Merge branch 'nick/ssh/sign-verify-binary' into maint-r14

* nick/ssh/sign-verify-binary: Updated appup file. Updated notes file. Changed year in copyright header. Added updated modules to the appup file. Improved error handling for ssh:connect/3/4. Release note contained wrong ticker number. OTP-8987 In some cases SSH returned {error, normal} when a channel was terminated unexpectedly. This has now been changed to {error, channel_closed}.
author: Erlang/OTP <[email protected]> 2011-01-24 08:42:57 +0100
committer: Erlang/OTP <[email protected]> 2011-01-24 08:42:57 +0100
commit: a55a1a82aa398d75152bb96ad6274b656ca58fa5 (patch)
tree: 4d4ed1ef0eaef7173bc67fb895ee0e5b4731f0b5 /lib/ssh
parent: 7db8499d81b8c05d6019df9cf923351d0e96f7a0 (diff)
parent: afdb12f28b7b66452dd0bd83c8f539aee4e61ed9 (diff)
download: otp-a55a1a82aa398d75152bb96ad6274b656ca58fa5.tar.gz
otp-a55a1a82aa398d75152bb96ad6274b656ca58fa5.tar.bz2
otp-a55a1a82aa398d75152bb96ad6274b656ca58fa5.zip
5 files changed, 90 insertions, 9 deletions
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 71e6b2cd3d..2c5096a25f 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -283,6 +283,22 @@
     </func>
 
     <func>
+      <name>sign_data(Data, Algorithm) -> Signature | {error, Reason}</name>
+      <fsummary> </fsummary>
+      <type>
+        <v> Data = binary()</v>
+	<v> Algorithm = "ssh-rsa"</v>
+	<v> Signature = binary()</v>
+	<v> Reason = term()</v>
+      </type>
+      <desc>
+        <p>Signs the supplied binary using the SSH key.
+	</p>
+      </desc>
+    </func>
+
+
+    <func>
       <name>start() -> </name>
       <name>start(Type) -> ok | {error, Reason}</name>
       <fsummary>Starts the Ssh application. </fsummary>
@@ -339,6 +355,22 @@
 	by the listener up and running.</p>
       </desc>
     </func>
+
+    <func>
+      <name>verify_data(Data, Signature, Algorithm) -> ok | {error, Reason}</name>
+      <fsummary> </fsummary>
+      <type>
+        <v> Data = binary()</v>
+	<v> Algorithm = "ssh-rsa"</v>
+	<v> Signature = binary()</v>
+	<v> Reason = term()</v>
+      </type>
+      <desc>
+        <p>Verifies the supplied binary against the binary signature.
+	</p>
+      </desc>
+    </func>
+
   </funcs>
   
 </erlref>
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 994c77436a..cada109df0 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -30,6 +30,8 @@
 	 stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2,
 	 shell/1, shell/2, shell/3]).
 
+-export([sign_data/2, verify_data/3]).
+
 %%--------------------------------------------------------------------
 %% Function: start([, Type]) -> ok
 %%
@@ -94,11 +96,17 @@ connect(Host, Port, Options, Timeout) ->
 		    do_demonitor(MRef, Manager),
 		    {error, Other};
 		{'DOWN', MRef, _, Manager, Reason} when is_pid(Manager) ->
+		    error_logger:warning_report([{ssh, connect},
+						 {diagnose,
+						  "Connection was closed before properly set up."},
+						 {host, Host},
+						 {port, Port},
+						 {reason, Reason}]),
 		    receive %% Clear EXIT message from queue
 			{'EXIT', Manager, _What} -> 
-			    {error, Reason}
+			    {error, channel_closed}
 		    after 0 ->
-			    {error, Reason}
+			    {error, channel_closed}
 		    end
 	    after Timeout  ->
 		    do_demonitor(MRef, Manager),
@@ -239,6 +247,43 @@ shell(Host, Port, Options) ->
 	    Error
     end.
 
