mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Clean up elliptic curve selection and naming.
The ec_name_to_curve and ec_curve_to_name functions shouldn't really have had to exist at all: whenever any part of the PuTTY codebase starts using sshecc.c, it's starting from an ssh_signkey or ssh_kex pointer already found by some other means. So if we make sure not to lose that pointer, we should never need to do any string-based lookups to find the curve we want, and conversely, when we need to know the name of our curve or our algorithm, we should be able to look it up as a straightforward const char * starting from the algorithm pointer. This commit cleans things up so that that is indeed what happens. The ssh_signkey and ssh_kex structures defined in sshecc.c now have 'extra' fields containing pointers to all the necessary stuff; ec_name_to_curve and ec_curve_to_name have been completely removed; struct ec_curve has a string field giving the curve's name (but only for those curves which _have_ a name exposed in the wire protocol, i.e. the three NIST ones); struct ec_key keeps a pointer to the ssh_signkey it started from, and uses that to remember the algorithm name rather than reconstructing it from the curve. And I think I've got rid of all the ad-hockery scattered around the code that switches on curve->fieldBits or manually constructs curve names using stuff like sprintf("nistp%d"); the only remaining switch on fieldBits (necessary because that's the UI for choosing a curve in PuTTYgen) is at least centralised into one place in sshecc.c. One user-visible result is that the format of ed25519 host keys in the registry has changed: there's now no curve name prefix on them, because I think it's not really right to make up a name to use. So any early adopters who've been using snapshot PuTTY in the last week will be inconvenienced; sorry about that.
This commit is contained in:
parent
1293334ebf
commit
7db526c730
8
cmdgen.c
8
cmdgen.c
@ -659,13 +659,7 @@ int main(int argc, char **argv)
|
|||||||
ec_generate(ec, bits, progressfn, &prog);
|
ec_generate(ec, bits, progressfn, &prog);
|
||||||
ssh2key = snew(struct ssh2_userkey);
|
ssh2key = snew(struct ssh2_userkey);
|
||||||
ssh2key->data = ec;
|
ssh2key->data = ec;
|
||||||
if (bits == 256) {
|
ssh2key->alg = ec->signalg;
|
||||||
ssh2key->alg = &ssh_ecdsa_nistp256;
|
|
||||||
} else if (bits == 384) {
|
|
||||||
ssh2key->alg = &ssh_ecdsa_nistp384;
|
|
||||||
} else {
|
|
||||||
ssh2key->alg = &ssh_ecdsa_nistp521;
|
|
||||||
}
|
|
||||||
ssh1key = NULL;
|
ssh1key = NULL;
|
||||||
} else if (keytype == ED25519) {
|
} else if (keytype == ED25519) {
|
||||||
struct ec_key *ec = snew(struct ec_key);
|
struct ec_key *ec = snew(struct ec_key);
|
||||||
|
83
import.c
83
import.c
@ -566,7 +566,7 @@ struct ssh2_userkey *openssh_pem_read(const Filename *filename,
|
|||||||
{
|
{
|
||||||
struct openssh_pem_key *key = load_openssh_pem_key(filename, errmsg_p);
|
struct openssh_pem_key *key = load_openssh_pem_key(filename, errmsg_p);
|
||||||
struct ssh2_userkey *retkey;
|
struct ssh2_userkey *retkey;
|
||||||
unsigned char *p;
|
unsigned char *p, *q;
|
||||||
int ret, id, len, flags;
|
int ret, id, len, flags;
|
||||||
int i, num_integers;
|
int i, num_integers;
|
||||||
struct ssh2_userkey *retval = NULL;
|
struct ssh2_userkey *retval = NULL;
|
||||||
@ -675,7 +675,9 @@ struct ssh2_userkey *openssh_pem_read(const Filename *filename,
|
|||||||
/* And now for something completely different */
|
/* And now for something completely different */
|
||||||
unsigned char *priv;
|
unsigned char *priv;
|
||||||
int privlen;
|
int privlen;
|
||||||
struct ec_curve *curve;
|
const struct ssh_signkey *alg;
|
||||||
|
const struct ec_curve *curve;
|
||||||
|
int algnamelen, curvenamelen;
|
||||||
/* Read INTEGER 1 */
|
/* Read INTEGER 1 */
|
||||||
ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
|
ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
|
||||||
&id, &len, &flags);
|
&id, &len, &flags);
|
||||||
@ -716,15 +718,8 @@ struct ssh2_userkey *openssh_pem_read(const Filename *filename,
|
|||||||
retval = key->encrypted ? SSH2_WRONG_PASSPHRASE : NULL;
|
retval = key->encrypted ? SSH2_WRONG_PASSPHRASE : NULL;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (len == 8 && !memcmp(p, nistp256_oid, nistp256_oid_len)) {
|
alg = ec_alg_by_oid(len, p, &curve);
|
||||||
curve = ec_p256();
|
if (!alg) {
|
||||||
} else if (len == 5 && !memcmp(p, nistp384_oid,
|
|
||||||
nistp384_oid_len)) {
|
|
||||||
curve = ec_p384();
|
|
||||||
} else if (len == 5 && !memcmp(p, nistp521_oid,
|
|
||||||
nistp521_oid_len)) {
|
|
||||||
curve = ec_p521();
|
|
||||||
} else {
|
|
||||||
errmsg = "Unsupported ECDSA curve.";
|
errmsg = "Unsupported ECDSA curve.";
|
||||||
retval = NULL;
|
retval = NULL;
|
||||||
goto error;
|
goto error;
|
||||||
@ -756,31 +751,34 @@ struct ssh2_userkey *openssh_pem_read(const Filename *filename,
|
|||||||
errmsg = "out of memory";
|
errmsg = "out of memory";
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (curve->fieldBits == 256) {
|
retkey->alg = alg;
|
||||||
retkey->alg = &ssh_ecdsa_nistp256;
|
|
||||||
} else if (curve->fieldBits == 384) {
|
|
||||||
retkey->alg = &ssh_ecdsa_nistp384;
|
|
||||||
} else {
|
|
||||||
retkey->alg = &ssh_ecdsa_nistp521;
|
|
||||||
}
|
|
||||||
blob = snewn((4+19 + 4+8 + 4+len) + (4+privlen), unsigned char);
|
blob = snewn((4+19 + 4+8 + 4+len) + (4+privlen), unsigned char);
|
||||||
if (!blob) {
|
if (!blob) {
|
||||||
sfree(retkey);
|
sfree(retkey);
|
||||||
errmsg = "out of memory";
|
errmsg = "out of memory";
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
PUT_32BIT(blob, 19);
|
|
||||||
sprintf((char*)blob+4, "ecdsa-sha2-nistp%d", curve->fieldBits);
