2012-02-24 21:52:06 +04:00
|
|
|
// Copyright 2012 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package ssh
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/dsa"
|
2012-12-13 22:52:19 +04:00
|
|
|
"crypto/ecdsa"
|
2012-02-24 21:52:06 +04:00
|
|
|
"crypto/rsa"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
2012-12-16 19:47:10 +04:00
|
|
|
// These constants from [PROTOCOL.certkeys] represent the algorithm names
|
|
|
|
// for certificate types supported by this package.
|
2012-02-24 21:52:06 +04:00
|
|
|
const (
|
2012-12-14 19:11:06 +04:00
|
|
|
CertAlgoRSAv01 = "ssh-rsa-cert-v01@openssh.com"
|
|
|
|
CertAlgoDSAv01 = "ssh-dss-cert-v01@openssh.com"
|
|
|
|
CertAlgoECDSA256v01 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
|
|
|
|
CertAlgoECDSA384v01 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
|
|
|
|
CertAlgoECDSA521v01 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
|
2012-02-24 21:52:06 +04:00
|
|
|
)
|
|
|
|
|
|
|
|
// Certificate types are used to specify whether a certificate is for identification
|
|
|
|
// of a user or a host. Current identities are defined in [PROTOCOL.certkeys].
|
|
|
|
const (
|
|
|
|
UserCert = 1
|
|
|
|
HostCert = 2
|
|
|
|
)
|
|
|
|
|
|
|
|
type signature struct {
|
|
|
|
Format string
|
|
|
|
Blob []byte
|
|
|
|
}
|
|
|
|
|
|
|
|
type tuple struct {
|
|
|
|
Name string
|
|
|
|
Data string
|
|
|
|
}
|
|
|
|
|
|
|
|
// An OpenSSHCertV01 represents an OpenSSH certificate as defined in
|
2012-12-14 19:11:06 +04:00
|
|
|
// [PROTOCOL.certkeys]?rev=1.8.
|
2012-02-24 21:52:06 +04:00
|
|
|
type OpenSSHCertV01 struct {
|
|
|
|
Nonce []byte
|
2012-12-13 22:52:19 +04:00
|
|
|
Key interface{} // rsa, dsa, or ecdsa *PublicKey
|
2012-02-24 21:52:06 +04:00
|
|
|
Serial uint64
|
|
|
|
Type uint32
|
|
|
|
KeyId string
|
|
|
|
ValidPrincipals []string
|
|
|
|
ValidAfter, ValidBefore time.Time
|
|
|
|
CriticalOptions []tuple
|
|
|
|
Extensions []tuple
|
|
|
|
Reserved []byte
|
|
|
|
SignatureKey interface{} // rsa, dsa, or ecdsa *PublicKey
|
|
|
|
Signature *signature
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseOpenSSHCertV01(in []byte, algo string) (out *OpenSSHCertV01, rest []byte, ok bool) {
|
|
|
|
cert := new(OpenSSHCertV01)
|
|
|
|
|
|
|
|
if cert.Nonce, in, ok = parseString(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
switch algo {
|
2012-12-14 19:11:06 +04:00
|
|
|
case CertAlgoRSAv01:
|
2012-02-24 21:52:06 +04:00
|
|
|
var rsaPubKey *rsa.PublicKey
|
|
|
|
if rsaPubKey, in, ok = parseRSA(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cert.Key = rsaPubKey
|
2012-12-14 19:11:06 +04:00
|
|
|
case CertAlgoDSAv01:
|
2012-02-24 21:52:06 +04:00
|
|
|
var dsaPubKey *dsa.PublicKey
|
|
|
|
if dsaPubKey, in, ok = parseDSA(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cert.Key = dsaPubKey
|
2012-12-14 19:11:06 +04:00
|
|
|
case CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01:
|
2012-12-13 22:52:19 +04:00
|
|
|
var ecdsaPubKey *ecdsa.PublicKey
|
|
|
|
if ecdsaPubKey, in, ok = parseECDSA(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cert.Key = ecdsaPubKey
|
2012-02-24 21:52:06 +04:00
|
|
|
default:
|
2012-04-27 01:13:49 +04:00
|
|
|
ok = false
|
2012-02-24 21:52:06 +04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if cert.Serial, in, ok = parseUint64(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if cert.Type, in, ok = parseUint32(in); !ok || cert.Type != UserCert && cert.Type != HostCert {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
