+/* Verifies the authentication data directly from the Authentication
+ Payload. Supports all authentication methods. If the authentication
+ method is passphrase based then the `auth_data' and `auth_data_len'
+ are the passphrase and its length. If the method is public key
+ authentication then the `auth_data' is the SilcPublicKey and the
+ `auth_data_len' is ignored. */
+
+int silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+ void *auth_data, unsigned int auth_data_len,
+ SilcHash hash, void *id, SilcIdType type)
+{
+ SILC_LOG_DEBUG(("Verifying authentication"));
+
+ if (auth_method != payload->auth_method)
+ return FALSE;
+
+ switch (payload->auth_method) {
+ case SILC_AUTH_NONE:
+ /* No authentication */
+ SILC_LOG_DEBUG(("No authentication required"));
+ return TRUE;
+
+ case SILC_AUTH_PASSWORD:
+ /* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
+ arguments are not needed. */
+ if (!memcmp(payload->auth_data, auth_data, payload->auth_len)) {
+ SILC_LOG_DEBUG(("Authentication successfull"));
+ return TRUE;
+ }
+ break;
+
+ case SILC_AUTH_PUBLIC_KEY:
+ /* Public key based authentication */
+ return silc_auth_public_key_auth_verify(payload, (SilcPublicKey)auth_data,
+ hash, id, type);
+ break;
+
+ default:
+ break;
+ }
+
+ SILC_LOG_DEBUG(("Authentication failed"));
+
+ return FALSE;
+}
+
+/* Same as above but parses the authentication payload before verify. */
+
+int silc_auth_verify_data(unsigned char *payload, unsigned int payload_len,
+ SilcAuthMethod auth_method, void *auth_data,
+ unsigned int auth_data_len, SilcHash hash,
+ void *id, SilcIdType type)
+{
+ SilcAuthPayload auth_payload;
+ SilcBuffer buffer;
+ int ret;
+
+ buffer = silc_buffer_alloc(payload_len);
+ silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
+ silc_buffer_put(buffer, payload, payload_len);
+ auth_payload = silc_auth_payload_parse(buffer);
+ if (!auth_payload) {
+ silc_buffer_free(buffer);
+ return FALSE;
+ }
+
+ ret = silc_auth_verify(auth_payload, auth_method, auth_data, auth_data_len,
+ hash, id, type);
+
+ silc_auth_payload_free(auth_payload);
+ silc_buffer_free(buffer);
+
+ return ret;
+}
+