Commit a8135dec authored by Matt Johnston's avatar Matt Johnston
Browse files

Make _sign and _verify functions take a buffer* rather than void* and int

--HG--
branch : ecc
parent b4bcc606
......@@ -40,7 +40,7 @@
/* client functions */
void cli_load_agent_keys(m_list * ret_list);
void agent_buf_sign(buffer *sigblob, sign_key *key,
const unsigned char *data, unsigned int len);
buffer *data_buf);
void cli_setup_agent(struct Channel *channel);
#ifdef __hpux
......
......@@ -269,6 +269,11 @@ void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len) {
}
/* puts an entire buffer as a SSH string. ignore pos of buf_str. */
void buf_putbufstring(buffer *buf, const buffer* buf_str) {
buf_putstring(buf, buf_str->data, buf_str->len);
}
/* put the set of len bytes into the buffer, incrementing the pos, increasing
* len if required */
void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
......
......@@ -59,6 +59,7 @@ buffer * buf_getstringbuf(buffer *buf);
void buf_eatstring(buffer *buf);
void buf_putint(buffer* buf, unsigned int val);
void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len);
void buf_putstringbuf(buffer *buf, const buffer* buf_str);
void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
void buf_putmpint(buffer* buf, mp_int * mp);
int buf_getmpint(buffer* buf, mp_int* mp);
......
......@@ -254,7 +254,7 @@ void cli_load_agent_keys(m_list *ret_list) {
}
void agent_buf_sign(buffer *sigblob, sign_key *key,
const unsigned char *data, unsigned int len) {
buffer *data_buf) {
buffer *request_data = NULL;
buffer *response = NULL;
unsigned int siglen;
......@@ -266,10 +266,10 @@ void agent_buf_sign(buffer *sigblob, sign_key *key,
string data
uint32 flags
*/
request_data = buf_new(MAX_PUBKEY_SIZE + len + 12);
request_data = buf_new(MAX_PUBKEY_SIZE + data_buf>-len + 12);
buf_put_pub_key(request_data, key, key->type);
buf_putstring(request_data, data, len);
buf_putbufstring(request_data, data_buf);
buf_putint(request_data, 0);
response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data);
......
......@@ -121,23 +121,19 @@ void recv_msg_userauth_pk_ok() {
}
void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
const unsigned char *data, unsigned int len)
{
buffer *data_buf) {
#ifdef ENABLE_CLI_AGENTFWD
if (key->source == SIGNKEY_SOURCE_AGENT) {
/* Format the agent signature ourselves, as buf_put_sign would. */
buffer *sigblob;
sigblob = buf_new(MAX_PUBKEY_SIZE);
agent_buf_sign(sigblob, key, data, len);
buf_setpos(sigblob, 0);
buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
sigblob->len);
agent_buf_sign(sigblob, key, data_buf);
buf_putbufstring(buf, sigblob);
buf_free(sigblob);
} else
#endif /* ENABLE_CLI_AGENTFWD */
{
buf_put_sign(buf, key, type, data, len);
buf_put_sign(buf, key, type, data_buf);
}
}
......@@ -174,7 +170,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
/* We put the signature as well - this contains string(session id), then
* the contents of the write payload to this point */
sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
buf_putstring(sigbuf, ses.session_id, SHA1_HASH_SIZE);
buf_putbufstring(sigbuf, ses.session_id);
buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
cli_buf_put_sign(ses.writepayload, key, type, sigbuf->data, sigbuf->len);
buf_free(sigbuf); /* Nothing confidential in the buffer */
......
......@@ -161,9 +161,7 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
#ifdef DROPBEAR_SIGNKEY_VERIFY
/* Verify a DSS signature (in buf) made on data by the key given.
* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
unsigned int len) {
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
unsigned char msghash[SHA1_HASH_SIZE];
hash_state hs;
int ret = DROPBEAR_FAILURE;
......@@ -187,7 +185,7 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data
/* hash the data */
sha1_init(&hs);
sha1_process(&hs, data, len);
sha1_process(&hs, data_buf->data, data_buf->len);
sha1_done(&hs, msghash);
/* create the signature - s' and r' are the received signatures in buf */
......@@ -260,9 +258,7 @@ out:
/* Sign the data presented with key, writing the signature contents
* to the buffer */
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
unsigned int len) {
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
unsigned char msghash[SHA1_HASH_SIZE];
unsigned int writelen;
unsigned int i;
......@@ -279,7 +275,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
/* hash the data */
sha1_init(&hs);
sha1_process(&hs, data, len);
sha1_process(&hs, data_buf->data, data_buf->len);
sha1_done(&hs, msghash);
m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
......
......@@ -43,11 +43,9 @@ typedef struct {
} dropbear_dss_key;
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
unsigned int len);
void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
#ifdef DROPBEAR_SIGNKEY_VERIFY
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
unsigned int len);
int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
#endif
int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);
......
......@@ -39,8 +39,7 @@
#ifdef DROPBEAR_RSA
static void rsa_pad_em(dropbear_rsa_key * key,
const unsigned char * data, unsigned int len,
mp_int * rsa_em);
buffer *data_buf, mp_int * rsa_em);
/* Load a public rsa key from a buffer, initialising the values.
* The key will have the same format as buf_put_rsa_key.
......@@ -213,9 +212,7 @@ void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
#ifdef DROPBEAR_SIGNKEY_VERIFY
/* Verify a signature in buf, made on data by the key given.
* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
unsigned int len) {
int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) {
unsigned int slen;
DEF_MP_INT(rsa_s);
DEF_MP_INT(rsa_mdash);
......@@ -247,7 +244,7 @@ int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* dat
}
/* create the magic PKCS padded value */
rsa_pad_em(key, data, len, &rsa_em);
rsa_pad_em(key, data_buf, &rsa_em);
if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
TRACE(("failed exptmod rsa_s"))
......@@ -270,9 +267,7 @@ out:
/* Sign the data presented with key, writing the signature contents
* to the buffer */
void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
unsigned int len) {
void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
unsigned int nsize, ssize;
unsigned int i;
DEF_MP_INT(rsa_s);
......@@ -285,7 +280,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
rsa_pad_em(key, data, len, &rsa_tmp1);
rsa_pad_em(key, data_buf, &rsa_tmp1);
/* the actual signing of the padded data */
......@@ -377,8 +372,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
* rsa_em must be a pointer to an initialised mp_int.
*/
static void rsa_pad_em(dropbear_rsa_key * key,
const unsigned char * data, unsigned int len,
mp_int * rsa_em) {
buffer *data_buf, mp_int * rsa_em) {
/* ASN1 designator (including the 0x00 preceding) */
const unsigned char rsa_asn1_magic[] =
......@@ -391,7 +385,6 @@ static void rsa_pad_em(dropbear_rsa_key * key,
unsigned int nsize;
dropbear_assert(key != NULL);
dropbear_assert(data != NULL);
nsize = mp_unsigned_bin_size(key->n);
rsa_EM = buf_new(nsize-1);
......@@ -408,7 +401,7 @@ static void rsa_pad_em(dropbear_rsa_key * key,
/* The hash of the data */
sha1_init(&hs);
sha1_process(&hs, data, len);
sha1_process(&hs, data_buf->data, data_buf->len);
sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE));
buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE);
......
......@@ -43,11 +43,9 @@ typedef struct {
} dropbear_rsa_key;
void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
unsigned int len);
void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf);
#ifdef DROPBEAR_SIGNKEY_VERIFY
int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
unsigned int len);
int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf);
#endif
int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);
......
......@@ -218,10 +218,7 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
dropbear_exit("Bad key types in buf_put_pub_key");
}
buf_setpos(pubkeys, 0);
buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len),
pubkeys->len);
buf_putbufstring(buf, pubkeys);
buf_free(pubkeys);
TRACE(("leave buf_put_pub_key"))
}
......@@ -364,28 +361,24 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
}
void buf_put_sign(buffer* buf, sign_key *key, int type,
const unsigned char *data, unsigned int len) {
buffer *data_buf) {
buffer *sigblob;
sigblob = buf_new(MAX_PUBKEY_SIZE);
#ifdef DROPBEAR_DSS
if (type == DROPBEAR_SIGNKEY_DSS) {
buf_put_dss_sign(sigblob, key->dsskey, data, len);
buf_put_dss_sign(sigblob, key->dsskey, data_buf);
}
#endif
#ifdef DROPBEAR_RSA
if (type == DROPBEAR_SIGNKEY_RSA) {
buf_put_rsa_sign(sigblob, key->rsakey, data, len);
buf_put_rsa_sign(sigblob, key->rsakey, data_buf);
}
#endif
if (sigblob->len == 0) {
dropbear_exit("Non-matching signing type");
}
buf_setpos(sigblob, 0);
buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
sigblob->len);
buf_putbufstring(buf, sigblob);
buf_free(sigblob);
}
......@@ -395,8 +388,7 @@ void buf_put_sign(buffer* buf, sign_key *key, int type,
* If FAILURE is returned, the position of
* buf is undefined. If SUCCESS is returned, buf will be positioned after the
* signature blob */
int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
unsigned int len) {
int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
unsigned int bloblen;
unsigned char * ident = NULL;
......@@ -414,7 +406,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
if (key->dsskey == NULL) {
dropbear_exit("No DSS key to verify signature");
}
return buf_dss_verify(buf, key->dsskey, data, len);
return buf_dss_verify(buf, key->dsskey, data_buf);
}
#endif
......@@ -424,7 +416,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
if (key->rsakey == NULL) {
dropbear_exit("No RSA key to verify signature");
}
return buf_rsa_verify(buf, key->rsakey, data, len);
return buf_rsa_verify(buf, key->rsakey, data_buf);
}
#endif
......
......@@ -63,11 +63,9 @@ int buf_get_priv_key(buffer* buf, sign_key *key, int *type);
void buf_put_pub_key(buffer* buf, sign_key *key, int type);
void buf_put_priv_key(buffer* buf, sign_key *key, int type);
void sign_key_free(sign_key *key);
void buf_put_sign(buffer* buf, sign_key *key, int type,
const unsigned char *data, unsigned int len);
void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf);
#ifdef DROPBEAR_SIGNKEY_VERIFY
int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
unsigned int len);
int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
#endif
int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment