shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 10:27:22 +09:00
Code Issues Packages Projects Releases Wiki Activity

libssh: deprecate SSH_KEYTYPE_ECDSA

Browse Source 
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Ben Toews
2019-03-12 10:25:49 -06:00
committed by Andreas Schneider
parent 78f764b7c9
commit b1f3cfec34
29 changed files with 546 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/auth.c
View File

@@ -515,26 +515,13 @@ int ssh_userauth_try_publickey(ssh_session session,
return SSH_ERROR;
}
switch (pubkey->type) {
case SSH_KEYTYPE_UNKNOWN:
ssh_set_error(session,
SSH_REQUEST_DENIED,
/* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
break;
}
/* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by"
@@ -651,26 +638,13 @@ int ssh_userauth_publickey(ssh_session session,
/* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
switch (key_type) {
case SSH_KEYTYPE_UNKNOWN:
ssh_set_error(session,
SSH_REQUEST_DENIED,
/* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(privkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
break;
}
/* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by"
@@ -777,9 +751,14 @@ static int ssh_userauth_agent_publickey(ssh_session session,
if (rc < 0) {
goto fail;
}
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
/* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
}
if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by"

2
src/bind.c
View File

@@ -176,7 +176,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
return SSH_ERROR;
}
if (ssh_key_type(sshbind->ecdsa) != SSH_KEYTYPE_ECDSA) {
if (!is_ecdsa_key_type(ssh_key_type(sshbind->ecdsa))) {
ssh_set_error(sshbind, SSH_FATAL,
"The ECDSA host key has the wrong type");
ssh_key_free(sshbind->ecdsa);

8
src/known_hosts.c
View File

@@ -373,13 +373,7 @@ int ssh_is_server_known(ssh_session session) {
}
if (match) {
ssh_key pubkey = ssh_dh_get_current_server_publickey(session);
const char *pubkey_type = NULL;
if (ssh_key_type(pubkey) == SSH_KEYTYPE_ECDSA) {
pubkey_type = ssh_pki_key_ecdsa_name(pubkey);
} else {
pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
}
const char *pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
/* We got a match. Now check the key type */
if (strcmp(pubkey_type, type) != 0) {

8
src/options.c
View File

@@ -1653,7 +1653,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
"without DSA support");
#endif
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa;
bind_key_path_loc = &sshbind->ecdsakey;
@@ -1715,7 +1717,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
"without DSA support");
#endif
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa;
#else

