Mercurial > dropbear
comparison svr-runopts.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
| author | egor-duda <egor-duda@users.noreply.github.com> |
|---|---|
| date | Sat, 22 Jan 2022 16:53:04 +0300 |
| parents | 94dc11094e26 |
| children | 8f28519e34b0 |
comparison
equal
deleted
inserted
replaced
| 1854:cba37fe1ddc8 | 1855:35d504d59c05 |
|---|---|
| 666 disablekey(DROPBEAR_SIGNKEY_ED25519); | 666 disablekey(DROPBEAR_SIGNKEY_ED25519); |
| 667 } else { | 667 } else { |
| 668 any_keys = 1; | 668 any_keys = 1; |
| 669 } | 669 } |
| 670 #endif | 670 #endif |
| 671 #if DROPBEAR_SK_ECDSA | |
| 672 disablekey(DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256); | |
| 673 #endif | |
| 674 #if DROPBEAR_SK_ED25519 | |
| 675 disablekey(DROPBEAR_SIGNKEY_SK_ED25519); | |
| 676 #endif | |
| 671 | 677 |
| 672 if (!any_keys) { | 678 if (!any_keys) { |
| 673 dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey."); | 679 dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey."); |
| 674 } | 680 } |
| 675 } | 681 } |