int SshFunc::sign_data(char *key, size_t keylen, struct iovec *sigbufs, int num_bufs, ...)
{
int i, rc;
va_list argp;
char *para;
size_t para_len;
struct iovec *tmp_bufs;
if (!sshAuth)
return 0;
tmp_bufs = new struct iovec[num_bufs];
va_start(argp, num_bufs);
for (i = 0; i < num_bufs; i++) {
para = va_arg(argp, char *);
para_len = va_arg(argp, int);
tmp_bufs[i].iov_base = para;
tmp_bufs[i].iov_len = para_len;
}
va_end(argp);
rc = sign_data(key, keylen, tmp_bufs, num_bufs, sigbufs);
delete []tmp_bufs;
return rc;
}
int cb_check_data(spctx_t* ctx)
{
if(mode == MODE_VERIFY)
return verify_data(ctx);
else if(mode == MODE_SIGN)
return sign_data(ctx);
else
return -1;
}
int SshFunc::sign_data(char *key, size_t klen, struct iovec *sigbufs, char *fmt, ...)
{
int i, rc;
va_list argp;
char *para, *p, *pos;
size_t para_len;
int num_bufs = get_sizes(fmt);
struct iovec *tmp_bufs;
int *d_nums;
char *skey = key;
size_t sklen = klen;
if (!sshAuth)
return 0;
tmp_bufs = new struct iovec[num_bufs];
d_nums = new int[num_bufs];
if (key == NULL) {
skey = session_key;
sklen = key_len;
}
va_start(argp, fmt);
pos = p = fmt;
i = -1;
while (*p != '\0') {
switch (*p) {
case 'd':
d_nums[i] = va_arg(argp, int);
d_nums[i] = htonl(d_nums[i]);
tmp_bufs[i].iov_len = sizeof(int);
tmp_bufs[i].iov_base = &d_nums[i];
break;
case 's':
tmp_bufs[i].iov_base = va_arg(argp, char *);
if (*pos != 's') {
tmp_bufs[i].iov_len = atoi((const char *)pos);
} else {
tmp_bufs[i].iov_len = strlen((char *)tmp_bufs[i].iov_base) + 1;
}
break;
case '%':
pos = p + 1;
i++;
break;
}
p++;
}
va_end(argp);
rc = sign_data(skey, key_len, tmp_bufs, num_bufs, sigbufs);
delete []d_nums;
delete []tmp_bufs;
return rc;
}
int SshFunc::sign_data(char *bufs[], int sizes[], int num_bufs, struct iovec *sigbufs)
{
int i, rc;
struct iovec *tmp_bufs;
if (!sshAuth)
return 0;
tmp_bufs = new struct iovec[num_bufs];
for (i = 0; i < num_bufs; i++) {
tmp_bufs[i].iov_base = bufs[i];
tmp_bufs[i].iov_len = sizes[i];
}
rc = sign_data(session_key, key_len, tmp_bufs, num_bufs, sigbufs);
delete []tmp_bufs;
return rc;
}
static int verify_private_key_ownership(struct openssl_session_auth_context* ctx, const char* private_key, int private_key_length, const char* client_certificate, int client_certificate_length) {
char* x_buffer = NULL, *y_buffer = NULL, *concat_buffer = NULL;
int ret, tmp;
char* yx_signature = NULL, *xy_signature = NULL;
int yx_signature_length, xy_signature_length;
x_buffer = malloc(XY_RANDOM_DATA_LENGTH);
y_buffer = malloc(XY_RANDOM_DATA_LENGTH);
concat_buffer = malloc(2*XY_RANDOM_DATA_LENGTH);
if ( !x_buffer || !y_buffer || !concat_buffer )
goto failed;
get_random_key(x_buffer, XY_RANDOM_DATA_LENGTH);
if ( write_u32(ctx, XY_RANDOM_DATA_LENGTH) != 4 ) {
printf("Failed to x buffer size\n");
goto failed;
}
if ( openssl_local_write(ctx, x_buffer, XY_RANDOM_DATA_LENGTH) != XY_RANDOM_DATA_LENGTH ) {
printf("Failed to send x buffer\n");
goto failed;
}
if ( openssl_local_read(ctx, XY_RANDOM_DATA_LENGTH, y_buffer, &tmp) < XY_RANDOM_DATA_LENGTH ) {
printf( "Failed to read y buffer\n");
goto failed;
}
memcpy(concat_buffer,y_buffer, XY_RANDOM_DATA_LENGTH);
memcpy(concat_buffer+XY_RANDOM_DATA_LENGTH,x_buffer, XY_RANDOM_DATA_LENGTH);
yx_signature_length = read_u32(ctx);
if ( yx_signature_length == READ_ERROR ) {
printf("Failed to read yx signature length\n");
goto failed;
}
yx_signature = malloc(yx_signature_length);
if ( !yx_signature )
goto failed;
if ( openssl_local_read(ctx, yx_signature_length, yx_signature, &tmp) < yx_signature_length ) {
printf("Failed to read yx signature\n");
goto failed;
}
ret = verify_signature(client_certificate, client_certificate_length, concat_buffer, 2*XY_RANDOM_DATA_LENGTH, yx_signature, yx_signature_length);
if ( ret ) {
printf("Failed to verify yx signature\n");
goto failed;
}
memcpy(concat_buffer,x_buffer, XY_RANDOM_DATA_LENGTH);
memcpy(concat_buffer+XY_RANDOM_DATA_LENGTH,y_buffer, XY_RANDOM_DATA_LENGTH);
ret = sign_data(private_key, private_key_length, concat_buffer, 2*XY_RANDOM_DATA_LENGTH, &xy_signature, &xy_signature_length);
if ( ret ) {
printf("Failed to sign xy buffer\n");
goto failed;
}
if ( write_u32(ctx, xy_signature_length) != 4) {
printf("Failed to send xy signature length\n");
goto failed;
}
/* Send server certificate */
if ( openssl_local_write(ctx, xy_signature, xy_signature_length) != xy_signature_length ) {
printf("Failed to send xy signature\n");
goto failed;
}
goto done;
failed:
ret = -1;
done:
free(x_buffer);
free(y_buffer);
free(concat_buffer);
free(xy_signature);
free(yx_signature);
return ret;
};
