Lines Matching refs:cert
84 int cert;
89 { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
106 { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 },
107 { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 },
109 { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",
111 { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
114 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
153 return kt->cert;
179 (!kt->cert && strcasecmp(kt->shortname, name) == 0))
211 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
315 /* Return the cert-less equivalent to a certified key type */
420 cert_free(struct sshkey_cert *cert)
424 if (cert == NULL)
426 sshbuf_free(cert->certblob);
427 sshbuf_free(cert->critical);
428 sshbuf_free(cert->extensions);
429 free(cert->key_id);
430 for (i = 0; i < cert->nprincipals; i++)
431 free(cert->principals[i]);
432 free(cert->principals);
433 sshkey_free(cert->signature_key);
434 explicit_bzero(cert, sizeof(*cert));
435 free(cert);
441 struct sshkey_cert *cert;
443 if ((cert = calloc(1, sizeof(*cert))) == NULL)
445 if ((cert->certblob = sshbuf_new()) == NULL ||
446 (cert->critical = sshbuf_new()) == NULL ||
447 (cert->extensions = sshbuf_new()) == NULL) {
448 cert_free(cert);
451 cert->key_id = NULL;
452 cert->principals = NULL;
453 cert->signature_key = NULL;
454 return cert;
473 k->cert = NULL;
522 if ((k->cert = cert_new()) == NULL) {
633 cert_free(k->cert);
720 cert, b->cert))
736 if (key->cert == NULL)
738 if (sshbuf_len(key->cert->certblob) == 0)
753 if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
1109 /* If [type size] won't fit, then try [type]; fits "[ED25519-CERT]" */
1331 if (ret->cert != NULL)
1332 cert_free(ret->cert);
1333 ret->cert = k->cert;
1334 k->cert = NULL;
1508 switch (k->cert->type) {
1714 if (to_key->cert != NULL) {
1715 cert_free(to_key->cert);
1716 to_key->cert = NULL;
1719 if ((from = from_key->cert) == NULL)
1722 if ((to = to_key->cert = cert_new()) == NULL)
1848 if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0)
1852 if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
1853 (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
1854 (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
1856 (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
1857 (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
1868 signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b);
1875 if (key->cert->type != SSH2_CERT_TYPE_USER &&
1876 key->cert->type != SSH2_CERT_TYPE_HOST) {
1886 if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) {
1895 oprincipals = key->cert->principals;
1896 key->cert->principals = reallocarray(key->cert->principals,
1897 key->cert->nprincipals + 1, sizeof(*key->cert->principals));
1898 if (key->cert->principals == NULL) {
1900 key->cert->principals = oprincipals;
1904 key->cert->principals[key->cert->nprincipals++] = principal;
1911 if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 ||
1913 (ret = sshbuf_putb(key->cert->extensions, exts)) != 0))
1922 sshbuf_reset(key->cert->critical);
1930 sshbuf_reset(key->cert->extensions);
1937 if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) {
1941 if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) {
1945 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
1946 sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0)
2361 if ((k->cert = cert_new()) == NULL)
2373 cert_free(k->cert);
2374 k->cert = NULL;
2387 struct sshbuf *cert;
2389 if (k == NULL || k->cert == NULL ||
2390 k->cert->certblob == NULL || ca == NULL)
2400 cert = k->cert->certblob; /* for readability */
2401 sshbuf_reset(cert);
2402 if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0)
2407 if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)
2414 if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 ||
2415 (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 ||
2416 (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 ||
2417 (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0)
2422 if ((ret = sshbuf_put_cstring(cert,
2424 (ret = sshbuf_put_ec(cert,
2431 if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 ||
2432 (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0)
2437 if ((ret = sshbuf_put_string(cert,
2446 if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 ||
2447 (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 ||
2448 (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0)
2455 for (i = 0; i < k->cert->nprincipals; i++) {
2457 k->cert->principals[i])) != 0)
2460 if ((ret = sshbuf_put_stringb(cert, principals)) != 0 ||
2461 (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 ||
2462 (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 ||
2463 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 ||
2464 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 ||
2465 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */
2466 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0)
2470 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
2471 sshbuf_len(cert), alg, 0)) != 0)
2475 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
2480 sshbuf_reset(cert);
2499 if (k->cert->type != SSH2_CERT_TYPE_HOST) {
2504 if (k->cert->type != SSH2_CERT_TYPE_USER) {
2514 if ((u_int64_t)now < k->cert->valid_after) {
2518 if ((u_int64_t)now >= k->cert->valid_before) {
2522 if (k->cert->nprincipals == 0) {
2529 for (i = 0; i < k->cert->nprincipals; i++) {
2530 if (strcmp(name, k->cert->principals[i]) == 0) {
2545 sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l)
2552 if (cert->valid_after == 0 &&
2553 cert->valid_before == 0xffffffffffffffffULL)
2556 if (cert->valid_after != 0) {
2558 tt = cert->valid_after > INT_MAX ?
2559 INT_MAX : cert->valid_after;
2563 if (cert->valid_before != 0xffffffffffffffffULL) {
2565 tt = cert->valid_before > INT_MAX ?
2566 INT_MAX : cert->valid_before;
2571 if (cert->valid_after == 0)
2573 else if (cert->valid_before == 0xffffffffffffffffULL)
2600 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2604 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2620 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2624 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2638 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2642 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2657 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
2661 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
