summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/ssh/PROTOCOL.u2f13
-rw-r--r--usr.bin/ssh/ssh-ecdsa-sk.c10
-rw-r--r--usr.bin/ssh/ssh-sk.c10
3 files changed, 18 insertions, 15 deletions
diff --git a/usr.bin/ssh/PROTOCOL.u2f b/usr.bin/ssh/PROTOCOL.u2f
index 7b1049c3e92..4e3896419f1 100644
--- a/usr.bin/ssh/PROTOCOL.u2f
+++ b/usr.bin/ssh/PROTOCOL.u2f
@@ -175,15 +175,18 @@ The signature returned from U2F hardware takes the following format:
For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
format data in the pre-authentication attack surface. Therefore, the
signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
-be reformatted slightly and the ecdsa_signature_blob value has the encoding:
+be reformatted to better match the existing signature encoding:
- mpint r
- mpint s
+ string "sk-ecdsa-sha2-nistp256@openssh.com"
+ string ecdsa_signature
byte flags
uint32 counter
-Where 'r' and 's' are extracted by the client or token middleware from the
-ecdsa_signature field returned from the hardware.
+Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
+encoding:
+
+ mpint r
+ mpint s
For Ed25519 keys the signature is encoded as:
diff --git a/usr.bin/ssh/ssh-ecdsa-sk.c b/usr.bin/ssh/ssh-ecdsa-sk.c
index 5edd904f262..1972865ec53 100644
--- a/usr.bin/ssh/ssh-ecdsa-sk.c
+++ b/usr.bin/ssh/ssh-ecdsa-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa-sk.c,v 1.1 2019/10/31 21:15:14 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa-sk.c,v 1.2 2019/11/19 22:23:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -73,7 +73,9 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
if ((b = sshbuf_from(signature, signaturelen)) == NULL)
return SSH_ERR_ALLOC_FAIL;
if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
- sshbuf_froms(b, &sigbuf) != 0) {
+ sshbuf_froms(b, &sigbuf) != 0 ||
+ sshbuf_get_u8(b, &sig_flags) != 0 ||
+ sshbuf_get_u32(b, &sig_counter) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}
@@ -88,9 +90,7 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
/* parse signature */
if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
- sshbuf_get_bignum2(sigbuf, &sig_s) != 0 ||
- sshbuf_get_u8(sigbuf, &sig_flags) != 0 ||
- sshbuf_get_u32(sigbuf, &sig_counter) != 0) {
+ sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}
diff --git a/usr.bin/ssh/ssh-sk.c b/usr.bin/ssh/ssh-sk.c
index 2bd099d13ac..da964aa27be 100644
--- a/usr.bin/ssh/ssh-sk.c
+++ b/usr.bin/ssh/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.16 2019/11/19 22:23:19 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
@@ -403,13 +403,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
if ((r = sshbuf_put_bignum2_bytes(inner_sig,
resp->sig_r, resp->sig_r_len)) != 0 ||
(r = sshbuf_put_bignum2_bytes(inner_sig,
- resp->sig_s, resp->sig_s_len)) != 0 ||
- (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 ||
- (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) {
+ resp->sig_s, resp->sig_s_len)) != 0) {
debug("%s: buffer error: %s", __func__, ssh_err(r));
goto out;
}
- if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0) {
+ if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
+ (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
+ (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
debug("%s: buffer error: %s", __func__, ssh_err(r));
goto out;
}