version 1.129, 2022/10/28 00:41:52 |
version 1.130, 2022/10/28 00:43:08 |
|
|
{ |
{ |
int was_shielded = sshkey_is_shielded(key); |
int was_shielded = sshkey_is_shielded(key); |
int r2, r = SSH_ERR_INTERNAL_ERROR; |
int r2, r = SSH_ERR_INTERNAL_ERROR; |
|
const struct sshkey_impl *impl; |
|
|
if (sigp != NULL) |
if (sigp != NULL) |
*sigp = NULL; |
*sigp = NULL; |
|
|
*lenp = 0; |
*lenp = 0; |
if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
|
if ((impl = sshkey_impl_from_key(key)) == NULL) |
|
return SSH_ERR_KEY_TYPE_UNKNOWN; |
if ((r = sshkey_unshield_private(key)) != 0) |
if ((r = sshkey_unshield_private(key)) != 0) |
return r; |
return r; |
switch (key->type) { |
if (sshkey_is_sk(key)) { |
#ifdef WITH_OPENSSL |
|
case KEY_DSA_CERT: |
|
case KEY_DSA: |
|
r = ssh_dss_sign(key, sigp, lenp, data, datalen, compat); |
|
break; |
|
case KEY_ECDSA_CERT: |
|
case KEY_ECDSA: |
|
r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); |
|
break; |
|
case KEY_RSA_CERT: |
|
case KEY_RSA: |
|
r = ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); |
|
break; |
|
#endif /* WITH_OPENSSL */ |
|
case KEY_ED25519: |
|
case KEY_ED25519_CERT: |
|
r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); |
|
break; |
|
case KEY_ED25519_SK: |
|
case KEY_ED25519_SK_CERT: |
|
case KEY_ECDSA_SK_CERT: |
|
case KEY_ECDSA_SK: |
|
r = sshsk_sign(sk_provider, key, sigp, lenp, data, |
r = sshsk_sign(sk_provider, key, sigp, lenp, data, |
datalen, compat, sk_pin); |
datalen, compat, sk_pin); |
break; |
} else { |
#ifdef WITH_XMSS |
if (impl->funcs->sign == NULL) |
case KEY_XMSS: |
r = SSH_ERR_SIGN_ALG_UNSUPPORTED; |
case KEY_XMSS_CERT: |
else { |
r = ssh_xmss_sign(key, sigp, lenp, data, datalen, compat); |
r = impl->funcs->sign(key, sigp, lenp, data, datalen, |
break; |
alg, sk_provider, sk_pin, compat); |
#endif /* WITH_XMSS */ |
} |
default: |
|
r = SSH_ERR_KEY_TYPE_UNKNOWN; |
|
break; |
|
} |
} |
if (was_shielded && (r2 = sshkey_shield_private(key)) != 0) |
if (was_shielded && (r2 = sshkey_shield_private(key)) != 0) |
return r2; |
return r2; |
|
|
const u_char *data, size_t dlen, const char *alg, u_int compat, |
const u_char *data, size_t dlen, const char *alg, u_int compat, |
struct sshkey_sig_details **detailsp) |
struct sshkey_sig_details **detailsp) |
{ |
{ |
|
const struct sshkey_impl *impl; |
|
|
if (detailsp != NULL) |
if (detailsp != NULL) |
*detailsp = NULL; |
*detailsp = NULL; |
if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) |
return SSH_ERR_INVALID_ARGUMENT; |
return SSH_ERR_INVALID_ARGUMENT; |
switch (key->type) { |
if ((impl = sshkey_impl_from_key(key)) == NULL) |
#ifdef WITH_OPENSSL |
|
case KEY_DSA_CERT: |
|
case KEY_DSA: |
|
return ssh_dss_verify(key, sig, siglen, data, dlen, compat); |
|
case KEY_ECDSA_CERT: |
|
case KEY_ECDSA: |
|
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
|
case KEY_ECDSA_SK_CERT: |
|
case KEY_ECDSA_SK: |
|
return ssh_ecdsa_sk_verify(key, sig, siglen, data, dlen, |
|
compat, detailsp); |
|
case KEY_RSA_CERT: |
|
case KEY_RSA: |
|
return ssh_rsa_verify(key, sig, siglen, data, dlen, alg); |
|
#endif /* WITH_OPENSSL */ |
|
case KEY_ED25519: |
|
case KEY_ED25519_CERT: |
|
return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat); |
|
case KEY_ED25519_SK: |
|
case KEY_ED25519_SK_CERT: |
|
return ssh_ed25519_sk_verify(key, sig, siglen, data, dlen, |
|
compat, detailsp); |
|
#ifdef WITH_XMSS |
|
case KEY_XMSS: |
|
case KEY_XMSS_CERT: |
|
return ssh_xmss_verify(key, sig, siglen, data, dlen, compat); |
|
#endif /* WITH_XMSS */ |
|
default: |
|
return SSH_ERR_KEY_TYPE_UNKNOWN; |
return SSH_ERR_KEY_TYPE_UNKNOWN; |
} |
return impl->funcs->verify(key, sig, siglen, data, dlen, |
|
alg, compat, detailsp); |
} |
} |
|
|
/* Convert a plain key to their _CERT equivalent */ |
/* Convert a plain key to their _CERT equivalent */ |