auth, pki: Calculate hash internally when signing/verifying
This makes pki_do_sign() and pki_signature_verify() to receive the original input instead of the pre-calculated hash. The hash is then calculated internally. The hash to be used inside the signature is decided earlier, when all the information about the signature to be generated/verified is available. Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid(). The tests were modified to use pki_do_sign() instead of pki_do_sign_hash(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
Anderson Toshiyuki Sasaki
Andreas Schneider
родитель
58b3b2696c
Коммит
76f9808eb2
@ -101,6 +101,8 @@ ssh_key_get_signature_algorithm(ssh_session session,
|
||||
enum ssh_keytypes_e type);
|
||||
enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name);
|
||||
enum ssh_keytypes_e ssh_key_type_plain(enum ssh_keytypes_e type);
|
||||
enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
|
||||
enum ssh_keytypes_e type);
|
||||
|
||||
#define is_ecdsa_key_type(t) \
|
||||
((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
|
||||
@ -138,7 +140,7 @@ int ssh_pki_import_cert_blob(const ssh_string cert_blob,
|
||||
|
||||
/* SSH Signing Functions */
|
||||
ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
|
||||
const ssh_key privatekey);
|
||||
const ssh_key privatekey, enum ssh_digest_e hash_type);
|
||||
ssh_string ssh_pki_do_sign_agent(ssh_session session,
|
||||
struct ssh_buffer_struct *buf,
|
||||
const ssh_key pubkey);
|
||||
|
||||
@ -117,12 +117,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
int pki_signature_verify(ssh_session session,
|
||||
const ssh_signature sig,
|
||||
const ssh_key key,
|
||||
const unsigned char *hash,
|
||||
size_t hlen);
|
||||
const unsigned char *input,
|
||||
size_t input_len);
|
||||
|
||||
/* SSH Signing Functions */
|
||||
#define pki_do_sign(key, hash, hlen) \
|
||||
pki_do_sign_hash(key, hash, hlen, SSH_DIGEST_AUTO)
|
||||
ssh_signature pki_do_sign(const ssh_key privkey,
|
||||
const unsigned char *input,
|
||||
size_t input_len,
|
||||
enum ssh_digest_e hash_type);
|
||||
ssh_signature pki_do_sign_hash(const ssh_key privkey,
|
||||
const unsigned char *hash,
|
||||
size_t hlen,
|
||||
|
||||
@ -613,6 +613,7 @@ int ssh_userauth_publickey(ssh_session session,
|
||||
int rc;
|
||||
const char *sig_type_c = NULL;
|
||||
enum ssh_keytypes_e key_type;
|
||||
enum ssh_digest_e hash_type;
|
||||
|
||||
if (session == NULL) {
|
||||
return SSH_AUTH_ERROR;
|
||||
@ -681,8 +682,11 @@ int ssh_userauth_publickey(ssh_session session,
|
||||
}
|
||||
ssh_string_free(str);
|
||||
|
||||
/* Get the hash type to be used in the signature based on the key type */
|
||||
hash_type = ssh_key_type_to_hash(session, privkey->type);
|
||||
|
||||
/* sign the buffer with the private key */
|
||||
str = ssh_pki_do_sign(session, session->out_buffer, privkey);
|
||||
str = ssh_pki_do_sign(session, session->out_buffer, privkey, hash_type);
|
||||
if (str == NULL) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
228
src/pki.c
228
src/pki.c
@ -2064,12 +2064,18 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
|
||||
int ssh_pki_signature_verify(ssh_session session,
|
||||
ssh_signature sig,
|
||||
const ssh_key key,
|
||||
unsigned char *digest,
|
||||
size_t dlen)
|
||||
unsigned char *input,
|
||||
size_t input_len)
|
||||
{
|
||||
int rc;
|
||||
enum ssh_keytypes_e key_type = ssh_key_type_plain(key->type);
|
||||
|
||||
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
|
||||
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
|
||||
"ssh_pki_signature_verify()");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
SSH_LOG(SSH_LOG_FUNCTIONS,
|
||||
"Going to verify a %s type signature",
