1*190cef3dSDag-Erling Smørgrav /* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */ 2bc5531deSDag-Erling Smørgrav /* 3bc5531deSDag-Erling Smørgrav * Copyright (c) 2012 Markus Friedl. All rights reserved. 4bc5531deSDag-Erling Smørgrav * 5bc5531deSDag-Erling Smørgrav * Permission to use, copy, modify, and distribute this software for any 6bc5531deSDag-Erling Smørgrav * purpose with or without fee is hereby granted, provided that the above 7bc5531deSDag-Erling Smørgrav * copyright notice and this permission notice appear in all copies. 8bc5531deSDag-Erling Smørgrav * 9bc5531deSDag-Erling Smørgrav * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10bc5531deSDag-Erling Smørgrav * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11bc5531deSDag-Erling Smørgrav * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12bc5531deSDag-Erling Smørgrav * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13bc5531deSDag-Erling Smørgrav * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14bc5531deSDag-Erling Smørgrav * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15bc5531deSDag-Erling Smørgrav * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16bc5531deSDag-Erling Smørgrav */ 17bc5531deSDag-Erling Smørgrav 18bc5531deSDag-Erling Smørgrav #ifndef API_H 19bc5531deSDag-Erling Smørgrav #define API_H 20bc5531deSDag-Erling Smørgrav 21bc5531deSDag-Erling Smørgrav #include <sys/types.h> 22bc5531deSDag-Erling Smørgrav #include <signal.h> 23bc5531deSDag-Erling Smørgrav 24bc5531deSDag-Erling Smørgrav #include "openbsd-compat/sys-queue.h" 25bc5531deSDag-Erling Smørgrav 26bc5531deSDag-Erling Smørgrav #include "cipher.h" 27bc5531deSDag-Erling Smørgrav #include "sshkey.h" 28bc5531deSDag-Erling Smørgrav #include "kex.h" 29bc5531deSDag-Erling Smørgrav #include "ssh.h" 30bc5531deSDag-Erling Smørgrav #include "ssh2.h" 31bc5531deSDag-Erling Smørgrav #include "packet.h" 32bc5531deSDag-Erling Smørgrav 33bc5531deSDag-Erling Smørgrav struct kex_params { 34bc5531deSDag-Erling Smørgrav char *proposal[PROPOSAL_MAX]; 35bc5531deSDag-Erling Smørgrav }; 36bc5531deSDag-Erling Smørgrav 37bc5531deSDag-Erling Smørgrav /* public SSH API functions */ 38bc5531deSDag-Erling Smørgrav 39bc5531deSDag-Erling Smørgrav /* 40bc5531deSDag-Erling Smørgrav * ssh_init() create a ssh connection object with given (optional) 41bc5531deSDag-Erling Smørgrav * key exchange parameters. 42bc5531deSDag-Erling Smørgrav */ 43bc5531deSDag-Erling Smørgrav int ssh_init(struct ssh **, int is_server, struct kex_params *kex_params); 44bc5531deSDag-Erling Smørgrav 45bc5531deSDag-Erling Smørgrav /* 46bc5531deSDag-Erling Smørgrav * release ssh connection state. 47bc5531deSDag-Erling Smørgrav */ 48bc5531deSDag-Erling Smørgrav void ssh_free(struct ssh *); 49bc5531deSDag-Erling Smørgrav 50bc5531deSDag-Erling Smørgrav /* 51bc5531deSDag-Erling Smørgrav * attach application specific data to the connection state 52bc5531deSDag-Erling Smørgrav */ 53bc5531deSDag-Erling Smørgrav void ssh_set_app_data(struct ssh *, void *); 54bc5531deSDag-Erling Smørgrav void *ssh_get_app_data(struct ssh *); 55bc5531deSDag-Erling Smørgrav 56bc5531deSDag-Erling Smørgrav /* 57bc5531deSDag-Erling Smørgrav * ssh_add_hostkey() registers a private/public hostkey for an ssh 58bc5531deSDag-Erling Smørgrav * connection. 59bc5531deSDag-Erling Smørgrav * ssh_add_hostkey() needs to be called before a key exchange is 60bc5531deSDag-Erling Smørgrav * initiated with ssh_packet_next(). 61bc5531deSDag-Erling Smørgrav * private hostkeys are required if we need to act as a server. 62bc5531deSDag-Erling Smørgrav * public hostkeys are used to verify the servers hostkey. 63bc5531deSDag-Erling Smørgrav */ 64bc5531deSDag-Erling Smørgrav int ssh_add_hostkey(struct ssh *ssh, struct sshkey *key); 65bc5531deSDag-Erling Smørgrav 66bc5531deSDag-Erling Smørgrav /* 67bc5531deSDag-Erling Smørgrav * ssh_set_verify_host_key_callback() registers a callback function 68bc5531deSDag-Erling Smørgrav * which should be called instead of the default verification. The 69bc5531deSDag-Erling Smørgrav * function given must return 0 if the hostkey is ok, -1 if the 70bc5531deSDag-Erling Smørgrav * verification has failed. 