aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAxel Eppe <aeppe@google.com>2015-08-23 17:42:21 +0100
committerAndreas Schneider <asn@cryptomilk.org>2015-09-07 13:30:14 +0200
commitbdfe6870f63227a623ec3f91fad3b09c42119e77 (patch)
tree0abf11cf65b8aa38e5e927e67230719b4c81e62d
parent9775f78ab2cf6cc348bad8728caf76709729a42a (diff)
downloadlibssh-bdfe6870f63227a623ec3f91fad3b09c42119e77.tar.gz
libssh-bdfe6870f63227a623ec3f91fad3b09c42119e77.tar.xz
libssh-bdfe6870f63227a623ec3f91fad3b09c42119e77.zip
pki: Add certificate loading functions
- ssh_pki_import_cert_base64() - ssh_pki_import_cert_file() - ssh_pki_import_cert_blob() Those functions are currently simple wrappers around their pubkey counterpart. - ssh_pki_copy_cert_to_privkey() This function copies the cert-specific data to a private key. Signed-off-by: Axel Eppe <aeppe@google.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/libssh.h9
-rw-r--r--include/libssh/pki.h4
-rw-r--r--src/pki.c112
3 files changed, 123 insertions, 2 deletions
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 9a243470..aff01909 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -551,12 +551,21 @@ LIBSSH_API int ssh_pki_export_privkey_file(const ssh_key privkey,
void *auth_data,
const char *filename);
+LIBSSH_API int ssh_pki_copy_cert_to_privkey(const ssh_key cert_key,
+ ssh_key privkey);
+
LIBSSH_API int ssh_pki_import_pubkey_base64(const char *b64_key,
enum ssh_keytypes_e type,
ssh_key *pkey);
LIBSSH_API int ssh_pki_import_pubkey_file(const char *filename,
ssh_key *pkey);
+LIBSSH_API int ssh_pki_import_cert_base64(const char *b64_cert,
+ enum ssh_keytypes_e type,
+ ssh_key *pkey);
+LIBSSH_API int ssh_pki_import_cert_file(const char *filename,
+ ssh_key *pkey);
+
LIBSSH_API int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
ssh_key *pkey);
LIBSSH_API int ssh_pki_export_pubkey_base64(const ssh_key key,
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index b146d982..905956b3 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -113,6 +113,10 @@ int ssh_pki_export_pubkey_rsa1(const ssh_key key,
char *rsa1,
size_t rsa1_len);
+int ssh_pki_import_cert_blob(const ssh_string cert_blob,
+ ssh_key *pkey);
+
+
/* SSH Signing Functions */
ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
const ssh_key privatekey);
diff --git a/src/pki.c b/src/pki.c
index c02e5dbe..910838f6 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -915,7 +915,12 @@ int ssh_pki_import_pubkey_base64(const char *b64_key,
}
ssh_string_free(type_s);
- rc = pki_import_pubkey_buffer(buffer, type, pkey);
+ if (type == SSH_KEYTYPE_RSA_CERT01 ||
+ type == SSH_KEYTYPE_DSS_CERT01) {
+ rc = pki_import_cert_buffer(buffer, type, pkey);
+ } else {
+ rc = pki_import_pubkey_buffer(buffer, type, pkey);
+ }
ssh_buffer_free(buffer);
return rc;
@@ -973,7 +978,12 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
}
ssh_string_free(type_s);
- rc = pki_import_pubkey_buffer(buffer, type, pkey);
+ if (type == SSH_KEYTYPE_RSA_CERT01 ||
+ type == SSH_KEYTYPE_DSS_CERT01) {
+ rc = pki_import_cert_buffer(buffer, type, pkey);
+ } else {
+ rc = pki_import_pubkey_buffer(buffer, type, pkey);
+ }
ssh_buffer_free(buffer);
@@ -1075,6 +1085,64 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
}
/**
+ * @brief Import a base64 formated certificate from a memory c-string.
+ *
+ * @param[in] b64_cert The base64 cert to format.
+ *
+ * @param[in] type The type of the cert to format.
+ *
+ * @param[out] pkey A pointer where the allocated key can be stored. You
+ * need to free the memory.
+ *
+ * @return SSH_OK on success, SSH_ERROR on error.
+ *
+ * @see ssh_key_free()
+ */
+int ssh_pki_import_cert_base64(const char *b64_cert,
+ enum ssh_keytypes_e type,
+ ssh_key *pkey) {
+ return ssh_pki_import_pubkey_base64(b64_cert, type, pkey);
+}
+
+/**
+ * @internal
+ *
+ * @brief Import a certificate from a ssh string.
+ *
+ * @param[in] cert_blob The cert blob to import as specified in RFC 4253 section
+ * 6.6 "Public Key Algorithms".
+ *
+ * @param[out] pkey A pointer where the allocated key can be stored. You
+ * need to free the memory.
+ *
+ * @return SSH_OK on success, SSH_ERROR on error.
+ *
+ * @see ssh_key_free()
+ */
+int ssh_pki_import_cert_blob(const ssh_string cert_blob,
+ ssh_key *pkey) {
+ return ssh_pki_import_pubkey_blob(cert_blob, pkey);
+}
+
+/**
+ * @brief Import a certificate from the given filename.
+ *
+ * @param[in] filename The path to the certificate.
+ *
+ * @param[out] pkey A pointer to store the allocated certificate. You need to
+ * free the memory.
+ *
+ * @returns SSH_OK on success, SSH_EOF if the file doesn't exist or permission
+ * denied, SSH_ERROR otherwise.
+ *
+ * @see ssh_key_free()
+ */
+int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
+{
+ return ssh_pki_import_pubkey_file(filename, pkey);
+}
+
+/**
* @brief Generates a keypair.
*
* @param[in] type Type of key to create
@@ -1307,6 +1375,46 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
return SSH_OK;
}
+/**
+ * @brief Copy the certificate part of a public key into a private key.
+ *
+ * @param[in] certkey The certificate key.
+ *
+ * @param[in] privkey The target private key to copy the certificate to.
+ *
+ * @returns SSH_OK on success, SSH_ERROR otherwise.
+ **/
+int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
+ ssh_buffer cert_buffer;
+ int rc;
+
+ if (certkey == NULL || privkey == NULL) {
+ return SSH_ERROR;
+ }
+
+ if (privkey->cert != NULL) {
+ return SSH_ERROR;
+ }
+
+ if (certkey->cert == NULL) {
+ return SSH_ERROR;
+ }
+
+ cert_buffer = ssh_buffer_new();
+ if (cert_buffer == NULL) {
+ return SSH_ERROR;
+ }
+
+ rc = buffer_add_buffer(cert_buffer, certkey->cert);
+ if (rc != 0) {
+ return SSH_ERROR;
+ }
+
+ privkey->cert = cert_buffer;
+ privkey->cert_type = certkey->type;
+ return SSH_OK;
+}
+
int ssh_pki_export_pubkey_rsa1(const ssh_key key,
const char *host,
char *rsa1,