| version 1.7, 2019/10/31 21:23:19 |
version 1.8, 2019/11/25 00:51:37 |
|
|
| static int |
static int |
| sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, |
sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, |
| const struct sshbuf *h_message, const char *expect_namespace, |
const struct sshbuf *h_message, const char *expect_namespace, |
| struct sshkey **sign_keyp) |
struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) |
| { |
{ |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
| struct sshbuf *buf = NULL, *toverify = NULL; |
struct sshbuf *buf = NULL, *toverify = NULL; |
|
|
| size_t siglen; |
size_t siglen; |
| |
|
| debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); |
debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); |
| |
if (sig_details != NULL) |
| |
*sig_details = NULL; |
| if (sign_keyp != NULL) |
if (sign_keyp != NULL) |
| *sign_keyp = NULL; |
*sign_keyp = NULL; |
| |
|
|
|
| } |
} |
| } |
} |
| if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), |
if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), |
| sshbuf_len(toverify), NULL, 0)) != 0) { |
sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { |
| error("Signature verification failed: %s", ssh_err(r)); |
error("Signature verification failed: %s", ssh_err(r)); |
| goto done; |
goto done; |
| } |
} |
|
|
| |
|
| int |
int |
| sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, |
sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, |
| const char *expect_namespace, struct sshkey **sign_keyp) |
const char *expect_namespace, struct sshkey **sign_keyp, |
| |
struct sshkey_sig_details **sig_details) |
| { |
{ |
| struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
| char *hashalg = NULL; |
char *hashalg = NULL; |
| |
|
| |
if (sig_details != NULL) |
| |
*sig_details = NULL; |
| if (sign_keyp != NULL) |
if (sign_keyp != NULL) |
| *sign_keyp = NULL; |
*sign_keyp = NULL; |
| |
|
| if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
| return r; |
return r; |
| debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
|
|
| goto out; |
goto out; |
| } |
} |
| if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
| sign_keyp)) != 0) |
sign_keyp, sig_details)) != 0) |
| goto out; |
goto out; |
| /* success */ |
/* success */ |
| r = 0; |
r = 0; |
|
|
| |
|
| int |
int |
| sshsig_verify_fd(struct sshbuf *signature, int fd, |
sshsig_verify_fd(struct sshbuf *signature, int fd, |
| const char *expect_namespace, struct sshkey **sign_keyp) |
const char *expect_namespace, struct sshkey **sign_keyp, |
| |
struct sshkey_sig_details **sig_details) |
| { |
{ |
| struct sshbuf *b = NULL; |
struct sshbuf *b = NULL; |
| int r = SSH_ERR_INTERNAL_ERROR; |
int r = SSH_ERR_INTERNAL_ERROR; |
| char *hashalg = NULL; |
char *hashalg = NULL; |
| |
|
| |
if (sig_details != NULL) |
| |
*sig_details = NULL; |
| if (sign_keyp != NULL) |
if (sign_keyp != NULL) |
| *sign_keyp = NULL; |
*sign_keyp = NULL; |
| |
|
| if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) |
| return r; |
return r; |
| debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
debug("%s: signature made with hash \"%s\"", __func__, hashalg); |
|
|
| goto out; |
goto out; |
| } |
} |
| if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, |
| sign_keyp)) != 0) |
sign_keyp, sig_details)) != 0) |
| goto out; |
goto out; |
| /* success */ |
/* success */ |
| r = 0; |
r = 0; |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshsig.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh