diff options
author | Colin Watson <cjwatson@debian.org> | 2014-10-07 12:13:50 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-10-07 12:13:50 +0100 |
commit | 487bdb3a5ef6075887b830ccb8a0b14f6da78e93 (patch) | |
tree | a2cff6fec1e6c4b4153a170a3e172cfe6bfdec46 /sshkey.h | |
parent | 796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 (diff) | |
parent | 28453d58058a4d60c3ebe7d7f0c31a510cbf6158 (diff) |
Import openssh_6.7p1.orig.tar.gz
Diffstat (limited to 'sshkey.h')
-rw-r--r-- | sshkey.h | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/sshkey.h b/sshkey.h new file mode 100644 index 000000000..450b30c1f --- /dev/null +++ b/sshkey.h | |||
@@ -0,0 +1,232 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.1 2014/06/24 01:16:58 djm Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | #ifndef SSHKEY_H | ||
27 | #define SSHKEY_H | ||
28 | |||
29 | #include <sys/types.h> | ||
30 | |||
31 | #ifdef WITH_OPENSSL | ||
32 | #include <openssl/rsa.h> | ||
33 | #include <openssl/dsa.h> | ||
34 | # ifdef OPENSSL_HAS_ECC | ||
35 | # include <openssl/ec.h> | ||
36 | # else /* OPENSSL_HAS_ECC */ | ||
37 | # define EC_KEY void | ||
38 | # define EC_GROUP void | ||
39 | # define EC_POINT void | ||
40 | # endif /* OPENSSL_HAS_ECC */ | ||
41 | #else /* WITH_OPENSSL */ | ||
42 | # define RSA void | ||
43 | # define DSA void | ||
44 | # define EC_KEY void | ||
45 | # define EC_GROUP void | ||
46 | # define EC_POINT void | ||
47 | #endif /* WITH_OPENSSL */ | ||
48 | |||
49 | #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 | ||
50 | #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) | ||
51 | |||
52 | struct sshbuf; | ||
53 | |||
54 | /* Key types */ | ||
55 | enum sshkey_types { | ||
56 | KEY_RSA1, | ||
57 | KEY_RSA, | ||
58 | KEY_DSA, | ||
59 | KEY_ECDSA, | ||
60 | KEY_ED25519, | ||
61 | KEY_RSA_CERT, | ||
62 | KEY_DSA_CERT, | ||
63 | KEY_ECDSA_CERT, | ||
64 | KEY_ED25519_CERT, | ||
65 | KEY_RSA_CERT_V00, | ||
66 | KEY_DSA_CERT_V00, | ||
67 | KEY_UNSPEC | ||
68 | }; | ||
69 | |||
70 | /* Fingerprint hash algorithms */ | ||
71 | enum sshkey_fp_type { | ||
72 | SSH_FP_SHA1, | ||
73 | SSH_FP_MD5, | ||
74 | SSH_FP_SHA256 | ||
75 | }; | ||
76 | |||
77 | /* Fingerprint representation formats */ | ||
78 | enum sshkey_fp_rep { | ||
79 | SSH_FP_HEX, | ||
80 | SSH_FP_BUBBLEBABBLE, | ||
81 | SSH_FP_RANDOMART | ||
82 | }; | ||
83 | |||
84 | /* key is stored in external hardware */ | ||
85 | #define SSHKEY_FLAG_EXT 0x0001 | ||
86 | |||
87 | #define SSHKEY_CERT_MAX_PRINCIPALS 256 | ||
88 | /* XXX opaquify? */ | ||
89 | struct sshkey_cert { | ||
90 | struct sshbuf *certblob; /* Kept around for use on wire */ | ||
91 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ | ||
92 | u_int64_t serial; | ||
93 | char *key_id; | ||
94 | u_int nprincipals; | ||
95 | char **principals; | ||
96 | u_int64_t valid_after, valid_before; | ||
97 | struct sshbuf *critical; | ||
98 | struct sshbuf *extensions; | ||
99 | struct sshkey *signature_key; | ||
100 | }; | ||
101 | |||
102 | /* XXX opaquify? */ | ||
103 | struct sshkey { | ||
104 | int type; | ||
105 | int flags; | ||
106 | RSA *rsa; | ||
107 | DSA *dsa; | ||
108 | int ecdsa_nid; /* NID of curve */ | ||
109 | EC_KEY *ecdsa; | ||
110 | u_char *ed25519_sk; | ||
111 | u_char *ed25519_pk; | ||
112 | struct sshkey_cert *cert; | ||
113 | }; | ||
114 | |||
115 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | ||
116 | #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES | ||
117 | |||
118 | struct sshkey *sshkey_new(int); | ||
119 | int sshkey_add_private(struct sshkey *); | ||
120 | struct sshkey *sshkey_new_private(int); | ||
121 | void sshkey_free(struct sshkey *); | ||
122 | int sshkey_demote(const struct sshkey *, struct sshkey **); | ||
123 | int sshkey_equal_public(const struct sshkey *, | ||
124 | const struct sshkey *); | ||
125 | int sshkey_equal(const struct sshkey *, const struct sshkey *); | ||
126 | char *sshkey_fingerprint(const struct sshkey *, | ||
127 | enum sshkey_fp_type, enum sshkey_fp_rep); | ||
128 | int sshkey_fingerprint_raw(const struct sshkey *k, | ||
129 | enum sshkey_fp_type dgst_type, u_char **retp, size_t *lenp); | ||
130 | const char *sshkey_type(const struct sshkey *); | ||
131 | const char *sshkey_cert_type(const struct sshkey *); | ||
132 | int sshkey_write(const struct sshkey *, FILE *); | ||
133 | int sshkey_read(struct sshkey *, char **); | ||
134 | u_int sshkey_size(const struct sshkey *); | ||
135 | |||
136 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); | ||
137 | int sshkey_from_private(const struct sshkey *, struct sshkey **); | ||
138 | int sshkey_type_from_name(const char *); | ||
