diff options
Diffstat (limited to 'sshkey.h')
-rw-r--r-- | sshkey.h | 222 |
1 files changed, 222 insertions, 0 deletions
diff --git a/sshkey.h b/sshkey.h new file mode 100644 index 000000000..4127db244 --- /dev/null +++ b/sshkey.h | |||
@@ -0,0 +1,222 @@ | |||
1 | /* $OpenBSD: sshkey.h,v 1.1 2014/06/24 01:16:58 djm Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | #ifndef SSHKEY_H | ||
27 | #define SSHKEY_H | ||
28 | |||
29 | #include <sys/types.h> | ||
30 | |||
31 | #ifdef WITH_OPENSSL | ||
32 | #include <openssl/rsa.h> | ||
33 | #include <openssl/dsa.h> | ||
34 | #include <openssl/ec.h> | ||
35 | #else /* OPENSSL */ | ||
36 | #define RSA void | ||
37 | #define DSA void | ||
38 | #define EC_KEY void | ||
39 | #define EC_GROUP void | ||
40 | #define EC_POINT void | ||
41 | #endif /* WITH_OPENSSL */ | ||
42 | |||
43 | #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 | ||
44 | #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) | ||
45 | |||
46 | struct sshbuf; | ||
47 | |||
48 | /* Key types */ | ||
49 | enum sshkey_types { | ||
50 | KEY_RSA1, | ||
51 | KEY_RSA, | ||
52 | KEY_DSA, | ||
53 | KEY_ECDSA, | ||
54 | KEY_ED25519, | ||
55 | KEY_RSA_CERT, | ||
56 | KEY_DSA_CERT, | ||
57 | KEY_ECDSA_CERT, | ||
58 | KEY_ED25519_CERT, | ||
59 | KEY_RSA_CERT_V00, | ||
60 | KEY_DSA_CERT_V00, | ||
61 | KEY_UNSPEC | ||
62 | }; | ||
63 | |||
64 | /* Fingerprint hash algorithms */ | ||
65 | enum sshkey_fp_type { | ||
66 | SSH_FP_SHA1, | ||
67 | SSH_FP_MD5, | ||
68 | SSH_FP_SHA256 | ||
69 | }; | ||
70 | |||
71 | /* Fingerprint representation formats */ | ||
72 | enum sshkey_fp_rep { | ||
73 | SSH_FP_HEX, | ||
74 | SSH_FP_BUBBLEBABBLE, | ||
75 | SSH_FP_RANDOMART | ||
76 | }; | ||
77 | |||
78 | /* key is stored in external hardware */ | ||
79 | #define SSHKEY_FLAG_EXT 0x0001 | ||
80 | |||
81 | #define SSHKEY_CERT_MAX_PRINCIPALS 256 | ||
82 | /* XXX opaquify? */ | ||
83 | struct sshkey_cert { | ||
84 | struct sshbuf *certblob; /* Kept around for use on wire */ | ||
85 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ | ||
86 | u_int64_t serial; | ||
87 | char *key_id; | ||
88 | u_int nprincipals; | ||
89 | char **principals; | ||
90 | u_int64_t valid_after, valid_before; | ||
91 | struct sshbuf *critical; | ||
92 | struct sshbuf *extensions; | ||
93 | struct sshkey *signature_key; | ||
94 | }; | ||
95 | |||
96 | /* XXX opaquify? */ | ||
97 | struct sshkey { | ||
98 | int type; | ||
99 | int flags; | ||
100 | RSA *rsa; | ||
101 | DSA *dsa; | ||
102 | int ecdsa_nid; /* NID of curve */ | ||
103 | EC_KEY *ecdsa; | ||
104 | u_char *ed25519_sk; | ||
105 | u_char *ed25519_pk; | ||
106 | struct sshkey_cert *cert; | ||
107 | }; | ||
108 | |||
109 | #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | ||
110 | #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES | ||
111 | |||
112 | struct sshkey *sshkey_new(int); | ||
113 | int sshkey_add_private(struct sshkey *); | ||
114 | struct sshkey *sshkey_new_private(int); | ||
115 | void sshkey_free(struct sshkey *); | ||
116 | int sshkey_demote(const struct sshkey *, struct sshkey **); | ||
117 | int sshkey_equal_public(const struct sshkey *, | ||
118 | const struct sshkey *); | ||
119 | int sshkey_equal(const struct sshkey *, const struct sshkey *); | ||
120 | char *sshkey_fingerprint(const struct sshkey *, | ||
121 | enum sshkey_fp_type, enum sshkey_fp_rep); | ||
122 | int sshkey_fingerprint_raw(const struct sshkey *k, | ||
123 | enum sshkey_fp_type dgst_type, u_char **retp, size_t *lenp); | ||
124 | const char *sshkey_type(const struct sshkey *); | ||
125 | const char *sshkey_cert_type(const struct sshkey *); | ||
126 | int sshkey_write(const struct sshkey *, FILE *); | ||
127 | int sshkey_read(struct sshkey *, char **); | ||
128 | u_int sshkey_size(const struct sshkey *); | ||
129 | |||
130 | int sshkey_generate(int type, u_int bits, struct sshkey **keyp); | ||
131 | int sshkey_from_private(const struct sshkey *, struct sshkey **); | ||
132 | int sshkey_type_from_name(const char *); | ||
133 | int sshkey_is_cert(const struct sshkey *); | ||
134 | int sshkey_type_is_cert(int); | ||
135 | int sshkey_type_plain(int); | ||
136 | int sshkey_to_certified(struct sshkey *, int); | ||
137 | int sshkey_drop_cert(struct sshkey *); | ||
138 | int sshkey_certify(struct sshkey *, struct sshkey *); | ||
