diff options
author | markus@openbsd.org <markus@openbsd.org> | 2019-11-12 19:31:45 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-13 08:49:52 +1100 |
commit | 7c32b51edbed5bd57870249c0a45dffd06be0002 (patch) | |
tree | 36f0aaec6be57d03eb667885da79c5d7ab428b8f /ssh-sk.c | |
parent | fe05a36dc0ea884c8c2395d53d804fe4f4202b26 (diff) |
upstream: implement sshsk_ed25519_assemble(); ok djm
OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 58 |
1 files changed, 54 insertions, 4 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.6 2019/11/12 19:31:45 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -39,6 +39,7 @@ | |||
39 | 39 | ||
40 | #include "ssh-sk.h" | 40 | #include "ssh-sk.h" |
41 | #include "sk-api.h" | 41 | #include "sk-api.h" |
42 | #include "crypto_api.h" | ||
42 | 43 | ||
43 | struct sshsk_provider { | 44 | struct sshsk_provider { |
44 | char *path; | 45 | char *path; |
@@ -198,8 +199,40 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) | |||
198 | return r; | 199 | return r; |
199 | } | 200 | } |
200 | 201 | ||
202 | static int | ||
203 | sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp) | ||
204 | { | ||
205 | struct sshkey *key = NULL; | ||
206 | int r; | ||
207 | |||
208 | *keyp = NULL; | ||
209 | if (resp->public_key_len != ED25519_PK_SZ) { | ||
210 | error("%s: invalid size: %zu", __func__, resp->public_key_len); | ||
211 | r = SSH_ERR_INVALID_FORMAT; | ||
212 | goto out; | ||
213 | } | ||
214 | if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) { | ||
215 | error("%s: sshkey_new failed", __func__); | ||
216 | r = SSH_ERR_ALLOC_FAIL; | ||
217 | goto out; | ||
218 | } | ||
219 | if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) { | ||
220 | error("%s: malloc failed", __func__); | ||
221 | r = SSH_ERR_ALLOC_FAIL; | ||
222 | goto out; | ||
223 | } | ||
224 | memcpy(key->ed25519_pk, resp->public_key, ED25519_PK_SZ); | ||
225 | /* success */ | ||
226 | *keyp = key; | ||
227 | key = NULL; /* transferred */ | ||
228 | r = 0; | ||
229 | out: | ||
230 | sshkey_free(key); | ||
231 | return r; | ||
232 | } | ||
233 | |||
201 | int | 234 | int |
202 | sshsk_enroll(const char *provider_path, const char *application, | 235 | sshsk_enroll(int type, const char *provider_path, const char *application, |
203 | uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, | 236 | uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp, |
204 | struct sshbuf *attest) | 237 | struct sshbuf *attest) |
205 | { | 238 | { |
@@ -214,6 +247,15 @@ sshsk_enroll(const char *provider_path, const char *application, | |||
214 | *keyp = NULL; | 247 | *keyp = NULL; |
215 | if (attest) | 248 | if (attest) |
216 | sshbuf_reset(attest); | 249 | sshbuf_reset(attest); |
250 | switch (type) { | ||
251 | case KEY_ECDSA_SK: | ||
252 | case KEY_ED25519_SK: | ||
253 | break; | ||
254 | default: | ||
255 | error("%s: unsupported key type", __func__); | ||
256 | r = SSH_ERR_INVALID_ARGUMENT; | ||
257 | goto out; | ||
258 | } | ||
217 | if (provider_path == NULL) { | 259 | if (provider_path == NULL) { |
218 | error("%s: missing provider", __func__); | 260 | error("%s: missing provider", __func__); |
219 | r = SSH_ERR_INVALID_ARGUMENT; | 261 | r = SSH_ERR_INVALID_ARGUMENT; |
@@ -259,8 +301,16 @@ sshsk_enroll(const char *provider_path, const char *application, | |||
259 | r = SSH_ERR_INVALID_FORMAT; | 301 | r = SSH_ERR_INVALID_FORMAT; |
260 | goto out; | 302 | goto out; |
261 | } | 303 | } |
262 | if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) | 304 | switch (type) { |
263 | goto out; | 305 | case KEY_ECDSA_SK: |
306 | if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0) | ||
307 | goto out; | ||
308 | break; | ||
309 | case KEY_ED25519_SK: | ||
310 | if ((r = sshsk_ed25519_assemble(resp, &key)) != 0) | ||
311 | goto out; | ||
312 | break; | ||
313 | } | ||
264 | key->sk_flags = flags; | 314 | key->sk_flags = flags; |
265 | if ((key->sk_key_handle = sshbuf_new()) == NULL || | 315 | if ((key->sk_key_handle = sshbuf_new()) == NULL || |
266 | (key->sk_reserved = sshbuf_new()) == NULL) { | 316 | (key->sk_reserved = sshbuf_new()) == NULL) { |