diff options
Diffstat (limited to 'key.h')
-rw-r--r-- | key.h | 188 |
1 files changed, 66 insertions, 122 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.41 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.42 2014/06/24 01:13:21 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -26,142 +26,86 @@ | |||
26 | #ifndef KEY_H | 26 | #ifndef KEY_H |
27 | #define KEY_H | 27 | #define KEY_H |
28 | 28 | ||
29 | #include "buffer.h" | 29 | #include "sshkey.h" |
30 | #include <openssl/rsa.h> | 30 | |
31 | #include <openssl/dsa.h> | 31 | typedef struct sshkey Key; |
32 | #ifdef OPENSSL_HAS_ECC | 32 | |
33 | #include <openssl/ec.h> | 33 | #define types sshkey_types |
34 | #define fp_type sshkey_fp_type | ||
35 | #define fp_rep sshkey_fp_rep | ||
36 | |||
37 | #ifndef SSH_KEY_NO_DEFINE | ||
38 | #define key_new sshkey_new | ||
39 | #define key_free sshkey_free | ||
40 | #define key_equal_public sshkey_equal_public | ||
41 | #define key_equal sshkey_equal | ||
42 | #define key_fingerprint sshkey_fingerprint | ||
43 | #define key_type sshkey_type | ||
44 | #define key_cert_type sshkey_cert_type | ||
45 | #define key_ssh_name sshkey_ssh_name | ||
46 | #define key_ssh_name_plain sshkey_ssh_name_plain | ||
47 | #define key_type_from_name sshkey_type_from_name | ||
48 | #define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name | ||
49 | #define key_type_is_cert sshkey_type_is_cert | ||
50 | #define key_size sshkey_size | ||
51 | #define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid | ||
52 | #define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid | ||
53 | #define key_names_valid2 sshkey_names_valid2 | ||
54 | #define key_is_cert sshkey_is_cert | ||
55 | #define key_type_plain sshkey_type_plain | ||
56 | #define key_cert_is_legacy sshkey_cert_is_legacy | ||
57 | #define key_curve_name_to_nid sshkey_curve_name_to_nid | ||
58 | #define key_curve_nid_to_bits sshkey_curve_nid_to_bits | ||
59 | #define key_curve_nid_to_name sshkey_curve_nid_to_name | ||
60 | #define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg | ||
61 | #define key_dump_ec_point sshkey_dump_ec_point | ||
62 | #define key_dump_ec_key sshkey_dump_ec_key | ||
63 | #define key_fingerprint sshkey_fingerprint | ||
34 | #endif | 64 | #endif |
35 | 65 | ||
36 | typedef struct Key Key; | 66 | void key_add_private(Key *); |
37 | enum types { | 67 | Key *key_new_private(int); |
38 | KEY_RSA1, | 68 | void key_free(Key *); |
39 | KEY_RSA, | 69 | Key *key_demote(const Key *); |
40 | KEY_DSA, | 70 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); |
41 | KEY_ECDSA, | 71 | int key_write(const Key *, FILE *); |
42 | KEY_ED25519, | 72 | int key_read(Key *, char **); |
43 | KEY_RSA_CERT, | ||
44 | KEY_DSA_CERT, | ||
45 | KEY_ECDSA_CERT, | ||
46 | KEY_ED25519_CERT, | ||
47 | KEY_RSA_CERT_V00, | ||
48 | KEY_DSA_CERT_V00, | ||
49 | KEY_NULL, | ||
50 | KEY_UNSPEC | ||
51 | }; | ||
52 | enum fp_type { | ||
53 | SSH_FP_SHA1, | ||
54 | SSH_FP_MD5, | ||
55 | SSH_FP_SHA256 | ||
56 | }; | ||
57 | enum fp_rep { | ||
58 | SSH_FP_HEX, | ||
59 | SSH_FP_BUBBLEBABBLE, | ||
60 | SSH_FP_RANDOMART | ||
61 | }; | ||
62 | |||
63 | /* key is stored in external hardware */ | ||
64 | #define KEY_FLAG_EXT 0x0001 | ||
65 | |||
66 | #define CERT_MAX_PRINCIPALS 256 | ||
67 | struct KeyCert { | ||
68 | Buffer certblob; /* Kept around for use on wire */ | ||
69 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ | ||
70 | u_int64_t serial; | ||
71 | char *key_id; | ||
72 | u_int nprincipals; | ||
73 | char **principals; | ||
74 | u_int64_t valid_after, valid_before; | ||
75 | Buffer critical; | ||
76 | Buffer extensions; | ||
77 | Key *signature_key; | ||
78 | }; | ||
79 | |||
80 | struct Key { | ||
81 | int type; | ||
82 | int flags; | ||
83 | RSA *rsa; | ||
84 | DSA *dsa; | ||
85 | int ecdsa_nid; /* NID of curve */ | ||
86 | #ifdef OPENSSL_HAS_ECC | ||
87 | EC_KEY *ecdsa; | ||
88 | #else | ||
89 | void *ecdsa; | ||
90 | #endif | ||
91 | struct KeyCert *cert; | ||
92 | u_char *ed25519_sk; | ||
93 | u_char *ed25519_pk; | ||
94 | }; | ||
95 | |||
96 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | ||
97 | #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES | ||
98 | |||
99 | Key *key_new(int); | ||
100 | void key_add_private(Key *); | ||
101 | Key *key_new_private(int); | ||
102 | void key_free(Key *); | ||
103 | Key *key_demote(const Key *); | ||
104 | int key_equal_public(const Key *, const Key *); | ||
105 | int key_equal(const Key *, const Key *); | ||
