From 2a9c9f7272c1e8665155118fe6536bebdafb6166 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Sep 2019 08:34:19 +0000 Subject: upstream: sshsig: lightweight signature and verification ability for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@ OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb --- sshsig.h | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 sshsig.h (limited to 'sshsig.h') diff --git a/sshsig.h b/sshsig.h new file mode 100644 index 00000000..92c675e3 --- /dev/null +++ b/sshsig.h @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2019 Google LLC + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SSHSIG_H +#define SSHSIG_H + +struct sshbuf; +struct sshkey; + +typedef int sshsig_signer(struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int, void *); + +/* + * Creates a detached SSH signature for a given message. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + * out is populated with the detached signature, or NULL on failure. + */ +int sshsig_sign_message(struct sshkey *key, const char *hashalg, + const struct sshbuf *message, const char *sig_namespace, + struct sshbuf **out, sshsig_signer *signer, void *signer_ctx); + +/* + * Creates a detached SSH signature for a given file. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + * out is populated with the detached signature, or NULL on failure. + */ +int sshsig_sign_fd(struct sshkey *key, const char *hashalg, + int fd, const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx); + +/* + * Verifies that a detached signature is valid and optionally returns key + * used to sign via argument. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + */ +int sshsig_verify_message(struct sshbuf *signature, + const struct sshbuf *message, const char *sig_namespace, + struct sshkey **sign_keyp); + +/* + * Verifies that a detached signature over a file is valid and optionally + * returns key used to sign via argument. + * Returns 0 on success or a negative SSH_ERR_* error code on failure. + */ +int sshsig_verify_fd(struct sshbuf *signature, int fd, + const char *sig_namespace, struct sshkey **sign_keyp); + +/* + * Return a base64 encoded "ASCII armoured" version of a raw signature. + */ +int sshsig_armor(const struct sshbuf *blob, struct sshbuf **out); + +/* + * Decode a base64 encoded armoured signature to a raw signature. + */ +int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out); + +/* + * Checks whether a particular key/principal/namespace is permitted by + * an allowed_keys file. Returns 0 on success. + */ +int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, + const char *principal, const char *ns); + +#endif /* SSHSIG_H */ -- cgit v1.2.1