diff options
Diffstat (limited to 'sshkey.h')
-rw-r--r-- | sshkey.h | 45 |
1 files changed, 42 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.h,v 1.24 2018/02/23 15:58:38 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -61,6 +61,8 @@ enum sshkey_types { | |||
61 | KEY_DSA_CERT, | 61 | KEY_DSA_CERT, |
62 | KEY_ECDSA_CERT, | 62 | KEY_ECDSA_CERT, |
63 | KEY_ED25519_CERT, | 63 | KEY_ED25519_CERT, |
64 | KEY_XMSS, | ||
65 | KEY_XMSS_CERT, | ||
64 | KEY_NULL, | 66 | KEY_NULL, |
65 | KEY_UNSPEC | 67 | KEY_UNSPEC |
66 | }; | 68 | }; |
@@ -77,6 +79,14 @@ enum sshkey_fp_rep { | |||
77 | SSH_FP_RANDOMART | 79 | SSH_FP_RANDOMART |
78 | }; | 80 | }; |
79 | 81 | ||
82 | /* Private key serialisation formats, used on the wire */ | ||
83 | enum sshkey_serialize_rep { | ||
84 | SSHKEY_SERIALIZE_DEFAULT = 0, | ||
85 | SSHKEY_SERIALIZE_STATE = 1, | ||
86 | SSHKEY_SERIALIZE_FULL = 2, | ||
87 | SSHKEY_SERIALIZE_INFO = 254, | ||
88 | }; | ||
89 | |||
80 | /* key is stored in external hardware */ | 90 | /* key is stored in external hardware */ |
81 | #define SSHKEY_FLAG_EXT 0x0001 | 91 | #define SSHKEY_FLAG_EXT 0x0001 |
82 | 92 | ||
@@ -105,6 +115,11 @@ struct sshkey { | |||
105 | EC_KEY *ecdsa; | 115 | EC_KEY *ecdsa; |
106 | u_char *ed25519_sk; | 116 | u_char *ed25519_sk; |
107 | u_char *ed25519_pk; | 117 | u_char *ed25519_pk; |
118 | char *xmss_name; | ||
119 | char *xmss_filename; /* for state file updates */ | ||
120 | void *xmss_state; /* depends on xmss_name, opaque */ | ||
121 | u_char *xmss_sk; | ||
122 | u_char *xmss_pk; | ||
108 | struct sshkey_cert *cert; | 123 | struct sshkey_cert *cert; |
109 | }; | 124 | }; |
110 | 125 | ||
@@ -172,13 +187,16 @@ int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); | |||
172 | int sshkey_to_base64(const struct sshkey *, char **); | 187 | int sshkey_to_base64(const struct sshkey *, char **); |
173 | int sshkey_putb(const struct sshkey *, struct sshbuf *); | 188 | int sshkey_putb(const struct sshkey *, struct sshbuf *); |
174 | int sshkey_puts(const struct sshkey *, struct sshbuf *); | 189 | int sshkey_puts(const struct sshkey *, struct sshbuf *); |
190 | int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, | ||
191 | enum sshkey_serialize_rep); | ||
175 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | 192 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); |
176 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); | 193 | int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); |
177 | 194 | ||
195 | int sshkey_sigtype(const u_char *, size_t, char **); | ||
178 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | 196 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, |
179 | const u_char *, size_t, const char *, u_int); | 197 | const u_char *, size_t, const char *, u_int); |
180 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | 198 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, |
181 | const u_char *, size_t, u_int); | 199 | const u_char *, size_t, const char *, u_int); |
182 | 200 | ||
183 | /* for debug */ | 201 | /* for debug */ |
184 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | 202 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
@@ -186,6 +204,8 @@ void sshkey_dump_ec_key(const EC_KEY *); | |||
186 | 204 | ||
187 | /* private key parsing and serialisation */ | 205 | /* private key parsing and serialisation */ |
188 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | 206 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); |
207 | int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf, | ||
208 | enum sshkey_serialize_rep); | ||
189 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | 209 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); |
190 | 210 | ||
191 | /* private key file format parsing and serialisation */ | 211 | /* private key file format parsing and serialisation */ |
@@ -200,12 +220,26 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | |||
200 | /* XXX should be internal, but used by ssh-keygen */ | 220 | /* XXX should be internal, but used by ssh-keygen */ |
201 | int ssh_rsa_generate_additional_parameters(struct sshkey *); | 221 | int ssh_rsa_generate_additional_parameters(struct sshkey *); |
202 | 222 | ||
223 | /* stateful keys (e.g. XMSS) */ | ||
224 | #ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS | ||
225 | typedef void sshkey_printfn(const char *, ...); | ||
226 | #else | ||
227 | typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2))); | ||
228 | #endif | ||
229 | int sshkey_set_filename(struct sshkey *, const char *); | ||
230 | int sshkey_enable_maxsign(struct sshkey *, u_int32_t); | ||
231 | u_int32_t sshkey_signatures_left(const struct sshkey *); | ||
232 | int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *); | ||
233 | int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf, | ||
234 | u_int32_t maxsign, sshkey_printfn *pr); | ||
235 | |||
203 | #ifdef SSHKEY_INTERNAL | 236 | #ifdef SSHKEY_INTERNAL |
204 | int ssh_rsa_sign(const struct sshkey *key, | 237 | int ssh_rsa_sign(const struct sshkey *key, |
205 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, | 238 | u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, |
206 | const char *ident); | 239 | const char *ident); |
207 | int ssh_rsa_verify(const struct sshkey *key, | 240 | int ssh_rsa_verify(const struct sshkey *key, |
208 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen); | 241 | const u_char *sig, size_t siglen, const u_char *data, size_t datalen, |
242 | const char *alg); | ||
209 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | 243 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, |
210 | const u_char *data, size_t datalen, u_int compat); | 244 | const u_char *data, size_t datalen, u_int compat); |
211 | int ssh_dss_verify(const struct sshkey *key, | 245 | int ssh_dss_verify(const struct sshkey *key, |
@@ -221,6 +255,11 @@ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | |||
221 | int ssh_ed25519_verify(const struct sshkey *key, | 255 | int ssh_ed25519_verify(const struct sshkey *key, |
222 | const u_char *signature, size_t signaturelen, | 256 | const u_char *signature, size_t signaturelen, |
223 | const u_char *data, size_t datalen, u_int compat); | 257 | const u_char *data, size_t datalen, u_int compat); |
258 | int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
259 | const u_char *data, size_t datalen, u_int compat); | ||
260 | int ssh_xmss_verify(const struct sshkey *key, | ||
261 | const u_char *signature, size_t signaturelen, | ||
262 | const u_char *data, size_t datalen, u_int compat); | ||
224 | #endif | 263 | #endif |
225 | 264 | ||
226 | #if !defined(WITH_OPENSSL) | 265 | #if !defined(WITH_OPENSSL) |