summaryrefslogtreecommitdiff
path: root/sshkey.h
diff options
context:
space:
mode:
Diffstat (limited to 'sshkey.h')
-rw-r--r--sshkey.h53
1 files changed, 44 insertions, 9 deletions
diff --git a/sshkey.h b/sshkey.h
index 1bf30d055..37a43a67a 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.44 2019/12/30 09:23:28 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -65,6 +65,10 @@ enum sshkey_types {
65 KEY_ED25519_CERT, 65 KEY_ED25519_CERT,
66 KEY_XMSS, 66 KEY_XMSS,
67 KEY_XMSS_CERT, 67 KEY_XMSS_CERT,
68 KEY_ECDSA_SK,
69 KEY_ECDSA_SK_CERT,
70 KEY_ED25519_SK,
71 KEY_ED25519_SK_CERT,
68 KEY_NULL, 72 KEY_NULL,
69 KEY_UNSPEC 73 KEY_UNSPEC
70}; 74};
@@ -84,9 +88,10 @@ enum sshkey_fp_rep {
84/* Private key serialisation formats, used on the wire */ 88/* Private key serialisation formats, used on the wire */
85enum sshkey_serialize_rep { 89enum sshkey_serialize_rep {
86 SSHKEY_SERIALIZE_DEFAULT = 0, 90 SSHKEY_SERIALIZE_DEFAULT = 0,
87 SSHKEY_SERIALIZE_STATE = 1, 91 SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */
88 SSHKEY_SERIALIZE_FULL = 2, 92 SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */
89 SSHKEY_SERIALIZE_INFO = 254, 93 SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */
94 SSHKEY_SERIALIZE_INFO = 254, /* minimal information */
90}; 95};
91 96
92/* Private key disk formats */ 97/* Private key disk formats */
@@ -119,18 +124,30 @@ struct sshkey_cert {
119struct sshkey { 124struct sshkey {
120 int type; 125 int type;
121 int flags; 126 int flags;
127 /* KEY_RSA */
122 RSA *rsa; 128 RSA *rsa;
129 /* KEY_DSA */
123 DSA *dsa; 130 DSA *dsa;
131 /* KEY_ECDSA and KEY_ECDSA_SK */
124 int ecdsa_nid; /* NID of curve */ 132 int ecdsa_nid; /* NID of curve */
125 EC_KEY *ecdsa; 133 EC_KEY *ecdsa;
134 /* KEY_ED25519 and KEY_ED25519_SK */
126 u_char *ed25519_sk; 135 u_char *ed25519_sk;
127 u_char *ed25519_pk; 136 u_char *ed25519_pk;
137 /* KEY_XMSS */
128 char *xmss_name; 138 char *xmss_name;
129 char *xmss_filename; /* for state file updates */ 139 char *xmss_filename; /* for state file updates */
130 void *xmss_state; /* depends on xmss_name, opaque */ 140 void *xmss_state; /* depends on xmss_name, opaque */
131 u_char *xmss_sk; 141 u_char *xmss_sk;
132 u_char *xmss_pk; 142 u_char *xmss_pk;
143 /* KEY_ECDSA_SK and KEY_ED25519_SK */
144 char *sk_application;
145 uint8_t sk_flags;
146 struct sshbuf *sk_key_handle;
147 struct sshbuf *sk_reserved;
148 /* Certificates */
133 struct sshkey_cert *cert; 149 struct sshkey_cert *cert;
150 /* Private key shielding */
134 u_char *shielded_private; 151 u_char *shielded_private;
135 size_t shielded_len; 152 size_t shielded_len;
136 u_char *shield_prekey; 153 u_char *shield_prekey;
@@ -140,6 +157,12 @@ struct sshkey {
140#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES 157#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
141#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES 158#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
142 159
160/* Additional fields contained in signature */
161struct sshkey_sig_details {
162 uint32_t sk_counter; /* U2F signature counter */
163 uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */
164};
165
143struct sshkey *sshkey_new(int); 166struct sshkey *sshkey_new(int);
144void sshkey_free(struct sshkey *); 167void sshkey_free(struct sshkey *);
145int sshkey_equal_public(const struct sshkey *, 168int sshkey_equal_public(const struct sshkey *,
@@ -165,6 +188,7 @@ int sshkey_unshield_private(struct sshkey *);
165 188
166int sshkey_type_from_name(const char *); 189int sshkey_type_from_name(const char *);
167int sshkey_is_cert(const struct sshkey *); 190int sshkey_is_cert(const struct sshkey *);
191int sshkey_is_sk(const struct sshkey *);
168int sshkey_type_is_cert(int); 192int sshkey_type_is_cert(int);
169int sshkey_type_plain(int); 193int sshkey_type_plain(int);
170int sshkey_to_certified(struct sshkey *); 194int sshkey_to_certified(struct sshkey *);
@@ -176,12 +200,13 @@ size_t sshkey_format_cert_validity(const struct sshkey_cert *,
176 char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); 200 char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
177int sshkey_check_cert_sigtype(const struct sshkey *, const char *); 201int sshkey_check_cert_sigtype(const struct sshkey *, const char *);
178 202
179int sshkey_certify(struct sshkey *, struct sshkey *, const char *); 203int sshkey_certify(struct sshkey *, struct sshkey *,
204 const char *, const char *);
180/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ 205/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
181typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, 206typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *,
182 const u_char *, size_t, const char *, u_int, void *); 207 const u_char *, size_t, const char *, const char *, u_int, void *);
183int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, 208int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *,
184 sshkey_certify_signer *, void *); 209 const char *, sshkey_certify_signer *, void *);
185 210
186int sshkey_ecdsa_nid_from_name(const char *); 211int sshkey_ecdsa_nid_from_name(const char *);
187int sshkey_curve_name_to_nid(const char *); 212int sshkey_curve_name_to_nid(const char *);
@@ -210,9 +235,9 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *);
210int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); 235int sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
211 236
212int sshkey_sign(struct sshkey *, u_char **, size_t *, 237int sshkey_sign(struct sshkey *, u_char **, size_t *,
213 const u_char *, size_t, const char *, u_int); 238 const u_char *, size_t, const char *, const char *, u_int);
214int sshkey_verify(const struct sshkey *, const u_char *, size_t, 239int sshkey_verify(const struct sshkey *, const u_char *, size_t,
215 const u_char *, size_t, const char *, u_int); 240 const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **);
216int sshkey_check_sigtype(const u_char *, size_t, const char *); 241int sshkey_check_sigtype(const u_char *, size_t, const char *);
217const char *sshkey_sigalg_by_name(const char *); 242const char *sshkey_sigalg_by_name(const char *);
218int sshkey_get_sigtype(const u_char *, size_t, char **); 243int sshkey_get_sigtype(const u_char *, size_t, char **);
@@ -252,6 +277,8 @@ int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *);
252int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, 277int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf,
253 u_int32_t maxsign, sshkey_printfn *pr); 278 u_int32_t maxsign, sshkey_printfn *pr);
254 279
280void sshkey_sig_details_free(struct sshkey_sig_details *);
281
255#ifdef SSHKEY_INTERNAL 282#ifdef SSHKEY_INTERNAL
256int ssh_rsa_sign(const struct sshkey *key, 283int ssh_rsa_sign(const struct sshkey *key,
257 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, 284 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
@@ -269,11 +296,19 @@ int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
269int ssh_ecdsa_verify(const struct sshkey *key, 296int ssh_ecdsa_verify(const struct sshkey *key,
270 const u_char *signature, size_t signaturelen, 297 const u_char *signature, size_t signaturelen,
271 const u_char *data, size_t datalen, u_int compat); 298 const u_char *data, size_t datalen, u_int compat);
299int ssh_ecdsa_sk_verify(const struct sshkey *key,
300 const u_char *signature, size_t signaturelen,
301 const u_char *data, size_t datalen, u_int compat,
302 struct sshkey_sig_details **detailsp);
272int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 303int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
273 const u_char *data, size_t datalen, u_int compat); 304 const u_char *data, size_t datalen, u_int compat);
274int ssh_ed25519_verify(const struct sshkey *key, 305int ssh_ed25519_verify(const struct sshkey *key,
275 const u_char *signature, size_t signaturelen, 306 const u_char *signature, size_t signaturelen,
276 const u_char *data, size_t datalen, u_int compat); 307 const u_char *data, size_t datalen, u_int compat);
308int ssh_ed25519_sk_verify(const struct sshkey *key,
309 const u_char *signature, size_t signaturelen,
310 const u_char *data, size_t datalen, u_int compat,
311 struct sshkey_sig_details **detailsp);
277int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 312int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
278 const u_char *data, size_t datalen, u_int compat); 313 const u_char *data, size_t datalen, u_int compat);
279int ssh_xmss_verify(const struct sshkey *key, 314int ssh_xmss_verify(const struct sshkey *key,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 14:53:45 +0000