diff options
author | egor-duda <egor-duda@users.noreply.github.com> | 2022-01-22 16:53:04 +0300 |
---|---|---|
committer | egor-duda <egor-duda@users.noreply.github.com> | 2022-01-22 16:53:04 +0300 |
commit | 9016cf65b88ec1d547341203567da37e4db88673 (patch) | |
tree | 88dbd6121f4a8afa349ccd792e381f1d1e1c43e6 /sk-ed25519.h | |
parent | beb2e6513ee3ee5c1627207a5dcf44d9c86953fe (diff) | |
download | dropbear-9016cf65b88ec1d547341203567da37e4db88673.tar.gz |
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <matt@codeconstruct.com.au>
Diffstat (limited to 'sk-ed25519.h')
-rw-r--r-- | sk-ed25519.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/sk-ed25519.h b/sk-ed25519.h new file mode 100644 index 0000000..ad8561e --- /dev/null +++ b/sk-ed25519.h @@ -0,0 +1,15 @@ +#ifndef DROPBEAR_SK_ED25519_H_ +#define DROPBEAR_SK_ED25519_H_ + +#include "includes.h" + +#if DROPBEAR_SK_ED25519 + +#include "buffer.h" +#include "ed25519.h" + +int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen); + +#endif + +#endif /* DROPBEAR_SK_ED25519_H_ */ |