aboutsummaryrefslogtreecommitdiffstats
path: root/agent/pksign.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2014-03-22 19:51:16 +0000
committerWerner Koch <[email protected]>2014-03-22 19:52:03 +0000
commita77ed0f266d03e234027dda4de5a7f3dd6787b1e (patch)
tree78dcefaf7f6b6547d7cd747a90373b240d697585 /agent/pksign.c
parenttools: Fix NULL deref in gpg-connect-agent. (diff)
downloadgnupg-a77ed0f266d03e234027dda4de5a7f3dd6787b1e.tar.gz
gnupg-a77ed0f266d03e234027dda4de5a7f3dd6787b1e.zip
agent: Cleanups to prepare implementation of Ed25519.
* agent/cvt-openpgp.c: Remove. (convert_to_openpgp): Use gcry_sexp_extract_param. * agent/findkey.c (is_eddsa): New. (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and OVERRIDEDATALEN. * common/ssh-utils.c (is_eddsa): New. (get_fingerprint): Take care or EdDSA.
Diffstat (limited to 'agent/pksign.c')
-rw-r--r--agent/pksign.c41
1 files changed, 27 insertions, 14 deletions
diff --git a/agent/pksign.c b/agent/pksign.c
index 088615011..fb593a6e2 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -276,18 +276,35 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits,
the signature S-expression. LOOKUP is an optional function to
provide a way for lower layers to ask for the caching TTL. If a
CACHE_NONCE is given that cache item is first tried to get a
- passphrase. */
+ passphrase. If OVERRIDEDATA is not NULL, OVERRIDEDATALEN bytes
+ from this buffer are used instead of the data in CTRL. The
+ override feature is required to allow the use of Ed25519 with ssh
+ because Ed25519 dies the hashing itself. */
int
agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text,
gcry_sexp_t *signature_sexp,
- cache_mode_t cache_mode, lookup_ttl_t lookup_ttl)
+ cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
+ const void *overridedata, size_t overridedatalen)
{
gcry_sexp_t s_skey = NULL, s_sig = NULL;
unsigned char *shadow_info = NULL;
unsigned int rc = 0; /* FIXME: gpg-error? */
+ const unsigned char *data;
+ int datalen;
- if (! ctrl->have_keygrip)
+ if (overridedata)
+ {
+ data = overridedata;
+ datalen = overridedatalen;
+ }
+ else
+ {
+ data = ctrl->digest.value;
+ datalen = ctrl->digest.valuelen;
+ }
+
+ if (!ctrl->have_keygrip)
return gpg_error (GPG_ERR_NO_SECKEY);
rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
@@ -315,8 +332,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
is_ECDSA = 1;
rc = divert_pksign (ctrl,
- ctrl->digest.value,
- ctrl->digest.valuelen,
+ data, datalen,
ctrl->digest.algo,
shadow_info, &buf, &len);
if (rc)
@@ -405,22 +421,18 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
/* Put the hash into a sexp */
if (agent_is_eddsa_key (s_skey))
- rc = do_encode_eddsa (ctrl->digest.value,
- ctrl->digest.valuelen,
+ rc = do_encode_eddsa (data, datalen,
&s_hash);
else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
- rc = do_encode_raw_pkcs1 (ctrl->digest.value,
- ctrl->digest.valuelen,
+ rc = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (s_skey),
&s_hash);
else if ( (dsaalgo = agent_is_dsa_key (s_skey)) )
- rc = do_encode_dsa (ctrl->digest.value,
- ctrl->digest.valuelen,
+ rc = do_encode_dsa (data, datalen,
dsaalgo, s_skey,
&s_hash);
else
- rc = do_encode_md (ctrl->digest.value,
- ctrl->digest.valuelen,
+ rc = do_encode_md (data, datalen,
ctrl->digest.algo,
&s_hash,
ctrl->digest.raw_value);
@@ -468,7 +480,8 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
size_t len = 0;
int rc = 0;
- rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL);
+ rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL,
+ NULL, 0);
if (rc)
goto leave;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 08:06:16 +0000