summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--agentfwd.h2
-rw-r--r--buffer.c5
-rw-r--r--buffer.h1
-rw-r--r--cli-agentfwd.c6
-rw-r--r--cli-authpubkey.c14
-rw-r--r--dss.c12
-rw-r--r--dss.h6
-rw-r--r--rsa.c21
-rw-r--r--rsa.h6
-rw-r--r--signkey.c24
-rw-r--r--signkey.h6
11 files changed, 40 insertions, 63 deletions
diff --git a/agentfwd.h b/agentfwd.h
index e4a831c..113370c 100644
--- a/agentfwd.h
+++ b/agentfwd.h
@@ -40,7 +40,7 @@
/* client functions */
void cli_load_agent_keys(m_list * ret_list);
void agent_buf_sign(buffer *sigblob, sign_key *key,
- const unsigned char *data, unsigned int len);
+ buffer *data_buf);
void cli_setup_agent(struct Channel *channel);
#ifdef __hpux
diff --git a/buffer.c b/buffer.c
index 13fa1ce..d25adab 100644
--- a/buffer.c
+++ b/buffer.c
@@ -269,6 +269,11 @@ void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len) {
}
+/* puts an entire buffer as a SSH string. ignore pos of buf_str. */
+void buf_putbufstring(buffer *buf, const buffer* buf_str) {
+ buf_putstring(buf, buf_str->data, buf_str->len);
+}
+
/* put the set of len bytes into the buffer, incrementing the pos, increasing
* len if required */
void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
diff --git a/buffer.h b/buffer.h
index 5964370..b18ccaa 100644
--- a/buffer.h
+++ b/buffer.h
@@ -59,6 +59,7 @@ buffer * buf_getstringbuf(buffer *buf);
void buf_eatstring(buffer *buf);
void buf_putint(buffer* buf, unsigned int val);
void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len);
+void buf_putstringbuf(buffer *buf, const buffer* buf_str);
void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
void buf_putmpint(buffer* buf, mp_int * mp);
int buf_getmpint(buffer* buf, mp_int* mp);
diff --git a/cli-agentfwd.c b/cli-agentfwd.c
index c661455..b7b8da3 100644
--- a/cli-agentfwd.c
+++ b/cli-agentfwd.c
@@ -254,7 +254,7 @@ void cli_load_agent_keys(m_list *ret_list) {
}
void agent_buf_sign(buffer *sigblob, sign_key *key,
- const unsigned char *data, unsigned int len) {
+ buffer *data_buf) {
buffer *request_data = NULL;
buffer *response = NULL;
unsigned int siglen;
@@ -266,10 +266,10 @@ void agent_buf_sign(buffer *sigblob, sign_key *key,
string data
uint32 flags
*/
- request_data = buf_new(MAX_PUBKEY_SIZE + len + 12);
+ request_data = buf_new(MAX_PUBKEY_SIZE + data_buf>-len + 12);
buf_put_pub_key(request_data, key, key->type);
- buf_putstring(request_data, data, len);
+ buf_putbufstring(request_data, data_buf);
buf_putint(request_data, 0);
response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data);
diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 49853ed..adcf2a8 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -121,23 +121,19 @@ void recv_msg_userauth_pk_ok() {
}
void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
- const unsigned char *data, unsigned int len)
-{
+ buffer *data_buf) {
#ifdef ENABLE_CLI_AGENTFWD
if (key->source == SIGNKEY_SOURCE_AGENT) {
/* Format the agent signature ourselves, as buf_put_sign would. */
buffer *sigblob;
sigblob = buf_new(MAX_PUBKEY_SIZE);
- agent_buf_sign(sigblob, key, data, len);
- buf_setpos(sigblob, 0);
- buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
- sigblob->len);
-
+ agent_buf_sign(sigblob, key, data_buf);
+ buf_putbufstring(buf, sigblob);
buf_free(sigblob);
} else
#endif /* ENABLE_CLI_AGENTFWD */
{
- buf_put_sign(buf, key, type, data, len);
+ buf_put_sign(buf, key, type, data_buf);
}
}
@@ -174,7 +170,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
/* We put the signature as well - this contains string(session id), then
* the contents of the write payload to this point */
sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
- buf_putstring(sigbuf, ses.session_id, SHA1_HASH_SIZE);
+ buf_putbufstring(sigbuf, ses.session_id);
buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
cli_buf_put_sign(ses.writepayload, key, type, sigbuf->data, sigbuf->len);
buf_free(sigbuf); /* Nothing confidential in the buffer */
diff --git a/dss.c b/dss.c
index d984669..d19033f 100644
--- a/dss.c
+++ b/dss.c
@@ -161,9 +161,7 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
#ifdef DROPBEAR_SIGNKEY_VERIFY
/* Verify a DSS signature (in buf) made on data by the key given.
* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
- unsigned int len) {
-
+int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
unsigned char msghash[SHA1_HASH_SIZE];
hash_state hs;
int ret = DROPBEAR_FAILURE;
@@ -187,7 +185,7 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data
/* hash the data */
sha1_init(&hs);
- sha1_process(&hs, data, len);
+ sha1_process(&hs, data_buf->data, data_buf->len);
sha1_done(&hs, msghash);
/* create the signature - s' and r' are the received signatures in buf */
@@ -260,9 +258,7 @@ out:
/* Sign the data presented with key, writing the signature contents
* to the buffer */
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
- unsigned int len) {
-
+void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
unsigned char msghash[SHA1_HASH_SIZE];
unsigned int writelen;
unsigned int i;
@@ -279,7 +275,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
/* hash the data */
sha1_init(&hs);
- sha1_process(&hs, data, len);
+ sha1_process(&hs, data_buf->data, data_buf->len);
sha1_done(&hs, msghash);
m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
diff --git a/dss.h b/dss.h
index 4331b9a..57400ad 100644
--- a/dss.h
+++ b/dss.h
@@ -43,11 +43,9 @@ typedef struct {
} dropbear_dss_key;
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
- unsigned int len);
+void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
#ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
- unsigned int len);
+int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
#endif
int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);
diff --git a/rsa.c b/rsa.c
index 91bf59d..836b9f3 100644
--- a/rsa.c
+++ b/rsa.c
@@ -39,8 +39,7 @@
#ifdef DROPBEAR_RSA
static void rsa_pad_em(dropbear_rsa_key * key,
- const unsigned char * data, unsigned int len,
- mp_int * rsa_em);
+ buffer *data_buf, mp_int * rsa_em);
/* Load a public rsa key from a buffer, initialising the values.
* The key will have the same format as buf_put_rsa_key.
@@ -213,9 +212,7 @@ void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
#ifdef DROPBEAR_SIGNKEY_VERIFY
/* Verify a signature in buf, made on data by the key given.
* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
- unsigned int len) {
-
+int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) {
unsigned int slen;
DEF_MP_INT(rsa_s);
DEF_MP_INT(rsa_mdash);
@@ -247,7 +244,7 @@ int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* dat
}
/* create the magic PKCS padded value */
- rsa_pad_em(key, data, len, &rsa_em);
+ rsa_pad_em(key, data_buf, &rsa_em);
if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
TRACE(("failed exptmod rsa_s"))
@@ -270,9 +267,7 @@ out:
/* Sign the data presented with key, writing the signature contents
* to the buffer */
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
- unsigned int len) {
-
+void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
unsigned int nsize, ssize;
unsigned int i;
DEF_MP_INT(rsa_s);
@@ -285,7 +280,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
- rsa_pad_em(key, data, len, &rsa_tmp1);
+ rsa_pad_em(key, data_buf, &rsa_tmp1);
/* the actual signing of the padded data */
@@ -377,8 +372,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
* rsa_em must be a pointer to an initialised mp_int.
