported COSE types. */ | 
| 119 | 4.89k | #define COSE_KTY_OKP    1 | 
| 120 | 29.4k | #define COSE_KTY_EC2    2 | 
| 121 | 577 | #define COSE_KTY_RSA    3 | 
| 122 |  |  | 
| 123 |  | /* Supported curves. */ | 
| 124 | 13.8k | #define COSE_P256       1 | 
| 125 | 783 | #define COSE_P384       2 | 
| 126 | 2.38k | #define COSE_ED25519    6 | 
| 127 |  |  | 
| 128 |  | /* Supported extensions. */ | 
| 129 | 186k | #define FIDO_EXT_HMAC_SECRET    0x01 | 
| 130 | 55.1k | #define FIDO_EXT_CRED_PROTECT   0x02 | 
| 131 | 190k | #define FIDO_EXT_LARGEBLOB_KEY  0x04 | 
| 132 | 184k | #define FIDO_EXT_CRED_BLOB      0x08 | 
| 133 | 42.2k | #define FIDO_EXT_MINPINLEN      0x10 | 
| 134 |  |  | 
| 135 |  | /* Supported credential protection policies. */ | 
| 136 | 24.2k | #define FIDO_CRED_PROT_UV_OPTIONAL              0x01 | 
| 137 | 18.0k | #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID      0x02 | 
| 138 | 3.21k | #define FIDO_CRED_PROT_UV_REQUIRED              0x03 | 
| 139 |  |  | 
| 140 |  | /* Supported enterprise attestation modes. */ | 
| 141 | 19.5k | #define FIDO_ENTATTEST_VENDOR   1 | 
| 142 | 4.16k | #define FIDO_ENTATTEST_PLATFORM 2 | 
| 143 |  |  | 
| 144 |  | #ifdef _FIDO_INTERNAL | 
| 145 | 152k | #define FIDO_EXT_ASSERT_MASK    (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ | 
| 146 | 152k |                                  FIDO_EXT_CRED_BLOB) | 
| 147 | 17.9k | #define FIDO_EXT_CRED_MASK      (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ | 
| 148 | 17.9k |                                  FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ | 
| 149 | 17.9k |                                  FIDO_EXT_MINPINLEN) | 
| 150 |  | #endif /* _FIDO_INTERNAL */ | 
| 151 |  |  | 
| 152 |  | /* Recognised UV modes. */ | 
| 153 |  | #define FIDO_UV_MODE_TUP        0x0001  /* internal test of user presence */ | 
| 154 |  | #define FIDO_UV_MODE_FP         0x0002  /* internal fingerprint check */ | 
| 155 |  | #define FIDO_UV_MODE_PIN        0x0004  /* internal pin check */ | 
| 156 |  | #define FIDO_UV_MODE_VOICE      0x0008  /* internal voice recognition */ | 
| 157 |  | #define FIDO_UV_MODE_FACE       0x0010  /* internal face recognition */ | 
| 158 |  | #define FIDO_UV_MODE_LOCATION   0x0020  /* internal location check */ | 
| 159 |  | #define FIDO_UV_MODE_EYE        0x0040  /* internal eyeprint check */ | 
| 160 |  | #define FIDO_UV_MODE_DRAWN      0x0080  /* internal drawn pattern check */ | 
| 161 |  | #define FIDO_UV_MODE_HAND       0x0100  /* internal handprint verification */ | 
| 162 |  | #define FIDO_UV_MODE_NONE       0x0200  /* TUP/UV not required */ | 
| 163 |  | #define FIDO_UV_MODE_ALL        0x0400  /* all supported UV modes required */ | 
| 164 |  | #define FIDO_UV_MODE_EXT_PIN    0x0800  /* external pin verification */ | 
| 165 |  | #define FIDO_UV_MODE_EXT_DRAWN  0x1000  /* external drawn pattern check */ | 
| 166 |  |  | 
| 167 |  | #endif /* !_FIDO_PARAM_H */ |