int ssh_key_sign(ssh_key* key, const char* data, int length, unsigned char* sig) { const EVP_MD* md; EVP_MD_CTX md_ctx; unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dlen, len; /* Get SHA1 digest */ if ((md = EVP_get_digestbynid(NID_sha1)) == NULL) return -1; /* Digest data */ EVP_DigestInit(&md_ctx, md); EVP_DigestUpdate(&md_ctx, data, length); EVP_DigestFinal(&md_ctx, digest, &dlen); /* Sign with key */ switch (key->type) { case SSH_KEY_RSA: if (RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa) == 1) return len; case SSH_KEY_DSA: { DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa); if (dsa_sig != NULL) { /* Compute size of each half of signature */ int rlen = BN_num_bytes(dsa_sig->r); int slen = BN_num_bytes(dsa_sig->s); /* Ensure each number is within the required size */ if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE) return -1; /* Init to all zeroes */ memset(sig, 0, DSA_SIG_SIZE); /* Add R at the end of the first block of the signature */ BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE - DSA_SIG_NUMBER_SIZE - rlen); /* Add S at the end of the second block of the signature */ BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen); /* Done */ DSA_SIG_free(dsa_sig); return DSA_SIG_SIZE; } } } return -1; }
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, const unsigned char *hash, unsigned long hash_len, unsigned char *signature) { DSA_SIG *sig; int r_len, s_len; (void) hash_len; sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx); if (!sig) { return -1; } r_len = BN_num_bytes(sig->r); if (r_len < 1 || r_len > 20) { DSA_SIG_free(sig); return -1; } s_len = BN_num_bytes(sig->s); if (s_len < 1 || s_len > 20) { DSA_SIG_free(sig); return -1; } memset(signature, 0, 40); BN_bn2bin(sig->r, signature + (20 - r_len)); BN_bn2bin(sig->s, signature + 20 + (20 - s_len)); DSA_SIG_free(sig); return 0; }
static isc_result_t openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { isc_sha1_t *sha1ctx = dctx->opaque; dst_key_t *key = dctx->key; DSA *dsa = key->opaque; DSA_SIG *dsasig; isc_region_t r; unsigned char digest[ISC_SHA1_DIGESTLENGTH]; isc_buffer_availableregion(sig, &r); if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1) return (ISC_R_NOSPACE); isc_sha1_final(sha1ctx, digest); dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa); if (dsasig == NULL) return (dst__openssl_toresult(DST_R_SIGNFAILURE)); *r.base++ = (key->key_size - 512)/64; BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); r.base += ISC_SHA1_DIGESTLENGTH; BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); r.base += ISC_SHA1_DIGESTLENGTH; DSA_SIG_free(dsasig); isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); return (ISC_R_SUCCESS); }
/* sign */ void DSASigner::sign( const void *data, size_t dataLen, void *sig, size_t *sigLen) /* IN/OUT */ { if(mDsaKey == NULL) { CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); } if(mDsaKey->priv_key == NULL) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } /* get signature in internal format */ DSA_SIG *dsaSig = DSA_do_sign((unsigned char *)data, dataLen, mDsaKey); if(dsaSig == NULL) { throwRsaDsa("DSA_do_sign"); } /* DER encode the signature */ CssmAutoData encodedSig(alloc()); int irtn = DSASigEncode(dsaSig, encodedSig); if(irtn) { throwRsaDsa("DSASigEncode"); } if(encodedSig.length() > *sigLen) { throwRsaDsa("DSA sign overflow"); } memmove(sig, encodedSig.data(), encodedSig.length()); *sigLen = encodedSig.length(); DSA_SIG_free(dsaSig); }
static void generateSignatureVector(DSA* key, unsigned char* mess, int len, BOOL passes) { unsigned char buf[len]; unsigned int siglen; int err; DSA_SIG* sig; Mem::Copy(buf, mess, len); setOurRandom(); sig = DSA_do_sign(buf, len, key); if (sig == NULL) processError(); if (!passes) scramble(buf, len); printActionHeader("DSA test vector", "DSASignVector"); printDSAPrivateKey(key); printHexElement("digest", buf, len); printBNElement("sigR", sig->r); printBNElement("sigS", sig->s); printActionFooter(passes); printActionHeader("DSA test vector", "DSAVerifyVector"); printDSAPublicKey(key); printHexElement("digest", buf, len); printBNElement("sigR", sig->r); printBNElement("sigS", sig->s); printActionFooter(passes); DSA_SIG_free(sig); }
