version 1.5, 2019/11/26 03:04:27 |
version 1.6, 2020/06/22 05:56:23 |
|
|
/* fetch signature */ |
/* fetch signature */ |
if ((b = sshbuf_from(signature, signaturelen)) == NULL) |
if ((b = sshbuf_from(signature, signaturelen)) == NULL) |
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || |
if ((details = calloc(1, sizeof(*details))) == NULL) { |
sshbuf_froms(b, &sigbuf) != 0 || |
ret = SSH_ERR_ALLOC_FAIL; |
sshbuf_get_u8(b, &sig_flags) != 0 || |
goto out; |
sshbuf_get_u32(b, &sig_counter) != 0) { |
} |
|
if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { |
ret = SSH_ERR_INVALID_FORMAT; |
ret = SSH_ERR_INVALID_FORMAT; |
goto out; |
goto out; |
} |
} |
if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { |
if (strcmp(ktype, "sk-ecdsa-sha2-nistp256@openssh.com") != 0) { |
ret = SSH_ERR_KEY_TYPE_MISMATCH; |
ret = SSH_ERR_INVALID_FORMAT; |
goto out; |
goto out; |
} |
} |
|
if (sshbuf_froms(b, &sigbuf) != 0 || |
|
sshbuf_get_u8(b, &sig_flags) != 0 || |
|
sshbuf_get_u32(b, &sig_counter) != 0) { |
|
ret = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
} |
if (sshbuf_len(b) != 0) { |
if (sshbuf_len(b) != 0) { |
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; |
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; |
goto out; |
goto out; |
|
|
ret = SSH_ERR_INVALID_FORMAT; |
ret = SSH_ERR_INVALID_FORMAT; |
goto out; |
goto out; |
} |
} |
if ((sig = ECDSA_SIG_new()) == NULL) { |
if (sshbuf_len(sigbuf) != 0) { |
ret = SSH_ERR_ALLOC_FAIL; |
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; |
goto out; |
goto out; |
} |
} |
if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { |
|
ret = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
#ifdef DEBUG_SK |
#ifdef DEBUG_SK |
fprintf(stderr, "%s: data: (len %zu)\n", __func__, datalen); |
fprintf(stderr, "%s: data: (len %zu)\n", __func__, datalen); |
/* sshbuf_dump_data(data, datalen, stderr); */ |
/* sshbuf_dump_data(data, datalen, stderr); */ |
|
|
fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", |
fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", |
__func__, sig_flags, sig_counter); |
__func__, sig_flags, sig_counter); |
#endif |
#endif |
sig_r = sig_s = NULL; /* transferred */ |
if ((sig = ECDSA_SIG_new()) == NULL) { |
|
ret = SSH_ERR_ALLOC_FAIL; |
if (sshbuf_len(sigbuf) != 0) { |
|
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; |
|
goto out; |
goto out; |
} |
} |
|
if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { |
|
ret = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
sig_r = sig_s = NULL; /* transferred */ |
|
|
/* Reconstruct data that was supposedly signed */ |
/* Reconstruct data that was supposedly signed */ |
if ((original_signed = sshbuf_new()) == NULL) { |
if ((original_signed = sshbuf_new()) == NULL) { |
|
|
if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed, |
if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed, |
sighash, sizeof(sighash))) != 0) |
sighash, sizeof(sighash))) != 0) |
goto out; |
goto out; |
if ((details = calloc(1, sizeof(*details))) == NULL) { |
|
ret = SSH_ERR_ALLOC_FAIL; |
|
goto out; |
|
} |
|
details->sk_counter = sig_counter; |
details->sk_counter = sig_counter; |
details->sk_flags = sig_flags; |
details->sk_flags = sig_flags; |
#ifdef DEBUG_SK |
#ifdef DEBUG_SK |