key.h revision bd77cf78387b72b7b3ea870459077672bf75c3b5
1bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Redistribution and use in source and binary forms, with or without 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * modification, are permitted provided that the following conditions 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * are met: 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 1. Redistributions of source code must retain the above copyright 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * notice, this list of conditions and the following disclaimer. 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 2. Redistributions in binary form must reproduce the above copyright 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * notice, this list of conditions and the following disclaimer in the 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * documentation and/or other materials provided with the distribution. 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifndef KEY_H 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define KEY_H 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "buffer.h" 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <openssl/rsa.h> 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <openssl/dsa.h> 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef OPENSSL_HAS_ECC 33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <openssl/ec.h> 34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmantypedef struct Key Key; 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenum types { 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_RSA1, 39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_RSA, 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_DSA, 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_ECDSA, 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_RSA_CERT, 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_DSA_CERT, 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_ECDSA_CERT, 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_RSA_CERT_V00, 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_DSA_CERT_V00, 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman KEY_UNSPEC 48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenum fp_type { 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_FP_SHA1, 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_FP_MD5 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenum fp_rep { 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_FP_HEX, 55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_FP_BUBBLEBABBLE, 56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SSH_FP_RANDOMART 57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* key is stored in external hardware */ 60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define KEY_FLAG_EXT 0x0001 61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define CERT_MAX_PRINCIPALS 256 63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct KeyCert { 64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer certblob; /* Kept around for use on wire */ 65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int64_t serial; 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman char *key_id; 68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int nprincipals; 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman char **principals; 70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman u_int64_t valid_after, valid_before; 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer critical; 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Buffer extensions; 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman Key *signature_key; 74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct Key { 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int type; 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int flags; 79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman RSA *rsa; 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman DSA *dsa; 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ecdsa_nid; /* NID of curve */ 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef OPENSSL_HAS_ECC 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman EC_KEY *ecdsa; 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#else 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman void *ecdsa; 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman struct KeyCert *cert; 88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman}; 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey *key_new(int); 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid key_add_private(Key *); 92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey *key_new_private(int); 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid key_free(Key *); 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey *key_demote(const Key *); 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_equal_public(const Key *, const Key *); 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_equal(const Key *, const Key *); 97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanchar *key_fingerprint(Key *, enum fp_type, enum fp_rep); 98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanu_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); 99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char *key_type(const Key *); 100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char *key_cert_type(const Key *); 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_write(const Key *, FILE *); 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_read(Key *, char **); 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanu_int key_size(const Key *); 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey *key_generate(int, u_int); 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey *key_from_private(const Key *); 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_type_from_name(char *); 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_is_cert(const Key *); 109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_type_plain(int); 110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_to_certified(Key *, int); 111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_drop_cert(Key *); 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_certify(Key *, Key *); 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid key_cert_copy(const Key *, struct Key *); 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_cert_check_authority(const Key *, int, int, const char *, 115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman const char **); 116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_cert_is_legacy(Key *); 117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_ecdsa_nid_from_name(const char *); 119bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_curve_name_to_nid(const char *); 120bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char * key_curve_nid_to_name(int); 121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanu_int key_curve_nid_to_bits(int); 122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_ecdsa_bits_to_nid(int); 123bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef OPENSSL_HAS_ECC 124bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_ecdsa_key_to_nid(EC_KEY *); 125bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst EVP_MD * key_ec_nid_to_evpmd(int nid); 126bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_ec_validate_public(const EC_GROUP *, const EC_POINT *); 127bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_ec_validate_private(const EC_KEY *); 128bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 129bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 130bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey *key_from_blob(const u_char *, u_int); 131bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_to_blob(const Key *, u_char **, u_int *); 132bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char *key_ssh_name(const Key *); 133bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char *key_ssh_name_plain(const Key *); 134bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_names_valid2(const char *); 135bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 136bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 137bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 138bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 139bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 140bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 141bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 142bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 143bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); 144bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); 145bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 146bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK)) 147bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid key_dump_ec_point(const EC_GROUP *, const EC_POINT *); 148bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid key_dump_ec_key(const EC_KEY *); 149bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 150bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 151bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif 152