If I do that, EVP_VerifyFinal() will result in EVP_R_WRONG_PUBLIC_KEY_TYPE.
This is strange... I don't get any error here, though I use the (same?)
ECDSA public key from the attestation certificate (using OpenSSL 1.0.1i,
but that shouldn't matter).
Looking at the OpenSSL source, I can see that in crypto/evp/m_sha1.c, the
sha* digests are defined with EVP_PKEY_RSA_method, which requires an RSA
publickey, but we have an ECDSA publickey. The only digest working with
ECDSA publickeys is crypto/evp/m_ecdsa.c AFAICT.
Both EVP_PKEY_RSA_method and EVP_PKEY_ECDSA_method are #defined there as
"EVP_PKEY_NULL_method". (don't ask me why... I don't understand most of
that macro mess...)
Unfortunately not. Could you share the code that you have please? Or is it
not yet working?
Voila: https://github.com/keppler/fido-u2f/blob/master/fido-example.c
It uses the example messages from the official specs, so should be easy
to reproduce.
If I'm wrong at any point there, please let me know.
Best regards
-Klaus
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev