auth, pki: Calculate hash internally when signing/verifying

This makes pki_do_sign() and pki_signature_verify() to receive the original input instead of the pre-calculated hash. The hash is then calculated internally. The hash to be used inside the signature is decided earlier, when all the information about the signature to be generated/verified is available. Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid(). The tests were modified to use pki_do_sign() instead of pki_do_sign_hash(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 2019-04-29 16:29:16 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-05-13 16:37:51 +0200
commit: 76f9808eb2fa83376981cebba63b467fa3a8c4be (patch)
tree: 07b85c0332fad460568f46a0b65a01d44c00190f /src/pki_mbedcrypto.c
parent: 58b3b2696c9080dfbd21132a1b05604ef064d880 (diff)
download: libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.gz
libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.xz
libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.zip
1 files changed, 48 insertions, 30 deletions
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 735001e1..fc732668 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -1022,11 +1022,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
 }
 
 int pki_signature_verify(ssh_session session, const ssh_signature sig, const
-        ssh_key key, const unsigned char *hash, size_t hlen)
+        ssh_key key, const unsigned char *input, size_t input_len)
 {
     int rc;
     mbedtls_md_type_t md = 0;
 
+    unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    uint32_t hlen = 0;
+
     if (ssh_key_type_plain(key->type) != sig->type) {
         SSH_LOG(SSH_LOG_WARN,
                 "Can not verify %s signature with %s key",
@@ -1035,28 +1038,52 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
         return SSH_ERROR;
     }
 
+    /* For ed25519 keys, verify using the input directly */
+    if (key->type == SSH_KEYTYPE_ED25519 ||
+        key->type == SSH_KEYTYPE_ED25519_CERT01)
+    {
+        rc = pki_ed25519_verify(key, sig, input, input_len);
+        if (rc != SSH_OK){
+            ssh_set_error(session,
+                    SSH_FATAL,
+                    "ed25519 signature verification error");
+            return SSH_ERROR;
+        }
+
+        return SSH_OK;
+    }
+
+    /* For the other key types, calculate the hash and verify the signature */
+    switch (sig->hash_type) {
+    case SSH_DIGEST_SHA256:
+        sha256(input, input_len, hash);
+        hlen = SHA256_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA256;
+        break;
+    case SSH_DIGEST_SHA384:
+        sha384(input, input_len, hash);
+        hlen = SHA384_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA384;
+        break;
+    case SSH_DIGEST_SHA512:
+        sha512(input, input_len, hash);
+        hlen = SHA512_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA512;
+        break;
+    case SSH_DIGEST_AUTO:
+    case SSH_DIGEST_SHA1:
+        sha1(input, input_len, hash);
+        hlen = SHA_DIGEST_LEN;
+        md = MBEDTLS_MD_SHA1;
+        break;
+    default:
+        SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
+        return SSH_ERROR;
+    }
+
     switch (key->type) {
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA_CERT01:
-            switch (sig->hash_type) {
-            case SSH_DIGEST_SHA1:
-            case SSH_DIGEST_AUTO:
-                md = MBEDTLS_MD_SHA1;
-                break;
-            case SSH_DIGEST_SHA256:
-                md = MBEDTLS_MD_SHA256;
-                break;
-            case SSH_DIGEST_SHA512:
-                md = MBEDTLS_MD_SHA512;
-                break;
-            default:
-                SSH_LOG(SSH_LOG_TRACE, "Unknown sig type %d", sig->hash_type);
-                ssh_set_error(session,
-                              SSH_FATAL,
-                              "Unexpected signature hash type %d during RSA verify",
-                              sig->hash_type);
-                return SSH_ERROR;
-            }
             rc = mbedtls_pk_verify(key->rsa, md, hash, hlen,
                     ssh_string_data(sig->rsa_sig),
                     ssh_string_len(sig->rsa_sig));
@@ -1078,20 +1105,11 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
             if (rc != 0) {
                 char error_buf[100];
                 mbedtls_strerror(rc, error_buf, 100);
-                ssh_set_error(session, SSH_FATAL, "RSA error: %s", error_buf);
+                ssh_set_error(session, SSH_FATAL, "ECDSA error: %s", error_buf);
                 return SSH_ERROR;
 
             }
             break;
-        case SSH_KEYTYPE_ED25519:
-        case SSH_KEYTYPE_ED25519_CERT01:
-            rc = pki_ed25519_verify(key, sig, hash, hlen);
-            if (rc != SSH_OK) {
-                ssh_set_error(session, SSH_FATAL,
-                        "ed25519 signature verification error");
-                return SSH_ERROR;
-            }
-            break;
         default:
             ssh_set_error(session, SSH_FATAL, "Unknown public key type");
             return SSH_ERROR;
author	Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-04-29 16:29:16 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-05-13 16:37:51 +0200
commit	76f9808eb2fa83376981cebba63b467fa3a8c4be (patch)
tree	07b85c0332fad460568f46a0b65a01d44c00190f /src/pki_mbedcrypto.c
parent	58b3b2696c9080dfbd21132a1b05604ef064d880 (diff)
download	libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.gz libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.tar.xz libssh-76f9808eb2fa83376981cebba63b467fa3a8c4be.zip