pki: Handle hash correctly.
Looks like only DSA in grypt needs a leading zero to mark the has as positive. See http://lists.gnupg.org/pipermail/gcrypt-devel/2005-February/000754.html
Этот коммит содержится в:
Andreas Schneider
родитель
228e2edac5
Коммит
79ed1bc601
@ -59,12 +59,13 @@ int pki_signature_verify(ssh_session session,
|
|||||||
const ssh_signature sig,
|
const ssh_signature sig,
|
||||||
const ssh_key key,
|
const ssh_key key,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
size_t len);
|
size_t hlen);
|
||||||
|
|
||||||
/* SSH Signing Functions */
|
/* SSH Signing Functions */
|
||||||
ssh_signature pki_do_sign(const ssh_key privkey,
|
ssh_signature pki_do_sign(const ssh_key privkey,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
size_t hlen);
|
size_t hlen);
|
||||||
ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
||||||
const unsigned char *hash);
|
const unsigned char *hash,
|
||||||
|
size_t hlen);
|
||||||
#endif /* PKI_PRIV_H_ */
|
#endif /* PKI_PRIV_H_ */
|
||||||
|
|||||||
22
src/pki.c
22
src/pki.c
@ -1022,7 +1022,7 @@ int ssh_pki_signature_verify_blob(ssh_session session,
|
|||||||
unsigned char *digest,
|
unsigned char *digest,
|
||||||
size_t dlen)
|
size_t dlen)
|
||||||
{
|
{
|
||||||
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
|
unsigned char hash[SHA_DIGEST_LEN] = {0};
|
||||||
ssh_signature sig;
|
ssh_signature sig;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
@ -1038,10 +1038,10 @@ int ssh_pki_signature_verify_blob(ssh_session session,
|
|||||||
key->type_c);
|
key->type_c);
|
||||||
|
|
||||||
|
|
||||||
sha1(digest, dlen, hash + 1);
|
sha1(digest, dlen, hash);
|
||||||
|
|
||||||
#ifdef DEBUG_CRYPTO
|
#ifdef DEBUG_CRYPTO
|
||||||
ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN);
|
ssh_print_hexa("Hash to be verified with dsa", hash, SHA_DIGEST_LEN);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
rc = pki_signature_verify(session,
|
rc = pki_signature_verify(session,
|
||||||
@ -1063,7 +1063,7 @@ ssh_string ssh_pki_do_sign(ssh_session session,
|
|||||||
struct ssh_crypto_struct *crypto =
|
struct ssh_crypto_struct *crypto =
|
||||||
session->current_crypto ? session->current_crypto :
|
session->current_crypto ? session->current_crypto :
|
||||||
session->next_crypto;
|
session->next_crypto;
|
||||||
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
|
unsigned char hash[SHA_DIGEST_LEN] = {0};
|
||||||
ssh_signature sig;
|
ssh_signature sig;
|
||||||
ssh_string sig_blob = NULL;
|
ssh_string sig_blob = NULL;
|
||||||
ssh_string str = NULL;
|
ssh_string str = NULL;
|
||||||
@ -1089,11 +1089,10 @@ ssh_string ssh_pki_do_sign(ssh_session session,
|
|||||||
sha1_update(ctx, str, ssh_string_len(str) + 4);
|
sha1_update(ctx, str, ssh_string_len(str) + 4);
|
||||||
ssh_string_free(str);
|
ssh_string_free(str);
|
||||||
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
|
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
|
||||||
sha1_final(hash + 1, ctx);
|
sha1_final(hash, ctx);
|
||||||
hash[0] = 0;
|
|
||||||
|
|
||||||
#ifdef DEBUG_CRYPTO
|
#ifdef DEBUG_CRYPTO
|
||||||
