SSH certificate verification. More...
#include "ssh/ssh.h"#include "ssh/ssh_algorithms.h"#include "ssh/ssh_cert_parse.h"#include "ssh/ssh_cert_verify.h"#include "ssh/ssh_sign_verify.h"#include "ssh/ssh_misc.h"#include "date_time.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL SSH_TRACE_LEVEL |
Functions | |
| error_t | sshVerifyClientCertificate (SshConnection *connection, const SshString *publicKeyAlgo, const SshBinaryString *hostKey, bool_t flag) |
| Verify client's certificate. More... | |
| error_t | sshVerifyServerCertificate (SshConnection *connection, const SshString *publicKeyAlgo, const SshBinaryString *hostKey) |
| Verify server's certificate. More... | |
| error_t | sshVerifyPrincipal (const SshCertificate *cert, const char_t *name) |
| Verify principal name. More... | |
| error_t | sshVerifyValidity (const SshCertificate *cert) |
| Verify validity period. More... | |
| error_t | sshVerifyCriticalOptions (SshConnection *connection, const SshCertificate *cert) |
| Verify critical options. More... | |
| error_t | sshVerifySrcAddrOption (SshConnection *connection, const SshBinaryString *optionData) |
| Verify "source-address" option. More... | |
| error_t | sshVerifyCertSignature (SshConnection *connection, const SshCertificate *cert) |
| Verify certificate signature. More... | |
Detailed Description
SSH certificate verification.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2019-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSSH Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.0
Definition in file ssh_cert_verify.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL SSH_TRACE_LEVEL |
Definition at line 32 of file ssh_cert_verify.c.
Function Documentation
◆ sshVerifyCertSignature()
| error_t sshVerifyCertSignature | ( | SshConnection * | connection, |
| const SshCertificate * | cert | ||
| ) |
Verify certificate signature.
- Parameters
-
[in] connection Pointer to the SSH connection [in] cert Pointer to the SSH certificate
- Returns
- Error code
Definition at line 489 of file ssh_cert_verify.c.
◆ sshVerifyClientCertificate()
| error_t sshVerifyClientCertificate | ( | SshConnection * | connection, |
| const SshString * | publicKeyAlgo, | ||
| const SshBinaryString * | hostKey, | ||
| bool_t | flag | ||
| ) |
Verify client's certificate.
- Parameters
-
[in] connection Pointer to the SSH connection [in] publicKeyAlgo Public key algorithm [in] hostKey Client's certified host key [in] flag This flag specifies whether the signature is present in the SSH_MSG_USERAUTH_REQUEST message
- Returns
- Error code
Definition at line 58 of file ssh_cert_verify.c.
◆ sshVerifyCriticalOptions()
| error_t sshVerifyCriticalOptions | ( | SshConnection * | connection, |
| const SshCertificate * | cert | ||
| ) |
Verify critical options.
- Parameters
-
[in] connection Pointer to the SSH connection [in] cert Pointer to the SSH certificate
- Returns
- Error code
Definition at line 326 of file ssh_cert_verify.c.
◆ sshVerifyPrincipal()
| error_t sshVerifyPrincipal | ( | const SshCertificate * | cert, |
| const char_t * | name | ||
| ) |
Verify principal name.
- Parameters
-
[in] cert Pointer to the SSH certificate [in] name NULL-terminated string containing a user name or host name
- Returns
- Error code
Definition at line 243 of file ssh_cert_verify.c.
◆ sshVerifyServerCertificate()
| error_t sshVerifyServerCertificate | ( | SshConnection * | connection, |
| const SshString * | publicKeyAlgo, | ||
| const SshBinaryString * | hostKey | ||
| ) |
Verify server's certificate.
- Parameters
-
[in] connection Pointer to the SSH connection [in] publicKeyAlgo Public key algorithm [in] hostKey Server's certified host key
- Returns
- Error code
Definition at line 158 of file ssh_cert_verify.c.
◆ sshVerifySrcAddrOption()
| error_t sshVerifySrcAddrOption | ( | SshConnection * | connection, |
| const SshBinaryString * | optionData | ||
| ) |
Verify "source-address" option.
- Parameters
-
[in] connection Pointer to the SSH connection [in] optionData Option-specific information
- Returns
- Error code
Definition at line 377 of file ssh_cert_verify.c.
◆ sshVerifyValidity()
| error_t sshVerifyValidity | ( | const SshCertificate * | cert | ) |
Verify validity period.
- Parameters
-
[in] cert Pointer to the SSH certificate
- Returns
- Error code
Definition at line 292 of file ssh_cert_verify.c.