version 1.41, 2014/01/09 23:20:00 |
version 1.42, 2014/06/24 01:13:21 |
|
|
#ifndef KEY_H |
#ifndef KEY_H |
#define KEY_H |
#define KEY_H |
|
|
#include "buffer.h" |
#include "sshkey.h" |
#include <openssl/rsa.h> |
|
#include <openssl/dsa.h> |
|
#include <openssl/ec.h> |
|
|
|
typedef struct Key Key; |
typedef struct sshkey Key; |
enum types { |
|
KEY_RSA1, |
|
KEY_RSA, |
|
KEY_DSA, |
|
KEY_ECDSA, |
|
KEY_ED25519, |
|
KEY_RSA_CERT, |
|
KEY_DSA_CERT, |
|
KEY_ECDSA_CERT, |
|
KEY_ED25519_CERT, |
|
KEY_RSA_CERT_V00, |
|
KEY_DSA_CERT_V00, |
|
KEY_UNSPEC |
|
}; |
|
enum fp_type { |
|
SSH_FP_SHA1, |
|
SSH_FP_MD5, |
|
SSH_FP_SHA256 |
|
}; |
|
enum fp_rep { |
|
SSH_FP_HEX, |
|
SSH_FP_BUBBLEBABBLE, |
|
SSH_FP_RANDOMART |
|
}; |
|
|
|
/* key is stored in external hardware */ |
#define types sshkey_types |
#define KEY_FLAG_EXT 0x0001 |
#define fp_type sshkey_fp_type |
|
#define fp_rep sshkey_fp_rep |
|
|
#define CERT_MAX_PRINCIPALS 256 |
#ifndef SSH_KEY_NO_DEFINE |
struct KeyCert { |
#define key_new sshkey_new |
Buffer certblob; /* Kept around for use on wire */ |
#define key_free sshkey_free |
u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ |
#define key_equal_public sshkey_equal_public |
u_int64_t serial; |
#define key_equal sshkey_equal |
char *key_id; |
#define key_fingerprint sshkey_fingerprint |
u_int nprincipals; |
#define key_type sshkey_type |
char **principals; |
#define key_cert_type sshkey_cert_type |
u_int64_t valid_after, valid_before; |
#define key_ssh_name sshkey_ssh_name |
Buffer critical; |
#define key_ssh_name_plain sshkey_ssh_name_plain |
Buffer extensions; |
#define key_type_from_name sshkey_type_from_name |
Key *signature_key; |
#define key_ecdsa_nid_from_name sshkey_ecdsa_nid_from_name |
}; |
#define key_type_is_cert sshkey_type_is_cert |
|
#define key_size sshkey_size |
|
#define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid |
|
#define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid |
|
#define key_names_valid2 sshkey_names_valid2 |
|
#define key_is_cert sshkey_is_cert |
|
#define key_type_plain sshkey_type_plain |
|
#define key_cert_is_legacy sshkey_cert_is_legacy |
|
#define key_curve_name_to_nid sshkey_curve_name_to_nid |
|
#define key_curve_nid_to_bits sshkey_curve_nid_to_bits |
|
#define key_curve_nid_to_name sshkey_curve_nid_to_name |
|
#define key_ec_nid_to_hash_alg sshkey_ec_nid_to_hash_alg |
|
#define key_dump_ec_point sshkey_dump_ec_point |
|
#define key_dump_ec_key sshkey_dump_ec_key |
|
#define key_fingerprint sshkey_fingerprint |
|
#endif |
|
|
struct Key { |
void key_add_private(Key *); |
int type; |
Key *key_new_private(int); |
int flags; |
void key_free(Key *); |
RSA *rsa; |
Key *key_demote(const Key *); |
DSA *dsa; |
u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); |
int ecdsa_nid; /* NID of curve */ |
int key_write(const Key *, FILE *); |
EC_KEY *ecdsa; |
int key_read(Key *, char **); |
struct KeyCert *cert; |
|
u_char *ed25519_sk; |
|
u_char *ed25519_pk; |
|
}; |
|
|
|
#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES |
|
#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES |
|
|
|
Key *key_new(int); |
|
void key_add_private(Key *); |
|
Key *key_new_private(int); |
|
void key_free(Key *); |
|
Key *key_demote(const Key *); |
|
int key_equal_public(const Key *, const Key *); |
|
int key_equal(const Key *, const Key *); |
|
char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); |
|
u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); |
|
const char *key_type(const Key *); |
|
const char *key_cert_type(const Key *); |
|
int key_write(const Key *, FILE *); |
|
int key_read(Key *, char **); |
|
u_int key_size(const Key *); |
|
|
|
Key *key_generate(int, u_int); |
Key *key_generate(int, u_int); |
Key *key_from_private(const Key *); |
Key *key_from_private(const Key *); |
int key_type_from_name(char *); |
|
int key_is_cert(const Key *); |
|
int key_type_is_cert(int); |
|
int key_type_plain(int); |
|
int key_to_certified(Key *, int); |
int key_to_certified(Key *, int); |
int key_drop_cert(Key *); |
int key_drop_cert(Key *); |
int key_certify(Key *, Key *); |
int key_certify(Key *, Key *); |
void key_cert_copy(const Key *, struct Key *); |
void key_cert_copy(const Key *, Key *); |
int key_cert_check_authority(const Key *, int, int, const char *, |
int key_cert_check_authority(const Key *, int, int, const char *, |
const char **); |
const char **); |
int key_cert_is_legacy(const Key *); |
char *key_alg_list(int, int); |
|
|
int key_ecdsa_nid_from_name(const char *); |
#ifdef WITH_OPENSSL |
int key_curve_name_to_nid(const char *); |
int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
const char *key_curve_nid_to_name(int); |
int key_ec_validate_private(const EC_KEY *); |
u_int key_curve_nid_to_bits(int); |
#endif /* WITH_OPENSSL */ |
int key_ecdsa_bits_to_nid(int); |
|
int key_ecdsa_key_to_nid(EC_KEY *); |
|
int key_ec_nid_to_hash_alg(int nid); |
|
int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
|
int key_ec_validate_private(const EC_KEY *); |
|
char *key_alg_list(int, int); |
|
|
|
Key *key_from_blob(const u_char *, u_int); |
Key *key_from_blob(const u_char *, u_int); |
int key_to_blob(const Key *, u_char **, u_int *); |
int key_to_blob(const Key *, u_char **, u_int *); |
const char *key_ssh_name(const Key *); |
|
const char *key_ssh_name_plain(const Key *); |
|
int key_names_valid2(const char *); |
|
|
|
int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
|
int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
void key_private_serialize(const Key *, struct sshbuf *); |
int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
Key *key_private_deserialize(struct sshbuf *); |
int ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
|
int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
|
int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
int ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
|
int ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
|
|
#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) |
/* authfile.c */ |
void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
int key_save_private(Key *, const char *, const char *, const char *, |
void key_dump_ec_key(const EC_KEY *); |
int, const char *, int); |
#endif |
int key_load_file(int, const char *, struct sshbuf *); |
|
Key *key_load_cert(const char *); |
void key_private_serialize(const Key *, Buffer *); |
Key *key_load_public(const char *, char **); |
Key *key_private_deserialize(Buffer *); |
Key *key_load_private(const char *, const char *, char **); |
|
Key *key_load_private_cert(int, const char *, const char *, int *); |
|
Key *key_load_private_type(int, const char *, const char *, char **, int *); |
|
Key *key_load_private_pem(int, int, const char *, char **); |
|
int key_perm_ok(int, const char *); |
|
int key_in_file(Key *, const char *, int); |
|
|
#endif |
#endif |