OLD | NEW |
1 // Copyright 2012 The Go Authors. All rights reserved. | 1 // Copyright 2012 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "time" | 8 "time" |
9 ) | 9 ) |
10 | 10 |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 } | 53 } |
54 | 54 |
55 var certAlgoNames = map[string]string{ | 55 var certAlgoNames = map[string]string{ |
56 KeyAlgoRSA: CertAlgoRSAv01, | 56 KeyAlgoRSA: CertAlgoRSAv01, |
57 KeyAlgoDSA: CertAlgoDSAv01, | 57 KeyAlgoDSA: CertAlgoDSAv01, |
58 KeyAlgoECDSA256: CertAlgoECDSA256v01, | 58 KeyAlgoECDSA256: CertAlgoECDSA256v01, |
59 KeyAlgoECDSA384: CertAlgoECDSA384v01, | 59 KeyAlgoECDSA384: CertAlgoECDSA384v01, |
60 KeyAlgoECDSA521: CertAlgoECDSA521v01, | 60 KeyAlgoECDSA521: CertAlgoECDSA521v01, |
61 } | 61 } |
62 | 62 |
| 63 // certToPrivAlgo returns the underlying algorithm for a certificate algorithm. |
| 64 // Panics if a non-certificate algorithm is passed. |
| 65 func certToPrivAlgo(algo string) string { |
| 66 for privAlgo, pubAlgo := range certAlgoNames { |
| 67 if pubAlgo == algo { |
| 68 return privAlgo |
| 69 } |
| 70 } |
| 71 panic("unknown cert algorithm") |
| 72 } |
| 73 |
63 func (c *OpenSSHCertV01) PublicKeyAlgo() string { | 74 func (c *OpenSSHCertV01) PublicKeyAlgo() string { |
64 algo, ok := certAlgoNames[c.Key.PublicKeyAlgo()] | 75 algo, ok := certAlgoNames[c.Key.PublicKeyAlgo()] |
65 if !ok { | 76 if !ok { |
66 panic("unknown cert key type") | 77 panic("unknown cert key type") |
67 } | 78 } |
68 return algo | 79 return algo |
69 } | 80 } |
70 | 81 |
71 func (c *OpenSSHCertV01) PrivateKeyAlgo() string { | 82 func (c *OpenSSHCertV01) PrivateKeyAlgo() string { |
72 return c.Key.PrivateKeyAlgo() | 83 return c.Key.PrivateKeyAlgo() |
73 } | 84 } |
74 | 85 |
75 func (c *OpenSSHCertV01) Verify(data []byte, sig []byte) bool { | 86 func (c *OpenSSHCertV01) Verify(data []byte, sig []byte) bool { |
76 return c.Key.Verify(data, sig) | 87 return c.Key.Verify(data, sig) |
77 } | 88 } |
78 | 89 |
79 func parseOpenSSHCertV01(in []byte, algo string) (out *OpenSSHCertV01, rest []by
te, ok bool) { | 90 func parseOpenSSHCertV01(in []byte, algo string) (out *OpenSSHCertV01, rest []by
te, ok bool) { |
80 cert := new(OpenSSHCertV01) | 91 cert := new(OpenSSHCertV01) |
81 | 92 |
82 if cert.Nonce, in, ok = parseString(in); !ok { | 93 if cert.Nonce, in, ok = parseString(in); !ok { |
83 return | 94 return |
84 } | 95 } |
85 | 96 |
86 » cert.Key, in, ok = ParsePublicKey(in) | 97 » privAlgo := certToPrivAlgo(algo) |
| 98 » cert.Key, in, ok = parsePubKey(in, privAlgo) |
87 if !ok { | 99 if !ok { |
88 return | 100 return |
89 } | 101 } |
90 | 102 |
91 » if cert.Key.PrivateKeyAlgo() != algo { | 103 » // We test PublicKeyAlgo to make sure we don't use some weird sub-cert. |
| 104 » if cert.Key.PublicKeyAlgo() != privAlgo { |
92 ok = false | 105 ok = false |
93 return | 106 return |
94 } | 107 } |
95 | 108 |
