comparison ecdsa.c @ 767:e465ed10c51d ecc

Be safer with how we handle ltc_ecc_sets[] (particularly with system libtomcrypt) A bit of progress with ecdsa code
author Matt Johnston <matt@ucc.asn.au>
date Tue, 09 Apr 2013 22:44:19 +0800
parents d1575fdc29a6
children 70625eed40c9
comparison
equal deleted inserted replaced
766:d1575fdc29a6 767:e465ed10c51d
1 #include "includes.h" 1 #include "includes.h"
2 #include "dbutil.h" 2 #include "dbutil.h"
3 #include "crypto_desc.h" 3 #include "crypto_desc.h"
4 #include "ecc.h"
4 5
5 #ifdef DROPBEAR_ECDSA 6 #ifdef DROPBEAR_ECDSA
6 7
7 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) { 8 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
8 const ltc_ecc_set_type *dp = NULL; // curve domain parameters 9 const ltc_ecc_set_type *dp = NULL; // curve domain parameters
9 // TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c 10 // TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c
10 switch (bit_size) { 11 switch (bit_size) {
11 #ifdef DROPBEAR_ECC_256 12 #ifdef DROPBEAR_ECC_256
12 case 256: 13 case 256:
13 dp = &ltc_ecc_sets[0]; 14 dp = ecc_curve_nistp256.dp;
14 break; 15 break;
15 #endif 16 #endif
16 #ifdef DROPBEAR_ECC_384 17 #ifdef DROPBEAR_ECC_384
17 case 384: 18 case 384:
18 dp = &ltc_ecc_sets[0]; 19 dp = ecc_curve_nistp384.dp;
19 break; 20 break;
20 #endif 21 #endif
21 #ifdef DROPBEAR_ECC_521 22 #ifdef DROPBEAR_ECC_521
22 case 521: 23 case 521:
23 dp = &ltc_ecc_sets[0]; 24 dp = ecc_curve_nistp521.dp;
24 break; 25 break;
25 #endif 26 #endif
26 } 27 }
27 if (!dp) { 28 if (!dp) {
28 dropbear_exit("Key size %d isn't valid. Try " 29 dropbear_exit("Key size %d isn't valid. Try "
43 dropbear_exit("ECC error"); 44 dropbear_exit("ECC error");
44 } 45 }
45 return new_key; 46 return new_key;
46 } 47 }
47 48
48 int buf_get_ecdsa_pub_key(buffer* buf, ecc_key *key) { 49 ecc_key *buf_get_ecdsa_pub_key(buffer* buf) {
50 unsigned char *key_ident = NULL, *identifier = NULL;
51 unsigned int key_ident_len, identifier_len;
52 buffer *q_buf = NULL;
53 struct dropbear_ecc_curve **curve;
54 ecc_key *new_key = NULL;
49 55
56 // string "ecdsa-sha2-[identifier]"
57 key_ident = buf_getstring(buf, &key_ident_len);
58 // string "ecdsa-sha2-[identifier]"
59 identifier = buf_getstring(buf, &identifier_len);
60
61 if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) {
62 TRACE(("Bad identifier lengths"))
63 goto out;
64 }
65 if (memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) {
66 TRACE(("mismatching identifiers"))
67 goto out;
68 }
69
70 for (curve = dropbear_ecc_curves; *curve; curve++) {
71 if (memcmp(identifier, (*curve)->name, strlen((*curve)->name)) == 0) {
72 break;
73 }
74 }
75 if (!*curve) {
76 TRACE(("couldn't match ecc curve"))
77 goto out;
78 }
79
80 // string Q
81 q_buf = buf_getstringbuf(buf);
82 new_key = buf_get_ecc_raw_pubkey(q_buf, *curve);
83
84 out:
85 if (key_ident) {
86 m_free(key_ident);
87 }
88 if (identifier) {
89 m_free(identifier);
90 }
91 if (q_buf) {
92 buf_free(q_buf);
93 q_buf = NULL;
94 }
95 TRACE(("leave buf_get_ecdsa_pub_key"))
96 return new_key;
50 } 97 }
51 98
52 99
53 #endif // DROPBEAR_ECDSA 100 #endif // DROPBEAR_ECDSA