-static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level) {
- JCR *jcr = (JCR *) pkt;
- return (digest_file(jcr, ff_pkt, jcr->digest));
-}
-
-/*
- * Verify the signature for the last restored file
- * Return value is either true (signature correct)
- * or false (signature could not be verified).
- * TODO landonf: Better signature failure handling.
- */
-int verify_signature(JCR *jcr, SIGNATURE *sig)
-{
- X509_KEYPAIR *keypair;
- DIGEST *digest = NULL;
- crypto_error_t err;
-
- /* Iterate through the trusted signers */
- foreach_alist(keypair, jcr->pki_signers) {
- err = crypto_sign_get_digest(sig, jcr->pki_keypair, &digest);
-
- switch (err) {
- case CRYPTO_ERROR_NONE:
- /* Signature found, digest allocated */
- jcr->digest = digest;
-
- /* Checksum the entire file */
- if (find_one_file(jcr, jcr->ff, do_file_digest, jcr, jcr->last_fname, (dev_t)-1, 1) != 0) {
- Qmsg(jcr, M_ERROR, 0, _("Signature validation failed for %s: \n"), jcr->last_fname);
- return false;
- }
-
- /* Verify the signature */
- if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
- Dmsg1(100, "Bad signature on %s\n", jcr->last_fname);
- Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
- crypto_digest_free(digest);
- return false;
- }
-
- /* Valid signature */
- Dmsg1(100, "Signature good on %s\n", jcr->last_fname);
- crypto_digest_free(digest);
- return true;
-
- case CRYPTO_ERROR_NOSIGNER:
- /* Signature not found, try again */
- continue;
- default:
- /* Something strange happened (that shouldn't happen!)... */
- Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
- if (digest) {
- crypto_digest_free(digest);
- }
- return false;
- }
- }
-
- /* No signer */
- Dmsg1(100, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
- crypto_digest_free(digest);
- return false;
-}
-