Annotation of src/usr.bin/ssh/ssh-ed25519.c, Revision 1.6
1.6 ! markus 1: /* $OpenBSD: ssh-ed25519.c,v 1.5 2014/10/14 03:09:59 daniel Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
1.4 djm 17: #define SSHKEY_INTERNAL
1.1 markus 18: #include <sys/types.h>
1.4 djm 19: #include <limits.h>
1.1 markus 20:
21: #include "crypto_api.h"
22:
23: #include <string.h>
24: #include <stdarg.h>
25:
26: #include "log.h"
1.6 ! markus 27: #include "sshbuf.h"
1.4 djm 28: #include "sshkey.h"
29: #include "ssherr.h"
1.1 markus 30: #include "ssh.h"
31:
32: int
1.4 djm 33: ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
34: const u_char *data, size_t datalen, u_int compat)
1.1 markus 35: {
1.4 djm 36: u_char *sig = NULL;
37: size_t slen = 0, len;
1.1 markus 38: unsigned long long smlen;
1.4 djm 39: int r, ret;
40: struct sshbuf *b = NULL;
1.1 markus 41:
1.4 djm 42: if (lenp != NULL)
43: *lenp = 0;
44: if (sigp != NULL)
45: *sigp = NULL;
46:
47: if (key == NULL ||
48: sshkey_type_plain(key->type) != KEY_ED25519 ||
49: key->ed25519_sk == NULL ||
50: datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
51: return SSH_ERR_INVALID_ARGUMENT;
1.1 markus 52: smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1.4 djm 53: if ((sig = malloc(slen)) == NULL)
54: return SSH_ERR_ALLOC_FAIL;
1.1 markus 55:
56: if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
57: key->ed25519_sk)) != 0 || smlen <= datalen) {
1.4 djm 58: r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
59: goto out;
1.1 markus 60: }
61: /* encode signature */
1.4 djm 62: if ((b = sshbuf_new()) == NULL) {
63: r = SSH_ERR_ALLOC_FAIL;
64: goto out;
65: }
66: if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 ||
67: (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
68: goto out;
69: len = sshbuf_len(b);
70: if (sigp != NULL) {
71: if ((*sigp = malloc(len)) == NULL) {
72: r = SSH_ERR_ALLOC_FAIL;
73: goto out;
74: }
75: memcpy(*sigp, sshbuf_ptr(b), len);
76: }
1.1 markus 77: if (lenp != NULL)
78: *lenp = len;
1.4 djm 79: /* success */
80: r = 0;
81: out:
82: sshbuf_free(b);
83: if (sig != NULL) {
84: explicit_bzero(sig, slen);
85: free(sig);
1.1 markus 86: }
87:
1.4 djm 88: return r;
1.1 markus 89: }
90:
91: int
1.4 djm 92: ssh_ed25519_verify(const struct sshkey *key,
93: const u_char *signature, size_t signaturelen,
94: const u_char *data, size_t datalen, u_int compat)
1.1 markus 95: {
1.4 djm 96: struct sshbuf *b = NULL;
97: char *ktype = NULL;
98: const u_char *sigblob;
99: u_char *sm = NULL, *m = NULL;
100: size_t len;
101: unsigned long long smlen = 0, mlen = 0;
102: int r, ret;
103:
104: if (key == NULL ||
105: sshkey_type_plain(key->type) != KEY_ED25519 ||
106: key->ed25519_pk == NULL ||
107: datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
108: return SSH_ERR_INVALID_ARGUMENT;
109:
110: if ((b = sshbuf_from(signature, signaturelen)) == NULL)
111: return SSH_ERR_ALLOC_FAIL;
112: if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 ||
113: (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
114: goto out;
1.1 markus 115: if (strcmp("ssh-ed25519", ktype) != 0) {
1.4 djm 116: r = SSH_ERR_KEY_TYPE_MISMATCH;
117: goto out;
1.1 markus 118: }
1.4 djm 119: if (sshbuf_len(b) != 0) {
120: r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
121: goto out;
1.1 markus 122: }
123: if (len > crypto_sign_ed25519_BYTES) {
1.4 djm 124: r = SSH_ERR_INVALID_FORMAT;
125: goto out;
1.1 markus 126: }
1.5 daniel 127: if (datalen >= SIZE_MAX - len) {
128: r = SSH_ERR_INVALID_ARGUMENT;
129: goto out;
130: }
1.1 markus 131: smlen = len + datalen;
1.4 djm 132: mlen = smlen;
1.6 ! markus 133: if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) {
1.4 djm 134: r = SSH_ERR_ALLOC_FAIL;
135: goto out;
136: }
1.1 markus 137: memcpy(sm, sigblob, len);
138: memcpy(sm+len, data, datalen);
139: if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
140: key->ed25519_pk)) != 0) {
141: debug2("%s: crypto_sign_ed25519_open failed: %d",
142: __func__, ret);
143: }
1.4 djm 144: if (ret != 0 || mlen != datalen) {
145: r = SSH_ERR_SIGNATURE_INVALID;
146: goto out;
1.1 markus 147: }
148: /* XXX compare 'm' and 'data' ? */
1.4 djm 149: /* success */
150: r = 0;
151: out:
152: if (sm != NULL) {
153: explicit_bzero(sm, smlen);
154: free(sm);
155: }
156: if (m != NULL) {
157: explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
158: free(m);
159: }
160: sshbuf_free(b);
161: free(ktype);
162: return r;
163: }