aboutsummaryrefslogtreecommitdiff
path: root/src/pki_gcrypt.c
AgeCommit message (Collapse)AuthorFilesLines
2023-12-15pki: New API functions exporting (also ed25519 keys in different formats)Jakub Jelen1-26/+121
This also adds an fallback to OpenSSH file format in non-OpenSSL backends and OpenSSH-compatible private key export for writing OpenSSH private keys. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2023-12-05pki: Support comparing keys with certificatesJakub Jelen1-9/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2023-02-02Remove support for DSA KeysMohammad Shehar Yaar Tausif1-398/+5
Solving issue #110. The original work is at !231 Some changes were needed because the newly added features in master through time Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com> Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2023-01-25Do not build the PKCS#11 when disabledJakub Jelen1-0/+2
This prevents building the pkcs11-related functions and printing pkcs11-related log messages when the libssh is built without PKCS#11 support. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2022-10-12Fix various spelling issues reported by codespellJakub Jelen1-8/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-10-07SSH_LOG_TRACE: Recategorize loglevelsNorbert Pocs1-15/+15
Do not print out logs when no fatal error happens. This approach is similiar to openssh, when Error/Fatal does not print recoverable error logs. recategorized based on - SSH_LOG_TRACE are debug logs when error happens Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2022-08-25pki: Factor out the backend-specifics from cleaning the key structureJakub Jelen1-0/+17
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2022-05-12pki: Implement ssh_key_size to get key size in bitsJakub Jelen1-0/+31
Thanks to Harry Sintonen from WithSecure for pointing this out. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-11Add safety checks for all ssh_string_fill callsDirkjan Bussink1-7/+18
These calls can fail and the return code should always be checked. These issues were identified when code review called it out on new code. The updates here are to existing code with no behavior changes to make review simpler. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-09-29pki_gcrypt.c: Fix typo + inconsistency in warningPaul Capron1-2/+3
In function pki_signature_from_blob(), the warning message in case of an oversized RSA key was missing an ‘o’ (reading “to” instead of “too”). While we are here, make this oversized message the same than the ones found in pki_crypto.c & pki_mbedcrypto.c: put the expected size in it. The message in case of an _under_sized key include the expected size, so that’s more consistent in that regard too (and more informative!) Signed-off-by: Paul Capron <paul@fragara.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-11pki: add support for sk-ecdsa and sk-ed25519Sebastian Kinne1-6/+30
This adds server-side support for the newly introduced OpenSSH keytypes sk-ecdsa-sha2-nistp256@openssh.com and sk-ed25519@openssh.com (including their corresponding certificates), which are backed by U2F/FIDO2 tokens. Change-Id: Ib73425c572601c3002be45974e6ea051f1d7efdc Signed-off-by: Sebastian Kinne <skinne@google.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-02-11pki: fix `pki_key_ecdsa_to_key_type` thread-safetyJon Simons1-1/+1
Resolves https://bugs.libssh.org/T214. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-23pki_gcrypt: Warn about unsupported PEM export in gcryptJakub Jelen1-0/+2
Based on the following mail thread: https://www.libssh.org/archive/libssh/2019-12/0000027.html Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-23pki_gcrypt: Do not confuse static analyzersJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-20src: Implements PKCS11 URI supportSahana Prasad1-0/+9
Imports private and public keys from the engine via PKCS11 URIs. Uses the imported keys to authenticate to the ssh server. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09pki_gcrypt: Use SSH_BUFFER_FREE()Andreas Schneider1-39/+39
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09pki_gcrypt: Use SSS_STRING_FREE()Andreas Schneider1-32/+32
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09SSH-01-007: Fix possible double free of ssh stringsAndreas Schneider1-15/+15
Fixes T183 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki: Remove unused function pki_signature_verify()Anderson Toshiyuki Sasaki1-41/+0
This removes unused function pki_signature_verify() from pki_{crypto, mbedcrypto, gcrypt}. The function was also removed from include/libssh/pki_priv.h. The function ssh_pki_signature_verify() was changed to receive a const unsigned char *input. All tests calling pki_signature_verify() were changed to call ssh_pki_signature_verify() instead. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki: Move common Ed25519 functions to pki_ed25519_common.cAnderson Toshiyuki Sasaki1-2/+2
This is a preparation to use the Ed25519 implementation from OpenSSL. The function pki_ed25519_sig_to_blob() was renamed to pki_ed25519_signature_to_blob() and pki_ed25519_sig_from_blob() was renamed to pki_signature_from_ed25519_blob() to follow the naming for other algorithms. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24pki_gcrypt: Do not treat Ed25519 as a special caseAnderson Toshiyuki Sasaki1-10/+37
Verify the Ed25519 signature in pki_verify_data_signature() along with the other signature types. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-30Replace ssh_print_hexa() with ssh_log_hexdump()Anderson Toshiyuki Sasaki1-4/+4
Replace all occurrences of the deprecated function ssh_print_hexa() with the introduced ssh_log_hexdump(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13pki_gcrypt: Do not compare private parts when comparing public keysJakub Jelen1-2/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13pki: Fail to sign when using wrong hash algorithmAnderson Toshiyuki Sasaki1-4/+25
