xref: /dflybsd-src/crypto/openssh/ssh_api.h (revision 664f47636b7e6e9e2c54a4799ca4884a9c628df5) 
1*664f4763Szrj /* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */
2e9778795SPeter Avalos /*
3e9778795SPeter Avalos  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
4e9778795SPeter Avalos  *
5e9778795SPeter Avalos  * Permission to use, copy, modify, and distribute this software for any
6e9778795SPeter Avalos  * purpose with or without fee is hereby granted, provided that the above
7e9778795SPeter Avalos  * copyright notice and this permission notice appear in all copies.
8e9778795SPeter Avalos  *
9e9778795SPeter Avalos  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10e9778795SPeter Avalos  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11e9778795SPeter Avalos  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12e9778795SPeter Avalos  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13e9778795SPeter Avalos  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14e9778795SPeter Avalos  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15e9778795SPeter Avalos  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16e9778795SPeter Avalos  */
17e9778795SPeter Avalos 
18e9778795SPeter Avalos #ifndef API_H
19e9778795SPeter Avalos #define API_H
20e9778795SPeter Avalos 
21e9778795SPeter Avalos #include <sys/types.h>
22e9778795SPeter Avalos #include <signal.h>
23e9778795SPeter Avalos 
24e9778795SPeter Avalos #include "openbsd-compat/sys-queue.h"
25e9778795SPeter Avalos 
26e9778795SPeter Avalos #include "cipher.h"
27e9778795SPeter Avalos #include "sshkey.h"
28e9778795SPeter Avalos #include "kex.h"
29e9778795SPeter Avalos #include "ssh.h"
30e9778795SPeter Avalos #include "ssh2.h"
31e9778795SPeter Avalos #include "packet.h"
32e9778795SPeter Avalos 
33e9778795SPeter Avalos struct kex_params {
34e9778795SPeter Avalos 	char *proposal[PROPOSAL_MAX];
35e9778795SPeter Avalos };
36e9778795SPeter Avalos 
37e9778795SPeter Avalos /* public SSH API functions */
38e9778795SPeter Avalos 
39e9778795SPeter Avalos /*
40e9778795SPeter Avalos  * ssh_init() create a ssh connection object with given (optional)
41e9778795SPeter Avalos  * key exchange parameters.
42e9778795SPeter Avalos  */
43e9778795SPeter Avalos int	ssh_init(struct ssh **, int is_server, struct kex_params *kex_params);
44e9778795SPeter Avalos 
45e9778795SPeter Avalos /*
46e9778795SPeter Avalos  * release ssh connection state.
47e9778795SPeter Avalos  */
48e9778795SPeter Avalos void	ssh_free(struct ssh *);
49e9778795SPeter Avalos 
50e9778795SPeter Avalos /*
51e9778795SPeter Avalos  * attach application specific data to the connection state
52e9778795SPeter Avalos  */
53e9778795SPeter Avalos void	ssh_set_app_data(struct ssh *, void *);
54e9778795SPeter Avalos void	*ssh_get_app_data(struct ssh *);
55e9778795SPeter Avalos 
56e9778795SPeter Avalos /*
57e9778795SPeter Avalos  * ssh_add_hostkey() registers a private/public hostkey for an ssh
58e9778795SPeter Avalos  * connection.
59e9778795SPeter Avalos  * ssh_add_hostkey() needs to be called before a key exchange is
60e9778795SPeter Avalos  * initiated with ssh_packet_next().
61e9778795SPeter Avalos  * private hostkeys are required if we need to act as a server.
62e9778795SPeter Avalos  * public hostkeys are used to verify the servers hostkey.
63e9778795SPeter Avalos  */
64e9778795SPeter Avalos int	ssh_add_hostkey(struct ssh *ssh, struct sshkey *key);
65e9778795SPeter Avalos 
66e9778795SPeter Avalos /*
67e9778795SPeter Avalos  * ssh_set_verify_host_key_callback() registers a callback function
68e9778795SPeter Avalos  * which should be called instead of the default verification. The
69e9778795SPeter Avalos  * function given must return 0 if the hostkey is ok, -1 if the
70e9778795SPeter Avalos  * verification has failed.
