int SshFunc::sign_data(char *key, size_t keylen, struct iovec *sigbufs, int num_bufs, ...) { int i, rc; va_list argp; char *para; size_t para_len; struct iovec *tmp_bufs; if (!sshAuth) return 0; tmp_bufs = new struct iovec[num_bufs]; va_start(argp, num_bufs); for (i = 0; i < num_bufs; i++) { para = va_arg(argp, char *); para_len = va_arg(argp, int); tmp_bufs[i].iov_base = para; tmp_bufs[i].iov_len = para_len; } va_end(argp); rc = sign_data(key, keylen, tmp_bufs, num_bufs, sigbufs); delete []tmp_bufs; return rc; }
int cb_check_data(spctx_t* ctx) { if(mode == MODE_VERIFY) return verify_data(ctx); else if(mode == MODE_SIGN) return sign_data(ctx); else return -1; }
int SshFunc::sign_data(char *key, size_t klen, struct iovec *sigbufs, char *fmt, ...) { int i, rc; va_list argp; char *para, *p, *pos; size_t para_len; int num_bufs = get_sizes(fmt); struct iovec *tmp_bufs; int *d_nums; char *skey = key; size_t sklen = klen; if (!sshAuth) return 0; tmp_bufs = new struct iovec[num_bufs]; d_nums = new int[num_bufs]; if (key == NULL) { skey = session_key; sklen = key_len; } va_start(argp, fmt); pos = p = fmt; i = -1; while (*p != '\0') { switch (*p) { case 'd': d_nums[i] = va_arg(argp, int); d_nums[i] = htonl(d_nums[i]); tmp_bufs[i].iov_len = sizeof(int); tmp_bufs[i].iov_base = &d_nums[i]; break; case 's': tmp_bufs[i].iov_base = va_arg(argp, char *); if (*pos != 's') { tmp_bufs[i].iov_len = atoi((const char *)pos); } else { tmp_bufs[i].iov_len = strlen((char *)tmp_bufs[i].iov_base) + 1; } break; case '%': pos = p + 1; i++; break; } p++; } va_end(argp); rc = sign_data(skey, key_len, tmp_bufs, num_bufs, sigbufs); delete []d_nums; delete []tmp_bufs; return rc; }
int SshFunc::sign_data(char *bufs[], int sizes[], int num_bufs, struct iovec *sigbufs) { int i, rc; struct iovec *tmp_bufs; if (!sshAuth) return 0; tmp_bufs = new struct iovec[num_bufs]; for (i = 0; i < num_bufs; i++) { tmp_bufs[i].iov_base = bufs[i]; tmp_bufs[i].iov_len = sizes[i]; } rc = sign_data(session_key, key_len, tmp_bufs, num_bufs, sigbufs); delete []tmp_bufs; return rc; }
static int verify_private_key_ownership(struct openssl_session_auth_context* ctx, const char* private_key, int private_key_length, const char* client_certificate, int client_certificate_length) { char* x_buffer = NULL, *y_buffer = NULL, *concat_buffer = NULL; int ret, tmp; char* yx_signature = NULL, *xy_signature = NULL; int yx_signature_length, xy_signature_length; x_buffer = malloc(XY_RANDOM_DATA_LENGTH); y_buffer = malloc(XY_RANDOM_DATA_LENGTH); concat_buffer = malloc(2*XY_RANDOM_DATA_LENGTH); if ( !x_buffer || !y_buffer || !concat_buffer ) goto failed; get_random_key(x_buffer, XY_RANDOM_DATA_LENGTH); if ( write_u32(ctx, XY_RANDOM_DATA_LENGTH) != 4 ) { printf("Failed to x buffer size\n"); goto failed; } if ( openssl_local_write(ctx, x_buffer, XY_RANDOM_DATA_LENGTH) != XY_RANDOM_DATA_LENGTH ) { printf("Failed to send x buffer\n"); goto failed; } if ( openssl_local_read(ctx, XY_RANDOM_DATA_LENGTH, y_buffer, &tmp) < XY_RANDOM_DATA_LENGTH ) { printf( "Failed to read y buffer\n"); goto failed; } memcpy(concat_buffer,y_buffer, XY_RANDOM_DATA_LENGTH); memcpy(concat_buffer+XY_RANDOM_DATA_LENGTH,x_buffer, XY_RANDOM_DATA_LENGTH); yx_signature_length = read_u32(ctx); if ( yx_signature_length == READ_ERROR ) { printf("Failed to read yx signature length\n"); goto failed; } yx_signature = malloc(yx_signature_length); if ( !yx_signature ) goto failed; if ( openssl_local_read(ctx, yx_signature_length, yx_signature, &tmp) < yx_signature_length ) { printf("Failed to read yx signature\n"); goto failed; } ret = verify_signature(client_certificate, client_certificate_length, concat_buffer, 2*XY_RANDOM_DATA_LENGTH, yx_signature, yx_signature_length); if ( ret ) { printf("Failed to verify yx signature\n"); goto failed; } memcpy(concat_buffer,x_buffer, XY_RANDOM_DATA_LENGTH); memcpy(concat_buffer+XY_RANDOM_DATA_LENGTH,y_buffer, XY_RANDOM_DATA_LENGTH); ret = sign_data(private_key, private_key_length, concat_buffer, 2*XY_RANDOM_DATA_LENGTH, &xy_signature, &xy_signature_length); if ( ret ) { printf("Failed to sign xy buffer\n"); goto failed; } if ( write_u32(ctx, xy_signature_length) != 4) { printf("Failed to send xy signature length\n"); goto failed; } /* Send server certificate */ if ( openssl_local_write(ctx, xy_signature, xy_signature_length) != xy_signature_length ) { printf("Failed to send xy signature\n"); goto failed; } goto done; failed: ret = -1; done: free(x_buffer); free(y_buffer); free(concat_buffer); free(xy_signature); free(yx_signature); return ret; };