messages: Move ssh_userauth_build_digest() and make it static.

2025-08-10 06:23:01 +03:00 · 2011-08-22 12:57:01 +02:00
parent ca9b01af99
commit a2e08697b1
3 changed files with 119 additions and 66 deletions
--- a/include/libssh/keys.h
+++ b/include/libssh/keys.h
@@ -62,7 +62,6 @@ typedef struct signature_struct {
 const char *ssh_type_to_char(int type);
 int ssh_type_from_name(const char *name);
 ssh_buffer ssh_userauth_build_digest(ssh_session session, ssh_message msg, char *service);
 ssh_private_key privatekey_make_dss(ssh_session session, ssh_buffer buffer);
 ssh_private_key privatekey_make_rsa(ssh_session session, ssh_buffer buffer,
--- a/src/keys.c
+++ b/src/keys.c
@@ -379,70 +379,6 @@ ssh_string ssh_do_sign_with_agent(ssh_session session,
 }
 #endif /* _WIN32 */
 /*
 * This function concats in a buffer the values needed to do a signature
 * verification. */
 ssh_buffer ssh_userauth_build_digest(ssh_session session, ssh_message msg, char *service) {
 /*
     The value of 'signature' is a signature by the corresponding private
   key over the following data, in the following order:
      string    session identifier
      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name
      string    service name
      string    "publickey"
      boolean   TRUE
      string    public key algorithm name
      string    public key to be used for authentication
 */
 	struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
                                             session->next_crypto;
  ssh_buffer buffer = NULL;
  ssh_string session_id = NULL;
  uint8_t type = SSH2_MSG_USERAUTH_REQUEST;
  ssh_string username = ssh_string_from_char(msg->auth_request.username);
  ssh_string servicename = ssh_string_from_char(service);
  ssh_string method = ssh_string_from_char("publickey");
  uint8_t has_sign = 1;
  ssh_string algo = ssh_string_from_char(msg->auth_request.public_key->type_c);
  ssh_string publickey = publickey_to_string(msg->auth_request.public_key);
  buffer = ssh_buffer_new();
  if (buffer == NULL) {
    goto error;
  }
  session_id = ssh_string_new(SHA_DIGEST_LEN);
  if (session_id == NULL) {
    ssh_buffer_free(buffer);
    buffer = NULL;
    goto error;
  }
  ssh_string_fill(session_id, crypto->session_id, SHA_DIGEST_LEN);
  if(buffer_add_ssh_string(buffer, session_id) < 0 ||
     buffer_add_u8(buffer, type) < 0 ||
     buffer_add_ssh_string(buffer, username) < 0 ||
     buffer_add_ssh_string(buffer, servicename) < 0 ||
     buffer_add_ssh_string(buffer, method) < 0 ||
     buffer_add_u8(buffer, has_sign) < 0 ||
     buffer_add_ssh_string(buffer, algo) < 0 ||
     buffer_add_ssh_string(buffer, publickey) < 0) {
    ssh_buffer_free(buffer);
    buffer = NULL;
    goto error;
  }
 error:
  if(session_id) ssh_string_free(session_id);
  if(username) ssh_string_free(username);
  if(servicename) ssh_string_free(servicename);
  if(method) ssh_string_free(method);
  if(algo) ssh_string_free(algo);
  if(publickey) ssh_string_free(publickey);
  return buffer;
 }
 /*
 * This function signs the session id (known as H) as a string then
 * the content of sigbuf */
--- a/src/messages.c
+++ b/src/messages.c
@@ -312,6 +312,124 @@ error:
  return SSH_PACKET_USED;
 }
 /*
 * This function concats in a buffer the values needed to do a signature
 * verification.
 */
 static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
                                                ssh_message msg,
                                                const char *service)
 {
    struct ssh_crypto_struct *crypto =
        session->current_crypto ? session->current_crypto :
                                  session->next_crypto;
    ssh_buffer buffer;
    ssh_string str;
    int rc;
    buffer = ssh_buffer_new();
    if (buffer == NULL) {
        return NULL;
    }
    /* Add session id */
    str  = ssh_string_new(SHA_DIGEST_LEN);
    if (str == NULL) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    ssh_string_fill(str, crypto->session_id, SHA_DIGEST_LEN);
    rc = buffer_add_ssh_string(buffer, str);
    string_free(str);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Add the type */
    rc = buffer_add_u8(buffer, SSH2_MSG_USERAUTH_REQUEST);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Add the username */
    str = ssh_string_from_char(msg->auth_request.username);
    if (str == NULL) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    rc = buffer_add_ssh_string(buffer, str);
    string_free(str);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Add the service name */
    str = ssh_string_from_char(service);
    if (str == NULL) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    rc = buffer_add_ssh_string(buffer, str);
    string_free(str);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Add the method (publickey) */
    str = ssh_string_from_char("publickey");
    if (str == NULL) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    rc = buffer_add_ssh_string(buffer, str);
    string_free(str);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Has been signed (TRUE) */
    rc = buffer_add_u8(buffer, 1);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Add the public key algorithm */
    str = ssh_string_from_char(msg->auth_request.public_key->type_c);
    if (str == NULL) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    rc = buffer_add_ssh_string(buffer, str);
    string_free(str);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    /* Add the publickey as blob */
    str = publickey_to_string(msg->auth_request.public_key);
    if (str == NULL) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    rc = buffer_add_ssh_string(buffer, str);
    string_free(str);
    if (rc < 0) {
        ssh_buffer_free(buffer);
        return NULL;
    }
    return buffer;
 }
 /**
 * @internal
 *
@@ -482,7 +600,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
      }
      signature = signature_from_string(session, sign, public_key,
                                                       public_key->type);
-      digest = ssh_userauth_build_digest(session, msg, service_c);
+      digest = ssh_msg_userauth_build_digest(session, msg, service_c);
      if ((digest == NULL || signature == NULL) ||
          (digest != NULL && signature != NULL &&
          sig_verify(session, public_key, signature,