Mercurial > dropbear
view libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <matt@codeconstruct.com.au>
| author | egor-duda <egor-duda@users.noreply.github.com> |
|---|---|
| date | Sat, 22 Jan 2022 16:53:04 +0300 (2022-01-22) |
| parents | 6dba84798cd5 |
| children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ #include "tomcrypt.h" /** @file der_encode_utf8_string.c ASN.1 DER, encode a UTF8 STRING, Tom St Denis */ #ifdef LTC_DER /** Store an UTF8 STRING @param in The array of UTF8 to store (one per wchar_t) @param inlen The number of UTF8 to store @param out [out] The destination for the DER encoded UTF8 STRING @param outlen [in/out] The max size and resulting size of the DER UTF8 STRING @return CRYPT_OK if successful */ int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { unsigned long x, y, len; LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); /* get the size */ for (x = len = 0; x < inlen; x++) { if (!der_utf8_valid_char(in[x])) return CRYPT_INVALID_ARG; len += der_utf8_charsize(in[x]); } if (len < 128) { y = 2 + len; } else if (len < 256) { y = 3 + len; } else if (len < 65536UL) { y = 4 + len; } else if (len < 16777216UL) { y = 5 + len; } else { return CRYPT_INVALID_ARG; } /* too big? */ if (y > *outlen) { *outlen = y; return CRYPT_BUFFER_OVERFLOW; } /* encode the header+len */ x = 0; out[x++] = 0x0C; if (len < 128) { out[x++] = (unsigned char)len; } else if (len < 256) { out[x++] = 0x81; out[x++] = (unsigned char)len; } else if (len < 65536UL) { out[x++] = 0x82; out[x++] = (unsigned char)((len>>8)&255); out[x++] = (unsigned char)(len&255); } else if (len < 16777216UL) { out[x++] = 0x83; out[x++] = (unsigned char)((len>>16)&255); out[x++] = (unsigned char)((len>>8)&255); out[x++] = (unsigned char)(len&255); } else { /* coverity[dead_error_line] */ return CRYPT_INVALID_ARG; } /* store UTF8 */ for (y = 0; y < inlen; y++) { switch (der_utf8_charsize(in[y])) { case 1: out[x++] = (unsigned char)in[y]; break; case 2: out[x++] = 0xC0 | ((in[y] >> 6) & 0x1F); out[x++] = 0x80 | (in[y] & 0x3F); break; case 3: out[x++] = 0xE0 | ((in[y] >> 12) & 0x0F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break; #if !defined(LTC_WCHAR_MAX) || LTC_WCHAR_MAX > 0xFFFF case 4: out[x++] = 0xF0 | ((in[y] >> 18) & 0x07); out[x++] = 0x80 | ((in[y] >> 12) & 0x3F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break; #endif } } /* retun length */ *outlen = x; return CRYPT_OK; } #endif /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */