aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2011-08-26 09:51:02 +0200
committerAndreas Schneider <asn@cryptomilk.org>2011-08-26 09:51:02 +0200
commit7457937bab8553379b470366456ebcdfb76aaf40 (patch)
tree817ded94fda31e315e339c39ba1624528b63b50e /src
parentb5db04003da54badc86fd279b9c7f6f8d613af39 (diff)
downloadlibssh-7457937bab8553379b470366456ebcdfb76aaf40.tar.gz
libssh-7457937bab8553379b470366456ebcdfb76aaf40.tar.xz
libssh-7457937bab8553379b470366456ebcdfb76aaf40.zip
pki: Migrate ssh_pki_do_sign to new pki.
Diffstat (limited to 'src')
-rw-r--r--src/pki.c46
-rw-r--r--src/pki_crypto.c37
-rw-r--r--src/pki_gcrypt.c59
3 files changed, 80 insertions, 62 deletions
diff --git a/src/pki.c b/src/pki.c
index 25ef273a..48cd98db 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -1057,51 +1057,57 @@ int ssh_pki_signature_verify_blob(ssh_session session,
/*
* This function signs the session id (known as H) as a string then
* the content of sigbuf */
-ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
- const ssh_key privatekey) {
- struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
- session->next_crypto;
+ssh_string ssh_pki_do_sign(ssh_session session,
+ ssh_buffer sigbuf,
+ const ssh_key privkey) {
+ struct ssh_crypto_struct *crypto =
+ session->current_crypto ? session->current_crypto :
+ session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
- ssh_string session_str = NULL;
- ssh_string signature = NULL;
- struct signature_struct *sign = NULL;
+ ssh_signature sig;
+ ssh_string sig_blob = NULL;
+ ssh_string str = NULL;
SHACTX ctx = NULL;
+ int rc;
- if (privatekey == NULL || !ssh_key_is_private(privatekey)) {
+ if (privkey == NULL || !ssh_key_is_private(privkey)) {
return NULL;
}
- session_str = ssh_string_new(SHA_DIGEST_LEN);
- if (session_str == NULL) {
+ str = ssh_string_new(SHA_DIGEST_LEN);
+ if (str == NULL) {
return NULL;
}
- ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);
+ ssh_string_fill(str, crypto->session_id, SHA_DIGEST_LEN);
ctx = sha1_init();
if (ctx == NULL) {
- ssh_string_free(session_str);
+ ssh_string_free(str);
return NULL;
}
- sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
- ssh_string_free(session_str);
+ sha1_update(ctx, str, ssh_string_len(str) + 4);
+ ssh_string_free(str);
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
- sha1_final(hash + 1,ctx);
+ sha1_final(hash + 1, ctx);
hash[0] = 0;
#ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
#endif
- sign = pki_do_sign(privatekey, hash);
- if (sign == NULL) {
+ sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
+ if (sig == NULL) {
return NULL;
}
- signature = signature_to_string(sign);
- signature_free(sign);
+ rc = ssh_pki_export_signature_blob(sig, &sig_blob);
+ ssh_signature_free(sig);
+ if (rc < 0) {
+ return NULL;
+ }
- return signature;
+ return sig_blob;
}
#ifndef _WIN32
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 386ac997..5ed40104 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -720,22 +720,23 @@ int pki_signature_verify(ssh_session session,
return SSH_OK;
}
-struct signature_struct *pki_do_sign(ssh_key privatekey,
- const unsigned char *hash) {
- struct signature_struct *sign;
+ssh_signature pki_do_sign(const ssh_key privkey,
+ const unsigned char *hash,
+ size_t hlen) {
+ ssh_signature sig;
- sign = malloc(sizeof(SIGNATURE));
- if (sign == NULL) {
+ sig = ssh_signature_new();
+ if (sig == NULL) {
return NULL;
}
- sign->type = privatekey->type;
- switch(privatekey->type) {
+ sig->type = privkey->type;
+
+ switch(privkey->type) {
case SSH_KEYTYPE_DSS:
- sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
- privatekey->dsa);
- if (sign->dsa_sign == NULL) {
- signature_free(sign);
+ sig->dsa_sig = DSA_do_sign(hash + 1, hlen, privkey->dsa);
+ if (sig->dsa_sig == NULL) {
+ ssh_signature_free(sig);
return NULL;
}
@@ -744,25 +745,23 @@ struct signature_struct *pki_do_sign(ssh_key privatekey,
ssh_print_bignum("s", sign->dsa_sign->s);
#endif
- sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
- sign->rsa_sign = _RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
- privatekey->rsa);
- if (sign->rsa_sign == NULL) {
- signature_free(sign);
+ sig->rsa_sig = _RSA_do_sign(hash + 1, hlen, privkey->rsa);
+ if (sig->rsa_sig == NULL) {
+ ssh_signature_free(sig);
return NULL;
}
- sign->dsa_sign = NULL;
+ sig->dsa_sig = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
- signature_free(sign);
+ ssh_signature_free(sig);
return NULL;
}
- return sign;
+ return sig;
}
#ifdef WITH_SERVER
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 06bf1a38..8d94d162 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1384,47 +1384,60 @@ int pki_signature_verify(ssh_session session,
return SSH_OK;
}
-struct signature_struct *pki_do_sign(ssh_key privatekey,
- const unsigned char *hash) {
- struct signature_struct *sign;
- gcry_sexp_t gcryhash;
+ssh_signature pki_do_sign(const ssh_key privkey,
+ const unsigned char *hash,
+ size_t hlen) {
+ ssh_signature sig;
+ gcry_sexp_t sexp;
+ gcry_error_t err;
- sign = malloc(sizeof(SIGNATURE));
- if (sign == NULL) {
+ sig = ssh_signature_new();
+ if (sig == NULL) {
return NULL;
}
- sign->type = privatekey->type;
+ sig->type = privkey->type;
- switch(privatekey->type) {
+ switch (privkey->type) {
case SSH_KEYTYPE_DSS:
- if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
- gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
- gcry_sexp_release(gcryhash);
- signature_free(sign);
+ err = gcry_sexp_build(&sexp, NULL, "%b", hlen + 1, hash);
+ if (err) {
+ ssh_signature_free(sig);
+ return NULL;
+ }
+
+ err = gcry_pk_sign(&sig->dsa_sig, sexp, privkey->dsa);
+ gcry_sexp_release(sexp);
+ if (err) {
+ ssh_signature_free(sig);
return NULL;
}
- sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
- if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
- SHA_DIGEST_LEN, hash + 1) ||
- gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
- gcry_sexp_release(gcryhash);
- signature_free(sign);
+ err = gcry_sexp_build(&sexp,
+ NULL,
+ "(data(flags pkcs1)(hash sha1 %b))",
+ hlen,
+ hash + 1);
+ if (err) {
+ ssh_signature_free(sig);
+ return NULL;
+ }
+
+ err = gcry_pk_sign(&sig->rsa_sig, sexp, privkey->rsa);
+ gcry_sexp_release(sexp);
+ if (err) {
+ ssh_signature_free(sig);
return NULL;
}
- sign->dsa_sign = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
- signature_free(sign);
+ ssh_signature_free(sig);
return NULL;
}
- gcry_sexp_release(gcryhash);
-
- return sign;
+ return sig;
}
#ifdef WITH_SERVER