184959968Sderaadt /* 232f90fecSderaadt * Author: Tatu Ylonen <ylo@cs.hut.fi> 332f90fecSderaadt * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 432f90fecSderaadt * All rights reserved 532f90fecSderaadt * Functions to interface with the SSH_AUTHENTICATION_FD socket. 632f90fecSderaadt * 7607fba6cSderaadt * As far as I am concerned, the code I have written for this software 8607fba6cSderaadt * can be used freely for any purpose. Any derived versions of this 9607fba6cSderaadt * software must be clearly marked as such, and if the derived work is 10607fba6cSderaadt * incompatible with the protocol description in the RFC file, it must be 11607fba6cSderaadt * called by a name other than "ssh" or "Secure Shell". 1284959968Sderaadt */ 1384959968Sderaadt 14*10da3483Smarkus /* RCSID("$OpenBSD: authfd.h,v 1.13 2000/10/09 21:51:00 markus Exp $"); */ 1584959968Sderaadt 1684959968Sderaadt #ifndef AUTHFD_H 1784959968Sderaadt #define AUTHFD_H 1884959968Sderaadt 1984959968Sderaadt #include "buffer.h" 2084959968Sderaadt 2184959968Sderaadt /* Messages for the authentication agent connection. */ 2284959968Sderaadt #define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 2384959968Sderaadt #define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 2484959968Sderaadt #define SSH_AGENTC_RSA_CHALLENGE 3 2584959968Sderaadt #define SSH_AGENT_RSA_RESPONSE 4 2684959968Sderaadt #define SSH_AGENT_FAILURE 5 2784959968Sderaadt #define SSH_AGENT_SUCCESS 6 2884959968Sderaadt #define SSH_AGENTC_ADD_RSA_IDENTITY 7 2984959968Sderaadt #define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 3084959968Sderaadt #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 3184959968Sderaadt 32*10da3483Smarkus /* private OpenSSH extensions for SSH2 */ 333ad03657Smarkus #define SSH2_AGENTC_REQUEST_IDENTITIES 11 343ad03657Smarkus #define SSH2_AGENT_IDENTITIES_ANSWER 12 353ad03657Smarkus #define SSH2_AGENTC_SIGN_REQUEST 13 363ad03657Smarkus #define SSH2_AGENT_SIGN_RESPONSE 14 373ad03657Smarkus #define SSH2_AGENTC_ADD_IDENTITY 17 383ad03657Smarkus #define SSH2_AGENTC_REMOVE_IDENTITY 18 393ad03657Smarkus #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 403ad03657Smarkus 41*10da3483Smarkus /* additional error code for ssh.com's ssh-agent2 */ 42*10da3483Smarkus #define SSH_COM_AGENT2_FAILURE 102 43*10da3483Smarkus 441604b9adSmarkus #define SSH_AGENT_OLD_SIGNATURE 0x01 451604b9adSmarkus 461604b9adSmarkus 4732f90fecSderaadt typedef struct { 4884959968Sderaadt int fd; 4984959968Sderaadt Buffer identities; 5084959968Sderaadt int howmany; 5184959968Sderaadt } AuthenticationConnection; 527aabec31Smarkus 5384959968Sderaadt /* Returns the number of the authentication fd, or -1 if there is none. */ 5433fe18e4Smarkus int ssh_get_authentication_socket(); 5584959968Sderaadt 56bbc3e7c1Smarkus /* 57bbc3e7c1Smarkus * This should be called for any descriptor returned by 58bbc3e7c1Smarkus * ssh_get_authentication_socket(). Depending on the way the descriptor was 59bbc3e7c1Smarkus * obtained, this may close the descriptor. 60bbc3e7c1Smarkus */ 6184959968Sderaadt void ssh_close_authentication_socket(int authfd); 6284959968Sderaadt 63bbc3e7c1Smarkus /* 64bbc3e7c1Smarkus * Opens and connects a private socket for communication with the 65bbc3e7c1Smarkus * authentication agent. Returns NULL if an error occurred and the 66bbc3e7c1Smarkus * connection could not be opened. The connection should be closed by the 67bbc3e7c1Smarkus * caller by calling ssh_close_authentication_connection(). 68bbc3e7c1Smarkus */ 6984959968Sderaadt AuthenticationConnection *ssh_get_authentication_connection(); 7084959968Sderaadt 71bbc3e7c1Smarkus /* 72bbc3e7c1Smarkus * Closes the connection to the authentication agent and frees any associated 73bbc3e7c1Smarkus * memory. 74bbc3e7c1Smarkus */ 757aabec31Smarkus void ssh_close_authentication_connection(AuthenticationConnection *auth); 7684959968Sderaadt 77bbc3e7c1Smarkus /* 787aabec31Smarkus * Returns the first authentication identity held by the agent or NULL if 797aabec31Smarkus * no identies are available. Caller must free comment and key. 807aabec31Smarkus * Note that you cannot mix calls with different versions. 81bbc3e7c1Smarkus */ 827aabec31Smarkus Key *ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version); 8384959968Sderaadt 84bbc3e7c1Smarkus /* 85bbc3e7c1Smarkus * Returns the next authentication identity for the agent. Other functions 86bbc3e7c1Smarkus * can be called between this and ssh_get_first_identity or two calls of this 877aabec31Smarkus * function. This returns NULL if there are no more identities. The caller 887aabec31Smarkus * must free key and comment after a successful return. 897aabec31Smarkus */ 907aabec31Smarkus Key *ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version); 917aabec31Smarkus 927aabec31Smarkus /* 937aabec31Smarkus * Requests the agent to decrypt the given challenge. Returns true if the 947aabec31Smarkus * agent claims it was able to decrypt it. 95bbc3e7c1Smarkus */ 9632f90fecSderaadt int 9732f90fecSderaadt ssh_decrypt_challenge(AuthenticationConnection *auth, 987aabec31Smarkus Key *key, BIGNUM * challenge, 9984959968Sderaadt unsigned char session_id[16], 10084959968Sderaadt unsigned int response_type, 10184959968Sderaadt unsigned char response[16]); 10284959968Sderaadt 1037aabec31Smarkus /* Requests the agent to sign data using key */ 1047aabec31Smarkus int 1057aabec31Smarkus ssh_agent_sign(AuthenticationConnection *auth, 1067aabec31Smarkus Key *key, 1077aabec31Smarkus unsigned char **sigp, int *lenp, 1087aabec31Smarkus unsigned char *data, int datalen); 1097aabec31Smarkus 110bbc3e7c1Smarkus /* 111bbc3e7c1Smarkus * Adds an identity to the authentication server. This call is not meant to 112bbc3e7c1Smarkus * be used by normal applications. This returns true if the identity was 113bbc3e7c1Smarkus * successfully added. 114bbc3e7c1Smarkus */ 115bbc3e7c1Smarkus int 1167aabec31Smarkus ssh_add_identity(AuthenticationConnection *auth, Key *key, 117bbc3e7c1Smarkus const char *comment); 11884959968Sderaadt 119bbc3e7c1Smarkus /* 120bbc3e7c1Smarkus * Removes the identity from the authentication server. This call is not 121bbc3e7c1Smarkus * meant to be used by normal applications. This returns true if the 122bbc3e7c1Smarkus * identity was successfully added. 123bbc3e7c1Smarkus */ 1247aabec31Smarkus int ssh_remove_identity(AuthenticationConnection *auth, Key *key); 12584959968Sderaadt 126bbc3e7c1Smarkus /* 127bbc3e7c1Smarkus * Removes all identities from the authentication agent. This call is not 128bbc3e7c1Smarkus * meant to be used by normal applications. This returns true if the 129bbc3e7c1Smarkus * operation was successful. 130bbc3e7c1Smarkus */ 1317aabec31Smarkus int ssh_remove_all_identities(AuthenticationConnection *auth, int version); 13284959968Sderaadt 13384959968Sderaadt #endif /* AUTHFD_H */ 134