authfd.h revision 69587 
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 *                    All rights reserved
5 * Functions to interface with the SSH_AUTHENTICATION_FD socket.
6 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose.  Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
12 */
13
14/* RCSID("$OpenBSD: authfd.h,v 1.13 2000/10/09 21:51:00 markus Exp $"); */
15
16#ifndef AUTHFD_H
17#define AUTHFD_H
18
19#include "buffer.h"
20
21/* Messages for the authentication agent connection. */
22#define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
23#define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
24#define SSH_AGENTC_RSA_CHALLENGE		3
25#define SSH_AGENT_RSA_RESPONSE			4
26#define SSH_AGENT_FAILURE			5
27#define SSH_AGENT_SUCCESS			6
28#define SSH_AGENTC_ADD_RSA_IDENTITY		7
29#define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
30#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9
31
32/* private OpenSSH extensions for SSH2 */
33#define SSH2_AGENTC_REQUEST_IDENTITIES		11
34#define SSH2_AGENT_IDENTITIES_ANSWER		12
35#define SSH2_AGENTC_SIGN_REQUEST		13
36#define SSH2_AGENT_SIGN_RESPONSE		14
37#define SSH2_AGENTC_ADD_IDENTITY		17
38#define SSH2_AGENTC_REMOVE_IDENTITY		18
39#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
40
41/* additional error code for ssh.com's ssh-agent2 */
42#define SSH_COM_AGENT2_FAILURE                   102
43
44#define	SSH_AGENT_OLD_SIGNATURE			0x01
45
46
47typedef struct {
48	int     fd;
49	Buffer  identities;
50	int     howmany;
51}       AuthenticationConnection;
52
53/* Returns the number of the authentication fd, or -1 if there is none. */
54int     ssh_get_authentication_socket();
55
56/*
57 * This should be called for any descriptor returned by
58 * ssh_get_authentication_socket().  Depending on the way the descriptor was
59 * obtained, this may close the descriptor.
60 */
61void    ssh_close_authentication_socket(int authfd);
62
63/*
64 * Opens and connects a private socket for communication with the
65 * authentication agent.  Returns NULL if an error occurred and the
66 * connection could not be opened.  The connection should be closed by the
67 * caller by calling ssh_close_authentication_connection().
68 */
69AuthenticationConnection *ssh_get_authentication_connection();
70
71/*
72 * Closes the connection to the authentication agent and frees any associated
73 * memory.
74 */
75void    ssh_close_authentication_connection(AuthenticationConnection *auth);
76
77/*
78 * Returns the first authentication identity held by the agent or NULL if
79 * no identies are available. Caller must free comment and key.
80 * Note that you cannot mix calls with different versions.
81 */
82Key	*ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version);
83
84/*
85 * Returns the next authentication identity for the agent.  Other functions
86 * can be called between this and ssh_get_first_identity or two calls of this
87 * function.  This returns NULL if there are no more identities.  The caller
88 * must free key and comment after a successful return.
89 */
90Key	*ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version);
91
92/*
93 * Requests the agent to decrypt the given challenge.  Returns true if the
94 * agent claims it was able to decrypt it.
95 */
96int
97ssh_decrypt_challenge(AuthenticationConnection *auth,
98    Key *key, BIGNUM * challenge,
99    unsigned char session_id[16],
100    unsigned int response_type,
101    unsigned char response[16]);
102
103/* Requests the agent to sign data using key */
104int
105ssh_agent_sign(AuthenticationConnection *auth,
106    Key *key,
107    unsigned char **sigp, int *lenp,
108    unsigned char *data, int datalen);
109
110/*
111 * Adds an identity to the authentication server.  This call is not meant to
112 * be used by normal applications.  This returns true if the identity was
113 * successfully added.
114 */
115int
116ssh_add_identity(AuthenticationConnection *auth, Key *key,
117    const char *comment);
118
119/*
120 * Removes the identity from the authentication server.  This call is not
121 * meant to be used by normal applications.  This returns true if the
122 * identity was successfully added.
123 */
124int     ssh_remove_identity(AuthenticationConnection *auth, Key *key);
125
126/*
127 * Removes all identities from the authentication agent.  This call is not
128 * meant to be used by normal applications.  This returns true if the
129 * operation was successful.
130 */
131int     ssh_remove_all_identities(AuthenticationConnection *auth, int version);
132
133#endif				/* AUTHFD_H */
134