Mercurial > dropbear
view libtomcrypt/src/mac/omac/omac_process.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ #include "tomcrypt.h" /** @file omac_process.c OMAC1 support, process data, Tom St Denis */ #ifdef LTC_OMAC /** Process data through OMAC @param omac The OMAC state @param in The input data to send through OMAC @param inlen The length of the input (octets) @return CRYPT_OK if successful */ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) { unsigned long n, x; int err; LTC_ARGCHK(omac != NULL); LTC_ARGCHK(in != NULL); if ((err = cipher_is_valid(omac->cipher_idx)) != CRYPT_OK) { return err; } if ((omac->buflen > (int)sizeof(omac->block)) || (omac->buflen < 0) || (omac->blklen > (int)sizeof(omac->block)) || (omac->buflen > omac->blklen)) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST { unsigned long blklen = cipher_descriptor[omac->cipher_idx].block_length; if (omac->buflen == 0 && inlen > blklen) { unsigned long y; for (x = 0; x < (inlen - blklen); x += blklen) { for (y = 0; y < blklen; y += sizeof(LTC_FAST_TYPE)) { *(LTC_FAST_TYPE_PTR_CAST(&omac->prev[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&in[y])); } in += blklen; if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) { return err; } } inlen -= x; } } #endif while (inlen != 0) { /* ok if the block is full we xor in prev, encrypt and replace prev */ if (omac->buflen == omac->blklen) { for (x = 0; x < (unsigned long)omac->blklen; x++) { omac->block[x] ^= omac->prev[x]; } if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->prev, &omac->key)) != CRYPT_OK) { return err; } omac->buflen = 0; } /* add bytes */ n = MIN(inlen, (unsigned long)(omac->blklen - omac->buflen)); XMEMCPY(omac->block + omac->buflen, in, n); omac->buflen += n; inlen -= n; in += n; } return CRYPT_OK; } #endif /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */