pki: Add pki_do_sign().

2025-08-08 19:02:06 +03:00 · 2011-08-07 18:22:19 +02:00
parent 38d00c0e7a
commit f81444bd57
5 changed files with 125 additions and 91 deletions
--- a/src/pki.c
+++ b/src/pki.c
@@ -354,108 +354,49 @@ ssh_key ssh_pki_publickey_from_privatekey(ssh_key privkey) {
 * the content of sigbuf */
 ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
    ssh_key privatekey) {
-  struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
-    session->next_crypto;
-  unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
-  ssh_string session_str = NULL;
-  ssh_string signature = NULL;
-  SIGNATURE *sign = NULL;
-  SHACTX ctx = NULL;
-#ifdef HAVE_LIBGCRYPT
-  gcry_sexp_t gcryhash;
-#endif
+    struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
+        session->next_crypto;
+    unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
+    ssh_string session_str = NULL;
+    ssh_string signature = NULL;
+    struct signature_struct *sign = NULL;
+    SHACTX ctx = NULL;

-  if(privatekey == NULL || !ssh_key_is_private(privatekey)) {
-      return NULL;
-  }
+    if (privatekey == NULL || !ssh_key_is_private(privatekey)) {
+        return NULL;
+    }

-  session_str = ssh_string_new(SHA_DIGEST_LEN);
-  if (session_str == NULL) {
-    return NULL;
-  }
-  ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);
+    session_str = ssh_string_new(SHA_DIGEST_LEN);
+    if (session_str == NULL) {
+        return NULL;
+    }
+    ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);

-  ctx = sha1_init();
-  if (ctx == NULL) {
+    ctx = sha1_init();
+    if (ctx == NULL) {
+        ssh_string_free(session_str);
+        return NULL;
+    }
+
+    sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
    ssh_string_free(session_str);
-    return NULL;
-  }
-
-  sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
-  ssh_string_free(session_str);
-  sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
-  sha1_final(hash + 1,ctx);
-  hash[0] = 0;
+    sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
+    sha1_final(hash + 1,ctx);
+    hash[0] = 0;

 #ifdef DEBUG_CRYPTO
-  ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
+    ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
 #endif

-  sign = malloc(sizeof(SIGNATURE));
-  if (sign == NULL) {
-    return NULL;
-  }
-
-  switch(privatekey->type) {
-    case SSH_KEYTYPE_DSS:
-#ifdef HAVE_LIBGCRYPT
-      if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
-          gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
-        ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
-        gcry_sexp_release(gcryhash);
-        signature_free(sign);
+    sign = pki_do_sign(privatekey, hash);
+    if (sign == NULL) {
        return NULL;
-      }
-#elif defined HAVE_LIBCRYPTO
-      sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
-          privatekey->dsa);
-      if (sign->dsa_sign == NULL) {
-        ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
-        signature_free(sign);
-        return NULL;
-      }
-#ifdef DEBUG_CRYPTO
-      ssh_print_bignum("r", sign->dsa_sign->r);
-      ssh_print_bignum("s", sign->dsa_sign->s);
-#endif
-#endif /* HAVE_LIBCRYPTO */
-      sign->rsa_sign = NULL;
-      break;
-    case SSH_KEYTYPE_RSA:
-#ifdef HAVE_LIBGCRYPT
-      if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
-            SHA_DIGEST_LEN, hash + 1) ||
-          gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
-        ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
-        gcry_sexp_release(gcryhash);
-        signature_free(sign);
-        return NULL;
-      }
-#elif defined HAVE_LIBCRYPTO
-      sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
-          privatekey->rsa);
-      if (sign->rsa_sign == NULL) {
-        ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
-        signature_free(sign);
-        return NULL;
-      }
-#endif
-      sign->dsa_sign = NULL;
-      break;
-    default:
-      signature_free(sign);
-      return NULL;
-  }
-#ifdef HAVE_LIBGCRYPT
-  gcry_sexp_release(gcryhash);
-#endif
+    }

-  sign->type = privatekey->type;
+    signature = signature_to_string(sign);
+    signature_free(sign);

-  signature = signature_to_string(sign);
-  signature_free(sign);
-
-  return signature;
+    return signature;
 }