src/usr.bin/ssh/sshkey.c - diff

Return to sshkey.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshkey.c between version 1.89 and 1.90

version 1.89, 2019/11/12 19:31:18

version 1.90, 2019/11/12 19:33:08

Line 100

{ "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 },

{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL,

KEY_ED25519_CERT, 0, 1, 0 },

{ "sk-ssh-ed25519@openssh.com", "ED25519-SK", NULL,

KEY_ED25519_SK, 0, 0, 0 },

{ "sk-ssh-ed25519-cert-v01@openssh.com", "ED25519-SK-CERT", NULL,

KEY_ED25519_SK_CERT, 0, 1, 0 },

#ifdef WITH_XMSS

{ "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 },

{ "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL,

Line 322

Line 326

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_CERT:

case KEY_ED25519_SK:

case KEY_ED25519_SK_CERT:

case KEY_XMSS:

case KEY_XMSS_CERT:

return 256; /* XXX */

Line 338

Line 344

case KEY_ECDSA:

case KEY_ECDSA_SK:

case KEY_ED25519:

case KEY_ED25519_SK:

case KEY_XMSS:

return 1;

default:

Line 353

Line 360

return sshkey_type_is_cert(k->type);

}

int

sshkey_is_sk(const struct sshkey *k)

{

if (k == NULL)

return 0;

switch (sshkey_type_plain(k->type)) {

case KEY_ECDSA_SK:

case KEY_ED25519_SK:

return 1;

default:

return 0;

}

/* Return the cert-less equivalent to a certified key type */

int

sshkey_type_plain(int type)

Line 368

Line 389

return KEY_ECDSA_SK;

case KEY_ED25519_CERT:

return KEY_ED25519;

case KEY_ED25519_SK_CERT:

return KEY_ED25519_SK;

case KEY_XMSS_CERT:

return KEY_XMSS;

default:

Line 540

Line 563

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_CERT:

case KEY_ED25519_SK:

case KEY_ED25519_SK_CERT:

case KEY_XMSS:

case KEY_XMSS_CERT:

/* no need to prealloc */

Line 590

Line 615

k->ecdsa = NULL;

break;

#endif /* WITH_OPENSSL */

case KEY_ED25519_SK:

case KEY_ED25519_SK_CERT:

free(k->sk_application);

sshbuf_free(k->sk_key_handle);

sshbuf_free(k->sk_reserved);

/* FALLTHROUGH */

case KEY_ED25519:

case KEY_ED25519_CERT:

freezero(k->ed25519_pk, ED25519_PK_SZ);

Line 705

Line 736

BN_CTX_free(bnctx);

return 1;

#endif /* WITH_OPENSSL */

case KEY_ED25519_SK:

case KEY_ED25519_SK_CERT:

if (a->sk_application == NULL || b->sk_application == NULL)

return 0;

if (strcmp(a->sk_application, b->sk_application) != 0)

return 0;

/* FALLTHROUGH */

case KEY_ED25519:

case KEY_ED25519_CERT:

return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&

Line 811

Line 849

break;

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_SK:

if (key->ed25519_pk == NULL)

return SSH_ERR_INVALID_ARGUMENT;

if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||

(ret = sshbuf_put_string(b,

key->ed25519_pk, ED25519_PK_SZ)) != 0)

return ret;

if (type == KEY_ED25519_SK) {

if ((ret = sshbuf_put_cstring(b,

key->sk_application)) != 0)

return ret;

}

break;

#ifdef WITH_XMSS

case KEY_XMSS:

Line 1260

Line 1304

case KEY_ECDSA:

case KEY_ECDSA_SK:

case KEY_ED25519:

case KEY_ED25519_SK:

case KEY_DSA_CERT:

case KEY_ECDSA_CERT:

case KEY_ECDSA_SK_CERT:

case KEY_RSA_CERT:

case KEY_ED25519_CERT:

case KEY_ED25519_SK_CERT:

#ifdef WITH_XMSS

case KEY_XMSS:

case KEY_XMSS_CERT:

Line 1386

Line 1432

/* XXX */

#endif

break;

case KEY_ED25519_SK:

freezero(ret->ed25519_pk, ED25519_PK_SZ);

ret->ed25519_pk = k->ed25519_pk;

ret->sk_application = k->sk_application;

k->ed25519_pk = NULL;

k->sk_application = NULL;

break;

#ifdef WITH_XMSS

case KEY_XMSS:

free(ret->xmss_pk);

Line 1835

Line 1888

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_CERT:

case KEY_ED25519_SK:

case KEY_ED25519_SK_CERT:

if (k->ed25519_pk != NULL) {

if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {

r = SSH_ERR_ALLOC_FAIL;

Line 1842

Line 1897

}

memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);

}

if (k->type != KEY_ED25519_SK &&

k->type != KEY_ED25519_SK_CERT)

break;

/* Append security-key application string */

if ((n->sk_application = strdup(k->sk_application)) == NULL)

goto out;

break;

