1285031Sdes/* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */
2285031Sdes/*
3285031Sdes * Copyright (c) 2012 Markus Friedl.  All rights reserved.
4285031Sdes *
5285031Sdes * Permission to use, copy, modify, and distribute this software for any
6285031Sdes * purpose with or without fee is hereby granted, provided that the above
7285031Sdes * copyright notice and this permission notice appear in all copies.
8285031Sdes *
9285031Sdes * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10285031Sdes * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11285031Sdes * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12285031Sdes * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13285031Sdes * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14285031Sdes * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15285031Sdes * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16285031Sdes */
17285031Sdes
18285031Sdes#ifndef API_H
19285031Sdes#define API_H
20285031Sdes
21285031Sdes#include <sys/types.h>
22285031Sdes#include <signal.h>
23285031Sdes
24285031Sdes#include "openbsd-compat/sys-queue.h"
25285031Sdes
26285031Sdes#include "cipher.h"
27285031Sdes#include "sshkey.h"
28285031Sdes#include "kex.h"
29285031Sdes#include "ssh.h"
30285031Sdes#include "ssh2.h"
31285031Sdes#include "packet.h"
32285031Sdes
33285031Sdesstruct kex_params {
34285031Sdes	char *proposal[PROPOSAL_MAX];
35285031Sdes};
36285031Sdes
37285031Sdes/* public SSH API functions */
38285031Sdes
39285031Sdes/*
40285031Sdes * ssh_init() create a ssh connection object with given (optional)
41285031Sdes * key exchange parameters.
42285031Sdes */
43285031Sdesint	ssh_init(struct ssh **, int is_server, struct kex_params *kex_params);
44285031Sdes
45285031Sdes/*
46285031Sdes * release ssh connection state.
47285031Sdes */
48285031Sdesvoid	ssh_free(struct ssh *);
49285031Sdes
50285031Sdes/*
51285031Sdes * attach application specific data to the connection state
52285031Sdes */
53285031Sdesvoid	ssh_set_app_data(struct ssh *, void *);
54285031Sdesvoid	*ssh_get_app_data(struct ssh *);
55285031Sdes
56285031Sdes/*
57285031Sdes * ssh_add_hostkey() registers a private/public hostkey for an ssh
58285031Sdes * connection.
59285031Sdes * ssh_add_hostkey() needs to be called before a key exchange is
60285031Sdes * initiated with ssh_packet_next().
61285031Sdes * private hostkeys are required if we need to act as a server.
62285031Sdes * public hostkeys are used to verify the servers hostkey.
63285031Sdes */
64285031Sdesint	ssh_add_hostkey(struct ssh *ssh, struct sshkey *key);
65285031Sdes
66285031Sdes/*
67285031Sdes * ssh_set_verify_host_key_callback() registers a callback function
68285031Sdes * which should be called instead of the default verification. The
69285031Sdes * function given must return 0 if the hostkey is ok, -1 if the
70285031Sdes * verification has failed.
71285031Sdes */
72285031Sdesint	ssh_set_verify_host_key_callback(struct ssh *ssh,
73285031Sdes    int (*cb)(struct sshkey *, struct ssh *));
74285031Sdes
75285031Sdes/*
76285031Sdes * ssh_packet_next() advances to the next input packet and returns
77285031Sdes * the packet type in typep.
78285031Sdes * ssh_packet_next() works by processing an input byte-stream,
79285031Sdes * decrypting the received data and hiding the key-exchange from
80285031Sdes * the caller.
81285031Sdes * ssh_packet_next() sets typep if there is no new packet available.
82285031Sdes * in this case the caller must fill the input byte-stream by passing
83285031Sdes * the data received over network to ssh_input_append().
84285031Sdes * additinally, the caller needs to send the resulting output
85285031Sdes * byte-stream back over the network. otherwise the key exchange
86285031Sdes * would not proceed. the output byte-stream is accessed through
87285031Sdes * ssh_output_ptr().
88285031Sdes */
89285031Sdesint	ssh_packet_next(struct ssh *ssh, u_char *typep);
90285031Sdes
91285031Sdes/*
92285031Sdes * ssh_packet_payload() returns a pointer to the raw payload data of
93285031Sdes * the current input packet and the length of this payload.
94285031Sdes * the payload is accessible until ssh_packet_next() is called again.
95285031Sdes */
96285031Sdesconst u_char	*ssh_packet_payload(struct ssh *ssh, size_t *lenp);
97285031Sdes
98285031Sdes/*
99285031Sdes * ssh_packet_put() creates an encrypted packet with the given type
100285031Sdes * and payload.
101285031Sdes * the encrypted packet is appended to the output byte-stream.
102285031Sdes */
103285031Sdesint	ssh_packet_put(struct ssh *ssh, int type, const u_char *data,
104285031Sdes    size_t len);
105285031Sdes
106285031Sdes/*
107285031Sdes * ssh_input_space() checks if 'len' bytes can be appended to the
108285031Sdes * input byte-stream.
109285031Sdes */
110285031Sdesint	ssh_input_space(struct ssh *ssh, size_t len);
111285031Sdes
112285031Sdes/*
113285031Sdes * ssh_input_append() appends data to the input byte-stream.
114285031Sdes */
115285031Sdesint	ssh_input_append(struct ssh *ssh, const u_char *data, size_t len);
116285031Sdes
117285031Sdes/*
118285031Sdes * ssh_output_space() checks if 'len' bytes can be appended to the
119285031Sdes * output byte-stream. XXX
120285031Sdes */
121285031Sdesint	ssh_output_space(struct ssh *ssh, size_t len);
122285031Sdes
123285031Sdes/*
124285031Sdes * ssh_output_ptr() retrieves both a pointer and the length of the
125285031Sdes * current output byte-stream. the bytes need to be sent over the
126285031Sdes * network. the number of bytes that have been successfully sent can
127285031Sdes * be removed from the output byte-stream with ssh_output_consume().
128285031Sdes */
129285031Sdesconst u_char	*ssh_output_ptr(struct ssh *ssh, size_t *len);
130285031Sdes
131285031Sdes/*
132285031Sdes * ssh_output_consume() removes the given number of bytes from
133285031Sdes * the output byte-stream.
134285031Sdes */
135285031Sdesint	ssh_output_consume(struct ssh *ssh, size_t len);
136285031Sdes
137285031Sdes#endif
138