lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-28 01:41:48 +03:00
Code Activity

src: Reformat pki_gcrypt.c

Browse Source 
clang-format -i pki_gcrypt.c

Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Andreas Schneider
2025-06-23 15:23:34 +02:00
parent 937552aed2
commit 1229ad650b
1 changed files with 1148 additions and 1083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

345
src/pki_gcrypt.c
View File

@ -28,19 +28,19 @@
#ifdef HAVE_LIBGCRYPT
#include <assert.h>
#include <stdbool.h>
#include <string.h>
#include <stdlib.h>
#include <gcrypt.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "libssh/priv.h"
#include "libssh/buffer.h"
#include "libssh/session.h"
#include "libssh/wrapper.h"
#include "libssh/misc.h"
#include "libssh/pki.h"
#include "libssh/pki_priv.h"
#include "libssh/priv.h"
#include "libssh/session.h"
#include "libssh/wrapper.h"
#define MAXLINESIZE 80
#define RSA_HEADER_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
@ -57,7 +57,8 @@
#define ASN1_SEQUENCE 48
#define PKCS5_SALT_LEN 8
static int load_iv(const char *header, unsigned char *iv, int iv_len) {
static int load_iv(const char *header, unsigned char *iv, int iv_len)
{
int i;
int j;
int k;
@ -85,7 +86,8 @@ static int load_iv(const char *header, unsigned char *iv, int iv_len) {
return 0;
}
static uint32_t char_to_u32(unsigned char *data, uint32_t size) {
static uint32_t char_to_u32(unsigned char *data, uint32_t size)
{
uint32_t ret;
uint32_t i;
@ -94,7 +96,8 @@ static uint32_t char_to_u32(unsigned char *data, uint32_t size) {
return ret;
}
static uint32_t asn1_get_len(ssh_buffer buffer) {
static uint32_t asn1_get_len(ssh_buffer buffer)
{
uint32_t len;
unsigned char tmp[4];
@ -118,7 +121,8 @@ static uint32_t asn1_get_len(ssh_buffer buffer) {
return len;
}
static ssh_string asn1_get(ssh_buffer buffer, unsigned char want) {
static ssh_string asn1_get(ssh_buffer buffer, unsigned char want)
{
ssh_string str;
unsigned char type;
uint32_t size;
@ -144,7 +148,8 @@ static ssh_string asn1_get(ssh_buffer buffer, unsigned char want) {
return str;
}
static ssh_string asn1_get_int(ssh_buffer buffer) {
static ssh_string asn1_get_int(ssh_buffer buffer)
{
return asn1_get(buffer, ASN1_INTEGER);
}
@ -205,7 +210,8 @@ static ssh_string asn1_get_bit_string(ssh_buffer buffer)
return str;
}
static int asn1_check_sequence(ssh_buffer buffer) {
static int asn1_check_sequence(ssh_buffer buffer)
{
unsigned char *j = NULL;
unsigned char tmp;
int i;
@ -221,8 +227,7 @@ static int asn1_check_sequence(ssh_buffer buffer) {
for (i = ssh_buffer_get_len(buffer) - size,
j = (unsigned char *)ssh_buffer_get(buffer) + size;
i;
i--, j++)
{
i--, j++) {
if (*j != padding) { /* padding is allowed */
return 0; /* but nothing else */
}
@ -232,7 +237,8 @@ static int asn1_check_sequence(ssh_buffer buffer) {
return 1;
}
static int asn1_check_tag(ssh_buffer buffer, unsigned char tag) {
static int asn1_check_tag(ssh_buffer buffer, unsigned char tag)
{
unsigned char tmp;
uint32_t len;
@ -245,8 +251,12 @@ static int asn1_check_tag(ssh_buffer buffer, unsigned char tag) {
return 1;
}
static int passphrase_to_key(char *data, unsigned int datalen,
unsigned char *salt, unsigned char *key, unsigned int keylen) {
static int passphrase_to_key(char *data,
unsigned int datalen,
unsigned char *salt,
unsigned char *key,
unsigned int keylen)
{
MD5CTX md;
unsigned char digest[MD5_DIGEST_LEN] = {0};
unsigned int i;
@ -295,9 +305,13 @@ void pki_key_clean(ssh_key key)
key->ecdsa = NULL;
}
static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
unsigned char *iv, unsigned int iv_len,
ssh_buffer data, ssh_auth_callback cb,
static int privatekey_decrypt(int algo,
int mode,
unsigned int key_len,
unsigned char *iv,
unsigned int iv_len,
ssh_buffer data,
ssh_auth_callback cb,
void *userdata,
const char *desc)
{
@ -320,16 +334,21 @@ static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
snprintf(passphrase, MAX_PASSPHRASE_SIZE, "%s", (char *)userdata);
}
if (passphrase_to_key(passphrase, strlen(passphrase), iv, key, key_len) < 0) {
if (passphrase_to_key(passphrase, strlen(passphrase), iv, key, key_len) <
0) {
return -1;
}
if (gcry_cipher_open(&cipher, algo, mode, 0)
|| gcry_cipher_setkey(cipher, key, key_len)
|| gcry_cipher_setiv(cipher, iv, iv_len)
|| (tmp = calloc(ssh_buffer_get_len(data), sizeof(unsigned char))) == NULL
|| gcry_cipher_decrypt(cipher, tmp, ssh_buffer_get_len(data),
ssh_buffer_get(data), ssh_buffer_get_len(data))) {
if (gcry_cipher_open(&cipher, algo, mode, 0) ||
gcry_cipher_setkey(cipher, key, key_len) ||
gcry_cipher_setiv(cipher, iv, iv_len) ||
(tmp = calloc(ssh_buffer_get_len(data), sizeof(unsigned char))) ==
NULL ||
gcry_cipher_decrypt(cipher,
tmp,
ssh_buffer_get_len(data),
ssh_buffer_get(data),
ssh_buffer_get_len(data))) {
gcry_cipher_close(cipher);
return -1;
}
@ -342,45 +361,41 @@ static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
return 0;
}
static int privatekey_dek_header(const char *header, unsigned int header_len,
int *algo, int *mode, unsigned int *key_len, unsigned char **iv,
unsigned int *iv_len) {
static int privatekey_dek_header(const char *header,
unsigned int header_len,
int *algo,
int *mode,
unsigned int *key_len,
unsigned char **iv,
unsigned int *iv_len)
{
unsigned int iv_pos;
if (header_len > 13 && !strncmp("DES-EDE3-CBC", header, 12))
{
if (header_len > 13 && !strncmp("DES-EDE3-CBC", header, 12)) {
*algo = GCRY_CIPHER_3DES;
iv_pos = 13;
*mode = GCRY_CIPHER_MODE_CBC;
*key_len = 24;
*iv_len = 8;
}
else if (header_len > 8 && !strncmp("DES-CBC", header, 7))
{
} else if (header_len > 8 && !strncmp("DES-CBC", header, 7)) {
*algo = GCRY_CIPHER_DES;
iv_pos = 8;
*mode = GCRY_CIPHER_MODE_CBC;
*key_len = 8;
*iv_len = 8;
}
else if (header_len > 12 && !strncmp("AES-128-CBC", header, 11))
{
} else if (header_len > 12 && !strncmp("AES-128-CBC", header, 11)) {
*algo = GCRY_CIPHER_AES128;
iv_pos = 12;
*mode = GCRY_CIPHER_MODE_CBC;
*key_len = 16;
*iv_len = 16;
}
else if (header_len > 12 && !strncmp("AES-192-CBC", header, 11))
{
} else if (header_len > 12 && !strncmp("AES-192-CBC", header, 11)) {
*algo = GCRY_CIPHER_AES192;
iv_pos = 12;
*mode = GCRY_CIPHER_MODE_CBC;
*key_len = 24;
*iv_len = 16;
}
else if (header_len > 12 && !strncmp("AES-256-CBC", header, 11))
{
} else if (header_len > 12 && !strncmp("AES-256-CBC", header, 11)) {
*algo = GCRY_CIPHER_AES256;
iv_pos = 12;
*mode = GCRY_CIPHER_MODE_CBC;
