lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

pki: Use pki_sign_data() and pki_verify_data_signature()

Browse Source 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-05-02 18:31:06 +02:00
committed by Andreas Schneider
parent d923dc39c1
commit db51fa1bc1
4 changed files with 38 additions and 376 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/pki.c
View File

@@ -2112,9 +2112,6 @@ ssh_signature pki_do_sign(const ssh_key privkey,
size_t input_len,
enum ssh_digest_e hash_type)
{
unsigned char hash[SHA512_DIGEST_LEN] = {0};
uint32_t hlen = 0;
if (privkey == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_do_sign()");
@@ -2127,34 +2124,7 @@ ssh_signature pki_do_sign(const ssh_key privkey,
return pki_do_sign_hash(privkey, input, input_len, SSH_DIGEST_AUTO);
}
switch (hash_type) {
case SSH_DIGEST_SHA256:
sha256(input, input_len, hash);
hlen = SHA256_DIGEST_LEN;
break;
case SSH_DIGEST_SHA384:
sha384(input, input_len, hash);
hlen = SHA384_DIGEST_LEN;
break;
case SSH_DIGEST_SHA512:
sha512(input, input_len, hash);
hlen = SHA512_DIGEST_LEN;
break;
case SSH_DIGEST_AUTO:
case SSH_DIGEST_SHA1:
sha1(input, input_len, hash);
hlen = SHA_DIGEST_LEN;
break;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
hash_type);
goto error;
}
return pki_do_sign_hash(privkey, hash, hlen, hash_type);
error:
return NULL;
return pki_sign_data(privkey, hash_type, input, input_len);
}
/*

149
src/pki_crypto.c
View File

@@ -1973,13 +1973,12 @@ int pki_signature_verify(ssh_session session,
size_t input_len)
{
int rc;
int nid;
unsigned char hash[SHA512_DIGEST_LEN] = {0};
uint32_t hlen = 0;
const unsigned char *raw_sig_data = ssh_string_data(sig->raw_sig);
size_t raw_sig_len = ssh_string_len(sig->raw_sig);
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_signature_verify()");
return SSH_ERROR;
}
if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN,
@@ -1994,141 +1993,15 @@ int pki_signature_verify(ssh_session session,
key->type == SSH_KEYTYPE_ED25519_CERT01)
{
rc = pki_ed25519_verify(key, sig, input, input_len);
} else {
/* For the other key types, calculate the hash and verify the signature */
rc = pki_verify_data_signature(sig, key, input, input_len);
}
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"ed25519 signature verification error");
return SSH_ERROR;
}
return SSH_OK;
}
/* For the other key types, calculate the hash and verify the signature */
switch (sig->hash_type) {
case SSH_DIGEST_SHA256:
sha256(input, input_len, hash);
hlen = SHA256_DIGEST_LEN;
nid = NID_sha256;
break;
case SSH_DIGEST_SHA384:
sha384(input, input_len, hash);
hlen = SHA384_DIGEST_LEN;
nid = NID_sha384;
break;
case SSH_DIGEST_SHA512:
sha512(input, input_len, hash);
hlen = SHA512_DIGEST_LEN;
nid = NID_sha512;
break;
case SSH_DIGEST_AUTO:
case SSH_DIGEST_SHA1:
sha1(input, input_len, hash);
hlen = SHA_DIGEST_LEN;
nid = NID_sha1;
break;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
return SSH_ERROR;
}
switch (key->type) {
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_DSS_CERT01:
{
DSA_SIG *dsa_sig;
if (raw_sig_data == NULL) {
SSH_LOG(SSH_LOG_WARN,
"NULL raw signature found in provided signature");
return SSH_ERROR;
}
dsa_sig = d2i_DSA_SIG(NULL, &raw_sig_data, raw_sig_len);
if (dsa_sig == NULL) {
return SSH_ERROR;
}
rc = DSA_do_verify(hash,
hlen,
dsa_sig,
key->dsa);
if (rc <= 0) {
DSA_SIG_free(dsa_sig);
ssh_set_error(session,
SSH_FATAL,
"DSA error: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
DSA_SIG_free(dsa_sig);
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_RSA_CERT01:
if (raw_sig_data == NULL) {
SSH_LOG(SSH_LOG_WARN,
"NULL raw signature found in provided signature");
return SSH_ERROR;
}
rc = RSA_verify(nid,
hash,
hlen,
raw_sig_data,
raw_sig_len,
key->rsa);
if (rc <= 0) {
SSH_LOG(SSH_LOG_TRACE, "RSA verify failed");
ssh_set_error(session,
SSH_FATAL,
"RSA error: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
case SSH_KEYTYPE_ECDSA_P256_CERT01:
case SSH_KEYTYPE_ECDSA_P384_CERT01:
case SSH_KEYTYPE_ECDSA_P521_CERT01:
#ifdef HAVE_OPENSSL_ECC
{
ECDSA_SIG *ecdsa_sig;
if (raw_sig_data == NULL) {
SSH_LOG(SSH_LOG_WARN,
"NULL raw signature found in provided signature");
return SSH_ERROR;
}
ecdsa_sig = d2i_ECDSA_SIG(NULL, &raw_sig_data, raw_sig_len);
if (ecdsa_sig == NULL) {
return SSH_ERROR;
}
rc = ECDSA_do_verify(hash,
hlen,
ecdsa_sig,
key->ecdsa);
if (rc <= 0) {
ECDSA_SIG_free(ecdsa_sig);
ssh_set_error(session,
SSH_FATAL,
"ECDSA error: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
ECDSA_SIG_free(ecdsa_sig);
}
break;
#endif
case SSH_KEYTYPE_UNKNOWN:
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown key type");
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
"Signature verification error");
return SSH_ERROR;
}

