Add key validation in server side authentication

include/libssh/libssh.h

@@ -186,6 +186,13 @@ enum ssh_channel_requests_e {
 	SSH_CHANNEL_REQUEST_WINDOW_CHANGE,
 };
 
+enum ssh_publickey_state_e {
+	SSH_PUBLICKEY_STATE_ERROR=-1,
+	SSH_PUBLICKEY_STATE_NONE=0,
+	SSH_PUBLICKEY_STATE_VALID=1,
+	SSH_PUBLICKEY_STATE_WRONG=2
+};
+
 /* status flags */
 #define SSH_CLOSED 0x01
 #define SSH_READ_PENDING 0x02

include/libssh/server.h

@@ -148,6 +148,7 @@ LIBSSH_API int ssh_message_reply_default(ssh_message msg);
 LIBSSH_API char *ssh_message_auth_user(ssh_message msg);
 LIBSSH_API char *ssh_message_auth_password(ssh_message msg);
 LIBSSH_API ssh_public_key ssh_message_auth_publickey(ssh_message msg);
+LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg);
 LIBSSH_API int ssh_message_auth_reply_success(ssh_message msg,int partial);
 LIBSSH_API int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pubkey);
 LIBSSH_API int ssh_message_auth_set_methods(ssh_message msg, int methods);

libssh/messages.c

@@ -220,7 +220,7 @@ static ssh_message handle_userauth_request(ssh_session session){
     if (msg->auth_request.public_key == NULL) {
        goto error;
     }
-    msg->auth_request.signature_state = 0;
+    msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_NONE;
     // has a valid signature ?
     if(has_sign) {
       SIGNATURE *signature = NULL;
@@ -231,7 +231,7 @@ static ssh_message handle_userauth_request(ssh_session session){
       sign = buffer_get_ssh_string(session->in_buffer);
       if(sign == NULL) {
         ssh_log(session, SSH_LOG_PACKET, "Invalid signature packet from peer");
-        msg->auth_request.signature_state = -2;
+        msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_ERROR;
         goto error;
       }
       signature = signature_from_string(session, sign, public_key,
@@ -241,7 +241,7 @@ static ssh_message handle_userauth_request(ssh_session session){
           (digest != NULL && signature != NULL &&
           sig_verify(session, public_key, signature,
                      buffer_get(digest), buffer_get_len(digest)) < 0)) {
-        ssh_log(session, SSH_LOG_PACKET, "Invalid signature from peer");
+        ssh_log(session, SSH_LOG_PACKET, "Wrong signature from peer");
 
         string_free(sign);
         sign = NULL;
@@ -250,7 +250,7 @@ static ssh_message handle_userauth_request(ssh_session session){
         signature_free(signature);
         signature = NULL;
 
-        msg->auth_request.signature_state = -1;
+        msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_WRONG;
         goto error;
       }         
       else
@@ -263,7 +263,7 @@ static ssh_message handle_userauth_request(ssh_session session){
       signature_free(signature);
       signature = NULL;
 
-      msg->auth_request.signature_state = 1;
+      msg->auth_request.signature_state = SSH_PUBLICKEY_STATE_VALID;
     }
     SAFE_FREE(service_c);
     leave_function();

libssh/server.c

@@ -760,6 +760,13 @@ ssh_public_key ssh_message_auth_publickey(ssh_message msg){
   return msg->auth_request.public_key;
 }
 
+enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg){
+	if (msg == NULL) {
+	    return -1;
+	  }
+	  return msg->auth_request.signature_state;
+}
+
 int ssh_message_auth_set_methods(ssh_message msg, int methods) {
   if (msg == NULL || msg->session == NULL) {
     return -1;