summaryrefslogtreecommitdiff
path: root/sshkey.h
diff options
context:
space:
mode:
Diffstat (limited to 'sshkey.h')
-rw-r--r--sshkey.h53
1 files changed, 44 insertions, 9 deletions
diff --git a/sshkey.h b/sshkey.h
index 1119a7b07..71a3fddcb 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.44 2019/12/30 09:23:28 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -65,6 +65,10 @@ enum sshkey_types {
65 KEY_ED25519_CERT, 65 KEY_ED25519_CERT,
66 KEY_XMSS, 66 KEY_XMSS,
67 KEY_XMSS_CERT, 67 KEY_XMSS_CERT,
68 KEY_ECDSA_SK,
69 KEY_ECDSA_SK_CERT,
70 KEY_ED25519_SK,
71 KEY_ED25519_SK_CERT,
68 KEY_UNSPEC 72 KEY_UNSPEC
69}; 73};
70 74
@@ -83,9 +87,10 @@ enum sshkey_fp_rep {
83/* Private key serialisation formats, used on the wire */ 87/* Private key serialisation formats, used on the wire */
84enum sshkey_serialize_rep { 88enum sshkey_serialize_rep {
85 SSHKEY_SERIALIZE_DEFAULT = 0, 89 SSHKEY_SERIALIZE_DEFAULT = 0,
86 SSHKEY_SERIALIZE_STATE = 1, 90 SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */
87 SSHKEY_SERIALIZE_FULL = 2, 91 SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */
88 SSHKEY_SERIALIZE_INFO = 254, 92 SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */
93 SSHKEY_SERIALIZE_INFO = 254, /* minimal information */
89}; 94};
90 95
91/* Private key disk formats */ 96/* Private key disk formats */
@@ -118,18 +123,30 @@ struct sshkey_cert {
118struct sshkey { 123struct sshkey {
119 int type; 124 int type;
120 int flags; 125 int flags;
126 /* KEY_RSA */
121 RSA *rsa; 127 RSA *rsa;
128 /* KEY_DSA */
122 DSA *dsa; 129 DSA *dsa;
130 /* KEY_ECDSA and KEY_ECDSA_SK */
123 int ecdsa_nid; /* NID of curve */ 131 int ecdsa_nid; /* NID of curve */
124 EC_KEY *ecdsa; 132 EC_KEY *ecdsa;
133 /* KEY_ED25519 and KEY_ED25519_SK */
125 u_char *ed25519_sk; 134 u_char *ed25519_sk;
126 u_char *ed25519_pk; 135 u_char *ed25519_pk;
136 /* KEY_XMSS */
127 char *xmss_name; 137 char *xmss_name;
128 char *xmss_filename; /* for state file updates */ 138 char *xmss_filename; /* for state file updates */
129 void *xmss_state; /* depends on xmss_name, opaque */ 139 void *xmss_state; /* depends on xmss_name, opaque */
130 u_char *xmss_sk; 140 u_char *xmss_sk;
131 u_char *xmss_pk; 141 u_char *xmss_pk;
142 /* KEY_ECDSA_SK and KEY_ED25519_SK */
143 char *sk_application;
144 uint8_t sk_flags;
145 struct sshbuf *sk_key_handle;
146 struct sshbuf *sk_reserved;
147 /* Certificates */
132 struct sshkey_cert *cert; 148 struct sshkey_cert *cert;
149 /* Private key shielding */
133 u_char *shielded_private; 150 u_char *shielded_private;
134 size_t shielded_len; 151 size_t shielded_len;
135 u_char *shield_prekey; 152 u_char *shield_prekey;
@@ -139,6 +156,12 @@ struct sshkey {
139#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES 156#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
140#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES 157#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
141 158
159/* Additional fields contained in signature */
160struct sshkey_sig_details {
161 uint32_t sk_counter; /* U2F signature counter */
162 uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */
163};
164
142struct sshkey *sshkey_new(int); 165struct sshkey *sshkey_new(int);
143void sshkey_free(struct sshkey *); 166void sshkey_free(struct sshkey *);
144int sshkey_equal_public(const struct sshkey *, 167int sshkey_equal_public(const struct sshkey *,
@@ -164,6 +187,7 @@ int sshkey_unshield_private(struct sshkey *);
164 187
165int sshkey_type_from_name(const char *); 188int sshkey_type_from_name(const char *);
166int sshkey_is_cert(const struct sshkey *); 189int sshkey_is_cert(const struct sshkey *);
190int sshkey_is_sk(const struct sshkey *);
167int sshkey_type_is_cert(int); 191int sshkey_type_is_cert(int);
168int sshkey_type_plain(int); 192int sshkey_type_plain(int);
169int sshkey_to_certified(struct sshkey *); 193int sshkey_to_certified(struct sshkey *);
@@ -175,12 +199,13 @@ size_t sshkey_format_cert_validity(const struct sshkey_cert *,
175 char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); 199 char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
176int sshkey_check_cert_sigtype(const struct sshkey *, const char *); 200int sshkey_check_cert_sigtype(const struct sshkey *, const char *);
177 201
178int sshkey_certify(struct sshkey *, struct sshkey *, const char *); 202int sshkey_certify(struct sshkey *, struct sshkey *,
203 const char *, const char *);
179/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ 204/* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
180typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, 205typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *,
181 const u_char *, size_t, const char *, u_int, void *); 206 const u_char *, size_t, const char *, const char *, u_int, void *);
182int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, 207int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *,
183 sshkey_certify_signer *, void *); 208 const char *, sshkey_certify_signer *, void *);
184 209
185int sshkey_ecdsa_nid_from_name(const char *); 210int sshkey_ecdsa_nid_from_name(const char *);
186int sshkey_curve_name_to_nid(const char *); 211int sshkey_curve_name_to_nid(const char *);
@@ -209,9 +234,9 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *);
209int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); 234int sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
210 235
211int sshkey_sign(struct sshkey *, u_char **, size_t *, 236int sshkey_sign(struct sshkey *, u_char **, size_t *,
212 const u_char *, size_t, const char *, u_int); 237 const u_char *, size_t, const char *, const char *, u_int);
213int sshkey_verify(const struct sshkey *, const u_char *, size_t, 238int sshkey_verify(const struct sshkey *, const u_char *, size_t,
214 const u_char *, size_t, const char *, u_int); 239 const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **);
215int sshkey_check_sigtype(const u_char *, size_t, const char *); 240int sshkey_check_sigtype(const u_char *, size_t, const char *);
216const char *sshkey_sigalg_by_name(const char *); 241const char *sshkey_sigalg_by_name(const char *);
217int sshkey_get_sigtype(const u_char *, size_t, char **); 242int sshkey_get_sigtype(const u_char *, size_t, char **);
@@ -251,6 +276,8 @@ int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *);
251int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, 276int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf,
252 u_int32_t maxsign, sshkey_printfn *pr); 277 u_int32_t maxsign, sshkey_printfn *pr);
253 278
279void sshkey_sig_details_free(struct sshkey_sig_details *);
280
254#ifdef SSHKEY_INTERNAL 281#ifdef SSHKEY_INTERNAL
255int ssh_rsa_sign(const struct sshkey *key, 282int ssh_rsa_sign(const struct sshkey *key,
256 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, 283 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
@@ -268,11 +295,19 @@ int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
268int ssh_ecdsa_verify(const struct sshkey *key, 295int ssh_ecdsa_verify(const struct sshkey *key,
269 const u_char *signature, size_t signaturelen, 296 const u_char *signature, size_t signaturelen,
270 const u_char *data, size_t datalen, u_int compat); 297 const u_char *data, size_t datalen, u_int compat);
298int ssh_ecdsa_sk_verify(const struct sshkey *key,
299 const u_char *signature, size_t signaturelen,
300 const u_char *data, size_t datalen, u_int compat,
301 struct sshkey_sig_details **detailsp);
271int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 302int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
272 const u_char *data, size_t datalen, u_int compat); 303 const u_char *data, size_t datalen, u_int compat);
273int ssh_ed25519_verify(const struct sshkey *key, 304int ssh_ed25519_verify(const struct sshkey *key,
274 const u_char *signature, size_t signaturelen, 305 const u_char *signature, size_t signaturelen,
275 const u_char *data, size_t datalen, u_int compat); 306 const u_char *data, size_t datalen, u_int compat);
307int ssh_ed25519_sk_verify(const struct sshkey *key,
308 const u_char *signature, size_t signaturelen,
309 const u_char *data, size_t datalen, u_int compat,
310 struct sshkey_sig_details **detailsp);
276int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 311int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
277 const u_char *data, size_t datalen, u_int compat); 312 const u_char *data, size_t datalen, u_int compat);
278int ssh_xmss_verify(const struct sshkey *key, 313int ssh_xmss_verify(const struct sshkey *key,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 21:03:26 +0000