Blame - ssh-ed25519.c - fp2-dev/platform/external/openssh

blob: b159ff5ee0ba78b51f2ebe6d2f0f1ff0e728025f [file] [log] [blame]

Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	1	/* $OpenBSD: ssh-ed25519.c,v 1.6 2015/01/15 21:38:50 markus Exp $ */
				2	/*
				3	* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
				4	*
				5	* Permission to use, copy, modify, and distribute this software for any
				6	* purpose with or without fee is hereby granted, provided that the above
				7	* copyright notice and this permission notice appear in all copies.
				8	*
				9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
				12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
				14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
				15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
				16	*/
				17
				18	#include "includes.h"
				19
				20	#include <sys/types.h>
				21	#include <limits.h>
				22
				23	#include "crypto_api.h"
				24
				25	#include <string.h>
				26	#include <stdarg.h>
				27
				28	#include "log.h"
				29	#include "sshbuf.h"
				30	#define SSHKEY_INTERNAL
				31	#include "sshkey.h"
				32	#include "ssherr.h"
				33	#include "ssh.h"
				34
				35	int
				36	ssh_ed25519_sign(const struct sshkey key, u_char sigp, size_t lenp,
				37	const u_char *data, size_t datalen, u_int compat)
				38	{
				39	u_char *sig = NULL;
				40	size_t slen = 0, len;
				41	unsigned long long smlen;
				42	int r, ret;
				43	struct sshbuf *b = NULL;
				44
				45	if (lenp != NULL)
				46	*lenp = 0;
				47	if (sigp != NULL)
				48	*sigp = NULL;
				49
				50	if (key == NULL \|\|
				51	sshkey_type_plain(key->type) != KEY_ED25519 \|\|
				52	key->ed25519_sk == NULL \|\|
				53	datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
				54	return SSH_ERR_INVALID_ARGUMENT;
				55	smlen = slen = datalen + crypto_sign_ed25519_BYTES;
				56	if ((sig = malloc(slen)) == NULL)
				57	return SSH_ERR_ALLOC_FAIL;
				58
				59	if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
				60	key->ed25519_sk)) != 0 \|\| smlen <= datalen) {
				61	r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
				62	goto out;
				63	}
				64	/* encode signature */
				65	if ((b = sshbuf_new()) == NULL) {
				66	r = SSH_ERR_ALLOC_FAIL;
				67	goto out;
				68	}
				69	if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 \|\|
				70	(r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
				71	goto out;
				72	len = sshbuf_len(b);
				73	if (sigp != NULL) {
				74	if ((*sigp = malloc(len)) == NULL) {
				75	r = SSH_ERR_ALLOC_FAIL;
				76	goto out;
				77	}
				78	memcpy(*sigp, sshbuf_ptr(b), len);
				79	}
				80	if (lenp != NULL)
				81	*lenp = len;
				82	/* success */
				83	r = 0;
				84	out:
				85	sshbuf_free(b);
				86	if (sig != NULL) {
				87	explicit_bzero(sig, slen);
				88	free(sig);
				89	}
				90
				91	return r;
				92	}
				93
				94	int
				95	ssh_ed25519_verify(const struct sshkey *key,
				96	const u_char *signature, size_t signaturelen,
				97	const u_char *data, size_t datalen, u_int compat)
				98	{
				99	struct sshbuf *b = NULL;
				100	char *ktype = NULL;
				101	const u_char *sigblob;
				102	u_char sm = NULL, m = NULL;
				103	size_t len;
				104	unsigned long long smlen = 0, mlen = 0;
				105	int r, ret;
				106
				107	if (key == NULL \|\|
				108	sshkey_type_plain(key->type) != KEY_ED25519 \|\|
				109	key->ed25519_pk == NULL \|\|
				110	datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
				111	return SSH_ERR_INVALID_ARGUMENT;
				112
				113	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
				114	return SSH_ERR_ALLOC_FAIL;
				115	if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 \|\|
				116	(r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
				117	goto out;
				118	if (strcmp("ssh-ed25519", ktype) != 0) {
				119	r = SSH_ERR_KEY_TYPE_MISMATCH;
				120	goto out;
				121	}
				122	if (sshbuf_len(b) != 0) {
				123	r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
				124	goto out;
				125	}
				126	if (len > crypto_sign_ed25519_BYTES) {
				127	r = SSH_ERR_INVALID_FORMAT;
				128	goto out;
				129	}
				130	if (datalen >= SIZE_MAX - len) {
				131	r = SSH_ERR_INVALID_ARGUMENT;
				132	goto out;
				133	}
				134	smlen = len + datalen;
				135	mlen = smlen;
				136	if ((sm = malloc(smlen)) == NULL \|\| (m = malloc(mlen)) == NULL) {
				137	r = SSH_ERR_ALLOC_FAIL;
				138	goto out;
				139	}
				140	memcpy(sm, sigblob, len);
				141	memcpy(sm+len, data, datalen);
				142	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
				143	key->ed25519_pk)) != 0) {
				144	debug2("%s: crypto_sign_ed25519_open failed: %d",
				145	__func__, ret);
				146	}
				147	if (ret != 0 \|\| mlen != datalen) {
				148	r = SSH_ERR_SIGNATURE_INVALID;
				149	goto out;
				150	}
				151	/* XXX compare 'm' and 'data' ? */
				152	/* success */
				153	r = 0;
				154	out:
				155	if (sm != NULL) {
				156	explicit_bzero(sm, smlen);
				157	free(sm);
				158	}
				159	if (m != NULL) {
				160	explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
				161	free(m);
				162	}
				163	sshbuf_free(b);
				164	free(ktype);
				165	return r;
				166	}