[PATCH] Early request for comments: U2F authentication
Klaus Keppler
kk at keppler-it.de
Tue Dec 16 09:23:16 EST 2014
> If I do that, EVP_VerifyFinal() will result in EVP_R_WRONG_PUBLIC_KEY_TYPE.
This is strange... I don't get any error here, though I use the (same?)
ECDSA public key from the attestation certificate (using OpenSSL 1.0.1i,
but that shouldn't matter).
> Looking at the OpenSSL source, I can see that in crypto/evp/m_sha1.c, the
> sha* digests are defined with EVP_PKEY_RSA_method, which requires an RSA
> publickey, but we have an ECDSA publickey. The only digest working with
> ECDSA publickeys is crypto/evp/m_ecdsa.c AFAICT.
Both EVP_PKEY_RSA_method and EVP_PKEY_ECDSA_method are #defined there as
"EVP_PKEY_NULL_method". (don't ask me why... I don't understand most of
that macro mess...)
> Unfortunately not. Could you share the code that you have please? Or is it
> not yet working?
Voila: https://github.com/keppler/fido-u2f/blob/master/fido-example.c
It uses the example messages from the official specs, so should be easy
to reproduce.
If I'm wrong at any point there, please let me know.
Best regards
-Klaus
More information about the openssh-unix-dev
mailing list