security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

agent: EdDSA support for SSH.

Browse Source 
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
two 32-byte opaque data which should not be interpreted as number.
This commit is contained in:
NIIBE Yutaka 2014-04-04 16:33:00 +09:00
parent b6786cc3ec
commit 513c67b746
1 changed files with 7 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
agent/command-ssh.c
View File

@ -1617,15 +1617,13 @@ ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec,
gpg_error_t err = 0; gpg_error_t err = 0;
gcry_sexp_t valuelist = NULL; gcry_sexp_t valuelist = NULL;
gcry_sexp_t sublist = NULL; gcry_sexp_t sublist = NULL;
gcry_mpi_t sig_value = NULL;
gcry_mpi_t *mpis = NULL;
const char *elems; const char *elems;
size_t elems_n; size_t elems_n;
int i; int i;
unsigned char *data[2] = {NULL, NULL}; unsigned char *data[2] = {NULL, NULL};
size_t data_n[2]; size_t data_n[2];
size_t totallen; size_t totallen = 0;
valuelist = gcry_sexp_nth (s_signature, 1); valuelist = gcry_sexp_nth (s_signature, 1);
if (!valuelist) if (!valuelist)
@ -1637,14 +1635,13 @@ ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec,
elems = spec->elems_signature; elems = spec->elems_signature;
elems_n = strlen (elems); elems_n = strlen (elems);
mpis = xtrycalloc (elems_n + 1, sizeof *mpis); if (elems_n != DIM(data))
if (!mpis)
{ {
err = gpg_error_from_syserror (); err = gpg_error (GPG_ERR_INV_SEXP);
goto out; goto out;
} }
for (i = 0; i < elems_n; i++) for (i = 0; i < DIM(data); i++)
{ {
sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1); sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1);
if (!sublist) if (!sublist)
@ -1653,31 +1650,19 @@ ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec,
break; break;
} }
sig_value = gcry_sexp_nth_mpi (sublist, 1, GCRYMPI_FMT_USG); data[i] = gcry_sexp_nth_buffer (sublist, 1, &data_n[i]);
if (!sig_value) if (!data[i])
{ {
err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */
break; break;
} }
totallen += data_n[i];
gcry_sexp_release (sublist); gcry_sexp_release (sublist);
sublist = NULL; sublist = NULL;
mpis[i] = sig_value;
} }
if (err) if (err)
goto out; goto out;
/* EdDSA specific. Actually TOTALLEN will always be 64. */
totallen = 0;
for (i = 0; i < DIM(data); i++)
{
err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &data[i], &data_n[i], mpis[i]);
if (err)
goto out;
totallen += data_n[i];
}
gcry_log_debug (" out: len=%zu\n", totallen); gcry_log_debug (" out: len=%zu\n", totallen);
err = stream_write_uint32 (stream, totallen); err = stream_write_uint32 (stream, totallen);
if (err) if (err)
@ -1696,7 +1681,6 @@ ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec,
xfree (data[i]); xfree (data[i]);
gcry_sexp_release (valuelist); gcry_sexp_release (valuelist);
gcry_sexp_release (sublist); gcry_sexp_release (sublist);
mpint_list_free (mpis);
return err; return err;
} }