/** * Sign data with DSA * * \param[in] to_sign The ldns_buffer containing raw data that is * to be signed * \param[in] key The DSA key structure to sign with * \return ldns_rdf for the RRSIG ldns_rr */ ldns_rdf * ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) { unsigned char *sha1_hash; ldns_rdf *sigdata_rdf; ldns_buffer *b64sig; DSA_SIG *sig; uint8_t *data; size_t pad; b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!b64sig) { return NULL; } sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), ldns_buffer_position(to_sign), NULL); if (!sha1_hash) { ldns_buffer_free(b64sig); return NULL; } sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); if(!sig) { ldns_buffer_free(b64sig); return NULL; } data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); if(!data) { ldns_buffer_free(b64sig); DSA_SIG_free(sig); return NULL; } data[0] = 1; pad = 20 - (size_t) BN_num_bytes(sig->r); if (pad > 0) { memset(data + 1, 0, pad); } BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad); pad = 20 - (size_t) BN_num_bytes(sig->s); if (pad > 0) { memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); } BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad)); sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, 1 + 2 * SHA_DIGEST_LENGTH, data); ldns_buffer_free(b64sig); LDNS_FREE(data); DSA_SIG_free(sig); return sigdata_rdf; }
ssh_string SshAgentSignDss(uint8_t* data, int dataSize, ssh_key key, uint32_t flags) { unsigned char hash[SHA_DIGEST_LEN] = {0}; SHACTX ctx; ctx = sha1_init(); if (ctx == NULL) { return NULL; } sha1_update(ctx, data, dataSize); sha1_final(hash, ctx); // This release ctx. DSA_SIG* sig = NULL; sig = DSA_do_sign(hash, sizeof(hash), key->dsa); if (sig == NULL) { return NULL; } uint8_t sigblob[40]; memset(sigblob, 0, 40); int rlen = BN_num_bytes(sig->r); int slen = BN_num_bytes(sig->s); BN_bn2bin(sig->r, sigblob + 20 - rlen); BN_bn2bin(sig->s, sigblob + 40 - slen); if (flags & SSH_AGENT_OLD_SIGNATURE) { uint8_t* signatureBlob = malloc(sizeof(sigblob)); if (signatureBlob == NULL) { return NULL; } memcpy(signatureBlob, sigblob, 40); return (ssh_string)signatureBlob; } int signatureTypeLength = 7; int signatureLength = 40; int signatureBlobLength = 8 + signatureTypeLength + signatureLength; uint8_t* signatureBlob = malloc(4 + signatureBlobLength); if (signatureBlob == NULL) { return NULL; } pack32(signatureBlob, signatureBlobLength); pack32(signatureBlob + 4, signatureTypeLength); memcpy(signatureBlob + 8, "ssh-dss", signatureTypeLength); pack32(signatureBlob + 15, signatureLength); memcpy(signatureBlob + 19, sigblob, 40); return (ssh_string)signatureBlob; }
/* this function signs the session id */ STRING *ssh_sign_session_id(SSH_SESSION *session, PRIVATE_KEY *privatekey){ SHACTX ctx; unsigned char hash[SHA_DIGEST_LEN+1]; SIGNATURE *sign; STRING *signature; CRYPTO *crypto=session->current_crypto?session->current_crypto:session->next_crypto; #ifdef HAVE_LIBGCRYPT gcry_sexp_t data_sexp; #endif ctx=sha1_init(); sha1_update(ctx,crypto->session_id,SHA_DIGEST_LEN); sha1_final(hash+1,ctx); hash[0]=0; #ifdef DEBUG_CRYPTO ssh_print_hexa("Hash being signed with dsa",hash+1,SHA_DIGEST_LEN); #endif sign=malloc(sizeof(SIGNATURE)); switch(privatekey->type){ case TYPE_DSS: #ifdef HAVE_LIBGCRYPT gcry_sexp_build(&data_sexp,NULL,"%b",SHA_DIGEST_LEN+1,hash); gcry_pk_sign(&sign->dsa_sign,data_sexp,privatekey->dsa_priv); #elif defined HAVE_LIBCRYPTO sign->dsa_sign=DSA_do_sign(hash+1,SHA_DIGEST_LEN,privatekey->dsa_priv); #ifdef DEBUG_CRYPTO ssh_print_bignum("r",sign->dsa_sign->r); ssh_print_bignum("s",sign->dsa_sign->s); #endif #endif sign->rsa_sign=NULL; break; case TYPE_RSA: #ifdef HAVE_LIBGCRYPT gcry_sexp_build(&data_sexp,NULL,"(data(flags pkcs1)(hash sha1 %b))",SHA_DIGEST_LEN,hash+1); gcry_pk_sign(&sign->rsa_sign,data_sexp,privatekey->rsa_priv); #elif defined HAVE_LIBCRYPTO sign->rsa_sign=RSA_do_sign(hash+1,SHA_DIGEST_LEN,privatekey->rsa_priv); #endif sign->dsa_sign=NULL; break; } #ifdef HAVE_LIBGCRYPT gcry_sexp_release(data_sexp); #endif sign->type=privatekey->type; if(!sign->dsa_sign && !sign->rsa_sign){ #ifdef HAVE_LIBGCRYPT ssh_set_error(session,SSH_FATAL,"Signing : libgcrypt error"); #elif defined HAVE_LIBCRYPTO ssh_set_error(session,SSH_FATAL,"Signing : openssl error"); #endif signature_free(sign); return NULL; } signature=signature_to_string(sign); signature_free(sign); return signature; }
int DSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *out_sig, unsigned int *out_siglen, DSA *dsa) { DSA_SIG *s; s = DSA_do_sign(digest, digest_len, dsa); if (s == NULL) { *out_siglen = 0; return 0; } *out_siglen = i2d_DSA_SIG(s, &out_sig); DSA_SIG_free(s); return 1; }
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; s=DSA_do_sign(dgst,dlen,dsa); if (s == NULL) { *siglen=0; return(0); } *siglen=i2d_DSA_SIG(s,&sig); DSA_SIG_free(s); return(1); }
int signatureofshorthash( unsigned char sm[SIGNATURE_BYTES],unsigned long long *smlen, const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen, const unsigned char sk[SECRETKEY_BYTES],const unsigned long long sklen ) { unsigned char h[20]; DSA *x; DSA_SIG *y; int len; if (mlen > SHORTHASH_BYTES) return -1; SHA1(m,mlen,h); x = DSA_new(); if (!x) return -1; x->p = BN_new(); if (!x->p) goto error; x->q = BN_new(); if (!x->q) goto error; x->g = BN_new(); if (!x->g) goto error; x->pub_key = BN_new(); if (!x->pub_key) goto error; x->priv_key = BN_new(); if (!x->priv_key) goto error; if (!BN_bin2bn(prime,sizeof prime,x->p)) goto error; if (!BN_bin2bn(prime_q,sizeof prime_q,x->q)) goto error; if (!BN_bin2bn(prime_g,sizeof prime_g,x->g)) goto error; if (!BN_bin2bn(sk,PUBLICKEY_BYTES,x->pub_key)) goto error; sk += PUBLICKEY_BYTES; if (!BN_bin2bn(sk,SECRETKEY_BYTES - PUBLICKEY_BYTES,x->priv_key)) goto error; y = DSA_do_sign(h,20,x); if (!y) goto error; memset(sm,0,40); len = BN_num_bytes(y->r); if (len > 20) goto yerror; BN_bn2bin(y->r,sm + 20 - len); len = BN_num_bytes(y->s); if (len > 20) goto yerror; BN_bn2bin(y->s,sm + 40 - len); *smlen = 40; DSA_SIG_free(y); DSA_free(x); return 0; yerror: DSA_SIG_free(y); error: DSA_free(x); return -1; }
struct signature_struct *pki_do_sign(ssh_key privatekey, const unsigned char *hash) { struct signature_struct *sign; sign = malloc(sizeof(SIGNATURE)); if (sign == NULL) { return NULL; } sign->type = privatekey->type; switch(privatekey->type) { case SSH_KEYTYPE_DSS: sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, privatekey->dsa); if (sign->dsa_sign == NULL) { signature_free(sign); return NULL; } #ifdef DEBUG_CRYPTO ssh_print_bignum("r", sign->dsa_sign->r); ssh_print_bignum("s", sign->dsa_sign->s); #endif sign->rsa_sign = NULL; break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN, privatekey->rsa); if (sign->rsa_sign == NULL) { signature_free(sign); return NULL; } sign->dsa_sign = NULL; break; case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_UNKNOWN: signature_free(sign); return NULL; } return sign; }
/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this * function to skip that. Returns > 0 on success */ int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen, const BIGNUM **r, const BIGNUM **s) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa); if (!sig) return 0; DSA_SIG_get0(sig, r, s); *r = BN_dup(*r); *s = BN_dup(*s); DSA_SIG_free(sig); return 1; #else DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa); if (!sig) return 0; *r = sig->r; *s = sig->s; free(sig); return 1; #endif }
DSA_SIG* ops_dsa_sign(unsigned char* hashbuf, unsigned hashsize, const ops_dsa_secret_key_t *sdsa, const ops_dsa_public_key_t *dsa) { DSA *odsa; DSA_SIG *dsasig; odsa=DSA_new(); odsa->p=dsa->p; odsa->q=dsa->q; odsa->g=dsa->g; odsa->pub_key=dsa->y; odsa->priv_key=sdsa->x; dsasig=DSA_do_sign(hashbuf,hashsize,odsa); odsa->p=odsa->q=odsa->g=odsa->pub_key=odsa->priv_key=NULL; DSA_free(odsa); return dsasig; }
