Mercurial > dropbear
comparison common-algo.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 9efceb851bea |
children | 8f28519e34b0 |
comparison
equal
deleted
inserted
replaced
1854:cba37fe1ddc8 | 1855:35d504d59c05 |
---|---|
237 }; | 237 }; |
238 | 238 |
239 algo_type sigalgs[] = { | 239 algo_type sigalgs[] = { |
240 #if DROPBEAR_ED25519 | 240 #if DROPBEAR_ED25519 |
241 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, | 241 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, |
242 #if DROPBEAR_SK_ED25519 | |
243 {"[email protected]", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL}, | |
244 #endif | |
242 #endif | 245 #endif |
243 #if DROPBEAR_ECDSA | 246 #if DROPBEAR_ECDSA |
244 #if DROPBEAR_ECC_256 | 247 #if DROPBEAR_ECC_256 |
245 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNATURE_ECDSA_NISTP256, NULL, 1, NULL}, | 248 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNATURE_ECDSA_NISTP256, NULL, 1, NULL}, |
246 #endif | 249 #endif |
247 #if DROPBEAR_ECC_384 | 250 #if DROPBEAR_ECC_384 |
248 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNATURE_ECDSA_NISTP384, NULL, 1, NULL}, | 251 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNATURE_ECDSA_NISTP384, NULL, 1, NULL}, |
249 #endif | 252 #endif |
250 #if DROPBEAR_ECC_521 | 253 #if DROPBEAR_ECC_521 |
251 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, | 254 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, |
255 #endif | |
256 #if DROPBEAR_SK_ECDSA | |
257 {"[email protected]", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL}, | |
252 #endif | 258 #endif |
253 #endif | 259 #endif |
254 #if DROPBEAR_RSA | 260 #if DROPBEAR_RSA |
255 #if DROPBEAR_RSA_SHA256 | 261 #if DROPBEAR_RSA_SHA256 |
256 {"rsa-sha2-256", DROPBEAR_SIGNATURE_RSA_SHA256, NULL, 1, NULL}, | 262 {"rsa-sha2-256", DROPBEAR_SIGNATURE_RSA_SHA256, NULL, 1, NULL}, |