auth, pki: Calculate hash internally when signing/verifying

This makes pki_do_sign() and pki_signature_verify() to receive the original input instead of the pre-calculated hash. The hash is then calculated internally. The hash to be used inside the signature is decided earlier, when all the information about the signature to be generated/verified is available. Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid(). The tests were modified to use pki_do_sign() instead of pki_do_sign_hash(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-09 18:04:25 +09:00 · 2019-04-29 16:29:16 +02:00
parent 58b3b2696c
commit 76f9808eb2
13 changed files with 264 additions and 277 deletions
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1856,12 +1856,15 @@ error:
 int pki_signature_verify(ssh_session session,
                         const ssh_signature sig,
                         const ssh_key key,
-                         const unsigned char *hash,
-                         size_t hlen)
+                         const unsigned char *input,
+                         size_t input_len)
 {
    int rc;
    int nid;

+    unsigned char hash[SHA512_DIGEST_LEN] = {0};
+    uint32_t hlen = 0;
+
    if (ssh_key_type_plain(key->type) != sig->type) {
        SSH_LOG(SSH_LOG_WARN,
                "Can not verify %s signature with %s key",
@@ -1870,6 +1873,49 @@ int pki_signature_verify(ssh_session session,
        return SSH_ERROR;
    }

+    /* For ed25519 keys, verify using the input directly */
+    if (key->type == SSH_KEYTYPE_ED25519 ||
+        key->type == SSH_KEYTYPE_ED25519_CERT01)
+    {
+        rc = pki_ed25519_verify(key, sig, input, input_len);
+        if (rc != SSH_OK){
+            ssh_set_error(session,
+                    SSH_FATAL,
+                    "ed25519 signature verification error");
+            return SSH_ERROR;
+        }
+
+        return SSH_OK;
+    }
+
+    /* For the other key types, calculate the hash and verify the signature */
+    switch (sig->hash_type) {
+    case SSH_DIGEST_SHA256:
+        sha256(input, input_len, hash);
+        hlen = SHA256_DIGEST_LEN;
+        nid = NID_sha256;
+        break;
+    case SSH_DIGEST_SHA384:
+        sha384(input, input_len, hash);
+        hlen = SHA384_DIGEST_LEN;
+        nid = NID_sha384;
+        break;
+    case SSH_DIGEST_SHA512:
+        sha512(input, input_len, hash);
+        hlen = SHA512_DIGEST_LEN;
+        nid = NID_sha512;
+        break;
+    case SSH_DIGEST_AUTO:
+    case SSH_DIGEST_SHA1:
+        sha1(input, input_len, hash);
+        hlen = SHA_DIGEST_LEN;
+        nid = NID_sha1;
+        break;
+    default:
+        SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", sig->hash_type);
+        return SSH_ERROR;
+    }
+
    switch (key->type) {
        case SSH_KEYTYPE_DSS:
        case SSH_KEYTYPE_DSS_CERT01:
@@ -1888,25 +1934,6 @@ int pki_signature_verify(ssh_session session,
        case SSH_KEYTYPE_RSA:
        case SSH_KEYTYPE_RSA1:
        case SSH_KEYTYPE_RSA_CERT01:
-            switch (sig->hash_type) {
-            case SSH_DIGEST_AUTO:
-            case SSH_DIGEST_SHA1:
-                nid = NID_sha1;
-                break;
-            case SSH_DIGEST_SHA256:
-                nid = NID_sha256;
-                break;
-            case SSH_DIGEST_SHA512:
-                nid = NID_sha512;
-                break;
-            default:
-                SSH_LOG(SSH_LOG_TRACE, "Unknown hash type %d", sig->hash_type);
-                ssh_set_error(session,
-                              SSH_FATAL,
-                              "Unexpected hash type %d during RSA verify",
-                              sig->hash_type);
-                return SSH_ERROR;
-            }
            rc = RSA_verify(nid,
                            hash,
                            hlen,
@@ -1922,16 +1949,6 @@ int pki_signature_verify(ssh_session session,
                return SSH_ERROR;
            }
            break;
-        case SSH_KEYTYPE_ED25519:
-        case SSH_KEYTYPE_ED25519_CERT01:
-            rc = pki_ed25519_verify(key, sig, hash, hlen);
-            if (rc != SSH_OK){
-                ssh_set_error(session,
-                              SSH_FATAL,
-                              "ed25519 signature verification error");
-                return SSH_ERROR;
-            }
-            break;
        case SSH_KEYTYPE_ECDSA_P256:
        case SSH_KEYTYPE_ECDSA_P384:
        case SSH_KEYTYPE_ECDSA_P521:
@@ -2040,6 +2057,11 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
            return NULL;
    }

+#ifdef DEBUG_CRYPTO
+        SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d",
+                privkey->type_c, hash_type);
+#endif
+
    return sig;
 }