aboutsummaryrefslogtreecommitdiff
path: root/include/libssh
diff options
context:
space:
mode:
authorBen Toews <mastahyeti@gmail.com>2019-03-12 10:27:35 -0600
committerAndreas Schneider <asn@cryptomilk.org>2019-04-17 10:21:42 +0200
commit19cd909c8d77ec937798fffac3150646f5d8a3a3 (patch)
tree6e81796dfa3074c781fd13efc4868989bce11ce4 /include/libssh
parentb1f3cfec34c6a4acf779dac926535217d7312fba (diff)
downloadlibssh-19cd909c8d77ec937798fffac3150646f5d8a3a3.tar.gz
libssh-19cd909c8d77ec937798fffac3150646f5d8a3a3.tar.xz
libssh-19cd909c8d77ec937798fffac3150646f5d8a3a3.zip
pki: support ECDSA/ED25519 certificates
As with RSA/DSS, support is still quite limited. This is mostly about adding new ssh_keytypes_e values and updating sites that check keys' types. Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'include/libssh')
-rw-r--r--include/libssh/libssh.h4
-rw-r--r--include/libssh/pki.h6
2 files changed, 10 insertions, 0 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 68ddbac1..e7eb6e04 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -300,6 +300,10 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_ECDSA_P256,
SSH_KEYTYPE_ECDSA_P384,
SSH_KEYTYPE_ECDSA_P521,
+ SSH_KEYTYPE_ECDSA_P256_CERT01,
+ SSH_KEYTYPE_ECDSA_P384_CERT01,
+ SSH_KEYTYPE_ECDSA_P521_CERT01,
+ SSH_KEYTYPE_ED25519_CERT01,
};
enum ssh_keycmp_e {
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 19e1ad54..c0102382 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -104,6 +104,12 @@ enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name);
#define is_ecdsa_key_type(t) \
((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
+#define is_cert_type(kt)\
+ ((kt) == SSH_KEYTYPE_DSS_CERT01 ||\
+ (kt) == SSH_KEYTYPE_RSA_CERT01 ||\
+ ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
+ (kt) <= SSH_KEYTYPE_ED25519_CERT01))
+
/* SSH Signature Functions */
ssh_signature ssh_signature_new(void);
void ssh_signature_free(ssh_signature sign);