/libfido2/src/fido/param.h

Source
/*
 * Copyright (c) 2018-2026 Yubico AB. All rights reserved.
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *    1. Redistributions of source code must retain the above copyright
 *       notice, this list of conditions and the following disclaimer.
 *    2. Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in
 *       the documentation and/or other materials provided with the
 *       distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef _FIDO_PARAM_H
#define _FIDO_PARAM_H

/* Authentication data flags. */
#define CTAP_AUTHDATA_USER_PRESENT      0x01
#define CTAP_AUTHDATA_USER_VERIFIED     0x04
#define CTAP_AUTHDATA_ATT_CRED          0x40
#define CTAP_AUTHDATA_EXT_DATA          0x80

/* CTAPHID command opcodes. */
#define CTAP_CMD_PING                   0x01
#define CTAP_CMD_MSG                    0x03
#define CTAP_CMD_LOCK                   0x04
#define CTAP_CMD_INIT                   0x06
#define CTAP_CMD_WINK                   0x08
#define CTAP_CMD_CBOR                   0x10
#define CTAP_CMD_CANCEL                 0x11
#define CTAP_KEEPALIVE                  0x3b
#define CTAP_FRAME_INIT                 0x80

/* CTAPHID CBOR command opcodes. */
#define CTAP_CBOR_MAKECRED              0x01
#define CTAP_CBOR_ASSERT                0x02
#define CTAP_CBOR_GETINFO               0x04
#define CTAP_CBOR_CLIENT_PIN            0x06
#define CTAP_CBOR_RESET                 0x07
#define CTAP_CBOR_NEXT_ASSERT           0x08
#define CTAP_CBOR_BIO_ENROLL            0x09
#define CTAP_CBOR_CRED_MGMT             0x0a
#define CTAP_CBOR_LARGEBLOB             0x0c
#define CTAP_CBOR_CONFIG                0x0d
#define CTAP_CBOR_BIO_ENROLL_PRE        0x40
#define CTAP_CBOR_CRED_MGMT_PRE         0x41

/* Supported CTAP PIN/UV Auth Protocols. */
#define CTAP_PIN_PROTOCOL1              1
#define CTAP_PIN_PROTOCOL2              2

/* U2F command opcodes. */
#define U2F_CMD_REGISTER                0x01
#define U2F_CMD_AUTH                    0x02

/* U2F command flags. */
#define U2F_AUTH_SIGN                   0x03
#define U2F_AUTH_CHECK                  0x07

/* ISO7816-4 status words. */
#define SW1_MORE_DATA                   0x61
#define SW_WRONG_LENGTH                 0x6700
#define SW_CONDITIONS_NOT_SATISFIED     0x6985
#define SW_WRONG_DATA                   0x6a80
#define SW_NO_ERROR                     0x9000

/* HID Broadcast channel ID. */
#define CTAP_CID_BROADCAST              0xffffffff

#define CTAP_INIT_HEADER_LEN            7
#define CTAP_CONT_HEADER_LEN            5

/* Maximum length of a CTAP HID report in bytes. */
#define CTAP_MAX_REPORT_LEN             64

/* Minimum length of a CTAP HID report in bytes. */
#define CTAP_MIN_REPORT_LEN             (CTAP_INIT_HEADER_LEN + 1)

/* Randomness device on UNIX-like platforms. */
#ifndef FIDO_RANDOM_DEV
#define FIDO_RANDOM_DEV                 "/dev/urandom"
#endif

/* Maximum message size in bytes. */
#ifndef FIDO_MAXMSG
#define FIDO_MAXMSG     2048
#endif

/* CTAP capability bits. */
#define FIDO_CAP_WINK   0x01 /* if set, device supports CTAP_CMD_WINK */
#define FIDO_CAP_CBOR   0x04 /* if set, device supports CTAP_CMD_CBOR */
#define FIDO_CAP_NMSG   0x08 /* if set, device doesn't support CTAP_CMD_MSG */

/* Supported COSE algorithms. */
#define COSE_UNSPEC     0
#define COSE_ES256      -7
#define COSE_EDDSA      -8
#define COSE_ECDH_ES256 -25
#define COSE_ES384      -35
#define COSE_RS256      -257
#define COSE_RS1        -65535

/* Supported COSE types. */
#define COSE_KTY_OKP    1
#define COSE_KTY_EC2    2
#define COSE_KTY_RSA    3

/* Supported curves. */
#define COSE_P256       1
#define COSE_P384       2
#define COSE_ED25519    6

/* Supported extensions. */
#define FIDO_EXT_HMAC_SECRET    0x01
#define FIDO_EXT_CRED_PROTECT   0x02
#define FIDO_EXT_LARGEBLOB_KEY  0x04
#define FIDO_EXT_CRED_BLOB      0x08
#define FIDO_EXT_MINPINLEN      0x10
#define FIDO_EXT_HMAC_SECRET_MC 0x20
#define FIDO_EXT_PAYMENT        0x40

/* Supported credential protection policies. */
#define FIDO_CRED_PROT_UV_OPTIONAL              0x01
#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID      0x02
#define FIDO_CRED_PROT_UV_REQUIRED              0x03

/* Supported enterprise attestation modes. */
#define FIDO_ENTATTEST_VENDOR   1
#define FIDO_ENTATTEST_PLATFORM 2

#ifdef _FIDO_INTERNAL
#define FIDO_EXT_ASSERT_MASK    (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \
                                 FIDO_EXT_CRED_BLOB|FIDO_EXT_PAYMENT)
#define FIDO_EXT_CRED_MASK      (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \
                                 FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB|  \
                                 FIDO_EXT_MINPINLEN|FIDO_EXT_HMAC_SECRET_MC| \
                                 FIDO_EXT_PAYMENT)
#endif /* _FIDO_INTERNAL */

/* Recognised UV modes. */
#define FIDO_UV_MODE_TUP        0x0001  /* internal test of user presence */
#define FIDO_UV_MODE_FP         0x0002  /* internal fingerprint check */
#define FIDO_UV_MODE_PIN        0x0004  /* internal pin check */
#define FIDO_UV_MODE_VOICE      0x0008  /* internal voice recognition */
#define FIDO_UV_MODE_FACE       0x0010  /* internal face recognition */
#define FIDO_UV_MODE_LOCATION   0x0020  /* internal location check */
#define FIDO_UV_MODE_EYE        0x0040  /* internal eyeprint check */
#define FIDO_UV_MODE_DRAWN      0x0080  /* internal drawn pattern check */
#define FIDO_UV_MODE_HAND       0x0100  /* internal handprint verification */
#define FIDO_UV_MODE_NONE       0x0200  /* TUP/UV not required */
#define FIDO_UV_MODE_ALL        0x0400  /* all supported UV modes required */
#define FIDO_UV_MODE_EXT_PIN    0x0800  /* external pin verification */
#define FIDO_UV_MODE_EXT_DRAWN  0x1000  /* external drawn pattern check */

/* Recognised token permissions */
#define FIDO_PUAT_MAKECRED      0x01
#define FIDO_PUAT_GETASSERT     0x02
#define FIDO_PUAT_CREDMAN       0x04
#define FIDO_PUAT_BIOENROLL     0x08
#define FIDO_PUAT_LARGEBLOB     0x10
#define FIDO_PUAT_CONFIG        0x20
#define FIDO_PUAT_CREDMAN_RO    0x40

