diff options
Diffstat (limited to 'include/libssh/priv.h')
-rw-r--r-- | include/libssh/priv.h | 444 |
1 files changed, 444 insertions, 0 deletions
diff --git a/include/libssh/priv.h b/include/libssh/priv.h new file mode 100644 index 00000000..5899fb6a --- /dev/null +++ b/include/libssh/priv.h @@ -0,0 +1,444 @@ +/* +Copyright 2003,04 Aris Adamantiadis + +This file is part of the SSH Library + +The SSH Library is free software; you can redistribute it and/or modify +it under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; either version 2.1 of the License, or (at your +option) any later version. + +The SSH Library is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +License for more details. + +You should have received a copy of the GNU Lesser General Public License +along with the SSH Library; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, +MA 02111-1307, USA. */ + +/* priv.h file */ +/* This include file contains everything you shouldn't deal with in user programs. */ +/* Consider that anything in this file might change without notice; libssh.h file will keep */ +/* backward compatibility on binary & source */ + +#ifndef _LIBSSH_PRIV_H +#define _LIBSSH_PRIV_H +#include "libssh/libssh.h" + +/* Debugging constants */ + +/* Define this if you want to debug crypto systems */ +/* it's usefull when you are debugging the lib */ +/*#define DEBUG_CRYPTO */ + +/* some constants */ +#define MAX_PACKET_LEN 262144 +#define ERROR_BUFFERLEN 1024 +#define CLIENTBANNER1 "SSH-1.5-" LIBSSH_VERSION +#define CLIENTBANNER2 "SSH-2.0-" LIBSSH_VERSION +#define KBDINT_MAX_PROMPT 256 /* more than openssh's :) */ +/* some types for public keys */ +#define TYPE_DSS 1 +#define TYPE_RSA 2 +#define TYPE_RSA1 3 + +/* profiling constants. Don't touch them unless you know what you do */ +#define OPENSSL_CRYPTO +#define OPENSSL_BIGNUMS + + +#ifdef __cplusplus +extern "C" { +#endif + +/* wrapper things */ + +#ifdef OPENSSL_CRYPTO +#include <openssl/dsa.h> +#include <openssl/rsa.h> +#include <openssl/sha.h> +#include <openssl/md5.h> +#include <openssl/hmac.h> +typedef SHA_CTX SHACTX; +typedef MD5_CTX MD5CTX; +typedef HMAC_CTX HMACCTX; +#ifdef MD5_DIGEST_LEN + #undef MD5_DIGEST_LEN +#endif +#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH +#define MD5_DIGEST_LEN MD5_DIGEST_LENGTH + +#endif /* OPENSSL_CRYPTO */ +#ifdef OPENSSL_BIGNUMS +#include <openssl/bn.h> +typedef BIGNUM* bignum; +typedef BN_CTX* bignum_CTX; + +#define bignum_new() BN_new() +#define bignum_free(num) BN_clear_free(num) +#define bignum_set_word(bn,n) BN_set_word(bn,n) +#define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data) +#define bignum_bn2hex(num) BN_bn2hex(num) +#define bignum_rand(rnd, bits, top, bottom) BN_rand(rnd,bits,top,bottom) +#define bignum_ctx_new() BN_CTX_new() +#define bignum_ctx_free(num) BN_CTX_free(num) +#define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx) +#define bignum_num_bytes(num) BN_num_bytes(num) +#define bignum_num_bits(num) BN_num_bits(num) +#define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit) +#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr) + +#endif /* OPENSSL_BIGNUMS */ +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif + +/* wrapper.c */ +MD5CTX *md5_init(void); +void md5_update(MD5CTX *c, const void *data, unsigned long len); +void md5_final(unsigned char *md,MD5CTX *c); +SHACTX *sha1_init(void); +void sha1_update(SHACTX *c, const void *data, unsigned long len); +void sha1_final(unsigned char *md,SHACTX *c); +void sha1(unsigned char *digest,int len,unsigned char *hash); +#define HMAC_SHA1 