|
Lines 35-41
Link Here
|
| 35 |
#define SIG_VERSION 0x01 |
35 |
#define SIG_VERSION 0x01 |
| 36 |
#define MAGIC_PREAMBLE "SSHSIG" |
36 |
#define MAGIC_PREAMBLE "SSHSIG" |
| 37 |
#define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) |
37 |
#define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) |
| 38 |
#define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----\n" |
38 |
#define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----" |
| 39 |
#define END_SIGNATURE "-----END SSH SIGNATURE-----" |
39 |
#define END_SIGNATURE "-----END SSH SIGNATURE-----" |
| 40 |
#define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ |
40 |
#define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ |
| 41 |
#define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" |
41 |
#define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" |
|
Lines 56-63
sshsig_armor(const struct sshbuf *blob, struct sshbuf **out)
Link Here
|
| 56 |
goto out; |
56 |
goto out; |
| 57 |
} |
57 |
} |
| 58 |
|
58 |
|
| 59 |
if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, |
59 |
if ((r = sshbuf_putf(buf, "%s\n", BEGIN_SIGNATURE)) != 0) { |
| 60 |
sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
|
|
| 61 |
error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); |
60 |
error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); |
| 62 |
goto out; |
61 |
goto out; |
| 63 |
} |
62 |
} |
|
Lines 83-88
sshsig_armor(const struct sshbuf *blob, struct sshbuf **out)
Link Here
|
| 83 |
return r; |
82 |
return r; |
| 84 |
} |
83 |
} |
| 85 |
|
84 |
|
|
|
85 |
static int |
| 86 |
consume_eol(struct sshbuf *buf) |
| 87 |
{ |
| 88 |
int i, r; |
| 89 |
char *eols[] = { "\r\n", "\n", NULL }; |
| 90 |
|
| 91 |
for (i = 0; eols[i] != NULL; i++) { |
| 92 |
if ((r = sshbuf_cmp(buf, 0, eols[i], strlen(eols[i]))) == 0) { |
| 93 |
if ((r = sshbuf_consume(buf, strlen(eols[i]))) != 0) { |
| 94 |
error("%s: sshbuf_consume failed: %s", |
| 95 |
__func__, ssh_err(r)); |
| 96 |
return r; |
| 97 |
} |
| 98 |
return 0; |
| 99 |
} else if (r != SSH_ERR_INVALID_FORMAT) |
| 100 |
return r; |
| 101 |
} |
| 102 |
return SSH_ERR_INVALID_FORMAT; |
| 103 |
} |
| 104 |
|
| 86 |
int |
105 |
int |
| 87 |
sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) |
106 |
sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) |
| 88 |
{ |
107 |
{ |
|
Lines 102-113
sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
Link Here
|
| 102 |
error("Couldn't parse signature: missing header"); |
121 |
error("Couldn't parse signature: missing header"); |
| 103 |
goto done; |
122 |
goto done; |
| 104 |
} |
123 |
} |
| 105 |
|
|
|
| 106 |
if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
124 |
if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
| 107 |
error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); |
125 |
error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); |
| 108 |
goto done; |
126 |
goto done; |
| 109 |
} |
127 |
} |
| 110 |
|
128 |
if ((r = consume_eol(sbuf)) != 0) { |
|
|
129 |
error("%s: consume header EOL: %s", __func__, ssh_err(r)); |
| 130 |
goto done; |
| 131 |
} |
| 111 |
if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, |
132 |
if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, |
| 112 |
sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) { |
133 |
sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) { |
| 113 |
error("Couldn't parse signature: missing footer"); |
134 |
error("Couldn't parse signature: missing footer"); |