Merge pull request #2310 from hagau/ssh_signatures_conv
Cleanup SshSignatureConverter
This commit is contained in:
Vincent Breitmoser
GitHub
@@ -195,16 +195,18 @@ public class SshAuthenticationService extends Service {
|
|||||||
byte[] sshSignature;
|
byte[] sshSignature;
|
||||||
try {
|
try {
|
||||||
switch (authSubKeyAlgorithm) {
|
switch (authSubKeyAlgorithm) {
|
||||||
case PublicKeyAlgorithmTags.ECDSA:
|
case PublicKeyAlgorithmTags.EDDSA:
|
||||||
sshSignature = SshSignatureConverter.getSshSignatureEcDsa(rawSignature, authSubKeyCurveOid);
|
sshSignature = SshSignatureConverter.getSshSignatureEdDsa(rawSignature);
|
||||||
break;
|
break;
|
||||||
case PublicKeyAlgorithmTags.RSA_SIGN:
|
case PublicKeyAlgorithmTags.RSA_SIGN:
|
||||||
case PublicKeyAlgorithmTags.RSA_GENERAL:
|
case PublicKeyAlgorithmTags.RSA_GENERAL:
|
||||||
sshSignature = SshSignatureConverter.getSshSignatureRsa(rawSignature, hashAlgorithmTag);
|
sshSignature = SshSignatureConverter.getSshSignatureRsa(rawSignature, hashAlgorithmTag);
|
||||||
break;
|
break;
|
||||||
|
case PublicKeyAlgorithmTags.ECDSA:
|
||||||
|
sshSignature = SshSignatureConverter.getSshSignatureEcDsa(rawSignature, authSubKeyCurveOid);
|
||||||
|
break;
|
||||||
case PublicKeyAlgorithmTags.DSA:
|
case PublicKeyAlgorithmTags.DSA:
|
||||||
case PublicKeyAlgorithmTags.EDDSA:
|
sshSignature = SshSignatureConverter.getSshSignatureDsa(rawSignature);
|
||||||
sshSignature = SshSignatureConverter.getSshSignature(rawSignature, authSubKeyAlgorithm);
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
throw new NoSuchAlgorithmException("Unknown algorithm");
|
throw new NoSuchAlgorithmException("Unknown algorithm");
|
||||||
|
|||||||
@@ -21,7 +21,6 @@ import org.bouncycastle.asn1.ASN1Integer;
|
|||||||
import org.bouncycastle.asn1.ASN1Primitive;
|
import org.bouncycastle.asn1.ASN1Primitive;
|
||||||
import org.bouncycastle.asn1.ASN1Sequence;
|
import org.bouncycastle.asn1.ASN1Sequence;
|
||||||
import org.bouncycastle.bcpg.HashAlgorithmTags;
|
import org.bouncycastle.bcpg.HashAlgorithmTags;
|
||||||
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
|
|
||||||
import org.bouncycastle.util.BigIntegers;
|
import org.bouncycastle.util.BigIntegers;
|
||||||
import org.sufficientlysecure.keychain.ssh.key.SshEncodedData;
|
import org.sufficientlysecure.keychain.ssh.key.SshEncodedData;
|
||||||
import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
|
import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
|
||||||
@@ -33,15 +32,17 @@ import java.security.NoSuchAlgorithmException;
|
|||||||
public class SshSignatureConverter {
|
public class SshSignatureConverter {
|
||||||
|
|
||||||
private static String getRsaSignatureFormatId(int hashAlgorithm) throws NoSuchAlgorithmException {
|
private static String getRsaSignatureFormatId(int hashAlgorithm) throws NoSuchAlgorithmException {
|
||||||
// https://tools.ietf.org/html/rfc8332
|
|
||||||
switch (hashAlgorithm) {
|
switch (hashAlgorithm) {
|
||||||
case HashAlgorithmTags.SHA512:
|
case HashAlgorithmTags.SHA512:
|
||||||
|
// https://tools.ietf.org/html/rfc8332
|
||||||
return "rsa-sha2-512";
|
return "rsa-sha2-512";
|
||||||
|
|
||||||
case HashAlgorithmTags.SHA256:
|
case HashAlgorithmTags.SHA256:
|
||||||
|
// https://tools.ietf.org/html/rfc8332
|
||||||
return "rsa-sha2-256";
|
return "rsa-sha2-256";
|
||||||
|
|
||||||
case HashAlgorithmTags.SHA1:
|
case HashAlgorithmTags.SHA1:
|
||||||
|
// https://tools.ietf.org/html/rfc4253
|
||||||
return "ssh-rsa";
|
return "ssh-rsa";
|
||||||
|
|
||||||
default:
|
default:
|
||||||
@@ -49,32 +50,6 @@ public class SshSignatureConverter {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String getSignatureFormatId(int algorithm) throws NoSuchAlgorithmException {
|
|
||||||
switch (algorithm) {
|
|
||||||
case PublicKeyAlgorithmTags.EDDSA:
|
|
||||||
return "ssh-ed25519";
|
|
