X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=secnet.h;h=30a171d4da262160443b9029c1c137fe8f69e027;hb=ffbf811dd1b9e7f390ac2fa497e15764a87694ff;hp=84e732d88fd2c952d5cbf5ddd9069b79246f67a1;hpb=627bf9eb662972a9b2d923bfdeb6cc01ac249095;p=secnet.git diff --git a/secnet.h b/secnet.h index 84e732d..30a171d 100644 --- a/secnet.h +++ b/secnet.h @@ -45,6 +45,8 @@ #include +#include "osdep.h" + #define MAX_PEER_ADDRS 5 /* send at most this many copies; honour at most that many addresses */ @@ -402,7 +404,7 @@ struct sigscheme_info; typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, struct buffer_if *pubkeydata, struct sigpubkey_if **sigpub_r, - struct log_if *log); + struct log_if *log, struct cloc loc); /* pubkeydata is (supposedly) for this algorithm. * loadpub should log an error if it fails. * pubkeydata may be modified (but not freed) */ @@ -410,14 +412,14 @@ typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo, struct buffer_if *privkeydata, struct sigprivkey_if **sigpriv_r, - struct log_if *log); - /* privkeydata may contain data for any algorithm, not necessarily - * this one! If it is not for this algorithm, return False and do - * not log anything (other than at M_DEBUG). If it *is* for this - * algorithm but is wrong, log at M_ERROR. - * On entry privkeydata->base==start. loadpriv may modify base and - * size, but not anything else. So it may use unprepend and - * unappend. */ + struct log_if *log, struct cloc loc); + /* Ideally, check whether privkeydata contains data for any algorithm. + * That avoids security problems if a key file is misidentified (which + * might happen if the file is simply renamed). + * If there is an error (including that the key data is not for this + * algorithm, return False and log an error at M_ERROR. + * On entry privkeydata->base==start. loadpriv may modify + * privkeydata, including the contents. */ struct sigscheme_info { const char *name; @@ -429,6 +431,11 @@ struct sigscheme_info { extern const struct sigscheme_info rsa1_sigscheme; extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */ +const struct sigscheme_info *sigscheme_lookup(const char *name); + +extern sigscheme_loadpriv rsa1_loadpriv; +extern sigscheme_loadpub rsa1_loadpub; + /***** END of signature schemes *****/ /***** CLOSURE TYPES and interface definitions *****/