96 if cert.Serial, in, ok = parseUint64(in); !ok { | 109 if cert.Serial, in, ok = parseUint64(in); !ok { |
97 return | 110 return |
98 } | 111 } |
99 | 112 |
100 if cert.Type, in, ok = parseUint32(in); !ok || cert.Type != UserCert &&
cert.Type != HostCert { | 113 if cert.Type, in, ok = parseUint32(in); !ok || cert.Type != UserCert &&
cert.Type != HostCert { |
101 return | 114 return |
(...skipping 30 matching lines...) Expand all Loading... |
132 } | 145 } |
133 | 146 |
134 if cert.Reserved, in, ok = parseString(in); !ok { | 147 if cert.Reserved, in, ok = parseString(in); !ok { |
135 return | 148 return |
136 } | 149 } |
137 | 150 |
138 sigKey, in, ok := parseString(in) | 151 sigKey, in, ok := parseString(in) |
139 if !ok { | 152 if !ok { |
140 return | 153 return |
141 } | 154 } |
142 » if cert.SignatureKey, _, ok = parsePubKey(sigKey); !ok { | 155 » if cert.SignatureKey, _, ok = ParsePublicKey(sigKey); !ok { |
143 return | 156 return |
144 } | 157 } |
145 | 158 |
146 if cert.Signature, in, ok = parseSignature(in); !ok { | 159 if cert.Signature, in, ok = parseSignature(in); !ok { |
147 return | 160 return |
148 } | 161 } |
149 | 162 |
150 ok = true | 163 ok = true |
151 return cert, in, ok | 164 return cert, in, ok |
152 } | 165 } |
153 | 166 |
154 func (cert *OpenSSHCertV01) Marshal() []byte { | 167 func (cert *OpenSSHCertV01) Marshal() []byte { |
155 » pubKey := MarshalPublicKey(cert.Key) | 168 » pubKey := cert.Key.Marshal() |
156 | |
157 sigKey := MarshalPublicKey(cert.SignatureKey) | 169 sigKey := MarshalPublicKey(cert.SignatureKey) |
158 | 170 |
159 length := stringLength(len(cert.Nonce)) | 171 length := stringLength(len(cert.Nonce)) |
160 length += len(pubKey) | 172 length += len(pubKey) |
161 length += 8 // Length of Serial | 173 length += 8 // Length of Serial |
162 length += 4 // Length of Type | 174 length += 4 // Length of Type |
163 length += stringLength(len(cert.KeyId)) | 175 length += stringLength(len(cert.KeyId)) |
164 length += lengthPrefixedNameListLength(cert.ValidPrincipals) | 176 length += lengthPrefixedNameListLength(cert.ValidPrincipals) |
165 length += 8 // Length of ValidAfter | 177 length += 8 // Length of ValidAfter |
166 length += 8 // Length of ValidBefore | 178 length += 8 // Length of ValidBefore |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
304 | 316 |
305 func parseSignature(in []byte) (out *signature, rest []byte, ok bool) { | 317 func parseSignature(in []byte) (out *signature, rest []byte, ok bool) { |
306 var sigBytes []byte | 318 var sigBytes []byte |
307 if sigBytes, rest, ok = parseString(in); !ok { | 319 if sigBytes, rest, ok = parseString(in); !ok { |
308 return | 320 return |
309 } | 321 } |
310 | 322 |
311 // TODO(hanwen): this is a bug; 'rest' gets swallowed. | 323 // TODO(hanwen): this is a bug; 'rest' gets swallowed. |
312 return parseSignatureBody(sigBytes) | 324 return parseSignatureBody(sigBytes) |
313 } | 325 } |
OLD | NEW |