24 #include "libssh/priv.h" 25 #ifdef HAVE_OPENSSL_EC_H 26 #include <openssl/ec.h> 28 #ifdef HAVE_OPENSSL_ECDSA_H 29 #include <openssl/ecdsa.h> 32 #include "libssh/crypto.h" 33 #ifdef HAVE_OPENSSL_ED25519 36 #define ED25519_SIG_LEN 64 38 #include "libssh/ed25519.h" 41 #define ED25519_KEY_LEN 32 43 #define MAX_PUBKEY_SIZE 0x100000 44 #define MAX_PRIVKEY_SIZE 0x400000 46 #define SSH_KEY_FLAG_EMPTY 0x0 47 #define SSH_KEY_FLAG_PUBLIC 0x0001 48 #define SSH_KEY_FLAG_PRIVATE 0x0002 51 enum ssh_keytypes_e type;
55 #if defined(HAVE_LIBGCRYPT) 59 #elif defined(HAVE_LIBMBEDCRYPTO) 60 mbedtls_pk_context *rsa;
61 mbedtls_ecdsa_context *ecdsa;
63 #elif defined(HAVE_LIBCRYPTO) 66 # if defined(HAVE_OPENSSL_ECC) 72 #ifdef HAVE_OPENSSL_ED25519 73 uint8_t *ed25519_pubkey;
74 uint8_t *ed25519_privkey;
76 ed25519_pubkey *ed25519_pubkey;
77 ed25519_privkey *ed25519_privkey;
80 enum ssh_keytypes_e cert_type;
84 enum ssh_keytypes_e type;
85 enum ssh_digest_e hash_type;
87 #if defined(HAVE_LIBGCRYPT) 90 gcry_sexp_t ecdsa_sig;
91 #elif defined(HAVE_LIBMBEDCRYPTO) 93 struct mbedtls_ecdsa_sig ecdsa_sig;
95 #ifndef HAVE_OPENSSL_ED25519 96 ed25519_signature *ed25519_sig;
109 enum ssh_keytypes_e type);
113 enum ssh_keytypes_e type);
114 enum ssh_digest_e ssh_key_hash_from_name(
const char *name);
116 #define is_ecdsa_key_type(t) \ 117 ((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521) 119 #define is_cert_type(kt)\ 120 ((kt) == SSH_KEYTYPE_DSS_CERT01 ||\ 121 (kt) == SSH_KEYTYPE_RSA_CERT01 ||\ 122 ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\ 123 (kt) <= SSH_KEYTYPE_ED25519_CERT01)) 128 #define SSH_SIGNATURE_FREE(x) \ 129 do { ssh_signature_free(x); x = NULL; } while(0) 133 int ssh_pki_import_signature_blob(
const ssh_string sig_blob,
139 const unsigned char *digest,
143 int ssh_pki_export_pubkey_blob(
const ssh_key key,
145 int ssh_pki_import_pubkey_blob(
const ssh_string key_blob,
148 int ssh_pki_import_cert_blob(
const ssh_string cert_blob,
154 const ssh_key privatekey,
enum ssh_digest_e hash_type);
160 const enum ssh_digest_e digest);
enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name)
Convert a ssh key algorithm name to a ssh key algorithm type.
Definition: pki.c:491
enum ssh_digest_e ssh_key_type_to_hash(ssh_session session, enum ssh_keytypes_e type)
Convert a key type to a hash type. This is usually unambiguous for all the key types, unless the SHA2 extension (RFC 8332) is negotiated during key exchange.
Definition: pki.c:390
Definition: session.h:109
const char * ssh_key_get_signature_algorithm(ssh_session session, enum ssh_keytypes_e type)
Gets signature algorithm name to be used with the given key type.
Definition: pki.c:459
void ssh_key_clean(ssh_key key)
clean up the key and deallocate all existing keys
Definition: pki.c:140
int ssh_key_algorithm_allowed(ssh_session session, const char *type)
Checks the given key against the configured allowed public key algorithm types.
Definition: pki.c:347
enum ssh_keytypes_e ssh_key_type_plain(enum ssh_keytypes_e type)
Get the pubic key type corresponding to a certificate type.
Definition: pki.c:559