Mercurial > dropbear
diff ed25519.h @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | ba6fc7afe1c5 |
children |
line wrap: on
line diff
--- a/ed25519.h Sat Jan 22 12:46:08 2022 +0800 +++ b/ed25519.h Sat Jan 22 16:53:04 2022 +0300 @@ -27,6 +27,7 @@ #include "includes.h" #include "buffer.h" +#include "signkey.h" #if DROPBEAR_ED25519 @@ -43,7 +44,8 @@ #if DROPBEAR_SIGNKEY_VERIFY int buf_ed25519_verify(buffer * buf, const dropbear_ed25519_key *key, const buffer *data_buf); #endif -int buf_get_ed25519_pub_key(buffer* buf, dropbear_ed25519_key *key); +int buf_get_ed25519_pub_key(buffer *buf, dropbear_ed25519_key *key, + enum signkey_type expect_keytype); int buf_get_ed25519_priv_key(buffer* buf, dropbear_ed25519_key *key); void buf_put_ed25519_pub_key(buffer* buf, const dropbear_ed25519_key *key); void buf_put_ed25519_priv_key(buffer* buf, const dropbear_ed25519_key *key);