[WebAuthN] Support CTAP HID authenticators on macOS
[WebKit-https.git] / Source / WebCore / Modules / webauthn / fido / FidoConstants.h
1 // Copyright 2018 The Chromium Authors. All rights reserved.
2 // Copyright (C) 2018 Apple Inc. All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 //    * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 //    * Redistributions in binary form must reproduce the above
11 // copyright notice, this list of conditions and the following disclaimer
12 // in the documentation and/or other materials provided with the
13 // distribution.
14 //    * Neither the name of Google Inc. nor the names of its
15 // contributors may be used to endorse or promote products derived from
16 // this software without specific prior written permission.
17 //
18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
30 #pragma once
31
32 #if ENABLE(WEB_AUTHN)
33
34 #include "PublicKeyCredentialType.h"
35
36 namespace fido {
37
38 enum class ProtocolVersion {
39     kCtap,
40     kU2f,
41     kUnknown,
42 };
43
44 // Length of the SHA-256 hash of the RP ID asssociated with the credential:
45 // https://www.w3.org/TR/webauthn/#sec-authenticator-data
46 constexpr size_t kRpIdHashLength = 32;
47
48 // Length of the flags:
49 // https://www.w3.org/TR/webauthn/#sec-authenticator-data
50 constexpr size_t kFlagsLength = 1;
51
52 // Length of the signature counter, 32-bit unsigned big-endian integer:
53 // https://www.w3.org/TR/webauthn/#sec-authenticator-data
54 constexpr size_t kSignCounterLength = 4;
55
56 // Length of the AAGUID of the authenticator:
57 // https://www.w3.org/TR/webauthn/#sec-attested-credential-data
58 constexpr size_t kAaguidLength = 16;
59
60 // Length of the byte length L of Credential ID, 16-bit unsigned big-endian
61 // integer: https://www.w3.org/TR/webauthn/#sec-attested-credential-data
62 constexpr size_t kCredentialIdLengthLength = 2;
63
64 // CTAP protocol device response code, as specified in
65 // https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#error-responses
66 enum class CtapDeviceResponseCode : uint8_t {
67     kSuccess = 0x00,
68     kCtap1ErrInvalidCommand = 0x01,
69     kCtap1ErrInvalidParameter = 0x02,
70     kCtap1ErrInvalidLength = 0x03,
71     kCtap1ErrInvalidSeq = 0x04,
72     kCtap1ErrTimeout = 0x05,
73     kCtap1ErrChannelBusy = 0x06,
74     kCtap1ErrLockRequired = 0x0A,
75     kCtap1ErrInvalidChannel = 0x0B,
76     kCtap2ErrCBORParsing = 0x10,
77     kCtap2ErrUnexpectedType = 0x11,
78     kCtap2ErrInvalidCBOR = 0x12,
79     kCtap2ErrInvalidCBORType = 0x13,
80     kCtap2ErrMissingParameter = 0x14,
81     kCtap2ErrLimitExceeded = 0x15,
82     kCtap2ErrUnsupportedExtension = 0x16,
83     kCtap2ErrTooManyElements = 0x17,
84     kCtap2ErrExtensionNotSupported = 0x18,
85     kCtap2ErrCredentialExcluded = 0x19,
86     kCtap2ErrProcesssing = 0x21,
87     kCtap2ErrInvalidCredential = 0x22,
88     kCtap2ErrUserActionPending = 0x23,
89     kCtap2ErrOperationPending = 0x24,
90     kCtap2ErrNoOperations = 0x25,
91     kCtap2ErrUnsupportedAlgorithms = 0x26,
92     kCtap2ErrOperationDenied = 0x27,
93     kCtap2ErrKeyStoreFull = 0x28,
94     kCtap2ErrNotBusy = 0x29,
95     kCtap2ErrNoOperationPending = 0x2A,
96     kCtap2ErrUnsupportedOption = 0x2B,
97     kCtap2ErrInvalidOption = 0x2C,
98     kCtap2ErrKeepAliveCancel = 0x2D,
99     kCtap2ErrNoCredentials = 0x2E,
100     kCtap2ErrUserActionTimeout = 0x2F,
101     kCtap2ErrNotAllowed = 0x30,
102     kCtap2ErrPinInvalid = 0x31,
103     kCtap2ErrPinBlocked = 0x32,
104     kCtap2ErrPinAuthInvalid = 0x33,
105     kCtap2ErrPinAuthBlocked = 0x34,
106     kCtap2ErrPinNotSet = 0x35,
107     kCtap2ErrPinRequired = 0x36,
108     kCtap2ErrPinPolicyViolation = 0x37,
109     kCtap2ErrPinTokenExpired = 0x38,
110     kCtap2ErrRequestTooLarge = 0x39,
111     kCtap2ErrOther = 0x7F,
112     kCtap2ErrSpecLast = 0xDF,
113     kCtap2ErrExtensionFirst = 0xE0,
114     kCtap2ErrExtensionLast = 0xEF,
115     kCtap2ErrVendorFirst = 0xF0,
116     kCtap2ErrVendorLast = 0xFF
117 };
118
119 bool isCtapDeviceResponseCode(CtapDeviceResponseCode);
120
121 // Commands supported by CTAPHID device as specified in
122 // https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#ctaphid-commands
123 enum class FidoHidDeviceCommand : uint8_t {
124     kMsg = 0x03,
125     kCbor = 0x10,
126     kInit = 0x06,
127     kPing = 0x01,
128     kCancel = 0x11,
129     kError = 0x3F,
130     kKeepAlive = 0x3B,
131     kWink = 0x08,
132     kLock = 0x04,
133 };
134
135 bool isFidoHidDeviceCommand(FidoHidDeviceCommand);
136
137 // String key values for CTAP request optional parameters and
138 // AuthenticatorGetInfo response.
