freebsd-dev/crypto/openssh/ssh-ed25519.c

/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */
/*
 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#include <sys/types.h>
#include <limits.h>

#include "crypto_api.h"

#include <string.h>
#include <stdarg.h>

#include "log.h"
#include "sshbuf.h"
#define SSHKEY_INTERNAL
#include "sshkey.h"
#include "ssherr.h"
#include "ssh.h"

int
ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
    const u_char *data, size_t datalen, u_int compat)
{
	u_char *sig = NULL;
	size_t slen = 0, len;
	unsigned long long smlen;
	int r, ret;
	struct sshbuf *b = NULL;

	if (lenp != NULL)
		*lenp = 0;
	if (sigp != NULL)
		*sigp = NULL;

	if (key == NULL ||
	    sshkey_type_plain(key->type) != KEY_ED25519 ||
	    key->ed25519_sk == NULL ||
	    datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
		return SSH_ERR_INVALID_ARGUMENT;
	smlen = slen = datalen + crypto_sign_ed25519_BYTES;
	if ((sig = malloc(slen)) == NULL)
		return SSH_ERR_ALLOC_FAIL;

	if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
	    key->ed25519_sk)) != 0 || smlen <= datalen) {
		r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */
		goto out;
	}
	/* encode signature */
	if ((b = sshbuf_new()) == NULL) {
		r = SSH_ERR_ALLOC_FAIL;
		goto out;
	}
	if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 ||
	    (r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)
		goto out;
	len = sshbuf_len(b);
	if (sigp != NULL) {
		if ((*sigp = malloc(len)) == NULL) {
			r = SSH_ERR_ALLOC_FAIL;
			goto out;
		}
		memcpy(*sigp, sshbuf_ptr(b), len);
	}
	if (lenp != NULL)
		*lenp = len;
	/* success */
	r = 0;
 out:
	sshbuf_free(b);
	if (sig != NULL) {
		explicit_bzero(sig, slen);
		free(sig);
	}

	return r;
}

int
ssh_ed25519_verify(const struct sshkey *key,
    const u_char *signature, size_t signaturelen,
    const u_char *data, size_t datalen, u_int compat)
{
	struct sshbuf *b = NULL;
	char *ktype = NULL;
	const u_char *sigblob;
	u_char *sm = NULL, *m = NULL;
	size_t len;
	unsigned long long smlen = 0, mlen = 0;
	int r, ret;

	if (key == NULL ||
	    sshkey_type_plain(key->type) != KEY_ED25519 ||
	    key->ed25519_pk == NULL ||
	    datalen >= INT_MAX - crypto_sign_ed25519_BYTES ||
	    signature == NULL || signaturelen == 0)
		return SSH_ERR_INVALID_ARGUMENT;

	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
		return SSH_ERR_ALLOC_FAIL;
	if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 ||
	    (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)
		goto out;
	if (strcmp("ssh-ed25519", ktype) != 0) {
		r = SSH_ERR_KEY_TYPE_MISMATCH;
		goto out;
	}
	if (sshbuf_len(b) != 0) {
		r = SSH_ERR_UNEXPECTED_TRAILING_DATA;
		goto out;
	}
	if (len > crypto_sign_ed25519_BYTES) {
		r = SSH_ERR_INVALID_FORMAT;
		goto out;
	}
	if (datalen >= SIZE_MAX - len) {
		r = SSH_ERR_INVALID_ARGUMENT;
		goto out;
	}
	smlen = len + datalen;
	mlen = smlen;
	if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) {
		r = SSH_ERR_ALLOC_FAIL;
		goto out;
	}
	memcpy(sm, sigblob, len);
	memcpy(sm+len, data, datalen);
	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
	    key->ed25519_pk)) != 0) {
		debug2("%s: crypto_sign_ed25519_open failed: %d",
		    __func__, ret);
	}
	if (ret != 0 || mlen != datalen) {
		r = SSH_ERR_SIGNATURE_INVALID;
		goto out;
	}
	/* XXX compare 'm' and 'data' ? */
	/* success */
	r = 0;
 out:
	if (sm != NULL) {
		explicit_bzero(sm, smlen);
		free(sm);
	}
	if (m != NULL) {
		explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
		free(m);
	}
	sshbuf_free(b);
	free(ktype);
	return r;
}
Vendor import of OpenSSH 7.3p1. 2017-01-31 12:29:48 +00:00			`/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`/*`
			`* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>`
			`*`
			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
			`*/`

			`#include "includes.h"`

			`#include <sys/types.h>`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`#include <limits.h>`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00
			`#include "crypto_api.h"`

			`#include <string.h>`
			`#include <stdarg.h>`

			`#include "log.h"`
Vendor import of OpenSSH 6.8p1. 2015-07-02 13:15:34 +00:00			`#include "sshbuf.h"`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`#define SSHKEY_INTERNAL`
			`#include "sshkey.h"`
			`#include "ssherr.h"`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`#include "ssh.h"`