|
q = blob;
|
||||||
PUT_32BIT(blob+4+19, 8);
|
|
||||||
sprintf((char*)blob+4+19+4, "nistp%d", curve->fieldBits);
|
algnamelen = strlen(alg->name);
|
||||||
PUT_32BIT(blob+4+19+4+8, len);
|
PUT_32BIT(q, algnamelen); q += 4;
|
||||||
memcpy(blob+4+19+4+8+4, p, len);
|
memcpy(q, alg->name, algnamelen); q += algnamelen;
|
||||||
PUT_32BIT(blob+4+19+4+8+4+len, privlen);
|
|
||||||
memcpy(blob+4+19+4+8+4+len+4, priv, privlen);
|
curvenamelen = strlen(curve->name);
|
||||||
|
PUT_32BIT(q, curvenamelen); q += 4;
|
||||||
|
memcpy(q, curve->name, curvenamelen); q += curvenamelen;
|
||||||
|
|
||||||
|
PUT_32BIT(q, len); q += 4;
|
||||||
|
memcpy(q, p, len); q += len;
|
||||||
|
|
||||||
|
PUT_32BIT(q, privlen);
|
||||||
|
memcpy(q+4, priv, privlen);
|
||||||
|
|
||||||
retkey->data = retkey->alg->createkey(retkey->alg,
|
retkey->data = retkey->alg->createkey(retkey->alg,
|
||||||
blob, 4+19+4+8+4+len,
|
blob, q-blob,
|
||||||
blob+4+19+4+8+4+len,
|
q, 4+privlen);
|
||||||
4+privlen);
|
|
||||||
if (!retkey->data) {
|
if (!retkey->data) {
|
||||||
sfree(retkey);
|
sfree(retkey);
|
||||||
errmsg = "unable to create key data structure";
|
errmsg = "unable to create key data structure";
|
||||||
@ -1059,7 +1057,7 @@ int openssh_pem_write(const Filename *filename, struct ssh2_userkey *key,
|
|||||||
} else if (key->alg == &ssh_ecdsa_nistp256 ||
|
} else if (key->alg == &ssh_ecdsa_nistp256 ||
|
||||||
key->alg == &ssh_ecdsa_nistp384 ||
|
key->alg == &ssh_ecdsa_nistp384 ||
|
||||||
key->alg == &ssh_ecdsa_nistp521) {
|
key->alg == &ssh_ecdsa_nistp521) {
|
||||||
unsigned char *oid;
|
const unsigned char *oid;
|
||||||
int oidlen;
|
int oidlen;
|
||||||
int pointlen;
|
int pointlen;
|
||||||
|
|
||||||
@ -1073,28 +1071,9 @@ int openssh_pem_write(const Filename *filename, struct ssh2_userkey *key,
|
|||||||
* [1]
|
* [1]
|
||||||
* BIT STRING (0x00 public key point)
|
* BIT STRING (0x00 public key point)
|
||||||
*/
|
*/
|
||||||
switch (((struct ec_key *)key->data)->publicKey.curve->fieldBits) {
|
oid = ec_alg_oid(key->alg, &oidlen);
|
||||||
case 256:
|
pointlen = (((struct ec_key *)key->data)->publicKey.curve->fieldBits
|
||||||
/* OID: 1.2.840.10045.3.1.7 (ansiX9p256r1) */
|
+ 7) / 8 * 2;
|
||||||
oid = nistp256_oid;
|
|
||||||
oidlen = nistp256_oid_len;
|
|
||||||
pointlen = 32 * 2;
|
|
||||||
break;
|
|
||||||
case 384:
|
|
||||||
/* OID: 1.3.132.0.34 (secp384r1) */
|
|
||||||
oid = nistp384_oid;
|
|
||||||
oidlen = nistp384_oid_len;
|
|
||||||
pointlen = 48 * 2;
|
|
||||||
break;
|
|
||||||
case 521:
|
|
||||||
/* OID: 1.3.132.0.35 (secp521r1) */
|
|
||||||
oid = nistp521_oid;
|
|
||||||
oidlen = nistp521_oid_len;
|
|
||||||
pointlen = 66 * 2;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
assert(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
len = ber_write_id_len(NULL, 2, 1, 0);
|
len = ber_write_id_len(NULL, 2, 1, 0);
|
||||||
len += 1;
|
len += 1;
|
||||||
|
2
ssh.c
2
ssh.c
@ -6852,7 +6852,7 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
|||||||
ssh->kex->hash->text_name);
|
ssh->kex->hash->text_name);
|
||||||
ssh->pkt_kctx = SSH2_PKTCTX_ECDHKEX;
|
ssh->pkt_kctx = SSH2_PKTCTX_ECDHKEX;
|
||||||
|
|
||||||
s->eckey = ssh_ecdhkex_newkey(ssh->kex->name);
|
s->eckey = ssh_ecdhkex_newkey(ssh->kex);
|
||||||
if (!s->eckey) {
|
if (!s->eckey) {
|
||||||
bombout(("Unable to generate key for ECDH"));
|
bombout(("Unable to generate key for ECDH"));
|
||||||
crStopV;
|
crStopV;
|
||||||
|
29
ssh.h
29
ssh.h
@ -133,6 +133,7 @@ struct ec_ecurve
|
|||||||
|
|
||||||
struct ec_curve {
|
struct ec_curve {
|
||||||
enum { EC_WEIERSTRASS, EC_MONTGOMERY, EC_EDWARDS } type;
|
enum { EC_WEIERSTRASS, EC_MONTGOMERY, EC_EDWARDS } type;
|
||||||
|
const char *name;
|
||||||
unsigned int fieldBits;
|
unsigned int fieldBits;
|
||||||
Bignum p;
|
Bignum p;
|
||||||
union {
|
union {
|
||||||
@ -142,21 +143,20 @@ struct ec_curve {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
extern unsigned char nistp256_oid[];
|
const struct ssh_signkey *ec_alg_by_oid(int len, const void *oid,
|
||||||
extern unsigned char nistp384_oid[];
|
const struct ec_curve **curve);
|
||||||
extern unsigned char nistp521_oid[];
|
const unsigned char *ec_alg_oid(const struct ssh_signkey *alg, int *oidlen);
|
||||||
extern unsigned char curve25519_oid[];
|
const int ec_nist_alg_and_curve_by_bits(int bits,
|
||||||
extern int nistp256_oid_len;
|
const struct ec_curve **curve,
|
||||||
extern int nistp384_oid_len;
|
const struct ssh_signkey **alg);
|
||||||
extern int nistp521_oid_len;
|
const int ec_ed_alg_and_curve_by_bits(int bits,
|
||||||
extern int curve25519_oid_len;
|
const struct ec_curve **curve,
|
||||||
struct ec_curve *ec_p256(void);
|
const struct ssh_signkey **alg);
|
||||||
struct ec_curve *ec_p384(void);
|
|
||||||
struct ec_curve *ec_p521(void);
|
struct ssh_signkey;
|
||||||
struct ec_curve *ec_ed25519(void);
|
|
||||||
struct ec_curve *ec_curve25519(void);
|
|
||||||
|
|
||||||
struct ec_key {
|
struct ec_key {
|
||||||
|
const struct ssh_signkey *signalg;
|
||||||
struct ec_point publicKey;
|
struct ec_point publicKey;
|
||||||
Bignum privateKey;
|
Bignum privateKey;
|
||||||
};
|
};
|
||||||
@ -208,7 +208,8 @@ void ssh_rsakex_encrypt(const struct ssh_hash *h, unsigned char *in, int inlen,
|
|||||||
/*
|
/*
|
||||||
* SSH2 ECDH key exchange functions
|
* SSH2 ECDH key exchange functions
|
||||||
*/
|
*/
|
||||||
void *ssh_ecdhkex_newkey(const char *name);
|
struct ssh_kex;
|
||||||
|
void *ssh_ecdhkex_newkey(const struct ssh_kex *kex);
|
||||||
void ssh_ecdhkex_freekey(void *key);
|
void ssh_ecdhkex_freekey(void *key);
|
||||||
char *ssh_ecdhkex_getpublic(void *key, int *len);
|
char *ssh_ecdhkex_getpublic(void *key, int *len);
