aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2013-10-18 22:45:57 +0200
committerAndreas Schneider <asn@cryptomilk.org>2013-10-18 23:22:24 +0200
commit33890daf4104238ecf4216102abd0411eed17c43 (patch)
treeacef248a50acbcef23f2679c786905898f04d3ec /src
parentac4c5699b13faa9d6f10f1b26b3180cebd52cd84 (diff)
downloadlibssh-33890daf4104238ecf4216102abd0411eed17c43.tar.gz
libssh-33890daf4104238ecf4216102abd0411eed17c43.tar.xz
libssh-33890daf4104238ecf4216102abd0411eed17c43.zip
pki: Add support for ECDSA private key signing.
Diffstat (limited to 'src')
-rw-r--r--src/pki.c48
1 files changed, 34 insertions, 14 deletions
diff --git a/src/pki.c b/src/pki.c
index defc4061..ec5a6883 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -1271,11 +1271,9 @@ ssh_string ssh_pki_do_sign(ssh_session session,
struct ssh_crypto_struct *crypto =
session->current_crypto ? session->current_crypto :
session->next_crypto;
- unsigned char hash[SHA_DIGEST_LEN] = {0};
ssh_signature sig;
ssh_string sig_blob;
ssh_string session_id;
- SHACTX ctx;
int rc;
if (privkey == NULL || !ssh_key_is_private(privkey)) {
@@ -1287,24 +1285,46 @@ ssh_string ssh_pki_do_sign(ssh_session session,
return NULL;
}
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
- /* TODO: change when supporting ECDSA keys */
- ctx = sha1_init();
- if (ctx == NULL) {
- ssh_string_free(session_id);
- return NULL;
- }
- sha1_update(ctx, session_id, ssh_string_len(session_id) + 4);
- ssh_string_free(session_id);
+ if (privkey->type == SSH_KEYTYPE_ECDSA) {
+#ifdef HAVE_ECC
+ unsigned char ehash[EVP_DIGEST_LEN] = {0};
+ uint32_t elen;
+ EVPCTX ctx;
- sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
- sha1_final(hash, ctx);
+ ctx = evp_init(privkey->ecdsa_nid);
+ if (ctx == NULL) {
+ ssh_string_free(session_id);
+ return NULL;
+ }
+
+ evp_update(ctx, session_id, ssh_string_len(session_id) + 4);
+ evp_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
+ evp_final(ctx, ehash, &elen);
+
+ sig = pki_do_sign(privkey, ehash, elen);
+#endif
+ } else {
+ unsigned char hash[SHA_DIGEST_LEN] = {0};
+ SHACTX ctx;
+
+ ctx = sha1_init();
+ if (ctx == NULL) {
+ ssh_string_free(session_id);
+ return NULL;
+ }
+
+ sha1_update(ctx, session_id, ssh_string_len(session_id) + 4);
+ sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
+ sha1_final(hash, ctx);
#ifdef DEBUG_CRYPTO
- ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN);
+ ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN);
#endif
- sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
+ sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
+ }
+ ssh_string_free(session_id);
if (sig == NULL) {
return NULL;
}