key.h revision bd77cf78387b72b7b3ea870459077672bf75c3b5 
1bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */
2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/*
4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *
6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Redistribution and use in source and binary forms, with or without
7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * modification, are permitted provided that the following conditions
8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * are met:
9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 1. Redistributions of source code must retain the above copyright
10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *    notice, this list of conditions and the following disclaimer.
11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 2. Redistributions in binary form must reproduce the above copyright
12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *    notice, this list of conditions and the following disclaimer in the
13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *    documentation and/or other materials provided with the distribution.
14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman *
15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */
26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifndef KEY_H
27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define KEY_H
28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "buffer.h"
30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <openssl/rsa.h>
31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <openssl/dsa.h>
32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef OPENSSL_HAS_ECC
33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <openssl/ec.h>
34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif
35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmantypedef struct Key Key;
37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenum types {
38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_RSA1,
39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_RSA,
40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_DSA,
41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_ECDSA,
42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_RSA_CERT,
43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_DSA_CERT,
44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_ECDSA_CERT,
45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_RSA_CERT_V00,
46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_DSA_CERT_V00,
47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	KEY_UNSPEC
48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman};
49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenum fp_type {
50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	SSH_FP_SHA1,
51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	SSH_FP_MD5
52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman};
53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanenum fp_rep {
54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	SSH_FP_HEX,
55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	SSH_FP_BUBBLEBABBLE,
56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	SSH_FP_RANDOMART
57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman};
58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* key is stored in external hardware */
60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define KEY_FLAG_EXT		0x0001
61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#define CERT_MAX_PRINCIPALS	256
63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct KeyCert {
64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	Buffer		 certblob; /* Kept around for use on wire */
65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	u_int		 type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */
66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	u_int64_t	 serial;
67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	char		*key_id;
68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	u_int		 nprincipals;
69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	char		**principals;
70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	u_int64_t	 valid_after, valid_before;
71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	Buffer		 critical;
72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	Buffer		 extensions;
73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	Key		*signature_key;
74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman};
75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanstruct Key {
77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	int	 type;
78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	int	 flags;
79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	RSA	*rsa;
80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	DSA	*dsa;
81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	int	 ecdsa_nid;	/* NID of curve */
82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef OPENSSL_HAS_ECC
83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	EC_KEY	*ecdsa;
84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#else
85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	void	*ecdsa;
86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif
87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	struct KeyCert *cert;
88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman};
89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey		*key_new(int);
91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid		 key_add_private(Key *);
92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey		*key_new_private(int);
93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid		 key_free(Key *);
94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey		*key_demote(const Key *);
95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_equal_public(const Key *, const Key *);
96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_equal(const Key *, const Key *);
97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanchar		*key_fingerprint(Key *, enum fp_type, enum fp_rep);
98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanu_char		*key_fingerprint_raw(Key *, enum fp_type, u_int *);
99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char	*key_type(const Key *);
100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char	*key_cert_type(const Key *);
101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_write(const Key *, FILE *);
102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_read(Key *, char **);
103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanu_int		 key_size(const Key *);
104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey	*key_generate(int, u_int);
106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey	*key_from_private(const Key *);
107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_type_from_name(char *);
108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_is_cert(const Key *);
109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_type_plain(int);
110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_to_certified(Key *, int);
111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_drop_cert(Key *);
112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_certify(Key *, Key *);
113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid	 key_cert_copy(const Key *, struct Key *);
114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_cert_check_authority(const Key *, int, int, const char *,
115bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman	    const char **);
116bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_cert_is_legacy(Key *);
117bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
118bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_ecdsa_nid_from_name(const char *);
119bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_curve_name_to_nid(const char *);
120bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char *	 key_curve_nid_to_name(int);
121bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanu_int		 key_curve_nid_to_bits(int);
122bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_ecdsa_bits_to_nid(int);
123bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef OPENSSL_HAS_ECC
124bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_ecdsa_key_to_nid(EC_KEY *);
125bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst EVP_MD *	 key_ec_nid_to_evpmd(int nid);
126bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
127bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_ec_validate_private(const EC_KEY *);
128bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif
129bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
130bd77cf78387b72b7b3ea870459077672bf75c3b5Greg HartmanKey		*key_from_blob(const u_char *, u_int);
131bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_to_blob(const Key *, u_char **, u_int *);
132bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char	*key_ssh_name(const Key *);
133bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanconst char	*key_ssh_name_plain(const Key *);
134bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint		 key_names_valid2(const char *);
135bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
136bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
137bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
138bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
139bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
140bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
141bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 ssh_ecdsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
142bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
143bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
144bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint	 ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
145bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
146bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK))
147bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid	key_dump_ec_point(const EC_GROUP *, const EC_POINT *);
148bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid	key_dump_ec_key(const EC_KEY *);
149bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif
150bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman
151bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif
152