ssh_cert_parse.h
Go to the documentation of this file.
1 /**
2  * @file ssh_cert_parse.h
3  * @brief SSH certificate parsing
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSH Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.2
29  **/
30 
31 #ifndef _SSH_CERT_PARSE_H
32 #define _SSH_CERT_PARSE_H
33 
34 //Dependencies
35 #include "ssh_types.h"
36 
37 //C++ guard
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
42 
43 /**
44  * @brief SSH certificate types
45  **/
46 
47 typedef enum
48 {
49  SSH_CERT_TYPE_USER = 1,
50  SSH_CERT_TYPE_HOST = 2
51 } SshCertType;
52 
53 
54 /**
55  * @brief RSA public key
56  **/
57 
58 typedef struct
59 {
60  SshBinaryString e;
61  SshBinaryString n;
62 } SshRsaCertPublicKey;
63 
64 
65 /**
66  * @brief DSA public key
67  **/
68 
69 typedef struct
70 {
71  SshBinaryString p;
72  SshBinaryString q;
73  SshBinaryString g;
74  SshBinaryString y;
75 } SshDsaCertPublicKey;
76 
77 
78 /**
79  * @brief ECDSA public key
80  **/
81 
82 typedef struct
83 {
84  SshString curveName;
85  SshBinaryString q;
86 } SshEcdsaCertPublicKey;
87 
88 
89 /**
90  * @brief EdDSA public key
91  **/
92 
93 typedef struct
94 {
95  SshBinaryString q;
96 } SshEddsaCertPublicKey;
97 
98 
99 /**
100  * @brief Public key
101  **/
102 
103 typedef union
104 {
105  SshRsaCertPublicKey rsaPublicKey;
106  SshDsaCertPublicKey dsaPublicKey;
107  SshEcdsaCertPublicKey ecdsaPublicKey;
108  SshEddsaCertPublicKey eddsaPublicKey;
109 } SshCertPublicKey;
110 
111 
112 /**
113  * @brief SSH certificate (OpenSSH format)
114  **/
115 
116 typedef struct
117 {
118  SshString keyFormatId;
119  SshBinaryString nonce;
120  SshCertPublicKey publicKey;
121  uint64_t serial;
122  uint32_t type;
123  SshString keyId;
124  SshBinaryString validPrincipals;
125  uint64_t validAfter;
126  uint64_t validBefore;
127  SshBinaryString criticalOptions;
128  SshBinaryString extensions;
129  SshBinaryString reserved;
130  SshBinaryString signatureKey;
131  SshBinaryString signature;
132 } SshCertificate;
133 
134 
135 //SSH certificate parsing functions
136 error_t sshParseCertificate(const uint8_t *data, size_t length,
137  SshCertificate *cert);
138 
139 error_t sshParseRsaCertPublicKey(const uint8_t *data, size_t length,
140  size_t *consumed, SshRsaCertPublicKey *publicKey);
141 
142 error_t sshParseDsaCertPublicKey(const uint8_t *data, size_t length,
143  size_t *consumed, SshDsaCertPublicKey *publicKey);
144 
145 error_t sshParseEcdsaCertPublicKey(const uint8_t *data, size_t length,
146  size_t *consumed, SshEcdsaCertPublicKey *publicKey);
147 
148 error_t sshParseEddsaCertPublicKey(const uint8_t *data, size_t length,
149  size_t *consumed, SshEddsaCertPublicKey *publicKey);
150 
151 error_t sshParseValidPrincipals(const uint8_t *data, size_t length,
152  SshBinaryString *validPrincipals);
153 
154 error_t sshParseCriticalOptions(const uint8_t *data, size_t length,
155  SshBinaryString *criticalOptions);
156 
157 error_t sshParseExtensions(const uint8_t *data, size_t length,
158  SshBinaryString *extensions);
159 
160 bool_t sshGetValidPrincipal(const SshCertificate *cert, uint_t index,
161  SshString *name);
162 
163 bool_t sshGetCriticalOption(const SshCertificate *cert, uint_t index,
164  SshString *name, SshBinaryString *data);
165 
166 bool_t sshGetExtension(const SshCertificate *cert, uint_t index,
167  SshString *name, SshBinaryString *data);
168 
169 //C++ guard
170 #ifdef __cplusplus
171 }
172 #endif
173 
174 #endif
SshEddsaCertPublicKey
EdDSA public key.
Definition: ssh_cert_parse.h:94
extensions
uint8_t extensions[]
Definition: ntp_common.h:207
bool_t
int bool_t
Definition: compiler_port.h:61
SshBinaryString
Binary string.
Definition: ssh_types.h:67
sshParseCertificate
error_t sshParseCertificate(const uint8_t *data, size_t length, SshCertificate *cert)
Parse SSH certificate.
Definition: ssh_cert_parse.c:52
data
uint8_t data[]
Definition: ethernet.h:224
SshCertPublicKey::rsaPublicKey
SshRsaCertPublicKey rsaPublicKey
Definition: ssh_cert_parse.h:105
sshParseCriticalOptions
error_t sshParseCriticalOptions(const uint8_t *data, size_t length, SshBinaryString *criticalOptions)
Parse 'critical options' field.
Definition: ssh_cert_parse.c:550
SshDsaCertPublicKey::g
SshBinaryString g
Definition: ssh_cert_parse.h:73
SshEddsaCertPublicKey::q
SshBinaryString q
Definition: ssh_cert_parse.h:95
SshRsaCertPublicKey::n
SshBinaryString n
Definition: ssh_cert_parse.h:61
name
char_t name[]
Definition: resource_manager.h:71
sshParseDsaCertPublicKey
error_t sshParseDsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshDsaCertPublicKey *publicKey)
Parse a DSA public key.
Definition: ssh_cert_parse.c:337
sshGetCriticalOption
bool_t sshGetCriticalOption(const SshCertificate *cert, uint_t index, SshString *name, SshBinaryString *data)
Extract the critical option at specified index.
Definition: ssh_cert_parse.c:708
SshEcdsaCertPublicKey
ECDSA public key.
Definition: ssh_cert_parse.h:83
SshDsaCertPublicKey::p
SshBinaryString p
Definition: ssh_cert_parse.h:71
sshParseEcdsaCertPublicKey
error_t sshParseEcdsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshEcdsaCertPublicKey *publicKey)
Parse an ECDSA public key.
Definition: ssh_cert_parse.c:408
SshCertificate::validPrincipals
SshBinaryString validPrincipals
Definition: ssh_cert_parse.h:124
error_t
error_t
Error codes.
Definition: error.h:43
SshCertPublicKey::dsaPublicKey
SshDsaCertPublicKey dsaPublicKey
Definition: ssh_cert_parse.h:106
SSH_CERT_TYPE_USER
@ SSH_CERT_TYPE_USER
Definition: ssh_cert_parse.h:49
sshParseExtensions
error_t sshParseExtensions(const uint8_t *data, size_t length, SshBinaryString *extensions)
Parse 'extensions' field.
Definition: ssh_cert_parse.c:607
SshCertificate::extensions
SshBinaryString extensions
Definition: ssh_cert_parse.h:128
SshDsaCertPublicKey
DSA public key.
Definition: ssh_cert_parse.h:70
SshCertificate::reserved
SshBinaryString reserved
Definition: ssh_cert_parse.h:129
SshCertificate::validAfter
uint64_t validAfter
Definition: ssh_cert_parse.h:125
SshCertPublicKey::ecdsaPublicKey
SshEcdsaCertPublicKey ecdsaPublicKey
Definition: ssh_cert_parse.h:107
length
uint8_t length
Definition: tcp.h:375
SshDsaCertPublicKey::y
SshBinaryString y
Definition: ssh_cert_parse.h:74
sshParseEddsaCertPublicKey
error_t sshParseEddsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshEddsaCertPublicKey *publicKey)
Parse an EdDSA public key.
Definition: ssh_cert_parse.c:457
SshString
String.
Definition: ssh_types.h:56
SshEcdsaCertPublicKey::q
SshBinaryString q
Definition: ssh_cert_parse.h:85
SshCertificate::criticalOptions
SshBinaryString criticalOptions
Definition: ssh_cert_parse.h:127
SshRsaCertPublicKey
RSA public key.
Definition: ssh_cert_parse.h:59
SshRsaCertPublicKey::e
SshBinaryString e
Definition: ssh_cert_parse.h:60
sshParseRsaCertPublicKey
error_t sshParseRsaCertPublicKey(const uint8_t *data, size_t length, size_t *consumed, SshRsaCertPublicKey *publicKey)
Parse an RSA public key.
Definition: ssh_cert_parse.c:288
SshCertificate::keyFormatId
SshString keyFormatId
Definition: ssh_cert_parse.h:118
SshCertificate::signatureKey
SshBinaryString signatureKey
Definition: ssh_cert_parse.h:130
ssh_types.h
SSH data type representations.
SshCertificate::publicKey
SshCertPublicKey publicKey
Definition: ssh_cert_parse.h:120
SshCertificate::validBefore
uint64_t validBefore
Definition: ssh_cert_parse.h:126
sshGetValidPrincipal
bool_t sshGetValidPrincipal(const SshCertificate *cert, uint_t index, SshString *name)
Extract the principal name at specified index.
Definition: ssh_cert_parse.c:664
sshGetExtension
bool_t sshGetExtension(const SshCertificate *cert, uint_t index, SshString *name, SshBinaryString *data)
Extract the extension at specified index.
Definition: ssh_cert_parse.c:762
sshParseValidPrincipals
error_t sshParseValidPrincipals(const uint8_t *data, size_t length, SshBinaryString *validPrincipals)
Parse 'valid principals' field.
Definition: ssh_cert_parse.c:494
SshCertificate::nonce
SshBinaryString nonce
Definition: ssh_cert_parse.h:119
SshCertificate::signature
SshBinaryString signature
Definition: ssh_cert_parse.h:131
SSH_CERT_TYPE_HOST
@ SSH_CERT_TYPE_HOST
Definition: ssh_cert_parse.h:50
SshCertType
SshCertType
SSH certificate types.
Definition: ssh_cert_parse.h:48
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
SshCertPublicKey::eddsaPublicKey
SshEddsaCertPublicKey eddsaPublicKey
Definition: ssh_cert_parse.h:108
SshCertificate
SSH certificate (OpenSSH format)
Definition: ssh_cert_parse.h:117
SshDsaCertPublicKey::q
SshBinaryString q
Definition: ssh_cert_parse.h:72