From ce49e3d07cc35d6a4bc2b27656e051b0e1d0b5ab Mon Sep 17 00:00:00 2001 From: Mario Voigt Date: Mon, 24 Feb 2025 15:21:42 +0000 Subject: [PATCH] Synchronize documentation with in-code docs and remove them from capnp file --- user.capnp | 51 +++------------------------------------------------ 1 file changed, 3 insertions(+), 48 deletions(-) diff --git a/user.capnp b/user.capnp index 9ab4733..4e2ebd7 100644 --- a/user.capnp +++ b/user.capnp @@ -44,53 +44,8 @@ struct User cardDESFireEV2 @6 :CardDESFireEV2; interface CardDESFireEV2 $CSharp.name("CardDESFireInterface") { - # Card authentication using NXP/MiFare DESFire cards. - # These cards have the ability to restrict access for data on the cards using symmetric - # encryption and using a keyed Diffie-Hellman to prevent eavesdropping by any relaying - # party. - # A card has several "applications", containing up to 32 files. A file can be read or - # written. Both kinds of access can be restricted to parties knowing a PSK, on a - # file-to-file basis. - # The current system uses File 0001 through File 0004: - # - # File 0001 allows public (i.e. unauthenticated) read access and contains the Strings - # "FABACCESS", "DESFIRE", and "1.0" as packed list of UTF-8 encoded zero-terminated strings: - # (i.e. "FABACCESS\0DESFIRE\01.0\0") - # This file serves as sort of magic identifier allowing a server to verify quickly if it is - # able to use this card at all. - # - # File 0002 too allows public read access and contains: - # - An URL-encoded name of the issuing lab as URN in the format "urn:fabaccess:lab:" - # Examples: - # - "urn:fabaccess:lab:innovisionlab" - # - "urn:fabaccess:lab:Bibliothek%20Neustadt%20Makerspace" - # - "urn:fabaccess:lab:Offene%20Werkstatt%20M%C3%A4rz" - # - A valid IRI pointing towards the bffd instance running for this lab. This uffd SHOULD be - # reachable from the internet. Using private use IP addresses or IRIs that resolve to such - # may be necessary for labs behind restrictive firewalls or due to local policy. - # The IRI MUST use the "fabaccess" scheme, and SHOULD NOT contain an userinfo, path, query, - # or fragment part. - # Examples: - # - "fabaccess://innovisionlab.de/" - # - "fabaccess://192.168.178.65" - # - "fabaccess://fabaccess-server.localnet" - # - A zero-terminated list of UTF-8 encoded IRIs giving contact options to notify the issuer - # or owner in case the card has been lost. Issuers SHOULD set one value on card creation and - # MAY allow card owners to change or add values of their choosing. - # Examples: - # - "mailto:lostcard@innovisionlab.de" - # - "https://innovisionlab.de/lostcard" - # - "https://werkstatt-märz.de/cardlost.php?action=submitcardlost" - # - # File 0003 allows public access or access using a key, at the issuers option. - # It contains a token that can be used by the home server of the card owner to identify the - # card owner. The format of the token MUST NOT be relied on by any party except the home - # server. - # - # File 0004 restricts read access to a single key known to the home server of the card - # owner. - # It is empty but by being access restricted allows the home server to validate the card as - # being genuine and thus finalizing the authentication of the user. + # For more details about FabFire specification please see: + # https://docs.fab-access.org/books/fabfire-und-nfc-tags/page/fabfire-funktionsprinzip-grundlagen getTokenList @0 () -> ( token_list :List(Data) ); # Get a list of all user Token currently bound to an user. This will generally be the number @@ -118,4 +73,4 @@ struct User # format to be written to the card as-is, but a client MAY add or change some information # contained. } -} +} \ No newline at end of file