Add Sign/Verify for SSH-Signatures

Author: darinkes

SshNet.Keygen.Sample/SshNet.Keygen.Sample.csproj

@@ -8,7 +8,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="SSH.NET" Version="2024.0.0" />
+        <PackageReference Include="SSH.NET" Version="2024.1.0" />
         <ProjectReference Include="..\SshNet.Keygen\SshNet.Keygen.csproj" />
     </ItemGroup>
 

SshNet.Keygen.Tests/SshNet.Keygen.Tests.csproj

@@ -3,7 +3,7 @@
     <PropertyGroup>
         <TargetFrameworks Condition="'$(OS)' == 'Windows_NT'">net48;net8.0</TargetFrameworks>
         <TargetFramework Condition="'$(OS)' != 'Windows_NT'">net8.0</TargetFramework>
-        <LangVersion>9</LangVersion>
+        <LangVersion>latest</LangVersion>
         <IsPackable>false</IsPackable>
     </PropertyGroup>
 
@@ -19,6 +19,7 @@
 
     <ItemGroup>
       <EmbeddedResource Include="TestKeys\*" />
+      <EmbeddedResource Include="TestSignatures\*" />
     </ItemGroup>
 
 </Project>

SshNet.Keygen.Tests/TestKey.cs

@@ -209,6 +209,13 @@ private string GetKey(string keyname)
             return reader.ReadToEnd();
         }
 
+        private string GetSignatureResource(string keyname)
+        {
+            var resourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream($"SshNet.Keygen.Tests.TestSignatures.{keyname}");
+            using var reader = new StreamReader(resourceStream, Encoding.ASCII);
+            return reader.ReadToEnd().Replace(Environment.NewLine, "\n");
+        }
+
         private void TestFormatKey<T>(string keyname, int keyLength, string passphrase = null)
         {
             if (!string.IsNullOrEmpty(passphrase))
@@ -302,5 +309,46 @@ public void TestED25519()
             TestFormatKey<ED25519Key>("ED25519", 256);
             TestFormatKey<ED25519Key>("ED25519", 256, "12345");
         }
+
+        [Test]
+        public void TestVerify()
+        {
+            List<string> keys = ["RSA2048", "RSA3072", "RSA4096", "RSA8192", "ECDSA256", "ECDSA384", "ECDSA521", "ED25519"];
+            var data = Encoding.UTF8.GetBytes(GetSignatureResource("file.txt"));
+
+            foreach (var key in keys)
+            {
+                TestContext.WriteLine($"Testing Key {key}");
+                var signature = GetSignatureResource($"file.txt.{key}.sig");
+                ClassicAssert.IsTrue(SshSignature.Verify(data, signature));
+            }
+        }
+
+        [Test]
+        public void TestSign()
+        {
+            List<string> keys = ["RSA2048", "RSA3072", "RSA4096", "RSA8192", "ECDSA256", "ECDSA384", "ECDSA521", "ED25519"];
+            var data = Encoding.UTF8.GetBytes(GetSignatureResource("file.txt"));
+
+            foreach (var key in keys)
+            {
+                TestContext.WriteLine($"Testing Key {key}");
+                var expectedSignature = GetSignatureResource($"file.txt.{key}.sig");
+                var keyData = GetKey(key);
+                var keyFile = new PrivateKeyFile(keyData.ToStream());
+                var signature = keyFile.Signature(data);
+                ClassicAssert.IsTrue(SshSignature.Verify(data, signature));
+
+                // ECDSA Signatures differ on each run
+                if (!key.StartsWith("ECDSA"))
+                    ClassicAssert.AreEqual(expectedSignature, signature);
+
+                var file = $"file-{key}.txt";
+                File.WriteAllText(file, "bla");
+                keyFile.SignatureFile(file);
+                ClassicAssert.IsTrue(SshSignature.VerifyFile(file, $"{file}.sig"));
+
+            }
+        }
     }
 }