@ -398,18 +413,25 @@ static int privatekey_dek_header(const char *header, unsigned int header_len,
return load_iv(header + iv_pos, *iv, *iv_len);
}
#define get_next_line(p, len) { \
#define get_next_line(p, len) \
{ \
while (p[len] == '\n' || p[len] == '\r') /* skip empty lines */ \
len++; \
if (p[len] == '\0') /* EOL */ \
eol = true; \
else /* calculate length */ \
for(p += len, len = 0; p[len] && p[len] != '\n' \
&& p[len] != '\r'; len++); \
for (p += len, len = 0; \
p[len] && p[len] != '\n' && p[len] != '\r'; \
len++) \
; \
}
static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
ssh_auth_callback cb, void *userdata, const char *desc) {
static ssh_buffer privatekey_string_to_buffer(const char *pkey,
int type,
ssh_auth_callback cb,
void *userdata,
const char *desc)
{
ssh_buffer buffer = NULL;
ssh_buffer out = NULL;
const char *p = NULL;
@ -485,8 +507,13 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
SSH_BUFFER_FREE(buffer);
return NULL;
}
if (privatekey_dek_header(p, len, &algo, &mode, &key_len,
&iv, &iv_len) < 0) {
if (privatekey_dek_header(p,
len,
&algo,
&mode,
&key_len,
&iv,
&iv_len) < 0) {
SSH_BUFFER_FREE(buffer);
SAFE_FREE(iv);
return NULL;
@ -536,8 +563,15 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
}
if (algo) {
if (privatekey_decrypt(algo, mode, key_len, iv, iv_len, out,
cb, userdata, desc) < 0) {
if (privatekey_decrypt(algo,
mode,
key_len,
iv,
iv_len,
out,
cb,
userdata,
desc) < 0) {
SSH_BUFFER_FREE(out);
SAFE_FREE(iv);
return NULL;
@ -548,8 +582,7 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
return out;
}
static int
b64decode_rsa_privatekey(const char *pkey,
static int b64decode_rsa_privatekey(const char *pkey,
gcry_sexp_t *r,
ssh_auth_callback cb,
void *userdata,
@ -569,11 +602,8 @@ b64decode_rsa_privatekey(const char *pkey,
int rc = 1;
gcry_error_t rv = 0;
buffer = privatekey_string_to_buffer(pkey,
SSH_KEYTYPE_RSA,
cb,
userdata,
desc);
buffer =
privatekey_string_to_buffer(pkey, SSH_KEYTYPE_RSA, cb, userdata, desc);
if (buffer == NULL) {
return 0;
}
@ -725,7 +755,6 @@ static const char *pki_key_ecdsa_nid_to_gcrypt_name(int nid)
return "unknown";
}
const char *pki_key_ecdsa_nid_to_name(int nid)
{
switch (nid) {
@ -792,15 +821,16 @@ static int asn1_oi_to_nid(const ssh_string oi)
};
size_t len = ssh_string_len(oi);
for (e = mapping; e->length; e++) {
if (len == e->length
&& memcmp(ssh_string_data(oi), e->identifier, len) == 0) {
if (len == e->length &&
memcmp(ssh_string_data(oi), e->identifier, len) == 0) {
return e->nid;
}
}
return -1;
}
static int b64decode_ecdsa_privatekey(const char *pkey, gcry_sexp_t *r,
static int b64decode_ecdsa_privatekey(const char *pkey,
gcry_sexp_t *r,
ssh_auth_callback cb,
void *userdata,
const char *desc)
@ -918,15 +948,21 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
case SSH_KEYTYPE_RSA:
if (passphrase == NULL) {
if (auth_fn) {
valid = b64decode_rsa_privatekey(b64_key, &rsa, auth_fn,
auth_data, "Passphrase for private key:");
valid = b64decode_rsa_privatekey(b64_key,
&rsa,
auth_fn,
auth_data,
"Passphrase for private key:");
} else {
valid = b64decode_rsa_privatekey(b64_key, &rsa, NULL, NULL,
NULL);
valid =
b64decode_rsa_privatekey(b64_key, &rsa, NULL, NULL, NULL);
}
} else {
