Re: [PATCH] Early request for comments: U2F authentication

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



If I do that, EVP_VerifyFinal() will result in EVP_R_WRONG_PUBLIC_KEY_TYPE.

This is strange... I don't get any error here, though I use the (same?) ECDSA public key from the attestation certificate (using OpenSSL 1.0.1i, but that shouldn't matter).

Looking at the OpenSSL source, I can see that in crypto/evp/m_sha1.c, the
sha* digests are defined with EVP_PKEY_RSA_method, which requires an RSA
publickey, but we have an ECDSA publickey. The only digest working with
ECDSA publickeys is crypto/evp/m_ecdsa.c AFAICT.

Both EVP_PKEY_RSA_method and EVP_PKEY_ECDSA_method are #defined there as "EVP_PKEY_NULL_method". (don't ask me why... I don't understand most of that macro mess...)

Unfortunately not. Could you share the code that you have please? Or is it
not yet working?

Voila: https://github.com/keppler/fido-u2f/blob/master/fido-example.c
It uses the example messages from the official specs, so should be easy to reproduce.

If I'm wrong at any point there, please let me know.

Best regards

   -Klaus
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux