diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-08-22 17:50:41 +0200 |
---|---|---|
committer | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-09-30 16:56:50 +0200 |
commit | 9296bcd4bb0deeb506e77c3360a3e89dd1f1823f (patch) | |
tree | f692555fa283403fcbc683344be74fd67001323f | |
parent | 24f39761f3328cc4c769725bec5e2438f65242cf (diff) | |
download | libssh-9296bcd4bb0deeb506e77c3360a3e89dd1f1823f.tar.gz libssh-9296bcd4bb0deeb506e77c3360a3e89dd1f1823f.tar.xz libssh-9296bcd4bb0deeb506e77c3360a3e89dd1f1823f.zip |
pki_gcrypt: Do not treat Ed25519 as a special case
Verify the Ed25519 signature in pki_verify_data_signature() along with
the other signature types.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 38ede2e2257687c2ebc2ef06c8218eab38584613)
-rw-r--r-- | src/pki_gcrypt.c | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index b014d63c..065bf798 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -2115,15 +2115,8 @@ int pki_signature_verify(ssh_session session, return SSH_ERROR; } - /* For ed25519 keys, verify using the input directly */ - if (key->type == SSH_KEYTYPE_ED25519 || - key->type == SSH_KEYTYPE_ED25519_CERT01) - { - rc = pki_ed25519_verify(key, sig, input, input_len); - } else { - /* For the other key types, calculate the hash and verify the signature */ - rc = pki_verify_data_signature(sig, key, input, input_len); - } + /* For the other key types, calculate the hash and verify the signature */ + rc = pki_verify_data_signature(sig, key, input, input_len); if (rc != SSH_OK){ ssh_set_error(session, @@ -2268,6 +2261,7 @@ ssh_signature pki_sign_data(const ssh_key privkey, size_t input_len) { unsigned char hash[SHA512_DIGEST_LEN] = {0}; + const unsigned char *sign_input = NULL; uint32_t hlen = 0; int rc; @@ -2287,27 +2281,38 @@ ssh_signature pki_sign_data(const ssh_key privkey, case SSH_DIGEST_SHA256: sha256(input, input_len, hash); hlen = SHA256_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_SHA384: sha384(input, input_len, hash); hlen = SHA384_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_SHA512: sha512(input, input_len, hash); hlen = SHA512_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_SHA1: sha1(input, input_len, hash); hlen = SHA_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_AUTO: + if (privkey->type == SSH_KEYTYPE_ED25519) { + /* SSH_DIGEST_AUTO should only be used with ed25519 */ + sign_input = input; + hlen = input_len; + break; + } + FALL_THROUGH; default: SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d", hash_type); return NULL; } - return pki_do_sign_hash(privkey, hash, hlen, hash_type); + return pki_do_sign_hash(privkey, sign_input, hlen, hash_type); } /** @@ -2336,6 +2341,8 @@ int pki_verify_data_signature(ssh_signature signature, unsigned char *hash = ghash + 1; uint32_t hlen = 0; + const unsigned char *verify_input = NULL; + int rc; if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL || @@ -2357,23 +2364,35 @@ int pki_verify_data_signature(ssh_signature signature, sha256(input, input_len, hash); hlen = SHA256_DIGEST_LEN; hash_type = "sha256"; + verify_input = hash; break; case SSH_DIGEST_SHA384: sha384(input, input_len, hash); hlen = SHA384_DIGEST_LEN; hash_type = "sha384"; + verify_input = hash; break; case SSH_DIGEST_SHA512: sha512(input, input_len, hash); hlen = SHA512_DIGEST_LEN; hash_type = "sha512"; + verify_input = hash; break; case SSH_DIGEST_SHA1: sha1(input, input_len, hash); hlen = SHA_DIGEST_LEN; hash_type = "sha1"; + verify_input = hash; break; case SSH_DIGEST_AUTO: + if (pubkey->type == SSH_KEYTYPE_ED25519 || + pubkey->type == SSH_KEYTYPE_ED25519_CERT01) + { + verify_input = input; + hlen = input_len; + break; + } + FALL_THROUGH; default: SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", signature->hash_type); return SSH_ERROR; @@ -2461,6 +2480,14 @@ int pki_verify_data_signature(ssh_signature signature, } break; #endif + case SSH_KEYTYPE_ED25519: + case SSH_KEYTYPE_ED25519_CERT01: + rc = pki_ed25519_verify(pubkey, signature, verify_input, hlen); + if (rc != SSH_OK) { + SSH_LOG(SSH_LOG_TRACE, "ED25519 error: Signature invalid"); + return SSH_ERROR; + } + break; case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_UNKNOWN: default: |