mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-28 16:24:39 +02:00
upstream: factor out sshkey_equal_public()
feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
25de1c01a8
commit
1e78844ae2
31
ssh-dss.c
31
ssh-dss.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-dss.c,v 1.40 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: ssh-dss.c,v 1.41 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
@ -74,6 +74,34 @@ ssh_dss_cleanup(struct sshkey *k)
|
|||||||
k->dsa = NULL;
|
k->dsa = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
ssh_dss_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;
|
||||||
|
const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;
|
||||||
|
|
||||||
|
if (a->dsa == NULL || b->dsa == NULL)
|
||||||
|
return 0;
|
||||||
|
DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a);
|
||||||
|
DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b);
|
||||||
|
DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL);
|
||||||
|
DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL);
|
||||||
|
if (dsa_p_a == NULL || dsa_p_b == NULL ||
|
||||||
|
dsa_q_a == NULL || dsa_q_b == NULL ||
|
||||||
|
dsa_g_a == NULL || dsa_g_b == NULL ||
|
||||||
|
dsa_pub_key_a == NULL || dsa_pub_key_b == NULL)
|
||||||
|
return 0;
|
||||||
|
if (BN_cmp(dsa_p_a, dsa_p_b) != 0)
|
||||||
|
return 0;
|
||||||
|
if (BN_cmp(dsa_q_a, dsa_q_b) != 0)
|
||||||
|
return 0;
|
||||||
|
if (BN_cmp(dsa_g_a, dsa_g_b) != 0)
|
||||||
|
return 0;
|
||||||
|
if (BN_cmp(dsa_pub_key_a, dsa_pub_key_b) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
||||||
const u_char *data, size_t datalen, u_int compat)
|
const u_char *data, size_t datalen, u_int compat)
|
||||||
@ -235,6 +263,7 @@ static const struct sshkey_impl_funcs sshkey_dss_funcs = {
|
|||||||
/* .size = */ ssh_dss_size,
|
/* .size = */ ssh_dss_size,
|
||||||
/* .alloc = */ ssh_dss_alloc,
|
/* .alloc = */ ssh_dss_alloc,
|
||||||
/* .cleanup = */ ssh_dss_cleanup,
|
/* .cleanup = */ ssh_dss_cleanup,
|
||||||
|
/* .equal = */ ssh_dss_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_dss_impl = {
|
const struct sshkey_impl sshkey_dss_impl = {
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-ecdsa-sk.c,v 1.9 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: ssh-ecdsa-sk.c,v 1.10 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||||
@ -61,14 +61,24 @@ ssh_ecdsa_sk_verify(const struct sshkey *key,
|
|||||||
}
|
}
|
||||||
#else /* OPENSSL_HAS_ECC */
|
#else /* OPENSSL_HAS_ECC */
|
||||||
|
|
||||||
|
/* Reuse some ECDSA internals */
|
||||||
|
extern struct sshkey_impl_funcs sshkey_ecdsa_funcs;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ssh_ecdsa_sk_cleanup(struct sshkey *k)
|
ssh_ecdsa_sk_cleanup(struct sshkey *k)
|
||||||
{
|
{
|
||||||
free(k->sk_application);
|
sshkey_sk_cleanup(k);
|
||||||
sshbuf_free(k->sk_key_handle);
|
sshkey_ecdsa_funcs.cleanup(k);
|
||||||
sshbuf_free(k->sk_reserved);
|
}
|
||||||
EC_KEY_free(k->ecdsa);
|
|
||||||
k->ecdsa = NULL;
|
static int
|
||||||
|
ssh_ecdsa_sk_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
if (!sshkey_sk_fields_equal(a, b))
|
||||||
|
return 0;
|
||||||
|
if (!sshkey_ecdsa_funcs.equal(a, b))
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -335,6 +345,7 @@ static const struct sshkey_impl_funcs sshkey_ecdsa_sk_funcs = {
|
|||||||
/* .size = */ NULL,
|
/* .size = */ NULL,
|
||||||
/* .alloc = */ NULL,
|
/* .alloc = */ NULL,
|
||||||
/* .cleanup = */ ssh_ecdsa_sk_cleanup,
|
/* .cleanup = */ ssh_ecdsa_sk_cleanup,
|
||||||
|
