diff options
-rw-r--r-- | PROTOCOL.u2f | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index eabbd7279..375d73bbc 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f | |||
@@ -150,15 +150,8 @@ SSH U2F signatures | |||
150 | ------------------ | 150 | ------------------ |
151 | 151 | ||
152 | In addition to the message to be signed, the U2F signature operation | 152 | In addition to the message to be signed, the U2F signature operation |
153 | requires a few additional parameters: | 153 | requires the key handle and a few additional parameters. The signature |
154 | 154 | is signed over a blob that consists of: | |
155 | byte control bits (e.g. "user presence required" flag) | ||
156 | byte[32] SHA256(message) | ||
157 | byte[32] SHA256(application) | ||
158 | byte key_handle length | ||
159 | byte[] key_handle | ||
160 | |||
161 | This signature is signed over a blob that consists of: | ||
162 | 155 | ||
163 | byte[32] SHA256(application) | 156 | byte[32] SHA256(application) |
164 | byte flags (including "user present", extensions present) | 157 | byte flags (including "user present", extensions present) |
@@ -170,7 +163,7 @@ The signature returned from U2F hardware takes the following format: | |||
170 | 163 | ||
171 | byte flags (including "user present") | 164 | byte flags (including "user present") |
172 | uint32 counter | 165 | uint32 counter |
173 | byte[32] ecdsa_signature (in X9.62 format). | 166 | byte[] ecdsa_signature (in X9.62 format). |
174 | 167 | ||
175 | For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 | 168 | For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 |
176 | format data in the pre-authentication attack surface. Therefore, the | 169 | format data in the pre-authentication attack surface. Therefore, the |