upstream: chop some unnecessary and confusing verbiage from the

security key protocol description; feedback from Ron Frederick OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42
author: djm@openbsd.org <djm@openbsd.org> 2019-12-10 22:36:08 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-11 19:08:22 +1100
commit: c4036fe75ea5a4d03a2a40be1f3660dcbbfa01b2 (patch)
tree: de71bf7ce40ac21098b7c592470c7a98dee47038 /PROTOCOL.u2f
parent: 59175a350fe1091af7528b2971e3273aa7ca7295 (diff)
1 files changed, 3 insertions, 10 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index eabbd7279..375d73bbc 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -150,15 +150,8 @@ SSH U2F signatures
 ------------------
 In addition to the message to be signed, the U2F signature operation
-requires a few additional parameters:
+requires the key handle and a few additional parameters. The signature
+is signed over a blob that consists of:
-        byte            control bits (e.g. "user presence required" flag)
-        byte[32]        SHA256(message)
-        byte[32]        SHA256(application)
-        byte            key_handle length
-        byte[]          key_handle
-This signature is signed over a blob that consists of:
        byte[32]        SHA256(application)
        byte            flags (including "user present", extensions present)
@@ -170,7 +163,7 @@ The signature returned from U2F hardware takes the following format:
        byte            flags (including "user present")
        uint32          counter
-        byte[32]        ecdsa_signature (in X9.62 format).
+        byte[]          ecdsa_signature (in X9.62 format).
 For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
 format data in the pre-authentication attack surface. Therefore, the
author	djm@openbsd.org <djm@openbsd.org>	2019-12-10 22:36:08 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-11 19:08:22 +1100
commit	c4036fe75ea5a4d03a2a40be1f3660dcbbfa01b2 (patch)
tree	de71bf7ce40ac21098b7c592470c7a98dee47038 /PROTOCOL.u2f
parent	59175a350fe1091af7528b2971e3273aa7ca7295 (diff)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index eabbd7279..375d73bbc 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f
@@ -150,15 +150,8 @@ SSH U2F signatures
150	------------------	150	------------------
151		151
152	In addition to the message to be signed, the U2F signature operation	152	In addition to the message to be signed, the U2F signature operation
153	requires a few additional parameters:	153	requires the key handle and a few additional parameters. The signature
154		154	is signed over a blob that consists of:
155	byte control bits (e.g. "user presence required" flag)
156	byte[32] SHA256(message)
157	byte[32] SHA256(application)
158	byte key_handle length
159	byte[] key_handle
160
161	This signature is signed over a blob that consists of:
162		155
163	byte[32] SHA256(application)	156	byte[32] SHA256(application)
164	byte flags (including "user present", extensions present)	157	byte flags (including "user present", extensions present)
@@ -170,7 +163,7 @@ The signature returned from U2F hardware takes the following format:
170		163
171	byte flags (including "user present")	164	byte flags (including "user present")
172	uint32 counter	165	uint32 counter
173	byte[32] ecdsa_signature (in X9.62 format).	166	byte[] ecdsa_signature (in X9.62 format).
174		167
175	For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1	168	For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
176	format data in the pre-authentication attack surface. Therefore, the	169	format data in the pre-authentication attack surface. Therefore, the