Annotation of src/usr.bin/ssh/ssh-ed25519.c, Revision 1.8
1.8 ! jsg 1: /* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
1.4 djm 17: #define SSHKEY_INTERNAL
1.1 markus 18: #include <sys/types.h>
1.4 djm 19: #include <limits.h>
1.1 markus 20:
21: #include "crypto_api.h"
22:
23: #include <string.h>
24: #include <stdarg.h>
25:
26: #include "log.h"
1.6 markus 27: #include "sshbuf.h"
1.4 djm 28: #include "sshkey.h"
29: #include "ssherr.h"
1.1 markus 30: #include "ssh.h"
31:
32: int
1.4 djm 33: ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
34: const u_char *data, size_t datalen, u_int compat)
1.1 markus 35: {
1.4 djm 36: u_char *sig = NULL;
37: size_t slen = 0, len;
1.1 markus 38: unsigned long long smlen;
1.4 djm 39: int r, ret;
40: struct sshbuf *b = NULL;
1.1 markus 41:
1.4 djm 42: if (lenp != NULL)
43: *lenp = 0;
44: if (sigp != NULL)
45: *sigp = NULL;
46:
47: if (key == NULL ||
48: sshkey_type_plain(key->type) != KEY_ED25519 ||
49: key->ed25519_sk == NULL ||
50: datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
51: return SSH_ERR_INVALID_ARGUMENT;
1.1 markus 52: smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1.4 djm 53: if ((sig = malloc(slen)) == NULL)
54: return SSH_ERR_ALLOC_FAIL;
1.1 markus 55:
56: if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
57: key->ed25519_sk)) != 0 || smlen <= datalen) {
1.4 djm 58: r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
59: goto out;
1.1 markus 60: }
61: /* encode signature */
1.4 djm 62: if ((b = sshbuf_new()) == NULL) {
63: r = SSH_ERR_ALLOC_FAIL;
64: goto out;
65: }
66: if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 ||
67: (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
68: goto out;
69: len = sshbuf_len(b);
70: if (sigp != NULL) {
71: if ((*sigp = malloc(len)) == NULL) {
72: r = SSH_ERR_ALLOC_FAIL;
73: goto out;
74: }
75: memcpy(*sigp, sshbuf_ptr(b), len);
76: }
1.1 markus 77: if (lenp != NULL)
78: *lenp = len;
1.4 djm 79: /* success */
80: r = 0;
81: out:
82: sshbuf_free(b);
1.8 ! jsg 83: if (sig != NULL)
! 84: freezero(sig, slen);
1.1 markus 85:
1.4 djm 86: return r;
1.1 markus 87: }
88:
89: int
1.4 djm 90: ssh_ed25519_verify(const struct sshkey *key,
91: const u_char *signature, size_t signaturelen,
92: const u_char *data, size_t datalen, u_int compat)
1.1 markus 93: {
1.4 djm 94: struct sshbuf *b = NULL;
95: char *ktype = NULL;
96: const u_char *sigblob;
97: u_char *sm = NULL, *m = NULL;
98: size_t len;
99: unsigned long long smlen = 0, mlen = 0;
100: int r, ret;
101:
102: if (key == NULL ||
103: sshkey_type_plain(key->type) != KEY_ED25519 ||
104: key->ed25519_pk == NULL ||
1.7 djm 105: datalen >= INT_MAX - crypto_sign_ed25519_BYTES ||
106: signature == NULL || signaturelen == 0)
1.4 djm 107: return SSH_ERR_INVALID_ARGUMENT;
108:
109: if ((b = sshbuf_from(signature, signaturelen)) == NULL)
110: return SSH_ERR_ALLOC_FAIL;
111: if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 ||
112: (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
113: goto out;
1.1 markus 114: if (strcmp("ssh-ed25519", ktype) != 0) {
1.4 djm 115: r = SSH_ERR_KEY_TYPE_MISMATCH;
116: goto out;
1.1 markus 117: }
1.4 djm 118: if (sshbuf_len(b) != 0) {
119: r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
120: goto out;
1.1 markus 121: }
122: if (len > crypto_sign_ed25519_BYTES) {
1.4 djm 123: r = SSH_ERR_INVALID_FORMAT;
124: goto out;
1.1 markus 125: }
1.5 daniel 126: if (datalen >= SIZE_MAX - len) {
127: r = SSH_ERR_INVALID_ARGUMENT;
128: goto out;
129: }
1.1 markus 130: smlen = len + datalen;
1.4 djm 131: mlen = smlen;
1.6 markus 132: if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) {
1.4 djm 133: r = SSH_ERR_ALLOC_FAIL;
134: goto out;
135: }
1.1 markus 136: memcpy(sm, sigblob, len);
137: memcpy(sm+len, data, datalen);
138: if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
139: key->ed25519_pk)) != 0) {
140: debug2("%s: crypto_sign_ed25519_open failed: %d",
141: __func__, ret);
142: }
1.4 djm 143: if (ret != 0 || mlen != datalen) {
144: r = SSH_ERR_SIGNATURE_INVALID;
145: goto out;
1.1 markus 146: }
147: /* XXX compare 'm' and 'data' ? */
1.4 djm 148: /* success */
149: r = 0;
150: out:
1.8 ! jsg 151: if (sm != NULL)
! 152: freezero(sm, smlen);
! 153: if (m != NULL)
! 154: freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
1.4 djm 155: sshbuf_free(b);
156: free(ktype);
157: return r;
158: }