diff --git a/include/libssh/pki.h b/include/libssh/pki.h index 3e908a61..ef2ea090 100644 --- a/include/libssh/pki.h +++ b/include/libssh/pki.h @@ -70,6 +70,11 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob, ssh_signature *psig); int ssh_pki_signature_verify_blob(ssh_session session, ssh_string sig_blob); +int ssh_srv_pki_signature_verify_blob(ssh_session session, + ssh_string sig_blob, + const ssh_key key, + unsigned char *digest, + size_t dlen); /* SSH Public Key Functions */ ssh_string ssh_pki_export_pubkey_blob(const ssh_key key); diff --git a/src/pki.c b/src/pki.c index 84ee97aa..3a6e0cf2 100644 --- a/src/pki.c +++ b/src/pki.c @@ -1141,6 +1141,44 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session, #endif /* _WIN32 */ #ifdef WITH_SERVER +int ssh_srv_pki_signature_verify_blob(ssh_session session, + ssh_string sig_blob, + const ssh_key key, + unsigned char *digest, + size_t dlen) +{ + unsigned char hash[SHA_DIGEST_LEN + 1] = {0}; + ssh_signature sig; + int rc; + + rc = ssh_pki_import_signature_blob(sig_blob, key, &sig); + if (rc < 0) { + ssh_key_free(key); + return SSH_ERROR; + } + + ssh_log(session, + SSH_LOG_FUNCTIONS, + "Going to verify a %s type signature", + key->type_c); + + + sha1(digest, dlen, hash + 1); + +#ifdef DEBUG_CRYPTO + ssh_print_hexa("Hash to be verified with dsa", hash + 1, SHA_DIGEST_LEN); +#endif + + rc = pki_signature_verify(session, + sig, + key, + hash, + SHA_DIGEST_LEN); + ssh_signature_free(sig); + + return rc; +} + ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session, const ssh_key privkey) {