From a2d1c211a719bcc3f06a30a8f1c0292db3fa0929 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 1 Jan 2019 21:07:48 +0000 Subject: [PATCH] Replace more (pointer, length) arg pairs with ptrlen. The abstract method ssh_key_sign(), and the concrete functions ssh_rsakex_newkey() and rsa_ssh1_public_blob_len(), now each take a ptrlen argument in place of a separate pointer and length pair. Partly that's because I'm generally preferring ptrlens these days and it keeps argument lists short and tidy-looking, but mostly it's because it will make those functions easier to wrap in my upcoming test system. --- pageant.c | 5 +++-- ssh.h | 11 +++++------ ssh2kex-client.c | 2 +- ssh2kex-server.c | 5 +++-- ssh2userauth.c | 2 +- sshdss.c | 5 ++--- sshecc.c | 13 ++++++------- sshrsa.c | 13 ++++++------- 8 files changed, 27 insertions(+), 29 deletions(-) diff --git a/pageant.c b/pageant.c index 6c080bea..6b4c7c91 100644 --- a/pageant.c +++ b/pageant.c @@ -352,7 +352,7 @@ void pageant_handle_msg(BinarySink *bs, } signature = strbuf_new(); - ssh_key_sign(key->key, sigdata.ptr, sigdata.len, flags, + ssh_key_sign(key->key, sigdata, flags, BinarySink_UPCAST(signature)); put_byte(bs, SSH2_AGENT_SIGN_RESPONSE); @@ -1086,7 +1086,8 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, } /* Now skip over public blob */ if (type == SSH_KEYTYPE_SSH1) { - int n = rsa_ssh1_public_blob_len(p, keylistlen); + int n = rsa_ssh1_public_blob_len( + make_ptrlen(p, keylistlen)); if (n < 0) { *retstr = dupstr("Received broken key list from agent"); sfree(keylist); diff --git a/ssh.h b/ssh.h index e3b967fd..02c4a1ae 100644 --- a/ssh.h +++ b/ssh.h @@ -511,7 +511,7 @@ char *rsa_ssh1_fingerprint(struct RSAKey *key); bool rsa_verify(struct RSAKey *key); void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key, RsaSsh1Order order); -int rsa_ssh1_public_blob_len(void *data, int maxlen); +int rsa_ssh1_public_blob_len(ptrlen data); void freersapriv(struct RSAKey *key); void freersakey(struct RSAKey *key); @@ -532,7 +532,7 @@ struct ssh_hashalg; struct ssh_rsa_kex_extra { int minklen; }; -struct RSAKey *ssh_rsakex_newkey(const void *data, int len); +struct RSAKey *ssh_rsakex_newkey(ptrlen data); void ssh_rsakex_freekey(struct RSAKey *key); int ssh_rsakex_klen(struct RSAKey *key); void ssh_rsakex_encrypt(const struct ssh_hashalg *h, @@ -776,8 +776,7 @@ struct ssh_keyalg { /* Methods that operate on an existing ssh_key */ void (*freekey) (ssh_key *key); - void (*sign) (ssh_key *key, const void *data, int datalen, - unsigned flags, BinarySink *); + void (*sign) (ssh_key *key, ptrlen data, unsigned flags, BinarySink *); bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data); void (*public_blob)(ssh_key *key, BinarySink *); void (*private_blob)(ssh_key *key, BinarySink *); @@ -799,8 +798,8 @@ struct ssh_keyalg { #define ssh_key_new_priv_openssh(alg, bs) ((alg)->new_priv_openssh(alg, bs)) #define ssh_key_free(key) ((key)->vt->freekey(key)) -#define ssh_key_sign(key, data, len, flags, bs) \ - ((key)->vt->sign(key, data, len, flags, bs)) +#define ssh_key_sign(key, data, flags, bs) \ + ((key)->vt->sign(key, data, flags, bs)) #define ssh_key_verify(key, sig, data) ((key)->vt->verify(key, sig, data)) #define ssh_key_public_blob(key, bs) ((key)->vt->public_blob(key, bs)) #define ssh_key_private_blob(key, bs) ((key)->vt->private_blob(key, bs)) diff --git a/ssh2kex-client.c b/ssh2kex-client.c index 865397df..f2e5dc13 100644 --- a/ssh2kex-client.c +++ b/ssh2kex-client.c @@ -537,7 +537,7 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted) rsakeydata = get_string(pktin); - s->rsa_kex_key = ssh_rsakex_newkey(rsakeydata.ptr, rsakeydata.len); + s->rsa_kex_key = ssh_rsakex_newkey(rsakeydata); if (!s->rsa_kex_key) { ssh_proto_error(s->ppl.ssh, "Unable to parse RSA public key packet"); diff --git a/ssh2kex-server.c b/ssh2kex-server.c index 22b26961..a5c3fb5c 100644 --- a/ssh2kex-server.c +++ b/ssh2kex-server.c @@ -28,8 +28,9 @@ static strbuf *finalise_and_sign_exhash(struct ssh2_transport_state *s) strbuf *sb; ssh2transport_finalise_exhash(s); sb = strbuf_new(); - ssh_key_sign(s->hkey, s->exchange_hash, s->kex_alg->hash->hlen, 0, - BinarySink_UPCAST(sb)); + ssh_key_sign( + s->hkey, make_ptrlen(s->exchange_hash, s->kex_alg->hash->hlen), + 0, BinarySink_UPCAST(sb)); return sb; } diff --git a/ssh2userauth.c b/ssh2userauth.c index d79ab5bd..6148929c 100644 --- a/ssh2userauth.c +++ b/ssh2userauth.c @@ -890,7 +890,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) put_data(sigdata, s->pktout->data + 5, s->pktout->length - 5); sigblob = strbuf_new(); - ssh_key_sign(key->key, sigdata->s, sigdata->len, 0, + ssh_key_sign(key->key, ptrlen_from_strbuf(sigdata), 0, BinarySink_UPCAST(sigblob)); strbuf_free(sigdata); ssh2_userauth_add_sigblob( diff --git a/sshdss.c b/sshdss.c index 21bb7f82..439ef701 100644 --- a/sshdss.c +++ b/sshdss.c @@ -416,14 +416,13 @@ mp_int *dss_gen_k(const char *id_string, mp_int *modulus, return k; } -static void dss_sign(ssh_key *key, const void *data, int datalen, - unsigned flags, BinarySink *bs) +static void dss_sign(ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs) { struct dss_key *dss = container_of(key, struct dss_key, sshk); unsigned char digest[20]; int i; - SHA_Simple(data, datalen, digest); + SHA_Simple(data.ptr, data.len, digest); mp_int *k = dss_gen_k("DSA deterministic k generator", dss->q, dss->x, digest, sizeof(digest)); diff --git a/sshecc.c b/sshecc.c index 7d7b13da..01c8dd3c 100644 --- a/sshecc.c +++ b/sshecc.c @@ -979,7 +979,7 @@ static bool eddsa_verify(ssh_key *key, ptrlen sig, ptrlen data) return valid; } -static void ecdsa_sign(ssh_key *key, const void *data, int datalen, +static void ecdsa_sign(ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs) { struct ecdsa_key *ek = container_of(key, struct ecdsa_key, sshk); @@ -987,15 +987,14 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen, (const struct ecsign_extra *)ek->sshk.vt->extra; assert(ek->privateKey); - mp_int *z = ecdsa_signing_exponent_from_data( - ek->curve, extra, make_ptrlen(data, datalen)); + mp_int *z = ecdsa_signing_exponent_from_data(ek->curve, extra, data); /* Generate k between 1 and curve->n, using the same deterministic * k generation system we use for conventional DSA. */ mp_int *k; { unsigned char digest[20]; - SHA_Simple(data, datalen, digest); + SHA_Simple(data.ptr, data.len, digest); k = dss_gen_k( "ECDSA deterministic k generator", ek->curve->w.G_order, ek->privateKey, digest, sizeof(digest)); @@ -1033,7 +1032,7 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen, mp_free(s); } -static void eddsa_sign(ssh_key *key, const void *data, int datalen, +static void eddsa_sign(ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs) { struct eddsa_key *ek = container_of(key, struct eddsa_key, sshk); @@ -1076,7 +1075,7 @@ static void eddsa_sign(ssh_key *key, const void *data, int datalen, h = ssh_hash_new(extra->hash); put_data(h, hash + ek->curve->fieldBytes, extra->hash->hlen - ek->curve->fieldBytes); - put_data(h, data, datalen); + put_datapl(h, data); ssh_hash_final(h, hash); mp_int *log_r_unreduced = mp_from_bytes_le( make_ptrlen(hash, extra->hash->hlen)); @@ -1097,7 +1096,7 @@ static void eddsa_sign(ssh_key *key, const void *data, int datalen, * eddsa_verify does. */ mp_int *H = eddsa_signing_exponent_from_data( - ek, extra, ptrlen_from_strbuf(r_enc), make_ptrlen(data, datalen)); + ek, extra, ptrlen_from_strbuf(r_enc), data); /* And then s = (log(r) + H*a) mod order(G). */ mp_int *Ha = mp_modmul(H, a, ek->curve->e.G_order); diff --git a/sshrsa.c b/sshrsa.c index 7558abdd..8c768646 100644 --- a/sshrsa.c +++ b/sshrsa.c @@ -315,11 +315,11 @@ void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key, } /* Given an SSH-1 public key blob, determine its length. */ -int rsa_ssh1_public_blob_len(void *data, int maxlen) +int rsa_ssh1_public_blob_len(ptrlen data) { BinarySource src[1]; - BinarySource_BARE_INIT(src, data, maxlen); + BinarySource_BARE_INIT(src, data.ptr, data.len); /* Expect a length word, then exponent and modulus. (It doesn't * even matter which order.) */ @@ -638,7 +638,7 @@ static bool rsa2_verify(ssh_key *key, ptrlen sig, ptrlen data) return diff == 0; } -static void rsa2_sign(ssh_key *key, const void *data, int datalen, +static void rsa2_sign(ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs) { struct RSAKey *rsa = container_of(key, struct RSAKey, sshk); @@ -661,8 +661,7 @@ static void rsa2_sign(ssh_key *key, const void *data, int datalen, nbytes = (mp_get_nbits(rsa->modulus) + 7) / 8; - bytes = rsa_pkcs1_signature_string( - nbytes, halg, make_ptrlen(data, datalen)); + bytes = rsa_pkcs1_signature_string(nbytes, halg, data); in = mp_from_bytes_be(make_ptrlen(bytes, nbytes)); smemclr(bytes, nbytes); sfree(bytes); @@ -700,9 +699,9 @@ const ssh_keyalg ssh_rsa = { SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512, }; -struct RSAKey *ssh_rsakex_newkey(const void *data, int len) +struct RSAKey *ssh_rsakex_newkey(ptrlen data) { - ssh_key *sshk = rsa2_new_pub(&ssh_rsa, make_ptrlen(data, len)); + ssh_key *sshk = rsa2_new_pub(&ssh_rsa, data); if (!sshk) return NULL; return container_of(sshk, struct RSAKey, sshk);