lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-11-03 22:13:11 +03:00
Code Activity

Abstract RSA/DSA private key file reading and RSA/DSA signing, and

Browse Source 
implement them in openssl/libgcrypt layer.
This commit is contained in:
Simon Josefsson
2007-01-23 08:22:54 +00:00
parent 0d9a7e3c2e
commit 51b9ff0f16
5 changed files with 589 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
src/hostkey.c
View File

@@ -36,9 +36,6 @@
*/ */
#include "libssh2_priv.h" #include "libssh2_priv.h"
#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
/* Needed for struct iovec on some platforms */ /* Needed for struct iovec on some platforms */
#ifdef HAVE_SYS_UIO_H #ifdef HAVE_SYS_UIO_H
@@ -88,7 +85,8 @@ libssh2_hostkey_method_ssh_rsa_init(LIBSSH2_SESSION *session,
n_len = libssh2_ntohu32(s); s += 4; n_len = libssh2_ntohu32(s); s += 4;
n = s; s += n_len; n = s; s += n_len;
if (_libssh2_rsa_new (&rsactx, e, e_len, n, n_len)) if (_libssh2_rsa_new (&rsactx, e, e_len, n, n_len, NULL, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0))
return -1; return -1;
*abstract = rsactx; *abstract = rsactx;
@@ -97,34 +95,15 @@ libssh2_hostkey_method_ssh_rsa_init(LIBSSH2_SESSION *session,
} }
/* }}} */ /* }}} */
/* {{{ libssh2_hostkey_method_ssh_rsa_passphrase_cb
* TODO: Optionally call a passphrase callback specified by the calling program
*/
static int
libssh2_hostkey_method_ssh_rsadsa_passphrase_cb(char *buf, int size,
int rwflag, char *passphrase)
{
int passphrase_len = strlen(passphrase);
(void)rwflag;
if (passphrase_len > (size - 1)) {
passphrase_len = size - 1;
}
memcpy(buf, passphrase, passphrase_len);
buf[passphrase_len] = '\0';
return passphrase_len;
}
/* }}} */
/* {{{ libssh2_hostkey_method_ssh_rsa_initPEM /* {{{ libssh2_hostkey_method_ssh_rsa_initPEM
* Load a Private Key from a PEM file * Load a Private Key from a PEM file
*/ */
static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session, static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session,
const char *privkeyfile, unsigned const char *passphrase, void **abstract) const char *privkeyfile, unsigned const char *passphrase, void **abstract)
{ {
RSA *rsactx; libssh2_rsa_ctx *rsactx;
FILE *fp; FILE *fp;
int ret;
if (*abstract) { if (*abstract) {
libssh2_hostkey_method_ssh_rsa_dtor(session, abstract); libssh2_hostkey_method_ssh_rsa_dtor(session, abstract);
@@ -136,19 +115,11 @@ static int libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION *session,
return -1; return -1;
} }
if (!EVP_get_cipherbyname("des")) { ret = _libssh2_rsa_new_private (&rsactx, session, fp, passphrase);
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
rsactx = PEM_read_RSAPrivateKey(fp, NULL, (void*)libssh2_hostkey_method_ssh_rsadsa_passphrase_cb, (void*)passphrase);
if (!rsactx) {
fclose(fp); fclose(fp);
if (ret) {
return -1; return -1;
} }
fclose(fp);
*abstract = rsactx; *abstract = rsactx;
@@ -181,20 +152,11 @@ static int libssh2_hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION *session,
static int libssh2_hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len, static int libssh2_hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
unsigned long veccount, const struct iovec datavec[], void **abstract) unsigned long veccount, const struct iovec datavec[], void **abstract)
{ {
RSA *rsactx = (RSA*)(*abstract); libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx*)(*abstract);
int ret; int ret;
unsigned int i; unsigned int i;
unsigned char hash[SHA_DIGEST_LENGTH]; unsigned char hash[SHA_DIGEST_LENGTH];
libssh2_sha1_ctx ctx; libssh2_sha1_ctx ctx;
unsigned char *sig;
unsigned int sig_len;
sig_len = RSA_size(rsactx);
sig = LIBSSH2_ALLOC(session, sig_len);
if (!sig) {
return -1;
}
libssh2_sha1_init(&ctx); libssh2_sha1_init(&ctx);
for(i = 0; i < veccount; i++) { for(i = 0; i < veccount; i++) {
@@ -202,16 +164,12 @@ static int libssh2_hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION *session, unsign
} }
libssh2_sha1_final(ctx, hash); libssh2_sha1_final(ctx, hash);
ret = RSA_sign(NID_sha1, hash, SHA_DIGEST_LENGTH, sig, &sig_len, rsactx); ret = _libssh2_rsa_sha1_sign(session, rsactx, hash, SHA_DIGEST_LENGTH,
signature, signature_len);
if (!ret) { if (ret) {
LIBSSH2_FREE(session, sig);
return -1; return -1;
} }
*signature = sig;
*signature_len = sig_len;
return 0; return 0;
} }
/* }}} */ /* }}} */
@@ -286,7 +244,8 @@ libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session,
y_len = libssh2_ntohu32(s); s += 4; y_len = libssh2_ntohu32(s); s += 4;
y = s; s += y_len; y = s; s += y_len;
_libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len, y, y_len); _libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len,
y, y_len, NULL, 0);
*abstract = dsactx; *abstract = dsactx;
@@ -302,8 +261,9 @@ static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session,
unsigned const char *passphrase, unsigned const char *passphrase,
void **abstract) void **abstract)
{ {
DSA *dsactx; libssh2_dsa_ctx *dsactx;
FILE *fp; FILE *fp;
int ret;
if (*abstract) { if (*abstract) {
libssh2_hostkey_method_ssh_dss_dtor(session, abstract); libssh2_hostkey_method_ssh_dss_dtor(session, abstract);
@@ -315,19 +275,11 @@ static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session,
return -1; return -1;
} }
if (!EVP_get_cipherbyname("des")) { ret = _libssh2_dsa_new_private (&dsactx, session, fp, passphrase);
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
dsactx = PEM_read_DSAPrivateKey(fp, NULL, (void*)libssh2_hostkey_method_ssh_rsadsa_passphrase_cb, (void*)passphrase);
if (!dsactx) {
fclose(fp); fclose(fp);
if (ret) {
return -1; return -1;
} }
fclose(fp);
*abstract = dsactx; *abstract = dsactx;
@@ -359,11 +311,9 @@ static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, c
static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len, static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsigned char **signature, unsigned long *signature_len,
unsigned long veccount, const struct iovec datavec[], void **abstract) unsigned long veccount, const struct iovec datavec[], void **abstract)
{ {
DSA *dsactx = (DSA*)(*abstract); libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract);
DSA_SIG *sig;
unsigned char hash[SHA_DIGEST_LENGTH]; unsigned char hash[SHA_DIGEST_LENGTH];
libssh2_sha1_ctx ctx; libssh2_sha1_ctx ctx;
int r_len, s_len, rs_pad;
unsigned int i; unsigned int i;
*signature = LIBSSH2_ALLOC(session, 2 * SHA_DIGEST_LENGTH); *signature = LIBSSH2_ALLOC(session, 2 * SHA_DIGEST_LENGTH);
@@ -380,26 +330,13 @@ static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsign
} }
libssh2_sha1_final(ctx, hash); libssh2_sha1_final(ctx, hash);
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx); if (_libssh2_dsa_sha1_sign(dsactx, hash, SHA_DIGEST_LENGTH,
if (!sig) { *signature))
{
LIBSSH2_FREE(session, *signature); LIBSSH2_FREE(session, *signature);
return -1; return -1;
} }
r_len = BN_num_bytes(sig->r);
s_len = BN_num_bytes(sig->s);
rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
if (rs_pad < 0) {
DSA_SIG_free(sig);
LIBSSH2_FREE(session, *signature);
return -1;
}
BN_bn2bin(sig->r, *signature + rs_pad);
BN_bn2bin(sig->s, *signature + rs_pad + r_len);
DSA_SIG_free(sig);
return 0; return 0;
} }
/* }}} */ /* }}} */

360
src/libgcrypt.c
View File

@@ -35,18 +35,39 @@
* OF SUCH DAMAGE. * OF SUCH DAMAGE.
