From 73f538dd0e2c95a0cd6ac29570b5dc4153ee2ab2 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Sat, 20 Apr 2019 16:37:54 -0700 Subject: [PATCH] Fix COSE type of key-agreement keys. The key-agreement keys in the PIN protocol use COSE type -25. I'm not sure if that's written down anywhere, but it's what everything else does and it's an ECDH type rather than an ECDSA type. --- fido2/cose_key.h | 4 ++-- fido2/ctap.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fido2/cose_key.h b/fido2/cose_key.h index 4750c31..6056f02 100644 --- a/fido2/cose_key.h +++ b/fido2/cose_key.h @@ -16,7 +16,7 @@ #define COSE_KEY_KTY_EC2 2 #define COSE_KEY_CRV_P256 1 - -#define COSE_ALG_ES256 -7 +#define COSE_ALG_ES256 -7 +#define COSE_ALG_ECDH_ES_HKDF_256 -25 #endif diff --git a/fido2/ctap.c b/fido2/ctap.c index 83bfbba..6d18464 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1476,7 +1476,7 @@ uint8_t ctap_client_pin(CborEncoder * encoder, uint8_t * request, int length) ret = cbor_encode_int(&map, RESP_keyAgreement); check_ret(ret); - ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ES256); + ret = ctap_add_cose_key(&map, KEY_AGREEMENT_PUB, KEY_AGREEMENT_PUB+32, PUB_KEY_CRED_PUB_KEY, COSE_ALG_ECDH_ES_HKDF_256); check_retr(ret); break;