dropbear: ecdsa.c annotate

annotate ecdsa.c @ 994:5c5ade336926

Prefer stronger algorithms in algorithm negotiation. Prefer diffie-hellman-group14-sha1 (2048 bit) over diffie-hellman-group1-sha1 (1024 bit). Due to meet-in-the-middle attacks the effective key length of three key 3DES is 112 bits. AES is stronger and faster then 3DES. Prefer to delay the start of compression until after authentication has completed. This avoids exposing compression code to attacks from unauthenticated users. (github pull request #9)

author	Fedor Brunner <fedor.brunner@azet.sk>
date	Fri, 23 Jan 2015 23:00:25 +0800
parents	c19acba28590
children	c0b1b7eb5c84

rev	line source
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	1 #include "options.h"
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 #include "includes.h"
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 #include "dbutil.h"
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 #include "crypto_desc.h"
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	5 #include "ecc.h"
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	6 #include "ecdsa.h"
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	7 #include "signkey.h"
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 #ifdef DROPBEAR_ECDSA
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	11 int signkey_is_ecdsa(enum signkey_type type)
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	12 {
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	13 return type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	14 \|\| type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	15 \|\| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521;
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	16 }
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	17
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	18 enum signkey_type ecdsa_signkey_type(ecc_key * key) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	19 #ifdef DROPBEAR_ECC_256
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	20 if (key->dp == ecc_curve_nistp256.dp) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	21 return DROPBEAR_SIGNKEY_ECDSA_NISTP256;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	22 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	23 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	24 #ifdef DROPBEAR_ECC_384
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	25 if (key->dp == ecc_curve_nistp384.dp) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	26 return DROPBEAR_SIGNKEY_ECDSA_NISTP384;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	27 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	28 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	29 #ifdef DROPBEAR_ECC_521
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	30 if (key->dp == ecc_curve_nistp521.dp) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	31 return DROPBEAR_SIGNKEY_ECDSA_NISTP521;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	32 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	33 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	34 return DROPBEAR_SIGNKEY_NONE;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	35 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	36
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	38 const ltc_ecc_set_type dp = NULL; / curve domain parameters */
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	39 ecc_key *new_key = NULL;
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	40 switch (bit_size) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	41 #ifdef DROPBEAR_ECC_256
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42 case 256:
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	43 dp = ecc_curve_nistp256.dp;
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 break;
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 #ifdef DROPBEAR_ECC_384
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 case 384:
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	48 dp = ecc_curve_nistp384.dp;
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 break;
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 #ifdef DROPBEAR_ECC_521
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 case 521:
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	53 dp = ecc_curve_nistp521.dp;
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 break;
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 if (!dp) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 dropbear_exit("Key size %d isn't valid. Try "
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 #ifdef DROPBEAR_ECC_256
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 "256 "
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 #ifdef DROPBEAR_ECC_384
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 "384 "
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 #ifdef DROPBEAR_ECC_521
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 "521 "
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 #endif
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 , bit_size);
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	71 new_key = m_malloc(sizeof(*new_key));
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 dropbear_exit("ECC error");
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 return new_key;
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	78 ecc_key buf_get_ecdsa_pub_key(buffer buf) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	79 unsigned char key_ident = NULL, identifier = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	80 unsigned int key_ident_len, identifier_len;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	81 buffer *q_buf = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	82 struct dropbear_ecc_curve **curve;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	83 ecc_key *new_key = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	84
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	85 /* string "ecdsa-sha2-[identifier]" */
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	86 key_ident = buf_getstring(buf, &key_ident_len);
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	87 /* string "[identifier]" */
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	88 identifier = buf_getstring(buf, &identifier_len);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	89
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	90 if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	91 TRACE(("Bad identifier lengths"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	92 goto out;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	93 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	94 if (memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	95 TRACE(("mismatching identifiers"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	96 goto out;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	97 }
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	99 for (curve = dropbear_ecc_curves; *curve; curve++) {
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	100 if (memcmp(identifier, (char)(curve)->name, strlen((char)(curve)->name)) == 0) {
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	101 break;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	102 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	103 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	104 if (!*curve) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	105 TRACE(("couldn't match ecc curve"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	106 goto out;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	107 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	108
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	109 /* string Q */
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	110 q_buf = buf_getstringbuf(buf);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	111 new_key = buf_get_ecc_raw_pubkey(q_buf, *curve);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	112
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	113 out:
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	114 m_free(key_ident);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	115 m_free(identifier);
767 e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	116 if (q_buf) {
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	117 buf_free(q_buf);
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	118 q_buf = NULL;
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	119 }
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	120 TRACE(("leave buf_get_ecdsa_pub_key"))
e465ed10c51d Be safer with how we handle ltc_ecc_sets[] (particularly with Matt Johnston <matt@ucc.asn.au> parents: 766 diff changeset	121 return new_key;
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 }
d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	124 ecc_key buf_get_ecdsa_priv_key(buffer buf) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	125 ecc_key *new_key = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	126 TRACE(("enter buf_get_ecdsa_priv_key"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	127 new_key = buf_get_ecdsa_pub_key(buf);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	128 if (!new_key) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	129 return NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	130 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	131
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	132 if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	133 ecc_free(new_key);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	134 return NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	135 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	136
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	137 return new_key;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	138 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	139
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	140 void buf_put_ecdsa_pub_key(buffer buf, ecc_key key) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	141 struct dropbear_ecc_curve *curve = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	142 unsigned char key_ident[30];
