Mercurial > dropbear
comparison sk-ecdsa.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
| author | egor-duda <egor-duda@users.noreply.github.com> |
|---|---|
| date | Sat, 22 Jan 2022 16:53:04 +0300 |
| parents | |
| children | 333688ec53d0 |
comparison
equal
deleted
inserted
replaced
| 1854:cba37fe1ddc8 | 1855:35d504d59c05 |
|---|---|
| 1 #include "includes.h" | |
| 2 | |
| 3 #if DROPBEAR_SK_ECDSA | |
| 4 | |
| 5 #include "dbutil.h" | |
| 6 #include "ecc.h" | |
| 7 #include "ecdsa.h" | |
| 8 #include "sk-ecdsa.h" | |
| 9 | |
| 10 int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen) { | |
| 11 hash_state hs; | |
| 12 unsigned char subhash[SHA256_HASH_SIZE]; | |
| 13 buffer *sk_buffer = NULL, *sig_buffer = NULL; | |
| 14 unsigned char flags; | |
| 15 unsigned int counter; | |
| 16 int ret; | |
| 17 | |
| 18 TRACE(("buf_sk_ecdsa_verify")) | |
| 19 | |
| 20 /* from https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f */ | |
| 21 /* ecdsa signature to verify (r, s) */ | |
| 22 sig_buffer = buf_getbuf(buf); | |
| 23 | |
| 24 flags = buf_getbyte (buf); | |
| 25 counter = buf_getint (buf); | |
| 26 /* create the message to be signed */ | |
| 27 sk_buffer = buf_new (2*SHA256_HASH_SIZE+5); | |
| 28 sha256_init (&hs); | |
| 29 sha256_process (&hs, app, applen); | |
| 30 sha256_done (&hs, subhash); | |
| 31 buf_putbytes (sk_buffer, subhash, sizeof (subhash)); | |
| 32 buf_putbyte (sk_buffer, flags); | |
| 33 buf_putint (sk_buffer, counter); | |
| 34 sha256_init (&hs); | |
| 35 sha256_process (&hs, data_buf->data, data_buf->len); | |
| 36 sha256_done (&hs, subhash); | |
| 37 buf_putbytes (sk_buffer, subhash, sizeof (subhash)); | |
| 38 | |
| 39 ret = buf_ecdsa_verify(sig_buffer, key, sk_buffer); | |
| 40 buf_free(sk_buffer); | |
| 41 buf_free(sig_buffer); | |
| 42 | |
| 43 TRACE(("leave buf_sk_ecdsa_verify, ret=%d", ret)) | |
| 44 return ret; | |
| 45 } | |
| 46 | |
| 47 #endif /* DROPBEAR_SK_ECDSA */ |