|
||||
sig->type_c);
|
||||
@ -2081,77 +2087,68 @@ int ssh_pki_signature_verify(ssh_session session,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
if (is_ecdsa_key_type(key_type)) {
|
||||
#if HAVE_ECC
|
||||
unsigned char ehash[EVP_DIGEST_LEN] = {0};
|
||||
uint32_t elen;
|
||||
|
||||
evp(key->ecdsa_nid, digest, dlen, ehash, &elen);
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_print_hexa("Hash to be verified with ecdsa",
|
||||
ehash, elen);
|
||||
#endif
|
||||
|
||||
rc = pki_signature_verify(session,
|
||||
sig,
|
||||
key,
|
||||
ehash,
|
||||
elen);
|
||||
#endif
|
||||
} else if (key_type == SSH_KEYTYPE_ED25519) {
|
||||
rc = pki_signature_verify(session, sig, key, digest, dlen);
|
||||
} else {
|
||||
unsigned char hash[SHA512_DIGEST_LEN] = {0};
|
||||
uint32_t hlen = 0;
|
||||
|
||||
if (sig->type != SSH_KEYTYPE_RSA && sig->hash_type != SSH_DIGEST_AUTO) {
|
||||
SSH_LOG(SSH_LOG_TRACE, "Only RSA keys support non-SHA1 hashes.");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(digest, dlen, hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(digest, dlen, hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA1:
|
||||
case SSH_DIGEST_AUTO:
|
||||
sha1(digest, dlen, hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_print_hexa(key_type == SSH_KEYTYPE_DSS
|
||||
? "Hash to be verified with DSA"
|
||||
: "Hash to be verified with RSA",
|
||||
hash,
|
||||
hlen);
|
||||
#endif
|
||||
|
||||
rc = pki_signature_verify(session,
|
||||
sig,
|
||||
key,
|
||||
hash,
|
||||
hlen);
|
||||
}
|
||||
rc = pki_signature_verify(session, sig, key, input, input_len);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
ssh_signature pki_do_sign(const ssh_key privkey,
|
||||
const unsigned char *input,
|
||||
size_t input_len,
|
||||
enum ssh_digest_e hash_type)
|
||||
{
|
||||
unsigned char hash[SHA512_DIGEST_LEN] = {0};
|
||||
uint32_t hlen = 0;
|
||||
|
||||
if (privkey == NULL || input == NULL) {
|
||||
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
|
||||
"pki_do_sign()");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (privkey->type == SSH_KEYTYPE_ED25519 ||
|
||||
privkey->type == SSH_KEYTYPE_ED25519_CERT01)
|
||||
{
|
||||
return pki_do_sign_hash(privkey, input, input_len, SSH_DIGEST_AUTO);
|
||||
}
|
||||
|
||||
switch (hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(input, input_len, hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA384:
|
||||
sha384(input, input_len, hash);
|
||||
hlen = SHA384_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(input, input_len, hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_AUTO:
|
||||
case SSH_DIGEST_SHA1:
|
||||
sha1(input, input_len, hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
|
||||
hash_type);
|
||||
goto error;
|
||||
}
|
||||
|
||||
return pki_do_sign_hash(privkey, hash, hlen, hash_type);
|
||||
|
||||
error:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* This function signs the session id as a string then
|
||||
* the content of sigbuf */
|
||||
ssh_string ssh_pki_do_sign(ssh_session session,
|
||||
ssh_buffer sigbuf,
|
||||
const ssh_key privkey)
|
||||
const ssh_key privkey,
|
||||
enum ssh_digest_e hash_type)
|
||||
{
|
||||
struct ssh_crypto_struct *crypto = NULL;
|
||||
|
||||
@ -2161,11 +2158,13 @@ ssh_string ssh_pki_do_sign(ssh_session session,
|
||||
ssh_string session_id = NULL;
|
||||
ssh_buffer sign_input = NULL;
|
||||
|
||||
enum ssh_digest_e hash_type;
|
||||
|
||||
int rc;
|
||||
|
||||
if (privkey == NULL || !ssh_key_is_private(privkey)) {
|
||||
if (session == NULL || sigbuf == NULL || privkey == NULL ||
|
||||
!ssh_key_is_private(privkey))
|
||||
{
|
||||
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
|
||||
"ssh_pki_do_sign()");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -2181,9 +2180,6 @@ ssh_string ssh_pki_do_sign(ssh_session session,
|
||||
}
|
||||
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
|
||||
|
||||
/* Get the hash type from the key type */
|
||||
hash_type = ssh_key_type_to_hash(session, privkey->type);
|
||||
|
||||
/* Fill the input */
|
||||
sign_input = ssh_buffer_new();
|
||||
if (sign_input == NULL) {
|
||||
@ -2200,52 +2196,14 @@ ssh_string ssh_pki_do_sign(ssh_session session,
|
||||
}
|
||||
|
||||
/* Generate the signature */
|
||||
if (privkey->type == SSH_KEYTYPE_ED25519){
|
||||
sig = pki_do_sign(privkey,
|
||||
ssh_buffer_get(sign_input),
|
||||
ssh_buffer_get_len(sign_input));
|
||||
} else {
|
||||
unsigned char hash[SHA512_DIGEST_LEN] = {0};
|
||||
uint32_t hlen = 0;
|
||||
switch (hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA384:
|
||||
sha384(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA384_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA1:
|
||||
case SSH_DIGEST_AUTO:
|
||||
sha1(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
|
||||
hash_type);
|
||||
goto end;
|
||||
}
|
||||
sig = pki_do_sign_hash(privkey, hash, hlen, hash_type);
|
||||
}
|
||||
|
||||
sig = pki_do_sign(privkey,
|
||||
ssh_buffer_get(sign_input),
|
||||
ssh_buffer_get_len(sign_input),
|
||||
hash_type);
|
||||
if (sig == NULL) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d",
|
||||
privkey->type_c, hash_type);
|
||||
#endif
|
||||
|
||||
/* Convert the signature to blob */
|
||||
rc = ssh_pki_export_signature_blob(sig, &sig_blob);
|
||||
if (rc < 0) {
|
||||
@ -2355,52 +2313,14 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
|
||||
}
|
||||
|
||||
/* Generate the signature */
|
||||
if (privkey->type == SSH_KEYTYPE_ED25519){
|
||||
sig = pki_do_sign(privkey,
|
||||
ssh_buffer_get(sign_input),
|
||||
ssh_buffer_get_len(sign_input));
|
||||
} else {
|
||||
unsigned char hash[SHA512_DIGEST_LEN] = {0};
|
||||
uint32_t hlen = 0;
|
||||
switch (hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA384:
|
||||
sha384(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA384_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
break;
|
||||
case SSH_DIGEST_SHA1:
|
||||
case SSH_DIGEST_AUTO:
|
||||
sha1(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input),
|
||||
hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
|
||||
hash_type);
|
||||
goto end;
|
||||
}
|
||||
sig = pki_do_sign_hash(privkey, hash, hlen, hash_type);
|
||||
}
|
||||
|
||||
sig = pki_do_sign(privkey,
|
||||
ssh_buffer_get(sign_input),
|
||||
ssh_buffer_get_len(sign_input),
|
||||
hash_type);
|
||||
if (sig == NULL) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d",
|
||||
privkey->type_c, hash_type);
|
||||
#endif
|
||||
|
||||
/* Convert the signature to blob */
|
||||
rc = ssh_pki_export_signature_blob(sig, &sig_blob);
|
||||
if (rc < 0) {
|
||||
|
||||
@ -1856,12 +1856,15 @@ error:
|
||||
int pki_signature_verify(ssh_session session,
|
||||
const ssh_signature sig,
|
||||
const ssh_key key,
|
||||
const unsigned char *hash,
|
||||
size_t hlen)
|
||||
const unsigned char *input,
|
||||
size_t input_len)
|
||||
{
|
||||
int rc;
|
||||
int nid;
|
||||
|
||||
unsigned char hash[SHA512_DIGEST_LEN] = {0};
|
||||
uint32_t hlen = 0;
|
||||
|
||||
if (ssh_key_type_plain(key->type) != sig->type) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Can not verify %s signature with %s key",
|
||||
@ -1870,6 +1873,49 @@ int pki_signature_verify(ssh_session session,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
/* For ed25519 keys, verify using the input directly */
|
||||
if (key->type == SSH_KEYTYPE_ED25519 ||
|
||||
