diff options
| author | Andreas Schneider <asn@cryptomilk.org> | 2011-08-22 18:47:15 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2011-08-22 18:47:15 +0200 |
| commit | 9da331e79b4c0ccb82f43ad130835ff3408d7355 (patch) | |
| tree | 224afb4407413fbee277aa30841a47cfbd6388c2 /src/dh.c | |
| parent | 8edf57fbf21c2f23c38f6483db5a3beac0454e28 (diff) | |
| download | libssh-9da331e79b4c0ccb82f43ad130835ff3408d7355.tar.gz libssh-9da331e79b4c0ccb82f43ad130835ff3408d7355.tar.xz libssh-9da331e79b4c0ccb82f43ad130835ff3408d7355.zip | |
dh: Remove obsolete signature functions.
Diffstat (limited to 'src/dh.c')
| -rw-r--r-- | src/dh.c | 140 |
1 files changed, 0 insertions, 140 deletions
@@ -1017,146 +1017,6 @@ ssh_string ssh_get_pubkey(ssh_session session){ return ssh_string_copy(session->current_crypto->server_pubkey); } -int sig_verify(ssh_session session, ssh_public_key pubkey, - SIGNATURE *signature, unsigned char *digest, int size) { -#ifdef HAVE_LIBGCRYPT - gcry_error_t valid = 0; - gcry_sexp_t gcryhash; -#elif defined HAVE_LIBCRYPTO - int valid = 0; -#endif - unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; - - sha1(digest, size, hash + 1); - -#ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN); -#endif - - switch(pubkey->type) { - case SSH_KEYTYPE_DSS: -#ifdef HAVE_LIBGCRYPT - valid = gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash); - if (valid != 0) { - ssh_set_error(session, SSH_FATAL, - "RSA error: %s", gcry_strerror(valid)); - return -1; - } - valid = gcry_pk_verify(signature->dsa_sign, gcryhash, pubkey->dsa_pub); - gcry_sexp_release(gcryhash); - if (valid == 0) { - return 0; - } - - if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) { - ssh_set_error(session, SSH_FATAL, - "DSA error: %s", gcry_strerror(valid)); - return -1; - } -#elif defined HAVE_LIBCRYPTO - valid = DSA_do_verify(hash + 1, SHA_DIGEST_LEN, signature->dsa_sign, - pubkey->dsa_pub); - if (valid == 1) { - return 0; - } - - if (valid == -1) { - ssh_set_error(session, SSH_FATAL, - "DSA error: %s", ERR_error_string(ERR_get_error(), NULL)); - return -1; - } -#endif - ssh_set_error(session, SSH_FATAL, "Invalid DSA signature"); - return -1; - - case SSH_KEYTYPE_RSA: - case SSH_KEYTYPE_RSA1: -#ifdef HAVE_LIBGCRYPT - valid = gcry_sexp_build(&gcryhash, NULL, - "(data(flags pkcs1)(hash sha1 %b))", SHA_DIGEST_LEN, hash + 1); - if (valid != 0) { - ssh_set_error(session, SSH_FATAL, - "RSA error: %s", gcry_strerror(valid)); - return -1; - } - valid = gcry_pk_verify(signature->rsa_sign,gcryhash,pubkey->rsa_pub); - gcry_sexp_release(gcryhash); - if (valid == 0) { - return 0; - } - if (gcry_err_code(valid) != GPG_ERR_BAD_SIGNATURE) { - ssh_set_error(session, SSH_FATAL, - "RSA error: %s", gcry_strerror(valid)); - return -1; - } -#elif defined HAVE_LIBCRYPTO - valid = RSA_verify(NID_sha1, hash + 1, SHA_DIGEST_LEN, - signature->rsa_sign->string, ssh_string_len(signature->rsa_sign), - pubkey->rsa_pub); - if (valid == 1) { - return 0; - } - if (valid == -1) { - ssh_set_error(session, SSH_FATAL, - "RSA error: %s", ERR_error_string(ERR_get_error(), NULL)); - return -1; - } -#endif - ssh_set_error(session, SSH_FATAL, "Invalid RSA signature"); - return -1; - default: - ssh_set_error(session, SSH_FATAL, "Unknown public key type"); - return -1; - } - - return -1; -} - -int signature_verify(ssh_session session, ssh_string signature) { - ssh_public_key pubkey = NULL; - SIGNATURE *sign = NULL; - int err; - - enter_function(); - - pubkey = publickey_from_string(session,session->next_crypto->server_pubkey); - if(pubkey == NULL) { - leave_function(); - return -1; - } - - if (session->wanted_methods[SSH_HOSTKEYS]) { - if(!ssh_match_group(session->wanted_methods[SSH_HOSTKEYS],pubkey->type_c)) { - ssh_set_error(session, SSH_FATAL, - "Public key from server (%s) doesn't match user preference (%s)", - pubkey->type_c, session->wanted_methods[SSH_HOSTKEYS]); - publickey_free(pubkey); - leave_function(); - return -1; - } - } - - sign = signature_from_string(session, signature, pubkey, pubkey->type); - if (sign == NULL) { - ssh_set_error(session, SSH_FATAL, "Invalid signature blob"); - publickey_free(pubkey); - leave_function(); - return -1; - } - - ssh_log(session, SSH_LOG_FUNCTIONS, - "Going to verify a %s type signature", pubkey->type_c); - - err = sig_verify(session,pubkey,sign, - session->next_crypto->session_id, session->next_crypto->digest_len); - signature_free(sign); - session->next_crypto->server_pubkey_type = pubkey->type_c; - publickey_free(pubkey); - - leave_function(); - return err; -} - /** @} */ /* vim: set ts=4 sw=4 et cindent: */ |