Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 // Copyright 2012 The Go Authors. All rights reserved. | 1 // Copyright 2012 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "time" | 8 "time" |
9 ) | 9 ) |
10 | 10 |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
45 KeyId string | 45 KeyId string |
46 ValidPrincipals []string | 46 ValidPrincipals []string |
47 ValidAfter, ValidBefore time.Time | 47 ValidAfter, ValidBefore time.Time |
48 CriticalOptions []tuple | 48 CriticalOptions []tuple |
49 Extensions []tuple | 49 Extensions []tuple |
50 Reserved []byte | 50 Reserved []byte |
51 SignatureKey PublicKey | 51 SignatureKey PublicKey |
52 Signature *signature | 52 Signature *signature |
53 } | 53 } |
54 | 54 |
55 // validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that t he | 55 // validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that |
jpsugar
2013/10/22 17:01:45
Re-wrap comment please.
jmpittman
2013/10/22 18:52:17
Wrapped to 80.
| |
56 // cert's Signature.Blob is the result of signing the cert bytes starting from | 56 // the cert's Signature.Blob is the result of signing the cert bytes starting |
57 // the algorithm string and going up to and including the SignatureKey. | 57 // from the algorithm string and going up to and including the SignatureKey. |
58 func validateOpenSSHCertV01Signature(cert *OpenSSHCertV01) bool { | 58 func validateOpenSSHCertV01Signature(cert *OpenSSHCertV01) bool { |
59 return cert.SignatureKey.Verify(cert.BytesForSigning(), cert.Signature.B lob) | 59 return cert.SignatureKey.Verify(cert.BytesForSigning(), cert.Signature.B lob) |
60 } | 60 } |
61 | 61 |
62 var certAlgoNames = map[string]string{ | 62 var certAlgoNames = map[string]string{ |
63 KeyAlgoRSA: CertAlgoRSAv01, | 63 KeyAlgoRSA: CertAlgoRSAv01, |
64 KeyAlgoDSA: CertAlgoDSAv01, | 64 KeyAlgoDSA: CertAlgoDSAv01, |
65 KeyAlgoECDSA256: CertAlgoECDSA256v01, | 65 KeyAlgoECDSA256: CertAlgoECDSA256v01, |
66 KeyAlgoECDSA384: CertAlgoECDSA384v01, | 66 KeyAlgoECDSA384: CertAlgoECDSA384v01, |
67 KeyAlgoECDSA521: CertAlgoECDSA521v01, | 67 KeyAlgoECDSA521: CertAlgoECDSA521v01, |
68 } | 68 } |
69 | 69 |
70 // certToPrivAlgo returns the underlying algorithm for a certificate algorithm. | 70 // certToPrivAlgo returns the underlying algorithm for a certificate algorithm. |
71 // Panics if a non-certificate algorithm is passed. | 71 // Panics if a non-certificate algorithm is passed. |
72 func certToPrivAlgo(algo string) string { | 72 func certToPrivAlgo(algo string) string { |
73 for privAlgo, pubAlgo := range certAlgoNames { | 73 for privAlgo, pubAlgo := range certAlgoNames { |
74 if pubAlgo == algo { | 74 if pubAlgo == algo { |
75 return privAlgo | 75 return privAlgo |
76 } | 76 } |
77 } | 77 } |
78 panic("unknown cert algorithm") | 78 panic("unknown cert algorithm") |
79 } | 79 } |
80 | 80 |
81 func (cert *OpenSSHCertV01) marshal(includeAlgo, includeSig bool) []byte { | 81 func (cert *OpenSSHCertV01) marshal(includeAlgo, includeSig bool) []byte { |
82 algoName := cert.PublicKeyAlgo() | 82 algoName := cert.PublicKeyAlgo() |
83 pubKey := cert.Key.Marshal() | 83 pubKey := cert.Key.Marshal() |
84 sigKey := MarshalPublicKey(cert.SignatureKey) | 84 sigKey := MarshalPublicKey(cert.SignatureKey) |
85 | 85 |
86 » length := stringLength(len(cert.Nonce)) | 86 » var length int |
87 » if includeAlgo { | |
88 » » length += stringLength(len(algoName)) | |
89 » } | |
90 » length += stringLength(len(cert.Nonce)) | |
87 length += len(pubKey) | 91 length += len(pubKey) |
88 length += 8 // Length of Serial | 92 length += 8 // Length of Serial |
89 length += 4 // Length of Type | 93 length += 4 // Length of Type |
90 length += stringLength(len(cert.KeyId)) | 94 length += stringLength(len(cert.KeyId)) |
91 length += lengthPrefixedNameListLength(cert.ValidPrincipals) | 95 length += lengthPrefixedNameListLength(cert.ValidPrincipals) |
92 length += 8 // Length of ValidAfter | 96 length += 8 // Length of ValidAfter |
93 length += 8 // Length of ValidBefore | 97 length += 8 // Length of ValidBefore |
94 length += tupleListLength(cert.CriticalOptions) | 98 length += tupleListLength(cert.CriticalOptions) |
95 length += tupleListLength(cert.Extensions) | 99 length += tupleListLength(cert.Extensions) |
96 length += stringLength(len(cert.Reserved)) | 100 length += stringLength(len(cert.Reserved)) |
97 length += stringLength(len(sigKey)) | 101 length += stringLength(len(sigKey)) |
98 if includeAlgo { | |
jpsugar
2013/10/22 17:01:45
I would prefer for this list to be in the same ord
jmpittman
2013/10/22 18:52:17
The order does not matter for the length, but it d
| |
99 length += stringLength(len(algoName)) | |
100 } | |
101 if includeSig { | 102 if includeSig { |
102 length += signatureLength(cert.Signature) | 103 length += signatureLength(cert.Signature) |
103 } | 104 } |
104 | 105 |
105 ret := make([]byte, length) | 106 ret := make([]byte, length) |
106 r := ret | 107 r := ret |
107 if includeAlgo { | 108 if includeAlgo { |
108 r = marshalString(r, []byte(algoName)) | 109 r = marshalString(r, []byte(algoName)) |
109 } | 110 } |
110 r = marshalString(r, cert.Nonce) | 111 r = marshalString(r, cert.Nonce) |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
346 if sigBytes, rest, ok = parseString(in); !ok { | 347 if sigBytes, rest, ok = parseString(in); !ok { |
347 return | 348 return |
348 } | 349 } |
349 | 350 |
350 out, sigBytes, ok = parseSignatureBody(sigBytes) | 351 out, sigBytes, ok = parseSignatureBody(sigBytes) |
351 if !ok || len(sigBytes) > 0 { | 352 if !ok || len(sigBytes) > 0 { |
352 return nil, nil, false | 353 return nil, nil, false |
353 } | 354 } |
354 return | 355 return |
355 } | 356 } |
LEFT | RIGHT |