Lines Matching refs:cert
84 int cert; member
153 return kt->cert; in sshkey_type_is_cert()
179 (!kt->cert && strcasecmp(kt->shortname, name) == 0)) in sshkey_type_from_name()
211 if ((certs_only && !kt->cert) || (plain_only && kt->cert)) in sshkey_alg_list()
420 cert_free(struct sshkey_cert *cert) in cert_free() argument
424 if (cert == NULL) in cert_free()
426 sshbuf_free(cert->certblob); in cert_free()
427 sshbuf_free(cert->critical); in cert_free()
428 sshbuf_free(cert->extensions); in cert_free()
429 free(cert->key_id); in cert_free()
430 for (i = 0; i < cert->nprincipals; i++) in cert_free()
431 free(cert->principals[i]); in cert_free()
432 free(cert->principals); in cert_free()
433 sshkey_free(cert->signature_key); in cert_free()
434 explicit_bzero(cert, sizeof(*cert)); in cert_free()
435 free(cert); in cert_free()
441 struct sshkey_cert *cert; in cert_new() local
443 if ((cert = calloc(1, sizeof(*cert))) == NULL) in cert_new()
445 if ((cert->certblob = sshbuf_new()) == NULL || in cert_new()
446 (cert->critical = sshbuf_new()) == NULL || in cert_new()
447 (cert->extensions = sshbuf_new()) == NULL) { in cert_new()
448 cert_free(cert); in cert_new()
451 cert->key_id = NULL; in cert_new()
452 cert->principals = NULL; in cert_new()
453 cert->signature_key = NULL; in cert_new()
454 return cert; in cert_new()
473 k->cert = NULL; in sshkey_new()
522 if ((k->cert = cert_new()) == NULL) { in sshkey_new()
633 cert_free(k->cert); in sshkey_free()
720 if (!cert_compare(a->cert, b->cert)) in sshkey_equal()
736 if (key->cert == NULL) in to_blob_buf()
738 if (sshbuf_len(key->cert->certblob) == 0) in to_blob_buf()
753 if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0) in to_blob_buf()
1331 if (ret->cert != NULL) in sshkey_read()
1332 cert_free(ret->cert); in sshkey_read()
1333 ret->cert = k->cert; in sshkey_read()
1334 k->cert = NULL; in sshkey_read()
1508 switch (k->cert->type) { in sshkey_cert_type()
1714 if (to_key->cert != NULL) { in sshkey_cert_copy()
1715 cert_free(to_key->cert); in sshkey_cert_copy()
1716 to_key->cert = NULL; in sshkey_cert_copy()
1719 if ((from = from_key->cert) == NULL) in sshkey_cert_copy()
1722 if ((to = to_key->cert = cert_new()) == NULL) in sshkey_cert_copy()
1848 if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0) in cert_parse()
1852 if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 || in cert_parse()
1853 (ret = sshbuf_get_u32(b, &key->cert->type)) != 0 || in cert_parse()
1854 (ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 || in cert_parse()
1856 (ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 || in cert_parse()
1857 (ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 || in cert_parse()
1868 signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b); in cert_parse()
1875 if (key->cert->type != SSH2_CERT_TYPE_USER && in cert_parse()
1876 key->cert->type != SSH2_CERT_TYPE_HOST) { in cert_parse()
1886 if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) { in cert_parse()
1895 oprincipals = key->cert->principals; in cert_parse()
1896 key->cert->principals = reallocarray(key->cert->principals, in cert_parse()
1897 key->cert->nprincipals + 1, sizeof(*key->cert->principals)); in cert_parse()
1898 if (key->cert->principals == NULL) { in cert_parse()
1900 key->cert->principals = oprincipals; in cert_parse()
1904 key->cert->principals[key->cert->nprincipals++] = principal; in cert_parse()
1911 if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 || in cert_parse()
1913 (ret = sshbuf_putb(key->cert->extensions, exts)) != 0)) in cert_parse()
1922 sshbuf_reset(key->cert->critical); in cert_parse()
1930 sshbuf_reset(key->cert->extensions); in cert_parse()
1937 if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) { in cert_parse()
1941 if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) { in cert_parse()
1945 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen, in cert_parse()
1946 sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0) in cert_parse()
2361 if ((k->cert = cert_new()) == NULL) in sshkey_to_certified()
2373 cert_free(k->cert); in sshkey_drop_cert()
2374 k->cert = NULL; in sshkey_drop_cert()
2387 struct sshbuf *cert; in sshkey_certify() local
2389 if (k == NULL || k->cert == NULL || in sshkey_certify()
2390 k->cert->certblob == NULL || ca == NULL) in sshkey_certify()