1 +#define HMAC_MD5 2 +HMACCTX *hmac_init(const void *key,int len,int type); +void hmac_update(HMACCTX *c, const void *data, unsigned long len); +void hmac_final(HMACCTX *ctx,unsigned char *hashmacbuf,int *len); + +/* strings and buffers */ +/* must be 32 bits number + immediatly our data */ +struct string_struct { + u32 size; + char string[MAX_PACKET_LEN]; +} __attribute__ ((packed)); + + +struct buffer_struct { + char *data; + int used; + int allocated; + int pos; +}; + +/* i should remove it one day */ +typedef struct packet_struct { + int valid; + u32 len; + u8 type; +} PACKET; + +typedef struct kex_struct { + char cookie[16]; + char **methods; +} KEX; + +struct public_key_struct { + int type; + char *type_c; /* Don't free it ! it is static */ + DSA *dsa_pub; + RSA *rsa_pub; +}; + +struct private_key_struct { + int type; + DSA *dsa_priv; + RSA *rsa_priv; +}; + +typedef struct signature_struct { + int type; + DSA_SIG *dsa_sign; + STRING *rsa_sign; +} SIGNATURE; + +struct ssh_options_struct { + char *banner; /* explicit banner to send */ + char *username; + char *host; + char *bindaddr; + int bindport; + char *identity; + char *ssh_dir; + char *known_hosts_file; + int fd; /* specificaly wanted file descriptor, don't connect host */ + int port; + int dont_verify_hostkey; /* Don't spare time, don't check host key ! unneeded to say it's dangerous and not safe */ + int use_nonexisting_algo; /* if user sets a not supported algorithm for kex, don't complain */ + char *wanted_methods[10]; /* the kex methods can be choosed. better use the kex fonctions to do that */ + void *wanted_cookie; /* wants a specific cookie to be sent ? if null, generate a new one */ + void *passphrase_function; /* this functions will be called if a keyphrase is needed. look keyfiles.c for more info */ + void (*connect_status_function)(void *arg, float status); /* status callback function */ + void *connect_status_arg; /* arbitrary argument */ + long timeout; /* seconds */ + long timeout_usec; + int ssh2allowed; + int ssh1allowed; +}; + +typedef struct ssh_crypto_struct { + bignum e,f,x,k; + char session_id[SHA_DIGEST_LEN]; + + char encryptIV[SHA_DIGEST_LEN*2]; + char decryptIV[SHA_DIGEST_LEN*2]; + + char decryptkey[SHA_DIGEST_LEN*2]; + char encryptkey[SHA_DIGEST_LEN*2]; + + char encryptMAC[SHA_DIGEST_LEN]; + char decryptMAC[SHA_DIGEST_LEN]; + char hmacbuf[EVP_MAX_MD_SIZE]; + struct crypto_struct *in_cipher, *out_cipher; /* the cipher structures/objects */ + STRING *server_pubkey; + char *server_pubkey_type; + int do_compress_out; /* idem */ + int do_compress_in; /* don't set them, set the option instead */ + void *compress_out_ctx; /* don't touch it */ + void *compress_in_ctx; /* really, don't */ +} CRYPTO; + +struct channel_struct { + struct channel_struct *prev; + struct channel_struct *next; + SSH_SESSION *session; /* SSH_SESSION pointer */ + u32 local_channel; + u32 local_window; + int local_eof; + u32 local_maxpacket; + + u32 remote_channel; + u32 remote_window; + int remote_eof; /* end of file received */ + u32 remote_maxpacket; + int open; /* shows if the channel is still opened */ + int delayed_close; + BUFFER *stdout_buffer; + BUFFER *stderr_buffer; + void *userarg; + int version; + int blocking; +}; + +struct ssh_session { + int fd; + SSH_OPTIONS *options; + char *serverbanner; + char *clientbanner; + int protoversion; + u32 send_seq; + u32 recv_seq; +/* status flags */ + int closed; + int closed_by_except; + + int connected; + /* !