diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2013-04-08 23:56:31 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2013-04-08 23:56:31 +0800 |
| commit | 8a479734d84a64315bc0ade6b2831f6a549e0dba (patch) | |
| tree | a27d2065a112c4ee53de94baf05afa27f4b60778 | |
| parent | c60df7d1a35acf7b1f25be488cbc09e7c24e0f4b (diff) | |
| download | dropbear-8a479734d84a64315bc0ade6b2831f6a549e0dba.tar.gz | |
- Rename buf_put_ecc_pubkey_string() to buf_put_ecc_raw_pubkey_string()
- Reindent ecc.c properly
| -rw-r--r-- | cli-kex.c | 2 | ||||
| -rw-r--r-- | common-kex.c | 6 | ||||
| -rw-r--r-- | ecc.c | 310 | ||||
| -rw-r--r-- | ecc.h | 4 | ||||
| -rw-r--r-- | svr-kex.c | 2 |
5 files changed, 163 insertions, 161 deletions
@@ -51,7 +51,7 @@ void send_msg_kexdh_init() { } else { #ifdef DROPBEAR_ECDH cli_ses.ecdh_param = gen_kexecdh_param(); - buf_put_ecc_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); + buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); #endif } encrypt_packet(); diff --git a/common-kex.c b/common-kex.c index 729b5d8..99d0859 100644 --- a/common-kex.c +++ b/common-kex.c @@ -662,7 +662,7 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them, // public keys from client and server ecc_key *Q_C, *Q_S, *Q_them; - Q_them = buf_get_ecc_pubkey(pub_them, algo_kex->ecc_curve); + Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve); ses.dh_K = dropbear_ecc_shared_secret(Q_them, ¶m->key); @@ -680,9 +680,9 @@ void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them, /* K_S, the host key */ buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); /* Q_C, client's ephemeral public key octet string */ - buf_put_ecc_pubkey_string(ses.kexhashbuf, Q_C); + buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C); /* Q_S, server's ephemeral public key octet string */ - buf_put_ecc_pubkey_string(ses.kexhashbuf, Q_S); + buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_S); /* K, the shared secret */ buf_putmpint(ses.kexhashbuf, ses.dh_K); @@ -31,136 +31,138 @@ const struct dropbear_ecc_curve ecc_curve_nistp521 = { #endif static ecc_key * new_ecc_key(void) { - ecc_key *key = m_malloc(sizeof(*key)); - key->pubkey.x = m_malloc(sizeof(mp_int)); - key->pubkey.y = m_malloc(sizeof(mp_int)); - key->pubkey.z = m_malloc(sizeof(mp_int)); - key->k = m_malloc(sizeof(mp_int)); - m_mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); - return key; -} - -void buf_put_ecc_pubkey_string(buffer *buf, ecc_key *key) { - unsigned long len = key->dp->size*2 + 1; - buf_putint(buf, len); - int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len); - if (err != CRYPT_OK) { - dropbear_exit("ECC error"); - } - buf_incrwritepos(buf, len); + ecc_key *key = m_malloc(sizeof(*key)); + key->pubkey.x = m_malloc(sizeof(mp_int)); + key->pubkey.y = m_malloc(sizeof(mp_int)); + key->pubkey.z = m_malloc(sizeof(mp_int)); + key->k = m_malloc(sizeof(mp_int)); + m_mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); + return key; } // Copied from libtomcrypt ecc_import.c (version there is static), modified // for different mp_int pointer without LTC_SOURCE static int ecc_is_point(ecc_key *key) { - mp_int *prime, *b, *t1, *t2; - int err; - - prime = m_malloc(sizeof(mp_int)); - b = m_malloc(sizeof(mp_int)); - t1 = m_malloc(sizeof(mp_int)); - t2 = m_malloc(sizeof(mp_int)); - - m_mp_init_multi(prime, b, t1, t2, NULL); - + mp_int *prime, *b, *t1, *t2; + int err; + + prime = m_malloc(sizeof(mp_int)); + b = m_malloc(sizeof(mp_int)); + t1 = m_malloc(sizeof(mp_int)); + t2 = m_malloc(sizeof(mp_int)); + + m_mp_init_multi(prime, b, t1, t2, NULL); + /* load prime and b */ - if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } - + if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } + if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } + /* compute y^2 */ - if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } - + if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } + /* compute x^3 */ - if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } - + if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } + if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } + /* compute y^2 - x^3 */ - if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } - + if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } + /* compute y^2 - x^3 + 3x */ - if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } - if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } - if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; } - while (mp_cmp_d(t1, 0) == LTC_MP_LT) { - if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; } - } - while (mp_cmp(t1, prime) != LTC_MP_LT) { - if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } - } - + if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } + if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } + if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } + if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; } + while (mp_cmp_d(t1, 0) == LTC_MP_LT) { + if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; } + } + while (mp_cmp(t1, prime) != LTC_MP_LT) { + if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } + } + /* compare to b */ - if (mp_cmp(t1, b) != LTC_MP_EQ) { - err = CRYPT_INVALID_PACKET; - } else { - err = CRYPT_OK; - } - -error: - mp_clear_multi(prime, b, t1, t2, NULL); - m_free(prime); - m_free(b); - m_free(t1); - m_free(t2); - return err; + if (mp_cmp(t1, b) != LTC_MP_EQ) { + err = CRYPT_INVALID_PACKET; + } else { + err = CRYPT_OK; + } + + error: + mp_clear_multi(prime, b, t1, t2, NULL); + m_free(prime); + m_free(b); + m_free(t1); + m_free(t2); + return