keyId, in, ok := parseString(in)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cert.KeyId = string(keyId)
|
|
|
|
|
|
|
|
if cert.ValidPrincipals, in, ok = parseLengthPrefixedNameList(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
va, in, ok := parseUint64(in)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cert.ValidAfter = time.Unix(int64(va), 0)
|
|
|
|
|
|
|
|
vb, in, ok := parseUint64(in)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
cert.ValidBefore = time.Unix(int64(vb), 0)
|
|
|
|
|
|
|
|
if cert.CriticalOptions, in, ok = parseTupleList(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if cert.Extensions, in, ok = parseTupleList(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if cert.Reserved, in, ok = parseString(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
sigKey, in, ok := parseString(in)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if cert.SignatureKey, _, ok = parsePubKey(sigKey); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if cert.Signature, in, ok = parseSignature(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ok = true
|
|
|
|
return cert, in, ok
|
|
|
|
}
|
|
|
|
|
|
|
|
func marshalOpenSSHCertV01(cert *OpenSSHCertV01) []byte {
|
|
|
|
var pubKey []byte
|
|
|
|
switch cert.Key.(type) {
|
|
|
|
case *rsa.PublicKey:
|
|
|
|
k := cert.Key.(*rsa.PublicKey)
|
|
|
|
pubKey = marshalPubRSA(k)
|
|
|
|
case *dsa.PublicKey:
|
|
|
|
k := cert.Key.(*dsa.PublicKey)
|
|
|
|
pubKey = marshalPubDSA(k)
|
2012-12-13 22:52:19 +04:00
|
|
|
case *ecdsa.PublicKey:
|
|
|
|
k := cert.Key.(*ecdsa.PublicKey)
|
|
|
|
pubKey = marshalPubECDSA(k)
|
2012-02-24 21:52:06 +04:00
|
|
|
default:
|
|
|
|
panic("ssh: unknown public key type in cert")
|
|
|
|
}
|
|
|
|
|
|
|
|
sigKey := serializePublickey(cert.SignatureKey)
|
|
|
|
|
2012-04-20 23:17:42 +04:00
|
|
|
length := stringLength(len(cert.Nonce))
|
2012-02-24 21:52:06 +04:00
|
|
|
length += len(pubKey)
|
|
|
|
length += 8 // Length of Serial
|
|
|
|
length += 4 // Length of Type
|
2012-04-20 23:17:42 +04:00
|
|
|
length += stringLength(len(cert.KeyId))
|
2012-02-24 21:52:06 +04:00
|
|
|
length += lengthPrefixedNameListLength(cert.ValidPrincipals)
|
|
|
|
length += 8 // Length of ValidAfter
|
|
|
|
length += 8 // Length of ValidBefore
|
|
|
|
length += tupleListLength(cert.CriticalOptions)
|
|
|
|
length += tupleListLength(cert.Extensions)
|
2012-04-20 23:17:42 +04:00
|
|
|
length += stringLength(len(cert.Reserved))
|
|
|
|
length += stringLength(len(sigKey))
|
2012-02-24 21:52:06 +04:00
|
|
|
length += signatureLength(cert.Signature)
|
|
|
|
|
|
|
|
ret := make([]byte, length)
|
|
|
|
r := marshalString(ret, cert.Nonce)
|
|
|
|
copy(r, pubKey)
|
|
|
|
r = r[len(pubKey):]
|
|
|
|
r = marshalUint64(r, cert.Serial)
|
|
|
|
r = marshalUint32(r, cert.Type)
|
|
|
|
r = marshalString(r, []byte(cert.KeyId))
|
|
|
|
r = marshalLengthPrefixedNameList(r, cert.ValidPrincipals)
|
|
|
|
r = marshalUint64(r, uint64(cert.ValidAfter.Unix()))
|
|
|
|
r = marshalUint64(r, uint64(cert.ValidBefore.Unix()))
|
|
|
|
r = marshalTupleList(r, cert.CriticalOptions)
|
|
|
|
r = marshalTupleList(r, cert.Extensions)
|
|
|
|
r = marshalString(r, cert.Reserved)
|
|
|
|
r = marshalString(r, sigKey)
|
|
|
|
r = marshalSignature(r, cert.Signature)
|
|
|
|
if len(r) > 0 {
|
|
|
|
panic("internal error")
|
|
|
|
}
|
|
|
|
return ret
|
|
|
|
}
|
|
|
|
|
|
|
|
func lengthPrefixedNameListLength(namelist []string) int {
|
|
|
|
length := 4 // length prefix for list
|
|
|
|
for _, name := range namelist {
|
|
|
|
length += 4 // length prefix for name
|
|
|
|
length += len(name)
|
|
|
|
}
|
|
|
|
return length
|
|
|
|
}
|
|
|
|
|
|
|
|
func marshalLengthPrefixedNameList(to []byte, namelist []string) []byte {
|
|
|
|
length := uint32(lengthPrefixedNameListLength(namelist) - 4)
|
|
|
|
to = marshalUint32(to, length)
|
|
|
|
for _, name := range namelist {
|
|
|
|
to = marshalString(to, []byte(name))
|
|
|
|
}
|
|
|
|
return to
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseLengthPrefixedNameList(in []byte) (out []string, rest []byte, ok bool) {
|
|
|
|
list, rest, ok := parseString(in)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
for len(list) > 0 {
|
|
|
|
var next []byte
|
2012-04-20 23:17:42 +04:00
|
|
|
if next, list, ok = parseString(list); !ok {
|
2012-02-24 21:52:06 +04:00
|
|
|
return nil, nil, false
|
|
|
|
}
|
|
|
|
out = append(out, string(next))
|
|
|
|
}
|
|
|
|
ok = true
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func tupleListLength(tupleList []tuple) int {
|
|
|
|
length := 4 // length prefix for list
|
|
|
|
for _, t := range tupleList {
|
|
|
|
length += 4 // length prefix for t.Name
|
|
|
|
length += len(t.Name)
|
|
|
|
length += 4 // length prefix for t.Data
|
|
|
|
length += len(t.Data)
|
|
|
|
}
|
|
|
|
return length
|
|
|
|
}
|
|
|
|
|
|
|
|
func marshalTupleList(to []byte, tuplelist []tuple) []byte {
|
|
|
|
length := uint32(tupleListLength(tuplelist) - 4)
|
|
|
|
to = marshalUint32(to, length)
|
|
|
|
for _, t := range tuplelist {
|
|
|
|
to = marshalString(to, []byte(t.Name))
|
|
|
|
to = marshalString(to, []byte(t.Data))
|
|
|
|
}
|
|
|
|
return to
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseTupleList(in []byte) (out []tuple, rest []byte, ok bool) {
|
|
|
|
list, rest, ok := parseString(in)
|
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
for len(list) > 0 {
|
|
|
|
var name, data []byte
|
|
|
|
var ok bool
|
|
|
|
name, list, ok = parseString(list)
|
|
|
|
if !ok {
|
|
|
|
return nil, nil, false
|
|
|
|
}
|
|
|
|
data, list, ok = parseString(list)
|
|
|
|
if !ok {
|
|
|
|
return nil, nil, false
|
|
|
|
}
|
|
|
|
out = append(out, tuple{string(name), string(data)})
|
|
|
|
}
|
|
|
|
ok = true
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func signatureLength(sig *signature) int {
|
|
|
|
length := 4 // length prefix for signature
|
2012-04-20 23:17:42 +04:00
|
|
|
length += stringLength(len(sig.Format))
|
|
|
|
length += stringLength(len(sig.Blob))
|
2012-02-24 21:52:06 +04:00
|
|
|
return length
|
|
|
|
}
|
|
|
|
|
|
|
|
func marshalSignature(to []byte, sig *signature) []byte {
|
|
|
|
length := uint32(signatureLength(sig) - 4)
|
|
|
|
to = marshalUint32(to, length)
|
|
|
|
to = marshalString(to, []byte(sig.Format))
|
|
|
|
to = marshalString(to, sig.Blob)
|
|
|
|
return to
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseSignature(in []byte) (out *signature, rest []byte, ok bool) {
|
|
|
|
var sigBytes, format []byte
|
|
|
|
sig := new(signature)
|
|
|
|
|
|
|
|
if sigBytes, rest, ok = parseString(in); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if format, sigBytes, ok = parseString(sigBytes); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sig.Format = string(format)
|
|
|
|
|
|
|
|
if sig.Blob, sigBytes, ok = parseString(sigBytes); !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
return sig, rest, ok
|
|
|
|
}
|