/src/dropbear/src/sk-ecdsa.c

Source (jump to first uncovered line)
#include "includes.h"

#if DROPBEAR_SK_ECDSA

#include "dbutil.h"
#include "ecc.h"
#include "ecdsa.h"
#include "sk-ecdsa.h"
#include "ssh.h"

int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
      const char* app, unsigned int applen,
      unsigned char sk_flags_mask) {
  hash_state hs;
  unsigned char subhash[SHA256_HASH_SIZE];
  buffer *sk_buffer = NULL, *sig_buffer = NULL;
  unsigned char flags;
  unsigned int counter;
  int ret;

  TRACE(("buf_sk_ecdsa_verify"))

  /* from https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f */
  /* ecdsa signature to verify (r, s) */
  sig_buffer = buf_getbuf(buf);

  flags = buf_getbyte (buf);
  counter = buf_getint (buf);
  /* create the message to be signed */
  sk_buffer = buf_new (2*SHA256_HASH_SIZE+5);
  sha256_init (&hs);
  sha256_process (&hs, app, applen);
  sha256_done (&hs, subhash);
  buf_putbytes (sk_buffer, subhash, sizeof (subhash));
  buf_putbyte (sk_buffer, flags);
  buf_putint (sk_buffer, counter);
  sha256_init (&hs);
  sha256_process (&hs, data_buf->data, data_buf->len);
  sha256_done (&hs, subhash);
  buf_putbytes (sk_buffer, subhash, sizeof (subhash));

  ret = buf_ecdsa_verify(sig_buffer, key, sk_buffer);
  buf_free(sk_buffer);
  buf_free(sig_buffer);

  if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
    if (ret == DROPBEAR_SUCCESS) {
      dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
    }
    ret = DROPBEAR_FAILURE;
  }
  if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
    if (ret == DROPBEAR_SUCCESS) {
      dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
    }
    ret = DROPBEAR_FAILURE;
  }

  TRACE(("leave buf_sk_ecdsa_verify, ret=%d", ret))
  return ret;
}

#endif /* DROPBEAR_SK_ECDSA */

Line	Count	Source (jump to first uncovered line)
1		#include "includes.h"
2
3		#if DROPBEAR_SK_ECDSA
4
5		#include "dbutil.h"
6		#include "ecc.h"
7		#include "ecdsa.h"
8		#include "sk-ecdsa.h"
9		#include "ssh.h"
10
11		int buf_sk_ecdsa_verify(buffer buf, const ecc_key key, const buffer *data_buf,
12		const char* app, unsigned int applen,
13	0	unsigned char sk_flags_mask) {
14	0	hash_state hs;
15	0	unsigned char subhash[SHA256_HASH_SIZE];
16	0	buffer sk_buffer = NULL, sig_buffer = NULL;
17	0	unsigned char flags;
18	0	unsigned int counter;
19	0	int ret;
20
21	0	TRACE(("buf_sk_ecdsa_verify"))
22
23		/* from https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f */
24		/* ecdsa signature to verify (r, s) */
25	0	sig_buffer = buf_getbuf(buf);
26
27	0	flags = buf_getbyte (buf);
28	0	counter = buf_getint (buf);
29		/* create the message to be signed */
30	0	sk_buffer = buf_new (2*SHA256_HASH_SIZE+5);
31	0	sha256_init (&hs);
32	0	sha256_process (&hs, app, applen);
33	0	sha256_done (&hs, subhash);
34	0	buf_putbytes (sk_buffer, subhash, sizeof (subhash));
35	0	buf_putbyte (sk_buffer, flags);
36	0	buf_putint (sk_buffer, counter);
37	0	sha256_init (&hs);
38	0	sha256_process (&hs, data_buf->data, data_buf->len);
39	0	sha256_done (&hs, subhash);
40	0	buf_putbytes (sk_buffer, subhash, sizeof (subhash));
41
42	0	ret = buf_ecdsa_verify(sig_buffer, key, sk_buffer);
43	0	buf_free(sk_buffer);
44	0	buf_free(sig_buffer);
45
46	0	if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
47	0	if (ret == DROPBEAR_SUCCESS) {
48	0	dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
49	0	}
50	0	ret = DROPBEAR_FAILURE;
51	0	}
52	0	if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
53	0	if (ret == DROPBEAR_SUCCESS) {
54	0	dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
55	0	}
56	0	ret = DROPBEAR_FAILURE;
57	0	}
58
59	0	TRACE(("leave buf_sk_ecdsa_verify, ret=%d", ret))
60	0	return ret;
61	0	}
62
63		#endif /* DROPBEAR_SK_ECDSA */

Coverage Report

Created: 2025-07-12 06:23