aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAxel Eppe <aeppe@google.com>2015-08-23 17:26:11 +0100
committerAndreas Schneider <asn@cryptomilk.org>2015-09-07 13:29:23 +0200
commit6da4e21065c30eee630cf448b4f45d29815c6f14 (patch)
treed1a948dee74281e5a7fd27e2ef011a6288fd4a41
parent7bfe8d2f036b67cad164e5a74ede9f8c98912f3d (diff)
downloadlibssh-6da4e21065c30eee630cf448b4f45d29815c6f14.tar.gz
libssh-6da4e21065c30eee630cf448b4f45d29815c6f14.tar.xz
libssh-6da4e21065c30eee630cf448b4f45d29815c6f14.zip
pki: Add rsa, dss certificate key type definitions
- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types. - Add a cert_type member in the ssh_key struct. Signed-off-by: Axel Eppe <aeppe@google.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/libssh.h4
-rw-r--r--include/libssh/pki.h1
-rw-r--r--src/pki.c18
-rw-r--r--src/pki_container_openssh.c2
-rw-r--r--src/pki_crypto.c4
5 files changed, 28 insertions, 1 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 232d7c2b..9a243470 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -254,7 +254,9 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_RSA,
SSH_KEYTYPE_RSA1,
SSH_KEYTYPE_ECDSA,
- SSH_KEYTYPE_ED25519
+ SSH_KEYTYPE_ED25519,
+ SSH_KEYTYPE_DSS_CERT01,
+ SSH_KEYTYPE_RSA_CERT01
};
enum ssh_keycmp_e {
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 9f9ddf4a..b146d982 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -60,6 +60,7 @@ struct ssh_key_struct {
ed25519_pubkey *ed25519_pubkey;
ed25519_privkey *ed25519_privkey;
void *cert;
+ enum ssh_keytypes_e cert_type;
};
struct ssh_signature_struct {
diff --git a/src/pki.c b/src/pki.c
index b2f3a784..8fa5a12f 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -144,6 +144,10 @@ void ssh_key_clean (ssh_key key){
SAFE_FREE(key->ed25519_privkey);
}
SAFE_FREE(key->ed25519_pubkey);
+ if (key->cert != NULL) {
+ ssh_buffer_free(key->cert);
+ }
+ key->cert_type = SSH_KEYTYPE_UNKNOWN;
key->flags=SSH_KEY_FLAG_EMPTY;
key->type=SSH_KEYTYPE_UNKNOWN;
key->ecdsa_nid = 0;
@@ -196,6 +200,10 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
return "ssh-ecdsa";
case SSH_KEYTYPE_ED25519:
return "ssh-ed25519";
+ case SSH_KEYTYPE_DSS_CERT01:
+ return "ssh-dss-cert-v01@openssh.com";
+ case SSH_KEYTYPE_RSA_CERT01:
+ return "ssh-rsa-cert-v01@openssh.com";
case SSH_KEYTYPE_UNKNOWN:
return NULL;
}
@@ -236,6 +244,10 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) {
return SSH_KEYTYPE_ECDSA;
} else if (strcmp(name, "ssh-ed25519") == 0){
return SSH_KEYTYPE_ED25519;
+ } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
+ return SSH_KEYTYPE_DSS_CERT01;
+ } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
+ return SSH_KEYTYPE_RSA_CERT01;
}
return SSH_KEYTYPE_UNKNOWN;
@@ -352,6 +364,8 @@ void ssh_signature_free(ssh_signature sig)
case SSH_KEYTYPE_ED25519:
SAFE_FREE(sig->ed25519_sig);
break;
+ case SSH_KEYTYPE_DSS_CERT01:
+ case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
break;
}
@@ -797,6 +811,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
ssh_string_free(pubkey);
}
break;
+ case SSH_KEYTYPE_DSS_CERT01:
+ case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
default:
SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type);
@@ -1065,6 +1081,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
goto error;
}
break;
+ case SSH_KEYTYPE_DSS_CERT01:
+ case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
goto error;
}
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
index 54aee4de..40b11564 100644
--- a/src/pki_container_openssh.c
+++ b/src/pki_container_openssh.c
@@ -113,8 +113,10 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
SAFE_FREE(privkey);
SAFE_FREE(pubkey);
break;
+ case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_DSS:
/* p,q,g,pub_key,priv_key */
+ case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_RSA:
/* n,e,d,iqmp,p,q */
case SSH_KEYTYPE_RSA1:
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index ab549c11..d656e359 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -651,6 +651,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
return NULL;
+ case SSH_KEYTYPE_DSS_CERT01:
+ case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
@@ -780,6 +782,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
#endif
case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libcrypto */
+ case SSH_KEYTYPE_DSS_CERT01:
+ case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);