71bc5531deSDag-Erling Smørgrav */ 72bc5531deSDag-Erling Smørgrav int ssh_set_verify_host_key_callback(struct ssh *ssh, 73bc5531deSDag-Erling Smørgrav int (*cb)(struct sshkey *, struct ssh *)); 74bc5531deSDag-Erling Smørgrav 75bc5531deSDag-Erling Smørgrav /* 76bc5531deSDag-Erling Smørgrav * ssh_packet_next() advances to the next input packet and returns 77bc5531deSDag-Erling Smørgrav * the packet type in typep. 78bc5531deSDag-Erling Smørgrav * ssh_packet_next() works by processing an input byte-stream, 79bc5531deSDag-Erling Smørgrav * decrypting the received data and hiding the key-exchange from 80bc5531deSDag-Erling Smørgrav * the caller. 81bc5531deSDag-Erling Smørgrav * ssh_packet_next() sets typep if there is no new packet available. 82bc5531deSDag-Erling Smørgrav * in this case the caller must fill the input byte-stream by passing 83bc5531deSDag-Erling Smørgrav * the data received over network to ssh_input_append(). 84*190cef3dSDag-Erling Smørgrav * additionally, the caller needs to send the resulting output 85bc5531deSDag-Erling Smørgrav * byte-stream back over the network. otherwise the key exchange 86bc5531deSDag-Erling Smørgrav * would not proceed. the output byte-stream is accessed through 87bc5531deSDag-Erling Smørgrav * ssh_output_ptr(). 88bc5531deSDag-Erling Smørgrav */ 89bc5531deSDag-Erling Smørgrav int ssh_packet_next(struct ssh *ssh, u_char *typep); 90bc5531deSDag-Erling Smørgrav 91bc5531deSDag-Erling Smørgrav /* 92bc5531deSDag-Erling Smørgrav * ssh_packet_payload() returns a pointer to the raw payload data of 93bc5531deSDag-Erling Smørgrav * the current input packet and the length of this payload. 94bc5531deSDag-Erling Smørgrav * the payload is accessible until ssh_packet_next() is called again. 95bc5531deSDag-Erling Smørgrav */ 96bc5531deSDag-Erling Smørgrav const u_char *ssh_packet_payload(struct ssh *ssh, size_t *lenp); 97bc5531deSDag-Erling Smørgrav 98bc5531deSDag-Erling Smørgrav /* 99bc5531deSDag-Erling Smørgrav * ssh_packet_put() creates an encrypted packet with the given type 100bc5531deSDag-Erling Smørgrav * and payload. 101bc5531deSDag-Erling Smørgrav * the encrypted packet is appended to the output byte-stream. 102bc5531deSDag-Erling Smørgrav */ 103bc5531deSDag-Erling Smørgrav int ssh_packet_put(struct ssh *ssh, int type, const u_char *data, 104bc5531deSDag-Erling Smørgrav size_t len); 105bc5531deSDag-Erling Smørgrav 106bc5531deSDag-Erling Smørgrav /* 107bc5531deSDag-Erling Smørgrav * ssh_input_space() checks if 'len' bytes can be appended to the 108bc5531deSDag-Erling Smørgrav * input byte-stream. 109bc5531deSDag-Erling Smørgrav */ 110bc5531deSDag-Erling Smørgrav int ssh_input_space(struct ssh *ssh, size_t len); 111bc5531deSDag-Erling Smørgrav 112bc5531deSDag-Erling Smørgrav /* 113bc5531deSDag-Erling Smørgrav * ssh_input_append() appends data to the input byte-stream. 114bc5531deSDag-Erling Smørgrav */ 115bc5531deSDag-Erling Smørgrav int ssh_input_append(struct ssh *ssh, const u_char *data, size_t len); 116bc5531deSDag-Erling Smørgrav 117bc5531deSDag-Erling Smørgrav /* 118bc5531deSDag-Erling Smørgrav * ssh_output_space() checks if 'len' bytes can be appended to the 119bc5531deSDag-Erling Smørgrav * output byte-stream. XXX 120bc5531deSDag-Erling Smørgrav */ 121bc5531deSDag-Erling Smørgrav int ssh_output_space(struct ssh *ssh, size_t len); 122bc5531deSDag-Erling Smørgrav 123bc5531deSDag-Erling Smørgrav /* 124bc5531deSDag-Erling Smørgrav * ssh_output_ptr() retrieves both a pointer and the length of the 125bc5531deSDag-Erling Smørgrav * current output byte-stream. the bytes need to be sent over the 126bc5531deSDag-Erling Smørgrav * network. the number of bytes that have been successfully sent can 127bc5531deSDag-Erling Smørgrav * be removed from the output byte-stream with ssh_output_consume(). 128bc5531deSDag-Erling Smørgrav */ 129bc5531deSDag-Erling Smørgrav const u_char *ssh_output_ptr(struct ssh *ssh, size_t *len); 130bc5531deSDag-Erling Smørgrav 131bc5531deSDag-Erling Smørgrav /* 132bc5531deSDag-Erling Smørgrav * ssh_output_consume() removes the given number of bytes from 133bc5531deSDag-Erling Smørgrav * the output byte-stream. 134bc5531deSDag-Erling Smørgrav */ 135bc5531deSDag-Erling Smørgrav int ssh_output_consume(struct ssh *ssh, size_t len); 136bc5531deSDag-Erling Smørgrav 137bc5531deSDag-Erling Smørgrav #endif 138