Home | History | Annotate | Download | only in openssh

Lines Matching defs:cert

85 	int cert;
89 	{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
102 	{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
103 	{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
105 	{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",
107 	{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
110 	{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
114 	{ "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00",
116 	{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
153 			return kt->cert;
179 		    (!kt->cert && strcasecmp(kt->shortname, name) == 0))
209 		if ((certs_only && !kt->cert) || (plain_only && kt->cert))
327 /* Return the cert-less equivalent to a certified key type */
434 cert_free(struct sshkey_cert *cert)
438 	if (cert == NULL)
440 	if (cert->certblob != NULL)
441 		sshbuf_free(cert->certblob);
442 	if (cert->critical != NULL)
443 		sshbuf_free(cert->critical);
444 	if (cert->extensions != NULL)
445 		sshbuf_free(cert->extensions);
446 	if (cert->key_id != NULL)
447 		free(cert->key_id);
448 	for (i = 0; i < cert->nprincipals; i++)
449 		free(cert->principals[i]);
450 	if (cert->principals != NULL)
451 		free(cert->principals);
452 	if (cert->signature_key != NULL)
453 		sshkey_free(cert->signature_key);
454 	explicit_bzero(cert, sizeof(*cert));
455 	free(cert);
461 	struct sshkey_cert *cert;
463 	if ((cert = calloc(1, sizeof(*cert))) == NULL)
465 	if ((cert->certblob = sshbuf_new()) == NULL ||
466 	    (cert->critical = sshbuf_new()) == NULL ||
467 	    (cert->extensions = sshbuf_new()) == NULL) {
468 		cert_free(cert);
471 	cert->key_id = NULL;
472 	cert->principals = NULL;
473 	cert->signature_key = NULL;
474 	return cert;
493 	k->cert = NULL;
545 		if ((k->cert = cert_new()) == NULL) {
660 		cert_free(k->cert);
749 		if (!cert_compare(a->cert, b->cert))
778 		if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
1131 	/* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */
1353 			if (ret->cert != NULL)
1354 				cert_free(ret->cert);
1355 			ret->cert = k->cert;
1356 			k->cert = NULL;
1423 		if (key->cert == NULL)
1425 		if (sshbuf_len(key->cert->certblob) == 0)
1509 	switch (k->cert->type) {
1716 	if (to_key->cert != NULL) {
1717 		cert_free(to_key->cert);
1718 		to_key->cert = NULL;
1721 	if ((from = from_key->cert) == NULL)
1724 	if ((to = to_key->cert = cert_new()) == NULL)
1855 	if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0)
1858 	if ((!v00 && (ret = sshbuf_get_u64(b, &key->cert->serial)) != 0) ||
1859 	    (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
1860 	    (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
1862 	    (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
1863 	    (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
1875 	signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b);
1882 	if (key->cert->type != SSH2_CERT_TYPE_USER &&
1883 	    key->cert->type != SSH2_CERT_TYPE_HOST) {
1893 		if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) {
1902 		oprincipals = key->cert->principals;
1903 		key->cert->principals = realloc(key->cert->principals,
1904 		    (key->cert->nprincipals + 1) *
1905 		    sizeof(*key->cert->principals));
1906 		if (key->cert->principals == NULL) {
1908 			key->cert->principals = oprincipals;
1912 		key->cert->principals[key->cert->nprincipals++] = principal;
1919 	if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 ||
1921 	    (ret = sshbuf_putb(key->cert->extensions, exts)) != 0))
1931 			sshbuf_reset(key->cert->critical);
1939 			sshbuf_reset(key->cert->extensions);
1946 	if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) {
1950 	if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) {
1954 	if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
1955 	    sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0)
2381 	if ((k->cert = cert_new()) == NULL)
2393 	cert_free(k->cert);
2394 	k->cert = NULL;
2407 	struct sshbuf *cert;
2409 	if (k == NULL || k->cert == NULL ||
2410 	    k->cert->certblob == NULL || ca == NULL)
2420 	cert = k->cert->certblob; /* for readability */
2421 	sshbuf_reset(cert);
2422 	if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0)
2428 		if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)
2437 		if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 ||
2438 		    (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 ||
2439 		    (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 ||
2440 		    (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0)
2445 		if ((ret = sshbuf_put_cstring(cert,
2447 		    (ret = sshbuf_put_ec(cert,
2455 		if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 ||
2456 		    (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0)
2461 		if ((ret = sshbuf_put_string(cert,
2472 		if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0)
2476 	if ((ret = sshbuf_put_u32(cert, k->cert->type)) != 0 ||
2477 	    (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0)
2484 	for (i = 0; i < k->cert->nprincipals; i++) {
2486 		    k->cert->principals[i])) != 0)
2489 	if ((ret = sshbuf_put_stringb(cert, principals)) != 0 ||
2490 	    (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 ||
2491 	    (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 ||
2492 	    (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0)
2497 		if ((ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0)
2503 		if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)
2507 	if ((ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */
2508 	    (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0)
2512 	if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
2513 	    sshbuf_len(cert), 0)) != 0)
2517 	if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
2522 		sshbuf_reset(cert);
2544 		if (k->cert->type != SSH2_CERT_TYPE_HOST) {
2549 		if (k->cert->type != SSH2_CERT_TYPE_USER) {
2559 	if ((u_int64_t)now < k->cert->valid_after) {
2563 	if ((u_int64_t)now >= k->cert->valid_before) {
2567 	if (k->cert->nprincipals == 0) {
2574 		for (i = 0; i < k->cert->nprincipals; i++) {
2575 			if (strcmp(name, k->cert->principals[i]) == 0) {
2609 		if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2613 		if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2630 		if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2634 		if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2648 		if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2652 		if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2667 		if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2671 		if ((r = sshbuf_put_stringb(b, key->cert