pki: Support RSA verification using different hash algorithms

This changes the private API by adding one more argument to function pki_signature_from_blob() Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Jakub Jelen <jjelen@redhat.com> 2018-08-07 12:17:29 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2018-08-31 14:18:34 +0200
commit: fa60827840d893187c32a6de538c3955b46256ac (patch)
tree: 17ec533fc97327d2754813a63c6220f2af7f5fcb /src/pki_mbedcrypto.c
parent: 761225712a28d70adea7a2b872c265bc98a83511 (diff)
download: libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.gz
libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.xz
libssh-fa60827840d893187c32a6de538c3955b46256ac.zip
1 files changed, 27 insertions, 4 deletions
diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c
index 6dbaa56f..57465009 100644
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -825,8 +825,10 @@ errout:
     ssh_signature_free(sig);
     return NULL;
 }
-ssh_signature pki_signature_from_blob(const ssh_key pubkey, const ssh_string
-        sig_blob, enum ssh_keytypes_e type)
+ssh_signature pki_signature_from_blob(const ssh_key pubkey,
+                                      const ssh_string sig_blob,
+                                      enum ssh_keytypes_e type,
+                                      enum ssh_digest_e hash_type)
 {
     ssh_signature sig = NULL;
     int rc;
@@ -837,7 +839,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, const ssh_string
     }
 
     sig->type = type;
-    sig->type_c = ssh_key_type_to_char(type);
+    sig->hash_type = hash_type;
+    sig->type_c = ssh_key_signature_to_char(type, hash_type);
 
     switch(type) {
         case SSH_KEYTYPE_RSA:
@@ -930,10 +933,30 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
         ssh_key key, const unsigned char *hash, size_t hlen)
 {
     int rc;
+    mbedtls_md_type_t md = 0;
 
     switch (key->type) {
         case SSH_KEYTYPE_RSA:
-            rc = mbedtls_pk_verify(key->rsa, MBEDTLS_MD_SHA1, hash, hlen,
+            switch (sig->hash_type) {
+            case SSH_DIGEST_SHA1:
+            case SSH_DIGEST_AUTO:
+                md = MBEDTLS_MD_SHA1;
+                break;
+            case SSH_DIGEST_SHA256:
+                md = MBEDTLS_MD_SHA256;
+                break;
+            case SSH_DIGEST_SHA512:
+                md = MBEDTLS_MD_SHA512;
+                break;
+            default:
+                SSH_LOG(SSH_LOG_TRACE, "Unknown sig type %d", sig->hash_type);
+                ssh_set_error(session,
+                              SSH_FATAL,
+                              "Unexpected signature hash type %d during RSA verify",
+                              sig->hash_type);
+                return SSH_ERROR;
+            }
+            rc = mbedtls_pk_verify(key->rsa, md, hash, hlen,
                     ssh_string_data(sig->rsa_sig),
                     ssh_string_len(sig->rsa_sig));
             if (rc != 0) {
author	Jakub Jelen <jjelen@redhat.com>	2018-08-07 12:17:29 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2018-08-31 14:18:34 +0200
commit	fa60827840d893187c32a6de538c3955b46256ac (patch)
tree	17ec533fc97327d2754813a63c6220f2af7f5fcb /src/pki_mbedcrypto.c
parent	761225712a28d70adea7a2b872c265bc98a83511 (diff)
download	libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.gz libssh-fa60827840d893187c32a6de538c3955b46256ac.tar.xz libssh-fa60827840d893187c32a6de538c3955b46256ac.zip