upstream: implement sshsk_ed25519_inner_sig(); ok djm

OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910
author: markus@openbsd.org <markus@openbsd.org> 2019-11-12 19:31:18 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-13 08:49:52 +1100
commit: fe05a36dc0ea884c8c2395d53d804fe4f4202b26 (patch)
tree: f2497141020c6991fd5d538b6e1f88f1213219d4 /ssh-sk.c
parent: e03a29e6554cd0c9cdbac0dae53dd79e6eb4ea47 (diff)
1 files changed, 53 insertions, 6 deletions
diff --git a/ssh-sk.c b/ssh-sk.c
index e11fd1912..335f45773 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.4 2019/11/12 19:30:50 markus Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */
 /*
 * Copyright (c) 2019 Google LLC
 *
@@ -330,8 +330,37 @@ sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
        sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
        fprintf(stderr, "%s: sig_s:\n", __func__);
        sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);
-        fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
+#endif
-            __func__, resp->flags, resp->counter);
+        *retp = inner_sig;
+        inner_sig = NULL;
+        r = 0;
+out:
+        sshbuf_free(inner_sig);
+        return r;
+}
+static int
+sshsk_ed25519_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
+{
+        struct sshbuf *inner_sig = NULL;
+        int r = SSH_ERR_INTERNAL_ERROR;
+        *retp = NULL;
+        if ((inner_sig = sshbuf_new()) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        /* Prepare inner signature object */
+        if ((r = sshbuf_put_string(inner_sig,
+            resp->sig_r, resp->sig_r_len)) != 0 ||
+            (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 ||
+            (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) {
+                debug("%s: buffer error: %s", __func__, ssh_err(r));
+                goto out;
+        }
+#ifdef DEBUG_SK
+        fprintf(stderr, "%s: sig_r:\n", __func__);
+        sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
 #endif
        *retp = inner_sig;
        inner_sig = NULL;
@@ -348,6 +377,7 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
 {
        struct sshsk_provider *skp = NULL;
        int r = SSH_ERR_INTERNAL_ERROR;
+        int type;
        struct sk_sign_response *resp = NULL;
        struct sshbuf *inner_sig = NULL, *sig = NULL;
        uint8_t message[32];
@@ -356,8 +386,15 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
                *sigp = NULL;
        if (lenp != NULL)
                *lenp = 0;
+        type = sshkey_type_plain(key->type);
+        switch (type) {
+        case KEY_ECDSA_SK:
+        case KEY_ED25519_SK:
+                break;
+        default:
+                return SSH_ERR_INVALID_ARGUMENT;
+        }
        if (provider_path == NULL ||
-            sshkey_type_plain(key->type) != KEY_ECDSA_SK ||
            key->sk_key_handle == NULL ||
            key->sk_application == NULL || *key->sk_application == '\0') {
                r = SSH_ERR_INVALID_ARGUMENT;
@@ -383,8 +420,16 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
                goto out;
        }
        /* Prepare inner signature object */
-        if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0)
+        switch (type) {
-                goto out;
+        case KEY_ECDSA_SK:
+                if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0)
+                        goto out;
+                break;
+        case KEY_ED25519_SK:
+                if ((r = sshsk_ed25519_inner_sig(resp, &inner_sig)) != 0)
+                        goto out;
+                break;
+        }
        /* Assemble outer signature */
        if ((sig = sshbuf_new()) == NULL) {
                r = SSH_ERR_ALLOC_FAIL;
@@ -396,6 +441,8 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
                goto out;
        }
 #ifdef DEBUG_SK
+        fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
+            __func__, resp->flags, resp->counter);
        fprintf(stderr, "%s: hashed message:\n", __func__);
        sshbuf_dump_data(message, sizeof(message), stderr);
        fprintf(stderr, "%s: inner:\n", __func__);
author	markus@openbsd.org <markus@openbsd.org>	2019-11-12 19:31:18 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-13 08:49:52 +1100
commit	fe05a36dc0ea884c8c2395d53d804fe4f4202b26 (patch)
tree	f2497141020c6991fd5d538b6e1f88f1213219d4 /ssh-sk.c
parent	e03a29e6554cd0c9cdbac0dae53dd79e6eb4ea47 (diff)

