[openssh.git] / authfd.h

/*
 *
 * authfd.h
 *
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 *
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 *
 * Created: Wed Mar 29 01:17:41 1995 ylo
 *
 * Functions to interface with the SSH_AUTHENTICATION_FD socket.
 *
 */

/* RCSID("$OpenBSD: authfd.h,v 1.10 2000/08/19 21:34:43 markus Exp $"); */

#ifndef AUTHFD_H
#define AUTHFD_H

#include "buffer.h"

/* Messages for the authentication agent connection. */
#define SSH_AGENTC_REQUEST_RSA_IDENTITIES	1
#define SSH_AGENT_RSA_IDENTITIES_ANSWER		2
#define SSH_AGENTC_RSA_CHALLENGE		3
#define SSH_AGENT_RSA_RESPONSE			4
#define SSH_AGENT_FAILURE			5
#define SSH_AGENT_SUCCESS			6
#define SSH_AGENTC_ADD_RSA_IDENTITY		7
#define SSH_AGENTC_REMOVE_RSA_IDENTITY		8
#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES	9

#define SSH2_AGENTC_REQUEST_IDENTITIES		11
#define SSH2_AGENT_IDENTITIES_ANSWER		12
#define SSH2_AGENTC_SIGN_REQUEST		13
#define SSH2_AGENT_SIGN_RESPONSE		14
#define SSH2_AGENTC_ADD_IDENTITY		17
#define SSH2_AGENTC_REMOVE_IDENTITY		18
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES	19

typedef struct {
	int     fd;
	Buffer  identities;
	int     howmany;
}       AuthenticationConnection;

/* Returns the number of the authentication fd, or -1 if there is none. */
int     ssh_get_authentication_socket();

/*
 * This should be called for any descriptor returned by
 * ssh_get_authentication_socket().  Depending on the way the descriptor was
 * obtained, this may close the descriptor.
 */
void    ssh_close_authentication_socket(int authfd);

/*
 * Opens and connects a private socket for communication with the
 * authentication agent.  Returns NULL if an error occurred and the
 * connection could not be opened.  The connection should be closed by the
 * caller by calling ssh_close_authentication_connection().
 */
AuthenticationConnection *ssh_get_authentication_connection();

/*
 * Closes the connection to the authentication agent and frees any associated
 * memory.
 */
void    ssh_close_authentication_connection(AuthenticationConnection *auth);

/*
 * Returns the first authentication identity held by the agent or NULL if
 * no identies are available. Caller must free comment and key.
 * Note that you cannot mix calls with different versions.
 */
Key	*ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version);

/*
 * Returns the next authentication identity for the agent.  Other functions
 * can be called between this and ssh_get_first_identity or two calls of this
 * function.  This returns NULL if there are no more identities.  The caller
 * must free key and comment after a successful return.
 */
Key	*ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version);

/*
 * Requests the agent to decrypt the given challenge.  Returns true if the
 * agent claims it was able to decrypt it.
 */
int
ssh_decrypt_challenge(AuthenticationConnection *auth,
    Key *key, BIGNUM * challenge,
    unsigned char session_id[16],
    unsigned int response_type,
    unsigned char response[16]);

/* Requests the agent to sign data using key */
int
ssh_agent_sign(AuthenticationConnection *auth,
    Key *key,
    unsigned char **sigp, int *lenp,
    unsigned char *data, int datalen);

/*
 * Adds an identity to the authentication server.  This call is not meant to
 * be used by normal applications.  This returns true if the identity was
 * successfully added.
 */
int
ssh_add_identity(AuthenticationConnection *auth, Key *key,
    const char *comment);

/*
 * Removes the identity from the authentication server.  This call is not
 * meant to be used by normal applications.  This returns true if the
 * identity was successfully added.
 */
int     ssh_remove_identity(AuthenticationConnection *auth, Key *key);

/*
 * Removes all identities from the authentication agent.  This call is not
 * meant to be used by normal applications.  This returns true if the
 * operation was successful.
 */
int     ssh_remove_all_identities(AuthenticationConnection *auth, int version);

