diff options
Diffstat (limited to 'PROTOCOL.u2f')
-rw-r--r-- | PROTOCOL.u2f | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index a587480be..bd60f9fac 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f | |||
@@ -138,7 +138,7 @@ The signature returned from U2F hardware takes the following format: | |||
138 | For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 | 138 | For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 |
139 | format data in the pre-authentication attack surface. Therefore, the | 139 | format data in the pre-authentication attack surface. Therefore, the |
140 | signature format used on the wire in SSH2_USERAUTH_REQUEST packets will | 140 | signature format used on the wire in SSH2_USERAUTH_REQUEST packets will |
141 | be reformatted slightly: | 141 | be reformatted slightly and the ecdsa_signature_blob value has the encoding: |
142 | 142 | ||
143 | mpint r | 143 | mpint r |
144 | mpint s | 144 | mpint s |
@@ -184,6 +184,10 @@ The middleware library need only expose a handful of functions: | |||
184 | /* Flags */ | 184 | /* Flags */ |
185 | #define SSH_SK_USER_PRESENCE_REQD 0x01 | 185 | #define SSH_SK_USER_PRESENCE_REQD 0x01 |
186 | 186 | ||
187 | /* Algs */ | ||
188 | #define SSH_SK_ECDSA 0x00 | ||
189 | #define SSH_SK_ED25519 0x01 | ||
190 | |||
187 | struct sk_enroll_response { | 191 | struct sk_enroll_response { |
188 | uint8_t *public_key; | 192 | uint8_t *public_key; |
189 | size_t public_key_len; | 193 | size_t public_key_len; |
@@ -208,12 +212,12 @@ The middleware library need only expose a handful of functions: | |||
208 | uint32_t sk_api_version(void); | 212 | uint32_t sk_api_version(void); |
209 | 213 | ||
210 | /* Enroll a U2F key (private key generation) */ | 214 | /* Enroll a U2F key (private key generation) */ |
211 | int sk_enroll(const uint8_t *challenge, size_t challenge_len, | 215 | int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, |
212 | const char *application, uint8_t flags, | 216 | const char *application, uint8_t flags, |
213 | struct sk_enroll_response **enroll_response); | 217 | struct sk_enroll_response **enroll_response); |
214 | 218 | ||
215 | /* Sign a challenge */ | 219 | /* Sign a challenge */ |
216 | int sk_sign(const uint8_t *message, size_t message_len, | 220 | int sk_sign(int alg, const uint8_t *message, size_t message_len, |
217 | const char *application, | 221 | const char *application, |
218 | const uint8_t *key_handle, size_t key_handle_len, | 222 | const uint8_t *key_handle, size_t key_handle_len, |
219 | uint8_t flags, struct sk_sign_response **sign_response); | 223 | uint8_t flags, struct sk_sign_response **sign_response); |