76
src/pki.c
View File

@@ -74,7 +74,10 @@ enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) {
}
if (strncmp(privkey, ECDSA_HEADER_BEGIN, strlen(ECDSA_HEADER_BEGIN)) == 0) {
return SSH_KEYTYPE_ECDSA;
/* We don't know what the curve is at this point, so we don't actually
* know the type. We figure out the actual curve and fix things up in
* pki_private_key_from_base64 */
return SSH_KEYTYPE_ECDSA_P256;
}
return SSH_KEYTYPE_UNKNOWN;
@@ -185,8 +188,9 @@ void ssh_key_free (ssh_key key){
* @brief returns the type of a ssh key
* @param[in] key the ssh_key handle
* @returns one of SSH_KEYTYPE_RSA, SSH_KEYTYPE_DSS,
* SSH_KEYTYPE_ECDSA, SSH_KEYTYPE_ED25519,
* SSH_KEYTYPE_DSS_CERT01, SSH_KEYTYPE_RSA_CERT01
* SSH_KEYTYPE_ECDSA_P256, SSH_KEYTYPE_ECDSA_P384,
* SSH_KEYTYPE_ECDSA_P521, SSH_KEYTYPE_ED25519, SSH_KEYTYPE_DSS_CERT01,
* or SSH_KEYTYPE_RSA_CERT01.
* @returns SSH_KEYTYPE_UNKNOWN if the type is unknown
*/
enum ssh_keytypes_e ssh_key_type(const ssh_key key){
@@ -241,7 +245,13 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
case SSH_KEYTYPE_RSA:
return "ssh-rsa";
case SSH_KEYTYPE_ECDSA:
return "ssh-ecdsa";
return "ssh-ecdsa"; /* deprecated. invalid value */
case SSH_KEYTYPE_ECDSA_P256:
return "ecdsa-sha2-nistp256";
case SSH_KEYTYPE_ECDSA_P384:
return "ecdsa-sha2-nistp384";
case SSH_KEYTYPE_ECDSA_P521:
return "ecdsa-sha2-nistp521";
case SSH_KEYTYPE_ED25519:
return "ssh-ed25519";
case SSH_KEYTYPE_DSS_CERT01:
@@ -398,10 +408,12 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) {
return SSH_KEYTYPE_DSS;
} else if (strcmp(name, "ssh-ecdsa") == 0
|| strcmp(name, "ecdsa") == 0
|| strcmp(name, "ecdsa-sha2-nistp256") == 0
|| strcmp(name, "ecdsa-sha2-nistp384") == 0
|| strcmp(name, "ecdsa-sha2-nistp521") == 0) {
return SSH_KEYTYPE_ECDSA;
|| strcmp(name, "ecdsa-sha2-nistp256") == 0) {
return SSH_KEYTYPE_ECDSA_P256;
} else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
return SSH_KEYTYPE_ECDSA_P384;
} else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
return SSH_KEYTYPE_ECDSA_P521;
} else if (strcmp(name, "ssh-ed25519") == 0){
return SSH_KEYTYPE_ED25519;
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
@@ -517,7 +529,9 @@ void ssh_signature_free(ssh_signature sig)
SAFE_FREE(sig->rsa_sig);
#endif
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
gcry_sexp_release(sig->ecdsa_sig);
#elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC)
@@ -533,6 +547,7 @@ void ssh_signature_free(ssh_signature sig)
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
break;
}
@@ -973,7 +988,9 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
{
ssh_string e = NULL;
ssh_string exp = NULL;
@@ -1001,9 +1018,6 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key");
goto fail;
}
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
}
break;
#endif
@@ -1120,7 +1134,10 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA: /* deprecated */
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
{
ssh_string e = NULL;
ssh_string i = NULL;
@@ -1147,7 +1164,9 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
}
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
if (type == SSH_KEYTYPE_ECDSA) {
key->type_c = ssh_pki_key_ecdsa_name(key);
}
}
break;
#endif
@@ -1539,7 +1558,6 @@ int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
* @param[in] parameter Parameter to the creation of key:
* rsa : length of the key in bits (e.g. 1024, 2048, 4096)
* dsa : length of the key in bits (e.g. 1024, 2048, 3072)
* ecdsa : bits of the key (e.g. 256, 384, 521)
* @param[out] pkey A pointer to store the allocated private key. You need
* to free the memory.
*
@@ -1572,7 +1590,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
goto error;
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA: /* deprecated */
rc = pki_key_generate_ecdsa(key, parameter);
if (rc == SSH_ERROR) {
goto error;
@@ -1581,6 +1599,24 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
break;
case SSH_KEYTYPE_ECDSA_P256:
rc = pki_key_generate_ecdsa(key, 256);
if (rc == SSH_ERROR) {
goto error;
}
break;
case SSH_KEYTYPE_ECDSA_P384:
rc = pki_key_generate_ecdsa(key, 384);
if (rc == SSH_ERROR) {
goto error;
}
break;
case SSH_KEYTYPE_ECDSA_P521:
rc = pki_key_generate_ecdsa(key, 521);
if (rc == SSH_ERROR) {
goto error;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
rc = pki_key_generate_ed25519(key);
@@ -1939,7 +1975,7 @@ int ssh_pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
if (key->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(key->type)) {
#if HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;
@@ -2028,7 +2064,7 @@ ssh_string ssh_pki_do_sign(ssh_session session,
}
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
if (privkey->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(privkey->type)) {
#ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;
@@ -2211,7 +2247,7 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
return NULL;
}
if (privkey->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(privkey->type)) {
#ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;

