[Bug 2319] [PATCH REVIEW] U2F authentication
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jan 9 09:30:49 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2319
--- Comment #6 from Michael Stapelberg <michael+mindrot at stapelberg.de> ---
(In reply to Damien Miller from comment #5)
> (In reply to Michael Stapelberg from comment #3)
> > (In reply to Damien Miller from comment #2)
> > > I think it is best that you start with a description of the "u2f"
> > > authentication method protocol - it's much better to review that the
> > > protocol is sound before looking at the implementation. Could you
> > > write this up?
> >
> > From that comment it sounds like there is some misunderstanding here
> > :).
> >
> > U2F stands for Universal Second Factor, see also
> > http://en.wikipedia.org/wiki/Universal_2nd_Factor
> >
> > You can find the protocol specification on
> > http://fidoalliance.org/specifications/download/
> >
> > I’ve done a presentation at our local computer club, you can find
> > the slides here:
> > https://www.noname-ev.de/w/File:C14h-u2f-how-security-keys-work.pdf
> > — they contain a pretty high-level and easy to understand
> > description of U2F.
> >
> > Is that what you were looking for? If not, let me know :).
>
> No, I'm looking for a description of what goes on the wire for SSH.
> Like what RFC4252 does for the existing SSH authentication methods.
Ah, I see. Here goes:
When the client starts the u2f authentication, it sends:
byte SSH_MSG_USERAUTH_REQUEST
string user name in ISO-10646 UTF-8 encoding [RFC3629]
string service name in US-ASCII
string method name in US-ASCII
uint32 U2F mode (authentication or registration)
1) In case the client requests registration, the server replies with:
byte SSH2_MSG_USERAUTH_INFO_REQUEST
string RegisterRequest
Where RegisterRequest is specified in
http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-registerrequest-members
After sending 'RegisterRequest' to the U2F security key, the client
sends back the security key’s response (see
http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-registerresponse-members):
byte SSH2_MSG_USERAUTH_INFO_RESPONSE
string RegisterResponse
Once the server verified the 'RegisterResponse' indeed signed the
original challenge, it extracts the user’s U2F public key and sends
back a ssh-u2f key line which the user should add to her
authorized_keys file:
byte SSH2_MSG_USERAUTH_INFO_REQUEST
string authorizedKey
2) In case the client requests authentication, the server replies with:
byte SSH2_MSG_USERAUTH_INFO_REQUEST
string SignRequest
After sending 'SignRequest' (see
http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-signrequest-members)
to the U2F security key, the client sends back the security key’s
response:
byte SSH2_MSG_USERAUTH_INFO_RESPONSE
string SignResponse
The authentication is successful if the server successfully verifies
that the signature on the 'SignResponse' was created with the formerly
registered public key.
As you can see, the protocol on the wire is fairly simple — I just
follow the JavaScript API because that is what libu2f-host expects.
Hope that helps, let me know if you have more questions.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list