bartoszek/rublon-ssh
1
0
Fork 0
Code Issues 7 Pull Requests Packages Projects Releases Wiki Activity

bwi/v2.3.0 #29

Merged
bartoszek merged 38 commits from bwi/v2.3.0 into main 2025-09-11 08:32:43 +00:00
Conversation 0 Commits 38 Files Changed 70 +15 -17
1 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 8ea835c2f0 - Show all commits

32
PAM/ssh/include/rublon/sign.hpp
View File

@ -1,5 +1,6 @@
#pragma once #pragma once
#include <memory>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/sha.h> #include <openssl/sha.h>
@ -8,40 +9,37 @@
namespace rublon { namespace rublon {
struct EVP_MD_CTX_deleter{
void operator()(EVP_MD_CTX *ctx)const{
EVP_MD_CTX_free(ctx);
}
};
inline StaticString< SHA256_DIGEST_LENGTH * 2 > fileSHA256(const char * const path) { inline StaticString< SHA256_DIGEST_LENGTH * 2 > fileSHA256(const char * const path) {
std::string fileContent; std::string fileContent;
readFile(path, fileContent); readFile(path, fileContent);
StaticString< SHA256_DIGEST_LENGTH * 2 > xRublon{}; StaticString< SHA256_DIGEST_LENGTH * 2 > xRublon{};
std::array< unsigned char, SHA256_DIGEST_LENGTH + 1 > hash{}; std::array< unsigned char, SHA256_DIGEST_LENGTH + 1 > hash{};
int ret{};
EVP_MD_CTX * ctx; auto ctx = std::unique_ptr<EVP_MD_CTX, EVP_MD_CTX_deleter>{EVP_MD_CTX_new()};
ctx = EVP_MD_CTX_new();
if(not ctx)
return 0;
if(ctx == NULL)
goto out; goto out;
// EVP_X methods return 1 on success, so does this function // EVP_X methods return 1 on success, so does this function
// Any values other than 1 denote error // Any values other than 1 denote error
ret = EVP_DigestInit(ctx, EVP_sha256()); if(not EVP_DigestInit(ctx.get(), EVP_sha256()))
if(!ret)
goto out; goto out;
ret = EVP_DigestUpdate(ctx, fileContent.data(), fileContent.size()); if(not EVP_DigestUpdate(ctx.get(), fileContent.data(), fileContent.size()))
if(!ret)
goto out; goto out;
// Provide uint* instead of NULL to get nBytes written, 32 for SHA256 // Provide uint* instead of NULL to get nBytes written, 32 for SHA256
ret = EVP_DigestFinal(ctx, hash.data(), NULL); if(not EVP_DigestFinal(ctx.get(), hash.data(), NULL))
if(!ret)
goto out; goto out;
out: out:
if(ctx != NULL)
EVP_MD_CTX_free(ctx);
for(unsigned int i = 0; i < SHA256_DIGEST_LENGTH; i++) for(unsigned int i = 0; i < SHA256_DIGEST_LENGTH; i++)
sprintf(&xRublon[i * 2], "%02x", ( unsigned int ) hash[i]); sprintf(&xRublon[i * 2], "%02x", ( unsigned int ) hash[i]);
@ -51,7 +49,7 @@ out:
// +1 for \0 // +1 for \0
inline StaticString< SHA256_DIGEST_LENGTH * 2 > signData(std::string_view data, std::string_view secretKey) { inline StaticString< SHA256_DIGEST_LENGTH * 2 > signData(std::string_view data, std::string_view secretKey) {
StaticString< SHA256_DIGEST_LENGTH * 2 > xRublon; StaticString< SHA256_DIGEST_LENGTH * 2 > xRublon;
std::array< unsigned char, EVP_MAX_MD_SIZE > md; std::array< unsigned char, EVP_MAX_MD_SIZE > md{};
unsigned int md_len{}; unsigned int md_len{};
HMAC(EVP_sha256(), secretKey.data(), secretKey.size(), ( unsigned const char * ) data.data(), data.size(), md.data(), &md_len); HMAC(EVP_sha256(), secretKey.data(), secretKey.size(), ( unsigned const char * ) data.data(), data.size(), md.data(), &md_len);