diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-09-03 08:35:27 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-09-03 18:40:24 +1000 |
commit | d637c4aee6f9b5280c13c020d7653444ac1fcaa5 (patch) | |
tree | f4844d9e77f1008b5928f72d5542ec075239dd4e /sshsig.h | |
parent | 2a9c9f7272c1e8665155118fe6536bebdafb6166 (diff) |
upstream: sshsig tweaks and improvements from and suggested by
Markus
ok markus/me
OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
Diffstat (limited to 'sshsig.h')
-rw-r--r-- | sshsig.h | 28 |
1 files changed, 17 insertions, 11 deletions
@@ -23,16 +23,29 @@ struct sshkey; | |||
23 | typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, | 23 | typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, |
24 | const u_char *, size_t, const char *, u_int, void *); | 24 | const u_char *, size_t, const char *, u_int, void *); |
25 | 25 | ||
26 | /* Buffer-oriented API */ | ||
27 | |||
26 | /* | 28 | /* |
27 | * Creates a detached SSH signature for a given message. | 29 | * Creates a detached SSH signature for a given buffer. |
28 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | 30 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. |
29 | * out is populated with the detached signature, or NULL on failure. | 31 | * out is populated with the detached signature, or NULL on failure. |
30 | */ | 32 | */ |
31 | int sshsig_sign_message(struct sshkey *key, const char *hashalg, | 33 | int sshsig_signb(struct sshkey *key, const char *hashalg, |
32 | const struct sshbuf *message, const char *sig_namespace, | 34 | const struct sshbuf *message, const char *sig_namespace, |
33 | struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); | 35 | struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); |
34 | 36 | ||
35 | /* | 37 | /* |
38 | * Verifies that a detached signature is valid and optionally returns key | ||
39 | * used to sign via argument. | ||
40 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | ||
41 | */ | ||
42 | int sshsig_verifyb(struct sshbuf *signature, | ||
43 | const struct sshbuf *message, const char *sig_namespace, | ||
44 | struct sshkey **sign_keyp); | ||
45 | |||
46 | /* File/FD-oriented API */ | ||
47 | |||
48 | /* | ||
36 | * Creates a detached SSH signature for a given file. | 49 | * Creates a detached SSH signature for a given file. |
37 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | 50 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. |
38 | * out is populated with the detached signature, or NULL on failure. | 51 | * out is populated with the detached signature, or NULL on failure. |
@@ -42,15 +55,6 @@ int sshsig_sign_fd(struct sshkey *key, const char *hashalg, | |||
42 | sshsig_signer *signer, void *signer_ctx); | 55 | sshsig_signer *signer, void *signer_ctx); |
43 | 56 | ||
44 | /* | 57 | /* |
45 | * Verifies that a detached signature is valid and optionally returns key | ||
46 | * used to sign via argument. | ||
47 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | ||
48 | */ | ||
49 | int sshsig_verify_message(struct sshbuf *signature, | ||
50 | const struct sshbuf *message, const char *sig_namespace, | ||
51 | struct sshkey **sign_keyp); | ||
52 | |||
53 | /* | ||
54 | * Verifies that a detached signature over a file is valid and optionally | 58 | * Verifies that a detached signature over a file is valid and optionally |
55 | * returns key used to sign via argument. | 59 | * returns key used to sign via argument. |
56 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | 60 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. |
@@ -58,6 +62,8 @@ int sshsig_verify_message(struct sshbuf *signature, | |||
58 | int sshsig_verify_fd(struct sshbuf *signature, int fd, | 62 | int sshsig_verify_fd(struct sshbuf *signature, int fd, |
59 | const char *sig_namespace, struct sshkey **sign_keyp); | 63 | const char *sig_namespace, struct sshkey **sign_keyp); |
60 | 64 | ||
65 | /* Utility functions */ | ||
66 | |||
61 | /* | 67 | /* |
62 | * Return a base64 encoded "ASCII armoured" version of a raw signature. | 68 | * Return a base64 encoded "ASCII armoured" version of a raw signature. |
63 | */ | 69 | */ |