diff options
Diffstat (limited to 'src/pki_gcrypt.c')
-rw-r--r-- | src/pki_gcrypt.c | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 9a8e8622..c0395e9d 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -2079,19 +2079,29 @@ int pki_signature_verify(ssh_session session, return SSH_OK; } -ssh_signature pki_do_sign(const ssh_key privkey, - const unsigned char *hash, - size_t hlen) { +ssh_signature pki_do_sign_hash(const ssh_key privkey, + const unsigned char *hash, + size_t hlen, + enum ssh_digest_e hash_type) +{ unsigned char ghash[hlen + 1]; + const char *hash_c = NULL; ssh_signature sig; gcry_sexp_t sexp; gcry_error_t err; + /* Only RSA supports different signature algorithm types now */ + if (privkey->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) { + SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed"); + return NULL; + } + sig = ssh_signature_new(); if (sig == NULL) { return NULL; } sig->type = privkey->type; + sig->hash_type = hash_type; sig->type_c = privkey->type_c; switch (privkey->type) { case SSH_KEYTYPE_DSS: @@ -2117,9 +2127,26 @@ ssh_signature pki_do_sign(const ssh_key privkey, } break; case SSH_KEYTYPE_RSA: + sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type); + switch (hash_type) { + case SSH_DIGEST_SHA1: + case SSH_DIGEST_AUTO: + hash_c = "sha1"; + break; + case SSH_DIGEST_SHA256: + hash_c = "sha256"; + break; + case SSH_DIGEST_SHA512: + hash_c = "sha512"; + break; + default: + SSH_LOG(SSH_LOG_WARN, "Incomplatible key algorithm"); + return NULL; + } err = gcry_sexp_build(&sexp, NULL, - "(data(flags pkcs1)(hash sha1 %b))", + "(data(flags pkcs1)(hash %s %b))", + hash_c, hlen, hash); if (err) { |