NetBSD/crypto/dist/ssh/key.h
itojun f9930e137b OpenSSH 3.6.1 as of 2003/4/3
* The 'kex guesses' bugfix from OpenSSH 3.6 triggers a bug
  in a few other SSH v2 implementations and causes connections to
  stall.  OpenSSH 3.6.1 disables this bugfix when interoperating
  with these implementations.
* RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1).
  in order to avoid potential timing attacks against the RSA keys.
  Older versions of OpenSSH have been using RSA blinding in
  ssh-keysign(1) only.
* ssh-agent(1) optionally requires user confirmation if a key gets
  used, see '-c' in ssh-add(1).
* sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation
  is enabled.
* sshd(8) now removes X11 cookies when a session gets closed.
* ssh-keysign(8) is disabled by default and only enabled if the
  new EnableSSHKeysign option is set in the global ssh_config(5)
  file.
* ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange
  guesses).
* ssh(1) no longer overwrites SIG_IGN.  This matches behaviour from
  rsh(1) and is used by backup tools.
* setting ProxyCommand to 'none' disables the proxy feature, see
  ssh_config(5).
* scp(1) supports add -1 and -2.
* scp(1) supports bandwidth limiting.
* sftp(1) displays a progressmeter.
* sftp(1) has improved error handling for scripting.
2003-04-03 05:57:11 +00:00

88 lines
2.7 KiB
C

/* $NetBSD: key.h,v 1.1.1.10 2003/04/03 05:57:23 itojun Exp $ */
/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef KEY_H
#define KEY_H
#include <openssl/rsa.h>
#include <openssl/dsa.h>
typedef struct Key Key;
enum types {
KEY_RSA1,
KEY_RSA,
KEY_DSA,
KEY_UNSPEC
};
enum fp_type {
SSH_FP_SHA1,
SSH_FP_MD5
};
enum fp_rep {
SSH_FP_HEX,
SSH_FP_BUBBLEBABBLE
};
/* key is stored in external hardware */
#define KEY_FLAG_EXT 0x0001
struct Key {
int type;
int flags;
RSA *rsa;
DSA *dsa;
};
Key *key_new(int);
Key *key_new_private(int);
void key_free(Key *);
Key *key_demote(Key *);
int key_equal(Key *, Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
char *key_type(Key *);
int key_write(Key *, FILE *);
int key_read(Key *, char **);
u_int key_size(Key *);
Key *key_generate(int, u_int);
Key *key_from_private(Key *);
int key_type_from_name(char *);
Key *key_from_blob(u_char *, int);
int key_to_blob(Key *, u_char **, u_int *);
char *key_ssh_name(Key *);
int key_names_valid2(const char *);
int key_sign(Key *, u_char **, u_int *, u_char *, u_int);
int key_verify(Key *, u_char *, u_int, u_char *, u_int);
int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
#endif