diff options
Diffstat (limited to 'PROTOCOL.u2f')
| -rw-r--r-- | PROTOCOL.u2f | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index a587480b..bd60f9fa 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f @@ -138,7 +138,7 @@ The signature returned from U2F hardware takes the following format: For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1 format data in the pre-authentication attack surface. Therefore, the signature format used on the wire in SSH2_USERAUTH_REQUEST packets will -be reformatted slightly: +be reformatted slightly and the ecdsa_signature_blob value has the encoding: mpint r mpint s @@ -184,6 +184,10 @@ The middleware library need only expose a handful of functions: /* Flags */ #define SSH_SK_USER_PRESENCE_REQD 0x01 + /* Algs */ + #define SSH_SK_ECDSA 0x00 + #define SSH_SK_ED25519 0x01 + struct sk_enroll_response { uint8_t *public_key; size_t public_key_len; @@ -208,12 +212,12 @@ The middleware library need only expose a handful of functions: uint32_t sk_api_version(void); /* Enroll a U2F key (private key generation) */ - int sk_enroll(const uint8_t *challenge, size_t challenge_len, + int sk_enroll(int alg, const uint8_t *challenge, size_t challenge_len, const char *application, uint8_t flags, struct sk_enroll_response **enroll_response); /* Sign a challenge */ - int sk_sign(const uint8_t *message, size_t message_len, + int sk_sign(int alg, const uint8_t *message, size_t message_len, const char *application, const uint8_t *key_handle, size_t key_handle_len, uint8_t flags, struct sk_sign_response **sign_response); |