Make _sign and _verify functions take a buffer* rather than void* and int

--HG--
branch : ecc

agentfwd.h

@@ -40,7 +40,7 @@
 /* client functions */
 void cli_load_agent_keys(m_list * ret_list);
 void agent_buf_sign(buffer *sigblob, sign_key *key, 
-    const unsigned char *data, unsigned int len);
+	buffer *data_buf);
 void cli_setup_agent(struct Channel *channel);
 
 #ifdef __hpux

buffer.c

@@ -269,6 +269,11 @@ void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len) {
 
 }
 
+/* puts an entire buffer as a SSH string. ignore pos of buf_str. */
+void buf_putbufstring(buffer *buf, const buffer* buf_str) {
+	buf_putstring(buf, buf_str->data, buf_str->len);
+}
+
 /* put the set of len bytes into the buffer, incrementing the pos, increasing
  * len if required */
 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {

buffer.h

@@ -59,6 +59,7 @@ buffer * buf_getstringbuf(buffer *buf);
 void buf_eatstring(buffer *buf);
 void buf_putint(buffer* buf, unsigned int val);
 void buf_putstring(buffer* buf, const unsigned char* str, unsigned int len);
+void buf_putstringbuf(buffer *buf, const buffer* buf_str);
 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
 void buf_putmpint(buffer* buf, mp_int * mp);
 int buf_getmpint(buffer* buf, mp_int* mp);

cli-agentfwd.c

@@ -254,7 +254,7 @@ void cli_load_agent_keys(m_list *ret_list) {
 }
 
 void agent_buf_sign(buffer *sigblob, sign_key *key, 
-		const unsigned char *data, unsigned int len) {
+		buffer *data_buf) {
 	buffer *request_data = NULL;
 	buffer *response = NULL;
 	unsigned int siglen;
@@ -266,10 +266,10 @@ void agent_buf_sign(buffer *sigblob, sign_key *key,
 	string			data
 	uint32			flags
 	*/
-	request_data = buf_new(MAX_PUBKEY_SIZE + len + 12);
+	request_data = buf_new(MAX_PUBKEY_SIZE + data_buf>-len + 12);
 	buf_put_pub_key(request_data, key, key->type);
 	
-	buf_putstring(request_data, data, len);
+	buf_putbufstring(request_data, data_buf);
 	buf_putint(request_data, 0);
 	
 	response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data);

cli-authpubkey.c

@@ -121,23 +121,19 @@ void recv_msg_userauth_pk_ok() {
 }
 
 void cli_buf_put_sign(buffer* buf, sign_key *key, int type, 
-			const unsigned char *data, unsigned int len)
-{
+			buffer *data_buf) {
 #ifdef ENABLE_CLI_AGENTFWD
 	if (key->source == SIGNKEY_SOURCE_AGENT) {
 		/* Format the agent signature ourselves, as buf_put_sign would. */
 		buffer *sigblob;
 		sigblob = buf_new(MAX_PUBKEY_SIZE);
-		agent_buf_sign(sigblob, key, data, len);
-		buf_setpos(sigblob, 0);
-		buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
-				sigblob->len);
-
+		agent_buf_sign(sigblob, key, data_buf);
+		buf_putbufstring(buf, sigblob);
 		buf_free(sigblob);
 	} else 
 #endif /* ENABLE_CLI_AGENTFWD */
 	{
-		buf_put_sign(buf, key, type, data, len);
+		buf_put_sign(buf, key, type, data_buf);
 	}
 }
 
@@ -174,7 +170,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 		/* We put the signature as well - this contains string(session id), then
 		 * the contents of the write payload to this point */
 		sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
-		buf_putstring(sigbuf, ses.session_id, SHA1_HASH_SIZE);
+		buf_putbufstring(sigbuf, ses.session_id);
 		buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
 		cli_buf_put_sign(ses.writepayload, key, type, sigbuf->data, sigbuf->len);
 		buf_free(sigbuf); /* Nothing confidential in the buffer */

dss.c

@@ -161,9 +161,7 @@ void buf_put_dss_priv_key(buffer* buf, dropbear_dss_key *key) {
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 /* Verify a DSS signature (in buf) made on data by the key given. 
  * returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
-		unsigned int len) {
-
+int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 	unsigned char msghash[SHA1_HASH_SIZE];
 	hash_state hs;
 	int ret = DROPBEAR_FAILURE;
@@ -187,7 +185,7 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data
 
