diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-08-07 12:17:29 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-08-31 14:18:34 +0200 |
commit | fa60827840d893187c32a6de538c3955b46256ac (patch) | |
tree | 17ec533fc97327d2754813a63c6220f2af7f5fcb /src/pki_mbedcrypto.c | |
parent | 761225712a28d70adea7a2b872c265bc98a83511 (diff) | |
download | libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.gz libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.xz libssh-fa60827840d893187c32a6de538c3955b46256ac.zip |
pki: Support RSA verification using different hash algorithms
This changes the private API by adding one more argument to function
pki_signature_from_blob()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_mbedcrypto.c')
-rw-r--r-- | src/pki_mbedcrypto.c | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 6dbaa56f..57465009 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -825,8 +825,10 @@ errout: ssh_signature_free(sig); return NULL; } -ssh_signature pki_signature_from_blob(const ssh_key pubkey, const ssh_string - sig_blob, enum ssh_keytypes_e type) +ssh_signature pki_signature_from_blob(const ssh_key pubkey, + const ssh_string sig_blob, + enum ssh_keytypes_e type, + enum ssh_digest_e hash_type) { ssh_signature sig = NULL; int rc; @@ -837,7 +839,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, const ssh_string } sig->type = type; - sig->type_c = ssh_key_type_to_char(type); + sig->hash_type = hash_type; + sig->type_c = ssh_key_signature_to_char(type, hash_type); switch(type) { case SSH_KEYTYPE_RSA: @@ -930,10 +933,30 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const ssh_key key, const unsigned char *hash, size_t hlen) { int rc; + mbedtls_md_type_t md = 0; switch (key->type) { case SSH_KEYTYPE_RSA: - rc = mbedtls_pk_verify(key->rsa, MBEDTLS_MD_SHA1, hash, hlen, + switch (sig->hash_type) { + case SSH_DIGEST_SHA1: + case SSH_DIGEST_AUTO: + md = MBEDTLS_MD_SHA1; + break; + case SSH_DIGEST_SHA256: + md = MBEDTLS_MD_SHA256; + break; + case SSH_DIGEST_SHA512: + md = MBEDTLS_MD_SHA512; + break; + default: + SSH_LOG(SSH_LOG_TRACE, "Unknown sig type %d", sig->hash_type); + ssh_set_error(session, + SSH_FATAL, + "Unexpected signature hash type %d during RSA verify", + sig->hash_type); + return SSH_ERROR; + } + rc = mbedtls_pk_verify(key->rsa, md, hash, hlen, ssh_string_data(sig->rsa_sig), ssh_string_len(sig->rsa_sig)); if (rc != 0) { |