			`int`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`ssh_ed25519_sign(const struct sshkey key, u_char sigp, size_t lenp,`
			`const u_char *data, size_t datalen, u_int compat)`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`{`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`u_char *sig = NULL;`
			`size_t slen = 0, len;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`unsigned long long smlen;`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`int r, ret;`
			`struct sshbuf *b = NULL;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if (lenp != NULL)`
			`*lenp = 0;`
			`if (sigp != NULL)`
			`*sigp = NULL;`
Vendor import of OpenSSH 6.6p1. 2014-03-22 15:23:38 +00:00
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if (key == NULL \|\|`
			`sshkey_type_plain(key->type) != KEY_ED25519 \|\|`
			`key->ed25519_sk == NULL \|\|`
			`datalen >= INT_MAX - crypto_sign_ed25519_BYTES)`
			`return SSH_ERR_INVALID_ARGUMENT;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`smlen = slen = datalen + crypto_sign_ed25519_BYTES;`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if ((sig = malloc(slen)) == NULL)`
			`return SSH_ERR_ALLOC_FAIL;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00
			`if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,`
			`key->ed25519_sk)) != 0 \|\| smlen <= datalen) {`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`r = SSH_ERR_INVALID_ARGUMENT; /* XXX better error? */`
			`goto out;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`
			`/* encode signature */`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if ((b = sshbuf_new()) == NULL) {`
			`r = SSH_ERR_ALLOC_FAIL;`
			`goto out;`
			`}`
			`if ((r = sshbuf_put_cstring(b, "ssh-ed25519")) != 0 \|\|`
			`(r = sshbuf_put_string(b, sig, smlen - datalen)) != 0)`
			`goto out;`
			`len = sshbuf_len(b);`
			`if (sigp != NULL) {`
			`if ((*sigp = malloc(len)) == NULL) {`
			`r = SSH_ERR_ALLOC_FAIL;`
			`goto out;`
			`}`
			`memcpy(*sigp, sshbuf_ptr(b), len);`
			`}`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`if (lenp != NULL)`
			`*lenp = len;`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`/* success */`
			`r = 0;`
			`out:`
			`sshbuf_free(b);`
			`if (sig != NULL) {`
			`explicit_bzero(sig, slen);`
			`free(sig);`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`

Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`return r;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`

			`int`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`ssh_ed25519_verify(const struct sshkey *key,`
			`const u_char *signature, size_t signaturelen,`
			`const u_char *data, size_t datalen, u_int compat)`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`{`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`struct sshbuf *b = NULL;`
			`char *ktype = NULL;`
			`const u_char *sigblob;`
			`u_char sm = NULL, m = NULL;`
			`size_t len;`
			`unsigned long long smlen = 0, mlen = 0;`
			`int r, ret;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if (key == NULL \|\|`
			`sshkey_type_plain(key->type) != KEY_ED25519 \|\|`
			`key->ed25519_pk == NULL \|\|`
Vendor import of OpenSSH 7.3p1. 2017-01-31 12:29:48 +00:00			`datalen >= INT_MAX - crypto_sign_ed25519_BYTES \|\|`
			`signature == NULL \|\| signaturelen == 0)`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`return SSH_ERR_INVALID_ARGUMENT;`

			`if ((b = sshbuf_from(signature, signaturelen)) == NULL)`
			`return SSH_ERR_ALLOC_FAIL;`
			`if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 \|\|`
			`(r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0)`
			`goto out;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`if (strcmp("ssh-ed25519", ktype) != 0) {`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`r = SSH_ERR_KEY_TYPE_MISMATCH;`
			`goto out;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if (sshbuf_len(b) != 0) {`
			`r = SSH_ERR_UNEXPECTED_TRAILING_DATA;`
			`goto out;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`
			`if (len > crypto_sign_ed25519_BYTES) {`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`r = SSH_ERR_INVALID_FORMAT;`
			`goto out;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`
Vendor import of OpenSSH 6.8p1. 2015-07-02 13:15:34 +00:00			`if (datalen >= SIZE_MAX - len) {`
			`r = SSH_ERR_INVALID_ARGUMENT;`
			`goto out;`
			`}`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`smlen = len + datalen;`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`mlen = smlen;`
Vendor import of OpenSSH 6.8p1. 2015-07-02 13:15:34 +00:00			`if ((sm = malloc(smlen)) == NULL \|\| (m = malloc(mlen)) == NULL) {`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`r = SSH_ERR_ALLOC_FAIL;`
			`goto out;`
			`}`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`memcpy(sm, sigblob, len);`
			`memcpy(sm+len, data, datalen);`
			`if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,`
			`key->ed25519_pk)) != 0) {`
			`debug2("%s: crypto_sign_ed25519_open failed: %d",`
			`__func__, ret);`
			`}`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`if (ret != 0 \|\| mlen != datalen) {`
			`r = SSH_ERR_SIGNATURE_INVALID;`
			`goto out;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`
			`/* XXX compare 'm' and 'data' ? */`
Vendor import of OpenSSH 6.7p1. 2015-01-05 16:09:55 +00:00			`/* success */`
			`r = 0;`
			`out:`
			`if (sm != NULL) {`
			`explicit_bzero(sm, smlen);`
			`free(sm);`
			`}`
			`if (m != NULL) {`
			`explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */`
			`free(m);`
			`}`
			`sshbuf_free(b);`
			`free(ktype);`
			`return r;`
Vendor import of OpenSSH 6.5p1. 2014-01-30 10:56:49 +00:00			`}`