116
src/pki_crypto.c
View File

@@ -92,6 +92,24 @@ static int pki_key_ecdsa_to_nid(EC_KEY *k)
return -1;
}
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EC_KEY *k)
{
static int nid;
nid = pki_key_ecdsa_to_nid(k);
switch (nid) {
case NID_X9_62_prime256v1:
return SSH_KEYTYPE_ECDSA_P256;
case NID_secp384r1:
return SSH_KEYTYPE_ECDSA_P384;
case NID_secp521r1:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
const char *pki_key_ecdsa_nid_to_name(int nid)
{
switch (nid) {
@@ -451,7 +469,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
new->ecdsa_nid = key->ecdsa_nid;
@@ -551,26 +571,24 @@ int pki_key_generate_dss(ssh_key key, int parameter){
#ifdef HAVE_OPENSSL_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
int ok;
switch (parameter) {
case 384:
nid = NID_secp384r1;
key->ecdsa_nid = NID_secp384r1;
key->type = SSH_KEYTYPE_ECDSA_P384;
break;
case 521:
nid = NID_secp521r1;
key->ecdsa_nid = NID_secp521r1;
key->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 256:
default:
nid = NID_X9_62_prime256v1;
key->ecdsa_nid = NID_X9_62_prime256v1;
key->type = SSH_KEYTYPE_ECDSA_P256;
}
key->ecdsa_nid = nid;
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
if (key->ecdsa == NULL) {
return SSH_ERROR;
}
@@ -650,7 +668,9 @@ int pki_key_compare(const ssh_key k1,
}
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
{
const EC_POINT *p1 = EC_KEY_get0_public_key(k1->ecdsa);
@@ -756,7 +776,9 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
@@ -818,7 +840,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
DSA *dsa = NULL;
RSA *rsa = NULL;
ed25519_privkey *ed25519 = NULL;
ssh_key key;
ssh_key key = NULL;
enum ssh_keytypes_e type;
#ifdef HAVE_OPENSSL_ECC
EC_KEY *ecdsa = NULL;
@@ -884,7 +906,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
if (passphrase == NULL) {
if (auth_fn) {
@@ -908,12 +932,21 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
return NULL;
}
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libcrypto */
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type);
@@ -933,9 +966,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->ecdsa = ecdsa;
key->ed25519_privkey = ed25519;
#ifdef HAVE_OPENSSL_ECC
if (key->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(key->type)) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
#endif
@@ -1237,27 +1269,10 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
rc = ssh_buffer_reinit(buffer);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
@@ -1461,7 +1476,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA1:
sig_blob = ssh_string_copy(sig->rsa_sig);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
{
ssh_string r;
@@ -1614,8 +1631,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
len = ssh_string_len(sig_blob);
@@ -1688,9 +1705,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
if (sig == NULL) {
return NULL;
}
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_SIG_new();
if (sig->ecdsa_sig == NULL) {
@@ -1874,7 +1892,9 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
rc = ECDSA_do_verify(hash,
hlen,
@@ -1919,8 +1939,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) {
case SSH_KEYTYPE_DSS:
@@ -1942,7 +1962,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
@@ -1950,7 +1969,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
sig->dsa_sig = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, privkey->ecdsa);
if (sig->ecdsa_sig == NULL) {
@@ -2005,7 +2026,7 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
sig->type = key->type;
sig->type_c = key->type_c;
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch(key->type) {
case SSH_KEYTYPE_DSS:
@@ -2017,14 +2038,15 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa);
if (sig->ecdsa_sig == NULL) {

