OLD | NEW |
1 // Copyright 2011 The Go Authors. All rights reserved. | 1 // Copyright 2011 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "crypto/dsa" | 8 "crypto/dsa" |
| 9 "crypto/ecdsa" |
9 "crypto/rsa" | 10 "crypto/rsa" |
10 "errors" | 11 "errors" |
11 "fmt" | 12 "fmt" |
12 "math/big" | 13 "math/big" |
13 "sync" | 14 "sync" |
14 ) | 15 ) |
15 | 16 |
16 // These are string constants in the SSH protocol. | 17 // These are string constants in the SSH protocol. |
17 const ( | 18 const ( |
18 keyAlgoDH1SHA1 = "diffie-hellman-group1-sha1" | 19 keyAlgoDH1SHA1 = "diffie-hellman-group1-sha1" |
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 return DefaultMACOrder | 185 return DefaultMACOrder |
185 } | 186 } |
186 return c.MACs | 187 return c.MACs |
187 } | 188 } |
188 | 189 |
189 // serialize a signed slice according to RFC 4254 6.6. | 190 // serialize a signed slice according to RFC 4254 6.6. |
190 func serializeSignature(algoname string, sig []byte) []byte { | 191 func serializeSignature(algoname string, sig []byte) []byte { |
191 switch algoname { | 192 switch algoname { |
192 // The corresponding private key to a public certificate is always a nor
mal | 193 // The corresponding private key to a public certificate is always a nor
mal |
193 // private key. For signature serialization purposes, ensure we use the | 194 // private key. For signature serialization purposes, ensure we use the |
194 » // proper ssh-rsa or ssh-dss algo name in case the public cert algo name
is passed. | 195 » // proper key algorithm name in case the public cert algorithm name is p
assed. |
195 » case hostAlgoRSACertV01: | 196 » case certAlgoRSAv01: |
196 algoname = "ssh-rsa" | 197 algoname = "ssh-rsa" |
197 » case hostAlgoDSACertV01: | 198 » case certAlgoDSAv01: |
198 algoname = "ssh-dss" | 199 algoname = "ssh-dss" |
| 200 case certAlgoECDSA256v01: |
| 201 algoname = "ecdsa-sha2-nistp256" |
| 202 case certAlgoECDSA384v01: |
| 203 algoname = "ecdsa-sha2-nistp384" |
| 204 case certAlgoECDSA521v01: |
| 205 algoname = "ecdsa-sha2-nistp521" |
199 } | 206 } |
200 length := stringLength(len(algoname)) | 207 length := stringLength(len(algoname)) |
201 length += stringLength(len(sig)) | 208 length += stringLength(len(sig)) |
202 | 209 |
203 ret := make([]byte, length) | 210 ret := make([]byte, length) |
204 r := marshalString(ret, []byte(algoname)) | 211 r := marshalString(ret, []byte(algoname)) |
205 r = marshalString(r, sig) | 212 r = marshalString(r, sig) |
206 | 213 |
207 return ret | 214 return ret |
208 } | 215 } |
209 | 216 |
210 // serialize a *rsa.PublicKey or *dsa.PublicKey according to RFC 4253 6.6. | 217 // serialize a *rsa.PublicKey or *dsa.PublicKey according to RFC 4253 6.6. |
211 func serializePublickey(key interface{}) []byte { | 218 func serializePublickey(key interface{}) []byte { |
212 var pubKeyBytes []byte | 219 var pubKeyBytes []byte |
213 algoname := algoName(key) | 220 algoname := algoName(key) |
214 switch key := key.(type) { | 221 switch key := key.(type) { |
215 case *rsa.PublicKey: | 222 case *rsa.PublicKey: |
216 pubKeyBytes = marshalPubRSA(key) | 223 pubKeyBytes = marshalPubRSA(key) |
217 case *dsa.PublicKey: | 224 case *dsa.PublicKey: |
218 pubKeyBytes = marshalPubDSA(key) | 225 pubKeyBytes = marshalPubDSA(key) |
| 226 case *ecdsa.PublicKey: |
| 227 pubKeyBytes = marshalPubECDSA(key) |
219 case *OpenSSHCertV01: | 228 case *OpenSSHCertV01: |
220 pubKeyBytes = marshalOpenSSHCertV01(key) | 229 pubKeyBytes = marshalOpenSSHCertV01(key) |
221 default: | 230 default: |
222 panic("unexpected key type") | 231 panic("unexpected key type") |
223 } | 232 } |
224 | 233 |
225 length := stringLength(len(algoname)) | 234 length := stringLength(len(algoname)) |
226 length += len(pubKeyBytes) | 235 length += len(pubKeyBytes) |
227 ret := make([]byte, length) | 236 ret := make([]byte, length) |
228 r := marshalString(ret, []byte(algoname)) | 237 r := marshalString(ret, []byte(algoname)) |
229 copy(r, pubKeyBytes) | 238 copy(r, pubKeyBytes) |
230 return ret | 239 return ret |
231 } | 240 } |
232 | 241 |
233 func algoName(key interface{}) string { | 242 func algoName(key interface{}) string { |
234 switch key.(type) { | 243 switch key.(type) { |
235 case *rsa.PublicKey: | 244 case *rsa.PublicKey: |
236 return "ssh-rsa" | 245 return "ssh-rsa" |
237 case *dsa.PublicKey: | 246 case *dsa.PublicKey: |
238 return "ssh-dss" | 247 return "ssh-dss" |
| 248 case *ecdsa.PublicKey: |
| 249 switch key.(*ecdsa.PublicKey).Params().BitSize { |
| 250 case 256: |
| 251 return "ecdsa-sha2-nistp256" |
| 252 case 384: |
| 253 return "ecdsa-sha2-nistp384" |
| 254 case 521: |
| 255 return "ecdsa-sha2-nistp521" |
| 256 } |
239 case *OpenSSHCertV01: | 257 case *OpenSSHCertV01: |
240 return algoName(key.(*OpenSSHCertV01).Key) + "-cert-v01@openssh.
com" | 258 return algoName(key.(*OpenSSHCertV01).Key) + "-cert-v01@openssh.
com" |
241 } | 259 } |
242 panic("unexpected key type") | 260 panic("unexpected key type") |
243 } | 261 } |
244 | 262 |
245 // buildDataSignedForAuth returns the data that is signed in order to prove | 263 // buildDataSignedForAuth returns the data that is signed in order to prove |
246 // posession of a private key. See RFC 4252, section 7. | 264 // posession of a private key. See RFC 4252, section 7. |
247 func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubK
ey []byte) []byte { | 265 func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubK
ey []byte) []byte { |
248 user := []byte(req.User) | 266 user := []byte(req.User) |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
337 for w.win == 0 { | 355 for w.win == 0 { |
338 w.Wait() | 356 w.Wait() |
339 } | 357 } |
340 if w.win < win { | 358 if w.win < win { |
341 win = w.win | 359 win = w.win |
342 } | 360 } |
343 w.win -= win | 361 w.win -= win |
344 w.L.Unlock() | 362 w.L.Unlock() |
345 return win | 363 return win |
346 } | 364 } |
OLD | NEW |