Mercurial > dropbear
annotate ecdsa.c @ 796:069b875031f5 ecc
Fix ecdsa verification
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 09 May 2013 23:24:05 +0800 |
parents | 7f604f9b3756 |
children | 7dcb46da72d9 |
rev | line source |
---|---|
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
1 #include "options.h" |
766 | 2 #include "includes.h" |
3 #include "dbutil.h" | |
4 #include "crypto_desc.h" | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
5 #include "ecc.h" |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
6 #include "ecdsa.h" |
795 | 7 #include "signkey.h" |
766 | 8 |
9 #ifdef DROPBEAR_ECDSA | |
10 | |
795 | 11 enum signkey_type ecdsa_signkey_type(ecc_key * key) { |
12 #ifdef DROPBEAR_ECC_256 | |
13 if (key->dp == ecc_curve_nistp256.dp) { | |
14 return DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
15 } | |
16 #endif | |
17 #ifdef DROPBEAR_ECC_384 | |
18 if (key->dp == ecc_curve_nistp384.dp) { | |
19 return DROPBEAR_SIGNKEY_ECDSA_NISTP384; | |
20 } | |
21 #endif | |
22 #ifdef DROPBEAR_ECC_521 | |
23 if (key->dp == ecc_curve_nistp521.dp) { | |
24 return DROPBEAR_SIGNKEY_ECDSA_NISTP521; | |
25 } | |
26 #endif | |
27 return DROPBEAR_SIGNKEY_NONE; | |
28 } | |
29 | |
766 | 30 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) { |
31 const ltc_ecc_set_type *dp = NULL; // curve domain parameters | |
32 switch (bit_size) { | |
33 #ifdef DROPBEAR_ECC_256 | |
34 case 256: | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
35 dp = ecc_curve_nistp256.dp; |
766 | 36 break; |
37 #endif | |
38 #ifdef DROPBEAR_ECC_384 | |
39 case 384: | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
40 dp = ecc_curve_nistp384.dp; |
766 | 41 break; |
42 #endif | |
43 #ifdef DROPBEAR_ECC_521 | |
44 case 521: | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
45 dp = ecc_curve_nistp521.dp; |
766 | 46 break; |
47 #endif | |
48 } | |
49 if (!dp) { | |
50 dropbear_exit("Key size %d isn't valid. Try " | |
51 #ifdef DROPBEAR_ECC_256 | |
52 "256 " | |
53 #endif | |
54 #ifdef DROPBEAR_ECC_384 | |
55 "384 " | |
56 #endif | |
57 #ifdef DROPBEAR_ECC_521 | |
58 "521 " | |
59 #endif | |
60 , bit_size); | |
61 } | |
62 | |
63 ecc_key *new_key = m_malloc(sizeof(*new_key)); | |
64 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) { | |
65 dropbear_exit("ECC error"); | |
66 } | |
67 return new_key; | |
68 } | |
69 | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
70 ecc_key *buf_get_ecdsa_pub_key(buffer* buf) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
71 unsigned char *key_ident = NULL, *identifier = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
72 unsigned int key_ident_len, identifier_len; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
73 buffer *q_buf = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
74 struct dropbear_ecc_curve **curve; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
75 ecc_key *new_key = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
76 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
77 // string "ecdsa-sha2-[identifier]" |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
78 key_ident = buf_getstring(buf, &key_ident_len); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
79 // string "[identifier]" |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
80 identifier = buf_getstring(buf, &identifier_len); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
81 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
82 if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
83 TRACE(("Bad identifier lengths")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
84 goto out; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
85 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
86 if (memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
87 TRACE(("mismatching identifiers")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
88 goto out; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
89 } |
766 | 90 |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
91 for (curve = dropbear_ecc_curves; *curve; curve++) { |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
92 if (memcmp(identifier, (char*)(*curve)->name, strlen((char*)(*curve)->name)) == 0) { |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
93 break; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
94 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
95 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
96 if (!*curve) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
97 TRACE(("couldn't match ecc curve")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
98 goto out; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
99 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
100 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
101 // string Q |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
102 q_buf = buf_getstringbuf(buf); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
103 new_key = buf_get_ecc_raw_pubkey(q_buf, *curve); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
104 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
105 out: |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
106 m_free(key_ident); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
107 m_free(identifier); |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
108 if (q_buf) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
109 buf_free(q_buf); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
110 q_buf = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
111 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
112 TRACE(("leave buf_get_ecdsa_pub_key")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
113 return new_key; |
766 | 114 } |
115 | |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
116 ecc_key *buf_get_ecdsa_priv_key(buffer *buf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
117 ecc_key *new_key = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
118 TRACE(("enter buf_get_ecdsa_priv_key")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
119 new_key = buf_get_ecdsa_pub_key(buf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
120 if (!new_key) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
121 return NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
122 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
123 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
124 if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
125 ecc_free(new_key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
126 return NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
127 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
128 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
129 return new_key; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
130 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
131 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
132 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
133 struct dropbear_ecc_curve *curve = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
134 unsigned char key_ident[30]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
135 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
136 curve = curve_for_dp(key->dp); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
137 snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
138 buf_putstring(buf, key_ident, strlen(key_ident)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
