Works

main/idf_component.yml

@@ -4,5 +4,5 @@ dependencies:
     version: ">=4.1.0"
   esp-cryptoauthlib:
     git: https://github.com/espressif/esp-cryptoauthlib.git
-  esp-idf-ssh-client:
-    git: https://gitlab.com/ch405labs/ch405labs_esp_libssh2.git
+  libssh2_esp:
+    git: https://github.com/skuodi/libssh2_esp.git

main/zk_auth.h

@@ -125,62 +125,26 @@ public:
     uint8_t digest[32];
     uint8_t raw_sig[64];
 
-    printf("\n--- SSH SIGNATURE DIAGNOSTICS ---\n");
+    // 1. Hash the fully assembled challenge buffer provided by libssh2
+    mbedtls_sha256(data, data_len, digest, 0);
 
-    // 1. Hash the challenge and strictly check for failure
-    int hash_err = mbedtls_sha256(data, data_len, digest, 0);
-    if (hash_err != 0) {
-      printf("CRITICAL: mbedtls_sha256 failed with code %d\n", hash_err);
-      return -1;
-    }
-
-    printf("SHA-256 Digest: ");
-    for (int i = 0; i < 32; i++)
-      printf("%02x", digest[i]);
-    printf("\n");
-
-    // 2. Request the signature from the secure element
-    if (atcab_sign(0, digest, raw_sig) != ATCA_SUCCESS) {
+    // 2. Request signature from the ATECC608B
+    if (atcab_sign(0x0, digest, raw_sig) != ATCA_SUCCESS) {
       printf("CRITICAL: ATECC608B Signing Failed!\n");
       return -1;
     }
 
-    printf("Raw Sig R: ");
-    for (int i = 0; i < 32; i++)
-      printf("%02x", raw_sig[i]);
-    printf("\nRaw Sig S: ");
-    for (int i = 32; i < 64; i++)
-      printf("%02x", raw_sig[i]);
-    printf("\n---------------------------------\n");
-
-    // 3. Allocate and format (Identical to previous step)
-    unsigned char *buf = (unsigned char *)malloc(150);
+    // 3. Allocate memory JUST for the two mathematical integers (max ~74 bytes)
+    unsigned char *buf = (unsigned char *)malloc(80);
     if (!buf)
       return -1;
 
+    // 4. Format strictly as [mpint R] [mpint S]. NO outer strings!
     uint32_t offset = 0;
-    const char *type = "ecdsa-sha2-nistp256";
-    uint32_t type_len = 19;
-
-    buf[offset++] = (type_len >> 24) & 0xFF;
-    buf[offset++] = (type_len >> 16) & 0xFF;
-    buf[offset++] = (type_len >> 8) & 0xFF;
-    buf[offset++] = type_len & 0xFF;
-    memcpy(&buf[offset], type, type_len);
-    offset += type_len;
-
-    uint32_t inner_len_idx = offset;
-    offset += 4;
-
-    offset += write_mpint(&buf[offset], &raw_sig[0], 32);  // R
-    offset += write_mpint(&buf[offset], &raw_sig[32], 32); // S
-
-    uint32_t inner_len = offset - inner_len_idx - 4;
-    buf[inner_len_idx] = (inner_len >> 24) & 0xFF;
-    buf[inner_len_idx + 1] = (inner_len >> 16) & 0xFF;
-    buf[inner_len_idx + 2] = (inner_len >> 8) & 0xFF;
-    buf[inner_len_idx + 3] = inner_len & 0xFF;
+    offset += write_mpint(&buf[offset], &raw_sig[0], 32);  // Format R
+    offset += write_mpint(&buf[offset], &raw_sig[32], 32); // Format S
 
+    // Hand ownership to libssh2
     *sig = buf;
     *sig_len = offset;