[PATCH] Early request for comments: U2F authentication

Michael Stapelberg stapelberg+openssh at google.com
Fri Dec 19 21:17:42 EST 2014


Thanks for the demo program, that helps.

Turns out the OpenSSL version I was using was too old, and when upgrading
to 1.0.1j, your suggestion (and demo program) work fine.

I’ve attached a patch to fix my code.

On Mon, Dec 15, 2014 at 2:23 PM, Klaus Keppler <kk at keppler-it.de> wrote:
>
> If I do that, EVP_VerifyFinal() will result in EVP_R_WRONG_PUBLIC_KEY_TYPE.
>>
>
> This is strange... I don't get any error here, though I use the (same?)
> ECDSA public key from the attestation certificate (using OpenSSL 1.0.1i,
> but that shouldn't matter).
>
>  Looking at the OpenSSL source, I can see that in crypto/evp/m_sha1.c, the
>> sha* digests are defined with EVP_PKEY_RSA_method, which requires an RSA
>> publickey, but we have an ECDSA publickey. The only digest working with
>> ECDSA publickeys is crypto/evp/m_ecdsa.c AFAICT.
>>
>
> Both EVP_PKEY_RSA_method and EVP_PKEY_ECDSA_method are #defined there as
> "EVP_PKEY_NULL_method". (don't ask me why... I don't understand most of
> that macro mess...)
>
>  Unfortunately not. Could you share the code that you have please? Or is it
>> not yet working?
>>
>
> Voila: https://github.com/keppler/fido-u2f/blob/master/fido-example.c
> It uses the example messages from the official specs, so should be easy to
> reproduce.
>
> If I'm wrong at any point there, please let me know.
>
> Best regards
>
>    -Klaus
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Bugfix-use-EVP_sha256-properly-check-verification-re.patch
Type: text/x-patch
Size: 2083 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141219/e2e3d036/attachment.bin>


More information about the openssh-unix-dev mailing list