Merge pull request #2224 from hagau/ssh_encode_signature

Encode signature to SSH compatible format in SshAuthenticationService
This commit is contained in:
Vincent Breitmoser 2017-11-28 16:47:53 +01:00 committed by GitHub
commit daa84ae085
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 403 additions and 45 deletions

View File

@ -27,6 +27,9 @@ import org.sufficientlysecure.keychain.ssh.key.SshDSAPublicKey;
import org.sufficientlysecure.keychain.ssh.key.SshECDSAPublicKey; import org.sufficientlysecure.keychain.ssh.key.SshECDSAPublicKey;
import org.sufficientlysecure.keychain.ssh.key.SshEd25519PublicKey; import org.sufficientlysecure.keychain.ssh.key.SshEd25519PublicKey;
import org.sufficientlysecure.keychain.ssh.key.SshRSAPublicKey; import org.sufficientlysecure.keychain.ssh.key.SshRSAPublicKey;
import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
import java.security.NoSuchAlgorithmException;
public class SshPublicKey { public class SshPublicKey {
private final static String TAG = "SshPublicKey"; private final static String TAG = "SshPublicKey";
@ -37,7 +40,7 @@ public class SshPublicKey {
mPublicKey = publicKey; mPublicKey = publicKey;
} }
public String getEncodedKey() throws PgpGeneralException { public String getEncodedKey() throws PgpGeneralException, NoSuchAlgorithmException {
PGPPublicKey key = mPublicKey.getPublicKey(); PGPPublicKey key = mPublicKey.getPublicKey();
switch (key.getAlgorithm()) { switch (key.getAlgorithm()) {
@ -50,9 +53,8 @@ public class SshPublicKey {
case PGPPublicKey.DSA: case PGPPublicKey.DSA:
return encodeDSAKey(key); return encodeDSAKey(key);
default: default:
break; throw new PgpGeneralException("Unknown key algorithm");
} }
throw new PgpGeneralException("Unknown algorithm");
} }
private String encodeRSAKey(PGPPublicKey publicKey) { private String encodeRSAKey(PGPPublicKey publicKey) {
@ -63,51 +65,16 @@ public class SshPublicKey {
return pubkey.getPublicKeyBlob(); return pubkey.getPublicKeyBlob();
} }
private String encodeECKey(PGPPublicKey publicKey) { private String encodeECKey(PGPPublicKey publicKey) throws NoSuchAlgorithmException {
ECPublicBCPGKey publicBCPGKey = (ECPublicBCPGKey) publicKey.getPublicKeyPacket().getKey(); ECPublicBCPGKey publicBCPGKey = (ECPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
String curveName = getCurveName(publicBCPGKey); String curveName = SshUtils.getCurveName(mPublicKey.getCurveOid());
SshECDSAPublicKey sshECDSAPublicKey = new SshECDSAPublicKey(curveName, publicBCPGKey.getEncodedPoint()); SshECDSAPublicKey sshECDSAPublicKey = new SshECDSAPublicKey(curveName, publicBCPGKey.getEncodedPoint());
return sshECDSAPublicKey.getPublicKeyBlob(); return sshECDSAPublicKey.getPublicKeyBlob();
} }
private String getCurveName(ECPublicBCPGKey publicBCPGKey) {
String curveOid = publicBCPGKey.getCurveOID().getId();
// see RFC5656 section 10.{1,2}
switch (curveOid) {
// REQUIRED curves
case "1.2.840.10045.3.1.7":
return "nistp256";
case "1.3.132.0.34":
return "nistp384";
case "1.3.132.0.35":
return "nistp521";
// RECOMMENDED curves
case "1.3.132.0.1":
return "1.3.132.0.1";
case "1.2.840.10045.3.1.1":
return "1.2.840.10045.3.1.1";
case "1.3.132.0.33":
return "1.3.132.0.33";
case "1.3.132.0.26":
return "1.3.132.0.26";
case "1.3.132.0.27":
return "1.3.132.0.27";
case "1.3.132.0.16":
return "1.3.132.0.16";
case "1.3.132.0.36":
return "1.3.132.0.36";
case "1.3.132.0.37":
return "1.3.132.0.37";
case "1.3.132.0.38":
return "1.3.132.0.38";
default:
return null;
}
}
private String encodeEdDSAKey(PGPPublicKey publicKey) { private String encodeEdDSAKey(PGPPublicKey publicKey) {
EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey(); EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();

