diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-04-29 16:29:16 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-05-13 16:37:51 +0200 |
commit | 76f9808eb2fa83376981cebba63b467fa3a8c4be (patch) | |
tree | 07b85c0332fad460568f46a0b65a01d44c00190f /src/pki_crypto.c | |
parent | 58b3b2696c9080dfbd21132a1b05604ef064d880 (diff) | |
download | libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.gz libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.xz libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.zip |
auth, pki: Calculate hash internally when signing/verifying
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash. The hash is then
calculated internally.
The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.
Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().
The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_crypto.c')
-rw-r--r-- | src/pki_crypto.c | 84 |
1 files changed, 53 insertions, 31 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index d0db5cf0..b6f5991d 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1856,12 +1856,15 @@ error: int pki_signature_verify(ssh_session session, const ssh_signature sig, const ssh_key key, - const unsigned char *hash, - size_t hlen) + const unsigned char *input, + size_t input_len) { int rc; int nid; + unsigned char hash[SHA512_DIGEST_LEN] = {0}; + uint32_t hlen = 0; + if (ssh_key_type_plain(key->type) != sig->type) { SSH_LOG(SSH_LOG_WARN, "Can not verify %s signature with %s key", @@ -1870,6 +1873,49 @@ int pki_signature_verify(ssh_session session, return SSH_ERROR; } + /* For ed25519 keys, verify using the input directly */ + if (key->type == SSH_KEYTYPE_ED25519 || + key->type == SSH_KEYTYPE_ED25519_CERT01) + { + rc = pki_ed25519_verify(key, sig, input, input_len); + if (rc != SSH_OK){ + ssh_set_error(session, + SSH_FATAL, + "ed25519 signature verification error"); + return SSH_ERROR; + } + + return SSH_OK; + } + + /* For the other key types, calculate the hash and verify the signature */ + switch (sig->hash_type) { + case SSH_DIGEST_SHA256: + sha256(input, input_len, hash); + hlen = SHA256_DIGEST_LEN; + nid = NID_sha256; + break; + case SSH_DIGEST_SHA384: + sha384(input, input_len, hash); + hlen = SHA384_DIGEST_LEN; + nid = NID_sha384; + break; + case SSH_DIGEST_SHA512: + sha512(input, input_len, hash); + hlen = SHA512_DIGEST_LEN; + nid = NID_sha512; + break; + case SSH_DIGEST_AUTO: + case SSH_DIGEST_SHA1: + sha1(input, input_len, hash); + hlen = SHA_DIGEST_LEN; + nid = NID_sha1; + break; + default: + SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type); + return SSH_ERROR; + } + switch (key->type) { case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS_CERT01: @@ -1888,25 +1934,6 @@ int pki_signature_verify(ssh_session session, case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA_CERT01: - switch (sig->hash_type) { - case SSH_DIGEST_AUTO: - case SSH_DIGEST_SHA1: - nid = NID_sha1; - break; - case SSH_DIGEST_SHA256: - nid = NID_sha256; - break; - case SSH_DIGEST_SHA512: - nid = NID_sha512; - break; - default: - SSH_LOG(SSH_LOG_TRACE, "Unknown hash type %d", sig->hash_type); - ssh_set_error(session, - SSH_FATAL, - "Unexpected hash type %d during RSA verify", - sig->hash_type); - return SSH_ERROR; - } rc = RSA_verify(nid, hash, hlen, @@ -1922,16 +1949,6 @@ int pki_signature_verify(ssh_session session, return SSH_ERROR; } break; - case SSH_KEYTYPE_ED25519: - case SSH_KEYTYPE_ED25519_CERT01: - rc = pki_ed25519_verify(key, sig, hash, hlen); - if (rc != SSH_OK){ - ssh_set_error(session, - SSH_FATAL, - "ed25519 signature verification error"); - return SSH_ERROR; - } - break; case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P521: @@ -2040,6 +2057,11 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey, return NULL; } +#ifdef DEBUG_CRYPTO + SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d", + privkey->type_c, hash_type); +#endif + return sig; } |