Do not allow using SSH_DIGEST_AUTO for any algorithm other than ed25519. Do not allow using incompatible hash algorithms when signing or verifying signatures. Added negative tests for all combinations of signature and hash algorithms. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13pki: Use pki_sign_data() and pki_verify_data_signature()Anderson Toshiyuki Sasaki1-136/+13
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13pki_gcrypt: Added pki_sign_data() and pki_verify_data_signature()Anderson Toshiyuki Sasaki1-0/+207
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13auth, pki: Calculate hash internally when signing/verifyingAnderson Toshiyuki Sasaki1-32/+51
This makes pki_do_sign() and pki_signature_verify() to receive the original input instead of the pre-calculated hash. The hash is then calculated internally. The hash to be used inside the signature is decided earlier, when all the information about the signature to be generated/verified is available. Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid(). The tests were modified to use pki_do_sign() instead of pki_do_sign_hash(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13pki: Remove duplicate and unused codeAnderson Toshiyuki Sasaki1-113/+0
Remove duplicate code previously used only in server side to generate signatures. Currently the code used to generate the signature is the same for both client and server. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13pki: Refactor ssh_pki_do_sign()Anderson Toshiyuki Sasaki1-6/+0
Added ECDSA key types to ssh_key_type_to_hash(). Refactor ssh_pki_do_sign() without behaviour changes. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-17pki: allow certificates to be used in signature verificationBen Toews1-2/+8
A number of places checked that the signature type matched the key type. We losen these checks to, for example, allow an RSA signature with an RSA-cert key. Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17pki: support ECDSA/ED25519 certificatesBen Toews1-0/+4
As with RSA/DSS, support is still quite limited. This is mostly about adding new ssh_keytypes_e values and updating sites that check keys' types. Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17libssh: deprecate SSH_KEYTYPE_ECDSABen Toews1-30/+77
This type is imprecise. We often need the ecdsa_nid in addition to the key type in order to do anything. We replace this singluar ECDSA type with one type per curve. Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22pki_gcrypt: Include missing stdbool.hAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-21pki: Fix size type for len in privatekey_string_to_buffer()Andreas Schneider1-7/+21
src/pki_gcrypt.c:485:10: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow] Fixes T132 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki: Sanitize input to verificationJakub Jelen1-0/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki: Verify the provided public key has expected typeJakub Jelen1-0/+8
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki: Set correct type for imported signaturesJakub Jelen1-1/+2
Issue reported by Tilo Eckert <tilo.eckert@flam.de> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30The largest ECDSA key has 521 bitsJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30pki_gcrypt: Do not abort on bad signatureJakub Jelen1-1/+0
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16src: Fix typosAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18pki: Allow reading keys in new OpenSSH formatJakub Jelen1-0/+66
This implements reading the OpenSSH key format accross the cryptographic backends. Most of the code is shared and moved to pki.c, just the building of the keys is implemented in pki_privkey_build_*() functions. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31pki: Support RSA SHA2 signatures of sessionid for serverJakub Jelen1-4/+29
This involves mostly creation of host keys proofs but needs to follow the same procedure as the client authentication signatures. At the same time, the SHA2 extension is enabled in the pkd so we are able to atomicaly provide correct signatures and pass tests. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31pki: RSA signatures with SHA2 hash algorithms (RFC 8332)Jakub Jelen1-4/+31
* This change introduces a new API to request signature using one key and different hash algorithms. This is used only with RSA keys, that used to have SHA1 hardcoded, but the new algorithsms allow to use the SHA2 hashes, if the extension is negotiated. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31pki: Support RSA verification using different hash algorithmsJakub Jelen1-3/+26
This changes the private API by adding one more argument to function pki_signature_from_blob() Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03Remove internal calls to ssh_initAnderson Toshiyuki Sasaki1-5/+0
Since the call is made automatically when the library is loaded, these calls are no longer required (if the library is not linked statically). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05bignum: Make bignum_free saferAris Adamantiadis1-4/+4
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-40/+10
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-28Remove vim modelines from all filesAndreas Schneider1-2/+0
If you want modelines use my vim plugin: https://github.com/cryptomilk/git-modeline.vim git config --add vim.modeline "ts=4 sw=4 et" Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-18pki_gcrypt: Use calloc() instead of malloc()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-09pki_gcrypt: Fix memory leak.Justus Winter1-0/+4
* src/pki_gcrypt.c (pki_key_ecdsa_to_nid): Release 'sexp'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>