mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Replace more (pointer, length) arg pairs with ptrlen.
The abstract method ssh_key_sign(), and the concrete functions ssh_rsakex_newkey() and rsa_ssh1_public_blob_len(), now each take a ptrlen argument in place of a separate pointer and length pair. Partly that's because I'm generally preferring ptrlens these days and it keeps argument lists short and tidy-looking, but mostly it's because it will make those functions easier to wrap in my upcoming test system.
This commit is contained in:
parent
febef916a5
commit
a2d1c211a7
@ -352,7 +352,7 @@ void pageant_handle_msg(BinarySink *bs,
|
|||||||
}
|
}
|
||||||
|
|
||||||
signature = strbuf_new();
|
signature = strbuf_new();
|
||||||
ssh_key_sign(key->key, sigdata.ptr, sigdata.len, flags,
|
ssh_key_sign(key->key, sigdata, flags,
|
||||||
BinarySink_UPCAST(signature));
|
BinarySink_UPCAST(signature));
|
||||||
|
|
||||||
put_byte(bs, SSH2_AGENT_SIGN_RESPONSE);
|
put_byte(bs, SSH2_AGENT_SIGN_RESPONSE);
|
||||||
@ -1086,7 +1086,8 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase,
|
|||||||
}
|
}
|
||||||
/* Now skip over public blob */
|
/* Now skip over public blob */
|
||||||
if (type == SSH_KEYTYPE_SSH1) {
|
if (type == SSH_KEYTYPE_SSH1) {
|
||||||
int n = rsa_ssh1_public_blob_len(p, keylistlen);
|
int n = rsa_ssh1_public_blob_len(
|
||||||
|
make_ptrlen(p, keylistlen));
|
||||||
if (n < 0) {
|
if (n < 0) {
|
||||||
*retstr = dupstr("Received broken key list from agent");
|
*retstr = dupstr("Received broken key list from agent");
|
||||||
sfree(keylist);
|
sfree(keylist);
|
||||||
|
11
ssh.h
11
ssh.h
@ -511,7 +511,7 @@ char *rsa_ssh1_fingerprint(struct RSAKey *key);
|
|||||||
bool rsa_verify(struct RSAKey *key);
|
bool rsa_verify(struct RSAKey *key);
|
||||||
void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key,
|
void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key,
|
||||||
RsaSsh1Order order);
|
RsaSsh1Order order);
|
||||||
int rsa_ssh1_public_blob_len(void *data, int maxlen);
|
int rsa_ssh1_public_blob_len(ptrlen data);
|
||||||
void freersapriv(struct RSAKey *key);
|
void freersapriv(struct RSAKey *key);
|
||||||
void freersakey(struct RSAKey *key);
|
void freersakey(struct RSAKey *key);
|
||||||
|
|
||||||
@ -532,7 +532,7 @@ struct ssh_hashalg;
|
|||||||
struct ssh_rsa_kex_extra {
|
struct ssh_rsa_kex_extra {
|
||||||
int minklen;
|
int minklen;
|
||||||
};
|
};
|
||||||
struct RSAKey *ssh_rsakex_newkey(const void *data, int len);
|
struct RSAKey *ssh_rsakex_newkey(ptrlen data);
|
||||||
void ssh_rsakex_freekey(struct RSAKey *key);
|
void ssh_rsakex_freekey(struct RSAKey *key);
|
||||||
int ssh_rsakex_klen(struct RSAKey *key);
|
int ssh_rsakex_klen(struct RSAKey *key);
|
||||||
void ssh_rsakex_encrypt(const struct ssh_hashalg *h,
|
void ssh_rsakex_encrypt(const struct ssh_hashalg *h,
|
||||||
@ -776,8 +776,7 @@ struct ssh_keyalg {
|
|||||||
|
|
||||||
/* Methods that operate on an existing ssh_key */
|
/* Methods that operate on an existing ssh_key */
|
||||||
void (*freekey) (ssh_key *key);
|
void (*freekey) (ssh_key *key);
|
||||||
void (*sign) (ssh_key *key, const void *data, int datalen,
|
void (*sign) (ssh_key *key, ptrlen data, unsigned flags, BinarySink *);
|
||||||
unsigned flags, BinarySink *);
|
|
||||||
bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data);
|
bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data);
|
