Annotation of src/usr.bin/ssh/ssh-ed25519.c, Revision 1.12
1.12 ! djm 1: /* $OpenBSD: ssh-ed25519.c,v 1.11 2022/10/28 00:35:40 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
1.4 djm 17: #define SSHKEY_INTERNAL
1.1 markus 18: #include <sys/types.h>
1.4 djm 19: #include <limits.h>
1.1 markus 20:
21: #include "crypto_api.h"
22:
23: #include <string.h>
24: #include <stdarg.h>
25:
26: #include "log.h"
1.6 markus 27: #include "sshbuf.h"
1.4 djm 28: #include "sshkey.h"
29: #include "ssherr.h"
1.1 markus 30: #include "ssh.h"
31:
1.11 djm 32: static void
33: ssh_ed25519_cleanup(struct sshkey *k)
34: {
35: freezero(k->ed25519_pk, ED25519_PK_SZ);
36: freezero(k->ed25519_sk, ED25519_SK_SZ);
37: k->ed25519_pk = NULL;
38: k->ed25519_sk = NULL;
39: }
40:
1.12 ! djm 41: static int
! 42: ssh_ed25519_equal(const struct sshkey *a, const struct sshkey *b)
! 43: {
! 44: if (a->ed25519_pk == NULL || b->ed25519_pk == NULL)
! 45: return 0;
! 46: if (memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) != 0)
! 47: return 0;
! 48: return 1;
! 49: }
! 50:
1.1 markus 51: int
1.4 djm 52: ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
53: const u_char *data, size_t datalen, u_int compat)
1.1 markus 54: {
1.4 djm 55: u_char *sig = NULL;
56: size_t slen = 0, len;
1.1 markus 57: unsigned long long smlen;
1.4 djm 58: int r, ret;
59: struct sshbuf *b = NULL;
1.1 markus 60:
1.4 djm 61: if (lenp != NULL)
62: *lenp = 0;
63: if (sigp != NULL)
64: *sigp = NULL;
65:
66: if (key == NULL ||
67: sshkey_type_plain(key->type) != KEY_ED25519 ||
68: key->ed25519_sk == NULL ||
69: datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
70: return SSH_ERR_INVALID_ARGUMENT;
1.1 markus 71: smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1.4 djm 72: if ((sig = malloc(slen)) == NULL)
73: return SSH_ERR_ALLOC_FAIL;
1.1 markus 74:
75: if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
76: key->ed25519_sk)) != 0 || smlen <= datalen) {
1.4 djm 77: r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
78: goto out;
1.1 markus 79: }
80: /* encode signature */
1.4 djm 81: if ((b = sshbuf_new()) == NULL) {
82: r = SSH_ERR_ALLOC_FAIL;
83: goto out;
84: }
85: if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 ||
86: (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
87: goto out;
88: len = sshbuf_len(b);
89: if (sigp != NULL) {
90: if ((*sigp = malloc(len)) == NULL) {
91: r = SSH_ERR_ALLOC_FAIL;
92: goto out;
93: }
94: memcpy(*sigp, sshbuf_ptr(b), len);
95: }
1.1 markus 96: if (lenp != NULL)
97: *lenp = len;
1.4 djm 98: /* success */
99: r = 0;
100: out:
101: sshbuf_free(b);
1.10 djm 102: if (sig != NULL)
1.8 jsg 103: freezero(sig, slen);
1.1 markus 104:
1.4 djm 105: return r;
1.1 markus 106: }
107:
108: int
1.4 djm 109: ssh_ed25519_verify(const struct sshkey *key,
110: const u_char *signature, size_t signaturelen,
111: const u_char *data, size_t datalen, u_int compat)
1.1 markus 112: {
1.4 djm 113: struct sshbuf *b = NULL;
114: char *ktype = NULL;
115: const u_char *sigblob;
116: u_char *sm = NULL, *m = NULL;
117: size_t len;
118: unsigned long long smlen = 0, mlen = 0;
119: int r, ret;
120:
121: if (key == NULL ||
122: sshkey_type_plain(key->type) != KEY_ED25519 ||
123: key->ed25519_pk == NULL ||
1.7 djm 124: datalen >= INT_MAX - crypto_sign_ed25519_BYTES ||
125: signature == NULL || signaturelen == 0)
1.4 djm 126: return SSH_ERR_INVALID_ARGUMENT;
127:
128: if ((b = sshbuf_from(signature, signaturelen)) == NULL)
129: return SSH_ERR_ALLOC_FAIL;
130: if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 ||
131: (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
132: goto out;
1.1 markus 133: if (strcmp("ssh-ed25519", ktype) != 0) {
1.4 djm 134: r = SSH_ERR_KEY_TYPE_MISMATCH;
135: goto out;
1.1 markus 136: }
1.4 djm 137: if (sshbuf_len(b) != 0) {
138: r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
139: goto out;
1.1 markus 140: }
141: if (len > crypto_sign_ed25519_BYTES) {
1.4 djm 142: r = SSH_ERR_INVALID_FORMAT;
143: goto out;
1.1 markus 144: }
1.5 daniel 145: if (datalen >= SIZE_MAX - len) {
146: r = SSH_ERR_INVALID_ARGUMENT;
147: goto out;
148: }
1.1 markus 149: smlen = len + datalen;
1.4 djm 150: mlen = smlen;
1.6 markus 151: if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) {
1.4 djm 152: r = SSH_ERR_ALLOC_FAIL;
153: goto out;
154: }
1.1 markus 155: memcpy(sm, sigblob, len);
156: memcpy(sm+len, data, datalen);
157: if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
158: key->ed25519_pk)) != 0) {
1.9 djm 159: debug2_f("crypto_sign_ed25519_open failed: %d", ret);
1.1 markus 160: }
1.4 djm 161: if (ret != 0 || mlen != datalen) {
162: r = SSH_ERR_SIGNATURE_INVALID;
163: goto out;
1.1 markus 164: }
165: /* XXX compare 'm' and 'data' ? */
1.4 djm 166: /* success */
167: r = 0;
168: out:
1.10 djm 169: if (sm != NULL)
1.8 jsg 170: freezero(sm, smlen);
1.10 djm 171: if (m != NULL)
1.8 jsg 172: freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
1.4 djm 173: sshbuf_free(b);
174: free(ktype);
175: return r;
176: }
1.11 djm 177:
1.12 ! djm 178: /* NB. not static; used by ED25519-SK */
! 179: const struct sshkey_impl_funcs sshkey_ed25519_funcs = {
1.11 djm 180: /* .size = */ NULL,
181: /* .alloc = */ NULL,
182: /* .cleanup = */ ssh_ed25519_cleanup,
1.12 ! djm 183: /* .equal = */ ssh_ed25519_equal,
1.11 djm 184: };
185:
186: const struct sshkey_impl sshkey_ed25519_impl = {
187: /* .name = */ "ssh-ed25519",
188: /* .shortname = */ "ED25519",
189: /* .sigalg = */ NULL,
190: /* .type = */ KEY_ED25519,
191: /* .nid = */ 0,
192: /* .cert = */ 0,
193: /* .sigonly = */ 0,
194: /* .keybits = */ 256,
195: /* .funcs = */ &sshkey_ed25519_funcs,
196: };
197:
198: const struct sshkey_impl sshkey_ed25519_cert_impl = {
199: /* .name = */ "ssh-ed25519-cert-v01@openssh.com",
200: /* .shortname = */ "ED25519-CERT",
201: /* .sigalg = */ NULL,
202: /* .type = */ KEY_ED25519_CERT,
203: /* .nid = */ 0,
204: /* .cert = */ 1,
205: /* .sigonly = */ 0,
206: /* .keybits = */ 256,
207: /* .funcs = */ &sshkey_ed25519_funcs,
208: };
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-ed25519.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh