diff options
author | Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> | 2018-02-22 15:56:05 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-03-07 15:44:05 +0100 |
commit | d11869bdb6df04c76e94b1b461ea5a519dcbddf1 (patch) | |
tree | 224ea211c196f29807f502ba1c9a19fa88b7eac5 /src | |
parent | 81847bf5135d836000d206d559df2e27f9a00a84 (diff) | |
download | libssh-d11869bdb6df04c76e94b1b461ea5a519dcbddf1.tar.gz libssh-d11869bdb6df04c76e94b1b461ea5a519dcbddf1.tar.xz libssh-d11869bdb6df04c76e94b1b461ea5a519dcbddf1.zip |
pki: Add mbedTLS ECDSA key comparison support
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/pki_mbedcrypto.c | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 5b412cc4..975dae67 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -451,15 +451,34 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what) } break; } - case SSH_KEYTYPE_ECDSA: - /* TODO: mbedTLS can't compare ecdsa keys. - mbedtls_ecdsa_context is actually a mbedtls_ecp_keypair, - so the private and public points and the group can be accessed - through the keypair. However, mbedtls has no method corresponding - to OpenSSL's EC_GROUP_cmp and EC_POITN_cmp, so the comparison - would have to be done manually. - */ - return 1; + case SSH_KEYTYPE_ECDSA: { + mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa; + mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa; + + if (ecdsa1->grp.id != ecdsa2->grp.id) { + return 1; + } + + if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.X, &ecdsa2->Q.X)) { + return 1; + } + + if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Y, &ecdsa2->Q.Y)) { + return 1; + } + + if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Z, &ecdsa2->Q.Z)) { + return 1; + } + + if (what == SSH_KEY_CMP_PRIVATE) { + if (mbedtls_mpi_cmp_mpi(&ecdsa1->d, &ecdsa2->d)) { + return 1; + } + } + + break; + } case SSH_KEYTYPE_ED25519: /* ed25519 keys handled globally */ return 0; |