valid = b64decode_rsa_privatekey(b64_key, &rsa, NULL,
(void *)passphrase, NULL);
valid = b64decode_rsa_privatekey(b64_key,
&rsa,
NULL,
(void *)passphrase,
NULL);
}
if (!valid) {
@ -940,7 +976,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#if HAVE_GCRYPT_ECC
if (passphrase == NULL) {
if (auth_fn != NULL) {
valid = b64decode_ecdsa_privatekey(b64_key,
valid =
b64decode_ecdsa_privatekey(b64_key,
&ecdsa,
auth_fn,
auth_data,
@ -1019,14 +1056,21 @@ int pki_privkey_build_rsa(ssh_key key,
/* in gcrypt, there is no iqmp (inverse of q mod p) argument,
* but it is ipmq (inverse of p mod q) so we need to swap
* the p and q arguments */
gcry_sexp_build(&key->rsa, NULL,
gcry_sexp_build(&key->rsa,
NULL,
"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
ssh_string_len(n), ssh_string_data(n),
ssh_string_len(e), ssh_string_data(e),
ssh_string_len(d), ssh_string_data(d),
ssh_string_len(q), ssh_string_data(q),
ssh_string_len(p), ssh_string_data(p),
ssh_string_len(iqmp), ssh_string_data(iqmp));
ssh_string_len(n),
ssh_string_data(n),
ssh_string_len(e),
ssh_string_data(e),
ssh_string_len(d),
ssh_string_data(d),
ssh_string_len(q),
ssh_string_data(q),
ssh_string_len(p),
ssh_string_data(p),
ssh_string_len(iqmp),
ssh_string_data(iqmp));
if (key->rsa == NULL) {
return SSH_ERROR;
}
@ -1034,13 +1078,15 @@ int pki_privkey_build_rsa(ssh_key key,
return SSH_OK;
}
int pki_pubkey_build_rsa(ssh_key key,
ssh_string e,
ssh_string n) {
gcry_sexp_build(&key->rsa, NULL,
int pki_pubkey_build_rsa(ssh_key key, ssh_string e, ssh_string n)
{
gcry_sexp_build(&key->rsa,
NULL,
"(public-key(rsa(n %b)(e %b)))",
ssh_string_len(n), ssh_string_data(n),
ssh_string_len(e),ssh_string_data(e));
ssh_string_len(n),
ssh_string_data(n),
ssh_string_len(e),
ssh_string_data(e));
if (key->rsa == NULL) {
return SSH_ERROR;
}
@ -1056,11 +1102,14 @@ int pki_privkey_build_ecdsa(ssh_key key, int nid, ssh_string e, ssh_string exp)
key->ecdsa_nid = nid;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
err = gcry_sexp_build(&key->ecdsa, NULL,
err = gcry_sexp_build(&key->ecdsa,
NULL,
"(private-key(ecdsa(curve %s)(d %b)(q %b)))",
pki_key_ecdsa_nid_to_gcrypt_name(nid),
ssh_string_len(exp), ssh_string_data(exp),
ssh_string_len(e), ssh_string_data(e));
ssh_string_len(exp),
ssh_string_data(exp),
ssh_string_len(e),
ssh_string_data(e));
if (err) {
return SSH_ERROR;
}
@ -1075,10 +1124,12 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
key->ecdsa_nid = nid;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
err = gcry_sexp_build(&key->ecdsa, NULL,
err = gcry_sexp_build(&key->ecdsa,
NULL,
"(public-key(ecdsa(curve %s)(q %b)))",
pki_key_ecdsa_nid_to_gcrypt_name(nid),
ssh_string_len(e), ssh_string_data(e));
ssh_string_len(e),
ssh_string_data(e));
if (err) {
return SSH_ERROR;
}
@ -1135,15 +1186,22 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
}
if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
err = gcry_sexp_build(&new->rsa,
err = gcry_sexp_build(
&new->rsa,
NULL,
"(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
n, e, d, p, q, u);
n,
e,
d,
p,
q,
u);
} else {
err = gcry_sexp_build(&new->rsa,
NULL,
"(public-key(rsa(n %m)(e %m)))",
n, e);
n,
e);
}
break;
case SSH_KEYTYPE_ED25519:
