Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build error when SK_KEYS is set and only one of ECDSA or ED25519 #295

Closed
M95D opened this issue May 1, 2024 · 4 comments
Closed

build error when SK_KEYS is set and only one of ECDSA or ED25519 #295

M95D opened this issue May 1, 2024 · 4 comments
Labels
bug build

Comments

@M95D
Copy link
Contributor

M95D commented May 1, 2024

Hi.

I'm trying to build Dropbear with this config:

#define DROPBEAR_ECDSA 0
#define DROPBEAR_ED25519 1
#define DROPBEAR_SK_KEYS 1

... and I get this error:

src/signkey.c: In function ‘buf_get_pub_key’:
src/signkey.c:324:31: error: ‘DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256’ undeclared (first use in this function); did you mean ‘DROPBEAR_SIGNKEY_ECDSA_KEYGEN’?
  324 |                 || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
      |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                               DROPBEAR_SIGNKEY_ECDSA_KEYGEN
src/signkey.c:324:31: note: each undeclared identifier is reported only once for each function it appears in
src/signkey.c: In function ‘buf_verify’:
src/signkey.c:694:24: error: ‘DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256’ undeclared (first use in this function); did you mean ‘DROPBEAR_SIGNKEY_ECDSA_KEYGEN’?
  694 |         if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) {
      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |                        DROPBEAR_SIGNKEY_ECDSA_KEYGEN
make: *** [Makefile:169: obj/signkey.o] Error 1

There is also an error when ECDSA is set but ED25519 is unset.

The comment from default_options.h said:

Allow U2F security keys for public key auth, with sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com keys. The corresponding DROPBEAR_ECDSA or DROPBEAR_ED25519 also needs to be set.

As I understand it, either one can be set, not both. So it's either a bug in the code or the new DROPBEAR_SK_KEYS needs both options to be set and the documentation was not updated.

Thanks.
@M95D M95D changed the title build error when SK_KEYS is set and only one of ECDSA or ED25519, but not both build error when SK_KEYS is set and only one of ECDSA or ED25519 May 1, 2024
@mkj
Copy link
Owner

mkj commented May 1, 2024

Yep, looks like a bug.
Note that I'm not sure SK ed25519 is widely suppported in hardware (good if yours does though).

@M95D
Copy link
Contributor Author

M95D commented May 1, 2024

It's not. I'm just doing tests on a OpenWrt version update.

@M95D
Copy link
Contributor Author

M95D commented May 2, 2024
edited
Loading

I think I found it:
sysoptions.h:

#ifndef DROPBEAR_SK_ECDSA
#define DROPBEAR_SK_ECDSA DROPBEAR_SK_KEYS
#endif
#ifndef DROPBEAR_SK_ED25519
#define DROPBEAR_SK_ED25519 DROPBEAR_SK_KEYS
#endif

Should be

#ifndef DROPBEAR_SK_ECDSA
#define DROPBEAR_SK_ECDSA (DROPBEAR_SK_KEYS && DROPBEAR_ECDSA)
#endif
#ifndef DROPBEAR_SK_ED25519
#define DROPBEAR_SK_ED25519 (DROPBEAR_SK_KEYS && DROPBEAR_ED25519)
#endif

I'll make a PR.

@M95D M95D mentioned this issue May 2, 2024
Merged
mkj pushed a commit that referenced this issue May 2, 2024
@M95D @mkj
Fix building SK_KEYS with just one of ECDSA or ED25519
0510555 
Fixes bug #295.

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
@M95D M95D closed this as completed May 2, 2024
@M95D
Copy link
Contributor Author

M95D commented May 2, 2024

Thank you. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug build
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkj @M95D