err; } -ecc_key * buf_get_ecc_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve) { - ecc_key *key = NULL; - int ret = DROPBEAR_FAILURE; - const unsigned int size = curve->dp->size; - buf_setpos(buf, 0); - unsigned int len = buf->len; - unsigned char first = buf_getbyte(buf); - if (first == 2 || first == 3) { - dropbear_log(LOG_WARNING, "Dropbear doesn't support ECC point compression"); - return NULL; - } - if (first != 4 || len != 1+2*size) { - return NULL; - } - - key = new_ecc_key(); - key->dp = curve->dp; - - if (mp_read_unsigned_bin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) { - goto out; - } - buf_incrpos(buf, size); - - if (mp_read_unsigned_bin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) { - goto out; - } - buf_incrpos(buf, size); - - mp_set(key->pubkey.z, 1); - - if (ecc_is_point(key) != CRYPT_OK) { - goto out; - } +/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */ +void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) { + unsigned long len = key->dp->size*2 + 1; + buf_putint(buf, len); + int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len); + if (err != CRYPT_OK) { + dropbear_exit("ECC error"); + } + buf_incrwritepos(buf, len); +} + +/* For the "ephemeral public key octet string" in ECDH (rfc5656 section 4) */ +ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve) { + ecc_key *key = NULL; + int ret = DROPBEAR_FAILURE; + const unsigned int size = curve->dp->size; + buf_setpos(buf, 0); + unsigned int len = buf->len; + unsigned char first = buf_getbyte(buf); + if (first == 2 || first == 3) { + dropbear_log(LOG_WARNING, "Dropbear doesn't support ECC point compression"); + return NULL; + } + if (first != 4 || len != 1+2*size) { + return NULL; + } + + key = new_ecc_key(); + key->dp = curve->dp; + + if (mp_read_unsigned_bin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) { + goto out; + } + buf_incrpos(buf, size); + + if (mp_read_unsigned_bin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) { + goto out; + } + buf_incrpos(buf, size); + + mp_set(key->pubkey.z, 1); + + if (ecc_is_point(key) != CRYPT_OK) { + goto out; + } // SEC1 3.2.3.1 Check that Q != 0 - if (mp_cmp_d(key->pubkey.x, 0) == LTC_MP_EQ) { - goto out; - } - if (mp_cmp_d(key->pubkey.y, 0) == LTC_MP_EQ) { - goto out; - } - - ret = DROPBEAR_SUCCESS; - -out: - if (ret == DROPBEAR_FAILURE) { - if (key) { - ecc_free(key); - m_free(key); - key = NULL; - } - } - - return key; + if (mp_cmp_d(key->pubkey.x, 0) == LTC_MP_EQ) { + goto out; + } + if (mp_cmp_d(key->pubkey.y, 0) == LTC_MP_EQ) { + goto out; + } + + ret = DROPBEAR_SUCCESS; + + out: + if (ret == DROPBEAR_FAILURE) { + if (key) { + ecc_free(key); + m_free(key); + key = NULL; + } + } + + return key; } @@ -168,56 +170,56 @@ out: // a mp_int instead. mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key) { - ecc_point *result = NULL; - mp_int *prime = NULL, *shared_secret = NULL; - int err = DROPBEAR_FAILURE; + ecc_point *result = NULL; + mp_int *prime = NULL, *shared_secret = NULL; + int err = DROPBEAR_FAILURE; /* type valid? */ - if (private_key->type != PK_PRIVATE) { - goto done; - } + if (private_key->type != PK_PRIVATE) { + goto done; + } - if (private_key->dp != public_key->dp) { - goto done; - } + if (private_key->dp != public_key->dp) { + goto done; + } /* make new point */ - result = ltc_ecc_new_point(); - if (result == NULL) { - goto done; - } - - prime = m_malloc(sizeof(*prime)); - m_mp_init(prime); - - if (mp_read_radix(prime, (char *)private_key->dp->prime, 16) != CRYPT_OK) { - goto done; - } - if (ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1) != CRYPT_OK) { - goto done; - } - - err = DROPBEAR_SUCCESS; -done: + result = ltc_ecc_new_point(); + if (result == NULL) { + goto done; + } + + prime = m_malloc(sizeof(*prime)); + m_mp_init(prime); + + if (mp_read_radix(prime, (char *)private_key->dp->prime, 16) != CRYPT_OK) { + goto done; + } + if (ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1) != CRYPT_OK) { + goto done; + } + + err = DROPBEAR_SUCCESS; + done: if (err == DROPBEAR_SUCCESS) { shared_secret = m_malloc(sizeof(*shared_secret)); - m_mp_init(shared_secret); - mp_copy(result->x, shared_secret); + m_mp_init(shared_secret); + mp_copy(result->x, shared_secret); } if (prime) { - mp_clear(prime); - m_free(prime); - } - if (result) - { - ltc_ecc_del_point(result); - } - - if (err == DROPBEAR_FAILURE) { - dropbear_exit("ECC error"); - } - return shared_secret; + mp_clear(prime); + m_free(prime); + } + if (result) + { + ltc_ecc_del_point(result); + } + + if (err == DROPBEAR_FAILURE) { + dropbear_exit("ECC error"); + } + return shared_secret; } #endif @@ -20,8 +20,8 @@ extern const struct dropbear_ecc_curve ecc_curve_nistp521; // "pubkey" refers to a point, but LTC uses ecc_key structure for both public // and private keys -void buf_put_ecc_pubkey_string(buffer *buf, ecc_key *key); -ecc_key * buf_get_ecc_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve); +void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key); +ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve); int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key); mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key); @@ -104,7 +104,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) { struct kex_ecdh_param *ecdh_param = gen_kexecdh_param(); kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); - buf_put_ecc_pubkey_string(ses.writepayload, &ecdh_param->key); + buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key); free_kexecdh_param(ecdh_param); #endif } |