cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle EdDSA & DSA SSH signatures separately in SshSignatureConverter

Browse Source
This commit is contained in:
Christian Hagau
2018-04-27 00:00:00 +00:00
parent ff6c4d50e3
commit ba03969f7c
3 changed files with 19 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/SshAuthenticationService.java
View File

@@ -195,16 +195,18 @@ public class SshAuthenticationService extends Service {
byte[] sshSignature;
try {
switch (authSubKeyAlgorithm) {
case PublicKeyAlgorithmTags.ECDSA:
sshSignature = SshSignatureConverter.getSshSignatureEcDsa(rawSignature, authSubKeyCurveOid);
case PublicKeyAlgorithmTags.EDDSA:
sshSignature = SshSignatureConverter.getSshSignatureEdDsa(rawSignature);
break;
case PublicKeyAlgorithmTags.RSA_SIGN:
case PublicKeyAlgorithmTags.RSA_GENERAL:
sshSignature = SshSignatureConverter.getSshSignatureRsa(rawSignature, hashAlgorithmTag);
break;
case PublicKeyAlgorithmTags.ECDSA:
sshSignature = SshSignatureConverter.getSshSignatureEcDsa(rawSignature, authSubKeyCurveOid);
break;
case PublicKeyAlgorithmTags.DSA:
case PublicKeyAlgorithmTags.EDDSA:
sshSignature = SshSignatureConverter.getSshSignature(rawSignature, authSubKeyAlgorithm);
sshSignature = SshSignatureConverter.getSshSignatureDsa(rawSignature);
break;
default:
throw new NoSuchAlgorithmException("Unknown algorithm");

41
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/signature/SshSignatureConverter.java
View File

@@ -21,7 +21,6 @@ import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.util.BigIntegers;
import org.sufficientlysecure.keychain.ssh.key.SshEncodedData;
import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
@@ -49,32 +48,6 @@ public class SshSignatureConverter {
}
}
private static String getSignatureFormatId(int algorithm) throws NoSuchAlgorithmException {
switch (algorithm) {
case PublicKeyAlgorithmTags.EDDSA:
return "ssh-ed25519";
case PublicKeyAlgorithmTags.DSA:
return "ssh-dss";
default:
throw new NoSuchAlgorithmException("Unknown algorithm");
}
}
private static byte[] getSignatureBlob(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
switch (algorithm) {
case PublicKeyAlgorithmTags.EDDSA:
return rawSignature;
case PublicKeyAlgorithmTags.DSA:
return getDsaSignatureBlob(rawSignature);
default:
throw new NoSuchAlgorithmException("Unknown algorithm");
}
}
private static byte[] getEcDsaSignatureBlob(byte[] rawSignature) {
BigInteger r = getR(rawSignature);
BigInteger s = getS(rawSignature);
@@ -130,10 +103,18 @@ public class SshSignatureConverter {
}
}
public static byte[] getSshSignature(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
public static byte[] getSshSignatureEdDsa(byte[] rawSignature) {
SshEncodedData signature = new SshEncodedData();
signature.putString(getSignatureFormatId(algorithm));
signature.putString(getSignatureBlob(rawSignature, algorithm));
signature.putString("ssh-ed25519");
signature.putString(rawSignature);
return signature.getBytes();
}
public static byte[] getSshSignatureDsa(byte[] rawSignature) {
SshEncodedData signature = new SshEncodedData();
signature.putString("ssh-dss");
signature.putString(getDsaSignatureBlob(rawSignature));
return signature.getBytes();
}

4
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/ssh/signature/SshSignatureConverterTest.java
View File

@@ -242,14 +242,14 @@ public class SshSignatureConverterTest {
@Test
public void testEdDsa() throws Exception {
byte[] out = SshSignatureConverter.getSshSignature(RAW_EDDSA_SIGNATURE, PublicKeyAlgorithmTags.EDDSA);
byte[] out = SshSignatureConverter.getSshSignatureEdDsa(RAW_EDDSA_SIGNATURE);
Assert.assertArrayEquals(SSH_EDDSA_SIGNATURE, out);
}
@Test
public void testDsa() throws Exception {
byte[] out = SshSignatureConverter.getSshSignature(RAW_DSA_SIGNATURE, PublicKeyAlgorithmTags.DSA);
byte[] out = SshSignatureConverter.getSshSignatureDsa(RAW_DSA_SIGNATURE);
Assert.assertArrayEquals(SSH_DSA_SIGNATURE, out);
}