xref: /netbsd-src/crypto/external/bsd/openssh/dist/ssh_api.h (revision 55a4608bfb28648b44e8cc45a62c0d0da8dfb163) 
1*55a4608bSchristos /*	$NetBSD: ssh_api.h,v 1.5 2018/08/26 07:46:36 christos Exp $	*/
2*55a4608bSchristos /* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */
3*55a4608bSchristos 
4e161120fSchristos /*
5e161120fSchristos  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
6e161120fSchristos  *
7e161120fSchristos  * Permission to use, copy, modify, and distribute this software for any
8e161120fSchristos  * purpose with or without fee is hereby granted, provided that the above
9e161120fSchristos  * copyright notice and this permission notice appear in all copies.
10e161120fSchristos  *
11e161120fSchristos  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12e161120fSchristos  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13e161120fSchristos  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14e161120fSchristos  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15e161120fSchristos  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16e161120fSchristos  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17e161120fSchristos  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18e161120fSchristos  */
19e161120fSchristos 
20e161120fSchristos #ifndef API_H
21e161120fSchristos #define API_H
22e161120fSchristos 
23e161120fSchristos #include <sys/queue.h>
24e161120fSchristos #include <sys/types.h>
25e161120fSchristos #include <signal.h>
26e161120fSchristos 
27e161120fSchristos #include "cipher.h"
28e161120fSchristos #include "sshkey.h"
29e161120fSchristos #include "kex.h"
30e161120fSchristos #include "ssh.h"
31e161120fSchristos #include "ssh2.h"
32e161120fSchristos #include "packet.h"
33e161120fSchristos 
34e161120fSchristos struct kex_params {
35e161120fSchristos 	char *proposal[PROPOSAL_MAX];
36e161120fSchristos };
37e161120fSchristos 
38e161120fSchristos /* public SSH API functions */
39e161120fSchristos 
40e161120fSchristos /*
41e161120fSchristos  * ssh_init() create a ssh connection object with given (optional)
42e161120fSchristos  * key exchange parameters.
43e161120fSchristos  */
44e161120fSchristos int	ssh_init(struct ssh **, int is_server, struct kex_params *kex_params);
45e161120fSchristos 
46e161120fSchristos /*
47e161120fSchristos  * release ssh connection state.
48e161120fSchristos  */
49e161120fSchristos void	ssh_free(struct ssh *);
50e161120fSchristos 
51e161120fSchristos /*
52e161120fSchristos  * attach application specific data to the connection state
53e161120fSchristos  */
54e161120fSchristos void	ssh_set_app_data(struct ssh *, void *);
55e161120fSchristos void	*ssh_get_app_data(struct ssh *);
56e161120fSchristos 
57e161120fSchristos /*
58e161120fSchristos  * ssh_add_hostkey() registers a private/public hostkey for an ssh
59e161120fSchristos  * connection.
60e161120fSchristos  * ssh_add_hostkey() needs to be called before a key exchange is
61e161120fSchristos  * initiated with ssh_packet_next().
62e161120fSchristos  * private hostkeys are required if we need to act as a server.
63e161120fSchristos  * public hostkeys are used to verify the servers hostkey.
64e161120fSchristos  */
65e161120fSchristos int	ssh_add_hostkey(struct ssh *ssh, struct sshkey *key);
66e161120fSchristos 
67e161120fSchristos /*
68e161120fSchristos  * ssh_set_verify_host_key_callback() registers a callback function
69e161120fSchristos  * which should be called instead of the default verification. The
70e161120fSchristos  * function given must return 0 if the hostkey is ok, -1 if the
71e161120fSchristos  * verification has failed.
72e161120fSchristos  */
73e161120fSchristos int	ssh_set_verify_host_key_callback(struct ssh *ssh,
74e161120fSchristos     int (*cb)(struct sshkey *, struct ssh *));
75e161120fSchristos 
76e161120fSchristos /*
77e161120fSchristos  * ssh_packet_next() advances to the next input packet and returns
78e161120fSchristos  * the packet type in typep.
79e161120fSchristos  * ssh_packet_next() works by processing an input byte-stream,
80e161120fSchristos  * decrypting the received data and hiding the key-exchange from
81e161120fSchristos  * the caller.
82e161120fSchristos  * ssh_packet_next() sets typep if there is no new packet available.
83e161120fSchristos  * in this case the caller must fill the input byte-stream by passing
84e161120fSchristos  * the data received over network to ssh_input_append().
85*55a4608bSchristos  * additionally, the caller needs to send the resulting output
86e161120fSchristos  * byte-stream back over the network. otherwise the key exchange
87e161120fSchristos  * would not proceed. the output byte-stream is accessed through
88e161120fSchristos  * ssh_output_ptr().
89e161120fSchristos  */
90e161120fSchristos int	ssh_packet_next(struct ssh *ssh, u_char *typep);
91e161120fSchristos 
92e161120fSchristos /*
93e161120fSchristos  * ssh_packet_payload() returns a pointer to the raw payload data of
94e161120fSchristos  * the current input packet and the length of this payload.
95e161120fSchristos  * the payload is accessible until ssh_packet_next() is called again.
96e161120fSchristos  */
97e161120fSchristos const u_char	*ssh_packet_payload(struct ssh *ssh, size_t *lenp);
98e161120fSchristos 
99e161120fSchristos /*
100e161120fSchristos  * ssh_packet_put() creates an encrypted packet with the given type
101e161120fSchristos  * and payload.
102e161120fSchristos  * the encrypted packet is appended to the output byte-stream.
103e161120fSchristos  */
104e161120fSchristos int	ssh_packet_put(struct ssh *ssh, int type, const u_char *data,
105e161120fSchristos     size_t len);
106e161120fSchristos 
107e161120fSchristos /*
108e161120fSchristos  * ssh_input_space() checks if 'len' bytes can be appended to the
109e161120fSchristos  * input byte-stream.
110e161120fSchristos  */
111e161120fSchristos int	ssh_input_space(struct ssh *ssh, size_t len);
112e161120fSchristos 
113e161120fSchristos /*
114e161120fSchristos  * ssh_input_append() appends data to the input byte-stream.
115e161120fSchristos  */
116e161120fSchristos int	ssh_input_append(struct ssh *ssh, const u_char *data, size_t len);
117e161120fSchristos 
118e161120fSchristos /*
119e161120fSchristos  * ssh_output_space() checks if 'len' bytes can be appended to the
120e161120fSchristos  * output byte-stream. XXX
121e161120fSchristos  */
122e161120fSchristos int	ssh_output_space(struct ssh *ssh, size_t len);
123e161120fSchristos 
124e161120fSchristos /*
125e161120fSchristos  * ssh_output_ptr() retrieves both a pointer and the length of the
126e161120fSchristos  * current output byte-stream. the bytes need to be sent over the
127e161120fSchristos  * network. the number of bytes that have been successfully sent can
128e161120fSchristos  * be removed from the output byte-stream with ssh_output_consume().
129e161120fSchristos  */
130e161120fSchristos const u_char	*ssh_output_ptr(struct ssh *ssh, size_t *len);
131e161120fSchristos 
132e161120fSchristos /*
133e161120fSchristos  * ssh_output_consume() removes the given number of bytes from
134e161120fSchristos  * the output byte-stream.
135e161120fSchristos  */
136e161120fSchristos int	ssh_output_consume(struct ssh *ssh, size_t len);
137e161120fSchristos 
138e161120fSchristos #endif
139