summaryrefslogtreecommitdiff
path: root/PROTOCOL.u2f
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-11-19 22:23:19 +0000
committerDamien Miller <djm@mindrot.org>2019-11-20 09:27:29 +1100
commita70d92f236576c032a45c39e68ca0d71e958d19d (patch)
tree400d69ea26ab873458581f682a0a24e85bbac442 /PROTOCOL.u2f
parent26369a5f7d9c4e4ef44a3e04910126e1bcea43d8 (diff)
upstream: adjust on-wire signature encoding for ecdsa-sk keys to
better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne NB. if you are depending on security keys (already?) then make sure you update both your clients and servers. OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
Diffstat (limited to 'PROTOCOL.u2f')
-rw-r--r--PROTOCOL.u2f13
1 files changed, 8 insertions, 5 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 7b1049c3e..4e3896419 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -175,15 +175,18 @@ The signature returned from U2F hardware takes the following format:
175For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 175For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
176format data in the pre-authentication attack surface. Therefore, the 176format data in the pre-authentication attack surface. Therefore, the
177signature format used on the wire in SSH2_USERAUTH_REQUEST packets will 177signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
178be reformatted slightly and the ecdsa_signature_blob value has the encoding: 178be reformatted to better match the existing signature encoding:
179 179
180 mpint r 180 string "sk-ecdsa-sha2-nistp256@openssh.com"
181 mpint s 181 string ecdsa_signature
182 byte flags 182 byte flags
183 uint32 counter 183 uint32 counter
184 184
185Where 'r' and 's' are extracted by the client or token middleware from the 185Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
186ecdsa_signature field returned from the hardware. 186encoding:
187
188 mpint r
189 mpint s
187 190
188For Ed25519 keys the signature is encoded as: 191For Ed25519 keys the signature is encoded as:
189 192