int ssh_pki_signature_verify_blob(ssh_session session, ssh_string sig_blob, const ssh_key key, unsigned char *digest, size_t dlen) { ssh_signature sig; int rc; rc = ssh_pki_import_signature_blob(sig_blob, key, &sig); if (rc < 0) { return SSH_ERROR; } SSH_LOG(SSH_LOG_FUNCTIONS, "Going to verify a %s type signature", key->type_c); if (key->type == SSH_KEYTYPE_ECDSA) { #if HAVE_ECC unsigned char ehash[EVP_DIGEST_LEN] = {0}; uint32_t elen; evp(key->ecdsa_nid, digest, dlen, ehash, &elen); #ifdef DEBUG_CRYPTO ssh_print_hexa("Hash to be verified with ecdsa", ehash, elen); #endif rc = pki_signature_verify(session, sig, key, ehash, elen); #endif } else if (key->type == SSH_KEYTYPE_ED25519) { rc = pki_signature_verify(session, sig, key, digest, dlen); } else { unsigned char hash[SHA_DIGEST_LEN] = {0}; sha1(digest, dlen, hash); #ifdef DEBUG_CRYPTO ssh_print_hexa("Hash to be verified with dsa", hash, SHA_DIGEST_LEN); #endif rc = pki_signature_verify(session, sig, key, hash, SHA_DIGEST_LEN); } ssh_signature_free(sig); return rc; }
static void torture_pki_generate_key_ecdsa(void **state) { int rc; ssh_key key; ssh_signature sign; ssh_session session=ssh_new(); (void) state; rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, HASH, 20); assert_true(sign != NULL); rc = pki_signature_verify(session,sign,key,HASH,20); assert_true(rc == SSH_OK); ssh_signature_free(sign); ssh_key_free(key); key=NULL; rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, HASH, 20); assert_true(sign != NULL); rc = pki_signature_verify(session,sign,key,HASH,20); assert_true(rc == SSH_OK); ssh_signature_free(sign); ssh_key_free(key); key=NULL; rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 512, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, HASH, 20); assert_true(sign != NULL); rc = pki_signature_verify(session,sign,key,HASH,20); assert_true(rc == SSH_OK); ssh_signature_free(sign); ssh_key_free(key); key=NULL; ssh_free(session); }
static void torture_pki_generate_key_rsa1(void **state) { int rc; ssh_key key; ssh_signature sign; ssh_session session=ssh_new(); (void) state; rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 1024, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, HASH, 20); assert_true(sign != NULL); rc = pki_signature_verify(session,sign,key,HASH,20); assert_true(rc == SSH_OK); ssh_signature_free(sign); ssh_key_free(key); key=NULL; rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 2048, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, HASH, 20); assert_true(sign != NULL); rc = pki_signature_verify(session,sign,key,HASH,20); assert_true(rc == SSH_OK); ssh_signature_free(sign); ssh_key_free(key); key=NULL; rc = ssh_pki_generate(SSH_KEYTYPE_RSA1, 4096, &key); assert_true(rc == SSH_OK); assert_true(key != NULL); sign = pki_do_sign(key, HASH, 20); assert_true(sign != NULL); rc = pki_signature_verify(session,sign,key,HASH,20); assert_true(rc == SSH_OK); ssh_signature_free(sign); ssh_key_free(key); key=NULL; ssh_free(session); }