||||||
void (*public_blob)(ssh_key *key, BinarySink *);
|
void (*public_blob)(ssh_key *key, BinarySink *);
|
||||||
void (*private_blob)(ssh_key *key, BinarySink *);
|
void (*private_blob)(ssh_key *key, BinarySink *);
|
||||||
@ -799,8 +798,8 @@ struct ssh_keyalg {
|
|||||||
#define ssh_key_new_priv_openssh(alg, bs) ((alg)->new_priv_openssh(alg, bs))
|
#define ssh_key_new_priv_openssh(alg, bs) ((alg)->new_priv_openssh(alg, bs))
|
||||||
|
|
||||||
#define ssh_key_free(key) ((key)->vt->freekey(key))
|
#define ssh_key_free(key) ((key)->vt->freekey(key))
|
||||||
#define ssh_key_sign(key, data, len, flags, bs) \
|
#define ssh_key_sign(key, data, flags, bs) \
|
||||||
((key)->vt->sign(key, data, len, flags, bs))
|
((key)->vt->sign(key, data, flags, bs))
|
||||||
#define ssh_key_verify(key, sig, data) ((key)->vt->verify(key, sig, data))
|
#define ssh_key_verify(key, sig, data) ((key)->vt->verify(key, sig, data))
|
||||||
#define ssh_key_public_blob(key, bs) ((key)->vt->public_blob(key, bs))
|
#define ssh_key_public_blob(key, bs) ((key)->vt->public_blob(key, bs))
|
||||||
#define ssh_key_private_blob(key, bs) ((key)->vt->private_blob(key, bs))
|
#define ssh_key_private_blob(key, bs) ((key)->vt->private_blob(key, bs))
|
||||||
|
@ -537,7 +537,7 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
|
|||||||
|
|
||||||
rsakeydata = get_string(pktin);
|
rsakeydata = get_string(pktin);
|
||||||
|
|
||||||
s->rsa_kex_key = ssh_rsakex_newkey(rsakeydata.ptr, rsakeydata.len);
|
s->rsa_kex_key = ssh_rsakex_newkey(rsakeydata);
|
||||||
if (!s->rsa_kex_key) {
|
if (!s->rsa_kex_key) {
|
||||||
ssh_proto_error(s->ppl.ssh,
|
ssh_proto_error(s->ppl.ssh,
|
||||||
"Unable to parse RSA public key packet");
|
"Unable to parse RSA public key packet");
|
||||||
|
@ -28,8 +28,9 @@ static strbuf *finalise_and_sign_exhash(struct ssh2_transport_state *s)
|
|||||||
strbuf *sb;
|
strbuf *sb;
|
||||||
ssh2transport_finalise_exhash(s);
|
ssh2transport_finalise_exhash(s);
|
||||||
sb = strbuf_new();
|
sb = strbuf_new();
|
||||||
ssh_key_sign(s->hkey, s->exchange_hash, s->kex_alg->hash->hlen, 0,
|
ssh_key_sign(
|
||||||
BinarySink_UPCAST(sb));
|
s->hkey, make_ptrlen(s->exchange_hash, s->kex_alg->hash->hlen),
|
||||||
|
0, BinarySink_UPCAST(sb));
|
||||||
return sb;
|
return sb;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -890,7 +890,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
|
|||||||
put_data(sigdata, s->pktout->data + 5,
|
put_data(sigdata, s->pktout->data + 5,
|
||||||
s->pktout->length - 5);
|
s->pktout->length - 5);
|
||||||
sigblob = strbuf_new();
|
sigblob = strbuf_new();
|
||||||
ssh_key_sign(key->key, sigdata->s, sigdata->len, 0,
|
ssh_key_sign(key->key, ptrlen_from_strbuf(sigdata), 0,
|
||||||
BinarySink_UPCAST(sigblob));
|
BinarySink_UPCAST(sigblob));
|
||||||
strbuf_free(sigdata);
|
strbuf_free(sigdata);
|
||||||
ssh2_userauth_add_sigblob(
|
ssh2_userauth_add_sigblob(
|
||||||
|
5
sshdss.c
5
sshdss.c
@ -416,14 +416,13 @@ mp_int *dss_gen_k(const char *id_string, mp_int *modulus,
|
|||||||
return k;
|
return k;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void dss_sign(ssh_key *key, const void *data, int datalen,
|
static void dss_sign(ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs)
|
||||||
unsigned flags, BinarySink *bs)
|
|
||||||
{
|
{
|
||||||
struct dss_key *dss = container_of(key, struct dss_key, sshk);
|
struct dss_key *dss = container_of(key, struct dss_key, sshk);
