version 1.74, 2022/10/28 00:41:52 |
version 1.75, 2022/10/28 00:43:08 |
|
|
} |
} |
|
|
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
int |
static int |
ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
ssh_rsa_sign(struct sshkey *key, |
const u_char *data, size_t datalen, const char *alg_ident) |
u_char **sigp, size_t *lenp, |
|
const u_char *data, size_t datalen, |
|
const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) |
{ |
{ |
const BIGNUM *rsa_n; |
const BIGNUM *rsa_n; |
u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; |
u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; |
size_t slen = 0; |
size_t slen = 0; |
u_int dlen, len; |
u_int hlen, len; |
int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
|
|
|
|
if (sigp != NULL) |
if (sigp != NULL) |
*sigp = NULL; |
*sigp = NULL; |
|
|
if (alg_ident == NULL || strlen(alg_ident) == 0) |
if (alg == NULL || strlen(alg) == 0) |
hash_alg = SSH_DIGEST_SHA1; |
hash_alg = SSH_DIGEST_SHA1; |
else |
else |
hash_alg = rsa_hash_id_from_keyname(alg_ident); |
hash_alg = rsa_hash_id_from_keyname(alg); |
if (key == NULL || key->rsa == NULL || hash_alg == -1 || |
if (key == NULL || key->rsa == NULL || hash_alg == -1 || |
sshkey_type_plain(key->type) != KEY_RSA) |
sshkey_type_plain(key->type) != KEY_RSA) |
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
|
|
|
|
/* hash the data */ |
/* hash the data */ |
nid = rsa_hash_alg_nid(hash_alg); |
nid = rsa_hash_alg_nid(hash_alg); |
if ((dlen = ssh_digest_bytes(hash_alg)) == 0) |
if ((hlen = ssh_digest_bytes(hash_alg)) == 0) |
return SSH_ERR_INTERNAL_ERROR; |
return SSH_ERR_INTERNAL_ERROR; |
if ((ret = ssh_digest_memory(hash_alg, data, datalen, |
if ((ret = ssh_digest_memory(hash_alg, data, datalen, |
digest, sizeof(digest))) != 0) |
digest, sizeof(digest))) != 0) |
|
|
goto out; |
goto out; |
} |
} |
|
|
if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) { |
if (RSA_sign(nid, digest, hlen, sig, &len, key->rsa) != 1) { |
ret = SSH_ERR_LIBCRYPTO_ERROR; |
ret = SSH_ERR_LIBCRYPTO_ERROR; |
goto out; |
goto out; |
} |
} |
|
|
return ret; |
return ret; |
} |
} |
|
|
int |
static int |
ssh_rsa_verify(const struct sshkey *key, |
ssh_rsa_verify(const struct sshkey *key, |
const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
const u_char *sig, size_t siglen, |
const char *alg) |
const u_char *data, size_t dlen, const char *alg, u_int compat, |
|
struct sshkey_sig_details **detailsp) |
{ |
{ |
const BIGNUM *rsa_n; |
const BIGNUM *rsa_n; |
char *sigtype = NULL; |
char *sigtype = NULL; |
int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; |
int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; |
size_t len = 0, diff, modlen, dlen; |
size_t len = 0, diff, modlen, hlen; |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; |
u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; |
|
|
|
|
explicit_bzero(sigblob, diff); |
explicit_bzero(sigblob, diff); |
len = modlen; |
len = modlen; |
} |
} |
if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { |
if ((hlen = ssh_digest_bytes(hash_alg)) == 0) { |
ret = SSH_ERR_INTERNAL_ERROR; |
ret = SSH_ERR_INTERNAL_ERROR; |
goto out; |
goto out; |
} |
} |
if ((ret = ssh_digest_memory(hash_alg, data, datalen, |
if ((ret = ssh_digest_memory(hash_alg, data, dlen, |
digest, sizeof(digest))) != 0) |
digest, sizeof(digest))) != 0) |
goto out; |
goto out; |
|
|
ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, |
ret = openssh_RSA_verify(hash_alg, digest, hlen, sigblob, len, |
key->rsa); |
key->rsa); |
out: |
out: |
freezero(sigblob, len); |
freezero(sigblob, len); |
|
|
/* .ssh_deserialize_public = */ ssh_rsa_deserialize_public, |
/* .ssh_deserialize_public = */ ssh_rsa_deserialize_public, |
/* .generate = */ ssh_rsa_generate, |
/* .generate = */ ssh_rsa_generate, |
/* .copy_public = */ ssh_rsa_copy_public, |
/* .copy_public = */ ssh_rsa_copy_public, |
|
/* .sign = */ ssh_rsa_sign, |
|
/* .verify = */ ssh_rsa_verify, |
}; |
}; |
|
|
const struct sshkey_impl sshkey_rsa_impl = { |
const struct sshkey_impl sshkey_rsa_impl = { |