Hello,

below is a patch that adds support for mbedTLS ECDSA key comparison.
The patch passes all the tests and valgrind detects no memory leaks when running
the tests.

The patch removes the section about ECDSA support README.mbedtls.
I've also removed the mbedTLS ifdefs that skipped key comparison from
torture_pki_ecdsa.

Regards,
Juraj

>From 275849906eff1e3cf675653d3b98c8dcc0dcc0c6 Mon Sep 17 00:00:00 2001
From: jvijtiuk <juraj.vijt...@sartura.hr>
Date: Thu, 22 Feb 2018 15:38:11 +0100
Subject: [PATCH 1/1] Add mbedTLS ECDSA key comparison support

Signed-off-by: Juraj Vijtiuk <juraj.vijt...@sartura.hr>
---
 README.mbedtls                      | 12 ------------
 src/pki_mbedcrypto.c                | 38 ++++++++++++++++++++++++++++---------
 tests/unittests/torture_pki_ecdsa.c |  3 ---
 3 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/README.mbedtls b/README.mbedtls
index dd1f505d..fdf3b25d 100644
--- a/README.mbedtls
+++ b/README.mbedtls
@@ -1,15 +1,3 @@
-libssh mbedTLS ECDSA support
-=============================
-
-When built with mbedTLS, libssh currently does not support ECDSA key 
comparison.
-Since the comparison function is used during the verification of publickey
-authentication requests a libssh server will not be able to deal with ECDSA
-keys.
-
-In general, if the ssh_key_cmp function is used with mbedTLS, ECDSA key
-comparison won't work.
-
-
 mbedTLS and libssh in multithreaded applications
 ==================================================
 
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 5b412cc4..2c4ad4fe 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -451,15 +451,35 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, 
enum ssh_keycmp_e what)
             }
             break;
         }
-        case SSH_KEYTYPE_ECDSA:
-            /* TODO: mbedTLS can't compare ecdsa keys.
-               mbedtls_ecdsa_context is actually a mbedtls_ecp_keypair,
-               so the private and public points and the group can be accessed
-               through the keypair. However, mbedtls has no method 
corresponding
-               to OpenSSL's EC_GROUP_cmp and EC_POITN_cmp, so the comparison
-               would have to be done manually.
-             */
-            return 1;
+        case SSH_KEYTYPE_ECDSA: {
+            mbedtls_ecp_keypair *ecdsa1, *ecdsa2;
+            ecdsa1 = k1->ecdsa;
+            ecdsa2 = k2->ecdsa;
+
+            if (ecdsa1->grp.id != ecdsa2->grp.id) {
+                return 1;
+            }
+
+            if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.X, &ecdsa2->Q.X)) {
+                return 1;
+            }
+
+            if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Y, &ecdsa2->Q.Y)) {
+                return 1;
+            }
+
+            if (mbedtls_mpi_cmp_mpi(&ecdsa1->Q.Z, &ecdsa2->Q.Z)) {
+                return 1;
+            }
+
+            if (what == SSH_KEY_CMP_PRIVATE) {
+                if (mbedtls_mpi_cmp_mpi(&ecdsa1->d, &ecdsa2->d)) {
+                    return 1;
+                }
+            }
+
+            break;
+        }
         case SSH_KEYTYPE_ED25519:
             /* ed25519 keys handled globally */
             return 0;
diff --git a/tests/unittests/torture_pki_ecdsa.c 
b/tests/unittests/torture_pki_ecdsa.c
index 82b0ab06..6587a60d 100644
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@@ -227,11 +227,8 @@ static void torture_pki_ecdsa_duplicate_key(void **state)
 
     assert_string_equal(b64_key, b64_key_gen);
 
-#ifndef HAVE_LIBMBEDCRYPTO
-    /* libmbedcrypto can't compare ecdsa keys */
     rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
     assert_true(rc == 0);
-#endif
 
     ssh_key_free(pubkey);
     ssh_key_free(privkey);
-- 
2.11.0

Reply via email to