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
|
ssh_print_hexa("Hash being signed with dsa", hash, SHA_DIGEST_LEN);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
|
sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
|
||||||
@ -1169,7 +1168,7 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
|
|||||||
struct ssh_crypto_struct *crypto =
|
struct ssh_crypto_struct *crypto =
|
||||||
session->current_crypto ? session->current_crypto :
|
session->current_crypto ? session->current_crypto :
|
||||||
session->next_crypto;
|
session->next_crypto;
|
||||||
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
|
unsigned char hash[SHA_DIGEST_LEN] = {0};
|
||||||
ssh_signature sig;
|
ssh_signature sig;
|
||||||
ssh_string sig_blob;
|
ssh_string sig_blob;
|
||||||
SHACTX ctx;
|
SHACTX ctx;
|
||||||
@ -1184,14 +1183,13 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
sha1_update(ctx, crypto->session_id, SHA_DIGEST_LEN);
|
sha1_update(ctx, crypto->session_id, SHA_DIGEST_LEN);
|
||||||
sha1_final(hash + 1, ctx);
|
sha1_final(hash, ctx);
|
||||||
hash[0] = 0;
|
|
||||||
|
|
||||||
#ifdef DEBUG_CRYPTO
|
#ifdef DEBUG_CRYPTO
|
||||||
ssh_print_hexa("Hash being signed", hash + 1, SHA_DIGEST_LEN);
|
ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
sig = pki_do_sign_sessionid(privkey, hash);
|
sig = pki_do_sign_sessionid(privkey, hash, SHA_DIGEST_LEN);
|
||||||
if (sig == NULL) {
|
if (sig == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -677,14 +677,14 @@ int pki_signature_verify(ssh_session session,
|
|||||||
const ssh_signature sig,
|
const ssh_signature sig,
|
||||||
const ssh_key key,
|
const ssh_key key,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
size_t len)
|
size_t hlen)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
switch(key->type) {
|
switch(key->type) {
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
rc = DSA_do_verify(hash + 1,
|
rc = DSA_do_verify(hash,
|
||||||
len,
|
hlen,
|
||||||
sig->dsa_sig,
|
sig->dsa_sig,
|
||||||
key->dsa);
|
key->dsa);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
@ -698,8 +698,8 @@ int pki_signature_verify(ssh_session session,
|
|||||||
case SSH_KEYTYPE_RSA:
|
case SSH_KEYTYPE_RSA:
|
||||||
case SSH_KEYTYPE_RSA1:
|
case SSH_KEYTYPE_RSA1:
|
||||||
rc = RSA_verify(NID_sha1,
|
rc = RSA_verify(NID_sha1,
|
||||||
hash + 1,
|
hash,
|
||||||
len,
|
hlen,
|
||||||
string_data(sig->rsa_sig),
|
string_data(sig->rsa_sig),
|
||||||
ssh_string_len(sig->rsa_sig),
|
ssh_string_len(sig->rsa_sig),
|
||||||
key->rsa);
|
key->rsa);
|
||||||
@ -734,7 +734,7 @@ ssh_signature pki_do_sign(const ssh_key privkey,
|
|||||||
|
|
||||||
switch(privkey->type) {
|
switch(privkey->type) {
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
sig->dsa_sig = DSA_do_sign(hash + 1, hlen, privkey->dsa);
|
sig->dsa_sig = DSA_do_sign(hash, hlen, privkey->dsa);
|
||||||
if (sig->dsa_sig == NULL) {
|
if (sig->dsa_sig == NULL) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -748,7 +748,7 @@ ssh_signature pki_do_sign(const ssh_key privkey,
|
|||||||
break;
|
break;
|
||||||
case SSH_KEYTYPE_RSA:
|
case SSH_KEYTYPE_RSA:
|
||||||
case SSH_KEYTYPE_RSA1:
|
case SSH_KEYTYPE_RSA1:
|
||||||
sig->rsa_sig = _RSA_do_sign(hash + 1, hlen, privkey->rsa);
|
sig->rsa_sig = _RSA_do_sign(hash, hlen, privkey->rsa);
|
||||||
if (sig->rsa_sig == NULL) {
|
if (sig->rsa_sig == NULL) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -766,7 +766,8 @@ ssh_signature pki_do_sign(const ssh_key privkey,
|
|||||||
|
|
||||||
#ifdef WITH_SERVER
|
#ifdef WITH_SERVER
|
||||||
ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
||||||
const unsigned char *hash)
|
const unsigned char *hash,
|
||||||
|
size_t hlen)
|
||||||
{
|
{
|
||||||
ssh_signature sig;
|
ssh_signature sig;
|
||||||
|
|
||||||
@ -778,7 +779,7 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
|||||||
|
|
||||||
switch(key->type) {
|
switch(key->type) {
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
sig->dsa_sig = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, key->dsa);
|
sig->dsa_sig = DSA_do_sign(hash, hlen, key->dsa);
|
||||||
if (sig->dsa_sig == NULL) {
|
if (sig->dsa_sig == NULL) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -786,7 +787,7 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
|||||||
break;
|
break;
|
||||||
case SSH_KEYTYPE_RSA:
|
case SSH_KEYTYPE_RSA:
|
||||||
case SSH_KEYTYPE_RSA1:
|
case SSH_KEYTYPE_RSA1:
|
||||||
sig->rsa_sig = _RSA_do_sign(hash + 1, SHA_DIGEST_LEN, key->rsa);
|
sig->rsa_sig = _RSA_do_sign(hash, hlen, key->rsa);
|
||||||
if (sig->rsa_sig == NULL) {
|
if (sig->rsa_sig == NULL) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
@ -1322,19 +1322,23 @@ int pki_signature_verify(ssh_session session,
|
|||||||
const ssh_signature sig,
|
const ssh_signature sig,
|
||||||
const ssh_key key,
|
const ssh_key key,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
size_t len)
|
size_t hlen)
|
||||||
{
|
{
|
||||||
|
unsigned char ghash[hlen + 1];
|
||||||
gcry_sexp_t sexp;
|
gcry_sexp_t sexp;
|
||||||
gcry_error_t err;
|
gcry_error_t err;
|
||||||
|
|
||||||
switch(key->type) {
|
switch(key->type) {
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
if(hash[1] < 0x80) {
|
/* That is to mark the number as positive */
|
||||||
hash = hash + 1;
|
if(hash[0] >= 0x80) {
|
||||||
} else {
|
memcpy(ghash + 1, hash, hlen);
|
||||||
len = len + 1;
|
ghash[0] = 0;
|
||||||
|
hash = ghash;
|
||||||
|
hlen += 1;
|
||||||
}
|
}
|
||||||
err = gcry_sexp_build(&sexp, NULL, "%b", len, hash);
|
|
||||||
|
err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
|
||||||
if (err) {
|
if (err) {
|
||||||
ssh_set_error(session,
|
ssh_set_error(session,
|
||||||
SSH_FATAL,
|
SSH_FATAL,
|
||||||
@ -1359,7 +1363,7 @@ int pki_signature_verify(ssh_session session,
|
|||||||
err = gcry_sexp_build(&sexp,
|
err = gcry_sexp_build(&sexp,
|
||||||
NULL,
|
NULL,
|
||||||
"(data(flags pkcs1)(hash sha1 %b))",
|
"(data(flags pkcs1)(hash sha1 %b))",
|
||||||
len, hash + 1);
|
hlen, hash);
|
||||||
if (err) {
|
if (err) {
|
||||||
ssh_set_error(session,
|
ssh_set_error(session,
|
||||||
SSH_FATAL,
|
SSH_FATAL,
|
||||||
@ -1392,6 +1396,7 @@ int pki_signature_verify(ssh_session session,
|
|||||||
ssh_signature pki_do_sign(const ssh_key privkey,
