diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-05-02 18:31:06 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-05-13 16:37:51 +0200 |
commit | db51fa1bc1ba757cef128268f1885934afc670e5 (patch) | |
tree | d9dc66a41edc9a3592a75f9f819600b6acb15ed0 /src | |
parent | d923dc39c19a443d2d8bc1aae688b2066b6faa6c (diff) | |
download | libssh-db51fa1bc1ba757cef128268f1885934afc670e5.tar.gz libssh-db51fa1bc1ba757cef128268f1885934afc670e5.tar.xz libssh-db51fa1bc1ba757cef128268f1885934afc670e5.zip |
pki: Use pki_sign_data() and pki_verify_data_signature()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/pki.c | 32 | ||||
-rw-r--r-- | src/pki_crypto.c | 151 | ||||
-rw-r--r-- | src/pki_gcrypt.c | 149 | ||||
-rw-r--r-- | src/pki_mbedcrypto.c | 82 |
4 files changed, 38 insertions, 376 deletions
@@ -2112,9 +2112,6 @@ ssh_signature pki_do_sign(const ssh_key privkey, size_t input_len, enum ssh_digest_e hash_type) { - unsigned char hash[SHA512_DIGEST_LEN] = {0}; - uint32_t hlen = 0; - if (privkey == NULL || input == NULL) { SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to " "pki_do_sign()"); @@ -2127,34 +2124,7 @@ ssh_signature pki_do_sign(const ssh_key privkey, return pki_do_sign_hash(privkey, input, input_len, SSH_DIGEST_AUTO); } - switch (hash_type) { - case SSH_DIGEST_SHA256: - sha256(input, input_len, hash); - hlen = SHA256_DIGEST_LEN; - break; - case SSH_DIGEST_SHA384: - sha384(input, input_len, hash); - hlen = SHA384_DIGEST_LEN; - break; - case SSH_DIGEST_SHA512: - sha512(input, input_len, hash); - hlen = SHA512_DIGEST_LEN; - break; - case SSH_DIGEST_AUTO: - case SSH_DIGEST_SHA1: - sha1(input, input_len, hash); - hlen = SHA_DIGEST_LEN; - break; - default: - SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d", - hash_type); - goto error; - } - - return pki_do_sign_hash(privkey, hash, hlen, hash_type); - -error: - return NULL; + return pki_sign_data(privkey, hash_type, input, input_len); } /* diff --git a/src/pki_crypto.c b/src/pki_crypto.c index b1f68a8b..40b81286 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1973,13 +1973,12 @@ int pki_signature_verify(ssh_session session, size_t input_len) { int rc; - int nid; - - unsigned char hash[SHA512_DIGEST_LEN] = {0}; - uint32_t hlen = 0; - const unsigned char *raw_sig_data = ssh_string_data(sig->raw_sig); - size_t raw_sig_len = ssh_string_len(sig->raw_sig); + if (session == NULL || sig == NULL || key == NULL || input == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to " + "pki_signature_verify()"); + return SSH_ERROR; + } if (ssh_key_type_plain(key->type) != sig->type) { SSH_LOG(SSH_LOG_WARN, @@ -1994,144 +1993,18 @@ int pki_signature_verify(ssh_session session, key->type == SSH_KEYTYPE_ED25519_CERT01) { rc = pki_ed25519_verify(key, sig, input, input_len); - if (rc != SSH_OK){ - ssh_set_error(session, - SSH_FATAL, - "ed25519 signature verification error"); - return SSH_ERROR; - } - - return SSH_OK; + } else { + /* For the other key types, calculate the hash and verify the signature */ + rc = pki_verify_data_signature(sig, key, input, input_len); } - /* For the other key types, calculate the hash and verify the signature */ - switch (sig->hash_type) { - case SSH_DIGEST_SHA256: - sha256(input, input_len, hash); - hlen = SHA256_DIGEST_LEN; - nid = NID_sha256; - break; - case SSH_DIGEST_SHA384: - sha384(input, input_len, hash); - hlen = SHA384_DIGEST_LEN; - nid = NID_sha384; - break; - case SSH_DIGEST_SHA512: - sha512(input, input_len, hash); - hlen = SHA512_DIGEST_LEN; - nid = NID_sha512; - break; - case SSH_DIGEST_AUTO: - case SSH_DIGEST_SHA1: - sha1(input, input_len, hash); - hlen = SHA_DIGEST_LEN; - nid = NID_sha1; - break; - default: - SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type); + if (rc != SSH_OK){ + ssh_set_error(session, + SSH_FATAL, + "Signature verification error"); return SSH_ERROR; } - switch (key->type) { - case SSH_KEYTYPE_DSS: - case SSH_KEYTYPE_DSS_CERT01: - { - DSA_SIG *dsa_sig; - - if (raw_sig_data == NULL) { - SSH_LOG(SSH_LOG_WARN, - "NULL raw signature found in provided signature"); - return SSH_ERROR; - } - - dsa_sig = d2i_DSA_SIG(NULL, &raw_sig_data, raw_sig_len); - if (dsa_sig == NULL) { - return SSH_ERROR; - } - - rc = DSA_do_verify(hash, - hlen, - dsa_sig, - key->dsa); - if (rc <= 0) { - DSA_SIG_free(dsa_sig); - ssh_set_error(session, - SSH_FATAL, - "DSA error: %s", - ERR_error_string(ERR_get_error(), NULL)); - return SSH_ERROR; - } - DSA_SIG_free(dsa_sig); - } - break; - case SSH_KEYTYPE_RSA: - case SSH_KEYTYPE_RSA1: - case SSH_KEYTYPE_RSA_CERT01: - if (raw_sig_data == NULL) { - SSH_LOG(SSH_LOG_WARN, - "NULL raw signature found in provided signature"); - return SSH_ERROR; - } - - rc = RSA_verify(nid, - hash, - hlen, - raw_sig_data, - raw_sig_len, - key->rsa); - if (rc <= 0) { - SSH_LOG(SSH_LOG_TRACE, "RSA verify failed"); - ssh_set_error(session, - SSH_FATAL, - "RSA error: %s", - ERR_error_string(ERR_get_error(), NULL)); - return SSH_ERROR; - } - break; - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: - case SSH_KEYTYPE_ECDSA_P256_CERT01: - case SSH_KEYTYPE_ECDSA_P384_CERT01: - case SSH_KEYTYPE_ECDSA_P521_CERT01: -#ifdef HAVE_OPENSSL_ECC - { - ECDSA_SIG *ecdsa_sig; - - if (raw_sig_data == NULL) { - SSH_LOG(SSH_LOG_WARN, - "NULL raw signature found in provided signature"); - return SSH_ERROR; - } - - ecdsa_sig = d2i_ECDSA_SIG(NULL, &raw_sig_data, raw_sig_len); - if (ecdsa_sig == NULL) { - return SSH_ERROR; - } - - rc = ECDSA_do_verify(hash, - hlen, - ecdsa_sig, - key->ecdsa); - if (rc <= 0) { - ECDSA_SIG_free(ecdsa_sig); - ssh_set_error(session, - SSH_FATAL, - "ECDSA error: %s", - ERR_error_string(ERR_get_error(), NULL)); - return SSH_ERROR; - } - ECDSA_SIG_free(ecdsa_sig); - } - break; -#endif - case SSH_KEYTYPE_UNKNOWN: - default: - SSH_LOG(SSH_LOG_TRACE, "Unknown key type"); - ssh_set_error(session, SSH_FATAL, "Unknown public key type"); - return SSH_ERROR; - } - return SSH_OK; } diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index c7c9f58e..39ef2e0b 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -2091,16 +2091,14 @@ int pki_signature_verify(ssh_session session, const unsigned char *input, size_t input_len) { - const char *hash_type = NULL; - gcry_sexp_t sexp; - gcry_error_t err; - - unsigned char ghash[SHA512_DIGEST_LEN + 1] = {0}; - unsigned char *hash = ghash + 1; - uint32_t hlen = 0; - int rc; + if (session == NULL || sig == NULL || key == NULL || input == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to " + "pki_signature_verify()"); + return