diff options
author | Axel Eppe <aeppe@google.com> | 2015-08-23 17:26:11 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2015-09-07 13:29:23 +0200 |
commit | 6da4e21065c30eee630cf448b4f45d29815c6f14 (patch) | |
tree | d1a948dee74281e5a7fd27e2ef011a6288fd4a41 | |
parent | 7bfe8d2f036b67cad164e5a74ede9f8c98912f3d (diff) | |
download | libssh-6da4e21065c30eee630cf448b4f45d29815c6f14.tar.gz libssh-6da4e21065c30eee630cf448b4f45d29815c6f14.tar.xz libssh-6da4e21065c30eee630cf448b4f45d29815c6f14.zip |
pki: Add rsa, dss certificate key type definitions
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.
Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | include/libssh/libssh.h | 4 | ||||
-rw-r--r-- | include/libssh/pki.h | 1 | ||||
-rw-r--r-- | src/pki.c | 18 | ||||
-rw-r--r-- | src/pki_container_openssh.c | 2 | ||||
-rw-r--r-- | src/pki_crypto.c | 4 |
5 files changed, 28 insertions, 1 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 232d7c2b..9a243470 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -254,7 +254,9 @@ enum ssh_keytypes_e{ SSH_KEYTYPE_RSA, SSH_KEYTYPE_RSA1, SSH_KEYTYPE_ECDSA, - SSH_KEYTYPE_ED25519 + SSH_KEYTYPE_ED25519, + SSH_KEYTYPE_DSS_CERT01, + SSH_KEYTYPE_RSA_CERT01 }; enum ssh_keycmp_e { diff --git a/include/libssh/pki.h b/include/libssh/pki.h index 9f9ddf4a..b146d982 100644 --- a/include/libssh/pki.h +++ b/include/libssh/pki.h @@ -60,6 +60,7 @@ struct ssh_key_struct { ed25519_pubkey *ed25519_pubkey; ed25519_privkey *ed25519_privkey; void *cert; + enum ssh_keytypes_e cert_type; }; struct ssh_signature_struct { @@ -144,6 +144,10 @@ void ssh_key_clean (ssh_key key){ SAFE_FREE(key->ed25519_privkey); } SAFE_FREE(key->ed25519_pubkey); + if (key->cert != NULL) { + ssh_buffer_free(key->cert); + } + key->cert_type = SSH_KEYTYPE_UNKNOWN; key->flags=SSH_KEY_FLAG_EMPTY; key->type=SSH_KEYTYPE_UNKNOWN; key->ecdsa_nid = 0; @@ -196,6 +200,10 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) { return "ssh-ecdsa"; case SSH_KEYTYPE_ED25519: return "ssh-ed25519"; + case SSH_KEYTYPE_DSS_CERT01: + return "ssh-dss-cert-v01@openssh.com"; + case SSH_KEYTYPE_RSA_CERT01: + return "ssh-rsa-cert-v01@openssh.com"; case SSH_KEYTYPE_UNKNOWN: return NULL; } @@ -236,6 +244,10 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) { return SSH_KEYTYPE_ECDSA; } else if (strcmp(name, "ssh-ed25519") == 0){ return SSH_KEYTYPE_ED25519; + } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { + return SSH_KEYTYPE_DSS_CERT01; + } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) { + return SSH_KEYTYPE_RSA_CERT01; } return SSH_KEYTYPE_UNKNOWN; @@ -352,6 +364,8 @@ void ssh_signature_free(ssh_signature sig) case SSH_KEYTYPE_ED25519: SAFE_FREE(sig->ed25519_sig); break; + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: break; } @@ -797,6 +811,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, ssh_string_free(pubkey); } break; + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: default: SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type); @@ -1065,6 +1081,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter, goto error; } break; + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: goto error; } diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c index 54aee4de..40b11564 100644 --- a/src/pki_container_openssh.c +++ b/src/pki_container_openssh.c @@ -113,8 +113,10 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer, SAFE_FREE(privkey); SAFE_FREE(pubkey); break; + case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_DSS: /* p,q,g,pub_key,priv_key */ + case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_RSA: /* n,e,d,iqmp,p,q */ case SSH_KEYTYPE_RSA1: diff --git a/src/pki_crypto.c b/src/pki_crypto.c index ab549c11..d656e359 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -651,6 +651,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key, BIO_free(mem); SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519"); return NULL; + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: BIO_free(mem); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type); @@ -780,6 +782,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key, #endif case SSH_KEYTYPE_ED25519: /* Cannot open ed25519 keys with libcrypto */ + case SSH_KEYTYPE_DSS_CERT01: + case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: BIO_free(mem); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type); |