freebsd-nq/crypto/openssh/sshsig.h
Ed Maste 19261079b7 openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
  fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
  key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
  (RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
  support to provide address-space isolation for token middleware
  libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
  conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
  (e.g. "scp host-a:/path host-b:") to transfer through the local host
  by default.
- scp(1): experimental support for transfers using the SFTP protocol as
  a replacement for the venerable SCP/RCP protocol that it has
  traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by:	imp
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29985
2021-09-07 21:05:51 -04:00

108 lines
3.8 KiB
C

/* $OpenBSD: sshsig.h,v 1.10 2021/07/23 03:37:52 djm Exp $ */
/*
* Copyright (c) 2019 Google LLC
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef SSHSIG_H
#define SSHSIG_H
struct sshbuf;
struct sshkey;
struct sshsigopt;
struct sshkey_sig_details;
typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
const u_char *, size_t, const char *, const char *, const char *,
u_int, void *);
/* Buffer-oriented API */
/*
* Creates a detached SSH signature for a given buffer.
* Returns 0 on success or a negative SSH_ERR_* error code on failure.
* out is populated with the detached signature, or NULL on failure.
*/
int sshsig_signb(struct sshkey *key, const char *hashalg,
const char *sk_provider, const char *sk_pin, const struct sshbuf *message,
const char *sig_namespace, struct sshbuf **out,
sshsig_signer *signer, void *signer_ctx);
/*
* Verifies that a detached signature is valid and optionally returns key
* used to sign via argument.
* Returns 0 on success or a negative SSH_ERR_* error code on failure.
*/
int sshsig_verifyb(struct sshbuf *signature,
const struct sshbuf *message, const char *sig_namespace,
struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details);
/* File/FD-oriented API */
/*
* Creates a detached SSH signature for a given file.
* Returns 0 on success or a negative SSH_ERR_* error code on failure.
* out is populated with the detached signature, or NULL on failure.
*/
int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
const char *sk_provider, const char *sk_pin,
int fd, const char *sig_namespace,
struct sshbuf **out, sshsig_signer *signer, void *signer_ctx);
/*
* Verifies that a detached signature over a file is valid and optionally
* returns key used to sign via argument.
* Returns 0 on success or a negative SSH_ERR_* error code on failure.
*/
int sshsig_verify_fd(struct sshbuf *signature, int fd,
const char *sig_namespace, struct sshkey **sign_keyp,
struct sshkey_sig_details **sig_details);
/* Utility functions */
/*
* Return a base64 encoded "ASCII armoured" version of a raw signature.
*/
int sshsig_armor(const struct sshbuf *blob, struct sshbuf **out);
/*
* Decode a base64 encoded armoured signature to a raw signature.
*/
int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out);
/*
* Checks whether a particular key/principal/namespace is permitted by
* an allowed_keys file. Returns 0 on success.
*/
int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
const char *principal, const char *ns, uint64_t verify_time);
/* Parse zero or more allowed_keys signature options */
struct sshsigopt *sshsigopt_parse(const char *opts,
const char *path, u_long linenum, const char **errstrp);
/* Free signature options */
void sshsigopt_free(struct sshsigopt *opts);
/* Get public key from signature */
int sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey);
/* Find principal in allowed_keys file, given a sshkey. Returns
* 0 on success.
*/
int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
uint64_t verify_time, char **principal);
#endif /* SSHSIG_H */