upstream: fix shield/unshield for xmss keys: - in ssh-agent we need

to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
author: markus@openbsd.org <markus@openbsd.org> 2019-11-13 07:53:10 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-15 08:50:10 +1100
commit: bf219920b70cafbf29ebc9890ef67d0efa54e738 (patch)
tree: 58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /sshkey-xmss.c
parent: 40598b85d72a509566b7b2a6d57676c7231fed34 (diff)
1 files changed, 52 insertions, 4 deletions
diff --git a/sshkey-xmss.c b/sshkey-xmss.c
index e8e2e3816..88e9ddf4d 100644
--- a/sshkey-xmss.c
+++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.7 2019/10/14 06:00:02 djm Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */
 /*
 * Copyright (c) 2017 Markus Friedl.  All rights reserved.
 *
@@ -69,7 +69,7 @@ struct ssh_xmss_state {
        u_int32_t       maxidx;         /* restricted # of signatures */
        int             have_state;     /* .state file exists */
        int             lockfd;         /* locked in sshkey_xmss_get_state() */
-        int             allow_update;   /* allow sshkey_xmss_update_state() */
+        u_char          allow_update;   /* allow sshkey_xmss_update_state() */
        char            *enc_ciphername;/* encrypt state with cipher */
        u_char          *enc_keyiv;     /* encrypt state with key */
        u_int32_t       enc_keyiv_len;  /* length of enc_keyiv */
@@ -716,6 +716,7 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b,
 {
        struct ssh_xmss_state *state = k->xmss_state;
        int r = SSH_ERR_INVALID_ARGUMENT;
+        u_char have_stack, have_filename, have_enc;
        if (state == NULL)
                return SSH_ERR_INVALID_ARGUMENT;
@@ -727,9 +728,35 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b,
                break;
        case SSHKEY_SERIALIZE_FULL:
                if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
-                        break;
+                        return r;
                r = sshkey_xmss_serialize_state(k, b);
                break;
+        case SSHKEY_SERIALIZE_SHIELD:
+                /* all of stack/filename/enc are optional */
+                have_stack = state->stack != NULL;
+                if ((r = sshbuf_put_u8(b, have_stack)) != 0)
+                        return r;
+                if (have_stack) {
+                        state->idx = PEEK_U32(k->xmss_sk);      /* update */
+                        if ((r = sshkey_xmss_serialize_state(k, b)) != 0)
+                                return r;
+                }
+                have_filename = k->xmss_filename != NULL;
+                if ((r = sshbuf_put_u8(b, have_filename)) != 0)
+                        return r;
+                if (have_filename &&
+                    (r = sshbuf_put_cstring(b, k->xmss_filename)) != 0)
+                        return r;
+                have_enc = state->enc_keyiv != NULL;
+                if ((r = sshbuf_put_u8(b, have_enc)) != 0)
+                        return r;
+                if (have_enc &&
+                    (r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
+                        return r;
+                if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 ||
+                    (r = sshbuf_put_u8(b, state->allow_update)) != 0)
+                        return r;
+                break;
        case SSHKEY_SERIALIZE_DEFAULT:
                r = 0;
                break;
@@ -808,8 +835,9 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b)
 int
 sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b)
 {
+        struct ssh_xmss_state *state = k->xmss_state;
        enum sshkey_serialize_rep opts;
-        u_char have_state;
+        u_char have_state, have_stack, have_filename, have_enc;
        int r;
        if ((r = sshbuf_get_u8(b, &have_state)) != 0)
@@ -820,6 +848,26 @@ sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b)
        case SSHKEY_SERIALIZE_DEFAULT:
                r = 0;
                break;
+        case SSHKEY_SERIALIZE_SHIELD:
+                if ((r = sshbuf_get_u8(b, &have_stack)) != 0)
+                        return r;
+                if (have_stack &&
+                    (r = sshkey_xmss_deserialize_state(k, b)) != 0)
+                        return r;
+                if ((r = sshbuf_get_u8(b, &have_filename)) != 0)
+                        return r;
+                if (have_filename &&
+                    (r = sshbuf_get_cstring(b, &k->xmss_filename, NULL)) != 0)
+                        return r;
+                if ((r = sshbuf_get_u8(b, &have_enc)) != 0)
+                        return r;
+                if (have_enc &&
+                    (r = sshkey_xmss_deserialize_enc_key(k, b)) != 0)
+                        return r;
+                if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 ||
+                    (r = sshbuf_get_u8(b, &state->allow_update)) != 0)
+                        return r;
+                break;
        case SSHKEY_SERIALIZE_STATE:
                if ((r = sshkey_xmss_deserialize_state(k, b)) != 0)
                        return r;
author	markus@openbsd.org <markus@openbsd.org>	2019-11-13 07:53:10 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-15 08:50:10 +1100
commit	bf219920b70cafbf29ebc9890ef67d0efa54e738 (patch)
tree	58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /sshkey-xmss.c
parent	40598b85d72a509566b7b2a6d57676c7231fed34 (diff)

diff --git a/sshkey-xmss.c b/sshkey-xmss.c index e8e2e3816..88e9ddf4d 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshkey-xmss.c,v 1.7 2019/10/14 06:00:02 djm Exp $ */	1	/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Markus Friedl. All rights reserved.	3	* Copyright (c) 2017 Markus Friedl. All rights reserved.
4	*	4	*
@@ -69,7 +69,7 @@ struct ssh_xmss_state {
69	u_int32_t maxidx; /* restricted # of signatures */	69	u_int32_t maxidx; /* restricted # of signatures */
70	int have_state; /* .state file exists */	70	int have_state; /* .state file exists */
71	int lockfd; /* locked in sshkey_xmss_get_state() */	71	int lockfd; /* locked in sshkey_xmss_get_state() */
72	int allow_update; /* allow sshkey_xmss_update_state() */	72	u_char allow_update; /* allow sshkey_xmss_update_state() */
73	char enc_ciphername;/ encrypt state with cipher */	73	char enc_ciphername;/ encrypt state with cipher */
74	u_char enc_keyiv; / encrypt state with key */	74	u_char enc_keyiv; / encrypt state with key */
75	u_int32_t enc_keyiv_len; /* length of enc_keyiv */	75	u_int32_t enc_keyiv_len; /* length of enc_keyiv */
@@ -716,6 +716,7 @@ sshkey_xmss_serialize_state_opt(const struct sshkey k, struct sshbuf b,
716	{	716	{
717	struct ssh_xmss_state *state = k->xmss_state;	717	struct ssh_xmss_state *state = k->xmss_state;
718	int r = SSH_ERR_INVALID_ARGUMENT;	718	int r = SSH_ERR_INVALID_ARGUMENT;
		719	u_char have_stack, have_filename, have_enc;
719		720
720	if (state == NULL)	721	if (state == NULL)
721	return SSH_ERR_INVALID_ARGUMENT;	722	return SSH_ERR_INVALID_ARGUMENT;
@@ -727,9 +728,35 @@ sshkey_xmss_serialize_state_opt(const struct sshkey k, struct sshbuf b,
727	break;	728	break;
728	case SSHKEY_SERIALIZE_FULL:	729	case SSHKEY_SERIALIZE_FULL:
729	if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0)	730	if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
730	break;	731	return r;
731	r = sshkey_xmss_serialize_state(k, b);	732	r = sshkey_xmss_serialize_state(k, b);
732	break;	733	break;
		734	case SSHKEY_SERIALIZE_SHIELD:
		735	/* all of stack/filename/enc are optional */
		736	have_stack = state->stack != NULL;
		737	if ((r = sshbuf_put_u8(b, have_stack)) != 0)
		738	return r;
		739	if (have_stack) {
		740	state->idx = PEEK_U32(k->xmss_sk); /* update */
		741	if ((r = sshkey_xmss_serialize_state(k, b)) != 0)
		742	return r;
		743	}
		744	have_filename = k->xmss_filename != NULL;
		745	if ((r = sshbuf_put_u8(b, have_filename)) != 0)
		746	return r;
		747	if (have_filename &&
		748	(r = sshbuf_put_cstring(b, k->xmss_filename)) != 0)
		749	return r;
		750	have_enc = state->enc_keyiv != NULL;
		751	if ((r = sshbuf_put_u8(b, have_enc)) != 0)
		752	return r;
		753	if (have_enc &&
		754	(r = sshkey_xmss_serialize_enc_key(k, b)) != 0)
		755	return r;
		756	if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 \|\|
		757	(r = sshbuf_put_u8(b, state->allow_update)) != 0)
		758	return r;
		759	break;
733	case SSHKEY_SERIALIZE_DEFAULT:	760	case SSHKEY_SERIALIZE_DEFAULT:
734	r = 0;	761	r = 0;
735	break;	762	break;
@@ -808,8 +835,9 @@ sshkey_xmss_deserialize_state(struct sshkey k, struct sshbuf b)
808	int	835	int
809	sshkey_xmss_deserialize_state_opt(struct sshkey k, struct sshbuf b)	836	sshkey_xmss_deserialize_state_opt(struct sshkey k, struct sshbuf b)
810	{	837	{
		838	struct ssh_xmss_state *state = k->xmss_state;
811	enum sshkey_serialize_rep opts;	839	enum sshkey_serialize_rep opts;
812	u_char have_state;	840	u_char have_state, have_stack, have_filename, have_enc;
813	int r;	841	int r;
814		842
815	if ((r = sshbuf_get_u8(b, &have_state)) != 0)	843	if ((r = sshbuf_get_u8(b, &have_state)) != 0)
@@ -820,6 +848,26 @@ sshkey_xmss_deserialize_state_opt(struct sshkey k, struct sshbuf b)
820	case SSHKEY_SERIALIZE_DEFAULT:	848	case SSHKEY_SERIALIZE_DEFAULT:
821	r = 0;	849	r = 0;
822	break;	850	break;
		851	case SSHKEY_SERIALIZE_SHIELD:
		852	if ((r = sshbuf_get_u8(b, &have_stack)) != 0)
		853	return r;
		854	if (have_stack &&
		855	(r = sshkey_xmss_deserialize_state(k, b)) != 0)
		856	return r;
		857	if ((r = sshbuf_get_u8(b, &have_filename)) != 0)
		858	return r;
		859	if (have_filename &&
		860	(r = sshbuf_get_cstring(b, &k->xmss_filename, NULL)) != 0)
		861	return r;
		862	if ((r = sshbuf_get_u8(b, &have_enc)) != 0)
		863	return r;
		864	if (have_enc &&
		865	(r = sshkey_xmss_deserialize_enc_key(k, b)) != 0)
		866	return r;
		867	if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 \|\|
		868	(r = sshbuf_get_u8(b, &state->allow_update)) != 0)
		869	return r;
		870	break;
823	case SSHKEY_SERIALIZE_STATE:	871	case SSHKEY_SERIALIZE_STATE:
824	if ((r = sshkey_xmss_deserialize_state(k, b)) != 0)	872	if ((r = sshkey_xmss_deserialize_state(k, b)) != 0)
825	return r;	873	return r;