# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1648645575 -28800
# Node ID 333688ec53d090fd1899d1d946b8ba29b97f77c0
# Parent  dc615fdb7c06012dd98d4bc1534c08b601c5b974
Handle ecdsa-sk flags, reject no-touch

For the time being Dropbear will only allow SK auth with default
parameters, user-presence needs to be set.
In future handling of authorized_keys option "no-touch-required" can be
added.
This code would also be refactored to share between ecdsa and ed25519
once I get hardware/emulation to test ed25519.

diff -r dc615fdb7c06 -r 333688ec53d0 sk-ecdsa.c
--- a/sk-ecdsa.c	Wed Mar 30 14:32:49 2022 +0800
+++ b/sk-ecdsa.c	Wed Mar 30 21:06:15 2022 +0800
@@ -6,6 +6,7 @@
 #include "ecc.h"
 #include "ecdsa.h"
 #include "sk-ecdsa.h"
+#include "ssh.h"
 
 int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen) {
 	hash_state hs;
@@ -40,6 +41,14 @@
 	buf_free(sk_buffer);
 	buf_free(sig_buffer);
 
+	/* TODO: allow "no-touch-required" or "verify-required" authorized_keys options */
+	if (!(flags & SSH_SK_USER_PRESENCE_REQD)) {
+		if (ret == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
+		}
+		ret = DROPBEAR_FAILURE;
+	}
+
 	TRACE(("leave buf_sk_ecdsa_verify, ret=%d", ret))
 	return ret;
 }
diff -r dc615fdb7c06 -r 333688ec53d0 sk-ed25519.c
--- a/sk-ed25519.c	Wed Mar 30 14:32:49 2022 +0800
+++ b/sk-ed25519.c	Wed Mar 30 21:06:15 2022 +0800
@@ -6,6 +6,7 @@
 #include "buffer.h"
 #include "curve25519.h"
 #include "ed25519.h"
+#include "ssh.h"
 
 int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen) {
 
@@ -31,6 +32,7 @@
 
 	flags = buf_getbyte (buf);
 	counter = buf_getint (buf);
+	/* create the message to be signed */
 	sk_buffer = buf_new (2*SHA256_HASH_SIZE+5);
 	sha256_init (&hs);
 	sha256_process (&hs, app, applen);
@@ -50,10 +52,15 @@
 		ret = DROPBEAR_SUCCESS;
 	}
 
+	/* TODO: allow "no-touch-required" or "verify-required" authorized_keys options */
+	if (!(flags & SSH_SK_USER_PRESENCE_REQD)) {
+		if (ret == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
+		}
+		ret = DROPBEAR_FAILURE;
+	}
 out:
-	if (sk_buffer) {
-		buf_free(sk_buffer);
-	}
+	buf_free(sk_buffer);
 	TRACE(("leave buf_sk_ed25519_verify: ret %d", ret))
 	return ret;
 }
diff -r dc615fdb7c06 -r 333688ec53d0 ssh.h
--- a/ssh.h	Wed Mar 30 14:32:49 2022 +0800
+++ b/ssh.h	Wed Mar 30 21:06:15 2022 +0800
@@ -126,3 +126,8 @@
 #define SSH2_AGENT_SIGN_RESPONSE		14
 
 #define SSH2_AGENT_FAILURE			30
+
+/* Flags defined by OpenSSH U2F key/signature format */
+#define SSH_SK_USER_PRESENCE_REQD       0x01
+#define SSH_SK_USER_VERIFICATION_REQD   0x04
+#define SSH_SK_RESIDENT_KEY             0x20