Add support for reading authorized_keys files

This also changes the requirements when calling `ecc_find_curve()` that
the `cu` argument can be NULL.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

doc/crypt.tex

@@ -7504,6 +7504,39 @@ \subsection{De- and Encoding with Multiple Argument Lists}
 
 
 
+\subsection{OpenSSH authorized\_keys files}
+
+\index{authorized\_keys}
+\index{ssh\_read\_authorized\_keys\_filehandle}
+\index{ssh\_read\_authorized\_keys}
+OpenSSH uses a simple storage format for public keys, which stores a public key per line in a regular text file.
+To process such a file the following API can be used.
+
+\begin{verbatim}
+int ssh_read_authorized_keys_filehandle(FILE *f,
+                                        ssh_authorized_key_cb cb, void *ctx);
+int ssh_read_authorized_keys(const void *buf, unsigned long len,
+                             ssh_authorized_key_cb cb, void *ctx);
+\end{verbatim}
+
+\index{ssh\_authorized\_key\_cb}
+For each key found in the file the callback as described below will be called.
+
+\begin{verbatim}
+/**
+   Callback function for each key in an `authorized_keys` file.
+
+   This function takes ownership of the `k` parameter passed.
+   `k` must be free'd by calling `pka_key_destroy(&k)`.
+
+   @param k        Pointer to the PKA key.
+   @param comment  Pointer to a string with the comment.
+   @param ctx      The `ctx` pointer as passed to the read function.
+*/
+typedef int (*ssh_authorized_key_cb)(ltc_pka_key *k, const char *comment, void *ctx);
+\end{verbatim}
+
+
 
 \mysection{PEM Files}
 \index{PEM}

src/headers/tomcrypt_misc.h

@@ -160,16 +160,36 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
 #endif  /* LTC_PADDING */
 
 #ifdef LTC_PEM
-int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
+/* Buffer-based API */
 int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx);
-
-int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
 int pem_decode_pkcs(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx);
 
 #ifdef LTC_SSH
-int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
+/**
+   Callback function for each key in an `authorized_keys` file.
+
+   This function takes ownership of the `k` parameter passed.
+   `k` must be free'd by calling `pka_key_destroy(&k)`.
+
+   @param k        Pointer to the PKA key.
+   @param comment  Pointer to a string with the comment.
+   @param ctx      The `ctx` pointer as passed to the read function.
+*/
+typedef int (*ssh_authorized_key_cb)(ltc_pka_key *k, const char *comment, void *ctx);
+
 int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, const password_ctx *pw_ctx);
-#endif
+int ssh_read_authorized_keys(const void *buf, unsigned long len, ssh_authorized_key_cb cb, void *ctx);
+#endif /* LTC_SSH */
+
+/* FILE*-based API */
+#ifndef LTC_NO_FILE
+int pem_decode_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
+int pem_decode_pkcs_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
+#ifdef LTC_SSH
+int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, const password_ctx *pw_ctx);
+int ssh_read_authorized_keys_filehandle(FILE *f, ssh_authorized_key_cb cb, void *ctx);
+#endif /* LTC_SSH */
+#endif /* LTC_NO_FILE */
 
 #endif /* LTC_PEM */
 

src/headers/tomcrypt_pk.h

@@ -554,6 +554,7 @@ typedef struct {
 } ltc_pka_key;
 
 void pka_key_free(ltc_pka_key *key);
+void pka_key_destroy(ltc_pka_key **key);
 
 #ifdef LTC_DER
 /* DER handling */