/src/dropbear/src/sk-ed25519.c

Source (jump to first uncovered line)
#include "includes.h"

#if DROPBEAR_SK_ED25519

#include "dbutil.h"
#include "buffer.h"
#include "curve25519.h"
#include "ed25519.h"
#include "ssh.h"

int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf,
      const char* app, unsigned int applen,
      unsigned char sk_flags_mask) {

  int ret = DROPBEAR_FAILURE;
  unsigned char *s;
  unsigned long slen;
  hash_state hs;
  unsigned char hash[SHA256_HASH_SIZE];
  buffer *sk_buffer = NULL;
  unsigned char flags;
  unsigned int counter;

  TRACE(("enter buf_sk_ed25519_verify"))
  dropbear_assert(key != NULL);

  slen = buf_getint(buf);
  if (slen != 64 || buf->len - buf->pos < slen) {
    TRACE(("leave buf_sk_ed25519_verify: bad size"))
    goto out;
  }
  s = buf_getptr(buf, slen);
  buf_incrpos(buf, slen);

  flags = buf_getbyte (buf);
  counter = buf_getint (buf);
  /* create the message to be signed */
  sk_buffer = buf_new (2*SHA256_HASH_SIZE+5);
  sha256_init (&hs);
  sha256_process (&hs, app, applen);
  sha256_done (&hs, hash);
  buf_putbytes (sk_buffer, hash, sizeof (hash));
  buf_putbyte (sk_buffer, flags);
  buf_putint (sk_buffer, counter);
  sha256_init (&hs);
  sha256_process (&hs, data_buf->data, data_buf->len);
  sha256_done (&hs, hash);
  buf_putbytes (sk_buffer, hash, sizeof (hash));

  if (dropbear_ed25519_verify(sk_buffer->data, sk_buffer->len,
            s, slen, key->pub) == 0) {
    /* signature is valid */
    TRACE(("leave buf_sk_ed25519_verify: success!"))
    ret = DROPBEAR_SUCCESS;
  }

  if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
    if (ret == DROPBEAR_SUCCESS) {
      dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
    }
    ret = DROPBEAR_FAILURE;
  }
  if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
    if (ret == DROPBEAR_SUCCESS) {
      dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
    }
    ret = DROPBEAR_FAILURE;
  }
out:
  buf_free(sk_buffer);
  TRACE(("leave buf_sk_ed25519_verify: ret %d", ret))
  return ret;
}

#endif /* DROPBEAR_SK_ED25519 */

Coverage Report

Created: 2025-07-18 06:52

Line	Count	Source (jump to first uncovered line)
1		#include "includes.h"
2
3		#if DROPBEAR_SK_ED25519
4
5		#include "dbutil.h"
6		#include "buffer.h"
7		#include "curve25519.h"
8		#include "ed25519.h"
9		#include "ssh.h"
10
11		int buf_sk_ed25519_verify(buffer buf, const dropbear_ed25519_key key, const buffer *data_buf,
12		const char* app, unsigned int applen,
13	0	unsigned char sk_flags_mask) {
14
15	0	int ret = DROPBEAR_FAILURE;
16	0	unsigned char *s;
17	0	unsigned long slen;
18	0	hash_state hs;
19	0	unsigned char hash[SHA256_HASH_SIZE];
20	0	buffer *sk_buffer = NULL;
21	0	unsigned char flags;
22	0	unsigned int counter;
23
24	0	TRACE(("enter buf_sk_ed25519_verify"))
25	0	dropbear_assert(key != NULL);
26
27	0	slen = buf_getint(buf);
28	0	if (slen != 64 \|\| buf->len - buf->pos < slen) {
29	0	TRACE(("leave buf_sk_ed25519_verify: bad size"))
30	0	goto out;
31	0	}
32	0	s = buf_getptr(buf, slen);
33	0	buf_incrpos(buf, slen);
34
35	0	flags = buf_getbyte (buf);
36	0	counter = buf_getint (buf);
37		/* create the message to be signed */
38	0	sk_buffer = buf_new (2*SHA256_HASH_SIZE+5);
39	0	sha256_init (&hs);
40	0	sha256_process (&hs, app, applen);
41	0	sha256_done (&hs, hash);
42	0	buf_putbytes (sk_buffer, hash, sizeof (hash));
43	0	buf_putbyte (sk_buffer, flags);
44	0	buf_putint (sk_buffer, counter);
45	0	sha256_init (&hs);
46	0	sha256_process (&hs, data_buf->data, data_buf->len);
47	0	sha256_done (&hs, hash);
48	0	buf_putbytes (sk_buffer, hash, sizeof (hash));
49
50	0	if (dropbear_ed25519_verify(sk_buffer->data, sk_buffer->len,
51	0	s, slen, key->pub) == 0) {
52		/* signature is valid */
53	0	TRACE(("leave buf_sk_ed25519_verify: success!"))
54	0	ret = DROPBEAR_SUCCESS;
55	0	}
56
57	0	if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
58	0	if (ret == DROPBEAR_SUCCESS) {
59	0	dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
60	0	}
61	0	ret = DROPBEAR_FAILURE;
62	0	}
63	0	if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
64	0	if (ret == DROPBEAR_SUCCESS) {
65	0	dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
66	0	}
67	0	ret = DROPBEAR_FAILURE;
68	0	}
69	0	out:
70	0	buf_free(sk_buffer);
71	0	TRACE(("leave buf_sk_ed25519_verify: ret %d", ret))
72	0	return ret;
73	0	}
74
75		#endif /* DROPBEAR_SK_ED25519 */