[openssh-commits] [openssh] 04/12: upstream: factor out sshsk_ecdsa_assemble(); ok djm@

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Nov 13 08:54:26 AEDT 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit cef84a062db8cfeece26f067235dc440f6992c17
Author: markus at openbsd.org <markus at openbsd.org>
Date:   Tue Nov 12 19:29:54 2019 +0000

    upstream: factor out sshsk_ecdsa_assemble(); ok djm@
    
    OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026
---
 ssh-sk.c | 96 +++++++++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 59 insertions(+), 37 deletions(-)

diff --git a/ssh-sk.c b/ssh-sk.c
index 122a1e2b..c0f6c1cc 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.1 2019/10/31 21:16:20 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.2 2019/11/12 19:29:54 markus Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -143,6 +143,61 @@ sshsk_free_sign_response(struct sk_sign_response *r)
 	freezero(r, sizeof(*r));
 };
 
+/* Assemble key from response */
+static int
+sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
+{
+	struct sshkey *key = NULL;
+	struct sshbuf *b = NULL;
+	EC_POINT *q = NULL;
+	int r;
+
+	*keyp = NULL;
+	if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
+		error("%s: sshkey_new failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	key->ecdsa_nid = NID_X9_62_prime256v1;
+	if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
+	    (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
+	    (b = sshbuf_new()) == NULL) {
+		error("%s: allocation failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_string(b,
+	    resp->public_key, resp->public_key_len)) != 0) {
+		error("%s: buffer error: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
+		error("%s: parse key: %s", __func__, ssh_err(r));
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) {
+		error("Security key returned invalid ECDSA key");
+		r = SSH_ERR_KEY_INVALID_EC_VALUE;
+		goto out;
+	}
+	if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
+		/* XXX assume it is a allocation error */
+		error("%s: allocation failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	/* success */
+	*keyp = key;
+	key = NULL; /* transferred */
+	r = 0;
+ out:
+	EC_POINT_free(q);
+	sshkey_free(key);
+	sshbuf_free(b);
+	return r;
+}
+
 int
 sshsk_enroll(const char *provider_path, const char *application,
     uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp,
@@ -155,8 +210,6 @@ sshsk_enroll(const char *provider_path, const char *application,
 	size_t challenge_len;
 	struct sk_enroll_response *resp = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
-	struct sshbuf *b = NULL;
-	EC_POINT *q = NULL;
 
 	*keyp = NULL;
 	if (attest)
@@ -206,49 +259,20 @@ sshsk_enroll(const char *provider_path, const char *application,
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
-	/* Assemble key from response */
-	if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
-		error("%s: sshkey_new failed", __func__);
-		r = SSH_ERR_ALLOC_FAIL;
+	if ((r = sshsk_ecdsa_assemble(resp, &key)) != 0)
 		goto out;
-	}
-	key->ecdsa_nid = NID_X9_62_prime256v1;
 	key->sk_flags = flags;
-	if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
-	    (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
-	    (key->sk_key_handle = sshbuf_new()) == NULL ||
-	    (key->sk_reserved = sshbuf_new()) == NULL ||
-	    (b = sshbuf_new()) == NULL) {
+	if ((key->sk_key_handle = sshbuf_new()) == NULL ||
+	    (key->sk_reserved = sshbuf_new()) == NULL) {
 		error("%s: allocation failed", __func__);
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_put_string(b,
-	    resp->public_key, resp->public_key_len)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
-		goto out;
-	}
 	if ((key->sk_application = strdup(application)) == NULL) {
 		error("%s: strdup application failed", __func__);
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
-		error("%s: parse key: %s", __func__, ssh_err(r));
-		r = SSH_ERR_INVALID_FORMAT;
-		goto out;
-	}
-	if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), q) != 0) {
-		error("Security key returned invalid ECDSA key");
-		r = SSH_ERR_KEY_INVALID_EC_VALUE;
-		goto out;
-	}
-	if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
-		/* XXX assume it is a allocation error */
-		error("%s: allocation failed", __func__);
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
 	if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle,
 	    resp->key_handle_len)) != 0) {
 		error("%s: buffer error: %s", __func__, ssh_err(r));
@@ -273,9 +297,7 @@ sshsk_enroll(const char *provider_path, const char *application,
 	key = NULL; /* transferred */
 	r = 0;
  out:
-	EC_POINT_free(q);
 	sshsk_free(skp);
-	sshbuf_free(b);
 	sshkey_free(key);
 	sshsk_free_enroll_response(resp);
 	explicit_bzero(randchall, sizeof(randchall));

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list