diff options
Diffstat (limited to 'sshkey.h')
| -rw-r--r-- | sshkey.h | 45 |
1 files changed, 42 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.24 2018/02/23 15:58:38 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -61,6 +61,8 @@ enum sshkey_types { | |||
| 61 | KEY_DSA_CERT, | 61 | KEY_DSA_CERT, |
| 62 | KEY_ECDSA_CERT, | 62 | KEY_ECDSA_CERT, |
| 63 | KEY_ED25519_CERT, | 63 | KEY_ED25519_CERT, |
| 64 | KEY_XMSS, | ||
| 65 | KEY_XMSS_CERT, | ||
| 64 | KEY_UNSPEC | 66 | KEY_UNSPEC |
| 65 | }; | 67 | }; |
| 66 | 68 | ||
| @@ -76,6 +78,14 @@ enum sshkey_fp_rep { | |||
| 76 | SSH_FP_RANDOMART | 78 | SSH_FP_RANDOMART |
| 77 | }; | 79 | }; |
| 78 | 80 | ||
| 81 | /* Private key serialisation formats, used on the wire */ | ||
| 82 | enum sshkey_serialize_rep { | ||
| 83 | SSHKEY_SERIALIZE_DEFAULT = 0, | ||
| 84 | SSHKEY_SERIALIZE_STATE = 1, | ||
| 85 | SSHKEY_SERIALIZE_FULL = 2, | ||
| 86 | SSHKEY_SERIALIZE_INFO = 254, | ||
| 87 | }; | ||
| 88 | |||
| 79 | /* key is stored in external hardware */ | 89 | /* key is stored in external hardware */ |
| 80 | #define SSHKEY_FLAG_EXT 0x0001 | 90 | #define SSHKEY_FLAG_EXT 0x0001 |
| 81 | 91 | ||
| @@ -104,6 +114,11 @@ struct sshkey { | |||
| 104 | EC_KEY *ecdsa; | 114 | EC_KEY *ecdsa; |
| 105 | u_char *ed25519_sk; | 115 | u_char *ed25519_sk; |
| 106 | u_char *ed25519_pk; | 116 | u_char *ed25519_pk; |
| 117 | char *xmss_name; | ||
| 118 | char *xmss_filename; /* for state file updates */ | ||
| 119 | void *xmss_state; /* depends on xmss_name, opaque */ | ||
| 120 | u_char *xmss_sk; | ||
| 121 | u_char *xmss_pk; | ||
| 107 | struct sshkey_cert *cert; | 122 | struct sshkey_cert *cert; |
| 108 | }; | 123 | }; |
| 109 | 124 | ||
| @@ -171,13 +186,16 @@ int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); | |||
| 171 | int sshkey_to_base64(const struct sshkey *, char **); | 186 | int sshkey_to_base64(const struct sshkey *, char **); |
| 172 | int sshkey_putb(const struct sshkey *, struct sshbuf *); | 187 | int sshkey_putb(const struct sshkey *, struct sshbuf *); |
| 173 | int sshkey_puts(const struct sshkey *, struct sshbuf *); | 188 | int sshkey_puts(const struct sshkey *, struct sshbuf *); |
| 189 | int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, | ||
| 190 | enum sshkey_serialize_rep); | ||
| 174 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | 191 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); |
| 175 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | 192 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); |
| 176 | 193 | ||
| 194 | int sshkey_sigtype(const u_char *, size_t, char **); | ||
| 177 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 195 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, |
| 178 | const u_char *, size_t, const char *, u_int); | 196 | const u_char *, size_t, const char *, u_int); |
| 179 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | 197 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, |
| 180 | const u_char *, size_t, u_int); | 198 | const u_char *, size_t, const char *, u_int); |
| 181 | 199 | ||
| 182 | /* for debug */ | 200 | /* for debug */ |
| 183 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | 201 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
| @@ -185,6 +203,8 @@ void sshkey_dump_ec_key(const EC_KEY *); | |||
| 185 | 203 | ||
| 186 | /* private key parsing and serialisation */ | 204 | /* private key parsing and serialisation */ |
| 187 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | 205 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); |
| 206 | int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, | ||
| 207 | enum sshkey_serialize_rep); | ||
| 188 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | 208 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); |
| 189 | 209 | ||
| 190 | /* private key file format parsing and serialisation */ | 210 | /* private key file format parsing and serialisation */ |
| @@ -199,12 +219,26 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | |||
| 199 | /* XXX should be internal, but used by ssh-keygen */ | 219 | /* XXX should be internal, but used by ssh-keygen */ |
| 200 | int ssh_rsa_generate_additional_parameters(struct sshkey *); | 220 | int ssh_rsa_generate_additional_parameters(struct sshkey *); |
| 201 | 221 | ||
| 222 | /* stateful keys (e.g. XMSS) */ | ||
| 223 | #ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS | ||
| 224 | typedef void sshkey_printfn(const char *, ...); | ||
| 225 | #else | ||
| 226 | typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2))); | ||
| 227 | #endif | ||
| 228 | int sshkey_set_filename(struct sshkey *, const char *); | ||
| 229 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); | ||
| 230 | u_int32_t sshkey_signatures_left(const struct sshkey *); | ||
| 231 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); | ||
| 232 | int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, | ||
| 233 | u_int32_t maxsign, sshkey_printfn *pr); | ||
| 234 | |||
| 202 | #ifdef SSHKEY_INTERNAL | 235 | #ifdef SSHKEY_INTERNAL |
| 203 | int ssh_rsa_sign(const struct sshkey *key, | 236 | int ssh_rsa_sign(const struct sshkey *key, |
| 204 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, | 237 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
| 205 | const char *ident); | 238 | const char *ident); |
| 206 | int ssh_rsa_verify(const struct sshkey *key, | 239 | int ssh_rsa_verify(const struct sshkey *key, |
| 207 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen); | 240 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
| 241 | const char *alg); | ||
| 208 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | 242 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
| 209 | const u_char *data, size_t datalen, u_int compat); | 243 | const u_char *data, size_t datalen, u_int compat); |
| 210 | int ssh_dss_verify(const struct sshkey *key, | 244 | int ssh_dss_verify(const struct sshkey *key, |
| @@ -220,6 +254,11 @@ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
| 220 | int ssh_ed25519_verify(const struct sshkey *key, | 254 | int ssh_ed25519_verify(const struct sshkey *key, |
| 221 | const u_char *signature, size_t signaturelen, | 255 | const u_char *signature, size_t signaturelen, |
| 222 | const u_char *data, size_t datalen, u_int compat); | 256 | const u_char *data, size_t datalen, u_int compat); |
| 257 | int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
| 258 | const u_char *data, size_t datalen, u_int compat); | ||
| 259 | int ssh_xmss_verify(const struct sshkey *key, | ||
| 260 | const u_char *signature, size_t signaturelen, | ||
| 261 | const u_char *data, size_t datalen, u_int compat); | ||
| 223 | #endif | 262 | #endif |
| 224 | 263 | ||
| 225 | #if !defined(WITH_OPENSSL) | 264 | #if !defined(WITH_OPENSSL) |