key->type == SSH_KEYTYPE_ED25519_CERT01)
|
||||
{
|
||||
rc = pki_ed25519_verify(key, sig, input, input_len);
|
||||
if (rc != SSH_OK){
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"ed25519 signature verification error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
|
||||
/* For the other key types, calculate the hash and verify the signature */
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(input, input_len, hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
nid = NID_sha256;
|
||||
break;
|
||||
case SSH_DIGEST_SHA384:
|
||||
sha384(input, input_len, hash);
|
||||
hlen = SHA384_DIGEST_LEN;
|
||||
nid = NID_sha384;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(input, input_len, hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
nid = NID_sha512;
|
||||
break;
|
||||
case SSH_DIGEST_AUTO:
|
||||
case SSH_DIGEST_SHA1:
|
||||
sha1(input, input_len, hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
nid = NID_sha1;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
switch (key->type) {
|
||||
case SSH_KEYTYPE_DSS:
|
||||
case SSH_KEYTYPE_DSS_CERT01:
|
||||
@ -1888,25 +1934,6 @@ int pki_signature_verify(ssh_session session,
|
||||
case SSH_KEYTYPE_RSA:
|
||||
case SSH_KEYTYPE_RSA1:
|
||||
case SSH_KEYTYPE_RSA_CERT01:
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_AUTO:
|
||||
case SSH_DIGEST_SHA1:
|
||||
nid = NID_sha1;
|
||||
break;
|
||||
case SSH_DIGEST_SHA256:
|
||||
nid = NID_sha256;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
nid = NID_sha512;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown hash type %d", sig->hash_type);
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"Unexpected hash type %d during RSA verify",
|
||||
sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
rc = RSA_verify(nid,
|
||||
hash,
|
||||
hlen,
|
||||
@ -1922,16 +1949,6 @@ int pki_signature_verify(ssh_session session,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_ED25519:
|
||||
case SSH_KEYTYPE_ED25519_CERT01:
|
||||
rc = pki_ed25519_verify(key, sig, hash, hlen);
|
||||
if (rc != SSH_OK){
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"ed25519 signature verification error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_ECDSA_P256:
|
||||
case SSH_KEYTYPE_ECDSA_P384:
|
||||
case SSH_KEYTYPE_ECDSA_P521:
|
||||
@ -2040,6 +2057,11 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d",
|
||||
privkey->type_c, hash_type);
|
||||
#endif
|
||||
|
||||
return sig;
|
||||
}
|
||||
|
||||
|
||||
@ -2088,14 +2088,19 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
int pki_signature_verify(ssh_session session,
|
||||
const ssh_signature sig,
|
||||
const ssh_key key,
|
||||
const unsigned char *hash,
|
||||
size_t hlen)
|
||||
const unsigned char *input,
|
||||
size_t input_len)
|
||||
{
|
||||
unsigned char ghash[hlen + 1];
|
||||
const char *hash_type = NULL;
|
||||
gcry_sexp_t sexp;
|
||||
gcry_error_t err;
|
||||
|
||||
unsigned char ghash[SHA512_DIGEST_LEN + 1] = {0};
|
||||
unsigned char *hash = ghash + 1;
|
||||
uint32_t hlen = 0;
|
||||
|
||||
int rc;
|
||||
|
||||
if (ssh_key_type_plain(key->type) != sig->type) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Can not verify %s signature with %s key",
|
||||
@ -2104,13 +2109,54 @@ int pki_signature_verify(ssh_session session,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
/* For ed25519 keys, verify using the input directly */
|
||||
if (key->type == SSH_KEYTYPE_ED25519 ||
|
||||
key->type == SSH_KEYTYPE_ED25519_CERT01)
|
||||
{
|
||||
rc = pki_ed25519_verify(key, sig, input, input_len);
|
||||
if (rc != SSH_OK){
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"ed25519 signature verification error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
|
||||
/* For the other key types, calculate the hash and verify the signature */
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(input, input_len, hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
hash_type = "sha256";
|
||||
break;
|
||||
case SSH_DIGEST_SHA384:
|
||||
sha384(input, input_len, hash);
|
||||
hlen = SHA384_DIGEST_LEN;
|
||||
hash_type = "sha384";
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(input, input_len, hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
hash_type = "sha512";
|
||||
break;
|
||||
case SSH_DIGEST_AUTO:
|
||||
case SSH_DIGEST_SHA1:
|
||||
sha1(input, input_len, hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
hash_type = "sha1";
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
switch(key->type) {
|
||||
case SSH_KEYTYPE_DSS:
|
||||
case SSH_KEYTYPE_DSS_CERT01:
|
||||
/* That is to mark the number as positive */
|
||||
if(hash[0] >= 0x80) {
|
||||
memcpy(ghash + 1, hash, hlen);
|
||||
ghash[0] = 0;
|
||||
hash = ghash;
|
||||
hlen += 1;
|
||||
}
|
||||
@ -2137,25 +2183,6 @@ int pki_signature_verify(ssh_session session,
|
||||
break;
|
||||
case SSH_KEYTYPE_RSA:
|
||||
case SSH_KEYTYPE_RSA_CERT01:
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
hash_type = "sha256";
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
hash_type = "sha512";
|
||||
break;
|
||||
case SSH_DIGEST_SHA1:
|
||||
case SSH_DIGEST_AUTO:
|
||||
hash_type = "sha1";
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown sig type %d", sig->hash_type);
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"Unexpected signature type %d during RSA verify",
|
||||
sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
err = gcry_sexp_build(&sexp,
|
||||
NULL,
|
||||
"(data(flags pkcs1)(hash %s %b))",
|
||||
@ -2180,14 +2207,6 @@ int pki_signature_verify(ssh_session session,
|
||||
return SSH_ERROR;
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_ED25519:
|
||||
case SSH_KEYTYPE_ED25519_CERT01:
|
||||
err = pki_ed25519_verify(key, sig, hash, hlen);
|
||||
if (err != SSH_OK){
|
||||
ssh_set_error(session, SSH_FATAL, "ed25519 signature verification error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_ECDSA_P256:
|
||||
case SSH_KEYTYPE_ECDSA_P384:
|
||||
case SSH_KEYTYPE_ECDSA_P521:
|
||||
|
||||
@ -1022,11 +1022,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
||||
}
|
||||
|
||||
int pki_signature_verify(ssh_session session, const ssh_signature sig, const
|
||||
ssh_key key, const unsigned char *hash, size_t hlen)
|
||||
ssh_key key, const unsigned char *input, size_t input_len)
|
||||
{
|
||||
int rc;
|
||||
mbedtls_md_type_t md = 0;
|
||||
|
||||
unsigned char hash[SHA512_DIGEST_LEN] = {0};
|
||||
uint32_t hlen = 0;
|
||||
|
||||
if (ssh_key_type_plain(key->type) != sig->type) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Can not verify %s signature with %s key",
|
||||
@ -1035,28 +1038,52 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
/* For ed25519 keys, verify using the input directly */
|
||||
if (key->type == SSH_KEYTYPE_ED25519 ||
|
||||
key->type == SSH_KEYTYPE_ED25519_CERT01)
|
||||
{
|
||||
rc = pki_ed25519_verify(key, sig, input, input_len);
|
||||
if (rc != SSH_OK){
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"ed25519 signature verification error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
|
||||
/* For the other key types, calculate the hash and verify the signature */
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_SHA256:
|
||||
sha256(input, input_len, hash);
|
||||
hlen = SHA256_DIGEST_LEN;
|
||||
md = MBEDTLS_MD_SHA256;
|
||||
break;
|
||||
case SSH_DIGEST_SHA384:
|
||||
sha384(input, input_len, hash);
|
||||
hlen = SHA384_DIGEST_LEN;
