Mercurial > dropbear

view sk-ed25519.c @ 1857:6022df862942

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use DSCP for IP QoS traffic classes The previous TOS values are deprecated and not used by modern traffic classifiers. This sets AF21 for "interactive" traffic (with a tty). Non-tty traffic sets AF11 - that indicates high throughput but is not lowest priority (which would be CS1 or LE). This differs from the CS1 used by OpenSSH, it lets interactive git over SSH have higher priority than background least effort traffic. Dropbear's settings here should be suitable with the diffservs used by CAKE qdisc.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 25 Jan 2022 17:32:20 +0800
parents 35d504d59c05
children 333688ec53d0
line wrap: on
line source

#include "includes.h"

#if DROPBEAR_SK_ED25519

#include "dbutil.h"
#include "buffer.h"
#include "curve25519.h"
#include "ed25519.h"

int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen) {

	int ret = DROPBEAR_FAILURE;
	unsigned char *s;
	unsigned long slen;
	hash_state hs;
	unsigned char hash[SHA256_HASH_SIZE];
	buffer *sk_buffer = NULL;
	unsigned char flags;
	unsigned int counter;

	TRACE(("enter buf_sk_ed25519_verify"))
	dropbear_assert(key != NULL);

	slen = buf_getint(buf);
	if (slen != 64 || buf->len - buf->pos < slen) {
		TRACE(("leave buf_sk_ed25519_verify: bad size"))
		goto out;
	}
	s = buf_getptr(buf, slen);
	buf_incrpos(buf, slen);

	flags = buf_getbyte (buf);
	counter = buf_getint (buf);
	sk_buffer = buf_new (2*SHA256_HASH_SIZE+5);
	sha256_init (&hs);
	sha256_process (&hs, app, applen);
	sha256_done (&hs, hash);
	buf_putbytes (sk_buffer, hash, sizeof (hash));
	buf_putbyte (sk_buffer, flags);
	buf_putint (sk_buffer, counter);
	sha256_init (&hs);
	sha256_process (&hs, data_buf->data, data_buf->len);
	sha256_done (&hs, hash);
	buf_putbytes (sk_buffer, hash, sizeof (hash));

	if (dropbear_ed25519_verify(sk_buffer->data, sk_buffer->len,
				    s, slen, key->pub) == 0) {
		/* signature is valid */
		TRACE(("leave buf_sk_ed25519_verify: success!"))
		ret = DROPBEAR_SUCCESS;
	}

out:
	if (sk_buffer) {
		buf_free(sk_buffer);
	}
	TRACE(("leave buf_sk_ed25519_verify: ret %d", ret))
	return ret;
}

#endif /* DROPBEAR_SK_ED25519 */