BerriJ/keypitecc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Works

Browse Source
This commit is contained in:
Jonathan Berrisch
2026-02-28 16:26:09 +01:00
parent 92f6c80b55
commit 694ced6e38
4 changed files with 26 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
main/zk_auth.h
View File

@@ -125,62 +125,26 @@ public:
uint8_t digest[32];
uint8_t raw_sig[64];
printf("\n--- SSH SIGNATURE DIAGNOSTICS ---\n");
// 1. Hash the fully assembled challenge buffer provided by libssh2
mbedtls_sha256(data, data_len, digest, 0);
// 1. Hash the challenge and strictly check for failure
int hash_err = mbedtls_sha256(data, data_len, digest, 0);
if (hash_err != 0) {
printf("CRITICAL: mbedtls_sha256 failed with code %d\n", hash_err);
return -1;
}
printf("SHA-256 Digest: ");
for (int i = 0; i < 32; i++)
printf("%02x", digest[i]);
printf("\n");
// 2. Request the signature from the secure element
if (atcab_sign(0, digest, raw_sig) != ATCA_SUCCESS) {
// 2. Request signature from the ATECC608B
if (atcab_sign(0x0, digest, raw_sig) != ATCA_SUCCESS) {
printf("CRITICAL: ATECC608B Signing Failed!\n");
return -1;
}
printf("Raw Sig R: ");
for (int i = 0; i < 32; i++)
printf("%02x", raw_sig[i]);
printf("\nRaw Sig S: ");
for (int i = 32; i < 64; i++)
printf("%02x", raw_sig[i]);
printf("\n---------------------------------\n");
// 3. Allocate and format (Identical to previous step)
unsigned char *buf = (unsigned char *)malloc(150);
// 3. Allocate memory JUST for the two mathematical integers (max ~74 bytes)
unsigned char *buf = (unsigned char *)malloc(80);
if (!buf)
return -1;
// 4. Format strictly as [mpint R] [mpint S]. NO outer strings!
uint32_t offset = 0;
const char *type = "ecdsa-sha2-nistp256";
uint32_t type_len = 19;
buf[offset++] = (type_len >> 24) & 0xFF;
buf[offset++] = (type_len >> 16) & 0xFF;
buf[offset++] = (type_len >> 8) & 0xFF;
buf[offset++] = type_len & 0xFF;
memcpy(&buf[offset], type, type_len);
offset += type_len;
uint32_t inner_len_idx = offset;
offset += 4;
offset += write_mpint(&buf[offset], &raw_sig[0], 32); // R
offset += write_mpint(&buf[offset], &raw_sig[32], 32); // S
uint32_t inner_len = offset - inner_len_idx - 4;
buf[inner_len_idx] = (inner_len >> 24) & 0xFF;
buf[inner_len_idx + 1] = (inner_len >> 16) & 0xFF;
buf[inner_len_idx + 2] = (inner_len >> 8) & 0xFF;
buf[inner_len_idx + 3] = inner_len & 0xFF;
offset += write_mpint(&buf[offset], &raw_sig[0], 32); // Format R
offset += write_mpint(&buf[offset], &raw_sig[32], 32); // Format S
// Hand ownership to libssh2
*sig = buf;
*sig_len = offset;