aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2011-08-22 18:20:28 +0200
committerAndreas Schneider <asn@cryptomilk.org>2011-08-22 18:41:47 +0200
commit82ca6a6c532c3da9bb6c7d932a2d7447d6a4a17e (patch)
tree0c35f0286eb1aa0a02d236b9d171137d350be32e
parent5cc98ed7205ba68b88d24c85753fb8e60296d2f7 (diff)
downloadlibssh-82ca6a6c532c3da9bb6c7d932a2d7447d6a4a17e.tar.gz
libssh-82ca6a6c532c3da9bb6c7d932a2d7447d6a4a17e.tar.xz
libssh-82ca6a6c532c3da9bb6c7d932a2d7447d6a4a17e.zip
pki: Add ssh_srv_pki_signature_verify_blob().
-rw-r--r--include/libssh/pki.h5
-rw-r--r--src/pki.c38
2 files changed, 43 insertions, 0 deletions
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 3e908a6..ef2ea09 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -70,6 +70,11 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
ssh_signature *psig);
int ssh_pki_signature_verify_blob(ssh_session session,
ssh_string sig_blob);
+int ssh_srv_pki_signature_verify_blob(ssh_session session,
+ ssh_string sig_blob,
+ const ssh_key key,
+ unsigned char *digest,
+ size_t dlen);
/* SSH Public Key Functions */
ssh_string ssh_pki_export_pubkey_blob(const ssh_key key);
diff --git a/src/pki.c b/src/pki.c
index 84ee97a..3a6e0cf 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -1141,6 +1141,44 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
#endif /* _WIN32 */
#ifdef WITH_SERVER
+int ssh_srv_pki_signature_verify_blob(ssh_session session,
+ ssh_string sig_blob,
+ const ssh_key key,
+ unsigned char *digest,
+ size_t dlen)
+{
+ unsigned char hash[SHA_DIGEST_LEN + 1] = {0};
+ ssh_signature sig;
+ int rc;
+
+ rc = ssh_pki_import_signature_blob(sig_blob, key, &sig);
+ if (rc < 0) {
+ ssh_key_free(key);
+ return SSH_ERROR;
+ }
+
+ ssh_log(session,
+ SSH_LOG_FUNCTIONS,
+ "Going to verify a %s type signature",
+ key->type_c);
+
+
+ sha1(digest, dlen, hash + 1);
+
+#ifdef DEBUG_CRYPTO
+ ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN);
+#endif
+
+ rc = pki_signature_verify(session,
+ sig,
+ key,
+ hash,
+ SHA_DIGEST_LEN);
+ ssh_signature_free(sig);
+
+ return rc;
+}
+
ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
const ssh_key privkey)
{