version 1.104, 2013/05/19 02:42:42 |
version 1.105, 2013/10/29 09:42:11 |
|
|
#include "ssh2.h" |
#include "ssh2.h" |
|
|
static int to_blob(const Key *, u_char **, u_int *, int); |
static int to_blob(const Key *, u_char **, u_int *, int); |
|
static Key *key_from_blob2(const u_char *, u_int, int); |
|
|
static struct KeyCert * |
static struct KeyCert * |
cert_new(void) |
cert_new(void) |
|
|
return ret; |
return ret; |
} |
} |
|
|
|
int |
|
key_type_is_cert(int type) |
|
{ |
|
const struct keytype *kt; |
|
|
|
for (kt = keytypes; kt->type != -1; kt++) { |
|
if (kt->type == type) |
|
return kt->cert; |
|
} |
|
return 0; |
|
} |
|
|
u_int |
u_int |
key_size(const Key *k) |
key_size(const Key *k) |
{ |
{ |
|
|
} |
} |
buffer_clear(&tmp); |
buffer_clear(&tmp); |
|
|
if ((key->cert->signature_key = key_from_blob(sig_key, |
if ((key->cert->signature_key = key_from_blob2(sig_key, sklen, 0)) |
sklen)) == NULL) { |
== NULL) { |
error("%s: Signature key invalid", __func__); |
error("%s: Signature key invalid", __func__); |
goto out; |
goto out; |
} |
} |
|
|
return ret; |
return ret; |
} |
} |
|
|
Key * |
static Key * |
key_from_blob(const u_char *blob, u_int blen) |
key_from_blob2(const u_char *blob, u_int blen, int allow_cert) |
{ |
{ |
Buffer b; |
Buffer b; |
int rlen, type, nid = -1; |
int rlen, type, nid = -1; |
|
|
type = key_type_from_name(ktype); |
type = key_type_from_name(ktype); |
if (key_type_plain(type) == KEY_ECDSA) |
if (key_type_plain(type) == KEY_ECDSA) |
nid = key_ecdsa_nid_from_name(ktype); |
nid = key_ecdsa_nid_from_name(ktype); |
|
if (!allow_cert && key_type_is_cert(type)) { |
|
error("key_from_blob: certificate not allowed in this context"); |
|
goto out; |
|
} |
switch (type) { |
switch (type) { |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
|
|
return key; |
return key; |
} |
} |
|
|
|
Key * |
|
key_from_blob(const u_char *blob, u_int blen) |
|
{ |
|
return key_from_blob2(blob, blen, 1); |
|
} |
|
|
static int |
static int |
to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) |
to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) |
{ |
{ |
|
|
{ |
{ |
if (k == NULL) |
if (k == NULL) |
return 0; |
return 0; |
switch (k->type) { |
return key_type_is_cert(k->type); |
case KEY_RSA_CERT_V00: |
|
case KEY_DSA_CERT_V00: |
|
case KEY_RSA_CERT: |
|
case KEY_DSA_CERT: |
|
case KEY_ECDSA_CERT: |
|
return 1; |
|
default: |
|
return 0; |
|
} |
|
} |
} |
|
|
/* Return the cert-less equivalent to a certified key type */ |
/* Return the cert-less equivalent to a certified key type */ |