1*ba1276acSMatthew Dillon /* $OpenBSD: sshkey.h,v 1.63 2024/05/17 06:42:04 jsg Exp $ */ 236e94dc5SPeter Avalos 336e94dc5SPeter Avalos /* 436e94dc5SPeter Avalos * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 536e94dc5SPeter Avalos * 636e94dc5SPeter Avalos * Redistribution and use in source and binary forms, with or without 736e94dc5SPeter Avalos * modification, are permitted provided that the following conditions 836e94dc5SPeter Avalos * are met: 936e94dc5SPeter Avalos * 1. Redistributions of source code must retain the above copyright 1036e94dc5SPeter Avalos * notice, this list of conditions and the following disclaimer. 1136e94dc5SPeter Avalos * 2. Redistributions in binary form must reproduce the above copyright 1236e94dc5SPeter Avalos * notice, this list of conditions and the following disclaimer in the 1336e94dc5SPeter Avalos * documentation and/or other materials provided with the distribution. 1436e94dc5SPeter Avalos * 1536e94dc5SPeter Avalos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1636e94dc5SPeter Avalos * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1736e94dc5SPeter Avalos * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1836e94dc5SPeter Avalos * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1936e94dc5SPeter Avalos * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 2036e94dc5SPeter Avalos * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2136e94dc5SPeter Avalos * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2236e94dc5SPeter Avalos * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2336e94dc5SPeter Avalos * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2436e94dc5SPeter Avalos * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2536e94dc5SPeter Avalos */ 2636e94dc5SPeter Avalos #ifndef SSHKEY_H 2736e94dc5SPeter Avalos #define SSHKEY_H 2836e94dc5SPeter Avalos 2936e94dc5SPeter Avalos #include <sys/types.h> 3036e94dc5SPeter Avalos 3136e94dc5SPeter Avalos #ifdef WITH_OPENSSL 3236e94dc5SPeter Avalos #include <openssl/rsa.h> 3336e94dc5SPeter Avalos #include <openssl/dsa.h> 3436e94dc5SPeter Avalos # ifdef OPENSSL_HAS_ECC 3536e94dc5SPeter Avalos # include <openssl/ec.h> 36664f4763Szrj # include <openssl/ecdsa.h> 3736e94dc5SPeter Avalos # else /* OPENSSL_HAS_ECC */ 3836e94dc5SPeter Avalos # define EC_KEY void 3936e94dc5SPeter Avalos # define EC_GROUP void 4036e94dc5SPeter Avalos # define EC_POINT void 4136e94dc5SPeter Avalos # endif /* OPENSSL_HAS_ECC */ 4250a69bb5SSascha Wildner #define SSH_OPENSSL_VERSION OpenSSL_version(OPENSSL_VERSION) 4336e94dc5SPeter Avalos #else /* WITH_OPENSSL */ 44664f4763Szrj # define BIGNUM void 4536e94dc5SPeter Avalos # define RSA void 4636e94dc5SPeter Avalos # define DSA void 4736e94dc5SPeter Avalos # define EC_KEY void 4836e94dc5SPeter Avalos # define EC_GROUP void 4936e94dc5SPeter Avalos # define EC_POINT void 5050a69bb5SSascha Wildner #define SSH_OPENSSL_VERSION "without OpenSSL" 5136e94dc5SPeter Avalos #endif /* WITH_OPENSSL */ 5236e94dc5SPeter Avalos 53ce74bacaSMatthew Dillon #define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 5436e94dc5SPeter Avalos #define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) 5536e94dc5SPeter Avalos 5636e94dc5SPeter Avalos struct sshbuf; 5736e94dc5SPeter Avalos 5836e94dc5SPeter Avalos /* Key types */ 5936e94dc5SPeter Avalos enum sshkey_types { 6036e94dc5SPeter Avalos KEY_RSA, 6136e94dc5SPeter