#endif				/* AUTHFD_H */
Commit	Line	Data
8efc0c15	1	/*
6ae2364d	2	*
5260325f	3	* authfd.h
6ae2364d	4	*
5260325f	5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
6ae2364d	6	*
5260325f	7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5260325f	8	* All rights reserved
6ae2364d	9	*
5260325f	10	* Created: Wed Mar 29 01:17:41 1995 ylo
6ae2364d	11	*
5260325f	12	* Functions to interface with the SSH_AUTHENTICATION_FD socket.
6ae2364d	13	*
5260325f	14	*/
8efc0c15	15
2e73a022	16	/* RCSID("$OpenBSD: authfd.h,v 1.10 2000/08/19 21:34:43 markus Exp $"); */
8efc0c15	17
	18	#ifndef AUTHFD_H
	19	#define AUTHFD_H
	20
	21	#include "buffer.h"
	22
	23	/* Messages for the authentication agent connection. */
	24	#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
	25	#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
	26	#define SSH_AGENTC_RSA_CHALLENGE 3
	27	#define SSH_AGENT_RSA_RESPONSE 4
	28	#define SSH_AGENT_FAILURE 5
	29	#define SSH_AGENT_SUCCESS 6
	30	#define SSH_AGENTC_ADD_RSA_IDENTITY 7
	31	#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8
	32	#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9
	33
4c8722d9	34	#define SSH2_AGENTC_REQUEST_IDENTITIES 11
	35	#define SSH2_AGENT_IDENTITIES_ANSWER 12
	36	#define SSH2_AGENTC_SIGN_REQUEST 13
	37	#define SSH2_AGENT_SIGN_RESPONSE 14
4c8722d9	38	#define SSH2_AGENTC_ADD_IDENTITY 17
	39	#define SSH2_AGENTC_REMOVE_IDENTITY 18
	40	#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
	41
5260325f	42	typedef struct {
5260325f	43	int fd;
5260325f	44	Buffer identities;
	45	int howmany;
	46	} AuthenticationConnection;
2e73a022	47
8efc0c15	48	/* Returns the number of the authentication fd, or -1 if there is none. */
5260325f	49	int ssh_get_authentication_socket();
8efc0c15	50
aa3378df	51	/*
	52	* This should be called for any descriptor returned by
	53	* ssh_get_authentication_socket(). Depending on the way the descriptor was
	54	* obtained, this may close the descriptor.
	55	*/
5260325f	56	void ssh_close_authentication_socket(int authfd);
8efc0c15	57
aa3378df	58	/*
	59	* Opens and connects a private socket for communication with the
	60	* authentication agent. Returns NULL if an error occurred and the
	61	* connection could not be opened. The connection should be closed by the
	62	* caller by calling ssh_close_authentication_connection().
	63	*/
8efc0c15	64	AuthenticationConnection *ssh_get_authentication_connection();
8efc0c15	65
aa3378df	66	/*
	67	* Closes the connection to the authentication agent and frees any associated
	68	* memory.
	69	*/
2e73a022	70	void ssh_close_authentication_connection(AuthenticationConnection *auth);
8efc0c15	71
aa3378df	72	/*
2e73a022	73	* Returns the first authentication identity held by the agent or NULL if
	74	* no identies are available. Caller must free comment and key.
	75	* Note that you cannot mix calls with different versions.
aa3378df	76	*/
2e73a022	77	Key ssh_get_first_identity(AuthenticationConnection auth, char **comment, int version);
8efc0c15	78
aa3378df	79	/*
	80	* Returns the next authentication identity for the agent. Other functions
	81	* can be called between this and ssh_get_first_identity or two calls of this
2e73a022	82	* function. This returns NULL if there are no more identities. The caller
2e73a022	83	* must free key and comment after a successful return.
aa3378df	84	*/
2e73a022	85	Key ssh_get_next_identity(AuthenticationConnection auth, char **comment, int version);
8efc0c15	86
2e73a022	87	/*
	88	* Requests the agent to decrypt the given challenge. Returns true if the
	89	* agent claims it was able to decrypt it.
	90	*/
6ae2364d	91	int
2e73a022	92	ssh_decrypt_challenge(AuthenticationConnection *auth,
2e73a022	93	Key key, BIGNUM challenge,
5260325f	94	unsigned char session_id[16],
	95	unsigned int response_type,
	96	unsigned char response[16]);
8efc0c15	97
2e73a022	98	/* Requests the agent to sign data using key */
	99	int
	100	ssh_agent_sign(AuthenticationConnection *auth,
	101	Key *key,
	102	unsigned char *sigp, int lenp,
	103	unsigned char *data, int datalen);
	104
aa3378df	105	/*
	106	* Adds an identity to the authentication server. This call is not meant to
	107	* be used by normal applications. This returns true if the identity was
	108	* successfully added.
	109	*/
6ae2364d	110	int
2e73a022	111	ssh_add_identity(AuthenticationConnection auth, Key key,
aa3378df	112	const char *comment);
8efc0c15	113
aa3378df	114	/*
	115	* Removes the identity from the authentication server. This call is not
	116	* meant to be used by normal applications. This returns true if the
	117	* identity was successfully added.
	118	*/
2e73a022	119	int ssh_remove_identity(AuthenticationConnection auth, Key key);
8efc0c15	120
aa3378df	121	/*
	122	* Removes all identities from the authentication agent. This call is not
	123	* meant to be used by normal applications. This returns true if the
	124	* operation was successful.
	125	*/
2e73a022	126	int ssh_remove_all_identities(AuthenticationConnection *auth, int version);
8efc0c15	127
5260325f	128	#endif /* AUTHFD_H */