aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-08-22 17:50:41 +0200
committerAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2019-09-30 16:56:50 +0200
commit9296bcd4bb0deeb506e77c3360a3e89dd1f1823f (patch)
treef692555fa283403fcbc683344be74fd67001323f
parent24f39761f3328cc4c769725bec5e2438f65242cf (diff)
downloadlibssh-9296bcd4bb0deeb506e77c3360a3e89dd1f1823f.tar.gz
libssh-9296bcd4bb0deeb506e77c3360a3e89dd1f1823f.tar.xz
libssh-9296bcd4bb0deeb506e77c3360a3e89dd1f1823f.zip
pki_gcrypt: Do not treat Ed25519 as a special case
Verify the Ed25519 signature in pki_verify_data_signature() along with the other signature types. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 38ede2e2257687c2ebc2ef06c8218eab38584613)
-rw-r--r--src/pki_gcrypt.c47
1 files changed, 37 insertions, 10 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index b014d63c..065bf798 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -2115,15 +2115,8 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
- /* For ed25519 keys, verify using the input directly */
- if (key->type == SSH_KEYTYPE_ED25519 ||
- key->type == SSH_KEYTYPE_ED25519_CERT01)
- {
- rc = pki_ed25519_verify(key, sig, input, input_len);
- } else {
- /* For the other key types, calculate the hash and verify the signature */
- rc = pki_verify_data_signature(sig, key, input, input_len);
- }
+ /* For the other key types, calculate the hash and verify the signature */
+ rc = pki_verify_data_signature(sig, key, input, input_len);
if (rc != SSH_OK){
ssh_set_error(session,
@@ -2268,6 +2261,7 @@ ssh_signature pki_sign_data(const ssh_key privkey,
size_t input_len)
{
unsigned char hash[SHA512_DIGEST_LEN] = {0};
+ const unsigned char *sign_input = NULL;
uint32_t hlen = 0;
int rc;
@@ -2287,27 +2281,38 @@ ssh_signature pki_sign_data(const ssh_key privkey,
case SSH_DIGEST_SHA256:
sha256(input, input_len, hash);
hlen = SHA256_DIGEST_LEN;
+ sign_input = hash;
break;
case SSH_DIGEST_SHA384:
sha384(input, input_len, hash);
hlen = SHA384_DIGEST_LEN;
+ sign_input = hash;
break;
case SSH_DIGEST_SHA512:
sha512(input, input_len, hash);
hlen = SHA512_DIGEST_LEN;
+ sign_input = hash;
break;
case SSH_DIGEST_SHA1:
sha1(input, input_len, hash);
hlen = SHA_DIGEST_LEN;
+ sign_input = hash;
break;
case SSH_DIGEST_AUTO:
+ if (privkey->type == SSH_KEYTYPE_ED25519) {
+ /* SSH_DIGEST_AUTO should only be used with ed25519 */
+ sign_input = input;
+ hlen = input_len;
+ break;
+ }
+ FALL_THROUGH;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
hash_type);
return NULL;
}
- return pki_do_sign_hash(privkey, hash, hlen, hash_type);
+ return pki_do_sign_hash(privkey, sign_input, hlen, hash_type);
}
/**
@@ -2336,6 +2341,8 @@ int pki_verify_data_signature(ssh_signature signature,
unsigned char *hash = ghash + 1;
uint32_t hlen = 0;
+ const unsigned char *verify_input = NULL;
+
int rc;
if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
@@ -2357,23 +2364,35 @@ int pki_verify_data_signature(ssh_signature signature,
sha256(input, input_len, hash);
hlen = SHA256_DIGEST_LEN;
hash_type = "sha256";
+ verify_input = hash;
break;
case SSH_DIGEST_SHA384:
sha384(input, input_len, hash);
hlen = SHA384_DIGEST_LEN;
hash_type = "sha384";
+ verify_input = hash;
break;
case SSH_DIGEST_SHA512:
sha512(input, input_len, hash);
hlen = SHA512_DIGEST_LEN;
hash_type = "sha512";
+ verify_input = hash;
break;
case SSH_DIGEST_SHA1:
sha1(input, input_len, hash);
hlen = SHA_DIGEST_LEN;
hash_type = "sha1";
+ verify_input = hash;
break;
case SSH_DIGEST_AUTO:
+ if (pubkey->type == SSH_KEYTYPE_ED25519 ||
+ pubkey->type == SSH_KEYTYPE_ED25519_CERT01)
+ {
+ verify_input = input;
+ hlen = input_len;
+ break;
+ }
+ FALL_THROUGH;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", signature->hash_type);
return SSH_ERROR;
@@ -2461,6 +2480,14 @@ int pki_verify_data_signature(ssh_signature signature,
}
break;
#endif
+ case SSH_KEYTYPE_ED25519:
+ case SSH_KEYTYPE_ED25519_CERT01:
+ rc = pki_ed25519_verify(pubkey, signature, verify_input, hlen);
+ if (rc != SSH_OK) {
+ SSH_LOG(SSH_LOG_TRACE, "ED25519 error: Signature invalid");
+ return SSH_ERROR;
+ }
+ break;
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN:
default: