summaryrefslogtreecommitdiff
path: root/sshsig.h
diff options
context:
space:
mode:
Diffstat (limited to 'sshsig.h')
-rw-r--r--sshsig.h26
1 files changed, 19 insertions, 7 deletions
diff --git a/sshsig.h b/sshsig.h
index e3eeb601b..63cc1ad1a 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -20,9 +20,10 @@
20struct sshbuf; 20struct sshbuf;
21struct sshkey; 21struct sshkey;
22struct sshsigopt; 22struct sshsigopt;
23struct sshkey_sig_details;
23 24
24typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, 25typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
25 const u_char *, size_t, const char *, u_int, void *); 26 const u_char *, size_t, const char *, const char *, u_int, void *);
26 27
27/* Buffer-oriented API */ 28/* Buffer-oriented API */
28 29
@@ -32,8 +33,9 @@ typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
32 * out is populated with the detached signature, or NULL on failure. 33 * out is populated with the detached signature, or NULL on failure.
33 */ 34 */
34int sshsig_signb(struct sshkey *key, const char *hashalg, 35int sshsig_signb(struct sshkey *key, const char *hashalg,
35 const struct sshbuf *message, const char *sig_namespace, 36 const char *sk_provider, const struct sshbuf *message,
36 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); 37 const char *sig_namespace, struct sshbuf **out,
38 sshsig_signer *signer, void *signer_ctx);
37 39
38/* 40/*
39 * Verifies that a detached signature is valid and optionally returns key 41 * Verifies that a detached signature is valid and optionally returns key
@@ -42,7 +44,7 @@ int sshsig_signb(struct sshkey *key, const char *hashalg,
42 */ 44 */
43int sshsig_verifyb(struct sshbuf *signature, 45int sshsig_verifyb(struct sshbuf *signature,
44 const struct sshbuf *message, const char *sig_namespace, 46 const struct sshbuf *message, const char *sig_namespace,
45 struct sshkey **sign_keyp); 47 struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details);
46 48
47/* File/FD-oriented API */ 49/* File/FD-oriented API */
48 50
@@ -52,8 +54,8 @@ int sshsig_verifyb(struct sshbuf *signature,
52 * out is populated with the detached signature, or NULL on failure. 54 * out is populated with the detached signature, or NULL on failure.
53 */ 55 */
54int sshsig_sign_fd(struct sshkey *key, const char *hashalg, 56int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
55 int fd, const char *sig_namespace, struct sshbuf **out, 57 const char *sk_provider, int fd, const char *sig_namespace,
56 sshsig_signer *signer, void *signer_ctx); 58 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx);
57 59
58/* 60/*
59 * Verifies that a detached signature over a file is valid and optionally 61 * Verifies that a detached signature over a file is valid and optionally
@@ -61,7 +63,8 @@ int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
61 * Returns 0 on success or a negative SSH_ERR_* error code on failure. 63 * Returns 0 on success or a negative SSH_ERR_* error code on failure.
62 */ 64 */
63int sshsig_verify_fd(struct sshbuf *signature, int fd, 65int sshsig_verify_fd(struct sshbuf *signature, int fd,
64 const char *sig_namespace, struct sshkey **sign_keyp); 66 const char *sig_namespace, struct sshkey **sign_keyp,
67 struct sshkey_sig_details **sig_details);
65 68
66/* Utility functions */ 69/* Utility functions */
67 70
@@ -89,4 +92,13 @@ struct sshsigopt *sshsigopt_parse(const char *opts,
89/* Free signature options */ 92/* Free signature options */
90void sshsigopt_free(struct sshsigopt *opts); 93void sshsigopt_free(struct sshsigopt *opts);
91 94
95/* Get public key from signature */
96int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
97
98/* Find principal in allowed_keys file, given a sshkey. Returns
99 * 0 on success.
100 */
101int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
102 char **principal);
103
92#endif /* SSHSIG_H */ 104#endif /* SSHSIG_H */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 10:53:52 +0000