107
src/pki_gcrypt.c
View File

@@ -427,7 +427,9 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
header_begin = RSA_HEADER_BEGIN;
header_end = RSA_HEADER_END;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
header_begin = ECDSA_HEADER_BEGIN;
header_end = ECDSA_HEADER_END;
break;
@@ -737,6 +739,24 @@ static int pki_key_ecdsa_to_nid(gcry_sexp_t k)
return -1;
}
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(gcry_sexp_t k)
{
static int nid;
nid = pki_key_ecdsa_to_nid(k);
switch (nid) {
case NID_gcrypt_nistp256:
return SSH_KEYTYPE_ECDSA_P256;
case NID_gcrypt_nistp384:
return SSH_KEYTYPE_ECDSA_P384;
case NID_gcrypt_nistp521:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
static const char *pki_key_ecdsa_nid_to_gcrypt_name(int nid)
{
switch (nid) {
@@ -843,7 +863,7 @@ static int b64decode_ecdsa_privatekey(const char *pkey, gcry_sexp_t *r,
int ok;
buffer = privatekey_string_to_buffer(pkey,
SSH_KEYTYPE_ECDSA,
SSH_KEYTYPE_ECDSA_P256,
cb,
userdata,
desc);
@@ -978,7 +998,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#if HAVE_GCRYPT_ECC
if (passphrase == NULL) {
if (auth_fn != NULL) {
@@ -1006,6 +1028,14 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
SSH_LOG(SSH_LOG_WARN, "Parsing private key");
goto fail;
}
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
@@ -1029,9 +1059,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->rsa = rsa;
key->ecdsa = ecdsa;
#ifdef HAVE_GCRYPT_ECC
if (key->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(key->type)) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
#endif
@@ -1256,7 +1285,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
new->ecdsa_nid = key->ecdsa_nid;
@@ -1336,7 +1367,9 @@ static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int
case SSH_KEYTYPE_DSS:
rc = gcry_pk_genkey(&key->dsa, parms);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
rc = gcry_pk_genkey(&key->ecdsa, parms);
break;
default:
@@ -1357,22 +1390,24 @@ int pki_key_generate_dss(ssh_key key, int parameter){
#ifdef HAVE_GCRYPT_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
switch (parameter) {
case 384:
nid = NID_gcrypt_nistp384;
break;
key->ecdsa_nid = NID_gcrypt_nistp384;
key->type = SSH_KEYTYPE_ECDSA_P384;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P384);
case 521:
nid = NID_gcrypt_nistp521;
break;
key->ecdsa_nid = NID_gcrypt_nistp521;
key->type = SSH_KEYTYPE_ECDSA_P521;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P521);
case 256:
default:
nid = NID_gcrypt_nistp256;
key->ecdsa_nid = NID_gcrypt_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P256);
}
key->ecdsa_nid = nid;
return pki_key_generate(key, parameter, "ecdsa", SSH_KEYTYPE_ECDSA);
}
#endif
@@ -1471,7 +1506,9 @@ int pki_key_compare(const ssh_key k1,
case SSH_KEYTYPE_ED25519:
/* ed25519 keys handled globaly */
return 0;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
if (k1->ecdsa_nid != k2->ecdsa_nid) {
return 1;
@@ -1488,6 +1525,7 @@ int pki_key_compare(const ssh_key k1,
#endif
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN:
return 1;
@@ -1634,7 +1672,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
type_s = ssh_string_from_char(
pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
@@ -1788,7 +1828,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ED25519:
sig_blob = pki_ed25519_sig_to_blob(sig);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
{
ssh_string R;
@@ -1877,8 +1919,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
len = ssh_string_len(sig_blob);
@@ -1944,7 +1986,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_signature_free(sig);
return NULL;
}
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_sig_from_blob(sig, sig_blob);
@@ -1953,7 +1994,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
{ /* build ecdsa siganature */
ssh_buffer b;
@@ -2138,7 +2181,9 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,
@@ -2198,8 +2243,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return NULL;
}
sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch (privkey->type) {
case SSH_KEYTYPE_DSS:
/* That is to mark the number as positive */
@@ -2224,7 +2269,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
break;
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
switch (hash_type) {
case SSH_DIGEST_SHA1:
case SSH_DIGEST_AUTO:
@@ -2265,7 +2309,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,
@@ -2319,7 +2365,7 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
sig->type = key->type;
sig->type_c = key->type_c;
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch(key->type) {
case SSH_KEYTYPE_DSS:
@@ -2344,7 +2390,6 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
break;
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch (hash_type) {
case SSH_DIGEST_SHA1:
hash_c = "sha1";
@@ -2378,7 +2423,9 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
break;
case SSH_KEYTYPE_ED25519:
/* ED25519 handled in caller */
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,