71e9778795SPeter Avalos  */
72e9778795SPeter Avalos int	ssh_set_verify_host_key_callback(struct ssh *ssh,
73e9778795SPeter Avalos     int (*cb)(struct sshkey *, struct ssh *));
74e9778795SPeter Avalos 
75e9778795SPeter Avalos /*
76e9778795SPeter Avalos  * ssh_packet_next() advances to the next input packet and returns
77e9778795SPeter Avalos  * the packet type in typep.
78e9778795SPeter Avalos  * ssh_packet_next() works by processing an input byte-stream,
79e9778795SPeter Avalos  * decrypting the received data and hiding the key-exchange from
80e9778795SPeter Avalos  * the caller.
81e9778795SPeter Avalos  * ssh_packet_next() sets typep if there is no new packet available.
82e9778795SPeter Avalos  * in this case the caller must fill the input byte-stream by passing
83e9778795SPeter Avalos  * the data received over network to ssh_input_append().
84*664f4763Szrj  * additionally, the caller needs to send the resulting output
85e9778795SPeter Avalos  * byte-stream back over the network. otherwise the key exchange
86e9778795SPeter Avalos  * would not proceed. the output byte-stream is accessed through
87e9778795SPeter Avalos  * ssh_output_ptr().
88e9778795SPeter Avalos  */
89e9778795SPeter Avalos int	ssh_packet_next(struct ssh *ssh, u_char *typep);
90e9778795SPeter Avalos 
91e9778795SPeter Avalos /*
92e9778795SPeter Avalos  * ssh_packet_payload() returns a pointer to the raw payload data of
93e9778795SPeter Avalos  * the current input packet and the length of this payload.
94e9778795SPeter Avalos  * the payload is accessible until ssh_packet_next() is called again.
95e9778795SPeter Avalos  */
96e9778795SPeter Avalos const u_char	*ssh_packet_payload(struct ssh *ssh, size_t *lenp);
97e9778795SPeter Avalos 
98e9778795SPeter Avalos /*
99e9778795SPeter Avalos  * ssh_packet_put() creates an encrypted packet with the given type
100e9778795SPeter Avalos  * and payload.
101e9778795SPeter Avalos  * the encrypted packet is appended to the output byte-stream.
102e9778795SPeter Avalos  */
103e9778795SPeter Avalos int	ssh_packet_put(struct ssh *ssh, int type, const u_char *data,
104e9778795SPeter Avalos     size_t len);
105e9778795SPeter Avalos 
106e9778795SPeter Avalos /*
107e9778795SPeter Avalos  * ssh_input_space() checks if 'len' bytes can be appended to the
108e9778795SPeter Avalos  * input byte-stream.
109e9778795SPeter Avalos  */
110e9778795SPeter Avalos int	ssh_input_space(struct ssh *ssh, size_t len);
111e9778795SPeter Avalos 
112e9778795SPeter Avalos /*
113e9778795SPeter Avalos  * ssh_input_append() appends data to the input byte-stream.
114e9778795SPeter Avalos  */
115e9778795SPeter Avalos int	ssh_input_append(struct ssh *ssh, const u_char *data, size_t len);
116e9778795SPeter Avalos 
117e9778795SPeter Avalos /*
118e9778795SPeter Avalos  * ssh_output_space() checks if 'len' bytes can be appended to the
119e9778795SPeter Avalos  * output byte-stream. XXX
120e9778795SPeter Avalos  */
121e9778795SPeter Avalos int	ssh_output_space(struct ssh *ssh, size_t len);
122e9778795SPeter Avalos 
123e9778795SPeter Avalos /*
124e9778795SPeter Avalos  * ssh_output_ptr() retrieves both a pointer and the length of the
125e9778795SPeter Avalos  * current output byte-stream. the bytes need to be sent over the
126e9778795SPeter Avalos  * network. the number of bytes that have been successfully sent can
127e9778795SPeter Avalos  * be removed from the output byte-stream with ssh_output_consume().
128e9778795SPeter Avalos  */
129e9778795SPeter Avalos const u_char	*ssh_output_ptr(struct ssh *ssh, size_t *len);
130e9778795SPeter Avalos 
131e9778795SPeter Avalos /*
132e9778795SPeter Avalos  * ssh_output_consume() removes the given number of bytes from
133e9778795SPeter Avalos  * the output byte-stream.
134e9778795SPeter Avalos  */
135e9778795SPeter Avalos int	ssh_output_consume(struct ssh *ssh, size_t len);
136e9778795SPeter Avalos 
137e9778795SPeter Avalos #endif
138