*/ */
#include "libgcrypt.h" #include "libssh2_priv.h"
#include <string.h>
int _libssh2_rsa_new(libssh2_rsa_ctx **rsa, int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata, const unsigned char *edata,
unsigned long elen, unsigned long elen,
const unsigned char *ndata, const unsigned char *ndata,
unsigned long nlen) unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen)
{ {
int rc; int rc;
if (ddata) {
rc = gcry_sexp_build
(rsa, NULL,
"(private-key(rsa(n%b)(e%b)(d%b)(p%b)(q%b)(u%b)))",
nlen, ndata, elen, edata, dlen, ddata, plen, pdata,
qlen, qdata, coefflen, coeffdata);
} else {
rc = gcry_sexp_build (rsa, NULL, "(public-key(rsa(n%b)(e%b)))", rc = gcry_sexp_build (rsa, NULL, "(public-key(rsa(n%b)(e%b)))",
nlen, ndata, elen, edata); nlen, ndata, elen, edata);
}
if (rc) if (rc)
{ {
*rsa = NULL; *rsa = NULL;
@@ -72,15 +93,13 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
rc = gcry_sexp_build (&s_hash, NULL, rc = gcry_sexp_build (&s_hash, NULL,
"(data (flags pkcs1) (hash sha1 %b))", "(data (flags pkcs1) (hash sha1 %b))",
SHA_DIGEST_LENGTH, hash); SHA_DIGEST_LENGTH, hash);
if (rc != 0) if (rc != 0) {
{
return -1; return -1;
} }
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s %b)))", rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s %b)))",
sig_len, sig); sig_len, sig);
if (rc != 0) if (rc != 0) {
{
gcry_sexp_release (s_hash); gcry_sexp_release (s_hash);
return -1; return -1;
} }
@@ -100,15 +119,24 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
const unsigned char *g, const unsigned char *g,
unsigned long g_len, unsigned long g_len,
const unsigned char *y, const unsigned char *y,
unsigned long y_len) unsigned long y_len,
const unsigned char *x,
unsigned long x_len)
{ {
int rc; int rc;
if (x_len) {
rc = gcry_sexp_build
(dsactx, NULL,
"(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))",
p_len, p, q_len, q, g_len, g, y_len, y, x_len, x);
} else {
rc = gcry_sexp_build (dsactx, NULL, rc = gcry_sexp_build (dsactx, NULL,
"(public-key(dsa(p%b)(q%b)(g%b)(y%b)))", "(public-key(dsa(p%b)(q%b)(g%b)(y%b)))",
p_len, p, q_len, q, g_len, g, y_len, y); p_len, p, q_len, q, g_len, g, y_len, y);
if (rc) }
{
if (rc) {
*dsactx = NULL; *dsactx = NULL;
return -1; return -1;
} }
@@ -116,6 +144,291 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
return 0; return 0;
} }
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
char *data, *save_data;
unsigned int datalen;
int err;
char *n, *e, *d, *p, *q, *e1, *e2, *coeff;
unsigned int nlen, elen, dlen, plen, qlen, e1len, e2len, coefflen;
err = _libssh2_pem_parse (session,
"-----BEGIN RSA PRIVATE KEY-----",
"-----END RSA PRIVATE KEY-----",
fp, &data, &datalen);
if (err) {
return -1;
}
save_data = data;
if (_libssh2_pem_decode_sequence (&data, &datalen)) {
return -1;
}
/* First read Version field (should be 0). */
err = _libssh2_pem_decode_integer (&data, &datalen, &n, &nlen);
if (err != 0 || (nlen != 1 && *n != '\0')) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &n, &nlen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &e, &elen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &d, &dlen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &q, &qlen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &e1, &e1len);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &e2, &e2len);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &coeff, &coefflen);
if (err != 0) {
return -1;
}
if (_libssh2_rsa_new (rsa, n, nlen, e, elen, d, dlen, p, plen,
q, qlen, e1, e1len, e2, e2len,
coeff, coefflen)) {
return -1;
}
LIBSSH2_FREE (session, save_data);
