upstream: implement sshsk_ed25519_assemble(); ok djm

OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
author: markus@openbsd.org <markus@openbsd.org> 2019-11-12 19:31:45 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-13 08:49:52 +1100
commit: 7c32b51edbed5bd57870249c0a45dffd06be0002 (patch)
tree: 36f0aaec6be57d03eb667885da79c5d7ab428b8f /ssh-sk.c
parent: fe05a36dc0ea884c8c2395d53d804fe4f4202b26 (diff)
1 files changed, 54 insertions, 4 deletions
diff --git a/ssh-sk.c b/ssh-sk.c
index 335f45773..43f808efc 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.6 2019/11/12 19:31:45 markus Exp $ */
 /*
 * Copyright (c) 2019 Google LLC
 *
@@ -39,6 +39,7 @@
 #include "ssh-sk.h"
 #include "sk-api.h"
+#include "crypto_api.h"
 struct sshsk_provider {
        char *path;
@@ -198,8 +199,40 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
        return r;
 }
+static int
+sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
+{
+        struct sshkey *key = NULL;
+        int r;
+        *keyp = NULL;
+        if (resp->public_key_len != ED25519_PK_SZ) {
+                error("%s: invalid size: %zu", __func__, resp->public_key_len);
+                r = SSH_ERR_INVALID_FORMAT;
+                goto out;
+        }
+        if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
+                error("%s: sshkey_new failed", __func__);
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
+                error("%s: malloc failed", __func__);
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ);
+        /* success */
+        *keyp = key;
+        key = NULL; /* transferred */
+        r = 0;
+ out:
+        sshkey_free(key);
+        return r;
+}
 int
-sshsk_enroll(const char *provider_path, const char *application,
+sshsk_enroll(int type, const char *provider_path, const char *application,
    uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp,
    struct sshbuf *attest)
 {
@@ -214,6 +247,15 @@ sshsk_enroll(const char *provider_path, const char *application,
        *keyp = NULL;
        if (attest)
                sshbuf_reset(attest);
+        switch (type) {
+        case KEY_ECDSA_SK:
+        case KEY_ED25519_SK:
+                break;
+        default:
+                error("%s: unsupported key type", __func__);
+                r = SSH_ERR_INVALID_ARGUMENT;
+                goto out;
+        }
        if (provider_path == NULL) {
                error("%s: missing provider", __func__);
                r = SSH_ERR_INVALID_ARGUMENT;
@@ -259,8 +301,16 @@ sshsk_enroll(const char *provider_path, const char *application,
                r = SSH_ERR_INVALID_FORMAT;
                goto out;
        }
-        if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
+        switch (type) {
-                goto out;
+        case KEY_ECDSA_SK:
+                if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
+                        goto out;
+                break;
+        case KEY_ED25519_SK:
+                if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
+                        goto out;
+                break;
+        }
        key->sk_flags = flags;
        if ((key->sk_key_handle = sshbuf_new()) == NULL ||
            (key->sk_reserved = sshbuf_new()) == NULL) {
author	markus@openbsd.org <markus@openbsd.org>	2019-11-12 19:31:45 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-13 08:49:52 +1100
commit	7c32b51edbed5bd57870249c0a45dffd06be0002 (patch)
tree	36f0aaec6be57d03eb667885da79c5d7ab428b8f /ssh-sk.c
parent	fe05a36dc0ea884c8c2395d53d804fe4f4202b26 (diff)

diff --git a/ssh-sk.c b/ssh-sk.c index 335f45773..43f808efc 100644 --- a/ssh-sk.c +++ b/ssh-sk.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */	1	/* $OpenBSD: ssh-sk.c,v 1.6 2019/11/12 19:31:45 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019 Google LLC	3	* Copyright (c) 2019 Google LLC
4	*	4	*
@@ -39,6 +39,7 @@
39		39
40	#include "ssh-sk.h"	40	#include "ssh-sk.h"
41	#include "sk-api.h"	41	#include "sk-api.h"
		42	#include "crypto_api.h"
42		43
43	struct sshsk_provider {	44	struct sshsk_provider {
44	char *path;	45	char *path;
@@ -198,8 +199,40 @@ sshsk_ecdsa_assemble(struct sk_enroll_response resp, struct sshkey *keyp)
198	return r;	199	return r;
199	}	200	}
200		201
		202	static int
		203	sshsk_ed25519_assemble(struct sk_enroll_response resp, struct sshkey *keyp)
		204	{
		205	struct sshkey *key = NULL;
		206	int r;
		207
		208	*keyp = NULL;
		209	if (resp->public_key_len != ED25519_PK_SZ) {
		210	error("%s: invalid size: %zu", __func__, resp->public_key_len);
		211	r = SSH_ERR_INVALID_FORMAT;
		212	goto out;
		213	}
		214	if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
		215	error("%s: sshkey_new failed", __func__);
		216	r = SSH_ERR_ALLOC_FAIL;
		217	goto out;
		218	}
		219	if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
		220	error("%s: malloc failed", __func__);
		221	r = SSH_ERR_ALLOC_FAIL;
		222	goto out;
		223	}
		224	memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ);
		225	/* success */
		226	*keyp = key;
		227	key = NULL; /* transferred */
		228	r = 0;
		229	out:
		230	sshkey_free(key);
		231	return r;
		232	}
		233
201	int	234	int
202	sshsk_enroll(const char provider_path, const char application,	235	sshsk_enroll(int type, const char provider_path, const char application,
203	uint8_t flags, struct sshbuf challenge_buf, struct sshkey *keyp,	236	uint8_t flags, struct sshbuf challenge_buf, struct sshkey *keyp,
204	struct sshbuf *attest)	237	struct sshbuf *attest)
205	{	238	{
@@ -214,6 +247,15 @@ sshsk_enroll(const char provider_path, const char application,
214	*keyp = NULL;	247	*keyp = NULL;
215	if (attest)	248	if (attest)
216	sshbuf_reset(attest);	249	sshbuf_reset(attest);
		250	switch (type) {
		251	case KEY_ECDSA_SK:
		252	case KEY_ED25519_SK:
		253	break;
		254	default:
		255	error("%s: unsupported key type", __func__);
		256	r = SSH_ERR_INVALID_ARGUMENT;
		257	goto out;
		258	}
217	if (provider_path == NULL) {	259	if (provider_path == NULL) {
218	error("%s: missing provider", __func__);	260	error("%s: missing provider", __func__);
219	r = SSH_ERR_INVALID_ARGUMENT;	261	r = SSH_ERR_INVALID_ARGUMENT;
@@ -259,8 +301,16 @@ sshsk_enroll(const char provider_path, const char application,
259	r = SSH_ERR_INVALID_FORMAT;	301	r = SSH_ERR_INVALID_FORMAT;
260	goto out;	302	goto out;
261	}	303	}
262	if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)	304	switch (type) {
263	goto out;	305	case KEY_ECDSA_SK:
		306	if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
		307	goto out;
		308	break;
		309	case KEY_ED25519_SK:
		310	if ((r = sshsk_ed25519_assemble(resp, &key)) != 0)
		311	goto out;
		312	break;
		313	}
264	key->sk_flags = flags;	314	key->sk_flags = flags;
265	if ((key->sk_key_handle = sshbuf_new()) == NULL \|\|	315	if ((key->sk_key_handle = sshbuf_new()) == NULL \|\|
266	(key->sk_reserved = sshbuf_new()) == NULL) {	316	(key->sk_reserved = sshbuf_new()) == NULL) {