diff options
| author | Louis Collard <louiscollard@chromium.org> | 2019-01-21 19:29:47 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-01-31 18:18:49 -0800 |
| commit | c758f2f435a54615507319200615a2a35a088100 (patch) | |
| tree | b4e38c892328b8e2f6e4e66a8d8527e302a4e052 /include | |
| parent | 846eb6500388e81b74730b6a02d44c4ede4b9279 (diff) | |
| download | chrome-ec-c758f2f435a54615507319200615a2a35a088100.tar.gz | |
cr50: Add new U2F generate, sign and attest commands.
These new commands expose a more generic API, which will
allow a refactoring that removes most U2F-specific logic
from cr50, and moves it into u2fd.
CQ-DEPEND=CL:1371584
BRANCH=none
BUG=b:123161715
TEST=local testing using g2ftool
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I32067ce01e4bb31a331994b4e91d5b56d125cbb1
Reviewed-on: https://chromium-review.googlesource.com/1425137
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/tpm_vendor_cmds.h | 7 | ||||
| -rw-r--r-- | include/u2f.h | 41 |
2 files changed, 48 insertions, 0 deletions
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index a2e2b6920e..af91eaa2c3 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -123,6 +123,13 @@ enum vendor_cmd_cc { */ VENDOR_CC_GET_PWR_BTN = 43, + /* + * U2F commands. + */ + VENDOR_CC_U2F_GENERATE = 44, + VENDOR_CC_U2F_SIGN = 45, + VENDOR_CC_U2F_ATTEST = 46, + LAST_VENDOR_COMMAND = 65535, }; diff --git a/include/u2f.h b/include/u2f.h index e0b70d9751..e059f98e32 100644 --- a/include/u2f.h +++ b/include/u2f.h @@ -28,6 +28,9 @@ extern "C" { #define U2F_CTR_SIZE 4 // Size of counter field #define U2F_APPID_SIZE 32 // Size of application id #define U2F_CHAL_SIZE 32 // Size of challenge +#define U2F_MAX_ATTEST_SIZE 256 // Size of largest blob to sign +#define U2F_P256_SIZE 32 +#define U2F_FIXED_KH_SIZE 64 // Size of fixed size key handles #define ENC_SIZE(x) ((x + 7) & 0xfff8) @@ -91,6 +94,41 @@ typedef struct { uint8_t sig[U2F_MAX_EC_SIG_SIZE]; // Signature } U2F_AUTHENTICATE_RESP; +// TODO(louiscollard): Add Descriptions. + +typedef struct { + uint8_t appId[U2F_APPID_SIZE]; // Application id + uint8_t flags; +} U2F_GENERATE_REQ; + +typedef struct { + U2F_EC_POINT pubKey; // Generated public key + uint8_t keyHandle[U2F_FIXED_KH_SIZE]; // Key handle +} U2F_GENERATE_RESP; + +typedef struct { + uint8_t appId[U2F_APPID_SIZE]; // Application id + uint8_t keyHandle[U2F_FIXED_KH_SIZE]; // Key handle + uint8_t hash[U2F_P256_SIZE]; + uint8_t flags; +} U2F_SIGN_REQ; + +typedef struct { + uint8_t sig_r[U2F_P256_SIZE]; // Signature + uint8_t sig_s[U2F_P256_SIZE]; // Signature +} U2F_SIGN_RESP; + +typedef struct { + uint8_t format; + uint8_t dataLen; + uint8_t data[U2F_MAX_ATTEST_SIZE]; +} U2F_ATTEST_REQ; + +typedef struct { + uint8_t sig_r[U2F_P256_SIZE]; + uint8_t sig_s[U2F_P256_SIZE]; +} U2F_ATTEST_RESP; + // Command status responses #define U2F_SW_NO_ERROR 0x9000 // SW_NO_ERROR @@ -110,6 +148,9 @@ typedef struct { #define G2F_ATTEST 0x80 // Fixed attestation key #define G2F_CONSUME 0x02 // Consume presence +// U2F Attest format for U2F Register Response. +#define U2F_ATTEST_FORMAT_REG_RESP 0 + // Vendor command to enable/disable the extensions #define U2F_VENDOR_MODE U2F_VENDOR_LAST |