diff ecdsa.c @ 767:e465ed10c51d ecc

Be safer with how we handle ltc_ecc_sets[] (particularly with system libtomcrypt) A bit of progress with ecdsa code
author Matt Johnston <matt@ucc.asn.au>
date Tue, 09 Apr 2013 22:44:19 +0800
parents d1575fdc29a6
children 70625eed40c9
line wrap: on
line diff
--- a/ecdsa.c	Tue Apr 09 00:36:04 2013 +0800
+++ b/ecdsa.c	Tue Apr 09 22:44:19 2013 +0800
@@ -1,6 +1,7 @@
 #include "includes.h"
 #include "dbutil.h"
 #include "crypto_desc.h"
+#include "ecc.h"
 
 #ifdef DROPBEAR_ECDSA
 
@@ -10,17 +11,17 @@
 	switch (bit_size) {
 #ifdef DROPBEAR_ECC_256
 		case 256:
-			dp = &ltc_ecc_sets[0];
+			dp = ecc_curve_nistp256.dp;
 			break;
 #endif
 #ifdef DROPBEAR_ECC_384
 		case 384:
-			dp = &ltc_ecc_sets[0];
+			dp = ecc_curve_nistp384.dp;
 			break;
 #endif
 #ifdef DROPBEAR_ECC_521
 		case 521:
-			dp = &ltc_ecc_sets[0];
+			dp = ecc_curve_nistp521.dp;
 			break;
 #endif
 	}
@@ -45,8 +46,54 @@
 	return new_key;
 }
 
-int buf_get_ecdsa_pub_key(buffer* buf, ecc_key *key) {
+ecc_key *buf_get_ecdsa_pub_key(buffer* buf) {
+	unsigned char *key_ident = NULL, *identifier = NULL;
+	unsigned int key_ident_len, identifier_len;
+	buffer *q_buf = NULL;
+	struct dropbear_ecc_curve **curve;
+	ecc_key *new_key = NULL;
+
+	// string   "ecdsa-sha2-[identifier]"
+	key_ident = buf_getstring(buf, &key_ident_len);
+	// string   "ecdsa-sha2-[identifier]"
+	identifier = buf_getstring(buf, &identifier_len);
+
+	if (key_ident_len != identifier_len + strlen("ecdsa-sha2-")) {
+		TRACE(("Bad identifier lengths"))
+		goto out;
+	}
+	if (memcmp(&key_ident[strlen("ecdsa-sha2-")], identifier, identifier_len) != 0) {
+		TRACE(("mismatching identifiers"))
+		goto out;
+	}
 
+	for (curve = dropbear_ecc_curves; *curve; curve++) {
+		if (memcmp(identifier, (*curve)->name, strlen((*curve)->name)) == 0) {
+			break;
+		}
+	}
+	if (!*curve) {
+		TRACE(("couldn't match ecc curve"))
+		goto out;
+	}
+
+	// string Q
+	q_buf = buf_getstringbuf(buf);
+	new_key = buf_get_ecc_raw_pubkey(q_buf, *curve);
+
+out:
+	if (key_ident) {
+		m_free(key_ident);
+	}
+	if (identifier) {
+		m_free(identifier);
+	}
+	if (q_buf) {
+		buf_free(q_buf);
+		q_buf = NULL;
+	}
+	TRACE(("leave buf_get_ecdsa_pub_key"))	
+	return new_key;
 }