|
||||||
Bignum ssh_ecdhkex_getkey(void *key, char *remoteKey, int remoteKeyLen);
|
Bignum ssh_ecdhkex_getkey(void *key, char *remoteKey, int remoteKeyLen);
|
||||||
|
367
sshecc.c
367
sshecc.c
@ -148,16 +148,7 @@ static int initialise_ecurve(struct ec_curve *curve, int bits, unsigned char *p,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char nistp256_oid[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
|
static struct ec_curve *ec_p256(void)
|
||||||
int nistp256_oid_len = 8;
|
|
||||||
unsigned char nistp384_oid[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
|
|
||||||
int nistp384_oid_len = 5;
|
|
||||||
unsigned char nistp521_oid[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
|
|
||||||
int nistp521_oid_len = 5;
|
|
||||||
unsigned char curve25519_oid[] = {0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01};
|
|
||||||
int curve25519_oid_len = 12;
|
|
||||||
|
|
||||||
struct ec_curve *ec_p256(void)
|
|
||||||
{
|
{
|
||||||
static struct ec_curve curve = { 0 };
|
static struct ec_curve curve = { 0 };
|
||||||
static unsigned char initialised = 0;
|
static unsigned char initialised = 0;
|
||||||
@ -205,6 +196,8 @@ struct ec_curve *ec_p256(void)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
curve.name = "nistp256";
|
||||||
|
|
||||||
/* Now initialised, no need to do it again */
|
/* Now initialised, no need to do it again */
|
||||||
initialised = 1;
|
initialised = 1;
|
||||||
}
|
}
|
||||||
@ -212,7 +205,7 @@ struct ec_curve *ec_p256(void)
|
|||||||
return &curve;
|
return &curve;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct ec_curve *ec_p384(void)
|
static struct ec_curve *ec_p384(void)
|
||||||
{
|
{
|
||||||
static struct ec_curve curve = { 0 };
|
static struct ec_curve curve = { 0 };
|
||||||
static unsigned char initialised = 0;
|
static unsigned char initialised = 0;
|
||||||
@ -272,6 +265,8 @@ struct ec_curve *ec_p384(void)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
curve.name = "nistp384";
|
||||||
|
|
||||||
/* Now initialised, no need to do it again */
|
/* Now initialised, no need to do it again */
|
||||||
initialised = 1;
|
initialised = 1;
|
||||||
}
|
}
|
||||||
@ -279,7 +274,7 @@ struct ec_curve *ec_p384(void)
|
|||||||
return &curve;
|
return &curve;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct ec_curve *ec_p521(void)
|
static struct ec_curve *ec_p521(void)
|
||||||
{
|
{
|
||||||
static struct ec_curve curve = { 0 };
|
static struct ec_curve curve = { 0 };
|
||||||
static unsigned char initialised = 0;
|
static unsigned char initialised = 0;
|
||||||
@ -357,6 +352,8 @@ struct ec_curve *ec_p521(void)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
curve.name = "nistp521";
|
||||||
|
|
||||||
/* Now initialised, no need to do it again */
|
/* Now initialised, no need to do it again */
|
||||||
initialised = 1;
|
initialised = 1;
|
||||||
}
|
}
|
||||||
@ -364,7 +361,7 @@ struct ec_curve *ec_p521(void)
|
|||||||
return &curve;
|
return &curve;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct ec_curve *ec_curve25519(void)
|
static struct ec_curve *ec_curve25519(void)
|
||||||
{
|
{
|
||||||
static struct ec_curve curve = { 0 };
|
static struct ec_curve curve = { 0 };
|
||||||
static unsigned char initialised = 0;
|
static unsigned char initialised = 0;
|
||||||
@ -400,13 +397,18 @@ struct ec_curve *ec_curve25519(void)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* This curve doesn't need a name, because it's never used in
|
||||||
|
* any format that embeds the curve name */
|
||||||
|
curve.name = NULL;
|
||||||
|
|
||||||
/* Now initialised, no need to do it again */
|
/* Now initialised, no need to do it again */
|
||||||
initialised = 1;
|
initialised = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return &curve;
|
return &curve;
|
||||||
}
|
}
|
||||||
struct ec_curve *ec_ed25519(void)
|
|
||||||
|
static struct ec_curve *ec_ed25519(void)
|
||||||
{
|
{
|
||||||
static struct ec_curve curve = { 0 };
|
static struct ec_curve curve = { 0 };
|
||||||
static unsigned char initialised = 0;
|
static unsigned char initialised = 0;
|
||||||
@ -444,6 +446,9 @@ struct ec_curve *ec_ed25519(void)
|
|||||||
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x58
|
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x58
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* This curve doesn't need a name, because it's never used in
|
||||||
|
* any format that embeds the curve name */
|
||||||
|
curve.name = NULL;
|
||||||
|
|
||||||
if (!initialise_ecurve(&curve, 256, q, l, d, Bx, By)) {
|
if (!initialise_ecurve(&curve, 256, q, l, d, Bx, By)) {
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -456,131 +461,6 @@ struct ec_curve *ec_ed25519(void)
|
|||||||
return &curve;
|
return &curve;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct ec_curve *ec_name_to_curve(const char *name, int len) {
|
|
||||||
if (len > 11 && !memcmp(name, "ecdsa-sha2-", 11)) {
|
|
||||||
name += 11;
|
|
||||||
len -= 11;
|
|
||||||
} else if (len > 10 && !memcmp(name, "ecdh-sha2-", 10)) {
|
|
||||||
name += 10;
|
|
||||||
len -= 10;
|
|
||||||
} else if (len == 11 && !memcmp(name, "ssh-ed25519", 11)) {
|
|
||||||
return ec_ed25519();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (len == 8 && !memcmp(name, "nistp", 5)) {
|
|
||||||
name += 5;
|
|
||||||
if (!memcmp(name, "256", 3)) {
|
|
||||||
return ec_p256();
|
|
||||||
} else if (!memcmp(name, "384", 3)) {
|
|
||||||
return ec_p384();
|
|
||||||
} else if (!memcmp(name, "521", 3)) {
|
|
||||||
return ec_p521();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (len == 28 && !memcmp(name, "curve25519-sha256@libssh.org", 28)) {
|
|
||||||
return ec_curve25519();
|
|
||||||
}
|
|
||||||
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Type enumeration for specifying the curve name */
|
|
||||||
enum ec_name_type { EC_TYPE_DSA, EC_TYPE_DH, EC_TYPE_CURVE };
|
|
||||||
|
|
||||||
static int ec_curve_to_name(enum ec_name_type type, const struct ec_curve *curve,
|
|
||||||
unsigned char *name, int len) {
|
|
||||||
if (curve->type == EC_WEIERSTRASS) {
|
|
||||||
int length, loc;
|
|
||||||
if (type == EC_TYPE_DSA) {
|
|
||||||
length = 19;
|
|
||||||
loc = 16;
|
|
||||||
} else if (type == EC_TYPE_DH) {
|
|
||||||
length = 18;
|
|
||||||
loc = 15;
|
|
||||||
} else {
|
|
||||||
length = 8;
|
|
||||||
loc = 5;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Return length of string */
|
|
||||||
if (name == NULL) return length;
|
|
||||||
|
|
||||||
/* Not enough space for the name */
|
|
||||||
if (len < length) return 0;
|
|
||||||
|
|
||||||
/* Put the name in the buffer */
|
|
||||||
switch (curve->fieldBits) {
|
|
||||||
case 256:
|
|
||||||
memcpy(name+loc, "256", 3);
|
|
||||||
break;
|
|
||||||
case 384:
|
|
||||||
memcpy(name+loc, "384", 3);
|
|
||||||
break;
|
|
||||||
case 521:
|
|
||||||
memcpy(name+loc, "521", 3);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (type == EC_TYPE_DSA) {
|
|
||||||
memcpy(name, "ecdsa-sha2-nistp", 16);
|
|
||||||
} else if (type == EC_TYPE_DH) {
|
|
||||||
memcpy(name, "ecdh-sha2-nistp", 15);
|
|
||||||
} else {
|
|
||||||
memcpy(name, "nistp", 5);
|
|
||||||
}
|
|
||||||
|
|
||||||
return length;
|
|
||||||
} else if (curve->type == EC_EDWARDS) {
|
|
||||||
/* No DH for ed25519 - use Montgomery instead */
|
|
||||||
if (type == EC_TYPE_DH) return 0;
|
|
||||||
|
|
||||||
if (type == EC_TYPE_CURVE) {
|
|
||||||
/* Return length of string */
|
|
||||||
if (name == NULL) return 7;
|
|
||||||
|
|
||||||
/* Not enough space for the name */
|
|
||||||
if (len < 7) return 0;
|
|
||||||
|
|
||||||
/* Unknown curve field */
|
|
||||||
if (curve->fieldBits != 256) return 0;
|
|
||||||
|
|
||||||
memcpy(name, "ed25519", 7);
|
|
||||||
return 7;
|
|
||||||
|
|
||||||
} else {
|
|
||||||
/* Return length of string */
|
|
||||||
if (name == NULL) return 11;
|
|
||||||
|
|
||||||
/* Not enough space for the name */
|
|
||||||
if (len < 11) return 0;
|
|
||||||
|
|
||||||
/* Unknown curve field */
|
|
||||||
if (curve->fieldBits != 256) return 0;
|
|
||||||
|
|
||||||
memcpy(name, "ssh-ed25519", 11);
|
|
||||||
return 11;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
/* No DSA for curve25519 */
|
|
||||||
if (type == EC_TYPE_DSA || type == EC_TYPE_CURVE) return 0;
|
|
||||||
|
|
||||||
/* Return length of string */
|
|
||||||
if (name == NULL) return 28;
|
|
||||||
|
|
||||||
/* Not enough space for the name */
|
|
||||||
if (len < 28) return 0;
|
|
||||||
|
|
||||||
/* Unknown curve field */
|
|
||||||
if (curve->fieldBits != 256) return 0;
|
|
||||||
|
|
||||||
memcpy(name, "curve25519-sha256@libssh.org", 28);
|
|
||||||
return 28;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Return 1 if a is -3 % p, otherwise return 0
|
/* Return 1 if a is -3 % p, otherwise return 0
|
||||||
* This is used because there are some maths optimisations */
|
* This is used because there are some maths optimisations */
|
||||||
static int ec_aminus3(const struct ec_curve *curve)
|
static int ec_aminus3(const struct ec_curve *curve)
|
||||||
@ -2569,6 +2449,14 @@ static int getmppoint(const char **data, int *datalen, struct ec_point *point)
|
|||||||
* Exposed ECDSA interface
|
* Exposed ECDSA interface
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
struct ecsign_extra {
|
||||||
|
struct ec_curve *(*curve)(void);
|
||||||
|
|
||||||
|
/* These fields are used by the OpenSSH PEM format importer/exporter */
|
||||||
|
const unsigned char *oid;
|
||||||
|
int oidlen;
|
||||||
|
};
|
||||||
|
|
||||||
static void ecdsa_freekey(void *key)
|
static void ecdsa_freekey(void *key)
|
||||||
{
|
{
|
||||||
struct ec_key *ec = (struct ec_key *) key;
|
struct ec_key *ec = (struct ec_key *) key;
|
||||||
@ -2588,6 +2476,8 @@ static void ecdsa_freekey(void *key)
|
|||||||
static void *ecdsa_newkey(const struct ssh_signkey *self,
|
static void *ecdsa_newkey(const struct ssh_signkey *self,
|
||||||
const char *data, int len)
|
const char *data, int len)
|
||||||
{
|
{
|
||||||
|
const struct ecsign_extra *extra =
|
||||||
|
(const struct ecsign_extra *)self->extra;
|
||||||
const char *p;
|
const char *p;
|
||||||
int slen;
|
int slen;
|
||||||
struct ec_key *ec;
|
struct ec_key *ec;
|
||||||
@ -2598,21 +2488,18 @@ static void *ecdsa_newkey(const struct ssh_signkey *self,
|
|||||||
if (!p) {
|
if (!p) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
curve = ec_name_to_curve(p, slen);
|
curve = extra->curve();
|
||||||
if (!curve) return NULL;
|
assert(curve->type == EC_WEIERSTRASS || curve->type == EC_EDWARDS);
|
||||||
|
|
||||||
if (curve->type != EC_WEIERSTRASS && curve->type != EC_EDWARDS) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Curve name is duplicated for Weierstrass form */
|
/* Curve name is duplicated for Weierstrass form */
|
||||||
if (curve->type == EC_WEIERSTRASS) {
|
if (curve->type == EC_WEIERSTRASS) {
|
||||||
getstring(&data, &len, &p, &slen);
|
getstring(&data, &len, &p, &slen);
|
||||||
if (curve != ec_name_to_curve(p, slen)) return NULL;
|
if (!match_ssh_id(slen, p, curve->name)) return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ec = snew(struct ec_key);
|
ec = snew(struct ec_key);
|
||||||
|
|
||||||
|
ec->signalg = self;
|
||||||
ec->publicKey.curve = curve;
|
ec->publicKey.curve = curve;
|
||||||
ec->publicKey.infinity = 0;
|
ec->publicKey.infinity = 0;
|
||||||
ec->publicKey.x = NULL;
|
