Return encoded signature blob instead of a raw signature in

SshAuthenticationService
2017-11-26 00:00:00 +00:00 · 2017-11-26 00:00:00 +00:00 · 6e5f5405a2
parent 0a72dda6fc
commit 6e5f5405a2
4 changed files with 226 additions and 38 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SshPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SshPublicKey.java
@ -27,6 +27,7 @@ import org.sufficientlysecure.keychain.ssh.key.SshDSAPublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshECDSAPublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshEd25519PublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshRSAPublicKey;
+import org.sufficientlysecure.keychain.ssh.utils.SshUtils;

 public class SshPublicKey {
    private final static String TAG = "SshPublicKey";
@ -66,48 +67,13 @@ public class SshPublicKey {
    private String encodeECKey(PGPPublicKey publicKey) {
        ECPublicBCPGKey publicBCPGKey = (ECPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();

-        String curveName = getCurveName(publicBCPGKey);
+        String curveName = SshUtils.getCurveName(mPublicKey.getCurveOid());
        SshECDSAPublicKey sshECDSAPublicKey = new SshECDSAPublicKey(curveName, publicBCPGKey.getEncodedPoint());

        return sshECDSAPublicKey.getPublicKeyBlob();
    }

-    private String getCurveName(ECPublicBCPGKey publicBCPGKey) {
-        String curveOid = publicBCPGKey.getCurveOID().getId();
-        // see RFC5656 section 10.{1,2}
-        switch (curveOid) {
-            // REQUIRED curves
-            case "1.2.840.10045.3.1.7":
-                return "nistp256";
-            case "1.3.132.0.34":
-                return "nistp384";
-            case "1.3.132.0.35":
-                return "nistp521";

-            // RECOMMENDED curves
-            case "1.3.132.0.1":
-                return     "1.3.132.0.1";
-            case "1.2.840.10045.3.1.1":
-                return  "1.2.840.10045.3.1.1";
-            case "1.3.132.0.33":
-                return     "1.3.132.0.33";
-            case "1.3.132.0.26":
-                return     "1.3.132.0.26";
-            case "1.3.132.0.27":
-                return     "1.3.132.0.27";
-            case "1.3.132.0.16":
-                return     "1.3.132.0.16";
-            case "1.3.132.0.36":
-                return     "1.3.132.0.36";
-            case "1.3.132.0.37":
-                return     "1.3.132.0.37";
-            case "1.3.132.0.38":
-                return     "1.3.132.0.38";
-
-            default:
-                return null;
-        }
-    }

    private String encodeEdDSAKey(PGPPublicKey publicKey) {
        EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/SshAuthenticationService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/SshAuthenticationService.java
@ -23,6 +23,7 @@ import android.content.Intent;
 import android.os.IBinder;
 import android.util.Log;
 import org.bouncycastle.bcpg.HashAlgorithmTags;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
 import org.openintents.ssh.authentication.ISshAuthenticationService;
 import org.openintents.ssh.authentication.SshAuthenticationApi;
 import org.openintents.ssh.authentication.SshAuthenticationApiError;
@ -46,10 +47,14 @@ import org.sufficientlysecure.keychain.ssh.AuthenticationData;
 import org.sufficientlysecure.keychain.ssh.AuthenticationOperation;
 import org.sufficientlysecure.keychain.ssh.AuthenticationParcel;
 import org.sufficientlysecure.keychain.ssh.AuthenticationResult;
+import org.sufficientlysecure.keychain.ssh.signature.SshSignatureConverter;

