From d637c4aee6f9b5280c13c020d7653444ac1fcaa5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Sep 2019 08:35:27 +0000 Subject: upstream: sshsig tweaks and improvements from and suggested by Markus ok markus/me OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9 --- sshsig.h | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'sshsig.h') diff --git a/sshsig.h b/sshsig.h index 92c675e3..fc1d607b 100644 --- a/sshsig.h +++ b/sshsig.h @@ -23,15 +23,28 @@ struct sshkey; typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, const u_char *, size_t, const char *, u_int, void *); +/* Buffer-oriented API */ + /* - * Creates a detached SSH signature for a given message. + * Creates a detached SSH signature for a given buffer. * Returns 0 on success or a negative SSH_ERR_* error code on failure. * out is populated with the detached signature, or NULL on failure. */ -int sshsig_sign_message(struct sshkey *key, const char *hashalg, +int sshsig_signb(struct sshkey *key, const char *hashalg, const struct sshbuf *message, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); +/* + * Verifies that a detached signature is valid and optionally returns key + * used to sign via argument. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + */ +int sshsig_verifyb(struct sshbuf *signature, + const struct sshbuf *message, const char *sig_namespace, + struct sshkey **sign_keyp); + +/* File/FD-oriented API */ + /* * Creates a detached SSH signature for a given file. * Returns 0 on success or a negative SSH_ERR_* error code on failure. @@ -41,15 +54,6 @@ int sshsig_sign_fd(struct sshkey *key, const char *hashalg, int fd, const char *sig_namespace, struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); -/* - * Verifies that a detached signature is valid and optionally returns key - * used to sign via argument. - * Returns 0 on success or a negative SSH_ERR_* error code on failure. - */ -int sshsig_verify_message(struct sshbuf *signature, - const struct sshbuf *message, const char *sig_namespace, - struct sshkey **sign_keyp); - /* * Verifies that a detached signature over a file is valid and optionally * returns key used to sign via argument. @@ -58,6 +62,8 @@ int sshsig_verify_message(struct sshbuf *signature, int sshsig_verify_fd(struct sshbuf *signature, int fd, const char *sig_namespace, struct sshkey **sign_keyp); +/* Utility functions */ + /* * Return a base64 encoded "ASCII armoured" version of a raw signature. */ -- cgit v1.2.3