@ -1160,12 +1218,7 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
#ifdef HAVE_GCRYPT_ECC
new->ecdsa_nid = key->ecdsa_nid;
err = gcry_sexp_extract_param(key->ecdsa,
NULL,
"qd?",
&q,
&d,
NULL);
err = gcry_sexp_extract_param(key->ecdsa, NULL, "qd?", &q, &d, NULL);
if (err) {
break;
}
@ -1251,38 +1304,43 @@ pki_key_generate(ssh_key key, int parameter, const char *type_s, int type)
return SSH_OK;
}
int
pki_key_generate_rsa(ssh_key key, int parameter)
int pki_key_generate_rsa(ssh_key key, int parameter)
{
return pki_key_generate(key, parameter, "rsa", SSH_KEYTYPE_RSA);
}
#ifdef HAVE_GCRYPT_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int pki_key_generate_ecdsa(ssh_key key, int parameter)
{
switch (parameter) {
case 384:
key->ecdsa_nid = NID_gcrypt_nistp384;
key->type = SSH_KEYTYPE_ECDSA_P384;
return pki_key_generate(key, parameter, "ecdsa",
return pki_key_generate(key,
parameter,
"ecdsa",
SSH_KEYTYPE_ECDSA_P384);
case 521:
key->ecdsa_nid = NID_gcrypt_nistp521;
key->type = SSH_KEYTYPE_ECDSA_P521;
return pki_key_generate(key, parameter, "ecdsa",
return pki_key_generate(key,
parameter,
"ecdsa",
SSH_KEYTYPE_ECDSA_P521);
case 256:
default:
key->ecdsa_nid = NID_gcrypt_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
return pki_key_generate(key, parameter, "ecdsa",
return pki_key_generate(key,
parameter,
"ecdsa",
SSH_KEYTYPE_ECDSA_P256);
}
}
#endif
static int _bignum_cmp(const gcry_sexp_t s1,
const gcry_sexp_t s2,
const char *what)
static int
_bignum_cmp(const gcry_sexp_t s1, const gcry_sexp_t s2, const char *what)
{
gcry_sexp_t sexp = NULL;
bignum b1 = NULL;
@ -1317,9 +1375,7 @@ static int _bignum_cmp(const gcry_sexp_t s1,
return result;
}
int pki_key_compare(const ssh_key k1,
const ssh_key k2,
enum ssh_keycmp_e what)
int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
{
switch (k1->type) {
case SSH_KEYTYPE_RSA:
@ -1561,8 +1617,8 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
case SSH_KEYTYPE_ECDSA_P521:
case SSH_KEYTYPE_SK_ECDSA:
#ifdef HAVE_GCRYPT_ECC
type_s = ssh_string_from_char(
pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) {
goto fail;
}
@ -1573,7 +1629,9 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
goto fail;
}
e = ssh_sexp_extract_mpi(key->ecdsa, "q", GCRYMPI_FMT_STD,
e = ssh_sexp_extract_mpi(key->ecdsa,
"q",
GCRYMPI_FMT_STD,
GCRYMPI_FMT_STD);
if (e == NULL) {
goto fail;
@ -1589,7 +1647,9 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
e = NULL;
if (type == SSH_KEY_PRIVATE) {
d = ssh_sexp_extract_mpi(key->ecdsa, "d", GCRYMPI_FMT_STD,
d = ssh_sexp_extract_mpi(key->ecdsa,
"d",
GCRYMPI_FMT_STD,
GCRYMPI_FMT_STD);
if (d == NULL) {
goto fail;
@ -1625,7 +1685,9 @@ makestring:
goto fail;
}
rc = ssh_string_fill(str, ssh_buffer_get(buffer), ssh_buffer_get_len(buffer));
rc = ssh_string_fill(str,
ssh_buffer_get(buffer),
ssh_buffer_get_len(buffer));
if (rc < 0) {
goto fail;
}
@ -1705,8 +1767,10 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
return NULL;
}
R = ssh_sexp_extract_mpi(sig->ecdsa_sig, "r",
GCRYMPI_FMT_USG, GCRYMPI_FMT_STD);
R = ssh_sexp_extract_mpi(sig->ecdsa_sig,
"r",
GCRYMPI_FMT_USG,
GCRYMPI_FMT_STD);
if (R == NULL) {
SSH_BUFFER_FREE(b);
return NULL;
@ -1719,8 +1783,10 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
