From a64d5d41d7c37f48946b74c40eba9cb4b4b0c051 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Thu, 9 Apr 2020 15:56:23 +0200
Subject: [PATCH] accept the algorithm identifier used by OpenSSH

---
 src/ctap/data_formats.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/ctap/data_formats.rs b/src/ctap/data_formats.rs
index 5049d1c..3a2bed9 100644
--- a/src/ctap/data_formats.rs
+++ b/src/ctap/data_formats.rs
@@ -462,6 +462,8 @@ pub struct CoseKey(pub BTreeMap<cbor::KeyType, cbor::Value>);
 // here: https://www.iana.org/assignments/cose/cose.xhtml#algorithms
 // In fact, this is just used for compatibility with older specification versions.
 const ECDH_ALGORITHM: i64 = -25;
+// This is the identifier used by OpenSSH. To be compatible, we accept both.
+const ES256_ALGORITHM: i64 = -7;
 const EC2_KEY_TYPE: i64 = 2;
 const P_256_CURVE: i64 = 1;
 
@@ -497,7 +499,7 @@ impl TryFrom<CoseKey> for ecdh::PubKey {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
         let algorithm = read_integer(ok_or_missing(cose_key.0.get(&cbor_int!(3)))?)?;
-        if algorithm != ECDH_ALGORITHM {
+        if algorithm != ECDH_ALGORITHM && algorithm != ES256_ALGORITHM {
             return Err(Ctap2StatusCode::CTAP2_ERR_UNSUPPORTED_ALGORITHM);
         }
         let curve = read_integer(ok_or_missing(cose_key.0.get(&cbor_int!(-1)))?)?;
-- 
GitLab