 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
-import java.util.*;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;


 public class SshAuthenticationService extends Service {
@ -141,12 +146,22 @@ public class SshAuthenticationService extends Service {
        CachedPublicKeyRing cachedPublicKeyRing = mKeyRepository.getCachedPublicKeyRing(masterKeyId);

        long authSubKeyId;
+        int authSubKeyAlgorithm;
+        String authSubKeyCurveOid = null;
        try {
            // get first usable subkey capable of authentication
            authSubKeyId = cachedPublicKeyRing.getSecretAuthenticationId();
+            // needed for encoding the resulting signature
+            authSubKeyAlgorithm = getPublicKey(masterKeyId).getAlgorithm();
+            if (authSubKeyAlgorithm == PublicKeyAlgorithmTags.ECDSA) {
+                authSubKeyCurveOid = getPublicKey(masterKeyId).getCurveOid();
+            }
        } catch (PgpKeyNotFoundException e) {
            return createExceptionErrorResult(SshAuthenticationApiError.NO_AUTH_KEY,
                    "authentication key for master key id not found in keychain", e);
+        } catch (KeyRepository.NotFoundException e) {
+            return createExceptionErrorResult(SshAuthenticationApiError.NO_SUCH_KEY,
+                    "Key for master key id not found", e);
        }