ec->publicKey.x = NULL;
|
||||||
@ -2644,17 +2531,17 @@ static char *ecdsa_fmtkey(void *key)
|
|||||||
if (!ec->publicKey.x || !ec->publicKey.y || !ec->publicKey.curve)
|
if (!ec->publicKey.x || !ec->publicKey.y || !ec->publicKey.curve)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
pos = ec_curve_to_name(EC_TYPE_CURVE, ec->publicKey.curve, NULL, 0);
|
|
||||||
if (pos == 0) return NULL;
|
|
||||||
|
|
||||||
len = 4 + 2 + 1; /* 2 x "0x", punctuation, \0 */
|
len = 4 + 2 + 1; /* 2 x "0x", punctuation, \0 */
|
||||||
len += pos; /* Curve name */
|
if (ec->publicKey.curve->name)
|
||||||
|
len += strlen(ec->publicKey.curve->name); /* Curve name */
|
||||||
len += 4 * (bignum_bitcount(ec->publicKey.x) + 15) / 16;
|
len += 4 * (bignum_bitcount(ec->publicKey.x) + 15) / 16;
|
||||||
len += 4 * (bignum_bitcount(ec->publicKey.y) + 15) / 16;
|
len += 4 * (bignum_bitcount(ec->publicKey.y) + 15) / 16;
|
||||||
p = snewn(len, char);
|
p = snewn(len, char);
|
||||||
|
|
||||||
pos = ec_curve_to_name(EC_TYPE_CURVE, ec->publicKey.curve, (unsigned char*)p, pos);
|
pos = 0;
|
||||||
pos += sprintf(p + pos, ",0x");
|
if (ec->publicKey.curve->name)
|
||||||
|
pos += sprintf(p + pos, "%s,", ec->publicKey.curve->name);
|
||||||
|
pos += sprintf(p + pos, "0x");
|
||||||
nibbles = (3 + bignum_bitcount(ec->publicKey.x)) / 4;
|
nibbles = (3 + bignum_bitcount(ec->publicKey.x)) / 4;
|
||||||
if (nibbles < 1)
|
if (nibbles < 1)
|
||||||
nibbles = 1;
|
nibbles = 1;
|
||||||
@ -2681,10 +2568,10 @@ static unsigned char *ecdsa_public_blob(void *key, int *len)
|
|||||||
int i;
|
int i;
|
||||||
unsigned char *blob, *p;
|
unsigned char *blob, *p;
|
||||||
|
|
||||||
|
fullnamelen = strlen(ec->signalg->name);
|
||||||
|
|
||||||
if (ec->publicKey.curve->type == EC_EDWARDS) {
|
if (ec->publicKey.curve->type == EC_EDWARDS) {
|
||||||
/* Edwards compressed form "ssh-ed25519" point y[:-1] + x[0:1] */
|
/* Edwards compressed form "ssh-ed25519" point y[:-1] + x[0:1] */
|
||||||
fullnamelen = ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, NULL, 0);
|
|
||||||
if (fullnamelen == 0) return NULL;
|
|
||||||
|
|
||||||
pointlen = ec->publicKey.curve->fieldBits / 8;
|
pointlen = ec->publicKey.curve->fieldBits / 8;
|
||||||
|
|
||||||
@ -2698,7 +2585,8 @@ static unsigned char *ecdsa_public_blob(void *key, int *len)
|
|||||||
p = blob;
|
p = blob;
|
||||||
PUT_32BIT(p, fullnamelen);
|
PUT_32BIT(p, fullnamelen);
|
||||||
p += 4;
|
p += 4;
|
||||||
p += ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, p, fullnamelen);
|
memcpy(p, ec->signalg->name, fullnamelen);
|
||||||
|
p += fullnamelen;
|
||||||
PUT_32BIT(p, pointlen);
|
PUT_32BIT(p, pointlen);
|
||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
@ -2710,10 +2598,8 @@ static unsigned char *ecdsa_public_blob(void *key, int *len)
|
|||||||
*p = bignum_byte(ec->publicKey.y, i) & 0x7f;
|
*p = bignum_byte(ec->publicKey.y, i) & 0x7f;
|
||||||
*p++ |= bignum_bit(ec->publicKey.x, 0) << 7;
|
*p++ |= bignum_bit(ec->publicKey.x, 0) << 7;
|
||||||
} else if (ec->publicKey.curve->type == EC_WEIERSTRASS) {
|
} else if (ec->publicKey.curve->type == EC_WEIERSTRASS) {
|
||||||
fullnamelen = ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, NULL, 0);
|
assert(ec->publicKey.curve->name);
|
||||||
if (fullnamelen == 0) return NULL;
|
namelen = strlen(ec->publicKey.curve->name);
|
||||||
namelen = ec_curve_to_name(EC_TYPE_CURVE, ec->publicKey.curve, NULL, 0);
|
|
||||||
if (namelen == 0) return NULL;
|
|
||||||
|
|
||||||
pointlen = (bignum_bitcount(ec->publicKey.curve->p) + 7) / 8;
|
pointlen = (bignum_bitcount(ec->publicKey.curve->p) + 7) / 8;
|
||||||
|
|
||||||
@ -2726,10 +2612,12 @@ static unsigned char *ecdsa_public_blob(void *key, int *len)
|
|||||||
p = blob;
|
p = blob;
|
||||||
PUT_32BIT(p, fullnamelen);
|
PUT_32BIT(p, fullnamelen);
|
||||||
p += 4;
|
p += 4;
|
||||||
p += ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, p, fullnamelen);
|
memcpy(p, ec->signalg->name, fullnamelen);
|
||||||
|
p += fullnamelen;
|
||||||
PUT_32BIT(p, namelen);
|
PUT_32BIT(p, namelen);
|
||||||
p += 4;
|
p += 4;
|
||||||
p += ec_curve_to_name(EC_TYPE_CURVE, ec->publicKey.curve, p, namelen);
|
memcpy(p, ec->publicKey.curve->name, namelen);
|
||||||
|
p += namelen;
|
||||||
PUT_32BIT(p, (2 * pointlen) + 1);
|
PUT_32BIT(p, (2 * pointlen) + 1);
|
||||||
p += 4;
|
p += 4;
|
||||||
*p++ = 0x04;
|
*p++ = 0x04;
|
||||||
@ -2853,6 +2741,7 @@ static void *ed25519_openssh_createkey(const struct ssh_signkey *self,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ec->signalg = self;
|
||||||
ec->publicKey.curve = ec_ed25519();
|
ec->publicKey.curve = ec_ed25519();
|
||||||
ec->publicKey.infinity = 0;
|
ec->publicKey.infinity = 0;
|
||||||
ec->privateKey = NULL;
|
ec->privateKey = NULL;
|
||||||
@ -2956,6 +2845,8 @@ static int ed25519_openssh_fmtkey(void *key, unsigned char *blob, int len)
|
|||||||
static void *ecdsa_openssh_createkey(const struct ssh_signkey *self,
|
static void *ecdsa_openssh_createkey(const struct ssh_signkey *self,
|
||||||
const unsigned char **blob, int *len)
|
const unsigned char **blob, int *len)
|
||||||
{
|
{
|
||||||
|
const struct ecsign_extra *extra =
|
||||||
|
(const struct ecsign_extra *)self->extra;
|
||||||
const char **b = (const char **) blob;
|
const char **b = (const char **) blob;
|
||||||
const char *p;
|
const char *p;
|
||||||
int slen;
|
int slen;
|
||||||
@ -2968,15 +2859,12 @@ static void *ecdsa_openssh_createkey(const struct ssh_signkey *self,
|
|||||||
if (!p) {
|
if (!p) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
curve = ec_name_to_curve(p, slen);
|
curve = extra->curve();
|
||||||
if (!curve) return NULL;
|
assert(curve->type == EC_WEIERSTRASS);
|
||||||
|
|
