protected bool VerifyPublicKeySignature(PublicKeyAlgorithm alg, byte[] payload, int payloadOffset,
int payloadCount, byte[] signature)
{
using (var hashInputStream = new MemoryStream())
using (var hashInputWriter = new SshStreamWriter(hashInputStream))
{
// Write input data.
hashInputWriter.WriteByteString(_client.SessionId);
hashInputWriter.Write(payload, payloadOffset, payloadCount);
// Verify signature.
return(alg.VerifyData(hashInputStream.ToArray(), signature));
}
}
protected bool VerifyPublicKeySignature(PublicKeyAlgorithm alg, byte[] payload, int payloadOffset,
int payloadCount, byte[] signature)
{
using (var hashInputStream = new MemoryStream())
using (var hashInputWriter = new SshStreamWriter(hashInputStream))
{
// Write input data.
hashInputWriter.WriteByteString(_client.SessionId);
hashInputWriter.Write(payload, payloadOffset, payloadCount);
// Verify signature.
return alg.VerifyData(hashInputStream.ToArray(), signature);
}
}
protected const int _lineMaxByteLength = 72; // Maxmimum length of each line, in bytes.
#endregion Fields
#region Constructors
public SshPublicKey(PublicKeyAlgorithm algorithm)
: this()
{
this.KeyAndCertificatesData = algorithm.CreateKeyAndCertificatesData();
}
protected void ProcessMsgUserAuthRequestHostBased(SshStreamReader msgReader)
{
if (_isDisposed)
{
throw new ObjectDisposedException(this.GetType().FullName);
}
// Raise event to specify requested auth method.
if (AuthenticationMethodRequested != null)
{
AuthenticationMethodRequested(this,
new AuthMethodRequestedEventArgs(AuthenticationMethod.HostBased));
}
// Read request information.
string keyAlgName = msgReader.ReadString();
byte[] keyAndCertsData = msgReader.ReadByteString();
string clientHostName = msgReader.ReadString();
string clientUserName = msgReader.ReadString();
// Try to find public key algorithm.
PublicKeyAlgorithm keyAlg = null;
try
{
keyAlg = (PublicKeyAlgorithm)_client.PublicKeyAlgorithms.Single(item =>
item.Name == keyAlgName).Clone();
}
catch (InvalidOperationException)
{
// Public key algorithm is not supported.
SendMsgUserAuthFailure(false);
}
// Load key and certificats data for algorithm.
keyAlg.LoadKeyAndCertificatesData(keyAndCertsData);
// Read client signature.
var signatureData = msgReader.ReadByteString();
var signature = keyAlg.GetSignature(signatureData);
// Verify signature.
var payloadData = ((MemoryStream)msgReader.BaseStream).ToArray();
if (VerifyPublicKeySignature(keyAlg, payloadData, 0, payloadData.Length -
signatureData.Length - 4, signature))
{
// Raise event to get result of auth attempt.
var authUserEventArgs = new AuthUserHostBasedEventArgs(_lastUserName, clientHostName,
clientUserName, keyAlg.ExportPublicKey());
if (AuthenticateUserHostBased != null)
{
AuthenticateUserHostBased(this, authUserEventArgs);
}
// Check result of auth attempt.
switch (authUserEventArgs.Result)
{
case AuthenticationResult.Success:
// Auth has succeeded.
AuthenticateUser(_lastServiceName);
break;
case AuthenticationResult.FurtherAuthRequired:
// Auth has succeeded, but further auth is required.
SendMsgUserAuthFailure(true);
break;
case AuthenticationResult.Failure:
// Auth has failed.
SendMsgUserAuthFailure(false);
break;
}
}
else
{
// Signature is invalid.
SendMsgUserAuthFailure(false);
}
}
public SshPublicKey(PublicKeyAlgorithm algorithm) : this()
{
this.KeyAndCertificatesData = algorithm.CreateKeyAndCertificatesData();
}