Blame - ssh-ecdsa.c - platform/external/openssh

blob: 3069ca5bc614612c3cc52cbd22313e51ef08c209 [file] [log] [blame]

Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1	/* $OpenBSD */
				2	/*
				3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				4	* Copyright (c) 2010 Damien Miller. All rights reserved.
				5	*
				6	* Redistribution and use in source and binary forms, with or without
				7	* modification, are permitted provided that the following conditions
				8	* are met:
				9	* 1. Redistributions of source code must retain the above copyright
				10	* notice, this list of conditions and the following disclaimer.
				11	* 2. Redistributions in binary form must reproduce the above copyright
				12	* notice, this list of conditions and the following disclaimer in the
				13	* documentation and/or other materials provided with the distribution.
				14	*
				15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				25	*/
				26
Damien Miller	c79ff07	2010-08-31 22:50:48 +1000	[diff] [blame^]	27	#include "includes.h"
				28
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	29	#include <sys/types.h>
				30
				31	#include <openssl/bn.h>
				32	#include <openssl/ec.h>
				33	#include <openssl/ecdsa.h>
				34	#include <openssl/evp.h>
				35
				36	#include <string.h>
				37
				38	#include "xmalloc.h"
				39	#include "buffer.h"
				40	#include "compat.h"
				41	#include "log.h"
				42	#include "key.h"
				43
				44	int
				45	ssh_ecdsa_sign(const Key key, u_char sigp, u_int lenp,
				46	const u_char *data, u_int datalen)
				47	{
				48	ECDSA_SIG *sig;
				49	const EVP_MD *evp_md = EVP_sha256();
				50	EVP_MD_CTX md;
				51	u_char digest[EVP_MAX_MD_SIZE];
				52	u_int len, dlen;
				53	Buffer b, bb;
				54
				55	if (key == NULL \|\| key->ecdsa == NULL \|\|
				56	(key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) {
				57	error("%s: no ECDSA key", __func__);
				58	return -1;
				59	}
				60	EVP_DigestInit(&md, evp_md);
				61	EVP_DigestUpdate(&md, data, datalen);
				62	EVP_DigestFinal(&md, digest, &dlen);
				63
				64	sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
				65	memset(digest, 'd', sizeof(digest));
				66
				67	if (sig == NULL) {
				68	error("%s: sign failed", __func__);
				69	return -1;
				70	}
				71
				72	buffer_init(&bb);
				73	buffer_put_bignum2(&bb, sig->r);
				74	buffer_put_bignum2(&bb, sig->s);
				75	ECDSA_SIG_free(sig);
				76
				77	buffer_init(&b);
				78	buffer_put_cstring(&b, key_ssh_name_plain(key));
				79	buffer_put_string(&b, buffer_ptr(&bb), buffer_len(&bb));
				80	buffer_free(&bb);
				81	len = buffer_len(&b);
				82	if (lenp != NULL)
				83	*lenp = len;
				84	if (sigp != NULL) {
				85	*sigp = xmalloc(len);
				86	memcpy(*sigp, buffer_ptr(&b), len);
				87	}
				88	buffer_free(&b);
				89
				90	return 0;
				91	}
				92	int
				93	ssh_ecdsa_verify(const Key key, const u_char signature, u_int signaturelen,
				94	const u_char *data, u_int datalen)
				95	{
				96	ECDSA_SIG *sig;
				97	const EVP_MD *evp_md = EVP_sha256();
				98	EVP_MD_CTX md;
				99	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
				100	u_int len, dlen;
				101	int rlen, ret;
				102	Buffer b, bb;
				103
				104	if (key == NULL \|\| key->ecdsa == NULL \|\|
				105	(key->type != KEY_ECDSA && key->type != KEY_ECDSA_CERT)) {
				106	error("%s: no ECDSA key", __func__);
				107	return -1;
				108	}
				109
				110	/* fetch signature */
				111	char *ktype;
				112	buffer_init(&b);
				113	buffer_append(&b, signature, signaturelen);
				114	ktype = buffer_get_string(&b, NULL);
				115	if (strcmp(key_ssh_name_plain(key), ktype) != 0) {
				116	error("%s: cannot handle type %s", __func__, ktype);
				117	buffer_free(&b);
				118	xfree(ktype);
				119	return -1;
				120	}
				121	xfree(ktype);
				122	sigblob = buffer_get_string(&b, &len);
				123	rlen = buffer_len(&b);
				124	buffer_free(&b);
				125	if (rlen != 0) {
				126	error("%s: remaining bytes in signature %d", __func__, rlen);
				127	xfree(sigblob);
				128	return -1;
				129	}
				130
				131	/* parse signature */
				132	if ((sig = ECDSA_SIG_new()) == NULL)
				133	fatal("%s: ECDSA_SIG_new failed", __func__);
				134	if ((sig->r = BN_new()) == NULL \|\|
				135	(sig->s = BN_new()) == NULL)
				136	fatal("%s: BN_new failed", __func__);
				137
				138	buffer_init(&bb);
				139	buffer_append(&bb, sigblob, len);
				140	buffer_get_bignum2(&bb, sig->r);
				141	buffer_get_bignum2(&bb, sig->s);
				142	if (buffer_len(&bb) != 0)
				143	fatal("%s: remaining bytes in inner sigblob", __func__);
				144
				145	/* clean up */
				146	memset(sigblob, 0, len);
				147	xfree(sigblob);
				148
				149	/* hash the data */
				150	EVP_DigestInit(&md, evp_md);
				151	EVP_DigestUpdate(&md, data, datalen);
				152	EVP_DigestFinal(&md, digest, &dlen);
				153
				154	ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
				155	memset(digest, 'd', sizeof(digest));
				156
				157	ECDSA_SIG_free(sig);
				158
				159	debug("%s: signature %s", __func__,
				160	ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
				161	return ret;
				162	}