Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 // Copyright 2012 The Go Authors. All rights reserved. | 1 // Copyright 2012 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "time" | 8 "time" |
9 ) | 9 ) |
10 | 10 |
(...skipping 17 matching lines...) Expand all Loading... | |
28 type signature struct { | 28 type signature struct { |
29 Format string | 29 Format string |
30 Blob []byte | 30 Blob []byte |
31 } | 31 } |
32 | 32 |
33 type tuple struct { | 33 type tuple struct { |
34 Name string | 34 Name string |
35 Data string | 35 Data string |
36 } | 36 } |
37 | 37 |
38 // A time.Time cannot represent seconds higher than 1<<63 - 1. However, | 38 const ( |
39 // conversion from uint64 to int64 for values higher than this will result in | 39 » maxUint64 = 1<<64 - 1 |
40 // negative int64 values and result in times before unix epoch that are not | 40 » maxInt64 = 1<<63 - 1 |
41 // intended to be used with certs. maxInt64 in unix seconds would be | 41 ) |
42 // 292277026596-12-04 15:30:07 +0000 UTC. We are safe until the year | 42 |
43 // 292,277,026,596 in setting this value to maxInt64 for values above | 43 // CertTime represents an unsigned 64-bit time value in seconds starting from |
44 // maxInt64. A use case for this is the "forever" setting where ValidAfter is 0 | 44 // UNIX epoch. We use CertTime instead of time.Time in order to properly handle |
45 // (all bytes 0x00) and ValidBefore is 1<<64 - 1 (all bytes 0xFF). OpenSSH does | 45 // the "infinite" time value ^0, which would become negative when expressed as |
46 // something similar to this by clamping to INT_MAX. | 46 // an int64. |
47 | |
48 // CertTime represents an unsigned 64bit time value in seconds starting from | |
49 // unix epoch. We use CertTime instead of time.Time in order to properly | |
50 // handle time values above what a time.Time can represent and prevent values | |
51 // before unix epoch. | |
52 type CertTime uint64 | 47 type CertTime uint64 |
53 | 48 |
54 func (ct CertTime) Time() time.Time { | 49 func (ct CertTime) Time() time.Time { |
55 const maxInt64 = 1<<63 - 1 | |
56 if ct > maxInt64 { | 50 if ct > maxInt64 { |
57 return time.Unix(maxInt64, 0) | 51 return time.Unix(maxInt64, 0) |
58 } | 52 } |
59 return time.Unix(int64(ct), 0) | 53 return time.Unix(int64(ct), 0) |
60 } | 54 } |
61 | 55 |
62 func (ct CertTime) IsTheEnd() bool { | 56 func (ct CertTime) IsInfinite() bool { |
63 » return ct == 1<<64-1 | 57 » return ct == maxUint64 |
jpsugar
2013/10/22 21:45:35
Doesn't this result in an overflow?
jmpittman
2013/10/23 00:19:02
I do not think it does. I have not gotten an over
| |
64 } | 58 } |
65 | 59 |
66 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in | 60 // An OpenSSHCertV01 represents an OpenSSH certificate as defined in |
67 // [PROTOCOL.certkeys]?rev=1.8. | 61 // [PROTOCOL.certkeys]?rev=1.8. |
68 type OpenSSHCertV01 struct { | 62 type OpenSSHCertV01 struct { |
69 Nonce []byte | 63 Nonce []byte |
70 Key PublicKey | 64 Key PublicKey |
71 Serial uint64 | 65 Serial uint64 |
72 Type uint32 | 66 Type uint32 |
73 KeyId string | 67 KeyId string |
(...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
375 if sigBytes, rest, ok = parseString(in); !ok { | 369 if sigBytes, rest, ok = parseString(in); !ok { |
376 return | 370 return |
377 } | 371 } |
378 | 372 |
379 out, sigBytes, ok = parseSignatureBody(sigBytes) | 373 out, sigBytes, ok = parseSignatureBody(sigBytes) |
380 if !ok || len(sigBytes) > 0 { | 374 if !ok || len(sigBytes) > 0 { |
381 return nil, nil, false | 375 return nil, nil, false |
382 } | 376 } |
383 return | 377 return |
384 } | 378 } |
LEFT | RIGHT |