auth, pki: Calculate hash internally when signing/verifying

This makes pki_do_sign() and pki_signature_verify() to receive the original input instead of the pre-calculated hash. The hash is then calculated internally. The hash to be used inside the signature is decided earlier, when all the information about the signature to be generated/verified is available. Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid(). The tests were modified to use pki_do_sign() instead of pki_do_sign_hash(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 2019-04-29 16:29:16 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-05-13 16:37:51 +0200
commit: 76f9808eb2fa83376981cebba63b467fa3a8c4be (patch)
tree: 07b85c0332fad460568f46a0b65a01d44c00190f /src/pki_crypto.c
parent: 58b3b2696c9080dfbd21132a1b05604ef064d880 (diff)
download: libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.gz
libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.xz
libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.zip
1 files changed, 53 insertions, 31 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index d0db5cf0..b6f5991d 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1856,12 +1856,15 @@ error:
 int pki_signature_verify(ssh_session session,
                          const ssh_signature sig,
                          const ssh_key key,
-                         const unsigned char *hash,
-                         size_t hlen)
+                         const unsigned char *input,
+                         size_t input_len)
 {
     int rc;
     int nid;
 
+    unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    uint32_t hlen = 0;
+
     if (ssh_key_type_plain(key->type) != sig->type) {
         SSH_LOG(SSH_LOG_WARN,
                 "Can not verify %s signature with %s key",
@@ -1870,6 +1873,49 @@ int pki_signature_verify(ssh_session session,
         return SSH_ERROR;
     }
 
+    /* For ed25519 keys, verify using the input directly */
+    if (key->type == SSH_KEYTYPE_ED25519 ||
+        key->type == SSH_KEYTYPE_ED25519_CERT01)
+    {
+        rc = pki_ed25519_verify(key, sig, input, input_len);
+        if (rc != SSH_OK){
+            ssh_set_error(session,
+                    SSH_FATAL,
+                    "ed25519 signature verification error");
+            return SSH_ERROR;
+        }
+
+        return SSH_OK;
+    }
+
+    /* For the other key types, calculate the hash and verify the signature */
+    switch (sig->hash_type) {
+    case SSH_DIGEST_SHA256:
+        sha256(input, input_len, hash);
+        hlen = SHA256_DIGEST_LEN;
+        nid = NID_sha256;
+        break;
+    case SSH_DIGEST_SHA384:
+        sha384(input, input_len, hash);
+        hlen = SHA384_DIGEST_LEN;
+        nid = NID_sha384;
+        break;
+    case SSH_DIGEST_SHA512:
+        sha512(input, input_len, hash);
+        hlen = SHA512_DIGEST_LEN;
+        nid = NID_sha512;
+        break;
+    case SSH_DIGEST_AUTO:
+    case SSH_DIGEST_SHA1:
+        sha1(input, input_len, hash);
+        hlen = SHA_DIGEST_LEN;
+        nid = NID_sha1;
+        break;
+    default:
+        SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
+        return SSH_ERROR;
+    }
+
     switch (key->type) {
         case SSH_KEYTYPE_DSS:
         case SSH_KEYTYPE_DSS_CERT01:
@@ -1888,25 +1934,6 @@ int pki_signature_verify(ssh_session session,
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_RSA_CERT01:
-            switch (sig->hash_type) {
-            case SSH_DIGEST_AUTO:
-            case SSH_DIGEST_SHA1:
-                nid = NID_sha1;
-                break;
-            case SSH_DIGEST_SHA256:
-                nid = NID_sha256;
-                break;
-            case SSH_DIGEST_SHA512:
-                nid = NID_sha512;
-                break;
-            default:
-                SSH_LOG(SSH_LOG_TRACE, "Unknown hash type %d", sig->hash_type);
-                ssh_set_error(session,
-                              SSH_FATAL,
-                              "Unexpected hash type %d during RSA verify",
-                              sig->hash_type);
-                return SSH_ERROR;
-            }
             rc = RSA_verify(nid,
                             hash,
                             hlen,
@@ -1922,16 +1949,6 @@ int pki_signature_verify(ssh_session session,
                 return SSH_ERROR;
             }
             break;
-        case SSH_KEYTYPE_ED25519:
-        case SSH_KEYTYPE_ED25519_CERT01:
-            rc = pki_ed25519_verify(key, sig, hash, hlen);
-            if (rc != SSH_OK){
-                ssh_set_error(session,
-                              SSH_FATAL,
-                              "ed25519 signature verification error");
-                return SSH_ERROR;
-            }
-            break;
         case SSH_KEYTYPE_ECDSA_P256:
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521:
@@ -2040,6 +2057,11 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
             return NULL;
     }
 
+#ifdef DEBUG_CRYPTO
+        SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d",
+                privkey->type_c, hash_type);
+#endif
+
     return sig;
 }
author	Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-04-29 16:29:16 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-05-13 16:37:51 +0200
commit	76f9808eb2fa83376981cebba63b467fa3a8c4be (patch)
tree	07b85c0332fad460568f46a0b65a01d44c00190f /src/pki_crypto.c
parent	58b3b2696c9080dfbd21132a1b05604ef064d880 (diff)
download	libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.gz libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.xz libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.zip