1*bc5531deSDag-Erling Smørgrav /* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */ 2*bc5531deSDag-Erling Smørgrav /* 3*bc5531deSDag-Erling Smørgrav * Copyright (c) 2012 Markus Friedl. All rights reserved. 4*bc5531deSDag-Erling Smørgrav * 5*bc5531deSDag-Erling Smørgrav * Permission to use, copy, modify, and distribute this software for any 6*bc5531deSDag-Erling Smørgrav * purpose with or without fee is hereby granted, provided that the above 7*bc5531deSDag-Erling Smørgrav * copyright notice and this permission notice appear in all copies. 8*bc5531deSDag-Erling Smørgrav * 9*bc5531deSDag-Erling Smørgrav * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10*bc5531deSDag-Erling Smørgrav * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11*bc5531deSDag-Erling Smørgrav * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12*bc5531deSDag-Erling Smørgrav * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13*bc5531deSDag-Erling Smørgrav * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14*bc5531deSDag-Erling Smørgrav * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15*bc5531deSDag-Erling Smørgrav * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16*bc5531deSDag-Erling Smørgrav */ 17*bc5531deSDag-Erling Smørgrav 18*bc5531deSDag-Erling Smørgrav #ifndef API_H 19*bc5531deSDag-Erling Smørgrav #define API_H 20*bc5531deSDag-Erling Smørgrav 21*bc5531deSDag-Erling Smørgrav #include <sys/types.h> 22*bc5531deSDag-Erling Smørgrav #include <signal.h> 23*bc5531deSDag-Erling Smørgrav 24*bc5531deSDag-Erling Smørgrav #include "openbsd-compat/sys-queue.h" 25*bc5531deSDag-Erling Smørgrav 26*bc5531deSDag-Erling Smørgrav #include "cipher.h" 27*bc5531deSDag-Erling Smørgrav #include "sshkey.h" 28*bc5531deSDag-Erling Smørgrav #include "kex.h" 29*bc5531deSDag-Erling Smørgrav #include "ssh.h" 30*bc5531deSDag-Erling Smørgrav #include "ssh2.h" 31*bc5531deSDag-Erling Smørgrav #include "packet.h" 32*bc5531deSDag-Erling Smørgrav 33*bc5531deSDag-Erling Smørgrav struct kex_params { 34*bc5531deSDag-Erling Smørgrav char *proposal[PROPOSAL_MAX]; 35*bc5531deSDag-Erling Smørgrav }; 36*bc5531deSDag-Erling Smørgrav 37*bc5531deSDag-Erling Smørgrav /* public SSH API functions */ 38*bc5531deSDag-Erling Smørgrav 39*bc5531deSDag-Erling Smørgrav /* 40*bc5531deSDag-Erling Smørgrav * ssh_init() create a ssh connection object with given (optional) 41*bc5531deSDag-Erling Smørgrav * key exchange parameters. 42*bc5531deSDag-Erling Smørgrav */ 43*bc5531deSDag-Erling Smørgrav int ssh_init(struct ssh **, int is_server, struct kex_params *kex_params); 44*bc5531deSDag-Erling Smørgrav 45*bc5531deSDag-Erling Smørgrav /* 46*bc5531deSDag-Erling Smørgrav * release ssh connection state. 47*bc5531deSDag-Erling Smørgrav */ 48*bc5531deSDag-Erling Smørgrav void ssh_free(struct ssh *); 49*bc5531deSDag-Erling Smørgrav 50*bc5531deSDag-Erling Smørgrav /* 51*bc5531deSDag-Erling Smørgrav * attach application specific data to the connection state 52*bc5531deSDag-Erling Smørgrav */ 53*bc5531deSDag-Erling Smørgrav void ssh_set_app_data(struct ssh *, void *); 54*bc5531deSDag-Erling Smørgrav void *ssh_get_app_data(struct ssh *); 55*bc5531deSDag-Erling Smørgrav 56*bc5531deSDag-Erling Smørgrav /* 57*bc5531deSDag-Erling Smørgrav * ssh_add_hostkey() registers a private/public hostkey for an ssh 58*bc5531deSDag-Erling Smørgrav * connection. 59*bc5531deSDag-Erling Smørgrav * ssh_add_hostkey() needs to be called before a key exchange is 60*bc5531deSDag-Erling Smørgrav * initiated with ssh_packet_next(). 61*bc5531deSDag-Erling Smørgrav * private hostkeys are required if we need to act as a server. 62*bc5531deSDag-Erling Smørgrav * public hostkeys are used to verify the servers hostkey. 63*bc5531deSDag-Erling Smørgrav */ 64*bc5531deSDag-Erling Smørgrav int ssh_add_hostkey(struct ssh *ssh, struct sshkey *key); 65*bc5531deSDag-Erling Smørgrav 66*bc5531deSDag-Erling Smørgrav /* 67*bc5531deSDag-Erling Smørgrav * ssh_set_verify_host_key_callback() registers a callback function 68*bc5531deSDag-Erling Smørgrav * which should be called instead of the default verification. The 69*bc5531deSDag-Erling Smørgrav * function given must return 0 if the hostkey is ok, -1 if the 70*bc5531deSDag-Erling Smørgrav * verification has failed. 71*bc5531deSDag-Erling Smørgrav */ 72*bc5531deSDag-Erling Smørgrav int ssh_set_verify_host_key_callback(struct ssh *ssh, 73*bc5531deSDag-Erling Smørgrav int (*cb)(struct sshkey *, struct ssh *)); 74*bc5531deSDag-Erling Smørgrav 75*bc5531deSDag-Erling Smørgrav /* 76*bc5531deSDag-Erling Smørgrav * ssh_packet_next() advances to the next input packet and returns 77*bc5531deSDag-Erling Smørgrav * the packet type in typep. 78*bc5531deSDag-Erling Smørgrav * ssh_packet_next() works by processing an input byte-stream, 79*bc5531deSDag-Erling Smørgrav * decrypting the received data and hiding the key-exchange from 80*bc5531deSDag-Erling Smørgrav * the caller. 81*bc5531deSDag-Erling Smørgrav * ssh_packet_next() sets typep if there is no new packet available. 82*bc5531deSDag-Erling Smørgrav * in this case the caller must fill the input byte-stream by passing 83*bc5531deSDag-Erling Smørgrav * the data received over network to ssh_input_append(). 84*bc5531deSDag-Erling Smørgrav * additinally, the caller needs to send the resulting output 85*bc5531deSDag-Erling Smørgrav * byte-stream back over the network. otherwise the key exchange 86*bc5531deSDag-Erling Smørgrav * would not proceed. the output byte-stream is accessed through 87*bc5531deSDag-Erling Smørgrav * ssh_output_ptr(). 88*bc5531deSDag-Erling Smørgrav */ 89*bc5531deSDag-Erling Smørgrav int ssh_packet_next(struct ssh *ssh, u_char *typep); 90*bc5531deSDag-Erling Smørgrav 91*bc5531deSDag-Erling Smørgrav /* 92*bc5531deSDag-Erling Smørgrav * ssh_packet_payload() returns a pointer to the raw payload data of 93*bc5531deSDag-Erling Smørgrav * the current input packet and the length of this payload. 94*bc5531deSDag-Erling Smørgrav * the payload is accessible until ssh_packet_next() is called again. 95*bc5531deSDag-Erling Smørgrav */ 96*bc5531deSDag-Erling Smørgrav const u_char *ssh_packet_payload(struct ssh *ssh, size_t *lenp); 97*bc5531deSDag-Erling Smørgrav 98*bc5531deSDag-Erling Smørgrav /* 99*bc5531deSDag-Erling Smørgrav * ssh_packet_put() creates an encrypted packet with the given type 100*bc5531deSDag-Erling Smørgrav * and payload. 101*bc5531deSDag-Erling Smørgrav * the encrypted packet is appended to the output byte-stream. 102*bc5531deSDag-Erling Smørgrav */ 103*bc5531deSDag-Erling Smørgrav int ssh_packet_put(struct ssh *ssh, int type, const u_char *data, 104*bc5531deSDag-Erling Smørgrav size_t len); 105*bc5531deSDag-Erling Smørgrav 106*bc5531deSDag-Erling Smørgrav /* 107*bc5531deSDag-Erling Smørgrav * ssh_input_space() checks if 'len' bytes can be appended to the 108*bc5531deSDag-Erling Smørgrav * input byte-stream. 109*bc5531deSDag-Erling Smørgrav */ 110*bc5531deSDag-Erling Smørgrav int ssh_input_space(struct ssh *ssh, size_t len); 111*bc5531deSDag-Erling Smørgrav 112*bc5531deSDag-Erling Smørgrav /* 113*bc5531deSDag-Erling Smørgrav * ssh_input_append() appends data to the input byte-stream. 114*bc5531deSDag-Erling Smørgrav */ 115*bc5531deSDag-Erling Smørgrav int ssh_input_append(struct ssh *ssh, const u_char *data, size_t len); 116*bc5531deSDag-Erling Smørgrav 117*bc5531deSDag-Erling Smørgrav /* 118*bc5531deSDag-Erling Smørgrav * ssh_output_space() checks if 'len' bytes can be appended to the 119*bc5531deSDag-Erling Smørgrav * output byte-stream. XXX 120*bc5531deSDag-Erling Smørgrav */ 121*bc5531deSDag-Erling Smørgrav int ssh_output_space(struct ssh *ssh, size_t len); 122*bc5531deSDag-Erling Smørgrav 123*bc5531deSDag-Erling Smørgrav /* 124*bc5531deSDag-Erling Smørgrav * ssh_output_ptr() retrieves both a pointer and the length of the 125*bc5531deSDag-Erling Smørgrav * current output byte-stream. the bytes need to be sent over the 126*bc5531deSDag-Erling Smørgrav * network. the number of bytes that have been successfully sent can 127*bc5531deSDag-Erling Smørgrav * be removed from the output byte-stream with ssh_output_consume(). 128*bc5531deSDag-Erling Smørgrav */ 129*bc5531deSDag-Erling Smørgrav const u_char *ssh_output_ptr(struct ssh *ssh, size_t *len); 130*bc5531deSDag-Erling Smørgrav 131*bc5531deSDag-Erling Smørgrav /* 132*bc5531deSDag-Erling Smørgrav * ssh_output_consume() removes the given number of bytes from 133*bc5531deSDag-Erling Smørgrav * the output byte-stream. 134*bc5531deSDag-Erling Smørgrav */ 135*bc5531deSDag-Erling Smørgrav int ssh_output_consume(struct ssh *ssh, size_t len); 136*bc5531deSDag-Erling Smørgrav 137*bc5531deSDag-Erling Smørgrav #endif 138