|
||||||
unsigned char digest[20];
|
unsigned char digest[20];
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
SHA_Simple(data, datalen, digest);
|
SHA_Simple(data.ptr, data.len, digest);
|
||||||
|
|
||||||
mp_int *k = dss_gen_k("DSA deterministic k generator", dss->q, dss->x,
|
mp_int *k = dss_gen_k("DSA deterministic k generator", dss->q, dss->x,
|
||||||
digest, sizeof(digest));
|
digest, sizeof(digest));
|
||||||
|
13
sshecc.c
13
sshecc.c
@ -979,7 +979,7 @@ static bool eddsa_verify(ssh_key *key, ptrlen sig, ptrlen data)
|
|||||||
return valid;
|
return valid;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
|
static void ecdsa_sign(ssh_key *key, ptrlen data,
|
||||||
unsigned flags, BinarySink *bs)
|
unsigned flags, BinarySink *bs)
|
||||||
{
|
{
|
||||||
struct ecdsa_key *ek = container_of(key, struct ecdsa_key, sshk);
|
struct ecdsa_key *ek = container_of(key, struct ecdsa_key, sshk);
|
||||||
@ -987,15 +987,14 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
|
|||||||
(const struct ecsign_extra *)ek->sshk.vt->extra;
|
(const struct ecsign_extra *)ek->sshk.vt->extra;
|
||||||
assert(ek->privateKey);
|
assert(ek->privateKey);
|
||||||
|
|
||||||
mp_int *z = ecdsa_signing_exponent_from_data(
|
mp_int *z = ecdsa_signing_exponent_from_data(ek->curve, extra, data);
|
||||||
ek->curve, extra, make_ptrlen(data, datalen));
|
|
||||||
|
|
||||||
/* Generate k between 1 and curve->n, using the same deterministic
|
/* Generate k between 1 and curve->n, using the same deterministic
|
||||||
* k generation system we use for conventional DSA. */
|
* k generation system we use for conventional DSA. */
|
||||||
mp_int *k;
|
mp_int *k;
|
||||||
{
|
{
|
||||||
unsigned char digest[20];
|
unsigned char digest[20];
|
||||||
SHA_Simple(data, datalen, digest);
|
SHA_Simple(data.ptr, data.len, digest);
|
||||||
k = dss_gen_k(
|
k = dss_gen_k(
|
||||||
"ECDSA deterministic k generator", ek->curve->w.G_order,
|
"ECDSA deterministic k generator", ek->curve->w.G_order,
|
||||||
ek->privateKey, digest, sizeof(digest));
|
ek->privateKey, digest, sizeof(digest));
|
||||||
@ -1033,7 +1032,7 @@ static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
|
|||||||
mp_free(s);
|
mp_free(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void eddsa_sign(ssh_key *key, const void *data, int datalen,
|
static void eddsa_sign(ssh_key *key, ptrlen data,
|
||||||
unsigned flags, BinarySink *bs)
|
unsigned flags, BinarySink *bs)
|
||||||
{
|
{
|
||||||
struct eddsa_key *ek = container_of(key, struct eddsa_key, sshk);
|
struct eddsa_key *ek = container_of(key, struct eddsa_key, sshk);
|
||||||
@ -1076,7 +1075,7 @@ static void eddsa_sign(ssh_key *key, const void *data, int datalen,
|
|||||||
h = ssh_hash_new(extra->hash);
|
h = ssh_hash_new(extra->hash);
|
||||||
put_data(h, hash + ek->curve->fieldBytes,
|
put_data(h, hash + ek->curve->fieldBytes,
|
||||||
extra->hash->hlen - ek->curve->fieldBytes);
|
extra->hash->hlen - ek->curve->fieldBytes);
|
||||||
put_data(h, data, datalen);
|
put_datapl(h, data);
|
||||||
ssh_hash_final(h, hash);
|
ssh_hash_final(h, hash);
|
||||||
mp_int *log_r_unreduced = mp_from_bytes_le(
|
mp_int *log_r_unreduced = mp_from_bytes_le(
|
||||||
make_ptrlen(hash, extra->hash->hlen));
|
make_ptrlen(hash, extra->hash->hlen));
|
||||||
@ -1097,7 +1096,7 @@ static void eddsa_sign(ssh_key *key, const void *data, int datalen,
|
|||||||
* eddsa_verify does.