||||||
if (curve->type != EC_WEIERSTRASS) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
ec = snew(struct ec_key);
|
ec = snew(struct ec_key);
|
||||||
|
|
||||||
|
ec->signalg = self;
|
||||||
ec->publicKey.curve = curve;
|
ec->publicKey.curve = curve;
|
||||||
ec->publicKey.infinity = 0;
|
ec->publicKey.infinity = 0;
|
||||||
ec->publicKey.x = NULL;
|
ec->publicKey.x = NULL;
|
||||||
@ -3039,7 +2927,7 @@ static int ecdsa_openssh_fmtkey(void *key, unsigned char *blob, int len)
|
|||||||
}
|
}
|
||||||
|
|
||||||
pointlen = (bignum_bitcount(ec->publicKey.curve->p) + 7) / 8;
|
pointlen = (bignum_bitcount(ec->publicKey.curve->p) + 7) / 8;
|
||||||
namelen = ec_curve_to_name(EC_TYPE_CURVE, ec->publicKey.curve, NULL, 0);
|
namelen = strlen(ec->publicKey.curve->name);
|
||||||
bloblen =
|
bloblen =
|
||||||
4 + namelen /* <LEN> nistpXXX */
|
4 + namelen /* <LEN> nistpXXX */
|
||||||
+ 4 + 1 + (pointlen * 2) /* <LEN> 0x04 pX pY */
|
+ 4 + 1 + (pointlen * 2) /* <LEN> 0x04 pX pY */
|
||||||
@ -3052,8 +2940,8 @@ static int ecdsa_openssh_fmtkey(void *key, unsigned char *blob, int len)
|
|||||||
|
|
||||||
PUT_32BIT(blob+bloblen, namelen);
|
PUT_32BIT(blob+bloblen, namelen);
|
||||||
bloblen += 4;
|
bloblen += 4;
|
||||||
|
memcpy(blob+bloblen, ec->publicKey.curve->name, namelen);
|
||||||
bloblen += ec_curve_to_name(EC_TYPE_CURVE, ec->publicKey.curve, blob+bloblen, namelen);
|
bloblen += namelen;
|
||||||
|
|
||||||
PUT_32BIT(blob+bloblen, 1 + (pointlen * 2));
|
PUT_32BIT(blob+bloblen, 1 + (pointlen * 2));
|
||||||
bloblen += 4;
|
bloblen += 4;
|
||||||
@ -3099,12 +2987,12 @@ static int ecdsa_verifysig(void *key, const char *sig, int siglen,
|
|||||||
if (!ec->publicKey.x || !ec->publicKey.y || !ec->publicKey.curve)
|
if (!ec->publicKey.x || !ec->publicKey.y || !ec->publicKey.curve)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* Check the signature curve matches the key curve */
|
/* Check the signature starts with the algorithm name */
|
||||||
getstring(&sig, &siglen, &p, &slen);
|
getstring(&sig, &siglen, &p, &slen);
|
||||||
if (!p) {
|
if (!p) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (ec->publicKey.curve != ec_name_to_curve(p, slen)) {
|
if (!match_ssh_id(slen, p, ec->signalg->name)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3382,13 +3270,14 @@ static unsigned char *ecdsa_sign(void *key, const char *data, int datalen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Format the output */
|
/* Format the output */
|
||||||
namelen = ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, NULL, 0);
|
namelen = strlen(ec->signalg->name);
|
||||||
*siglen = 4+namelen+4+((ec->publicKey.curve->fieldBits / 8)*2);
|
*siglen = 4+namelen+4+((ec->publicKey.curve->fieldBits / 8)*2);
|
||||||
buf = snewn(*siglen, unsigned char);
|
buf = snewn(*siglen, unsigned char);
|
||||||
p = buf;
|
p = buf;
|
||||||
PUT_32BIT(p, namelen);
|
PUT_32BIT(p, namelen);
|
||||||
p += 4;
|
p += 4;
|
||||||
p += ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, p, namelen);
|
memcpy(p, ec->signalg->name, namelen);
|
||||||
|
p += namelen;
|
||||||
PUT_32BIT(p, ((ec->publicKey.curve->fieldBits / 8)*2));
|
PUT_32BIT(p, ((ec->publicKey.curve->fieldBits / 8)*2));
|
||||||
p += 4;
|
p += 4;
|
||||||
|
|
||||||
@ -3431,7 +3320,7 @@ static unsigned char *ecdsa_sign(void *key, const char *data, int datalen,
|
|||||||
rlen = (bignum_bitcount(r) + 8) / 8;
|
rlen = (bignum_bitcount(r) + 8) / 8;
|
||||||
slen = (bignum_bitcount(s) + 8) / 8;
|
slen = (bignum_bitcount(s) + 8) / 8;
|
||||||
|
|
||||||
namelen = ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, NULL, 0);
|
namelen = strlen(ec->signalg->name);
|
||||||
|
|
||||||
/* Format the output */
|
/* Format the output */
|
||||||
*siglen = 8+namelen+rlen+slen+8;
|
*siglen = 8+namelen+rlen+slen+8;
|
||||||
@ -3439,7 +3328,8 @@ static unsigned char *ecdsa_sign(void *key, const char *data, int datalen,
|
|||||||
p = buf;
|
p = buf;
|
||||||
PUT_32BIT(p, namelen);
|
PUT_32BIT(p, namelen);
|
||||||
p += 4;
|
p += 4;
|
||||||
p += ec_curve_to_name(EC_TYPE_DSA, ec->publicKey.curve, p, namelen);
|
memcpy(p, ec->signalg->name, namelen);
|
||||||
|
p += namelen;
|
||||||
PUT_32BIT(p, rlen + slen + 8);
|
PUT_32BIT(p, rlen + slen + 8);
|
||||||
p += 4;
|
p += 4;
|
||||||
PUT_32BIT(p, rlen);
|
PUT_32BIT(p, rlen);
|
||||||
@ -3458,6 +3348,10 @@ static unsigned char *ecdsa_sign(void *key, const char *data, int datalen,
|
|||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const struct ecsign_extra sign_extra_ed25519 = {
|
||||||
|
ec_ed25519,
|
||||||
|
NULL, 0,
|
||||||
|
};
|
||||||
const struct ssh_signkey ssh_ecdsa_ed25519 = {
|
const struct ssh_signkey ssh_ecdsa_ed25519 = {
|
||||||
ecdsa_newkey,
|
ecdsa_newkey,
|
||||||
ecdsa_freekey,
|
ecdsa_freekey,
|
||||||
@ -3473,9 +3367,17 @@ const struct ssh_signkey ssh_ecdsa_ed25519 = {
|
|||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ssh-ed25519",
|
"ssh-ed25519",
|
||||||
"ssh-ed25519",
|
"ssh-ed25519",
|
||||||
NULL,
|
&sign_extra_ed25519,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* OID: 1.2.840.10045.3.1.7 (ansiX9p256r1) */
|
||||||
|
static const unsigned char nistp256_oid[] = {
|
||||||
|
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
|
||||||
|
};
|
||||||
|
const struct ecsign_extra sign_extra_nistp256 = {
|
||||||
|
ec_p256,
|
||||||
|
nistp256_oid, lenof(nistp256_oid),
|
||||||
|
};
|
||||||
const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
||||||
ecdsa_newkey,
|
ecdsa_newkey,
|
||||||
ecdsa_freekey,
|
ecdsa_freekey,
|
||||||
@ -3491,9 +3393,17 @@ const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
|||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ecdsa-sha2-nistp256",
|
