Mike Lockwood | 1305e95 | 2011-12-07 08:17:59 -0800 | [diff] [blame] | 1 | /* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ |
| 2 | |
| 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions |
| 8 | * are met: |
| 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * 2. Redistributions in binary form must reproduce the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer in the |
| 13 | * documentation and/or other materials provided with the distribution. |
| 14 | * |
| 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 25 | */ |
| 26 | #ifndef KEY_H |
| 27 | #define KEY_H |
| 28 | |
| 29 | #include "buffer.h" |
| 30 | #include <openssl/rsa.h> |
| 31 | #include <openssl/dsa.h> |
| 32 | #ifdef OPENSSL_HAS_ECC |
| 33 | #include <openssl/ec.h> |
| 34 | #endif |
| 35 | |
| 36 | typedef struct Key Key; |
| 37 | enum types { |
| 38 | KEY_RSA1, |
| 39 | KEY_RSA, |
| 40 | KEY_DSA, |
| 41 | KEY_ECDSA, |
| 42 | KEY_RSA_CERT, |
| 43 | KEY_DSA_CERT, |
| 44 | KEY_ECDSA_CERT, |
| 45 | KEY_RSA_CERT_V00, |
| 46 | KEY_DSA_CERT_V00, |
| 47 | KEY_UNSPEC |
| 48 | }; |
| 49 | enum fp_type { |
| 50 | SSH_FP_SHA1, |
| 51 | SSH_FP_MD5 |
| 52 | }; |
| 53 | enum fp_rep { |
| 54 | SSH_FP_HEX, |
| 55 | SSH_FP_BUBBLEBABBLE, |
| 56 | SSH_FP_RANDOMART |
| 57 | }; |
| 58 | |
| 59 | /* key is stored in external hardware */ |
| 60 | #define KEY_FLAG_EXT 0x0001 |
| 61 | |
| 62 | #define CERT_MAX_PRINCIPALS 256 |
| 63 | struct KeyCert { |
| 64 | Buffer certblob; /* Kept around for use on wire */ |
| 65 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ |
| 66 | u_int64_t serial; |
| 67 | char *key_id; |
| 68 | u_int nprincipals; |
| 69 | char **principals; |
| 70 | u_int64_t valid_after, valid_before; |
| 71 | Buffer critical; |
| 72 | Buffer extensions; |
| 73 | Key *signature_key; |
| 74 | }; |
| 75 | |
| 76 | struct Key { |
| 77 | int type; |
| 78 | int flags; |
| 79 | RSA *rsa; |
| 80 | DSA *dsa; |
| 81 | int ecdsa_nid; /* NID of curve */ |
| 82 | #ifdef OPENSSL_HAS_ECC |
| 83 | EC_KEY *ecdsa; |
| 84 | #else |
| 85 | void *ecdsa; |
| 86 | #endif |
| 87 | struct KeyCert *cert; |
| 88 | }; |
| 89 | |
| 90 | Key *key_new(int); |
| 91 | void key_add_private(Key *); |
| 92 | Key *key_new_private(int); |
| 93 | void key_free(Key *); |
| 94 | Key *key_demote(const Key *); |
| 95 | int key_equal_public(const Key *, const Key *); |
| 96 | int key_equal(const Key *, const Key *); |
| 97 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); |
| 98 | u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); |
| 99 | const char *key_type(const Key *); |
| 100 | const char *key_cert_type(const Key *); |
| 101 | int key_write(const Key *, FILE *); |
| 102 | int key_read(Key *, char **); |
| 103 | u_int key_size(const Key *); |
| 104 | |
| 105 | Key *key_generate(int, u_int); |
| 106 | Key *key_from_private(const Key *); |
| 107 | int key_type_from_name(char *); |
| 108 | int key_is_cert(const Key *); |
| 109 | int key_type_plain(int); |
| 110 | int key_to_certified(Key *, int); |
| 111 | int key_drop_cert(Key *); |
| 112 | int key_certify(Key *, Key *); |
| 113 | void key_cert_copy(const Key *, struct Key *); |
| 114 | int key_cert_check_authority(const Key *, int, int, const char *, |
| 115 | const char **); |
| 116 | int key_cert_is_legacy(Key *); |
| 117 | |
| 118 | int key_ecdsa_nid_from_name(const char *); |
| 119 | int key_curve_name_to_nid(const char *); |
| 120 | const char * key_curve_nid_to_name(int); |
| 121 | u_int key_curve_nid_to_bits(int); |
| 122 | int key_ecdsa_bits_to_nid(int); |
| 123 | #ifdef OPENSSL_HAS_ECC |
| 124 | int key_ecdsa_key_to_nid(EC_KEY *); |
| 125 | const EVP_MD * key_ec_nid_to_evpmd(int nid); |
| 126 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
| 127 | int key_ec_validate_private(const EC_KEY *); |
| 128 | #endif |
| 129 | |
| 130 | Key *key_from_blob(const u_char *, u_int); |
| 131 | int key_to_blob(const Key *, u_char **, u_int *); |
| 132 | const char *key_ssh_name(const Key *); |
| 133 | const char *key_ssh_name_plain(const Key *); |
| 134 | int key_names_valid2(const char *); |
| 135 | |
| 136 | int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
| 137 | int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
| 138 | |
| 139 | int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
| 140 | int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
| 141 | int ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
| 142 | int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
| 143 | int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
| 144 | int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
| 145 | |
| 146 | #if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK)) |
| 147 | void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
| 148 | void key_dump_ec_key(const EC_KEY *); |
| 149 | #endif |
| 150 | |
| 151 | #endif |