SSH_ERROR; + } + if (ssh_key_type_plain(key->type) != sig->type) { SSH_LOG(SSH_LOG_WARN, "Can not verify %s signature with %s key", @@ -2114,139 +2112,18 @@ int pki_signature_verify(ssh_session session, key->type == SSH_KEYTYPE_ED25519_CERT01) { rc = pki_ed25519_verify(key, sig, input, input_len); - if (rc != SSH_OK){ - ssh_set_error(session, - SSH_FATAL, - "ed25519 signature verification error"); - return SSH_ERROR; - } - - return SSH_OK; + } else { + /* For the other key types, calculate the hash and verify the signature */ + rc = pki_verify_data_signature(sig, key, input, input_len); } - /* For the other key types, calculate the hash and verify the signature */ - switch (sig->hash_type) { - case SSH_DIGEST_SHA256: - sha256(input, input_len, hash); - hlen = SHA256_DIGEST_LEN; - hash_type = "sha256"; - break; - case SSH_DIGEST_SHA384: - sha384(input, input_len, hash); - hlen = SHA384_DIGEST_LEN; - hash_type = "sha384"; - break; - case SSH_DIGEST_SHA512: - sha512(input, input_len, hash); - hlen = SHA512_DIGEST_LEN; - hash_type = "sha512"; - break; - case SSH_DIGEST_AUTO: - case SSH_DIGEST_SHA1: - sha1(input, input_len, hash); - hlen = SHA_DIGEST_LEN; - hash_type = "sha1"; - break; - default: - SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type); + if (rc != SSH_OK){ + ssh_set_error(session, + SSH_FATAL, + "Signature verification error"); return SSH_ERROR; } - switch(key->type) { - case SSH_KEYTYPE_DSS: - case SSH_KEYTYPE_DSS_CERT01: - /* That is to mark the number as positive */ - if(hash[0] >= 0x80) { - hash = ghash; - hlen += 1; - } - - err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash); - if (err) { - ssh_set_error(session, - SSH_FATAL, - "DSA hash error: %s", gcry_strerror(err)); - return SSH_ERROR; - } - err = gcry_pk_verify(sig->dsa_sig, sexp, key->dsa); - gcry_sexp_release(sexp); - if (err) { - ssh_set_error(session, SSH_FATAL, "Invalid DSA signature"); - if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) { - ssh_set_error(session, - SSH_FATAL, - "DSA verify error: %s", - gcry_strerror(err)); - } - return SSH_ERROR; - } - break; - case SSH_KEYTYPE_RSA: - case SSH_KEYTYPE_RSA_CERT01: - err = gcry_sexp_build(&sexp, - NULL, - "(data(flags pkcs1)(hash %s %b))", - hash_type, hlen, hash); - if (err) { - ssh_set_error(session, - SSH_FATAL, - "RSA hash error: %s", - gcry_strerror(err)); - return SSH_ERROR; - } - err = gcry_pk_verify(sig->rsa_sig, sexp, key->rsa); - gcry_sexp_release(sexp); - if (err) { - ssh_set_error(session, SSH_FATAL, "Invalid RSA signature"); - if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) { - ssh_set_error(session, - SSH_FATAL, - "RSA verify error: %s", - gcry_strerror(err)); - } - return SSH_ERROR; - } - break; - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: - case SSH_KEYTYPE_ECDSA_P256_CERT01: - case SSH_KEYTYPE_ECDSA_P384_CERT01: - case SSH_KEYTYPE_ECDSA_P521_CERT01: -#ifdef HAVE_GCRYPT_ECC - err = gcry_sexp_build(&sexp, - NULL, - "(data(flags raw)(value %b))", - hlen, - hash); - if (err) { - ssh_set_error(session, - SSH_FATAL, - "ECDSA hash error: %s", - gcry_strerror(err)); - return SSH_ERROR; - } - err = gcry_pk_verify(sig->ecdsa_sig, sexp, key->ecdsa); - gcry_sexp_release(sexp); - if (err) { - ssh_set_error(session, SSH_FATAL, "Invalid