Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1480)

Side by Side Diff: ssh/common.go

Issue 6873060: code review 6873060: go.crypto/ssh: Add support for ECDSA keys and certs. (Closed)
Patch Set: diff -r 06723ccb4c19 https://code.google.com/p/go.crypto Created 11 years, 3 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2011 The Go Authors. All rights reserved. 1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "crypto/dsa" 8 "crypto/dsa"
9 "crypto/ecdsa"
9 "crypto/rsa" 10 "crypto/rsa"
10 "errors" 11 "errors"
11 "fmt" 12 "fmt"
12 "math/big" 13 "math/big"
13 "sync" 14 "sync"
14 ) 15 )
15 16
16 // These are string constants in the SSH protocol. 17 // These are string constants in the SSH protocol.
17 const ( 18 const (
18 keyAlgoDH1SHA1 = "diffie-hellman-group1-sha1" 19 keyAlgoDH1SHA1 = "diffie-hellman-group1-sha1"
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
184 return DefaultMACOrder 185 return DefaultMACOrder
185 } 186 }
186 return c.MACs 187 return c.MACs
187 } 188 }
188 189
189 // serialize a signed slice according to RFC 4254 6.6. 190 // serialize a signed slice according to RFC 4254 6.6.
190 func serializeSignature(algoname string, sig []byte) []byte { 191 func serializeSignature(algoname string, sig []byte) []byte {
191 switch algoname { 192 switch algoname {
192 // The corresponding private key to a public certificate is always a nor mal 193 // The corresponding private key to a public certificate is always a nor mal
193 // private key. For signature serialization purposes, ensure we use the 194 // private key. For signature serialization purposes, ensure we use the
194 » // proper ssh-rsa or ssh-dss algo name in case the public cert algo name is passed. 195 » // proper key algorithm name in case the public cert algorithm name is p assed.
195 » case hostAlgoRSACertV01: 196 » case certAlgoRSAv01:
196 algoname = "ssh-rsa" 197 algoname = "ssh-rsa"
197 » case hostAlgoDSACertV01: 198 » case certAlgoDSAv01:
198 algoname = "ssh-dss" 199 algoname = "ssh-dss"
200 case certAlgoECDSA256v01:
201 algoname = "ecdsa-sha2-nistp256"
202 case certAlgoECDSA384v01:
203 algoname = "ecdsa-sha2-nistp384"
204 case certAlgoECDSA521v01:
205 algoname = "ecdsa-sha2-nistp521"
199 } 206 }
200 length := stringLength(len(algoname)) 207 length := stringLength(len(algoname))
201 length += stringLength(len(sig)) 208 length += stringLength(len(sig))
202 209
203 ret := make([]byte, length) 210 ret := make([]byte, length)
204 r := marshalString(ret, []byte(algoname)) 211 r := marshalString(ret, []byte(algoname))
205 r = marshalString(r, sig) 212 r = marshalString(r, sig)
206 213
207 return ret 214 return ret
208 } 215 }
209 216
210 // serialize a *rsa.PublicKey or *dsa.PublicKey according to RFC 4253 6.6. 217 // serialize a *rsa.PublicKey or *dsa.PublicKey according to RFC 4253 6.6.
211 func serializePublickey(key interface{}) []byte { 218 func serializePublickey(key interface{}) []byte {
212 var pubKeyBytes []byte 219 var pubKeyBytes []byte
213 algoname := algoName(key) 220 algoname := algoName(key)
214 switch key := key.(type) { 221 switch key := key.(type) {
215 case *rsa.PublicKey: 222 case *rsa.PublicKey:
216 pubKeyBytes = marshalPubRSA(key) 223 pubKeyBytes = marshalPubRSA(key)
217 case *dsa.PublicKey: 224 case *dsa.PublicKey:
218 pubKeyBytes = marshalPubDSA(key) 225 pubKeyBytes = marshalPubDSA(key)
226 case *ecdsa.PublicKey:
227 pubKeyBytes = marshalPubECDSA(key)
219 case *OpenSSHCertV01: 228 case *OpenSSHCertV01:
220 pubKeyBytes = marshalOpenSSHCertV01(key) 229 pubKeyBytes = marshalOpenSSHCertV01(key)
221 default: 230 default:
222 panic("unexpected key type") 231 panic("unexpected key type")
223 } 232 }
224 233
225 length := stringLength(len(algoname)) 234 length := stringLength(len(algoname))
226 length += len(pubKeyBytes) 235 length += len(pubKeyBytes)
227 ret := make([]byte, length) 236 ret := make([]byte, length)
228 r := marshalString(ret, []byte(algoname)) 237 r := marshalString(ret, []byte(algoname))
229 copy(r, pubKeyBytes) 238 copy(r, pubKeyBytes)
230 return ret 239 return ret
231 } 240 }
232 241
233 func algoName(key interface{}) string { 242 func algoName(key interface{}) string {
234 switch key.(type) { 243 switch key.(type) {
235 case *rsa.PublicKey: 244 case *rsa.PublicKey:
236 return "ssh-rsa" 245 return "ssh-rsa"
237 case *dsa.PublicKey: 246 case *dsa.PublicKey:
238 return "ssh-dss" 247 return "ssh-dss"
248 case *ecdsa.PublicKey:
249 switch key.(*ecdsa.PublicKey).Params().BitSize {
250 case 256:
251 return "ecdsa-sha2-nistp256"
252 case 384:
253 return "ecdsa-sha2-nistp384"
254 case 521:
255 return "ecdsa-sha2-nistp521"
256 }
239 case *OpenSSHCertV01: 257 case *OpenSSHCertV01:
240 return algoName(key.(*OpenSSHCertV01).Key) + "-cert-v01@openssh. com" 258 return algoName(key.(*OpenSSHCertV01).Key) + "-cert-v01@openssh. com"
241 } 259 }
242 panic("unexpected key type") 260 panic("unexpected key type")
243 } 261 }
244 262
245 // buildDataSignedForAuth returns the data that is signed in order to prove 263 // buildDataSignedForAuth returns the data that is signed in order to prove
246 // posession of a private key. See RFC 4252, section 7. 264 // posession of a private key. See RFC 4252, section 7.
247 func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubK ey []byte) []byte { 265 func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubK ey []byte) []byte {
248 user := []byte(req.User) 266 user := []byte(req.User)
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
337 for w.win == 0 { 355 for w.win == 0 {
338 w.Wait() 356 w.Wait()
339 } 357 }
340 if w.win < win { 358 if w.win < win {
341 win = w.win 359 win = w.win
342 } 360 }
343 w.win -= win 361 w.win -= win
344 w.L.Unlock() 362 w.L.Unlock()
345 return win 363 return win
346 } 364 }
OLDNEW

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b