mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-11-29 01:03:57 +03:00
pki: Remove duplicate and unused code
Remove duplicate code previously used only in server side to generate signatures. Currently the code used to generate the signature is the same for both client and server. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
committed by
Andreas Schneider
Andreas Schneider
parent
dbf3f962a4
commit
01e98a6df7
113
src/pki_gcrypt.c
113
src/pki_gcrypt.c
@@ -2345,117 +2345,4 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
|
||||
return sig;
|
||||
}
|
||||
|
||||
#ifdef WITH_SERVER
|
||||
ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
|
||||
const unsigned char *hash,
|
||||
size_t hlen,
|
||||
enum ssh_digest_e hash_type)
|
||||
{
|
||||
unsigned char ghash[hlen + 1];
|
||||
const char *hash_c = NULL;
|
||||
ssh_signature sig;
|
||||
gcry_sexp_t sexp;
|
||||
gcry_error_t err;
|
||||
|
||||
/* Only RSA supports different signature algorithm types now */
|
||||
if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
|
||||
SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
sig = ssh_signature_new();
|
||||
if (sig == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
sig->type = key->type;
|
||||
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
|
||||
|
||||
switch(key->type) {
|
||||
case SSH_KEYTYPE_DSS:
|
||||
/* That is to mark the number as positive */
|
||||
if(hash[0] >= 0x80) {
|
||||
memcpy(ghash + 1, hash, hlen);
|
||||
ghash[0] = 0;
|
||||
hash = ghash;
|
||||
hlen += 1;
|
||||
}
|
||||
|
||||
err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
|
||||
if (err) {
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
err = gcry_pk_sign(&sig->dsa_sig, sexp, key->dsa);
|
||||
gcry_sexp_release(sexp);
|
||||
if (err) {
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_RSA:
|
||||
switch (hash_type) {
|
||||
case SSH_DIGEST_SHA1:
|
||||
hash_c = "sha1";
|
||||
break;
|
||||
case SSH_DIGEST_SHA256:
|
||||
hash_c = "sha256";
|
||||
break;
|
||||
case SSH_DIGEST_SHA512:
|
||||
hash_c = "sha512";
|
||||
break;
|
||||
default:
|
||||
SSH_LOG(SSH_LOG_WARN, "Incomplatible key algorithm");
|
||||
return NULL;
|
||||
}
|
||||
err = gcry_sexp_build(&sexp,
|
||||
NULL,
|
||||
"(data(flags pkcs1)(hash %s %b))",
|
||||
hash_c,
|
||||
hlen,
|
||||
hash);
|
||||
if (err) {
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
err = gcry_pk_sign(&sig->rsa_sig, sexp, key->rsa);
|
||||
gcry_sexp_release(sexp);
|
||||
if (err) {
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
case SSH_KEYTYPE_ED25519:
|
||||
/* ED25519 handled in caller */
|
||||
case SSH_KEYTYPE_ECDSA_P256:
|
||||
case SSH_KEYTYPE_ECDSA_P384:
|
||||
case SSH_KEYTYPE_ECDSA_P521:
|
||||
#ifdef HAVE_GCRYPT_ECC
|
||||
err = gcry_sexp_build(&sexp,
|
||||
NULL,
|
||||
"(data(flags raw)(value %b))",
|
||||
hlen,
|
||||
hash);
|
||||
if (err) {
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
err = gcry_pk_sign(&sig->ecdsa_sig, sexp, key->ecdsa);
|
||||
gcry_sexp_release(sexp);
|
||||
if (err) {
|
||||
ssh_signature_free(sig);
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
case SSH_KEYTYPE_RSA1:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return sig;
|
||||
}
|
||||
#endif /* WITH_SERVER */
|
||||
|
||||
#endif /* HAVE_LIBGCRYPT */
|
||||
|
||||
Reference in New Issue
Block a user