        authData.setAuthenticationSubKeyId(authSubKeyId);
@ -175,7 +190,19 @@ public class SshAuthenticationService extends Service {
            // return PendingIntent to be executed by client
            return packagePendingIntent(pi);
        } else if (authResult.success()) {
-            return new SigningResponse(authResult.getSignature()).toIntent();
+            byte[] rawSignature = authResult.getSignature();
+            byte[] sshSignature;
+            if (authSubKeyAlgorithm == PublicKeyAlgorithmTags.ECDSA) {
+                sshSignature = SshSignatureConverter.getSshSignatureEcDsa(rawSignature, authSubKeyCurveOid);
+            } else {
+                try {
+                    sshSignature = SshSignatureConverter.getSshSignature(rawSignature, authSubKeyAlgorithm);
+                } catch (NoSuchAlgorithmException e) {
+                    return createExceptionErrorResult(SshAuthenticationApiError.INTERNAL_ERROR,
+                            "Error converting signature", e);
+                }
+            }
+            return new SigningResponse(sshSignature).toIntent();
        } else {
            LogEntryParcel errorMsg = authResult.getLog().getLast();
            return createErrorResult(SshAuthenticationApiError.INTERNAL_ERROR, getString(errorMsg.mType.getMsgId()));
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/signature/SshSignatureConverter.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/signature/SshSignatureConverter.java
@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2017 Christian Hagau <ach@hagau.se>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ssh.signature;
+
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.util.BigIntegers;
+import org.sufficientlysecure.keychain.ssh.key.SshEncodedData;
+import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+
+public class SshSignatureConverter {
+
+    private static String getSignatureType(int algorithm) throws NoSuchAlgorithmException {
+        switch (algorithm) {
+            case PublicKeyAlgorithmTags.RSA_SIGN:
+            case PublicKeyAlgorithmTags.RSA_GENERAL:
+                return "ssh-rsa";
+
+            case PublicKeyAlgorithmTags.EDDSA:
+                return "ssh-ed25519";
+
+            case PublicKeyAlgorithmTags.DSA:
+                return "ssh-dss";
+
+            default:
+                throw new NoSuchAlgorithmException("Unknown algorithm");
+        }
+    }
+
+    private static byte[] getSignatureBlob(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
+        switch (algorithm) {
+            case PublicKeyAlgorithmTags.RSA_SIGN:
+            case PublicKeyAlgorithmTags.RSA_GENERAL:
+                return rawSignature;
+
+            case PublicKeyAlgorithmTags.EDDSA:
+                return rawSignature;
+
+            case PublicKeyAlgorithmTags.DSA:
+                return getDsaSignatureBlob(rawSignature);
+
+            default:
+                throw new NoSuchAlgorithmException("Unknown algorithm");
+        }
+    }
+
+    private static byte[] getEcDsaSignatureBlob(byte[] rawSignature) {
+        BigInteger r = getR(rawSignature);
+        BigInteger s = getS(rawSignature);
+
+        SshEncodedData rsBlob = new SshEncodedData();
+        rsBlob.putMPInt(r);
+        rsBlob.putMPInt(s);
+
+        return rsBlob.getBytes();
+    }
+
+    private static BigInteger getR(byte[] rawSignature) {
+        ASN1Sequence asn1Sequence = getASN1Sequence(rawSignature);
+        return ASN1Integer.getInstance(asn1Sequence.getObjectAt(0)).getValue();
+    }
+
+    private static BigInteger getS(byte[] rawSignature) {
+        ASN1Sequence asn1Sequence = getASN1Sequence(rawSignature);
+        return ASN1Integer.getInstance(asn1Sequence.getObjectAt(1)).getValue();
+    }
+
+    private static ASN1Sequence getASN1Sequence(byte[] rawSignature) {
+        try {
+            return (ASN1Sequence) ASN1Primitive.fromByteArray(rawSignature);
+        } catch (IOException e) {
+            throw new IllegalArgumentException("Could not read ASN.1 object", e);
+        }
+    }
+
+    private static byte[] getDsaSignatureBlob(byte[] rawSignature) {
+        BigInteger r = getR(rawSignature);
+        BigInteger s = getS(rawSignature);
+
+        byte[] rByte = BigIntegers.asUnsignedByteArray(r);
+        byte[] sByte = BigIntegers.asUnsignedByteArray(s);
+
+        int integerLength = getDsaSignatureLength(rByte.length > sByte.length ? rByte.length : sByte.length);
+        int rPaddingLength = integerLength - rByte.length;
+        int sPaddingLength = integerLength - sByte.length;
+
+        byte[] rsBlob = new byte[2 * integerLength];
+        System.arraycopy(rByte, 0, rsBlob, rPaddingLength, rByte.length);
+        System.arraycopy(sByte, 0, rsBlob, integerLength + sPaddingLength, sByte.length);
+
+        return rsBlob;
+    }
+
+    private static int getDsaSignatureLength(int inLength) {
+        if (inLength <= 20) {
+            return 20;
+        } else {
+            return 32;
+        }
+    }
+
+    public static byte[] getSshSignature(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
+        SshEncodedData signature = new SshEncodedData();
+        signature.putString(getSignatureType(algorithm));
+        signature.putString(getSignatureBlob(rawSignature, algorithm));
+
+        return signature.getBytes();
+    }
+
+    public static byte[] getSshSignatureEcDsa(byte[] rawSignature, String curveOid) {
+        SshEncodedData signature = new SshEncodedData();
+        signature.putString("ecdsa-sha2-" + SshUtils.getCurveName(curveOid));
+        signature.putString(getEcDsaSignatureBlob(rawSignature));
+
+        return signature.getBytes();
+    }
+}
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/utils/SshUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ssh/utils/SshUtils.java
@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2017 Christian Hagau <ach@hagau.se>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ssh.utils;
+
+public class SshUtils {
+
+    public static String getCurveName(String curveOid) {
+        // see RFC5656 section 10.{1,2}
+        switch (curveOid) {
+            // REQUIRED curves
+            case "1.2.840.10045.3.1.7":
+                return "nistp256";
+            case "1.3.132.0.34":
+                return "nistp384";
+            case "1.3.132.0.35":
+                return "nistp521";
+
+            // RECOMMENDED curves
+            case "1.3.132.0.1":
+                return     "1.3.132.0.1";
+            case "1.2.840.10045.3.1.1":
+                return  "1.2.840.10045.3.1.1";
+            case "1.3.132.0.33":
+                return     "1.3.132.0.33";
+            case "1.3.132.0.26":
+                return     "1.3.132.0.26";
+            case "1.3.132.0.27":
+                return     "1.3.132.0.27";
+            case "1.3.132.0.16":
+                return     "1.3.132.0.16";
+            case "1.3.132.0.36":
+                return     "1.3.132.0.36";
+            case "1.3.132.0.37":
+                return     "1.3.132.0.37";
+            case "1.3.132.0.38":
+                return     "1.3.132.0.38";
+
+            default:
+                return null;
+        }
+    }
+}