diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2013-10-18 22:45:57 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2013-10-18 23:22:24 +0200 |
commit | 33890daf4104238ecf4216102abd0411eed17c43 (patch) | |
tree | acef248a50acbcef23f2679c786905898f04d3ec /src/pki.c | |
parent | ac4c5699b13faa9d6f10f1b26b3180cebd52cd84 (diff) | |
download | libssh-33890daf4104238ecf4216102abd0411eed17c43.tar.gz libssh-33890daf4104238ecf4216102abd0411eed17c43.tar.xz libssh-33890daf4104238ecf4216102abd0411eed17c43.zip |
pki: Add support for ECDSA private key signing.
Diffstat (limited to 'src/pki.c')
-rw-r--r-- | src/pki.c | 48 |
1 files changed, 34 insertions, 14 deletions
@@ -1271,11 +1271,9 @@ ssh_string ssh_pki_do_sign(ssh_session session, struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : session->next_crypto; - unsigned char hash[SHA_DIGEST_LEN] = {0}; ssh_signature sig; ssh_string sig_blob; ssh_string session_id; - SHACTX ctx; int rc; if (privkey == NULL || !ssh_key_is_private(privkey)) { @@ -1287,24 +1285,46 @@ ssh_string ssh_pki_do_sign(ssh_session session, return NULL; } ssh_string_fill(session_id, crypto->session_id, crypto->digest_len); - /* TODO: change when supporting ECDSA keys */ - ctx = sha1_init(); - if (ctx == NULL) { - ssh_string_free(session_id); - return NULL; - } - sha1_update(ctx, session_id, ssh_string_len(session_id) + 4); - ssh_string_free(session_id); + if (privkey->type == SSH_KEYTYPE_ECDSA) { +#ifdef HAVE_ECC + unsigned char ehash[EVP_DIGEST_LEN] = {0}; + uint32_t elen; + EVPCTX ctx; - sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); - sha1_final(hash, ctx); + ctx = evp_init(privkey->ecdsa_nid); + if (ctx == NULL) { + ssh_string_free(session_id); + return NULL; + } + + evp_update(ctx, session_id, ssh_string_len(session_id) + 4); + evp_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); + evp_final(ctx, ehash, &elen); + + sig = pki_do_sign(privkey, ehash, elen); +#endif + } else { + unsigned char hash[SHA_DIGEST_LEN] = {0}; + SHACTX ctx; + + ctx = sha1_init(); + if (ctx == NULL) { + ssh_string_free(session_id); + return NULL; + } + + sha1_update(ctx, session_id, ssh_string_len(session_id) + 4); + sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); + sha1_final(hash, ctx); #ifdef DEBUG_CRYPTO - ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN); + ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN); #endif - sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN); + sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN); + } + ssh_string_free(session_id); if (sig == NULL) { return NULL; } |