upstream: remove extra layer for ed25519 signature; ok djm@

OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47
author: markus@openbsd.org <markus@openbsd.org> 2019-11-12 19:34:40 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-13 08:54:09 +1100
commit: b556cc3cbf0c43f073bb41bba4e92ca709a1ec13 (patch)
tree: efe6046187a7bc035e427b99e269e7a88cbac59f
parent: 3fcf69ace19e75cf9dcd7206f396adfcb29611a8 (diff)
download: openssh-git-b556cc3cbf0c43f073bb41bba4e92ca709a1ec13.tar.gz
3 files changed, 39 insertions, 45 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index bd60f9fa..ca55c429 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -148,6 +148,14 @@ be reformatted slightly and the ecdsa_signature_blob value has the encoding:
 Where 'r' and 's' are extracted by the client or token middleware from the
 ecdsa_signature field returned from the hardware.
 
+For Ed25519 keys the signature is encoded as:
+
+	string		"sk-ssh-ed25519@openssh.com"
+	string		signature
+	byte		flags
+	uint32		counter
+
+
 ssh-agent protocol extensions
 -----------------------------
 
diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c
index f42c8830..622cb45c 100644
--- a/ssh-ed25519-sk.c
+++ b/ssh-ed25519-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519-sk.c,v 1.1 2019/11/12 19:29:24 markus Exp $ */
+/* $OpenBSD: ssh-ed25519-sk.c,v 1.2 2019/11/12 19:34:40 markus Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -36,7 +36,6 @@ ssh_ed25519_sk_verify(const struct sshkey *key,
     const u_char *data, size_t datalen, u_int compat)
 {
 	struct sshbuf *b = NULL;
-	struct sshbuf *sigbuf = NULL;
 	struct sshbuf *encoded = NULL;
 	char *ktype = NULL;
 	const u_char *sigblob;
@@ -60,10 +59,9 @@ ssh_ed25519_sk_verify(const struct sshkey *key,
 	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-	    sshbuf_froms(b, &sigbuf) != 0 ||
-	    sshbuf_get_string_direct(sigbuf, &sigblob, &len) != 0 ||
-	    sshbuf_get_u8(sigbuf, &sig_flags) != 0 ||
-	    sshbuf_get_u32(sigbuf, &sig_counter) != 0) {
+	    sshbuf_get_string_direct(b, &sigblob, &len) != 0 ||
+	    sshbuf_get_u8(b, &sig_flags) != 0 ||
+	    sshbuf_get_u32(b, &sig_counter) != 0) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -123,7 +121,6 @@ ssh_ed25519_sk_verify(const struct sshkey *key,
 		free(m);
 	}
 	sshbuf_free(b);
-	sshbuf_free(sigbuf);
 	sshbuf_free(encoded);
 	free(ktype);
 	return r;
diff --git a/ssh-sk.c b/ssh-sk.c
index 7a4bf8c6..ff9c6f28 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.8 2019/11/12 19:34:00 markus Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.9 2019/11/12 19:34:40 markus Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -359,12 +359,11 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
 }
 
 static int
-sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
+sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 {
 	struct sshbuf *inner_sig = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
 
-	*retp = NULL;
 	/* Check response validity */
 	if (resp->sig_r == NULL || resp->sig_r == NULL) {
 		error("%s: sk_sign response invalid", __func__);
@@ -375,7 +374,7 @@ sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	/* Prepare inner signature object */
+	/* Prepare and append inner signature object */
 	if ((r = sshbuf_put_bignum2_bytes(inner_sig,
 	    resp->sig_r, resp->sig_r_len)) != 0 ||
 	    (r = sshbuf_put_bignum2_bytes(inner_sig,
@@ -385,42 +384,39 @@ sshsk_ecdsa_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
 		debug("%s: buffer error: %s", __func__, ssh_err(r));
 		goto out;
 	}
+	if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0) {
+		debug("%s: buffer error: %s", __func__, ssh_err(r));
+		goto out;
+	}
 #ifdef DEBUG_SK
 	fprintf(stderr, "%s: sig_r:\n", __func__);
 	sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
 	fprintf(stderr, "%s: sig_s:\n", __func__);
 	sshbuf_dump_data(resp->sig_s, resp->sig_s_len, stderr);
+	fprintf(stderr, "%s: inner:\n", __func__);
+	sshbuf_dump(inner_sig, stderr);
 #endif
-	*retp = inner_sig;
-	inner_sig = NULL;
 	r = 0;
-out:
+ out:
 	sshbuf_free(inner_sig);
 	return r;
 }
 
