Mercurial > dropbear
annotate ecdsa.c @ 840:5128e525c8fa ecc
Default to some larger key sizes
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 31 Oct 2013 22:49:15 +0800 |
parents | 7dcb46da72d9 |
children | b298bb438625 |
rev | line source |
---|---|
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
1 #include "options.h" |
766 | 2 #include "includes.h" |
3 #include "dbutil.h" | |
4 #include "crypto_desc.h" | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
5 #include "ecc.h" |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
6 #include "ecdsa.h" |
795 | 7 #include "signkey.h" |
766 | 8 |
9 #ifdef DROPBEAR_ECDSA | |
10 | |
795 | 11 enum signkey_type ecdsa_signkey_type(ecc_key * key) { |
12 #ifdef DROPBEAR_ECC_256 | |
13 if (key->dp == ecc_curve_nistp256.dp) { | |
14 return DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
15 } | |
16 #endif | |
17 #ifdef DROPBEAR_ECC_384 | |
18 if (key->dp == ecc_curve_nistp384.dp) { | |
19 return DROPBEAR_SIGNKEY_ECDSA_NISTP384; | |
20 } | |
21 #endif | |
22 #ifdef DROPBEAR_ECC_521 | |
23 if (key->dp == ecc_curve_nistp521.dp) { | |
24 return DROPBEAR_SIGNKEY_ECDSA_NISTP521; | |
25 } | |
26 #endif | |
27 return DROPBEAR_SIGNKEY_NONE; | |
28 } | |
29 | |
766 | 30 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) { |
31 const ltc_ecc_set_type *dp = NULL; // curve domain parameters | |
32 switch (bit_size) { | |
33 #ifdef DROPBEAR_ECC_256 | |
34 case 256: | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
35 dp = ecc_curve_nistp256.dp; |
766 | 36 break; |
37 #endif | |
38 #ifdef DROPBEAR_ECC_384 | |
39 case 384: | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
40 dp = ecc_curve_nistp384.dp; |
766 | 41 break; |
42 #endif | |
43 #ifdef DROPBEAR_ECC_521 | |
44 case 521: | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
45 dp = ecc_curve_nistp521.dp; |
766 | 46 break; |
47 #endif | |
48 } | |
49 if (!dp) { | |
50 dropbear_exit("Key size %d isn't valid. Try " | |
51 #ifdef DROPBEAR_ECC_256 | |
52 "256 " | |
53 #endif | |
54 #ifdef DROPBEAR_ECC_384 | |
55 "384 " | |
56 #endif | |
57 #ifdef DROPBEAR_ECC_521 | |
58 "521 " | |
59 #endif | |
60 , bit_size); | |
61 } | |
62 | |
63 ecc_key *new_key = m_malloc(sizeof(*new_key)); | |
64 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) { | |
65 dropbear_exit("ECC error"); | |
66 } | |
67 return new_key; | |
68 } | |
69 | |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
70 ecc_key *buf_get_ecdsa_pub_key(buffer* buf) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
71 unsigned char *key_ident = NULL, *identifier = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
72 unsigned int key_ident_len, identifier_len; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
73 buffer *q_buf = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
74 struct dropbear_ecc_curve **curve; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
75 ecc_key *new_key = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
76 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
77 // string "ecdsa-sha2-[identifier]" |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
78 key_ident = buf_getstring(buf, &key_ident_len); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
79 // string "[identifier]" |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
80 identifier = buf_getstring(buf, &identifier_len); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
81 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
82 if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
83 TRACE(("Bad identifier lengths")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
84 goto out; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
85 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
86 if (memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
87 TRACE(("mismatching identifiers")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
88 goto out; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
89 } |
766 | 90 |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
91 for (curve = dropbear_ecc_curves; *curve; curve++) { |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
92 if (memcmp(identifier, (char*)(*curve)->name, strlen((char*)(*curve)->name)) == 0) { |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
93 break; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
94 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
95 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
96 if (!*curve) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
97 TRACE(("couldn't match ecc curve")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
98 goto out; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
99 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
100 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
101 // string Q |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
102 q_buf = buf_getstringbuf(buf); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
103 new_key = buf_get_ecc_raw_pubkey(q_buf, *curve); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
104 |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
105 out: |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
106 m_free(key_ident); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
107 m_free(identifier); |
767
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
108 if (q_buf) { |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
109 buf_free(q_buf); |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
110 q_buf = NULL; |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
111 } |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
112 TRACE(("leave buf_get_ecdsa_pub_key")) |
e465ed10c51d
Be safer with how we handle ltc_ecc_sets[] (particularly with
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
113 return new_key; |
766 | 114 } |
115 | |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
116 ecc_key *buf_get_ecdsa_priv_key(buffer *buf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
117 ecc_key *new_key = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
118 TRACE(("enter buf_get_ecdsa_priv_key")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
119 new_key = buf_get_ecdsa_pub_key(buf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
120 if (!new_key) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
121 return NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
122 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
123 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
124 if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
125 ecc_free(new_key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
126 return NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
127 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
128 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
129 return new_key; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
130 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
131 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
132 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
133 struct dropbear_ecc_curve *curve = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
134 unsigned char key_ident[30]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
135 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
136 curve = curve_for_dp(key->dp); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
137 snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
138 buf_putstring(buf, key_ident, strlen(key_ident)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
139 buf_putstring(buf, curve->name, strlen(curve->name)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
140 buf_put_ecc_raw_pubkey_string(buf, key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
141 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
142 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
143 void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
144 buf_put_ecdsa_pub_key(buf, key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
145 buf_putmpint(buf, key->k); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
146 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
147 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
148 void buf_put_ecdsa_sign(buffer *buf, ecc_key *key, buffer *data_buf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
149 /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
150 int err = DROPBEAR_FAILURE; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
151 struct dropbear_ecc_curve *curve = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
152 hash_state hs; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
153 unsigned char hash[64]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
154 void *e = NULL, *p = NULL, *s = NULL, *r; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
155 unsigned char key_ident[30]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
156 buffer *sigbuf = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
157 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
158 TRACE(("buf_put_ecdsa_sign")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
159 curve = curve_for_dp(key->dp); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
160 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
161 if (ltc_init_multi(&r, &s, &p, &e, NULL) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
162 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
163 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
164 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
165 curve->hash_desc->init(&hs); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
166 curve->hash_desc->process(&hs, data_buf->data, data_buf->len); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
167 curve->hash_desc->done(&hs, hash); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
168 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
169 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
170 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
171 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
172 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
173 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
174 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
175 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
176 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
177 for (;;) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
178 ecc_key R_key; // ephemeral key |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
179 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, &R_key, key->dp) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
180 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
181 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
182 if (ltc_mp.mpdiv(R_key.pubkey.x, p, NULL, r) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
183 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
184 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
185 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
186 // try again |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
187 ecc_free(&R_key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
188 continue; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
189 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
190 /* k = 1/k */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
191 if (ltc_mp.invmod(R_key.k, p, R_key.k) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
192 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
193 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
194 /* s = xr */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
195 if (ltc_mp.mulmod(key->k, r, p, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
196 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
197 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
198 /* s = e + xr */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
199 if (ltc_mp.add(e, s, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
200 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
201 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
202 if (ltc_mp.mpdiv(s, p, NULL, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
203 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
204 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
205 /* s = (e + xr)/k */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
206 if (ltc_mp.mulmod(s, R_key.k, p, s) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
207 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
208 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
209 ecc_free(&R_key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
210 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
211 if (ltc_mp.compare_d(s, 0) != LTC_MP_EQ) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
212 break; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
213 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
214 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
215 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
216 snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
217 buf_putstring(buf, key_ident, strlen(key_ident)); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
218 // enough for nistp521 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
219 sigbuf = buf_new(200); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
220 buf_putmpint(sigbuf, (mp_int*)r); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
221 buf_putmpint(sigbuf, (mp_int*)s); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
222 buf_putbufstring(buf, sigbuf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
223 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
224 err = DROPBEAR_SUCCESS; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
225 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
226 out: |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
227 if (r && s && p && e) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
228 ltc_deinit_multi(r, s, p, e, NULL); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
229 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
230 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
231 if (sigbuf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
232 buf_free(sigbuf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
233 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
234 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
235 if (err == DROPBEAR_FAILURE) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
236 dropbear_exit("ECC error"); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
237 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
238 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
239 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
240 // returns values in s and r |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
241 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
242 static int buf_get_ecdsa_verify_params(buffer *buf, struct dropbear_ecc_curve *curve, |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
243 void *r, void* s) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
244 int ret = DROPBEAR_FAILURE; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
245 unsigned int sig_len; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
246 unsigned int sig_pos; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
247 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
248 sig_len = buf_getint(buf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
249 sig_pos = buf->pos; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
250 if (buf_getmpint(buf, r) != DROPBEAR_SUCCESS) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
251 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
252 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
253 if (buf_getmpint(buf, s) != DROPBEAR_SUCCESS) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
254 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
255 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
256 if (buf->pos - sig_pos != sig_len) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
257 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
258 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
259 ret = DROPBEAR_SUCCESS; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
260 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
261 out: |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
262 return ret; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
263 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
264 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
265 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
266 int buf_ecdsa_verify(buffer *buf, ecc_key *key, buffer *data_buf) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
267 /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
268 int ret = DROPBEAR_FAILURE; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
269 hash_state hs; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
270 struct dropbear_ecc_curve *curve = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
271 unsigned char hash[64]; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
272 ecc_point *mG = NULL, *mQ = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
273 void *r = NULL, *s = NULL, *v = NULL, *w = NULL, *u1 = NULL, *u2 = NULL, |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
274 *e = NULL, *p = NULL, *m = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
275 void *mp = NULL; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
276 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
277 /* verify |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
278 * |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
279 * w = s^-1 mod n |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
280 * u1 = xw |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
281 * u2 = rw |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
282 * X = u1*G + u2*Q |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
283 * v = X_x1 mod n |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
284 * accept if v == r |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
285 */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
286 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
287 TRACE(("buf_ecdsa_verify")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
288 curve = curve_for_dp(key->dp); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
289 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
290 mG = ltc_ecc_new_point(); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
291 mQ = ltc_ecc_new_point(); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
292 if (ltc_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL) != CRYPT_OK |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
293 || !mG |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
294 || !mQ) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
295 dropbear_exit("ECC error"); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
296 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
297 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
298 if (buf_get_ecdsa_verify_params(buf, curve, r, s) != DROPBEAR_SUCCESS) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
299 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
300 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
301 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
302 curve->hash_desc->init(&hs); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
303 curve->hash_desc->process(&hs, data_buf->data, data_buf->len); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
304 curve->hash_desc->done(&hs, hash); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
305 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
306 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
307 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
308 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
309 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
310 /* get the order */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
311 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
312 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
313 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
314 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
315 /* get the modulus */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
316 if (ltc_mp.read_radix(m, (char *)key->dp->prime, 16) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
317 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
318 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
319 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
320 /* check for zero */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
321 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
322 || ltc_mp.compare_d(s, 0) == LTC_MP_EQ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
323 || ltc_mp.compare(r, p) != LTC_MP_LT |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
324 || ltc_mp.compare(s, p) != LTC_MP_LT) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
325 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
326 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
327 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
328 /* w = s^-1 mod n */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
329 if (ltc_mp.invmod(s, p, w) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
330 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
331 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
332 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
333 /* u1 = ew */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
334 if (ltc_mp.mulmod(e, w, p, u1) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
335 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
336 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
337 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
338 /* u2 = rw */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
339 if (ltc_mp.mulmod(r, w, p, u2) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
340 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
341 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
342 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
343 /* find mG and mQ */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
344 if (ltc_mp.read_radix(mG->x, (char *)key->dp->Gx, 16) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
345 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
346 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
347 if (ltc_mp.read_radix(mG->y, (char *)key->dp->Gy, 16) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
348 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
349 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
350 if (ltc_mp.set_int(mG->z, 1) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
351 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
352 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
353 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
354 if (ltc_mp.copy(key->pubkey.x, mQ->x) != CRYPT_OK |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
355 || ltc_mp.copy(key->pubkey.y, mQ->y) != CRYPT_OK |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
356 || ltc_mp.copy(key->pubkey.z, mQ->z) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
357 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
358 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
359 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
360 /* compute u1*mG + u2*mQ = mG */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
361 if (ltc_mp.ecc_mul2add == NULL) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
362 if (ltc_mp.ecc_ptmul(u1, mG, mG, m, 0) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
363 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
364 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
365 if (ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
366 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
367 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
368 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
369 /* find the montgomery mp */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
370 if (ltc_mp.montgomery_setup(m, &mp) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
371 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
372 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
373 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
374 /* add them */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
375 if (ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
376 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
377 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
378 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
379 /* reduce */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
380 if (ltc_mp.ecc_map(mG, m, mp) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
381 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
382 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
383 } else { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
384 /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
385 if (ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
386 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
387 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
388 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
389 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
390 /* v = X_x1 mod n */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
391 if (ltc_mp.mpdiv(mG->x, p, NULL, v) != CRYPT_OK) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
392 goto out; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
393 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
394 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
395 /* does v == r */ |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
396 if (ltc_mp.compare(v, r) == LTC_MP_EQ) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
397 ret = DROPBEAR_SUCCESS; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
398 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
399 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
400 out: |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
401 ltc_ecc_del_point(mG); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
402 ltc_ecc_del_point(mQ); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
403 mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
404 if (mp != NULL) { |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
405 ltc_mp.montgomery_deinit(mp); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
406 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
407 return ret; |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
408 } |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
409 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
767
diff
changeset
|
410 |
766 | 411 |
412 #endif // DROPBEAR_ECDSA |