diff options
Diffstat (limited to 'sshkey.h')
| -rw-r--r-- | sshkey.h | 31 |
1 files changed, 24 insertions, 7 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshkey.h,v 1.31 2019/01/20 22:51:37 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -88,6 +88,13 @@ enum sshkey_serialize_rep { | |||
| 88 | SSHKEY_SERIALIZE_INFO = 254, | 88 | SSHKEY_SERIALIZE_INFO = 254, |
| 89 | }; | 89 | }; |
| 90 | 90 | ||
| 91 | /* Private key disk formats */ | ||
| 92 | enum sshkey_private_format { | ||
| 93 | SSHKEY_PRIVATE_OPENSSH = 0, | ||
| 94 | SSHKEY_PRIVATE_PEM = 1, | ||
| 95 | SSHKEY_PRIVATE_PKCS8 = 2, | ||
| 96 | }; | ||
| 97 | |||
| 91 | /* key is stored in external hardware */ | 98 | /* key is stored in external hardware */ |
| 92 | #define SSHKEY_FLAG_EXT 0x0001 | 99 | #define SSHKEY_FLAG_EXT 0x0001 |
| 93 | 100 | ||
| @@ -123,6 +130,10 @@ struct sshkey { | |||
| 123 | u_char *xmss_sk; | 130 | u_char *xmss_sk; |
| 124 | u_char *xmss_pk; | 131 | u_char *xmss_pk; |
| 125 | struct sshkey_cert *cert; | 132 | struct sshkey_cert *cert; |
| 133 | u_char *shielded_private; | ||
| 134 | size_t shielded_len; | ||
| 135 | u_char *shield_prekey; | ||
| 136 | size_t shield_prekey_len; | ||
| 126 | }; | 137 | }; |
| 127 | 138 | ||
| 128 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | 139 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES |
| @@ -146,6 +157,11 @@ u_int sshkey_size(const struct sshkey *); | |||
| 146 | 157 | ||
| 147 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); | 158 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); |
| 148 | int sshkey_from_private(const struct sshkey *, struct sshkey **); | 159 | int sshkey_from_private(const struct sshkey *, struct sshkey **); |
| 160 | |||
| 161 | int sshkey_is_shielded(struct sshkey *); | ||
| 162 | int sshkey_shield_private(struct sshkey *); | ||
| 163 | int sshkey_unshield_private(struct sshkey *); | ||
| 164 | |||
| 149 | int sshkey_type_from_name(const char *); | 165 | int sshkey_type_from_name(const char *); |
| 150 | int sshkey_is_cert(const struct sshkey *); | 166 | int sshkey_is_cert(const struct sshkey *); |
| 151 | int sshkey_type_is_cert(int); | 167 | int sshkey_type_is_cert(int); |
| @@ -161,7 +177,7 @@ int sshkey_check_cert_sigtype(const struct sshkey *, const char *); | |||
| 161 | 177 | ||
| 162 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); | 178 | int sshkey_certify(struct sshkey *, struct sshkey *, const char *); |
| 163 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ | 179 | /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ |
| 164 | typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *, | 180 | typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, |
| 165 | const u_char *, size_t, const char *, u_int, void *); | 181 | const u_char *, size_t, const char *, u_int, void *); |
| 166 | int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, | 182 | int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, |
| 167 | sshkey_certify_signer *, void *); | 183 | sshkey_certify_signer *, void *); |
| @@ -192,27 +208,28 @@ int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, | |||
| 192 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | 208 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); |
| 193 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | 209 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); |
| 194 | 210 | ||
| 195 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 211 | int sshkey_sign(struct sshkey *, u_char **, size_t *, |
| 196 | const u_char *, size_t, const char *, u_int); | 212 | const u_char *, size_t, const char *, u_int); |
| 197 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | 213 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, |
| 198 | const u_char *, size_t, const char *, u_int); | 214 | const u_char *, size_t, const char *, u_int); |
| 199 | int sshkey_check_sigtype(const u_char *, size_t, const char *); | 215 | int sshkey_check_sigtype(const u_char *, size_t, const char *); |
| 200 | const char *sshkey_sigalg_by_name(const char *); | 216 | const char *sshkey_sigalg_by_name(const char *); |
| 217 | int sshkey_get_sigtype(const u_char *, size_t, char **); | ||
| 201 | 218 | ||
| 202 | /* for debug */ | 219 | /* for debug */ |
| 203 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | 220 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
| 204 | void sshkey_dump_ec_key(const EC_KEY *); | 221 | void sshkey_dump_ec_key(const EC_KEY *); |
| 205 | 222 | ||
| 206 | /* private key parsing and serialisation */ | 223 | /* private key parsing and serialisation */ |
| 207 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | 224 | int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); |
| 208 | int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, | 225 | int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, |
| 209 | enum sshkey_serialize_rep); | 226 | enum sshkey_serialize_rep); |
| 210 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | 227 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); |
| 211 | 228 | ||
| 212 | /* private key file format parsing and serialisation */ | 229 | /* private key file format parsing and serialisation */ |
| 213 | int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, | 230 | int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, |
| 214 | const char *passphrase, const char *comment, | 231 | const char *passphrase, const char *comment, |
| 215 | int force_new_format, const char *new_format_cipher, int new_format_rounds); | 232 | int format, const char *openssh_format_cipher, int openssh_format_rounds); |
| 216 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, | 233 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, |
| 217 | const char *passphrase, struct sshkey **keyp, char **commentp); | 234 | const char *passphrase, struct sshkey **keyp, char **commentp); |
| 218 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | 235 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, |
| @@ -231,7 +248,7 @@ int sshkey_set_filename(struct sshkey *, const char *); | |||
| 231 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); | 248 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); |
| 232 | u_int32_t sshkey_signatures_left(const struct sshkey *); | 249 | u_int32_t sshkey_signatures_left(const struct sshkey *); |
| 233 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); | 250 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); |
| 234 | int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, | 251 | int sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf, |
| 235 | u_int32_t maxsign, sshkey_printfn *pr); | 252 | u_int32_t maxsign, sshkey_printfn *pr); |
| 236 | 253 | ||
| 237 | #ifdef SSHKEY_INTERNAL | 254 | #ifdef SSHKEY_INTERNAL |