/* .equal = */ ssh_ecdsa_sk_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_ecdsa_sk_impl = {
|
const struct sshkey_impl sshkey_ecdsa_sk_impl = {
|
||||||
|
|||||||
27
ssh-ecdsa.c
27
ssh-ecdsa.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-ecdsa.c,v 1.17 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: ssh-ecdsa.c,v 1.18 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||||
@ -69,6 +69,27 @@ ssh_ecdsa_cleanup(struct sshkey *k)
|
|||||||
k->ecdsa = NULL;
|
k->ecdsa = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
ssh_ecdsa_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
const EC_GROUP *grp_a, *grp_b;
|
||||||
|
const EC_POINT *pub_a, *pub_b;
|
||||||
|
|
||||||
|
if (a->ecdsa == NULL || b->ecdsa == NULL)
|
||||||
|
return 0;
|
||||||
|
if ((grp_a = EC_KEY_get0_group(a->ecdsa)) == NULL ||
|
||||||
|
(grp_b = EC_KEY_get0_group(b->ecdsa)) == NULL)
|
||||||
|
return 0;
|
||||||
|
if ((pub_a = EC_KEY_get0_public_key(a->ecdsa)) == NULL ||
|
||||||
|
(pub_b = EC_KEY_get0_public_key(b->ecdsa)) == NULL)
|
||||||
|
return 0;
|
||||||
|
if (EC_GROUP_cmp(grp_a, grp_b, NULL) != 0)
|
||||||
|
return 0;
|
||||||
|
if (EC_POINT_cmp(grp_a, pub_a, pub_b, NULL) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/* ARGSUSED */
|
/* ARGSUSED */
|
||||||
int
|
int
|
||||||
ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
||||||
@ -221,10 +242,12 @@ ssh_ecdsa_verify(const struct sshkey *key,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct sshkey_impl_funcs sshkey_ecdsa_funcs = {
|
/* NB. not static; used by ECDSA-SK */
|
||||||
|
const struct sshkey_impl_funcs sshkey_ecdsa_funcs = {
|
||||||
/* .size = */ ssh_ecdsa_size,
|
/* .size = */ ssh_ecdsa_size,
|
||||||
/* .alloc = */ NULL,
|
/* .alloc = */ NULL,
|
||||||
/* .cleanup = */ ssh_ecdsa_cleanup,
|
/* .cleanup = */ ssh_ecdsa_cleanup,
|
||||||
|
/* .equal = */ ssh_ecdsa_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_ecdsa_nistp256_impl = {
|
const struct sshkey_impl sshkey_ecdsa_nistp256_impl = {
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-ed25519-sk.c,v 1.7 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: ssh-ed25519-sk.c,v 1.8 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
@ -35,16 +35,24 @@
|
|||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "digest.h"
|
#include "digest.h"
|
||||||
|
|
||||||
|
/* Reuse some ED25519 internals */
|
||||||
|
extern struct sshkey_impl_funcs sshkey_ed25519_funcs;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ssh_ed25519_sk_cleanup(struct sshkey *k)
|
ssh_ed25519_sk_cleanup(struct sshkey *k)
|
||||||
{
|
{
|
||||||
free(k->sk_application);
|
sshkey_sk_cleanup(k);
|
||||||
sshbuf_free(k->sk_key_handle);
|
sshkey_ed25519_funcs.cleanup(k);
|
||||||
sshbuf_free(k->sk_reserved);
|
}
|
||||||
freezero(k->ed25519_pk, ED25519_PK_SZ);
|
|
||||||
freezero(k->ed25519_sk, ED25519_SK_SZ);
|
static int
|
||||||
k->ed25519_pk = NULL;
|
ssh_ed25519_sk_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
k->ed25519_sk = NULL;
|
{
|
||||||
|
if (!sshkey_sk_fields_equal(a, b))
|
||||||
|
return 0;
|
||||||
|
if (!sshkey_ed25519_funcs.equal(a, b))
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -178,6 +186,7 @@ static const struct sshkey_impl_funcs sshkey_ed25519_sk_funcs = {
|
|||||||
/* .size = */ NULL,
|
/* .size = */ NULL,
|
||||||
/* .alloc = */ NULL,
|
/* .alloc = */ NULL,
|
||||||
/* .cleanup = */ ssh_ed25519_sk_cleanup,
|
/* .cleanup = */ ssh_ed25519_sk_cleanup,
|
||||||
|
/* .equal = */ ssh_ed25519_sk_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_ed25519_sk_impl = {
|
