[Bug 2319] [PATCH REVIEW] U2F authentication

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jan 9 09:30:49 AEDT 2015 

https://bugzilla.mindrot.org/show_bug.cgi?id=2319

--- Comment #6 from Michael Stapelberg <michael+mindrot at stapelberg.de> ---
(In reply to Damien Miller from comment #5)
> (In reply to Michael Stapelberg from comment #3)
> > (In reply to Damien Miller from comment #2)
> > > I think it is best that you start with a description of the "u2f"
> > > authentication method protocol - it's much better to review that the
> > > protocol is sound before looking at the implementation. Could you
> > > write this up?
> > 
> > From that comment it sounds like there is some misunderstanding here
> > :).
> > 
> > U2F stands for Universal Second Factor, see also
> > http://en.wikipedia.org/wiki/Universal_2nd_Factor
> > 
> > You can find the protocol specification on
> > http://fidoalliance.org/specifications/download/
> > 
> > I’ve done a presentation at our local computer club, you can find
> > the slides here:
> > https://www.noname-ev.de/w/File:C14h-u2f-how-security-keys-work.pdf
> > — they contain a pretty high-level and easy to understand
> > description of U2F.
> > 
> > Is that what you were looking for? If not, let me know :).
> 
> No, I'm looking for a description of what goes on the wire for SSH.
> Like what RFC4252 does for the existing SSH authentication methods.

Ah, I see. Here goes:

When the client starts the u2f authentication, it sends:

   byte      SSH_MSG_USERAUTH_REQUEST
   string    user name in ISO-10646 UTF-8 encoding [RFC3629]
   string    service name in US-ASCII
   string    method name in US-ASCII
   uint32    U2F mode (authentication or registration)

1) In case the client requests registration, the server replies with:

   byte      SSH2_MSG_USERAUTH_INFO_REQUEST
   string    RegisterRequest

Where RegisterRequest is specified in
http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-registerrequest-members

After sending 'RegisterRequest' to the U2F security key, the client
sends back the security key’s response (see
http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-registerresponse-members):

   byte      SSH2_MSG_USERAUTH_INFO_RESPONSE
   string    RegisterResponse

Once the server verified the 'RegisterResponse' indeed signed the
original challenge, it extracts the user’s U2F public key and sends
back a ssh-u2f key line which the user should add to her
authorized_keys file:

   byte      SSH2_MSG_USERAUTH_INFO_REQUEST
   string    authorizedKey

2) In case the client requests authentication, the server replies with:

   byte      SSH2_MSG_USERAUTH_INFO_REQUEST
   string    SignRequest

After sending 'SignRequest' (see
http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-signrequest-members)
to the U2F security key, the client sends back the security key’s
response:

   byte      SSH2_MSG_USERAUTH_INFO_RESPONSE
   string    SignResponse

The authentication is successful if the server successfully verifies
that the signature on the 'SignResponse' was created with the formerly
registered public key.



As you can see, the protocol on the wire is fairly simple — I just
follow the JavaScript API because that is what libu2f-host expects.

Hope that helps, let me know if you have more questions.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list