FelipeMdeO commented on code in PR #3532:
URL: https://github.com/apache/nuttx-apps/pull/3532#discussion_r3447646939
##########
netutils/dropbear/patch/0002-use-nuttx-ecdsa-hostkey-sign.patch:
##########
@@ -0,0 +1,103 @@
+--- a/src/ecdsa.c
++++ b/src/ecdsa.c
+@@ -4,6 +4,9 @@
+ #include "ecc.h"
+ #include "ecdsa.h"
+ #include "signkey.h"
++#ifdef DROPBEAR_NUTTX
++#include "nuttx_hostkey.h"
++#endif
+
+ #if DROPBEAR_ECDSA
+
+@@ -67,10 +70,14 @@
+ , bit_size);
+ }
+
++#ifdef DROPBEAR_NUTTX
++ dropbear_exit("ECDSA key generation uses NuttX host key storage");
++#else
+ new_key = m_malloc(sizeof(*new_key));
+ if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
+ dropbear_exit("ECC error");
+ }
++#endif
+ return new_key;
+ }
+
+@@ -164,8 +171,13 @@
+ /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
+ int err = DROPBEAR_FAILURE;
+ struct dropbear_ecc_curve *curve = NULL;
++#ifndef DROPBEAR_NUTTX
+ hash_state hs;
+ unsigned char hash[64];
++#endif
++#ifdef DROPBEAR_NUTTX
++ unsigned char nuttx_r[32], nuttx_s[32];
++#endif
+ void *e = NULL, *p = NULL, *s = NULL, *r;
+ char key_ident[30];
+ buffer *sigbuf = NULL;
+@@ -177,6 +189,31 @@
+ goto out;
+ }
+
++#ifdef DROPBEAR_NUTTX
++#if DROPBEAR_ECC_256
++ if (curve == &ecc_curve_nistp256) {
++ if (dropbear_hostkey_ecdsa_p256_sign(data_buf->data,
data_buf->len,
++ nuttx_r, nuttx_s) != DROPBEAR_SUCCESS) {
++ explicit_bzero(nuttx_r, sizeof(nuttx_r));
++ explicit_bzero(nuttx_s, sizeof(nuttx_s));
++ goto out;
++ }
++
++ if (mp_from_ubin(r, nuttx_r, sizeof(nuttx_r)) != MP_OKAY ||
++ mp_from_ubin(s, nuttx_s, sizeof(nuttx_s)) !=
MP_OKAY) {
++ explicit_bzero(nuttx_r, sizeof(nuttx_r));
++ explicit_bzero(nuttx_s, sizeof(nuttx_s));
++ goto out;
++ }
++
++ explicit_bzero(nuttx_r, sizeof(nuttx_r));
++ explicit_bzero(nuttx_s, sizeof(nuttx_s));
++ goto put_sig;
++ }
++#endif
++#endif
++
++#ifndef DROPBEAR_NUTTX
+ curve->hash_desc->init(&hs);
+ curve->hash_desc->process(&hs, data_buf->data, data_buf->len);
+ curve->hash_desc->done(&hs, hash);
+@@ -227,7 +264,11 @@
+ break;
+ }
+ }
++#else
++ dropbear_exit("Unsupported NuttX ECDSA curve");
++#endif
+
++put_sig:
+ snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
+ buf_putstring(buf, key_ident, strlen(key_ident));
+ /* enough for nistp521 */
+--- a/src/sysoptions.h
++++ b/src/sysoptions.h
+@@ -161,9 +161,15 @@
+ #define LTM_DESC
+ #endif
+
++#ifndef DROPBEAR_ECC_256
+ #define DROPBEAR_ECC_256 (DROPBEAR_ECC)
++#endif
++#ifndef DROPBEAR_ECC_384
+ #define DROPBEAR_ECC_384 (DROPBEAR_ECC)
++#endif
++#ifndef DROPBEAR_ECC_521
+ #define DROPBEAR_ECC_521 (DROPBEAR_ECC)
++#endif
Review Comment:
Thank you for catch that.
I opened a PR : https://github.com/mkj/dropbear/pull/448
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