|
||||
md = MBEDTLS_MD_SHA384;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
sha512(input, input_len, hash);
|
||||
hlen = SHA512_DIGEST_LEN;
|
||||
md = MBEDTLS_MD_SHA512;
|
||||
break;
|
||||
case SSH_DIGEST_AUTO:
|
||||
case SSH_DIGEST_SHA1:
|
||||
sha1(input, input_len, hash);
|
||||
hlen = SHA_DIGEST_LEN;
|
||||
md = MBEDTLS_MD_SHA1;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
switch (key->type) {
|
||||
case SSH_KEYTYPE_RSA:
|
||||
case SSH_KEYTYPE_RSA_CERT01:
|
||||
switch (sig->hash_type) {
|
||||
case SSH_DIGEST_SHA1:
|
||||
case SSH_DIGEST_AUTO:
|
||||
md = MBEDTLS_MD_SHA1;
|
||||
break;
|
||||
case SSH_DIGEST_SHA256:
|
||||
md = MBEDTLS_MD_SHA256;
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
md = MBEDTLS_MD_SHA512;
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_TRACE, "Unknown sig type %d", sig->hash_type);
|
||||
ssh_set_error(session,
|
||||
SSH_FATAL,
|
||||
"Unexpected signature hash type %d during RSA verify",
|
||||
sig->hash_type);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
rc = mbedtls_pk_verify(key->rsa, md, hash, hlen,
|
||||
ssh_string_data(sig->rsa_sig),
|
||||
ssh_string_len(sig->rsa_sig));
|
||||
@ -1078,20 +1105,11 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
|
||||
if (rc != 0) {
|
||||
char error_buf[100];
|
||||
mbedtls_strerror(rc, error_buf, 100);
|
||||
ssh_set_error(session, SSH_FATAL, "RSA error: %s", error_buf);
|
||||
ssh_set_error(session, SSH_FATAL, "ECDSA error: %s", error_buf);
|
||||
return SSH_ERROR;
|
||||
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_ED25519:
|
||||
case SSH_KEYTYPE_ED25519_CERT01:
|
||||
rc = pki_ed25519_verify(key, sig, hash, hlen);
|
||||
if (rc != SSH_OK) {
|
||||
ssh_set_error(session, SSH_FATAL,
|
||||
"ed25519 signature verification error");
|
||||
return SSH_ERROR;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
|
||||
return SSH_ERROR;
|
||||
|
||||
@ -206,7 +206,7 @@ static void torture_pki_verify_mismatch(void **state)
|
||||
sig_type, hash);
|
||||
|
||||
/* Create a valid signature using this key */
|
||||
sign = pki_do_sign_hash(key, HASH, hash_length, hash);
|
||||
sign = pki_do_sign(key, HASH, hash_length, hash);
|
||||
assert_non_null(sign);
|
||||
assert_int_equal(sign->type, key->type);
|
||||
if (hash == SSH_DIGEST_AUTO) {
|
||||
|
||||
@ -621,7 +621,7 @@ static void torture_pki_dsa_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, DSA_HASH, 20);
|
||||
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -631,7 +631,7 @@ static void torture_pki_dsa_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, DSA_HASH, 20);
|
||||
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -641,7 +641,7 @@ static void torture_pki_dsa_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, DSA_HASH, 20);
|
||||
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -671,7 +671,7 @@ static void torture_pki_dsa_cert_verify(void **state)
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(cert);
|
||||
|
||||
sign = pki_do_sign(privkey, DSA_HASH, 20);
|
||||
sign = pki_do_sign(privkey, DSA_HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, cert, DSA_HASH, 20);
|
||||
assert_true(rc == SSH_OK);
|
||||
|
||||
@ -474,7 +474,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -492,7 +492,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -509,7 +509,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -527,7 +527,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -544,7 +544,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -562,7 +562,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -599,7 +599,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(cert);
|
||||
|
||||
sign = pki_do_sign(privkey, ECDSA_HASH, 20);
|
