From fd9446553b5e06c95c67945959b228e44c870b73 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Thu, 2 May 2019 13:56:15 +0200 Subject: [PATCH] pki_crypto: Added pki_sign_data() and pki_verify_data_signature() pki_sign_data() uses the given private key and hash algorithm to sign the data using the OpenSSL EVP interface. The corresponding function pki_verify_data_signature() receives the signature, the signed data, and the public key to verify the signature. Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider --- include/libssh/pki_priv.h | 8 + src/pki_crypto.c | 306 ++++++++++++++++++++++++++++ tests/unittests/torture_pki_dsa.c | 61 ++++++ tests/unittests/torture_pki_ecdsa.c | 62 ++++++ tests/unittests/torture_pki_rsa.c | 61 ++++++ 5 files changed, 498 insertions(+) diff --git a/include/libssh/pki_priv.h b/include/libssh/pki_priv.h index 32d8e449..a104f1c8 100644 --- a/include/libssh/pki_priv.h +++ b/include/libssh/pki_priv.h @@ -109,6 +109,14 @@ int pki_privkey_build_ecdsa(ssh_key key, ssh_string pki_publickey_to_blob(const ssh_key key); /* SSH Signature Functions */ +ssh_signature pki_sign_data(const ssh_key privkey, + enum ssh_digest_e hash_type, + const unsigned char *input, + size_t input_len); +int pki_verify_data_signature(ssh_signature signature, + const ssh_key pubkey, + const unsigned char *input, + size_t input_len); ssh_string pki_signature_to_blob(const ssh_signature sign); ssh_signature pki_signature_from_blob(const ssh_key pubkey, const ssh_string sig_blob, diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 4aebb89b..b1f68a8b 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -2135,6 +2135,312 @@ int pki_signature_verify(ssh_session session, return SSH_OK; } +static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type) +{ + const EVP_MD *md = NULL; + + switch (hash_type) { + case SSH_DIGEST_SHA256: + md = EVP_sha256(); + break; + case SSH_DIGEST_SHA384: + md = EVP_sha384(); + break; + case SSH_DIGEST_SHA512: + md = EVP_sha512(); + break; + case SSH_DIGEST_SHA1: + case SSH_DIGEST_AUTO: + md = EVP_sha1(); + break; + default: + SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d", + hash_type); + return NULL; + } + + return md; +} + +static EVP_PKEY *pki_key_to_pkey(ssh_key key) +{ + EVP_PKEY *pkey = NULL; + + pkey = EVP_PKEY_new(); + if (pkey == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Out of memory"); + return NULL; + } + + switch(key->type) { + case SSH_KEYTYPE_DSS: + case SSH_KEYTYPE_DSS_CERT01: + if (key->dsa == NULL) { + SSH_LOG(SSH_LOG_TRACE, "NULL key->dsa"); + goto error; + } + EVP_PKEY_set1_DSA(pkey, key->dsa); + break; + case SSH_KEYTYPE_RSA: + case SSH_KEYTYPE_RSA1: + case SSH_KEYTYPE_RSA_CERT01: + if (key->rsa == NULL) { + SSH_LOG(SSH_LOG_TRACE, "NULL key->rsa"); + goto error; + } + EVP_PKEY_set1_RSA(pkey, key->rsa); + break; + case SSH_KEYTYPE_ECDSA_P256: + case SSH_KEYTYPE_ECDSA_P384: + case SSH_KEYTYPE_ECDSA_P521: + case SSH_KEYTYPE_ECDSA_P256_CERT01: + case SSH_KEYTYPE_ECDSA_P384_CERT01: + case SSH_KEYTYPE_ECDSA_P521_CERT01: +# if defined(HAVE_OPENSSL_ECC) + if (key->ecdsa == NULL) { + SSH_LOG(SSH_LOG_TRACE, "NULL key->ecdsa"); + goto error; + } + EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa); + break; +# endif + case SSH_KEYTYPE_ED25519: + /* Not supported yet. This type requires the use of EVP_DigestSign*() + * API and ECX keys. There is no EVP_set1_ECX_KEY() or equivalent yet. */ + case SSH_KEYTYPE_UNKNOWN: + default: + SSH_LOG(SSH_LOG_TRACE, "Unknown private key algorithm for type: %d", + key->type); + goto error; + } + + return pkey; + +error: + EVP_PKEY_free(pkey); + return NULL; +} + +/** + * @internal + * + * @brief Sign the given input data. The digest of to