Avalos KEY_DSA, 6236e94dc5SPeter Avalos KEY_ECDSA, 6336e94dc5SPeter Avalos KEY_ED25519, 6436e94dc5SPeter Avalos KEY_RSA_CERT, 6536e94dc5SPeter Avalos KEY_DSA_CERT, 6636e94dc5SPeter Avalos KEY_ECDSA_CERT, 6736e94dc5SPeter Avalos KEY_ED25519_CERT, 68664f4763Szrj KEY_XMSS, 69664f4763Szrj KEY_XMSS_CERT, 700cbfa66cSDaniel Fojt KEY_ECDSA_SK, 710cbfa66cSDaniel Fojt KEY_ECDSA_SK_CERT, 720cbfa66cSDaniel Fojt KEY_ED25519_SK, 730cbfa66cSDaniel Fojt KEY_ED25519_SK_CERT, 7436e94dc5SPeter Avalos KEY_UNSPEC 7536e94dc5SPeter Avalos }; 7636e94dc5SPeter Avalos 77e9778795SPeter Avalos /* Default fingerprint hash */ 78e9778795SPeter Avalos #define SSH_FP_HASH_DEFAULT SSH_DIGEST_SHA256 7936e94dc5SPeter Avalos 8036e94dc5SPeter Avalos /* Fingerprint representation formats */ 8136e94dc5SPeter Avalos enum sshkey_fp_rep { 82e9778795SPeter Avalos SSH_FP_DEFAULT = 0, 8336e94dc5SPeter Avalos SSH_FP_HEX, 84e9778795SPeter Avalos SSH_FP_BASE64, 8536e94dc5SPeter Avalos SSH_FP_BUBBLEBABBLE, 8636e94dc5SPeter Avalos SSH_FP_RANDOMART 8736e94dc5SPeter Avalos }; 8836e94dc5SPeter Avalos 89664f4763Szrj /* Private key serialisation formats, used on the wire */ 90664f4763Szrj enum sshkey_serialize_rep { 91664f4763Szrj SSHKEY_SERIALIZE_DEFAULT = 0, 920cbfa66cSDaniel Fojt SSHKEY_SERIALIZE_STATE = 1, /* only state is serialized */ 930cbfa66cSDaniel Fojt SSHKEY_SERIALIZE_FULL = 2, /* include keys for saving to disk */ 940cbfa66cSDaniel Fojt SSHKEY_SERIALIZE_SHIELD = 3, /* everything, for encrypting in ram */ 950cbfa66cSDaniel Fojt SSHKEY_SERIALIZE_INFO = 254, /* minimal information */ 960cbfa66cSDaniel Fojt }; 970cbfa66cSDaniel Fojt 980cbfa66cSDaniel Fojt /* Private key disk formats */ 990cbfa66cSDaniel Fojt enum sshkey_private_format { 1000cbfa66cSDaniel Fojt SSHKEY_PRIVATE_OPENSSH = 0, 1010cbfa66cSDaniel Fojt SSHKEY_PRIVATE_PEM = 1, 1020cbfa66cSDaniel Fojt SSHKEY_PRIVATE_PKCS8 = 2, 103664f4763Szrj }; 104664f4763Szrj 10536e94dc5SPeter Avalos /* key is stored in external hardware */ 10636e94dc5SPeter Avalos #define SSHKEY_FLAG_EXT 0x0001 10736e94dc5SPeter Avalos 10836e94dc5SPeter Avalos #define SSHKEY_CERT_MAX_PRINCIPALS 256 10936e94dc5SPeter Avalos /* XXX opaquify? */ 11036e94dc5SPeter Avalos struct sshkey_cert { 11136e94dc5SPeter Avalos struct sshbuf *certblob; /* Kept around for use on wire */ 11236e94dc5SPeter Avalos u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ 11336e94dc5SPeter Avalos u_int64_t serial; 11436e94dc5SPeter Avalos char *key_id; 11536e94dc5SPeter Avalos u_int nprincipals; 11636e94dc5SPeter Avalos char **principals; 11736e94dc5SPeter Avalos u_int64_t valid_after, valid_before; 11836e94dc5SPeter Avalos struct sshbuf *critical; 11936e94dc5SPeter Avalos struct sshbuf *extensions; 12036e94dc5SPeter Avalos struct sshkey *signature_key; 121664f4763Szrj char *signature_type; 12236e94dc5SPeter Avalos }; 12336e94dc5SPeter Avalos 12436e94dc5SPeter Avalos /* XXX opaquify? */ 12536e94dc5SPeter Avalos struct sshkey { 12636e94dc5SPeter Avalos int type; 12736e94dc5SPeter Avalos int flags; 1280cbfa66cSDaniel Fojt /* KEY_RSA */ 12936e94dc5SPeter Avalos RSA *rsa; 1300cbfa66cSDaniel Fojt /* KEY_DSA */ 13136e94dc5SPeter Avalos DSA *dsa; 1320cbfa66cSDaniel Fojt /* KEY_ECDSA and KEY_ECDSA_SK */ 13336e94dc5SPeter Avalos int ecdsa_nid; /* NID of curve */ 13436e94dc5SPeter Avalos EC_KEY *ecdsa; 1350cbfa66cSDaniel Fojt /* KEY_ED25519 and KEY_ED25519_SK */ 13636e94dc5SPeter Avalos u_char *ed25519_sk; 13736e94dc5SPeter Avalos u_char *ed25519_pk; 1380cbfa66cSDaniel Fojt /* KEY_XMSS */ 139664f4763Szrj char *xmss_name; 140664f4763Szrj char *xmss_filename; /* for state file updates */ 141664f4763Szrj void *xmss_state; /* depends on xmss_name, opaque */ 142664f4763Szrj u_char *xmss_sk; 143664f4763Szrj u_char *xmss_pk; 1440cbfa66cSDaniel Fojt /* KEY_ECDSA_SK and KEY_ED25519_SK */ 1450cbfa66cSDaniel Fojt char *sk_application; 1460cbfa66cSDaniel Fojt uint8_t sk_flags; 1470cbfa66cSDaniel Fojt struct sshbuf *sk_key_handle; 1480cbfa66cSDaniel Fojt struct sshbuf *sk_reserved; 1490cbfa66cSDaniel Fojt /* Certificates */ 15036e94dc5SPeter Avalos struct sshkey_cert *cert; 1510cbfa66cSDaniel Fojt /* Private key shielding */ 1520cbfa66cSDaniel Fojt u_char *shielded_private; 1530cbfa66cSDaniel Fojt size_t shielded_len; 1540cbfa66cSDaniel Fojt u_char *shield_prekey; 1550cbfa66cSDaniel Fojt size_t shield_prekey_len; 15636e94dc5SPeter Avalos }; 15736e94dc5SPeter Avalos 15836e94dc5SPeter Avalos #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES 15936e94dc5SPeter Avalos #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES 16036e94dc5SPeter Avalos 1610cbfa66cSDaniel Fojt /* Additional fields contained in signature */ 1620cbfa66cSDaniel Fojt struct sshkey_sig_details { 1630cbfa66cSDaniel Fojt uint32_t sk_counter; /* U2F signature counter */ 1640cbfa66cSDaniel Fojt uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */ 1650cbfa66cSDaniel Fojt }; 1660cbfa66cSDaniel Fojt 167*ba1276acSMatthew Dillon struct sshkey_impl_funcs { 168*ba1276acSMatthew Dillon u_int (*size)(const struct sshkey *); /* optional */ 169*ba1276acSMatthew Dillon int (*alloc)(struct sshkey *); /* optional */ 170*ba1276acSMatthew Dillon void (*cleanup)(struct sshkey *); /* optional */ 171*ba1276acSMatthew Dillon int (*equal)(const struct sshkey *, const struct sshkey *); 172*ba1276acSMatthew Dillon int (*serialize_public)(const struct sshkey *, struct sshbuf *, 173*ba1276acSMatthew Dillon enum sshkey_serialize_rep); 174*ba1276acSMatthew Dillon int (*deserialize_public)(const char *, struct sshbuf *, 175*ba1276acSMatthew Dillon struct sshkey *); 176*ba1276acSMatthew Dillon int (*serialize_private)(const struct sshkey *, struct sshbuf *, 177*ba1276acSMatthew Dillon enum sshkey_serialize_rep); 178*ba1276acSMatthew Dillon int (*deserialize_private)(const char *, struct sshbuf *, 179*ba1276acSMatthew Dillon struct sshkey *); 180*ba1276acSMatthew Dillon int (*generate)(struct sshkey *, int); /* optional */ 181*ba1276acSMatthew Dillon int (*copy_public)(const struct sshkey *, struct sshkey *); 182*ba1276acSMatthew Dillon int (*sign)(struct sshkey *, u_char **, size_t *, 183*ba1276acSMatthew Dillon const u_char *, size_t, const char *, 184*ba1276acSMatthew Dillon const char *, const char *, u_int); /* optional */ 185*ba1276acSMatthew Dillon int (*verify)(const struct sshkey *, const u_char *, size_t, 186*ba1276acSMatthew Dillon const u_char *, size_t, const char *, u_int, 187*ba1276acSMatthew Dillon struct sshkey_sig_details **); 188*ba1276acSMatthew Dillon }; 189*ba1276acSMatthew Dillon 190*ba1276acSMatthew Dillon struct sshkey_impl { 191*ba1276acSMatthew Dillon const char *name; 192*ba1276acSMatthew Dillon const char *shortname; 193*ba1276acSMatthew Dillon const char *sigalg; 194*ba1276acSMatthew Dillon int type; 195*ba1276acSMatthew Dillon int