From ab9921ee6ac413513d7c789b1336498aa89658ae Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Thu, 22 Aug 2019 17:57:49 +0200 Subject: [PATCH] pki_mbedcrypto: Do not treat Ed25519 as a special case Generate and verify Ed25519 signatures along with the other signature types. Signed-off-by: Anderson Toshiyuki Sasaki Reviewed-by: Jakub Jelen (cherry picked from commit 97adbfe0877e19253769d02edb5d673d21a4eb14) --- src/pki_mbedcrypto.c | 46 +++++++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 57a6a4e0..a1ae573e 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -1047,16 +1047,7 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const return SSH_ERROR; } - /* For ed25519 keys, verify using the input directly */ - if (key->type == SSH_KEYTYPE_ED25519 || - key->type == SSH_KEYTYPE_ED25519_CERT01) - { - rc = pki_ed25519_verify(key, sig, input, input_len); - } else { - /* For the other key types, calculate the hash and verify the signature */ - rc = pki_verify_data_signature(sig, key, input, input_len); - } - + rc = pki_verify_data_signature(sig, key, input, input_len); if (rc != SSH_OK){ ssh_set_error(session, SSH_FATAL, @@ -1214,6 +1205,7 @@ ssh_signature pki_sign_data(const ssh_key privkey, size_t input_len) { unsigned char hash[SHA512_DIGEST_LEN] = {0}; + const unsigned char *sign_input = NULL; uint32_t hlen = 0; int rc; @@ -1233,27 +1225,38 @@ ssh_signature pki_sign_data(const ssh_key privkey, case SSH_DIGEST_SHA256: sha256(input, input_len, hash); hlen = SHA256_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_SHA384: sha384(input, input_len, hash); hlen = SHA384_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_SHA512: sha512(input, input_len, hash); hlen = SHA512_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_SHA1: sha1(input, input_len, hash); hlen = SHA_DIGEST_LEN; + sign_input = hash; break; case SSH_DIGEST_AUTO: + if (privkey->type == SSH_KEYTYPE_ED25519) { + /* SSH_DIGEST_AUTO should only be used with ed25519 */ + sign_input = input; + hlen = input_len; + break; + } + FALL_THROUGH; default: SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d", hash_type); return NULL; } - return pki_do_sign_hash(privkey, hash, hlen, hash_type); + return pki_do_sign_hash(privkey, sign_input, hlen, hash_type); } /** @@ -1276,6 +1279,7 @@ int pki_verify_data_signature(ssh_signature signature, { unsigned char hash[SHA512_DIGEST_LEN] = {0}; + const unsigned char *verify_input = NULL; uint32_t hlen = 0; mbedtls_md_type_t md = 0; @@ -1301,23 +1305,35 @@ int pki_verify_data_signature(ssh_signature signature, sha256(input, input_len, hash); hlen = SHA256_DIGEST_LEN; md = MBEDTLS_MD_SHA256; + verify_input = hash; break; case SSH_DIGEST_SHA384: sha384(input, input_len, hash); hlen = SHA384_DIGEST_LEN; md = MBEDTLS_MD_SHA384; + verify_input = hash; break; case SSH_DIGEST_SHA512: sha512(input, input_len, hash); hlen = SHA512_DIGEST_LEN; md = MBEDTLS_MD_SHA512; + verify_input = hash; break; case SSH_DIGEST_SHA1: sha1(input, input_len, hash); hlen = SHA_DIGEST_LEN; md = MBEDTLS_MD_SHA1; + verify_input = hash; break; case SSH_DIGEST_AUTO: + if (pubkey->type == SSH_KEYTYPE_ED25519 || + pubkey->type == SSH_KEYTYPE_ED25519_CERT01) + { + verify_input = input; + hlen = input_len; + break; + } + FALL_THROUGH; default: SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", signature->hash_type); @@ -1354,6 +1370,14 @@ int pki_verify_data_signature(ssh_signature signature, } break; + case SSH_KEYTYPE_ED25519: + case SSH_KEYTYPE_ED25519_CERT01: + rc = pki_ed25519_verify(pubkey, signature, verify_input, hlen); + if (rc != SSH_OK) { + SSH_LOG(SSH_LOG_TRACE, "ED25519 error: Signature invalid"); + return SSH_ERROR; + } + break; default: SSH_LOG(SSH_LOG_TRACE, "Unknown public key type"); return SSH_ERROR;