"ecdsa-sha2-nistp256",
|
||||||
"ecdsa-sha2-nistp256",
|
"ecdsa-sha2-nistp256",
|
||||||
NULL,
|
&sign_extra_nistp256,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* OID: 1.3.132.0.34 (secp384r1) */
|
||||||
|
static const unsigned char nistp384_oid[] = {
|
||||||
|
0x2b, 0x81, 0x04, 0x00, 0x22
|
||||||
|
};
|
||||||
|
const struct ecsign_extra sign_extra_nistp384 = {
|
||||||
|
ec_p384,
|
||||||
|
nistp384_oid, lenof(nistp384_oid),
|
||||||
|
};
|
||||||
const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
||||||
ecdsa_newkey,
|
ecdsa_newkey,
|
||||||
ecdsa_freekey,
|
ecdsa_freekey,
|
||||||
@ -3509,9 +3419,17 @@ const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
|||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ecdsa-sha2-nistp384",
|
"ecdsa-sha2-nistp384",
|
||||||
"ecdsa-sha2-nistp384",
|
"ecdsa-sha2-nistp384",
|
||||||
NULL,
|
&sign_extra_nistp384,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* OID: 1.3.132.0.35 (secp521r1) */
|
||||||
|
static const unsigned char nistp521_oid[] = {
|
||||||
|
0x2b, 0x81, 0x04, 0x00, 0x23
|
||||||
|
};
|
||||||
|
const struct ecsign_extra sign_extra_nistp521 = {
|
||||||
|
ec_p521,
|
||||||
|
nistp521_oid, lenof(nistp521_oid),
|
||||||
|
};
|
||||||
const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
||||||
ecdsa_newkey,
|
ecdsa_newkey,
|
||||||
ecdsa_freekey,
|
ecdsa_freekey,
|
||||||
@ -3527,13 +3445,17 @@ const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
|||||||
ecdsa_sign,
|
ecdsa_sign,
|
||||||
"ecdsa-sha2-nistp521",
|
"ecdsa-sha2-nistp521",
|
||||||
"ecdsa-sha2-nistp521",
|
"ecdsa-sha2-nistp521",
|
||||||
NULL,
|
&sign_extra_nistp521,
|
||||||
};
|
};
|
||||||
|
|
||||||
/* ----------------------------------------------------------------------
|
/* ----------------------------------------------------------------------
|
||||||
* Exposed ECDH interface
|
* Exposed ECDH interface
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
struct eckex_extra {
|
||||||
|
struct ec_curve *(*curve)(void);
|
||||||
|
};
|
||||||
|
|
||||||
static Bignum ecdh_calculate(const Bignum private,
|
static Bignum ecdh_calculate(const Bignum private,
|
||||||
const struct ec_point *public)
|
const struct ec_point *public)
|
||||||
{
|
{
|
||||||
@ -3566,19 +3488,21 @@ static Bignum ecdh_calculate(const Bignum private,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
void *ssh_ecdhkex_newkey(const char *name)
|
void *ssh_ecdhkex_newkey(const struct ssh_kex *kex)
|
||||||
{
|
{
|
||||||
|
const struct eckex_extra *extra = (const struct eckex_extra *)kex->extra;
|
||||||
struct ec_curve *curve;
|
struct ec_curve *curve;
|
||||||
struct ec_key *key;
|
struct ec_key *key;
|
||||||
struct ec_point *publicKey;
|
struct ec_point *publicKey;
|
||||||
|
|
||||||
curve = ec_name_to_curve(name, strlen(name));
|
curve = extra->curve();
|
||||||
|
|
||||||
key = snew(struct ec_key);
|
key = snew(struct ec_key);
|
||||||
if (!key) {
|
if (!key) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
key->signalg = NULL;
|
||||||
key->publicKey.curve = curve;
|
key->publicKey.curve = curve;
|
||||||
|
|
||||||
if (curve->type == EC_MONTGOMERY) {
|
if (curve->type == EC_MONTGOMERY) {
|
||||||
@ -3704,30 +3628,99 @@ void ssh_ecdhkex_freekey(void *key)
|
|||||||
ecdsa_freekey(key);
|
ecdsa_freekey(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const struct eckex_extra kex_extra_curve25519 = { ec_curve25519 };
|
||||||
static const struct ssh_kex ssh_ec_kex_curve25519 = {
|
static const struct ssh_kex ssh_ec_kex_curve25519 = {
|
||||||
"curve25519-sha256@libssh.org", NULL, KEXTYPE_ECDH, &ssh_sha256, NULL
|
"curve25519-sha256@libssh.org", NULL, KEXTYPE_ECDH,
|
||||||
|
&ssh_sha256, &kex_extra_curve25519,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const struct eckex_extra kex_extra_nistp256 = { ec_p256 };
|
||||||
static const struct ssh_kex ssh_ec_kex_nistp256 = {
|
static const struct ssh_kex ssh_ec_kex_nistp256 = {
|
||||||
"ecdh-sha2-nistp256", NULL, KEXTYPE_ECDH, &ssh_sha256, NULL
|
"ecdh-sha2-nistp256", NULL, KEXTYPE_ECDH,
|
||||||
|
&ssh_sha256, &kex_extra_nistp256,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const struct eckex_extra kex_extra_nistp384 = { ec_p384 };
|
||||||
static const struct ssh_kex ssh_ec_kex_nistp384 = {
|
static const struct ssh_kex ssh_ec_kex_nistp384 = {
|
||||||
"ecdh-sha2-nistp384", NULL, KEXTYPE_ECDH, &ssh_sha384, NULL
|
"ecdh-sha2-nistp384", NULL, KEXTYPE_ECDH,
|
||||||
|
&ssh_sha384, &kex_extra_nistp384,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const struct eckex_extra kex_extra_nistp521 = { ec_p521 };
|
||||||
static const struct ssh_kex ssh_ec_kex_nistp521 = {
|
static const struct ssh_kex ssh_ec_kex_nistp521 = {
|
||||||
"ecdh-sha2-nistp521", NULL, KEXTYPE_ECDH, &ssh_sha512, NULL
|
"ecdh-sha2-nistp521", NULL, KEXTYPE_ECDH,
|
||||||
|
&ssh_sha512, &kex_extra_nistp521,
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh_kex *const ec_kex_list[] = {
|
static const struct ssh_kex *const ec_kex_list[] = {
|
||||||
&ssh_ec_kex_curve25519,
|
&ssh_ec_kex_curve25519,
|
||||||
&ssh_ec_kex_nistp256,
|
&ssh_ec_kex_nistp256,
|
||||||
&ssh_ec_kex_nistp384,
|
&ssh_ec_kex_nistp384,
|
||||||
&ssh_ec_kex_nistp521
|
&ssh_ec_kex_nistp521,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct ssh_kexes ssh_ecdh_kex = {
|
const struct ssh_kexes ssh_ecdh_kex = {
|
||||||
sizeof(ec_kex_list) / sizeof(*ec_kex_list),
|
sizeof(ec_kex_list) / sizeof(*ec_kex_list),
|
||||||
ec_kex_list
|
ec_kex_list
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/* ----------------------------------------------------------------------
|
||||||
|
* Helper functions for finding key algorithms and returning auxiliary
|
||||||
|
* data.