SshNet.Keygen.Tests/TestSignatures/file.txt

@@ -0,0 +1 @@
+bla

SshNet.Keygen.Tests/TestSignatures/file.txt.ECDSA256.sig

@@ -0,0 +1,7 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAE
+EESopJD2EOZurPTh6aNd6RvfBG4/VIiEYL6RF3xWNuNJ9kD9q/qdNTt3bCTE7QgUiN4LvH
+3m2+1W/FdCo1rxVFcQAAAARmaWxlAAAAAAAAAAZzaGE1MTIAAABkAAAAE2VjZHNhLXNoYT
+ItbmlzdHAyNTYAAABJAAAAIGQ5GV/wx49Jt1ewe0lGDSdHRK84bxFrqkiaGd0ppF4FAAAA
+IQCgeawU+z9lTXJbfDX5jEirNV5EkYzQsWZ+L/T216objQ==
+-----END SSH SIGNATURE-----

SshNet.Keygen.Tests/TestSignatures/file.txt.ECDSA384.sig

@@ -0,0 +1,8 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAIgAAAATZWNkc2Etc2hhMi1uaXN0cDM4NAAAAAhuaXN0cDM4NAAAAG
+EERxwFxKqyTbx914sfwUEobYBtwuyUqXwOgkAIArdChUzPUyP/SBj8U6SoxtiBHp8CXEzT
+pgkjwaYU7qNtypf0/Qy/JR8Bc3VO3iWNufT/t8A/Twc/6DMZIdmxOPWXQwaMAAAABGZpbG
+UAAAAAAAAABnNoYTUxMgAAAIMAAAATZWNkc2Etc2hhMi1uaXN0cDM4NAAAAGgAAAAwbnar
+SmL/5XlkV8ySShlIHrNNTUzVVioIWxd2AWFYdul7iaGF4DGfK6laBJSTK+eqAAAAMCdjtp
+OKFcNpYZ+cauvrBJSvTJ9Pb8EJj0PUi61SrJkp3ZFULesWuglUbtwUttrcSQ==
+-----END SSH SIGNATURE-----

SshNet.Keygen.Tests/TestSignatures/file.txt.ECDSA521.sig

@@ -0,0 +1,10 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAKwAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQAAAI
+UEAK5WmW+O0Ut75D9KATr6yEFwYZmBsHJmxUXRRrcyvTbdpKofHoVzpY4WHK4pJg8GHwG1
+NnpDHyjsPAD6oe4dYTiCAO9uYQPGlmxu8KTt+4VOtsX3IkAVaWPb3rsn+k9yz4WP2PEnRD
+ILrQXT4Nc5XmoA4lCAcFNIxmmxPu7zVaNq8/hBAAAABGZpbGUAAAAAAAAABnNoYTUxMgAA
+AKUAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAIoAAABBbSiayMz22ln7pRn0byMB57Cq/R
+4sg8m0ngeFOmY70XC/kNK7TTA3VTD0UkBsdG2KLAj6s2haUiH8LSiOjJ6mbmAAAABBPpmj
+I2mBpTW38WZLGsEf4prYeIO7dO0TY1hzGefm6txqOxFaBmpzZMT8ktYaikU/O8JBaIqiw7
+ZMZNe5ShmuvuM=
+-----END SSH SIGNATURE-----

SshNet.Keygen.Tests/TestSignatures/file.txt.ED25519.sig

@@ -0,0 +1,6 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgTlboFw2cy42Ati5RrXwX8KLx3M
++p4g78fffefTK/ijoAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
+OQAAAED0TUwGrgbbWKVj6BiR07l0OrtJa5uM6vCo5Fe4smzPcTzmJDODkllHIgRuI/E+PD
+dC67uGC9N7Jgzc54EoFHIO
+-----END SSH SIGNATURE-----

