diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-09-03 08:34:19 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-09-03 18:40:23 +1000 |
commit | 2a9c9f7272c1e8665155118fe6536bebdafb6166 (patch) | |
tree | 177a8c032d9396249708e4a5cb65321d9250fdee /sshsig.h | |
parent | 5485f8d50a5bc46aeed829075ebf5d9c617027ea (diff) |
upstream: sshsig: lightweight signature and verification ability
for OpenSSH
This adds a simple manual signature scheme to OpenSSH.
Signatures can be made and verified using ssh-keygen -Y sign|verify
Signatures embed the key used to make them. At verification time, this
is matched via principal name against an authorized_keys-like list
of allowed signers.
Mostly by Sebastian Kinne w/ some tweaks by me
ok markus@
OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
Diffstat (limited to 'sshsig.h')
-rw-r--r-- | sshsig.h | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/sshsig.h b/sshsig.h new file mode 100644 index 00000000..92c675e3 --- /dev/null +++ b/sshsig.h @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2019 Google LLC + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SSHSIG_H +#define SSHSIG_H + +struct sshbuf; +struct sshkey; + +typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int, void *); + +/* + * Creates a detached SSH signature for a given message. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + * out is populated with the detached signature, or NULL on failure. + */ +int sshsig_sign_message(struct sshkey *key, const char *hashalg, + const struct sshbuf *message, const char *sig_namespace, + struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); + +/* + * Creates a detached SSH signature for a given file. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + * out is populated with the detached signature, or NULL on failure. + */ +int sshsig_sign_fd(struct sshkey *key, const char *hashalg, + int fd, const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx); + +/* + * Verifies that a detached signature is valid and optionally returns key + * used to sign via argument. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + */ +int sshsig_verify_message(struct sshbuf *signature, + const struct sshbuf *message, const char *sig_namespace, + struct sshkey **sign_keyp); + +/* + * Verifies that a detached signature over a file is valid and optionally + * returns key used to sign via argument. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + */ +int sshsig_verify_fd(struct sshbuf *signature, int fd, + const char *sig_namespace, struct sshkey **sign_keyp); + +/* + * Return a base64 encoded "ASCII armoured" version of a raw signature. + */ +int sshsig_armor(const struct sshbuf *blob, struct sshbuf **out); + +/* + * Decode a base64 encoded armoured signature to a raw signature. + */ +int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out); + +/* + * Checks whether a particular key/principal/namespace is permitted by + * an allowed_keys file. Returns 0 on success. + */ +int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, + const char *principal, const char *ns); + +#endif /* SSHSIG_H */ |