authfd.h revision 126274
1169689Skan/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */ 2169689Skan 3169689Skan/* 4169689Skan * Author: Tatu Ylonen <ylo@cs.hut.fi> 5169689Skan * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6169689Skan * All rights reserved 7169689Skan * Functions to interface with the SSH_AUTHENTICATION_FD socket. 8169689Skan * 9169689Skan * As far as I am concerned, the code I have written for this software 10169689Skan * can be used freely for any purpose. Any derived versions of this 11169689Skan * software must be clearly marked as such, and if the derived work is 12169689Skan * incompatible with the protocol description in the RFC file, it must be 13169689Skan * called by a name other than "ssh" or "Secure Shell". 14169689Skan */ 15169689Skan 16169689Skan#ifndef AUTHFD_H 17169689Skan#define AUTHFD_H 18169689Skan 19169689Skan#include "buffer.h" 20169689Skan 21169689Skan/* Messages for the authentication agent connection. */ 22169689Skan#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 23169689Skan#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 24169689Skan#define SSH_AGENTC_RSA_CHALLENGE 3 25169689Skan#define SSH_AGENT_RSA_RESPONSE 4 26169689Skan#define SSH_AGENT_FAILURE 5 27169689Skan#define SSH_AGENT_SUCCESS 6 28169689Skan#define SSH_AGENTC_ADD_RSA_IDENTITY 7 29169689Skan#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 30169689Skan#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 31169689Skan 32169689Skan/* private OpenSSH extensions for SSH2 */ 33169689Skan#define SSH2_AGENTC_REQUEST_IDENTITIES 11 34169689Skan#define SSH2_AGENT_IDENTITIES_ANSWER 12 35169689Skan#define SSH2_AGENTC_SIGN_REQUEST 13 36169689Skan#define SSH2_AGENT_SIGN_RESPONSE 14 37169689Skan#define SSH2_AGENTC_ADD_IDENTITY 17 38169689Skan#define SSH2_AGENTC_REMOVE_IDENTITY 18 39169689Skan#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 40169689Skan 41169689Skan/* smartcard */ 42169689Skan#define SSH_AGENTC_ADD_SMARTCARD_KEY 20 43169689Skan#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 44169689Skan 45169689Skan/* lock/unlock the agent */ 46169689Skan#define SSH_AGENTC_LOCK 22 47169689Skan#define SSH_AGENTC_UNLOCK 23 48169689Skan 49169689Skan/* add key with constraints */ 50169689Skan#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 51169689Skan#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 52169689Skan#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 53169689Skan 54169689Skan#define SSH_AGENT_CONSTRAIN_LIFETIME 1 55169689Skan#define SSH_AGENT_CONSTRAIN_CONFIRM 2 56169689Skan 57169689Skan/* extended failure messages */ 58169689Skan#define SSH2_AGENT_FAILURE 30 59169689Skan 60169689Skan/* additional error code for ssh.com's ssh-agent2 */ 61169689Skan#define SSH_COM_AGENT2_FAILURE 102 62169689Skan 63169689Skan#define SSH_AGENT_OLD_SIGNATURE 0x01 64169689Skan 65169689Skantypedef struct { 66169689Skan int fd; 67169689Skan Buffer identities; 68169689Skan int howmany; 69169689Skan} AuthenticationConnection; 70169689Skan 71169689Skanint ssh_agent_present(void); 72169689Skanint ssh_get_authentication_socket(void); 73169689Skanvoid ssh_close_authentication_socket(int); 74169689Skan 75169689SkanAuthenticationConnection *ssh_get_authentication_connection(void); 76169689Skanvoid ssh_close_authentication_connection(AuthenticationConnection *); 77169689Skanint ssh_get_num_identities(AuthenticationConnection *, int); 78169689SkanKey *ssh_get_first_identity(AuthenticationConnection *, char **, int); 79169689SkanKey *ssh_get_next_identity(AuthenticationConnection *, char **, int); 80169689Skanint ssh_add_identity(AuthenticationConnection *, Key *, const char *); 81169689Skanint ssh_add_identity_constrained(AuthenticationConnection *, Key *, 82169689Skan const char *, u_int, u_int); 83169689Skanint ssh_remove_identity(AuthenticationConnection *, Key *); 84169689Skanint ssh_remove_all_identities(AuthenticationConnection *, int); 85169689Skanint ssh_lock_agent(AuthenticationConnection *, int, const char *); 86169689Skanint ssh_update_card(AuthenticationConnection *, int, const char *, 87169689Skan const char *, u_int, u_int); 88169689Skan 89169689Skanint 90169689Skanssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], 91169689Skan u_int, u_char[16]); 92169689Skan 93169689Skanint 94169689Skanssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *, 95169689Skan u_int); 96169689Skan 97169689Skan#endif /* AUTHFD_H */ 98169689Skan