From 2916e7f2aa523411717c3ed4e275ab96cb03b6ee Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 24 Jan 2012 17:55:54 +0100
Subject: Use the public_key application for all public key handling

Also improved test suites to avoid copying of users keys to
test server directories as this is a security liability
---
 lib/ssh/src/ssh_dsa.erl | 42 +++++++++---------------------------------
 1 file changed, 9 insertions(+), 33 deletions(-)

(limited to 'lib/ssh/src/ssh_dsa.erl')

diff --git a/lib/ssh/src/ssh_dsa.erl b/lib/ssh/src/ssh_dsa.erl
index cb2632beac..6650b8b99b 100644
--- a/lib/ssh/src/ssh_dsa.erl
+++ b/lib/ssh/src/ssh_dsa.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,28 +23,14 @@
 
 -module(ssh_dsa).
 
--export([verify/3]).
+-export([verify/3, verify/4]).
 -export([sign/2]).
 -export([alg_name/0]).
 
 -include("ssh.hrl").
+-include_lib("public_key/include/public_key.hrl").
 
-%% start() ->
-%%     crypto:start().
-
-%% sign_file(File, Opts) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:private_host_dsa_key(user, Opts),
-%%     sign(Key, Bin).
-
-%% verify_file(File, Sig) ->
-%%     start(),
-%%     {ok,Bin} = file:read_file(File),
-%%     {ok,Key} = ssh_file:public_host_key(user, dsa),
-%%     verify(Key, Bin, Sig).
-
-sign(_Private=#ssh_key { private={P,Q,G,X} },Mb) ->
+sign(_Private= #'DSAPrivateKey'{p = P, q = Q, g = G, x = X},Mb) ->
     K = ssh_bits:irandom(160) rem Q,
     R = ssh_math:ipow(G, K, P) rem Q,
     Ki = ssh_math:invert(K, Q),
@@ -52,28 +38,18 @@ sign(_Private=#ssh_key { private={P,Q,G,X} },Mb) ->
     S = (Ki * (M + X*R)) rem Q,
     <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>>.
 
-
-%% the paramiko client sends a bad sig sometimes, 
-%% instead of crashing, we nicely return error, the
-%% typcally manifests itself as Sb being 39 bytes
-%% instead of 40.
+verify(PlainText, sha, Sig, {Y,  {_, P, Q, G}}) ->
+    verify(#ssh_key{type = dsa,
+		    public = {P,Q,G,Y}}, PlainText, Sig).
 
 verify(Public, Mb, Sb) ->
     case catch xverify(Public, Mb, Sb) of
 	{'EXIT', _Reason} ->
-            %store({Public, Mb, Sb, _Reason}),
-	    {error, inconsistent_key};
+	    false;
 	ok ->
-  	    %store({Public, Mb, Sb, ok})
-	    ok
+	    true
     end.
 
-%% store(Term) ->
-%%     {ok, Fd} = file:open("/tmp/dsa", [append]),
-%%     io:format(Fd, "~p~n~n~n", [Term]),
-%%     file:close(Fd).
-
-
 xverify(_Public=#ssh_key { public={P,Q,G,Y} },Mb,Sb) ->
     <<R0:160/big-unsigned-integer, S0:160/big-unsigned-integer>> = Sb,
     ?ssh_assert(R0 >= 0 andalso R0 < Q andalso
-- 
cgit v1.2.3


From 8d20de278b3ef69ea470bfb35e5999750214e3a1 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 31 Jan 2012 16:12:30 +0100
Subject: Removed no longer needed code

---
 lib/ssh/src/ssh_dsa.erl | 71 -------------------------------------------------
 1 file changed, 71 deletions(-)
 delete mode 100644 lib/ssh/src/ssh_dsa.erl

(limited to 'lib/ssh/src/ssh_dsa.erl')

diff --git a/lib/ssh/src/ssh_dsa.erl b/lib/ssh/src/ssh_dsa.erl
deleted file mode 100644
index 6650b8b99b..0000000000
--- a/lib/ssh/src/ssh_dsa.erl
+++ /dev/null
@@ -1,71 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2012. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
-
-%%% Description: dsa public-key sign and verify
-
--module(ssh_dsa).
-
--export([verify/3, verify/4]).
--export([sign/2]).
--export([alg_name/0]).
-
--include("ssh.hrl").
--include_lib("public_key/include/public_key.hrl").
-
-sign(_Private= #'DSAPrivateKey'{p = P, q = Q, g = G, x = X},Mb) ->
-    K = ssh_bits:irandom(160) rem Q,
-    R = ssh_math:ipow(G, K, P) rem Q,
-    Ki = ssh_math:invert(K, Q),
-    <<M:160/big-unsigned-integer>> = crypto:sha(Mb),
-    S = (Ki * (M + X*R)) rem Q,
-    <<R:160/big-unsigned-integer, S:160/big-unsigned-integer>>.
-
-verify(PlainText, sha, Sig, {Y,  {_, P, Q, G}}) ->
-    verify(#ssh_key{type = dsa,
-		    public = {P,Q,G,Y}}, PlainText, Sig).
-
-verify(Public, Mb, Sb) ->
-    case catch xverify(Public, Mb, Sb) of
-	{'EXIT', _Reason} ->
-	    false;
-	ok ->
-	    true
-    end.
-
-xverify(_Public=#ssh_key { public={P,Q,G,Y} },Mb,Sb) ->
-    <<R0:160/big-unsigned-integer, S0:160/big-unsigned-integer>> = Sb,
-    ?ssh_assert(R0 >= 0 andalso R0 < Q andalso
-		S0 >= 0 andalso S0 < Q, out_of_range),
-    W = ssh_math:invert(S0,Q),
-    <<M0:160/big-unsigned-integer>> = crypto:sha(Mb),
-    U1 = (M0*W) rem Q,
-    U2 = (R0*W) rem Q,
-    T1 = ssh_math:ipow(G,U1,P),
-    T2 = ssh_math:ipow(Y,U2,P),
-    V = ((T1*T2) rem P) rem Q,
-    if V == R0 ->
-	    ok;
-       true ->
-	    {error, inconsistent_key}
-    end.
-
-alg_name() ->
-    "ssh-dss".
-- 
cgit v1.2.3