*/
static void rsa_pad_em(dropbear_rsa_key * key,
- const unsigned char * data, unsigned int len,
- mp_int * rsa_em) {
+ buffer *data_buf, mp_int * rsa_em) {
/* ASN1 designator (including the 0x00 preceding) */
const unsigned char rsa_asn1_magic[] =
@@ -391,7 +385,6 @@ static void rsa_pad_em(dropbear_rsa_key * key,
unsigned int nsize;
dropbear_assert(key != NULL);
- dropbear_assert(data != NULL);
nsize = mp_unsigned_bin_size(key->n);
rsa_EM = buf_new(nsize-1);
@@ -408,7 +401,7 @@ static void rsa_pad_em(dropbear_rsa_key * key,
/* The hash of the data */
sha1_init(&hs);
- sha1_process(&hs, data, len);
+ sha1_process(&hs, data_buf->data, data_buf->len);
sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE));
buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE);
diff --git a/rsa.h b/rsa.h
index 716a152..7c99282 100644
--- a/rsa.h
+++ b/rsa.h
@@ -43,11 +43,9 @@ typedef struct {
} dropbear_rsa_key;
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
- unsigned int len);
+void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf);
#ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
- unsigned int len);
+int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf);
#endif
int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);
diff --git a/signkey.c b/signkey.c
index 1d908f4..c130adb 100644
--- a/signkey.c
+++ b/signkey.c
@@ -218,10 +218,7 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
dropbear_exit("Bad key types in buf_put_pub_key");
}
- buf_setpos(pubkeys, 0);
- buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len),
- pubkeys->len);
-
+ buf_putbufstring(buf, pubkeys);
buf_free(pubkeys);
TRACE(("leave buf_put_pub_key"))
}
@@ -364,28 +361,24 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
}
void buf_put_sign(buffer* buf, sign_key *key, int type,
- const unsigned char *data, unsigned int len) {
-
+ buffer *data_buf) {
buffer *sigblob;
sigblob = buf_new(MAX_PUBKEY_SIZE);
#ifdef DROPBEAR_DSS
if (type == DROPBEAR_SIGNKEY_DSS) {
- buf_put_dss_sign(sigblob, key->dsskey, data, len);
+ buf_put_dss_sign(sigblob, key->dsskey, data_buf);
}
#endif
#ifdef DROPBEAR_RSA
if (type == DROPBEAR_SIGNKEY_RSA) {
- buf_put_rsa_sign(sigblob, key->rsakey, data, len);
+ buf_put_rsa_sign(sigblob, key->rsakey, data_buf);
}
#endif
if (sigblob->len == 0) {
dropbear_exit("Non-matching signing type");
}
- buf_setpos(sigblob, 0);
- buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
- sigblob->len);
-
+ buf_putbufstring(buf, sigblob);
buf_free(sigblob);
}
@@ -395,8 +388,7 @@ void buf_put_sign(buffer* buf, sign_key *key, int type,
* If FAILURE is returned, the position of
* buf is undefined. If SUCCESS is returned, buf will be positioned after the
* signature blob */
-int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
- unsigned int len) {
+int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
unsigned int bloblen;
unsigned char * ident = NULL;
@@ -414,7 +406,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
if (key->dsskey == NULL) {
dropbear_exit("No DSS key to verify signature");
}
- return buf_dss_verify(buf, key->dsskey, data, len);
+ return buf_dss_verify(buf, key->dsskey, data_buf);
}
#endif
@@ -424,7 +416,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
if (key->rsakey == NULL) {
dropbear_exit("No RSA key to verify signature");
}
- return buf_rsa_verify(buf, key->rsakey, data, len);
+ return buf_rsa_verify(buf, key->rsakey, data_buf);
}
#endif
diff --git a/signkey.h b/signkey.h
index 7e4a149..e4dd7ce 100644
--- a/signkey.h
+++ b/signkey.h
@@ -63,11 +63,9 @@ int buf_get_priv_key(buffer* buf, sign_key *key, int *type);
void buf_put_pub_key(buffer* buf, sign_key *key, int type);
void buf_put_priv_key(buffer* buf, sign_key *key, int type);
void sign_key_free(sign_key *key);
-void buf_put_sign(buffer* buf, sign_key *key, int type,
- const unsigned char *data, unsigned int len);
+void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf);
#ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
- unsigned int len);
+int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
#endif
int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,