Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(996)

Unified Diff: ssh/certs.go

Issue 13272055: code review 13272055: go.crypto/ssh: fix certificate parsing/marshaling. (Closed)
Patch Set: diff -r 2cd6b3b93cdb https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « ssh/agent.go ('k') | ssh/common.go » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ssh/certs.go
===================================================================
--- a/ssh/certs.go
+++ b/ssh/certs.go
@@ -60,6 +60,17 @@
KeyAlgoECDSA521: CertAlgoECDSA521v01,
}
+// certToPrivAlgo returns the underlying algorithm for a certificate algorithm.
+// Panics if a non-certificate algorithm is passed.
+func certToPrivAlgo(algo string) string {
+ for privAlgo, pubAlgo := range certAlgoNames {
+ if pubAlgo == algo {
+ return privAlgo
+ }
+ }
+ panic("unknown cert algorithm")
+}
+
func (c *OpenSSHCertV01) PublicKeyAlgo() string {
algo, ok := certAlgoNames[c.Key.PublicKeyAlgo()]
if !ok {
@@ -83,12 +94,14 @@
return
}
- cert.Key, in, ok = ParsePublicKey(in)
+ privAlgo := certToPrivAlgo(algo)
+ cert.Key, in, ok = parsePubKey(in, privAlgo)
if !ok {
return
}
- if cert.Key.PrivateKeyAlgo() != algo {
+ // We test PublicKeyAlgo to make sure we don't use some weird sub-cert.
+ if cert.Key.PublicKeyAlgo() != privAlgo {
ok = false
return
}
@@ -139,7 +152,7 @@
if !ok {
return
}
- if cert.SignatureKey, _, ok = parsePubKey(sigKey); !ok {
+ if cert.SignatureKey, _, ok = ParsePublicKey(sigKey); !ok {
return
}
@@ -152,8 +165,7 @@
}
func (cert *OpenSSHCertV01) Marshal() []byte {
- pubKey := MarshalPublicKey(cert.Key)
-
+ pubKey := cert.Key.Marshal()
sigKey := MarshalPublicKey(cert.SignatureKey)
length := stringLength(len(cert.Nonce))
« no previous file with comments | « ssh/agent.go ('k') | ssh/common.go » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b