/* * hostkey_method_ecdsa_signv * * Construct a signature from an array of vectors */ static int hostkey_method_ssh_ecdsa_signv(LIBSSH2_SESSION * session, unsigned char **signature, size_t *signature_len, int veccount, const struct iovec datavec[], void **abstract) { libssh2_ecdsa_ctx *ec_ctx = (libssh2_ecdsa_ctx *) (*abstract); libssh2_curve_type type = _libssh2_ecdsa_key_get_curve_type(ec_ctx); int ret = 0; if(type == LIBSSH2_EC_CURVE_NISTP256) { LIBSSH2_HOSTKEY_METHOD_EC_SIGNV_HASH(256); } else if(type == LIBSSH2_EC_CURVE_NISTP384) { LIBSSH2_HOSTKEY_METHOD_EC_SIGNV_HASH(384); } else if(type == LIBSSH2_EC_CURVE_NISTP521) { LIBSSH2_HOSTKEY_METHOD_EC_SIGNV_HASH(512); } else { return -1; } return ret; }
int _libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx, const unsigned char *r, size_t r_len, const unsigned char *s, size_t s_len, const unsigned char *m, size_t m_len) { int ret = 0; EC_KEY *ec_key = (EC_KEY*)ctx; libssh2_curve_type type = _libssh2_ecdsa_key_get_curve_type(ec_key); #ifdef HAVE_OPAQUE_STRUCTS ECDSA_SIG *ecdsa_sig = ECDSA_SIG_new(); BIGNUM *pr = BN_new(); BIGNUM *ps = BN_new(); BN_bin2bn(r, r_len, pr); BN_bin2bn(s, s_len, ps); ECDSA_SIG_set0(ecdsa_sig, pr, ps); #else ECDSA_SIG ecdsa_sig_; ECDSA_SIG *ecdsa_sig = &ecdsa_sig_; ecdsa_sig_.r = BN_new(); BN_bin2bn(r, r_len, ecdsa_sig_.r); ecdsa_sig_.s = BN_new(); BN_bin2bn(s, s_len, ecdsa_sig_.s); #endif if(type == LIBSSH2_EC_CURVE_NISTP256) { LIBSSH2_ECDSA_VERIFY(256); } else if(type == LIBSSH2_EC_CURVE_NISTP384) { LIBSSH2_ECDSA_VERIFY(384); } else if(type == LIBSSH2_EC_CURVE_NISTP521) { LIBSSH2_ECDSA_VERIFY(512); } #ifdef HAVE_OPAQUE_STRUCTS if(ecdsa_sig) ECDSA_SIG_free(ecdsa_sig); #else BN_clear_free(ecdsa_sig_.s); BN_clear_free(ecdsa_sig_.r); #endif return (ret == 1) ? 0 : -1; }
static int gen_publickey_from_ec_evp(LIBSSH2_SESSION *session, unsigned char **method, size_t *method_len, unsigned char **pubkeydata, size_t *pubkeydata_len, EVP_PKEY *pk) { int rc = 0; EC_KEY *ec = NULL; unsigned char *p; unsigned char *method_buf = NULL; unsigned char *key; size_t key_len = 0; unsigned char *octal_value = NULL; size_t octal_len; const EC_POINT *public_key; const EC_GROUP *group; BN_CTX *bn_ctx; libssh2_curve_type type; _libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Computing public key from EC private key envelop"); bn_ctx = BN_CTX_new(); if(bn_ctx == NULL) return -1; ec = EVP_PKEY_get1_EC_KEY(pk); if(ec == NULL) { rc = -1; goto clean_exit; } public_key = EC_KEY_get0_public_key(ec); group = EC_KEY_get0_group(ec); type = _libssh2_ecdsa_key_get_curve_type(ec); method_buf = LIBSSH2_ALLOC(session, 19); if(method_buf == NULL) { return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "out of memory"); } if(type == LIBSSH2_EC_CURVE_NISTP256) memcpy(method_buf, "ecdsa-sha2-nistp256", 19); else if(type == LIBSSH2_EC_CURVE_NISTP384) memcpy(method_buf, "ecdsa-sha2-nistp384", 19); else if(type == LIBSSH2_EC_CURVE_NISTP521) memcpy(method_buf, "ecdsa-sha2-nistp521", 19); else { _libssh2_debug(session, LIBSSH2_TRACE_ERROR, "Unsupported EC private key type"); rc = -1; goto clean_exit; } /* get length */ octal_len = EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); if(octal_len > EC_MAX_POINT_LEN) { rc = -1; goto clean_exit; } octal_value = malloc(octal_len); if(octal_value == NULL) { rc = -1; goto clean_exit; } /* convert to octal */ if(EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, octal_value, octal_len, bn_ctx) != octal_len) { rc = -1; goto clean_exit; } /* Key form is: type_len(4) + type(19) + domain_len(4) + domain(8) + pub_key_len(4) + pub_key(~65). */ key_len = 4 + 19 + 4 + 8 + 4 + octal_len; key = LIBSSH2_ALLOC(session, key_len); if(key == NULL) { rc = -1; goto clean_exit; } /* Process key encoding. */ p = key; /* Key type */ _libssh2_store_str(&p, (const char *)method_buf, 19); /* Name domain */ _libssh2_store_str(&p, (const char *)method_buf + 11, 8); /* Public key */ _libssh2_store_str(&p, (const char *)octal_value, octal_len); *method = method_buf; *method_len = 19; *pubkeydata = key; *pubkeydata_len = key_len; clean_exit: if(ec != NULL) EC_KEY_free(ec); if(bn_ctx != NULL) { BN_CTX_free(bn_ctx); } if(octal_value != NULL) free(octal_value); if(rc == 0) return 0; if(method_buf != NULL) LIBSSH2_FREE(session, method_buf); return -1; }