||||
sign = pki_do_sign(privkey, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, cert, ECDSA_HASH, 20);
|
||||
assert_true(rc == SSH_OK);
|
||||
|
||||
@ -349,7 +349,7 @@ static void torture_pki_ed25519_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_ED25519, 256, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, HASH, 20);
|
||||
sign = pki_do_sign(key, HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -389,7 +389,7 @@ static void torture_pki_ed25519_cert_verify(void **state)
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(cert);
|
||||
|
||||
sign = pki_do_sign(privkey, HASH, 20);
|
||||
sign = pki_do_sign(privkey, HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, cert, HASH, 20);
|
||||
assert_true(rc == SSH_OK);
|
||||
|
||||
@ -469,7 +469,7 @@ static void torture_pki_rsa_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -480,7 +480,7 @@ static void torture_pki_rsa_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -491,7 +491,7 @@ static void torture_pki_rsa_generate_key(void **state)
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
|
||||
assert_true(rc == SSH_OK);
|
||||
@ -522,7 +522,7 @@ static void torture_pki_rsa_sha2(void **state)
|
||||
assert_non_null(cert);
|
||||
|
||||
/* Sign using automatic digest */
|
||||
sign = pki_do_sign_hash(key, RSA_HASH, 20, SSH_DIGEST_AUTO);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_AUTO);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, key, RSA_HASH, 20);
|
||||
assert_ssh_return_code(session, rc);
|
||||
@ -531,7 +531,7 @@ static void torture_pki_rsa_sha2(void **state)
|
||||
ssh_signature_free(sign);
|
||||
|
||||
/* Sign using old SHA1 digest */
|
||||
sign = pki_do_sign_hash(key, RSA_HASH, 20, SSH_DIGEST_SHA1);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA1);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, key, RSA_HASH, 20);
|
||||
assert_ssh_return_code(session, rc);
|
||||
@ -540,7 +540,7 @@ static void torture_pki_rsa_sha2(void **state)
|
||||
ssh_signature_free(sign);
|
||||
|
||||
/* Sign using new SHA256 digest */
|
||||
sign = pki_do_sign_hash(key, SHA256_HASH, 32, SSH_DIGEST_SHA256);
|
||||
sign = pki_do_sign(key, SHA256_HASH, 32, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, key, SHA256_HASH, 32);
|
||||
assert_ssh_return_code(session, rc);
|
||||
@ -549,7 +549,7 @@ static void torture_pki_rsa_sha2(void **state)
|
||||
ssh_signature_free(sign);
|
||||
|
||||
/* Sign using rsa-sha2-512 algorithm */
|
||||
sign = pki_do_sign_hash(key, SHA512_HASH, 64, SSH_DIGEST_SHA512);
|
||||
sign = pki_do_sign(key, SHA512_HASH, 64, SSH_DIGEST_SHA512);
|
||||
assert_non_null(sign);
|
||||
rc = pki_signature_verify(session, sign, key, SHA512_HASH, 64);
|
||||
assert_ssh_return_code(session, rc);
|
||||
|
||||
@ -575,7 +575,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
||||
assert_ssh_return_code(session, rc);
|
||||
assert_non_null(key);
|
||||
|
||||
sign = pki_do_sign(key, RSA_HASH, 20);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
|
||||
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
|
||||
@ -588,7 +588,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
||||
assert_ssh_return_code(session, rc);
|
||||
assert_non_null(key);
|
||||
|
||||
sign = pki_do_sign(key, RSA_HASH, 20);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
|
||||
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
|
||||
@ -602,7 +602,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
|
||||
sign = pki_do_sign(key, RSA_HASH, 20);
|
||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||
assert_non_null(sign);
|
||||
|
||||
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
|
||||
|
||||
Загрузка…
x
Ссылка в новой задаче
Block a user