SshNet.Keygen.Tests/TestSignatures/file.txt.RSA2048.sig

@@ -0,0 +1,14 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBAOJpdVVMNyPkABr2ywB2iO
+ns3StUJMUNDGuFjqyNzVYvaX3C8rjB6i1EoBCHbp6ZPEEU8e6bOPU6i2hvQTjFWxqmaRvj
+3hz7VAu+wMMmQkw1IMZyw2YhKi/+sCz8Yb3vI2xUHR1PZLtZj7K47prVLkbiWtycIiJaCD
+n9nI1QYeHX40in+0witV9D6T+tieUbyda/3C31KL1y5Vs4plHssEWayKq/Yi5xqWLAitGO
+KGUofEk1N0FEagJrMEzfDiEUxbFOFjedRo2lfgY/KUUzc1gabNYHH927P+gup/60pYLM9s
+MpgjBB8v1KJ2F/tCBKMyX0BZ7QYhWvVMFIM4F3SycAAAAEZmlsZQAAAAAAAAAGc2hhNTEy
+AAABFAAAAAxyc2Etc2hhMi01MTIAAAEA2WMT5aZ6fJ/ZXF0Gl/Vym8mTtDXEufziwjmt+z
+ZSt3MF0GlwNDiYkeHFjyg16zqrJkeddj7yENyQ0Eae0Ew+7iFML6sKTEJKaiYf51/U+Jli
+DVawwhH0+i3YZaCGmbiEQeXHfuFtA8deCdyxUkUYbycpdrfd0bx2dZFYu/WgNa9gHu/OVO
+NQqqDOAHZUAko2MHN2GZ7wiepbGO9NAjhRtRE2tV6X8l3KI1+PmqvyfOQQMZcVa1V/WaFR
+8wx1Z3VBJ+szP0XBdWrrwKY8K7yEE5rm55mx2rGtXuySGgISMbZlUHlJp31YE0Z4jMcEE+
+5m61gVpll8DYFSakNlBk6Xgg==
+-----END SSH SIGNATURE-----

SshNet.Keygen.Tests/TestSignatures/file.txt.RSA3072.sig

@@ -0,0 +1,19 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAKs3fv8jufGNRU/E8SNlcG
+Eg3HBy+NXCcF0zzvwQivdQ38GjjZG3AyLJd1IYNX4JmSxLOoy17LMlHlY0Yn9tb9ZVgoiX
+Nz+TC/8t1BMvKcokxlcMlJuK30WEYFzcseJ/zrC+KEeHZMlzWa4Hm5R8mvsgF5+9N3RQYL
+kekiVn6dCu6Glw0ZGt6QUMhF8VXJx6wDDqbHLgtO/UzauoAE3a87ypj8zpDjsbDee3EJ9p
+RkCg4o0FiECOniOkOxRZCVFEKm7kwR8wiPTyjReNZcConEFkU1rb/ZYztkcu7W1psZYUmj
+j0TMfZpiimyLuASfAlqKshtL4VZdCOr+YTL6gkoMEQcce8SsT4+38F42ecGsybw43k8tCy
+t6D6c72irREqr+yO8qWy1CunMPHcu1zqIgPKISntdjC4ha7XGxqr6kqDlQfkqdqqNaVU5q
+x9GzpaB3+cT+auZsZFBgz6ProxxjtCTv3+wuPnAKIMbk24LM1wN21zpzFG4uWf7fYSG9Zb
+RQAAAARmaWxlAAAAAAAAAAZzaGE1MTIAAAGUAAAADHJzYS1zaGEyLTUxMgAAAYAC6NRILC
+HH/D2iTC+cvr0M2zwjoEDfEOIMCIcIF2BYRobo6UIudUL2ST8eIBriAsxkgdOnvt/+evN/
+iirFMtb7RDC/bysHoaWEJYSkHsM/aklEiPgw0z3+eGDQChRBZQPRPPuAl6GOl8RRuNm0Ea
+Wy+Rpj483yvDb4JSsf5+iAIFKhdv692B8T9MaqAfzhgkDLfoKfHPSRs8i3jlCFmIEXdBVu
+Gs34jYKaX1uxuDsBvTeC24XsZNcwbRAO2YUrH0PRX6mpqS06xeRTUzIlYd7Iq1an62xGx1
+Alu2cGrh4P1tWHwxF6TC7um6CaqQOVipWP7jAUc12cBdjC205Vw/GCPB+N7Q5Ot7qSl3L5
+ELyd2n1HJVXuL5rFQDp7iELgjuiObn1ZSF3+C1tryBTSVsnfkui4BmZmC2AstbGUfuX2Nn
+HDLTpRAt/ocC17HLro43pm6aj/HYa8Y3s8kZoPYVg/YzYOxqPXaBDlPsEyK7P06utKFsq/
+wlTihlGHDyob6n8=
+-----END SSH SIGNATURE-----