19261079b7
Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
59 lines
1.8 KiB
C
59 lines
1.8 KiB
C
/* $OpenBSD: crypto_api.h,v 1.7 2021/01/08 02:33:13 dtucker Exp $ */
|
|
|
|
/*
|
|
* Assembled from generated headers and source files by Markus Friedl.
|
|
* Placed in the public domain.
|
|
*/
|
|
|
|
#ifndef crypto_api_h
|
|
#define crypto_api_h
|
|
|
|
#include "includes.h"
|
|
|
|
#ifdef HAVE_STDINT_H
|
|
# include <stdint.h>
|
|
#endif
|
|
#include <stdlib.h>
|
|
|
|
typedef int8_t crypto_int8;
|
|
typedef uint8_t crypto_uint8;
|
|
typedef int16_t crypto_int16;
|
|
typedef uint16_t crypto_uint16;
|
|
typedef int32_t crypto_int32;
|
|
typedef uint32_t crypto_uint32;
|
|
typedef int64_t crypto_int64;
|
|
typedef uint64_t crypto_uint64;
|
|
|
|
#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
|
|
#define small_random32() arc4random()
|
|
|
|
#define crypto_hash_sha512_BYTES 64U
|
|
|
|
int crypto_hash_sha512(unsigned char *, const unsigned char *,
|
|
unsigned long long);
|
|
|
|
int crypto_verify_32(const unsigned char *, const unsigned char *);
|
|
|
|
#define crypto_sign_ed25519_SECRETKEYBYTES 64U
|
|
#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
|
|
#define crypto_sign_ed25519_BYTES 64U
|
|
|
|
int crypto_sign_ed25519(unsigned char *, unsigned long long *,
|
|
const unsigned char *, unsigned long long, const unsigned char *);
|
|
int crypto_sign_ed25519_open(unsigned char *, unsigned long long *,
|
|
const unsigned char *, unsigned long long, const unsigned char *);
|
|
int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
|
|
|
|
#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158
|
|
#define crypto_kem_sntrup761_SECRETKEYBYTES 1763
|
|
#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039
|
|
#define crypto_kem_sntrup761_BYTES 32
|
|
|
|
int crypto_kem_sntrup761_enc(unsigned char *cstr, unsigned char *k,
|
|
const unsigned char *pk);
|
|
int crypto_kem_sntrup761_dec(unsigned char *k,
|
|
const unsigned char *cstr, const unsigned char *sk);
|
|
int crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);
|
|
|
|
#endif /* crypto_api_h */
|