int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, const unsigned char *hash, unsigned long hash_len, unsigned char *signature) { DSA_SIG *sig; const BIGNUM * r; const BIGNUM * s; int r_len, s_len; (void) hash_len; sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx); if(!sig) { return -1; } #ifdef HAVE_OPAQUE_STRUCTS DSA_SIG_get0(sig, &r, &s); #else r = sig->r; s = sig->s; #endif r_len = BN_num_bytes(r); if(r_len < 1 || r_len > 20) { DSA_SIG_free(sig); return -1; } s_len = BN_num_bytes(s); if(s_len < 1 || s_len > 20) { DSA_SIG_free(sig); return -1; } memset(signature, 0, 40); BN_bn2bin(r, signature + (20 - r_len)); BN_bn2bin(s, signature + 20 + (20 - s_len)); DSA_SIG_free(sig); return 0; }
void siggen() { char buf[1024]; int nmod=0; DSA *dsa=NULL; while(fgets(buf,sizeof buf,stdin) != NULL) { if(!strncmp(buf,"[mod = ",7)) { nmod=atoi(buf+7); printf("[mod = %d]\n\n",nmod); dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL); pbn("P",dsa->p); pbn("Q",dsa->q); pbn("G",dsa->g); putc('\n',stdout); } else if(!strncmp(buf,"Msg = ",6)) { unsigned char msg[1024]; unsigned char hash[20]; int n; DSA_SIG *sig; n=hex2bin(buf+6,msg); pv("Msg",msg,n); DSA_generate_key(dsa); pbn("Y",dsa->pub_key); SHA1(msg,n,hash); sig=DSA_do_sign(hash,sizeof hash,dsa); pbn("R",sig->r); pbn("S",sig->s); putc('\n',stdout); } } }
// Signing functions bool OSSLDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param /* = NULL */, const size_t paramLen /* = 0 */) { if (mechanism == AsymMech::DSA) { // Separate implementation for DSA signing without hash computation // Check if the private key is the right type if (!privateKey->isOfType(OSSLDSAPrivateKey::type)) { ERROR_MSG("Invalid key type supplied"); return false; } OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) privateKey; DSA* dsa = pk->getOSSLKey(); // Perform the signature operation unsigned int sigLen = pk->getOutputLength(); signature.resize(sigLen); memset(&signature[0], 0, sigLen); int dLen = dataToSign.size(); DSA_SIG* sig = DSA_do_sign(dataToSign.const_byte_str(), dLen, dsa); if (sig == NULL) return false; // Store the 2 values with padding BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]); BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]); DSA_SIG_free(sig); return true; } else { // Call default implementation return AsymmetricAlgorithm::sign(privateKey, dataToSign, signature, mechanism, param, paramLen); } }
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa) { DSA_SIG *s; #ifdef OPENSSL_FIPS if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return 0; } #endif RAND_seed(dgst, dlen); s=DSA_do_sign(dgst,dlen,dsa); if (s == NULL) { *siglen=0; return(0); } *siglen=i2d_DSA_SIG(s,&sig); DSA_SIG_free(s); return(1); }
DSA_SIG * __ops_dsa_sign(uint8_t *hashbuf, unsigned hashsize, const __ops_dsa_seckey_t *secdsa, const __ops_dsa_pubkey_t *pubdsa) { DSA_SIG *dsasig; DSA *odsa; odsa = DSA_new(); odsa->p = pubdsa->p; odsa->q = pubdsa->q; odsa->g = pubdsa->g; odsa->pub_key = pubdsa->y; odsa->priv_key = secdsa->x; dsasig = DSA_do_sign(hashbuf, (int)hashsize, odsa); odsa->p = odsa->q = odsa->g = odsa->pub_key = odsa->priv_key = NULL; DSA_free(odsa); return dsasig; }
byte_array dsa160_key::sign(byte_array const& digest) const { assert(type() == public_and_private); assert(digest.size() == SHA256_DIGEST_LENGTH); // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits. int digest_size = 160/8; DSA_SIG *sig = DSA_do_sign((const unsigned char*)digest.data(), digest_size, dsa_); assert(sig); byte_array signature; { byte_array_owrap<flurry::oarchive> write(signature); // write to signature write.archive() << sig->r << sig->s; } DSA_SIG_free(sig); return signature; }
bool OSSLDSA::signFinal(ByteString& signature) { // Save necessary state before calling super class signFinal OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) currentPrivateKey; if (!AsymmetricAlgorithm::signFinal(signature)) { return false; } ByteString hash; bool bFirstResult = pCurrentHash->hashFinal(hash); delete pCurrentHash; pCurrentHash = NULL; if (!bFirstResult) { return false; } DSA* dsa = pk->getOSSLKey(); // Perform the signature operation unsigned int sigLen = pk->getOutputLength(); signature.resize(sigLen); memset(&signature[0], 0, sigLen); DSA_SIG* sig = DSA_do_sign(&hash[0], hash.size(), dsa); if (sig == NULL) return false; // Store the 2 values with padding BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]); BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]); DSA_SIG_free(sig); return true; }
static int xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED, const unsigned char *dgst, unsigned int dlen, unsigned char *sig, unsigned int *siglen, void *dsa) { DSA_SIG *s; int rSize, sSize; s = DSA_do_sign(dgst, dlen, dsa); if(s == NULL) { *siglen=0; return(0); } rSize = BN_num_bytes(s->r); sSize = BN_num_bytes(s->s); if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) || (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_SIZE, "size(r)=%d or size(s)=%d > %d", rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2); DSA_SIG_free(s); return(0); } memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE); BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize); BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize); *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE; DSA_SIG_free(s); return(1); }
BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen) { buffer_t *msg = NULL; char *s; int ret; msg = buffer_init(); if (msg == NULL) { // TODO: error check return FALSE; } switch (keypair->type) { case KEY_RSA: // RSA { const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE], *sig; u_int slen, dlen, len; int ok, nid = NID_sha1; // ダイジェスト値の計算 EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); slen = RSA_size(keypair->rsa); sig = malloc(slen); if (sig == NULL) goto error; // 電子署名を計算 ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa); memset(digest, 'd', sizeof(digest)); if (ok != 1) { // error free(sig); goto error; } // 署名のサイズがバッファより小さい場合、後ろへずらす。先頭はゼロで埋める。 if (len < slen) { u_int diff = slen - len; memmove(sig + diff, sig, len); memset(sig, 0, diff); } else if (len > slen) { free(sig); goto error; } else { // do nothing } s = get_sshname_from_key(keypair); buffer_put_string(msg, s, strlen(s)); buffer_append_length(msg, sig, slen); len = buffer_len(msg); // setting *siglen = len; *sigptr = malloc(len); if (*sigptr == NULL) { free(sig); goto error; } memcpy(*sigptr, buffer_ptr(msg), len); free(sig); break; } case KEY_DSA: // DSA { DSA_SIG *sig; const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; u_int rlen, slen, len, dlen; // ダイジェストの計算 EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); // DSA電子署名を計算 sig = DSA_do_sign(digest, dlen, keypair->dsa); memset(digest, 'd', sizeof(digest)); if (sig == NULL) { goto error; } // BIGNUMからバイナリ値への変換 rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { DSA_SIG_free(sig); goto error; } memset(sigblob, 0, SIGBLOB_LEN); BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); // setting s = get_sshname_from_key(keypair); buffer_put_string(msg, s, strlen(s)); buffer_append_length(msg, sigblob, sizeof(sigblob)); len = buffer_len(msg); // setting *siglen = len; *sigptr = malloc(len); if (*sigptr == NULL) { goto error; } memcpy(*sigptr, buffer_ptr(msg), len); break; } case KEY_ECDSA256: // ECDSA case KEY_ECDSA384: case KEY_ECDSA521: { ECDSA_SIG *sig; const EVP_MD *evp_md; EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE]; u_int len, dlen, nid; buffer_t *buf2 = NULL; nid = keytype_to_hash_nid(keypair->type); if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { goto error; } EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa); memset(digest, 'd', sizeof(digest)); if (sig == NULL) { goto error; } buf2 = buffer_init(); if (buf2 == NULL) { // TODO: error check goto error; } buffer_put_bignum2(buf2, sig->r); buffer_put_bignum2(buf2, sig->s); ECDSA_SIG_free(sig); s = get_sshname_from_key(keypair); buffer_put_string(msg, s, strlen(s)); buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2)); buffer_free(buf2); len = buffer_len(msg); *siglen = len; *sigptr = malloc(len); if (*sigptr == NULL) { goto error; } memcpy(*sigptr, buffer_ptr(msg), len); break; } case KEY_ED25519: ret = ssh_ed25519_sign(keypair, sigptr, siglen, data, datalen); if (ret != 0) goto error; break; default: buffer_free(msg); return FALSE; break; } buffer_free(msg); return TRUE; error: buffer_free(msg); return FALSE; }
int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { DSA_SIG *sig = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); struct sshbuf *b = NULL; int ret = SSH_ERR_INVALID_ARGUMENT; if (lenp != NULL) *lenp = 0; if (sigp != NULL) *sigp = NULL; if (key == NULL || key->dsa == NULL || sshkey_type_plain(key->type) != KEY_DSA) return SSH_ERR_INVALID_ARGUMENT; if (dlen == 0) return SSH_ERR_INTERNAL_ERROR; if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, digest, sizeof(digest))) != 0) goto out; if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { ret = SSH_ERR_INTERNAL_ERROR; goto out; } explicit_bzero(sigblob, SIGBLOB_LEN); BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); if (compat & SSH_BUG_SIGBLOB) { if (sigp != NULL) { if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(*sigp, sigblob, SIGBLOB_LEN); } if (lenp != NULL) *lenp = SIGBLOB_LEN; ret = 0; } else { /* ietf-drafts */ if ((b = sshbuf_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) goto out; len = sshbuf_len(b); if (sigp != NULL) { if ((*sigp = malloc(len)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(*sigp, sshbuf_ptr(b), len); } if (lenp != NULL) *lenp = len; ret = 0; } out: explicit_bzero(digest, sizeof(digest)); if (sig != NULL) DSA_SIG_free(sig); sshbuf_free(b); return ret; }
int ssh_dss_sign(const struct sshkey *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen, u_int compat) { DSA_SIG *sig = NULL; const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; u_int rlen, slen, len, dlen; struct sshbuf *b = NULL; int ret = SSH_ERR_INVALID_ARGUMENT; if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) return SSH_ERR_INVALID_ARGUMENT; if (EVP_DigestInit(&md, evp_md) != 1 || EVP_DigestUpdate(&md, data, datalen) != 1 || EVP_DigestFinal(&md, digest, &dlen) != 1) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { ret = SSH_ERR_INTERNAL_ERROR; goto out; } bzero(sigblob, SIGBLOB_LEN); BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); if (compat & SSH_BUG_SIGBLOB) { if (lenp != NULL) *lenp = SIGBLOB_LEN; if (sigp != NULL) { if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(*sigp, sigblob, SIGBLOB_LEN); } ret = 0; } else { /* ietf-drafts */ if ((b = sshbuf_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 || (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0) goto out; len = sshbuf_len(b); if (lenp != NULL) *lenp = len; if (sigp != NULL) { if ((*sigp = malloc(len)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(*sigp, sshbuf_ptr(b), len); } ret = 0; } out: bzero(&md, sizeof(md)); bzero(digest, sizeof(digest)); if (sig != NULL) DSA_SIG_free(sig); if (b != NULL) sshbuf_free(b); return ret; }
/* * This function signs the session id (known as H) as a string then * the content of sigbuf */ STRING *ssh_do_sign(SSH_SESSION *session, BUFFER *sigbuf, PRIVATE_KEY *privatekey) { CRYPTO *crypto = session->current_crypto ? session->current_crypto : session->next_crypto; unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; STRING *session_str = NULL; STRING *signature = NULL; SIGNATURE *sign = NULL; SHACTX ctx = NULL; #ifdef HAVE_LIBGCRYPT gcry_sexp_t gcryhash; #endif session_str = string_new(SHA_DIGEST_LEN); if (session_str == NULL) { return NULL; } string_fill(session_str, crypto->session_id, SHA_DIGEST_LEN); ctx = sha1_init(); if (ctx == NULL) { string_free(session_str); return NULL; } sha1_update(ctx, session_str, string_len(session_str) + 4); string_free(session_str); sha1_update(ctx, buffer_get(sigbuf), buffer_get_len(sigbuf)); sha1_final(hash + 1,ctx); hash[0] = 0; #ifdef DEBUG_CRYPTO ssh_print_hexa("Hash being signed with dsa", hash + 1, SHA_DIGEST_LEN); #endif sign = malloc(sizeof(SIGNATURE)); if (sign == NULL) { return NULL; } switch(privatekey->type) { case TYPE_DSS: #ifdef HAVE_LIBGCRYPT if (gcry_sexp_build(&gcryhash, NULL, "%b", SHA_DIGEST_LEN + 1, hash) || gcry_pk_sign(&sign->dsa_sign, gcryhash, privatekey->dsa_priv)) { ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error"); gcry_sexp_release(gcryhash); signature_free(sign); return NULL; } #elif defined HAVE_LIBCRYPTO sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, privatekey->dsa_priv); if (sign->dsa_sign == NULL) { ssh_set_error(session, SSH_FATAL, "Signing: openssl error"); signature_free(sign); return NULL; } #ifdef DEBUG_CRYPTO ssh_print_bignum("r", sign->dsa_sign->r); ssh_print_bignum("s", sign->dsa_sign->s); #endif #endif /* HAVE_LIBCRYPTO */ sign->rsa_sign = NULL; break; case TYPE_RSA: #ifdef HAVE_LIBGCRYPT if (gcry_sexp_build(&gcryhash, NULL, "(data(flags pkcs1)(hash sha1 %b))", SHA_DIGEST_LEN, hash + 1) || gcry_pk_sign(&sign->rsa_sign, gcryhash, privatekey->rsa_priv)) { ssh_set_error(session, SSH_FATAL, "Signing: libcrypt error"); gcry_sexp_release(gcryhash); signature_free(sign); return NULL; } #elif defined HAVE_LIBCRYPTO sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN, privatekey->rsa_priv); if (sign->rsa_sign == NULL) { ssh_set_error(session, SSH_FATAL, "Signing: openssl error"); signature_free(sign); return NULL; } #endif sign->dsa_sign = NULL; break; } #ifdef HAVE_LIBGCRYPT gcry_sexp_release(gcryhash); #endif sign->type = privatekey->type; signature = signature_to_string(sign); signature_free(sign); return signature; }
int ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, const u_char *data, u_int datalen) { DSA_SIG *sig; const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; u_int rlen, slen, len, dlen; Buffer b; if (key == NULL || key->dsa == NULL || (key->type != KEY_DSA && key->type != KEY_DSA_CERT && key->type != KEY_DSA_CERT_V00)) { error("ssh_dss_sign: no DSA key"); return -1; } EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, data, datalen); EVP_DigestFinal(&md, digest, &dlen); sig = DSA_do_sign(digest, dlen, key->dsa); memset(digest, 'd', sizeof(digest)); if (sig == NULL) { error("ssh_dss_sign: sign failed"); return -1; } rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { error("bad sig size %u %u", rlen, slen); DSA_SIG_free(sig); return -1; } memset(sigblob, 0, SIGBLOB_LEN); BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); if (datafellows & SSH_BUG_SIGBLOB) { if (lenp != NULL) *lenp = SIGBLOB_LEN; if (sigp != NULL) { *sigp = xmalloc(SIGBLOB_LEN); memcpy(*sigp, sigblob, SIGBLOB_LEN); } } else { /* ietf-drafts */ buffer_init(&b); buffer_put_cstring(&b, "ssh-dss"); buffer_put_string(&b, sigblob, SIGBLOB_LEN); len = buffer_len(&b); if (lenp != NULL) *lenp = len; if (sigp != NULL) { *sigp = xmalloc(len); memcpy(*sigp, buffer_ptr(&b), len); } buffer_free(&b); } return 0; }
/* this function signs the session id */ ssh_string ssh_sign_session_id(ssh_session session, ssh_private_key privatekey) { struct ssh_crypto_struct *crypto=session->current_crypto ? session->current_crypto : session->next_crypto; unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; ssh_string signature = NULL; SIGNATURE *sign = NULL; SHACTX ctx = NULL; #ifdef HAVE_LIBGCRYPT gcry_sexp_t data_sexp; #endif ctx = sha1_init(); if (ctx == NULL) { return NULL; } sha1_update(ctx,crypto->session_id,SHA_DIGEST_LEN); sha1_final(hash + 1,ctx); hash[0] = 0; #ifdef DEBUG_CRYPTO ssh_print_hexa("Hash being signed with dsa",hash+1,SHA_DIGEST_LEN); #endif sign = malloc(sizeof(SIGNATURE)); if (sign == NULL) { return NULL; } ZERO_STRUCTP(sign); switch(privatekey->type) { case SSH_KEYTYPE_DSS: #ifdef HAVE_LIBGCRYPT if (gcry_sexp_build(&data_sexp, NULL, "%b", SHA_DIGEST_LEN + 1, hash) || gcry_pk_sign(&sign->dsa_sign, data_sexp, privatekey->dsa_priv)) { ssh_set_error(session, SSH_FATAL, "Signing: libgcrypt error"); gcry_sexp_release(data_sexp); signature_free(sign); return NULL; } #elif defined HAVE_LIBCRYPTO sign->dsa_sign = DSA_do_sign(hash + 1, SHA_DIGEST_LEN, privatekey->dsa_priv); if (sign->dsa_sign == NULL) { ssh_set_error(session, SSH_FATAL, "Signing: openssl error"); signature_free(sign); return NULL; } #ifdef DEBUG_CRYPTO ssh_print_bignum("r",sign->dsa_sign->r); ssh_print_bignum("s",sign->dsa_sign->s); #endif #endif /* HAVE_LIBCRYPTO */ sign->rsa_sign = NULL; break; case SSH_KEYTYPE_RSA: #ifdef HAVE_LIBGCRYPT if (gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(hash sha1 %b))", SHA_DIGEST_LEN, hash + 1) || gcry_pk_sign(&sign->rsa_sign, data_sexp, privatekey->rsa_priv)) { ssh_set_error(session, SSH_FATAL, "Signing: libgcrypt error"); gcry_sexp_release(data_sexp); signature_free(sign); return NULL; } #elif defined HAVE_LIBCRYPTO sign->rsa_sign = RSA_do_sign(hash + 1, SHA_DIGEST_LEN, privatekey->rsa_priv); if (sign->rsa_sign == NULL) { ssh_set_error(session, SSH_FATAL, "Signing: openssl error"); signature_free(sign); return NULL; } #endif sign->dsa_sign = NULL; break; default: signature_free(sign); return NULL; } #ifdef HAVE_LIBGCRYPT gcry_sexp_release(data_sexp); #endif sign->type = privatekey->type; signature = signature_to_string(sign); signature_free(sign); return signature; }
unsigned int OpenSSLCryptoKeyDSA::signBase64Signature(unsigned char * hashBuf, unsigned int hashLen, char * base64SignatureBuf, unsigned int base64SignatureBufLen) { // Sign a pre-calculated hash using this key if (mp_dsaKey == NULL) { throw XSECCryptoException(XSECCryptoException::DSAError, "OpenSSL:DSA - Attempt to sign data with empty key"); } DSA_SIG * dsa_sig; dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); if (dsa_sig == NULL) { throw XSECCryptoException(XSECCryptoException::DSAError, "OpenSSL:DSA - Error signing data"); } // Now turn the signature into a base64 string unsigned char rawSigBuf[256]; unsigned int rawLen; rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); if (rawLen <= 0) { throw XSECCryptoException(XSECCryptoException::DSAError, "OpenSSL:DSA - Error converting signature to raw buffer"); } unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); if (rawLenS <= 0) { throw XSECCryptoException(XSECCryptoException::DSAError, "OpenSSL:DSA - Error converting signature to raw buffer"); } rawLen += rawLenS; // Now convert to Base 64 BIO * b64 = BIO_new(BIO_f_base64()); BIO * bmem = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bmem, 0); b64 = BIO_push(b64, bmem); // Translate signature from Base64 BIO_write(b64, rawSigBuf, rawLen); BIO_flush(b64); unsigned int sigValLen = BIO_read(bmem, base64SignatureBuf, base64SignatureBufLen); BIO_free_all(b64); if (sigValLen <= 0) { throw XSECCryptoException(XSECCryptoException::DSAError, "OpenSSL:DSA - Error base64 encoding signature"); } return sigValLen; }
static isc_result_t openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { dst_key_t *key = dctx->key; DSA *dsa = key->keydata.dsa; isc_region_t r; DSA_SIG *dsasig; #if USE_EVP EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_PKEY *pkey; unsigned char *sigbuf; const unsigned char *sb; unsigned int siglen; #else isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; unsigned char digest[ISC_SHA1_DIGESTLENGTH]; #endif isc_buffer_availableregion(sig, &r); if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1) return (ISC_R_NOSPACE); #if USE_EVP pkey = EVP_PKEY_new(); if (pkey == NULL) return (ISC_R_NOMEMORY); if (!EVP_PKEY_set1_DSA(pkey, dsa)) { EVP_PKEY_free(pkey); return (ISC_R_FAILURE); } sigbuf = malloc(EVP_PKEY_size(pkey)); if (sigbuf == NULL) { EVP_PKEY_free(pkey); return (ISC_R_NOMEMORY); } if (!EVP_SignFinal(evp_md_ctx, sigbuf, &siglen, pkey)) { EVP_PKEY_free(pkey); free(sigbuf); return (ISC_R_FAILURE); } INSIST(EVP_PKEY_size(pkey) >= (int) siglen); EVP_PKEY_free(pkey); /* Convert from Dss-Sig-Value (RFC2459). */ dsasig = DSA_SIG_new(); if (dsasig == NULL) { free(sigbuf); return (ISC_R_NOMEMORY); } sb = sigbuf; if (d2i_DSA_SIG(&dsasig, &sb, (long) siglen) == NULL) { free(sigbuf); return (ISC_R_FAILURE); } free(sigbuf); #elif 0 /* Only use EVP for the Digest */ if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) { return (ISC_R_FAILURE); } dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa); if (dsasig == NULL) return (dst__openssl_toresult(DST_R_SIGNFAILURE)); #else isc_sha1_final(sha1ctx, digest); dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa); if (dsasig == NULL) return (dst__openssl_toresult(DST_R_SIGNFAILURE)); #endif *r.base++ = (key->key_size - 512)/64; BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); r.base += ISC_SHA1_DIGESTLENGTH; BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); r.base += ISC_SHA1_DIGESTLENGTH; DSA_SIG_free(dsasig); isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); return (ISC_R_SUCCESS); }