29 #include <sys/types.h>
32 #include <openssl/rsa.h>
33 #include <openssl/dsa.h>
34 #include <openssl/evp.h>
35 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
36 #include <openssl/param_build.h>
37 #include <openssl/core_names.h>
39 # ifdef OPENSSL_HAS_ECC
40 # include <openssl/ec.h>
41 # include <openssl/ecdsa.h>
44 # define EC_GROUP void
45 # define EC_POINT void
47 #define SSH_OPENSSL_VERSION OpenSSL_version(OPENSSL_VERSION)
53 # define EC_GROUP void
54 # define EC_POINT void
55 #define SSH_OPENSSL_VERSION "without OpenSSL"
58 #define SSH_RSA_MINIMUM_MODULUS_SIZE 1024
59 #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20)
84 #define SSH_FP_HASH_DEFAULT SSH_DIGEST_SHA256
96 enum sshkey_serialize_rep {
97 SSHKEY_SERIALIZE_DEFAULT = 0,
98 SSHKEY_SERIALIZE_STATE = 1,
99 SSHKEY_SERIALIZE_FULL = 2,
100 SSHKEY_SERIALIZE_SHIELD = 3,
101 SSHKEY_SERIALIZE_INFO = 254,
105 enum sshkey_private_format {
106 SSHKEY_PRIVATE_OPENSSH = 0,
107 SSHKEY_PRIVATE_PEM = 1,
108 SSHKEY_PRIVATE_PKCS8 = 2,
112 #define SSHKEY_FLAG_EXT 0x0001
114 #define SSHKEY_CERT_MAX_PRINCIPALS 256
117 struct sshbuf *certblob;
123 u_int64_t valid_after, valid_before;
124 struct sshbuf *critical;
125 struct sshbuf *extensions;
126 struct sshkey *signature_key;
127 char *signature_type;
151 char *sk_application;
153 struct sshbuf *sk_key_handle;
154 struct sshbuf *sk_reserved;
156 struct sshkey_cert *cert;
158 u_char *shielded_private;
160 u_char *shield_prekey;
161 size_t shield_prekey_len;
164 #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
165 #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
168 struct sshkey_sig_details {
173 struct sshkey_impl_funcs {
174 u_int (*size)(
const struct sshkey *);
175 int (*alloc)(
struct sshkey *);
176 void (*cleanup)(
struct sshkey *);
177 int (*equal)(
const struct sshkey *,
const struct sshkey *);
178 int (*serialize_public)(
const struct sshkey *,
struct sshbuf *,
179 enum sshkey_serialize_rep);
180 int (*deserialize_public)(
const char *,
struct sshbuf *,
182 int (*serialize_private)(
const struct sshkey *,
struct sshbuf *,
183 enum sshkey_serialize_rep);
184 int (*deserialize_private)(
const char *,
struct sshbuf *,
186 int (*generate)(
struct sshkey *, int);
187 int (*copy_public)(
const struct sshkey *,
struct sshkey *);
188 int (*sign)(
struct sshkey *, u_char **,
size_t *,
189 const u_char *, size_t,
const char *,
190 const char *,
const char *, u_int);
191 int (*verify)(
const struct sshkey *,
const u_char *, size_t,
192 const u_char *, size_t,
const char *, u_int,
193 struct sshkey_sig_details **);
198 const char *shortname;
205 const struct sshkey_impl_funcs *funcs;
208 struct sshkey *sshkey_new(
int);
209 void sshkey_free(
struct sshkey *);
210 int sshkey_equal_public(
const struct sshkey *,
211 const struct sshkey *);
212 int sshkey_equal(
const struct sshkey *,
const struct sshkey *);
213 char *sshkey_fingerprint(
const struct sshkey *,
214 int,
enum sshkey_fp_rep);
215 int sshkey_fingerprint_raw(
const struct sshkey *k,
216 int, u_char **retp,
size_t *lenp);
217 const char *sshkey_type(
const struct sshkey *);
218 const char *sshkey_cert_type(
const struct sshkey *);
219 int sshkey_format_text(
const struct sshkey *,
struct sshbuf *);
220 int sshkey_write(
const struct sshkey *, FILE *);
221 int sshkey_read(
struct sshkey *,
char **);
222 u_int sshkey_size(
const struct sshkey *);
224 int sshkey_generate(
int type, u_int bits,
struct sshkey **keyp);
225 int sshkey_from_private(
const struct sshkey *,
struct sshkey **);
227 int sshkey_is_shielded(
struct sshkey *);
228 int sshkey_shield_private(
struct sshkey *);
229 int sshkey_unshield_private(
struct sshkey *);
231 int sshkey_type_from_name(
const char *);
232 int sshkey_is_private(
const struct sshkey *);
233 int sshkey_is_cert(
const struct sshkey *);
234 int sshkey_is_sk(
const struct sshkey *);
235 int sshkey_type_is_cert(
int);
236 int sshkey_type_plain(
int);
239 int sshkey_match_keyname_to_sigalgs(
const char *,
const char *);
241 int sshkey_to_certified(
struct sshkey *);
242 int sshkey_drop_cert(
struct sshkey *);
243 int sshkey_cert_copy(
const struct sshkey *,
struct sshkey *);
244 int sshkey_cert_check_authority(
const struct sshkey *,
int,
int,
int,
245 uint64_t,
const char *,
const char **);
246 int sshkey_cert_check_authority_now(
const struct sshkey *,
int,
int,
int,
247 const char *,
const char **);
248 int sshkey_cert_check_host(
const struct sshkey *,
const char *,
249 int ,
const char *,
const char **);
250 size_t sshkey_format_cert_validity(
const struct sshkey_cert *,
251 char *,
size_t) __attribute__((__bounded__(__string__, 2, 3)));
252 int sshkey_check_cert_sigtype(const struct sshkey *, const
char *);
254 int sshkey_certify(struct sshkey *, struct sshkey *,
