diff options
author | Sahana Prasad <sahana@redhat.com> | 2019-12-18 22:53:04 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-12-20 16:17:33 +0100 |
commit | 4ea09256f67c381bed44af54d8cbfa42d81df314 (patch) | |
tree | e458deb1590de6e003739c59c2c91d0c2c5eefd4 /include | |
parent | 6bf4ada240f3ea28db00f5b48ae3c9ab6fc5c3d8 (diff) | |
download | libssh-4ea09256f67c381bed44af54d8cbfa42d81df314.tar.gz libssh-4ea09256f67c381bed44af54d8cbfa42d81df314.tar.xz libssh-4ea09256f67c381bed44af54d8cbfa42d81df314.zip |
src: Implements PKCS11 URI support
Imports private and public keys from the engine via PKCS11 URIs. Uses
the imported keys to authenticate to the ssh server.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/libssh/pki.h | 6 | ||||
-rw-r--r-- | include/libssh/pki_priv.h | 9 |
2 files changed, 14 insertions, 1 deletions
diff --git a/include/libssh/pki.h b/include/libssh/pki.h index fa0a81e6..ec0ce9af 100644 --- a/include/libssh/pki.h +++ b/include/libssh/pki.h @@ -28,7 +28,9 @@ #ifdef HAVE_OPENSSL_ECDSA_H #include <openssl/ecdsa.h> #endif - +#ifdef HAVE_LIBCRYPTO +#include <openssl/evp.h> +#endif #include "libssh/crypto.h" #ifdef HAVE_OPENSSL_ED25519 /* If using OpenSSL implementation, define the signature lenght which would be @@ -46,6 +48,7 @@ #define SSH_KEY_FLAG_EMPTY 0x0 #define SSH_KEY_FLAG_PUBLIC 0x0001 #define SSH_KEY_FLAG_PRIVATE 0x0002 +#define SSH_KEY_FLAG_PKCS11_URI 0x0004 struct ssh_key_struct { enum ssh_keytypes_e type; @@ -63,6 +66,7 @@ struct ssh_key_struct { #elif defined(HAVE_LIBCRYPTO) DSA *dsa; RSA *rsa; + EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/ # if defined(HAVE_OPENSSL_ECC) EC_KEY *ecdsa; # else diff --git a/include/libssh/pki_priv.h b/include/libssh/pki_priv.h index d365a2dd..71418fdc 100644 --- a/include/libssh/pki_priv.h +++ b/include/libssh/pki_priv.h @@ -43,6 +43,12 @@ int bcrypt_pbkdf(const char *pass, /* Magic defined in OpenSSH/PROTOCOL.key */ #define OPENSSH_AUTH_MAGIC "openssh-key-v1" +/* Determine type of ssh key. */ +enum ssh_key_e { + SSH_KEY_PUBLIC = 0, + SSH_KEY_PRIVATE +}; + int pki_key_ecdsa_nid_from_name(const char *name); const char *pki_key_ecdsa_nid_to_name(int nid); const char *ssh_key_signature_to_char(enum ssh_keytypes_e type, @@ -156,4 +162,7 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key, ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, const char *passphrase, ssh_auth_callback auth_fn, void *auth_data); +/* URI Function */ +int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type); + #endif /* PKI_PRIV_H_ */ |