summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
a04dfe0)
This is the first part of making the pk algorithm responsible for
understanding its signature format.
The sign function is expected to produce some bytes which (in a
moment) its companion functions will be able to parse.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
#include <gmp.h>
#include "secnet.h"
#include "util.h"
#include <gmp.h>
#include "secnet.h"
#include "util.h"
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
mpz_set_str(m, buff, 16);
}
mpz_set_str(m, buff, 16);
}
-static string_t rsa_sign(void *sst, uint8_t *data, int32_t datalen)
+static bool_t rsa_sign(void *sst, uint8_t *data, int32_t datalen,
+ struct buffer_if *msg)
{
struct rsapriv *st=sst;
MP_INT a, b, u, v, tmp, tmp2;
{
struct rsapriv *st=sst;
MP_INT a, b, u, v, tmp, tmp2;
+ string_t signature = 0;
+ bool_t ok;
mpz_init(&a);
mpz_init(&b);
mpz_init(&a);
mpz_init(&b);
signature=write_mpstring(&b);
signature=write_mpstring(&b);
+ uint8_t *op = buf_append(msg,2);
+ if (!op) { ok=False; goto out; }
+ size_t l = strlen(signature);
+ assert(l < 65536);
+ put_uint16(op, l);
+ op = buf_append(msg,l);
+ if (!op) { ok=False; goto out; }
+ memcpy(op, signature, l);
+
+ ok = True;
+
+ out:
+ free(signature);
mpz_clear(&b);
mpz_clear(&a);
mpz_clear(&b);
mpz_clear(&a);
}
static sig_checksig_fn rsa_sig_check;
}
static sig_checksig_fn rsa_sig_check;
/* SIGPRIVKEY interface */
/* SIGPRIVKEY interface */
-typedef string_t sig_makesig_fn(void *st, uint8_t *data, int32_t datalen);
+/* Appends the signature to msg.
+ * Can fail and returnn False, eg if the buffer is too small. */
+typedef bool_t sig_makesig_fn(void *st, uint8_t *data, int32_t datalen,
+ struct buffer_if *msg);
struct sigprivkey_if {
void *st;
sig_makesig_fn *sign;
struct sigprivkey_if {
void *st;
sig_makesig_fn *sign;
{
void *hst;
uint8_t *hash;
{
void *hst;
uint8_t *hash;
unsigned minor;
st->retries=st->setup_retries;
unsigned minor;
st->retries=st->setup_retries;
hst=st->hash->init();
st->hash->update(hst,st->buffer.start,st->buffer.size);
st->hash->final(hst,hash);
hst=st->hash->init();
st->hash->update(hst,st->buffer.start,st->buffer.size);
st->hash->final(hst,hash);
- sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
- buf_append_string(&st->buffer,sig);
- free(sig);
+ bool_t ok=st->privkey->sign(st->privkey->st,hash,st->hash->len,
+ &st->buffer);
+ if (!ok) goto fail;
+
+ fail:
+ free(hash);
+ return False;
}
static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
}
static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)