Annotation of src/usr.bin/ssh/ssh-ed25519-sk.c, Revision 1.9
1.9 ! djm 1: /* $OpenBSD: ssh-ed25519-sk.c,v 1.8 2022/10/28 00:36:31 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2019 Markus Friedl. All rights reserved.
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
1.4 djm 17:
18: /* #define DEBUG_SK 1 */
19:
1.1 markus 20: #define SSHKEY_INTERNAL
21: #include <sys/types.h>
22: #include <limits.h>
23:
24: #include "crypto_api.h"
25:
26: #include <string.h>
27: #include <stdarg.h>
28:
29: #include "log.h"
30: #include "sshbuf.h"
31: #include "sshkey.h"
32: #include "ssherr.h"
33: #include "ssh.h"
34: #include "digest.h"
35:
1.8 djm 36: /* Reuse some ED25519 internals */
37: extern struct sshkey_impl_funcs sshkey_ed25519_funcs;
38:
1.7 djm 39: static void
40: ssh_ed25519_sk_cleanup(struct sshkey *k)
41: {
1.8 djm 42: sshkey_sk_cleanup(k);
43: sshkey_ed25519_funcs.cleanup(k);
44: }
45:
46: static int
47: ssh_ed25519_sk_equal(const struct sshkey *a, const struct sshkey *b)
48: {
49: if (!sshkey_sk_fields_equal(a, b))
50: return 0;
51: if (!sshkey_ed25519_funcs.equal(a, b))
52: return 0;
53: return 1;
1.7 djm 54: }
55:
1.9 ! djm 56: static int
! 57: ssh_ed25519_sk_serialize_public(const struct sshkey *key, struct sshbuf *b,
! 58: const char *typename, enum sshkey_serialize_rep opts)
! 59: {
! 60: int r;
! 61:
! 62: if ((r = sshkey_ed25519_funcs.serialize_public(key, b,
! 63: typename, opts)) != 0)
! 64: return r;
! 65: if ((r = sshkey_serialize_sk(key, b)) != 0)
! 66: return r;
! 67:
! 68: return 0;
! 69: }
! 70:
1.1 markus 71: int
72: ssh_ed25519_sk_verify(const struct sshkey *key,
73: const u_char *signature, size_t signaturelen,
1.3 djm 74: const u_char *data, size_t datalen, u_int compat,
75: struct sshkey_sig_details **detailsp)
1.1 markus 76: {
77: struct sshbuf *b = NULL;
78: struct sshbuf *encoded = NULL;
79: char *ktype = NULL;
80: const u_char *sigblob;
81: const u_char *sm;
82: u_char *m = NULL;
83: u_char apphash[32];
84: u_char msghash[32];
85: u_char sig_flags;
86: u_int sig_counter;
87: size_t len;
88: unsigned long long smlen = 0, mlen = 0;
89: int r = SSH_ERR_INTERNAL_ERROR;
90: int ret;
1.3 djm 91: struct sshkey_sig_details *details = NULL;
92:
93: if (detailsp != NULL)
94: *detailsp = NULL;
1.1 markus 95:
96: if (key == NULL ||
97: sshkey_type_plain(key->type) != KEY_ED25519_SK ||
98: key->ed25519_pk == NULL ||
99: signature == NULL || signaturelen == 0)
100: return SSH_ERR_INVALID_ARGUMENT;
101:
102: if ((b = sshbuf_from(signature, signaturelen)) == NULL)
103: return SSH_ERR_ALLOC_FAIL;
104: if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
1.2 markus 105: sshbuf_get_string_direct(b, &sigblob, &len) != 0 ||
106: sshbuf_get_u8(b, &sig_flags) != 0 ||
107: sshbuf_get_u32(b, &sig_counter) != 0) {
1.1 markus 108: r = SSH_ERR_INVALID_FORMAT;
109: goto out;
110: }
1.4 djm 111: #ifdef DEBUG_SK
112: fprintf(stderr, "%s: data:\n", __func__);
113: /* sshbuf_dump_data(data, datalen, stderr); */
114: fprintf(stderr, "%s: sigblob:\n", __func__);
115: sshbuf_dump_data(sigblob, len, stderr);
116: fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
117: __func__, sig_flags, sig_counter);
118: #endif
1.1 markus 119: if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) {
120: r = SSH_ERR_KEY_TYPE_MISMATCH;
121: goto out;
122: }
123: if (sshbuf_len(b) != 0) {
124: r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