const struct sshkey_impl sshkey_ed25519_sk_impl = {
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-ed25519.c,v 1.11 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: ssh-ed25519.c,v 1.12 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
|
* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
|
||||||
*
|
*
|
||||||
@ -41,6 +41,16 @@ ssh_ed25519_cleanup(struct sshkey *k)
|
|||||||
k->ed25519_sk = NULL;
|
k->ed25519_sk = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
ssh_ed25519_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
if (a->ed25519_pk == NULL || b->ed25519_pk == NULL)
|
||||||
|
return 0;
|
||||||
|
if (memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
||||||
const u_char *data, size_t datalen, u_int compat)
|
const u_char *data, size_t datalen, u_int compat)
|
||||||
@ -168,10 +178,12 @@ ssh_ed25519_verify(const struct sshkey *key,
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct sshkey_impl_funcs sshkey_ed25519_funcs = {
|
/* NB. not static; used by ED25519-SK */
|
||||||
|
const struct sshkey_impl_funcs sshkey_ed25519_funcs = {
|
||||||
/* .size = */ NULL,
|
/* .size = */ NULL,
|
||||||
/* .alloc = */ NULL,
|
/* .alloc = */ NULL,
|
||||||
/* .cleanup = */ ssh_ed25519_cleanup,
|
/* .cleanup = */ ssh_ed25519_cleanup,
|
||||||
|
/* .equal = */ ssh_ed25519_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_ed25519_impl = {
|
const struct sshkey_impl sshkey_ed25519_impl = {
|
||||||
|
|||||||
24
ssh-rsa.c
24
ssh-rsa.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-rsa.c,v 1.69 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: ssh-rsa.c,v 1.70 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
|
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
|
||||||
*
|
*
|
||||||
@ -65,6 +65,27 @@ ssh_rsa_cleanup(struct sshkey *k)
|
|||||||
k->rsa = NULL;
|
k->rsa = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
ssh_rsa_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
const BIGNUM *rsa_e_a, *rsa_n_a;
|
||||||
|
const BIGNUM *rsa_e_b, *rsa_n_b;
|
||||||
|
|
||||||
|
if (a->rsa == NULL || b->rsa == NULL)
|
||||||
|
return 0;
|
||||||
|
RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL);
|
||||||
|
RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL);
|
||||||
|
if (rsa_e_a == NULL || rsa_e_b == NULL)
|
||||||
|
return 0;
|
||||||
|
if (rsa_n_a == NULL || rsa_n_b == NULL)
|
||||||
|
return 0;
|
||||||
|
if (BN_cmp(rsa_e_a, rsa_e_b) != 0)
|
||||||
|
return 0;
|
||||||
|
if (BN_cmp(rsa_n_a, rsa_n_b) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
static const char *
|
static const char *
|
||||||
rsa_hash_alg_ident(int hash_alg)
|
rsa_hash_alg_ident(int hash_alg)
|
||||||
{
|
{
|
||||||
@ -477,6 +498,7 @@ static const struct sshkey_impl_funcs sshkey_rsa_funcs = {
|
|||||||
/* .size = */ ssh_rsa_size,
|
/* .size = */ ssh_rsa_size,
|
||||||
/* .alloc = */ ssh_rsa_alloc,
|
/* .alloc = */ ssh_rsa_alloc,
|
||||||
/* .cleanup = */ ssh_rsa_cleanup,
|
/* .cleanup = */ ssh_rsa_cleanup,
|
||||||
|
/* .equal = */ ssh_rsa_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_rsa_impl = {
|
const struct sshkey_impl sshkey_rsa_impl = {
|
||||||
|
|||||||
15
ssh-xmss.c
15
ssh-xmss.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-xmss.c,v 1.6 2022/10/28 00:35:40 djm Exp $*/
|
/* $OpenBSD: ssh-xmss.c,v 1.7 2022/10/28 00:36:31 djm Exp $*/
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2017 Stefan-Lukas Gazdag.
|
* Copyright (c) 2017 Stefan-Lukas Gazdag.
|
||||||
* Copyright (c) 2017 Markus Friedl.
|
* Copyright (c) 2017 Markus Friedl.