=0 when the user got a session handle */ + int alive; + /* two previous are deprecated */ + int auth_service_asked; + +/* socket status */ + int data_to_read; /* reading now on socket will + not block */ + int data_to_write; + int data_except; + int blocking; // functions should not block + + STRING *banner; /* that's the issue banner from + the server */ + char *remotebanner; /* that's the SSH- banner from + remote host. */ + char *discon_msg; /* disconnect message from + the remote host */ + BUFFER *in_buffer; + PACKET in_packet; + BUFFER *out_buffer; + KEX server_kex; + KEX client_kex; + BUFFER *in_hashbuf; + BUFFER *out_hashbuf; + CRYPTO *current_crypto; + CRYPTO *next_crypto; /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */ + + int channel_bytes_toread; /* left number of bytes + in the channel buffers + */ + CHANNEL *channels; /* linked list of channels */ + int maxchannel; + int exec_channel_opened; /* version 1 only. more + info in channels1.c */ + +/* error handling */ + int error_code; + char error_buffer[ERROR_BUFFERLEN]; +/* keyb interactive data */ + struct ssh_kbdint *kbdint; + int version; /* 1 or 2 */ +}; + +struct ssh_kbdint { + u32 nprompts; + char *name; + char *instruction; + char **prompts; + char *echo; /* bool array */ + char **answers; +}; +/* session.c */ + +void ssh_cleanup(SSH_SESSION *session); + + +/* errors.c */ +void ssh_set_error(SSH_SESSION *session,int code,char *descr,...); + +/* in dh.c */ +/* DH key generation */ +void dh_generate_e(SSH_SESSION *session); +void dh_generate_x(SSH_SESSION *session); +STRING *dh_get_e(SSH_SESSION *session); +void dh_import_f(SSH_SESSION *session,STRING *f_string); +void dh_import_pubkey(SSH_SESSION *session,STRING *pubkey_string); +void dh_build_k(SSH_SESSION *session); +void make_sessionid(SSH_SESSION *session); +/* add data for the final cookie */ +void hashbufin_add_cookie(SSH_SESSION *session,unsigned char *cookie); +void hashbufout_add_cookie(SSH_SESSION *session); +void generate_session_keys(SSH_SESSION *session); +/* returns 1 if server signature ok, 0 otherwise. The NEXT crypto is checked, not the current one */ +int signature_verify(SSH_SESSION *session,STRING *signature); +bignum make_string_bn(STRING *string); +STRING *make_bignum_string(bignum num); + +/* in crypt.c */ +u32 packet_decrypt_len(SSH_SESSION *session,char *crypted); +int packet_decrypt(SSH_SESSION *session, void *packet,unsigned int len); +char *packet_encrypt(SSH_SESSION *session,void *packet,unsigned int len); + /* it returns the hmac buffer if exists*/ +int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,char *mac); + +/* in packet.c */ +void packet_clear_out(SSH_SESSION *session); +void packet_parse(SSH_SESSION *session); +int packet_send(SSH_SESSION *session); + +int packet_read(SSH_SESSION *session); +int packet_translate(SSH_SESSION *session); +int packet_wait(SSH_SESSION *session,int type,int blocking); + +/* connect.c */ +SSH_SESSION *ssh_session_new(); +int ssh_connect_host(SSH_SESSION *session, const char *host,const char + *bind_addr, int port, long timeout, long usec); + +/* in kex.c */ +extern char *ssh_kex_nums[]; +void send_kex(SSH_SESSION *session,int server_kex); +void list_kex(KEX *kex); +int set_kex(SSH_SESSION *session); +int ssh_get_kex(SSH_SESSION *session, int server_kex); +int verify_existing_algo(int algo,char *name); +char **space_tokenize(char *chain); +int ssh_get_kex1(SSH_SESSION *session); + +/* in keys.c */ +char *ssh_type_to_char(int type); +PUBLIC_KEY *publickey_make_dss(BUFFER *buffer); +PUBLIC_KEY *publickey_make_rsa(BUFFER *buffer,char *type); +PUBLIC_KEY *publickey_from_string(STRING *pubkey_s); +SIGNATURE *signature_from_string(STRING *signature,PUBLIC_KEY *pubkey,int needed_type); +void signature_free(SIGNATURE *sign); +STRING *ssh_do_sign(SSH_SESSION *session,BUFFER *sigbuf, + PRIVATE_KEY *privatekey); +STRING *ssh_encrypt_rsa1(SSH_SESSION *session, STRING *data, PUBLIC_KEY *key); +/* channel.c */ +void channel_handle(SSH_SESSION *session, int type); +CHANNEL *channel_new(SSH_SESSION *session); +void channel_default_bufferize(CHANNEL *channel, void *data, int len, + int is_stderr); +/* options.c */ +void options_free(SSH_OPTIONS *opt); +/* this function must be called when no specific username has been asked. it has to guess it */ +int options_default_username(SSH_OPTIONS *opt); +int options_default_ssh_dir(SSH_OPTIONS *opt); +int options_default_known_hosts_file(SSH_OPTIONS *opt); + +/* buffer.c */ +void buffer_add_ssh_string(BUFFER *buffer,STRING *string); +void buffer_add_u8(BUFFER *buffer, u8 data); +void buffer_add_u32(BUFFER *buffer, u32 data); +void buffer_add_u64(BUFFER *buffer,u64 data); +void buffer_add_data(BUFFER *buffer, void *data, int len); +void buffer_add_data_begin(BUFFER *buffer,void *data,int len); +void buffer_add_buffer(BUFFER *buffer, BUFFER *source); +void buffer_reinit(BUFFER *buffer); + +/* buffer_get_rest returns a pointer to the current position into the buffer */ +void *buffer_get_rest(BUFFER *buffer); +/* buffer_get_rest_len returns the number of bytes which can be read */ +int buffer_get_rest_len(BUFFER *buffer); + +/* buffer_read_*() returns the number of bytes read, except for ssh strings */ +int buffer_get_u8(BUFFER *buffer,u8 *data); +int buffer_get_u32(BUFFER *buffer,u32 *data); +int buffer_get_u64(BUFFER *buffer, u64 *data); + +int buffer_get_data(BUFFER *buffer,void *data,int requestedlen); +/* buffer_get_ssh_string() is an exception. if the String read is too large or invalid, it will answer NULL. */ +STRING *buffer_get_ssh_string(BUFFER *buffer); +/* gets a string out of a SSH-1 mpint */ +STRING *buffer_get_mpint(BUFFER *buffer); +/* buffer_pass_bytes acts as if len bytes have been read (used for padding) */ +int buffer_pass_bytes_end(BUFFER *buffer,int len); +int buffer_pass_bytes(BUFFER *buffer, int len); + +/* in base64.c */ +BUFFER *base64_to_bin(char *source); +char *bin_to_base64(unsigned char *source, int len); + +/* gzip.c */ +int compress_buffer(SSH_SESSION *session,BUFFER *buf); +int decompress_buffer(SSH_SESSION *session,BUFFER *buf); + +/* wrapper.c */ +int crypt_set_algorithms(SSH_SESSION *); +CRYPTO *crypto_new(); +void crypto_free(CRYPTO *crypto); +bignum bignum_new(); + +/* crc32.c */ +u32 ssh_crc32(char *buffer, int len); + +/* auth1.c */ +int ssh_userauth1_none(SSH_SESSION *session, char *username); +int ssh_userauth1_offer_pubkey(SSH_SESSION *session, char *username, + int type, STRING *pubkey); +int ssh_userauth1_password(SSH_SESSION *session, char *username, + char *password); +/* in misc.c */ +/* gets the user home dir. */ +char *ssh_get_user_home_dir(); +int ssh_file_readaccess_ok(char *file); + +/* macro for byte ordering */ +u64 ntohll(u64); +#define htonll(x) ntohll(x) + +/* channels1.c */ +CHANNEL *channel_open_session1(SSH_SESSION *session); +int channel_request_pty_size1(CHANNEL *channel, char *terminal,int cols, + int rows); +int channel_change_pty_size1(CHANNEL *channel, int cols, int rows); +int channel_request_shell1(CHANNEL *channel); +int channel_request_exec1(CHANNEL *channel, char *cmd); +void channel_handle1(SSH_SESSION *session,int type); +int channel_write1(CHANNEL *channel, void *data, int len); +#ifdef __cplusplus +} ; +#endif + +#endif /* _LIBSSH_PRIV_H */ |