1 files changed, 66 insertions, 122 deletions
diff --git a/key.h b/key.h
index c8aeba29e..c6401a576 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.41 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: key.h,v 1.42 2014/06/24 01:13:21 djm Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,142 +26,86 @@
 #ifndef KEY_H
 #define KEY_H
-#include "buffer.h"
+#include "sshkey.h"
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
+typedef struct sshkey Key;
-#ifdef OPENSSL_HAS_ECC
-#include <openssl/ec.h>
+#define types sshkey_types
+#define fp_type sshkey_fp_type
+#define fp_rep sshkey_fp_rep
+#ifndef SSH_KEY_NO_DEFINE
+#define key_new                 sshkey_new
+#define key_free                sshkey_free
+#define key_equal_public        sshkey_equal_public
+#define key_equal               sshkey_equal
+#define key_fingerprint         sshkey_fingerprint
+#define key_type                sshkey_type
+#define key_cert_type           sshkey_cert_type
+#define key_ssh_name            sshkey_ssh_name
+#define key_ssh_name_plain      sshkey_ssh_name_plain
+#define key_type_from_name      sshkey_type_from_name
+#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name
+#define key_type_is_cert        sshkey_type_is_cert
+#define key_size                sshkey_size
+#define key_ecdsa_bits_to_nid   sshkey_ecdsa_bits_to_nid
+#define key_ecdsa_key_to_nid    sshkey_ecdsa_key_to_nid
+#define key_names_valid2        sshkey_names_valid2
+#define key_is_cert             sshkey_is_cert
+#define key_type_plain          sshkey_type_plain
+#define key_cert_is_legacy      sshkey_cert_is_legacy
+#define key_curve_name_to_nid   sshkey_curve_name_to_nid
+#define key_curve_nid_to_bits   sshkey_curve_nid_to_bits
+#define key_curve_nid_to_name   sshkey_curve_nid_to_name
+#define key_ec_nid_to_hash_alg  sshkey_ec_nid_to_hash_alg
+#define key_dump_ec_point       sshkey_dump_ec_point
+#define key_dump_ec_key         sshkey_dump_ec_key
+#define key_fingerprint         sshkey_fingerprint
 #endif
-typedef struct Key Key;
+void     key_add_private(Key *);
-enum types {
+Key     *key_new_private(int);
-        KEY_RSA1,
+void     key_free(Key *);
-        KEY_RSA,
+Key     *key_demote(const Key *);
-        KEY_DSA,
+u_char  *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
-        KEY_ECDSA,
+int      key_write(const Key *, FILE *);
-        KEY_ED25519,
+int      key_read(Key *, char **);
-        KEY_RSA_CERT,
-        KEY_DSA_CERT,
-        KEY_ECDSA_CERT,
-        KEY_ED25519_CERT,
-        KEY_RSA_CERT_V00,
-        KEY_DSA_CERT_V00,
-        KEY_NULL,
-        KEY_UNSPEC
-};
-enum fp_type {
-        SSH_FP_SHA1,
-        SSH_FP_MD5,
-        SSH_FP_SHA256
-};
-enum fp_rep {
-        SSH_FP_HEX,
-        SSH_FP_BUBBLEBABBLE,
-        SSH_FP_RANDOMART
-};
-/* key is stored in external hardware */
-#define KEY_FLAG_EXT            0x0001
-#define CERT_MAX_PRINCIPALS     256
-struct KeyCert {
-        Buffer           certblob; /* Kept around for use on wire */
-        u_int            type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */
-        u_int64_t        serial;
-        char            *key_id;
-        u_int            nprincipals;
-        char            **principals;
-        u_int64_t        valid_after, valid_before;
-        Buffer           critical;
-        Buffer           extensions;
-        Key             *signature_key;
-};
-struct Key {
-        int      type;
-        int      flags;
-        RSA     *rsa;
-        DSA     *dsa;
-        int      ecdsa_nid;     /* NID of curve */
-#ifdef OPENSSL_HAS_ECC
-        EC_KEY  *ecdsa;
-#else
-        void    *ecdsa;
-#endif
-        struct KeyCert *cert;
-        u_char  *ed25519_sk;
-        u_char  *ed25519_pk;
-};
-#define ED25519_SK_SZ   crypto_sign_ed25519_SECRETKEYBYTES
-#define ED25519_PK_SZ   crypto_sign_ed25519_PUBLICKEYBYTES
-Key             *key_new(int);
-void             key_add_private(Key *);
-Key             *key_new_private(int);
-void             key_free(Key *);
-Key             *key_demote(const Key *);
-int              key_equal_public(const Key *, const Key *);
-int              key_equal(const Key *, const Key *);
-char            *key_fingerprint(const Key *, enum fp_type, enum fp_rep);
-u_char          *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
-const char      *key_type(const Key *);
-const char      *key_cert_type(const Key *);
-int              key_write(const Key *, FILE *);
-int              key_read(Key *, char **);
-u_int            key_size(const Key *);
 Key     *key_generate(int, u_int);
 Key     *key_from_private(const Key *);
-int      key_type_from_name(char *);
-int      key_is_cert(const Key *);
-int      key_type_is_cert(int);
-int      key_type_plain(int);
 int      key_to_certified(Key *, int);
 int      key_drop_cert(Key *);
 int      key_certify(Key *, Key *);
-void     key_cert_copy(const Key *, struct Key *);
+void     key_cert_copy(const Key *, Key *);
 int      key_cert_check_authority(const Key *, int, int, const char *,
            const char **);
-int      key_cert_is_legacy(const Key *);
+char    *key_alg_list(int, int);
-int              key_ecdsa_nid_from_name(const char *);
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
-int              key_curve_name_to_nid(const char *);
+int      key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
-const char      *key_curve_nid_to_name(int);
+int      key_ec_validate_private(const EC_KEY *);
-u_int            key_curve_nid_to_bits(int);
+#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
-int              key_ecdsa_bits_to_nid(int);
-#ifdef OPENSSL_HAS_ECC
-int              key_ecdsa_key_to_nid(EC_KEY *);
-int              key_ec_nid_to_hash_alg(int nid);
-int              key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
-int              key_ec_validate_private(const EC_KEY *);
-#endif
-char            *key_alg_list(int, int);
-Key             *key_from_blob(const u_char *, u_int);
+Key     *key_from_blob(const u_char *, u_int);
-int              key_to_blob(const Key *, u_char **, u_int *);
+int      key_to_blob(const Key *, u_char **, u_int *);
-const char      *key_ssh_name(const Key *);
-const char      *key_ssh_name_plain(const Key *);
-int              key_names_valid2(const char *);
 int      key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
 int      key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-int      ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+void     key_private_serialize(const Key *, struct sshbuf *);
-int      ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+Key     *key_private_deserialize(struct sshbuf *);
-int      ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
-int      ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+/* authfile.c */
-int      ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      key_save_private(Key *, const char *, const char *, const char *,
-int      ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+    int, const char *, int);
-int      ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      key_load_file(int, const char *, struct sshbuf *);
-int      ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+Key     *key_load_cert(const char *);
+Key     *key_load_public(const char *, char **);
-#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK))
+Key     *key_load_private(const char *, const char *, char **);
-void    key_dump_ec_point(const EC_GROUP *, const EC_POINT *);
+Key     *key_load_private_cert(int, const char *, const char *, int *);
-void    key_dump_ec_key(const EC_KEY *);
+Key     *key_load_private_type(int, const char *, const char *, char **, int *);
-#endif
+Key     *key_load_private_pem(int, int, const char *, char **);
+int      key_perm_ok(int, const char *);
-void     key_private_serialize(const Key *, Buffer *);
+int      key_in_file(Key *, const char *, int);
-Key     *key_private_deserialize(Buffer *);
 #endif

diff --git a/key.h b/key.h index c8aeba29e..c6401a576 100644 --- a/key.h +++ b/key.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: key.h,v 1.41 2014/01/09 23:20:00 djm Exp $ */	1	/* $OpenBSD: key.h,v 1.42 2014/06/24 01:13:21 djm Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -26,142 +26,86 @@
26	#ifndef KEY_H	26	#ifndef KEY_H
27	#define KEY_H	27	#define KEY_H
28		28
29	#include "buffer.h"	29	#include "sshkey.h"
30	#include <openssl/rsa.h>	30
31	#include <openssl/dsa.h>	31	typedef struct sshkey Key;
32	#ifdef OPENSSL_HAS_ECC	32
33	#include <openssl/ec.h>	33	#define types sshkey_types
		34	#define fp_type sshkey_fp_type
		35	#define fp_rep sshkey_fp_rep
		36
		37	#ifndef SSH_KEY_NO_DEFINE
		38	#define key_new sshkey_new
		39	#define key_free sshkey_free
		40	#define key_equal_public sshkey_equal_public
		41	#define key_equal sshkey_equal
		42	#define key_fingerprint sshkey_fingerprint
		43	#define key_type sshkey_type
		44	#define key_cert_type sshkey_cert_type
		45	#define key_ssh_name sshkey_ssh_name
		46	#define key_ssh_name_plain sshkey_ssh_name_plain
		47	#define key_type_from_name sshkey_type_from_name
		48	#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name
		49	#define key_type_is_cert sshkey_type_is_cert
		50	#define key_size sshkey_size
		51	#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid
		52	#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid
		53	#define key_names_valid2 sshkey_names_valid2
		54	#define key_is_cert sshkey_is_cert
		55	#define key_type_plain sshkey_type_plain
		56	#define key_cert_is_legacy sshkey_cert_is_legacy
		57	#define key_curve_name_to_nid sshkey_curve_name_to_nid
		58	#define key_curve_nid_to_bits sshkey_curve_nid_to_bits
		59	#define key_curve_nid_to_name sshkey_curve_nid_to_name
		60	#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg
		61	#define key_dump_ec_point sshkey_dump_ec_point
		62	#define key_dump_ec_key sshkey_dump_ec_key
		63	#define key_fingerprint sshkey_fingerprint
34	#endif	64	#endif
35		65
36	typedef struct Key Key;	66	void key_add_private(Key *);
37	enum types {	67	Key *key_new_private(int);
38	KEY_RSA1,	68	void key_free(Key *);
39	KEY_RSA,	69	Key key_demote(const Key );
40	KEY_DSA,	70	u_char key_fingerprint_raw(const Key , enum fp_type, u_int *);
41	KEY_ECDSA,	71	int key_write(const Key , FILE );
42	KEY_ED25519,	72	int key_read(Key , char *);
43	KEY_RSA_CERT,
44	KEY_DSA_CERT,
45	KEY_ECDSA_CERT,
46	KEY_ED25519_CERT,
47	KEY_RSA_CERT_V00,
48	KEY_DSA_CERT_V00,
49	KEY_NULL,
50	KEY_UNSPEC
51	};
52	enum fp_type {
53	SSH_FP_SHA1,
54	SSH_FP_MD5,
55	SSH_FP_SHA256
56	};
57	enum fp_rep {
58	SSH_FP_HEX,
59	SSH_FP_BUBBLEBABBLE,
60	SSH_FP_RANDOMART
61	};
62
63	/* key is stored in external hardware */
64	#define KEY_FLAG_EXT 0x0001
65
66	#define CERT_MAX_PRINCIPALS 256
67	struct KeyCert {
68	Buffer certblob; /* Kept around for use on wire */
69	u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */
70	u_int64_t serial;
71	char *key_id;
72	u_int nprincipals;
73	char **principals;
74	u_int64_t valid_after, valid_before;
75	Buffer critical;
76	Buffer extensions;
77	Key *signature_key;
78	};
79
80	struct Key {
81	int type;
82	int flags;
83	RSA *rsa;
84	DSA *dsa;
85	int ecdsa_nid; /* NID of curve */
86	#ifdef OPENSSL_HAS_ECC
87	EC_KEY *ecdsa;
88	#else
89	void *ecdsa;
90	#endif
91	struct KeyCert *cert;
92	u_char *ed25519_sk;
93	u_char *ed25519_pk;
94	};
95
96	#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
97	#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
98
99	Key *key_new(int);
100	void key_add_private(Key *);
101	Key *key_new_private(int);
102	void key_free(Key *);
103	Key key_demote(const Key );
104	int key_equal_public(const Key , const Key );
105	int key_equal(const Key , const Key );
106	char key_fingerprint(const Key , enum fp_type, enum fp_rep);
107	u_char key_fingerprint_raw(const Key , enum fp_type, u_int *);
108	const char key_type(const Key );
109	const char key_cert_type(const Key );
110	int key_write(const Key , FILE );
111	int key_read(Key , char *);
112	u_int key_size(const Key *);
113		73
114	Key *key_generate(int, u_int);	74	Key *key_generate(int, u_int);
115	Key key_from_private(const Key );	75	Key key_from_private(const Key );
116	int key_type_from_name(char *);
117	int key_is_cert(const Key *);
118	int key_type_is_cert(int);
119	int key_type_plain(int);
120	int key_to_certified(Key *, int);	76	int key_to_certified(Key *, int);
121	int key_drop_cert(Key *);	77	int key_drop_cert(Key *);
122	int key_certify(Key , Key );	78	int key_certify(Key , Key );
123	void key_cert_copy(const Key , struct Key );	79	void key_cert_copy(const Key , Key );
124	int key_cert_check_authority(const Key , int, int, const char ,	80	int key_cert_check_authority(const Key , int, int, const char ,
125	const char **);	81	const char **);
126	int key_cert_is_legacy(const Key *);	82	char *key_alg_list(int, int);
127		83
128	int key_ecdsa_nid_from_name(const char *);	84	#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
129	int key_curve_name_to_nid(const char *);	85	int key_ec_validate_public(const EC_GROUP , const EC_POINT );
130	const char *key_curve_nid_to_name(int);	86	int key_ec_validate_private(const EC_KEY *);
131	u_int key_curve_nid_to_bits(int);	87	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
132	int key_ecdsa_bits_to_nid(int);
133	#ifdef OPENSSL_HAS_ECC
134	int key_ecdsa_key_to_nid(EC_KEY *);
135	int key_ec_nid_to_hash_alg(int nid);
136	int key_ec_validate_public(const EC_GROUP , const EC_POINT );
137	int key_ec_validate_private(const EC_KEY *);
138	#endif
139	char *key_alg_list(int, int);
140		88
141	Key key_from_blob(const u_char , u_int);	89	Key key_from_blob(const u_char , u_int);
142	int key_to_blob(const Key , u_char , u_int );	90	int key_to_blob(const Key , u_char , u_int );
143	const char key_ssh_name(const Key );
144	const char key_ssh_name_plain(const Key );
145	int key_names_valid2(const char *);
146		91
147	int key_sign(const Key , u_char , u_int , const u_char *, u_int);	92	int key_sign(const Key , u_char , u_int , const u_char *, u_int);
148	int key_verify(const Key , const u_char , u_int, const u_char *, u_int);	93	int key_verify(const Key , const u_char , u_int, const u_char *, u_int);
149		94
150	int ssh_dss_sign(const Key , u_char , u_int , const u_char *, u_int);	95	void key_private_serialize(const Key , struct sshbuf );
151	int ssh_dss_verify(const Key , const u_char , u_int, const u_char *, u_int);	96	Key key_private_deserialize(struct sshbuf );
152	int ssh_ecdsa_sign(const Key , u_char , u_int , const u_char *, u_int);	97
153	int ssh_ecdsa_verify(const Key , const u_char , u_int, const u_char *, u_int);	98	/* authfile.c */
154	int ssh_rsa_sign(const Key , u_char , u_int , const u_char *, u_int);	99	int key_save_private(Key , const char , const char , const char ,
155	int ssh_rsa_verify(const Key , const u_char , u_int, const u_char *, u_int);	100	int, const char *, int);
156	int ssh_ed25519_sign(const Key , u_char , u_int , const u_char *, u_int);	101	int key_load_file(int, const char , struct sshbuf );
157	int ssh_ed25519_verify(const Key , const u_char , u_int, const u_char *, u_int);	102	Key key_load_cert(const char );
158		103	Key key_load_public(const char , char **);
159	#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) \|\| defined(DEBUG_PK))	104	Key key_load_private(const char , const char , char *);
160	void key_dump_ec_point(const EC_GROUP , const EC_POINT );	105	Key key_load_private_cert(int, const char , const char , int );
161	void key_dump_ec_key(const EC_KEY *);	106	Key key_load_private_type(int, const char , const char , char , int );
162	#endif	107	Key key_load_private_pem(int, int, const char , char **);
163		108	int key_perm_ok(int, const char *);
164	void key_private_serialize(const Key , Buffer );	109	int key_in_file(Key , const char , int);
165	Key key_private_deserialize(Buffer );
166		110
167	#endif	111	#endif