annotate ecdsa.c @ 1672:3a97f14c0235

Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) * Add Chacha20-Poly1305 authenticated encryption * Add general AEAD approach. * Add [email protected] algo using LibTomCrypt chacha and poly1305 routines. Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated AES instructions, having the same key size. Compiling in will add ~5,5kB to binary size on x86-64. function old new delta chacha_crypt - 1397 +1397 _poly1305_block - 608 +608 poly1305_done - 595 +595 dropbear_chachapoly_crypt - 457 +457 .rodata 26976 27392 +416 poly1305_process - 290 +290 poly1305_init - 221 +221 chacha_setup - 218 +218 encrypt_packet 1068 1270 +202 dropbear_chachapoly_getlength - 147 +147 decrypt_packet 756 897 +141 chacha_ivctr64 - 137 +137 read_packet 543 637 +94 dropbear_chachapoly_start - 94 +94 read_kex_algos 792 880 +88 chacha_keystream - 69 +69 dropbear_mode_chachapoly - 48 +48 sshciphers 280 320 +40 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_chachapoly_mac - 24 +24 dropbear_chachapoly - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes * Add AES128-GCM and AES256-GCM authenticated encryption * Add general AES-GCM mode. * Add [email protected] and [email protected] algo using LibTomCrypt gcm routines. AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions therefore disabled by default. Compiling in will add ~6kB to binary size on x86-64. function old new delta gcm_process - 1060 +1060 .rodata 26976 27808 +832 gcm_gf_mult - 820 +820 gcm_add_aad - 660 +660 gcm_shift_table - 512 +512 gcm_done - 471 +471 gcm_add_iv - 384 +384 gcm_init - 347 +347 dropbear_gcm_crypt - 309 +309 encrypt_packet 1068 1270 +202 decrypt_packet 756 897 +141 gcm_reset - 118 +118 read_packet 543 637 +94 read_kex_algos 792 880 +88 sshciphers 280 360 +80 gcm_mult_h - 80 +80 dropbear_gcm_start - 62 +62 dropbear_mode_gcm - 48 +48 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_ghash - 24 +24 dropbear_gcm_getlength - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Mon, 25 May 2020 20:50:25 +0500
parents d68d61e7056a
children 35d504d59c05
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "includes.h"
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 #include "dbutil.h"
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 #include "crypto_desc.h"
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
4 #include "ecc.h"
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
5 #include "ecdsa.h"
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
6 #include "signkey.h"
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
8 #if DROPBEAR_ECDSA
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
10 int signkey_is_ecdsa(enum signkey_type type)
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
11 {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
12 return type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
13 || type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
14 || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
15 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
16
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
17 enum signkey_type ecdsa_signkey_type(const ecc_key * key) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
18 #if DROPBEAR_ECC_256
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
19 if (key->dp == ecc_curve_nistp256.dp) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
20 return DROPBEAR_SIGNKEY_ECDSA_NISTP256;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
21 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
22 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
23 #if DROPBEAR_ECC_384
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
24 if (key->dp == ecc_curve_nistp384.dp) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
25 return DROPBEAR_SIGNKEY_ECDSA_NISTP384;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
26 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
27 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
28 #if DROPBEAR_ECC_521
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
29 if (key->dp == ecc_curve_nistp521.dp) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
30 return DROPBEAR_SIGNKEY_ECDSA_NISTP521;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
31 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
32 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
33 return DROPBEAR_SIGNKEY_NONE;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
34 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
35
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
37 const ltc_ecc_set_type *dp = NULL; /* curve domain parameters */
855
04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents: 852
diff changeset
38 ecc_key *new_key = NULL;
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 switch (bit_size) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
40 #if DROPBEAR_ECC_256
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 case 256:
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
42 dp = ecc_curve_nistp256.dp;
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 break;
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
45 #if DROPBEAR_ECC_384
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 case 384:
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
47 dp = ecc_curve_nistp384.dp;
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 break;
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
50 #if DROPBEAR_ECC_521
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 case 521:
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
52 dp = ecc_curve_nistp521.dp;
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 break;
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 #endif
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 }
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 if (!dp) {
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 dropbear_exit("Key size %d isn't valid. Try "
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
58 #if DROPBEAR_ECC_256
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 "256 "
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
61 #if DROPBEAR_ECC_384
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 "384 "
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
64 #if DROPBEAR_ECC_521
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 "521 "
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 #endif
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 , bit_size);
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 }
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69
855
04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents: 852
diff changeset
70 new_key = m_malloc(sizeof(*new_key));
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 dropbear_exit("ECC error");
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 }
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 return new_key;
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 }
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
77 ecc_key *buf_get_ecdsa_pub_key(buffer* buf) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
78 unsigned char *key_ident = NULL, *identifier = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
79 unsigned int key_ident_len, identifier_len;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
80 buffer *q_buf = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
81 struct dropbear_ecc_curve **curve;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
82 ecc_key *new_key = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
83
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
84 /* string "ecdsa-sha2-[identifier]" */
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1107
diff changeset
85 key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len);
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
86 /* string "[identifier]" */
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1107
diff changeset
87 identifier = (unsigned char*)buf_getstring(buf, &identifier_len);
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
88
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
89 if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
90 TRACE(("Bad identifier lengths"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
91 goto out;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
92 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
93 if (memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
94 TRACE(("mismatching identifiers"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
95 goto out;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
96 }
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
98 for (curve = dropbear_ecc_curves; *curve; curve++) {
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
99 if (memcmp(identifier, (char*)(*curve)->name, strlen((char*)(*curve)->name)) == 0) {
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
100 break;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
101 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
102 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
103 if (!*curve) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
104 TRACE(("couldn't match ecc curve"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
105 goto out;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
106 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
107
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
108 /* string Q */
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
109 q_buf = buf_getstringbuf(buf);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
110 new_key = buf_get_ecc_raw_pubkey(q_buf, *curve);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
111
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
112 out:
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
113 m_free(key_ident);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
114 m_free(identifier);
767
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
115 if (q_buf) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
116 buf_free(q_buf);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
117 q_buf = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
118 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
119 TRACE(("leave buf_get_ecdsa_pub_key"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents: 766
diff changeset
120 return new_key;
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
121 }
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
123 ecc_key *buf_get_ecdsa_priv_key(buffer *buf) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
124 ecc_key *new_key = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
125 TRACE(("enter buf_get_ecdsa_priv_key"))
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
126 new_key = buf_get_ecdsa_pub_key(buf);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
127 if (!new_key) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
128 return NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
129 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
130
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
131 if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
132 ecc_free(new_key);
1000
c0b1b7eb5c84 Fix memory leak of ecdsa structure, found by Coverity
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
133 m_free(new_key);
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
134 return NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
135 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
136
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
137 return new_key;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
138 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
139
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
140 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
141 struct dropbear_ecc_curve *curve = NULL;
1105
c339657c9758 Turn local key_indent variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
142 char key_ident[30];
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
143
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
144 curve = curve_for_dp(key->dp);
1105
c339657c9758 Turn local key_indent variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
145 snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1107
diff changeset
146 buf_putstring(buf, key_ident, strlen(key_ident));
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1107
diff changeset
147 buf_putstring(buf, curve->name, strlen(curve->name));
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
148 buf_put_ecc_raw_pubkey_string(buf, key);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
149 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
150
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
151 void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
152 buf_put_ecdsa_pub_key(buf, key);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
153 buf_putmpint(buf, key->k);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
154 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
155
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
156 void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf) {
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
157 /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
158 int err = DROPBEAR_FAILURE;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
159 struct dropbear_ecc_curve *curve = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
160 hash_state hs;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
161 unsigned char hash[64];
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
162 void *e = NULL, *p = NULL, *s = NULL, *r;
1105
c339657c9758 Turn local key_indent variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
163 char key_ident[30];
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
164 buffer *sigbuf = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
165
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
166 TRACE(("buf_put_ecdsa_sign"))
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
167 curve = curve_for_dp(key->dp);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
168
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
169 if (ltc_init_multi(&r, &s, &p, &e, NULL) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
170 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
171 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
172
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
173 curve->hash_desc->init(&hs);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
174 curve->hash_desc->process(&hs, data_buf->data, data_buf->len);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
175 curve->hash_desc->done(&hs, hash);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
176
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
177 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
178 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
179 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
180
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
181 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
182 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
183 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
184
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
185 for (;;) {
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
186 ecc_key R_key; /* ephemeral key */
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
187 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, &R_key, key->dp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
188 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
189 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
190 if (ltc_mp.mpdiv(R_key.pubkey.x, p, NULL, r) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
191 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
192 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
193 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ) {
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
194 /* try again */
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
195 ecc_free(&R_key);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
