Return encoded signature blob instead of a raw signature in

SshAuthenticationService
2017-11-26 00:00:00 +00:00
parent 0a72dda6fc
commit 6e5f5405a2
4 changed files with 226 additions and 38 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/signature/SshSignatureConverter.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/signature/SshSignatureConverter.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2017 Christian Hagau <ach@hagau.se>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ssh.signature;
+
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.util.BigIntegers;
+import org.sufficientlysecure.keychain.ssh.key.SshEncodedData;
+import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+
+public class SshSignatureConverter {
+
+    private static String getSignatureType(int algorithm) throws NoSuchAlgorithmException {
+        switch (algorithm) {
+            case PublicKeyAlgorithmTags.RSA_SIGN:
+            case PublicKeyAlgorithmTags.RSA_GENERAL:
+                return "ssh-rsa";
+
+            case PublicKeyAlgorithmTags.EDDSA:
+                return "ssh-ed25519";
+
+            case PublicKeyAlgorithmTags.DSA:
+                return "ssh-dss";
+
+            default:
+                throw new NoSuchAlgorithmException("Unknown algorithm");
+        }
+    }
+
+    private static byte[] getSignatureBlob(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
+        switch (algorithm) {
+            case PublicKeyAlgorithmTags.RSA_SIGN:
+            case PublicKeyAlgorithmTags.RSA_GENERAL:
+                return rawSignature;
+
+            case PublicKeyAlgorithmTags.EDDSA:
+                return rawSignature;
+
+            case PublicKeyAlgorithmTags.DSA:
+                return getDsaSignatureBlob(rawSignature);
+
+            default:
+                throw new NoSuchAlgorithmException("Unknown algorithm");
+        }
+    }
+
+    private static byte[] getEcDsaSignatureBlob(byte[] rawSignature) {
+        BigInteger r = getR(rawSignature);
+        BigInteger s = getS(rawSignature);
+
+        SshEncodedData rsBlob = new SshEncodedData();
+        rsBlob.putMPInt(r);
+        rsBlob.putMPInt(s);
+
+        return rsBlob.getBytes();
+    }
+
+    private static BigInteger getR(byte[] rawSignature) {
+        ASN1Sequence asn1Sequence = getASN1Sequence(rawSignature);
+        return ASN1Integer.getInstance(asn1Sequence.getObjectAt(0)).getValue();
+    }
+
+    private static BigInteger getS(byte[] rawSignature) {
+        ASN1Sequence asn1Sequence = getASN1Sequence(rawSignature);
+        return ASN1Integer.getInstance(asn1Sequence.getObjectAt(1)).getValue();
+    }
+
+    private static ASN1Sequence getASN1Sequence(byte[] rawSignature) {
+        try {
+            return (ASN1Sequence) ASN1Primitive.fromByteArray(rawSignature);
+        } catch (IOException e) {
+            throw new IllegalArgumentException("Could not read ASN.1 object", e);
+        }
+    }
+
+    private static byte[] getDsaSignatureBlob(byte[] rawSignature) {
+        BigInteger r = getR(rawSignature);
+        BigInteger s = getS(rawSignature);
+
+        byte[] rByte = BigIntegers.asUnsignedByteArray(r);
+        byte[] sByte = BigIntegers.asUnsignedByteArray(s);
+
+        int integerLength = getDsaSignatureLength(rByte.length > sByte.length ? rByte.length : sByte.length);
+        int rPaddingLength = integerLength - rByte.length;
+        int sPaddingLength = integerLength - sByte.length;
+
+        byte[] rsBlob = new byte[2 * integerLength];
+        System.arraycopy(rByte, 0, rsBlob, rPaddingLength, rByte.length);
+        System.arraycopy(sByte, 0, rsBlob, integerLength + sPaddingLength, sByte.length);
+
+        return rsBlob;
+    }
+
+    private static int getDsaSignatureLength(int inLength) {
+        if (inLength <= 20) {
+            return 20;
+        } else {
+            return 32;
+        }
+    }
+
+    public static byte[] getSshSignature(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
+        SshEncodedData signature = new SshEncodedData();
+        signature.putString(getSignatureType(algorithm));
+        signature.putString(getSignatureBlob(rawSignature, algorithm));
+
+        return signature.getBytes();
+    }
+
+    public static byte[] getSshSignatureEcDsa(byte[] rawSignature, String curveOid) {
+        SshEncodedData signature = new SshEncodedData();
+        signature.putString("ecdsa-sha2-" + SshUtils.getCurveName(curveOid));
+        signature.putString(getEcDsaSignatureBlob(rawSignature));
+
+        return signature.getBytes();
+    }
+}
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/utils/SshUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/utils/SshUtils.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2017 Christian Hagau <ach@hagau.se>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ssh.utils;
+
+public class SshUtils {
+
+    public static String getCurveName(String curveOid) {
+        // see RFC5656 section 10.{1,2}
+        switch (curveOid) {
+            // REQUIRED curves
+            case "1.2.840.10045.3.1.7":
+                return "nistp256";
+            case "1.3.132.0.34":
+                return "nistp384";
+            case "1.3.132.0.35":
+                return "nistp521";
+
+            // RECOMMENDED curves
+            case "1.3.132.0.1":
+                return     "1.3.132.0.1";
+            case "1.2.840.10045.3.1.1":
+                return  "1.2.840.10045.3.1.1";
+            case "1.3.132.0.33":
+                return     "1.3.132.0.33";
+            case "1.3.132.0.26":
+                return     "1.3.132.0.26";
+            case "1.3.132.0.27":
+                return     "1.3.132.0.27";
+            case "1.3.132.0.16":
+                return     "1.3.132.0.16";
+            case "1.3.132.0.36":
+                return     "1.3.132.0.36";
+            case "1.3.132.0.37":
+                return     "1.3.132.0.37";
+            case "1.3.132.0.38":
+                return     "1.3.132.0.38";
+
+            default:
+                return null;
+        }
+    }
+}