dropbear: ed25519.c annotate

annotate ed25519.c @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.

author	Matt Johnston <matt@ucc.asn.au>
date	Sun, 30 Jan 2022 10:14:56 +0800
parents	35d504d59c05
children

rev	line source
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	1 /*
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	2 * Dropbear - a SSH2 server
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	3 *
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	5 * All rights reserved.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	6 *
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	13 *
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	15 * all copies or substantial portions of the Software.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	16 *
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	23 * SOFTWARE. */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	24
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	25 /* Perform Ed25519 operations on data, including reading keys, signing and
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	26 * verification. */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	27
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	28 #include "includes.h"
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	29 #include "dbutil.h"
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	30 #include "buffer.h"
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	31 #include "ssh.h"
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	32 #include "curve25519.h"
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	33 #include "ed25519.h"
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	34
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	35 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	36
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	37 /* Load a public ed25519 key from a buffer, initialising the values.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	38 * The key will have the same format as buf_put_ed25519_key.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	39 * These should be freed with ed25519_key_free.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	40 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	41 int buf_get_ed25519_pub_key(buffer buf, dropbear_ed25519_key key,
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	42 enum signkey_type expect_keytype) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	43
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	44
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	45 unsigned int len, typelen;
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	46 char *keytype = NULL;
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	47 enum signkey_type buf_keytype;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	48
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	49 TRACE(("enter buf_get_ed25519_pub_key"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	50 dropbear_assert(key != NULL);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	51
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	52 /* consume and check the key string */
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	53 keytype = buf_getstring(buf, &typelen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	54 buf_keytype = signkey_type_from_name(keytype, typelen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	55 m_free(keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	56 if (buf_keytype != expect_keytype) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	57 TRACE(("leave buf_get_ed25519_pub_key: mismatch key type"))
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	58 return DROPBEAR_FAILURE;
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1727 diff changeset	59 }
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	60
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	61 len = buf_getint(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	62 if (len != CURVE25519_LEN \|\| buf->len - buf->pos < len) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	63 TRACE(("leave buf_get_ed25519_pub_key: failure"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	64 return DROPBEAR_FAILURE;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	65 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	66
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	67 m_burn(key->priv, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	68 memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	69 buf_incrpos(buf, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	70
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	71 TRACE(("leave buf_get_ed25519_pub_key: success"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	72 return DROPBEAR_SUCCESS;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	73 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	74
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	75 /* Same as buf_get_ed25519_pub_key, but reads private key at the end.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	76 * Loads a public and private ed25519 key from a buffer
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	77 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	78 int buf_get_ed25519_priv_key(buffer buf, dropbear_ed25519_key key) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	79
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	80 unsigned int len;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	81
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	82 TRACE(("enter buf_get_ed25519_priv_key"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	83 dropbear_assert(key != NULL);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	84
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	85 buf_incrpos(buf, 4+SSH_SIGNKEY_ED25519_LEN); /* int + "ssh-ed25519" */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	86
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	87 len = buf_getint(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	88 if (len != CURVE25519_LEN*2 \|\| buf->len - buf->pos < len) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	89 TRACE(("leave buf_get_ed25519_priv_key: failure"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	90 return DROPBEAR_FAILURE;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	91 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	92
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	93 memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	94 buf_incrpos(buf, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	95 memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	96 buf_incrpos(buf, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	97
1727 93dcc97c3f3f fix trace messages (#105) Ilya <instenet@gmail.com> parents: 1707 diff changeset	98 TRACE(("leave buf_get_ed25519_priv_key: success"))
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	99 return DROPBEAR_SUCCESS;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	100 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	101
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	102 /* Clear and free the memory used by a public or private key */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	103 void ed25519_key_free(dropbear_ed25519_key *key) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	104
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	105 TRACE2(("enter ed25519_key_free"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	106
