Mercurial > dropbear
comparison common-algo.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
| author | egor-duda <egor-duda@users.noreply.github.com> |
|---|---|
| date | Sat, 22 Jan 2022 16:53:04 +0300 |
| parents | 9efceb851bea |
| children | 8f28519e34b0 |
comparison
equal
deleted
inserted
replaced
| 1854:cba37fe1ddc8 | 1855:35d504d59c05 |
|---|---|
| 237 }; | 237 }; |
| 238 | 238 |
| 239 algo_type sigalgs[] = { | 239 algo_type sigalgs[] = { |
| 240 #if DROPBEAR_ED25519 | 240 #if DROPBEAR_ED25519 |
| 241 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, | 241 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, |
| 242 #if DROPBEAR_SK_ED25519 | |
| 243 {"[email protected]", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL}, | |
| 244 #endif | |
| 242 #endif | 245 #endif |
| 243 #if DROPBEAR_ECDSA | 246 #if DROPBEAR_ECDSA |
| 244 #if DROPBEAR_ECC_256 | 247 #if DROPBEAR_ECC_256 |
| 245 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNATURE_ECDSA_NISTP256, NULL, 1, NULL}, | 248 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNATURE_ECDSA_NISTP256, NULL, 1, NULL}, |
| 246 #endif | 249 #endif |
| 247 #if DROPBEAR_ECC_384 | 250 #if DROPBEAR_ECC_384 |
| 248 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNATURE_ECDSA_NISTP384, NULL, 1, NULL}, | 251 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNATURE_ECDSA_NISTP384, NULL, 1, NULL}, |
| 249 #endif | 252 #endif |
| 250 #if DROPBEAR_ECC_521 | 253 #if DROPBEAR_ECC_521 |
| 251 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, | 254 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, |
| 255 #endif | |
| 256 #if DROPBEAR_SK_ECDSA | |
| 257 {"[email protected]", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL}, | |
| 252 #endif | 258 #endif |
| 253 #endif | 259 #endif |
| 254 #if DROPBEAR_RSA | 260 #if DROPBEAR_RSA |
| 255 #if DROPBEAR_RSA_SHA256 | 261 #if DROPBEAR_RSA_SHA256 |
| 256 {"rsa-sha2-256", DROPBEAR_SIGNATURE_RSA_SHA256, NULL, 1, NULL}, | 262 {"rsa-sha2-256", DROPBEAR_SIGNATURE_RSA_SHA256, NULL, 1, NULL}, |