lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

pki: Add pki_do_sign().

Browse Source
This commit is contained in:
Andreas Schneider
2011-08-07 18:22:19 +02:00
parent 38d00c0e7a
commit f81444bd57
5 changed files with 125 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/libssh/libgcrypt.h
View File

@@ -37,7 +37,9 @@ typedef gcry_md_hd_t HMACCTX;
#define SHA384_DIGEST_LENGTH 48 #define SHA384_DIGEST_LENGTH 48
#define SHA512_DIGEST_LENGTH 64 #define SHA512_DIGEST_LENGTH 64
#ifndef EVP_MAX_MD_SIZE
#define EVP_MAX_MD_SIZE 36 #define EVP_MAX_MD_SIZE 36
#endif
typedef gcry_mpi_t bignum; typedef gcry_mpi_t bignum;

2
include/libssh/pki.h
View File

@@ -62,5 +62,7 @@ ssh_key pki_private_key_from_base64(ssh_session session,
const char *b64_key, const char *b64_key,
const char *passphrase); const char *passphrase);
ssh_key pki_publickey_from_privatekey(ssh_key privkey); ssh_key pki_publickey_from_privatekey(ssh_key privkey);
struct signature_struct *pki_do_sign(ssh_key privatekey,
const unsigned char *hash);
#endif /* PKI_H_ */ #endif /* PKI_H_ */

123
src/pki.c
View File

@@ -354,108 +354,49 @@ ssh_key ssh_pki_publickey_from_privatekey(ssh_key privkey) {
* the content of sigbuf */ * the content of sigbuf */
ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf, ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
ssh_key privatekey) { ssh_key privatekey) {
struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto : struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
session->next_crypto; session->next_crypto;
unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
ssh_string session_str = NULL; ssh_string session_str = NULL;
ssh_string signature = NULL; ssh_string signature = NULL;
SIGNATURE *sign = NULL; struct signature_struct *sign = NULL;
SHACTX ctx = NULL; SHACTX ctx = NULL;
#ifdef HAVE_LIBGCRYPT
gcry_sexp_t gcryhash;
#endif
if(privatekey == NULL || !ssh_key_is_private(privatekey)) { if (privatekey == NULL || !ssh_key_is_private(privatekey)) {
return NULL; return NULL;
} }
session_str = ssh_string_new(SHA_DIGEST_LEN); session_str = ssh_string_new(SHA_DIGEST_LEN);
if (session_str == NULL) { if (session_str == NULL) {
return NULL; return NULL;
} }
ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN); ssh_string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN);
ctx = sha1_init(); ctx = sha1_init();
if (ctx == NULL) { if (ctx == NULL) {
ssh_string_free(session_str);
return NULL;
}
sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
ssh_string_free(session_str); ssh_string_free(session_str);
return NULL; sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
} sha1_final(hash + 1,ctx);
hash[0] = 0;
sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
ssh_string_free(session_str);
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
sha1_final(hash + 1,ctx);
hash[0] = 0;
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN); ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
#endif #endif
sign = malloc(sizeof(SIGNATURE)); sign = pki_do_sign(privatekey, hash);
if (sign == NULL) { if (sign == NULL) {
return NULL;
}
switch(privatekey->type) {
case SSH_KEYTYPE_DSS:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL; return NULL;
} }
#elif defined HAVE_LIBCRYPTO
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa);
if (sign->dsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r", sign->dsa_sign->r);
ssh_print_bignum("s", sign->dsa_sign->s);
#endif
#endif /* HAVE_LIBCRYPTO */
sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
#ifdef HAVE_LIBGCRYPT
if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
SHA_DIGEST_LEN, hash + 1) ||
gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
#elif defined HAVE_LIBCRYPTO
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa);
if (sign->rsa_sign == NULL) {
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
signature_free(sign);
return NULL;
}
#endif
sign->dsa_sign = NULL;
break;
default:
signature_free(sign);
return NULL;
}
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(gcryhash);
#endif
sign->type = privatekey->type; signature = signature_to_string(sign);
signature_free(sign);
signature = signature_to_string(sign); return signature;
signature_free(sign);
return signature;
} }

46
src/pki_crypto.c
View File

@@ -35,6 +35,7 @@
#include "libssh/session.h" #include "libssh/session.h"
#include "libssh/callbacks.h" #include "libssh/callbacks.h"
#include "libssh/pki.h" #include "libssh/pki.h"
#include "libssh/keys.h"
static int pem_get_password(char *buf, int size, int rwflag, void *userdata) { static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
ssh_session session = userdata; ssh_session session = userdata;
@@ -218,4 +219,49 @@ fail:
return NULL; return NULL;
} }
struct signature_struct *pki_do_sign(ssh_key privatekey,
const unsigned char *hash) {
struct signature_struct *sign;
sign = malloc(sizeof(SIGNATURE));
if (sign == NULL) {
return NULL;
}
sign->type = privatekey->type;
switch(privatekey->type) {
case SSH_KEYTYPE_DSS:
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->dsa);
if (sign->dsa_sign == NULL) {
signature_free(sign);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_bignum("r", sign->dsa_sign->r);
ssh_print_bignum("s", sign->dsa_sign->s);
#endif
sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
privatekey->rsa);
if (sign->rsa_sign == NULL) {
signature_free(sign);
return NULL;
}
sign->dsa_sign = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
signature_free(sign);
return NULL;
}
return sign;
}
#endif /* _PKI_CRYPTO_H */ #endif /* _PKI_CRYPTO_H */

43
src/pki_gcrypt.c
View File

@@ -856,6 +856,49 @@ fail:
return NULL; return NULL;
} }
struct signature_struct *pki_do_sign(ssh_key privatekey,
const unsigned char *hash) {
struct signature_struct *sign;
gcry_sexp_t gcryhash;
sign = malloc(sizeof(SIGNATURE));
if (sign == NULL) {
return NULL;
}
sign->type = privatekey->type;
switch(privatekey->type) {
case SSH_KEYTYPE_DSS:
if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa)) {
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
sign->rsa_sign = NULL;
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
SHA_DIGEST_LEN, hash + 1) ||
gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa)) {
gcry_sexp_release(gcryhash);
signature_free(sign);
return NULL;
}
sign->dsa_sign = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
signature_free(sign);
return NULL;
}
gcry_sexp_release(gcryhash);
return sign;
}
#endif /* HAVE_LIBGCRYPT */ #endif /* HAVE_LIBGCRYPT */
/** /**