Mercurial > dropbear
view ecc.h @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | d68d61e7056a |
children |
line wrap: on
line source
#ifndef DROPBEAR_DROPBEAR_ECC_H #define DROPBEAR_DROPBEAR_ECC_H #include "includes.h" #include "buffer.h" #if DROPBEAR_ECC struct dropbear_ecc_curve { int ltc_size; /* to match the byte sizes in ltc_ecc_sets[] */ const ltc_ecc_set_type *dp; /* curve domain parameters */ const struct ltc_hash_descriptor *hash_desc; const char *name; }; extern struct dropbear_ecc_curve ecc_curve_nistp256; extern struct dropbear_ecc_curve ecc_curve_nistp384; extern struct dropbear_ecc_curve ecc_curve_nistp521; extern struct dropbear_ecc_curve *dropbear_ecc_curves[]; void dropbear_ecc_fill_dp(void); struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp); /* "pubkey" refers to a point, but LTC uses ecc_key structure for both public and private keys */ void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key); ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve); int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key); mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, const ecc_key *priv_key); #endif #endif /* DROPBEAR_DROPBEAR_ECC_H */