||||||
|
|
||||||
case PublicKeyAlgorithmTags.DSA:
|
|
||||||
return "ssh-dss";
|
|
||||||
|
|
||||||
default:
|
|
||||||
throw new NoSuchAlgorithmException("Unknown algorithm");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] getSignatureBlob(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
|
|
||||||
switch (algorithm) {
|
|
||||||
case PublicKeyAlgorithmTags.EDDSA:
|
|
||||||
return rawSignature;
|
|
||||||
|
|
||||||
case PublicKeyAlgorithmTags.DSA:
|
|
||||||
return getDsaSignatureBlob(rawSignature);
|
|
||||||
|
|
||||||
default:
|
|
||||||
throw new NoSuchAlgorithmException("Unknown algorithm");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static byte[] getEcDsaSignatureBlob(byte[] rawSignature) {
|
private static byte[] getEcDsaSignatureBlob(byte[] rawSignature) {
|
||||||
BigInteger r = getR(rawSignature);
|
BigInteger r = getR(rawSignature);
|
||||||
BigInteger s = getS(rawSignature);
|
BigInteger s = getS(rawSignature);
|
||||||
@@ -130,10 +105,20 @@ public class SshSignatureConverter {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static byte[] getSshSignature(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
|
public static byte[] getSshSignatureEdDsa(byte[] rawSignature) {
|
||||||
SshEncodedData signature = new SshEncodedData();
|
SshEncodedData signature = new SshEncodedData();
|
||||||
signature.putString(getSignatureFormatId(algorithm));
|
// https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-ed448-00
|
||||||
signature.putString(getSignatureBlob(rawSignature, algorithm));
|
signature.putString("ssh-ed25519");
|
||||||
|
signature.putString(rawSignature);
|
||||||
|
|
||||||
|
return signature.getBytes();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static byte[] getSshSignatureDsa(byte[] rawSignature) {
|
||||||
|
SshEncodedData signature = new SshEncodedData();
|
||||||
|
// https://tools.ietf.org/html/rfc4253
|
||||||
|
signature.putString("ssh-dss");
|
||||||
|
signature.putString(getDsaSignatureBlob(rawSignature));
|
||||||
|
|
||||||
return signature.getBytes();
|
return signature.getBytes();
|
||||||
}
|
}
|
||||||
@@ -148,6 +133,7 @@ public class SshSignatureConverter {
|
|||||||
|
|
||||||
public static byte[] getSshSignatureEcDsa(byte[] rawSignature, String curveOid) throws NoSuchAlgorithmException {
|
public static byte[] getSshSignatureEcDsa(byte[] rawSignature, String curveOid) throws NoSuchAlgorithmException {
|
||||||
SshEncodedData signature = new SshEncodedData();
|
SshEncodedData signature = new SshEncodedData();
|
||||||
|
// https://tools.ietf.org/html/rfc5656
|
||||||
signature.putString("ecdsa-sha2-" + SshUtils.getCurveName(curveOid));
|
signature.putString("ecdsa-sha2-" + SshUtils.getCurveName(curveOid));
|
||||||
signature.putString(getEcDsaSignatureBlob(rawSignature));
|
signature.putString(getEcDsaSignatureBlob(rawSignature));
|
||||||
|
|
||||||
|
|||||||
@@ -242,14 +242,14 @@ public class SshSignatureConverterTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testEdDsa() throws Exception {
|
public void testEdDsa() throws Exception {
|
||||||
byte[] out = SshSignatureConverter.getSshSignature(RAW_EDDSA_SIGNATURE, PublicKeyAlgorithmTags.EDDSA);
|
byte[] out = SshSignatureConverter.getSshSignatureEdDsa(RAW_EDDSA_SIGNATURE);
|
||||||
|
|
||||||
Assert.assertArrayEquals(SSH_EDDSA_SIGNATURE, out);
|
Assert.assertArrayEquals(SSH_EDDSA_SIGNATURE, out);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDsa() throws Exception {
|
public void testDsa() throws Exception {
|
||||||
byte[] out = SshSignatureConverter.getSshSignature(RAW_DSA_SIGNATURE, PublicKeyAlgorithmTags.DSA);
|
byte[] out = SshSignatureConverter.getSshSignatureDsa(RAW_DSA_SIGNATURE);
|
||||||
|
|
||||||
Assert.assertArrayEquals(SSH_DSA_SIGNATURE, out);
|
Assert.assertArrayEquals(SSH_DSA_SIGNATURE, out);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user