diff options
Diffstat (limited to 'sshsig.c')
-rw-r--r-- | sshsig.c | 17 |
1 files changed, 10 insertions, 7 deletions
@@ -1,3 +1,4 @@ | |||
1 | /* $OpenBSD: sshsig.c,v 1.17 2020/08/31 00:17:41 djm Exp $ */ | ||
1 | /* | 2 | /* |
2 | * Copyright (c) 2019 Google LLC | 3 | * Copyright (c) 2019 Google LLC |
3 | * | 4 | * |
@@ -151,7 +152,7 @@ done: | |||
151 | 152 | ||
152 | static int | 153 | static int |
153 | sshsig_wrap_sign(struct sshkey *key, const char *hashalg, | 154 | sshsig_wrap_sign(struct sshkey *key, const char *hashalg, |
154 | const char *sk_provider, const struct sshbuf *h_message, | 155 | const char *sk_provider, const char *sk_pin, const struct sshbuf *h_message, |
155 | const char *sig_namespace, struct sshbuf **out, | 156 | const char *sig_namespace, struct sshbuf **out, |
156 | sshsig_signer *signer, void *signer_ctx) | 157 | sshsig_signer *signer, void *signer_ctx) |
157 | { | 158 | { |
@@ -185,14 +186,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, | |||
185 | if (signer != NULL) { | 186 | if (signer != NULL) { |
186 | if ((r = signer(key, &sig, &slen, | 187 | if ((r = signer(key, &sig, &slen, |
187 | sshbuf_ptr(tosign), sshbuf_len(tosign), | 188 | sshbuf_ptr(tosign), sshbuf_len(tosign), |
188 | sign_alg, sk_provider, 0, signer_ctx)) != 0) { | 189 | sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) { |
189 | error("Couldn't sign message: %s", ssh_err(r)); | 190 | error("Couldn't sign message: %s", ssh_err(r)); |
190 | goto done; | 191 | goto done; |
191 | } | 192 | } |
192 | } else { | 193 | } else { |
193 | if ((r = sshkey_sign(key, &sig, &slen, | 194 | if ((r = sshkey_sign(key, &sig, &slen, |
194 | sshbuf_ptr(tosign), sshbuf_len(tosign), | 195 | sshbuf_ptr(tosign), sshbuf_len(tosign), |
195 | sign_alg, sk_provider, 0)) != 0) { | 196 | sign_alg, sk_provider, sk_pin, 0)) != 0) { |
196 | error("Couldn't sign message: %s", ssh_err(r)); | 197 | error("Couldn't sign message: %s", ssh_err(r)); |
197 | goto done; | 198 | goto done; |
198 | } | 199 | } |
@@ -430,7 +431,8 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) | |||
430 | } | 431 | } |
431 | 432 | ||
432 | int | 433 | int |
433 | sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, | 434 | sshsig_signb(struct sshkey *key, const char *hashalg, |
435 | const char *sk_provider, const char *sk_pin, | ||
434 | const struct sshbuf *message, const char *sig_namespace, | 436 | const struct sshbuf *message, const char *sig_namespace, |
435 | struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) | 437 | struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) |
436 | { | 438 | { |
@@ -445,7 +447,7 @@ sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, | |||
445 | error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); | 447 | error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); |
446 | goto out; | 448 | goto out; |
447 | } | 449 | } |
448 | if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, | 450 | if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, |
449 | sig_namespace, out, signer, signer_ctx)) != 0) | 451 | sig_namespace, out, signer, signer_ctx)) != 0) |
450 | goto out; | 452 | goto out; |
451 | /* success */ | 453 | /* success */ |
@@ -558,7 +560,8 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) | |||
558 | } | 560 | } |
559 | 561 | ||
560 | int | 562 | int |
561 | sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, | 563 | sshsig_sign_fd(struct sshkey *key, const char *hashalg, |
564 | const char *sk_provider, const char *sk_pin, | ||
562 | int fd, const char *sig_namespace, struct sshbuf **out, | 565 | int fd, const char *sig_namespace, struct sshbuf **out, |
563 | sshsig_signer *signer, void *signer_ctx) | 566 | sshsig_signer *signer, void *signer_ctx) |
564 | { | 567 | { |
@@ -573,7 +576,7 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, | |||
573 | error("%s: hash_file failed: %s", __func__, ssh_err(r)); | 576 | error("%s: hash_file failed: %s", __func__, ssh_err(r)); |
574 | return r; | 577 | return r; |
575 | } | 578 | } |
576 | if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, | 579 | if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, |
577 | sig_namespace, out, signer, signer_ctx)) != 0) | 580 | sig_namespace, out, signer, signer_ctx)) != 0) |
578 | goto out; | 581 | goto out; |
579 | /* success */ | 582 | /* success */ |