struct ecsign_extra {
struct ec_curve *(*curve)(void);
+ const struct ssh_hash *hash;
/* These fields are used by the OpenSSH PEM format importer/exporter */
const unsigned char *oid;
const char *data, int datalen)
{
struct ec_key *ec = (struct ec_key *) key;
+ const struct ecsign_extra *extra =
+ (const struct ecsign_extra *)ec->signalg->extra;
const char *p;
int slen;
int digestLen;
} else {
Bignum r, s;
unsigned char digest[512 / 8];
+ void *hashctx;
r = getmp(&p, &slen);
if (!r) return 0;
return 0;
}
- /* Perform correct hash function depending on curve size */
- if (ec->publicKey.curve->fieldBits <= 256) {
- SHA256_Simple(data, datalen, digest);
- digestLen = 256 / 8;
- } else if (ec->publicKey.curve->fieldBits <= 384) {
- SHA384_Simple(data, datalen, digest);
- digestLen = 384 / 8;
- } else {
- SHA512_Simple(data, datalen, digest);
- digestLen = 512 / 8;
- }
+ digestLen = extra->hash->hlen;
+ assert(digestLen <= sizeof(digest));
+ hashctx = extra->hash->init();
+ extra->hash->bytes(hashctx, data, datalen);
+ extra->hash->final(hashctx, digest);
/* Verify the signature */
ret = _ecdsa_verify(&ec->publicKey, digest, digestLen, r, s);
int *siglen)
{
struct ec_key *ec = (struct ec_key *) key;
+ const struct ecsign_extra *extra =
+ (const struct ecsign_extra *)ec->signalg->extra;
unsigned char digest[512 / 8];
int digestLen;
Bignum r = NULL, s = NULL;
}
freebn(s);
} else {
- /* Perform correct hash function depending on curve size */
- if (ec->publicKey.curve->fieldBits <= 256) {
- SHA256_Simple(data, datalen, digest);
- digestLen = 256 / 8;
- } else if (ec->publicKey.curve->fieldBits <= 384) {
- SHA384_Simple(data, datalen, digest);
- digestLen = 384 / 8;
- } else {
- SHA512_Simple(data, datalen, digest);
- digestLen = 512 / 8;
- }
+ void *hashctx;
+
+ digestLen = extra->hash->hlen;
+ assert(digestLen <= sizeof(digest));
+ hashctx = extra->hash->init();
+ extra->hash->bytes(hashctx, data, datalen);
+ extra->hash->final(hashctx, digest);
/* Do the signature */
_ecdsa_sign(ec->privateKey, ec->publicKey.curve, digest, digestLen, &r, &s);
}
const struct ecsign_extra sign_extra_ed25519 = {
- ec_ed25519,
+ ec_ed25519, NULL,
NULL, 0,
};
const struct ssh_signkey ssh_ecdsa_ed25519 = {
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
const struct ecsign_extra sign_extra_nistp256 = {
- ec_p256,
+ ec_p256, &ssh_sha256,
nistp256_oid, lenof(nistp256_oid),
};
const struct ssh_signkey ssh_ecdsa_nistp256 = {
0x2b, 0x81, 0x04, 0x00, 0x22
};
const struct ecsign_extra sign_extra_nistp384 = {
- ec_p384,
+ ec_p384, &ssh_sha384,
nistp384_oid, lenof(nistp384_oid),
};
const struct ssh_signkey ssh_ecdsa_nistp384 = {
0x2b, 0x81, 0x04, 0x00, 0x23
};
const struct ecsign_extra sign_extra_nistp521 = {
- ec_p521,
+ ec_p521, &ssh_sha512,
nistp521_oid, lenof(nistp521_oid),
};
const struct ssh_signkey ssh_ecdsa_nistp521 = {