diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:51:37 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:33 +1100 |
| commit | b7e74ea072919b31391bc0f5ff653f80b9f5e84f (patch) | |
| tree | adb2a736c1b9f6346d342600877818631f9dbb3d /ssh-ed25519-sk.c | |
| parent | d2b0f88178ec9e3f11b606bf1004ac2fe541a2c3 (diff) | |
upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
Diffstat (limited to 'ssh-ed25519-sk.c')
| -rw-r--r-- | ssh-ed25519-sk.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c index 622cb45c2..d11fde6fd 100644 --- a/ssh-ed25519-sk.c +++ b/ssh-ed25519-sk.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-ed25519-sk.c,v 1.2 2019/11/12 19:34:40 markus Exp $ */ | 1 | /* $OpenBSD: ssh-ed25519-sk.c,v 1.3 2019/11/25 00:51:37 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -33,7 +33,8 @@ | |||
| 33 | int | 33 | int |
| 34 | ssh_ed25519_sk_verify(const struct sshkey *key, | 34 | ssh_ed25519_sk_verify(const struct sshkey *key, |
| 35 | const u_char *signature, size_t signaturelen, | 35 | const u_char *signature, size_t signaturelen, |
| 36 | const u_char *data, size_t datalen, u_int compat) | 36 | const u_char *data, size_t datalen, u_int compat, |
| 37 | struct sshkey_sig_details **detailsp) | ||
| 37 | { | 38 | { |
| 38 | struct sshbuf *b = NULL; | 39 | struct sshbuf *b = NULL; |
| 39 | struct sshbuf *encoded = NULL; | 40 | struct sshbuf *encoded = NULL; |
| @@ -49,6 +50,10 @@ ssh_ed25519_sk_verify(const struct sshkey *key, | |||
| 49 | unsigned long long smlen = 0, mlen = 0; | 50 | unsigned long long smlen = 0, mlen = 0; |
| 50 | int r = SSH_ERR_INTERNAL_ERROR; | 51 | int r = SSH_ERR_INTERNAL_ERROR; |
| 51 | int ret; | 52 | int ret; |
| 53 | struct sshkey_sig_details *details = NULL; | ||
| 54 | |||
| 55 | if (detailsp != NULL) | ||
| 56 | *detailsp = NULL; | ||
| 52 | 57 | ||
| 53 | if (key == NULL || | 58 | if (key == NULL || |
| 54 | sshkey_type_plain(key->type) != KEY_ED25519_SK || | 59 | sshkey_type_plain(key->type) != KEY_ED25519_SK || |
| @@ -84,6 +89,12 @@ ssh_ed25519_sk_verify(const struct sshkey *key, | |||
| 84 | r = SSH_ERR_INVALID_ARGUMENT; | 89 | r = SSH_ERR_INVALID_ARGUMENT; |
| 85 | goto out; | 90 | goto out; |
| 86 | } | 91 | } |
| 92 | if ((details = calloc(1, sizeof(*details))) == NULL) { | ||
| 93 | r = SSH_ERR_ALLOC_FAIL; | ||
| 94 | goto out; | ||
| 95 | } | ||
| 96 | details->sk_counter = sig_counter; | ||
| 97 | details->sk_flags = sig_flags; | ||
| 87 | if ((encoded = sshbuf_new()) == NULL) { | 98 | if ((encoded = sshbuf_new()) == NULL) { |
| 88 | r = SSH_ERR_ALLOC_FAIL; | 99 | r = SSH_ERR_ALLOC_FAIL; |
| 89 | goto out; | 100 | goto out; |
| @@ -115,11 +126,16 @@ ssh_ed25519_sk_verify(const struct sshkey *key, | |||
| 115 | /* XXX compare 'm' and 'sm + len' ? */ | 126 | /* XXX compare 'm' and 'sm + len' ? */ |
| 116 | /* success */ | 127 | /* success */ |
| 117 | r = 0; | 128 | r = 0; |
| 129 | if (detailsp != NULL) { | ||
| 130 | *detailsp = details; | ||
| 131 | details = NULL; | ||
| 132 | } | ||
| 118 | out: | 133 | out: |
| 119 | if (m != NULL) { | 134 | if (m != NULL) { |
| 120 | explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ | 135 | explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */ |
| 121 | free(m); | 136 | free(m); |
| 122 | } | 137 | } |
| 138 | sshkey_sig_details_free(details); | ||
| 123 | sshbuf_free(b); | 139 | sshbuf_free(b); |
| 124 | sshbuf_free(encoded); | 140 | sshbuf_free(encoded); |
| 125 | free(ktype); | 141 | free(ktype); |