key.h revision 215116
1/* $OpenBSD: key.h,v 1.30 2010/04/16 01:47:26 djm Exp $ */ 2 3/* 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26#ifndef KEY_H 27#define KEY_H 28 29#include "buffer.h" 30#include <openssl/rsa.h> 31#include <openssl/dsa.h> 32 33typedef struct Key Key; 34enum types { 35 KEY_RSA1, 36 KEY_RSA, 37 KEY_DSA, 38 KEY_RSA_CERT, 39 KEY_DSA_CERT, 40 KEY_RSA_CERT_V00, 41 KEY_DSA_CERT_V00, 42 KEY_UNSPEC 43}; 44enum fp_type { 45 SSH_FP_SHA1, 46 SSH_FP_MD5 47}; 48enum fp_rep { 49 SSH_FP_HEX, 50 SSH_FP_BUBBLEBABBLE, 51 SSH_FP_RANDOMART 52}; 53 54/* key is stored in external hardware */ 55#define KEY_FLAG_EXT 0x0001 56 57#define CERT_MAX_PRINCIPALS 256 58struct KeyCert { 59 Buffer certblob; /* Kept around for use on wire */ 60 u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ 61 u_int64_t serial; 62 char *key_id; 63 u_int nprincipals; 64 char **principals; 65 u_int64_t valid_after, valid_before; 66 Buffer critical; 67 Buffer extensions; 68 Key *signature_key; 69}; 70 71struct Key { 72 int type; 73 int flags; 74 RSA *rsa; 75 DSA *dsa; 76 struct KeyCert *cert; 77}; 78 79Key *key_new(int); 80void key_add_private(Key *); 81Key *key_new_private(int); 82void key_free(Key *); 83Key *key_demote(const Key *); 84int key_equal_public(const Key *, const Key *); 85int key_equal(const Key *, const Key *); 86char *key_fingerprint(Key *, enum fp_type, enum fp_rep); 87u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); 88const char *key_type(const Key *); 89const char *key_cert_type(const Key *); 90int key_write(const Key *, FILE *); 91int key_read(Key *, char **); 92u_int key_size(const Key *); 93 94Key *key_generate(int, u_int); 95Key *key_from_private(const Key *); 96int key_type_from_name(char *); 97int key_is_cert(const Key *); 98int key_type_plain(int); 99int key_to_certified(Key *, int); 100int key_drop_cert(Key *); 101int key_certify(Key *, Key *); 102void key_cert_copy(const Key *, struct Key *); 103int key_cert_check_authority(const Key *, int, int, const char *, 104 const char **); 105int key_cert_is_legacy(Key *); 106 107Key *key_from_blob(const u_char *, u_int); 108int key_to_blob(const Key *, u_char **, u_int *); 109const char *key_ssh_name(const Key *); 110int key_names_valid2(const char *); 111 112int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 113int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 114 115int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 116int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 117int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 118int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 119 120#endif 121