1 /*
2  * Dropbear - a SSH2 server
3  *
4  * Copyright (c) 2002,2003 Matt Johnston
5  * All rights reserved.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23  * SOFTWARE. */
24 
25 #ifndef DROPBEAR_SIGNKEY_H_
26 #define DROPBEAR_SIGNKEY_H_
27 
28 #include "buffer.h"
29 
30 /* Forward declarations */
31 struct dropbear_DSS_Key;
32 struct dropbear_RSA_Key;
33 struct dropbear_ED25519_Key;
34 
35 /* Must match with signature_type below */
36 enum signkey_type {
37 #if DROPBEAR_RSA
38 	DROPBEAR_SIGNKEY_RSA,
39 #endif
40 #if DROPBEAR_DSS
41 	DROPBEAR_SIGNKEY_DSS,
42 #endif
43 #if DROPBEAR_ECDSA
44 	DROPBEAR_SIGNKEY_ECDSA_NISTP256,
45 	DROPBEAR_SIGNKEY_ECDSA_NISTP384,
46 	DROPBEAR_SIGNKEY_ECDSA_NISTP521,
47 #endif /* DROPBEAR_ECDSA */
48 #if DROPBEAR_ED25519
49 	DROPBEAR_SIGNKEY_ED25519,
50 #endif
51 	DROPBEAR_SIGNKEY_NUM_NAMED,
52 	DROPBEAR_SIGNKEY_ECDSA_KEYGEN = 70, /* just "ecdsa" for keygen */
53 	DROPBEAR_SIGNKEY_ANY = 80,
54 	DROPBEAR_SIGNKEY_NONE = 90,
55 };
56 
57 /* Must match with signkey_type above, apart from rsa */
58 enum signature_type {
59 #if DROPBEAR_DSS
60 	DROPBEAR_SIGNATURE_DSS = DROPBEAR_SIGNKEY_DSS,
61 #endif
62 #if DROPBEAR_ECDSA
63 	DROPBEAR_SIGNATURE_ECDSA_NISTP256 = DROPBEAR_SIGNKEY_ECDSA_NISTP256,
64 	DROPBEAR_SIGNATURE_ECDSA_NISTP384 = DROPBEAR_SIGNKEY_ECDSA_NISTP384,
65 	DROPBEAR_SIGNATURE_ECDSA_NISTP521 = DROPBEAR_SIGNKEY_ECDSA_NISTP521,
66 #endif /* DROPBEAR_ECDSA */
67 #if DROPBEAR_ED25519
68 	DROPBEAR_SIGNATURE_ED25519 = DROPBEAR_SIGNKEY_ED25519,
69 #endif
70 #if DROPBEAR_RSA_SHA1
71 	DROPBEAR_SIGNATURE_RSA_SHA1 = 100, /* ssh-rsa signature (sha1) */
72 #endif
73 #if DROPBEAR_RSA_SHA256
74 	DROPBEAR_SIGNATURE_RSA_SHA256 = 101, /* rsa-sha2-256 signature. has a ssh-rsa key */
75 #endif
76 	DROPBEAR_SIGNATURE_NONE = DROPBEAR_SIGNKEY_NONE,
77 };
78 
79 
80 /* Sources for signing keys */
81 typedef enum {
82 	SIGNKEY_SOURCE_RAW_FILE,
83 	SIGNKEY_SOURCE_AGENT,
84 	SIGNKEY_SOURCE_INVALID,
85 } signkey_source;
86 
87 struct SIGN_key {
88 
89 	enum signkey_type type;
90 	signkey_source source;
91 	char *filename;
92 
93 #if DROPBEAR_DSS
94 	struct dropbear_DSS_Key * dsskey;
95 #endif
96 #if DROPBEAR_RSA
97 	struct dropbear_RSA_Key * rsakey;
98 #endif
99 #if DROPBEAR_ECDSA
100 #if DROPBEAR_ECC_256
101 	ecc_key * ecckey256;
102 #endif
103 #if DROPBEAR_ECC_384
104 	ecc_key * ecckey384;
105 #endif
106 #if DROPBEAR_ECC_521
107 	ecc_key * ecckey521;
108 #endif
109 #endif
110 #if DROPBEAR_ED25519
111 	struct dropbear_ED25519_Key * ed25519key;
112 #endif
113 };
114 
115 typedef struct SIGN_key sign_key;
116 
117 sign_key * new_sign_key(void);
118 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen);
119 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen);
120 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen);
121 enum signature_type signature_type_from_name(const char* name, unsigned int namelen);
122 enum signkey_type signkey_type_from_signature(enum signature_type sigtype);
123 enum signature_type signature_type_from_signkey(enum signkey_type keytype);
124 
125 int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type);
126 int buf_get_priv_key(buffer* buf, sign_key *key, enum signkey_type *type);
127 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type);
128 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type);
129 void sign_key_free(sign_key *key);
130 void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype, const buffer *data_buf);
131 #if DROPBEAR_SIGNKEY_VERIFY
132 int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, const buffer *data_buf);
133 char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen);
134 #endif
135 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
136 					const unsigned char* algoname, unsigned int algolen,
137 					const buffer * line, char ** fingerprint);
138 
139 void** signkey_key_ptr(sign_key *key, enum signkey_type type);
140 
141 #endif /* DROPBEAR_SIGNKEY_H_ */
142