summaryrefslogtreecommitdiffstats
path: root/sshkey.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-10-31 22:15:14 +0100
committerDamien Miller <djm@mindrot.org>2019-10-31 23:46:08 +0100
commit02bb0768a937e50bbb236efc2bbdddb1991b1c85 (patch)
treed0a182540b8034345b20a49a09cbf90b234cad1c /sshkey.h
parentupstream: Protocol documentation for U2F/FIDO keys in OpenSSH (diff)
downloadopenssh-02bb0768a937e50bbb236efc2bbdddb1991b1c85.tar.xz
openssh-02bb0768a937e50bbb236efc2bbdddb1991b1c85.zip
upstream: Initial infrastructure for U2F/FIDO support
Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
Diffstat (limited to 'sshkey.h')
-rw-r--r--sshkey.h19
1 files changed, 18 insertions, 1 deletions
diff --git a/sshkey.h b/sshkey.h
index 1119a7b07..2edcb13ab 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.35 2019/10/31 21:15:14 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -65,6 +65,8 @@ enum sshkey_types {
KEY_ED25519_CERT,
KEY_XMSS,
KEY_XMSS_CERT,
+ KEY_ECDSA_SK,
+ KEY_ECDSA_SK_CERT,
KEY_UNSPEC
};
@@ -118,18 +120,30 @@ struct sshkey_cert {
struct sshkey {
int type;
int flags;
+ /* KEY_RSA */
RSA *rsa;
+ /* KEY_DSA */
DSA *dsa;
+ /* KEY_ECDSA and KEY_ECDSA_SK */
int ecdsa_nid; /* NID of curve */
EC_KEY *ecdsa;
+ /* KEY_ED25519 */
u_char *ed25519_sk;
u_char *ed25519_pk;
+ /* KEY_XMSS */
char *xmss_name;
char *xmss_filename; /* for state file updates */
void *xmss_state; /* depends on xmss_name, opaque */
u_char *xmss_sk;
u_char *xmss_pk;
+ /* KEY_ECDSA_SK */
+ char *sk_application;
+ uint8_t sk_flags;
+ struct sshbuf *sk_key_handle;
+ struct sshbuf *sk_reserved;
+ /* Certificates */
struct sshkey_cert *cert;
+ /* Private key shielding */
u_char *shielded_private;
size_t shielded_len;
u_char *shield_prekey;
@@ -268,6 +282,9 @@ int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
int ssh_ecdsa_verify(const struct sshkey *key,
const u_char *signature, size_t signaturelen,
const u_char *data, size_t datalen, u_int compat);
+int ssh_ecdsa_sk_verify(const struct sshkey *key,
+ const u_char *signature, size_t signaturelen,
+ const u_char *data, size_t datalen, u_int compat);
int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
const u_char *data, size_t datalen, u_int compat);
int ssh_ed25519_verify(const struct sshkey *key,