diff --git a/include/libssh/pki_priv.h b/include/libssh/pki_priv.h index 30af8d86..9c79aa88 100644 --- a/include/libssh/pki_priv.h +++ b/include/libssh/pki_priv.h @@ -127,12 +127,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey, const unsigned char *hash, size_t hlen, enum ssh_digest_e hash_type); -#define pki_do_sign_sessionid(key, hash, hlen) \ - pki_do_sign_sessionid_hash(key, hash, hlen, SSH_DIGEST_AUTO) -ssh_signature pki_do_sign_sessionid_hash(const ssh_key key, - const unsigned char *hash, - size_t hlen, - enum ssh_digest_e hash_type); int pki_ed25519_sign(const ssh_key privkey, ssh_signature sig, const unsigned char *hash, size_t hlen); int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig, diff --git a/src/pki_crypto.c b/src/pki_crypto.c index a06b6bfc..8b8fb8d2 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -2014,65 +2014,4 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey, return sig; } -#ifdef WITH_SERVER -ssh_signature pki_do_sign_sessionid_hash(const ssh_key key, - const unsigned char *hash, - size_t hlen, - enum ssh_digest_e hash_type) -{ - ssh_signature sig; - - /* Only RSA supports different signature algorithm types now */ - if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) { - SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed"); - return NULL; - } - - sig = ssh_signature_new(); - if (sig == NULL) { - return NULL; - } - - sig->type = key->type; - sig->type_c = ssh_key_signature_to_char(key->type, hash_type); - - switch(key->type) { - case SSH_KEYTYPE_DSS: - sig->dsa_sig = DSA_do_sign(hash, hlen, key->dsa); - if (sig->dsa_sig == NULL) { - ssh_signature_free(sig); - return NULL; - } - break; - case SSH_KEYTYPE_RSA: - case SSH_KEYTYPE_RSA1: - sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type); - if (sig->rsa_sig == NULL) { - ssh_signature_free(sig); - return NULL; - } - break; - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: -#ifdef HAVE_OPENSSL_ECC - sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa); - if (sig->ecdsa_sig == NULL) { - ssh_signature_free(sig); - return NULL; - } - break; -#endif - case SSH_KEYTYPE_ED25519: - /* ED25519 handled in caller */ - case SSH_KEYTYPE_UNKNOWN: - default: - ssh_signature_free(sig); - return NULL; - } - - return sig; -} -#endif /* WITH_SERVER */ - #endif /* _PKI_CRYPTO_H */ diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 7d27d7c5..628ad3ba 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -2345,117 +2345,4 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey, return sig; } -#ifdef WITH_SERVER -ssh_signature pki_do_sign_sessionid_hash(const ssh_key key, - const unsigned char *hash, - size_t hlen, - enum ssh_digest_e hash_type) -{ - unsigned char ghash[hlen + 1]; - const char *hash_c = NULL; - ssh_signature sig; - gcry_sexp_t sexp; - gcry_error_t err; - - /* Only RSA supports different signature algorithm types now */ - if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) { - SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed"); - return NULL; - } - - sig = ssh_signature_new(); - if (sig == NULL) { - return NULL; - } - - sig->type = key->type; - sig->type_c = ssh_key_signature_to_char(key->type, hash_type); - - switch(key->type) { - case SSH_KEYTYPE_DSS: - /* That is to mark the number as positive */ - if(hash[0] >= 0x80) { - memcpy(ghash + 1, hash, hlen); - ghash[0] = 0; - hash = ghash; - hlen += 1; - } - - err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash); - if (err) { - ssh_signature_free(sig); - return NULL; - } - err = gcry_pk_sign(&sig->dsa_sig, sexp, key->dsa); - gcry_sexp_release(sexp); - if (err) { - ssh_signature_free(sig); - return NULL; - } - break; - case SSH_KEYTYPE_RSA: - switch (hash_type) { - case SSH_DIGEST_SHA1: - hash_c = "sha1"; - break; - case SSH_DIGEST_SHA256: - hash_c = "sha256"; - break; - case SSH_DIGEST_SHA512: - hash_c = "sha512"; - break; - default: - SSH_LOG(SSH_LOG_WARN, "Incomplatible key algorithm"); - return NULL; - } - err = gcry_sexp_build(&sexp, - NULL, - "(data(flags pkcs1)(hash %s %b))", - hash_c, - hlen, - hash); - if (err) { - ssh_signature_free(sig); - return NULL; - } - err = gcry_pk_sign(&sig->rsa_sig, sexp, key->rsa); - gcry_sexp_release(sexp); - if (err) { - ssh_signature_free(sig); - return NULL; - } - break; - case SSH_KEYTYPE_ED25519: - /* ED25519 handled in caller */ - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: -#ifdef HAVE_GCRYPT_ECC - err = gcry_sexp_build(&sexp, - NULL, - "(data(flags raw)(value %b))", - hlen, - hash); - if (err) { - ssh_signature_free(sig); - return NULL; - } - err = gcry_pk_sign(&sig->ecdsa_sig, sexp, key->ecdsa); - gcry_sexp_release(sexp); - if (err) { - ssh_signature_free(sig); - return NULL; - } - break; -#endif - case SSH_KEYTYPE_RSA1: - case SSH_KEYTYPE_UNKNOWN: - default: - return NULL; - } - - return sig; -} -#endif /* WITH_SERVER */ - #endif /* HAVE_LIBGCRYPT */ diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 32925dca..735001e1 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -1228,75 +1228,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey, return sig; } -#ifdef WITH_SERVER -ssh_signature pki_do_sign_sessionid_hash(const ssh_key key, - const unsigned char *hash, - size_t hlen, - enum ssh_digest_e hash_type) -{ - ssh_signature sig = NULL; - int rc; - - /* Only RSA supports different signature algorithm types now */ - if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) { - SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed"); - return NULL; - } - - sig = ssh_signature_new(); - if (sig == NULL) { - return NULL; - } - - sig->type = key->type; - sig->type_c = ssh_key_signature_to_char(key->type, hash_type); - - switch (key->type) { - case SSH_KEYTYPE_RSA: - sig->rsa_sig = rsa_do_sign_hash(hash, hlen, key->rsa, hash_type); - if (sig->rsa_sig == NULL) { - ssh_signature_free(sig); - return NULL; - } - break; - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: - sig->ecdsa_sig.r = bignum_new(); - if (sig->ecdsa_sig.r == NULL) { - return NULL; - } - - sig->ecdsa_sig.s = bignum_new(); - if (sig->ecdsa_sig.s == NULL) { - bignum_safe_free(sig->ecdsa_sig.r); - return NULL; - } - - rc = mbedtls_ecdsa_sign(&key->ecdsa->grp, - sig->ecdsa_sig.r, - sig->ecdsa_sig.s, - &key->ecdsa->d, - hash, - hlen, - mbedtls_ctr_drbg_random, - ssh_get_mbedtls_ctr_drbg_context()); - if (rc != 0) { - ssh_signature_free(sig); - return NULL; - } - break; - case SSH_KEYTYPE_ED25519: - /* ED25519 handled in caller */ - default: - ssh_signature_free(sig); - return NULL; - } - - return sig; -} -#endif /* WITH_SERVER */ - const char *pki_key_ecdsa_nid_to_name(int nid) { switch (nid) {