return 0;
}
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
char *data, *save_data;
unsigned int datalen;
int err;
char *p, *q, *g, *y, *x;
unsigned int plen, qlen, glen, ylen, xlen;
err = _libssh2_pem_parse (session,
"-----BEGIN DSA PRIVATE KEY-----",
"-----END DSA PRIVATE KEY-----",
fp, &data, &datalen);
if (err) {
return -1;
}
save_data = data;
if (_libssh2_pem_decode_sequence (&data, &datalen)) {
return -1;
}
/* First read Version field (should be 0). */
err = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
if (err != 0 || (plen != 1 && *p != '\0')) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &q, &qlen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &g, &glen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &y, &ylen);
if (err != 0) {
return -1;
}
err = _libssh2_pem_decode_integer (&data, &datalen, &x, &xlen);
if (err != 0) {
return -1;
}
if (datalen != 0) {
return -1;
}
if (_libssh2_dsa_new (dsa, p, plen, q, qlen,
g, glen, y, ylen, x, xlen)) {
return -1;
}
LIBSSH2_FREE (session, save_data);
return 0;
}
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_dsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len)
{
gcry_sexp_t sig_sexp;
gcry_sexp_t data;
int rc;
const char *tmp;
size_t size;
if (hash_len != SHA_DIGEST_LENGTH)
{
return -1;
}
rc = gcry_sexp_build (&data, NULL,
"(data (flags pkcs1) (hash sha1 %b))",
hash_len, hash);
if (rc != 0) {
return -1;
}
rc = gcry_pk_sign (&sig_sexp, data, rsactx);
gcry_sexp_release (data);
if (rc != 0) {
return -1;
}
data = gcry_sexp_find_token(sig_sexp, "s", 0);
if (!data) {
return -1;
}
tmp = gcry_sexp_nth_data(data, 1, &size);
if (!tmp) {
return -1;
}
if (tmp[0] == '\0') {
tmp++;
size--;
}
*signature = LIBSSH2_ALLOC(session, size);
memcpy (*signature, tmp, size);
*signature_len = size;
return rc;
}
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *sig)
{
unsigned char zhash[SHA_DIGEST_LENGTH+1];
gcry_sexp_t sig_sexp;
gcry_sexp_t data;
int rc;
const char *tmp;
size_t size;
if (hash_len != SHA_DIGEST_LENGTH)
{
return -1;
}
memcpy (zhash + 1, hash, hash_len);
zhash[0] = 0;
rc = gcry_sexp_build (&data, NULL, "(data (value %b))",
hash_len + 1, zhash);
if (rc != 0) {
return -1;
}
rc = gcry_pk_sign (&sig_sexp, data, dsactx);
gcry_sexp_release (data);
if (rc != 0) {
return -1;
}
data = gcry_sexp_find_token(sig_sexp, "r", 0);
if (!data) {
return -1;
}
tmp = gcry_sexp_nth_data(data, 1, &size);
if (!tmp) {
return -1;
}
if (tmp[0] == '\0') {
tmp++;
size--;
}
if (size != 20) {
return -1;
}
memcpy (sig, tmp, 20);
data = gcry_sexp_find_token(sig_sexp,"s",0);
if (!data) {
return -1;
}
tmp = gcry_sexp_nth_data(data, 1, &size);
if (!tmp) {
return -1;
}
if (tmp[0] == '\0') {
tmp++;
size--;
}
if (size != 20) {
return -1;
}
memcpy (sig + 20, tmp, 20);
return rc;
}
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
const unsigned char *sig, const unsigned char *sig,
@@ -133,15 +446,13 @@ int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
rc = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))", rc = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
SHA_DIGEST_LENGTH+1, hash); SHA_DIGEST_LENGTH+1, hash);
if (rc != 0) if (rc != 0) {
{
return -1; return -1;
} }
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))", rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))",
20, sig, 20, sig + 20); 20, sig, 20, sig + 20);
if (rc != 0) if (rc != 0) {
{
gcry_sexp_release (s_hash); gcry_sexp_release (s_hash);
return -1; return -1;
} }
@@ -162,34 +473,30 @@ int _libssh2_cipher_init (_libssh2_cipher_ctx *h,