return NULL;
}
S = ssh_sexp_extract_mpi(sig->ecdsa_sig, "s",
GCRYMPI_FMT_USG, GCRYMPI_FMT_STD);
S = ssh_sexp_extract_mpi(sig->ecdsa_sig,
"s",
GCRYMPI_FMT_USG,
GCRYMPI_FMT_STD);
if (S == NULL) {
SSH_BUFFER_FREE(b);
return NULL;
@ -1739,8 +1805,8 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
return NULL;
}
rc = ssh_string_fill(sig_blob,
ssh_buffer_get(b), ssh_buffer_get_len(b));
rc =
ssh_string_fill(sig_blob, ssh_buffer_get(b), ssh_buffer_get_len(b));
SSH_BUFFER_FREE(b);
if (rc < 0) {
SSH_STRING_FREE(sig_blob);
@ -1910,8 +1976,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_signature_free(sig);
return NULL;
}
}
break;
} break;
#endif
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN:
@ -2038,7 +2103,8 @@ ssh_signature pki_sign_data(const ssh_key privkey,
int rc;
if (privkey == NULL || !ssh_key_is_private(privkey) || input == NULL) {
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
SSH_LOG(SSH_LOG_TRACE,
"Bad parameter provided to "
"pki_sign_data()");
return NULL;
}
@ -2079,7 +2145,8 @@ ssh_signature pki_sign_data(const ssh_key privkey,
}
FALL_THROUGH;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown hash algorithm for type: %d",
SSH_LOG(SSH_LOG_TRACE,
"Unknown hash algorithm for type: %d",
hash_type);
return NULL;
}
@ -2118,9 +2185,9 @@ int pki_verify_data_signature(ssh_signature signature,
int rc;
if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
signature == NULL)
{
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
signature == NULL) {
SSH_LOG(SSH_LOG_TRACE,
"Bad parameter provided to "
"pki_verify_data_signature()");
return SSH_ERROR;
}
@ -2160,15 +2227,16 @@ int pki_verify_data_signature(ssh_signature signature,
if (pubkey->type == SSH_KEYTYPE_ED25519 ||
pubkey->type == SSH_KEYTYPE_ED25519_CERT01 ||
pubkey->type == SSH_KEYTYPE_SK_ED25519 ||
pubkey->type == SSH_KEYTYPE_SK_ED25519_CERT01)
{
pubkey->type == SSH_KEYTYPE_SK_ED25519_CERT01) {
verify_input = input;
hlen = input_len;
break;
}
FALL_THROUGH;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown sig->hash_type: %d", signature->hash_type);
SSH_LOG(SSH_LOG_TRACE,
"Unknown sig->hash_type: %d",
signature->hash_type);
return SSH_ERROR;
}
@ -2178,11 +2246,11 @@ int pki_verify_data_signature(ssh_signature signature,
err = gcry_sexp_build(&sexp,
NULL,
"(data(flags pkcs1)(hash %s %b))",
hash_type, hlen, hash);
hash_type,
hlen,
hash);
if (err) {
SSH_LOG(SSH_LOG_TRACE,
"RSA hash error: %s",
gcry_strerror(err));
SSH_LOG(SSH_LOG_TRACE, "RSA hash error: %s", gcry_strerror(err));
return SSH_ERROR;
}
err = gcry_pk_verify(signature->rsa_sig, sexp, pubkey->rsa);
@ -2212,9 +2280,7 @@ int pki_verify_data_signature(ssh_signature signature,
hlen,
hash);
if (err) {
SSH_LOG(SSH_LOG_TRACE,
"ECDSA hash error: %s",
gcry_strerror(err));
SSH_LOG(SSH_LOG_TRACE, "ECDSA hash error: %s", gcry_strerror(err));
return SSH_ERROR;
}
err = gcry_pk_verify(signature->ecdsa_sig, sexp, pubkey->ecdsa);
@ -2286,8 +2352,7 @@ int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
(void)uri_name;
(void)key;
(void)key_type;
SSH_LOG(SSH_LOG_TRACE,
"gcrypt does not support PKCS #11");
SSH_LOG(SSH_LOG_TRACE, "gcrypt does not support PKCS #11");
return SSH_ERROR;
}
#endif /* WITH_PKCS11_URI */