Support DSA verifications.

2007-01-18 07:51:41 +00:00 · 2007-01-18 07:51:41 +00:00 · e1bebf979b
commit e1bebf979b
parent 50d587e2bc
5 changed files with 154 additions and 31 deletions
--- a/src/hostkey.c
+++ b/src/hostkey.c
@ -300,7 +300,7 @@ libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session,
 				    unsigned long hostkey_data_len,
 				    void **abstract)
 {
-	DSA *dsactx;
+	libssh2_dsa_ctx *dsactx;
 	unsigned char *p, *q, *g, *y, *s;
 	unsigned long p_len, q_len, g_len, y_len, len;
 	(void)hostkey_data_len;
@ -325,15 +325,7 @@ libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session,
 	y_len = libssh2_ntohu32(s);					s += 4;
 	y = s;										s += y_len;

-	dsactx = DSA_new();
-	dsactx->p = BN_new();
-	BN_bin2bn(p, p_len, dsactx->p);
-	dsactx->q = BN_new();
-	BN_bin2bn(q, q_len, dsactx->q);
-	dsactx->g = BN_new();
-	BN_bin2bn(g, g_len, dsactx->g);
-	dsactx->pub_key = BN_new();
-	BN_bin2bn(y, y_len, dsactx->pub_key);
+	_libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len, y, y_len);

 	*abstract = dsactx;

@ -388,10 +380,7 @@ static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session,
 static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, const unsigned char *sig, unsigned long sig_len,
 																			   const unsigned char *m, unsigned long m_len, void **abstract)
 {
-	DSA *dsactx = (DSA*)(*abstract);
-	unsigned char hash[SHA_DIGEST_LENGTH];
-	DSA_SIG dsasig;
-	int ret;
+	libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract);

 	/* Skip past keyname_len(4) + keyname(7){"ssh-dss"} + signature_len(4) */
 	sig += 15; sig_len -= 15;
@ -399,15 +388,7 @@ static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, c
 		libssh2_error(session, LIBSSH2_ERROR_PROTO, "Invalid DSS signature length", 0);
 		return -1;
 	}
-	dsasig.r = BN_new();
-	BN_bin2bn(sig, 20, dsasig.r);
-	dsasig.s = BN_new();
-	BN_bin2bn(sig + 20, 20, dsasig.s);
-
-	libssh2_sha1(m, m_len, hash);
-	ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
-
-	return (ret == 1) ? 0 : -1;
+	return _libssh2_dsa_sha1_verify(dsactx, sig, sig_len, m, m_len);
 }
 /* }}} */

@ -505,10 +486,10 @@ static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsign
 static int libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION *session,
 					       void **abstract)
 {
-	DSA *dsactx = (DSA*)(*abstract);
+	libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract);
 	(void)session;

-	DSA_free(dsactx);
+	_libssh2_dsa_free(dsactx);

 	*abstract = NULL;

--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@ -91,3 +91,63 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,

 	return (rc == 0) ? 0 : -1;
 }
+
+int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
+		     const unsigned char *p,
+		     unsigned long p_len,
+		     const unsigned char *q,
+		     unsigned long q_len,
+		     const unsigned char *g,
+		     unsigned long g_len,
+		     const unsigned char *y,
+		     unsigned long y_len)
+{
+  int rc;
+
+  rc = gcry_sexp_build (dsactx, NULL, "(public-key(dsa(p%b)(q%b)(g%b)(y%b)))",
+			p_len, p, q_len, q, g_len, g, y_len, y);
+  if (rc)
+    {
+      *dsactx = NULL;
+      return -1;
+    }
+
+  return 0;
+}
+
+
+int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
+			     const unsigned char *sig,
+			     unsigned long sig_len,
+			     const unsigned char *m,
+			     unsigned long m_len)
+{
+  unsigned char hash[SHA_DIGEST_LENGTH+1];
+  int ret;
+  gcry_sexp_t s_sig, s_hash;
+  int rc = -1;
+
+  libssh2_sha1(m, m_len, hash+1);
+  hash[0] = 0;
+
+  rc = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
+			SHA_DIGEST_LENGTH+1, hash);
+  if (rc != 0)
+    {
+      return -1;
+    }
+
+  rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))",
+			20, sig, 20, sig + 20);
+  if (rc != 0)
+    {
+      gcry_sexp_release (s_hash);
+      return -1;
+    }
+
+  rc = gcry_pk_verify (s_sig, s_hash, dsactx);
+  gcry_sexp_release (s_sig);
+  gcry_sexp_release (s_hash);
+
+  return (rc == 0) ? 0 : -1;
+}
--- a/src/libgcrypt.h
+++ b/src/libgcrypt.h
@ -105,3 +105,22 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
 			     unsigned long m_len);

 #define _libssh2_rsa_free(rsactx)  gcry_sexp_release (rsactx)
+
+#define libssh2_dsa_ctx struct gcry_sexp
+
+int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
+		     const unsigned char *pdata,
+		     unsigned long plen,
+		     const unsigned char *qdata,
+		     unsigned long qlen,
+		     const unsigned char *gdata,
+		     unsigned long glen,
+		     const unsigned char *ydata,
+		     unsigned long ylen);
+int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsa,
+			     const unsigned char *sig,
+			     unsigned long sig_len,
+			     const unsigned char *m,
+			     unsigned long m_len);
+
+#define _libssh2_dsa_free(dsactx)  gcry_sexp_release (dsactx)
--- a/src/openssl.c
+++ b/src/openssl.c
@ -37,17 +37,18 @@

 #include "openssl.h"

-void _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
-		      const unsigned char *edata,
-		      unsigned long elen,
-		      const unsigned char *ndata,
-		      unsigned long nlen)
+int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
+		     const unsigned char *edata,
+		     unsigned long elen,
+		     const unsigned char *ndata,
+		     unsigned long nlen)
 {
 	*rsa = RSA_new();
 	(*rsa)->e = BN_new();
 	BN_bin2bn(edata, elen, (*rsa)->e);
 	(*rsa)->n = BN_new();
 	BN_bin2bn(ndata, nlen, (*rsa)->n);
+	return 0;
 }

 int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsactx,
@ -64,3 +65,46 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsactx,
 			 (unsigned char *)sig, sig_len, rsactx);
 	return (ret == 1) ? 0 : -1;
 }
+
+int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
+		     const unsigned char *p,
+		     unsigned long p_len,
+		     const unsigned char *q,
+		     unsigned long q_len,
+		     const unsigned char *g,
+		     unsigned long g_len,
+		     const unsigned char *y,
+		     unsigned long y_len)
+{
+	*dsactx = DSA_new();
+	(*dsactx)->p = BN_new();
+	BN_bin2bn(p, p_len, (*dsactx)->p);
+	(*dsactx)->q = BN_new();
+	BN_bin2bn(q, q_len, (*dsactx)->q);
+	(*dsactx)->g = BN_new();
+	BN_bin2bn(g, g_len, (*dsactx)->g);
+	(*dsactx)->pub_key = BN_new();
+	BN_bin2bn(y, y_len, (*dsactx)->pub_key);
+	return 0;
+}
+
+int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
+			     const unsigned char *sig,
+			     unsigned long sig_len,
+			     const unsigned char *m,
+			     unsigned long m_len)
+{
+	unsigned char hash[SHA_DIGEST_LENGTH];
+	DSA_SIG dsasig;
+	int ret;
+
+	dsasig.r = BN_new();
+	BN_bin2bn(sig, 20, dsasig.r);
+	dsasig.s = BN_new();
+	BN_bin2bn(sig + 20, 20, dsasig.s);
+
+	libssh2_sha1(m, m_len, hash);
+	ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
+
+	return (ret == 1) ? 0 : -1;
+}
--- a/src/openssl.h
+++ b/src/openssl.h
@ -130,7 +130,7 @@

 #define libssh2_rsa_ctx RSA

-void _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
+int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
 		      const unsigned char *edata,
 		      unsigned long elen,
 		      const unsigned char *ndata,
@ -142,3 +142,22 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
 			     unsigned long m_len);

 #define _libssh2_rsa_free(rsactx) RSA_free(rsactx)
+
+#define libssh2_dsa_ctx DSA
+
+int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
+		     const unsigned char *pdata,
+		     unsigned long plen,
+		     const unsigned char *qdata,
+		     unsigned long qlen,
+		     const unsigned char *gdata,
+		     unsigned long glen,
+		     const unsigned char *ydata,
+		     unsigned long ylen);
+int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
+			     const unsigned char *sig,
+			     unsigned long sig_len,
+			     const unsigned char *m,
+			     unsigned long m_len);
+
+#define _libssh2_dsa_free(dsactx) DSA_free(dsactx)