aboutsummaryrefslogtreecommitdiff
path: root/src/pki_crypto.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-08-07 12:17:29 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-08-31 14:18:34 +0200
commitfa60827840d893187c32a6de538c3955b46256ac (patch)
tree17ec533fc97327d2754813a63c6220f2af7f5fcb /src/pki_crypto.c
parent761225712a28d70adea7a2b872c265bc98a83511 (diff)
downloadlibssh-fa60827840d893187c32a6de538c3955b46256ac.tar.gz
libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.xz
libssh-fa60827840d893187c32a6de538c3955b46256ac.zip
pki: Support RSA verification using different hash algorithms
This changes the private API by adding one more argument to function pki_signature_from_blob() Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_crypto.c')
-rw-r--r--src/pki_crypto.c30
1 files changed, 27 insertions, 3 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 7494b162..b41dcb3f 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1409,7 +1409,8 @@ errout:
ssh_signature pki_signature_from_blob(const ssh_key pubkey,
const ssh_string sig_blob,
- enum ssh_keytypes_e type)
+ enum ssh_keytypes_e type,
+ enum ssh_digest_e hash_type)
{
ssh_signature sig;
ssh_string r;
@@ -1424,7 +1425,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
- sig->type_c = ssh_key_type_to_char(type);
+ sig->hash_type = hash_type;
+ sig->type_c = ssh_key_signature_to_char(type, hash_type);
len = ssh_string_len(sig_blob);
@@ -1598,6 +1600,7 @@ int pki_signature_verify(ssh_session session,
size_t hlen)
{
int rc;
+ int nid;
switch(key->type) {
case SSH_KEYTYPE_DSS:
@@ -1615,13 +1618,33 @@ int pki_signature_verify(ssh_session session,
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
- rc = RSA_verify(NID_sha1,
+ switch (sig->hash_type) {
+ case SSH_DIGEST_AUTO:
+ case SSH_DIGEST_SHA1:
+ nid = NID_sha1;
+ break;
+ case SSH_DIGEST_SHA256:
+ nid = NID_sha256;
+ break;
+ case SSH_DIGEST_SHA512:
+ nid = NID_sha512;
+ break;
+ default:
+ SSH_LOG(SSH_LOG_TRACE, "Unknown hash type %d", sig->hash_type);
+ ssh_set_error(session,
+ SSH_FATAL,
+ "Unexpected hash type %d during RSA verify",
+ sig->hash_type);
+ return SSH_ERROR;
+ }
+ rc = RSA_verify(nid,
hash,
hlen,
ssh_string_data(sig->rsa_sig),
ssh_string_len(sig->rsa_sig),
key->rsa);
if (rc <= 0) {
+ SSH_LOG(SSH_LOG_TRACE, "RSA verify failed");
ssh_set_error(session,
SSH_FATAL,
"RSA error: %s",
@@ -1655,6 +1678,7 @@ int pki_signature_verify(ssh_session session,
#endif
case SSH_KEYTYPE_UNKNOWN:
default:
+ SSH_LOG(SSH_LOG_TRACE, "Unknown key type");
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
return SSH_ERROR;
}