nid; 196*ba1276acSMatthew Dillon int cert; 197*ba1276acSMatthew Dillon int sigonly; 198*ba1276acSMatthew Dillon int keybits; 199*ba1276acSMatthew Dillon const struct sshkey_impl_funcs *funcs; 200*ba1276acSMatthew Dillon }; 201*ba1276acSMatthew Dillon 20236e94dc5SPeter Avalos struct sshkey *sshkey_new(int); 20336e94dc5SPeter Avalos void sshkey_free(struct sshkey *); 20436e94dc5SPeter Avalos int sshkey_equal_public(const struct sshkey *, 20536e94dc5SPeter Avalos const struct sshkey *); 20636e94dc5SPeter Avalos int sshkey_equal(const struct sshkey *, const struct sshkey *); 20736e94dc5SPeter Avalos char *sshkey_fingerprint(const struct sshkey *, 208e9778795SPeter Avalos int, enum sshkey_fp_rep); 20936e94dc5SPeter Avalos int sshkey_fingerprint_raw(const struct sshkey *k, 210e9778795SPeter Avalos int, u_char **retp, size_t *lenp); 21136e94dc5SPeter Avalos const char *sshkey_type(const struct sshkey *); 21236e94dc5SPeter Avalos const char *sshkey_cert_type(const struct sshkey *); 213ce74bacaSMatthew Dillon int sshkey_format_text(const struct sshkey *, struct sshbuf *); 21436e94dc5SPeter Avalos int sshkey_write(const struct sshkey *, FILE *); 21536e94dc5SPeter Avalos int sshkey_read(struct sshkey *, char **); 21636e94dc5SPeter Avalos u_int sshkey_size(const struct sshkey *); 21736e94dc5SPeter Avalos 21836e94dc5SPeter Avalos int sshkey_generate(int type, u_int bits, struct sshkey **keyp); 21936e94dc5SPeter Avalos int sshkey_from_private(const struct sshkey *, struct sshkey **); 2200cbfa66cSDaniel Fojt 2210cbfa66cSDaniel Fojt int sshkey_is_shielded(struct sshkey *); 2220cbfa66cSDaniel Fojt int sshkey_shield_private(struct sshkey *); 2230cbfa66cSDaniel Fojt int sshkey_unshield_private(struct sshkey *); 2240cbfa66cSDaniel Fojt 22536e94dc5SPeter Avalos int sshkey_type_from_name(const char *); 22636e94dc5SPeter Avalos int sshkey_is_cert(const struct sshkey *); 2270cbfa66cSDaniel Fojt int sshkey_is_sk(const struct sshkey *); 22836e94dc5SPeter Avalos int sshkey_type_is_cert(int); 22936e94dc5SPeter Avalos int sshkey_type_plain(int); 230ee116499SAntonio Huete Jimenez 231ee116499SAntonio Huete Jimenez /* Returns non-zero if key name match sigalgs pattern list. (handles RSA) */ 232ee116499SAntonio Huete Jimenez int sshkey_match_keyname_to_sigalgs(const char *, const char *); 233ee116499SAntonio Huete Jimenez 234e9778795SPeter Avalos int sshkey_to_certified(struct sshkey *); 23536e94dc5SPeter Avalos int sshkey_drop_cert(struct sshkey *); 23636e94dc5SPeter Avalos int sshkey_cert_copy(const struct sshkey *, struct sshkey *); 23750a69bb5SSascha Wildner int sshkey_cert_check_authority(const struct sshkey *, int, int, int, 23850a69bb5SSascha Wildner uint64_t, const char *, const char **); 23950a69bb5SSascha Wildner int sshkey_cert_check_authority_now(const struct sshkey *, int, int, int, 24036e94dc5SPeter Avalos const char *, const char **); 24150a69bb5SSascha Wildner int sshkey_cert_check_host(const struct sshkey *, const char *, 24250a69bb5SSascha Wildner int , const char *, const char **); 243e9778795SPeter Avalos size_t sshkey_format_cert_validity(const struct sshkey_cert *, 244e9778795SPeter Avalos char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); 245664f4763Szrj int sshkey_check_cert_sigtype(const struct sshkey *, const char *); 24636e94dc5SPeter Avalos 2470cbfa66cSDaniel Fojt int sshkey_certify(struct sshkey *, struct sshkey *, 