ECDSA signature"); - if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) { - ssh_set_error(session, - SSH_FATAL, - "ECDSA verify error: %s", - gcry_strerror(err)); - } - return SSH_ERROR; - } - break; -#endif - case SSH_KEYTYPE_RSA1: - case SSH_KEYTYPE_UNKNOWN: - default: - ssh_set_error(session, SSH_FATAL, "Unknown public key type"); - return SSH_ERROR; - } - return SSH_OK; } diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index c0aff69e..37e21c98 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -1025,10 +1025,12 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const ssh_key key, const unsigned char *input, size_t input_len) { int rc; - mbedtls_md_type_t md = 0; - unsigned char hash[SHA512_DIGEST_LEN] = {0}; - uint32_t hlen = 0; + if (session == NULL || sig == NULL || key == NULL || input == NULL) { + SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to " + "pki_signature_verify()"); + return SSH_ERROR; + } if (ssh_key_type_plain(key->type) != sig->type) { SSH_LOG(SSH_LOG_WARN, @@ -1043,78 +1045,18 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const key->type == SSH_KEYTYPE_ED25519_CERT01) { rc = pki_ed25519_verify(key, sig, input, input_len); - if (rc != SSH_OK){ - ssh_set_error(session, - SSH_FATAL, - "ed25519 signature verification error"); - return SSH_ERROR; - } - - return SSH_OK; + } else { + /* For the other key types, calculate the hash and verify the signature */ + rc = pki_verify_data_signature(sig, key, input, input_len); } - /* For the other key types, calculate the hash and verify the signature */ - switch (sig->hash_type) { - case SSH_DIGEST_SHA256: - sha256(input, input_len, hash); - hlen = SHA256_DIGEST_LEN; - md = MBEDTLS_MD_SHA256; - break; - case SSH_DIGEST_SHA384: - sha384(input, input_len, hash); - hlen = SHA384_DIGEST_LEN; - md = MBEDTLS_MD_SHA384; - break; - case SSH_DIGEST_SHA512: - sha512(input, input_len, hash); - hlen = SHA512_DIGEST_LEN; - md = MBEDTLS_MD_SHA512; - break; - case SSH_DIGEST_AUTO: - case SSH_DIGEST_SHA1: - sha1(input, input_len, hash); - hlen = SHA_DIGEST_LEN; - md = MBEDTLS_MD_SHA1; - break; - default: - SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type); + if (rc != SSH_OK){ + ssh_set_error(session, + SSH_FATAL, + "Signature verification error"); return SSH_ERROR; } - switch (key->type) { - case SSH_KEYTYPE_RSA: - case SSH_KEYTYPE_RSA_CERT01: - rc = mbedtls_pk_verify(key->rsa, md, hash, hlen, - ssh_string_data(sig->rsa_sig), - ssh_string_len(sig->rsa_sig)); - if (rc != 0) { - char error_buf[100]; - mbedtls_strerror(rc, error_buf, 100); - ssh_set_error(session, SSH_FATAL, "RSA error: %s", error_buf); - return SSH_ERROR; - } - break; - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: - case SSH_KEYTYPE_ECDSA_P256_CERT01: - case SSH_KEYTYPE_ECDSA_P384_CERT01: - case SSH_KEYTYPE_ECDSA_P521_CERT01: - rc = mbedtls_ecdsa_verify(&key->ecdsa->grp, hash, hlen, - &key->ecdsa->Q, sig->ecdsa_sig.r, sig->ecdsa_sig.s); - if (rc != 0) { - char error_buf[100]; - mbedtls_strerror(rc, error_buf, 100); - ssh_set_error(session, SSH_FATAL, "ECDSA error: %s", error_buf); - return SSH_ERROR; - - } - break; - default: - ssh_set_error(session, SSH_FATAL, "Unknown public key type"); - return SSH_ERROR; - } - return SSH_OK; } |