1 /* 2 Copyright 2003,04 Aris Adamantiadis 3 4 This file is part of the SSH Library 5 6 The SSH Library is free software; you can redistribute it and/or modify 7 it under the terms of the GNU Lesser General Public License as published by 8 the Free Software Foundation; either version 2.1 of the License, or (at your 9 option) any later version. 10 11 The SSH Library is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 14 License for more details. 15 16 You should have received a copy of the GNU Lesser General Public License 17 along with the SSH Library; see the file COPYING. If not, write to 18 the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, 19 MA 02111-1307, USA. */ 20 21 /* priv.h file */ 22 /* This include file contains everything you shouldn't deal with in user programs. */ 23 /* Consider that anything in this file might change without notice; libssh.h file will keep */ 24 /* backward compatibility on binary & source */ 25 26 #ifndef _LIBSSH_PRIV_H 27 #define _LIBSSH_PRIV_H 28 #include "libssh/libssh.h" 29 30 #ifdef HAVE_CONFIG_H 31 #include "libssh/config.h" 32 #endif 33 34 #ifdef HAVE_WINDOWS_H 35 #include <windows.h> 36 #define HAVE_SELECT 1 37 #define HAVE_GETHOSTBYADDR 1 38 #define HAVE_GETHOSTBYNAME 1 39 #define HAVE_INET_ADDR 1 40 #undef HAVE_INET_ATON 41 #undef HAVE_SIGNAL 42 #endif 43 44 #ifdef HAVE_UNISTD_H 45 #include <unistd.h> 46 #endif 47 48 #ifdef HAVE_MALLOC 49 #if HAVE_MALLOC == 0 50 void *rpl_malloc(size_t n); 51 #endif 52 #endif 53 54 /* Debugging constants */ 55 56 /* Define this if you want to debug crypto systems */ 57 /* it's usefull when you are debugging the lib */ 58 /*#define DEBUG_CRYPTO */ 59 60 /* some constants */ 61 #define MAX_PACKET_LEN 262144 62 #define ERROR_BUFFERLEN 1024 63 #define CLIENTBANNER "SSH-2.0-" LIBSSH_VERSION 64 #define KBDINT_MAX_PROMPT 256 /* more than openssh's :) */ 65 /* some types for public keys */ 66 #define TYPE_DSS 1 67 #define TYPE_RSA 2 68 #define TYPE_RSA1 3 69 70 /* profiling constants. Don't touch them unless you know what you do */ 71 #define OPENSSL_CRYPTO 72 #define OPENSSL_BIGNUMS 73 74 75 #ifdef __cplusplus 76 extern "C" { 77 #endif 78 79 /* wrapper things */ 80 81 #ifdef OPENSSL_CRYPTO 82 #include <openssl/dsa.h> 83 #include <openssl/rsa.h> 84 #include <openssl/sha.h> 85 #include <openssl/md5.h> 86 #include <openssl/hmac.h> 87 typedef SHA_CTX SHACTX; 88 typedef MD5_CTX MD5CTX; 89 typedef HMAC_CTX HMACCTX; 90 #ifdef MD5_DIGEST_LEN 91 #undef MD5_DIGEST_LEN 92 #endif 93 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH 94 #define MD5_DIGEST_LEN MD5_DIGEST_LENGTH 95 96 #endif /* OPENSSL_CRYPTO */ 97 #ifdef OPENSSL_BIGNUMS 98 #include <openssl/bn.h> 99 typedef BIGNUM* bignum; 100 typedef BN_CTX* bignum_CTX; 101 102 #define bignum_new() BN_new() 103 #define bignum_free(num) BN_clear_free(num) 104 #define bignum_set_word(bn,n) BN_set_word(bn,n) 105 #define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data) 106 #define bignum_bn2hex(num) BN_bn2hex(num) 107 #define bignum_rand(rnd, bits, top, bottom) BN_rand(rnd,bits,top,bottom) 108 #define bignum_ctx_new() BN_CTX_new() 109 #define bignum_ctx_free(num) BN_CTX_free(num) 110 #define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx) 111 #define bignum_num_bytes(num) BN_num_bytes(num) 112 #define bignum_num_bits(num) BN_num_bits(num) 113 #define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit) 114 #define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr) 115 116 #endif /* OPENSSL_BIGNUMS */ 117 #ifdef HAVE_SYS_TIME_H 118 #include <sys/time.h> 119 #endif 120 121 /* wrapper.c */ 122 MD5CTX *md5_init(void); 123 void md5_update(MD5CTX *c, const void *data, unsigned long len); 124 void md5_final(unsigned char *md,MD5CTX *c); 125 SHACTX *sha1_init(void); 126 void sha1_update(SHACTX *c, const void *data, unsigned long len); 127 void sha1_final(unsigned char *md,SHACTX *c); 128 void sha1(unsigned char *digest,int len,unsigned char *hash); 129 #define HMAC_SHA1 1 130 #define HMAC_MD5 2 131 HMACCTX *hmac_init(const void *key,int len,int type); 132 void hmac_update(HMACCTX *c, const void *data, unsigned long len); 133 void hmac_final(HMACCTX *ctx,unsigned char *hashmacbuf,int *len); 134 135 /* strings and buffers */ 136 /* must be 32 bits number + immediatly our data */ 137 struct string_struct { 138 u32 size; 139 char string[MAX_PACKET_LEN]; 140 } __attribute__ ((packed)); 141 142 143 struct buffer_struct { 144 char *data; 145 int used; 146 int allocated; 147 int pos; 148 }; 149 150 /* i should remove it one day */ 151 typedef struct packet_struct { 152 int valid; 153 u32 len; 154 u8 type; 155 } PACKET; 156 157 typedef struct kex_struct { 158 char cookie[16]; 159 char **methods; 160 } KEX; 161 162 struct public_key_struct { 163 int type; 164 char *type_c; /* Don't free it ! it is static */ 165 DSA *dsa_pub; 166 RSA *rsa_pub; 167 }; 168 169 struct private_key_struct { 170 int type; 171 DSA *dsa_priv; 172 RSA *rsa_priv; 173 }; 174 175 typedef struct signature_struct { 176 int type; 177 DSA_SIG *dsa_sign; 178 STRING *rsa_sign; 179 } SIGNATURE; 180 181 struct ssh_options_struct { 182 char *clientbanner; /* explicit banner to send */ 183 char *username; 184 char *host; 185 char *bindaddr; 186 char *identity; 187 char *ssh_dir; 188 char *known_hosts_file; 189 int fd; /* specificaly wanted file descriptor, don't connect host */ 190 int port; 191 int dont_verify_hostkey; /* Don't spare time, don't check host key ! unneeded to say it's dangerous and not safe */ 192 int use_nonexisting_algo; /* if user sets a not supported algorithm for kex, don't complain */ 193 char *wanted_methods[10]; /* the kex methods can be choosed. better use the kex fonctions to do that */ 194 void *wanted_cookie; /* wants a specific cookie to be sent ? if null, generate a new one */ 195 void *passphrase_function; /* this functions will be called if a keyphrase is needed. look keyfiles.c for more info */ 196 void (*connect_status_function)(void *arg, float status); /* status callback function */ 197 void *connect_status_arg; /* arbitrary argument */ 198 long timeout; /* seconds */ 199 long timeout_usec; 200 }; 201 202 typedef struct ssh_crypto_struct { 203 bignum e,f,x,k; 204 char session_id[SHA_DIGEST_LEN]; 205 206 char encryptIV[SHA_DIGEST_LEN]; 207 char decryptIV[SHA_DIGEST_LEN]; 208 209 char decryptkey[SHA_DIGEST_LEN*2]; 210 char encryptkey[SHA_DIGEST_LEN*2]; 211 212 char encryptMAC[SHA_DIGEST_LEN]; 213 char decryptMAC[SHA_DIGEST_LEN]; 214 char hmacbuf[EVP_MAX_MD_SIZE]; 215 struct crypto_struct *in_cipher, *out_cipher; /* the cipher structures/objects */ 216 STRING *server_pubkey; 217 char *server_pubkey_type; 218 int do_compress_out; /* idem */ 219 int do_compress_in; /* don't set them, set the option instead */ 220 void *compress_out_ctx; /* don't touch it */ 221 void *compress_in_ctx; /* really, don't */ 222 } CRYPTO; 223 224 struct channel_struct { 225 struct channel_struct *prev; 226 struct channel_struct *next; 227 SSH_SESSION *session; /* SSH_SESSION pointer */ 228 u32 local_channel; 229 u32 local_window; 230 int local_eof; 231 u32 local_maxpacket; 232 u32 remote_channel; 233 u32 remote_window; 234 int remote_eof; /* end of file received */ 235 u32 remote_maxpacket; 236 int open; /* shows if the channel is still opened */ 237 void (*write_fct)(struct channel_struct *channel, void *data, int len, void *userarg); 238 /* this write function is a callback on some userdefined function which is used for writing datas *coming from remote ssh* */ 239 /* use channel_write() to write into a ssh pipe */ 240 void (*write_err_fct)(struct channel_struct *channel, void *data, int len, void *userarg); 241 /* same as write_fct for stderr */ 242 BUFFER *stdout_buffer; 243 BUFFER *stderr_buffer; 244 void *userarg; 245 }; 246 247 struct ssh_session { 248 int fd; 249 SSH_OPTIONS *options; 250 char *serverbanner; 251 char *clientbanner; 252 int protoversion; 253 u32 send_seq; 254 u32 recv_seq; 255 int connected; /* !=0 when the user got a session handle */ 256 int alive; 257 int auth_service_asked; 258 int datatoread; /* reading now on socket will not block */ 259 STRING *banner; /* that's the issue banner from the server */ 260 BUFFER *in_buffer; 261 PACKET in_packet; 262 BUFFER *out_buffer; 263 KEX server_kex; 264 KEX client_kex; 265 BUFFER *in_hashbuf; 266 BUFFER *out_hashbuf; 267 CRYPTO *current_crypto; 268 CRYPTO *next_crypto; /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */ 269 CHANNEL *channels; /* linked list of channels */ 270 int maxchannel; 271 int error_code; 272 char error_buffer[ERROR_BUFFERLEN]; 273 struct ssh_kbdint *kbdint; 274 }; 275 276 struct ssh_kbdint { 277 u32 nprompts; 278 char *name; 279 char *instruction; 280 char **prompts; 281 char *echo; /* bool array */ 282 char **answers; 283 }; 284 285 /* errors.c */ 286 void ssh_set_error(SSH_SESSION *session,enum ssh_error code,char *descr,...); 287 288 /* in dh.c */ 289 /* DH key generation */ 290 void dh_generate_e(SSH_SESSION *session); 291 void dh_generate_x(SSH_SESSION *session); 292 STRING *dh_get_e(SSH_SESSION *session); 293 void dh_import_f(SSH_SESSION *session,STRING *f_string); 294 void dh_import_pubkey(SSH_SESSION *session,STRING *pubkey_string); 295 void dh_build_k(SSH_SESSION *session); 296 void make_sessionid(SSH_SESSION *session); 297 /* add data for the final cookie */ 298 void hashbufin_add_cookie(SSH_SESSION *session,unsigned char *cookie); 299 void hashbufout_add_cookie(SSH_SESSION *session); 300 void generate_session_keys(SSH_SESSION *session); 301 /* returns 1 if server signature ok, 0 otherwise. The NEXT crypto is checked, not the current one */ 302 int signature_verify(SSH_SESSION *session,STRING *signature); 303 bignum make_string_bn(STRING *string); 304 STRING *make_bignum_string(bignum num); 305 306 /* in crypt.c */ 307 u32 packet_decrypt_len(SSH_SESSION *session,char *crypted); 308 int packet_decrypt(SSH_SESSION *session, void *packet,unsigned int len); 309 char *packet_encrypt(SSH_SESSION *session,void *packet,unsigned int len); 310 /* it returns the hmac buffer if exists*/ 311 int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,char *mac); 312 313 /* in packet.c */ 314 void packet_clear_out(SSH_SESSION *session); 315 void packet_parse(SSH_SESSION *session); 316 int packet_send(SSH_SESSION *session); 317 int packet_read(SSH_SESSION *session); 318 int packet_translate(SSH_SESSION *session); 319 int packet_wait(SSH_SESSION *session,int type,int blocking); 320 321 /* connect.c */ 322 SSH_SESSION *ssh_session_new(); 323 int ssh_connect_host(const char *host,const char *bind_addr, int port, long timeout, long usec); 324 int ssh_net_init(void); 325 326 /* in kex.c */ 327 extern char *ssh_kex_nums[]; 328 void send_kex(SSH_SESSION *session,int server_kex); 329 void list_kex(KEX *kex); 330 int set_kex(SSH_SESSION *session); 331 int ssh_get_kex(SSH_SESSION *session, int server_kex); 332 int verify_existing_algo(int algo,char *name); 333 char **space_tokenize(char *chain); 334 335 /* in keys.c */ 336 char *ssh_type_to_char(int type); 337 PUBLIC_KEY *publickey_make_dss(BUFFER *buffer); 338 PUBLIC_KEY *publickey_make_rsa(BUFFER *buffer); 339 PUBLIC_KEY *publickey_from_string(STRING *pubkey_s); 340 SIGNATURE *signature_from_string(STRING *signature,PUBLIC_KEY *pubkey,int needed_type); 341 void signature_free(SIGNATURE *sign); 342 STRING *ssh_do_sign(SSH_SESSION *session,BUFFER *sigbuf, PRIVATE_KEY *privatekey); 343 344 /* channel.c */ 345 void channel_handle(SSH_SESSION *session, int type); 346 347 /* options.c */ 348 void options_free(SSH_OPTIONS *opt); 349 /* this function must be called when no specific username has been asked. it has to guess it */ 350 int options_default_username(SSH_OPTIONS *opt); 351 int options_default_ssh_dir(SSH_OPTIONS *opt); 352 int options_default_known_hosts_file(SSH_OPTIONS *opt); 353 354 /* buffer.c */ 355 void buffer_add_ssh_string(BUFFER *buffer,STRING *string); 356 void buffer_add_u8(BUFFER *buffer, u8 data); 357 void buffer_add_u32(BUFFER *buffer, u32 data); 358 void buffer_add_u64(BUFFER *buffer,u64 data); 359 void buffer_add_data(BUFFER *buffer, void *data, int len); 360 void buffer_add_data_begin(BUFFER *buffer,void *data,int len); 361 void buffer_add_buffer(BUFFER *buffer, BUFFER *source); 362 void buffer_reinit(BUFFER *buffer); 363 364 /* buffer_get_rest returns a pointer to the current position into the buffer */ 365 void *buffer_get_rest(BUFFER *buffer); 366 /* buffer_get_rest_len returns the number of bytes which can be read */ 367 int buffer_get_rest_len(BUFFER *buffer); 368 369 /* buffer_read_*() returns the number of bytes read, except for ssh strings */ 370 int buffer_get_u8(BUFFER *buffer,u8 *data); 371 int buffer_get_u32(BUFFER *buffer,u32 *data); 372 int buffer_get_u64(BUFFER *buffer, u64 *data); 373 374 int buffer_get_data(BUFFER *buffer,void *data,int requestedlen); 375 /* buffer_get_ssh_string() is an exception. if the String read is too large or invalid, it will answer NULL. */ 376 STRING *buffer_get_ssh_string(BUFFER *buffer); 377 /* buffer_pass_bytes acts as if len bytes have been read (used for padding) */ 378 int buffer_pass_bytes_end(BUFFER *buffer,int len); 379 int buffer_pass_bytes(BUFFER *buffer, int len); 380 381 /* in base64.c */ 382 BUFFER *base64_to_bin(char *source); 383 char *bin_to_base64(unsigned char *source, int len); 384 385 /* gzip.c */ 386 int compress_buffer(SSH_SESSION *session,BUFFER *buf); 387 int decompress_buffer(SSH_SESSION *session,BUFFER *buf); 388 389 /* wrapper.c */ 390 int crypt_set_algorithms(SSH_SESSION *); 391 CRYPTO *crypto_new(); 392 void crypto_free(CRYPTO *crypto); 393 bignum bignum_new(); 394 395 /* in misc.c */ 396 /* gets the user home dir. */ 397 char *ssh_get_user_home_dir(); 398 int ssh_file_readaccess_ok(char *file); 399 400 /* macro for byte ordering */ 401 u64 ntohll(u64); 402 #define htonll(x) ntohll(x) 403 404 405 #ifdef __cplusplus 406 } ; 407 #endif 408 409 #endif /* _LIBSSH_PRIV_H */ |