From d20543de34c5d16ce703a7d78c01eb24ef8776b5 Mon Sep 17 00:00:00 2001
From: Gregor Reitzenstein <me@dequbed.space>
Date: Sat, 28 Aug 2021 20:25:49 +0200
Subject: [PATCH] Describe DESFire card format

---
 user.capnp | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/user.capnp b/user.capnp
index c22fea8..8c89921 100644
--- a/user.capnp
+++ b/user.capnp
@@ -51,6 +51,50 @@ struct User
         # These cards have the ability to restrict access for data on the cards using symmetric
         # encryption and using a keyed Diffie-Hellman to prevent eavesdropping by any relaying
         # party.
+        # A card has several "applications", containing up to 32 files. A file can be read or
+        # written. Both kinds of access can be restricted to parties knowing a PSK, on a
+        # file-to-file basis.
+        # The current system uses File 0001 through File 0004:
+        #
+        # File 0001 allows public (i.e. unauthenticated) read access and contains the Strings
+        # "FABACCESS", "DESFIRE", and "1.0" as packed list of UTF-8 encoded zero-terminated strings:
+        # (i.e. "FABACCESS\0DESFIRE\01.0\0")
+        # This file serves as sort of magic identifier allowing a server to verify quickly if it is
+        # able to use this card at all.
+        #
+        # File 0002 too allows public read access and contains:
+        # - An URL-encoded name of the issuing lab as URN in the format "urn:fabaccess:lab:<labname>"
+        #   Examples:
+        #     - "urn:fabaccess:lab:innovisionlab"
+        #     - "urn:fabaccess:lab:Bibliothek%20Neustadt%20Makerspace"
+        #     - "urn:fabaccess:lab:Offene%20Werkstatt%20M%C3%A4rz"
+        # - A valid IRI pointing towards the bffd instance running for this lab. This uffd SHOULD be
+        #   reachable from the internet. Using private use IP addresses or IRIs that resolve to such
+        #   may be necessary for labs behind restrictive firewalls or due to local policy.
+        #   The IRI MUST use the "fabaccess" scheme, and SHOULD NOT contain an userinfo, path, query,
+        #   or fragment part.
+        #   Examples: 
+        #     - "fabaccess://innovisionlab.de/"
+        #     - "fabaccess://192.168.178.65"
+        #     - "fabaccess://fabaccess-server.localnet"
+        # - A zero-terminated list of UTF-8 encoded IRIs giving contact options to notify the issuer
+        #   or owner in case the card has been lost. Issuers SHOULD set one value on card creation and
+        #   MAY allow card owners to change or add values of their choosing.
+        #   Examples:
+        #     - "mailto:lostcard@innovisionlab.de"
+        #     - "https://innovisionlab.de/lostcard"
+        #     - "https://werkstatt-märz.de/cardlost.php?action=submitcardlost"
+        #
+        # File 0003 allows public access or access using a key, at the issuers option.
+        # It contains a token that can be used by the home server of the card owner to identify the
+        # card owner. The format of the token MUST NOT be relied on by any party except the home
+        # server.
+        #
+        # File 0004 restricts read access to a single key known to the home server of the card
+        # owner.
+        # It is empty but by being access restricted allows the home server to validate the card as
+        # being genuine and thus finalizing the authentication of the user.
+
 
         getTokenList @0 () -> ( tokens :List(Data) );
         # Get a list of all user Token currently bound to an user. This will generally be the number