diff --git a/src/hostkey.c b/src/hostkey.c index 1b9ff3e..d109f32 100644 --- a/src/hostkey.c +++ b/src/hostkey.c @@ -300,7 +300,7 @@ libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session, unsigned long hostkey_data_len, void **abstract) { - DSA *dsactx; + libssh2_dsa_ctx *dsactx; unsigned char *p, *q, *g, *y, *s; unsigned long p_len, q_len, g_len, y_len, len; (void)hostkey_data_len; @@ -325,15 +325,7 @@ libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION *session, y_len = libssh2_ntohu32(s); s += 4; y = s; s += y_len; - dsactx = DSA_new(); - dsactx->p = BN_new(); - BN_bin2bn(p, p_len, dsactx->p); - dsactx->q = BN_new(); - BN_bin2bn(q, q_len, dsactx->q); - dsactx->g = BN_new(); - BN_bin2bn(g, g_len, dsactx->g); - dsactx->pub_key = BN_new(); - BN_bin2bn(y, y_len, dsactx->pub_key); + _libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len, y, y_len); *abstract = dsactx; @@ -388,10 +380,7 @@ static int libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION *session, static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, const unsigned char *sig, unsigned long sig_len, const unsigned char *m, unsigned long m_len, void **abstract) { - DSA *dsactx = (DSA*)(*abstract); - unsigned char hash[SHA_DIGEST_LENGTH]; - DSA_SIG dsasig; - int ret; + libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract); /* Skip past keyname_len(4) + keyname(7){"ssh-dss"} + signature_len(4) */ sig += 15; sig_len -= 15; @@ -399,15 +388,7 @@ static int libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION *session, c libssh2_error(session, LIBSSH2_ERROR_PROTO, "Invalid DSS signature length", 0); return -1; } - dsasig.r = BN_new(); - BN_bin2bn(sig, 20, dsasig.r); - dsasig.s = BN_new(); - BN_bin2bn(sig + 20, 20, dsasig.s); - - libssh2_sha1(m, m_len, hash); - ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx); - - return (ret == 1) ? 0 : -1; + return _libssh2_dsa_sha1_verify(dsactx, sig, sig_len, m, m_len); } /* }}} */ @@ -505,10 +486,10 @@ static int libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION *session, unsign static int libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION *session, void **abstract) { - DSA *dsactx = (DSA*)(*abstract); + libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx*)(*abstract); (void)session; - DSA_free(dsactx); + _libssh2_dsa_free(dsactx); *abstract = NULL; diff --git a/src/libgcrypt.c b/src/libgcrypt.c index 374a27c..9293fa9 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c @@ -91,3 +91,63 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, return (rc == 0) ? 0 : -1; } + +int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx, + const unsigned char *p, + unsigned long p_len, + const unsigned char *q, + unsigned long q_len, + const unsigned char *g, + unsigned long g_len, + const unsigned char *y, + unsigned long y_len) +{ + int rc; + + rc = gcry_sexp_build (dsactx, NULL, "(public-key(dsa(p%b)(q%b)(g%b)(y%b)))", + p_len, p, q_len, q, g_len, g, y_len, y); + if (rc) + { + *dsactx = NULL; + return -1; + } + + return 0; +} + + +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len) +{ + unsigned char hash[SHA_DIGEST_LENGTH+1]; + int ret; + gcry_sexp_t s_sig, s_hash; + int rc = -1; + + libssh2_sha1(m, m_len, hash+1); + hash[0] = 0; + + rc = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))", + SHA_DIGEST_LENGTH+1, hash); + if (rc != 0) + { + return -1; + } + + rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))", + 20, sig, 20, sig + 20); + if (rc != 0) + { + gcry_sexp_release (s_hash); + return -1; + } + + rc = gcry_pk_verify (s_sig, s_hash, dsactx); + gcry_sexp_release (s_sig); + gcry_sexp_release (s_hash); + + return (rc == 0) ? 0 : -1; +} diff --git a/src/libgcrypt.h b/src/libgcrypt.h index a9936c0..137604a 100644 --- a/src/libgcrypt.h +++ b/src/libgcrypt.h @@ -105,3 +105,22 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, unsigned long m_len); #define _libssh2_rsa_free(rsactx) gcry_sexp_release (rsactx) + +#define libssh2_dsa_ctx struct gcry_sexp + +int _libssh2_dsa_new(libssh2_dsa_ctx **dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen); +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsa, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len); + +#define _libssh2_dsa_free(dsactx) gcry_sexp_release (dsactx) diff --git a/src/openssl.c b/src/openssl.c index 34393d9..bfe6382 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -37,17 +37,18 @@ #include "openssl.h" -void _libssh2_rsa_new(libssh2_rsa_ctx **rsa, - const unsigned char *edata, - unsigned long elen, - const unsigned char *ndata, - unsigned long nlen) +int _libssh2_rsa_new(libssh2_rsa_ctx **rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen) { *rsa = RSA_new(); (*rsa)->e = BN_new(); BN_bin2bn(edata, elen, (*rsa)->e); (*rsa)->n = BN_new(); BN_bin2bn(ndata, nlen, (*rsa)->n); + return 0; } int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsactx, @@ -64,3 +65,46 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsactx, (unsigned char *)sig, sig_len, rsactx); return (ret == 1) ? 0 : -1; } + +int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx, + const unsigned char *p, + unsigned long p_len, + const unsigned char *q, + unsigned long q_len, + const unsigned char *g, + unsigned long g_len, + const unsigned char *y, + unsigned long y_len) +{ + *dsactx = DSA_new(); + (*dsactx)->p = BN_new(); + BN_bin2bn(p, p_len, (*dsactx)->p); + (*dsactx)->q = BN_new(); + BN_bin2bn(q, q_len, (*dsactx)->q); + (*dsactx)->g = BN_new(); + BN_bin2bn(g, g_len, (*dsactx)->g); + (*dsactx)->pub_key = BN_new(); + BN_bin2bn(y, y_len, (*dsactx)->pub_key); + return 0; +} + +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len) +{ + unsigned char hash[SHA_DIGEST_LENGTH]; + DSA_SIG dsasig; + int ret; + + dsasig.r = BN_new(); + BN_bin2bn(sig, 20, dsasig.r); + dsasig.s = BN_new(); + BN_bin2bn(sig + 20, 20, dsasig.s); + + libssh2_sha1(m, m_len, hash); + ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx); + + return (ret == 1) ? 0 : -1; +} diff --git a/src/openssl.h b/src/openssl.h index 2a4b9a6..410bd00 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -130,7 +130,7 @@ #define libssh2_rsa_ctx RSA -void _libssh2_rsa_new(libssh2_rsa_ctx **rsa, +int _libssh2_rsa_new(libssh2_rsa_ctx **rsa, const unsigned char *edata, unsigned long elen, const unsigned char *ndata, @@ -142,3 +142,22 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, unsigned long m_len); #define _libssh2_rsa_free(rsactx) RSA_free(rsactx) + +#define libssh2_dsa_ctx DSA + +int _libssh2_dsa_new(libssh2_dsa_ctx **dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen); +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len); + +#define _libssh2_dsa_free(dsactx) DSA_free(dsactx)