#endif /* !_FIDO_PARAM_H */

Line	Count	Source
1		/*
2		* Copyright (c) 2018-2026 Yubico AB. All rights reserved.
3		* SPDX-License-Identifier: BSD-2-Clause
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions are
7		* met:
8		*
9		* 1. Redistributions of source code must retain the above copyright
10		* notice, this list of conditions and the following disclaimer.
11		* 2. Redistributions in binary form must reproduce the above copyright
12		* notice, this list of conditions and the following disclaimer in
13		* the documentation and/or other materials provided with the
14		* distribution.
15		*
16		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19		* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20		* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27		*/
28
29		#ifndef _FIDO_PARAM_H
30		#define _FIDO_PARAM_H
31
32		/* Authentication data flags. */
33	10.1k	#define CTAP_AUTHDATA_USER_PRESENT 0x01
34	482	#define CTAP_AUTHDATA_USER_VERIFIED 0x04
35	18.8k	#define CTAP_AUTHDATA_ATT_CRED 0x40
36	18.0k	#define CTAP_AUTHDATA_EXT_DATA 0x80
37
38		/* CTAPHID command opcodes. */
39		#define CTAP_CMD_PING 0x01
40	74.2k	#define CTAP_CMD_MSG 0x03
41		#define CTAP_CMD_LOCK 0x04
42	1.49M	#define CTAP_CMD_INIT 0x06
43	26.5k	#define CTAP_CMD_WINK 0x08
44	787k	#define CTAP_CMD_CBOR 0x10
45	21.1k	#define CTAP_CMD_CANCEL 0x11
46	741k	#define CTAP_KEEPALIVE 0x3b
47	3.21M	#define CTAP_FRAME_INIT 0x80
48
49		/* CTAPHID CBOR command opcodes. */
50	11.4k	#define CTAP_CBOR_MAKECRED 0x01
51	7.86k	#define CTAP_CBOR_ASSERT 0x02
52	237k	#define CTAP_CBOR_GETINFO 0x04
53	91.3k	#define CTAP_CBOR_CLIENT_PIN 0x06
54	3.40k	#define CTAP_CBOR_RESET 0x07
55	1.56k	#define CTAP_CBOR_NEXT_ASSERT 0x08
56	3.38k	#define CTAP_CBOR_BIO_ENROLL 0x09
57	6.58k	#define CTAP_CBOR_CRED_MGMT 0x0a
58	11.1k	#define CTAP_CBOR_LARGEBLOB 0x0c
59	110k	#define CTAP_CBOR_CONFIG 0x0d
60	38.1k	#define CTAP_CBOR_BIO_ENROLL_PRE 0x40
61	43.2k	#define CTAP_CBOR_CRED_MGMT_PRE 0x41
62
63		/* Supported CTAP PIN/UV Auth Protocols. */
64	203k	#define CTAP_PIN_PROTOCOL1 1
65	151k	#define CTAP_PIN_PROTOCOL2 2
66
67		/* U2F command opcodes. */
68	23.9k	#define U2F_CMD_REGISTER 0x01
69	7.64k	#define U2F_CMD_AUTH 0x02
70
71		/* U2F command flags. */
72	898	#define U2F_AUTH_SIGN 0x03
73	6.74k	#define U2F_AUTH_CHECK 0x07
74
75		/* ISO7816-4 status words. */
76	24.5k	#define SW1_MORE_DATA 0x61
77	85	#define SW_WRONG_LENGTH 0x6700
78	6.71k	#define SW_CONDITIONS_NOT_SATISFIED 0x6985
79	79	#define SW_WRONG_DATA 0x6a80
80	20.9k	#define SW_NO_ERROR 0x9000
81
82		/* HID Broadcast channel ID. */
83	6.24M	#define CTAP_CID_BROADCAST 0xffffffff
84
85	8.02M	#define CTAP_INIT_HEADER_LEN 7
86	2.58M	#define CTAP_CONT_HEADER_LEN 5
87
88		/* Maximum length of a CTAP HID report in bytes. */
89	4.02M	#define CTAP_MAX_REPORT_LEN 64
90
91		/* Minimum length of a CTAP HID report in bytes. */
92	5.37M	#define CTAP_MIN_REPORT_LEN (CTAP_INIT_HEADER_LEN + 1)
93
94		/* Randomness device on UNIX-like platforms. */
95		#ifndef FIDO_RANDOM_DEV
96		#define FIDO_RANDOM_DEV "/dev/urandom"
97		#endif
98
99		/* Maximum message size in bytes. */
100		#ifndef FIDO_MAXMSG
101	1.37M	#define FIDO_MAXMSG 2048
102		#endif
103
104		/* CTAP capability bits. */
105	20.8k	#define FIDO_CAP_WINK 0x01 /* if set, device supports CTAP_CMD_WINK */
106	1.09M	#define FIDO_CAP_CBOR 0x04 /* if set, device supports CTAP_CMD_CBOR */
107	7.69k	#define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */
108
109		/* Supported COSE algorithms. */
110	8.61k	#define COSE_UNSPEC 0
111	238k	#define COSE_ES256 -7
112	38.4k	#define COSE_EDDSA -8
113	22.3k	#define COSE_ECDH_ES256 -25
114	129k	#define COSE_ES384 -35
115	125k	#define COSE_RS256 -257
116	3.89k	#define COSE_RS1 -65535
117
118		/* Supported COSE types. */
119	2.01k	#define COSE_KTY_OKP 1
120	32.5k	#define COSE_KTY_EC2 2
121	258	#define COSE_KTY_RSA 3
122
123		/* Supported curves. */
124	15.7k	#define COSE_P256 1
125	439	#define COSE_P384 2
126	984	#define COSE_ED25519 6
127
128		/* Supported extensions. */
129	379k	#define FIDO_EXT_HMAC_SECRET 0x01
130	110k	#define FIDO_EXT_CRED_PROTECT 0x02
131	377k	#define FIDO_EXT_LARGEBLOB_KEY 0x04
132	373k	#define FIDO_EXT_CRED_BLOB 0x08
133	91.7k	#define FIDO_EXT_MINPINLEN 0x10
134	71.9k	#define FIDO_EXT_HMAC_SECRET_MC 0x20
135	381k	#define FIDO_EXT_PAYMENT 0x40
136
137		/* Supported credential protection policies. */
138	42.7k	#define FIDO_CRED_PROT_UV_OPTIONAL 0x01
139	34.8k	#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0x02
140	6.73k	#define FIDO_CRED_PROT_UV_REQUIRED 0x03
141
142		/* Supported enterprise attestation modes. */
143	38.0k	#define FIDO_ENTATTEST_VENDOR 1
144	8.98k	#define FIDO_ENTATTEST_PLATFORM 2
145
146		#ifdef _FIDO_INTERNAL
147	302k	#define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET\|FIDO_EXT_LARGEBLOB_KEY\| \
148	302k	FIDO_EXT_CRED_BLOB\|FIDO_EXT_PAYMENT)
149	51.4k	#define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET\|FIDO_EXT_CRED_PROTECT\| \
150	51.4k	FIDO_EXT_LARGEBLOB_KEY\|FIDO_EXT_CRED_BLOB\| \
151	51.4k	FIDO_EXT_MINPINLEN\|FIDO_EXT_HMAC_SECRET_MC\| \
152	51.4k	FIDO_EXT_PAYMENT)
153		#endif /* _FIDO_INTERNAL */
154
155		/* Recognised UV modes. */
156		#define FIDO_UV_MODE_TUP 0x0001 /* internal test of user presence */
157		#define FIDO_UV_MODE_FP 0x0002 /* internal fingerprint check */
158		#define FIDO_UV_MODE_PIN 0x0004 /* internal pin check */
159		#define FIDO_UV_MODE_VOICE 0x0008 /* internal voice recognition */
160		#define FIDO_UV_MODE_FACE 0x0010 /* internal face recognition */
161		#define FIDO_UV_MODE_LOCATION 0x0020 /* internal location check */
162		#define FIDO_UV_MODE_EYE 0x0040 /* internal eyeprint check */
163		#define FIDO_UV_MODE_DRAWN 0x0080 /* internal drawn pattern check */
164		#define FIDO_UV_MODE_HAND 0x0100 /* internal handprint verification */
165		#define FIDO_UV_MODE_NONE 0x0200 /* TUP/UV not required */
166		#define FIDO_UV_MODE_ALL 0x0400 /* all supported UV modes required */
167		#define FIDO_UV_MODE_EXT_PIN 0x0800 /* external pin verification */
168		#define FIDO_UV_MODE_EXT_DRAWN 0x1000 /* external drawn pattern check */
169
170		/* Recognised token permissions */
171	3.34k	#define FIDO_PUAT_MAKECRED 0x01
172	2.07k	#define FIDO_PUAT_GETASSERT 0x02
173	4.80k	#define FIDO_PUAT_CREDMAN 0x04
174	3.24k	#define FIDO_PUAT_BIOENROLL 0x08
175	1.30k	#define FIDO_PUAT_LARGEBLOB 0x10
176	3.46k	#define FIDO_PUAT_CONFIG 0x20
177		#define FIDO_PUAT_CREDMAN_RO 0x40
178
179		#endif /* !_FIDO_PARAM_H */

Coverage Report

Created: 2026-04-08 06:32