diff options
author | markus@openbsd.org <markus@openbsd.org> | 2019-11-13 07:53:10 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-15 08:50:10 +1100 |
commit | bf219920b70cafbf29ebc9890ef67d0efa54e738 (patch) | |
tree | 58f360f1387c7238a4bc1f8c63cdc5ccbfb88dd5 /sshkey-xmss.c | |
parent | 40598b85d72a509566b7b2a6d57676c7231fed34 (diff) |
upstream: fix shield/unshield for xmss keys: - in ssh-agent we need
to delay the call to shield until we have received key specific options. -
when serializing xmss keys for shield we need to deal with all optional
components (e.g. state might not be loaded). ok djm@
OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
Diffstat (limited to 'sshkey-xmss.c')
-rw-r--r-- | sshkey-xmss.c | 56 |
1 files changed, 52 insertions, 4 deletions
diff --git a/sshkey-xmss.c b/sshkey-xmss.c index e8e2e3816..88e9ddf4d 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey-xmss.c,v 1.7 2019/10/14 06:00:02 djm Exp $ */ | 1 | /* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2017 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2017 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -69,7 +69,7 @@ struct ssh_xmss_state { | |||
69 | u_int32_t maxidx; /* restricted # of signatures */ | 69 | u_int32_t maxidx; /* restricted # of signatures */ |
70 | int have_state; /* .state file exists */ | 70 | int have_state; /* .state file exists */ |
71 | int lockfd; /* locked in sshkey_xmss_get_state() */ | 71 | int lockfd; /* locked in sshkey_xmss_get_state() */ |
72 | int allow_update; /* allow sshkey_xmss_update_state() */ | 72 | u_char allow_update; /* allow sshkey_xmss_update_state() */ |
73 | char *enc_ciphername;/* encrypt state with cipher */ | 73 | char *enc_ciphername;/* encrypt state with cipher */ |
74 | u_char *enc_keyiv; /* encrypt state with key */ | 74 | u_char *enc_keyiv; /* encrypt state with key */ |
75 | u_int32_t enc_keyiv_len; /* length of enc_keyiv */ | 75 | u_int32_t enc_keyiv_len; /* length of enc_keyiv */ |
@@ -716,6 +716,7 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b, | |||
716 | { | 716 | { |
717 | struct ssh_xmss_state *state = k->xmss_state; | 717 | struct ssh_xmss_state *state = k->xmss_state; |
718 | int r = SSH_ERR_INVALID_ARGUMENT; | 718 | int r = SSH_ERR_INVALID_ARGUMENT; |
719 | u_char have_stack, have_filename, have_enc; | ||
719 | 720 | ||
720 | if (state == NULL) | 721 | if (state == NULL) |
721 | return SSH_ERR_INVALID_ARGUMENT; | 722 | return SSH_ERR_INVALID_ARGUMENT; |
@@ -727,9 +728,35 @@ sshkey_xmss_serialize_state_opt(const struct sshkey *k, struct sshbuf *b, | |||
727 | break; | 728 | break; |
728 | case SSHKEY_SERIALIZE_FULL: | 729 | case SSHKEY_SERIALIZE_FULL: |
729 | if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0) | 730 | if ((r = sshkey_xmss_serialize_enc_key(k, b)) != 0) |
730 | break; | 731 | return r; |
731 | r = sshkey_xmss_serialize_state(k, b); | 732 | r = sshkey_xmss_serialize_state(k, b); |
732 | break; | 733 | break; |
734 | case SSHKEY_SERIALIZE_SHIELD: | ||
735 | /* all of stack/filename/enc are optional */ | ||
736 | have_stack = state->stack != NULL; | ||
737 | if ((r = sshbuf_put_u8(b, have_stack)) != 0) | ||
738 | return r; | ||
739 | if (have_stack) { | ||
740 | state->idx = PEEK_U32(k->xmss_sk); /* update */ | ||
741 | if ((r = sshkey_xmss_serialize_state(k, b)) != 0) | ||
742 | return r; | ||
743 | } | ||
744 | have_filename = k->xmss_filename != NULL; | ||
745 | if ((r = sshbuf_put_u8(b, have_filename)) != 0) | ||
746 | return r; | ||
747 | if (have_filename && | ||
748 | (r = sshbuf_put_cstring(b, k->xmss_filename)) != 0) | ||
749 | return r; | ||
750 | have_enc = state->enc_keyiv != NULL; | ||
751 | if ((r = sshbuf_put_u8(b, have_enc)) != 0) | ||
752 | return r; | ||
753 | if (have_enc && | ||
754 | (r = sshkey_xmss_serialize_enc_key(k, b)) != 0) | ||
755 | return r; | ||
756 | if ((r = sshbuf_put_u32(b, state->maxidx)) != 0 || | ||
757 | (r = sshbuf_put_u8(b, state->allow_update)) != 0) | ||
758 | return r; | ||
759 | break; | ||
733 | case SSHKEY_SERIALIZE_DEFAULT: | 760 | case SSHKEY_SERIALIZE_DEFAULT: |
734 | r = 0; | 761 | r = 0; |
735 | break; | 762 | break; |
@@ -808,8 +835,9 @@ sshkey_xmss_deserialize_state(struct sshkey *k, struct sshbuf *b) | |||
808 | int | 835 | int |
809 | sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) | 836 | sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) |
810 | { | 837 | { |
838 | struct ssh_xmss_state *state = k->xmss_state; | ||
811 | enum sshkey_serialize_rep opts; | 839 | enum sshkey_serialize_rep opts; |
812 | u_char have_state; | 840 | u_char have_state, have_stack, have_filename, have_enc; |
813 | int r; | 841 | int r; |
814 | 842 | ||
815 | if ((r = sshbuf_get_u8(b, &have_state)) != 0) | 843 | if ((r = sshbuf_get_u8(b, &have_state)) != 0) |
@@ -820,6 +848,26 @@ sshkey_xmss_deserialize_state_opt(struct sshkey *k, struct sshbuf *b) | |||
820 | case SSHKEY_SERIALIZE_DEFAULT: | 848 | case SSHKEY_SERIALIZE_DEFAULT: |
821 | r = 0; | 849 | r = 0; |
822 | break; | 850 | break; |
851 | case SSHKEY_SERIALIZE_SHIELD: | ||
852 | if ((r = sshbuf_get_u8(b, &have_stack)) != 0) | ||
853 | return r; | ||
854 | if (have_stack && | ||
855 | (r = sshkey_xmss_deserialize_state(k, b)) != 0) | ||
856 | return r; | ||
857 | if ((r = sshbuf_get_u8(b, &have_filename)) != 0) | ||
858 | return r; | ||
859 | if (have_filename && | ||
860 | (r = sshbuf_get_cstring(b, &k->xmss_filename, NULL)) != 0) | ||
861 | return r; | ||
862 | if ((r = sshbuf_get_u8(b, &have_enc)) != 0) | ||
863 | return r; | ||
864 | if (have_enc && | ||
865 | (r = sshkey_xmss_deserialize_enc_key(k, b)) != 0) | ||
866 | return r; | ||
867 | if ((r = sshbuf_get_u32(b, &state->maxidx)) != 0 || | ||
868 | (r = sshbuf_get_u8(b, &state->allow_update)) != 0) | ||
869 | return r; | ||
870 | break; | ||
823 | case SSHKEY_SERIALIZE_STATE: | 871 | case SSHKEY_SERIALIZE_STATE: |
824 | if ((r = sshkey_xmss_deserialize_state(k, b)) != 0) | 872 | if ((r = sshkey_xmss_deserialize_state(k, b)) != 0) |
825 | return r; | 873 | return r; |