Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(679)

Delta Between Two Patch Sets: ssh/certs.go

Issue 15520047: code review 15520047: go.crypto/ssh: Implement CertTime to fix an issue with ... (Closed)
Left Patch Set: diff -r 32844aa1ae54 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Right Patch Set: diff -r 32844aa1ae54 https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | ssh/keys_test.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 // Copyright 2012 The Go Authors. All rights reserved. 1 // Copyright 2012 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "time" 8 "time"
9 ) 9 )
10 10
(...skipping 17 matching lines...) Expand all
28 type signature struct { 28 type signature struct {
29 Format string 29 Format string
30 Blob []byte 30 Blob []byte
31 } 31 }
32 32
33 type tuple struct { 33 type tuple struct {
34 Name string 34 Name string
35 Data string 35 Data string
36 } 36 }
37 37
38 // A time.Time cannot represent seconds higher than 1<<63 - 1. However, 38 const (
39 // conversion from uint64 to int64 for values higher than this will result in 39 » maxUint64 = 1<<64 - 1
40 // negative int64 values and result in times before unix epoch that are not 40 » maxInt64 = 1<<63 - 1
41 // intended to be used with certs. maxInt64 in unix seconds would be 41 )
42 // 292277026596-12-04 15:30:07 +0000 UTC. We are safe until the year 42
43 // 292,277,026,596 in setting this value to maxInt64 for values above 43 // CertTime represents an unsigned 64-bit time value in seconds starting from
44 // maxInt64. A use case for this is the "forever" setting where ValidAfter is 0 44 // UNIX epoch. We use CertTime instead of time.Time in order to properly handle
45 // (all bytes 0x00) and ValidBefore is 1<<64 - 1 (all bytes 0xFF). OpenSSH does 45 // the "infinite" time value ^0, which would become negative when expressed as
46 // something similar to this by clamping to INT_MAX. 46 // an int64.
47
48 // CertTime represents an unsigned 64bit time value in seconds starting from
49 // unix epoch. We use CertTime instead of time.Time in order to properly
50 // handle time values above what a time.Time can represent and prevent values
51 // before unix epoch.
52 type CertTime uint64 47 type CertTime uint64
53 48
54 func (ct CertTime) Time() time.Time { 49 func (ct CertTime) Time() time.Time {
55 const maxInt64 = 1<<63 - 1
56 if ct > maxInt64 { 50 if ct > maxInt64 {
57 return time.Unix(maxInt64, 0) 51 return time.Unix(maxInt64, 0)
58 } 52 }
59 return time.Unix(int64(ct), 0) 53 return time.Unix(int64(ct), 0)
60 } 54 }
61 55
62 func (ct CertTime) IsTheEnd() bool { 56 func (ct CertTime) IsInfinite() bool {
63 » return ct == 1<<64-1 57 » return ct == maxUint64
jpsugar 2013/10/22 21:45:35 Doesn't this result in an overflow?
jmpittman 2013/10/23 00:19:02 I do not think it does. I have not gotten an over
64 } 58 }
65 59
66 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in 60 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in
67 // [PROTOCOL.certkeys]?rev=1.8. 61 // [PROTOCOL.certkeys]?rev=1.8.
68 type OpenSSHCertV01 struct { 62 type OpenSSHCertV01 struct {
69 Nonce []byte 63 Nonce []byte
70 Key PublicKey 64 Key PublicKey
71 Serial uint64 65 Serial uint64
72 Type uint32 66 Type uint32
73 KeyId string 67 KeyId string
(...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after
375 if sigBytes, rest, ok = parseString(in); !ok { 369 if sigBytes, rest, ok = parseString(in); !ok {
376 return 370 return
377 } 371 }
378 372
379 out, sigBytes, ok = parseSignatureBody(sigBytes) 373 out, sigBytes, ok = parseSignatureBody(sigBytes)
380 if !ok || len(sigBytes) > 0 { 374 if !ok || len(sigBytes) > 0 {
381 return nil, nil, false 375 return nil, nil, false
382 } 376 }
383 return 377 return
384 } 378 }
LEFTRIGHT
« no previous file | ssh/keys_test.go » ('j') | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b