255 const
char *, const
char *, const
char *);
257 typedef
int sshkey_certify_signer(struct sshkey *, u_char **,
size_t *,
258 const u_char *,
size_t, const
char *, const
char *, const
char *,
260 int sshkey_certify_custom(struct sshkey *, struct sshkey *, const
char *,
261 const
char *, const
char *, sshkey_certify_signer *,
void *);
263 int sshkey_ecdsa_nid_from_name(const
char *);
264 int sshkey_curve_name_to_nid(const
char *);
265 const
char * sshkey_curve_nid_to_name(
int);
266 u_int sshkey_curve_nid_to_bits(
int);
267 int sshkey_ecdsa_bits_to_nid(
int);
268 int sshkey_ecdsa_key_to_nid(EC_KEY *);
269 int sshkey_ec_nid_to_hash_alg(
int nid);
270 int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *);
271 int sshkey_ec_validate_private(const EC_KEY *);
272 const
char *sshkey_ssh_name(const struct sshkey *);
273 const
char *sshkey_ssh_name_plain(const struct sshkey *);
274 int sshkey_names_valid2(const
char *,
int);
275 char *sshkey_alg_list(
int,
int,
int,
char);
276 int sshkey_calculate_signature(EVP_PKEY*,
int, u_char **,
277 int *, const u_char *,
size_t);
278 int sshkey_verify_signature(EVP_PKEY *,
int, const u_char *,
279 size_t, u_char *,
int);
281 int sshkey_from_blob(const u_char *,
size_t, struct sshkey **);
282 int sshkey_fromb(struct sshbuf *, struct sshkey **);
283 int sshkey_froms(struct sshbuf *, struct sshkey **);
284 int sshkey_to_blob(const struct sshkey *, u_char **,
size_t *);
285 int sshkey_to_base64(const struct sshkey *,
char **);
286 int sshkey_putb(const struct sshkey *, struct sshbuf *);
287 int sshkey_puts(const struct sshkey *, struct sshbuf *);
288 int sshkey_puts_opts(const struct sshkey *, struct sshbuf *,
289 enum sshkey_serialize_rep);
290 int sshkey_plain_to_blob(const struct sshkey *, u_char **,
size_t *);
291 int sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
293 int sshkey_sign(struct sshkey *, u_char **,
size_t *,
294 const u_char *,
size_t, const
char *, const
char *, const
char *, u_int);
295 int sshkey_verify(const struct sshkey *, const u_char *,
size_t,
296 const u_char *,
size_t, const
char *, u_int, struct sshkey_sig_details **);
297 int sshkey_check_sigtype(const u_char *,
size_t, const
char *);
298 const
char *sshkey_sigalg_by_name(const
char *);
299 int sshkey_get_sigtype(const u_char *,
size_t,
char **);
302 void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);
303 void sshkey_dump_ec_key(const EC_KEY *);
306 int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf);
307 int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf,
308 enum sshkey_serialize_rep);
309 int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp);
312 int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
313 const
char *passphrase, const
char *comment,
314 int format, const
char *openssh_format_cipher,
int openssh_format_rounds);
315 int sshkey_parse_private_fileblob(struct sshbuf *buffer,
316 const
char *passphrase, struct sshkey **keyp,
char **commentp);
317 int sshkey_parse_private_fileblob_type(struct sshbuf *blob,
int type,
318 const
char *passphrase, struct sshkey **keyp,
char **commentp);
319 int sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob,
320 int type, struct sshkey **pubkeyp);
322 int sshkey_check_rsa_length(const struct sshkey *,
int);
324 int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *);
327 int sshkey_set_filename(struct sshkey *, const
char *);
328 int sshkey_enable_maxsign(struct sshkey *, u_int32_t);
329 u_int32_t sshkey_signatures_left(const struct sshkey *);
330 int sshkey_forward_state(const struct sshkey *, u_int32_t,
int);
331 int sshkey_private_serialize_maxsign(struct sshkey *key,
332 struct sshbuf *buf, u_int32_t maxsign,
int);
334 void sshkey_sig_details_free(struct sshkey_sig_details *);
337 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
338 EVP_PKEY *sshkey_create_evp(OSSL_PARAM_BLD *, EVP_PKEY_CTX *);
339 int ssh_create_evp_dss(
const struct sshkey *, EVP_PKEY **);
340 int ssh_create_evp_rsa(
const struct sshkey *, EVP_PKEY **);
341 int ssh_create_evp_ec(EC_KEY *,
int, EVP_PKEY **);
345 #ifdef SSHKEY_INTERNAL
346 int sshkey_sk_fields_equal(
const struct sshkey *a,
const struct sshkey *b);
347 void sshkey_sk_cleanup(
struct sshkey *k);
348 int sshkey_serialize_sk(
const struct sshkey *key,
struct sshbuf *b);
349 int sshkey_copy_public_sk(
const struct sshkey *from,
struct sshkey *to);
350 int sshkey_deserialize_sk(
struct sshbuf *b,
struct sshkey *key);
351 int sshkey_serialize_private_sk(
const struct sshkey *key,
353 int sshkey_private_deserialize_sk(
struct sshbuf *buf,
struct sshkey *k);
355 int check_rsa_length(
const RSA *rsa);
360 int pkcs11_get_ecdsa_idx(
void);
363 #if !defined(WITH_OPENSSL)
369 #elif !defined(OPENSSL_HAS_ECC)