xref: /openbsd/usr.bin/ssh/authfd.h (revision 006fce9f) 
1*006fce9fSdjm /*	$OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $	*/
2617bdbdbSstevesk 
384959968Sderaadt /*
432f90fecSderaadt  * Author: Tatu Ylonen <ylo@cs.hut.fi>
532f90fecSderaadt  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
632f90fecSderaadt  *                    All rights reserved
732f90fecSderaadt  * Functions to interface with the SSH_AUTHENTICATION_FD socket.
832f90fecSderaadt  *
9607fba6cSderaadt  * As far as I am concerned, the code I have written for this software
10607fba6cSderaadt  * can be used freely for any purpose.  Any derived versions of this
11607fba6cSderaadt  * software must be clearly marked as such, and if the derived work is
12607fba6cSderaadt  * incompatible with the protocol description in the RFC file, it must be
13607fba6cSderaadt  * called by a name other than "ssh" or "Secure Shell".
1484959968Sderaadt  */
1584959968Sderaadt 
1684959968Sderaadt #ifndef AUTHFD_H
1784959968Sderaadt #define AUTHFD_H
1884959968Sderaadt 
1984959968Sderaadt #include "buffer.h"
2084959968Sderaadt 
2184959968Sderaadt /* Messages for the authentication agent connection. */
2284959968Sderaadt #define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
2384959968Sderaadt #define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
2484959968Sderaadt #define SSH_AGENTC_RSA_CHALLENGE		3
2584959968Sderaadt #define SSH_AGENT_RSA_RESPONSE			4
2684959968Sderaadt #define SSH_AGENT_FAILURE			5
2784959968Sderaadt #define SSH_AGENT_SUCCESS			6
2884959968Sderaadt #define SSH_AGENTC_ADD_RSA_IDENTITY		7
2984959968Sderaadt #define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
3084959968Sderaadt #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9
3184959968Sderaadt 
3210da3483Smarkus /* private OpenSSH extensions for SSH2 */
333ad03657Smarkus #define SSH2_AGENTC_REQUEST_IDENTITIES		11
343ad03657Smarkus #define SSH2_AGENT_IDENTITIES_ANSWER		12
353ad03657Smarkus #define SSH2_AGENTC_SIGN_REQUEST		13
363ad03657Smarkus #define SSH2_AGENT_SIGN_RESPONSE		14
373ad03657Smarkus #define SSH2_AGENTC_ADD_IDENTITY		17
383ad03657Smarkus #define SSH2_AGENTC_REMOVE_IDENTITY		18
393ad03657Smarkus #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
403ad03657Smarkus 
4144986879Smarkus /* smartcard */
4244986879Smarkus #define SSH_AGENTC_ADD_SMARTCARD_KEY		20
4344986879Smarkus #define SSH_AGENTC_REMOVE_SMARTCARD_KEY		21
4444986879Smarkus 
45712b8fdeSmarkus /* lock/unlock the agent */
46712b8fdeSmarkus #define SSH_AGENTC_LOCK				22
47712b8fdeSmarkus #define SSH_AGENTC_UNLOCK			23
48712b8fdeSmarkus 
49e01d29b9Smarkus /* add key with constraints */
50e01d29b9Smarkus #define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED	24
51e01d29b9Smarkus #define SSH2_AGENTC_ADD_ID_CONSTRAINED		25
52*006fce9fSdjm #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
53d77f6525Smarkus 
54f5a3f9f6Smarkus #define	SSH_AGENT_CONSTRAIN_LIFETIME		1
5512af6642Smarkus #define	SSH_AGENT_CONSTRAIN_CONFIRM		2
56f9ca96dcSmarkus 
579b40274eSmarkus /* extended failure messages */
589b40274eSmarkus #define SSH2_AGENT_FAILURE			30
599b40274eSmarkus 
6010da3483Smarkus /* additional error code for ssh.com's ssh-agent2 */
6110da3483Smarkus #define SSH_COM_AGENT2_FAILURE			102
6210da3483Smarkus 
631604b9adSmarkus #define	SSH_AGENT_OLD_SIGNATURE			0x01
641604b9adSmarkus 
6532f90fecSderaadt typedef struct {
6684959968Sderaadt 	int	fd;
6784959968Sderaadt 	Buffer	identities;
6884959968Sderaadt 	int	howmany;
6984959968Sderaadt }	AuthenticationConnection;
707aabec31Smarkus 
7198d71954Sstevesk int	ssh_agent_present(void);
721829452dSmarkus int	ssh_get_authentication_socket(void);
7308d1172dSitojun void	ssh_close_authentication_socket(int);
7484959968Sderaadt 
751829452dSmarkus AuthenticationConnection *ssh_get_authentication_connection(void);
7608d1172dSitojun void	ssh_close_authentication_connection(AuthenticationConnection *);
7708d1172dSitojun int	 ssh_get_num_identities(AuthenticationConnection *, int);
7808d1172dSitojun Key	*ssh_get_first_identity(AuthenticationConnection *, char **, int);
7908d1172dSitojun Key	*ssh_get_next_identity(AuthenticationConnection *, char **, int);
80c1d304b2Smarkus int	 ssh_add_identity(AuthenticationConnection *, Key *, const char *);
8112af6642Smarkus int	 ssh_add_identity_constrained(AuthenticationConnection *, Key *,
8212af6642Smarkus     const char *, u_int, u_int);
83c1d304b2Smarkus int	 ssh_remove_identity(AuthenticationConnection *, Key *);
84c1d304b2Smarkus int	 ssh_remove_all_identities(AuthenticationConnection *, int);
85712b8fdeSmarkus int	 ssh_lock_agent(AuthenticationConnection *, int, const char *);
86*006fce9fSdjm int	 ssh_update_card(AuthenticationConnection *, int, const char *,
87*006fce9fSdjm     const char *, u_int, u_int);
887aabec31Smarkus 
8932f90fecSderaadt int
9008d1172dSitojun ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
9108d1172dSitojun     u_int, u_char[16]);
9284959968Sderaadt 
937aabec31Smarkus int
9446a655d6Smarkus ssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *,
9546a655d6Smarkus     u_int);
9644986879Smarkus 
9784959968Sderaadt #endif				/* AUTHFD_H */
98