diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/u2f.h | 33 | ||||
| -rw-r--r-- | include/u2f_impl.h | 34 |
2 files changed, 55 insertions, 12 deletions
diff --git a/include/u2f.h b/include/u2f.h index 5af23bc773..61b9677185 100644 --- a/include/u2f.h +++ b/include/u2f.h @@ -30,7 +30,6 @@ extern "C" { #define U2F_CHAL_SIZE 32 /* Size of challenge */ #define U2F_MAX_ATTEST_SIZE 256 /* Size of largest blob to sign */ #define U2F_P256_SIZE 32 -#define U2F_FIXED_KH_SIZE 64 /* Size of fixed size key handles */ #define ENC_SIZE(x) ((x + 7) & 0xfff8) @@ -49,6 +48,21 @@ struct u2f_ec_point { #define U2F_AUTH_ENFORCE 0x03 /* Enforce user presence and sign */ #define U2F_AUTH_CHECK_ONLY 0x07 /* Check only */ #define U2F_AUTH_FLAG_TUP 0x01 /* Test of user presence set */ +/* The key handle can be used with fingerprint or PIN. */ +#define U2F_UV_ENABLED_KH 0x08 + +#define U2F_KH_VERSION_1 0x01 + +struct u2f_key_handle { + uint8_t origin_seed[U2F_P256_SIZE]; + uint8_t hmac[U2F_P256_SIZE]; +}; + +struct u2f_versioned_key_handle { + uint8_t version; + uint8_t origin_seed[U2F_P256_SIZE]; + uint8_t hmac[U2F_P256_SIZE]; +}; /* TODO(louiscollard): Add Descriptions. */ @@ -60,15 +74,28 @@ struct u2f_generate_req { struct u2f_generate_resp { struct u2f_ec_point pubKey; /* Generated public key */ - uint8_t keyHandle[U2F_FIXED_KH_SIZE]; /* Key handle */ + struct u2f_key_handle keyHandle; +}; + +struct u2f_generate_versioned_resp { + struct u2f_ec_point pubKey; /* Generated public key */ + struct u2f_versioned_key_handle keyHandle; }; struct u2f_sign_req { uint8_t appId[U2F_APPID_SIZE]; /* Application id */ uint8_t userSecret[U2F_P256_SIZE]; - uint8_t keyHandle[U2F_FIXED_KH_SIZE]; /* Key handle */ + struct u2f_key_handle keyHandle; + uint8_t hash[U2F_P256_SIZE]; + uint8_t flags; +}; + +struct u2f_sign_versioned_req { + uint8_t appId[U2F_APPID_SIZE]; /* Application id */ + uint8_t userSecret[U2F_P256_SIZE]; uint8_t hash[U2F_P256_SIZE]; uint8_t flags; + struct u2f_versioned_key_handle keyHandle; }; struct u2f_sign_resp { diff --git a/include/u2f_impl.h b/include/u2f_impl.h index 0732a1b72d..5bd69309c6 100644 --- a/include/u2f_impl.h +++ b/include/u2f_impl.h @@ -10,6 +10,7 @@ #include "common.h" #include "cryptoc/p256.h" +#include "u2f.h" /* ---- Physical presence ---- */ @@ -58,14 +59,30 @@ int u2f_origin_key(const uint8_t *seed, p256_int *d); * * @param origin pointer to origin id * @param user pointer to user secret - * @param pointer to origin-specific random seed + * @param seed pointer to origin-specific random seed + * @param key_handle buffer to hold the output key handle * * @return EC_SUCCESS if a valid keypair was created. */ -int u2f_origin_user_keyhandle(const uint8_t *origin, - const uint8_t *user, +int u2f_origin_user_keyhandle(const uint8_t *origin, const uint8_t *user, const uint8_t *seed, - uint8_t *key_handle); + struct u2f_key_handle *key_handle); + +/** + * Pack the specified origin, user secret, origin-specific seed and version + * byte into a key handle. + * + * @param origin pointer to origin id + * @param user pointer to user secret + * @param seed pointer to origin-specific random seed + * @param version the version byte to pack; should be greater than 0. + * @param key_handle buffer to hold the output key handle + * + * @return EC_SUCCESS if a valid keypair was created. + */ +int u2f_origin_user_versioned_keyhandle( + const uint8_t *origin, const uint8_t *user, const uint8_t *seed, + uint8_t version, struct u2f_versioned_key_handle *key_handle); /** * Generate an origin and user-specific ECDSA keypair from the specified @@ -73,17 +90,16 @@ int u2f_origin_user_keyhandle(const uint8_t *origin, * * If pk_x and pk_y are NULL, public key generation will be skipped. * - * @param key_handle pointer to the 64 byte key handle + * @param key_handle pointer to the key handle + * @param key_handle_size size of the key handle in bytes * @param d pointer to ECDSA private key * @param pk_x pointer to public key point * @param pk_y pointer to public key point * * @return EC_SUCCESS if a valid keypair was created. */ -int u2f_origin_user_keypair(const uint8_t *key_handle, - p256_int *d, - p256_int *pk_x, - p256_int *pk_y); +int u2f_origin_user_keypair(const uint8_t *key_handle, size_t key_handle_size, + p256_int *d, p256_int *pk_x, p256_int *pk_y); /*** * Generate a hardware derived 256b private key. |