diff options
Diffstat (limited to 'sshkey.h')
| -rw-r--r-- | sshkey.h | 31 |
1 files changed, 24 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.h,v 1.31 2019/01/20 22:51:37 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -89,6 +89,13 @@ enum sshkey_serialize_rep { | |||
| 89 | SSHKEY_SERIALIZE_INFO = 254, | 89 | SSHKEY_SERIALIZE_INFO = 254, |
| 90 | }; | 90 | }; |
| 91 | 91 | ||
| 92 | /* Private key disk formats */ | ||
| 93 | enum sshkey_private_format { | ||
| 94 | SSHKEY_PRIVATE_OPENSSH = 0, | ||
| 95 | SSHKEY_PRIVATE_PEM = 1, | ||
| 96 | SSHKEY_PRIVATE_PKCS8 = 2, | ||
| 97 | }; | ||
| 98 | |||
| 92 | /* key is stored in external hardware */ | 99 | /* key is stored in external hardware */ |
| 93 | #define SSHKEY_FLAG_EXT 0x0001 | 100 | #define SSHKEY_FLAG_EXT 0x0001 |
| 94 | 101 | ||
| @@ -124,6 +131,10 @@ struct sshkey { | |||
| 124 | u_char *xmss_sk; | 131 | u_char *xmss_sk; |
| 125 | u_char *xmss_pk; | 132 | u_char *xmss_pk; |
| 126 | struct sshkey_cert *cert; | 133 | struct sshkey_cert *cert; |
| 134 | u_char *shielded_private; | ||
| 135 | size_t shielded_len; | ||
| 136 | u_char *shield_prekey; | ||
| 137 | size_t shield_prekey_len; | ||
| 127 | }; | 138 | }; |
| 128 | 139 | ||
| 129 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | 140 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES |
| @@ -147,6 +158,11 @@ u_int sshkey_size(const struct sshkey *); | |||
| 147 | 158 | ||
| 148 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); | 159 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); |
| 149 | int sshkey_from_private(const struct sshkey *, struct sshkey **); | 160 | int sshkey_from_private(const struct sshkey *, struct sshkey **); |
| 161 | |||
| 162 | int sshkey_is_shielded(struct sshkey *); | ||
| 163 | int sshkey_shield_private(struct sshkey *); | ||
| 164 | int sshkey_unshield_private(struct sshkey *); | ||
| 165 | |||
| 150 | int sshkey_type_from_name(const char *); | 166 | int sshkey_type_from_name(const char *); |
| 151 | int sshkey_is_cert(const struct sshkey *); | 167 | int sshkey_is_cert(const struct sshkey *); |
| 152 | int sshkey_type_is_cert(int); | 168 | int sshkey_type_is_cert(int); |
| @@ -162,7 +178,7 @@ int sshkey_check_cert_sigtype(const struct sshkey *, const char *); | |||
| 162 | 178 | ||
| 163 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); | 179 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); |
| 164 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ | 180 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ |
| 165 | typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, | 181 | typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, |
| 166 | const u_char *, size_t, const char *, u_int, void *); | 182 | const u_char *, size_t, const char *, u_int, void *); |
| 167 | int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, | 183 | int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, |
| 168 | sshkey_certify_signer *, void *); | 184 | sshkey_certify_signer *, void *); |
| @@ -193,27 +209,28 @@ int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, | |||
| 193 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | 209 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); |
| 194 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | 210 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); |
| 195 | 211 | ||
| 196 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 212 | int sshkey_sign(struct sshkey *, u_char **, size_t *, |
| 197 | const u_char *, size_t, const char *, u_int); | 213 | const u_char *, size_t, const char *, u_int); |
| 198 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | 214 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, |
| 199 | const u_char *, size_t, const char *, u_int); | 215 | const u_char *, size_t, const char *, u_int); |
| 200 | int sshkey_check_sigtype(const u_char *, size_t, const char *); | 216 | int sshkey_check_sigtype(const u_char *, size_t, const char *); |
| 201 | const char *sshkey_sigalg_by_name(const char *); | 217 | const char *sshkey_sigalg_by_name(const char *); |
| 218 | int sshkey_get_sigtype(const u_char *, size_t, char **); | ||
| 202 | 219 | ||
| 203 | /* for debug */ | 220 | /* for debug */ |
| 204 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | 221 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
| 205 | void sshkey_dump_ec_key(const EC_KEY *); | 222 | void sshkey_dump_ec_key(const EC_KEY *); |
| 206 | 223 | ||
| 207 | /* private key parsing and serialisation */ | 224 | /* private key parsing and serialisation */ |
| 208 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | 225 | int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); |
| 209 | int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, | 226 | int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, |
| 210 | enum sshkey_serialize_rep); | 227 | enum sshkey_serialize_rep); |
| 211 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | 228 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); |
| 212 | 229 | ||
| 213 | /* private key file format parsing and serialisation */ | 230 | /* private key file format parsing and serialisation */ |
| 214 | int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, | 231 | int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, |
| 215 | const char *passphrase, const char *comment, | 232 | const char *passphrase, const char *comment, |
| 216 | int force_new_format, const char *new_format_cipher, int new_format_rounds); | 233 | int format, const char *openssh_format_cipher, int openssh_format_rounds); |
| 217 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, | 234 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, |
| 218 | const char *passphrase, struct sshkey **keyp, char **commentp); | 235 | const char *passphrase, struct sshkey **keyp, char **commentp); |
| 219 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | 236 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, |
| @@ -232,7 +249,7 @@ int sshkey_set_filename(struct sshkey *, const char *); | |||
| 232 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); | 249 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); |
| 233 | u_int32_t sshkey_signatures_left(const struct sshkey *); | 250 | u_int32_t sshkey_signatures_left(const struct sshkey *); |
| 234 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); | 251 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); |
| 235 | int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, | 252 | int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, |
| 236 | u_int32_t maxsign, sshkey_printfn *pr); | 253 | u_int32_t maxsign, sshkey_printfn *pr); |
| 237 | 254 | ||
| 238 | #ifdef SSHKEY_INTERNAL | 255 | #ifdef SSHKEY_INTERNAL |