139 const char kResidentKeyMapKey[] = "rk";
140 const char kUserVerificationMapKey[] = "uv";
141 const char kUserPresenceMapKey[] = "up";
142 const char kClientPinMapKey[] = "clientPin";
143 const char kPlatformDeviceMapKey[] = "plat";
144 const char kEntityIdMapKey[] = "id";
145 const char kEntityNameMapKey[] = "name";
146 const char kDisplayNameMapKey[] = "displayName";
147 const char kIconUrlMapKey[] = "icon";
148 const char kCredentialTypeMapKey[] = "type";
149 const char kCredentialAlgorithmMapKey[] = "alg";
150 // Keys for storing credential descriptor information in CBOR map.
151 const char kCredentialIdKey[] = "id";
152 const char kCredentialTypeKey[] = "type";
153
154 // HID transport specific constants.
155 const size_t kHidPacketSize = 64;
156 const uint32_t kHidBroadcastChannel = 0xffffffff;
157 const size_t kHidInitPacketHeaderSize = 7;
158 const size_t kHidContinuationPacketHeader = 5;
159 const size_t kHidMaxPacketSize = 64;
160 const size_t kHidInitPacketDataSize = kHidMaxPacketSize - kHidInitPacketHeaderSize;
161 const size_t kHidContinuationPacketDataSize = kHidMaxPacketSize - kHidContinuationPacketHeader;
162 const size_t kHidInitResponseSize = 17;
163
164 const uint8_t kHidMaxLockSeconds = 10;
165
166 // Messages are limited to an initiation packet and 128 continuation packets.
167 const size_t kHidMaxMessageSize = 7609;
168
169 // CTAP/U2F devices only provide a single report so specify a report ID of 0 here.
170 const uint8_t kHidReportId = 0x00;
171
172 // Authenticator API commands supported by CTAP devices, as specified in
173 // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#authenticator-api
174 enum class CtapRequestCommand : uint8_t {
175     kAuthenticatorMakeCredential = 0x01,
176     kAuthenticatorGetAssertion = 0x02,
177     kAuthenticatorGetNextAssertion = 0x08,
178     kAuthenticatorGetInfo = 0x04,
179     kAuthenticatorClientPin = 0x06,
180     kAuthenticatorReset = 0x07,
181 };
182
183 // String key values for attestation object as a response to MakeCredential
184 // request.
185 const char kFormatKey[] = "fmt";
186 const char kAttestationStatementKey[] = "attStmt";
187 const char kAuthDataKey[] = "authData";
188 const char kNoneAttestationValue[] = "none";
189
190 // String representation of public key credential enum.
191 // https://w3c.github.io/webauthn/#credentialType
192 const char kPublicKey[] = "public-key";
193
194 const char* publicKeyCredentialTypeToString(WebCore::PublicKeyCredentialType);
195
196 // FIXME: Add url to the official spec once it's standardized.
197 const char kCtap2Version[] = "FIDO_2_0";
198 const char kU2fVersion[] = "U2F_V2";
199
200 // CTAPHID Usage Page and Usage
201 // https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-client-to-authenticator-protocol-v2.0-ps-20170927.html#hid-report-descriptor-and-device-discovery
202 const uint32_t kCTAPHIDUsagePage = 0xF1D0;
203 const uint32_t kCTAPHIDUsage = 0x01;
204
205 } // namespace fido
206
207 #endif // ENABLE(WEB_AUTHN)