diff options
Diffstat (limited to 'include/u2f.h')
-rw-r--r-- | include/u2f.h | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/include/u2f.h b/include/u2f.h index 61b9677185..6680ef5300 100644 --- a/include/u2f.h +++ b/include/u2f.h @@ -31,6 +31,8 @@ extern "C" { #define U2F_MAX_ATTEST_SIZE 256 /* Size of largest blob to sign */ #define U2F_P256_SIZE 32 +#define SHA256_DIGEST_SIZE 32 + #define ENC_SIZE(x) ((x + 7) & 0xfff8) /* EC (uncompressed) point */ @@ -53,15 +55,24 @@ struct u2f_ec_point { #define U2F_KH_VERSION_1 0x01 +#define U2F_AUTHORIZATION_SALT_SIZE 16 + struct u2f_key_handle { uint8_t origin_seed[U2F_P256_SIZE]; - uint8_t hmac[U2F_P256_SIZE]; + uint8_t hmac[SHA256_DIGEST_SIZE]; }; -struct u2f_versioned_key_handle { +struct u2f_versioned_key_handle_header { uint8_t version; uint8_t origin_seed[U2F_P256_SIZE]; - uint8_t hmac[U2F_P256_SIZE]; + uint8_t kh_hmac[SHA256_DIGEST_SIZE]; +}; + +struct u2f_versioned_key_handle { + struct u2f_versioned_key_handle_header header; + /* Optionally checked in u2f_sign. */ + uint8_t authorization_salt[U2F_AUTHORIZATION_SALT_SIZE]; + uint8_t authorization_hmac[SHA256_DIGEST_SIZE]; }; /* TODO(louiscollard): Add Descriptions. */ @@ -70,6 +81,11 @@ struct u2f_generate_req { uint8_t appId[U2F_APPID_SIZE]; /* Application id */ uint8_t userSecret[U2F_P256_SIZE]; uint8_t flags; + /* + * If generating versioned KH, derive an hmac from it and append to + * the key handle. Otherwise unused. + */ + uint8_t authTimeSecretHash[SHA256_DIGEST_SIZE]; }; struct u2f_generate_resp { @@ -93,6 +109,7 @@ struct u2f_sign_req { struct u2f_sign_versioned_req { uint8_t appId[U2F_APPID_SIZE]; /* Application id */ uint8_t userSecret[U2F_P256_SIZE]; + uint8_t authTimeSecret[U2F_P256_SIZE]; uint8_t hash[U2F_P256_SIZE]; uint8_t flags; struct u2f_versioned_key_handle keyHandle; |