lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

pki: Support comparing keys with certificates

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Jakub Jelen
2023-09-22 23:20:09 +02:00
committed by Sahana Prasad
parent 44de06e8db
commit de8f36c93c
4 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pki.c
View File

@@ -664,7 +664,7 @@ int ssh_key_cmp(const ssh_key k1,
return 1; return 1;
} }
if (k1->type != k2->type) { if (ssh_key_type_plain(k1->type) != ssh_key_type_plain(k2->type)) {
SSH_LOG(SSH_LOG_DEBUG, "key types don't match!"); SSH_LOG(SSH_LOG_DEBUG, "key types don't match!");
return 1; return 1;
} }

3
src/pki_crypto.c
View File

@@ -814,9 +814,10 @@ int pki_key_compare(const ssh_key k1,
enum ssh_keycmp_e what) enum ssh_keycmp_e what)
{ {
int rc; int rc;
(void)what; (void)what;
switch (k1->type) { switch (ssh_key_type_plain(k1->type)) {
case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: case SSH_KEYTYPE_ECDSA_P521:

16
src/pki_gcrypt.c
View File

@@ -1298,6 +1298,7 @@ int pki_key_compare(const ssh_key k1,
{ {
switch (k1->type) { switch (k1->type) {
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA_CERT01:
if (_bignum_cmp(k1->rsa, k2->rsa, "e") != 0) { if (_bignum_cmp(k1->rsa, k2->rsa, "e") != 0) {
return 1; return 1;
} }
@@ -1325,13 +1326,19 @@ int pki_key_compare(const ssh_key k1,
} }
break; break;
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_ED25519_CERT01:
case SSH_KEYTYPE_SK_ED25519: case SSH_KEYTYPE_SK_ED25519:
case SSH_KEYTYPE_SK_ED25519_CERT01:
/* ed25519 keys handled globally */ /* ed25519 keys handled globally */
return 0; return 0;
case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P256_CERT01:
case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P384_CERT01:
case SSH_KEYTYPE_ECDSA_P521: case SSH_KEYTYPE_ECDSA_P521:
case SSH_KEYTYPE_ECDSA_P521_CERT01:
case SSH_KEYTYPE_SK_ECDSA: case SSH_KEYTYPE_SK_ECDSA:
case SSH_KEYTYPE_SK_ECDSA_CERT01:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
if (k1->ecdsa_nid != k2->ecdsa_nid) { if (k1->ecdsa_nid != k2->ecdsa_nid) {
return 1; return 1;
@@ -1350,14 +1357,7 @@ int pki_key_compare(const ssh_key k1,
#endif #endif
case SSH_KEYTYPE_DSS: /* deprecated */ case SSH_KEYTYPE_DSS: /* deprecated */
case SSH_KEYTYPE_DSS_CERT01: /* deprecated */ case SSH_KEYTYPE_DSS_CERT01: /* deprecated */
case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_ECDSA: /* deprecated */
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256_CERT01:
case SSH_KEYTYPE_ECDSA_P384_CERT01:
case SSH_KEYTYPE_ECDSA_P521_CERT01:
case SSH_KEYTYPE_SK_ECDSA_CERT01:
case SSH_KEYTYPE_ED25519_CERT01:
case SSH_KEYTYPE_SK_ED25519_CERT01:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
return 1; return 1;

2
src/pki_mbedcrypto.c
View File

@@ -638,7 +638,7 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
mbedtls_mpi_init(&E2); mbedtls_mpi_init(&E2);
#endif #endif
switch (k1->type) { switch (ssh_key_type_plain(k1->type)) {
case SSH_KEYTYPE_RSA: { case SSH_KEYTYPE_RSA: {
mbedtls_rsa_context *rsa1, *rsa2; mbedtls_rsa_context *rsa1, *rsa2;
if (!mbedtls_pk_can_do(k1->rsa, MBEDTLS_PK_RSA) || if (!mbedtls_pk_can_do(k1->rsa, MBEDTLS_PK_RSA) ||