pki: support ECDSA/ED25519 certificates

As with RSA/DSS, support is still quite limited. This is mostly about adding new ssh_keytypes_e values and updating sites that check keys' types. Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2026-02-06 10:27:22 +09:00 · 2019-03-12 10:27:35 -06:00
parent b1f3cfec34
commit 19cd909c8d
6 changed files with 60 additions and 6 deletions
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -300,6 +300,10 @@ enum ssh_keytypes_e{
  SSH_KEYTYPE_ECDSA_P256,
  SSH_KEYTYPE_ECDSA_P384,
  SSH_KEYTYPE_ECDSA_P521,
+  SSH_KEYTYPE_ECDSA_P256_CERT01,
+  SSH_KEYTYPE_ECDSA_P384_CERT01,
+  SSH_KEYTYPE_ECDSA_P521_CERT01,
+  SSH_KEYTYPE_ED25519_CERT01,
 };

 enum ssh_keycmp_e {
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -104,6 +104,12 @@ enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name);
 #define is_ecdsa_key_type(t) \
    ((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)

+#define is_cert_type(kt)\
+      ((kt) == SSH_KEYTYPE_DSS_CERT01 ||\
+       (kt) == SSH_KEYTYPE_RSA_CERT01 ||\
+      ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
+       (kt) <= SSH_KEYTYPE_ED25519_CERT01))
+
 /* SSH Signature Functions */
 ssh_signature ssh_signature_new(void);
 void ssh_signature_free(ssh_signature sign);