shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-07 18:50:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

auth, pki: Calculate hash internally when signing/verifying

Browse Source 
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash.  The hash is then
calculated internally.

The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.

Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().

The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-04-29 16:29:16 +02:00
committed by Andreas Schneider
parent 58b3b2696c
commit 76f9808eb2
13 changed files with 264 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/unittests/torture_pki.c
View File

@@ -206,7 +206,7 @@ static void torture_pki_verify_mismatch(void **state)
sig_type, hash);
/* Create a valid signature using this key */
sign = pki_do_sign_hash(key, HASH, hash_length, hash);
sign = pki_do_sign(key, HASH, hash_length, hash);
assert_non_null(sign);
assert_int_equal(sign->type, key->type);
if (hash == SSH_DIGEST_AUTO) {

8
tests/unittests/torture_pki_dsa.c
View File

@@ -621,7 +621,7 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, DSA_HASH, 20);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -631,7 +631,7 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, DSA_HASH, 20);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -641,7 +641,7 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, DSA_HASH, 20);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -671,7 +671,7 @@ static void torture_pki_dsa_cert_verify(void **state)
assert_true(rc == 0);
assert_non_null(cert);
sign = pki_do_sign(privkey, DSA_HASH, 20);
sign = pki_do_sign(privkey, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, DSA_HASH, 20);
assert_true(rc == SSH_OK);

14
tests/unittests/torture_pki_ecdsa.c
View File

@@ -474,7 +474,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -492,7 +492,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -509,7 +509,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -527,7 +527,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -544,7 +544,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -562,7 +562,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -599,7 +599,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
assert_true(rc == 0);
assert_non_null(cert);
sign = pki_do_sign(privkey, ECDSA_HASH, 20);
sign = pki_do_sign(privkey, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);

4
tests/unittests/torture_pki_ed25519.c
View File

@@ -349,7 +349,7 @@ static void torture_pki_ed25519_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ED25519, 256, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, HASH, 20);
sign = pki_do_sign(key, HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,HASH,20);
assert_true(rc == SSH_OK);
@@ -389,7 +389,7 @@ static void torture_pki_ed25519_cert_verify(void **state)
assert_true(rc == 0);
assert_non_null(cert);
sign = pki_do_sign(privkey, HASH, 20);
sign = pki_do_sign(privkey, HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, HASH, 20);
assert_true(rc == SSH_OK);

14
tests/unittests/torture_pki_rsa.c
View File

@@ -469,7 +469,7 @@ static void torture_pki_rsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, RSA_HASH, 20);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -480,7 +480,7 @@ static void torture_pki_rsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, RSA_HASH, 20);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -491,7 +491,7 @@ static void torture_pki_rsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, RSA_HASH, 20);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -522,7 +522,7 @@ static void torture_pki_rsa_sha2(void **state)
assert_non_null(cert);
/* Sign using automatic digest */
sign = pki_do_sign_hash(key, RSA_HASH, 20, SSH_DIGEST_AUTO);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
@@ -531,7 +531,7 @@ static void torture_pki_rsa_sha2(void **state)
ssh_signature_free(sign);
/* Sign using old SHA1 digest */
sign = pki_do_sign_hash(key, RSA_HASH, 20, SSH_DIGEST_SHA1);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
@@ -540,7 +540,7 @@ static void torture_pki_rsa_sha2(void **state)
ssh_signature_free(sign);
/* Sign using new SHA256 digest */
sign = pki_do_sign_hash(key, SHA256_HASH, 32, SSH_DIGEST_SHA256);
sign = pki_do_sign(key, SHA256_HASH, 32, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, SHA256_HASH, 32);
assert_ssh_return_code(session, rc);
@@ -549,7 +549,7 @@ static void torture_pki_rsa_sha2(void **state)
ssh_signature_free(sign);
/* Sign using rsa-sha2-512 algorithm */
sign = pki_do_sign_hash(key, SHA512_HASH, 64, SSH_DIGEST_SHA512);
sign = pki_do_sign(key, SHA512_HASH, 64, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, SHA512_HASH, 64);
assert_ssh_return_code(session, rc);

6
tests/unittests/torture_threads_pki_rsa.c
View File

@@ -575,7 +575,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
assert_ssh_return_code(session, rc);
assert_non_null(key);
sign = pki_do_sign(key, RSA_HASH, 20);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
@@ -588,7 +588,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
assert_ssh_return_code(session, rc);
assert_non_null(key);
sign = pki_do_sign(key, RSA_HASH, 20);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
@@ -602,7 +602,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, RSA_HASH, 20);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);