#ifdef WITH_XMSS

case KEY_XMSS:

Line 2399

Line 2460

break;

#endif /* WITH_OPENSSL */

case KEY_ED25519_CERT:

case KEY_ED25519_SK_CERT:

/* Skip nonce */

if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {

ret = SSH_ERR_INVALID_FORMAT;

Line 2406

Line 2468

}

/* FALLTHROUGH */

case KEY_ED25519:

case KEY_ED25519_SK:

if ((ret = sshbuf_get_string(b, &pk, &len)) != 0)

goto out;

if (len != ED25519_PK_SZ) {

Line 2416

Line 2479

ret = SSH_ERR_ALLOC_FAIL;

goto out;

}

if (type == KEY_ED25519_SK || type == KEY_ED25519_SK_CERT) {

/* Parse additional security-key application string */

if (sshbuf_get_cstring(b, &key->sk_application,

NULL) != 0) {

ret = SSH_ERR_INVALID_FORMAT;

goto out;

}

#ifdef DEBUG_PK

fprintf(stderr, "App: %s\n", key->sk_application);

#endif

}

key->ed25519_pk = pk;

pk = NULL;

break;

Line 2735

Line 2809

newtype = KEY_ECDSA_SK_CERT;

break;

#endif /* WITH_OPENSSL */

case KEY_ED25519_SK:

newtype = KEY_ED25519_SK_CERT;

break;

case KEY_ED25519:

newtype = KEY_ED25519_CERT;

break;

Line 3164

Line 3241

ED25519_SK_SZ)) != 0)

goto out;

break;

case KEY_ED25519_SK:

if ((r = sshbuf_put_string(b, key->ed25519_pk,

ED25519_PK_SZ)) != 0 ||

(r = sshbuf_put_cstring(b, key->sk_application)) != 0 ||

(r = sshbuf_put_u8(b, key->sk_flags)) != 0 ||

(r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 ||

(r = sshbuf_put_stringb(b, key->sk_reserved)) != 0)

goto out;

break;

case KEY_ED25519_SK_CERT:

if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {

r = SSH_ERR_INVALID_ARGUMENT;

goto out;

}

if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||

(r = sshbuf_put_string(b, key->ed25519_pk,

ED25519_PK_SZ)) != 0 ||

(r = sshbuf_put_cstring(b, key->sk_application)) != 0 ||

(r = sshbuf_put_u8(b, key->sk_flags)) != 0 ||

(r = sshbuf_put_stringb(b, key->sk_key_handle)) != 0 ||

(r = sshbuf_put_stringb(b, key->sk_reserved)) != 0)

goto out;

break;

#ifdef WITH_XMSS

case KEY_XMSS:

if (key->xmss_name == NULL) {

Line 3471

Line 3571

k->ed25519_sk = ed25519_sk;

ed25519_pk = ed25519_sk = NULL; /* transferred */

break;

case KEY_ED25519_SK:

if ((k = sshkey_new(type)) == NULL) {

r = SSH_ERR_ALLOC_FAIL;

goto out;

}

if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0)

goto out;

if (pklen != ED25519_PK_SZ) {

r = SSH_ERR_INVALID_FORMAT;

goto out;

}

if ((k->sk_key_handle = sshbuf_new()) == NULL ||

(k->sk_reserved = sshbuf_new()) == NULL) {

r = SSH_ERR_ALLOC_FAIL;

goto out;

}

if ((r = sshbuf_get_cstring(buf, &k->sk_application,

NULL)) != 0 ||

(r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 ||

(r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 ||

(r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0)

goto out;

k->ed25519_pk = ed25519_pk;

ed25519_pk = NULL;

break;

case KEY_ED25519_SK_CERT:

if ((r = sshkey_froms(buf, &k)) != 0 ||

(r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0)

goto out;

if (k->type != type) {

r = SSH_ERR_INVALID_FORMAT;

goto out;

}

if (pklen != ED25519_PK_SZ) {

r = SSH_ERR_INVALID_FORMAT;

goto out;

}

if ((k->sk_key_handle = sshbuf_new()) == NULL ||

(k->sk_reserved = sshbuf_new()) == NULL) {

r = SSH_ERR_ALLOC_FAIL;

goto out;

}

if ((r = sshbuf_get_cstring(buf, &k->sk_application,

NULL)) != 0 ||

(r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 ||

(r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 ||

(r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0)

goto out;

k->ed25519_pk = ed25519_pk;

ed25519_pk = NULL; /* transferred */

break;

#ifdef WITH_XMSS

case KEY_XMSS:

if ((k = sshkey_new(type)) == NULL) {

Line 4198

Line 4349

break; /* see below */

#endif /* WITH_OPENSSL */

case KEY_ED25519:

case KEY_ED25519_SK:

#ifdef WITH_XMSS

case KEY_XMSS:

#endif /* WITH_XMSS */