[PATCH] Early request for comments: U2F authentication
Klaus Keppler
kk at keppler-it.de
Mon Dec 15 09:42:01 EST 2014
> I’ve spent some time (together with Christian and Thomas) hacking on
> U2F support in OpenSSH, and I’m happy to provide a first patch — it’s
> not complete, but it should be good enough to get the discussion going
> :). Please see the two attached files for the patch.
This is great - I'm looking forward to it! :)
I've implemented U2F into another (C-based) application these days.
While searching for some relevant OpenSSL-specific "help" I stumbled
upon your OpenSSH patch.
I think there's a small bug:
> + if ((err = EVP_VerifyInit(&mdctx, EVP_ecdsa())) != 1) {
> + ERR_error_string(ERR_get_error(), errorbuf);
> + fatal("EVP_VerifyInit() failed: %s (reason: %s)",
> + errorbuf, ERR_reason_error_string(err));
You should use "EVP_sha256()" instead of "EVP_ecdsa()" here (we have a
ECDSA signature on the SHA256 hash)
> + if ((err = EVP_VerifyFinal(&mdctx, walk, restlen, pkey)) == -1) {
> + ERR_error_string(ERR_get_error(), errorbuf);
> + error("Verifying the U2F registration signature failed: %s (reason: %s)",
> + errorbuf, ERR_reason_error_string(err));
> + goto out;
> + }
You test EVP_VerifyFinal() only against "-1". This catches OpenSSL
library errors and such. But if the signature check itself fails, you
get "0". So, the only valid result here should be "1".
When you change EVP_ecdsa() to EVP_sha256() above, EVP_VerifyFinal()
should return "1" on valid data.
Best regards
-Klaus
More information about the openssh-unix-dev
mailing list