|
ssh_signature pki_do_sign(const ssh_key privkey,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
size_t hlen) {
|
size_t hlen) {
|
||||||
|
unsigned char ghash[hlen + 1];
|
||||||
ssh_signature sig;
|
ssh_signature sig;
|
||||||
gcry_sexp_t sexp;
|
gcry_sexp_t sexp;
|
||||||
gcry_error_t err;
|
gcry_error_t err;
|
||||||
@ -1404,11 +1409,14 @@ ssh_signature pki_do_sign(const ssh_key privkey,
|
|||||||
|
|
||||||
switch (privkey->type) {
|
switch (privkey->type) {
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
if(hash[1] < 0x80) {
|
/* That is to mark the number as positive */
|
||||||
hash = hash + 1;
|
if(hash[0] >= 0x80) {
|
||||||
} else {
|
memcpy(ghash + 1, hash, hlen);
|
||||||
hlen = hlen + 1;
|
ghash[0] = 0;
|
||||||
|
hash = ghash;
|
||||||
|
hlen += 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
|
err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
|
||||||
if (err) {
|
if (err) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
@ -1428,7 +1436,7 @@ ssh_signature pki_do_sign(const ssh_key privkey,
|
|||||||
NULL,
|
NULL,
|
||||||
"(data(flags pkcs1)(hash sha1 %b))",
|
"(data(flags pkcs1)(hash sha1 %b))",
|
||||||
hlen,
|
hlen,
|
||||||
hash + 1);
|
hash);
|
||||||
if (err) {
|
if (err) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1452,12 +1460,13 @@ ssh_signature pki_do_sign(const ssh_key privkey,
|
|||||||
|
|
||||||
#ifdef WITH_SERVER
|
#ifdef WITH_SERVER
|
||||||
ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
||||||
const unsigned char *hash)
|
const unsigned char *hash,
|
||||||
|
size_t hlen)
|
||||||
{
|
{
|
||||||
|
unsigned char ghash[hlen + 1];
|
||||||
ssh_signature sig;
|
ssh_signature sig;
|
||||||
gcry_sexp_t sexp;
|
gcry_sexp_t sexp;
|
||||||
gcry_error_t err;
|
gcry_error_t err;
|
||||||
size_t len;
|
|
||||||
|
|
||||||
sig = ssh_signature_new();
|
sig = ssh_signature_new();
|
||||||
if (sig == NULL) {
|
if (sig == NULL) {
|
||||||
@ -1467,17 +1476,15 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
|||||||
|
|
||||||
switch(key->type) {
|
switch(key->type) {
|
||||||
case SSH_KEYTYPE_DSS:
|
case SSH_KEYTYPE_DSS:
|
||||||
len = SHA_DIGEST_LEN;
|
/* That is to mark the number as positive */
|
||||||
if(hash[1] < 0x80) {
|
if(hash[0] >= 0x80) {
|
||||||
hash = hash + 1;
|
memcpy(ghash + 1, hash, hlen);
|
||||||
} else {
|
ghash[0] = 0;
|
||||||
len = len + 1;
|
hash = ghash;
|
||||||
|
hlen += 1;
|
||||||
}
|
}
|
||||||
err = gcry_sexp_build(&sexp,
|
|
||||||
NULL,
|
err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
|
||||||
"%b",
|
|
||||||
len,
|
|
||||||
hash);
|
|
||||||
if (err) {
|
if (err) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1494,8 +1501,8 @@ ssh_signature pki_do_sign_sessionid(const ssh_key key,
|
|||||||
err = gcry_sexp_build(&sexp,
|
err = gcry_sexp_build(&sexp,
|
||||||
NULL,
|
NULL,
|
||||||
"(data(flags pkcs1)(hash sha1 %b))",
|
"(data(flags pkcs1)(hash sha1 %b))",
|
||||||
SHA_DIGEST_LEN,
|
hlen,
|
||||||
hash + 1);
|
hash);
|
||||||
if (err) {
|
if (err) {
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
Загрузка…
x
Ссылка в новой задаче
Block a user