shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 10:26:47 +09:00
Code Issues Packages Projects Releases Wiki Activity

auth, pki: Calculate hash internally when signing/verifying

Browse Source 
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash.  The hash is then
calculated internally.

The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.

Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().

The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-04-29 16:29:16 +02:00
committed by Andreas Schneider
parent 58b3b2696c
commit 76f9808eb2
13 changed files with 264 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/unittests/torture_pki_dsa.c
View File

@@ -621,7 +621,7 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, DSA_HASH, 20);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -631,7 +631,7 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, DSA_HASH, 20);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -641,7 +641,7 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, DSA_HASH, 20);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
assert_true(rc == SSH_OK);
@@ -671,7 +671,7 @@ static void torture_pki_dsa_cert_verify(void **state)
assert_true(rc == 0);
assert_non_null(cert);
sign = pki_do_sign(privkey, DSA_HASH, 20);
sign = pki_do_sign(privkey, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, cert, DSA_HASH, 20);
assert_true(rc == SSH_OK);