diff options
Diffstat (limited to 'ssh-sk.c')
-rw-r--r-- | ssh-sk.c | 59 |
1 files changed, 53 insertions, 6 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-sk.c,v 1.4 2019/11/12 19:30:50 markus Exp $ */ | 1 | /* $OpenBSD: ssh-sk.c,v 1.5 2019/11/12 19:31:18 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
4 | * | 4 | * |
@@ -330,8 +330,37 @@ sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp) | |||
330 | sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); | 330 | sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); |
331 | fprintf(stderr, "%s: sig_s:\n", __func__); | 331 | fprintf(stderr, "%s: sig_s:\n", __func__); |
332 | sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr); | 332 | sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr); |
333 | fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", | 333 | #endif |
334 | __func__, resp->flags, resp->counter); | 334 | *retp = inner_sig; |
335 | inner_sig = NULL; | ||
336 | r = 0; | ||
337 | out: | ||
338 | sshbuf_free(inner_sig); | ||
339 | return r; | ||
340 | } | ||
341 | |||
342 | static int | ||
343 | sshsk_ed25519_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp) | ||
344 | { | ||
345 | struct sshbuf *inner_sig = NULL; | ||
346 | int r = SSH_ERR_INTERNAL_ERROR; | ||
347 | |||
348 | *retp = NULL; | ||
349 | if ((inner_sig = sshbuf_new()) == NULL) { | ||
350 | r = SSH_ERR_ALLOC_FAIL; | ||
351 | goto out; | ||
352 | } | ||
353 | /* Prepare inner signature object */ | ||
354 | if ((r = sshbuf_put_string(inner_sig, | ||
355 | resp->sig_r, resp->sig_r_len)) != 0 || | ||
356 | (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 || | ||
357 | (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) { | ||
358 | debug("%s: buffer error: %s", __func__, ssh_err(r)); | ||
359 | goto out; | ||
360 | } | ||
361 | #ifdef DEBUG_SK | ||
362 | fprintf(stderr, "%s: sig_r:\n", __func__); | ||
363 | sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr); | ||
335 | #endif | 364 | #endif |
336 | *retp = inner_sig; | 365 | *retp = inner_sig; |
337 | inner_sig = NULL; | 366 | inner_sig = NULL; |
@@ -348,6 +377,7 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, | |||
348 | { | 377 | { |
349 | struct sshsk_provider *skp = NULL; | 378 | struct sshsk_provider *skp = NULL; |
350 | int r = SSH_ERR_INTERNAL_ERROR; | 379 | int r = SSH_ERR_INTERNAL_ERROR; |
380 | int type; | ||
351 | struct sk_sign_response *resp = NULL; | 381 | struct sk_sign_response *resp = NULL; |
352 | struct sshbuf *inner_sig = NULL, *sig = NULL; | 382 | struct sshbuf *inner_sig = NULL, *sig = NULL; |
353 | uint8_t message[32]; | 383 | uint8_t message[32]; |
@@ -356,8 +386,15 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, | |||
356 | *sigp = NULL; | 386 | *sigp = NULL; |
357 | if (lenp != NULL) | 387 | if (lenp != NULL) |
358 | *lenp = 0; | 388 | *lenp = 0; |
389 | type = sshkey_type_plain(key->type); | ||
390 | switch (type) { | ||
391 | case KEY_ECDSA_SK: | ||
392 | case KEY_ED25519_SK: | ||
393 | break; | ||
394 | default: | ||
395 | return SSH_ERR_INVALID_ARGUMENT; | ||
396 | } | ||
359 | if (provider_path == NULL || | 397 | if (provider_path == NULL || |
360 | sshkey_type_plain(key->type) != KEY_ECDSA_SK || | ||
361 | key->sk_key_handle == NULL || | 398 | key->sk_key_handle == NULL || |
362 | key->sk_application == NULL || *key->sk_application == '\0') { | 399 | key->sk_application == NULL || *key->sk_application == '\0') { |
363 | r = SSH_ERR_INVALID_ARGUMENT; | 400 | r = SSH_ERR_INVALID_ARGUMENT; |
@@ -383,8 +420,16 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, | |||
383 | goto out; | 420 | goto out; |
384 | } | 421 | } |
385 | /* Prepare inner signature object */ | 422 | /* Prepare inner signature object */ |
386 | if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0) | 423 | switch (type) { |
387 | goto out; | 424 | case KEY_ECDSA_SK: |
425 | if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0) | ||
426 | goto out; | ||
427 | break; | ||
428 | case KEY_ED25519_SK: | ||
429 | if ((r = sshsk_ed25519_inner_sig(resp, &inner_sig)) != 0) | ||
430 | goto out; | ||
431 | break; | ||
432 | } | ||
388 | /* Assemble outer signature */ | 433 | /* Assemble outer signature */ |
389 | if ((sig = sshbuf_new()) == NULL) { | 434 | if ((sig = sshbuf_new()) == NULL) { |
390 | r = SSH_ERR_ALLOC_FAIL; | 435 | r = SSH_ERR_ALLOC_FAIL; |
@@ -396,6 +441,8 @@ sshsk_sign(const char *provider_path, const struct sshkey *key, | |||
396 | goto out; | 441 | goto out; |
397 | } | 442 | } |
398 | #ifdef DEBUG_SK | 443 | #ifdef DEBUG_SK |
444 | fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n", | ||
445 | __func__, resp->flags, resp->counter); | ||
399 | fprintf(stderr, "%s: hashed message:\n", __func__); | 446 | fprintf(stderr, "%s: hashed message:\n", __func__); |
400 | sshbuf_dump_data(message, sizeof(message), stderr); | 447 | sshbuf_dump_data(message, sizeof(message), stderr); |
401 | fprintf(stderr, "%s: inner:\n", __func__); | 448 | fprintf(stderr, "%s: inner:\n", __func__); |