version 1.49, 2013/12/30 23:52:27 |
version 1.50, 2014/01/09 23:20:00 |
|
|
#include "compat.h" |
#include "compat.h" |
#include "misc.h" |
#include "misc.h" |
#include "ssh.h" |
#include "ssh.h" |
|
#include "digest.h" |
|
|
static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); |
static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); |
|
|
|
|
ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
const u_char *data, u_int datalen) |
const u_char *data, u_int datalen) |
{ |
{ |
const EVP_MD *evp_md; |
int hash_alg; |
EVP_MD_CTX md; |
u_char digest[SSH_DIGEST_MAX_LENGTH], *sig; |
u_char digest[EVP_MAX_MD_SIZE], *sig; |
|
u_int slen, dlen, len; |
u_int slen, dlen, len; |
int ok, nid; |
int ok, nid; |
Buffer b; |
Buffer b; |
|
|
return -1; |
return -1; |
} |
} |
|
|
|
/* hash the data */ |
|
hash_alg = SSH_DIGEST_SHA1; |
nid = NID_sha1; |
nid = NID_sha1; |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { |
error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
error("%s: bad hash algorithm %d", __func__, hash_alg); |
return -1; |
return -1; |
} |
} |
EVP_DigestInit(&md, evp_md); |
if (ssh_digest_memory(hash_alg, data, datalen, |
EVP_DigestUpdate(&md, data, datalen); |
digest, sizeof(digest)) != 0) { |
EVP_DigestFinal(&md, digest, &dlen); |
error("%s: ssh_digest_memory failed", __func__); |
|
return -1; |
|
} |
|
|
slen = RSA_size(key->rsa); |
slen = RSA_size(key->rsa); |
sig = xmalloc(slen); |
sig = xmalloc(slen); |
|
|
const u_char *data, u_int datalen) |
const u_char *data, u_int datalen) |
{ |
{ |
Buffer b; |
Buffer b; |
const EVP_MD *evp_md; |
int hash_alg; |
EVP_MD_CTX md; |
|
char *ktype; |
char *ktype; |
u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob; |
u_int len, dlen, modlen; |
u_int len, dlen, modlen; |
int rlen, ret, nid; |
int rlen, ret; |
|
|
if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
if (key == NULL || key_type_plain(key->type) != KEY_RSA || |
key->rsa == NULL) { |
key->rsa == NULL) { |
|
|
memset(sigblob, 0, diff); |
memset(sigblob, 0, diff); |
len = modlen; |
len = modlen; |
} |
} |
nid = NID_sha1; |
/* hash the data */ |
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
hash_alg = SSH_DIGEST_SHA1; |
error("%s: EVP_get_digestbynid %d failed", __func__, nid); |
if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { |
free(sigblob); |
error("%s: bad hash algorithm %d", __func__, hash_alg); |
return -1; |
return -1; |
} |
} |
EVP_DigestInit(&md, evp_md); |
if (ssh_digest_memory(hash_alg, data, datalen, |
EVP_DigestUpdate(&md, data, datalen); |
digest, sizeof(digest)) != 0) { |
EVP_DigestFinal(&md, digest, &dlen); |
error("%s: ssh_digest_memory failed", __func__); |
|
return -1; |
|
} |
|
|
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, |
|
key->rsa); |
memset(digest, 'd', sizeof(digest)); |
memset(digest, 'd', sizeof(digest)); |
memset(sigblob, 's', len); |
memset(sigblob, 's', len); |
free(sigblob); |
free(sigblob); |
|
|
}; |
}; |
|
|
static int |
static int |
openssh_RSA_verify(int type, u_char *hash, u_int hashlen, |
openssh_RSA_verify(int hash_alg, u_char *hash, u_int hashlen, |
u_char *sigbuf, u_int siglen, RSA *rsa) |
u_char *sigbuf, u_int siglen, RSA *rsa) |
{ |
{ |
u_int ret, rsasize, oidlen = 0, hlen = 0; |
u_int ret, rsasize, oidlen = 0, hlen = 0; |
|
|
u_char *decrypted = NULL; |
u_char *decrypted = NULL; |
|
|
ret = 0; |
ret = 0; |
switch (type) { |
switch (hash_alg) { |
case NID_sha1: |
case SSH_DIGEST_SHA1: |
oid = id_sha1; |
oid = id_sha1; |
oidlen = sizeof(id_sha1); |
oidlen = sizeof(id_sha1); |
hlen = 20; |
hlen = 20; |