|
* eddsa_verify does.
|
||||||
*/
|
*/
|
||||||
mp_int *H = eddsa_signing_exponent_from_data(
|
mp_int *H = eddsa_signing_exponent_from_data(
|
||||||
ek, extra, ptrlen_from_strbuf(r_enc), make_ptrlen(data, datalen));
|
ek, extra, ptrlen_from_strbuf(r_enc), data);
|
||||||
|
|
||||||
/* And then s = (log(r) + H*a) mod order(G). */
|
/* And then s = (log(r) + H*a) mod order(G). */
|
||||||
mp_int *Ha = mp_modmul(H, a, ek->curve->e.G_order);
|
mp_int *Ha = mp_modmul(H, a, ek->curve->e.G_order);
|
||||||
|
13
sshrsa.c
13
sshrsa.c
@ -315,11 +315,11 @@ void rsa_ssh1_public_blob(BinarySink *bs, struct RSAKey *key,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Given an SSH-1 public key blob, determine its length. */
|
/* Given an SSH-1 public key blob, determine its length. */
|
||||||
int rsa_ssh1_public_blob_len(void *data, int maxlen)
|
int rsa_ssh1_public_blob_len(ptrlen data)
|
||||||
{
|
{
|
||||||
BinarySource src[1];
|
BinarySource src[1];
|
||||||
|
|
||||||
BinarySource_BARE_INIT(src, data, maxlen);
|
BinarySource_BARE_INIT(src, data.ptr, data.len);
|
||||||
|
|
||||||
/* Expect a length word, then exponent and modulus. (It doesn't
|
/* Expect a length word, then exponent and modulus. (It doesn't
|
||||||
* even matter which order.) */
|
* even matter which order.) */
|
||||||
@ -638,7 +638,7 @@ static bool rsa2_verify(ssh_key *key, ptrlen sig, ptrlen data)
|
|||||||
return diff == 0;
|
return diff == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void rsa2_sign(ssh_key *key, const void *data, int datalen,
|
static void rsa2_sign(ssh_key *key, ptrlen data,
|
||||||
unsigned flags, BinarySink *bs)
|
unsigned flags, BinarySink *bs)
|
||||||
{
|
{
|
||||||
struct RSAKey *rsa = container_of(key, struct RSAKey, sshk);
|
struct RSAKey *rsa = container_of(key, struct RSAKey, sshk);
|
||||||
@ -661,8 +661,7 @@ static void rsa2_sign(ssh_key *key, const void *data, int datalen,
|
|||||||
|
|
||||||
nbytes = (mp_get_nbits(rsa->modulus) + 7) / 8;
|
nbytes = (mp_get_nbits(rsa->modulus) + 7) / 8;
|
||||||
|
|
||||||
bytes = rsa_pkcs1_signature_string(
|
bytes = rsa_pkcs1_signature_string(nbytes, halg, data);
|
||||||
nbytes, halg, make_ptrlen(data, datalen));
|
|
||||||
in = mp_from_bytes_be(make_ptrlen(bytes, nbytes));
|
in = mp_from_bytes_be(make_ptrlen(bytes, nbytes));
|
||||||
smemclr(bytes, nbytes);
|
smemclr(bytes, nbytes);
|
||||||
sfree(bytes);
|
sfree(bytes);
|
||||||
@ -700,9 +699,9 @@ const ssh_keyalg ssh_rsa = {
|
|||||||
SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512,
|
SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512,
|
||||||
};
|
};
|
||||||
|
|
||||||
struct RSAKey *ssh_rsakex_newkey(const void *data, int len)
|
struct RSAKey *ssh_rsakex_newkey(ptrlen data)
|
||||||
{
|
{
|
||||||
ssh_key *sshk = rsa2_new_pub(&ssh_rsa, make_ptrlen(data, len));
|
ssh_key *sshk = rsa2_new_pub(&ssh_rsa, data);
|
||||||
if (!sshk)
|
if (!sshk)
|
||||||
return NULL;
|
return NULL;
|
||||||
return container_of(sshk, struct RSAKey, sshk);
|
return container_of(sshk, struct RSAKey, sshk);
|
||||||
|
Loading…
Reference in New Issue
Block a user