summaryrefslogtreecommitdiff
path: root/sshsig.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-09-03 08:35:27 +0000
committerDamien Miller <djm@mindrot.org>2019-09-03 18:40:24 +1000
commitd637c4aee6f9b5280c13c020d7653444ac1fcaa5 (patch)
treef4844d9e77f1008b5928f72d5542ec075239dd4e /sshsig.h
parent2a9c9f7272c1e8665155118fe6536bebdafb6166 (diff)
upstream: sshsig tweaks and improvements from and suggested by
Markus ok markus/me OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
Diffstat (limited to 'sshsig.h')
-rw-r--r--sshsig.h28
1 files changed, 17 insertions, 11 deletions
diff --git a/sshsig.h b/sshsig.h
index 92c675e3a..fc1d607b3 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -23,16 +23,29 @@ struct sshkey;
23typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, 23typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
24 const u_char *, size_t, const char *, u_int, void *); 24 const u_char *, size_t, const char *, u_int, void *);
25 25
26/* Buffer-oriented API */
27
26/* 28/*
27 * Creates a detached SSH signature for a given message. 29 * Creates a detached SSH signature for a given buffer.
28 * Returns 0 on success or a negative SSH_ERR_* error code on failure. 30 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
29 * out is populated with the detached signature, or NULL on failure. 31 * out is populated with the detached signature, or NULL on failure.
30 */ 32 */
31int sshsig_sign_message(struct sshkey *key, const char *hashalg, 33int sshsig_signb(struct sshkey *key, const char *hashalg,
32 const struct sshbuf *message, const char *sig_namespace, 34 const struct sshbuf *message, const char *sig_namespace,
33 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); 35 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx);
34 36
35/* 37/*
38 * Verifies that a detached signature is valid and optionally returns key
39 * used to sign via argument.
40 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
41 */
42int sshsig_verifyb(struct sshbuf *signature,
43 const struct sshbuf *message, const char *sig_namespace,
44 struct sshkey **sign_keyp);
45
46/* File/FD-oriented API */
47
48/*
36 * Creates a detached SSH signature for a given file. 49 * Creates a detached SSH signature for a given file.
37 * Returns 0 on success or a negative SSH_ERR_* error code on failure. 50 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
38 * out is populated with the detached signature, or NULL on failure. 51 * out is populated with the detached signature, or NULL on failure.
@@ -42,15 +55,6 @@ int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
42 sshsig_signer *signer, void *signer_ctx); 55 sshsig_signer *signer, void *signer_ctx);
43 56
44/* 57/*
45 * Verifies that a detached signature is valid and optionally returns key
46 * used to sign via argument.
47 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
48 */
49int sshsig_verify_message(struct sshbuf *signature,
50 const struct sshbuf *message, const char *sig_namespace,
51 struct sshkey **sign_keyp);
52
53/*
54 * Verifies that a detached signature over a file is valid and optionally 58 * Verifies that a detached signature over a file is valid and optionally
55 * returns key used to sign via argument. 59 * returns key used to sign via argument.
56 * Returns 0 on success or a negative SSH_ERR_* error code on failure. 60 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
@@ -58,6 +62,8 @@ int sshsig_verify_message(struct sshbuf *signature,
58int sshsig_verify_fd(struct sshbuf *signature, int fd, 62int sshsig_verify_fd(struct sshbuf *signature, int fd,
59 const char *sig_namespace, struct sshkey **sign_keyp); 63 const char *sig_namespace, struct sshkey **sign_keyp);
60 64
65/* Utility functions */
66
61/* 67/*
62 * Return a base64 encoded "ASCII armoured" version of a raw signature. 68 * Return a base64 encoded "ASCII armoured" version of a raw signature.
63 */ 69 */