Mercurial > dropbear
comparison sysoptions.h @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 94dc11094e26 |
children | 2b3a8026a6ce |
comparison
equal
deleted
inserted
replaced
1854:cba37fe1ddc8 | 1855:35d504d59c05 |
---|---|
93 If a longer password is allowed Dropbear cannot compensate | 93 If a longer password is allowed Dropbear cannot compensate |
94 for the crypt time which will expose which usernames exist */ | 94 for the crypt time which will expose which usernames exist */ |
95 #define DROPBEAR_MAX_PASSWORD_LEN 100 | 95 #define DROPBEAR_MAX_PASSWORD_LEN 100 |
96 | 96 |
97 #define SHA1_HASH_SIZE 20 | 97 #define SHA1_HASH_SIZE 20 |
98 #define SHA256_HASH_SIZE 32 | |
98 #define MD5_HASH_SIZE 16 | 99 #define MD5_HASH_SIZE 16 |
99 #define MAX_HASH_SIZE 64 /* sha512 */ | 100 #define MAX_HASH_SIZE 64 /* sha512 */ |
100 | 101 |
101 #if DROPBEAR_CHACHA20POLY1305 | 102 #if DROPBEAR_CHACHA20POLY1305 |
102 #define MAX_KEY_LEN 64 /* 2 x 256 bits for chacha20 */ | 103 #define MAX_KEY_LEN 64 /* 2 x 256 bits for chacha20 */ |