src: Implements PKCS11 URI support

Imports private and public keys from the engine via PKCS11 URIs. Uses
the imported keys to authenticate to the ssh server.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/pki.h

@@ -28,7 +28,9 @@
 #ifdef HAVE_OPENSSL_ECDSA_H
 #include <openssl/ecdsa.h>
 #endif
-
+#ifdef HAVE_LIBCRYPTO
+#include <openssl/evp.h>
+#endif
 #include "libssh/crypto.h"
 #ifdef HAVE_OPENSSL_ED25519
 /* If using OpenSSL implementation, define the signature lenght which would be
@@ -46,6 +48,7 @@
 #define SSH_KEY_FLAG_EMPTY   0x0
 #define SSH_KEY_FLAG_PUBLIC  0x0001
 #define SSH_KEY_FLAG_PRIVATE 0x0002
+#define SSH_KEY_FLAG_PKCS11_URI 0x0004
 
 struct ssh_key_struct {
     enum ssh_keytypes_e type;
@@ -63,6 +66,7 @@ struct ssh_key_struct {
 #elif defined(HAVE_LIBCRYPTO)
     DSA *dsa;
     RSA *rsa;
+    EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/
 # if defined(HAVE_OPENSSL_ECC)
     EC_KEY *ecdsa;
 # else

include/libssh/pki_priv.h

@@ -43,6 +43,12 @@ int bcrypt_pbkdf(const char *pass,
 /* Magic defined in OpenSSH/PROTOCOL.key */
 #define OPENSSH_AUTH_MAGIC      "openssh-key-v1"
 
+/* Determine type of ssh key. */
+enum ssh_key_e {
+  SSH_KEY_PUBLIC = 0,
+  SSH_KEY_PRIVATE
+};
+
 int pki_key_ecdsa_nid_from_name(const char *name);
 const char *pki_key_ecdsa_nid_to_name(int nid);
 const char *ssh_key_signature_to_char(enum ssh_keytypes_e type,
@@ -156,4 +162,7 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
 ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
         const char *passphrase, ssh_auth_callback auth_fn, void *auth_data);
 
+/* URI Function */
+int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type);
+
 #endif /* PKI_PRIV_H_ */