1285031Sdes/* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */ 2285031Sdes/* 3285031Sdes * Copyright (c) 2012 Markus Friedl. All rights reserved. 4285031Sdes * 5285031Sdes * Permission to use, copy, modify, and distribute this software for any 6285031Sdes * purpose with or without fee is hereby granted, provided that the above 7285031Sdes * copyright notice and this permission notice appear in all copies. 8285031Sdes * 9285031Sdes * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10285031Sdes * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11285031Sdes * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12285031Sdes * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13285031Sdes * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14285031Sdes * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15285031Sdes * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16285031Sdes */ 17285031Sdes 18285031Sdes#ifndef API_H 19285031Sdes#define API_H 20285031Sdes 21285031Sdes#include <sys/types.h> 22285031Sdes#include <signal.h> 23285031Sdes 24285031Sdes#include "openbsd-compat/sys-queue.h" 25285031Sdes 26285031Sdes#include "cipher.h" 27285031Sdes#include "sshkey.h" 28285031Sdes#include "kex.h" 29285031Sdes#include "ssh.h" 30285031Sdes#include "ssh2.h" 31285031Sdes#include "packet.h" 32285031Sdes 33285031Sdesstruct kex_params { 34285031Sdes char *proposal[PROPOSAL_MAX]; 35285031Sdes}; 36285031Sdes 37285031Sdes/* public SSH API functions */ 38285031Sdes 39285031Sdes/* 40285031Sdes * ssh_init() create a ssh connection object with given (optional) 41285031Sdes * key exchange parameters. 42285031Sdes */ 43285031Sdesint ssh_init(struct ssh **, int is_server, struct kex_params *kex_params); 44285031Sdes 45285031Sdes/* 46285031Sdes * release ssh connection state. 47285031Sdes */ 48285031Sdesvoid ssh_free(struct ssh *); 49285031Sdes 50285031Sdes/* 51285031Sdes * attach application specific data to the connection state 52285031Sdes */ 53285031Sdesvoid ssh_set_app_data(struct ssh *, void *); 54285031Sdesvoid *ssh_get_app_data(struct ssh *); 55285031Sdes 56285031Sdes/* 57285031Sdes * ssh_add_hostkey() registers a private/public hostkey for an ssh 58285031Sdes * connection. 59285031Sdes * ssh_add_hostkey() needs to be called before a key exchange is 60285031Sdes * initiated with ssh_packet_next(). 61285031Sdes * private hostkeys are required if we need to act as a server. 62285031Sdes * public hostkeys are used to verify the servers hostkey. 63285031Sdes */ 64285031Sdesint ssh_add_hostkey(struct ssh *ssh, struct sshkey *key); 65285031Sdes 66285031Sdes/* 67285031Sdes * ssh_set_verify_host_key_callback() registers a callback function 68285031Sdes * which should be called instead of the default verification. The 69285031Sdes * function given must return 0 if the hostkey is ok, -1 if the 70285031Sdes * verification has failed. 71285031Sdes */ 72285031Sdesint ssh_set_verify_host_key_callback(struct ssh *ssh, 73285031Sdes int (*cb)(struct sshkey *, struct ssh *)); 74285031Sdes 75285031Sdes/* 76285031Sdes * ssh_packet_next() advances to the next input packet and returns 77285031Sdes * the packet type in typep. 78285031Sdes * ssh_packet_next() works by processing an input byte-stream, 79285031Sdes * decrypting the received data and hiding the key-exchange from 80285031Sdes * the caller. 81285031Sdes * ssh_packet_next() sets typep if there is no new packet available. 82285031Sdes * in this case the caller must fill the input byte-stream by passing 83285031Sdes * the data received over network to ssh_input_append(). 84285031Sdes * additinally, the caller needs to send the resulting output 85285031Sdes * byte-stream back over the network. otherwise the key exchange 86285031Sdes * would not proceed. the output byte-stream is accessed through 87285031Sdes * ssh_output_ptr(). 88285031Sdes */ 89285031Sdesint ssh_packet_next(struct ssh *ssh, u_char *typep); 90285031Sdes 91285031Sdes/* 92285031Sdes * ssh_packet_payload() returns a pointer to the raw payload data of 93285031Sdes * the current input packet and the length of this payload. 94285031Sdes * the payload is accessible until ssh_packet_next() is called again. 95285031Sdes */ 96285031Sdesconst u_char *ssh_packet_payload(struct ssh *ssh, size_t *lenp); 97285031Sdes 98285031Sdes/* 99285031Sdes * ssh_packet_put() creates an encrypted packet with the given type 100285031Sdes * and payload. 101285031Sdes * the encrypted packet is appended to the output byte-stream. 102285031Sdes */ 103285031Sdesint ssh_packet_put(struct ssh *ssh, int type, const u_char *data, 104285031Sdes size_t len); 105285031Sdes 106285031Sdes/* 107285031Sdes * ssh_input_space() checks if 'len' bytes can be appended to the 108285031Sdes * input byte-stream. 109285031Sdes */ 110285031Sdesint ssh_input_space(struct ssh *ssh, size_t len); 111285031Sdes 112285031Sdes/* 113285031Sdes * ssh_input_append() appends data to the input byte-stream. 114285031Sdes */ 115285031Sdesint ssh_input_append(struct ssh *ssh, const u_char *data, size_t len); 116285031Sdes 117285031Sdes/* 118285031Sdes * ssh_output_space() checks if 'len' bytes can be appended to the 119285031Sdes * output byte-stream. XXX 120285031Sdes */ 121285031Sdesint ssh_output_space(struct ssh *ssh, size_t len); 122285031Sdes 123285031Sdes/* 124285031Sdes * ssh_output_ptr() retrieves both a pointer and the length of the 125285031Sdes * current output byte-stream. the bytes need to be sent over the 126285031Sdes * network. the number of bytes that have been successfully sent can 127285031Sdes * be removed from the output byte-stream with ssh_output_consume(). 128285031Sdes */ 129285031Sdesconst u_char *ssh_output_ptr(struct ssh *ssh, size_t *len); 130285031Sdes 131285031Sdes/* 132285031Sdes * ssh_output_consume() removes the given number of bytes from 133285031Sdes * the output byte-stream. 134285031Sdes */ 135285031Sdesint ssh_output_consume(struct ssh *ssh, size_t len); 136285031Sdes 137285031Sdes#endif 138