version 1.27, 2015/11/19 01:08:55 |
version 1.28, 2015/12/04 16:41:28 |
|
|
int type; |
int type; |
int nid; |
int nid; |
int cert; |
int cert; |
|
int sigonly; |
}; |
}; |
static const struct keytype keytypes[] = { |
static const struct keytype keytypes[] = { |
{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, |
{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, |
{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
KEY_ED25519_CERT, 0, 1 }, |
KEY_ED25519_CERT, 0, 1, 0 }, |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
{ NULL, "RSA1", KEY_RSA1, 0, 0 }, |
{ NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, |
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, |
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, |
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 }, |
{ "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, |
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, |
{ "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, |
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, |
{ "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, |
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, |
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, |
{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, |
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, |
{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, |
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, |
|
{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, |
|
{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, |
{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", |
{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", |
KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, |
KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, |
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", |
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", |
KEY_ECDSA_CERT, NID_secp384r1, 1 }, |
KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
KEY_ECDSA_CERT, NID_secp521r1, 1 }, |
KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
{ NULL, NULL, -1, -1, 0 } |
{ NULL, NULL, -1, -1, 0, 0 } |
}; |
}; |
|
|
const char * |
const char * |
|
|
const struct keytype *kt; |
const struct keytype *kt; |
|
|
for (kt = keytypes; kt->type != -1; kt++) { |
for (kt = keytypes; kt->type != -1; kt++) { |
if (kt->name == NULL) |
if (kt->name == NULL || kt->sigonly) |
continue; |
continue; |
if ((certs_only && !kt->cert) || (plain_only && kt->cert)) |
if ((certs_only && !kt->cert) || (plain_only && kt->cert)) |
continue; |
continue; |
|
|
int |
int |
sshkey_sign(const struct sshkey *key, |
sshkey_sign(const struct sshkey *key, |
u_char **sigp, size_t *lenp, |
u_char **sigp, size_t *lenp, |
const u_char *data, size_t datalen, u_int compat) |
const u_char *data, size_t datalen, const char *alg, u_int compat) |
{ |
{ |
if (sigp != NULL) |
if (sigp != NULL) |
*sigp = NULL; |
*sigp = NULL; |
|
|
return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); |
return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat); |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); |
return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
|
|
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat); |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); |
return ssh_rsa_verify(key, sig, siglen, data, dlen); |
#endif /* WITH_OPENSSL */ |
#endif /* WITH_OPENSSL */ |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
|
|
|
|
/* Sign the whole mess */ |
/* Sign the whole mess */ |
if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), |
sshbuf_len(cert), 0)) != 0) |
sshbuf_len(cert), NULL, 0)) != 0) |
goto out; |
goto out; |
|
|
/* Append signature and we are done */ |
/* Append signature and we are done */ |