| version 1.110, 2020/06/24 15:07:33 |
version 1.111, 2020/08/27 01:06:19 |
|
|
| sshkey_sign(struct sshkey *key, |
sshkey_sign(struct sshkey *key, |
| u_char **sigp, size_t *lenp, |
u_char **sigp, size_t *lenp, |
| const u_char *data, size_t datalen, |
const u_char *data, size_t datalen, |
| const char *alg, const char *sk_provider, u_int compat) |
const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) |
| { |
{ |
| int was_shielded = sshkey_is_shielded(key); |
int was_shielded = sshkey_is_shielded(key); |
| int r2, r = SSH_ERR_INTERNAL_ERROR; |
int r2, r = SSH_ERR_INTERNAL_ERROR; |
|
|
| case KEY_ECDSA_SK_CERT: |
case KEY_ECDSA_SK_CERT: |
| case KEY_ECDSA_SK: |
case KEY_ECDSA_SK: |
| r = sshsk_sign(sk_provider, key, sigp, lenp, data, |
r = sshsk_sign(sk_provider, key, sigp, lenp, data, |
| datalen, compat, /* XXX PIN */ NULL); |
datalen, compat, sk_pin); |
| break; |
break; |
| #ifdef WITH_XMSS |
#ifdef WITH_XMSS |
| case KEY_XMSS: |
case KEY_XMSS: |
|
|
| /* Sign a certified key, (re-)generating the signed certblob. */ |
/* Sign a certified key, (re-)generating the signed certblob. */ |
| int |
int |
| sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, |
sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, |
| const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx) |
const char *sk_provider, const char *sk_pin, |
| |
sshkey_certify_signer *signer, void *signer_ctx) |
| { |
{ |
| struct sshbuf *principals = NULL; |
struct sshbuf *principals = NULL; |
| u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; |
u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; |
|
|
| |
|
| /* Sign the whole mess */ |
/* Sign the whole mess */ |
| if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
| sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0) |
sshbuf_len(cert), alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) |
| goto out; |
goto out; |
| /* Check and update signature_type against what was actually used */ |
/* Check and update signature_type against what was actually used */ |
| if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) |
if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0) |
|
|
| static int |
static int |
| default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, |
default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp, |
| const u_char *data, size_t datalen, |
const u_char *data, size_t datalen, |
| const char *alg, const char *sk_provider, u_int compat, void *ctx) |
const char *alg, const char *sk_provider, const char *sk_pin, |
| |
u_int compat, void *ctx) |
| { |
{ |
| if (ctx != NULL) |
if (ctx != NULL) |
| return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
| return sshkey_sign(key, sigp, lenp, data, datalen, alg, |
return sshkey_sign(key, sigp, lenp, data, datalen, alg, |
| sk_provider, compat); |
sk_provider, sk_pin, compat); |
| } |
} |
| |
|
| int |
int |
| sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, |
sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg, |
| const char *sk_provider) |
const char *sk_provider, const char *sk_pin) |
| { |
{ |
| return sshkey_certify_custom(k, ca, alg, sk_provider, |
return sshkey_certify_custom(k, ca, alg, sk_provider, sk_pin, |
| default_key_sign, NULL); |
default_key_sign, NULL); |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to sshkey.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh