ECDSA signature verification fails

[codeglobally]

Describe the bug
Signature verification fails when using ECDSA keys, either SECP356R1 or SECP256K1. RSA and EdDSA based keys verify as expected.

To Reproduce
Execute the following commands replacing 'node' with the target host, 'identifier' with the network identifier created with ECDSA keys. Follow standard CCF member authentication for 'service_cert', 'signing_key_pem' and 'signing_cert_pem'.

./scurl.sh https://<node>/app/identifiers/<identifier/signature/sign --cacert <service_cert> --signing-key <signing_key_pem> --signing-cert <signing_cert_pem> -H "content-type: plain/text" --data "Text to sign" -X POST | jq

./scurl.sh https://<node>/app/identifiers/<identifier>/signature/sign --cacert <service_cert> --signing-key <signing_key_pem> --signing-cert <signing_cert_pem> -H "content-type: plain/text" -d '{"payload":"Text to sign","signer":"<identifier>", "signature":"<signature>"}' -X POST

Expected behavior
Signature verification should return true.

[codeglobally]

This has been identified as a crypto bug in CCF. Will wait for the fix before intercepting.

[achamayou]

Flagged under microsoft/CCF#4816, fixed by microsoft/CCF#4829 and released in https://github.com/microsoft/CCF/releases/tag/ccf-3.0.4.

[codeglobally]

Thank you @achamayou