1/* $NetBSD: key.h,v 1.4 2011/07/25 03:03:10 christos Exp $ */ 2/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ 3 4/* 5 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27#ifndef KEY_H 28#define KEY_H 29 30#include "buffer.h" 31#include <openssl/rsa.h> 32#include <openssl/dsa.h> 33#include <openssl/ec.h> 34 35typedef struct Key Key; 36enum types { 37 KEY_RSA1, 38 KEY_RSA, 39 KEY_DSA, 40 KEY_ECDSA, 41 KEY_RSA_CERT, 42 KEY_DSA_CERT, 43 KEY_ECDSA_CERT, 44 KEY_RSA_CERT_V00, 45 KEY_DSA_CERT_V00, 46 KEY_UNSPEC 47}; 48enum fp_type { 49 SSH_FP_SHA1, 50 SSH_FP_MD5 51}; 52enum fp_rep { 53 SSH_FP_HEX, 54 SSH_FP_BUBBLEBABBLE, 55 SSH_FP_RANDOMART 56}; 57 58/* key is stored in external hardware */ 59#define KEY_FLAG_EXT 0x0001 60 61#define CERT_MAX_PRINCIPALS 256 62struct KeyCert { 63 Buffer certblob; /* Kept around for use on wire */ 64 u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ 65 u_int64_t serial; 66 char *key_id; 67 u_int nprincipals; 68 char **principals; 69 u_int64_t valid_after, valid_before; 70 Buffer critical; 71 Buffer extensions; 72 Key *signature_key; 73}; 74 75struct Key { 76 int type; 77 int flags; 78 RSA *rsa; 79 DSA *dsa; 80 int ecdsa_nid; /* NID of curve */ 81 EC_KEY *ecdsa; 82 struct KeyCert *cert; 83}; 84 85Key *key_new(int); 86void key_add_private(Key *); 87Key *key_new_private(int); 88void key_free(Key *); 89Key *key_demote(const Key *); 90int key_equal_public(const Key *, const Key *); 91int key_equal(const Key *, const Key *); 92char *key_fingerprint(Key *, enum fp_type, enum fp_rep); 93u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); 94const char *key_type(const Key *); 95const char *key_cert_type(const Key *); 96int key_write(const Key *, FILE *); 97int key_read(Key *, char **); 98u_int key_size(const Key *); 99 100Key *key_generate(int, u_int); 101Key *key_from_private(const Key *); 102int key_type_from_name(const char *); 103int key_is_cert(const Key *); 104int key_type_plain(int); 105int key_to_certified(Key *, int); 106int key_drop_cert(Key *); 107int key_certify(Key *, Key *); 108void key_cert_copy(const Key *, struct Key *); 109int key_cert_check_authority(const Key *, int, int, const char *, 110 const char **); 111int key_cert_is_legacy(Key *); 112 113int key_ecdsa_nid_from_name(const char *); 114int key_curve_name_to_nid(const char *); 115const char * key_curve_nid_to_name(int); 116u_int key_curve_nid_to_bits(int); 117int key_ecdsa_bits_to_nid(int); 118int key_ecdsa_key_to_nid(EC_KEY *); 119const EVP_MD * key_ec_nid_to_evpmd(int nid); 120int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); 121int key_ec_validate_private(const EC_KEY *); 122 123Key *key_from_blob(const u_char *, u_int); 124int key_to_blob(const Key *, u_char **, u_int *); 125const char *key_ssh_name(const Key *); 126const char *key_ssh_name_plain(const Key *); 127int key_names_valid2(const char *); 128 129int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 130int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 131 132int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 133int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 134int ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 135int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 136int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 137int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 138 139#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) 140void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); 141void key_dump_ec_key(const EC_KEY *); 142#endif 143 144#endif 145