summaryrefslogtreecommitdiffstats
path: root/ssh-ecdsa-sk.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix compilation with DEBUG_SK enabledShiva Kaul2024-12-021-1/+1
| | | | In `ssh_ecdsa_sk_verify`, the `datalen` variable was renamed to `dlen` -- but not in this debugging block.
* upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.djm@openbsd.org2024-08-151-12/+37
| | | | | | | | | | | | DSA remains unconverted as it will be removed within six months. Based on patches originally from Dmitry Belyavskiy, but significantly reworked based on feedback from Bob Beck, Joel Sing and especially Theo Buehler (apologies to anyone I've missed). ok tb@ OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-2/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: refactor sshkey_private_deserializedjm@openbsd.org2022-10-281-1/+19
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* upstream: refactor sshkey_private_serialize_opt()djm@openbsd.org2022-10-281-1/+19
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_sign() and sshkey_verify()djm@openbsd.org2022-10-281-13/+15
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor sshkey_from_blob_internal()djm@openbsd.org2022-10-281-4/+17
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_from_private()djm@openbsd.org2022-10-281-1/+14
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: factor out key generationdjm@openbsd.org2022-10-281-1/+2
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: factor out public key serializationdjm@openbsd.org2022-10-281-1/+17
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: factor out sshkey_equal_public()djm@openbsd.org2022-10-281-6/+17
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: begin big refactor of sshkeydjm@openbsd.org2022-10-281-1/+53
| | | | | | | | | | | Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: some clarifying commentsdjm@openbsd.org2020-06-261-2/+9
| | | | OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2
* upstream: Add support for FIDO webauthn (verification only).djm@openbsd.org2020-06-221-9/+115
| | | | | | | | webauthn is a standard for using FIDO keys in web browsers. webauthn signatures are a slightly different format to plain FIDO signatures - this support allows verification of these. Feedback and ok markus@ OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad
* upstream: refactor ECDSA-SK verification a little ahead of addingdjm@openbsd.org2020-06-221-21/+23
| | | | | | support for FIDO webauthn signature verification support; ok markus@ OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e
* Fix building without openssl.Ruben Kerkhof2020-01-201-0/+2
| | | | | This fixes the following when there are no openssl headers on the system: ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
* Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC.Darren Tucker2019-12-151-0/+4
| | | | Fixes build when linking against OpenSSLs built with no-ec.
* remove a bunch of ENABLE_SK #ifdefsDamien Miller2019-12-131-3/+0
| | | | | | | | | | | The ssh-sk-helper client API gives us a nice place to disable security key support when it is wasn't enabled at compile time, so we don't need to check everywere. Also, verification of security key signatures can remain enabled all the time - it has no additional dependencies. So sshd can accept security key pubkeys in authorized_keys, etc regardless of the host's support for dlopen, etc.
* upstream: more debugging; behind DEBUG_SKdjm@openbsd.org2019-11-271-1/+5
| | | | OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60
* upstream: Add new structure for signature optionsdjm@openbsd.org2019-11-251-3/+18
| | | | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
* upstream: memleak in error pathdjm@openbsd.org2019-11-251-3/+5
| | | | OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112
* Include openssl compat header.Darren Tucker2019-11-201-0/+2
| | | | Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1.
* upstream: adjust on-wire signature encoding for ecdsa-sk keys todjm@openbsd.org2019-11-191-5/+5
| | | | | | | | | better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne NB. if you are depending on security keys (already?) then make sure you update both your clients and servers. OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679
* autoconf pieces for U2F supportDamien Miller2019-11-011-0/+3
| | | | | Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
* upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org2019-10-311-0/+180
Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7