be signed is calculated + * internally as necessary. + * + * @param[in] privkey The private key to be used for signing. + * @param[in] hash_type The digest algorithm to be used. + * @param[in] input The data to be signed. + * @param[in] input_len The length of the data to be signed. + * + * @return a newly allocated ssh_signature or NULL on error. + */ +ssh_signature pki_sign_data(const ssh_key privkey, + enum ssh_digest_e hash_type, + const unsigned char *input, + size_t input_len) +{ + const EVP_MD *md = NULL; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + + unsigned char *raw_sig_data = NULL; + unsigned int raw_sig_len; + + ssh_signature sig = NULL; + + int rc; + + if (privkey == NULL || !ssh_key_is_private(privkey) || input == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to " + "pki_sign_data()"); + return NULL; + } + + /* Set hash algorithm to be used */ + md = pki_digest_to_md(hash_type); + if (md == NULL) { + return NULL; + } + + /* Setup private key EVP_PKEY */ + pkey = pki_key_to_pkey(privkey); + if (pkey == NULL) { + return NULL; + } + + /* Allocate buffer for signature */ + raw_sig_len = EVP_PKEY_size(pkey); + raw_sig_data = (unsigned char *)malloc(raw_sig_len); + if (raw_sig_data == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Out of memory"); + goto out; + } + + /* Create the context */ + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Out of memory"); + goto out; + } + + /* Sign the data */ + rc = EVP_SignInit_ex(ctx, md, NULL); + if (!rc){ + SSH_LOG(SSH_LOG_TRACE, "EVP_SignInit() failed"); + goto out; + } + + rc = EVP_SignUpdate(ctx, input, input_len); + if (!rc) { + SSH_LOG(SSH_LOG_TRACE, "EVP_SignUpdate() failed"); + goto out; + } + + rc = EVP_SignFinal(ctx, raw_sig_data, &raw_sig_len, pkey); + if (!rc) { + SSH_LOG(SSH_LOG_TRACE, "EVP_SignFinal() failed"); + goto out; + } + +#ifdef DEBUG_CRYPTO + ssh_print_hexa("Generated signature", raw_sig_data, raw_sig_len); +#endif + + /* Allocate and fill output signature */ + sig = ssh_signature_new(); + if (sig == NULL) { + goto out; + } + + sig->raw_sig = ssh_string_new(raw_sig_len); + if (sig->raw_sig == NULL) { + ssh_signature_free(sig); + sig = NULL; + goto out; + } + + rc = ssh_string_fill(sig->raw_sig, raw_sig_data, raw_sig_len); + if (rc < 0) { + ssh_signature_free(sig); + sig = NULL; + goto out; + } + + sig->type = privkey->type; + sig->hash_type = hash_type; + sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type); + +out: + if (ctx != NULL) { + EVP_MD_CTX_free(ctx); + } + if (raw_sig_data != NULL) { + explicit_bzero(raw_sig_data, raw_sig_len); + } + SAFE_FREE(raw_sig_data); + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + return sig; +} + +/** + * @internal + * + * @brief Verify the signature of a given input. The digest of the input is + * calculated internally as necessary. + * + * @param[in] signature The signature to be verified. + * @param[in] pubkey The public key used to verify the signature. + * @param[in] input The signed data. + * @param[in] input_len The length of the signed data. + * + * @return SSH_OK if the signature is valid; SSH_ERROR otherwise. + */ +int pki_verify_data_signature(ssh_signature signature, + const ssh_key pubkey, + const unsigned char *input, + size_t input_len) +{ + const EVP_MD *md = NULL; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + + unsigned char *raw_sig_data = NULL; + unsigned int raw_sig_len; + + int rc = SSH_ERROR; + int evp_rc; + + if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL || + signature == NULL || signature->raw_sig == NULL) + { + SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to " + "pki_verify_data_signature()"); + return SSH_ERROR; + } + + /* Get the signature to be verified */ + raw_sig_data = ssh_string_data(signature->raw_sig); + raw_sig_len = ssh_string_len(signature->raw_sig); + if (raw_sig_data == NULL) { + return SSH_ERROR; + } + + /* Set hash algorithm to be used */ + md = pki_digest_to_md(signature->hash_type); + if (md == NULL) { + return SSH_ERROR; + } + + /* Setup public key EVP_PKEY */ + pkey = pki_key_to_pkey(pubkey); + if (pkey == NULL) { + return SSH_ERROR; + } + + /* Create the context */ + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Out of memory"); + goto out; + } + + /* Verify the signature */ + evp_rc = EVP_VerifyInit_ex(ctx, md, NULL); + if (!evp_rc){ + SSH_LOG(SSH_LOG_TRACE, "EVP_SignInit() failed"); + goto out; + } + + evp_rc = EVP_VerifyUpdate(ctx, input, input_len); + if (!evp_rc) { + SSH_LOG(SSH_LOG_TRACE, "EVP_SignUpdate() failed"); + goto out; + } + + evp_rc = EVP_VerifyFinal(ctx, raw_sig_data, raw_sig_len, pkey); + if (evp_rc < 0) { + SSH_LOG(SSH_LOG_TRACE, "EVP_SignFinal() failed"); + rc = SSH_ERROR; + } else if (evp_rc == 0) { + SSH_LOG(SSH_LOG_TRACE, "Signature invalid"); + rc = SSH_ERROR; + } else if (evp_rc == 1) { + SSH_LOG(SSH_LOG_TRACE, "Signature valid"); + rc = SSH_OK; + } + +out: + if (ctx != NULL) { + EVP_MD_CTX_free(ctx); + } + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + return rc; +} + ssh_signature pki_do_sign_hash(const ssh_key privkey, const unsigned char *hash, size_t hlen, diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c index 9675bbb0..c25229a0 100644 --- a/tests/unittests/torture_pki_dsa.c +++ b/tests/unittests/torture_pki_dsa.c @@ -169,6 +169,66 @@ static void torture_pki_dsa_import_privkey_base64(void **state) } #ifdef HAVE_LIBCRYPTO +static int test_sign_verify_data(ssh_key key, + enum ssh_digest_e hash_type, + const unsigned char *input, + size_t input_len) +{ + ssh_signature sig; + ssh_key pubkey = NULL; + int rc; + + /* Get the public key to verify signature */ + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + + /* Sign the buffer */ + sig = pki_sign_data(key, hash_type, input, input_len); + assert_non_null(sig); + + /* Verify signature */ + rc = pki_verify_data_signature(sig, pubkey, input, input_len); + assert_int_equal(rc, SSH_OK); + + ssh_signature_free(sig); + SSH_KEY_FREE(pubkey); + + return rc; +} + +static void torture_pki_sign_data_dsa(void **state) +{ + int rc; + ssh_key key = NULL; + + (void) state; + + /* Setup */ + rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key); + assert_int_equal(rc, SSH_OK); + assert_non_null(key); + + /* Test using automatic digest */ + rc = test_sign_verify_data(key, SSH_DIGEST_AUTO, DSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA1 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, DSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA256 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA256, DSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA512 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA512, DSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Cleanup */ + SSH_KEY_FREE(key); +} + static void torture_pki_dsa_write_privkey(void **state) { ssh_key origkey = NULL; @@ -708,6 +768,7 @@ int torture_run_tests(void) cmocka_unit_test_setup_teardown(torture_pki_dsa_write_privkey, setup_dsa_key, teardown), + cmocka_unit_test(torture_pki_sign_data_dsa), #endif cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase), cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase), diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c index f07e60d0..c35cb27a 100644 --- a/tests/unittests/torture_pki_ecdsa.c +++ b/tests/unittests/torture_pki_ecdsa.c @@ -611,6 +611,67 @@ static void torture_pki_ecdsa_cert_verify(void **state) } #ifdef