int mode = 0, err; int mode = 0, err;
int keylen = gcry_cipher_get_algo_keylen (algo); int keylen = gcry_cipher_get_algo_keylen (algo);
if (algo != GCRY_CIPHER_ARCFOUR) if (algo != GCRY_CIPHER_ARCFOUR) {
{
mode = GCRY_CIPHER_MODE_CBC; mode = GCRY_CIPHER_MODE_CBC;
} }
err = gcry_cipher_open (h, algo, mode, 0); err = gcry_cipher_open (h, algo, mode, 0);
if (err) if (err) {
{
return -1; return -1;
} }
err = gcry_cipher_setkey (*h, secret, keylen); err = gcry_cipher_setkey (*h, secret, keylen);
if (err) if (err) {
{
gcry_cipher_close (*h); gcry_cipher_close (*h);
return -1; return -1;
} }
if (algo != GCRY_CIPHER_ARCFOUR) if (algo != GCRY_CIPHER_ARCFOUR) {
{
int blklen = gcry_cipher_get_algo_blklen (algo); int blklen = gcry_cipher_get_algo_blklen (algo);
err = gcry_cipher_setiv (*h, iv, blklen); err = gcry_cipher_setiv (*h, iv, blklen);
if (err) if (err) {
{
gcry_cipher_close (*h); gcry_cipher_close (*h);
return -1; return -1;
} }
} }
return 0; return 0;
} }
@@ -205,13 +512,10 @@ int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
blklen = 8; blklen = 8;
} }
if (encrypt) if (encrypt) {
{
err = gcry_cipher_encrypt (*ctx, block, blklen, err = gcry_cipher_encrypt (*ctx, block, blklen,
block, blklen); block, blklen);
} } else {
else
{
err = gcry_cipher_decrypt (*ctx, block, blklen, err = gcry_cipher_decrypt (*ctx, block, blklen,
block, blklen); block, blklen);
} }

36
src/libgcrypt.h
View File

@@ -97,12 +97,34 @@ int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata, const unsigned char *edata,
unsigned long elen, unsigned long elen,
const unsigned char *ndata, const unsigned char *ndata,
unsigned long nlen); unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen);
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase);
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig, const unsigned char *sig,
unsigned long sig_len, unsigned long sig_len,
const unsigned char *m, const unsigned char *m,
unsigned long m_len); unsigned long m_len);
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len);
#define _libssh2_rsa_free(rsactx) gcry_sexp_release (rsactx) #define _libssh2_rsa_free(rsactx) gcry_sexp_release (rsactx)
@@ -116,12 +138,22 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
const unsigned char *gdata, const unsigned char *gdata,
unsigned long glen, unsigned long glen,
const unsigned char *ydata, const unsigned char *ydata,
unsigned long ylen); unsigned long ylen,
const unsigned char *x,
unsigned long x_len);
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase);
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsa, int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsa,
const unsigned char *sig, const unsigned char *sig,
unsigned long sig_len, unsigned long sig_len,
const unsigned char *m, const unsigned char *m,
unsigned long m_len); unsigned long m_len);
int _libssh2_dsa_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *sig);
#define _libssh2_dsa_free(dsactx) gcry_sexp_release (dsactx) #define _libssh2_dsa_free(dsactx) gcry_sexp_release (dsactx)

175
src/openssl.c
View File

@@ -1,5 +1,6 @@
/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved. /* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
* Author: Simon Josefsson * Author: Simon Josefsson
* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
* *
* Redistribution and use in source and binary forms, * Redistribution and use in source and binary forms,
* with or without modification, are permitted provided * with or without modification, are permitted provided
@@ -35,20 +36,55 @@
* OF SUCH DAMAGE. * OF SUCH DAMAGE.