139 | int sshkey_cert_copy(const struct sshkey *, struct sshkey *); | ||
140 | int sshkey_cert_check_authority(const struct sshkey *, int, int, | ||
141 | const char *, const char **); | ||
142 | int sshkey_cert_is_legacy(const struct sshkey *); | ||
143 | |||
144 | int sshkey_ecdsa_nid_from_name(const char *); | ||
145 | int sshkey_curve_name_to_nid(const char *); | ||
146 | const char * sshkey_curve_nid_to_name(int); | ||
147 | u_int sshkey_curve_nid_to_bits(int); | ||
148 | int sshkey_ecdsa_bits_to_nid(int); | ||
149 | int sshkey_ecdsa_key_to_nid(EC_KEY *); | ||
150 | int sshkey_ec_nid_to_hash_alg(int nid); | ||
151 | int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); | ||
152 | int sshkey_ec_validate_private(const EC_KEY *); | ||
153 | const char *sshkey_ssh_name(const struct sshkey *); | ||
154 | const char *sshkey_ssh_name_plain(const struct sshkey *); | ||
155 | int sshkey_names_valid2(const char *); | ||
156 | char *key_alg_list(int, int); | ||
157 | |||
158 | int sshkey_from_blob(const u_char *, size_t, struct sshkey **); | ||
159 | int sshkey_to_blob_buf(const struct sshkey *, struct sshbuf *); | ||
160 | int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); | ||
161 | int sshkey_plain_to_blob_buf(const struct sshkey *, struct sshbuf *); | ||
162 | int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); | ||
163 | |||
164 | int sshkey_sign(const struct sshkey *, u_char **, size_t *, | ||
165 | const u_char *, size_t, u_int); | ||
166 | int sshkey_verify(const struct sshkey *, const u_char *, size_t, | ||
167 | const u_char *, size_t, u_int); | ||
168 | |||
169 | /* for debug */ | ||
170 | void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); | ||
171 | void sshkey_dump_ec_key(const EC_KEY *); | ||
172 | |||
173 | /* private key parsing and serialisation */ | ||
174 | int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf); | ||
175 | int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); | ||
176 | |||
177 | /* private key file format parsing and serialisation */ | ||
178 | int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, | ||
179 | const char *passphrase, const char *comment, | ||
180 | int force_new_format, const char *new_format_cipher, int new_format_rounds); | ||
181 | int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, | ||
182 | struct sshkey **keyp, char **commentp); | ||
183 | int sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | ||
184 | const char *passphrase, struct sshkey **keyp, char **commentp); | ||
185 | int sshkey_parse_private_fileblob(struct sshbuf *buffer, | ||
186 | const char *passphrase, const char *filename, struct sshkey **keyp, | ||
187 | char **commentp); | ||
188 | int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, | ||
189 | const char *passphrase, struct sshkey **keyp, char **commentp); | ||
190 | |||
191 | #ifdef SSHKEY_INTERNAL | ||
192 | int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
193 | const u_char *data, size_t datalen, u_int compat); | ||
194 | int ssh_rsa_verify(const struct sshkey *key, | ||
195 | const u_char *signature, size_t signaturelen, | ||
196 | const u_char *data, size_t datalen, u_int compat); | ||
197 | int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
198 | const u_char *data, size_t datalen, u_int compat); | ||
199 | int ssh_dss_verify(const struct sshkey *key, | ||
200 | const u_char *signature, size_t signaturelen, | ||
201 | const u_char *data, size_t datalen, u_int compat); | ||
202 | int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
203 | const u_char *data, size_t datalen, u_int compat); | ||
204 | int ssh_ecdsa_verify(const struct sshkey *key, | ||
205 | const u_char *signature, size_t signaturelen, | ||
206 | const u_char *data, size_t datalen, u_int compat); | ||
207 | int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, | ||
208 | const u_char *data, size_t datalen, u_int compat); | ||
209 | int ssh_ed25519_verify(const struct sshkey *key, | ||
210 | const u_char *signature, size_t signaturelen, | ||
211 | const u_char *data, size_t datalen, u_int compat); | ||
212 | #endif | ||
213 | |||
214 | #ifndef WITH_OPENSSL | ||
215 | #undef RSA | ||
216 | #undef DSA | ||
217 | #undef EC_KEY | ||
218 | #undef EC_GROUP | ||
219 | #undef EC_POINT | ||
220 | #endif /* WITH_OPENSSL */ | ||
221 | |||
222 | #endif /* SSHKEY_H */ | ||