key.h

   1 /* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */
   2
   3 /*
   4  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  * 2. Redistributions in binary form must reproduce the above copyright
  12  *    notice, this list of conditions and the following disclaimer in the
  13  *    documentation and/or other materials provided with the distribution.
  14  *
  15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  25  */
  26 #ifndef KEY_H
  27 #define KEY_H
  28
  29 #include "buffer.h"
  30 #include <openssl/rsa.h>
  31 #include <openssl/dsa.h>
  32
  33 typedef struct Key Key;
  34 enum types {
  35         KEY_RSA1,
  36         KEY_RSA,
  37         KEY_DSA,
  38         KEY_RSA_CERT,
  39         KEY_DSA_CERT,
  40         KEY_UNSPEC
  41 };
  42 enum fp_type {
  43         SSH_FP_SHA1,
  44         SSH_FP_MD5
  45 };
  46 enum fp_rep {
  47         SSH_FP_HEX,
  48         SSH_FP_BUBBLEBABBLE,
  49         SSH_FP_RANDOMART
  50 };
  51
  52 /* key is stored in external hardware */
  53 #define KEY_FLAG_EXT            0x0001
  54
  55 #define CERT_MAX_PRINCIPALS     256
  56 struct KeyCert {
  57         Buffer           certblob; /* Kept around for use on wire */
  58         u_int            type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */
  59         char            *key_id;
  60         u_int            nprincipals;
  61         char            **principals;
  62         u_int64_t        valid_after, valid_before;
  63         Buffer           constraints;
  64         Key             *signature_key;
  65 };
  66
  67 struct Key {
  68         int      type;
  69         int      flags;
  70         RSA     *rsa;
  71         DSA     *dsa;
  72         struct KeyCert *cert;
  73 };
  74
  75 Key             *key_new(int);
  76 void             key_add_private(Key *);
  77 Key             *key_new_private(int);
  78 void             key_free(Key *);
  79 Key             *key_demote(const Key *);
  80 int              key_equal_public(const Key *, const Key *);
  81 int              key_equal(const Key *, const Key *);
  82 char            *key_fingerprint(Key *, enum fp_type, enum fp_rep);
  83 u_char          *key_fingerprint_raw(Key *, enum fp_type, u_int *);
  84 const char      *key_type(const Key *);
  85 int              key_write(const Key *, FILE *);
  86 int              key_read(Key *, char **);
  87 u_int            key_size(const Key *);
  88
  89 Key     *key_generate(int, u_int);
  90 Key     *key_from_private(const Key *);
  91 int      key_type_from_name(char *);
  92 int      key_is_cert(const Key *);
  93 int      key_type_plain(int);
  94 int      key_to_certified(Key *);
  95 int      key_drop_cert(Key *);
  96 int      key_certify(Key *, Key *);
  97 void     key_cert_copy(const Key *, struct Key *);
  98 int      key_cert_check_authority(const Key *, int, int, const char *,
  99             const char **);
 100
 101 Key             *key_from_blob(const u_char *, u_int);
 102 int              key_to_blob(const Key *, u_char **, u_int *);
 103 const char      *key_ssh_name(const Key *);
 104 int              key_names_valid2(const char *);
 105
 106 int      key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
 107 int      key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 108
 109 int      ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
 110 int      ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 111 int      ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
 112 int      ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 113
 114 #endif