*/ */
#include "libssh2_priv.h"
#include <string.h> #include <string.h>
#include "openssl.h"
int _libssh2_rsa_new(libssh2_rsa_ctx **rsa, int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata, const unsigned char *edata,
unsigned long elen, unsigned long elen,
const unsigned char *ndata, const unsigned char *ndata,
unsigned long nlen) unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen)
{ {
*rsa = RSA_new(); *rsa = RSA_new();
(*rsa)->e = BN_new(); (*rsa)->e = BN_new();
BN_bin2bn(edata, elen, (*rsa)->e); BN_bin2bn(edata, elen, (*rsa)->e);
(*rsa)->n = BN_new(); (*rsa)->n = BN_new();
BN_bin2bn(ndata, nlen, (*rsa)->n); BN_bin2bn(ndata, nlen, (*rsa)->n);
if (ddata)
{
(*rsa)->d = BN_new();
BN_bin2bn(ddata, dlen, (*rsa)->d);
(*rsa)->p = BN_new();
BN_bin2bn(pdata, plen, (*rsa)->p);
(*rsa)->q = BN_new();
BN_bin2bn(qdata, qlen, (*rsa)->q);
(*rsa)->dmp1 = BN_new();
BN_bin2bn(e1data, e1len, (*rsa)->dmp1);
(*rsa)->dmq1 = BN_new();
BN_bin2bn(e2data, e2len, (*rsa)->dmq1);
(*rsa)->iqmp = BN_new();
BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp);
}
return 0; return 0;
} }
@@ -75,17 +111,29 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
const unsigned char *g, const unsigned char *g,
unsigned long g_len, unsigned long g_len,
const unsigned char *y, const unsigned char *y,
unsigned long y_len) unsigned long y_len,
const unsigned char *x,
unsigned long x_len)
{ {
*dsactx = DSA_new(); *dsactx = DSA_new();
(*dsactx)->p = BN_new(); (*dsactx)->p = BN_new();
BN_bin2bn(p, p_len, (*dsactx)->p); BN_bin2bn(p, p_len, (*dsactx)->p);
(*dsactx)->q = BN_new(); (*dsactx)->q = BN_new();
BN_bin2bn(q, q_len, (*dsactx)->q); BN_bin2bn(q, q_len, (*dsactx)->q);
(*dsactx)->g = BN_new(); (*dsactx)->g = BN_new();
BN_bin2bn(g, g_len, (*dsactx)->g); BN_bin2bn(g, g_len, (*dsactx)->g);
(*dsactx)->pub_key = BN_new(); (*dsactx)->pub_key = BN_new();
BN_bin2bn(y, y_len, (*dsactx)->pub_key); BN_bin2bn(y, y_len, (*dsactx)->pub_key);
if (x_len) {
(*dsactx)->priv_key = BN_new();
BN_bin2bn(x, x_len, (*dsactx)->priv_key);
}
return 0; return 0;
} }
@@ -140,3 +188,124 @@ int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
} }
return ret == 1 ? 0 : 1; return ret == 1 ? 0 : 1;
} }
/* TODO: Optionally call a passphrase callback specified by the
* calling program
*/
static int
passphrase_cb(char *buf, int size,
int rwflag, char *passphrase)
{
int passphrase_len = strlen(passphrase);
(void)rwflag;
if (passphrase_len > (size - 1)) {
passphrase_len = size - 1;
}
memcpy(buf, passphrase, passphrase_len);
buf[passphrase_len] = '\0';
return passphrase_len;
}
int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
*rsa = PEM_read_RSAPrivateKey(fp, NULL, (void*)passphrase_cb,
(void*)passphrase);
if (!*rsa) {
return -1;
}
return 0;
}
int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
LIBSSH2_SESSION *session,
FILE *fp,
unsigned const char *passphrase)
{
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none are.
