diff options
Diffstat (limited to 'src/pki_crypto.c')
-rw-r--r-- | src/pki_crypto.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index d4f48d3..386ac99 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -673,6 +673,53 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey, return sig; } +int pki_signature_verify(ssh_session session, + const ssh_signature sig, + const ssh_key key, + const unsigned char *hash, + size_t len) +{ + int rc; + + switch(key->type) { + case SSH_KEYTYPE_DSS: + rc = DSA_do_verify(hash + 1, + len, + sig->dsa_sig, + key->dsa); + if (rc < 0) { + ssh_set_error(session, + SSH_FATAL, + "DSA error: %s", + ERR_error_string(ERR_get_error(), NULL)); + return SSH_ERROR; + } + break; + case SSH_KEYTYPE_RSA: + case SSH_KEYTYPE_RSA1: + rc = RSA_verify(NID_sha1, + hash + 1, + len, + string_data(sig->rsa_sig), + ssh_string_len(sig->rsa_sig), + key->rsa); + if (rc < 0) { + ssh_set_error(session, + SSH_FATAL, + "RSA error: %s", + ERR_error_string(ERR_get_error(), NULL)); + return SSH_ERROR; + } + break; + case SSH_KEYTYPE_ECDSA: + case SSH_KEYTYPE_UNKNOWN: + ssh_set_error(session, SSH_FATAL, "Unknown public key type"); + return SSH_ERROR; + } + + return SSH_OK; +} + struct signature_struct *pki_do_sign(ssh_key privatekey, const unsigned char *hash) { struct signature_struct *sign; |