nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-13 17:17:37 -05:00
Code Issues Projects Releases Wiki Activity

Family of key types for OpenSSH certificates.

Browse Source 
This commit is groundwork for full certificate support, but doesn't
complete the job by itself. It introduces the new key types, and adds
a test in cryptsuite ensuring they work as expected, but nothing else.

If you manually construct a PPK file for one of the new key types, so
that it has a certificate in the public key field, then this commit
enables PuTTY to present that key to a server for user authentication,
either directly or via Pageant storing and using it. But I haven't yet
provided any mechanism for making such a PPK, so by itself, this isn't
much use.

Also, these new key types are not yet included in the KEXINIT host
keys list, because if they were, they'd just be treated as normal host
keys, in that you'd be asked to manually confirm the SSH fingerprint
of the certificate. I'll enable them for host keys once I add the
missing pieces.
This commit is contained in:
Simon Tatham
2022-04-19 14:48:31 +01:00
parent 6f7c52dcce
commit 34d01e1b65
5 changed files with 685 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ssh.h
View File

@ -854,6 +854,8 @@ struct ssh_keyalg {
const char *ssh_id; /* string identifier in the SSH protocol */
const char *cache_id; /* identifier used in PuTTY's host key cache */
const void *extra; /* private to the public key methods */
bool is_certificate; /* is this a certified key type? */
const ssh_keyalg *base_alg; /* if so, for what underlying key alg? */
};
static inline ssh_key *ssh_key_new_pub(const ssh_keyalg *self, ptrlen pub)
@ -1098,6 +1100,14 @@ extern const ssh_keyalg ssh_ecdsa_ed448;
extern const ssh_keyalg ssh_ecdsa_nistp256;
extern const ssh_keyalg ssh_ecdsa_nistp384;
extern const ssh_keyalg ssh_ecdsa_nistp521;
extern const ssh_keyalg opensshcert_ssh_dsa;
extern const ssh_keyalg opensshcert_ssh_rsa;
extern const ssh_keyalg opensshcert_ssh_rsa_sha256;
extern const ssh_keyalg opensshcert_ssh_rsa_sha512;
extern const ssh_keyalg opensshcert_ssh_ecdsa_ed25519;
extern const ssh_keyalg opensshcert_ssh_ecdsa_nistp256;
extern const ssh_keyalg opensshcert_ssh_ecdsa_nistp384;
extern const ssh_keyalg opensshcert_ssh_ecdsa_nistp521;
extern const ssh2_macalg ssh_hmac_md5;
extern const ssh2_macalg ssh_hmac_sha1;
extern const ssh2_macalg ssh_hmac_sha1_buggy;