diff options
author | markus@openbsd.org <markus@openbsd.org> | 2019-11-12 19:30:21 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-13 08:48:48 +1100 |
commit | bc7b5d6187de625c086b5f639b25bbad17bbabfc (patch) | |
tree | 9433aa83c4bfbefdb5ac3e2449c3d25116fd38e1 /ssh-sk.c | |
parent | cef84a062db8cfeece26f067235dc440f6992c17 (diff) |
upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@
OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 63 |
1 files changed, 43 insertions, 20 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.2 2019/11/12 19:29:54 markus Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.3 2019/11/12 19:30:21 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -304,6 +304,43 @@ sshsk_enroll(const char *provider_path, const char *application, | |||
304 | return r; | 304 | return r; |
305 | } | 305 | } |
306 | 306 | ||
307 | static int | ||
308 | sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp) | ||
309 | { | ||
310 | struct sshbuf *inner_sig = NULL; | ||
311 | int r = SSH_ERR_INTERNAL_ERROR; | ||
312 | |||
313 | *retp = NULL; | ||
314 | if ((inner_sig = sshbuf_new()) == NULL) { | ||
315 | r = SSH_ERR_ALLOC_FAIL; | ||
316 | goto out; | ||
317 | } | ||
318 | /* Prepare inner signature object */ | ||
319 | if ((r = sshbuf_put_bignum2_bytes(inner_sig, | ||
320 | resp->sig_r, resp->sig_r_len)) != 0 || | ||
321 | (r = sshbuf_put_bignum2_bytes(inner_sig, | ||
322 | resp->sig_s, resp->sig_s_len)) != 0 || | ||
323 | (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 || | ||
324 | (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) { | ||
325 | debug("%s: buffer error: %s", __func__, ssh_err(r)); | ||
326 | goto out; | ||
327 | } | ||
328 | #ifdef DEBUG_SK | ||
329 | fprintf(stderr, "%s: sig_r:\n", __func__); | ||
330 | sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); | ||
331 | fprintf(stderr, "%s: sig_s:\n", __func__); | ||
332 | sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr); | ||
333 | fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", | ||
334 | __func__, resp->flags, resp->counter); | ||
335 | #endif | ||
336 | *retp = inner_sig; | ||
337 | inner_sig = NULL; | ||
338 | r = 0; | ||
339 | out: | ||
340 | sshbuf_free(inner_sig); | ||
341 | return r; | ||
342 | } | ||
343 | |||
307 | int | 344 | int |
308 | sshsk_ecdsa_sign(const char *provider_path, const struct sshkey *key, | 345 | sshsk_ecdsa_sign(const char *provider_path, const struct sshkey *key, |
309 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, | 346 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
@@ -345,34 +382,20 @@ sshsk_ecdsa_sign(const char *provider_path, const struct sshkey *key, | |||
345 | debug("%s: sk_sign failed with code %d", __func__, r); | 382 | debug("%s: sk_sign failed with code %d", __func__, r); |
346 | goto out; | 383 | goto out; |
347 | } | 384 | } |
348 | if ((sig = sshbuf_new()) == NULL || | ||
349 | (inner_sig = sshbuf_new()) == NULL) { | ||
350 | r = SSH_ERR_ALLOC_FAIL; | ||
351 | goto out; | ||
352 | } | ||
353 | /* Prepare inner signature object */ | 385 | /* Prepare inner signature object */ |
354 | if ((r = sshbuf_put_bignum2_bytes(inner_sig, | 386 | if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0) |
355 | resp->sig_r, resp->sig_r_len)) != 0 || | ||
356 | (r = sshbuf_put_bignum2_bytes(inner_sig, | ||
357 | resp->sig_s, resp->sig_s_len)) != 0 || | ||
358 | (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 || | ||
359 | (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) { | ||
360 | debug("%s: buffer error (inner): %s", __func__, ssh_err(r)); | ||
361 | goto out; | 387 | goto out; |
362 | } | ||
363 | /* Assemble outer signature */ | 388 | /* Assemble outer signature */ |
389 | if ((sig = sshbuf_new()) == NULL) { | ||
390 | r = SSH_ERR_ALLOC_FAIL; | ||
391 | goto out; | ||
392 | } | ||
364 | if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0 || | 393 | if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0 || |
365 | (r = sshbuf_put_stringb(sig, inner_sig)) != 0) { | 394 | (r = sshbuf_put_stringb(sig, inner_sig)) != 0) { |
366 | debug("%s: buffer error (outer): %s", __func__, ssh_err(r)); | 395 | debug("%s: buffer error (outer): %s", __func__, ssh_err(r)); |
367 | goto out; | 396 | goto out; |
368 | } | 397 | } |
369 | #ifdef DEBUG_SK | 398 | #ifdef DEBUG_SK |
370 | fprintf(stderr, "%s: sig_r:\n", __func__); | ||
371 | sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); | ||
372 | fprintf(stderr, "%s: sig_s:\n", __func__); | ||
373 | sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr); | ||
374 | fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", | ||
375 | __func__, resp->flags, resp->counter); | ||
376 | fprintf(stderr, "%s: hashed message:\n", __func__); | 399 | fprintf(stderr, "%s: hashed message:\n", __func__); |
377 | sshbuf_dump_data(message, sizeof(message), stderr); | 400 | sshbuf_dump_data(message, sizeof(message), stderr); |
378 | fprintf(stderr, "%s: inner:\n", __func__); | 401 | fprintf(stderr, "%s: inner:\n", __func__); |