122
src/pki_mbedcrypto.c
View File

@@ -61,6 +61,24 @@ static int pki_key_ecdsa_to_nid(mbedtls_ecdsa_context *ecdsa)
return -1;
}
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(mbedtls_ecdsa_context *ecdsa)
{
static int nid;
nid = pki_key_ecdsa_to_nid(ecdsa);
switch (nid) {
case NID_mbedtls_nistp256:
return SSH_KEYTYPE_ECDSA_P256;
case NID_mbedtls_nistp384:
return SSH_KEYTYPE_ECDSA_P384;
case NID_mbedtls_nistp521:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
ssh_auth_callback auth_fn, void *auth_data)
{
@@ -121,7 +139,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
ecdsa = malloc(sizeof(mbedtls_pk_context));
if (ecdsa == NULL) {
return NULL;
@@ -173,10 +193,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
goto fail;
}
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
if (ecdsa != NULL) {
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*ecdsa);
@@ -189,16 +205,27 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
mbedtls_ecdsa_from_keypair(key->ecdsa, keypair);
mbedtls_pk_free(ecdsa);
SAFE_FREE(ecdsa);
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(key->ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
} else {
key->ecdsa = NULL;
}
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
key->ed25519_privkey = ed25519;
rsa = NULL;
ecdsa = NULL;
if (key->type == SSH_KEYTYPE_ECDSA) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
return key;
fail:
@@ -401,7 +428,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
new->ecdsa_nid = key->ecdsa_nid;
new->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
@@ -511,7 +540,9 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
}
break;
}
case SSH_KEYTYPE_ECDSA: {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa;
mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa;
@@ -678,27 +709,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
break;
}
case SSH_KEYTYPE_ECDSA:
rc = ssh_buffer_reinit(buffer);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) {
@@ -773,7 +786,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA:
sig_blob = ssh_string_copy(sig->rsa_sig);
break;
case SSH_KEYTYPE_ECDSA: {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
ssh_string r;
ssh_string s;
ssh_buffer b;
@@ -911,8 +926,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
switch(type) {
case SSH_KEYTYPE_RSA:
@@ -920,9 +935,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
if (sig == NULL) {
return NULL;
}
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ECDSA: {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
ssh_buffer b;
ssh_string r;
ssh_string s;
@@ -1050,7 +1066,9 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
rc = mbedtls_ecdsa_verify(&key->ecdsa->grp, hash, hlen,
&key->ecdsa->Q, sig->ecdsa_sig.r, sig->ecdsa_sig.s);
if (rc != 0) {
@@ -1157,19 +1175,20 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) {
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = rsa_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
sig->ecdsa_sig.r = bignum_new();
if (sig->ecdsa_sig.r == NULL) {
return NULL;
@@ -1231,18 +1250,19 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
sig->type = key->type;
sig->type_c = key->type_c;
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch (key->type) {
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = rsa_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
sig->ecdsa_sig.r = bignum_new();
if (sig->ecdsa_sig.r == NULL) {
return NULL;
@@ -1452,26 +1472,24 @@ fail:
int pki_key_generate_ecdsa(ssh_key key, int parameter)
{
int nid;
int ok;
switch (parameter) {
case 384:
nid = NID_mbedtls_nistp384;
key->ecdsa_nid = NID_mbedtls_nistp384;
key->type = SSH_KEYTYPE_ECDSA_P384;
break;
case 521:
nid = NID_mbedtls_nistp521;
key->ecdsa_nid = NID_mbedtls_nistp521;
key->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 256:
default:
nid = NID_mbedtls_nistp256;
key->ecdsa_nid = NID_mbedtls_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
key->ecdsa_nid = nid;
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
if (key->ecdsa == NULL) {
return SSH_ERROR;
@@ -1480,7 +1498,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter)
mbedtls_ecdsa_init(key->ecdsa);
ok = mbedtls_ecdsa_genkey(key->ecdsa,
pki_key_ecdsa_nid_to_mbed_gid(nid),
pki_key_ecdsa_nid_to_mbed_gid(key->ecdsa_nid),
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());

4
src/server.c
View File

@@ -242,7 +242,9 @@ int ssh_get_key_params(ssh_session session, ssh_key *privkey){
case SSH_KEYTYPE_RSA:
*privkey = session->srv.rsa_key;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
*privkey = session->srv.ecdsa_key;
break;
case SSH_KEYTYPE_ED25519: