00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #ifndef PKI_PRIV_H_
00022 #define PKI_PRIV_H_
00023
00024 #include "libssh/pki.h"
00025
00026
00027 int bcrypt_pbkdf(const char *pass,
00028 size_t passlen,
00029 const uint8_t *salt,
00030 size_t saltlen,
00031 uint8_t *key,
00032 size_t keylen,
00033 unsigned int rounds);
00034
00035 #define RSA_HEADER_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
00036 #define RSA_HEADER_END "-----END RSA PRIVATE KEY-----"
00037 #define DSA_HEADER_BEGIN "-----BEGIN DSA PRIVATE KEY-----"
00038 #define DSA_HEADER_END "-----END DSA PRIVATE KEY-----"
00039 #define ECDSA_HEADER_BEGIN "-----BEGIN EC PRIVATE KEY-----"
00040 #define ECDSA_HEADER_END "-----END EC PRIVATE KEY-----"
00041 #define OPENSSH_HEADER_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----"
00042 #define OPENSSH_HEADER_END "-----END OPENSSH PRIVATE KEY-----"
00043
00044 #define OPENSSH_AUTH_MAGIC "openssh-key-v1"
00045
00046 #define ssh_pki_log(...) \
00047 _ssh_log(SSH_LOG_FUNCTIONS, __func__, __VA_ARGS__)
00048 void _ssh_pki_log(const char *function,
00049 const char *format, ...) PRINTF_ATTRIBUTE(2, 3);
00050
00051 int pki_key_ecdsa_nid_from_name(const char *name);
00052 const char *pki_key_ecdsa_nid_to_name(int nid);
00053
00054
00055 ssh_key pki_key_dup(const ssh_key key, int demote);
00056 int pki_key_generate_rsa(ssh_key key, int parameter);
00057 int pki_key_generate_dss(ssh_key key, int parameter);
00058 int pki_key_generate_ecdsa(ssh_key key, int parameter);
00059 int pki_key_generate_ed25519(ssh_key key);
00060
00061 int pki_key_compare(const ssh_key k1,
00062 const ssh_key k2,
00063 enum ssh_keycmp_e what);
00064
00065
00066 enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey);
00067 ssh_key pki_private_key_from_base64(const char *b64_key,
00068 const char *passphrase,
00069 ssh_auth_callback auth_fn,
00070 void *auth_data);
00071
00072 ssh_string pki_private_key_to_pem(const ssh_key key,
00073 const char *passphrase,
00074 ssh_auth_callback auth_fn,
00075 void *auth_data);
00076
00077
00078 int pki_pubkey_build_dss(ssh_key key,
00079 ssh_string p,
00080 ssh_string q,
00081 ssh_string g,
00082 ssh_string pubkey);
00083 int pki_pubkey_build_rsa(ssh_key key,
00084 ssh_string e,
00085 ssh_string n);
00086 int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e);
00087 ssh_string pki_publickey_to_blob(const ssh_key key);
00088 int pki_export_pubkey_rsa1(const ssh_key key,
00089 const char *host,
00090 char *rsa1,
00091 size_t rsa1_len);
00092
00093
00094 ssh_string pki_signature_to_blob(const ssh_signature sign);
00095 ssh_signature pki_signature_from_blob(const ssh_key pubkey,
00096 const ssh_string sig_blob,
00097 enum ssh_keytypes_e type);
00098 int pki_signature_verify(ssh_session session,
00099 const ssh_signature sig,
00100 const ssh_key key,
00101 const unsigned char *hash,
00102 size_t hlen);
00103
00104
00105 ssh_signature pki_do_sign(const ssh_key privkey,
00106 const unsigned char *hash,
00107 size_t hlen);
00108 ssh_signature pki_do_sign_sessionid(const ssh_key key,
00109 const unsigned char *hash,
00110 size_t hlen);
00111 int pki_ed25519_sign(const ssh_key privkey, ssh_signature sig,
00112 const unsigned char *hash, size_t hlen);
00113 int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig,
00114 const unsigned char *hash, size_t hlen);
00115 int pki_ed25519_key_cmp(const ssh_key k1,
00116 const ssh_key k2,
00117 enum ssh_keycmp_e what);
00118 int pki_ed25519_key_dup(ssh_key new, const ssh_key key);
00119 int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key);
00120 ssh_string pki_ed25519_sig_to_blob(ssh_signature sig);
00121 int pki_ed25519_sig_from_blob(ssh_signature sig, ssh_string sig_blob);
00122
00123
00124 ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
00125 const char *passphrase, ssh_auth_callback auth_fn, void *auth_data);
00126 ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
00127 const char *passphrase, ssh_auth_callback auth_fn, void *auth_data);
00128
00129 #endif