ssh_data 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2a37d746413f208ac72e4dca430d8e9ad71646cdab1a86a4beb1939d538ca00
-  data.tar.gz: 37c066043665eb883f68f1a0bbff2c7b814a6c11a32dcef02d19cb24a7fd9b17
+  metadata.gz: 1d17ebf6c761d5e15b35c4fe273dd0431b327c41456e36971c402763a5ddcdfa
+  data.tar.gz: c48ac30c8c9d53b022b8f06bfe5deaf8a16954f2fcdc91cfd3178fbd6804cc88
 SHA512:
-  metadata.gz: 2e32a7671a4bebef2e1a9035a9be8692af5f8274e9b6e8ca8043421ed8adf620eb88878a8a55deca82d9b1c1fad725d6018230c5bd7a75a8bec727a39e8823f8
-  data.tar.gz: e0b84d38f45eb30d9ac0a1940e26b70a83677f68bb399c206f6a599194ffddd77a9a77f18e27b2cad94de5004c67e7bf63f009f621ab9b9dabc2637fba85f1ad
+  metadata.gz: c262a0c7c00ebab56b9c302625b3de59ced3b140e362c96cfddc4fb7d150d0d6515eab600177cb18b068a526b4e5d72314508a0ceec7bd89422321c85289dfbb
+  data.tar.gz: 0b794f39c77676fcbab5c545a7b172c95fd37cd72048d9eb1d9e5de26efd70e971ab318b32fa428752e364e1f24c8afa2841b9d582aab59fc4ea66abb396123a

data/lib/ssh_data/encoding.rb

@@ -3,6 +3,19 @@ module SSHData
     # Fields in an OpenSSL private key
     # https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
     OPENSSH_PRIVATE_KEY_MAGIC = "openssh-key-v1\x00"
+
+    OPENSSH_SIGNATURE_MAGIC = "SSHSIG"
+    OPENSSH_SIGNATURE_VERSION = 0x01
+
+    OPENSSH_SIGNATURE_FIELDS = [
+      [:sigversion,     :uint32],
+      [:publickey,      :string],
+      [:namespace,      :string],
+      [:reserved,       :string],
+      [:hash_algorithm, :string],
+      [:signature,      :string],
+    ]
+
     OPENSSH_PRIVATE_KEY_FIELDS = [
       [:ciphername, :string],
       [:kdfname,    :string],
@@ -313,6 +326,21 @@ module SSHData
       [key, str_read]
     end
 
+    def decode_openssh_signature(raw, offset=0)
+      total_read = 0
+
+      magic = raw.byteslice(offset, OPENSSH_SIGNATURE_MAGIC.bytesize)
+      unless magic == OPENSSH_SIGNATURE_MAGIC
+        raise DecodeError, "bad OpenSSH signature"
+      end
+
+      total_read += OPENSSH_SIGNATURE_MAGIC.bytesize
+      offset += total_read
+      data, read = decode_fields(raw, OPENSSH_SIGNATURE_FIELDS, offset)
+      total_read += read
+      [data, total_read]
+    end
+
     # Decode the fields in a certificate.
     #
     # raw    - Binary String certificate as described by RFC4253 section 6.6.
@@ -680,6 +708,32 @@ module SSHData
       [value].pack("L>")
     end
 
+    # Read a uint8 from the provided raw data.
+    #
+    # raw    - A binary String.
+    # offset - The offset into raw at which to read (default 0).
+    #
+    # Returns an Array including the decoded uint8 as an Integer and the
+    # Integer number of bytes read.
+    def decode_uint8(raw, offset=0)
+      if raw.bytesize < offset + 1
+        raise DecodeError, "data too short"
+      end
+
+      uint8 = raw.byteslice(offset, 1).unpack("C").first
+
+      [uint8, 1]
+    end
+
+    # Encoding an integer as a uint8.
+    #
+    # value - The Integer value to encode.
+    #
+    # Returns an encoded representation of the value.
+    def encode_uint8(value)
+      [value].pack("C")
+    end
+
     extend self
   end
 end

