Mercurial > dropbear
view libtomcrypt/notes/tech0006.txt @ 1653:76189c9ffea2
External Public-Key Authentication API (#72)
* Implemented dynamic loading of an external plug-in shared library to delegate public key authentication
* Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled
* Added tags file to the ignore list
* Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them
* Added -rdynamic to the linker flags when EPKA is enabled
* Changed the API to pass a previously created session to the checkPubKey function (created during preauth)
* Added documentation to the API
* Added parameter addrstring to plugin creation function
* Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session)
* Changed option string to be a simple char * instead of unsigned char *
| author | fabriziobertocci <fabriziobertocci@gmail.com> |
|---|---|
| date | Wed, 15 May 2019 09:43:57 -0400 |
| parents | 1b9e69c058d2 |
| children |
line wrap: on
line source
Tech Note 0006 PK Standards Compliance Tom St Denis RSA ---- PKCS #1 compliance. Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1 Encryption: OAEP as per PKCS #1 Signature : PSS as per PKCS #1 DSA ---- The NIST DSA algorithm Key Format: HomeBrew [see below] Signature : ANSI X9.62 format [see below]. Keys are stored as DSAPublicKey ::= SEQUENCE { publicFlags BIT STRING(1), -- must be 0 g INTEGER , -- base generator, check that g^q mod p == 1 -- and that 1 < g < p - 1 p INTEGER , -- prime modulus q INTEGER , -- order of sub-group (must be prime) y INTEGER , -- public key, specifically, g^x mod p, -- check that y^q mod p == 1 -- and that 1 < y < p - 1 } DSAPrivateKey ::= SEQUENCE { publicFlags BIT STRING(1), -- must be 1 g INTEGER , -- base generator, check that g^q mod p == 1 -- and that 1 < g < p - 1 p INTEGER , -- prime modulus q INTEGER , -- order of sub-group (must be prime) y INTEGER , -- public key, specifically, g^x mod p, -- check that y^q mod p == 1 -- and that 1 < y < p - 1 x INTEGER -- private key } Signatures are stored as DSASignature ::= SEQUENCE { r, s INTEGER -- signature parameters } ECC ---- The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves. Key Format : Homebrew [see below, only GF(p) NIST curves supported] Signature : X9.62 compliant Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey] Shared Secret: X9.63 compliant ECCPublicKey ::= SEQUENCE { flags BIT STRING(1), -- public/private flag (always zero), keySize INTEGER, -- Curve size (in bits) divided by eight -- and rounded down, e.g. 521 => 65 pubkey.x INTEGER, -- The X co-ordinate of the public key point pubkey.y INTEGER, -- The Y co-ordinate of the public key point } ECCPrivateKey ::= SEQUENCE { flags BIT STRING(1), -- public/private flag (always one), keySize INTEGER, -- Curve size (in bits) divided by eight -- and rounded down, e.g. 521 => 65 pubkey.x INTEGER, -- The X co-ordinate of the public key point pubkey.y INTEGER, -- The Y co-ordinate of the public key point secret.k INTEGER, -- The secret key scalar } The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size of the hash digest]. The format of the encrypted text is as follows ECCEncrypted ::= SEQUENCE { hashOID OBJECT IDENTIFIER, -- The OID of the hash used pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against) } % $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $ % $Revision: 1.2 $ % $Date: 2005/06/18 02:26:27 $