147
src/pki_gcrypt.c
View File

@@ -2091,16 +2091,14 @@ int pki_signature_verify(ssh_session session,
const unsigned char *input,
size_t input_len)
{
const char *hash_type = NULL;
gcry_sexp_t sexp;
gcry_error_t err;
unsigned char ghash[SHA512_DIGEST_LEN + 1] = {0};
unsigned char *hash = ghash + 1;
uint32_t hlen = 0;
int rc;
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_signature_verify()");
return SSH_ERROR;
}
if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN,
"Can not verify %s signature with %s key",
@@ -2114,136 +2112,15 @@ int pki_signature_verify(ssh_session session,
key->type == SSH_KEYTYPE_ED25519_CERT01)
{
rc = pki_ed25519_verify(key, sig, input, input_len);
} else {
/* For the other key types, calculate the hash and verify the signature */
rc = pki_verify_data_signature(sig, key, input, input_len);
}
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"ed25519 signature verification error");
return SSH_ERROR;
}
return SSH_OK;
}
/* For the other key types, calculate the hash and verify the signature */
switch (sig->hash_type) {
case SSH_DIGEST_SHA256:
sha256(input, input_len, hash);
hlen = SHA256_DIGEST_LEN;
hash_type = "sha256";
break;
case SSH_DIGEST_SHA384:
sha384(input, input_len, hash);
hlen = SHA384_DIGEST_LEN;
hash_type = "sha384";
break;
case SSH_DIGEST_SHA512:
sha512(input, input_len, hash);
hlen = SHA512_DIGEST_LEN;
hash_type = "sha512";
break;
case SSH_DIGEST_AUTO:
case SSH_DIGEST_SHA1:
sha1(input, input_len, hash);
hlen = SHA_DIGEST_LEN;
hash_type = "sha1";
break;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
return SSH_ERROR;
}
switch(key->type) {
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_DSS_CERT01:
/* That is to mark the number as positive */
if(hash[0] >= 0x80) {
hash = ghash;
hlen += 1;
}
err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
if (err) {
ssh_set_error(session,
SSH_FATAL,
"DSA hash error: %s", gcry_strerror(err));
return SSH_ERROR;
}
err = gcry_pk_verify(sig->dsa_sig, sexp, key->dsa);
gcry_sexp_release(sexp);
if (err) {
ssh_set_error(session, SSH_FATAL, "Invalid DSA signature");
if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) {
ssh_set_error(session,
SSH_FATAL,
"DSA verify error: %s",
gcry_strerror(err));
}
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA_CERT01:
err = gcry_sexp_build(&sexp,
NULL,
"(data(flags pkcs1)(hash %s %b))",
hash_type, hlen, hash);
if (err) {
ssh_set_error(session,
SSH_FATAL,
"RSA hash error: %s",
gcry_strerror(err));
return SSH_ERROR;
}
err = gcry_pk_verify(sig->rsa_sig, sexp, key->rsa);
gcry_sexp_release(sexp);
if (err) {
ssh_set_error(session, SSH_FATAL, "Invalid RSA signature");
if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) {
ssh_set_error(session,
SSH_FATAL,
"RSA verify error: %s",
gcry_strerror(err));
}
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
case SSH_KEYTYPE_ECDSA_P256_CERT01:
case SSH_KEYTYPE_ECDSA_P384_CERT01:
case SSH_KEYTYPE_ECDSA_P521_CERT01:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,
"(data(flags raw)(value %b))",
hlen,
hash);
if (err) {
ssh_set_error(session,
SSH_FATAL,
"ECDSA hash error: %s",
gcry_strerror(err));
return SSH_ERROR;
}
err = gcry_pk_verify(sig->ecdsa_sig, sexp, key->ecdsa);
gcry_sexp_release(sexp);
if (err) {
ssh_set_error(session, SSH_FATAL, "Invalid ECDSA signature");
if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) {
ssh_set_error(session,
SSH_FATAL,
"ECDSA verify error: %s",
gcry_strerror(err));
}
return SSH_ERROR;
}
break;
#endif
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN:
default:
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
"Signature verification error");
return SSH_ERROR;
}

