summaryrefslogtreecommitdiff
path: root/sshkey.h
Commit message (Collapse)AuthorAgeFilesLines
* upstream: refactor sshkey_private_deserializedjm@openbsd.org2022-10-281-1/+4
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* upstream: refactor sshkey_private_serialize_opt()djm@openbsd.org2022-10-281-1/+5
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_sign() and sshkey_verify()djm@openbsd.org2022-10-281-36/+7
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor sshkey_from_blob_internal()djm@openbsd.org2022-10-281-2/+8
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_from_private()djm@openbsd.org2022-10-281-1/+3
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: factor out key generationdjm@openbsd.org2022-10-281-1/+2
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: factor out public key serializationdjm@openbsd.org2022-10-281-1/+4
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: factor out sshkey_equal_public()djm@openbsd.org2022-10-281-1/+5
| | | | | | feedback/ok markus@ OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: begin big refactor of sshkeydjm@openbsd.org2022-10-281-1/+19
| | | | | | | | | | | Move keytype data and some of the type-specific code (allocation, cleanup, etc) out into each key type's implementation. Subsequent commits will move more, with the goal of having each key-*.c file owning as much of its keytype's implementation as possible. lots of feedback + ok markus@ OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: Add a sshkey_check_rsa_length() call for checking thedjm@openbsd.org2022-09-171-1/+2
| | | | | | length of an RSA key; ok markus@ OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a helper function to match a key type to a list ofdjm@openbsd.org2022-01-071-1/+5
| | | | | | | signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@ OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
* upstream: Let allowed signers files used by ssh-keygen(1)djm@openbsd.org2021-07-231-1/+3
| | | | | | | | signatures support key lifetimes, and allow the verification mode to specify a signature time to check at. This is intended for use by git to support signing objects using ssh keys. ok dtucker@ OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
* upstream: move check_host_cert() from sshconnect,c to sshkey.c anddjm@openbsd.org2021-01-261-2/+4
| | | | | | | | refactor it to make it more generally usable and testable. ok markus@ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
* upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.dtucker@openbsd.org2020-11-091-1/+3
| | | | | | | | The log calls are themselves now macros, and preprocessor directives inside macro arguments are undefined behaviour which some compilers (eg old GCCs) choke on. It also makes the code tidier. ok deraadt@ OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
* upstream: Adapt XMSS to new logging infrastructure. With markus@, okdtucker@openbsd.org2020-10-201-9/+4
| | | | | | djm@. OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-5/+6
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: add sshkey_parse_pubkey_from_private_fileblob_type()djm@openbsd.org2020-04-081-1/+3
| | | | | | | | | Extracts a public key from the unencrypted envelope of a new-style OpenSSH private key. ok markus@ OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa
* upstream: SK API and sk-helper error/PIN passingdjm@openbsd.org2019-12-301-9/+1
| | | | | | | | | | | | | Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@ OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71
* upstream: implement loading of resident keys in ssh-sk-helperdjm@openbsd.org2019-12-301-1/+2
| | | | | | feedback and ok markus@ OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a
* upstream: perform security key enrollment via ssh-sk-helper too.djm@openbsd.org2019-12-141-2/+6
| | | | | | | | | This means that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access; feedback & ok markus@ OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800
* upstream: use ssh-sk-helper for all security key signing operationsdjm@openbsd.org2019-12-141-1/+4
| | | | | | | | | | | This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@ OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
* upstream: Add new structure for signature optionsdjm@openbsd.org2019-11-251-4/+14
| | | | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
* upstream: fix shield/unshield for xmss keys: - in ssh-agent we needmarkus@openbsd.org2019-11-151-4/+5
| | | | | | | | to delay the call to shield until we have received key specific options. - when serializing xmss keys for shield we need to deal with all optional components (e.g. state might not be loaded). ok djm@ OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f
* upstream: enable ed25519 support; ok djmmarkus@openbsd.org2019-11-131-3/+4
| | | | OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
* upstream: implement ssh-ed25519-sk verification; ok djm@markus@openbsd.org2019-11-131-1/+6
| | | | OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6
* upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org2019-11-011-5/+6
| | | | | | | | | | | | | including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
* upstream: Initial infrastructure for U2F/FIDO supportdjm@openbsd.org2019-11-011-1/+18
| | | | | | | | | Key library support: including allocation, marshalling public/private keys and certificates, signature validation. feedback & ok markus@ OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7
* upstream: make get_sigtype public as sshkey_get_sigtype(); okdjm@openbsd.org2019-09-031-1/+2
| | | | | | markus@ OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
* upstream: support PKCS8 as an optional format for storage ofdjm@openbsd.org2019-07-151-2/+9
| | | | | | | | | | | | | | private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
* upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org2019-06-211-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
* upstream: add support for ECDSA keys in PKCS#11 tokensdjm@openbsd.org2019-01-211-1/+2
| | | | | | Work by markus@ and Pedro Martelletto, feedback and ok me@ OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424
* upstream: garbage-collect moribund ssh_new_private() API.djm@openbsd.org2018-09-141-2/+1
| | | | OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-131-4/+3
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* upstream: add sshkey_check_cert_sigtype() that checks adjm@openbsd.org2018-09-121-1/+2
| | | | | | cert->signature_type against a supplied whitelist; ok markus OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
* upstream: add cert->signature_type field and keep it in sync withdjm@openbsd.org2018-09-121-1/+2
| | | | | | certificate signature wrt loading and certification operations; ok markus@ OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
* upstream: some finesse to fix RSA-SHA2 certificate authenticationdjm@openbsd.org2018-07-031-1/+2
| | | | | | for certs hosted in ssh-agent OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
* upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org2018-07-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
* Check for attributes on prototype args.Darren Tucker2018-02-271-0/+4
| | | | | | Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) do not accept __attribute__ on function pointer prototype args. Check for this and hide them if they're not accepted.
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-1/+34
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream commitdjm@openbsd.org2017-12-191-3/+4
| | | | | | | | pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
* upstream commitdjm@openbsd.org2017-12-191-1/+2
| | | | | | | sshkey_sigtype() function to return the type of a signature; ok markus@ OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
* upstream commitdjm@openbsd.org2017-07-211-1/+4
| | | | | | | remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
* upstream commitdjm@openbsd.org2017-06-281-2/+8
| | | | | | | Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
* upstream commitdjm@openbsd.org2017-06-131-1/+2
| | | | | | missing prototype. Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9
* upstream commitdjm@openbsd.org2017-05-081-2/+2
| | | | | | | Refuse RSA keys <1024 bits in length. Improve reporting for keys that do not meet this requirement. ok markus@ Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
* upstream commitnaddy@openbsd.org2017-05-081-3/+1
| | | | | | remove miscellaneous SSH1 leftovers; ok markus@ Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
* upstream commitdjm@openbsd.org2017-05-011-2/+1
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitdjm@openbsd.org2017-03-101-2/+2
| | | | | | | | fix regression in 7.4 server-sig-algs, where we were accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno Goncalves; ok dtucker@ Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
* upstream commitdjm@openbsd.org2016-09-131-2/+2
| | | | | | | | list all supported signature algorithms in the server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) Ron Frederick; ok markus@ Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
* upstream commitdjm@openbsd.org2016-05-021-2/+2
| | | | | | | support SHA256 and SHA512 RSA signatures in certificates; ok markus@ Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
View Lorry Controller Status