Mercurial > dropbear
comparison sk-ecdsa.h @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
| author | egor-duda <egor-duda@users.noreply.github.com> |
|---|---|
| date | Sat, 22 Jan 2022 16:53:04 +0300 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1854:cba37fe1ddc8 | 1855:35d504d59c05 |
|---|---|
| 1 #ifndef DROPBEAR_SK_ECDSA_H_ | |
| 2 #define DROPBEAR_SK_ECDSA_H_ | |
| 3 | |
| 4 #include "includes.h" | |
| 5 | |
| 6 #if DROPBEAR_SK_ECDSA | |
| 7 | |
| 8 #include "buffer.h" | |
| 9 #include "signkey.h" | |
| 10 | |
| 11 int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen); | |
| 12 | |
| 13 #endif | |
| 14 | |
| 15 #endif /* DROPBEAR_SK_ECDSA_H_ */ |