View File

@ -23,6 +23,7 @@ import android.content.Intent;
import android.os.IBinder; import android.os.IBinder;
import android.util.Log; import android.util.Log;
import org.bouncycastle.bcpg.HashAlgorithmTags; import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.openintents.ssh.authentication.ISshAuthenticationService; import org.openintents.ssh.authentication.ISshAuthenticationService;
import org.openintents.ssh.authentication.SshAuthenticationApi; import org.openintents.ssh.authentication.SshAuthenticationApi;
import org.openintents.ssh.authentication.SshAuthenticationApiError; import org.openintents.ssh.authentication.SshAuthenticationApiError;
@ -46,10 +47,14 @@ import org.sufficientlysecure.keychain.ssh.AuthenticationData;
import org.sufficientlysecure.keychain.ssh.AuthenticationOperation; import org.sufficientlysecure.keychain.ssh.AuthenticationOperation;
import org.sufficientlysecure.keychain.ssh.AuthenticationParcel; import org.sufficientlysecure.keychain.ssh.AuthenticationParcel;
import org.sufficientlysecure.keychain.ssh.AuthenticationResult; import org.sufficientlysecure.keychain.ssh.AuthenticationResult;
import org.sufficientlysecure.keychain.ssh.signature.SshSignatureConverter;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.*; import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
public class SshAuthenticationService extends Service { public class SshAuthenticationService extends Service {
@ -141,12 +146,22 @@ public class SshAuthenticationService extends Service {
CachedPublicKeyRing cachedPublicKeyRing = mKeyRepository.getCachedPublicKeyRing(masterKeyId); CachedPublicKeyRing cachedPublicKeyRing = mKeyRepository.getCachedPublicKeyRing(masterKeyId);
long authSubKeyId; long authSubKeyId;
int authSubKeyAlgorithm;
String authSubKeyCurveOid = null;
try { try {
// get first usable subkey capable of authentication // get first usable subkey capable of authentication
authSubKeyId = cachedPublicKeyRing.getSecretAuthenticationId(); authSubKeyId = cachedPublicKeyRing.getSecretAuthenticationId();
// needed for encoding the resulting signature
authSubKeyAlgorithm = getPublicKey(masterKeyId).getAlgorithm();
if (authSubKeyAlgorithm == PublicKeyAlgorithmTags.ECDSA) {
authSubKeyCurveOid = getPublicKey(masterKeyId).getCurveOid();
}
} catch (PgpKeyNotFoundException e) { } catch (PgpKeyNotFoundException e) {
return createExceptionErrorResult(SshAuthenticationApiError.NO_AUTH_KEY, return createExceptionErrorResult(SshAuthenticationApiError.NO_AUTH_KEY,
"authentication key for master key id not found in keychain", e); "authentication key for master key id not found in keychain", e);
} catch (KeyRepository.NotFoundException e) {
return createExceptionErrorResult(SshAuthenticationApiError.NO_SUCH_KEY,
"Key for master key id not found", e);
} }
authData.setAuthenticationSubKeyId(authSubKeyId); authData.setAuthenticationSubKeyId(authSubKeyId);
@ -175,7 +190,19 @@ public class SshAuthenticationService extends Service {
// return PendingIntent to be executed by client // return PendingIntent to be executed by client
return packagePendingIntent(pi); return packagePendingIntent(pi);
} else if (authResult.success()) { } else if (authResult.success()) {
return new SigningResponse(authResult.getSignature()).toIntent(); byte[] rawSignature = authResult.getSignature();
byte[] sshSignature;
try {
if (authSubKeyAlgorithm == PublicKeyAlgorithmTags.ECDSA) {
sshSignature = SshSignatureConverter.getSshSignatureEcDsa(rawSignature, authSubKeyCurveOid);
} else {
sshSignature = SshSignatureConverter.getSshSignature(rawSignature, authSubKeyAlgorithm);
}
} catch (NoSuchAlgorithmException e) {
return createExceptionErrorResult(SshAuthenticationApiError.INTERNAL_ERROR,
"Error converting signature", e);
}
return new SigningResponse(sshSignature).toIntent();
} else { } else {
LogEntryParcel errorMsg = authResult.getLog().getLast(); LogEntryParcel errorMsg = authResult.getLog().getLast();
return createErrorResult(SshAuthenticationApiError.INTERNAL_ERROR, getString(errorMsg.mType.getMsgId())); return createErrorResult(SshAuthenticationApiError.INTERNAL_ERROR, getString(errorMsg.mType.getMsgId()));
@ -324,7 +351,7 @@ public class SshAuthenticationService extends Service {
SshPublicKey sshPublicKey = new SshPublicKey(publicKey); SshPublicKey sshPublicKey = new SshPublicKey(publicKey);
try { try {
sshPublicKeyBlob = sshPublicKey.getEncodedKey(); sshPublicKeyBlob = sshPublicKey.getEncodedKey();
} catch (PgpGeneralException e) { } catch (PgpGeneralException | NoSuchAlgorithmException e) {
return createExceptionErrorResult(SshAuthenticationApiError.GENERIC_ERROR, return createExceptionErrorResult(SshAuthenticationApiError.GENERIC_ERROR,
"Error converting public key to SSH format", e); "Error converting public key to SSH format", e);
} }