139 | int sshkey_is_cert(const struct sshkey *); | ||
140 | int sshkey_type_is_cert(int); | ||
141 | int sshkey_type_plain(int); | ||
142 | int sshkey_to_certified(struct sshkey *, int); | ||
143 | int sshkey_drop_cert(struct sshkey *); | ||
144 | int sshkey_certify(struct sshkey *, struct sshkey *); | ||
145 | int sshkey_cert_copy(const struct sshkey *, struct sshkey *); | ||
146 | int sshkey_cert_check_authority(const struct sshkey *, int, int, | ||
147 | const char *, const char **); | ||
148 | int sshkey_cert_is_legacy(const struct sshkey *); | ||
149 | |||
150 | int sshkey_ecdsa_nid_from_name(const char *); | ||
151 | int sshkey_curve_name_to_nid(const char *); | ||
152 | const char * sshkey_curve_nid_to_name(int); | ||
153 | u_int sshkey_curve_nid_to_bits(int); | ||
154 | int sshkey_ecdsa_bits_to_nid(int); | ||
155 | int sshkey_ecdsa_key_to_nid(EC_KEY *); | ||
156 | int sshkey_ec_nid_to_hash_alg(int nid); | ||
157 | int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); | ||
158 | int sshkey_ec_validate_private(const EC_KEY *); | ||
159 | const char *sshkey_ssh_name(const struct sshkey *); | ||
160 | const char *sshkey_ssh_name_plain(const struct sshkey *); | ||
161 | int sshkey_names_valid2(const char *); | ||
162 | char *key_alg_list(int, int); | ||
163 | |||
164 | int sshkey_from_blob(const u_char *, size_t, struct sshkey **); | ||
165 | int sshkey_to_blob_buf(const struct sshkey *, struct sshbuf *); | ||
166 | int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); | ||
167 | int sshkey_plain_to_blob_buf(const struct sshkey *, struct sshbuf *); | ||
168 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | ||
169 | |||
170 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | ||
171 | const u_char *, size_t, u_int); | ||
172 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | ||
173 | const u_char *, size_t, u_int); | ||
174 | |||
175 | /* for debug */ | ||
176 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | ||
177 | void sshkey_dump_ec_key(const EC_KEY *); | ||
178 | |||
179 | /* private key parsing and serialisation */ | ||
180 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | ||
181 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | ||
182 | |||
183 | /* private key file format parsing and serialisation */ | ||
184 | int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, | ||
185 | const char *passphrase, const char *comment, | ||
186 | int force_new_format, const char *new_format_cipher, int new_format_rounds); | ||
187 | int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, | ||
188 | struct sshkey **keyp, char **commentp); | ||
189 | int sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | ||
190 | const char *passphrase, struct sshkey **keyp, char **commentp); | ||
191 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, | ||
192 | const char *passphrase, const char *filename, struct sshkey **keyp, | ||
193 | char **commentp); | ||
194 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | ||
195 | const char *passphrase, struct sshkey **keyp, char **commentp); | ||
196 | |||
197 | #ifdef SSHKEY_INTERNAL | ||
198 | int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
199 | const u_char *data, size_t datalen, u_int compat); | ||
200 | int ssh_rsa_verify(const struct sshkey *key, | ||
201 | const u_char *signature, size_t signaturelen, | ||
202 | const u_char *data, size_t datalen, u_int compat); | ||
203 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
204 | const u_char *data, size_t datalen, u_int compat); | ||
205 | int ssh_dss_verify(const struct sshkey *key, | ||
206 | const u_char *signature, size_t signaturelen, | ||
207 | const u_char *data, size_t datalen, u_int compat); | ||
208 | int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
209 | const u_char *data, size_t datalen, u_int compat); | ||
210 | int ssh_ecdsa_verify(const struct sshkey *key, | ||
211 | const u_char *signature, size_t signaturelen, | ||
212 | const u_char *data, size_t datalen, u_int compat); | ||
213 | int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
214 | const u_char *data, size_t datalen, u_int compat); | ||
215 | int ssh_ed25519_verify(const struct sshkey *key, | ||
216 | const u_char *signature, size_t signaturelen, | ||
217 | const u_char *data, size_t datalen, u_int compat); | ||
218 | #endif | ||
219 | |||
220 | #if !defined(WITH_OPENSSL) | ||
221 | # undef RSA | ||
222 | # undef DSA | ||
223 | # undef EC_KEY | ||
224 | # undef EC_GROUP | ||
225 | # undef EC_POINT | ||
226 | #elif !defined(OPENSSL_HAS_ECC) | ||
227 | # undef EC_KEY | ||
228 | # undef EC_GROUP | ||
229 | # undef EC_POINT | ||
230 | #endif | ||
231 | |||
232 | #endif /* SSHKEY_H */ | ||