void
packet_read_expect(int expected_type)
{
int r;
if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0)
sshpkt_fatal(active_state, __func__, r);
}
int
auth_rsa_challenge_dialog(struct sshkey *key)
{
struct ssh *ssh = active_state;
BIGNUM *challenge, *encrypted_challenge;
u_char response[16];
int r, success;
if ((encrypted_challenge = BN_new()) == NULL)
fatal("auth_rsa_challenge_dialog: BN_new() failed");
challenge = PRIVSEP(auth_rsa_generate_challenge(key));
/* Encrypt the challenge with the public key. */
if ((r = rsa_public_encrypt(encrypted_challenge, challenge,
key->rsa)) != 0)
fatal("%s: rsa_public_encrypt: %s", __func__, ssh_err(r));
/* Send the encrypted challenge to the client. */
if ((r = sshpkt_start(ssh, SSH_SMSG_AUTH_RSA_CHALLENGE)) != 0 ||
(r = sshpkt_put_bignum1(ssh, encrypted_challenge)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
BN_clear_free(encrypted_challenge);
ssh_packet_write_wait(ssh);
/* Wait for a response. */
ssh_packet_read_expect(ssh, SSH_CMSG_AUTH_RSA_RESPONSE);
if ((r = sshpkt_get(ssh, &response, sizeof(response))) != 0 ||
(r = sshpkt_get_end(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
BN_clear_free(challenge);
return (success);
}
