shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 10:26:47 +09:00
Code Issues Packages Projects Releases Wiki Activity

auth, pki: Calculate hash internally when signing/verifying

Browse Source 
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash.  The hash is then
calculated internally.

The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.

Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().

The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-04-29 16:29:16 +02:00
committed by Andreas Schneider
parent 58b3b2696c
commit 76f9808eb2
13 changed files with 264 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/unittests/torture_pki_ecdsa.c
View File

@@ -474,7 +474,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -492,7 +492,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -509,7 +509,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -527,7 +527,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -544,7 +544,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -562,7 +562,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -599,7 +599,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
assert_true(rc == 0);
assert_non_null(cert);
sign = pki_do_sign(privkey, ECDSA_HASH, 20);
sign = pki_do_sign(privkey, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);