125: goto out;
126: }
127: if (len > crypto_sign_ed25519_BYTES) {
128: r = SSH_ERR_INVALID_FORMAT;
129: goto out;
130: }
131: if (ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application,
132: strlen(key->sk_application), apphash, sizeof(apphash)) != 0 ||
133: ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
134: msghash, sizeof(msghash)) != 0) {
135: r = SSH_ERR_INVALID_ARGUMENT;
136: goto out;
137: }
1.4 djm 138: #ifdef DEBUG_SK
139: fprintf(stderr, "%s: hashed application:\n", __func__);
140: sshbuf_dump_data(apphash, sizeof(apphash), stderr);
141: fprintf(stderr, "%s: hashed message:\n", __func__);
142: sshbuf_dump_data(msghash, sizeof(msghash), stderr);
143: #endif
1.3 djm 144: if ((details = calloc(1, sizeof(*details))) == NULL) {
145: r = SSH_ERR_ALLOC_FAIL;
146: goto out;
147: }
148: details->sk_counter = sig_counter;
149: details->sk_flags = sig_flags;
1.1 markus 150: if ((encoded = sshbuf_new()) == NULL) {
151: r = SSH_ERR_ALLOC_FAIL;
152: goto out;
153: }
154: if (sshbuf_put(encoded, sigblob, len) != 0 ||
155: sshbuf_put(encoded, apphash, sizeof(apphash)) != 0 ||
156: sshbuf_put_u8(encoded, sig_flags) != 0 ||
157: sshbuf_put_u32(encoded, sig_counter) != 0 ||
158: sshbuf_put(encoded, msghash, sizeof(msghash)) != 0) {
159: r = SSH_ERR_ALLOC_FAIL;
160: goto out;
161: }
1.4 djm 162: #ifdef DEBUG_SK
163: fprintf(stderr, "%s: signed buf:\n", __func__);
164: sshbuf_dump(encoded, stderr);
165: #endif
1.1 markus 166: sm = sshbuf_ptr(encoded);
167: smlen = sshbuf_len(encoded);
168: mlen = smlen;
169: if ((m = malloc(smlen)) == NULL) {
170: r = SSH_ERR_ALLOC_FAIL;
171: goto out;
172: }
173: if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
174: key->ed25519_pk)) != 0) {
1.6 djm 175: debug2_f("crypto_sign_ed25519_open failed: %d", ret);
1.1 markus 176: }
177: if (ret != 0 || mlen != smlen - len) {
178: r = SSH_ERR_SIGNATURE_INVALID;
179: goto out;
180: }
181: /* XXX compare 'm' and 'sm + len' ? */
182: /* success */
183: r = 0;
1.3 djm 184: if (detailsp != NULL) {
185: *detailsp = details;
186: details = NULL;
187: }
1.1 markus 188: out:
1.5 jsg 189: if (m != NULL)
190: freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
1.3 djm 191: sshkey_sig_details_free(details);
1.1 markus 192: sshbuf_free(b);
193: sshbuf_free(encoded);
194: free(ktype);
195: return r;
196: }
1.7 djm 197:
198: static const struct sshkey_impl_funcs sshkey_ed25519_sk_funcs = {
199: /* .size = */ NULL,
200: /* .alloc = */ NULL,
201: /* .cleanup = */ ssh_ed25519_sk_cleanup,
1.8 djm 202: /* .equal = */ ssh_ed25519_sk_equal,
1.9 ! djm 203: /* .ssh_serialize_public = */ ssh_ed25519_sk_serialize_public,
1.7 djm 204: };
205:
206: const struct sshkey_impl sshkey_ed25519_sk_impl = {
207: /* .name = */ "sk-ssh-ed25519@openssh.com",
208: /* .shortname = */ "ED25519-SK",
209: /* .sigalg = */ NULL,
210: /* .type = */ KEY_ED25519_SK,
211: /* .nid = */ 0,
212: /* .cert = */ 0,
213: /* .sigonly = */ 0,
214: /* .keybits = */ 256,
215: /* .funcs = */ &sshkey_ed25519_sk_funcs,
216: };
217:
218: const struct sshkey_impl sshkey_ed25519_sk_cert_impl = {
219: /* .name = */ "sk-ssh-ed25519-cert-v01@openssh.com",
220: /* .shortname = */ "ED25519-SK-CERT",
221: /* .sigalg = */ NULL,
222: /* .type = */ KEY_ED25519_SK_CERT,
223: /* .nid = */ 0,
224: /* .cert = */ 1,
225: /* .sigonly = */ 0,
226: /* .keybits = */ 256,
227: /* .funcs = */ &sshkey_ed25519_sk_funcs,
228: };