[openssh.git] / authfd.h

/*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * Functions to interface with the SSH_AUTHENTICATION_FD socket.
 *
 * As far as I am concerned, the code I have written for this software
 * can be used freely for any purpose.  Any derived versions of this
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
 */

/* RCSID("$OpenBSD: authfd.h,v 1.18 2001/06/26 06:32:47 itojun Exp $"); */

#ifndef AUTHFD_H
#define AUTHFD_H

#include "buffer.h"

/* Messages for the authentication agent connection. */
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
#define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
#define SSH_AGENTC_RSA_CHALLENGE		3
#define SSH_AGENT_RSA_RESPONSE			4
#define SSH_AGENT_FAILURE			5
#define SSH_AGENT_SUCCESS			6
#define SSH_AGENTC_ADD_RSA_IDENTITY		7
#define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9

/* private OpenSSH extensions for SSH2 */
#define SSH2_AGENTC_REQUEST_IDENTITIES		11
#define SSH2_AGENT_IDENTITIES_ANSWER		12
#define SSH2_AGENTC_SIGN_REQUEST		13
#define SSH2_AGENT_SIGN_RESPONSE		14
#define SSH2_AGENTC_ADD_IDENTITY		17
#define SSH2_AGENTC_REMOVE_IDENTITY		18
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19

/* smartcard */
#define SSH_AGENTC_ADD_SMARTCARD_KEY		20
#define SSH_AGENTC_REMOVE_SMARTCARD_KEY	        21

/* additional error code for ssh.com's ssh-agent2 */
#define SSH_COM_AGENT2_FAILURE                   102

#define	SSH_AGENT_OLD_SIGNATURE			0x01


typedef struct {
	int     fd;
	Buffer  identities;
	int     howmany;
}       AuthenticationConnection;

/* Returns the number of the authentication fd, or -1 if there is none. */
int     ssh_get_authentication_socket(void);

/*
 * This should be called for any descriptor returned by
 * ssh_get_authentication_socket().  Depending on the way the descriptor was
 * obtained, this may close the descriptor.
 */
void    ssh_close_authentication_socket(int);

/*
 * Opens and connects a private socket for communication with the
 * authentication agent.  Returns NULL if an error occurred and the
 * connection could not be opened.  The connection should be closed by the
 * caller by calling ssh_close_authentication_connection().
 */
AuthenticationConnection *ssh_get_authentication_connection(void);

/*
 * Closes the connection to the authentication agent and frees any associated
 * memory.
 */
void    ssh_close_authentication_connection(AuthenticationConnection *);

/*
 * Returns the number authentication identity held by the agent.
 */
int	ssh_get_num_identities(AuthenticationConnection *, int);

/*
 * Returns the first authentication identity held by the agent or NULL if
 * no identies are available. Caller must free comment and key.
 * Note that you cannot mix calls with different versions.
 */
Key	*ssh_get_first_identity(AuthenticationConnection *, char **, int);

/*
 * Returns the next authentication identity for the agent.  Other functions
 * can be called between this and ssh_get_first_identity or two calls of this
 * function.  This returns NULL if there are no more identities.  The caller
 * must free key and comment after a successful return.
 */
Key	*ssh_get_next_identity(AuthenticationConnection *, char **, int);

/*
 * Requests the agent to decrypt the given challenge.  Returns true if the
 * agent claims it was able to decrypt it.
 */
int
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
    u_int, u_char[16]);

/* Requests the agent to sign data using key */
int
ssh_agent_sign(AuthenticationConnection *, Key *, u_char **, int *,
    u_char *, int);

/*
 * Adds an identity to the authentication server.  This call is not meant to
 * be used by normal applications.  This returns true if the identity was
 * successfully added.
 */
int
ssh_add_identity(AuthenticationConnection *, Key *, const char *);

/*
 * Removes the identity from the authentication server.  This call is not
 * meant to be used by normal applications.  This returns true if the
 * identity was successfully added.
 */
int     ssh_remove_identity(AuthenticationConnection *, Key *);

/*
 * Removes all identities from the authentication agent.  This call is not
 * meant to be used by normal applications.  This returns true if the
 * operation was successful.
 */
int	ssh_remove_all_identities(AuthenticationConnection *, int);

int	ssh_update_card(AuthenticationConnection *, int, int);

#endif				/* AUTHFD_H */
Commit	Line	Data
8efc0c15	1	/*
5260325f	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
5260325f	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5260325f	4	* All rights reserved
5260325f	5	* Functions to interface with the SSH_AUTHENTICATION_FD socket.
6ae2364d	6	*
bcbf86ec	7	* As far as I am concerned, the code I have written for this software
	8	* can be used freely for any purpose. Any derived versions of this
	9	* software must be clearly marked as such, and if the derived work is
	10	* incompatible with the protocol description in the RFC file, it must be
	11	* called by a name other than "ssh" or "Secure Shell".
5260325f	12	*/
8efc0c15	13
2a1e4639	14	/* RCSID("$OpenBSD: authfd.h,v 1.18 2001/06/26 06:32:47 itojun Exp $"); */
8efc0c15	15
	16	#ifndef AUTHFD_H
	17	#define AUTHFD_H
	18
	19	#include "buffer.h"
	20
	21	/* Messages for the authentication agent connection. */
	22	#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
	23	#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
	24	#define SSH_AGENTC_RSA_CHALLENGE 3
	25	#define SSH_AGENT_RSA_RESPONSE 4
	26	#define SSH_AGENT_FAILURE 5
	27	#define SSH_AGENT_SUCCESS 6
	28	#define SSH_AGENTC_ADD_RSA_IDENTITY 7
	29	#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8
	30	#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9
	31
94ec8c6b	32	/* private OpenSSH extensions for SSH2 */
4c8722d9	33	#define SSH2_AGENTC_REQUEST_IDENTITIES 11
	34	#define SSH2_AGENT_IDENTITIES_ANSWER 12
	35	#define SSH2_AGENTC_SIGN_REQUEST 13
	36	#define SSH2_AGENT_SIGN_RESPONSE 14
4c8722d9	37	#define SSH2_AGENTC_ADD_IDENTITY 17
	38	#define SSH2_AGENTC_REMOVE_IDENTITY 18
	39	#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
	40
983def13	41	/* smartcard */
	42	#define SSH_AGENTC_ADD_SMARTCARD_KEY 20
	43	#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21
	44
94ec8c6b	45	/* additional error code for ssh.com's ssh-agent2 */
	46	#define SSH_COM_AGENT2_FAILURE 102
	47
188adeb2	48	#define SSH_AGENT_OLD_SIGNATURE 0x01
	49
	50
5260325f	51	typedef struct {
5260325f	52	int fd;
5260325f	53	Buffer identities;
	54	int howmany;
	55	} AuthenticationConnection;
2e73a022	56
8efc0c15	57	/* Returns the number of the authentication fd, or -1 if there is none. */
1e3b8b07	58	int ssh_get_authentication_socket(void);
8efc0c15	59
aa3378df	60	/*
	61	* This should be called for any descriptor returned by
	62	* ssh_get_authentication_socket(). Depending on the way the descriptor was
	63	* obtained, this may close the descriptor.
	64	*/
2a1e4639	65	void ssh_close_authentication_socket(int);
8efc0c15	66
aa3378df	67	/*
	68	* Opens and connects a private socket for communication with the
	69	* authentication agent. Returns NULL if an error occurred and the
	70	* connection could not be opened. The connection should be closed by the
	71	* caller by calling ssh_close_authentication_connection().
	72	*/
1e3b8b07	73	AuthenticationConnection *ssh_get_authentication_connection(void);
8efc0c15	74
aa3378df	75	/*
	76	* Closes the connection to the authentication agent and frees any associated
	77	* memory.
	78	*/
2a1e4639	79	void ssh_close_authentication_connection(AuthenticationConnection *);
8efc0c15	80
fa08c86b	81	/*
	82	* Returns the number authentication identity held by the agent.
	83	*/
2a1e4639	84	int ssh_get_num_identities(AuthenticationConnection *, int);
fa08c86b	85
aa3378df	86	/*
2e73a022	87	* Returns the first authentication identity held by the agent or NULL if
	88	* no identies are available. Caller must free comment and key.
	89	* Note that you cannot mix calls with different versions.
aa3378df	90	*/
2a1e4639	91	Key ssh_get_first_identity(AuthenticationConnection , char **, int);
8efc0c15	92
aa3378df	93	/*
	94	* Returns the next authentication identity for the agent. Other functions
	95	* can be called between this and ssh_get_first_identity or two calls of this
2e73a022	96	* function. This returns NULL if there are no more identities. The caller
2e73a022	97	* must free key and comment after a successful return.
aa3378df	98	*/
2a1e4639	99	Key ssh_get_next_identity(AuthenticationConnection , char **, int);
8efc0c15	100
2e73a022	101	/*
	102	* Requests the agent to decrypt the given challenge. Returns true if the
	103	* agent claims it was able to decrypt it.
	104	*/
6ae2364d	105	int
2a1e4639	106	ssh_decrypt_challenge(AuthenticationConnection , Key , BIGNUM *, u_char[16],
2a1e4639	107	u_int, u_char[16]);
8efc0c15	108
2e73a022	109	/* Requests the agent to sign data using key */
2e73a022	110	int
2a1e4639	111	ssh_agent_sign(AuthenticationConnection , Key , u_char *, int ,
2a1e4639	112	u_char *, int);
2e73a022	113
aa3378df	114	/*
	115	* Adds an identity to the authentication server. This call is not meant to
	116	* be used by normal applications. This returns true if the identity was
	117	* successfully added.
	118	*/
6ae2364d	119	int
2a1e4639	120	ssh_add_identity(AuthenticationConnection , Key , const char *);
8efc0c15	121
aa3378df	122	/*
	123	* Removes the identity from the authentication server. This call is not
	124	* meant to be used by normal applications. This returns true if the
	125	* identity was successfully added.
	126	*/
2a1e4639	127	int ssh_remove_identity(AuthenticationConnection , Key );
8efc0c15	128
aa3378df	129	/*
	130	* Removes all identities from the authentication agent. This call is not
	131	* meant to be used by normal applications. This returns true if the
	132	* operation was successful.
	133	*/
2a1e4639	134	int ssh_remove_all_identities(AuthenticationConnection *, int);
983def13	135
2a1e4639	136	int ssh_update_card(AuthenticationConnection *, int, int);
8efc0c15	137
5260325f	138	#endif /* AUTHFD_H */