diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-04-24 15:12:14 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-05-13 16:37:51 +0200 |
commit | dbf3f962a4f5fb9ec6e5718bfc2778d685c038f5 (patch) | |
tree | b1c391c7f9a8c5cf953db5f97ada6ee9351ee960 /src/pki.c | |
parent | 3917a5c916a834f8eb288455470f709cbdc4f27f (diff) | |
download | libssh-dbf3f962a4f5fb9ec6e5718bfc2778d685c038f5.tar.gz libssh-dbf3f962a4f5fb9ec6e5718bfc2778d685c038f5.tar.xz libssh-dbf3f962a4f5fb9ec6e5718bfc2778d685c038f5.zip |
pki: Refactor ssh_srv_pki_do_sign_sessionid()
Refactor ssh_srv_pki_do_sign_sessionid() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki.c')
-rw-r--r-- | src/pki.c | 103 |
1 files changed, 54 insertions, 49 deletions
@@ -2314,8 +2314,14 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session, const ssh_key privkey) { struct ssh_crypto_struct *crypto = NULL; + ssh_signature sig = NULL; - ssh_string sig_blob; + ssh_string sig_blob = NULL; + + ssh_buffer sign_input = NULL; + + enum ssh_digest_e hash_type; + int rc; if (session == NULL || privkey == NULL || !ssh_key_is_private(privkey)) { @@ -2330,82 +2336,81 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session, return NULL; } - if (is_ecdsa_key_type(privkey->type)) { -#ifdef HAVE_ECC - unsigned char ehash[EVP_DIGEST_LEN] = {0}; - uint32_t elen; - - evp(privkey->ecdsa_nid, crypto->secret_hash, crypto->digest_len, - ehash, &elen); - -#ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash being signed", ehash, elen); -#endif + /* Get the hash type from the key type */ + hash_type = ssh_key_type_to_hash(session, privkey->type); - sig = pki_do_sign_sessionid(privkey, ehash, elen); - if (sig == NULL) { - return NULL; - } -#endif - } else if (privkey->type == SSH_KEYTYPE_ED25519) { - sig = ssh_signature_new(); - if (sig == NULL){ - return NULL; - } + /* Fill the input */ + sign_input = ssh_buffer_new(); + if (sign_input == NULL) { + goto end; + } + ssh_buffer_set_secure(sign_input); - sig->type = privkey->type; - sig->type_c = privkey->type_c; + rc = ssh_buffer_pack(sign_input, + "P", + crypto->digest_len, + crypto->secret_hash); + if (rc != SSH_OK) { + goto end; + } - rc = pki_ed25519_sign(privkey, - sig, - crypto->secret_hash, - crypto->digest_len); - if (rc != SSH_OK){ - ssh_signature_free(sig); - sig = NULL; - } + /* Generate the signature */ + if (privkey->type == SSH_KEYTYPE_ED25519){ + sig = pki_do_sign(privkey, + ssh_buffer_get(sign_input), + ssh_buffer_get_len(sign_input)); } else { unsigned char hash[SHA512_DIGEST_LEN] = {0}; uint32_t hlen = 0; - enum ssh_digest_e hash_type; - - hash_type = ssh_key_type_to_hash(session, privkey->type); switch (hash_type) { case SSH_DIGEST_SHA256: - sha256(crypto->secret_hash, crypto->digest_len, hash); + sha256(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input), + hash); hlen = SHA256_DIGEST_LEN; break; + case SSH_DIGEST_SHA384: + sha384(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input), + hash); + hlen = SHA384_DIGEST_LEN; + break; case SSH_DIGEST_SHA512: - sha512(crypto->secret_hash, crypto->digest_len, hash); + sha512(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input), + hash); hlen = SHA512_DIGEST_LEN; break; case SSH_DIGEST_SHA1: case SSH_DIGEST_AUTO: - sha1(crypto->secret_hash, crypto->digest_len, hash); + sha1(ssh_buffer_get(sign_input), ssh_buffer_get_len(sign_input), + hash); hlen = SHA_DIGEST_LEN; break; default: - SSH_LOG(SSH_LOG_TRACE, "Unknown sig->type: %d", hash_type); - return NULL; + SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d", + hash_type); + goto end; } + sig = pki_do_sign_hash(privkey, hash, hlen, hash_type); + } + if (sig == NULL) { + goto end; + } #ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash being signed", hash, hlen); + SSH_LOG(SSH_LOG_TRACE, "Generated signature for %s and hash_type = %d", + privkey->type_c, hash_type); #endif - sig = pki_do_sign_sessionid_hash(privkey, hash, hlen, hash_type); - if (sig == NULL) { - return NULL; - } - } - + /* Convert the signature to blob */ rc = ssh_pki_export_signature_blob(sig, &sig_blob); - ssh_signature_free(sig); if (rc < 0) { - return NULL; + sig_blob = NULL; } +end: + ssh_signature_free(sig); + ssh_buffer_free(sign_input); + return sig_blob; } #endif /* WITH_SERVER */ |