# HG changeset patch # User Matt Johnston # Date 1365235237 -28800 # Node ID f336d232fc633d421b78f4a457fefe93cf5332e2 # Parent 76fba08567490f17dfab1ac0573e52a290ba9a2e Make _sign and _verify functions take a buffer* rather than void* and int diff -r 76fba0856749 -r f336d232fc63 agentfwd.h --- a/agentfwd.h Fri Mar 29 00:28:09 2013 +0800 +++ b/agentfwd.h Sat Apr 06 16:00:37 2013 +0800 @@ -40,7 +40,7 @@ /* client functions */ void cli_load_agent_keys(m_list * ret_list); void agent_buf_sign(buffer *sigblob, sign_key *key, - const unsigned char *data, unsigned int len); + buffer *data_buf); void cli_setup_agent(struct Channel *channel); #ifdef __hpux diff -r 76fba0856749 -r f336d232fc63 buffer.c --- a/buffer.c Fri Mar 29 00:28:09 2013 +0800 +++ b/buffer.c Sat Apr 06 16:00:37 2013 +0800 @@ -269,6 +269,11 @@ } +/* puts an entire buffer as a SSH string. ignore pos of buf_str. */ +void buf_putbufstring(buffer *buf, const buffer* buf_str) { + buf_putstring(buf, buf_str->data, buf_str->len); +} + /* put the set of len bytes into the buffer, incrementing the pos, increasing * len if required */ void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) { diff -r 76fba0856749 -r f336d232fc63 buffer.h --- a/buffer.h Fri Mar 29 00:28:09 2013 +0800 +++ b/buffer.h Sat Apr 06 16:00:37 2013 +0800 @@ -59,6 +59,7 @@ void buf_eatstring(buffer *buf); void buf_putint(buffer* buf, unsigned int val); void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len); +void buf_putstringbuf(buffer *buf, const buffer* buf_str); void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len); void buf_putmpint(buffer* buf, mp_int * mp); int buf_getmpint(buffer* buf, mp_int* mp); diff -r 76fba0856749 -r f336d232fc63 cli-agentfwd.c --- a/cli-agentfwd.c Fri Mar 29 00:28:09 2013 +0800 +++ b/cli-agentfwd.c Sat Apr 06 16:00:37 2013 +0800 @@ -254,7 +254,7 @@ } void agent_buf_sign(buffer *sigblob, sign_key *key, - const unsigned char *data, unsigned int len) { + buffer *data_buf) { buffer *request_data = NULL; buffer *response = NULL; unsigned int siglen; @@ -266,10 +266,10 @@ string data uint32 flags */ - request_data = buf_new(MAX_PUBKEY_SIZE + len + 12); + request_data = buf_new(MAX_PUBKEY_SIZE + data_buf>-len + 12); buf_put_pub_key(request_data, key, key->type); - buf_putstring(request_data, data, len); + buf_putbufstring(request_data, data_buf); buf_putint(request_data, 0); response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data); diff -r 76fba0856749 -r f336d232fc63 cli-authpubkey.c --- a/cli-authpubkey.c Fri Mar 29 00:28:09 2013 +0800 +++ b/cli-authpubkey.c Sat Apr 06 16:00:37 2013 +0800 @@ -121,23 +121,19 @@ } void cli_buf_put_sign(buffer* buf, sign_key *key, int type, - const unsigned char *data, unsigned int len) -{ + buffer *data_buf) { #ifdef ENABLE_CLI_AGENTFWD if (key->source == SIGNKEY_SOURCE_AGENT) { /* Format the agent signature ourselves, as buf_put_sign would. */ buffer *sigblob; sigblob = buf_new(MAX_PUBKEY_SIZE); - agent_buf_sign(sigblob, key, data, len); - buf_setpos(sigblob, 0); - buf_putstring(buf, buf_getptr(sigblob, sigblob->len), - sigblob->len); - + agent_buf_sign(sigblob, key, data_buf); + buf_putbufstring(buf, sigblob); buf_free(sigblob); } else #endif /* ENABLE_CLI_AGENTFWD */ { - buf_put_sign(buf, key, type, data, len); + buf_put_sign(buf, key, type, data_buf); } } @@ -174,7 +170,7 @@ /* We put the signature as well - this contains string(session id), then * the contents of the write payload to this point */ sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len); - buf_putstring(sigbuf, ses.session_id, SHA1_HASH_SIZE); + buf_putbufstring(sigbuf, ses.session_id); buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len); cli_buf_put_sign(ses.writepayload, key, type, sigbuf->data, sigbuf->len); buf_free(sigbuf); /* Nothing confidential in the buffer */ diff -r 76fba0856749 -r f336d232fc63 dss.c --- a/dss.c Fri Mar 29 00:28:09 2013 +0800 +++ b/dss.c Sat Apr 06 16:00:37 2013 +0800 @@ -161,9 +161,7 @@ #ifdef DROPBEAR_SIGNKEY_VERIFY /* Verify a DSS signature (in buf) made on data by the key given. * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data, - unsigned int len) { - +int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { unsigned char msghash[SHA1_HASH_SIZE]; hash_state hs; int ret = DROPBEAR_FAILURE; @@ -187,7 +185,7 @@ /* hash the data */ sha1_init(&hs); - sha1_process(&hs, data, len); + sha1_process(&hs, data_buf->data, data_buf->len); sha1_done(&hs, msghash); /* create the signature - s' and r' are the received signatures in buf */ @@ -260,9 +258,7 @@ /* Sign the data presented with key, writing the signature contents * to the buffer */ -void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data, - unsigned int len) { - +void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { unsigned char msghash[SHA1_HASH_SIZE]; unsigned int writelen; unsigned int i; @@ -279,7 +275,7 @@ /* hash the data */ sha1_init(&hs); - sha1_process(&hs, data, len); + sha1_process(&hs, data_buf->data, data_buf->len); sha1_done(&hs, msghash); m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, diff -r 76fba0856749 -r f336d232fc63 dss.h --- a/dss.h Fri Mar 29 00:28:09 2013 +0800 +++ b/dss.h Sat Apr 06 16:00:37 2013 +0800 @@ -43,11 +43,9 @@ } dropbear_dss_key; -void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data, - unsigned int len); +void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf); #ifdef DROPBEAR_SIGNKEY_VERIFY -int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data, - unsigned int len); +int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf); #endif int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key); int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key); diff -r 76fba0856749 -r f336d232fc63 rsa.c --- a/rsa.c Fri Mar 29 00:28:09 2013 +0800 +++ b/rsa.c Sat Apr 06 16:00:37 2013 +0800 @@ -39,8 +39,7 @@ #ifdef DROPBEAR_RSA static void rsa_pad_em(dropbear_rsa_key * key, - const unsigned char * data, unsigned int len, - mp_int * rsa_em); + buffer *data_buf, mp_int * rsa_em); /* Load a public rsa key from a buffer, initialising the values. * The key will have the same format as buf_put_rsa_key. @@ -213,9 +212,7 @@ #ifdef DROPBEAR_SIGNKEY_VERIFY /* Verify a signature in buf, made on data by the key given. * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ -int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data, - unsigned int len) { - +int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) { unsigned int slen; DEF_MP_INT(rsa_s); DEF_MP_INT(rsa_mdash); @@ -247,7 +244,7 @@ } /* create the magic PKCS padded value */ - rsa_pad_em(key, data, len, &rsa_em); + rsa_pad_em(key, data_buf, &rsa_em); if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { TRACE(("failed exptmod rsa_s")) @@ -270,9 +267,7 @@ /* Sign the data presented with key, writing the signature contents * to the buffer */ -void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data, - unsigned int len) { - +void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) { unsigned int nsize, ssize; unsigned int i; DEF_MP_INT(rsa_s); @@ -285,7 +280,7 @@ m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL); - rsa_pad_em(key, data, len, &rsa_tmp1); + rsa_pad_em(key, data_buf, &rsa_tmp1); /* the actual signing of the padded data */ @@ -377,8 +372,7 @@ * rsa_em must be a pointer to an initialised mp_int. */ static void rsa_pad_em(dropbear_rsa_key * key, - const unsigned char * data, unsigned int len, - mp_int * rsa_em) { + buffer *data_buf, mp_int * rsa_em) { /* ASN1 designator (including the 0x00 preceding) */ const unsigned char rsa_asn1_magic[] = @@ -391,7 +385,6 @@ unsigned int nsize; dropbear_assert(key != NULL); - dropbear_assert(data != NULL); nsize = mp_unsigned_bin_size(key->n); rsa_EM = buf_new(nsize-1); @@ -408,7 +401,7 @@ /* The hash of the data */ sha1_init(&hs); - sha1_process(&hs, data, len); + sha1_process(&hs, data_buf->data, data_buf->len); sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE)); buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE); diff -r 76fba0856749 -r f336d232fc63 rsa.h --- a/rsa.h Fri Mar 29 00:28:09 2013 +0800 +++ b/rsa.h Sat Apr 06 16:00:37 2013 +0800 @@ -43,11 +43,9 @@ } dropbear_rsa_key; -void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data, - unsigned int len); +void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf); #ifdef DROPBEAR_SIGNKEY_VERIFY -int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data, - unsigned int len); +int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf); #endif int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key); int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key); diff -r 76fba0856749 -r f336d232fc63 signkey.c --- a/signkey.c Fri Mar 29 00:28:09 2013 +0800 +++ b/signkey.c Sat Apr 06 16:00:37 2013 +0800 @@ -218,10 +218,7 @@ dropbear_exit("Bad key types in buf_put_pub_key"); } - buf_setpos(pubkeys, 0); - buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len), - pubkeys->len); - + buf_putbufstring(buf, pubkeys); buf_free(pubkeys); TRACE(("leave buf_put_pub_key")) } @@ -364,28 +361,24 @@ } void buf_put_sign(buffer* buf, sign_key *key, int type, - const unsigned char *data, unsigned int len) { - + buffer *data_buf) { buffer *sigblob; sigblob = buf_new(MAX_PUBKEY_SIZE); #ifdef DROPBEAR_DSS if (type == DROPBEAR_SIGNKEY_DSS) { - buf_put_dss_sign(sigblob, key->dsskey, data, len); + buf_put_dss_sign(sigblob, key->dsskey, data_buf); } #endif #ifdef DROPBEAR_RSA if (type == DROPBEAR_SIGNKEY_RSA) { - buf_put_rsa_sign(sigblob, key->rsakey, data, len); + buf_put_rsa_sign(sigblob, key->rsakey, data_buf); } #endif if (sigblob->len == 0) { dropbear_exit("Non-matching signing type"); } - buf_setpos(sigblob, 0); - buf_putstring(buf, buf_getptr(sigblob, sigblob->len), - sigblob->len); - + buf_putbufstring(buf, sigblob); buf_free(sigblob); } @@ -395,8 +388,7 @@ * If FAILURE is returned, the position of * buf is undefined. If SUCCESS is returned, buf will be positioned after the * signature blob */ -int buf_verify(buffer * buf, sign_key *key, const unsigned char *data, - unsigned int len) { +int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) { unsigned int bloblen; unsigned char * ident = NULL; @@ -414,7 +406,7 @@ if (key->dsskey == NULL) { dropbear_exit("No DSS key to verify signature"); } - return buf_dss_verify(buf, key->dsskey, data, len); + return buf_dss_verify(buf, key->dsskey, data_buf); } #endif @@ -424,7 +416,7 @@ if (key->rsakey == NULL) { dropbear_exit("No RSA key to verify signature"); } - return buf_rsa_verify(buf, key->rsakey, data, len); + return buf_rsa_verify(buf, key->rsakey, data_buf); } #endif diff -r 76fba0856749 -r f336d232fc63 signkey.h --- a/signkey.h Fri Mar 29 00:28:09 2013 +0800 +++ b/signkey.h Sat Apr 06 16:00:37 2013 +0800 @@ -63,11 +63,9 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type); void buf_put_priv_key(buffer* buf, sign_key *key, int type); void sign_key_free(sign_key *key); -void buf_put_sign(buffer* buf, sign_key *key, int type, - const unsigned char *data, unsigned int len); +void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf); #ifdef DROPBEAR_SIGNKEY_VERIFY -int buf_verify(buffer * buf, sign_key *key, const unsigned char *data, - unsigned int len); +int buf_verify(buffer * buf, sign_key *key, buffer *data_buf); char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen); #endif int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,