From 62af60991cdf72c0023b5ab45e8670dfbdc7f5dd Mon Sep 17 00:00:00 2001
From: Tom Smeding <tom.smeding@gmail.com>
Date: Sun, 12 Jul 2020 22:17:12 +0200
Subject: tomsg_clientlib: Proper hostkey checking

---
 ssh/tomsg_clientlib.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'ssh/tomsg_clientlib.h')

diff --git a/ssh/tomsg_clientlib.h b/ssh/tomsg_clientlib.h
index 58ad4d4..03f1fcf 100644
--- a/ssh/tomsg_clientlib.h
+++ b/ssh/tomsg_clientlib.h
@@ -30,6 +30,16 @@ enum tomsg_retval {
 	TOMSG_ERR_MEMORY,     // Error allocating memory
 };
 
+// Should return 'true' if the key is trusted, 'false' otherwise. The hash is
+// sha256 in byte form, not yet encoded in hexadecimal or similar. The
+// 'userdata' pointer comes from the 'tomsg_connect' invocation.
+typedef bool (*tomsg_hostkey_checker_t)(
+	const unsigned char *hash, size_t length, void *userdata);
+
+// Convenience function to convert a hash to a human-readable form. Returns a
+// reference to an internal static buffer.
+const char* tomsg_print_hash(const unsigned char *hash, size_t length);
+
 // Returns reference to internal static buffer.
 const char* tomsg_strerror(enum tomsg_retval code);
 
@@ -37,6 +47,8 @@ const char* tomsg_strerror(enum tomsg_retval code);
 // TOMSG_OK. On error, stores NULL in 'client' and returns an error code.
 enum tomsg_retval tomsg_connect(
 	const char *hostname, int port,
+	tomsg_hostkey_checker_t checker,
+	void *userdata,  // for checker
 	struct tomsg_client **client  // output
 );
 
-- 
cgit v1.2.3-70-g09d2