pki_mbedcrypto: Do not treat Ed25519 as a special case

Generate and verify Ed25519 signatures along with the other signature types. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 97adbfe0877e19253769d02edb5d673d21a4eb14)
author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 2019-08-22 17:57:49 +0200
committer: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 2019-09-30 16:56:59 +0200
commit: ab9921ee6ac413513d7c789b1336498aa89658ae (patch)
tree: ab40fb269f8b444582ea5f699d2697d1da3b48d8
parent: 9296bcd4bb0deeb506e77c3360a3e89dd1f1823f (diff)
download: libssh-ab9921ee6ac413513d7c789b1336498aa89658ae.tar.gz
libssh-ab9921ee6ac413513d7c789b1336498aa89658ae.tar.xz
libssh-ab9921ee6ac413513d7c789b1336498aa89658ae.zip
1 files changed, 35 insertions, 11 deletions
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 57a6a4e0..a1ae573e 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -1047,16 +1047,7 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
         return SSH_ERROR;
     }
 
-    /* For ed25519 keys, verify using the input directly */
-    if (key->type == SSH_KEYTYPE_ED25519 ||
-        key->type == SSH_KEYTYPE_ED25519_CERT01)
-    {
-        rc = pki_ed25519_verify(key, sig, input, input_len);
-    } else {
-        /* For the other key types, calculate the hash and verify the signature */
-        rc = pki_verify_data_signature(sig, key, input, input_len);
-    }
-
+    rc = pki_verify_data_signature(sig, key, input, input_len);
     if (rc != SSH_OK){
         ssh_set_error(session,
                       SSH_FATAL,
@@ -1214,6 +1205,7 @@ ssh_signature pki_sign_data(const ssh_key privkey,
                             size_t input_len)
 {
     unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    const unsigned char *sign_input = NULL;
     uint32_t hlen = 0;
     int rc;
 
@@ -1233,27 +1225,38 @@ ssh_signature pki_sign_data(const ssh_key privkey,
     case SSH_DIGEST_SHA256:
         sha256(input, input_len, hash);
         hlen = SHA256_DIGEST_LEN;
+        sign_input = hash;
         break;
     case SSH_DIGEST_SHA384:
         sha384(input, input_len, hash);
         hlen = SHA384_DIGEST_LEN;
+        sign_input = hash;
         break;
     case SSH_DIGEST_SHA512:
         sha512(input, input_len, hash);
         hlen = SHA512_DIGEST_LEN;
+        sign_input = hash;
         break;
     case SSH_DIGEST_SHA1:
         sha1(input, input_len, hash);
         hlen = SHA_DIGEST_LEN;
+        sign_input = hash;
         break;
     case SSH_DIGEST_AUTO:
+        if (privkey->type == SSH_KEYTYPE_ED25519) {
+            /* SSH_DIGEST_AUTO should only be used with ed25519 */
+            sign_input = input;
+            hlen = input_len;
+            break;
+        }
+        FALL_THROUGH;
     default:
         SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
                 hash_type);
         return NULL;
     }
 
-    return pki_do_sign_hash(privkey, hash, hlen, hash_type);
+    return pki_do_sign_hash(privkey, sign_input, hlen, hash_type);
 }
 
 /**
@@ -1276,6 +1279,7 @@ int pki_verify_data_signature(ssh_signature signature,
 {
 
     unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    const unsigned char *verify_input = NULL;
     uint32_t hlen = 0;
 
     mbedtls_md_type_t md = 0;
@@ -1301,23 +1305,35 @@ int pki_verify_data_signature(ssh_signature signature,
         sha256(input, input_len, hash);
         hlen = SHA256_DIGEST_LEN;
         md = MBEDTLS_MD_SHA256;
+        verify_input = hash;
         break;
     case SSH_DIGEST_SHA384:
         sha384(input, input_len, hash);
         hlen = SHA384_DIGEST_LEN;
         md = MBEDTLS_MD_SHA384;
+        verify_input = hash;
         break;
     case SSH_DIGEST_SHA512:
         sha512(input, input_len, hash);
         hlen = SHA512_DIGEST_LEN;
         md = MBEDTLS_MD_SHA512;
+        verify_input = hash;
         break;
     case SSH_DIGEST_SHA1:
         sha1(input, input_len, hash);
         hlen = SHA_DIGEST_LEN;
         md = MBEDTLS_MD_SHA1;
+        verify_input = hash;
         break;
     case SSH_DIGEST_AUTO:
+        if (pubkey->type == SSH_KEYTYPE_ED25519 ||
+            pubkey->type == SSH_KEYTYPE_ED25519_CERT01)
+        {
+            verify_input = input;
+            hlen = input_len;
+            break;
+        }
+        FALL_THROUGH;
     default:
         SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d",
                 signature->hash_type);
@@ -1354,6 +1370,14 @@ int pki_verify_data_signature(ssh_signature signature,
 
             }
             break;
+        case SSH_KEYTYPE_ED25519:
+        case SSH_KEYTYPE_ED25519_CERT01:
+            rc = pki_ed25519_verify(pubkey, signature, verify_input, hlen);
+            if (rc != SSH_OK) {
+                SSH_LOG(SSH_LOG_TRACE, "ED25519 error: Signature invalid");
+                return SSH_ERROR;
+            }
+            break;
         default:
             SSH_LOG(SSH_LOG_TRACE, "Unknown public key type");
             return SSH_ERROR;
author	Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-08-22 17:57:49 +0200
committer	Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-09-30 16:56:59 +0200
commit	ab9921ee6ac413513d7c789b1336498aa89658ae (patch)
tree	ab40fb269f8b444582ea5f699d2697d1da3b48d8
parent	9296bcd4bb0deeb506e77c3360a3e89dd1f1823f (diff)
download	libssh-ab9921ee6ac413513d7c789b1336498aa89658ae.tar.gz libssh-ab9921ee6ac413513d7c789b1336498aa89658ae.tar.xz libssh-ab9921ee6ac413513d7c789b1336498aa89658ae.zip