diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2011-08-26 09:51:02 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2011-08-26 09:51:02 +0200 |
commit | 7457937bab8553379b470366456ebcdfb76aaf40 (patch) | |
tree | 817ded94fda31e315e339c39ba1624528b63b50e | |
parent | b5db04003da54badc86fd279b9c7f6f8d613af39 (diff) | |
download | libssh-7457937bab8553379b470366456ebcdfb76aaf40.tar.gz libssh-7457937bab8553379b470366456ebcdfb76aaf40.tar.xz libssh-7457937bab8553379b470366456ebcdfb76aaf40.zip |
pki: Migrate ssh_pki_do_sign to new pki.
-rw-r--r-- | include/libssh/pki_priv.h | 5 | ||||
-rw-r--r-- | src/pki.c | 46 | ||||
-rw-r--r-- | src/pki_crypto.c | 37 | ||||
-rw-r--r-- | src/pki_gcrypt.c | 59 |
4 files changed, 83 insertions, 64 deletions
diff --git a/include/libssh/pki_priv.h b/include/libssh/pki_priv.h index 3e1ef5d..b6d312b 100644 --- a/include/libssh/pki_priv.h +++ b/include/libssh/pki_priv.h @@ -62,8 +62,9 @@ int pki_signature_verify(ssh_session session, size_t len); /* SSH Signing Functions */ -struct signature_struct *pki_do_sign(const ssh_key privatekey, - const unsigned char *hash); +ssh_signature pki_do_sign(const ssh_key privkey, + const unsigned char *hash, + size_t hlen); ssh_signature pki_do_sign_sessionid(const ssh_key key, const unsigned char *hash); #endif /* PKI_PRIV_H_ */ @@ -1057,51 +1057,57 @@ int ssh_pki_signature_verify_blob(ssh_session session, /* * This function signs the session id (known as H) as a string then * the content of sigbuf */ -ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf, - const ssh_key privatekey) { - struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : - session->next_crypto; +ssh_string ssh_pki_do_sign(ssh_session session, + ssh_buffer sigbuf, + const ssh_key privkey) { + struct ssh_crypto_struct *crypto = + session->current_crypto ? session->current_crypto : + session->next_crypto; unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; - ssh_string session_str = NULL; - ssh_string signature = NULL; - struct signature_struct *sign = NULL; + ssh_signature sig; + ssh_string sig_blob = NULL; + ssh_string str = NULL; SHACTX ctx = NULL; + int rc; - if (privatekey == NULL || !ssh_key_is_private(privatekey)) { + if (privkey == NULL || !ssh_key_is_private(privkey)) { return NULL; } - session_str = ssh_string_new(SHA_DIGEST_LEN); - if (session_str == NULL) { + str = ssh_string_new(SHA_DIGEST_LEN); + if (str == NULL) { return NULL; } - ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN); + ssh_string_fill(str, crypto->session_id, SHA_DIGEST_LEN); ctx = sha1_init(); if (ctx == NULL) { - ssh_string_free(session_str); + ssh_string_free(str); return NULL; } - sha1_update(ctx, session_str, ssh_string_len(session_str) + 4); - ssh_string_free(session_str); + sha1_update(ctx, str, ssh_string_len(str) + 4); + ssh_string_free(str); sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); - sha1_final(hash + 1,ctx); + sha1_final(hash + 1, ctx); hash[0] = 0; #ifdef DEBUG_CRYPTO ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN); #endif - sign = pki_do_sign(privatekey, hash); - if (sign == NULL) { + sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN); + if (sig == NULL) { return NULL; } - signature = signature_to_string(sign); - signature_free(sign); + rc = ssh_pki_export_signature_blob(sig, &sig_blob); + ssh_signature_free(sig); + if (rc < 0) { + return NULL; + } - return signature; + return sig_blob; } #ifndef _WIN32 diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 386ac99..5ed4010 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -720,22 +720,23 @@ int pki_signature_verify(ssh_session session, return SSH_OK; } -struct signature_struct *pki_do_sign(ssh_key privatekey, - const unsigned char *hash) { - struct signature_struct *sign; +ssh_signature pki_do_sign(const ssh_key privkey, + const unsigned char *hash, + size_t hlen) { + ssh_signature sig; - sign = malloc(sizeof(SIGNATURE)); - if (sign == NULL) { + sig = ssh_signature_new(); + if (sig == NULL) { return NULL; } - sign->type = privatekey->type; - switch(privatekey->type) { + sig->type = privkey->type; + + switch(privkey->type) { case SSH_KEYTYPE_DSS: - sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, - privatekey->dsa); - if (sign->dsa_sign == NULL) { - signature_free(sign); + sig->dsa_sig = DSA_do_sign(hash + 1, hlen, privkey->dsa); + if (sig->dsa_sig == NULL) { + ssh_signature_free(sig); return NULL; } @@ -744,25 +745,23 @@ struct signature_struct *pki_do_sign(ssh_key privatekey, ssh_print_bignum("s", sign->dsa_sign->s); #endif - sign->rsa_sign = NULL; break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: - sign->rsa_sign = _RSA_do_sign(hash + 1, SHA_DIGEST_LEN, - privatekey->rsa); - if (sign->rsa_sign == NULL) { - signature_free(sign); + sig->rsa_sig = _RSA_do_sign(hash + 1, hlen, privkey->rsa); + if (sig->rsa_sig == NULL) { + ssh_signature_free(sig); return NULL; } - sign->dsa_sign = NULL; + sig->dsa_sig = NULL; break; case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: - signature_free(sign); + ssh_signature_free(sig); return NULL; } - return sign; + return sig; } #ifdef WITH_SERVER diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 06bf1a3..8d94d16 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -1384,47 +1384,60 @@ int pki_signature_verify(ssh_session session, return SSH_OK; } -struct signature_struct *pki_do_sign(ssh_key privatekey, - const unsigned char *hash) { - struct signature_struct *sign; - gcry_sexp_t gcryhash; +ssh_signature pki_do_sign(const ssh_key privkey, + const unsigned char *hash, + size_t hlen) { + ssh_signature sig; + gcry_sexp_t sexp; + gcry_error_t err; - sign = malloc(sizeof(SIGNATURE)); - if (sign == NULL) { + sig = ssh_signature_new(); + if (sig == NULL) { return NULL; } - sign->type = privatekey->type; + sig->type = privkey->type; - switch(privatekey->type) { + switch (privkey->type) { case SSH_KEYTYPE_DSS: - if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) || - gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) { - gcry_sexp_release(gcryhash); - signature_free(sign); + err = gcry_sexp_build(&sexp, NULL, "%b", hlen + 1, hash); + if (err) { + ssh_signature_free(sig); + return NULL; + } + + err = gcry_pk_sign(&sig->dsa_sig, sexp, privkey->dsa); + gcry_sexp_release(sexp); + if (err) { + ssh_signature_free(sig); return NULL; } - sign->rsa_sign = NULL; break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: - if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))", - SHA_DIGEST_LEN, hash + 1) || - gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) { - gcry_sexp_release(gcryhash); - signature_free(sign); + err = gcry_sexp_build(&sexp, + NULL, + "(data(flags pkcs1)(hash sha1 %b))", + hlen, + hash + 1); + if (err) { + ssh_signature_free(sig); + return NULL; + } + + err = gcry_pk_sign(&sig->rsa_sig, sexp, privkey->rsa); + gcry_sexp_release(sexp); + if (err) { + ssh_signature_free(sig); return NULL; } - sign->dsa_sign = NULL; break; case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: - signature_free(sign); + ssh_signature_free(sig); return NULL; } - gcry_sexp_release(gcryhash); - - return sign; + return sig; } #ifdef WITH_SERVER |