Lines Matching refs:cert
85 int cert;
89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
102 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
103 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
105 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",
107 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
110 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
149 return kt->cert;
175 (!kt->cert && strcasecmp(kt->shortname, name) == 0))
205 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
309 /* Return the cert-less equivalent to a certified key type */
414 cert_free(struct sshkey_cert *cert)
418 if (cert == NULL)
420 if (cert->certblob != NULL)
421 sshbuf_free(cert->certblob);
422 if (cert->critical != NULL)
423 sshbuf_free(cert->critical);
424 if (cert->extensions != NULL)
425 sshbuf_free(cert->extensions);
426 if (cert->key_id != NULL)
427 free(cert->key_id);
428 for (i = 0; i < cert->nprincipals; i++)
429 free(cert->principals[i]);
430 if (cert->principals != NULL)
431 free(cert->principals);
432 if (cert->signature_key != NULL)
433 sshkey_free(cert->signature_key);
434 explicit_bzero(cert, sizeof(*cert));
435 free(cert);
441 struct sshkey_cert *cert;
443 if ((cert = calloc(1, sizeof(*cert))) == NULL)
445 if ((cert->certblob = sshbuf_new()) == NULL ||
446 (cert->critical = sshbuf_new()) == NULL ||
447 (cert->extensions = sshbuf_new()) == NULL) {
448 cert_free(cert);
451 cert->key_id = NULL;
452 cert->principals = NULL;
453 cert->signature_key = NULL;
454 return cert;
473 k->cert = NULL;
523 if ((k->cert = cert_new()) == NULL) {
634 cert_free(k->cert);
721 if (!cert_compare(a->cert, b->cert))
737 if (key->cert == NULL)
739 if (sshbuf_len(key->cert->certblob) == 0)
754 if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
1107 /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */
1327 if (ret->cert != NULL)
1328 cert_free(ret->cert);
1329 ret->cert = k->cert;
1330 k->cert = NULL;
1501 switch (k->cert->type) {
1707 if (to_key->cert != NULL) {
1708 cert_free(to_key->cert);
1709 to_key->cert = NULL;
1712 if ((from = from_key->cert) == NULL)
1715 if ((to = to_key->cert = cert_new()) == NULL)
1843 if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0)
1847 if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
1848 (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
1849 (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
1851 (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
1852 (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
1863 signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b);
1870 if (key->cert->type != SSH2_CERT_TYPE_USER &&
1871 key->cert->type != SSH2_CERT_TYPE_HOST) {
1881 if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) {
1890 oprincipals = key->cert->principals;
1891 key->cert->principals = reallocarray(key->cert->principals,
1892 key->cert->nprincipals + 1, sizeof(*key->cert->principals));
1893 if (key->cert->principals == NULL) {
1895 key->cert->principals = oprincipals;
1899 key->cert->principals[key->cert->nprincipals++] = principal;
1906 if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 ||
1908 (ret = sshbuf_putb(key->cert->extensions, exts)) != 0))
1917 sshbuf_reset(key->cert->critical);
1925 sshbuf_reset(key->cert->extensions);
1932 if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) {
1936 if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) {
1940 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
1941 sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0)
2355 if ((k->cert = cert_new()) == NULL)
2367 cert_free(k->cert);
2368 k->cert = NULL;
2381 struct sshbuf *cert;
2383 if (k == NULL || k->cert == NULL ||
2384 k->cert->certblob == NULL || ca == NULL)
2394 cert = k->cert->certblob; /* for readability */
2395 sshbuf_reset(cert);
2396 if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0)
2401 if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)
2408 if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 ||
2409 (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 ||
2410 (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 ||
2411 (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0)
2416 if ((ret = sshbuf_put_cstring(cert,
2418 (ret = sshbuf_put_ec(cert,
2425 if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 ||
2426 (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0)
2431 if ((ret = sshbuf_put_string(cert,
2440 if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 ||
2441 (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 ||
2442 (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0)
2449 for (i = 0; i < k->cert->nprincipals; i++) {
2451 k->cert->principals[i])) != 0)
2454 if ((ret = sshbuf_put_stringb(cert, principals)) != 0 ||
2455 (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 ||
2456 (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 ||
2457 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 ||
2458 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 ||
2459 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */
2460 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0)
2464 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
2465 sshbuf_len(cert), 0)) != 0)
2469 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
2474 sshbuf_reset(cert);
2496 if (k->cert->type != SSH2_CERT_TYPE_HOST) {
2501 if (k->cert->type != SSH2_CERT_TYPE_USER) {
2511 if ((u_int64_t)now < k->cert->valid_after) {
2515 if ((u_int64_t)now >= k->cert->valid_before) {
2519 if (k->cert->nprincipals == 0) {
2526 for (i = 0; i < k->cert->nprincipals; i++) {
2527 if (strcmp(name, k->cert->principals[i]) == 0) {
2560 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2564 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2580 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2584 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2598 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2602 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2617 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2621 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
