pki: Add ssh_pki_export_signature_blob().
Этот коммит содержится в:
Andreas Schneider
родитель
ab0354dbb6
Коммит
4f19a304d1
@ -91,6 +91,8 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
|
||||
|
||||
ssh_string ssh_pki_export_pubkey_blob(const ssh_key key);
|
||||
|
||||
int ssh_pki_export_signature_blob(const ssh_signature sign,
|
||||
ssh_string *sign_blob);
|
||||
ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
|
||||
ssh_key privatekey);
|
||||
|
||||
@ -103,6 +105,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
|
||||
const char *passphrase,
|
||||
ssh_auth_callback auth_fn,
|
||||
void *auth_data);
|
||||
|
||||
ssh_string pki_signature_to_blob(const ssh_signature sign);
|
||||
struct signature_struct *pki_do_sign(const ssh_key privatekey,
|
||||
const unsigned char *hash);
|
||||
|
||||
|
||||
56
src/pki.c
56
src/pki.c
@ -857,6 +857,62 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
|
||||
return SSH_OK;
|
||||
}
|
||||
|
||||
int ssh_pki_export_signature_blob(const ssh_signature sig,
|
||||
ssh_string *sig_blob)
|
||||
{
|
||||
ssh_buffer buf = NULL;
|
||||
ssh_string str;
|
||||
int rc;
|
||||
|
||||
if (sig == NULL || sig_blob == NULL) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
buf = ssh_buffer_new();
|
||||
if (buf == NULL) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
str = ssh_string_from_char(ssh_key_type_to_char(sig->type));
|
||||
if (str == NULL) {
|
||||
ssh_buffer_free(buf);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
rc = buffer_add_ssh_string(buf, str);
|
||||
ssh_string_free(str);
|
||||
if (rc < 0) {
|
||||
ssh_buffer_free(buf);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
str = pki_signature_to_blob(sig);
|
||||
if (str == NULL) {
|
||||
ssh_buffer_free(buf);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
rc = buffer_add_ssh_string(buf, str);
|
||||
ssh_string_free(str);
|
||||
if (rc < 0) {
|
||||
ssh_buffer_free(buf);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
str = ssh_string_new(buffer_get_rest_len(buf));
|
||||
if (str == NULL) {
|
||||
ssh_buffer_free(buf);
|
||||
return SSH_ERROR;
|
||||
}
|
||||
|
||||
ssh_string_fill(str, buffer_get_rest(buf), buffer_get_rest_len(buf));
|
||||
ssh_buffer_free(buf);
|
||||
|
||||
*sig_blob = str;
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
* This function signs the session id (known as H) as a string then
|
||||
* the content of sigbuf */
|
||||
|
||||
@ -515,6 +515,52 @@ static ssh_string _RSA_do_sign(const unsigned char *payload,
|
||||
return sign;
|
||||
}
|
||||
|
||||
ssh_string pki_signature_to_blob(const ssh_signature sig)
|
||||
{
|
||||
char buffer[40] = {0};
|
||||
ssh_string sig_blob;
|
||||
ssh_string r;
|
||||
ssh_string s;
|
||||
|
||||
switch(sig->type) {
|
||||
case SSH_KEYTYPE_DSS:
|
||||
r = make_bignum_string(sig->dsa_sig->r);
|
||||
if (r == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
s = make_bignum_string(sig->dsa_sig->s);
|
||||
if (s == NULL) {
|
||||
ssh_string_free(r);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
memcpy(buffer,
|
||||
((char *)ssh_string_data(r)) + ssh_string_len(r) - 20,
|
||||
20);
|
||||
memcpy(buffer + 20,
|
||||
((char *)ssh_string_data(s)) + ssh_string_len(s) - 20,
|
||||
20);
|
||||
|
||||
ssh_string_free(r);
|
||||
ssh_string_free(s);
|
||||
|
||||
sig_blob = ssh_string_new(40);
|
||||
if (sig_blob == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ssh_string_fill(sig_blob, buffer, 40);
|
||||
case SSH_KEYTYPE_RSA:
|
||||
case SSH_KEYTYPE_RSA1:
|
||||
sig_blob = string_copy(sig->rsa_sig);
|
||||
case SSH_KEYTYPE_ECDSA:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
break;
|
||||
}
|
||||
|
||||
return sig_blob;
|
||||
}
|
||||
|
||||
struct signature_struct *pki_do_sign(ssh_key privatekey,
|
||||
const unsigned char *hash) {
|
||||
struct signature_struct *sign;
|
||||
|
||||
@ -1160,6 +1160,70 @@ fail:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ssh_string pki_signature_to_blob(const ssh_signature sig)
|
||||
{
|
||||
char buffer[40] = {0};
|
||||
const char *r = NULL;
|
||||
const char *s = NULL;
|
||||
gcry_sexp_t sexp;
|
||||
size_t size = 0;
|
||||
ssh_string sig_blob;
|
||||
|
||||
switch(sig->type) {
|
||||
case SSH_KEYTYPE_DSS:
|
||||
sexp = gcry_sexp_find_token(sig->dsa_sig, "r", 0);
|
||||
if (sexp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
r = gcry_sexp_nth_data(sexp, 1, &size);
|
||||
/* libgcrypt put 0 when first bit is set */
|
||||
if (*r == 0) {
|
||||
size--;
|
||||
r++;
|
||||
}
|
||||
memcpy(buffer, r + size - 20, 20);
|
||||
gcry_sexp_release(sexp);
|
||||
|
||||
sexp = gcry_sexp_find_token(sig->dsa_sig, "s", 0);
|
||||
if (sexp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
s = gcry_sexp_nth_data(sexp,1,&size);
|
||||
if (*s == 0) {
|
||||
size--;
|
||||
s++;
|
||||
}
|
||||
memcpy(buffer+ 20, s + size - 20, 20);
|
||||
gcry_sexp_release(sexp);
|
||||
break;
|
||||
case SSH_KEYTYPE_RSA:
|
||||
case SSH_KEYTYPE_RSA1:
|
||||
sexp = gcry_sexp_find_token(sig->rsa_sig, "s", 0);
|
||||
if (sexp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
s = gcry_sexp_nth_data(sexp, 1, &size);
|
||||
if (*s == 0) {
|
||||
size--;
|
||||
s++;
|
||||
}
|
||||
|
||||
sig_blob = ssh_string_new(size);
|
||||
if (sig_blob == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
ssh_string_fill(sig_blob, discard_const_p(char, s), size);
|
||||
|
||||
gcry_sexp_release(sexp);
|
||||
break;
|
||||
case SSH_KEYTYPE_ECDSA:
|
||||
case SSH_KEYTYPE_UNKNOWN:
|
||||
break;
|
||||
}
|
||||
|
||||
return sig_blob;
|
||||
}
|
||||
|
||||
struct signature_struct *pki_do_sign(ssh_key privatekey,
|
||||
const unsigned char *hash) {
|
||||
struct signature_struct *sign;
|
||||
|
||||
Загрузка…
x
Ссылка в новой задаче
Block a user