 	/* hash the data */
 	sha1_init(&hs);
-	sha1_process(&hs, data, len);
+	sha1_process(&hs, data_buf->data, data_buf->len);
 	sha1_done(&hs, msghash);
 
 	/* create the signature - s' and r' are the received signatures in buf */
@@ -260,9 +258,7 @@ out:
 
 /* Sign the data presented with key, writing the signature contents
  * to the buffer */
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
-		unsigned int len) {
-
+void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 	unsigned char msghash[SHA1_HASH_SIZE];
 	unsigned int writelen;
 	unsigned int i;
@@ -279,7 +275,7 @@ void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* d
 	
 	/* hash the data */
 	sha1_init(&hs);
-	sha1_process(&hs, data, len);
+	sha1_process(&hs, data_buf->data, data_buf->len);
 	sha1_done(&hs, msghash);
 
 	m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,

dss.h

@@ -43,11 +43,9 @@ typedef struct {
 
 } dropbear_dss_key;
 
-void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
-		unsigned int len);
+void buf_put_dss_sign(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
 #ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_dss_verify(buffer* buf, dropbear_dss_key *key, const unsigned char* data,
-		unsigned int len);
+int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf);
 #endif
 int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key);
 int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key);

rsa.c

@@ -39,8 +39,7 @@
 #ifdef DROPBEAR_RSA 
 
 static void rsa_pad_em(dropbear_rsa_key * key,
-		const unsigned char * data, unsigned int len,
-		mp_int * rsa_em);
+	buffer *data_buf, mp_int * rsa_em);
 
 /* Load a public rsa key from a buffer, initialising the values.
  * The key will have the same format as buf_put_rsa_key.
@@ -213,9 +212,7 @@ void buf_put_rsa_priv_key(buffer* buf, dropbear_rsa_key *key) {
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 /* Verify a signature in buf, made on data by the key given.
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
-		unsigned int len) {
-
+int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf) {
 	unsigned int slen;
 	DEF_MP_INT(rsa_s);
 	DEF_MP_INT(rsa_mdash);
@@ -247,7 +244,7 @@ int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* dat
 	}
 
 	/* create the magic PKCS padded value */
-	rsa_pad_em(key, data, len, &rsa_em);
+	rsa_pad_em(key, data_buf, &rsa_em);
 
 	if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
 		TRACE(("failed exptmod rsa_s"))
@@ -270,9 +267,7 @@ out:
 
 /* Sign the data presented with key, writing the signature contents
  * to the buffer */
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
-		unsigned int len) {
-
+void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf) {
 	unsigned int nsize, ssize;
 	unsigned int i;
 	DEF_MP_INT(rsa_s);
@@ -285,7 +280,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
 
 	m_mp_init_multi(&rsa_s, &rsa_tmp1, &rsa_tmp2, &rsa_tmp3, NULL);
 
-	rsa_pad_em(key, data, len, &rsa_tmp1);
+	rsa_pad_em(key, data_buf, &rsa_tmp1);
 
 	/* the actual signing of the padded data */
 
@@ -377,8 +372,7 @@ void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* d
  * rsa_em must be a pointer to an initialised mp_int.
  */
 static void rsa_pad_em(dropbear_rsa_key * key,
-		const unsigned char * data, unsigned int len, 
-		mp_int * rsa_em) {
+	buffer *data_buf, mp_int * rsa_em) {
 
 	/* ASN1 designator (including the 0x00 preceding) */
 	const unsigned char rsa_asn1_magic[] = 
@@ -391,7 +385,6 @@ static void rsa_pad_em(dropbear_rsa_key * key,
 	unsigned int nsize;
 	
 	dropbear_assert(key != NULL);
-	dropbear_assert(data != NULL);
 	nsize = mp_unsigned_bin_size(key->n);
 
 	rsa_EM = buf_new(nsize-1);
@@ -408,7 +401,7 @@ static void rsa_pad_em(dropbear_rsa_key * key,
 
