From bdbd9d7eb579731f4e138d1630b2e12442b7171b Mon Sep 17 00:00:00 2001 From: Charles Gould Date: Tue, 5 Sep 2017 12:51:27 -0400 Subject: [PATCH] Disambiguated signature initialization --- .../sshj/signature/SignatureEdDSA.java | 18 +++++++++++++++ .../sshj/signature/AbstractSignature.java | 22 ++++++++++++++++++- .../net/schmizz/sshj/signature/Signature.java | 22 +++++++++++++++++++ .../sshj/transport/kex/AbstractDHG.java | 2 +- .../sshj/transport/kex/AbstractDHGex.java | 2 +- .../sshj/userauth/method/KeyedAuthMethod.java | 2 +- .../sshj/signature/VerificationTest.java | 6 ++--- 7 files changed, 67 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java b/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java index dee8f275..fb0e9ad7 100644 --- a/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java +++ b/src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java @@ -62,6 +62,24 @@ public class SignatureEdDSA implements Signature { } } + @Override + public void initVerify(PublicKey pubkey) { + try { + engine.initVerify(pubkey); + } catch (InvalidKeyException e) { + throw new SSHRuntimeException(e); + } + } + + @Override + public void initSign(PrivateKey prvkey) { + try { + engine.initSign(prvkey); + } catch (InvalidKeyException e) { + throw new SSHRuntimeException(e); + } + } + @Override public void update(byte[] H) { update(H, 0, H.length); diff --git a/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java index 9cd44a6f..5365e181 100644 --- a/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java +++ b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java @@ -47,6 +47,26 @@ public abstract class AbstractSignature } } + @Override + public void initVerify(PublicKey publicKey) { + try { + signature = SecurityUtils.getSignature(algorithm); + signature.initVerify(publicKey); + } catch (GeneralSecurityException e) { + throw new SSHRuntimeException(e); + } + } + + @Override + public void initSign(PrivateKey privateKey) { + try { + signature = SecurityUtils.getSignature(algorithm); + signature.initSign(privateKey); + } catch (GeneralSecurityException e) { + throw new SSHRuntimeException(e); + } + } + @Override public void update(byte[] foo) { update(foo, 0, foo.length); @@ -89,4 +109,4 @@ public abstract class AbstractSignature return sig; } -} \ No newline at end of file +} diff --git a/src/main/java/net/schmizz/sshj/signature/Signature.java b/src/main/java/net/schmizz/sshj/signature/Signature.java index 6fc143b1..e16c1101 100644 --- a/src/main/java/net/schmizz/sshj/signature/Signature.java +++ b/src/main/java/net/schmizz/sshj/signature/Signature.java @@ -27,9 +27,31 @@ public interface Signature { * * @param pubkey (null-ok) specify in case verification is needed * @param prvkey (null-ok) specify in case signing is needed + * @deprecated Use {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} instead. */ + @Deprecated void init(PublicKey pubkey, PrivateKey prvkey); + /** + * Initialize this signature with the given public key for signature verification. + * + * Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will + * overwrite prior initialization. + * + * @param pubkey the public key to use for signature verification + */ + void initVerify(PublicKey pubkey); + + /** + * Initialize this signature with the given private key for signing. + * + * Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will + * overwrite prior initialization. + * + * @param prvkey the private key to use for signing + */ + void initSign(PrivateKey prvkey); + /** * Convenience method, same as calling {@link #update(byte[], int, int)} with offset as {@code 0} and {@code * H.length}. diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java index 8556650f..4c045e4a 100644 --- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java +++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java @@ -80,7 +80,7 @@ public abstract class AbstractDHG extends AbstractDH Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(), KeyType.fromKey(hostKey).toString()); - signature.init(hostKey, null); + signature.initVerify(hostKey); signature.update(H, 0, H.length); if (!signature.verify(sig)) throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java index 25e496bf..5c13d430 100644 --- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java +++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java @@ -86,7 +86,7 @@ public abstract class AbstractDHGex extends AbstractDH { H = digest.digest(); Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(), KeyType.fromKey(hostKey).toString()); - signature.init(hostKey, null); + signature.initVerify(hostKey); signature.update(H, 0, H.length); if (!signature.verify(sig)) throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, diff --git a/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java index 158e99d4..75ea5431 100644 --- a/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java +++ b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java @@ -66,7 +66,7 @@ public abstract class KeyedAuthMethod if (signature == null) throw new UserAuthException("Could not create signature instance for " + kt + " key"); - signature.init(null, key); + signature.initSign(key); signature.update(new Buffer.PlainBuffer() .putString(params.getTransport().getSessionID()) .putBuffer(reqBuf) // & rest of the data for sig diff --git a/src/test/java/net/schmizz/sshj/signature/VerificationTest.java b/src/test/java/net/schmizz/sshj/signature/VerificationTest.java index c9b9b743..57f33b13 100644 --- a/src/test/java/net/schmizz/sshj/signature/VerificationTest.java +++ b/src/test/java/net/schmizz/sshj/signature/VerificationTest.java @@ -34,7 +34,7 @@ public class VerificationTest { PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey(); Signature signature = new SignatureECDSA.Factory256().create(); - signature.init(hostKey, null); + signature.initVerify(hostKey); signature.update(H, 0, H.length); Assert.assertTrue("ECDSA256 signature verifies", signature.verify(sig)); @@ -49,7 +49,7 @@ public class VerificationTest { PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey(); Signature signature = new SignatureECDSA.Factory384().create(); - signature.init(hostKey, null); + signature.initVerify(hostKey); signature.update(H, 0, H.length); Assert.assertTrue("ECDSA384 signature verifies", signature.verify(sig)); @@ -64,7 +64,7 @@ public class VerificationTest { PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey(); Signature signature = new SignatureECDSA.Factory521().create(); - signature.init(hostKey, null); + signature.initVerify(hostKey); signature.update(H, 0, H.length); Assert.assertTrue("ECDSA521 signature verifies", signature.verify(sig));