keys: Remove obsolete ssh_do_sign().
Этот коммит содержится в:
Andreas Schneider
родитель
c5643c0967
Коммит
1a56892e9f
@ -71,12 +71,7 @@ ssh_public_key publickey_make_dss(ssh_session session, ssh_buffer buffer);
|
||||
ssh_public_key publickey_make_rsa(ssh_session session, ssh_buffer buffer, int type);
|
||||
ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s);
|
||||
ssh_string signature_to_string(SIGNATURE *sign);
|
||||
#if defined HAVE_LIBCRYPTO
|
||||
ssh_string RSA_do_sign(const unsigned char *payload, int len, RSA *privkey);
|
||||
#endif
|
||||
SIGNATURE *signature_from_string(ssh_session session, ssh_string signature,ssh_public_key pubkey,int needed_type);
|
||||
void signature_free(SIGNATURE *sign);
|
||||
ssh_string ssh_do_sign(ssh_session session,ssh_buffer sigbuf,
|
||||
ssh_private_key privatekey);
|
||||
|
||||
#endif /* KEYS_H_ */
|
||||
|
||||
140
src/keys.c
140
src/keys.c
@ -295,146 +295,6 @@ void signature_free(SIGNATURE *sign) {
|
||||
SAFE_FREE(sign);
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBCRYPTO
|
||||
/*
|
||||
* Maybe the missing function from libcrypto
|
||||
*
|
||||
* I think now, maybe it's a bad idea to name it has it should have be
|
||||
* named in libcrypto
|
||||
*/
|
||||
ssh_string RSA_do_sign(const unsigned char *payload, int len, RSA *privkey) {
|
||||
ssh_string sign = NULL;
|
||||
unsigned char *buffer = NULL;
|
||||
unsigned int size;
|
||||
|
||||
buffer = malloc(RSA_size(privkey));
|
||||
if (buffer == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (RSA_sign(NID_sha1, payload, len, buffer, &size, privkey) == 0) {
|
||||
SAFE_FREE(buffer);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
sign = ssh_string_new(size);
|
||||
if (sign == NULL) {
|
||||
SAFE_FREE(buffer);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ssh_string_fill(sign, buffer, size);
|
||||
SAFE_FREE(buffer);
|
||||
|
||||
return sign;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This function signs the session id (known as H) as a string then
|
||||
* the content of sigbuf */
|
||||
ssh_string ssh_do_sign(ssh_session session, ssh_buffer sigbuf,
|
||||
ssh_private_key privatekey) {
|
||||
struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
|
||||
session->next_crypto;
|
||||
unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
|
||||
ssh_string session_str = NULL;
|
||||
ssh_string signature = NULL;
|
||||
SIGNATURE *sign = NULL;
|
||||
SHACTX ctx = NULL;
|
||||
#ifdef HAVE_LIBGCRYPT
|
||||
gcry_sexp_t gcryhash;
|
||||
#endif
|
||||
|
||||
session_str = ssh_string_new(crypto->digest_len);
|
||||
if (session_str == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
ssh_string_fill(session_str, crypto->session_id, crypto->digest_len);
|
||||
|
||||
ctx = sha1_init();
|
||||
if (ctx == NULL) {
|
||||
ssh_string_free(session_str);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
sha1_update(ctx, session_str, ssh_string_len(session_str) + 4);
|
||||
ssh_string_free(session_str);
|
||||
sha1_update(ctx, buffer_get_rest(sigbuf), buffer_get_rest_len(sigbuf));
|
||||
sha1_final(hash + 1,ctx);
|
||||
hash[0] = 0;
|
||||
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN);
|
||||
#endif
|
||||
|
||||
sign = malloc(sizeof(SIGNATURE));
|
||||
if (sign == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
switch(privatekey->type) {
|
||||
case SSH_KEYTYPE_DSS:
|
||||
#ifdef HAVE_LIBGCRYPT
|
||||
if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) ||
|
||||
gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa_priv)) {
|
||||
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
|
||||
gcry_sexp_release(gcryhash);
|
||||
signature_free(sign);
|
||||
return NULL;
|
||||
}
|
||||
#elif defined HAVE_LIBCRYPTO
|
||||
sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN,
|
||||
privatekey->dsa_priv);
|
||||
if (sign->dsa_sign == NULL) {
|
||||
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
|
||||
signature_free(sign);
|
||||
return NULL;
|
||||
}
|
||||
#ifdef DEBUG_CRYPTO
|
||||
ssh_print_bignum("r", sign->dsa_sign->r);
|
||||
ssh_print_bignum("s", sign->dsa_sign->s);
|
||||
#endif
|
||||
#endif /* HAVE_LIBCRYPTO */
|
||||
sign->rsa_sign = NULL;
|
||||
break;
|
||||
case SSH_KEYTYPE_RSA:
|
||||
#ifdef HAVE_LIBGCRYPT
|
||||
if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
|
||||
SHA_DIGEST_LEN, hash + 1) ||
|
||||
gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa_priv)) {
|
||||
ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error");
|
||||
gcry_sexp_release(gcryhash);
|
||||
signature_free(sign);
|
||||
return NULL;
|
||||
}
|
||||
#elif defined HAVE_LIBCRYPTO
|
||||
sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN,
|
||||
privatekey->rsa_priv);
|
||||
if (sign->rsa_sign == NULL) {
|
||||
ssh_set_error(session, SSH_FATAL, "Signing: openssl error");
|
||||
signature_free(sign);
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
sign->dsa_sign = NULL;
|
||||
break;
|
||||
default:
|
||||
signature_free(sign);
|
||||
return NULL;
|
||||
}
|
||||
#ifdef HAVE_LIBGCRYPT
|
||||
gcry_sexp_release(gcryhash);
|
||||
#endif
|
||||
|
||||
sign->type = privatekey->type;
|
||||
|
||||
signature = signature_to_string(sign);
|
||||
signature_free(sign);
|
||||
|
||||
return signature;
|
||||
}
|
||||
|
||||
/** @} */
|
||||
|
||||
/* vim: set ts=4 sw=4 et cindent: */
|
||||
|
||||
Загрузка…
x
Ссылка в новой задаче
Block a user