25#include "libssh/priv.h" 
   26#ifdef HAVE_OPENSSL_EC_H 
   27#include <openssl/ec.h> 
   29#ifdef HAVE_OPENSSL_ECDSA_H 
   30#include <openssl/ecdsa.h> 
   33#include <openssl/evp.h> 
   35#include "libssh/crypto.h" 
   39#define ED25519_SIG_LEN 64 
   41#include "libssh/ed25519.h" 
   44#define ED25519_KEY_LEN 32 
   46#define MAX_PUBKEY_SIZE 0x100000  
   47#define MAX_PRIVKEY_SIZE 0x400000  
   49#define SSH_KEY_FLAG_EMPTY   0x0 
   50#define SSH_KEY_FLAG_PUBLIC  0x0001 
   51#define SSH_KEY_FLAG_PRIVATE 0x0002 
   52#define SSH_KEY_FLAG_PKCS11_URI 0x0004 
   54struct ssh_key_struct {
 
   55    enum ssh_keytypes_e type;
 
   59#if defined(HAVE_LIBGCRYPT) 
   62#elif defined(HAVE_LIBMBEDCRYPTO) 
   63    mbedtls_pk_context *pk;
 
   64    mbedtls_ecdsa_context *ecdsa;
 
   65#elif defined(HAVE_LIBCRYPTO) 
   69    uint8_t *ed25519_pubkey;
 
   70    uint8_t *ed25519_privkey;
 
   73    ed25519_pubkey *ed25519_pubkey;
 
   74    ed25519_privkey *ed25519_privkey;
 
   76    ssh_string sk_application;
 
   78    enum ssh_keytypes_e cert_type;
 
   81struct ssh_signature_struct {
 
   82    enum ssh_keytypes_e type;
 
   83    enum ssh_digest_e hash_type;
 
   85#if defined(HAVE_LIBGCRYPT) 
   87    gcry_sexp_t ecdsa_sig;
 
   88#elif defined(HAVE_LIBMBEDCRYPTO) 
   90    struct mbedtls_ecdsa_sig ecdsa_sig;
 
   93    ed25519_signature *ed25519_sig;
 
  102typedef struct ssh_signature_struct *ssh_signature;
 
  113                                enum ssh_keytypes_e type);
 
  117                                       enum ssh_keytypes_e type);
 
  118enum ssh_digest_e ssh_key_hash_from_name(
const char *name);
 
  120#define is_ecdsa_key_type(t) \ 
  121    ((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521) 
  123#define is_cert_type(kt)\ 
  124    ((kt) == SSH_KEYTYPE_RSA_CERT01 ||\ 
  125     (kt) == SSH_KEYTYPE_SK_ECDSA_CERT01 ||\ 
  126     (kt) == SSH_KEYTYPE_SK_ED25519_CERT01 ||\ 
  127    ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\ 
  128     (kt) <= SSH_KEYTYPE_ED25519_CERT01)) 
  131ssh_signature ssh_signature_new(
void);
 
  132void ssh_signature_free(ssh_signature sign);
 
  133#define SSH_SIGNATURE_FREE(x) \ 
  134    do { ssh_signature_free(x); x = NULL; } while(0) 
  136int ssh_pki_export_signature_blob(
const ssh_signature sign,
 
  137                                  ssh_string *sign_blob);
 
  138int ssh_pki_import_signature_blob(
const ssh_string sig_blob,
 
  139                                  const ssh_key pubkey,
 
  140                                  ssh_signature *psig);
 
  141int ssh_pki_signature_verify(ssh_session session,
 
  144                             const unsigned char *digest,
 
  148int ssh_pki_export_pubkey_blob(
const ssh_key key,
 
  150int ssh_pki_import_pubkey_blob(
const ssh_string key_blob,
 
  153int ssh_pki_import_cert_blob(
const ssh_string cert_blob,
 
  157int ssh_pki_export_privkey_blob(
const ssh_key key,
 
  162ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
 
  163    const ssh_key privatekey, 
enum ssh_digest_e hash_type);
 
  164ssh_string ssh_pki_do_sign_agent(ssh_session session,
 
  165                                 struct ssh_buffer_struct *buf,
 
  166                                 const ssh_key pubkey);
 
  167ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
 
  168                                         const ssh_key privkey,
 
  169                                         const enum ssh_digest_e digest);
 
  172ssh_public_key ssh_pki_convert_key_to_publickey(
const ssh_key key);
 
  173ssh_private_key ssh_pki_convert_key_to_privatekey(
const ssh_key key);
 
  179int ssh_key_size(ssh_key key);
 
  182#ifdef WITH_PKCS11_URI 
  183bool ssh_pki_is_uri(
const char *filename);
 
  184char *ssh_pki_export_pub_uri_from_priv_uri(
const char *priv_uri);
 
enum ssh_digest_e ssh_key_type_to_hash(ssh_session session, enum ssh_keytypes_e type)
Convert a key type to a hash type. This is usually unambiguous for all the key types,...
Definition pki.c:424
enum ssh_keytypes_e ssh_key_type_plain(enum ssh_keytypes_e type)
Get the public key type corresponding to a certificate type.
Definition pki.c:595
enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name)
Convert a ssh key algorithm name to a ssh key algorithm type.
Definition pki.c:524
int ssh_key_algorithm_allowed(ssh_session session, const char *type)
Checks the given key against the configured allowed public key algorithm types.
Definition pki.c:345
void ssh_key_clean(ssh_key key)
clean up the key and deallocate all existing keys
Definition pki.c:139
const char * ssh_key_get_signature_algorithm(ssh_session session, enum ssh_keytypes_e type)
Gets signature algorithm name to be used with the given key type.
Definition pki.c:492
bool ssh_key_size_allowed(ssh_session session, ssh_key key)
Check the given key is acceptable in regards to the key size policy specified by the configuration.
Definition pki.c:399