|
||||||
|
*/
|
||||||
|
|
||||||
|
const struct ssh_signkey *ec_alg_by_oid(int len, const void *oid,
|
||||||
|
const struct ec_curve **curve)
|
||||||
|
{
|
||||||
|
static const struct ssh_signkey *algs_with_oid[] = {
|
||||||
|
&ssh_ecdsa_nistp256,
|
||||||
|
&ssh_ecdsa_nistp384,
|
||||||
|
&ssh_ecdsa_nistp521,
|
||||||
|
};
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for (i = 0; i < lenof(algs_with_oid); i++) {
|
||||||
|
const struct ssh_signkey *alg = algs_with_oid[i];
|
||||||
|
const struct ecsign_extra *extra =
|
||||||
|
(const struct ecsign_extra *)alg->extra;
|
||||||
|
if (len == extra->oidlen && !memcmp(oid, extra->oid, len)) {
|
||||||
|
*curve = extra->curve();
|
||||||
|
return alg;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
const unsigned char *ec_alg_oid(const struct ssh_signkey *alg,
|
||||||
|
int *oidlen)
|
||||||
|
{
|
||||||
|
const struct ecsign_extra *extra = (const struct ecsign_extra *)alg->extra;
|
||||||
|
*oidlen = extra->oidlen;
|
||||||
|
return extra->oid;
|
||||||
|
}
|
||||||
|
|
||||||
|
const int ec_nist_alg_and_curve_by_bits(int bits,
|
||||||
|
const struct ec_curve **curve,
|
||||||
|
const struct ssh_signkey **alg)
|
||||||
|
{
|
||||||
|
switch (bits) {
|
||||||
|
case 256: *alg = &ssh_ecdsa_nistp256; break;
|
||||||
|
case 384: *alg = &ssh_ecdsa_nistp384; break;
|
||||||
|
case 521: *alg = &ssh_ecdsa_nistp521; break;
|
||||||
|
default: return FALSE;
|
||||||
|
}
|
||||||
|
*curve = ((struct ecsign_extra *)(*alg)->extra)->curve();
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
const int ec_ed_alg_and_curve_by_bits(int bits,
|
||||||
|
const struct ec_curve **curve,
|
||||||
|
const struct ssh_signkey **alg)
|
||||||
|
{
|
||||||
|
switch (bits) {
|
||||||
|
case 256: *alg = &ssh_ecdsa_ed25519; break;
|
||||||
|
default: return FALSE;
|
||||||
|
}
|
||||||
|
*curve = ((struct ecsign_extra *)(*alg)->extra)->curve();
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
16
sshecdsag.c
16
sshecdsag.c
@ -12,15 +12,9 @@ int ec_generate(struct ec_key *key, int bits, progfn_t pfn,
|
|||||||
{
|
{
|
||||||
struct ec_point *publicKey;
|
struct ec_point *publicKey;
|
||||||
|
|
||||||
if (bits == 256) {
|
if (!ec_nist_alg_and_curve_by_bits(bits, &key->publicKey.curve,
|
||||||
key->publicKey.curve = ec_p256();
|
&key->signalg))
|
||||||
} else if (bits == 384) {
|
|
||||||
key->publicKey.curve = ec_p384();
|
|
||||||
} else if (bits == 521) {
|
|
||||||
key->publicKey.curve = ec_p521();
|
|
||||||
} else {
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
|
|
||||||
key->privateKey = bignum_random_in_range(One, key->publicKey.curve->w.n);
|
key->privateKey = bignum_random_in_range(One, key->publicKey.curve->w.n);
|
||||||
if (!key->privateKey) return 0;
|
if (!key->privateKey) return 0;
|
||||||
@ -45,11 +39,9 @@ int ec_edgenerate(struct ec_key *key, int bits, progfn_t pfn,
|
|||||||
{
|
{
|
||||||
struct ec_point *publicKey;
|
struct ec_point *publicKey;
|
||||||
|
|
||||||
if (bits == 256) {
|
if (!ec_ed_alg_and_curve_by_bits(bits, &key->publicKey.curve,
|
||||||
key->publicKey.curve = ec_ed25519();
|
&key->signalg))
|
||||||
} else {
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
|
|
||||||
{
|
{
|
||||||
/* EdDSA secret keys are just 32 bytes of hash preimage; the
|
/* EdDSA secret keys are just 32 bytes of hash preimage; the
|
||||||
|
@ -1334,12 +1334,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
|
|||||||
state->ssh2key.alg = &ssh_dss;
|
state->ssh2key.alg = &ssh_dss;
|
||||||
} else if (state->keytype == ECDSA) {
|
} else if (state->keytype == ECDSA) {
|
||||||
state->ssh2key.data = &state->eckey;
|
state->ssh2key.data = &state->eckey;
|
||||||
if (state->eckey.publicKey.curve->fieldBits == 256)
|
state->ssh2key.alg = state->eckey.signalg;
|
||||||
state->ssh2key.alg = &ssh_ecdsa_nistp256;
|
|
||||||
else if (state->eckey.publicKey.curve->fieldBits == 384)
|
|
||||||
state->ssh2key.alg = &ssh_ecdsa_nistp384;
|
|
||||||
else
|
|
||||||
state->ssh2key.alg = &ssh_ecdsa_nistp521;
|
|
||||||
} else if (state->keytype == ED25519) {
|
} else if (state->keytype == ED25519) {
|
||||||
state->ssh2key.data = &state->eckey;
|
state->ssh2key.data = &state->eckey;
|
||||||
state->ssh2key.alg = &ssh_ecdsa_ed25519;
|
state->ssh2key.alg = &ssh_ecdsa_ed25519;
|
||||||
|
Loading…
Reference in New Issue
Block a user