diff --git a/ssh-sk.c b/ssh-sk.c index e11fd1912..335f45773 100644 --- a/ssh-sk.c +++ b/ssh-sk.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-sk.c,v 1.4 2019/11/12 19:30:50 markus Exp $ */	1	/* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019 Google LLC	3	* Copyright (c) 2019 Google LLC
4	*	4	*
@@ -330,8 +330,37 @@ sshsk_ecdsa_inner_sig(struct sk_sign_response resp, struct sshbuf *retp)
330	sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);	330	sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
331	fprintf(stderr, "%s: sig_s:\n", __func__);	331	fprintf(stderr, "%s: sig_s:\n", __func__);
332	sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);	332	sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);
333	fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",	333	#endif
334	__func__, resp->flags, resp->counter);	334	*retp = inner_sig;
		335	inner_sig = NULL;
		336	r = 0;
		337	out:
		338	sshbuf_free(inner_sig);
		339	return r;
		340	}
		341
		342	static int
		343	sshsk_ed25519_inner_sig(struct sk_sign_response resp, struct sshbuf *retp)
		344	{
		345	struct sshbuf *inner_sig = NULL;
		346	int r = SSH_ERR_INTERNAL_ERROR;
		347
		348	*retp = NULL;
		349	if ((inner_sig = sshbuf_new()) == NULL) {
		350	r = SSH_ERR_ALLOC_FAIL;
		351	goto out;
		352	}
		353	/* Prepare inner signature object */
		354	if ((r = sshbuf_put_string(inner_sig,
		355	resp->sig_r, resp->sig_r_len)) != 0 \|\|
		356	(r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 \|\|
		357	(r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) {
		358	debug("%s: buffer error: %s", __func__, ssh_err(r));
		359	goto out;
		360	}
		361	#ifdef DEBUG_SK
		362	fprintf(stderr, "%s: sig_r:\n", __func__);
		363	sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
335	#endif	364	#endif
336	*retp = inner_sig;	365	*retp = inner_sig;
337	inner_sig = NULL;	366	inner_sig = NULL;
@@ -348,6 +377,7 @@ sshsk_sign(const char provider_path, const struct sshkey key,
348	{	377	{
349	struct sshsk_provider *skp = NULL;	378	struct sshsk_provider *skp = NULL;
350	int r = SSH_ERR_INTERNAL_ERROR;	379	int r = SSH_ERR_INTERNAL_ERROR;
		380	int type;
351	struct sk_sign_response *resp = NULL;	381	struct sk_sign_response *resp = NULL;
352	struct sshbuf inner_sig = NULL, sig = NULL;	382	struct sshbuf inner_sig = NULL, sig = NULL;
353	uint8_t message[32];	383	uint8_t message[32];
@@ -356,8 +386,15 @@ sshsk_sign(const char provider_path, const struct sshkey key,
356	*sigp = NULL;	386	*sigp = NULL;
357	if (lenp != NULL)	387	if (lenp != NULL)
358	*lenp = 0;	388	*lenp = 0;
		389	type = sshkey_type_plain(key->type);
		390	switch (type) {
		391	case KEY_ECDSA_SK:
		392	case KEY_ED25519_SK:
		393	break;
		394	default:
		395	return SSH_ERR_INVALID_ARGUMENT;
		396	}
359	if (provider_path == NULL \|\|	397	if (provider_path == NULL \|\|
360	sshkey_type_plain(key->type) != KEY_ECDSA_SK \|\|
361	key->sk_key_handle == NULL \|\|	398	key->sk_key_handle == NULL \|\|
362	key->sk_application == NULL \|\| *key->sk_application == '\0') {	399	key->sk_application == NULL \|\| *key->sk_application == '\0') {
363	r = SSH_ERR_INVALID_ARGUMENT;	400	r = SSH_ERR_INVALID_ARGUMENT;
@@ -383,8 +420,16 @@ sshsk_sign(const char provider_path, const struct sshkey key,
383	goto out;	420	goto out;
384	}	421	}
385	/* Prepare inner signature object */	422	/* Prepare inner signature object */
386	if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0)	423	switch (type) {
387	goto out;	424	case KEY_ECDSA_SK:
		425	if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0)
		426	goto out;
		427	break;
		428	case KEY_ED25519_SK:
		429	if ((r = sshsk_ed25519_inner_sig(resp, &inner_sig)) != 0)
		430	goto out;
		431	break;
		432	}
388	/* Assemble outer signature */	433	/* Assemble outer signature */
389	if ((sig = sshbuf_new()) == NULL) {	434	if ((sig = sshbuf_new()) == NULL) {
390	r = SSH_ERR_ALLOC_FAIL;	435	r = SSH_ERR_ALLOC_FAIL;
@@ -396,6 +441,8 @@ sshsk_sign(const char provider_path, const struct sshkey key,
396	goto out;	441	goto out;
397	}	442	}
398	#ifdef DEBUG_SK	443	#ifdef DEBUG_SK
		444	fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
		445	__func__, resp->flags, resp->counter);
399	fprintf(stderr, "%s: hashed message:\n", __func__);	446	fprintf(stderr, "%s: hashed message:\n", __func__);
400	sshbuf_dump_data(message, sizeof(message), stderr);	447	sshbuf_dump_data(message, sizeof(message), stderr);
401	fprintf(stderr, "%s: inner:\n", __func__);	448	fprintf(stderr, "%s: inner:\n", __func__);