24850a69bb5SSascha Wildner const char *, const char *, const char *); 249ce74bacaSMatthew Dillon /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */ 2500cbfa66cSDaniel Fojt typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *, 25150a69bb5SSascha Wildner const u_char *, size_t, const char *, const char *, const char *, 25250a69bb5SSascha Wildner u_int, void *); 253ce74bacaSMatthew Dillon int sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *, 25450a69bb5SSascha Wildner const char *, const char *, sshkey_certify_signer *, void *); 255ce74bacaSMatthew Dillon 25636e94dc5SPeter Avalos int sshkey_ecdsa_nid_from_name(const char *); 25736e94dc5SPeter Avalos int sshkey_curve_name_to_nid(const char *); 25836e94dc5SPeter Avalos const char * sshkey_curve_nid_to_name(int); 25936e94dc5SPeter Avalos u_int sshkey_curve_nid_to_bits(int); 26036e94dc5SPeter Avalos int sshkey_ecdsa_bits_to_nid(int); 26136e94dc5SPeter Avalos int sshkey_ecdsa_key_to_nid(EC_KEY *); 26236e94dc5SPeter Avalos int sshkey_ec_nid_to_hash_alg(int nid); 26336e94dc5SPeter Avalos int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); 26436e94dc5SPeter Avalos int sshkey_ec_validate_private(const EC_KEY *); 26536e94dc5SPeter Avalos const char *sshkey_ssh_name(const struct sshkey *); 26636e94dc5SPeter Avalos const char *sshkey_ssh_name_plain(const struct sshkey *); 267*ba1276acSMatthew Dillon int sshkey_names_valid2(const char *, int, int); 268ce74bacaSMatthew Dillon char *sshkey_alg_list(int, int, int, char); 26936e94dc5SPeter Avalos 27036e94dc5SPeter Avalos int sshkey_from_blob(const u_char *, size_t, struct sshkey **); 271e9778795SPeter Avalos int sshkey_fromb(struct sshbuf *, struct sshkey **); 272e9778795SPeter Avalos int sshkey_froms(struct sshbuf *, struct sshkey **); 27336e94dc5SPeter Avalos int sshkey_to_blob(const struct sshkey *, u_char **, size_t *); 274e9778795SPeter Avalos int sshkey_to_base64(const struct sshkey *, char **); 275e9778795SPeter Avalos int sshkey_putb(const struct sshkey *, struct sshbuf *); 276e9778795SPeter Avalos int sshkey_puts(const struct sshkey *, struct sshbuf *); 277664f4763Szrj int sshkey_puts_opts(const struct sshkey *, struct sshbuf *, 278664f4763Szrj enum sshkey_serialize_rep); 27936e94dc5SPeter Avalos int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); 280e9778795SPeter Avalos int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); 28136e94dc5SPeter Avalos 2820cbfa66cSDaniel Fojt int sshkey_sign(struct sshkey *, u_char **, size_t *, 28350a69bb5SSascha Wildner const u_char *, size_t, const char *, const char *, const char *, u_int); 28436e94dc5SPeter Avalos int sshkey_verify(const struct sshkey *, const u_char *, size_t, 2850cbfa66cSDaniel Fojt const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **); 286664f4763Szrj int sshkey_check_sigtype(const u_char *, size_t, const char *); 287664f4763Szrj const char *sshkey_sigalg_by_name(const char *); 2880cbfa66cSDaniel Fojt int sshkey_get_sigtype(const u_char *, size_t, char **); 28936e94dc5SPeter Avalos 29036e94dc5SPeter Avalos /* for debug */ 29136e94dc5SPeter Avalos void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); 29236e94dc5SPeter Avalos void sshkey_dump_ec_key(const EC_KEY *); 29336e94dc5SPeter Avalos 29436e94dc5SPeter Avalos /* private key parsing and serialisation */ 2950cbfa66cSDaniel Fojt int sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf); 