lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

pki: Add support for ECDSA private key signing.

Browse Source
This commit is contained in:
Andreas Schneider
2013-10-18 22:45:57 +02:00
parent ac4c5699b1
commit 33890daf41
1 changed files with 34 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/pki.c
View File

@@ -1271,11 +1271,9 @@ ssh_string ssh_pki_do_sign(ssh_session session,
struct ssh_crypto_struct *crypto = struct ssh_crypto_struct *crypto =
session->current_crypto ? session->current_crypto : session->current_crypto ? session->current_crypto :
session->next_crypto; session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN] = {0};
ssh_signature sig; ssh_signature sig;
ssh_string sig_blob; ssh_string sig_blob;
ssh_string session_id; ssh_string session_id;
SHACTX ctx;
int rc; int rc;
if (privkey == NULL || !ssh_key_is_private(privkey)) { if (privkey == NULL || !ssh_key_is_private(privkey)) {
@@ -1287,24 +1285,46 @@ ssh_string ssh_pki_do_sign(ssh_session session,
return NULL; return NULL;
} }
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len); ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
/* TODO: change when supporting ECDSA keys */
ctx = sha1_init();
if (ctx == NULL) {
ssh_string_free(session_id);
return NULL;
}
sha1_update(ctx, session_id, ssh_string_len(session_id) + 4); if (privkey->type == SSH_KEYTYPE_ECDSA) {
ssh_string_free(session_id); #ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;
EVPCTX ctx;
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); ctx = evp_init(privkey->ecdsa_nid);
sha1_final(hash, ctx); if (ctx == NULL) {
ssh_string_free(session_id);
return NULL;
}
evp_update(ctx, session_id, ssh_string_len(session_id) + 4);
evp_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
evp_final(ctx, ehash, &elen);
sig = pki_do_sign(privkey, ehash, elen);
#endif
} else {
unsigned char hash[SHA_DIGEST_LEN] = {0};
SHACTX ctx;
ctx = sha1_init();
if (ctx == NULL) {
ssh_string_free(session_id);
return NULL;
}
sha1_update(ctx, session_id, ssh_string_len(session_id) + 4);
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
sha1_final(hash, ctx);
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN); ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN);
#endif #endif
sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN); sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
}
ssh_string_free(session_id);
if (sig == NULL) { if (sig == NULL) {
return NULL; return NULL;
} }