diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-08-15 02:51:51 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-08-15 04:07:59 +0200 |
| commit | 7bdfc20516e288b58c8c847958059c7b141eeff9 (patch) | |
| tree | c2058c785fc099f0e8741feeb6916e793c2792bc /sshkey.h | |
| parent | upstream: Reorder calloc arguments (diff) | |
| download | openssh-7bdfc20516e288b58c8c847958059c7b141eeff9.tar.xz openssh-7bdfc20516e288b58c8c847958059c7b141eeff9.zip | |
upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.
DSA remains unconverted as it will be removed within six months.
Based on patches originally from Dmitry Belyavskiy, but significantly
reworked based on feedback from Bob Beck, Joel Sing and especially
Theo Buehler (apologies to anyone I've missed).
ok tb@
OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
Diffstat (limited to 'sshkey.h')
| -rw-r--r-- | sshkey.h | 26 |
1 files changed, 20 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.63 2024/05/17 06:42:04 jsg Exp $ */ +/* $OpenBSD: sshkey.h,v 1.64 2024/08/15 00:51:51 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -31,6 +31,7 @@ #ifdef WITH_OPENSSL #include <openssl/rsa.h> #include <openssl/dsa.h> +#include <openssl/evp.h> # ifdef OPENSSL_HAS_ECC # include <openssl/ec.h> # include <openssl/ecdsa.h> @@ -47,6 +48,7 @@ # define EC_KEY void # define EC_GROUP void # define EC_POINT void +# define EVP_PKEY void #define SSH_OPENSSL_VERSION "without OpenSSL" #endif /* WITH_OPENSSL */ @@ -125,13 +127,12 @@ struct sshkey_cert { struct sshkey { int type; int flags; - /* KEY_RSA */ - RSA *rsa; /* KEY_DSA */ DSA *dsa; /* KEY_ECDSA and KEY_ECDSA_SK */ int ecdsa_nid; /* NID of curve */ - EC_KEY *ecdsa; + /* libcrypto-backed keys */ + EVP_PKEY *pkey; /* KEY_ED25519 and KEY_ED25519_SK */ u_char *ed25519_sk; u_char *ed25519_pk; @@ -258,7 +259,8 @@ int sshkey_curve_name_to_nid(const char *); const char * sshkey_curve_nid_to_name(int); u_int sshkey_curve_nid_to_bits(int); int sshkey_ecdsa_bits_to_nid(int); -int sshkey_ecdsa_key_to_nid(EC_KEY *); +int sshkey_ecdsa_key_to_nid(const EC_KEY *); +int sshkey_ecdsa_pkey_to_nid(EVP_PKEY *); int sshkey_ec_nid_to_hash_alg(int nid); int sshkey_ec_validate_public(const EC_GROUP *, const EC_POINT *); int sshkey_ec_validate_private(const EC_KEY *); @@ -287,6 +289,12 @@ int sshkey_check_sigtype(const u_char *, size_t, const char *); const char *sshkey_sigalg_by_name(const char *); int sshkey_get_sigtype(const u_char *, size_t, char **); +/* Signing and verification backend for libcrypto-backed keys */ +int sshkey_pkey_digest_sign(EVP_PKEY*, int, u_char **, + size_t *, const u_char *, size_t); +int sshkey_pkey_digest_verify(EVP_PKEY *, int, const u_char *, + size_t, u_char *, size_t); + /* for debug */ void sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *); void sshkey_dump_ec_key(const EC_KEY *); @@ -310,7 +318,8 @@ int sshkey_parse_pubkey_from_private_fileblob_type(struct sshbuf *blob, int sshkey_check_rsa_length(const struct sshkey *, int); /* XXX should be internal, but used by ssh-keygen */ -int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *); +int ssh_rsa_complete_crt_parameters(const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BIGNUM **, BIGNUM **); /* stateful keys (e.g. XMSS) */ int sshkey_set_filename(struct sshkey *, const char *); @@ -321,6 +330,10 @@ int sshkey_private_serialize_maxsign(struct sshkey *key, void sshkey_sig_details_free(struct sshkey_sig_details *); +#ifdef WITH_OPENSSL +int sshkey_ecdsa_fixup_group(EVP_PKEY *k); /* ssh-ecdsa.c */ +#endif + #ifdef SSHKEY_INTERNAL int sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b); void sshkey_sk_cleanup(struct sshkey *k); @@ -341,6 +354,7 @@ int check_rsa_length(const RSA *rsa); /* XXX remove */ # undef EC_KEY # undef EC_GROUP # undef EC_POINT +# undef EVP_PKEY #elif !defined(OPENSSL_HAS_ECC) # undef EC_KEY # undef EC_GROUP |