+
+%%--------------------------------------------------------------------
+%% Function: sign_data(Data, Algorithm) -> binary() | 
+%%                                         {error, Reason}
+%%
+%%   Data = binary()
+%%   Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH key to sign data.
+%%--------------------------------------------------------------------
+sign_data(Data, Algorithm) when is_binary(Data) ->
+    case ssh_file:private_identity_key(Algorithm,[]) of
+	{ok, Key} when Algorithm == "ssh-rsa" ->
+	    ssh_rsa:sign(Key, Data);
+	Error ->
+	    Error
+    end.
+
+%%--------------------------------------------------------------------
+%% Function: verify_data(Data, Signature, Algorithm) -> ok | 
+%%                                                      {error, Reason}
+%%
+%%   Data = binary()
+%%   Signature = binary()
+%%   Algorithm = "ssh-rsa"
+%%
+%% Description: Use SSH signature to verify data.
+%%--------------------------------------------------------------------
+verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) ->
+    case ssh_file:public_identity_key(Algorithm, []) of
+	{ok, Key} when Algorithm == "ssh-rsa" ->
+	    ssh_rsa:verify(Key, Data, Signature);
+	Error ->
+	    Error
+    end.
+
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl
index 6bf89224cf..9bfd5270da 100644
--- a/lib/ssh/src/ssh_connection_manager.erl
+++ b/lib/ssh/src/ssh_connection_manager.erl
@@ -147,7 +147,7 @@ close(ConnectionManager, ChannelId) ->
     try   call(ConnectionManager, {close, ChannelId}) of
 	  ok ->
 	    ok;
-	  {error,normal} ->
+	  {error, channel_closed} ->
 	    ok
     catch
 	exit:{noproc, _} ->
@@ -158,7 +158,7 @@ stop(ConnectionManager) ->
     try call(ConnectionManager, stop) of
 	ok ->
 	    ok;
-	{error,normal} ->
+	{error, channel_closed} ->
 	    ok
     catch
 	exit:{noproc, _} ->
@@ -604,7 +604,7 @@ call(Pid, Msg, Timeout) ->
 	exit:{timeout, _} ->
 	    {error, timeout};
 	exit:{normal, _} ->
-	    {error, normal}
+	    {error, channel_closed}
     end.
 
 cast(Pid, Msg) ->
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index c78f5dc337..ff23f714cd 100755
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
@@ -35,8 +35,8 @@
 	 lookup_host_key/3, add_host_key/3, % del_host_key/2,
 	 lookup_user_key/3, ssh_dir/2, file_name/3]).
 
--export([private_identity_key/2]).
-%% , public_identity_key/2,
+-export([private_identity_key/2, 
+	 public_identity_key/2]).
 %% 	 identity_keys/2]).
 
 -export([encode_public_key/1, decode_public_key_v2/2]).
@@ -147,6 +147,11 @@ private_identity_key(Alg, Opts) ->
     Path = file_name(user, identity_key_filename(Alg), Opts),
     read_private_key_v2(Path, Alg).
 
+public_identity_key(Alg, Opts) ->
+    Path = file_name(user, identity_key_filename(Alg) ++ ".pub", Opts),
+    read_public_key_v2(Path, Alg).
+
+
 read_public_key_v2(File, Type) ->
     case file:read_file(File) of
 	{ok,Bin} ->
diff --git a/lib/ssh/src/ssh_rsa.erl b/lib/ssh/src/ssh_rsa.erl
index e27cdcf7bd..91b8285b2e 100755
--- a/lib/ssh/src/ssh_rsa.erl
+++ b/lib/ssh/src/ssh_rsa.erl
@@ -202,8 +202,7 @@ rsassa_pkcs1_v1_5_verify(Public=#ssh_key { public={N,_E}}, Mb, Sb) ->
     case emsa_pkcs1_v1_5_encode(Mb, K) of
 	EM -> ok;
 	_S ->
-	    io:format("S: ~p~n", [_S]),
-	    {error, invalid_signature} % exit(invalid_signature)
+	    {error, invalid_signature}
     end.
author	Erlang/OTP <[email protected]>	2011-01-24 08:42:57 +0100
committer	Erlang/OTP <[email protected]>	2011-01-24 08:42:57 +0100
commit	a55a1a82aa398d75152bb96ad6274b656ca58fa5 (patch)
tree	4d4ed1ef0eaef7173bc67fb895ee0e5b4731f0b5 /lib/ssh
parent	7db8499d81b8c05d6019df9cf923351d0e96f7a0 (diff)
parent	afdb12f28b7b66452dd0bd83c8f539aee4e61ed9 (diff)
download	otp-a55a1a82aa398d75152bb96ad6274b656ca58fa5.tar.gz otp-a55a1a82aa398d75152bb96ad6274b656ca58fa5.tar.bz2 otp-a55a1a82aa398d75152bb96ad6274b656ca58fa5.zip