summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJuraj Vijtiuk <juraj.vijtiuk@sartura.hr>2018-02-22 15:56:05 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-03-07 15:44:05 +0100
commitd11869bdb6df04c76e94b1b461ea5a519dcbddf1 (patch)
tree224ea211c196f29807f502ba1c9a19fa88b7eac5
parent81847bf5135d836000d206d559df2e27f9a00a84 (diff)
downloadlibssh-d11869bdb6df04c76e94b1b461ea5a519dcbddf1.tar.gz
libssh-d11869bdb6df04c76e94b1b461ea5a519dcbddf1.tar.xz
libssh-d11869bdb6df04c76e94b1b461ea5a519dcbddf1.zip
pki: Add mbedTLS ECDSA key comparison support
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--README.mbedtls12
-rw-r--r--src/pki_mbedcrypto.c37
-rw-r--r--tests/unittests/torture_pki_ecdsa.c3
3 files changed, 28 insertions, 24 deletions
diff --git a/README.mbedtls b/README.mbedtls
index dd1f505d..fdf3b25d 100644
--- a/README.mbedtls
+++ b/README.mbedtls
@@ -1,15 +1,3 @@
-libssh mbedTLS ECDSA support
-=============================
-
-When built with mbedTLS, libssh currently does not support ECDSA key comparison.
-Since the comparison function is used during the verification of publickey
-authentication requests a libssh server will not be able to deal with ECDSA
-keys.
-
-In general, if the ssh_key_cmp function is used with mbedTLS, ECDSA key
-comparison won't work.
-
-
mbedTLS and libssh in multithreaded applications
==================================================
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 5b412cc4..975dae67 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -451,15 +451,34 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
}
break;
}
- case SSH_KEYTYPE_ECDSA:
- /* TODO: mbedTLS can't compare ecdsa keys.
- mbedtls_ecdsa_context is actually a mbedtls_ecp_keypair,
- so the private and public points and the group can be accessed
- through the keypair. However, mbedtls has no method corresponding
- to OpenSSL's EC_GROUP_cmp and EC_POITN_cmp, so the comparison
- would have to be done manually.
- */
- return 1;
+ case SSH_KEYTYPE_ECDSA: {
+ mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa;
+ mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa;
+
+ if (ecdsa1->grp.id != ecdsa2->grp.id) {
+ return 1;
+ }
+
+ if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.X, &ecdsa2->Q.X)) {
+ return 1;
+ }
+
+ if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Y, &ecdsa2->Q.Y)) {
+ return 1;
+ }
+
+ if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Z, &ecdsa2->Q.Z)) {
+ return 1;
+ }
+
+ if (what == SSH_KEY_CMP_PRIVATE) {
+ if (mbedtls_mpi_cmp_mpi(&ecdsa1->d, &ecdsa2->d)) {
+ return 1;
+ }
+ }
+
+ break;
+ }
case SSH_KEYTYPE_ED25519:
/* ed25519 keys handled globally */
return 0;
diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c
index 82b0ab06..6587a60d 100644
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@@ -227,11 +227,8 @@ static void torture_pki_ecdsa_duplicate_key(void **state)
assert_string_equal(b64_key, b64_key_gen);
-#ifndef HAVE_LIBMBEDCRYPTO
- /* libmbedcrypto can't compare ecdsa keys */
rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
assert_true(rc == 0);
-#endif
ssh_key_free(pubkey);
ssh_key_free(privkey);