pki: Add mbedTLS ECDSA key comparison support

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-22 15:56:05 +01:00 · 2018-02-22 15:56:05 +01:00 · d11869bdb6
--- a/README.mbedtls
+++ b/README.mbedtls
@ -1,15 +1,3 @@
-libssh mbedTLS ECDSA support
-=============================
-
-When built with mbedTLS, libssh currently does not support ECDSA key comparison.
-Since the comparison function is used during the verification of publickey
-authentication requests a libssh server will not be able to deal with ECDSA
-keys.
-
-In general, if the ssh_key_cmp function is used with mbedTLS, ECDSA key
-comparison won't work.
-
-
 mbedTLS and libssh in multithreaded applications
 ==================================================

--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@ -451,15 +451,34 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
            }
            break;
        }
-        case SSH_KEYTYPE_ECDSA:
-            /* TODO: mbedTLS can't compare ecdsa keys.
-               mbedtls_ecdsa_context is actually a mbedtls_ecp_keypair,
-               so the private and public points and the group can be accessed
-               through the keypair. However, mbedtls has no method corresponding
-               to OpenSSL's EC_GROUP_cmp and EC_POITN_cmp, so the comparison
-               would have to be done manually.
-             */
-            return 1;
+        case SSH_KEYTYPE_ECDSA: {
+            mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa;
+            mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa;
+
+            if (ecdsa1->grp.id != ecdsa2->grp.id) {
+                return 1;
+            }
+
+            if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.X, &ecdsa2->Q.X)) {
+                return 1;
+            }
+
+            if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Y, &ecdsa2->Q.Y)) {
+                return 1;
+            }
+
+            if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Z, &ecdsa2->Q.Z)) {
+                return 1;
+            }
+
+            if (what == SSH_KEY_CMP_PRIVATE) {
+                if (mbedtls_mpi_cmp_mpi(&ecdsa1->d, &ecdsa2->d)) {
+                    return 1;
+                }
+            }
+
+            break;
+        }
        case SSH_KEYTYPE_ED25519:
            /* ed25519 keys handled globally */
            return 0;
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@ -227,11 +227,8 @@ static void torture_pki_ecdsa_duplicate_key(void **state)

    assert_string_equal(b64_key, b64_key_gen);

-#ifndef HAVE_LIBMBEDCRYPTO
-    /* libmbedcrypto can't compare ecdsa keys */
    rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
    assert_true(rc == 0);
-#endif

    ssh_key_free(pubkey);
    ssh_key_free(privkey);