ssh-ed25519.c 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162
  1. /* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */
  2. /*
  3. * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
  4. *
  5. * Permission to use, copy, modify, and distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. #include "includes.h"
  18. #include <sys/types.h>
  19. #include <limits.h>
  20. #include "crypto_api.h"
  21. #include <string.h>
  22. #include <stdarg.h>
  23. #include "log.h"
  24. #include "sshbuf.h"
  25. #define SSHKEY_INTERNAL
  26. #include "sshkey.h"
  27. #include "ssherr.h"
  28. #include "ssh.h"
  29. int
  30. ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
  31. const u_char *data, size_t datalen, u_int compat)
  32. {
  33. u_char *sig = NULL;
  34. size_t slen = 0, len;
  35. unsigned long long smlen;
  36. int r, ret;
  37. struct sshbuf *b = NULL;
  38. if (lenp != NULL)
  39. *lenp = 0;
  40. if (sigp != NULL)
  41. *sigp = NULL;
  42. if (key == NULL ||
  43. sshkey_type_plain(key->type) != KEY_ED25519 ||
  44. key->ed25519_sk == NULL ||
  45. datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
  46. return SSH_ERR_INVALID_ARGUMENT;
  47. smlen = slen = datalen + crypto_sign_ed25519_BYTES;
  48. if ((sig = malloc(slen)) == NULL)
  49. return SSH_ERR_ALLOC_FAIL;
  50. if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
  51. key->ed25519_sk)) != 0 || smlen <= datalen) {
  52. r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
  53. goto out;
  54. }
  55. /* encode signature */
  56. if ((b = sshbuf_new()) == NULL) {
  57. r = SSH_ERR_ALLOC_FAIL;
  58. goto out;
  59. }
  60. if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 ||
  61. (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
  62. goto out;
  63. len = sshbuf_len(b);
  64. if (sigp != NULL) {
  65. if ((*sigp = malloc(len)) == NULL) {
  66. r = SSH_ERR_ALLOC_FAIL;
  67. goto out;
  68. }
  69. memcpy(*sigp, sshbuf_ptr(b), len);
  70. }
  71. if (lenp != NULL)
  72. *lenp = len;
  73. /* success */
  74. r = 0;
  75. out:
  76. sshbuf_free(b);
  77. if (sig != NULL)
  78. freezero(sig, slen);
  79. return r;
  80. }
  81. int
  82. ssh_ed25519_verify(const struct sshkey *key,
  83. const u_char *signature, size_t signaturelen,
  84. const u_char *data, size_t datalen, u_int compat)
  85. {
  86. struct sshbuf *b = NULL;
  87. char *ktype = NULL;
  88. const u_char *sigblob;
  89. u_char *sm = NULL, *m = NULL;
  90. size_t len;
  91. unsigned long long smlen = 0, mlen = 0;
  92. int r, ret;
  93. if (key == NULL ||
  94. sshkey_type_plain(key->type) != KEY_ED25519 ||
  95. key->ed25519_pk == NULL ||
  96. datalen >= INT_MAX - crypto_sign_ed25519_BYTES ||
  97. signature == NULL || signaturelen == 0)
  98. return SSH_ERR_INVALID_ARGUMENT;
  99. if ((b = sshbuf_from(signature, signaturelen)) == NULL)
  100. return SSH_ERR_ALLOC_FAIL;
  101. if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 ||
  102. (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
  103. goto out;
  104. if (strcmp("ssh-ed25519", ktype) != 0) {
  105. r = SSH_ERR_KEY_TYPE_MISMATCH;
  106. goto out;
  107. }
  108. if (sshbuf_len(b) != 0) {
  109. r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
  110. goto out;
  111. }
  112. if (len > crypto_sign_ed25519_BYTES) {
  113. r = SSH_ERR_INVALID_FORMAT;
  114. goto out;
  115. }
  116. if (datalen >= SIZE_MAX - len) {
  117. r = SSH_ERR_INVALID_ARGUMENT;
  118. goto out;
  119. }
  120. smlen = len + datalen;
  121. mlen = smlen;
  122. if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) {
  123. r = SSH_ERR_ALLOC_FAIL;
  124. goto out;
  125. }
  126. memcpy(sm, sigblob, len);
  127. memcpy(sm+len, data, datalen);
  128. if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
  129. key->ed25519_pk)) != 0) {
  130. debug2("%s: crypto_sign_ed25519_open failed: %d",
  131. __func__, ret);
  132. }
  133. if (ret != 0 || mlen != datalen) {
  134. r = SSH_ERR_SIGNATURE_INVALID;
  135. goto out;
  136. }
  137. /* XXX compare 'm' and 'data' ? */
  138. /* success */
  139. r = 0;
  140. out:
  141. if (sm != NULL)
  142. freezero(sm, smlen);
  143. if (m != NULL)
  144. freezero(m, smlen); /* NB mlen may be invalid if r != 0 */
  145. sshbuf_free(b);
  146. free(ktype);
  147. return r;
  148. }