conn_info: show if host key matches

5 files changed, 32 insertions, 0 deletions

diff --git a/src/fqterm/fqterm_frame.cpp b/src/fqterm/fqterm_frame.cpp
index eef3558..79ff517 100644
--- a/src/fqterm/fqterm_frame.cpp
+++ b/src/fqterm/fqterm_frame.cpp
@@ -715,6 +715,11 @@ static QString ssh2_info(conn_info_t *info)
 		txt.append(QString("\nMAC(s2c): %1")
 				.arg(info->ssh_proto_info.s2c_mac));
 	}
+	if (info->ssh_proto_info.key_matches)
+		txt.append("\nkey matches");
+	else
+		txt.append("\nkey mismatch!");
+
 	return txt;
 }
 
diff --git a/src/protocol/CMakeLists.txt b/src/protocol/CMakeLists.txt
index 57cd0a8..0b505af 100644
--- a/src/protocol/CMakeLists.txt
+++ b/src/protocol/CMakeLists.txt
@@ -10,6 +10,7 @@ set(export_SRCS
   fqterm_local_socket.h
   fqterm_ssh_socket.h
   fqterm_ssh_socket.cpp
+  connect_info.h
 )
 
 set(internal_SRCS
@@ -31,6 +32,8 @@ set(internal_SRCS
   internal/ssh_packet.c
   internal/curve25519/smult.c
   internal/curve25519/base.c
+  internal/ccan_base64.c
+  internal/ssh_known_hosts.c
   internal/fqterm_ssh_auth.h
   internal/fqterm_ssh_const.h
   internal/fqterm_ssh_kex.h
diff --git a/src/protocol/connect_info.h b/src/protocol/connect_info.h
index faf5862..e1c4eb4 100644
--- a/src/protocol/connect_info.h
+++ b/src/protocol/connect_info.h
@@ -21,6 +21,7 @@ typedef struct
 		const char *c2s_mac;
 		const char *s2c_mac;
 		unsigned char hash[32];
+		unsigned char key_matches;
 	} ssh_proto_info;
 } conn_info_t;
 
diff --git a/src/protocol/fqterm_ssh_socket.cpp b/src/protocol/fqterm_ssh_socket.cpp
index d6c2e61..8649bb9 100644
--- a/src/protocol/fqterm_ssh_socket.cpp
+++ b/src/protocol/fqterm_ssh_socket.cpp
@@ -28,6 +28,8 @@
 #include "fqterm_ssh_auth.h"
 #include "fqterm_ssh_channel.h"
 #include "fqterm_trace.h"
+#include "fqterm_path.h"
+#include "ssh_known_hosts.h"
 #include <QString>
 namespace FQTerm {
 
@@ -144,6 +146,25 @@ void FQTermSSHSocket::kexOK()
 		conn_info.ssh_proto_info.c2s_mac = packet_sender_->mac->name;
 	if (packet_receiver_->mac)
 		conn_info.ssh_proto_info.s2c_mac = packet_receiver_->mac->name;
+
+	if (ssh_version_ == 2) {
+		int nhosts;
+		struct ssh_host *hosts;
+		const char *hosts_file;
+#ifdef WIN32
+		hosts_file = (getPath(USER_CONFIG) + "known_hosts").toLatin1().constData();
+#else
+		hosts_file = ssh_hosts_filename();
+#endif
+		hosts = parse_hosts_file(hosts_file, &nhosts);
+		int idx = find_ssh_host(hosts, nhosts, conn_info.hostname, conn_info.port);
+		FQTermSSH2Kex *kex = dynamic_cast<FQTermSSH2Kex *> (key_exchanger_);
+		if (idx >=0 && key_matches(&hosts[idx], kex->K_S(), kex->K_S_len()))
+			conn_info.ssh_proto_info.key_matches = 1;
+		else
+			conn_info.ssh_proto_info.key_matches = 0;
+	}
+
 	key_exchanger_->hostKeyHash(conn_info.ssh_proto_info.hash);
 	authentication_->initAuth(packet_receiver_, packet_sender_);
 }
diff --git a/src/protocol/internal/fqterm_ssh2_kex.h b/src/protocol/internal/fqterm_ssh2_kex.h
index d1ce7b3..3b59cd7 100644
--- a/src/protocol/internal/fqterm_ssh2_kex.h
+++ b/src/protocol/internal/fqterm_ssh2_kex.h
@@ -77,6 +77,8 @@ public:
 	  SHA256(sess.K_S, sess.K_S_len, md);
   }
 
+  const unsigned char *K_S() { return sess.K_S; }
+  int K_S_len() { return sess.K_S_len; }
 public slots:
   void handlePacket(int type);
 };