View File

@ -0,0 +1,138 @@
/*
* Copyright (C) 2017 Christian Hagau <ach@hagau.se>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.ssh.signature;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.util.BigIntegers;
import org.sufficientlysecure.keychain.ssh.key.SshEncodedData;
import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
public class SshSignatureConverter {
private static String getSignatureType(int algorithm) throws NoSuchAlgorithmException {
switch (algorithm) {
case PublicKeyAlgorithmTags.RSA_SIGN:
case PublicKeyAlgorithmTags.RSA_GENERAL:
return "ssh-rsa";
case PublicKeyAlgorithmTags.EDDSA:
return "ssh-ed25519";
case PublicKeyAlgorithmTags.DSA:
return "ssh-dss";
default:
throw new NoSuchAlgorithmException("Unknown algorithm");
}
}
private static byte[] getSignatureBlob(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
switch (algorithm) {
case PublicKeyAlgorithmTags.RSA_SIGN:
case PublicKeyAlgorithmTags.RSA_GENERAL:
return rawSignature;
case PublicKeyAlgorithmTags.EDDSA:
return rawSignature;
case PublicKeyAlgorithmTags.DSA:
return getDsaSignatureBlob(rawSignature);
default:
throw new NoSuchAlgorithmException("Unknown algorithm");
}
}
private static byte[] getEcDsaSignatureBlob(byte[] rawSignature) {
BigInteger r = getR(rawSignature);
BigInteger s = getS(rawSignature);
SshEncodedData rsBlob = new SshEncodedData();
rsBlob.putMPInt(r);
rsBlob.putMPInt(s);
return rsBlob.getBytes();
}
private static BigInteger getR(byte[] rawSignature) {
ASN1Sequence asn1Sequence = getASN1Sequence(rawSignature);
return ASN1Integer.getInstance(asn1Sequence.getObjectAt(0)).getValue();
}
private static BigInteger getS(byte[] rawSignature) {
ASN1Sequence asn1Sequence = getASN1Sequence(rawSignature);
return ASN1Integer.getInstance(asn1Sequence.getObjectAt(1)).getValue();
}
private static ASN1Sequence getASN1Sequence(byte[] rawSignature) {
try {
return (ASN1Sequence) ASN1Primitive.fromByteArray(rawSignature);
} catch (IOException e) {
throw new IllegalArgumentException("Could not read ASN.1 object", e);
}
}
private static byte[] getDsaSignatureBlob(byte[] rawSignature) {
BigInteger r = getR(rawSignature);
BigInteger s = getS(rawSignature);
byte[] rByte = BigIntegers.asUnsignedByteArray(r);
byte[] sByte = BigIntegers.asUnsignedByteArray(s);
int integerLength = getDsaSignatureLength(rByte.length > sByte.length ? rByte.length : sByte.length);
int rPaddingLength = integerLength - rByte.length;
int sPaddingLength = integerLength - sByte.length;
byte[] rsBlob = new byte[2 * integerLength];
System.arraycopy(rByte, 0, rsBlob, rPaddingLength, rByte.length);
System.arraycopy(sByte, 0, rsBlob, integerLength + sPaddingLength, sByte.length);
return rsBlob;
}
private static int getDsaSignatureLength(int inLength) {
if (inLength <= 20) {
return 20;
} else {
return 32;
}
}
public static byte[] getSshSignature(byte[] rawSignature, int algorithm) throws NoSuchAlgorithmException {
SshEncodedData signature = new SshEncodedData();
signature.putString(getSignatureType(algorithm));
signature.putString(getSignatureBlob(rawSignature, algorithm));
return signature.getBytes();
}
public static byte[] getSshSignatureEcDsa(byte[] rawSignature, String curveOid) throws NoSuchAlgorithmException {
SshEncodedData signature = new SshEncodedData();
signature.putString("ecdsa-sha2-" + SshUtils.getCurveName(curveOid));
signature.putString(getEcDsaSignatureBlob(rawSignature));
return signature.getBytes();
}
}

