diff options
Diffstat (limited to 'sshsig.h')
| -rw-r--r-- | sshsig.h | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/sshsig.h b/sshsig.h new file mode 100644 index 000000000..92c675e3a --- /dev/null +++ b/sshsig.h | |||
| @@ -0,0 +1,78 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (c) 2019 Google LLC | ||
| 3 | * | ||
| 4 | * Permission to use, copy, modify, and distribute this software for any | ||
| 5 | * purpose with or without fee is hereby granted, provided that the above | ||
| 6 | * copyright notice and this permission notice appear in all copies. | ||
| 7 | * | ||
| 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 15 | */ | ||
| 16 | |||
| 17 | #ifndef SSHSIG_H | ||
| 18 | #define SSHSIG_H | ||
| 19 | |||
| 20 | struct sshbuf; | ||
| 21 | struct sshkey; | ||
| 22 | |||
| 23 | typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, | ||
| 24 | const u_char *, size_t, const char *, u_int, void *); | ||
| 25 | |||
| 26 | /* | ||
| 27 | * Creates a detached SSH signature for a given message. | ||
| 28 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | ||
| 29 | * out is populated with the detached signature, or NULL on failure. | ||
| 30 | */ | ||
| 31 | int sshsig_sign_message(struct sshkey *key, const char *hashalg, | ||
| 32 | const struct sshbuf *message, const char *sig_namespace, | ||
| 33 | struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); | ||
| 34 | |||
| 35 | /* | ||
| 36 | * Creates a detached SSH signature for a given file. | ||
| 37 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | ||
| 38 | * out is populated with the detached signature, or NULL on failure. | ||
| 39 | */ | ||
| 40 | int sshsig_sign_fd(struct sshkey *key, const char *hashalg, | ||
| 41 | int fd, const char *sig_namespace, struct sshbuf **out, | ||
| 42 | sshsig_signer *signer, void *signer_ctx); | ||
| 43 | |||
| 44 | /* | ||
| 45 | * Verifies that a detached signature is valid and optionally returns key | ||
| 46 | * used to sign via argument. | ||
| 47 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | ||
| 48 | */ | ||
| 49 | int sshsig_verify_message(struct sshbuf *signature, | ||
| 50 | const struct sshbuf *message, const char *sig_namespace, | ||
| 51 | struct sshkey **sign_keyp); | ||
| 52 | |||
| 53 | /* | ||
| 54 | * Verifies that a detached signature over a file is valid and optionally | ||
| 55 | * returns key used to sign via argument. | ||
| 56 | * Returns 0 on success or a negative SSH_ERR_* error code on failure. | ||
| 57 | */ | ||
| 58 | int sshsig_verify_fd(struct sshbuf *signature, int fd, | ||
| 59 | const char *sig_namespace, struct sshkey **sign_keyp); | ||
| 60 | |||
| 61 | /* | ||
| 62 | * Return a base64 encoded "ASCII armoured" version of a raw signature. | ||
| 63 | */ | ||
| 64 | int sshsig_armor(const struct sshbuf *blob, struct sshbuf **out); | ||
| 65 | |||
| 66 | /* | ||
| 67 | * Decode a base64 encoded armoured signature to a raw signature. | ||
| 68 | */ | ||
| 69 | int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out); | ||
| 70 | |||
| 71 | /* | ||
| 72 | * Checks whether a particular key/principal/namespace is permitted by | ||
| 73 | * an allowed_keys file. Returns 0 on success. | ||
| 74 | */ | ||
| 75 | int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, | ||
| 76 | const char *principal, const char *ns); | ||
| 77 | |||
| 78 | #endif /* SSHSIG_H */ | ||