* I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
* Someone buy me an OpenSSL manual and I'll read up on it.
*/
OpenSSL_add_all_ciphers();
}
*dsa = PEM_read_DSAPrivateKey(fp, NULL, (void*)passphrase_cb,
(void*)passphrase);
if (!*dsa) {
return -1;
}
return 0;
}
int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
libssh2_rsa_ctx *rsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char **signature,
unsigned long *signature_len)
{
int ret;
unsigned int i;
libssh2_sha1_ctx ctx;
unsigned char *sig;
unsigned int sig_len;
sig_len = RSA_size(rsactx);
sig = LIBSSH2_ALLOC(session, sig_len);
if (!sig) {
return -1;
}
ret = RSA_sign(NID_sha1, hash, hash_len, sig, &sig_len, rsactx);
if (!ret) {
LIBSSH2_FREE(session, sig);
return -1;
}
*signature = sig;
*signature_len = sig_len;
return 0;
}
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *signature)
{
DSA_SIG *sig;
int r_len, s_len, rs_pad;
sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
if (!sig) {
return -1;
}
r_len = BN_num_bytes(sig->r);
s_len = BN_num_bytes(sig->s);
rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
if (rs_pad < 0) {
DSA_SIG_free(sig);
return -1;
}
BN_bn2bin(sig->r, signature + rs_pad);
BN_bn2bin(sig->s, signature + rs_pad + r_len);
DSA_SIG_free(sig);
return 0;
}

22
src/openssl.h
View File

@@ -134,7 +134,19 @@ int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
const unsigned char *edata, const unsigned char *edata,
unsigned long elen, unsigned long elen,
const unsigned char *ndata, const unsigned char *ndata,
unsigned long nlen); unsigned long nlen,
const unsigned char *ddata,
unsigned long dlen,
const unsigned char *pdata,
unsigned long plen,
const unsigned char *qdata,
unsigned long qlen,
const unsigned char *e1data,
unsigned long e1len,
const unsigned char *e2data,
unsigned long e2len,
const unsigned char *coeffdata,
unsigned long coefflen);
int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
const unsigned char *sig, const unsigned char *sig,
unsigned long sig_len, unsigned long sig_len,
@@ -153,12 +165,18 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
const unsigned char *gdata, const unsigned char *gdata,
unsigned long glen, unsigned long glen,
const unsigned char *ydata, const unsigned char *ydata,
unsigned long ylen); unsigned long ylen,
const unsigned char *x,
unsigned long x_len);
int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
const unsigned char *sig, const unsigned char *sig,
unsigned long sig_len, unsigned long sig_len,
const unsigned char *m, const unsigned char *m,
unsigned long m_len); unsigned long m_len);
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
const unsigned char *hash,
unsigned long hash_len,
unsigned char *sig);
#define _libssh2_dsa_free(dsactx) DSA_free(dsactx) #define _libssh2_dsa_free(dsactx) DSA_free(dsactx)