LEFT | RIGHT |
(no file at all) | |
1 // Copyright 2012 The Go Authors. All rights reserved. | 1 // Copyright 2012 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "time" | 8 "time" |
9 ) | 9 ) |
10 | 10 |
(...skipping 17 matching lines...) Expand all Loading... |
28 type signature struct { | 28 type signature struct { |
29 Format string | 29 Format string |
30 Blob []byte | 30 Blob []byte |
31 } | 31 } |
32 | 32 |
33 type tuple struct { | 33 type tuple struct { |
34 Name string | 34 Name string |
35 Data string | 35 Data string |
36 } | 36 } |
37 | 37 |
| 38 const ( |
| 39 maxUint64 = 1<<64 - 1 |
| 40 maxInt64 = 1<<63 - 1 |
| 41 ) |
| 42 |
| 43 // CertTime represents an unsigned 64-bit time value in seconds starting from |
| 44 // UNIX epoch. We use CertTime instead of time.Time in order to properly handle |
| 45 // the "infinite" time value ^0, which would become negative when expressed as |
| 46 // an int64. |
| 47 type CertTime uint64 |
| 48 |
| 49 func (ct CertTime) Time() time.Time { |
| 50 if ct > maxInt64 { |
| 51 return time.Unix(maxInt64, 0) |
| 52 } |
| 53 return time.Unix(int64(ct), 0) |
| 54 } |
| 55 |
| 56 func (ct CertTime) IsInfinite() bool { |
| 57 return ct == maxUint64 |
| 58 } |
| 59 |
38 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in | 60 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in |
39 // [PROTOCOL.certkeys]?rev=1.8. | 61 // [PROTOCOL.certkeys]?rev=1.8. |
40 type OpenSSHCertV01 struct { | 62 type OpenSSHCertV01 struct { |
41 Nonce []byte | 63 Nonce []byte |
42 Key PublicKey | 64 Key PublicKey |
43 Serial uint64 | 65 Serial uint64 |
44 Type uint32 | 66 Type uint32 |
45 KeyId string | 67 KeyId string |
46 ValidPrincipals []string | 68 ValidPrincipals []string |
47 » ValidAfter, ValidBefore time.Time | 69 » ValidAfter, ValidBefore CertTime |
48 CriticalOptions []tuple | 70 CriticalOptions []tuple |
49 Extensions []tuple | 71 Extensions []tuple |
50 Reserved []byte | 72 Reserved []byte |
51 SignatureKey PublicKey | 73 SignatureKey PublicKey |
52 Signature *signature | 74 Signature *signature |
53 } | 75 } |
54 | 76 |
55 // validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that | 77 // validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that |
56 // the cert's Signature.Blob is the result of signing the cert bytes starting | 78 // the cert's Signature.Blob is the result of signing the cert bytes starting |
57 // from the algorithm string and going up to and including the SignatureKey. | 79 // from the algorithm string and going up to and including the SignatureKey. |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 if includeAlgo { | 130 if includeAlgo { |
109 r = marshalString(r, []byte(algoName)) | 131 r = marshalString(r, []byte(algoName)) |
110 } | 132 } |
111 r = marshalString(r, cert.Nonce) | 133 r = marshalString(r, cert.Nonce) |
112 copy(r, pubKey) | 134 copy(r, pubKey) |
113 r = r[len(pubKey):] | 135 r = r[len(pubKey):] |
114 r = marshalUint64(r, cert.Serial) | 136 r = marshalUint64(r, cert.Serial) |
115 r = marshalUint32(r, cert.Type) | 137 r = marshalUint32(r, cert.Type) |
116 r = marshalString(r, []byte(cert.KeyId)) | 138 r = marshalString(r, []byte(cert.KeyId)) |
117 r = marshalLengthPrefixedNameList(r, cert.ValidPrincipals) | 139 r = marshalLengthPrefixedNameList(r, cert.ValidPrincipals) |
118 » r = marshalUint64(r, uint64(cert.ValidAfter.Unix())) | 140 » r = marshalUint64(r, uint64(cert.ValidAfter)) |
119 » r = marshalUint64(r, uint64(cert.ValidBefore.Unix())) | 141 » r = marshalUint64(r, uint64(cert.ValidBefore)) |
120 r = marshalTupleList(r, cert.CriticalOptions) | 142 r = marshalTupleList(r, cert.CriticalOptions) |
121 r = marshalTupleList(r, cert.Extensions) | 143 r = marshalTupleList(r, cert.Extensions) |
122 r = marshalString(r, cert.Reserved) | 144 r = marshalString(r, cert.Reserved) |
123 r = marshalString(r, sigKey) | 145 r = marshalString(r, sigKey) |
124 if includeSig { | 146 if includeSig { |
125 r = marshalSignature(r, cert.Signature) | 147 r = marshalSignature(r, cert.Signature) |
126 } | 148 } |
127 if len(r) > 0 { | 149 if len(r) > 0 { |
128 panic("ssh: internal error, marshaling certificate did not fill
the entire buffer") | 150 panic("ssh: internal error, marshaling certificate did not fill
the entire buffer") |
129 } | 151 } |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
188 cert.KeyId = string(keyId) | 210 cert.KeyId = string(keyId) |
189 | 211 |
190 if cert.ValidPrincipals, in, ok = parseLengthPrefixedNameList(in); !ok { | 212 if cert.ValidPrincipals, in, ok = parseLengthPrefixedNameList(in); !ok { |
191 return | 213 return |
192 } | 214 } |
193 | 215 |
194 va, in, ok := parseUint64(in) | 216 va, in, ok := parseUint64(in) |
195 if !ok { | 217 if !ok { |
196 return | 218 return |
197 } | 219 } |
198 » cert.ValidAfter = time.Unix(int64(va), 0) | 220 » cert.ValidAfter = CertTime(va) |
199 | 221 |
200 vb, in, ok := parseUint64(in) | 222 vb, in, ok := parseUint64(in) |
201 if !ok { | 223 if !ok { |
202 return | 224 return |
203 } | 225 } |
204 » cert.ValidBefore = time.Unix(int64(vb), 0) | 226 » cert.ValidBefore = CertTime(vb) |
205 | 227 |
206 if cert.CriticalOptions, in, ok = parseTupleList(in); !ok { | 228 if cert.CriticalOptions, in, ok = parseTupleList(in); !ok { |
207 return | 229 return |
208 } | 230 } |
209 | 231 |
210 if cert.Extensions, in, ok = parseTupleList(in); !ok { | 232 if cert.Extensions, in, ok = parseTupleList(in); !ok { |
211 return | 233 return |
212 } | 234 } |
213 | 235 |
214 if cert.Reserved, in, ok = parseString(in); !ok { | 236 if cert.Reserved, in, ok = parseString(in); !ok { |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
347 if sigBytes, rest, ok = parseString(in); !ok { | 369 if sigBytes, rest, ok = parseString(in); !ok { |
348 return | 370 return |
349 } | 371 } |
350 | 372 |
351 out, sigBytes, ok = parseSignatureBody(sigBytes) | 373 out, sigBytes, ok = parseSignatureBody(sigBytes) |
352 if !ok || len(sigBytes) > 0 { | 374 if !ok || len(sigBytes) > 0 { |
353 return nil, nil, false | 375 return nil, nil, false |
354 } | 376 } |
355 return | 377 return |
356 } | 378 } |
LEFT | RIGHT |