|
||||||
@ -51,6 +51,18 @@ ssh_xmss_cleanup(struct sshkey *k)
|
|||||||
k->xmss_filename = NULL;
|
k->xmss_filename = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
ssh_xmss_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
if (a->xmss_pk == NULL || b->xmss_pk == NULL)
|
||||||
|
return 0;
|
||||||
|
if (sshkey_xmss_pklen(a) != sshkey_xmss_pklen(b))
|
||||||
|
return 0;
|
||||||
|
if (memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
|
||||||
const u_char *data, size_t datalen, u_int compat)
|
const u_char *data, size_t datalen, u_int compat)
|
||||||
@ -203,6 +215,7 @@ static const struct sshkey_impl_funcs sshkey_xmss_funcs = {
|
|||||||
/* .size = */ NULL,
|
/* .size = */ NULL,
|
||||||
/* .alloc = */ NULL,
|
/* .alloc = */ NULL,
|
||||||
/* .cleanup = */ ssh_xmss_cleanup,
|
/* .cleanup = */ ssh_xmss_cleanup,
|
||||||
|
/* .equal = */ ssh_xmss_equal,
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct sshkey_impl sshkey_xmss_impl = {
|
const struct sshkey_impl sshkey_xmss_impl = {
|
||||||
|
|||||||
100
sshkey.c
100
sshkey.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: sshkey.c,v 1.123 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: sshkey.c,v 1.124 2022/10/28 00:36:31 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
|
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
|
||||||
@ -596,6 +596,17 @@ sshkey_new(int type)
|
|||||||
return k;
|
return k;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Frees common FIDO fields */
|
||||||
|
void
|
||||||
|
sshkey_sk_cleanup(struct sshkey *k)
|
||||||
|
{
|
||||||
|
free(k->sk_application);
|
||||||
|
sshbuf_free(k->sk_key_handle);
|
||||||
|
sshbuf_free(k->sk_reserved);
|
||||||
|
k->sk_application = NULL;
|
||||||
|
k->sk_key_handle = k->sk_reserved = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
sshkey_free(struct sshkey *k)
|
sshkey_free(struct sshkey *k)
|
||||||
{
|
{
|
||||||
@ -628,6 +639,17 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Compares FIDO-specific pubkey fields only */
|
||||||
|
int
|
||||||
|
sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b)
|
||||||
|
{
|
||||||
|
if (a->sk_application == NULL || b->sk_application == NULL)
|
||||||
|
return 0;
|
||||||
|
if (strcmp(a->sk_application, b->sk_application) != 0)
|
||||||
|
return 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compare public portions of key only, allowing comparisons between
|
* Compare public portions of key only, allowing comparisons between
|
||||||
* certificates and plain keys too.
|
* certificates and plain keys too.
|
||||||
@ -635,84 +657,14 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b)
|
|||||||
int
|
int
|
||||||
sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
|
sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
|
||||||
{
|
{
|
||||||
#if defined(WITH_OPENSSL)
|
const struct sshkey_impl *impl;
|
||||||
const BIGNUM *rsa_e_a, *rsa_n_a;
|
|
||||||
const BIGNUM *rsa_e_b, *rsa_n_b;
|
|
||||||
const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;
|
|
||||||
const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;
|
|
||||||
#endif /* WITH_OPENSSL */
|
|
||||||
|
|
||||||
if (a == NULL || b == NULL ||
|
if (a == NULL || b == NULL ||
|
||||||
sshkey_type_plain(a->type) != sshkey_type_plain(b->type))
|
sshkey_type_plain(a->type) != sshkey_type_plain(b->type))
|
||||||
return 0;
|
return 0;
|
||||||
|
if ((impl = sshkey_impl_from_type(a->type)) == NULL)
|
||||||
switch (a->type) {
|
|
||||||
#ifdef WITH_OPENSSL
|
|
||||||
case KEY_RSA_CERT:
|
|
||||||
case KEY_RSA:
|
|
||||||
if (a->rsa == NULL || b->rsa == NULL)
|
|
||||||
return 0;
|
return 0;
|
||||||
RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL);
|
return impl->funcs->equal(a, b);
|
||||||
RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL);
|
|
||||||
return BN_cmp(rsa_e_a, rsa_e_b) == 0 &&
|
|
||||||
BN_cmp(rsa_n_a, rsa_n_b) == 0;
|
|
||||||
case KEY_DSA_CERT:
|
|
||||||
