summaryrefslogtreecommitdiff
path: root/include/u2f.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/u2f.h')
-rw-r--r--include/u2f.h79
1 files changed, 78 insertions, 1 deletions
diff --git a/include/u2f.h b/include/u2f.h
index f24eac84a4..cb422db3bf 100644
--- a/include/u2f.h
+++ b/include/u2f.h
@@ -68,7 +68,13 @@ struct u2f_ec_point {
/* The key handle can be used with fingerprint or PIN. */
#define U2F_UV_ENABLED_KH 0x08
+/* Request v2 key handle. Should be used with U2F_UV_ENABLED_KH */
+#define U2F_V2_KH 0x10
+#define U2F_V2_KH_MASK (U2F_V2_KH | U2F_UV_ENABLED_KH)
+
+
#define U2F_KH_VERSION_1 0x01
+#define U2F_KH_VERSION_2 0x02
#define U2F_AUTHORIZATION_SALT_SIZE 16
#define U2F_V0_KH_SIZE 64
@@ -81,6 +87,14 @@ struct u2f_ec_point {
/* Header is composed of version || origin_seed || kh_hmac */
#define U2F_V1_KH_HEADER_SIZE (U2F_ORIGIN_SEED_SIZE + SHA256_DIGEST_SIZE + 1)
+/**
+ * Key handle version = 2 for WebAuthn, bound to device and user.
+ */
+#define U2F_V2_KH_SIZE 81
+
+/* Header is composed of version || origin_seed */
+#define U2F_V2_KH_HEADER_SIZE (U2F_ORIGIN_SEED_SIZE + 1)
+
struct u2f_signature {
uint8_t sig_r[U2F_EC_KEY_SIZE]; /* Signature */
uint8_t sig_s[U2F_EC_KEY_SIZE]; /* Signature */
@@ -122,15 +136,35 @@ struct u2f_key_handle_v0 {
struct u2f_key_handle_v1 {
uint8_t version;
uint8_t origin_seed[U2F_ORIGIN_SEED_SIZE];
+ /* HMAC(u2f_hmac_key, origin || user || origin seed || version) */
uint8_t kh_hmac[SHA256_DIGEST_SIZE];
/* Optionally checked in u2f_sign. */
uint8_t authorization_salt[U2F_AUTHORIZATION_SALT_SIZE];
+ /**
+ * HMAC(u2f_hmac_key,
+ * auth_salt || version || origin_seed || kh_hmac || authTimeSecret)
+ */
+ uint8_t authorization_hmac[SHA256_DIGEST_SIZE];
+};
+
+/* Key handle version = 2, bound to device and user. */
+struct u2f_key_handle_v2 {
+ uint8_t version;
+ uint8_t origin_seed[U2F_ORIGIN_SEED_SIZE];
+ /* Always checked in u2f_sign. */
+ uint8_t authorization_salt[U2F_AUTHORIZATION_SALT_SIZE];
+ /**
+ * HMAC(u2f_hmac_key,
+ * auth_salt || version || origin_seed || origin ||
+ * user || authTimeSecret)
+ */
uint8_t authorization_hmac[SHA256_DIGEST_SIZE];
};
union u2f_key_handle_variant {
struct u2f_key_handle_v0 v0;
struct u2f_key_handle_v1 v1;
+ struct u2f_key_handle_v2 v2;
};
/* TODO(louiscollard): Add Descriptions. */
@@ -156,6 +190,22 @@ struct u2f_generate_versioned_resp {
struct u2f_versioned_key_handle keyHandle;
};
+struct u2f_generate_versioned_resp_v2 {
+ struct u2f_ec_point pubKey; /* Generated public key */
+ struct u2f_key_handle_v2 keyHandle;
+};
+
+/**
+ * Combined type for U2F_GENERATE response. Length of response size
+ * should be used to determine which version of key handle is generated.
+ * Caller may check that response matches request flags.
+ */
+union u2f_generate_response {
+ struct u2f_generate_resp v0;
+ struct u2f_generate_versioned_resp v1;
+ struct u2f_generate_versioned_resp_v2 v2;
+};
+
struct u2f_sign_req {
uint8_t appId[U2F_APPID_SIZE]; /* Application id */
uint8_t userSecret[U2F_USER_SECRET_SIZE];
@@ -173,6 +223,25 @@ struct u2f_sign_versioned_req {
struct u2f_versioned_key_handle keyHandle;
};
+struct u2f_sign_versioned_req_v2 {
+ uint8_t appId[U2F_APPID_SIZE]; /* Application id */
+ uint8_t userSecret[U2F_USER_SECRET_SIZE];
+ uint8_t authTimeSecret[U2F_AUTH_TIME_SECRET_SIZE];
+ uint8_t hash[U2F_P256_SIZE];
+ uint8_t flags;
+ struct u2f_key_handle_v2 keyHandle;
+};
+
+/**
+ * Combined type for U2F_SIGN request. Length of request size
+ * is used to determine which version of key handle is provided.
+ */
+union u2f_sign_request {
+ struct u2f_sign_req v0;
+ struct u2f_sign_versioned_req v1;
+ struct u2f_sign_versioned_req_v2 v2;
+};
+
struct u2f_sign_resp {
uint8_t sig_r[U2F_P256_SIZE]; /* Signature */
uint8_t sig_s[U2F_P256_SIZE]; /* Signature */
@@ -182,7 +251,15 @@ struct u2f_attest_req {
uint8_t userSecret[U2F_USER_SECRET_SIZE];
uint8_t format;
uint8_t dataLen;
- uint8_t data[U2F_MAX_ATTEST_SIZE];
+ uint8_t data[U2F_MAX_ATTEST_SIZE]; /* struct g2f_register_msg_vX */
+};
+
+struct g2f_register_msg_v0 {
+ uint8_t reserved;
+ uint8_t app_id[U2F_APPID_SIZE];
+ uint8_t challenge[U2F_CHAL_SIZE];
+ struct u2f_key_handle_v0 key_handle;
+ struct u2f_ec_point public_key;
};
struct u2f_attest_resp {
View Lorry Controller Status