libssh  0.6.3
pki.h
1 /*
2  * This file is part of the SSH Library
3  *
4  * Copyright (c) 2010 by Aris Adamantiadis
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 #ifndef PKI_H_
22 #define PKI_H_
23 
24 #ifdef HAVE_OPENSSL_EC_H
25 #include <openssl/ec.h>
26 #endif
27 #ifdef HAVE_OPENSSL_ECDSA_H
28 #include <openssl/ecdsa.h>
29 #endif
30 
31 #include "libssh/crypto.h"
32 
33 #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
34 #define MAX_PRIVKEY_SIZE 0x400000 /* 4M */
35 
36 #define SSH_KEY_FLAG_EMPTY 0x0
37 #define SSH_KEY_FLAG_PUBLIC 0x0001
38 #define SSH_KEY_FLAG_PRIVATE 0x0002
39 
40 struct ssh_key_struct {
41  enum ssh_keytypes_e type;
42  int flags;
43  const char *type_c; /* Don't free it ! it is static */
44  int ecdsa_nid;
45 #ifdef HAVE_LIBGCRYPT
46  gcry_sexp_t dsa;
47  gcry_sexp_t rsa;
48  void *ecdsa;
49 #elif HAVE_LIBCRYPTO
50  DSA *dsa;
51  RSA *rsa;
52 #ifdef HAVE_OPENSSL_ECC
53  EC_KEY *ecdsa;
54 #else
55  void *ecdsa;
56 #endif /* HAVE_OPENSSL_EC_H */
57 #endif
58  void *cert;
59 };
60 
61 struct ssh_signature_struct {
62  enum ssh_keytypes_e type;
63  const char *type_c;
64 #ifdef HAVE_LIBGCRYPT
65  gcry_sexp_t dsa_sig;
66  gcry_sexp_t rsa_sig;
67  void *ecdsa_sig;
68 #elif defined HAVE_LIBCRYPTO
69  DSA_SIG *dsa_sig;
70  ssh_string rsa_sig;
71 # ifdef HAVE_OPENSSL_ECC
72  ECDSA_SIG *ecdsa_sig;
73 # else
74  void *ecdsa_sig;
75 # endif
76 #endif
77 };
78 
79 typedef struct ssh_signature_struct *ssh_signature;
80 
81 /* SSH Key Functions */
82 ssh_key ssh_key_dup(const ssh_key key);
83 void ssh_key_clean (ssh_key key);
84 
85 /* SSH Signature Functions */
86 ssh_signature ssh_signature_new(void);
87 void ssh_signature_free(ssh_signature sign);
88 
89 int ssh_pki_export_signature_blob(const ssh_signature sign,
90  ssh_string *sign_blob);
91 int ssh_pki_import_signature_blob(const ssh_string sig_blob,
92  const ssh_key pubkey,
93  ssh_signature *psig);
94 int ssh_pki_signature_verify_blob(ssh_session session,
95  ssh_string sig_blob,
96  const ssh_key key,
97  unsigned char *digest,
98  size_t dlen);
99 
100 /* SSH Public Key Functions */
101 int ssh_pki_export_pubkey_blob(const ssh_key key,
102  ssh_string *pblob);
103 int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
104  ssh_key *pkey);
105 int ssh_pki_export_pubkey_rsa1(const ssh_key key,
106  const char *host,
107  char *rsa1,
108  size_t rsa1_len);
109 
110 /* SSH Signing Functions */
111 ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
112  const ssh_key privatekey);
113 ssh_string ssh_pki_do_sign_agent(ssh_session session,
114  struct ssh_buffer_struct *buf,
115  const ssh_key pubkey);
116 ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
117  const ssh_key privkey);
118 
119 /* Temporary functions, to be removed after migration to ssh_key */
120 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key);
121 ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key);
122 
123 #endif /* PKI_H_ */