upstream: Add support for FIDO webauthn (verification only).

webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
author: djm@openbsd.org <djm@openbsd.org> 2020-06-22 05:58:35 +0000
committer: Damien Miller <djm@mindrot.org> 2020-06-22 16:27:27 +1000
commit: bb52e70fa5330070ec9a23069c311d9e277bbd6f (patch)
tree: bafbbd5e2a0928f44853b3179333b123b7e0d9ff /PROTOCOL.u2f
parent: 64bc121097f377142f1387ffb2df7592c49935af (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 69347e999..fd31ea4ef 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -209,6 +209,32 @@ For Ed25519 keys the signature is encoded as:
        byte            flags
        uint32          counter
+webauthn signatures
+-------------------
+The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to
+interact with FIDO authentication tokens. This standard builds upon the
+FIDO standards, but requires different signature contents to raw FIDO
+messages. OpenSSH supports ECDSA/p256 webauthn signatures through the
+"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm.
+The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com
+signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format:
+        string          "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+        string          ecdsa_signature
+        byte            flags
+        uint32          counter
+        string          origin
+        string          clientData
+        string          extensions
+Where "origin" is the HTTP origin making the signature, "clientData" is
+the JSON-like structure signed by the browser and "extensions" are any
+extensions used in making the signature.
+[1] https://www.w3.org/TR/webauthn-2/
 ssh-agent protocol extensions
 -----------------------------
author	djm@openbsd.org <djm@openbsd.org>	2020-06-22 05:58:35 +0000
committer	Damien Miller <djm@mindrot.org>	2020-06-22 16:27:27 +1000
commit	bb52e70fa5330070ec9a23069c311d9e277bbd6f (patch)
tree	bafbbd5e2a0928f44853b3179333b123b7e0d9ff /PROTOCOL.u2f
parent	64bc121097f377142f1387ffb2df7592c49935af (diff)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index 69347e999..fd31ea4ef 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f
@@ -209,6 +209,32 @@ For Ed25519 keys the signature is encoded as:
209	byte flags	209	byte flags
210	uint32 counter	210	uint32 counter
211		211
		212	webauthn signatures
		213	-------------------
		214
		215	The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to
		216	interact with FIDO authentication tokens. This standard builds upon the
		217	FIDO standards, but requires different signature contents to raw FIDO
		218	messages. OpenSSH supports ECDSA/p256 webauthn signatures through the
		219	"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm.
		220
		221	The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com
		222	signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format:
		223
		224	string "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
		225	string ecdsa_signature
		226	byte flags
		227	uint32 counter
		228	string origin
		229	string clientData
		230	string extensions
		231
		232	Where "origin" is the HTTP origin making the signature, "clientData" is
		233	the JSON-like structure signed by the browser and "extensions" are any
		234	extensions used in making the signature.
		235
		236	[1] https://www.w3.org/TR/webauthn-2/
		237
212	ssh-agent protocol extensions	238	ssh-agent protocol extensions
213	-----------------------------	239	-----------------------------
214		240