aboutsummaryrefslogtreecommitdiff
path: root/src/pki_gcrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki_gcrypt.c')
-rw-r--r--src/pki_gcrypt.c35
1 files changed, 31 insertions, 4 deletions
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 9a8e8622..c0395e9d 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -2079,19 +2079,29 @@ int pki_signature_verify(ssh_session session,
return SSH_OK;
}
-ssh_signature pki_do_sign(const ssh_key privkey,
- const unsigned char *hash,
- size_t hlen) {
+ssh_signature pki_do_sign_hash(const ssh_key privkey,
+ const unsigned char *hash,
+ size_t hlen,
+ enum ssh_digest_e hash_type)
+{
unsigned char ghash[hlen + 1];
+ const char *hash_c = NULL;
ssh_signature sig;
gcry_sexp_t sexp;
gcry_error_t err;
+ /* Only RSA supports different signature algorithm types now */
+ if (privkey->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
+ SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
+ return NULL;
+ }
+
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;
}
sig->type = privkey->type;
+ sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch (privkey->type) {
case SSH_KEYTYPE_DSS:
@@ -2117,9 +2127,26 @@ ssh_signature pki_do_sign(const ssh_key privkey,
}
break;
case SSH_KEYTYPE_RSA:
+ sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
+ switch (hash_type) {
+ case SSH_DIGEST_SHA1:
+ case SSH_DIGEST_AUTO:
+ hash_c = "sha1";
+ break;
+ case SSH_DIGEST_SHA256:
+ hash_c = "sha256";
+ break;
+ case SSH_DIGEST_SHA512:
+ hash_c = "sha512";
+ break;
+ default:
+ SSH_LOG(SSH_LOG_WARN, "Incomplatible key algorithm");
+ return NULL;
+ }
err = gcry_sexp_build(&sexp,
NULL,
- "(data(flags pkcs1)(hash sha1 %b))",
+ "(data(flags pkcs1)(hash %s %b))",
+ hash_c,
hlen,
hash);
if (err) {