139 buf_putstring(buf, curve->name, strlen(curve->name)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
140 buf_put_ecc_raw_pubkey_string(buf, key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
141 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
142 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
143 void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
144 buf_put_ecdsa_pub_key(buf, key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
145 buf_putmpint(buf, key->k); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
146 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
147 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
148 void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
149 /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
150 int err = DROPBEAR_FAILURE; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
151 struct dropbear_ecc_curve *curve = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
152 hash_state hs; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
153 unsigned char hash[64]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
154 void *e = NULL, *p = NULL, *s = NULL, *r; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
155 unsigned char key_ident[30]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
156 buffer *sigbuf = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
157 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
158 TRACE(("buf_put_ecdsa_sign")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
159 curve = curve_for_dp(key->dp); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
160 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
161 if (ltc_init_multi(&r, &s, &p, &e, NULL) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
162 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
163 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
164 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
165 curve->hash_desc->init(&hs); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
166 curve->hash_desc->process(&hs, data_buf->data, data_buf->len); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
167 curve->hash_desc->done(&hs, hash); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
168 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
169 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
170 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
171 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
172 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
173 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
174 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
175 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
176 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
177 for (;;) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
178 ecc_key R_key; // ephemeral key |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
179 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, &R_key, key->dp) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
180 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
181 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
182 if (ltc_mp.mpdiv(R_key.pubkey.x, p, NULL, r) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
183 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
184 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
185 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
186 // try again |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
187 ecc_free(&R_key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
188 continue; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
189 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
190 /* k = 1/k */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
191 if (ltc_mp.invmod(R_key.k, p, R_key.k) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
192 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
193 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
194 /* s = xr */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
195 if (ltc_mp.mulmod(key->k, r, p, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
196 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
197 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
198 /* s = e + xr */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
199 if (ltc_mp.add(e, s, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
200 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
201 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
202 if (ltc_mp.mpdiv(s, p, NULL, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
203 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
204 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
205 /* s = (e + xr)/k */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
206 if (ltc_mp.mulmod(s, R_key.k, p, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
207 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
208 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
209 ecc_free(&R_key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
210 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
211 if (ltc_mp.compare_d(s, 0) != LTC_MP_EQ) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
212 break; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
213 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
214 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
215 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
216 snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
217 buf_putstring(buf, key_ident, strlen(key_ident)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
218 // enough for nistp521 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
219 sigbuf = buf_new(200); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
220 buf_putmpint(sigbuf, (mp_int*)r); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
221 buf_putmpint(sigbuf, (mp_int*)s); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
222 buf_putbufstring(buf, sigbuf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
223 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
224 err = DROPBEAR_SUCCESS; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
225 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
226 out: |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
227 if (r && s && p && e) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
228 ltc_deinit_multi(r, s, p, e, NULL); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
229 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
230 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
231 if (sigbuf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
232 buf_free(sigbuf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
233 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
234 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
235 if (err == DROPBEAR_FAILURE) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
236 dropbear_exit("ECC error"); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
237 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
238 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
239 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
240 // returns values in s and r |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
241 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE |