xref: /netbsd/crypto/external/bsd/openssh/dist/authfd.h (revision 6550d01e) 
1 /*	$NetBSD: authfd.h,v 1.3 2010/11/21 18:29:48 adam Exp $	*/
2 /* $OpenBSD: authfd.h,v 1.37 2009/08/27 17:44:52 djm Exp $ */
3 
4 /*
5  * Author: Tatu Ylonen <ylo@cs.hut.fi>
6  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7  *                    All rights reserved
8  * Functions to interface with the SSH_AUTHENTICATION_FD socket.
9  *
10  * As far as I am concerned, the code I have written for this software
11  * can be used freely for any purpose.  Any derived versions of this
12  * software must be clearly marked as such, and if the derived work is
13  * incompatible with the protocol description in the RFC file, it must be
14  * called by a name other than "ssh" or "Secure Shell".
15  */
16 
17 #ifndef AUTHFD_H
18 #define AUTHFD_H
19 
20 /* Messages for the authentication agent connection. */
21 #define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
22 #define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
23 #define SSH_AGENTC_RSA_CHALLENGE		3
24 #define SSH_AGENT_RSA_RESPONSE			4
25 #define SSH_AGENT_FAILURE			5
26 #define SSH_AGENT_SUCCESS			6
27 #define SSH_AGENTC_ADD_RSA_IDENTITY		7
28 #define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
29 #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9
30 
31 /* private OpenSSH extensions for SSH2 */
32 #define SSH2_AGENTC_REQUEST_IDENTITIES		11
33 #define SSH2_AGENT_IDENTITIES_ANSWER		12
34 #define SSH2_AGENTC_SIGN_REQUEST		13
35 #define SSH2_AGENT_SIGN_RESPONSE		14
36 #define SSH2_AGENTC_ADD_IDENTITY		17
37 #define SSH2_AGENTC_REMOVE_IDENTITY		18
38 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
39 
40 /* smartcard */
41 #define SSH_AGENTC_ADD_SMARTCARD_KEY		20
42 #define SSH_AGENTC_REMOVE_SMARTCARD_KEY		21
43 
44 /* lock/unlock the agent */
45 #define SSH_AGENTC_LOCK				22
46 #define SSH_AGENTC_UNLOCK			23
47 
48 /* add key with constraints */
49 #define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED	24
50 #define SSH2_AGENTC_ADD_ID_CONSTRAINED		25
51 #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
52 
53 #define	SSH_AGENT_CONSTRAIN_LIFETIME		1
54 #define	SSH_AGENT_CONSTRAIN_CONFIRM		2
55 
56 /* extended failure messages */
57 #define SSH2_AGENT_FAILURE			30
58 
59 /* additional error code for ssh.com's ssh-agent2 */
60 #define SSH_COM_AGENT2_FAILURE			102
61 
62 #define	SSH_AGENT_OLD_SIGNATURE			0x01
63 
64 typedef struct {
65 	int	fd;
66 	Buffer	identities;
67 	int	howmany;
68 }	AuthenticationConnection;
69 
70 int	ssh_agent_present(void);
71 int	ssh_get_authentication_socket(void);
72 void	ssh_close_authentication_socket(int);
73 
74 AuthenticationConnection *ssh_get_authentication_connection(void);
75 void	ssh_close_authentication_connection(AuthenticationConnection *);
76 int	 ssh_get_num_identities(AuthenticationConnection *, int);
77 Key	*ssh_get_first_identity(AuthenticationConnection *, char **, int);
78 Key	*ssh_get_next_identity(AuthenticationConnection *, char **, int);
79 int	 ssh_add_identity_constrained(AuthenticationConnection *, Key *,
80     const char *, u_int, u_int);
81 int	 ssh_remove_identity(AuthenticationConnection *, Key *);
82 int	 ssh_remove_all_identities(AuthenticationConnection *, int);
83 int	 ssh_lock_agent(AuthenticationConnection *, int, const char *);
84 int	 ssh_update_card(AuthenticationConnection *, int, const char *,
85     const char *, u_int, u_int);
86 
87 int
88 ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
89     u_int, u_char[16]);
90 
91 int
92 ssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *,
93     u_int);
94 
95 #endif				/* AUTHFD_H */
96