I am implementing U2F in python.
I registered a u2f device, send a challenge and I am getting the response.
I run my unittest against the values from
https://fidoalliance.org/specs/fido-u2f ... on-example
which works out fine.
They give an example signature like:
"304402204b5f0cd17534cedd8c34ee09570ef542a353df4436030ce43d406de870b847780220267bb998fac9b7266eb60e7cb0b5eabdfd5ba9614f53c7b22272ec10047a923f"
To my understanding this is DER encoded.
which is very well explained here
http://crypto.stackexchange.com/questio ... e-to-asn-1
So after the first byte 0x32 I get 0x44, which is 68 (minus the 4 bytes markes and length) I get a raw signature length of 64 bytes.
I am using python-edcsa. Putting this into my code
Code:
vkey = ecdsa.VerifyingKey.from_string(user_pub_key_bin,
curve=ecdsa.NIST256p,
hashfunc=sha256)
vkey.verify(signature_bin_asn, input_data)
works out just fine.
Great. Now going live. I registered the blue yubikey u2f and am now doing a challenge request.
The response gives me this signature:
'3046022100ff57770dfcdf1bcb80f303459215a23577b3fcffcf48ce70c589cd5620b3524c022100daa4ed2727477b95a91185fc30aa7488a47370cf4a3551c208e6709b445bc2a4'
The second byte gives me a remaining length of 70 bytes and I end up with a raw signature length of 66 bytes.
Is this really correct?
Feeding this into python-edcsa gives me an assertion, since it expects a signature length of 64.
Thanks for any insight.
Kind regards
CorneliusStatistics: Posted by corny — Tue Sep 29, 2015 2:41 pm
]]>