Implement server-side support for sk-ecdsa U2F-backed keys (#142)

mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00

* Implement server-side support for sk-ecdsa U2F-backed keys

* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys

* Fix one more potential out-of-bounds read

* Check if nistp256 curve is used in sk-ecdsa-sha2- key

It's the only allowed curve per PROTOCOL.u2f specification

* Implement server-side support for sk-ed25519 FIDO2-backed keys

* Keys with type sk-* make no sense as host keys, so they should be
disabled

* fix typo

* Make sk-ecdsa call buf_ecdsa_verify

This reduces code duplication, the SK code just handles the
different message format.

* Reduce sk specific code

The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey

* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled

* Proper cleanup of sk_app

Co-authored-by: Matt Johnston <matt@codeconstruct.com.au>

This commit is contained in:

egor-duda

2022-01-22 16:53:04 +03:00

committed by

GitHub

parent 18be2a6509

commit 5edd2ce32e

14 changed files with 271 additions and 18 deletions

									
										1

sysoptions.h
									
												View File
												
				@@ -95,6 +95,7 @@

				#define DROPBEAR_MAX_PASSWORD_LEN 100

				#define SHA1_HASH_SIZE 20

				#define SHA256_HASH_SIZE 32

				#define MD5_HASH_SIZE 16

				#define MAX_HASH_SIZE 64 /* sha512 */

Implement server-side support for sk-ecdsa U2F-backed keys (#142)

1 sysoptions.h Unescape Escape View File

1

sysoptions.h

View File