View File

@ -0,0 +1,59 @@
/*
* Copyright (C) 2017 Christian Hagau <ach@hagau.se>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.ssh.utils;
import java.security.NoSuchAlgorithmException;
public class SshUtils {
public static String getCurveName(String curveOid) throws NoSuchAlgorithmException {
// see RFC5656 section 10.{1,2}
switch (curveOid) {
// REQUIRED curves
case "1.2.840.10045.3.1.7":
return "nistp256";
case "1.3.132.0.34":
return "nistp384";
case "1.3.132.0.35":
return "nistp521";
// RECOMMENDED curves
case "1.3.132.0.1":
return "1.3.132.0.1";
case "1.2.840.10045.3.1.1":
return "1.2.840.10045.3.1.1";
case "1.3.132.0.33":
return "1.3.132.0.33";
case "1.3.132.0.26":
return "1.3.132.0.26";
case "1.3.132.0.27":
return "1.3.132.0.27";
case "1.3.132.0.16":
return "1.3.132.0.16";
case "1.3.132.0.36":
return "1.3.132.0.36";
case "1.3.132.0.37":
return "1.3.132.0.37";
case "1.3.132.0.38":
return "1.3.132.0.38";
default:
throw new NoSuchAlgorithmException("Can't translate curve OID to SSH curve identifier");
}
}
}

