[openssh-commits] [openssh] 08/08: upstream: adjust on-wire signature encoding for ecdsa-sk keys to

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Nov 20 09:27:45 AEDT 2019 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a70d92f236576c032a45c39e68ca0d71e958d19d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Nov 19 22:23:19 2019 +0000

    upstream: adjust on-wire signature encoding for ecdsa-sk keys to
    
    better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne
    
    NB. if you are depending on security keys (already?) then make sure you
    update both your clients and servers.
    
    OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
---
 PROTOCOL.u2f   | 15 +++++++++------
 ssh-ecdsa-sk.c | 10 +++++-----
 ssh-sk.c       | 10 +++++-----
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 7b1049c3..4e389641 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -175,15 +175,18 @@ The signature returned from U2F hardware takes the following format:
 For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
 format data in the pre-authentication attack surface. Therefore, the
 signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
-be reformatted slightly and the ecdsa_signature_blob value has the encoding:
+be reformatted to better match the existing signature encoding:
+
+	string		"sk-ecdsa-sha2-nistp256 at openssh.com"
+	string		ecdsa_signature
+	byte		flags
+	uint32		counter
+
+Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
+encoding:
 
 	mpint		r
 	mpint		s
-	byte		flags
-	uint32		counter
-
-Where 'r' and 's' are extracted by the client or token middleware from the
-ecdsa_signature field returned from the hardware.
 
 For Ed25519 keys the signature is encoded as:
 
diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c
index 35592465..7bdecd58 100644
--- a/ssh-ecdsa-sk.c
+++ b/ssh-ecdsa-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa-sk.c,v 1.1 2019/10/31 21:15:14 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa-sk.c,v 1.2 2019/11/19 22:23:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -77,7 +77,9 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
 	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-	    sshbuf_froms(b, &sigbuf) != 0) {
+	    sshbuf_froms(b, &sigbuf) != 0 ||
+	    sshbuf_get_u8(b, &sig_flags) != 0 ||
+	    sshbuf_get_u32(b, &sig_counter) != 0) {
 		ret = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -92,9 +94,7 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
 
 	/* parse signature */
 	if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
-	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0 ||
-	    sshbuf_get_u8(sigbuf, &sig_flags) != 0 ||
-	    sshbuf_get_u32(sigbuf, &sig_counter) != 0) {
+	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
 		ret = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
diff --git a/ssh-sk.c b/ssh-sk.c
index df2f040e..2b25c42f 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.15 2019/11/18 16:08:57 naddy Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.16 2019/11/19 22:23:19 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -411,13 +411,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 	if ((r = sshbuf_put_bignum2_bytes(inner_sig,
 	    resp->sig_r, resp->sig_r_len)) != 0 ||
 	    (r = sshbuf_put_bignum2_bytes(inner_sig,
-	    resp->sig_s, resp->sig_s_len)) != 0 ||
-	    (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 ||
-	    (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) {
+	    resp->sig_s, resp->sig_s_len)) != 0) {
 		debug("%s: buffer error: %s", __func__, ssh_err(r));
 		goto out;
 	}
-	if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0) {
+	if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
+	    (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
+	    (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
 		debug("%s: buffer error: %s", __func__, ssh_err(r));
 		goto out;
 	}

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list