 static int
-sshsk_ed25519_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
+sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
 {
-	struct sshbuf *inner_sig = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
 
-	*retp = NULL;
 	/* Check response validity */
 	if (resp->sig_r == NULL) {
 		error("%s: sk_sign response invalid", __func__);
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
-	if ((inner_sig = sshbuf_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	/* Prepare inner signature object */
-	if ((r = sshbuf_put_string(inner_sig,
+	if ((r = sshbuf_put_string(sig,
 	    resp->sig_r, resp->sig_r_len)) != 0 ||
-	    (r = sshbuf_put_u8(inner_sig, resp->flags)) != 0 ||
-	    (r = sshbuf_put_u32(inner_sig, resp->counter)) != 0) {
+	    (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
+	    (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
 		debug("%s: buffer error: %s", __func__, ssh_err(r));
 		goto out;
 	}
@@ -428,12 +424,9 @@ sshsk_ed25519_inner_sig(struct sk_sign_response *resp, struct sshbuf **retp)
 	fprintf(stderr, "%s: sig_r:\n", __func__);
 	sshbuf_dump_data(resp->sig_r, resp->sig_r_len, stderr);
 #endif
-	*retp = inner_sig;
-	inner_sig = NULL;
 	r = 0;
-out:
-	sshbuf_free(inner_sig);
-	return r;
+ out:
+	return 0;
 }
 
 int
@@ -488,34 +481,30 @@ sshsk_sign(const char *provider_path, const struct sshkey *key,
 		debug("%s: sk_sign failed with code %d", __func__, r);
 		goto out;
 	}
-	/* Prepare inner signature object */
+	/* Assemble signature */
+	if ((sig = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) {
+		debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
+		goto out;
+	}
 	switch (type) {
 	case KEY_ECDSA_SK:
-		if ((r = sshsk_ecdsa_inner_sig(resp, &inner_sig)) != 0)
+		if ((r = sshsk_ecdsa_sig(resp, sig)) != 0)
 			goto out;
 		break;
 	case KEY_ED25519_SK:
-		if ((r = sshsk_ed25519_inner_sig(resp, &inner_sig)) != 0)
+		if ((r = sshsk_ed25519_sig(resp, sig)) != 0)
 			goto out;
 		break;
 	}
-	/* Assemble outer signature */
-	if ((sig = sshbuf_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0 ||
-	    (r = sshbuf_put_stringb(sig, inner_sig)) != 0) {
-		debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
-		goto out;
-	}
 #ifdef DEBUG_SK
 	fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
 	    __func__, resp->flags, resp->counter);
 	fprintf(stderr, "%s: hashed message:\n", __func__);
 	sshbuf_dump_data(message, sizeof(message), stderr);
-	fprintf(stderr, "%s: inner:\n", __func__);
-	sshbuf_dump(inner_sig, stderr);
 	fprintf(stderr, "%s: sigbuf:\n", __func__);
 	sshbuf_dump(sig, stderr);
 #endif
author	markus@openbsd.org <markus@openbsd.org>	2019-11-12 19:34:40 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-13 08:54:09 +1100
commit	b556cc3cbf0c43f073bb41bba4e92ca709a1ec13 (patch)
tree	efe6046187a7bc035e427b99e269e7a88cbac59f
parent	3fcf69ace19e75cf9dcd7206f396adfcb29611a8 (diff)
download	openssh-git-b556cc3cbf0c43f073bb41bba4e92ca709a1ec13.tar.gz