xref: /freebsd/crypto/openssh/authfd.h (revision 2546665afcaf0d53dc2c7058fee96354b3680f5a) 
1 /*	$OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $	*/
2 
3 /*
4  * Author: Tatu Ylonen <ylo@cs.hut.fi>
5  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6  *                    All rights reserved
7  * Functions to interface with the SSH_AUTHENTICATION_FD socket.
8  *
9  * As far as I am concerned, the code I have written for this software
10  * can be used freely for any purpose.  Any derived versions of this
11  * software must be clearly marked as such, and if the derived work is
12  * incompatible with the protocol description in the RFC file, it must be
13  * called by a name other than "ssh" or "Secure Shell".
14  */
15 
16 #ifndef AUTHFD_H
17 #define AUTHFD_H
18 
19 #include "buffer.h"
20 
21 /* Messages for the authentication agent connection. */
22 #define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
23 #define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
24 #define SSH_AGENTC_RSA_CHALLENGE		3
25 #define SSH_AGENT_RSA_RESPONSE			4
26 #define SSH_AGENT_FAILURE			5
27 #define SSH_AGENT_SUCCESS			6
28 #define SSH_AGENTC_ADD_RSA_IDENTITY		7
29 #define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
30 #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9
31 
32 /* private OpenSSH extensions for SSH2 */
33 #define SSH2_AGENTC_REQUEST_IDENTITIES		11
34 #define SSH2_AGENT_IDENTITIES_ANSWER		12
35 #define SSH2_AGENTC_SIGN_REQUEST		13
36 #define SSH2_AGENT_SIGN_RESPONSE		14
37 #define SSH2_AGENTC_ADD_IDENTITY		17
38 #define SSH2_AGENTC_REMOVE_IDENTITY		18
39 #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
40 
41 /* smartcard */
42 #define SSH_AGENTC_ADD_SMARTCARD_KEY		20
43 #define SSH_AGENTC_REMOVE_SMARTCARD_KEY		21
44 
45 /* lock/unlock the agent */
46 #define SSH_AGENTC_LOCK				22
47 #define SSH_AGENTC_UNLOCK			23
48 
49 /* add key with constraints */
50 #define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED	24
51 #define SSH2_AGENTC_ADD_ID_CONSTRAINED		25
52 #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
53 
54 #define	SSH_AGENT_CONSTRAIN_LIFETIME		1
55 #define	SSH_AGENT_CONSTRAIN_CONFIRM		2
56 
57 /* extended failure messages */
58 #define SSH2_AGENT_FAILURE			30
59 
60 /* additional error code for ssh.com's ssh-agent2 */
61 #define SSH_COM_AGENT2_FAILURE			102
62 
63 #define	SSH_AGENT_OLD_SIGNATURE			0x01
64 
65 typedef struct {
66 	int	fd;
67 	Buffer	identities;
68 	int	howmany;
69 }	AuthenticationConnection;
70 
71 int	ssh_agent_present(void);
72 int	ssh_get_authentication_socket(void);
73 void	ssh_close_authentication_socket(int);
74 
75 AuthenticationConnection *ssh_get_authentication_connection(void);
76 void	ssh_close_authentication_connection(AuthenticationConnection *);
77 int	 ssh_get_num_identities(AuthenticationConnection *, int);
78 Key	*ssh_get_first_identity(AuthenticationConnection *, char **, int);
79 Key	*ssh_get_next_identity(AuthenticationConnection *, char **, int);
80 int	 ssh_add_identity(AuthenticationConnection *, Key *, const char *);
81 int	 ssh_add_identity_constrained(AuthenticationConnection *, Key *,
82     const char *, u_int, u_int);
83 int	 ssh_remove_identity(AuthenticationConnection *, Key *);
84 int	 ssh_remove_all_identities(AuthenticationConnection *, int);
85 int	 ssh_lock_agent(AuthenticationConnection *, int, const char *);
86 int	 ssh_update_card(AuthenticationConnection *, int, const char *,
87     const char *, u_int, u_int);
88 
89 int
90 ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
91     u_int, u_char[16]);
92 
93 int
94 ssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *,
95     u_int);
96 
97 #endif				/* AUTHFD_H */
98