diff options
Diffstat (limited to 'PROTOCOL.u2f')
| -rw-r--r-- | PROTOCOL.u2f | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index eabbd7279..375d73bbc 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f | |||
| @@ -150,15 +150,8 @@ SSH U2F signatures | |||
| 150 | ------------------ | 150 | ------------------ |
| 151 | 151 | ||
| 152 | In addition to the message to be signed, the U2F signature operation | 152 | In addition to the message to be signed, the U2F signature operation |
| 153 | requires a few additional parameters: | 153 | requires the key handle and a few additional parameters. The signature |
| 154 | 154 | is signed over a blob that consists of: | |
| 155 | byte control bits (e.g. "user presence required" flag) | ||
| 156 | byte[32] SHA256(message) | ||
| 157 | byte[32] SHA256(application) | ||
| 158 | byte key_handle length | ||
| 159 | byte[] key_handle | ||
| 160 | |||
| 161 | This signature is signed over a blob that consists of: | ||
| 162 | 155 | ||
| 163 | byte[32] SHA256(application) | 156 | byte[32] SHA256(application) |
| 164 | byte flags (including "user present", extensions present) | 157 | byte flags (including "user present", extensions present) |
| @@ -170,7 +163,7 @@ The signature returned from U2F hardware takes the following format: | |||
| 170 | 163 | ||
| 171 | byte flags (including "user present") | 164 | byte flags (including "user present") |
| 172 | uint32 counter | 165 | uint32 counter |
| 173 | byte[32] ecdsa_signature (in X9.62 format). | 166 | byte[] ecdsa_signature (in X9.62 format). |
| 174 | 167 | ||
| 175 | For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 | 168 | For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 |
| 176 | format data in the pre-authentication attack surface. Therefore, the | 169 | format data in the pre-authentication attack surface. Therefore, the |