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	107 if (key == NULL) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	108 TRACE2(("leave ed25519_key_free: key == NULL"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	109 return;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	110 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	111 m_burn(key->priv, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	112 m_free(key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	113
1727 93dcc97c3f3f fix trace messages (#105) Ilya <instenet@gmail.com> parents: 1707 diff changeset	114 TRACE2(("leave ed25519_key_free"))
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	115 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	116
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	117 /* Put the public ed25519 key into the buffer in the required format */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	118 void buf_put_ed25519_pub_key(buffer buf, const dropbear_ed25519_key key) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	119
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	120 TRACE(("enter buf_put_ed25519_pub_key"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	121 dropbear_assert(key != NULL);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	122
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	123 buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	124 buf_putstring(buf, key->pub, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	125
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	126 TRACE(("leave buf_put_ed25519_pub_key"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	127 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	128
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	129 /* Put the public and private ed25519 key into the buffer in the required format */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	130 void buf_put_ed25519_priv_key(buffer buf, const dropbear_ed25519_key key) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	131
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	132 TRACE(("enter buf_put_ed25519_priv_key"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	133 dropbear_assert(key != NULL);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	134
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	135 buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	136 buf_putint(buf, CURVE25519_LEN*2);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	137 buf_putbytes(buf, key->priv, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	138 buf_putbytes(buf, key->pub, CURVE25519_LEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	139
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	140 TRACE(("leave buf_put_ed25519_priv_key"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	141 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	142
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	143 /* Sign the data presented with key, writing the signature contents
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	144 * to the buffer */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	145 void buf_put_ed25519_sign(buffer* buf, const dropbear_ed25519_key key, const buffer data_buf) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	146
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	147 unsigned char s[64];
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	148 unsigned long slen = sizeof(s);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	149
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	150 TRACE(("enter buf_put_ed25519_sign"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	151 dropbear_assert(key != NULL);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	152
1707 41a0ff8d5a89 void return types for curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	153 dropbear_ed25519_sign(data_buf->data, data_buf->len, s, &slen, key->priv, key->pub);
41a0ff8d5a89 void return types for curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	154 buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN);
41a0ff8d5a89 void return types for curve25519 Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	155 buf_putstring(buf, s, slen);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	156
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	157 TRACE(("leave buf_put_ed25519_sign"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	158 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	159
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	160 #if DROPBEAR_SIGNKEY_VERIFY
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	161 /* Verify a signature in buf, made on data by the key given.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	162 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	163 int buf_ed25519_verify(buffer buf, const dropbear_ed25519_key key, const buffer *data_buf) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	164
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	165 int ret = DROPBEAR_FAILURE;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	166 unsigned char *s;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	167 unsigned long slen;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	168
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	169 TRACE(("enter buf_ed25519_verify"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	170 dropbear_assert(key != NULL);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	171
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	172 slen = buf_getint(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	173 if (slen != 64 \|\| buf->len - buf->pos < slen) {
1727 93dcc97c3f3f fix trace messages (#105) Ilya <instenet@gmail.com> parents: 1707 diff changeset	174 TRACE(("leave buf_ed25519_verify: bad size"))
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	175 goto out;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	176 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	177 s = buf_getptr(buf, slen);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	178
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	179 if (dropbear_ed25519_verify(data_buf->data, data_buf->len,
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	180 s, slen, key->pub) == 0) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	181 /* signature is valid */
1727 93dcc97c3f3f fix trace messages (#105) Ilya <instenet@gmail.com> parents: 1707 diff changeset	182 TRACE(("leave buf_ed25519_verify: success!"))
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	183 ret = DROPBEAR_SUCCESS;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	184 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	185
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	186 out:
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	187 TRACE(("leave buf_ed25519_verify: ret %d", ret))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	188 return ret;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	189 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	190
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	191 #endif /* DROPBEAR_SIGNKEY_VERIFY */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	192
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: diff changeset	193 #endif /* DROPBEAR_ED25519 */

Mercurial > dropbear

annotate ed25519.c @ 1861:2b3a8026a6ce