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	143
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	144 curve = curve_for_dp(key->dp);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	145 snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	146 buf_putstring(buf, key_ident, strlen(key_ident));
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	147 buf_putstring(buf, curve->name, strlen(curve->name));
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	148 buf_put_ecc_raw_pubkey_string(buf, key);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	149 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	150
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	151 void buf_put_ecdsa_priv_key(buffer buf, ecc_key key) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	152 buf_put_ecdsa_pub_key(buf, key);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	153 buf_putmpint(buf, key->k);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	154 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	155
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	156 void buf_put_ecdsa_sign(buffer buf, ecc_key key, buffer *data_buf) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	157 /* Based on libtomcrypt's ecc_sign_hash but without the asn1 */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	158 int err = DROPBEAR_FAILURE;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	159 struct dropbear_ecc_curve *curve = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	160 hash_state hs;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	161 unsigned char hash[64];
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	162 void e = NULL, p = NULL, s = NULL, r;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	163 unsigned char key_ident[30];
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	164 buffer *sigbuf = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	165
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	166 TRACE(("buf_put_ecdsa_sign"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	167 curve = curve_for_dp(key->dp);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	168
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	169 if (ltc_init_multi(&r, &s, &p, &e, NULL) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	170 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	171 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	172
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	173 curve->hash_desc->init(&hs);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	174 curve->hash_desc->process(&hs, data_buf->data, data_buf->len);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	175 curve->hash_desc->done(&hs, hash);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	176
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	177 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	178 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	179 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	180
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	181 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	182 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	183 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	184
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	185 for (;;) {
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	186 ecc_key R_key; /* ephemeral key */
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	187 if (ecc_make_key_ex(NULL, dropbear_ltc_prng, &R_key, key->dp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	188 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	189 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	190 if (ltc_mp.mpdiv(R_key.pubkey.x, p, NULL, r) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	191 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	192 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	193 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ) {
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	194 /* try again */
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	195 ecc_free(&R_key);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	196 continue;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	197 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	198 /* k = 1/k */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	199 if (ltc_mp.invmod(R_key.k, p, R_key.k) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	200 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	201 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	202 /* s = xr */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	203 if (ltc_mp.mulmod(key->k, r, p, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	204 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	205 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	206 /* s = e + xr */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	207 if (ltc_mp.add(e, s, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	208 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	209 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	210 if (ltc_mp.mpdiv(s, p, NULL, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	211 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	212 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	213 /* s = (e + xr)/k */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	214 if (ltc_mp.mulmod(s, R_key.k, p, s) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	215 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	216 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	217 ecc_free(&R_key);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	218
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	219 if (ltc_mp.compare_d(s, 0) != LTC_MP_EQ) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	220 break;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	221 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	222 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	223
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	224 snprintf((char*)key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	225 buf_putstring(buf, key_ident, strlen(key_ident));
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	226 /* enough for nistp521 */
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	227 sigbuf = buf_new(200);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	228 buf_putmpint(sigbuf, (mp_int*)r);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	229 buf_putmpint(sigbuf, (mp_int*)s);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	230 buf_putbufstring(buf, sigbuf);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	231
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	232 err = DROPBEAR_SUCCESS;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	233
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	234 out:
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	235 if (r && s && p && e) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	236 ltc_deinit_multi(r, s, p, e, NULL);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	237 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	238
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	239 if (sigbuf) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	240 buf_free(sigbuf);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	241 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	242
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	243 if (err == DROPBEAR_FAILURE) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	244 dropbear_exit("ECC error");
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	245 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	246 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	247
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	248 /* returns values in s and r
c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	249 returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
852 7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	250 static int buf_get_ecdsa_verify_params(buffer *buf,
7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	251 void r, void s) {
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	252 int ret = DROPBEAR_FAILURE;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	253 unsigned int sig_len;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	254 unsigned int sig_pos;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	255
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	256 sig_len = buf_getint(buf);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	257 sig_pos = buf->pos;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	258 if (buf_getmpint(buf, r) != DROPBEAR_SUCCESS) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	259 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	260 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	261 if (buf_getmpint(buf, s) != DROPBEAR_SUCCESS) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	262 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	263 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	264 if (buf->pos - sig_pos != sig_len) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	265 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	266 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	267 ret = DROPBEAR_SUCCESS;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	268
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	269 out:
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	270 return ret;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	271 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	272
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	273
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	274 int buf_ecdsa_verify(buffer buf, ecc_key key, buffer *data_buf) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	275 /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	276 int ret = DROPBEAR_FAILURE;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	277 hash_state hs;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	278 struct dropbear_ecc_curve *curve = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	279 unsigned char hash[64];
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	280 ecc_point mG = NULL, mQ = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	281 void r = NULL, s = NULL, v = NULL, w = NULL, u1 = NULL, u2 = NULL,
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	282 e = NULL, p = NULL, *m = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	283 void *mp = NULL;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	284
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	285 /* verify
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	286 *
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	287 * w = s^-1 mod n
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	288 * u1 = xw
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	289 * u2 = rw
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	290 * X = u1G + u2Q
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	291 * v = X_x1 mod n
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	292 * accept if v == r
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	293 */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	294
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	295 TRACE(("buf_ecdsa_verify"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	296 curve = curve_for_dp(key->dp);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	297
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	298 mG = ltc_ecc_new_point();
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	299 mQ = ltc_ecc_new_point();
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	300 if (ltc_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL) != CRYPT_OK
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	301 \|\| !mG
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	302 \|\| !mQ) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	303 dropbear_exit("ECC error");
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	304 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	305
852 7540c0822374 Various cleanups and fixes for warnings Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	306 if (buf_get_ecdsa_verify_params(buf, r, s) != DROPBEAR_SUCCESS) {
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	307 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	308 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	309
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	310 curve->hash_desc->init(&hs);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	311 curve->hash_desc->process(&hs, data_buf->data, data_buf->len);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	312 curve->hash_desc->done(&hs, hash);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	313
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	314 if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	315 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	316 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	317
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	318 /* get the order */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	319 if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	320 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	321 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	322
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	323 /* get the modulus */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	324 if (ltc_mp.read_radix(m, (char *)key->dp->prime, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	325 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	326 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	327
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	328 /* check for zero */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	329 if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	330 \|\| ltc_mp.compare_d(s, 0) == LTC_MP_EQ
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	331 \|\| ltc_mp.compare(r, p) != LTC_MP_LT
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	332 \|\| ltc_mp.compare(s, p) != LTC_MP_LT) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	333 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	334 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	335
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	336 /* w = s^-1 mod n */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	337 if (ltc_mp.invmod(s, p, w) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	338 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	339 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	340
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	341 /* u1 = ew */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	342 if (ltc_mp.mulmod(e, w, p, u1) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	343 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	344 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	345
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	346 /* u2 = rw */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	347 if (ltc_mp.mulmod(r, w, p, u2) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	348 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	349 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	350
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	351 /* find mG and mQ */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	352 if (ltc_mp.read_radix(mG->x, (char *)key->dp->Gx, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	353 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	354 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	355 if (ltc_mp.read_radix(mG->y, (char *)key->dp->Gy, 16) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	356 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	357 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	358 if (ltc_mp.set_int(mG->z, 1) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	359 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	360 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	361
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	362 if (ltc_mp.copy(key->pubkey.x, mQ->x) != CRYPT_OK
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	363 \|\| ltc_mp.copy(key->pubkey.y, mQ->y) != CRYPT_OK
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	364 \|\| ltc_mp.copy(key->pubkey.z, mQ->z) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	365 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	366 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	367
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	368 /* compute u1mG + u2mQ = mG */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	369 if (ltc_mp.ecc_mul2add == NULL) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	370 if (ltc_mp.ecc_ptmul(u1, mG, mG, m, 0) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	371 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	372 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	373 if (ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	374 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	375 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	376
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	377 /* find the montgomery mp */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	378 if (ltc_mp.montgomery_setup(m, &mp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	379 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	380 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	381
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	382 /* add them */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	383 if (ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	384 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	385 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	386
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	387 /* reduce */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	388 if (ltc_mp.ecc_map(mG, m, mp) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	389 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	390 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	391 } else {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	392 /* use Shamir's trick to compute u1mG + u2mQ using half of the doubles */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	393 if (ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	394 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	395 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	396 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	397
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	398 /* v = X_x1 mod n */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	399 if (ltc_mp.mpdiv(mG->x, p, NULL, v) != CRYPT_OK) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	400 goto out;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	401 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	402
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	403 /* does v == r */
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	404 if (ltc_mp.compare(v, r) == LTC_MP_EQ) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	405 ret = DROPBEAR_SUCCESS;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	406 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	407
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	408 out:
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	409 ltc_ecc_del_point(mG);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	410 ltc_ecc_del_point(mQ);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	411 mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	412 if (mp != NULL) {
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	413 ltc_mp.montgomery_deinit(mp);
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	414 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	415 return ret;
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	416 }
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	417
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 767 diff changeset	418
766 d1575fdc29a6 start on ecdsa keys Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	420 #endif /* DROPBEAR_ECDSA */

Mercurial > dropbear

annotate ecdsa.c @ 994:5c5ade336926