106 | char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); | ||
107 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); | ||
108 | const char *key_type(const Key *); | ||
109 | const char *key_cert_type(const Key *); | ||
110 | int key_write(const Key *, FILE *); | ||
111 | int key_read(Key *, char **); | ||
112 | u_int key_size(const Key *); | ||
113 | 73 | ||
114 | Key *key_generate(int, u_int); | 74 | Key *key_generate(int, u_int); |
115 | Key *key_from_private(const Key *); | 75 | Key *key_from_private(const Key *); |
116 | int key_type_from_name(char *); | ||
117 | int key_is_cert(const Key *); | ||
118 | int key_type_is_cert(int); | ||
119 | int key_type_plain(int); | ||
120 | int key_to_certified(Key *, int); | 76 | int key_to_certified(Key *, int); |
121 | int key_drop_cert(Key *); | 77 | int key_drop_cert(Key *); |
122 | int key_certify(Key *, Key *); | 78 | int key_certify(Key *, Key *); |
123 | void key_cert_copy(const Key *, struct Key *); | 79 | void key_cert_copy(const Key *, Key *); |
124 | int key_cert_check_authority(const Key *, int, int, const char *, | 80 | int key_cert_check_authority(const Key *, int, int, const char *, |
125 | const char **); | 81 | const char **); |
126 | int key_cert_is_legacy(const Key *); | 82 | char *key_alg_list(int, int); |
127 | 83 | ||
128 | int key_ecdsa_nid_from_name(const char *); | 84 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) |
129 | int key_curve_name_to_nid(const char *); | 85 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
130 | const char *key_curve_nid_to_name(int); | 86 | int key_ec_validate_private(const EC_KEY *); |
131 | u_int key_curve_nid_to_bits(int); | 87 | #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ |
132 | int key_ecdsa_bits_to_nid(int); | ||
133 | #ifdef OPENSSL_HAS_ECC | ||
134 | int key_ecdsa_key_to_nid(EC_KEY *); | ||
135 | int key_ec_nid_to_hash_alg(int nid); | ||
136 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); | ||
137 | int key_ec_validate_private(const EC_KEY *); | ||
138 | #endif | ||
139 | char *key_alg_list(int, int); | ||
140 | 88 | ||
141 | Key *key_from_blob(const u_char *, u_int); | 89 | Key *key_from_blob(const u_char *, u_int); |
142 | int key_to_blob(const Key *, u_char **, u_int *); | 90 | int key_to_blob(const Key *, u_char **, u_int *); |
143 | const char *key_ssh_name(const Key *); | ||
144 | const char *key_ssh_name_plain(const Key *); | ||
145 | int key_names_valid2(const char *); | ||
146 | 91 | ||
147 | int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); | 92 | int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
148 | int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); | 93 | int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
149 | 94 | ||
150 | int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); | 95 | void key_private_serialize(const Key *, struct sshbuf *); |
151 | int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); | 96 | Key *key_private_deserialize(struct sshbuf *); |
152 | int ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); | 97 | |
153 | int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); | 98 | /* authfile.c */ |
154 | int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); | 99 | int key_save_private(Key *, const char *, const char *, const char *, |
155 | int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); | 100 | int, const char *, int); |
156 | int ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int); | 101 | int key_load_file(int, const char *, struct sshbuf *); |
157 | int ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int); | 102 | Key *key_load_cert(const char *); |
158 | 103 | Key *key_load_public(const char *, char **); | |
159 | #if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK)) | 104 | Key *key_load_private(const char *, const char *, char **); |
160 | void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); | 105 | Key *key_load_private_cert(int, const char *, const char *, int *); |
161 | void key_dump_ec_key(const EC_KEY *); | 106 | Key *key_load_private_type(int, const char *, const char *, char **, int *); |
162 | #endif | 107 | Key *key_load_private_pem(int, int, const char *, char **); |
163 | 108 | int key_perm_ok(int, const char *); | |
164 | void key_private_serialize(const Key *, Buffer *); | 109 | int key_in_file(Key *, const char *, int); |
165 | Key *key_private_deserialize(Buffer *); | ||
166 | 110 | ||
167 | #endif | 111 | #endif |