diff options
author | Louis Collard <louiscollard@chromium.org> | 2019-04-22 15:04:06 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-04-25 11:27:17 -0700 |
commit | 04c85f7968a45f3f25504b8169d2a3751e588785 (patch) | |
tree | fd138a29dee39ef95013ebd0828fa7da8263f312 /include/u2f.h | |
parent | 351984635c163a8b2a8c623fb4ad8b3bc1c65477 (diff) | |
download | chrome-ec-04c85f7968a45f3f25504b8169d2a3751e588785.tar.gz |
cr50: Support legacy U2F key handles
The new U2F functions make use of a new key derivation
scheme. This adds a flag clients can specify that
allows the new functions to also sign requests
using a legacy key handle. This will allow continued
support of legacy key handles in Chrome OS whilst
allowing the legacy code to be removed from cr50.
BUG=b:112603199, b:123161715
TEST=with new cr50 and u2fd patched to send new param:
- register legacy key handle with Google
- restart u2fd with user keys and no fallback
- check login fails
- restart u2fd with user keys and fallback
- check login succeeds
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: Ib3164e9c0856d51b958fa8db181153b5b2227850
Reviewed-on: https://chromium-review.googlesource.com/1580622
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'include/u2f.h')
-rw-r--r-- | include/u2f.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/u2f.h b/include/u2f.h index 003f047175..1a445f8f4a 100644 --- a/include/u2f.h +++ b/include/u2f.h @@ -151,6 +151,12 @@ typedef struct { #define G2F_ATTEST 0x80 // Fixed attestation key #define G2F_CONSUME 0x02 // Consume presence +// The key handle format was changed when support for user secrets was added. +// U2F_SIGN requests that specify this flag will first try to validate the +// key handle as a new format key handle, and if that fails, will fall back +// to treating it as a legacy key handle (without user secrets). +#define SIGN_LEGACY_KH 0x40 + // U2F Attest format for U2F Register Response. #define U2F_ATTEST_FORMAT_REG_RESP 0 |