data/lib/ssh_data/private_key/dsa.rb

@@ -7,7 +7,19 @@
       #
       # Returns a PublicKey::Base subclass instance.
       def self.generate
-        from_openssl(OpenSSL::PKey::DSA.generate(1024))
+        openssl_key =
+          if defined?(OpenSSL::PKey.generate_parameters)
+            dsa_parameters = OpenSSL::PKey.generate_parameters("DSA", {
+              dsa_paramgen_bits: 1024,
+              dsa_paramgen_q_bits: 160
+            })
+
+            OpenSSL::PKey.generate_key(dsa_parameters)
+          else
+            OpenSSL::PKey::DSA.generate(1024)
+          end
+
+        from_openssl(openssl_key)
       end
 
       # Import an openssl private key.

data/lib/ssh_data/public_key/security_key.rb

@@ -0,0 +1,40 @@
+module SSHData
+  module PublicKey
+    module SecurityKey
+
+      # Defaults to match OpenSSH, user presence is required by verification is not.
+      DEFAULT_SK_VERIFY_OPTS = {
+        user_presence_required: true,
+        user_verification_required: false
+      }
+
+      SK_FLAG_USER_PRESENCE     = 0b001
+      SK_FLAG_USER_VERIFICATION = 0b100
+
+      def build_signing_blob(application, signed_data, signature)
+        read = 0
+        sig_algo, raw_sig, signature_read = Encoding.decode_signature(signature)
+        read += signature_read
+        sk_flags, sk_flags_read = Encoding.decode_uint8(signature, read)
+        read += sk_flags_read
+        counter, counter_read = Encoding.decode_uint32(signature, read)
+        read += counter_read
+
+        if read != signature.bytesize
+          raise DecodeError, "unexpected trailing data"
+        end
+
+        application_hash = OpenSSL::Digest::SHA256.digest(application)
+        message_hash = OpenSSL::Digest::SHA256.digest(signed_data)
+
+        blob =
+          application_hash +
+          Encoding.encode_uint8(sk_flags) +
+          Encoding.encode_uint32(counter) +
+          message_hash
+
+        [sig_algo, raw_sig, sk_flags, blob]
+      end
+    end
+  end
+end

data/lib/ssh_data/public_key/skecdsa.rb

@@ -1,6 +1,7 @@
 module SSHData
   module PublicKey
     class SKECDSA < ECDSA
+      include SecurityKey
       attr_reader :application
 
       OPENSSL_CURVE_NAME_FOR_CURVE = {
@@ -34,8 +35,25 @@ module SSHData
         )
       end
 
-      def verify(signed_data, signature)
-        raise UnsupportedError, "SK-ECDSA verification is not supported."
+      def verify(signed_data, signature, **opts)
+        opts = DEFAULT_SK_VERIFY_OPTS.merge(opts)
+        unknown_opts = opts.keys - DEFAULT_SK_VERIFY_OPTS.keys
+        raise UnsupportedError, "Verification options #{unknown_opts.inspect} are not supported." unless unknown_opts.empty?
+
+        sig_algo, raw_sig, sk_flags, blob = build_signing_blob(application, signed_data, signature)
+        self.class.check_algorithm!(sig_algo, curve)
+
+        openssl_sig = self.class.openssl_signature(raw_sig)
+        digest = DIGEST_FOR_CURVE[curve]
+
+        result = openssl.verify(digest.new, openssl_sig, blob)
+
+        # We don't know that the flags are correct until after we've validated the signature
+        # which embeds the flags, so always verify the signature first.
+        return false if opts[:user_presence_required] && (sk_flags & SK_FLAG_USER_PRESENCE != SK_FLAG_USER_PRESENCE)
+        return false if opts[:user_verification_required] && (sk_flags & SK_FLAG_USER_VERIFICATION != SK_FLAG_USER_VERIFICATION)
+
+        result
       end
 
       def ==(other)

data/lib/ssh_data/public_key/sked25519.rb

@@ -1,13 +1,14 @@
 module SSHData
   module PublicKey
     class SKED25519 < ED25519
+      include SecurityKey
       attr_reader :application
 
       def initialize(algo:, pk:, application:)
         @application = application
         super(algo: algo, pk: pk)
       end
-      
+
       def self.algorithm_identifier
         ALGO_SKED25519
       end
@@ -23,8 +24,30 @@ module SSHData
         )
       end
 