2400 cert = k->cert->certblob; /* for readability */ in sshkey_certify()
2401 sshbuf_reset(cert); in sshkey_certify()
2402 if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0) in sshkey_certify()
2407 if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0) in sshkey_certify()
2414 if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || in sshkey_certify()
2415 (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || in sshkey_certify()
2416 (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || in sshkey_certify()
2417 (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) in sshkey_certify()
2422 if ((ret = sshbuf_put_cstring(cert, in sshkey_certify()
2424 (ret = sshbuf_put_ec(cert, in sshkey_certify()
2431 if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || in sshkey_certify()
2432 (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) in sshkey_certify()
2437 if ((ret = sshbuf_put_string(cert, in sshkey_certify()
2446 if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 || in sshkey_certify()
2447 (ret = sshbuf_put_u32(cert, k->cert->type)) != 0 || in sshkey_certify()
2448 (ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0) in sshkey_certify()
2455 for (i = 0; i < k->cert->nprincipals; i++) { in sshkey_certify()
2457 k->cert->principals[i])) != 0) in sshkey_certify()
2460 if ((ret = sshbuf_put_stringb(cert, principals)) != 0 || in sshkey_certify()
2461 (ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 || in sshkey_certify()
2462 (ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 || in sshkey_certify()
2463 (ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 || in sshkey_certify()
2464 (ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 || in sshkey_certify()
2465 (ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */ in sshkey_certify()
2466 (ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0) in sshkey_certify()
2470 if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), in sshkey_certify()
2471 sshbuf_len(cert), alg, 0)) != 0) in sshkey_certify()
2475 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0) in sshkey_certify()
2480 sshbuf_reset(cert); in sshkey_certify()
2499 if (k->cert->type != SSH2_CERT_TYPE_HOST) { in sshkey_cert_check_authority()
2504 if (k->cert->type != SSH2_CERT_TYPE_USER) { in sshkey_cert_check_authority()
2514 if ((u_int64_t)now < k->cert->valid_after) { in sshkey_cert_check_authority()
2518 if ((u_int64_t)now >= k->cert->valid_before) { in sshkey_cert_check_authority()
2522 if (k->cert->nprincipals == 0) { in sshkey_cert_check_authority()
2529 for (i = 0; i < k->cert->nprincipals; i++) { in sshkey_cert_check_authority()
2530 if (strcmp(name, k->cert->principals[i]) == 0) { in sshkey_cert_check_authority()
2545 sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) in sshkey_format_cert_validity() argument
2552 if (cert->valid_after == 0 && in sshkey_format_cert_validity()
2553 cert->valid_before == 0xffffffffffffffffULL) in sshkey_format_cert_validity()
2556 if (cert->valid_after != 0) { in sshkey_format_cert_validity()
2558 tt = cert->valid_after > INT_MAX ? in sshkey_format_cert_validity()
2559 INT_MAX : cert->valid_after; in sshkey_format_cert_validity()
2563 if (cert->valid_before != 0xffffffffffffffffULL) { in sshkey_format_cert_validity()
2565 tt = cert->valid_before > INT_MAX ? in sshkey_format_cert_validity()
2566 INT_MAX : cert->valid_before; in sshkey_format_cert_validity()
2571 if (cert->valid_after == 0) in sshkey_format_cert_validity()
2573 else if (cert->valid_before == 0xffffffffffffffffULL) in sshkey_format_cert_validity()
2600 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { in sshkey_private_serialize()
2604 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || in sshkey_private_serialize()
2620 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { in sshkey_private_serialize()
2624 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || in sshkey_private_serialize()
2638 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { in sshkey_private_serialize()
2642 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || in sshkey_private_serialize()
2657 if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { in sshkey_private_serialize()
2661 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || in sshkey_private_serialize()