...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package ssh
17
18 import (
19 "io"
20
21 "golang.org/x/crypto/ssh"
22 )
23
24 func Verify(message io.Reader, armoredSignature []byte, publicKey []byte) error {
25 decodedSignature, err := Decode(armoredSignature)
26 if err != nil {
27 return err
28 }
29
30 desiredPk, _, _, _, err := ssh.ParseAuthorizedKey(publicKey)
31 if err != nil {
32 return err
33 }
34
35
36 h := supportedHashAlgorithms[decodedSignature.hashAlg]()
37 if _, err := io.Copy(h, message); err != nil {
38 return err
39 }
40 hm := h.Sum(nil)
41
42 toVerify := MessageWrapper{
43 Namespace: "file",
44 HashAlgorithm: decodedSignature.hashAlg,
45 Hash: string(hm),
46 }
47 signedMessage := ssh.Marshal(toVerify)
48 signedMessage = append([]byte(magicHeader), signedMessage...)
49 return desiredPk.Verify(signedMessage, decodedSignature.signature)
50 }
51
View as plain text