2960cbfa66cSDaniel Fojt int sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf, 297664f4763Szrj enum sshkey_serialize_rep); 29836e94dc5SPeter Avalos int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp); 29936e94dc5SPeter Avalos 30036e94dc5SPeter Avalos /* private key file format parsing and serialisation */ 30136e94dc5SPeter Avalos int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, 30236e94dc5SPeter Avalos const char *passphrase, const char *comment, 3030cbfa66cSDaniel Fojt int format, const char *openssh_format_cipher, int openssh_format_rounds); 30436e94dc5SPeter Avalos int sshkey_parse_private_fileblob(struct sshbuf *buffer, 305e9778795SPeter Avalos const char *passphrase, struct sshkey **keyp, char **commentp); 30636e94dc5SPeter Avalos int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, 30736e94dc5SPeter Avalos const char *passphrase, struct sshkey **keyp, char **commentp); 3080cbfa66cSDaniel Fojt int sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob, 3090cbfa66cSDaniel Fojt int type, struct sshkey **pubkeyp); 31036e94dc5SPeter Avalos 311ee116499SAntonio Huete Jimenez int sshkey_check_rsa_length(const struct sshkey *, int); 312ce74bacaSMatthew Dillon /* XXX should be internal, but used by ssh-keygen */ 313664f4763Szrj int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *); 314664f4763Szrj 315664f4763Szrj /* stateful keys (e.g. XMSS) */ 316664f4763Szrj int sshkey_set_filename(struct sshkey *, const char *); 317664f4763Szrj int sshkey_enable_maxsign(struct sshkey *, u_int32_t); 318664f4763Szrj u_int32_t sshkey_signatures_left(const struct sshkey *); 31950a69bb5SSascha Wildner int sshkey_private_serialize_maxsign(struct sshkey *key, 32050a69bb5SSascha Wildner struct sshbuf *buf, u_int32_t maxsign, int); 321ce74bacaSMatthew Dillon 3220cbfa66cSDaniel Fojt void sshkey_sig_details_free(struct sshkey_sig_details *); 3230cbfa66cSDaniel Fojt 32436e94dc5SPeter Avalos #ifdef SSHKEY_INTERNAL 325*ba1276acSMatthew Dillon int sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b); 326*ba1276acSMatthew Dillon void sshkey_sk_cleanup(struct sshkey *k); 327*ba1276acSMatthew Dillon int sshkey_serialize_sk(const struct sshkey *key, struct sshbuf *b); 328*ba1276acSMatthew Dillon int sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to); 329*ba1276acSMatthew Dillon int sshkey_deserialize_sk(struct sshbuf *b, struct sshkey *key); 330*ba1276acSMatthew Dillon int sshkey_serialize_private_sk(const struct sshkey *key, 331*ba1276acSMatthew Dillon struct sshbuf *buf); 332*ba1276acSMatthew Dillon int sshkey_private_deserialize_sk(struct sshbuf *buf, struct sshkey *k); 333*ba1276acSMatthew Dillon #ifdef WITH_OPENSSL 334*ba1276acSMatthew Dillon int check_rsa_length(const RSA *rsa); /* XXX remove */ 335*ba1276acSMatthew Dillon #endif 33636e94dc5SPeter Avalos #endif 33736e94dc5SPeter Avalos 33836e94dc5SPeter Avalos #if !defined(WITH_OPENSSL) 33936e94dc5SPeter Avalos # undef RSA 34036e94dc5SPeter Avalos # undef DSA 34136e94dc5SPeter Avalos # undef EC_KEY 34236e94dc5SPeter Avalos # undef EC_GROUP 34336e94dc5SPeter Avalos # undef EC_POINT 34436e94dc5SPeter Avalos #elif !defined(OPENSSL_HAS_ECC) 34536e94dc5SPeter Avalos # undef EC_KEY 34636e94dc5SPeter Avalos # undef EC_GROUP 34736e94dc5SPeter Avalos # undef EC_POINT 34836e94dc5SPeter Avalos #endif 34936e94dc5SPeter Avalos 35036e94dc5SPeter Avalos #endif /* SSHKEY_H */ 351