From 7bc53f3957cc5f50a92cb93019b2235b54b07dc8 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 2 May 2019 18:07:47 +0200
Subject: [PATCH] pki_mbedcrypto: Added pki_sign_data() and
 pki_verify_data_signature()

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki_mbedcrypto.c                | 154 ++++++++++++++++++++++++++++
 tests/unittests/torture_pki_dsa.c   |   7 +-
 tests/unittests/torture_pki_ecdsa.c |  10 +-
 tests/unittests/torture_pki_rsa.c   |  11 +-
 4 files changed, 172 insertions(+), 10 deletions(-)

diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index fc732668..c0aff69e 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -1246,6 +1246,160 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
     return sig;
 }
 
+/**
+ * @internal
+ *
+ * @brief Sign the given input data. The digest of to be signed is calculated
+ * internally as necessary.
+ *
+ * @param[in]   privkey     The private key to be used for signing.
+ * @param[in]   hash_type   The digest algorithm to be used.
+ * @param[in]   input       The data to be signed.
+ * @param[in]   input_len   The length of the data to be signed.
+ *
+ * @return  a newly allocated ssh_signature or NULL on error.
+ */
+ssh_signature pki_sign_data(const ssh_key privkey,
+                            enum ssh_digest_e hash_type,
+                            const unsigned char *input,
+                            size_t input_len)
+{
+    unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    uint32_t hlen = 0;
+
+    if (privkey == NULL || !ssh_key_is_private(privkey) || input == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
+                               "pki_sign_data()");
+        return NULL;
+    }
+
+    switch (hash_type) {
+    case SSH_DIGEST_SHA256:
+        sha256(input, input_len, hash);
+        hlen = SHA256_DIGEST_LEN;
+        break;
+    case SSH_DIGEST_SHA384:
+        sha384(input, input_len, hash);
+        hlen = SHA384_DIGEST_LEN;
+        break;
+    case SSH_DIGEST_SHA512:
+        sha512(input, input_len, hash);
+        hlen = SHA512_DIGEST_LEN;
+        break;
+    case SSH_DIGEST_AUTO:
+    case SSH_DIGEST_SHA1:
+        sha1(input, input_len, hash);
+        hlen = SHA_DIGEST_LEN;
+        break;
+    default:
+        SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
+                hash_type);
+        return NULL;
+    }
+
+    return pki_do_sign_hash(privkey, hash, hlen, hash_type);
+}
+
+/**
+ * @internal
+ *
+ * @brief Verify the signature of a given input. The digest of the input is
+ * calculated internally as necessary.
+ *
+ * @param[in]   signature   The signature to be verified.
+ * @param[in]   pubkey      The public key used to verify the signature.
+ * @param[in]   input       The signed data.
+ * @param[in]   input_len   The length of the signed data.
+ *
+ * @return  SSH_OK if the signature is valid; SSH_ERROR otherwise.
+ */
+int pki_verify_data_signature(ssh_signature signature,
+                              const ssh_key pubkey,
+                              const unsigned char *input,
+                              size_t input_len)
+{
+
+    unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    uint32_t hlen = 0;
+
+    mbedtls_md_type_t md = 0;
+
+    int rc;
+
+    if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
+        signature == NULL)
+    {
+        SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
+                               "pki_verify_data_signature()");
+        return SSH_ERROR;
+    }
+
+    switch (signature->hash_type) {
+    case SSH_DIGEST_SHA256:
+        sha256(input, input_len, hash);
+        hlen = SHA256_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA256;
+        break;
+    case SSH_DIGEST_SHA384:
+        sha384(input, input_len, hash);
+        hlen = SHA384_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA384;
+        break;
+    case SSH_DIGEST_SHA512:
+        sha512(input, input_len, hash);
+        hlen = SHA512_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA512;
+        break;
+    case SSH_DIGEST_AUTO:
+    case SSH_DIGEST_SHA1:
+        sha1(input, input_len, hash);
+        hlen = SHA_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA1;
+        break;
+    default:
+        SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d",
+                signature->hash_type);
+        return SSH_ERROR;
+    }
+
+    switch (pubkey->type) {
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA_CERT01:
+            rc = mbedtls_pk_verify(pubkey->rsa, md, hash, hlen,
+                    ssh_string_data(signature->rsa_sig),
+                    ssh_string_len(signature->rsa_sig));
+            if (rc != 0) {
+                char error_buf[100];
+                mbedtls_strerror(rc, error_buf, 100);
+                SSH_LOG(SSH_LOG_TRACE, "RSA error: %s", error_buf);
+                return SSH_ERROR;
+            }
+            break;
+        case SSH_KEYTYPE_ECDSA_P256:
+        case SSH_KEYTYPE_ECDSA_P384:
+        case SSH_KEYTYPE_ECDSA_P521:
+        case SSH_KEYTYPE_ECDSA_P256_CERT01:
+        case SSH_KEYTYPE_ECDSA_P384_CERT01:
+        case SSH_KEYTYPE_ECDSA_P521_CERT01:
+            rc = mbedtls_ecdsa_verify(&pubkey->ecdsa->grp, hash, hlen,
+                    &pubkey->ecdsa->Q, signature->ecdsa_sig.r,
+                    signature->ecdsa_sig.s);
+            if (rc != 0) {
+                char error_buf[100];
+                mbedtls_strerror(rc, error_buf, 100);
+                SSH_LOG(SSH_LOG_TRACE, "ECDSA error: %s", error_buf);
+                return SSH_ERROR;
+
+            }
+            break;
+        default:
+            SSH_LOG(SSH_LOG_TRACE, "Unknown public key type");
+            return SSH_ERROR;
+    }
+
+    return SSH_OK;
+}
+
 const char *pki_key_ecdsa_nid_to_name(int nid)
 {
     switch (nid) {
diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c
index c25229a0..55e56386 100644
--- a/tests/unittests/torture_pki_dsa.c
+++ b/tests/unittests/torture_pki_dsa.c
@@ -168,7 +168,7 @@ static void torture_pki_dsa_import_privkey_base64(void **state)
     SSH_KEY_FREE(key);
 }
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBMBEDCRYPTO)
 static int test_sign_verify_data(ssh_key key,
                                  enum ssh_digest_e hash_type,
                                  const unsigned char *input,
@@ -228,7 +228,8 @@ static void torture_pki_sign_data_dsa(void **state)
     /* Cleanup */
     SSH_KEY_FREE(key);
 }
-
+#endif
+#ifdef HAVE_LIBCRYPTO
 static void torture_pki_dsa_write_privkey(void **state)
 {
     ssh_key origkey = NULL;
@@ -768,6 +769,8 @@ int torture_run_tests(void)
         cmocka_unit_test_setup_teardown(torture_pki_dsa_write_privkey,
                                  setup_dsa_key,
                                  teardown),
+#endif
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBMBEDCRYPTO)
         cmocka_unit_test(torture_pki_sign_data_dsa),
 #endif
         cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase),
diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c
index c35cb27a..1e5380fd 100644
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@@ -610,8 +610,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
     ssh_free(session);
 }
 
