[openssh-commits] [openssh] 04/08: upstream: chop some unnecessary and confusing verbiage from the

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit c4036fe75ea5a4d03a2a40be1f3660dcbbfa01b2
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Dec 10 22:36:08 2019 +0000

    upstream: chop some unnecessary and confusing verbiage from the
    
    security key protocol description; feedback from Ron Frederick
    
    OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42
---
 PROTOCOL.u2f | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index eabbd727..375d73bb 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -150,15 +150,8 @@ SSH U2F signatures
 ------------------
 
 In addition to the message to be signed, the U2F signature operation
-requires a few additional parameters:
-
-	byte		control bits (e.g. "user presence required" flag)
-	byte[32]	SHA256(message)
-	byte[32]	SHA256(application)
-	byte		key_handle length
-	byte[]		key_handle
-
-This signature is signed over a blob that consists of:
+requires the key handle and a few additional parameters. The signature
+is signed over a blob that consists of:
 
 	byte[32]	SHA256(application)
 	byte		flags (including "user present", extensions present)
@@ -170,7 +163,7 @@ The signature returned from U2F hardware takes the following format:
 
 	byte		flags (including "user present")
 	uint32		counter
-	byte[32]	ecdsa_signature (in X9.62 format).
+	byte[]		ecdsa_signature (in X9.62 format).
 
 For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
 format data in the pre-authentication attack surface. Therefore, the

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.