[BACK]Return to PROTOCOL.u2f CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/PROTOCOL.u2f between version 1.2 and 1.3

version 1.2, 2019/11/01 12:10:43 version 1.3, 2019/11/12 19:32:30
Line 138 
Line 138 
 For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1  For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
 format data in the pre-authentication attack surface. Therefore, the  format data in the pre-authentication attack surface. Therefore, the
 signature format used on the wire in SSH2_USERAUTH_REQUEST packets will  signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
 be reformatted slightly:  be reformatted slightly and the ecdsa_signature_blob value has the encoding:
   
         mpint           r          mpint           r
         mpint           s          mpint           s
Line 184 
Line 184 
         /* Flags */          /* Flags */
         #define SSH_SK_USER_PRESENCE_REQD       0x01          #define SSH_SK_USER_PRESENCE_REQD       0x01
   
           /* Algs */
           #define SSH_SK_ECDSA                   0x00
           #define SSH_SK_ED25519                 0x01
   
         struct sk_enroll_response {          struct sk_enroll_response {
                 uint8_t *public_key;                  uint8_t *public_key;
                 size_t public_key_len;                  size_t public_key_len;
Line 208 
Line 212 
         uint32_t sk_api_version(void);          uint32_t sk_api_version(void);
   
         /* Enroll a U2F key (private key generation) */          /* Enroll a U2F key (private key generation) */
         int sk_enroll(const uint8_t *challenge, size_t challenge_len,          int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len,
             const char *application, uint8_t flags,              const char *application, uint8_t flags,
             struct sk_enroll_response **enroll_response);              struct sk_enroll_response **enroll_response);
   
         /* Sign a challenge */          /* Sign a challenge */
         int sk_sign(const uint8_t *message, size_t message_len,          int sk_sign(int alg, const uint8_t *message, size_t message_len,
             const char *application,              const char *application,
             const uint8_t *key_handle, size_t key_handle_len,              const uint8_t *key_handle, size_t key_handle_len,
             uint8_t flags, struct sk_sign_response **sign_response);              uint8_t flags, struct sk_sign_response **sign_response);
Legend:
Removed from v.1.2  
changed lines
  Added in v.1.3