-      def verify(signed_data, signature)
-        raise UnsupportedError, "SK-Ed25519 verification is not supported."
+      def verify(signed_data, signature, **opts)
+        self.class.ed25519_gem_required!
+        opts = DEFAULT_SK_VERIFY_OPTS.merge(opts)
+        unknown_opts = opts.keys - DEFAULT_SK_VERIFY_OPTS.keys
+        raise UnsupportedError, "Verification options #{unknown_opts.inspect} are not supported." unless unknown_opts.empty?
+
+        sig_algo, raw_sig, sk_flags, blob = build_signing_blob(application, signed_data, signature)
+
+        if sig_algo != self.class.algorithm_identifier
+          raise DecodeError, "bad signature algorithm: #{sig_algo.inspect}"
+        end
+
+        result = begin
+            ed25519_key.verify(raw_sig, blob)
+          rescue Ed25519::VerifyError
+            false
+          end
+
+        # We don't know that the flags are correct until after we've validated the signature
+        # which embeds the flags, so always verify the signature first.
+        return false if opts[:user_presence_required] && (sk_flags & SK_FLAG_USER_PRESENCE != SK_FLAG_USER_PRESENCE)
+        return false if opts[:user_verification_required] && (sk_flags & SK_FLAG_USER_VERIFICATION != SK_FLAG_USER_VERIFICATION)
+
+        result
       end
 
       def ==(other)

data/lib/ssh_data/public_key.rb

@@ -78,6 +78,7 @@ module SSHData
 end
 
 require "ssh_data/public_key/base"
+require "ssh_data/public_key/security_key"
 require "ssh_data/public_key/rsa"
 require "ssh_data/public_key/dsa"
 require "ssh_data/public_key/ecdsa"