 	/* The hash of the data */
 	sha1_init(&hs);
-	sha1_process(&hs, data, len);
+	sha1_process(&hs, data_buf->data, data_buf->len);
 	sha1_done(&hs, buf_getwriteptr(rsa_EM, SHA1_HASH_SIZE));
 	buf_incrwritepos(rsa_EM, SHA1_HASH_SIZE);
 

rsa.h

@@ -43,11 +43,9 @@ typedef struct {
 
 } dropbear_rsa_key;
 
-void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, const unsigned char* data,
-		unsigned int len);
+void buf_put_rsa_sign(buffer* buf, dropbear_rsa_key *key, buffer *data_buf);
 #ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, const unsigned char* data,
-		unsigned int len);
+int buf_rsa_verify(buffer * buf, dropbear_rsa_key *key, buffer *data_buf);
 #endif
 int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key);
 int buf_get_rsa_priv_key(buffer* buf, dropbear_rsa_key *key);

signkey.c

@@ -218,10 +218,7 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
 		dropbear_exit("Bad key types in buf_put_pub_key");
 	}
 
-	buf_setpos(pubkeys, 0);
-	buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len),
-			pubkeys->len);
-	
+	buf_putbufstring(buf, pubkeys);
 	buf_free(pubkeys);
 	TRACE(("leave buf_put_pub_key"))
 }
@@ -364,28 +361,24 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
 }
 
 void buf_put_sign(buffer* buf, sign_key *key, int type, 
-		const unsigned char *data, unsigned int len) {
-
+	buffer *data_buf) {
 	buffer *sigblob;
 	sigblob = buf_new(MAX_PUBKEY_SIZE);
 
 #ifdef DROPBEAR_DSS
 	if (type == DROPBEAR_SIGNKEY_DSS) {
-		buf_put_dss_sign(sigblob, key->dsskey, data, len);
+		buf_put_dss_sign(sigblob, key->dsskey, data_buf);
 	}
 #endif
 #ifdef DROPBEAR_RSA
 	if (type == DROPBEAR_SIGNKEY_RSA) {
-		buf_put_rsa_sign(sigblob, key->rsakey, data, len);
+		buf_put_rsa_sign(sigblob, key->rsakey, data_buf);
 	}
 #endif
 	if (sigblob->len == 0) {
 		dropbear_exit("Non-matching signing type");
 	}
-	buf_setpos(sigblob, 0);
-	buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
-			sigblob->len);
-			
+	buf_putbufstring(buf, sigblob);
 	buf_free(sigblob);
 
 }
@@ -395,8 +388,7 @@ void buf_put_sign(buffer* buf, sign_key *key, int type,
  * If FAILURE is returned, the position of
  * buf is undefined. If SUCCESS is returned, buf will be positioned after the
  * signature blob */
-int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
-		unsigned int len) {
+int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
 	
 	unsigned int bloblen;
 	unsigned char * ident = NULL;
@@ -414,7 +406,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
 		if (key->dsskey == NULL) {
 			dropbear_exit("No DSS key to verify signature");
 		}
-		return buf_dss_verify(buf, key->dsskey, data, len);
+		return buf_dss_verify(buf, key->dsskey, data_buf);
 	}
 #endif
 
@@ -424,7 +416,7 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
 		if (key->rsakey == NULL) {
 			dropbear_exit("No RSA key to verify signature");
 		}
-		return buf_rsa_verify(buf, key->rsakey, data, len);
+		return buf_rsa_verify(buf, key->rsakey, data_buf);
 	}
 #endif
 

signkey.h

@@ -63,11 +63,9 @@ int buf_get_priv_key(buffer* buf, sign_key *key, int *type);
 void buf_put_pub_key(buffer* buf, sign_key *key, int type);
 void buf_put_priv_key(buffer* buf, sign_key *key, int type);
 void sign_key_free(sign_key *key);
-void buf_put_sign(buffer* buf, sign_key *key, int type, 
-		const unsigned char *data, unsigned int len);
+void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf);
 #ifdef DROPBEAR_SIGNKEY_VERIFY
-int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
-		unsigned int len);
+int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
 char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
 #endif
 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,