1296633Sdes/* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */
292555Sdes
357429Smarkm/*
457429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi>
557429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
657429Smarkm *                    All rights reserved
757429Smarkm * Functions to interface with the SSH_AUTHENTICATION_FD socket.
860573Skris *
965668Skris * As far as I am concerned, the code I have written for this software
1065668Skris * can be used freely for any purpose.  Any derived versions of this
1165668Skris * software must be clearly marked as such, and if the derived work is
1265668Skris * incompatible with the protocol description in the RFC file, it must be
1365668Skris * called by a name other than "ssh" or "Secure Shell".
1457429Smarkm */
1557429Smarkm
1657429Smarkm#ifndef AUTHFD_H
1757429Smarkm#define AUTHFD_H
1857429Smarkm
19294332Sdes/* List of identities returned by ssh_fetch_identitylist() */
20294332Sdesstruct ssh_identitylist {
21294332Sdes	size_t nkeys;
22294332Sdes	struct sshkey **keys;
23294332Sdes	char **comments;
24294332Sdes};
25294332Sdes
26294332Sdesint	ssh_get_authentication_socket(int *fdp);
27294332Sdesvoid	ssh_close_authentication_socket(int sock);
28294332Sdes
29294332Sdesint	ssh_lock_agent(int sock, int lock, const char *password);
30294332Sdesint	ssh_fetch_identitylist(int sock, int version,
31294332Sdes	    struct ssh_identitylist **idlp);
32294332Sdesvoid	ssh_free_identitylist(struct ssh_identitylist *idl);
33294332Sdesint	ssh_add_identity_constrained(int sock, struct sshkey *key,
34294332Sdes	    const char *comment, u_int life, u_int confirm);
35294332Sdesint	ssh_remove_identity(int sock, struct sshkey *key);
36294332Sdesint	ssh_update_card(int sock, int add, const char *reader_id,
37294332Sdes	    const char *pin, u_int life, u_int confirm);
38294332Sdesint	ssh_remove_all_identities(int sock, int version);
39294332Sdes
40294332Sdesint	ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge,
41294332Sdes	    u_char session_id[16], u_char response[16]);
42294332Sdesint	ssh_agent_sign(int sock, struct sshkey *key,
43294332Sdes	    u_char **sigp, size_t *lenp,
44296633Sdes	    const u_char *data, size_t datalen, const char *alg, u_int compat);
45294332Sdes
4657429Smarkm/* Messages for the authentication agent connection. */
4757429Smarkm#define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
4857429Smarkm#define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
4957429Smarkm#define SSH_AGENTC_RSA_CHALLENGE		3
5057429Smarkm#define SSH_AGENT_RSA_RESPONSE			4
5157429Smarkm#define SSH_AGENT_FAILURE			5
5257429Smarkm#define SSH_AGENT_SUCCESS			6
5357429Smarkm#define SSH_AGENTC_ADD_RSA_IDENTITY		7
5457429Smarkm#define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
5557429Smarkm#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9
5657429Smarkm
5769587Sgreen/* private OpenSSH extensions for SSH2 */
5865668Skris#define SSH2_AGENTC_REQUEST_IDENTITIES		11
5965668Skris#define SSH2_AGENT_IDENTITIES_ANSWER		12
6065668Skris#define SSH2_AGENTC_SIGN_REQUEST		13
6165668Skris#define SSH2_AGENT_SIGN_RESPONSE		14
6265668Skris#define SSH2_AGENTC_ADD_IDENTITY		17
6365668Skris#define SSH2_AGENTC_REMOVE_IDENTITY		18
6465668Skris#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19
6565668Skris
6692555Sdes/* smartcard */
6792555Sdes#define SSH_AGENTC_ADD_SMARTCARD_KEY		20
6898675Sdes#define SSH_AGENTC_REMOVE_SMARTCARD_KEY		21
6992555Sdes
7098675Sdes/* lock/unlock the agent */
7198675Sdes#define SSH_AGENTC_LOCK				22
7298675Sdes#define SSH_AGENTC_UNLOCK			23
7398675Sdes
7498675Sdes/* add key with constraints */
7598675Sdes#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED	24
7698675Sdes#define SSH2_AGENTC_ADD_ID_CONSTRAINED		25
77124208Sdes#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
7898675Sdes
7998675Sdes#define	SSH_AGENT_CONSTRAIN_LIFETIME		1
80113908Sdes#define	SSH_AGENT_CONSTRAIN_CONFIRM		2
8198675Sdes
8292555Sdes/* extended failure messages */
8392555Sdes#define SSH2_AGENT_FAILURE			30
8492555Sdes
8569587Sgreen/* additional error code for ssh.com's ssh-agent2 */
8698675Sdes#define SSH_COM_AGENT2_FAILURE			102
8769587Sgreen
8869587Sgreen#define	SSH_AGENT_OLD_SIGNATURE			0x01
89296633Sdes#define	SSH_AGENT_RSA_SHA2_256			0x02
90296633Sdes#define	SSH_AGENT_RSA_SHA2_512			0x04
9169587Sgreen
9257429Smarkm#endif				/* AUTHFD_H */
93