HAVE_LIBCRYPTO + +static int test_sign_verify_data(ssh_key key, + enum ssh_digest_e hash_type, + const unsigned char *input, + size_t input_len) +{ + ssh_signature sig; + ssh_key pubkey = NULL; + int rc; + + /* Get the public key to verify signature */ + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + + /* Sign the buffer */ + sig = pki_sign_data(key, hash_type, input, input_len); + assert_non_null(sig); + + /* Verify signature */ + rc = pki_verify_data_signature(sig, pubkey, input, input_len); + assert_int_equal(rc, SSH_OK); + + ssh_signature_free(sig); + SSH_KEY_FREE(pubkey); + + return rc; +} + +static void torture_pki_sign_data_ecdsa(void **state) +{ + int rc; + ssh_key key = NULL; + + (void) state; + + /* Setup */ + rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key); + assert_int_equal(rc, SSH_OK); + assert_non_null(key); + + /* Test using automatic digest */ + rc = test_sign_verify_data(key, SSH_DIGEST_AUTO, ECDSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA1 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, ECDSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA256 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA256, ECDSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA512 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA512, ECDSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Cleanup */ + SSH_KEY_FREE(key); +} + static void torture_pki_ecdsa_write_privkey(void **state) { ssh_key origkey = NULL; @@ -838,6 +899,7 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey, setup_ecdsa_key_521, teardown), + cmocka_unit_test(torture_pki_sign_data_ecdsa), #endif /* HAVE_LIBCRYPTO */ cmocka_unit_test_setup_teardown(torture_pki_ecdsa_name256, setup_ecdsa_key_256, diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c index 04068cbd..1eefe900 100644 --- a/tests/unittests/torture_pki_rsa.c +++ b/tests/unittests/torture_pki_rsa.c @@ -564,6 +564,66 @@ static void torture_pki_rsa_sha2(void **state) } #ifdef HAVE_LIBCRYPTO +static int test_sign_verify_data(ssh_key key, + enum ssh_digest_e hash_type, + const unsigned char *input, + size_t input_len) +{ + ssh_signature sig; + ssh_key pubkey = NULL; + int rc; + + /* Get the public key to verify signature */ + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + + /* Sign the buffer */ + sig = pki_sign_data(key, hash_type, input, input_len); + assert_non_null(sig); + + /* Verify signature */ + rc = pki_verify_data_signature(sig, pubkey, input, input_len); + assert_int_equal(rc, SSH_OK); + + ssh_signature_free(sig); + SSH_KEY_FREE(pubkey); + + return rc; +} + +static void torture_pki_sign_data_rsa(void **state) +{ + int rc; + ssh_key key = NULL; + + (void) state; + + /* Setup */ + rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); + assert_int_equal(rc, SSH_OK); + assert_non_null(key); + + /* Test using automatic digest */ + rc = test_sign_verify_data(key, SSH_DIGEST_AUTO, RSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA1 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, RSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA256 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA256, RSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Test using SHA512 */ + rc = test_sign_verify_data(key, SSH_DIGEST_SHA512, RSA_HASH, 20); + assert_int_equal(rc, SSH_OK); + + /* Cleanup */ + SSH_KEY_FREE(key); +} + static void torture_pki_rsa_write_privkey(void **state) { ssh_key origkey = NULL; @@ -781,6 +841,7 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_rsa_write_privkey, setup_rsa_key, teardown), + cmocka_unit_test(torture_pki_sign_data_rsa), #endif /* HAVE_LIBCRYPTO */ cmocka_unit_test_setup_teardown(torture_pki_rsa_sha2, setup_rsa_key,