Home | History | Annotate | Download | only in openssh

Lines Matching refs:cert

61 	struct KeyCert *cert;
63 	cert = xcalloc(1, sizeof(*cert));
64 	buffer_init(&cert->certblob);
65 	buffer_init(&cert->critical);
66 	buffer_init(&cert->extensions);
67 	cert->key_id = NULL;
68 	cert->principals = NULL;
69 	cert->signature_key = NULL;
70 	return cert;
85 	k->cert = NULL;
128 		k->cert = cert_new();
181 cert_free(struct KeyCert *cert)
185 	buffer_free(&cert->certblob);
186 	buffer_free(&cert->critical);
187 	buffer_free(&cert->extensions);
188 	if (cert->key_id != NULL)
189 		xfree(cert->key_id);
190 	for (i = 0; i < cert->nprincipals; i++)
191 		xfree(cert->principals[i]);
192 	if (cert->principals != NULL)
193 		xfree(cert->principals);
194 	if (cert->signature_key != NULL)
195 		key_free(cert->signature_key);
234 		if (k->cert != NULL)
235 			cert_free(k->cert);
236 		k->cert = NULL;
320 		if (!cert_compare(a->cert, b->cert))
368 		/* We want a fingerprint of the _key_ not of the cert */
763 				error("key_read: loaded key is not a cert");
767 			if (ret->cert != NULL)
768 				cert_free(ret->cert);
769 			ret->cert = k->cert;
770 			k->cert = NULL;
831 		if (key->cert == NULL) {
832 			error("%s: no cert data", __func__);
835 		if (buffer_len(&key->cert->certblob) == 0) {
904 		return "RSA-CERT-V00";
906 		return "DSA-CERT-V00";
908 		return "RSA-CERT";
910 		return "DSA-CERT";
913 		return "ECDSA-CERT";
922 	switch (k->cert->type) {
941 		return "ssh-rsa-cert-v00@openssh.com";
943 		return "ssh-dss-cert-v00@openssh.com";
945 		return "ssh-rsa-cert-v01@openssh.com";
947 		return "ssh-dss-cert-v01@openssh.com";
964 			return "ecdsa-sha2-nistp256-cert-v01@openssh.com";
966 			return "ecdsa-sha2-nistp384-cert-v01@openssh.com";
968 			return "ecdsa-sha2-nistp521-cert-v01@openssh.com";
1147 		fatal("key_generate: cert keys cannot be generated directly");
1162 	if (to_key->cert != NULL) {
1163 		cert_free(to_key->cert);
1164 		to_key->cert = NULL;
1167 	if ((from = from_key->cert) == NULL)
1170 	to = to_key->cert = cert_new();
1265 	} else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
1267 	} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
1269 	} else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
1271 	} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
1274 	} else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 ||
1275 	    strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 ||
1276 	    strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) {
1290 	    strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0)
1293 	    strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0)
1296 	    strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
1340 	buffer_append(&key->cert->certblob, blob, blen);
1344 	if ((!v00 && buffer_get_int64_ret(&key->cert->serial, b) != 0) ||
1345 	    buffer_get_int_ret(&key->cert->type, b) != 0 ||
1346 	    (key->cert->key_id = buffer_get_cstring_ret(b, &kidlen)) == NULL ||
1348 	    buffer_get_int64_ret(&key->cert
1349 	    buffer_get_int64_ret(&key->cert->valid_before, b) != 0 ||
1359 	if (kidlen != strlen(key->cert->key_id)) {
1365 	signed_len = buffer_len(&key->cert->certblob) - buffer_len(b);
1372 	if (key->cert->type != SSH2_CERT_TYPE_USER &&
1373 	    key->cert->type != SSH2_CERT_TYPE_HOST) {
1374 		error("Unknown certificate type %u", key->cert->type);
1380 		if (key->cert->nprincipals >= CERT_MAX_PRINCIPALS) {
1388 		key->cert->principals = xrealloc(key->cert->principals,
1389 		    key->cert->nprincipals + 1, sizeof(*key->cert->principals));
1390 		key->cert->principals[key->cert->nprincipals++] = principal;
1395 	buffer_append(&key->cert->critical, critical, clen);
1407 	buffer_append(&key->cert->extensions, exts, elen);
1419 	if ((key->cert->signature_key = key_from_blob(sig_key,
1424 	if (key->cert->signature_key->type != KEY_RSA &&
1425 	    key->cert->signature_key->type != KEY_DSA &&
1426 	    key->cert->signature_key->type != KEY_ECDSA) {
1428 		    key_type(key->cert->signature_key),
1429 		    key->cert->signature_key->type);
1433 	switch (key_verify(key->cert->signature_key, sig, slen, 
1434 	    buffer_ptr(&key->cert->certblob), signed_len)) {
1571 		error("key_from_blob: can't parse cert data");
1608 		buffer_append(&b, buffer_ptr(&key->cert->certblob),
1609 		    buffer_len(&key->cert->certblob));
1788 /* Return the cert-less equivalent to a certified key type */
1812 		k->cert = cert_new();
1816 		k->cert = cert_new();
1823 		k->cert = cert_new();
1839 		cert_free(k->cert);
1844 		cert_free(k->cert);
1848 		cert_free(k->cert);
1868 	if (k->cert == NULL) {
1869 		error("%s: key lacks cert info", __func__);
1875 		    k->cert->type);
1888 	buffer_clear(&k->cert->certblob);
1889 	buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
1894 		buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
1899 		buffer_put_bignum2(&k->cert->certblob, k->dsa->p);
1900 		buffer_put_bignum2(&k->cert->certblob, k->dsa->q);
1901 		buffer_put_bignum2(&k->cert->certblob, k->dsa->g);
1902 		buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key);
1906 		buffer_put_cstring(&k->cert->certblob,
1908 		buffer_put_ecpoint(&k->cert->certblob,
1915 		buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
1916 		buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
1920 		buffer_clear(&k->cert->certblob);
1927 		buffer_put_int64(&k->cert->certblob, k->cert->serial);
1929 	buffer_put_int(&k->cert->certblob, k->cert->type);
1930 	buffer_put_cstring(&k->cert->certblob, k->cert->key_id);
1933 	for (i = 0; i < k->cert->nprincipals; i++)
1934 		buffer_put_cstring(&principals, k->cert->principals[i]);
1935 	buffer_put_string(&k->cert->certblob, buffer_ptr(&principals),
1939 	buffer_put_int64(&k->cert->certblob, k->cert->valid_after);
1940 	buffer_put_int64(&k->cert->certblob, k->cert->valid_before);
1941 	buffer_put_string(&k->cert->certblob,
1942 	    buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical));
1946 		buffer_put_string(&k->cert->certblob,
1947 		    buffer_ptr(&k->cert->extensions),
1948 		    buffer_len(&k->cert->extensions));
1953 		buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
1955 	buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
1956 	buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
1960 	if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
1961 	    buffer_len(&k->cert->certblob)) != 0) {
1963 		buffer_clear(&k->cert->certblob);
1967 	buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
1981 		if (k->cert->type != SSH2_CERT_TYPE_HOST) {
1986 		if (k->cert
1996 	if ((u_int64_t)now < k->cert->valid_after) {
2000 	if ((u_int64_t)now >= k->cert->valid_before) {
2004 	if (k->cert->nprincipals == 0) {
2011 		for (i = 0; i < k->cert->nprincipals; i++) {
2012 			if (strcmp(name, k->cert->principals[i]) == 0) {