version 1.7, 2019/10/31 21:23:19 |
version 1.8, 2019/11/25 00:51:37 |
|
|
static int |
static int |
sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, |
sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, |
const struct sshbuf *h_message, const char *expect_namespace, |
const struct sshbuf *h_message, const char *expect_namespace, |
struct sshkey **sign_keyp) |
struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) |
{ |
{ |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
struct sshbuf *buf = NULL, *toverify = NULL; |
struct sshbuf *buf = NULL, *toverify = NULL; |
|
|
size_t siglen; |
size_t siglen; |
|
|
debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); |
debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); |
|
if (sig_details != NULL) |
|
*sig_details = NULL; |
if (sign_keyp != NULL) |
if (sign_keyp != NULL) |
*sign_keyp = NULL; |
*sign_keyp = NULL; |
|
|
|
|
} |
} |
} |
} |
if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), |
if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), |
sshbuf_len(toverify), NULL, 0)) != 0) { |
sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { |
error("Signature verification failed: %s", ssh_err(r)); |
error("Signature verification failed: %s", ssh_err(r)); |
goto done; |
goto done; |
} |
} |
|
|
|
|
int |
int |
sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, |
sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, |
const char *expect_namespace, struct sshkey **sign_keyp) |
const char *expect_namespace, struct sshkey **sign_keyp, |
|
struct sshkey_sig_details **sig_details) |
{ |
{ |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
char *hashalg = NULL; |
char *hashalg = NULL; |
|
|
|
if (sig_details != NULL) |
|
*sig_details = NULL; |
if (sign_keyp != NULL) |
if (sign_keyp != NULL) |
*sign_keyp = NULL; |
*sign_keyp = NULL; |
|
|
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
return r; |
return r; |
debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
|
|
goto out; |
goto out; |
} |
} |
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
sign_keyp)) != 0) |
sign_keyp, sig_details)) != 0) |
goto out; |
goto out; |
/* success */ |
/* success */ |
r = 0; |
r = 0; |
|
|
|
|
int |
int |
sshsig_verify_fd(struct sshbuf *signature, int fd, |
sshsig_verify_fd(struct sshbuf *signature, int fd, |
const char *expect_namespace, struct sshkey **sign_keyp) |
const char *expect_namespace, struct sshkey **sign_keyp, |
|
struct sshkey_sig_details **sig_details) |
{ |
{ |
struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
char *hashalg = NULL; |
char *hashalg = NULL; |
|
|
|
if (sig_details != NULL) |
|
*sig_details = NULL; |
if (sign_keyp != NULL) |
if (sign_keyp != NULL) |
*sign_keyp = NULL; |
*sign_keyp = NULL; |
|
|
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
return r; |
return r; |
debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
|
|
goto out; |
goto out; |
} |
} |
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
sign_keyp)) != 0) |
sign_keyp, sig_details)) != 0) |
goto out; |
goto out; |
/* success */ |
/* success */ |
r = 0; |
r = 0; |