1 /* 2 * ProFTPD - mod_sftp key mgmt (keys) 3 * Copyright (c) 2008-2020 TJ Saunders 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA. 18 * 19 * As a special exemption, TJ Saunders and other respective copyright holders 20 * give permission to link this program with OpenSSL, and distribute the 21 * resulting executable, without including the source code for OpenSSL in the 22 * source distribution. 23 */ 24 25 #ifndef MOD_SFTP_KEYS_H 26 #define MOD_SFTP_KEYS_H 27 28 #include "mod_sftp.h" 29 30 enum sftp_key_type_e { 31 SFTP_KEY_UNKNOWN = 0, 32 SFTP_KEY_DSA, 33 SFTP_KEY_RSA, 34 SFTP_KEY_ECDSA_256, 35 SFTP_KEY_ECDSA_384, 36 SFTP_KEY_ECDSA_521, 37 SFTP_KEY_ED25519, 38 SFTP_KEY_RSA_SHA256, 39 SFTP_KEY_RSA_SHA512 40 }; 41 42 /* Returns a string of colon-separated lowercase hex characters, representing 43 * the key "fingerprint" which has been run through the specified digest 44 * algorithm. 45 * 46 * As per draft-ietf-secsh-fingerprint-00, only MD5 fingerprints are currently 47 * supported. 48 */ 49 const char *sftp_keys_get_fingerprint(pool *, unsigned char *, uint32_t, int); 50 #define SFTP_KEYS_FP_DIGEST_MD5 1 51 #define SFTP_KEYS_FP_DIGEST_SHA1 2 52 #define SFTP_KEYS_FP_DIGEST_SHA256 3 53 54 void sftp_keys_free(void); 55 int sftp_keys_get_hostkey(pool *p, const char *); 56 const unsigned char *sftp_keys_get_hostkey_data(pool *, enum sftp_key_type_e, 57 uint32_t *); 58 void sftp_keys_get_passphrases(void); 59 int sftp_keys_set_passphrase_provider(const char *); 60 const unsigned char *sftp_keys_sign_data(pool *, enum sftp_key_type_e, 61 const unsigned char *, size_t, size_t *); 62 #ifdef PR_USE_OPENSSL_ECC 63 int sftp_keys_validate_ecdsa_params(const EC_GROUP *, const EC_POINT *); 64 #endif /* PR_USE_OPENSSL_ECC */ 65 int sftp_keys_verify_pubkey_type(pool *, unsigned char *, uint32_t, 66 enum sftp_key_type_e); 67 int sftp_keys_verify_signed_data(pool *, const char *, 68 unsigned char *, uint32_t, unsigned char *, uint32_t, 69 unsigned char *, size_t); 70 71 /* Sets minimum key sizes. */ 72 int sftp_keys_set_key_limits(int rsa_min, int dsa_min, int ec_min); 73 74 int sftp_keys_clear_dsa_hostkey(void); 75 int sftp_keys_clear_ecdsa_hostkey(void); 76 int sftp_keys_clear_ed25519_hostkey(void); 77 int sftp_keys_clear_rsa_hostkey(void); 78 int sftp_keys_have_dsa_hostkey(void); 79 int sftp_keys_have_ecdsa_hostkey(pool *, int **); 80 int sftp_keys_have_ed25519_hostkey(void); 81 int sftp_keys_have_rsa_hostkey(void); 82 83 #endif /* MOD_SFTP_KEYS_H */ 84