case KEY_DSA:
|
|
||||||
if (a->dsa == NULL || b->dsa == NULL)
|
|
||||||
return 0;
|
|
||||||
DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a);
|
|
||||||
DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b);
|
|
||||||
DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL);
|
|
||||||
DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL);
|
|
||||||
return BN_cmp(dsa_p_a, dsa_p_b) == 0 &&
|
|
||||||
BN_cmp(dsa_q_a, dsa_q_b) == 0 &&
|
|
||||||
BN_cmp(dsa_g_a, dsa_g_b) == 0 &&
|
|
||||||
BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
|
|
||||||
# ifdef OPENSSL_HAS_ECC
|
|
||||||
case KEY_ECDSA_SK:
|
|
||||||
case KEY_ECDSA_SK_CERT:
|
|
||||||
if (a->sk_application == NULL || b->sk_application == NULL)
|
|
||||||
return 0;
|
|
||||||
if (strcmp(a->sk_application, b->sk_application) != 0)
|
|
||||||
return 0;
|
|
||||||
/* FALLTHROUGH */
|
|
||||||
case KEY_ECDSA_CERT:
|
|
||||||
case KEY_ECDSA:
|
|
||||||
if (a->ecdsa == NULL || b->ecdsa == NULL ||
|
|
||||||
EC_KEY_get0_public_key(a->ecdsa) == NULL ||
|
|
||||||
EC_KEY_get0_public_key(b->ecdsa) == NULL)
|
|
||||||
return 0;
|
|
||||||
if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa),
|
|
||||||
EC_KEY_get0_group(b->ecdsa), NULL) != 0 ||
|
|
||||||
EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa),
|
|
||||||
EC_KEY_get0_public_key(a->ecdsa),
|
|
||||||
EC_KEY_get0_public_key(b->ecdsa), NULL) != 0)
|
|
||||||
return 0;
|
|
||||||
return 1;
|
|
||||||
# endif /* OPENSSL_HAS_ECC */
|
|
||||||
#endif /* WITH_OPENSSL */
|
|
||||||
case KEY_ED25519_SK:
|
|
||||||
case KEY_ED25519_SK_CERT:
|
|
||||||
if (a->sk_application == NULL || b->sk_application == NULL)
|
|
||||||
return 0;
|
|
||||||
if (strcmp(a->sk_application, b->sk_application) != 0)
|
|
||||||
return 0;
|
|
||||||
/* FALLTHROUGH */
|
|
||||||
case KEY_ED25519:
|
|
||||||
case KEY_ED25519_CERT:
|
|
||||||
return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
|
|
||||||
memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
|
|
||||||
#ifdef WITH_XMSS
|
|
||||||
case KEY_XMSS:
|
|
||||||
case KEY_XMSS_CERT:
|
|
||||||
return a->xmss_pk != NULL && b->xmss_pk != NULL &&
|
|
||||||
sshkey_xmss_pklen(a) == sshkey_xmss_pklen(b) &&
|
|
||||||
memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) == 0;
|
|
||||||
#endif /* WITH_XMSS */
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
/* NOTREACHED */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|||||||
6
sshkey.h
6
sshkey.h
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: sshkey.h,v 1.53 2022/10/28 00:35:40 djm Exp $ */
|
/* $OpenBSD: sshkey.h,v 1.54 2022/10/28 00:36:31 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||||
@ -168,6 +168,7 @@ struct sshkey_impl_funcs {
|
|||||||
u_int (*size)(const struct sshkey *); /* optional */
|
u_int (*size)(const struct sshkey *); /* optional */
|
||||||
int (*alloc)(struct sshkey *); /* optional */
|
int (*alloc)(struct sshkey *); /* optional */
|
||||||
void (*cleanup)(struct sshkey *); /* optional */
|
void (*cleanup)(struct sshkey *); /* optional */
|
||||||
|
int (*equal)(const struct sshkey *, const struct sshkey *);
|
||||||
};
|
};
|
||||||
|
|
||||||
struct sshkey_impl {
|
struct sshkey_impl {
|
||||||
@ -306,6 +307,9 @@ int sshkey_private_serialize_maxsign(struct sshkey *key,
|
|||||||
void sshkey_sig_details_free(struct sshkey_sig_details *);
|
void sshkey_sig_details_free(struct sshkey_sig_details *);
|
||||||
|
|
||||||
#ifdef SSHKEY_INTERNAL
|
#ifdef SSHKEY_INTERNAL
|
||||||
|
int sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b);
|
||||||
|
void sshkey_sk_cleanup(struct sshkey *k);
|
||||||
|
|
||||||
int ssh_rsa_sign(const struct sshkey *key,
|
int ssh_rsa_sign(const struct sshkey *key,
|
||||||
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
|
u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
|
||||||
const char *ident);
|
const char *ident);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user