196 continue;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
197 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
198 /* k = 1/k */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
199 if (ltc_mp.invmod(R_key.k, p, R_key.k) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
200 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
201 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
202 /* s = xr */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
203 if (ltc_mp.mulmod(key->k, r, p, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
204 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
205 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
206 /* s = e + xr */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
207 if (ltc_mp.add(e, s, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
208 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
209 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
210 if (ltc_mp.mpdiv(s, p, NULL, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
211 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
212 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
213 /* s = (e + xr)/k */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
214 if (ltc_mp.mulmod(s, R_key.k, p, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
215 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
216 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
217 ecc_free(&R_key);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
218
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
219 if (ltc_mp.compare_d(s, 0) != LTC_MP_EQ) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
220 break;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
221 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
222 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
223
1105
c339657c9758 Turn local key_indent variable into char *
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
224 snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1107
diff changeset
225 buf_putstring(buf, key_ident, strlen(key_ident));
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
226 /* enough for nistp521 */
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
227 sigbuf = buf_new(200);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
228 buf_putmpint(sigbuf, (mp_int*)r);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
229 buf_putmpint(sigbuf, (mp_int*)s);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
230 buf_putbufstring(buf, sigbuf);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
231
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
232 err = DROPBEAR_SUCCESS;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
233
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
234 out:
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
235 if (r && s && p && e) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
236 ltc_deinit_multi(r, s, p, e, NULL);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
237 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
238
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
239 if (sigbuf) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
240 buf_free(sigbuf);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
241 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
242
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
243 if (err == DROPBEAR_FAILURE) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
244 dropbear_exit("ECC error");
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
245 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
246 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
247
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
248 /* returns values in s and r
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
249 returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
250 static int buf_get_ecdsa_verify_params(buffer *buf,
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
251 void *r, void* s) {
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
252 int ret = DROPBEAR_FAILURE;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
253 unsigned int sig_len;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
254 unsigned int sig_pos;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
255
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
256 sig_len = buf_getint(buf);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
257 sig_pos = buf->pos;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
258 if (buf_getmpint(buf, r) != DROPBEAR_SUCCESS) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
259 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
260 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
261 if (buf_getmpint(buf, s) != DROPBEAR_SUCCESS) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
262 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
263 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
264 if (buf->pos - sig_pos != sig_len) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
265 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
266 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
267 ret = DROPBEAR_SUCCESS;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
268
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
269 out:
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
270 return ret;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
271 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
272
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
273
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1295
diff changeset
274 int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) {
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
275 /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
276 int ret = DROPBEAR_FAILURE;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
277 hash_state hs;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
278 struct dropbear_ecc_curve *curve = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
279 unsigned char hash[64];
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
280 ecc_point *mG = NULL, *mQ = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
281 void *r = NULL, *s = NULL, *v = NULL, *w = NULL, *u1 = NULL, *u2 = NULL,
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
282 *e = NULL, *p = NULL, *m = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
283 void *mp = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
284
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
285 /* verify
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
286 *
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
287 * w = s^-1 mod n
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
288 * u1 = xw
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
289 * u2 = rw
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
290 * X = u1*G + u2*Q
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
291 * v = X_x1 mod n
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
292 * accept if v == r
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
293 */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
294
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
295 TRACE(("buf_ecdsa_verify"))
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
296 curve = curve_for_dp(key->dp);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
297
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
298 mG = ltc_ecc_new_point();
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
299 mQ = ltc_ecc_new_point();
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
300 if (ltc_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL) != CRYPT_OK
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
301 || !mG
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
302 || !mQ) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
303 dropbear_exit("ECC error");
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
304 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
305
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
306 if (buf_get_ecdsa_verify_params(buf, r, s) != DROPBEAR_SUCCESS) {
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
307 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
308 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
309
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
310 curve->hash_desc->init(&hs);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
311 curve->hash_desc->process(&hs, data_buf->data, data_buf->len);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
312 curve->hash_desc->done(&hs, hash);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
313
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
314 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
315 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
316 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
317
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
318 /* get the order */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
319 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
320 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
321 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
322
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
323 /* get the modulus */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
324 if (ltc_mp.read_radix(m, (char *)key->dp->prime, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
325 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
326 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
327
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
328 /* check for zero */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
329 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
330 || ltc_mp.compare_d(s, 0) == LTC_MP_EQ
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
331 || ltc_mp.compare(r, p) != LTC_MP_LT
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
332 || ltc_mp.compare(s, p) != LTC_MP_LT) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
333 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
334 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
335
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
336 /* w = s^-1 mod n */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
337 if (ltc_mp.invmod(s, p, w) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
338 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
339 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
340
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
341 /* u1 = ew */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
342 if (ltc_mp.mulmod(e, w, p, u1) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
343 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
344 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
345
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
346 /* u2 = rw */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
347 if (ltc_mp.mulmod(r, w, p, u2) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
348 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
349 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
350
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
351 /* find mG and mQ */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
352 if (ltc_mp.read_radix(mG->x, (char *)key->dp->Gx, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
353 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
354 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
355 if (ltc_mp.read_radix(mG->y, (char *)key->dp->Gy, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
356 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
357 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
358 if (ltc_mp.set_int(mG->z, 1) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
359 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
360 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
361
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
362 if (ltc_mp.copy(key->pubkey.x, mQ->x) != CRYPT_OK
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
363 || ltc_mp.copy(key->pubkey.y, mQ->y) != CRYPT_OK
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
364 || ltc_mp.copy(key->pubkey.z, mQ->z) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
365 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
366 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
367
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
368 /* compute u1*mG + u2*mQ = mG */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
369 if (ltc_mp.ecc_mul2add == NULL) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
370 if (ltc_mp.ecc_ptmul(u1, mG, mG, m, 0) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
371 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
372 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
373 if (ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
374 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
375 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
376
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
377 /* find the montgomery mp */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
378 if (ltc_mp.montgomery_setup(m, &mp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
379 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
380 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
381
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
382 /* add them */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
383 if (ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
384 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
385 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
386
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1122
diff changeset
387 /* reduce */
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
388 if (ltc_mp.ecc_map(mG, m, mp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
389 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
390 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
391 } else {
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1122
diff changeset
392 /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
393 if (ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
394 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
395 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
396 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
397
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
398 /* v = X_x1 mod n */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
399 if (ltc_mp.mpdiv(mG->x, p, NULL, v) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
400 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
401 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
402
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
403 /* does v == r */
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
404 if (ltc_mp.compare(v, r) == LTC_MP_EQ) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
405 ret = DROPBEAR_SUCCESS;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
406 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
407
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
408 out:
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
409 ltc_ecc_del_point(mG);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
410 ltc_ecc_del_point(mQ);
1058
063c38ea622b Fix some memory leaks in ecc code
Matt Johnston <matt@ucc.asn.au>
parents: 1000
diff changeset
411 ltc_deinit_multi(r, s, v, w, u1, u2, p, e, m, NULL);
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
412 if (mp != NULL) {
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
413 ltc_mp.montgomery_deinit(mp);
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
414 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
415 return ret;
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
416 }
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
417
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 767
diff changeset
418
766
d1575fdc29a6 start on ecdsa keys
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
419
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
420 #endif /* DROPBEAR_ECDSA */