authfd.h revision 65668 
157429Smarkm/*
257429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi>
357429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
457429Smarkm *                    All rights reserved
557429Smarkm * Functions to interface with the SSH_AUTHENTICATION_FD socket.
660573Skris *
765668Skris * As far as I am concerned, the code I have written for this software
865668Skris * can be used freely for any purpose.  Any derived versions of this
965668Skris * software must be clearly marked as such, and if the derived work is
1065668Skris * incompatible with the protocol description in the RFC file, it must be
1165668Skris * called by a name other than "ssh" or "Secure Shell".
1257429Smarkm */
1357429Smarkm
1465668Skris/* RCSID("$OpenBSD: authfd.h,v 1.11 2000/09/07 20:27:49 deraadt Exp $"); */
1557429Smarkm
1657429Smarkm#ifndef AUTHFD_H
1757429Smarkm#define AUTHFD_H
1857429Smarkm
1957429Smarkm#include "buffer.h"
2057429Smarkm
2157429Smarkm/* Messages for the authentication agent connection. */
2257429Smarkm#define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
2357429Smarkm#define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
2457429Smarkm#define SSH_AGENTC_RSA_CHALLENGE		3
2557429Smarkm#define SSH_AGENT_RSA_RESPONSE			4
2657429Smarkm#define SSH_AGENT_FAILURE			5
2757429Smarkm#define SSH_AGENT_SUCCESS			6
2857429Smarkm#define SSH_AGENTC_ADD_RSA_IDENTITY		7
2957429Smarkm#define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
3057429Smarkm#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9
3157429Smarkm
3265668Skris#define SSH2_AGENTC_REQUEST_IDENTITIES		11
3365668Skris#define SSH2_AGENT_IDENTITIES_ANSWER		12
3465668Skris#define SSH2_AGENTC_SIGN_REQUEST		13
3565668Skris#define SSH2_AGENT_SIGN_RESPONSE		14
3665668Skris#define SSH2_AGENTC_ADD_IDENTITY		17
3765668Skris#define SSH2_AGENTC_REMOVE_IDENTITY		18
3865668Skris#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
3965668Skris
4057429Smarkmtypedef struct {
4157429Smarkm	int     fd;
4257429Smarkm	Buffer  identities;
4357429Smarkm	int     howmany;
4457429Smarkm}       AuthenticationConnection;
4565668Skris
4657429Smarkm/* Returns the number of the authentication fd, or -1 if there is none. */
4757429Smarkmint     ssh_get_authentication_socket();
4857429Smarkm
4957429Smarkm/*
5057429Smarkm * This should be called for any descriptor returned by
5157429Smarkm * ssh_get_authentication_socket().  Depending on the way the descriptor was
5257429Smarkm * obtained, this may close the descriptor.
5357429Smarkm */
5457429Smarkmvoid    ssh_close_authentication_socket(int authfd);
5557429Smarkm
5657429Smarkm/*
5757429Smarkm * Opens and connects a private socket for communication with the
5857429Smarkm * authentication agent.  Returns NULL if an error occurred and the
5957429Smarkm * connection could not be opened.  The connection should be closed by the
6057429Smarkm * caller by calling ssh_close_authentication_connection().
6157429Smarkm */
6257429SmarkmAuthenticationConnection *ssh_get_authentication_connection();
6357429Smarkm
6457429Smarkm/*
6557429Smarkm * Closes the connection to the authentication agent and frees any associated
6657429Smarkm * memory.
6757429Smarkm */
6865668Skrisvoid    ssh_close_authentication_connection(AuthenticationConnection *auth);
6957429Smarkm
7057429Smarkm/*
7165668Skris * Returns the first authentication identity held by the agent or NULL if
7265668Skris * no identies are available. Caller must free comment and key.
7365668Skris * Note that you cannot mix calls with different versions.
7457429Smarkm */
7565668SkrisKey	*ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version);
7657429Smarkm
7757429Smarkm/*
7857429Smarkm * Returns the next authentication identity for the agent.  Other functions
7957429Smarkm * can be called between this and ssh_get_first_identity or two calls of this
8065668Skris * function.  This returns NULL if there are no more identities.  The caller
8165668Skris * must free key and comment after a successful return.
8257429Smarkm */
8365668SkrisKey	*ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version);
8457429Smarkm
8565668Skris/*
8665668Skris * Requests the agent to decrypt the given challenge.  Returns true if the
8765668Skris * agent claims it was able to decrypt it.
8865668Skris */
8960573Skrisint
9065668Skrisssh_decrypt_challenge(AuthenticationConnection *auth,
9165668Skris    Key *key, BIGNUM * challenge,
9257429Smarkm    unsigned char session_id[16],
9357429Smarkm    unsigned int response_type,
9457429Smarkm    unsigned char response[16]);
9557429Smarkm
9665668Skris/* Requests the agent to sign data using key */
9765668Skrisint
9865668Skrisssh_agent_sign(AuthenticationConnection *auth,
9965668Skris    Key *key,
10065668Skris    unsigned char **sigp, int *lenp,
10165668Skris    unsigned char *data, int datalen);
10265668Skris
10357429Smarkm/*
10457429Smarkm * Adds an identity to the authentication server.  This call is not meant to
10557429Smarkm * be used by normal applications.  This returns true if the identity was
10657429Smarkm * successfully added.
10757429Smarkm */
10860573Skrisint
10965668Skrisssh_add_identity(AuthenticationConnection *auth, Key *key,
11057429Smarkm    const char *comment);
11157429Smarkm
11257429Smarkm/*
11357429Smarkm * Removes the identity from the authentication server.  This call is not
11457429Smarkm * meant to be used by normal applications.  This returns true if the
11557429Smarkm * identity was successfully added.
11657429Smarkm */
11765668Skrisint     ssh_remove_identity(AuthenticationConnection *auth, Key *key);
11857429Smarkm
11957429Smarkm/*
12057429Smarkm * Removes all identities from the authentication agent.  This call is not
12157429Smarkm * meant to be used by normal applications.  This returns true if the
12257429Smarkm * operation was successful.
12357429Smarkm */
12465668Skrisint     ssh_remove_all_identities(AuthenticationConnection *auth, int version);
12557429Smarkm
12657429Smarkm#endif				/* AUTHFD_H */
127