From 44de06e8db145e56d676954feff5c060f6c30ebc Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 22 Sep 2023 22:57:32 +0200 Subject: [PATCH] pki: Add support for comparing certificates Signed-off-by: Jakub Jelen Reviewed-by: Sahana Prasad --- include/libssh/libssh.h | 3 ++- src/pki.c | 16 ++++++++++++++++ src/pki_ed25519_common.c | 4 ++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index b2c68a7a..35ce2be5 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -295,7 +295,8 @@ enum ssh_keytypes_e{ enum ssh_keycmp_e { SSH_KEY_CMP_PUBLIC = 0, - SSH_KEY_CMP_PRIVATE + SSH_KEY_CMP_PRIVATE = 1, + SSH_KEY_CMP_CERTIFICATE = 2, }; #define SSH_ADDRSTRLEN 46 diff --git a/src/pki.c b/src/pki.c index 259a8a2f..eed79f0c 100644 --- a/src/pki.c +++ b/src/pki.c @@ -685,6 +685,22 @@ int ssh_key_cmp(const ssh_key k1, } } + if (what == SSH_KEY_CMP_CERTIFICATE) { + if (!is_cert_type(k1->type) || + !is_cert_type(k2->type)) { + return 1; + } + if (k1->cert == NULL || k2->cert == NULL) { + return 1; + } + if (ssh_buffer_get_len(k1->cert) != ssh_buffer_get_len(k2->cert)) { + return 1; + } + return memcmp(ssh_buffer_get(k1->cert), + ssh_buffer_get(k2->cert), + ssh_buffer_get_len(k1->cert)); + } + if (k1->type == SSH_KEYTYPE_ED25519 || k1->type == SSH_KEYTYPE_SK_ED25519) { return pki_ed25519_key_cmp(k1, k2, what); diff --git a/src/pki_ed25519_common.c b/src/pki_ed25519_common.c index f9f69649..3b165e2c 100644 --- a/src/pki_ed25519_common.c +++ b/src/pki_ed25519_common.c @@ -121,6 +121,10 @@ int pki_ed25519_key_cmp(const ssh_key k1, if (cmp != 0) { return 1; } + break; + case SSH_KEY_CMP_CERTIFICATE: + /* handled globally */ + return 1; } return 0;