View File

@ -69,6 +69,7 @@ import java.io.BufferedWriter;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStreamWriter; import java.io.OutputStreamWriter;
import java.security.NoSuchAlgorithmException;
public class ViewKeyAdvShareFragment extends LoaderFragment implements public class ViewKeyAdvShareFragment extends LoaderFragment implements
LoaderManager.LoaderCallbacks<Cursor> { LoaderManager.LoaderCallbacks<Cursor> {
@ -223,7 +224,8 @@ public class ViewKeyAdvShareFragment extends LoaderFragment implements
} }
private String getShareKeyContent(boolean asSshKey) private String getShareKeyContent(boolean asSshKey)
throws PgpKeyNotFoundException, KeyRepository.NotFoundException, IOException, PgpGeneralException { throws PgpKeyNotFoundException, KeyRepository.NotFoundException, IOException, PgpGeneralException,
NoSuchAlgorithmException {
KeyRepository keyRepository = KeyRepository.create(getContext()); KeyRepository keyRepository = KeyRepository.create(getContext());
@ -303,7 +305,7 @@ public class ViewKeyAdvShareFragment extends LoaderFragment implements
Intent shareChooser = Intent.createChooser(sendIntent, title); Intent shareChooser = Intent.createChooser(sendIntent, title);
startActivity(shareChooser); startActivity(shareChooser);
} catch (PgpGeneralException | IOException e) { } catch (PgpGeneralException | IOException | NoSuchAlgorithmException e) {
Log.e(Constants.TAG, "error processing key!", e); Log.e(Constants.TAG, "error processing key!", e);
Notify.create(activity, R.string.error_key_processing, Notify.Style.ERROR).show(); Notify.create(activity, R.string.error_key_processing, Notify.Style.ERROR).show();
} catch (PgpKeyNotFoundException | KeyRepository.NotFoundException e) { } catch (PgpKeyNotFoundException | KeyRepository.NotFoundException e) {