80
src/pki_mbedcrypto.c
View File

@@ -1025,10 +1025,12 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
ssh_key key, const unsigned char *input, size_t input_len)
{
int rc;
mbedtls_md_type_t md = 0;
unsigned char hash[SHA512_DIGEST_LEN] = {0};
uint32_t hlen = 0;
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
"pki_signature_verify()");
return SSH_ERROR;
}
if (ssh_key_type_plain(key->type) != sig->type) {
SSH_LOG(SSH_LOG_WARN,
@@ -1043,75 +1045,15 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
key->type == SSH_KEYTYPE_ED25519_CERT01)
{
rc = pki_ed25519_verify(key, sig, input, input_len);
} else {
/* For the other key types, calculate the hash and verify the signature */
rc = pki_verify_data_signature(sig, key, input, input_len);
}
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"ed25519 signature verification error");
return SSH_ERROR;
}
return SSH_OK;
}
/* For the other key types, calculate the hash and verify the signature */
switch (sig->hash_type) {
case SSH_DIGEST_SHA256:
sha256(input, input_len, hash);
hlen = SHA256_DIGEST_LEN;
md = MBEDTLS_MD_SHA256;
break;
case SSH_DIGEST_SHA384:
sha384(input, input_len, hash);
hlen = SHA384_DIGEST_LEN;
md = MBEDTLS_MD_SHA384;
break;
case SSH_DIGEST_SHA512:
sha512(input, input_len, hash);
hlen = SHA512_DIGEST_LEN;
md = MBEDTLS_MD_SHA512;
break;
case SSH_DIGEST_AUTO:
case SSH_DIGEST_SHA1:
sha1(input, input_len, hash);
hlen = SHA_DIGEST_LEN;
md = MBEDTLS_MD_SHA1;
break;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
return SSH_ERROR;
}
switch (key->type) {
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA_CERT01:
rc = mbedtls_pk_verify(key->rsa, md, hash, hlen,
ssh_string_data(sig->rsa_sig),
ssh_string_len(sig->rsa_sig));
if (rc != 0) {
char error_buf[100];
mbedtls_strerror(rc, error_buf, 100);
ssh_set_error(session, SSH_FATAL, "RSA error: %s", error_buf);
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
case SSH_KEYTYPE_ECDSA_P256_CERT01:
case SSH_KEYTYPE_ECDSA_P384_CERT01:
case SSH_KEYTYPE_ECDSA_P521_CERT01:
rc = mbedtls_ecdsa_verify(&key->ecdsa->grp, hash, hlen,
&key->ecdsa->Q, sig->ecdsa_sig.r, sig->ecdsa_sig.s);
if (rc != 0) {
char error_buf[100];
mbedtls_strerror(rc, error_buf, 100);
ssh_set_error(session, SSH_FATAL, "ECDSA error: %s", error_buf);
return SSH_ERROR;
}
break;
default:
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
"Signature verification error");
return SSH_ERROR;
}