Mercurial > dropbear
view libtomcrypt/src/mac/pmac/pmac_done.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ #include "tomcrypt.h" /** @file pmac_done.c PMAC implementation, terminate a session, by Tom St Denis */ #ifdef LTC_PMAC int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen) { int err, x; LTC_ARGCHK(state != NULL); LTC_ARGCHK(out != NULL); if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) { return err; } if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) || (state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) { return CRYPT_INVALID_ARG; } /* handle padding. If multiple xor in L/x */ if (state->buflen == state->block_len) { /* xor Lr against the checksum */ for (x = 0; x < state->block_len; x++) { state->checksum[x] ^= state->block[x] ^ state->Lr[x]; } } else { /* otherwise xor message bytes then the 0x80 byte */ for (x = 0; x < state->buflen; x++) { state->checksum[x] ^= state->block[x]; } state->checksum[x] ^= 0x80; } /* encrypt it */ if ((err = cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key)) != CRYPT_OK) { return err; } cipher_descriptor[state->cipher_idx].done(&state->key); /* store it */ for (x = 0; x < state->block_len && x < (int)*outlen; x++) { out[x] = state->checksum[x]; } *outlen = x; #ifdef LTC_CLEAN_STACK zeromem(state, sizeof(*state)); #endif return CRYPT_OK; } #endif /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */