From 6da4e21065c30eee630cf448b4f45d29815c6f14 Mon Sep 17 00:00:00 2001
From: Axel Eppe <aeppe@google.com>
Date: Sun, 23 Aug 2015 17:26:11 +0100
Subject: pki: Add rsa, dss certificate key type definitions

- Add rsa/dsa (ssh-{rsa,dss}-cert-v01@openssh.com) as key types.
- Add a cert_type member in the ssh_key struct.

Signed-off-by: Axel Eppe <aeppe@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 include/libssh/libssh.h     |  4 +++-
 include/libssh/pki.h        |  1 +
 src/pki.c                   | 18 ++++++++++++++++++
 src/pki_container_openssh.c |  2 ++
 src/pki_crypto.c            |  4 ++++
 5 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 232d7c2b..9a243470 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -254,7 +254,9 @@ enum ssh_keytypes_e{
   SSH_KEYTYPE_RSA,
   SSH_KEYTYPE_RSA1,
   SSH_KEYTYPE_ECDSA,
-  SSH_KEYTYPE_ED25519
+  SSH_KEYTYPE_ED25519,
+  SSH_KEYTYPE_DSS_CERT01,
+  SSH_KEYTYPE_RSA_CERT01
 };
 
 enum ssh_keycmp_e {
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index 9f9ddf4a..b146d982 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -60,6 +60,7 @@ struct ssh_key_struct {
     ed25519_pubkey *ed25519_pubkey;
     ed25519_privkey *ed25519_privkey;
     void *cert;
+    enum ssh_keytypes_e cert_type;
 };
 
 struct ssh_signature_struct {
diff --git a/src/pki.c b/src/pki.c
index b2f3a784..8fa5a12f 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -144,6 +144,10 @@ void ssh_key_clean (ssh_key key){
         SAFE_FREE(key->ed25519_privkey);
     }
     SAFE_FREE(key->ed25519_pubkey);
+    if (key->cert != NULL) {
+        ssh_buffer_free(key->cert);
+    }
+    key->cert_type = SSH_KEYTYPE_UNKNOWN;
     key->flags=SSH_KEY_FLAG_EMPTY;
     key->type=SSH_KEYTYPE_UNKNOWN;
     key->ecdsa_nid = 0;
@@ -196,6 +200,10 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
       return "ssh-ecdsa";
     case SSH_KEYTYPE_ED25519:
       return "ssh-ed25519";
+    case SSH_KEYTYPE_DSS_CERT01:
+      return "ssh-dss-cert-v01@openssh.com";
+    case SSH_KEYTYPE_RSA_CERT01:
+      return "ssh-rsa-cert-v01@openssh.com";
     case SSH_KEYTYPE_UNKNOWN:
       return NULL;
   }
@@ -236,6 +244,10 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) {
         return SSH_KEYTYPE_ECDSA;
     } else if (strcmp(name, "ssh-ed25519") == 0){
         return SSH_KEYTYPE_ED25519;
+    } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
+        return SSH_KEYTYPE_DSS_CERT01;
+    } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
+        return SSH_KEYTYPE_RSA_CERT01;
     }
 
     return SSH_KEYTYPE_UNKNOWN;
@@ -352,6 +364,8 @@ void ssh_signature_free(ssh_signature sig)
         case SSH_KEYTYPE_ED25519:
             SAFE_FREE(sig->ed25519_sig);
             break;
+        case SSH_KEYTYPE_DSS_CERT01:
+        case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
             break;
     }
@@ -797,6 +811,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
             ssh_string_free(pubkey);
         }
         break;
+        case SSH_KEYTYPE_DSS_CERT01:
+        case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
         default:
             SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type);
@@ -1065,6 +1081,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
                 goto error;
             }
             break;
+        case SSH_KEYTYPE_DSS_CERT01:
+        case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
             goto error;
     }
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c
index 54aee4de..40b11564 100644
--- a/src/pki_container_openssh.c
+++ b/src/pki_container_openssh.c
@@ -113,8 +113,10 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
         SAFE_FREE(privkey);
         SAFE_FREE(pubkey);
         break;
+    case SSH_KEYTYPE_DSS_CERT01:
     case SSH_KEYTYPE_DSS:
         /* p,q,g,pub_key,priv_key */
+    case SSH_KEYTYPE_RSA_CERT01:
     case SSH_KEYTYPE_RSA:
         /* n,e,d,iqmp,p,q */
     case SSH_KEYTYPE_RSA1:
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index ab549c11..d656e359 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -651,6 +651,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             BIO_free(mem);
             SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
             return NULL;
+        case SSH_KEYTYPE_DSS_CERT01:
+        case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
             BIO_free(mem);
             SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
@@ -780,6 +782,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 #endif
         case SSH_KEYTYPE_ED25519:
             /* Cannot open ed25519 keys with libcrypto */
+        case SSH_KEYTYPE_DSS_CERT01:
+        case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
             BIO_free(mem);
             SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);
-- 
cgit v1.2.3