kubernetes/vendor/golang.org/x/crypto/ssh/certs.go

const CertAlgoRSAv01

const CertAlgoDSAv01

const CertAlgoECDSA256v01

const CertAlgoECDSA384v01

const CertAlgoECDSA521v01

const CertAlgoSKECDSA256v01

const CertAlgoED25519v01

const CertAlgoSKED25519v01

const CertAlgoRSASHA256v01

const CertAlgoRSASHA512v01

const CertSigAlgoRSAv01

const CertSigAlgoRSASHA2256v01

const CertSigAlgoRSASHA2512v01

const UserCert

const HostCert

type Signature

const CertTimeInfinity

type Certificate

type genericCertData

func marshalStringList(namelist []string) []byte {}

type optionsTuple

type optionsTupleValue

// serialize a map of critical options or extensions
// issue #10569 - per [PROTOCOL.certkeys] and SSH implementation,
// we need two length prefixes for a non-empty string value
func marshalTuples(tups map[string]string) []byte {}

// issue #10569 - per [PROTOCOL.certkeys] and SSH implementation,
// we need two length prefixes for a non-empty option value
func parseTuples(in []byte) (map[string]string, error) {}

func parseCert(in []byte, privAlgo string) (*Certificate, error) {}

type openSSHCertSigner

type algorithmOpenSSHCertSigner

// NewCertSigner returns a Signer that signs with the given Certificate, whose
// private key is held by signer. It returns an error if the public key in cert
// doesn't match the key used by signer.
func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {}

func (s *openSSHCertSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {}

func (s *openSSHCertSigner) PublicKey() PublicKey {}

func (s *algorithmOpenSSHCertSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {}

const sourceAddressCriticalOption

type CertChecker

// CheckHostKey checks a host key certificate. This method can be
// plugged into ClientConfig.HostKeyCallback.
func (c *CertChecker) CheckHostKey(addr string, remote net.Addr, key PublicKey) error {}

// Authenticate checks a user certificate. Authenticate can be used as
// a value for ServerConfig.PublicKeyCallback.
func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permissions, error) {}

// CheckCert checks CriticalOptions, ValidPrincipals, revocation, timestamp and
// the signature of the certificate.
func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {}

// SignCert signs the certificate with an authority, setting the Nonce,
// SignatureKey, and Signature fields. If the authority implements the
// MultiAlgorithmSigner interface the first algorithm in the list is used. This
// is useful if you want to sign with a specific algorithm.
func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {}

var certKeyAlgoNames

// underlyingAlgo returns the signature algorithm associated with algo (which is
// an advertised or negotiated public key or host key algorithm). These are
// usually the same, except for certificate algorithms.
func underlyingAlgo(algo string) string {}

// certificateAlgo returns the certificate algorithms that uses the provided
// underlying signature algorithm.
func certificateAlgo(algo string) (certAlgo string, ok bool) {}

func (cert *Certificate) bytesForSigning() []byte {}

// Marshal serializes c into OpenSSH's wire format. It is part of the
// PublicKey interface.
func (c *Certificate) Marshal() []byte {}

// Type returns the certificate algorithm name. It is part of the PublicKey interface.
func (c *Certificate) Type() string {}

// Verify verifies a signature against the certificate's public
// key. It is part of the PublicKey interface.
func (c *Certificate) Verify(data []byte, sig *Signature) error {}

func parseSignatureBody(in []byte) (out *Signature, rest []byte, ok bool) {}

func parseSignature(in []byte) (out *Signature, rest []byte, ok bool) {}