lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

pki: Migrate ssh_pki_do_sign to new pki.

Browse Source
This commit is contained in:
Andreas Schneider
2011-08-26 09:51:02 +02:00
parent b5db04003d
commit 7457937bab
4 changed files with 83 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/libssh/pki_priv.h
View File

@@ -62,8 +62,9 @@ int pki_signature_verify(ssh_session session,
size_t len); size_t len);
/* SSH Signing Functions */ /* SSH Signing Functions */
struct signature_struct *pki_do_sign(const ssh_key privatekey, ssh_signature pki_do_sign(const ssh_key privkey,
const unsigned char *hash); const unsigned char *hash,
size_t hlen);
ssh_signature pki_do_sign_sessionid(const ssh_key key, ssh_signature pki_do_sign_sessionid(const ssh_key key,
const unsigned char *hash); const unsigned char *hash);
#endif /* PKI_PRIV_H_ */ #endif /* PKI_PRIV_H_ */

46
src/pki.c
View File

@@ -1057,51 +1057,57 @@ int ssh_pki_signature_verify_blob(ssh_session session,
/* /*
* This function signs the session id (known as H) as a string then * This function signs the session id (known as H) as a string then
* the content of sigbuf */ * the content of sigbuf */
ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf, ssh_string ssh_pki_do_sign(ssh_session session,
const ssh_key privatekey) { ssh_buffer sigbuf,
struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : const ssh_key privkey) {
session->next_crypto; struct ssh_crypto_struct *crypto =
session->current_crypto ? session->current_crypto :
session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
ssh_string session_str = NULL; ssh_signature sig;
ssh_string signature = NULL; ssh_string sig_blob = NULL;
struct signature_struct *sign = NULL; ssh_string str = NULL;
SHACTX ctx = NULL; SHACTX ctx = NULL;
int rc;
if (privatekey == NULL || !ssh_key_is_private(privatekey)) { if (privkey == NULL || !ssh_key_is_private(privkey)) {
return NULL; return NULL;
} }
session_str = ssh_string_new(SHA_DIGEST_LEN); str = ssh_string_new(SHA_DIGEST_LEN);
if (session_str == NULL) { if (str == NULL) {
return NULL; return NULL;
} }
ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN); ssh_string_fill(str, crypto->session_id, SHA_DIGEST_LEN);
ctx = sha1_init(); ctx = sha1_init();
if (ctx == NULL) { if (ctx == NULL) {
ssh_string_free(session_str); ssh_string_free(str);
return NULL; return NULL;
} }
sha1_update(ctx, session_str, ssh_string_len(session_str) + 4); sha1_update(ctx, str, ssh_string_len(str) + 4);
ssh_string_free(session_str); ssh_string_free(str);
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf)); sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
sha1_final(hash + 1,ctx); sha1_final(hash + 1, ctx);
hash[0] = 0; hash[0] = 0;
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN); ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
#endif #endif
sign = pki_do_sign(privatekey, hash); sig = pki_do_sign(privkey, hash, SHA_DIGEST_LEN);
if (sign == NULL) { if (sig == NULL) {
return NULL; return NULL;
} }
signature = signature_to_string(sign); rc = ssh_pki_export_signature_blob(sig, &sig_blob);
signature_free(sign); ssh_signature_free(sig);
if (rc < 0) {
return NULL;
}
return signature; return sig_blob;
} }
#ifndef _WIN32 #ifndef _WIN32

37
src/pki_crypto.c
View File

@@ -720,22 +720,23 @@ int pki_signature_verify(ssh_session session,
return SSH_OK; return SSH_OK;
} }
struct signature_struct *pki_do_sign(ssh_key privatekey, ssh_signature pki_do_sign(const ssh_key privkey,
const unsigned char *hash) { const unsigned char *hash,
struct signature_struct *sign; size_t hlen) {
ssh_signature sig;
sign = malloc(sizeof(SIGNATURE)); sig = ssh_signature_new();
if (sign == NULL) { if (sig == NULL) {
return NULL; return NULL;
} }
sign->type = privatekey->type;
switch(privatekey->type) { sig->type = privkey->type;
switch(privkey->type) {
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, sig->dsa_sig = DSA_do_sign(hash + 1, hlen, privkey->dsa);
privatekey->dsa); if (sig->dsa_sig == NULL) {
if (sign->dsa_sign == NULL) { ssh_signature_free(sig);
signature_free(sign);
return NULL; return NULL;
} }
@@ -744,25 +745,23 @@ struct signature_struct *pki_do_sign(ssh_key privatekey,
ssh_print_bignum("s", sign->dsa_sign->s); ssh_print_bignum("s", sign->dsa_sign->s);
#endif #endif
sign->rsa_sign = NULL;
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
sign->rsa_sign = _RSA_do_sign(hash + 1, SHA_DIGEST_LEN, sig->rsa_sig = _RSA_do_sign(hash + 1, hlen, privkey->rsa);
privatekey->rsa); if (sig->rsa_sig == NULL) {
if (sign->rsa_sign == NULL) { ssh_signature_free(sig);
signature_free(sign);
return NULL; return NULL;
} }
sign->dsa_sign = NULL; sig->dsa_sig = NULL;
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
signature_free(sign); ssh_signature_free(sig);
return NULL; return NULL;
} }
return sign; return sig;
} }
#ifdef WITH_SERVER #ifdef WITH_SERVER

59
src/pki_gcrypt.c
View File

@@ -1384,47 +1384,60 @@ int pki_signature_verify(ssh_session session,
return SSH_OK; return SSH_OK;
} }
struct signature_struct *pki_do_sign(ssh_key privatekey, ssh_signature pki_do_sign(const ssh_key privkey,
const unsigned char *hash) { const unsigned char *hash,
struct signature_struct *sign; size_t hlen) {
gcry_sexp_t gcryhash; ssh_signature sig;
gcry_sexp_t sexp;
gcry_error_t err;
sign = malloc(sizeof(SIGNATURE)); sig = ssh_signature_new();
if (sign == NULL) { if (sig == NULL) {
return NULL; return NULL;
} }
sign->type = privatekey->type; sig->type = privkey->type;
switch(privatekey->type) { switch (privkey->type) {
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) || err = gcry_sexp_build(&sexp, NULL, "%b", hlen + 1, hash);
gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) { if (err) {
gcry_sexp_release(gcryhash); ssh_signature_free(sig);
signature_free(sign); return NULL;
}
err = gcry_pk_sign(&sig->dsa_sig, sexp, privkey->dsa);
gcry_sexp_release(sexp);
if (err) {
ssh_signature_free(sig);
return NULL; return NULL;
} }
sign->rsa_sign = NULL;
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))", err = gcry_sexp_build(&sexp,
SHA_DIGEST_LEN, hash + 1) || NULL,
gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) { "(data(flags pkcs1)(hash sha1 %b))",
gcry_sexp_release(gcryhash); hlen,
signature_free(sign); hash + 1);
if (err) {
ssh_signature_free(sig);
return NULL;
}
err = gcry_pk_sign(&sig->rsa_sig, sexp, privkey->rsa);
gcry_sexp_release(sexp);
if (err) {
ssh_signature_free(sig);
return NULL; return NULL;
} }
sign->dsa_sign = NULL;
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
signature_free(sign); ssh_signature_free(sig);
return NULL; return NULL;
} }
gcry_sexp_release(gcryhash); return sig;
return sign;
} }
#ifdef WITH_SERVER #ifdef WITH_SERVER