-#ifdef HAVE_LIBCRYPTO
-
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBMBEDCRYPTO)
 static int test_sign_verify_data(ssh_key key,
                                  enum ssh_digest_e hash_type,
                                  const unsigned char *input,
@@ -671,7 +670,8 @@ static void torture_pki_sign_data_ecdsa(void **state)
     /* Cleanup */
     SSH_KEY_FREE(key);
 }
-
+#endif
+#ifdef HAVE_LIBCRYPTO
 static void torture_pki_ecdsa_write_privkey(void **state)
 {
     ssh_key origkey = NULL;
@@ -899,8 +899,10 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey,
                                         setup_ecdsa_key_521,
                                         teardown),
-        cmocka_unit_test(torture_pki_sign_data_ecdsa),
 #endif /* HAVE_LIBCRYPTO */
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBMBEDCRYPTO)
+        cmocka_unit_test(torture_pki_sign_data_ecdsa),
+#endif
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_name256,
                                         setup_ecdsa_key_256,
                                         teardown),
diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c
index 1eefe900..2ab874aa 100644
--- a/tests/unittests/torture_pki_rsa.c
+++ b/tests/unittests/torture_pki_rsa.c
@@ -563,7 +563,7 @@ static void torture_pki_rsa_sha2(void **state)
     ssh_free(session);
 }
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBMBEDCRYPTO)
 static int test_sign_verify_data(ssh_key key,
                                  enum ssh_digest_e hash_type,
                                  const unsigned char *input,
@@ -623,7 +623,8 @@ static void torture_pki_sign_data_rsa(void **state)
     /* Cleanup */
     SSH_KEY_FREE(key);
 }
-
+#endif
+#ifdef HAVE_LIBCRYPTO
 static void torture_pki_rsa_write_privkey(void **state)
 {
     ssh_key origkey = NULL;
@@ -837,12 +838,14 @@ int torture_run_tests(void) {
                                         setup_rsa_key,
                                         teardown),
         cmocka_unit_test(torture_pki_rsa_generate_key),
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO)
         cmocka_unit_test_setup_teardown(torture_pki_rsa_write_privkey,
                                         setup_rsa_key,
                                         teardown),
-        cmocka_unit_test(torture_pki_sign_data_rsa),
 #endif /* HAVE_LIBCRYPTO */
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBMBEDCRYPTO)
+        cmocka_unit_test(torture_pki_sign_data_rsa),
+#endif
         cmocka_unit_test_setup_teardown(torture_pki_rsa_sha2,
                                         setup_rsa_key,
                                         teardown),