11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* $OpenBSD: authfd.h,v 1.37 2009/08/27 17:44:52 djm Exp $ */ 21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Author: Tatu Ylonen <ylo@cs.hut.fi> 51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * All rights reserved 71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Functions to interface with the SSH_AUTHENTICATION_FD socket. 81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * As far as I am concerned, the code I have written for this software 101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * can be used freely for any purpose. Any derived versions of this 111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * software must be clearly marked as such, and if the derived work is 121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * incompatible with the protocol description in the RFC file, it must be 131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * called by a name other than "ssh" or "Secure Shell". 141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef AUTHFD_H 171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define AUTHFD_H 181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Messages for the authentication agent connection. */ 201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_RSA_CHALLENGE 3 231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_RSA_RESPONSE 4 241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_FAILURE 5 251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_SUCCESS 6 261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_ADD_RSA_IDENTITY 7 271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* private OpenSSH extensions for SSH2 */ 311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENTC_REQUEST_IDENTITIES 11 321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENT_IDENTITIES_ANSWER 12 331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENTC_SIGN_REQUEST 13 341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENT_SIGN_RESPONSE 14 351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENTC_ADD_IDENTITY 17 361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENTC_REMOVE_IDENTITY 18 371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* smartcard */ 401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_ADD_SMARTCARD_KEY 20 411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* lock/unlock the agent */ 441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_LOCK 22 451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_UNLOCK 23 461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* add key with constraints */ 481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_CONSTRAIN_LIFETIME 1 531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_CONSTRAIN_CONFIRM 2 541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* extended failure messages */ 561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH2_AGENT_FAILURE 30 571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* additional error code for ssh.com's ssh-agent2 */ 591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_COM_AGENT2_FAILURE 102 601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define SSH_AGENT_OLD_SIGNATURE 0x01 621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodtypedef struct { 641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int fd; 651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood Buffer identities; 661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int howmany; 671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} AuthenticationConnection; 681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_agent_present(void); 701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_get_authentication_socket(void); 711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid ssh_close_authentication_socket(int); 721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 731305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodAuthenticationConnection *ssh_get_authentication_connection(void); 741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid ssh_close_authentication_connection(AuthenticationConnection *); 751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_get_num_identities(AuthenticationConnection *, int); 761305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodKey *ssh_get_first_identity(AuthenticationConnection *, char **, int); 771305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodKey *ssh_get_next_identity(AuthenticationConnection *, char **, int); 781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_add_identity_constrained(AuthenticationConnection *, Key *, 791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *, u_int, u_int); 801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_remove_identity(AuthenticationConnection *, Key *); 811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_remove_all_identities(AuthenticationConnection *, int); 821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_lock_agent(AuthenticationConnection *, int, const char *); 831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint ssh_update_card(AuthenticationConnection *, int, const char *, 841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood const char *, u_int, u_int); 851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], 881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int, u_char[16]); 891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *, 921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int); 931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* AUTHFD_H */ 95