Mercurial > dropbear
view libtomcrypt/tests/prng_test.c @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ #include <tomcrypt_test.h> #ifdef LTC_PRNG_ENABLE_LTC_RNG static unsigned long my_test_rng_read; static unsigned long my_test_rng(unsigned char *buf, unsigned long len, void (*callback)(void)) { unsigned long n; LTC_UNUSED_PARAM(callback); for (n = 0; n < len; ++n) { buf[n] = 4; } my_test_rng_read += n; return n; } #endif int prng_test(void) { int err = CRYPT_NOP; int x; unsigned char buf[4096] = { 0 }; unsigned long n, one; prng_state nprng; #ifdef LTC_PRNG_ENABLE_LTC_RNG unsigned long before; unsigned long (*previous)(unsigned char *, unsigned long , void (*)(void)) = ltc_rng; ltc_rng = my_test_rng; before = my_test_rng_read; if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) { fprintf(stderr, "rng_make_prng with 'my_test_rng' failed: %s\n", error_to_string(err)); exit(EXIT_FAILURE); } if (before == my_test_rng_read) { fprintf(stderr, "somehow there was no read from the ltc_rng! %lu == %lu\n", before, my_test_rng_read); exit(EXIT_FAILURE); } ltc_rng = previous; #endif /* test prngs (test, import/export) */ for (x = 0; prng_descriptor[x].name != NULL; x++) { if(strstr(prng_descriptor[x].name, "no_prng") == prng_descriptor[x].name) continue; err = CRYPT_OK; DOX(prng_descriptor[x].test(), prng_descriptor[x].name); DOX(prng_descriptor[x].start(&nprng), prng_descriptor[x].name); DOX(prng_descriptor[x].add_entropy((unsigned char *)"helloworld12", 12, &nprng), prng_descriptor[x].name); DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name); n = sizeof(buf); if (strcmp(prng_descriptor[x].name, "sprng")) { one = 1; if (prng_descriptor[x].pexport(buf, &one, &nprng) != CRYPT_BUFFER_OVERFLOW) { fprintf(stderr, "Error testing pexport with a short buffer (%s)\n", prng_descriptor[x].name); return CRYPT_ERROR; } } DOX(prng_descriptor[x].pexport(buf, &n, &nprng), prng_descriptor[x].name); prng_descriptor[x].done(&nprng); DOX(prng_descriptor[x].pimport(buf, n, &nprng), prng_descriptor[x].name); DOX(prng_descriptor[x].pimport(buf, 4096, &nprng), prng_descriptor[x].name); /* try to import larger data */ DOX(prng_descriptor[x].ready(&nprng), prng_descriptor[x].name); if (prng_descriptor[x].read(buf, 100, &nprng) != 100) { fprintf(stderr, "Error reading from imported PRNG (%s)!\n", prng_descriptor[x].name); return CRYPT_ERROR; } prng_descriptor[x].done(&nprng); } return err; } /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */