summaryrefslogtreecommitdiff
path: root/sshkey.h
diff options
context:
space:
mode:
Diffstat (limited to 'sshkey.h')
-rw-r--r--sshkey.h45
1 files changed, 42 insertions, 3 deletions
diff --git a/sshkey.h b/sshkey.h
index b5d020cbf..4e89049f1 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.h,v 1.21 2017/07/01 13:50:45 djm Exp $ */ 1/* $OpenBSD: sshkey.h,v 1.24 2018/02/23 15:58:38 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -61,6 +61,8 @@ enum sshkey_types {
61 KEY_DSA_CERT, 61 KEY_DSA_CERT,
62 KEY_ECDSA_CERT, 62 KEY_ECDSA_CERT,
63 KEY_ED25519_CERT, 63 KEY_ED25519_CERT,
64 KEY_XMSS,
65 KEY_XMSS_CERT,
64 KEY_NULL, 66 KEY_NULL,
65 KEY_UNSPEC 67 KEY_UNSPEC
66}; 68};
@@ -77,6 +79,14 @@ enum sshkey_fp_rep {
77 SSH_FP_RANDOMART 79 SSH_FP_RANDOMART
78}; 80};
79 81
82/* Private key serialisation formats, used on the wire */
83enum sshkey_serialize_rep {
84 SSHKEY_SERIALIZE_DEFAULT = 0,
85 SSHKEY_SERIALIZE_STATE = 1,
86 SSHKEY_SERIALIZE_FULL = 2,
87 SSHKEY_SERIALIZE_INFO = 254,
88};
89
80/* key is stored in external hardware */ 90/* key is stored in external hardware */
81#define SSHKEY_FLAG_EXT 0x0001 91#define SSHKEY_FLAG_EXT 0x0001
82 92
@@ -105,6 +115,11 @@ struct sshkey {
105 EC_KEY *ecdsa; 115 EC_KEY *ecdsa;
106 u_char *ed25519_sk; 116 u_char *ed25519_sk;
107 u_char *ed25519_pk; 117 u_char *ed25519_pk;
118 char *xmss_name;
119 char *xmss_filename; /* for state file updates */
120 void *xmss_state; /* depends on xmss_name, opaque */
121 u_char *xmss_sk;
122 u_char *xmss_pk;
108 struct sshkey_cert *cert; 123 struct sshkey_cert *cert;
109}; 124};
110 125
@@ -172,13 +187,16 @@ int sshkey_to_blob(const struct sshkey *, u_char **, size_t *);
172int sshkey_to_base64(const struct sshkey *, char **); 187int sshkey_to_base64(const struct sshkey *, char **);
173int sshkey_putb(const struct sshkey *, struct sshbuf *); 188int sshkey_putb(const struct sshkey *, struct sshbuf *);
174int sshkey_puts(const struct sshkey *, struct sshbuf *); 189int sshkey_puts(const struct sshkey *, struct sshbuf *);
190int sshkey_puts_opts(const struct sshkey *, struct sshbuf *,
191 enum sshkey_serialize_rep);
175int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); 192int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *);
176int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); 193int sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
177 194
195int sshkey_sigtype(const u_char *, size_t, char **);
178int sshkey_sign(const struct sshkey *, u_char **, size_t *, 196int sshkey_sign(const struct sshkey *, u_char **, size_t *,
179 const u_char *, size_t, const char *, u_int); 197 const u_char *, size_t, const char *, u_int);
180int sshkey_verify(const struct sshkey *, const u_char *, size_t, 198int sshkey_verify(const struct sshkey *, const u_char *, size_t,
181 const u_char *, size_t, u_int); 199 const u_char *, size_t, const char *, u_int);
182 200
183/* for debug */ 201/* for debug */
184void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); 202void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);
@@ -186,6 +204,8 @@ void sshkey_dump_ec_key(const EC_KEY *);
186 204
187/* private key parsing and serialisation */ 205/* private key parsing and serialisation */
188int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); 206int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf);
207int sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf,
208 enum sshkey_serialize_rep);
189int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); 209int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp);
190 210
191/* private key file format parsing and serialisation */ 211/* private key file format parsing and serialisation */
@@ -200,12 +220,26 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
200/* XXX should be internal, but used by ssh-keygen */ 220/* XXX should be internal, but used by ssh-keygen */
201int ssh_rsa_generate_additional_parameters(struct sshkey *); 221int ssh_rsa_generate_additional_parameters(struct sshkey *);
202 222
223/* stateful keys (e.g. XMSS) */
224#ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS
225typedef void sshkey_printfn(const char *, ...);
226#else
227typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2)));
228#endif
229int sshkey_set_filename(struct sshkey *, const char *);
230int sshkey_enable_maxsign(struct sshkey *, u_int32_t);
231u_int32_t sshkey_signatures_left(const struct sshkey *);
232int sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *);
233int sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf,
234 u_int32_t maxsign, sshkey_printfn *pr);
235
203#ifdef SSHKEY_INTERNAL 236#ifdef SSHKEY_INTERNAL
204int ssh_rsa_sign(const struct sshkey *key, 237int ssh_rsa_sign(const struct sshkey *key,
205 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, 238 u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
206 const char *ident); 239 const char *ident);
207int ssh_rsa_verify(const struct sshkey *key, 240int ssh_rsa_verify(const struct sshkey *key,
208 const u_char *sig, size_t siglen, const u_char *data, size_t datalen); 241 const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
242 const char *alg);
209int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 243int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
210 const u_char *data, size_t datalen, u_int compat); 244 const u_char *data, size_t datalen, u_int compat);
211int ssh_dss_verify(const struct sshkey *key, 245int ssh_dss_verify(const struct sshkey *key,
@@ -221,6 +255,11 @@ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
221int ssh_ed25519_verify(const struct sshkey *key, 255int ssh_ed25519_verify(const struct sshkey *key,
222 const u_char *signature, size_t signaturelen, 256 const u_char *signature, size_t signaturelen,
223 const u_char *data, size_t datalen, u_int compat); 257 const u_char *data, size_t datalen, u_int compat);
258int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
259 const u_char *data, size_t datalen, u_int compat);
260int ssh_xmss_verify(const struct sshkey *key,
261 const u_char *signature, size_t signaturelen,
262 const u_char *data, size_t datalen, u_int compat);
224#endif 263#endif
225 264
226#if !defined(WITH_OPENSSL) 265#if !defined(WITH_OPENSSL)