- (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]

[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on Linux
author: Damien Miller <djm@mindrot.org> 2013-12-07 12:37:53 +1100
committer: Damien Miller <djm@mindrot.org> 2013-12-07 12:37:53 +1100
commit: f104da263de995f66b6861b4f3368264ee483d7f (patch)
tree: 8e35eee092458a376a7c67854ace7440626a8fa4
parent: 1ff130dac9b7aea0628f4ad30683431fe35e0020 (diff)
5 files changed, 31 insertions, 33 deletions
diff --git a/ChangeLog b/ChangeLog
index 5d630fb57..cf5e0d504 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,14 +33,17 @@
   - djm@cvs.openbsd.org 2013/12/07 00:19:15
     [key.c]
     set k->cert = NULL after freeing it
- - [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
+ - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
   [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
- - [Makefile.in] Add ed25519 sources
+ - (djm) [Makefile.in] Add ed25519 sources
- - [authfile.c] Conditionalise inclusion of util.h
+ - (djm) [authfile.c] Conditionalise inclusion of util.h
- - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
+ - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
   [openbsd-compat/blf.h openbsd-compat/blowfish.c]
   [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
   portable.
+ - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
+   [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
+   Linux
 20131205
 - (djm) OpenBSD CVS Sync
diff --git a/ed25519.c b/ed25519.c
index c7c861bb6..9c9879c09 100644
--- a/ed25519.c
+++ b/ed25519.c
@@ -2,6 +2,7 @@
 /* Public Domain, from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c */
+#include "includes.h"
 #include "crypto_api.h"
 #include "ge25519.h"
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 3866a5495..276646fa6 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.53 2013/12/07 00:51:54 djm Exp $
+# $Id: Makefile.in,v 1.54 2013/12/07 01:37:54 djm Exp $
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
-OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
+OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
 COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 58bbfe15b..e0736feaf 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -24,18 +24,13 @@
 #include <stdlib.h>
 #include <string.h>
-#include <util.h>
 #ifdef HAVE_BLF_H
 # include <blf.h>
 #endif
-#ifdef HAVE_SHA256_UPDATE
-# ifdef HAVE_SHA2_H
+#include "crypto_api.h"
-#  include <sha2.h>
+#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
-# elif defined(HAVE_CRYPTO_SHA2_H)
-#  include <crypto/sha2.h>
-# endif
-#endif
 /*
 * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
@@ -109,12 +104,11 @@ int
 bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
    u_int8_t *key, size_t keylen, unsigned int rounds)
 {
-        SHA2_CTX ctx;
        u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
        u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
        u_int8_t out[BCRYPT_HASHSIZE];
        u_int8_t tmpout[BCRYPT_HASHSIZE];
-        u_int8_t countsalt[4];
+        u_int8_t *countsalt;
        size_t i, j, amt, stride;
        uint32_t count;
@@ -122,37 +116,34 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
        if (rounds < 1)
                return -1;
        if (passlen == 0 || saltlen == 0 || keylen == 0 ||
-            keylen > sizeof(out) * sizeof(out))
+            keylen > sizeof(out) * sizeof(out) || saltlen > 1<<20)
+                return -1;
+        if ((countsalt = calloc(1, saltlen + 4)) == NULL)
                return -1;
        stride = (keylen + sizeof(out) - 1) / sizeof(out);
        amt = (keylen + stride - 1) / stride;
-        /* collapse password */
+        memcpy(countsalt, salt, saltlen);
-        SHA512Init(&ctx);
-        SHA512Update(&ctx, pass, passlen);
-        SHA512Final(sha2pass, &ctx);
+        /* collapse password */
+        crypto_hash_sha512(sha2pass, pass, passlen);
        /* generate key, sizeof(out) at a time */
        for (count = 1; keylen > 0; count++) {
-                countsalt[0] = (count >> 24) & 0xff;
+                countsalt[saltlen + 0] = (count >> 24) & 0xff;
-                countsalt[1] = (count >> 16) & 0xff;
+                countsalt[saltlen + 1] = (count >> 16) & 0xff;
-                countsalt[2] = (count >> 8) & 0xff;
+                countsalt[saltlen + 2] = (count >> 8) & 0xff;
-                countsalt[3] = count & 0xff;
+                countsalt[saltlen + 3] = count & 0xff;
                /* first round, salt is salt */
-                SHA512Init(&ctx);
+                crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
-                SHA512Update(&ctx, salt, saltlen);
-                SHA512Update(&ctx, countsalt, sizeof(countsalt));
-                SHA512Final(sha2salt, &ctx);
                bcrypt_hash(sha2pass, sha2salt, tmpout);
                memcpy(out, tmpout, sizeof(out));
                for (i = 1; i < rounds; i++) {
                        /* subsequent rounds, salt is previous output */
-                        SHA512Init(&ctx);
+                        crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
-                        SHA512Update(&ctx, tmpout, sizeof(tmpout));
-                        SHA512Final(sha2salt, &ctx);
                        bcrypt_hash(sha2pass, sha2salt, tmpout);
                        for (j = 0; j < sizeof(out); j++)
                                out[j] ^= tmpout[j];
@@ -168,8 +159,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t salt
        }
        /* zap */
-        memset(&ctx, 0, sizeof(ctx));
        memset(out, 0, sizeof(out));
+        memset(countsalt, 0, saltlen + 4);
+        free(countsalt);
        return 0;
 }
diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index c03c16346..1aedcf83a 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -15,6 +15,8 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
+#include "includes.h"
 #include <sys/types.h>
 #include "crypto_api.h"
author	Damien Miller <djm@mindrot.org>	2013-12-07 12:37:53 +1100
committer	Damien Miller <djm@mindrot.org>	2013-12-07 12:37:53 +1100
commit	f104da263de995f66b6861b4f3368264ee483d7f (patch)
tree	8e35eee092458a376a7c67854ace7440626a8fa4
parent	1ff130dac9b7aea0628f4ad30683431fe35e0020 (diff)