View File

@ -0,0 +1,161 @@
/*
* Copyright (C) 2017 Christian Hagau <ach@hagau.se>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.ssh.signature;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.sufficientlysecure.keychain.KeychainTestRunner;
@RunWith(KeychainTestRunner.class)
public class SshSignatureConverterTest {
private final static String CURVE_OID_NIST_P_256 = "1.2.840.10045.3.1.7";
private final static byte[] RAW_ECDSA_SIGNATURE = Hex.decode(
"3046" +
"0221" +
"00949fa9151d71495d9c020635dcedac6a" +
"8665d079b4f721b05a9408771e455fe2" +
"0221" +
"00df9c7a5ae59e5d2e42d3767e1525c825" +
"7cff82ac2664b6419ff66f6e8b9669a0");
private final static byte[] SSH_ECDSA_SIGNATURE = Hex.decode(
"00000013" +
"65636473612d736861322d6e6973747032" +
"3536" +
"0000004a" +
"00000021" +
"00949fa9151d71495d9c020635dcedac6a" +
"8665d079b4f721b05a9408771e455fe2" +
"00000021" +
"00df9c7a5ae59e5d2e42d3767e1525c825" +
"7cff82ac2664b6419ff66f6e8b9669a0"
);
private final static byte[] RAW_RSA_SIGNATURE = Hex.decode(
"1c975c37a4137e9c861d20d9d40b6db16d" +
"1da8b17e360311b6a4ebcb3f1ff51d4906" +
"28b80de0dece08a1b5ebe8a5894ea2fea7" +
"40741e7c83c241a0d2bd9bdb3a2f3942ca" +
"e8ccc3bda7a17b40b00a0e214a5da76542" +
"11f5fc49b45d16b1e46fa80ce777969c51" +
"9f09bb45e312e4109b3af0c3133ffa221d" +
"a9e3c9e03fa2fdb70df03e6c83ee71f106" +
"b8f24fd72bad5e4e68123dda656ddba8ee" +
"11f9106154d1e1370bff3ba22e3c25b7d9" +
"334d903e4dd79a7389da41e9437e79ddd8" +
"a3335d2c217f01059bde2f3450f8933f38" +
"be10cd59467e9c9332c7794ccb9d19cb65" +
"a179b0166cd0e583e17f8f312222259ae3" +
"1b13e61fcae4da5c5554e2355218a0eb07" +
"19"
);
private final static byte[] SSH_RSA_SIGNATURE = Hex.decode(
"00000007" +
"7373682d727361" +
"00000100" +
"1c975c37a4137e9c861d20d9d40b6db16d" +
"1da8b17e360311b6a4ebcb3f1ff51d4906" +
"28b80de0dece08a1b5ebe8a5894ea2fea7" +
"40741e7c83c241a0d2bd9bdb3a2f3942ca" +
"e8ccc3bda7a17b40b00a0e214a5da76542" +
"11f5fc49b45d16b1e46fa80ce777969c51" +
"9f09bb45e312e4109b3af0c3133ffa221d" +
"a9e3c9e03fa2fdb70df03e6c83ee71f106" +
"b8f24fd72bad5e4e68123dda656ddba8ee" +
"11f9106154d1e1370bff3ba22e3c25b7d9" +
"334d903e4dd79a7389da41e9437e79ddd8" +
"a3335d2c217f01059bde2f3450f8933f38" +
"be10cd59467e9c9332c7794ccb9d19cb65" +
"a179b0166cd0e583e17f8f312222259ae3" +
"1b13e61fcae4da5c5554e2355218a0eb07" +
"19"
);
private final static byte[] RAW_EDDSA_SIGNATURE = Hex.decode(
"554946e827c6fd4b21b7a81a977a745331" +
"0e18c005403bfa4ddd87158b56b140fd61" +
"0bf15d7f38a32b55713fd38087ac8612dc" +
"1456cec315e4643b6d2489070a"
);
private final static byte[] SSH_EDDSA_SIGNATURE = Hex.decode(
"0000000b" +
"7373682d65643235353139" +
"00000040" +
"554946e827c6fd4b21b7a81a977a745331" +
"0e18c005403bfa4ddd87158b56b140fd61" +
"0bf15d7f38a32b55713fd38087ac8612dc" +
"1456cec315e4643b6d2489070a"
);
private final static byte[] RAW_DSA_SIGNATURE = Hex.decode(
"3046" +
"0221" +
"00defdb8a25fb8660a3cab24510a200a01" +
"3eb9c677e4caed19a349a9af3b8c971a" +
"0221" +
"00e7e4d5b8f08ab5cb4d445f03c458ccce" +
"3dff26a20fb314508604d1ca3e2c9125"
);
private final static byte[] SSH_DSA_SIGNATURE = Hex.decode(
"00000007" +
"7373682d647373" +
"00000040" +
"defdb8a25fb8660a3cab24510a200a013e" +
"b9c677e4caed19a349a9af3b8c971ae7e4" +
"d5b8f08ab5cb4d445f03c458ccce3dff26" +
"a20fb314508604d1ca3e2c9125"
);
@Test
public void testEcDsa() throws Exception {
byte[] out = SshSignatureConverter.getSshSignatureEcDsa(RAW_ECDSA_SIGNATURE, CURVE_OID_NIST_P_256);
Assert.assertArrayEquals(SSH_ECDSA_SIGNATURE, out);
}
@Test
public void testRsa() throws Exception {
byte[] out = SshSignatureConverter.getSshSignature(RAW_RSA_SIGNATURE, PublicKeyAlgorithmTags.RSA_SIGN);
Assert.assertArrayEquals(SSH_RSA_SIGNATURE, out);
}
@Test
public void testEdDsa() throws Exception {
byte[] out = SshSignatureConverter.getSshSignature(RAW_EDDSA_SIGNATURE, PublicKeyAlgorithmTags.EDDSA);
Assert.assertArrayEquals(SSH_EDDSA_SIGNATURE, out);
}
@Test
public void testDsa() throws Exception {
byte[] out = SshSignatureConverter.getSshSignature(RAW_DSA_SIGNATURE, PublicKeyAlgorithmTags.DSA);
Assert.assertArrayEquals(SSH_DSA_SIGNATURE, out);
}
}

View File

@ -42,6 +42,10 @@ public class SshAuthenticationApi {
* *
* Sign a given challenge * Sign a given challenge
* *
* returns the encoded signature as described in
* RFC4253, RFC5656 & draft-ietf-curdle-ssh-ed25519
* and their respective updates
*
* required extras: * required extras:
* String EXTRA_KEY_ID * String EXTRA_KEY_ID
* byte[] EXTRA_CHALLENGE * byte[] EXTRA_CHALLENGE