diff options
Diffstat (limited to 'src/pki.c')
| -rw-r--r-- | src/pki.c | 59 |
1 files changed, 59 insertions, 0 deletions
@@ -979,6 +979,65 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob, return SSH_OK; } +int ssh_pki_signature_verify_blob(ssh_session session, + ssh_string sig_blob) +{ + unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; + ssh_signature sig; + ssh_key key; + int rc; + + rc = ssh_pki_import_pubkey_blob(session->next_crypto->server_pubkey, &key); + if (rc < 0) { + return SSH_ERROR; + } + + if (session->wanted_methods[SSH_HOSTKEYS]) { + if(!ssh_match_group(session->wanted_methods[SSH_HOSTKEYS], + key->type_c)) { + ssh_set_error(session, + SSH_FATAL, + "Public key from server (%s) doesn't match user " + "preference (%s)", + key->type_c, + session->wanted_methods[SSH_HOSTKEYS]); + ssh_key_free(key); + return -1; + } + } + + rc = ssh_pki_import_signature_blob(sig_blob, key, &sig); + if (rc < 0) { + ssh_key_free(key); + return SSH_ERROR; + } + + ssh_log(session, + SSH_LOG_FUNCTIONS, + "Going to verify a %s type signature", + key->type_c); + + + sha1(session->next_crypto->session_id, + session->next_crypto->digest_len, + hash + 1); + +#ifdef DEBUG_CRYPTO + ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN); +#endif + + rc = pki_signature_verify(session, + sig, + key, + hash, + SHA_DIGEST_LEN); + session->next_crypto->server_pubkey_type = key->type_c; + ssh_signature_free(sig); + ssh_key_free(key); + + return rc; +} + /* * This function signs the session id (known as H) as a string then * the content of sigbuf */ |