diff --git a/ChangeLog b/ChangeLog index 5d630fb57..cf5e0d504 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -33,14 +33,17 @@
33	- djm@cvs.openbsd.org 2013/12/07 00:19:15	33	- djm@cvs.openbsd.org 2013/12/07 00:19:15
34	[key.c]	34	[key.c]
35	set k->cert = NULL after freeing it	35	set k->cert = NULL after freeing it
36	- [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]	36	- (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
37	[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents	37	[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
38	- [Makefile.in] Add ed25519 sources	38	- (djm) [Makefile.in] Add ed25519 sources
39	- [authfile.c] Conditionalise inclusion of util.h	39	- (djm) [authfile.c] Conditionalise inclusion of util.h
40	- [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]	40	- (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
41	[openbsd-compat/blf.h openbsd-compat/blowfish.c]	41	[openbsd-compat/blf.h openbsd-compat/blowfish.c]
42	[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in	42	[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
43	portable.	43	portable.
		44	- (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
		45	[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
		46	Linux
44		47
45	20131205	48	20131205
46	- (djm) OpenBSD CVS Sync	49	- (djm) OpenBSD CVS Sync


diff --git a/ed25519.c b/ed25519.c index c7c861bb6..9c9879c09 100644 --- a/ed25519.c +++ b/ed25519.c
@@ -2,6 +2,7 @@
2		2
3	/* Public Domain, from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c */	3	/* Public Domain, from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c */
4		4
		5	#include "includes.h"
5	#include "crypto_api.h"	6	#include "crypto_api.h"
6		7
7	#include "ge25519.h"	8	#include "ge25519.h"


diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3866a5495..276646fa6 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1	# $Id: Makefile.in,v 1.53 2013/12/07 00:51:54 djm Exp $	1	# $Id: Makefile.in,v 1.54 2013/12/07 01:37:54 djm Exp $
2		2
3	sysconfdir=@sysconfdir@	3	sysconfdir=@sysconfdir@
4	piddir=@piddir@	4	piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
16	INSTALL=@INSTALL@	16	INSTALL=@INSTALL@
17	LDFLAGS=-L. @LDFLAGS@	17	LDFLAGS=-L. @LDFLAGS@
18		18
19	OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o	19	OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
20		20
21	COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22


diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c index 58bbfe15b..e0736feaf 100644 --- a/openbsd-compat/bcrypt_pbkdf.c +++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -24,18 +24,13 @@
24		24
25	#include <stdlib.h>	25	#include <stdlib.h>
26	#include <string.h>	26	#include <string.h>
27	#include <util.h>
28		27
29	#ifdef HAVE_BLF_H	28	#ifdef HAVE_BLF_H
30	# include <blf.h>	29	# include <blf.h>
31	#endif	30	#endif
32	#ifdef HAVE_SHA256_UPDATE	31
33	# ifdef HAVE_SHA2_H	32	#include "crypto_api.h"
34	# include <sha2.h>	33	#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
35	# elif defined(HAVE_CRYPTO_SHA2_H)
36	# include <crypto/sha2.h>
37	# endif
38	#endif
39		34
40	/*	35	/*
41	* pkcs #5 pbkdf2 implementation using the "bcrypt" hash	36	* pkcs #5 pbkdf2 implementation using the "bcrypt" hash
@@ -109,12 +104,11 @@ int
109	bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t saltlen,	104	bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t saltlen,
110	u_int8_t *key, size_t keylen, unsigned int rounds)	105	u_int8_t *key, size_t keylen, unsigned int rounds)
111	{	106	{
112	SHA2_CTX ctx;
113	u_int8_t sha2pass[SHA512_DIGEST_LENGTH];	107	u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
114	u_int8_t sha2salt[SHA512_DIGEST_LENGTH];	108	u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
115	u_int8_t out[BCRYPT_HASHSIZE];	109	u_int8_t out[BCRYPT_HASHSIZE];
116	u_int8_t tmpout[BCRYPT_HASHSIZE];	110	u_int8_t tmpout[BCRYPT_HASHSIZE];
117	u_int8_t countsalt[4];	111	u_int8_t *countsalt;
118	size_t i, j, amt, stride;	112	size_t i, j, amt, stride;
119	uint32_t count;	113	uint32_t count;
120		114
@@ -122,37 +116,34 @@ bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t salt
122	if (rounds < 1)	116	if (rounds < 1)
123	return -1;	117	return -1;
124	if (passlen == 0 \|\| saltlen == 0 \|\| keylen == 0 \|\|	118	if (passlen == 0 \|\| saltlen == 0 \|\| keylen == 0 \|\|
125	keylen > sizeof(out) * sizeof(out))	119	keylen > sizeof(out) * sizeof(out) \|\| saltlen > 1<<20)
		120	return -1;
		121	if ((countsalt = calloc(1, saltlen + 4)) == NULL)
126	return -1;	122	return -1;
127	stride = (keylen + sizeof(out) - 1) / sizeof(out);	123	stride = (keylen + sizeof(out) - 1) / sizeof(out);
128	amt = (keylen + stride - 1) / stride;	124	amt = (keylen + stride - 1) / stride;
129		125
130	/* collapse password */	126	memcpy(countsalt, salt, saltlen);
131	SHA512Init(&ctx);
132	SHA512Update(&ctx, pass, passlen);
133	SHA512Final(sha2pass, &ctx);
134		127
		128	/* collapse password */
		129	crypto_hash_sha512(sha2pass, pass, passlen);
135		130
136	/* generate key, sizeof(out) at a time */	131	/* generate key, sizeof(out) at a time */
137	for (count = 1; keylen > 0; count++) {	132	for (count = 1; keylen > 0; count++) {
138	countsalt[0] = (count >> 24) & 0xff;	133	countsalt[saltlen + 0] = (count >> 24) & 0xff;
139	countsalt[1] = (count >> 16) & 0xff;	134	countsalt[saltlen + 1] = (count >> 16) & 0xff;
140	countsalt[2] = (count >> 8) & 0xff;	135	countsalt[saltlen + 2] = (count >> 8) & 0xff;
141	countsalt[3] = count & 0xff;	136	countsalt[saltlen + 3] = count & 0xff;
142		137
143	/* first round, salt is salt */	138	/* first round, salt is salt */
144	SHA512Init(&ctx);	139	crypto_hash_sha512(sha2salt, countsalt, saltlen + 4);
145	SHA512Update(&ctx, salt, saltlen);	140
146	SHA512Update(&ctx, countsalt, sizeof(countsalt));
147	SHA512Final(sha2salt, &ctx);
148	bcrypt_hash(sha2pass, sha2salt, tmpout);	141	bcrypt_hash(sha2pass, sha2salt, tmpout);
149	memcpy(out, tmpout, sizeof(out));	142	memcpy(out, tmpout, sizeof(out));
150		143
151	for (i = 1; i < rounds; i++) {	144	for (i = 1; i < rounds; i++) {
152	/* subsequent rounds, salt is previous output */	145	/* subsequent rounds, salt is previous output */
153	SHA512Init(&ctx);	146	crypto_hash_sha512(sha2salt, tmpout, sizeof(tmpout));
154	SHA512Update(&ctx, tmpout, sizeof(tmpout));
155	SHA512Final(sha2salt, &ctx);
156	bcrypt_hash(sha2pass, sha2salt, tmpout);	147	bcrypt_hash(sha2pass, sha2salt, tmpout);
157	for (j = 0; j < sizeof(out); j++)	148	for (j = 0; j < sizeof(out); j++)
158	out[j] ^= tmpout[j];	149	out[j] ^= tmpout[j];
@@ -168,8 +159,9 @@ bcrypt_pbkdf(const char pass, size_t passlen, const u_int8_t salt, size_t salt
168	}	159	}
169		160
170	/* zap */	161	/* zap */
171	memset(&ctx, 0, sizeof(ctx));
172	memset(out, 0, sizeof(out));	162	memset(out, 0, sizeof(out));
		163	memset(countsalt, 0, saltlen + 4);
		164	free(countsalt);
173		165
174	return 0;	166	return 0;
175	}	167	}


diff --git a/ssh-ed25519.c b/ssh-ed25519.c index c03c16346..1aedcf83a 100644 --- a/ssh-ed25519.c +++ b/ssh-ed25519.c
@@ -15,6 +15,8 @@
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/	16	*/
17		17
		18	#include "includes.h"
		19
18	#include <sys/types.h>	20	#include <sys/types.h>
19		21
20	#include "crypto_api.h"	22	#include "crypto_api.h"