ssh_cert_parse.h
Go to the documentation of this file.
1 /**
2  * @file ssh_cert_parse.h
3  * @brief SSH certificate parsing
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSH Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 #ifndef _SSH_CERT_PARSE_H
32 #define _SSH_CERT_PARSE_H
33 
34 //Dependencies
35 #include "ssh_types.h"
36 
37 //C++ guard
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
42 
43 /**
44  * @brief SSH certificate types
45  **/
46 
47 typedef enum
48 {
49  SSH_CERT_TYPE_USER = 1,
50  SSH_CERT_TYPE_HOST = 2
51 } SshCertType;
52 
53 
54 /**
55  * @brief RSA public key
56  **/
57 
58 typedef struct
59 {
60  SshBinaryString e;
61  SshBinaryString n;
62 } SshRsaCertPublicKey;
63 
64 
65 /**
66  * @brief DSA public key
67  **/
68 
69 typedef struct
70 {
71  SshBinaryString p;
72  SshBinaryString q;
73  SshBinaryString g;
74  SshBinaryString y;
75 } SshDsaCertPublicKey;
76 
77 
78 /**
79  * @brief ECDSA public key
80  **/
81 
82 typedef struct
83 {
84  SshString curveName;
85  SshBinaryString q;
86 } SshEcdsaCertPublicKey;
87 
88 
89 /**
90  * @brief Ed25519 public key
91  **/
92 
93 typedef struct
94 {
95  SshBinaryString q;
96 } SshEd25519CertPublicKey;
97 
98 
99 /**
100  * @brief Public key
101  **/
102 
103 typedef union
104 {
105  SshRsaCertPublicKey rsaPublicKey;
106  SshDsaCertPublicKey dsaPublicKey;
107  SshEcdsaCertPublicKey ecdsaPublicKey;
108  SshEd25519CertPublicKey ed25519PublicKey;
109 } SshCertPublicKey;
110 
111 
112 /**
113  * @brief SSH certificate (OpenSSH format)
114  **/
115 
116 typedef struct
117 {
118  SshString keyFormatId;
119  SshBinaryString nonce;
120  SshCertPublicKey publicKey;
121  uint64_t serial;
122  uint32_t type;
123  SshString keyId;
124  SshBinaryString validPrincipals;
125  uint64_t validAfter;
126  uint64_t validBefore;
127  SshBinaryString criticalOptions;
128  SshBinaryString extensions;
129  SshBinaryString reserved;
130  SshBinaryString signatureKey;
131  SshBinaryString signature;
132 } SshCertificate;
133 
134 
135 //SSH certificate parsing functions
136 error_t sshParseCertificate(const uint8_t *data, size_t length,
137  SshCertificate *cert);
138 
139 error_t sshParseRsaCertPublicKey(const uint8_t *data, size_t length,
140  size_t *consumed, SshRsaCertPublicKey *publicKey);
141 
142 error_t sshParseDsaCertPublicKey(const uint8_t *data, size_t length,
143  size_t *consumed, SshDsaCertPublicKey *publicKey);
144 
145 error_t sshParseEcdsaCertPublicKey(const uint8_t *data, size_t length,
146  size_t *consumed, SshEcdsaCertPublicKey *publicKey);
147 
148 error_t sshParseEd25519CertPublicKey(const uint8_t *data, size_t length,
149  size_t *consumed, SshEd25519CertPublicKey *publicKey);
150 
151 error_t sshParseValidPrincipals(const uint8_t *data, size_t length,
152  SshBinaryString *validPrincipals);
153 
154 error_t sshParseCriticalOptions(const uint8_t *data, size_t length,
155  SshBinaryString *criticalOptions);
156 
157 error_t sshParseExtensions(const uint8_t *data, size_t length,
158  SshBinaryString *extensions);
159 
160 bool_t sshGetValidPrincipal(const SshCertificate *cert, uint_t index,
161  SshString *name);
162 
163 bool_t sshGetCriticalOption(const SshCertificate *cert, uint_t index,
164  SshString *name, SshBinaryString *data);
165 
166 bool_t sshGetExtension(const SshCertificate *cert, uint_t index,
167  SshString *name, SshBinaryString *data);
168 
169 //C++ guard
170 #ifdef __cplusplus
171 }
172 #endif
173 
174 #endif
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
bool_t
int bool_t
Definition: compiler_port.h:53
error_t
error_t
Error codes.
Definition: error.h:43
data
uint8_t data[]
Definition: ethernet.h:222
name
char_t name[]
Definition: resource_manager.h:71
sshGetCriticalOption
bool_t sshGetCriticalOption(const SshCertificate *cert, uint_t index, SshString *name, SshBinaryString *data)
Extract the critical option at specified index.
Definition: ssh_cert_parse.c:692
sshParseEd25519CertPublicKey
error_t sshParseEd25519CertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshEd25519CertPublicKey *publicKey)
Parse an Ed25519 public key.
Definition: ssh_cert_parse.c:441
sshParseDsaCertPublicKey
error_t sshParseDsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshDsaCertPublicKey *publicKey)
Parse a DSA public key.
Definition: ssh_cert_parse.c:321
sshParseRsaCertPublicKey
error_t sshParseRsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshRsaCertPublicKey *publicKey)
Parse an RSA public key.
Definition: ssh_cert_parse.c:272
sshParseValidPrincipals
error_t sshParseValidPrincipals(const uint8_t *data, size_t length, SshBinaryString *validPrincipals)
Parse 'valid principals' field.
Definition: ssh_cert_parse.c:478
sshParseExtensions
error_t sshParseExtensions(const uint8_t *data, size_t length, SshBinaryString *extensions)
Parse 'extensions' field.
Definition: ssh_cert_parse.c:591
sshParseEcdsaCertPublicKey
error_t sshParseEcdsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshEcdsaCertPublicKey *publicKey)
Parse an ECDSA public key.
Definition: ssh_cert_parse.c:392
sshGetValidPrincipal
bool_t sshGetValidPrincipal(const SshCertificate *cert, uint_t index, SshString *name)
Extract the principal name at specified index.
Definition: ssh_cert_parse.c:648
SshCertType
SshCertType
SSH certificate types.
Definition: ssh_cert_parse.h:48
SSH_CERT_TYPE_USER
@ SSH_CERT_TYPE_USER
Definition: ssh_cert_parse.h:49
SSH_CERT_TYPE_HOST
@ SSH_CERT_TYPE_HOST
Definition: ssh_cert_parse.h:50
sshParseCriticalOptions
error_t sshParseCriticalOptions(const uint8_t *data, size_t length, SshBinaryString *criticalOptions)
Parse 'critical options' field.
Definition: ssh_cert_parse.c:534
sshGetExtension
bool_t sshGetExtension(const SshCertificate *cert, uint_t index, SshString *name, SshBinaryString *data)
Extract the extension at specified index.
Definition: ssh_cert_parse.c:746
sshParseCertificate
error_t sshParseCertificate(const uint8_t *data, size_t length, SshCertificate *cert)
Parse SSH certificate.
Definition: ssh_cert_parse.c:52
ssh_types.h
SSH data type representations.
SshBinaryString
Binary string.
Definition: ssh_types.h:67
SshCertificate
SSH certificate (OpenSSH format)
Definition: ssh_cert_parse.h:117
SshCertificate::criticalOptions
SshBinaryString criticalOptions
Definition: ssh_cert_parse.h:127
SshCertificate::signatureKey
SshBinaryString signatureKey
Definition: ssh_cert_parse.h:130
SshCertificate::reserved
SshBinaryString reserved
Definition: ssh_cert_parse.h:129
SshCertificate::nonce
SshBinaryString nonce
Definition: ssh_cert_parse.h:119
SshCertificate::validAfter
uint64_t validAfter
Definition: ssh_cert_parse.h:125
SshCertificate::validPrincipals
SshBinaryString validPrincipals
Definition: ssh_cert_parse.h:124
SshCertificate::signature
SshBinaryString signature
Definition: ssh_cert_parse.h:131
SshCertificate::keyFormatId
SshString keyFormatId
Definition: ssh_cert_parse.h:118
SshCertificate::extensions
SshBinaryString extensions
Definition: ssh_cert_parse.h:128
SshCertificate::validBefore
uint64_t validBefore
Definition: ssh_cert_parse.h:126
SshCertificate::publicKey
SshCertPublicKey publicKey
Definition: ssh_cert_parse.h:120
SshDsaCertPublicKey
DSA public key.
Definition: ssh_cert_parse.h:70
SshDsaCertPublicKey::q
SshBinaryString q
Definition: ssh_cert_parse.h:72
SshDsaCertPublicKey::y
SshBinaryString y
Definition: ssh_cert_parse.h:74
SshDsaCertPublicKey::g
SshBinaryString g
Definition: ssh_cert_parse.h:73
SshDsaCertPublicKey::p
SshBinaryString p
Definition: ssh_cert_parse.h:71
SshEcdsaCertPublicKey
ECDSA public key.
Definition: ssh_cert_parse.h:83
SshEcdsaCertPublicKey::q
SshBinaryString q
Definition: ssh_cert_parse.h:85
SshEd25519CertPublicKey
Ed25519 public key.
Definition: ssh_cert_parse.h:94
SshRsaCertPublicKey
RSA public key.
Definition: ssh_cert_parse.h:59
SshRsaCertPublicKey::n
SshBinaryString n
Definition: ssh_cert_parse.h:61
SshRsaCertPublicKey::e
SshBinaryString e
Definition: ssh_cert_parse.h:60
SshString
String.
Definition: ssh_types.h:56
length
uint8_t length
Definition: tcp.h:368
extensions
uint8_t extensions[]
Definition: tls13_misc.h:300
SshCertPublicKey::ecdsaPublicKey
SshEcdsaCertPublicKey ecdsaPublicKey
Definition: ssh_cert_parse.h:107
SshCertPublicKey::rsaPublicKey
SshRsaCertPublicKey rsaPublicKey
Definition: ssh_cert_parse.h:105
SshCertPublicKey::ed25519PublicKey
SshEd25519CertPublicKey ed25519PublicKey
Definition: ssh_cert_parse.h:108
SshCertPublicKey::dsaPublicKey
SshDsaCertPublicKey dsaPublicKey
Definition: ssh_cert_parse.h:106