Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1348)

Delta Between Two Patch Sets: ssh/certs.go

Issue 15520047: code review 15520047: go.crypto/ssh: Implement CertTime to fix an issue with ... (Closed)
Left Patch Set: Created 10 years, 5 months ago
Right Patch Set: diff -r 32844aa1ae54 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | ssh/keys_test.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 // Copyright 2012 The Go Authors. All rights reserved. 1 // Copyright 2012 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "time" 8 "time"
9 ) 9 )
10 10
(...skipping 17 matching lines...) Expand all
28 type signature struct { 28 type signature struct {
29 Format string 29 Format string
30 Blob []byte 30 Blob []byte
31 } 31 }
32 32
33 type tuple struct { 33 type tuple struct {
34 Name string 34 Name string
35 Data string 35 Data string
36 } 36 }
37 37
38 const (
39 maxUint64 = 1<<64 - 1
40 maxInt64 = 1<<63 - 1
41 )
42
43 // CertTime represents an unsigned 64-bit time value in seconds starting from
44 // UNIX epoch. We use CertTime instead of time.Time in order to properly handle
45 // the "infinite" time value ^0, which would become negative when expressed as
46 // an int64.
47 type CertTime uint64
48
49 func (ct CertTime) Time() time.Time {
50 if ct > maxInt64 {
51 return time.Unix(maxInt64, 0)
52 }
53 return time.Unix(int64(ct), 0)
54 }
55
56 func (ct CertTime) IsInfinite() bool {
57 return ct == maxUint64
58 }
59
38 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in 60 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in
39 // [PROTOCOL.certkeys]?rev=1.8. 61 // [PROTOCOL.certkeys]?rev=1.8.
40 type OpenSSHCertV01 struct { 62 type OpenSSHCertV01 struct {
41 Nonce []byte 63 Nonce []byte
42 Key PublicKey 64 Key PublicKey
43 Serial uint64 65 Serial uint64
44 Type uint32 66 Type uint32
45 KeyId string 67 KeyId string
46 ValidPrincipals []string 68 ValidPrincipals []string
47 » ValidAfter, ValidBefore time.Time 69 » ValidAfter, ValidBefore CertTime
48 CriticalOptions []tuple 70 CriticalOptions []tuple
49 Extensions []tuple 71 Extensions []tuple
50 Reserved []byte 72 Reserved []byte
51 SignatureKey PublicKey 73 SignatureKey PublicKey
52 Signature *signature 74 Signature *signature
53 } 75 }
54 76
55 // validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that 77 // validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that
56 // the cert's Signature.Blob is the result of signing the cert bytes starting 78 // the cert's Signature.Blob is the result of signing the cert bytes starting
57 // from the algorithm string and going up to and including the SignatureKey. 79 // from the algorithm string and going up to and including the SignatureKey.
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 if includeAlgo { 130 if includeAlgo {
109 r = marshalString(r, []byte(algoName)) 131 r = marshalString(r, []byte(algoName))
110 } 132 }
111 r = marshalString(r, cert.Nonce) 133 r = marshalString(r, cert.Nonce)
112 copy(r, pubKey) 134 copy(r, pubKey)
113 r = r[len(pubKey):] 135 r = r[len(pubKey):]
114 r = marshalUint64(r, cert.Serial) 136 r = marshalUint64(r, cert.Serial)
115 r = marshalUint32(r, cert.Type) 137 r = marshalUint32(r, cert.Type)
116 r = marshalString(r, []byte(cert.KeyId)) 138 r = marshalString(r, []byte(cert.KeyId))
117 r = marshalLengthPrefixedNameList(r, cert.ValidPrincipals) 139 r = marshalLengthPrefixedNameList(r, cert.ValidPrincipals)
118 » r = marshalUint64(r, uint64(cert.ValidAfter.Unix())) 140 » r = marshalUint64(r, uint64(cert.ValidAfter))
119 » r = marshalUint64(r, uint64(cert.ValidBefore.Unix())) 141 » r = marshalUint64(r, uint64(cert.ValidBefore))
120 r = marshalTupleList(r, cert.CriticalOptions) 142 r = marshalTupleList(r, cert.CriticalOptions)
121 r = marshalTupleList(r, cert.Extensions) 143 r = marshalTupleList(r, cert.Extensions)
122 r = marshalString(r, cert.Reserved) 144 r = marshalString(r, cert.Reserved)
123 r = marshalString(r, sigKey) 145 r = marshalString(r, sigKey)
124 if includeSig { 146 if includeSig {
125 r = marshalSignature(r, cert.Signature) 147 r = marshalSignature(r, cert.Signature)
126 } 148 }
127 if len(r) > 0 { 149 if len(r) > 0 {
128 panic("ssh: internal error, marshaling certificate did not fill the entire buffer") 150 panic("ssh: internal error, marshaling certificate did not fill the entire buffer")
129 } 151 }
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
188 cert.KeyId = string(keyId) 210 cert.KeyId = string(keyId)
189 211
190 if cert.ValidPrincipals, in, ok = parseLengthPrefixedNameList(in); !ok { 212 if cert.ValidPrincipals, in, ok = parseLengthPrefixedNameList(in); !ok {
191 return 213 return
192 } 214 }
193 215
194 va, in, ok := parseUint64(in) 216 va, in, ok := parseUint64(in)
195 if !ok { 217 if !ok {
196 return 218 return
197 } 219 }
198 » cert.ValidAfter = time.Unix(int64(va), 0) 220 » cert.ValidAfter = CertTime(va)
199 221
200 vb, in, ok := parseUint64(in) 222 vb, in, ok := parseUint64(in)
201 if !ok { 223 if !ok {
202 return 224 return
203 } 225 }
204 » cert.ValidBefore = time.Unix(int64(vb), 0) 226 » cert.ValidBefore = CertTime(vb)
205 227
206 if cert.CriticalOptions, in, ok = parseTupleList(in); !ok { 228 if cert.CriticalOptions, in, ok = parseTupleList(in); !ok {
207 return 229 return
208 } 230 }
209 231
210 if cert.Extensions, in, ok = parseTupleList(in); !ok { 232 if cert.Extensions, in, ok = parseTupleList(in); !ok {
211 return 233 return
212 } 234 }
213 235
214 if cert.Reserved, in, ok = parseString(in); !ok { 236 if cert.Reserved, in, ok = parseString(in); !ok {
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after
347 if sigBytes, rest, ok = parseString(in); !ok { 369 if sigBytes, rest, ok = parseString(in); !ok {
348 return 370 return
349 } 371 }
350 372
351 out, sigBytes, ok = parseSignatureBody(sigBytes) 373 out, sigBytes, ok = parseSignatureBody(sigBytes)
352 if !ok || len(sigBytes) > 0 { 374 if !ok || len(sigBytes) > 0 {
353 return nil, nil, false 375 return nil, nil, false
354 } 376 }
355 return 377 return
356 } 378 }
LEFTRIGHT
« no previous file | ssh/keys_test.go » ('j') | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b