lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-08 19:02:06 +03:00
Code Activity

pki: Add rsa, dss certificate key type definitions

Browse Source 
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.

Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Axel Eppe
2015-08-23 17:26:11 +01:00
committed by Andreas Schneider
parent 7bfe8d2f03
commit 6da4e21065
5 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/libssh/libssh.h
View File

@@ -254,7 +254,9 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_RSA, SSH_KEYTYPE_RSA,
SSH_KEYTYPE_RSA1, SSH_KEYTYPE_RSA1,
SSH_KEYTYPE_ECDSA, SSH_KEYTYPE_ECDSA,
SSH_KEYTYPE_ED25519 SSH_KEYTYPE_ED25519,
SSH_KEYTYPE_DSS_CERT01,
SSH_KEYTYPE_RSA_CERT01
}; };
enum ssh_keycmp_e { enum ssh_keycmp_e {

1
include/libssh/pki.h
View File

@@ -60,6 +60,7 @@ struct ssh_key_struct {
ed25519_pubkey *ed25519_pubkey; ed25519_pubkey *ed25519_pubkey;
ed25519_privkey *ed25519_privkey; ed25519_privkey *ed25519_privkey;
void *cert; void *cert;
enum ssh_keytypes_e cert_type;
}; };
struct ssh_signature_struct { struct ssh_signature_struct {

18
src/pki.c
View File

@@ -144,6 +144,10 @@ void ssh_key_clean (ssh_key key){
SAFE_FREE(key->ed25519_privkey); SAFE_FREE(key->ed25519_privkey);
} }
SAFE_FREE(key->ed25519_pubkey); SAFE_FREE(key->ed25519_pubkey);
if (key->cert != NULL) {
ssh_buffer_free(key->cert);
}
key->cert_type = SSH_KEYTYPE_UNKNOWN;
key->flags=SSH_KEY_FLAG_EMPTY; key->flags=SSH_KEY_FLAG_EMPTY;
key->type=SSH_KEYTYPE_UNKNOWN; key->type=SSH_KEYTYPE_UNKNOWN;
key->ecdsa_nid = 0; key->ecdsa_nid = 0;
@@ -196,6 +200,10 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
return "ssh-ecdsa"; return "ssh-ecdsa";
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
return "ssh-ed25519"; return "ssh-ed25519";
case SSH_KEYTYPE_DSS_CERT01:
return "ssh-dss-cert-v01@openssh.com";
case SSH_KEYTYPE_RSA_CERT01:
return "ssh-rsa-cert-v01@openssh.com";
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
return NULL; return NULL;
} }
@@ -236,6 +244,10 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) {
return SSH_KEYTYPE_ECDSA; return SSH_KEYTYPE_ECDSA;
} else if (strcmp(name, "ssh-ed25519") == 0){ } else if (strcmp(name, "ssh-ed25519") == 0){
return SSH_KEYTYPE_ED25519; return SSH_KEYTYPE_ED25519;
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
return SSH_KEYTYPE_DSS_CERT01;
} else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
return SSH_KEYTYPE_RSA_CERT01;
} }
return SSH_KEYTYPE_UNKNOWN; return SSH_KEYTYPE_UNKNOWN;
@@ -352,6 +364,8 @@ void ssh_signature_free(ssh_signature sig)
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
SAFE_FREE(sig->ed25519_sig); SAFE_FREE(sig->ed25519_sig);
break; break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
break; break;
} }
@@ -797,6 +811,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
ssh_string_free(pubkey); ssh_string_free(pubkey);
} }
break; break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:
SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type); SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type);
@@ -1065,6 +1081,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
goto error; goto error;
} }
break; break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
goto error; goto error;
} }

2
src/pki_container_openssh.c
View File

@@ -113,8 +113,10 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
SAFE_FREE(privkey); SAFE_FREE(privkey);
SAFE_FREE(pubkey); SAFE_FREE(pubkey);
break; break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
/* p,q,g,pub_key,priv_key */ /* p,q,g,pub_key,priv_key */
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
/* n,e,d,iqmp,p,q */ /* n,e,d,iqmp,p,q */
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:

4
src/pki_crypto.c
View File

@@ -651,6 +651,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
BIO_free(mem); BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519"); SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
return NULL; return NULL;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem); BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
@@ -780,6 +782,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#endif #endif
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libcrypto */ /* Cannot open ed25519 keys with libcrypto */
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem); BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);