data/lib/ssh_data/signature.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+module SSHData
+  class Signature
+    PEM_TYPE = "SSH SIGNATURE"
+    SIGNATURE_PREAMBLE = "SSHSIG"
+    MIN_SUPPORTED_VERSION = 1
+    MAX_SUPPORTED_VERSION = 1
+
+    # Spec: no SHA1 or SHA384. In practice, OpenSSH is always going to use SHA512.
+    # Note the actual signing / verify primitive may use a different hash algorithm.
+    # https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig#L67
+    SUPPORTED_HASH_ALGORITHMS = {
+      "sha256" => OpenSSL::Digest::SHA256,
+      "sha512" => OpenSSL::Digest::SHA512,
+    }
+
+    PERMITTED_RSA_SIGNATURE_ALGORITHMS = [
+      PublicKey::ALGO_RSA_SHA2_256,
+      PublicKey::ALGO_RSA_SHA2_512,
+    ]
+
+    attr_reader :sigversion, :namespace, :signature, :reserved, :hash_algorithm
+
+    # Parses a PEM armored SSH signature.
+    # pem - A PEM encoded SSH signature.
+    #
+    # Returns a Signature instance.
+    def self.parse_pem(pem)
+      pem_type = Encoding.pem_type(pem)
+
+      if pem_type != PEM_TYPE
+        raise DecodeError, "Mismatched PEM type. Expecting '#{PEM_TYPE}', actually '#{pem_type}'."
+      end
+
+      blob = Encoding.decode_pem(pem, pem_type)
+      self.parse_blob(blob)
+    end
+
+    def self.parse_blob(blob)
+      data, read = Encoding.decode_openssh_signature(blob)
+
+      if read != blob.bytesize
+        raise DecodeError, "unexpected trailing data"
+      end
+
+      new(**data)
+    end
+
+    def initialize(sigversion:, publickey:, namespace:, reserved:, hash_algorithm:, signature:)
+      if sigversion > MAX_SUPPORTED_VERSION || sigversion < MIN_SUPPORTED_VERSION
+        raise UnsupportedError, "Signature version is not supported"
+      end
+
+      unless SUPPORTED_HASH_ALGORITHMS.has_key?(hash_algorithm)
+        raise UnsupportedError, "Hash algorithm #{hash_algorithm} is not supported."
+      end
+
+      # Spec: empty namespaces are not permitted.
+      # https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig#L57
+      raise UnsupportedError, "A namespace is required." if namespace.empty?
+
+      # Spec: ignore 'reserved', don't need to validate that it is empty.
+
+      @sigversion = sigversion
+      @publickey = publickey
+      @namespace = namespace
+      @reserved = reserved
+      @hash_algorithm = hash_algorithm
+      @signature = signature
+    end
+
+    def verify(signed_data, **opts)
+      signing_key = public_key
+
+      # Unwrap the signing key if this signature was created from a certificate.
+      key = signing_key.is_a?(Certificate) ? signing_key.public_key : signing_key
+
+      digest_algorithm = SUPPORTED_HASH_ALGORITHMS[@hash_algorithm]
+
+      if key.is_a?(PublicKey::RSA)
+        sig_algo, * = Encoding.decode_signature(@signature)
+
+        # Spec: If the signature is an RSA signature, the legacy 'ssh-rsa'
+        # identifer is not permitted.
+        # https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig#L72
+        unless PERMITTED_RSA_SIGNATURE_ALGORITHMS.include?(sig_algo)
+          raise UnsupportedError, "RSA signature #{sig_algo} is not supported."
+        end
+      end
+
+      message_digest = digest_algorithm.digest(signed_data)
+      blob =
+        SIGNATURE_PREAMBLE +
+        Encoding.encode_string(@namespace) +
+        Encoding.encode_string(@reserved || "") +
+        Encoding.encode_string(@hash_algorithm) +
+        Encoding.encode_string(message_digest)
+
+      if key.class.include?(::SSHData::PublicKey::SecurityKey)
+        key.verify(blob, @signature, **opts)
+      else
+        key.verify(blob, @signature)
+      end
+    end
+
+    # Gets the public key from the signature.
+    # If the signature was created from a certificate, this will be an
+    # SSHData::Certificate. Otherwise, this will be a PublicKey algorithm.
+    def public_key
+      public_key_algorithm, _ = Encoding.decode_string(@publickey)
+
+      if PublicKey::ALGOS.include?(public_key_algorithm)
+        PublicKey.parse_rfc4253(@publickey)
+      elsif Certificate::ALGOS.include?(public_key_algorithm)
+        Certificate.parse_rfc4253(@publickey)
+      else
+        raise UnsupportedError, "Public key algorithm #{public_key_algorithm} is not supported."
+      end
+    end
+  end
+end

data/lib/ssh_data/version.rb

@@ -1,3 +1,3 @@
 module SSHData
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

data/lib/ssh_data.rb

@@ -34,3 +34,4 @@ require "ssh_data/certificate"
 require "ssh_data/public_key"
 require "ssh_data/private_key"
 require "ssh_data/encoding"
+require "ssh_data/signature"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ssh_data
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - mastahyeti
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-02 00:00:00.000000000 Z
+date: 2022-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ed25519
@@ -89,8 +89,10 @@ files:
 - "./lib/ssh_data/public_key/ecdsa.rb"
 - "./lib/ssh_data/public_key/ed25519.rb"
 - "./lib/ssh_data/public_key/rsa.rb"
+- "./lib/ssh_data/public_key/security_key.rb"
 - "./lib/ssh_data/public_key/skecdsa.rb"
 - "./lib/ssh_data/public_key/sked25519.rb"
+- "./lib/ssh_data/signature.rb"
 - "./lib/ssh_data/version.rb"
 homepage: https://github.com/github/ssh_data
 licenses: