1 /* 2 Copyright 2003,04 Aris Adamantiadis 3 4 This file is part of the SSH Library 5 6 The SSH Library is free software; you can redistribute it and/or modify 7 it under the terms of the GNU Lesser General Public License as published by 8 the Free Software Foundation; either version 2.1 of the License, or (at your 9 option) any later version. 10 11 The SSH Library is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 14 License for more details. 15 16 You should have received a copy of the GNU Lesser General Public License 17 along with the SSH Library; see the file COPYING. If not, write to 18 the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, 19 MA 02111-1307, USA. */ 20 21 /* priv.h file */ 22 /* This include file contains everything you shouldn't deal with in user programs. */ 23 /* Consider that anything in this file might change without notice; libssh.h file will keep */ 24 /* backward compatibility on binary & source */ 25 26 #ifndef _LIBSSH_PRIV_H 27 #define _LIBSSH_PRIV_H 28 #include "libssh/libssh.h" 29 30 /* Debugging constants */ 31 32 /* Define this if you want to debug crypto systems */ 33 /* it's usefull when you are debugging the lib */ 34 /*#define DEBUG_CRYPTO */ 35 36 /* some constants */ 37 #define MAX_PACKET_LEN 262144 38 #define ERROR_BUFFERLEN 1024 39 #define CLIENTBANNER "SSH-2.0-" LIBSSH_VERSION 40 #define KBDINT_MAX_PROMPT 256 /* more than openssh's :) */ 41 /* some types for public keys */ 42 #define TYPE_DSS 1 43 #define TYPE_RSA 2 44 #define TYPE_RSA1 3 45 46 /* profiling constants. Don't touch them unless you know what you do */ 47 #define OPENSSL_CRYPTO 48 #define OPENSSL_BIGNUMS 49 50 51 #ifdef __cplusplus 52 extern "C" { 53 #endif 54 55 /* wrapper things */ 56 57 #ifdef OPENSSL_CRYPTO 58 #include <openssl/dsa.h> 59 #include <openssl/rsa.h> 60 #include <openssl/sha.h> 61 #include <openssl/md5.h> 62 #include <openssl/hmac.h> 63 typedef SHA_CTX SHACTX; 64 typedef MD5_CTX MD5CTX; 65 typedef HMAC_CTX HMACCTX; 66 #ifdef MD5_DIGEST_LEN 67 #undef MD5_DIGEST_LEN 68 #endif 69 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH 70 #define MD5_DIGEST_LEN MD5_DIGEST_LENGTH 71 72 #endif /* OPENSSL_CRYPTO */ 73 #ifdef OPENSSL_BIGNUMS 74 #include <openssl/bn.h> 75 typedef BIGNUM* bignum; 76 typedef BN_CTX* bignum_CTX; 77 78 #define bignum_new() BN_new() 79 #define bignum_free(num) BN_clear_free(num) 80 #define bignum_set_word(bn,n) BN_set_word(bn,n) 81 #define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data) 82 #define bignum_bn2hex(num) BN_bn2hex(num) 83 #define bignum_rand(rnd, bits, top, bottom) BN_rand(rnd,bits,top,bottom) 84 #define bignum_ctx_new() BN_CTX_new() 85 #define bignum_ctx_free(num) BN_CTX_free(num) 86 #define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx) 87 #define bignum_num_bytes(num) BN_num_bytes(num) 88 #define bignum_num_bits(num) BN_num_bits(num) 89 #define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit) 90 #define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr) 91 92 #endif /* OPENSSL_BIGNUMS */ 93 #ifdef HAVE_SYS_TIME_H 94 #include <sys/time.h> 95 #endif 96 97 /* wrapper.c */ 98 MD5CTX *md5_init(void); 99 void md5_update(MD5CTX *c, const void *data, unsigned long len); 100 void md5_final(unsigned char *md,MD5CTX *c); 101 SHACTX *sha1_init(void); 102 void sha1_update(SHACTX *c, const void *data, unsigned long len); 103 void sha1_final(unsigned char *md,SHACTX *c); 104 void sha1(unsigned char *digest,int len,unsigned char *hash); 105 #define HMAC_SHA1 1 106 #define HMAC_MD5 2 107 HMACCTX *hmac_init(const void *key,int len,int type); 108 void hmac_update(HMACCTX *c, const void *data, unsigned long len); 109 void hmac_final(HMACCTX *ctx,unsigned char *hashmacbuf,int *len); 110 111 /* strings and buffers */ 112 /* must be 32 bits number + immediatly our data */ 113 struct string_struct { 114 u32 size; 115 char string[MAX_PACKET_LEN]; 116 } __attribute__ ((packed)); 117 118 119 struct buffer_struct { 120 char *data; 121 int used; 122 int allocated; 123 int pos; 124 }; 125 126 /* i should remove it one day */ 127 typedef struct packet_struct { 128 int valid; 129 u32 len; 130 u8 type; 131 } PACKET; 132 133 typedef struct kex_struct { 134 char cookie[16]; 135 char **methods; 136 } KEX; 137 138 struct public_key_struct { 139 int type; 140 char *type_c; /* Don't free it ! it is static */ 141 DSA *dsa_pub; 142 RSA *rsa_pub; 143 }; 144 145 struct private_key_struct { 146 int type; 147 DSA *dsa_priv; 148 RSA *rsa_priv; 149 }; 150 151 typedef struct signature_struct { 152 int type; 153 DSA_SIG *dsa_sign; 154 STRING *rsa_sign; 155 } SIGNATURE; 156 157 struct ssh_options_struct { 158 char *clientbanner; /* explicit banner to send */ 159 char *username; 160 char *host; 161 char *bindaddr; 162 char *identity; 163 char *ssh_dir; 164 char *known_hosts_file; 165 int fd; /* specificaly wanted file descriptor, don't connect host */ 166 int port; 167 int dont_verify_hostkey; /* Don't spare time, don't check host key ! unneeded to say it's dangerous and not safe */ 168 int use_nonexisting_algo; /* if user sets a not supported algorithm for kex, don't complain */ 169 char *wanted_methods[10]; /* the kex methods can be choosed. better use the kex fonctions to do that */ 170 void *wanted_cookie; /* wants a specific cookie to be sent ? if null, generate a new one */ 171 void *passphrase_function; /* this functions will be called if a keyphrase is needed. look keyfiles.c for more info */ 172 void (*connect_status_function)(void *arg, float status); /* status callback function */ 173 void *connect_status_arg; /* arbitrary argument */ 174 long timeout; /* seconds */ 175 long timeout_usec; 176 }; 177 178 typedef struct ssh_crypto_struct { 179 bignum e,f,x,k; 180 char session_id[SHA_DIGEST_LEN]; 181 182 char encryptIV[SHA_DIGEST_LEN]; 183 char decryptIV[SHA_DIGEST_LEN]; 184 185 char decryptkey[SHA_DIGEST_LEN*2]; 186 char encryptkey[SHA_DIGEST_LEN*2]; 187 188 char encryptMAC[SHA_DIGEST_LEN]; 189 char decryptMAC[SHA_DIGEST_LEN]; 190 char hmacbuf[EVP_MAX_MD_SIZE]; 191 struct crypto_struct *in_cipher, *out_cipher; /* the cipher structures/objects */ 192 STRING *server_pubkey; 193 char *server_pubkey_type; 194 int do_compress_out; /* idem */ 195 int do_compress_in; /* don't set them, set the option instead */ 196 void *compress_out_ctx; /* don't touch it */ 197 void *compress_in_ctx; /* really, don't */ 198 } CRYPTO; 199 200 struct channel_struct { 201 struct channel_struct *prev; 202 struct channel_struct *next; 203 SSH_SESSION *session; /* SSH_SESSION pointer */ 204 u32 local_channel; 205 u32 local_window; 206 int local_eof; 207 u32 local_maxpacket; 208 u32 remote_channel; 209 u32 remote_window; 210 int remote_eof; /* end of file received */ 211 u32 remote_maxpacket; 212 int open; /* shows if the channel is still opened */ 213 void (*write_fct)(struct channel_struct *channel, void *data, int len, void *userarg); 214 /* this write function is a callback on some userdefined function which is used for writing datas *coming from remote ssh* */ 215 /* use channel_write() to write into a ssh pipe */ 216 void (*write_err_fct)(struct channel_struct *channel, void *data, int len, void *userarg); 217 /* same as write_fct for stderr */ 218 BUFFER *stdout_buffer; 219 BUFFER *stderr_buffer; 220 void *userarg; 221 }; 222 223 struct ssh_session { 224 int fd; 225 SSH_OPTIONS *options; 226 char *serverbanner; 227 char *clientbanner; 228 int protoversion; 229 u32 send_seq; 230 u32 recv_seq; 231 int connected; /* !=0 when the user got a session handle */ 232 int alive; 233 int auth_service_asked; 234 int datatoread; /* reading now on socket will not block */ 235 STRING *banner; /* that's the issue banner from the server */ 236 BUFFER *in_buffer; 237 PACKET in_packet; 238 BUFFER *out_buffer; 239 KEX server_kex; 240 KEX client_kex; 241 BUFFER *in_hashbuf; 242 BUFFER *out_hashbuf; 243 CRYPTO *current_crypto; 244 CRYPTO *next_crypto; /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */ 245 CHANNEL *channels; /* linked list of channels */ 246 int maxchannel; 247 int error_code; 248 char error_buffer[ERROR_BUFFERLEN]; 249 struct ssh_kbdint *kbdint; 250 }; 251 252 struct ssh_kbdint { 253 u32 nprompts; 254 char *name; 255 char *instruction; 256 char **prompts; 257 char *echo; /* bool array */ 258 char **answers; 259 }; 260 261 /* errors.c */ 262 void ssh_set_error(SSH_SESSION *session,enum ssh_error code,char *descr,...); 263 264 /* in dh.c */ 265 /* DH key generation */ 266 void dh_generate_e(SSH_SESSION *session); 267 void dh_generate_x(SSH_SESSION *session); 268 STRING *dh_get_e(SSH_SESSION *session); 269 void dh_import_f(SSH_SESSION *session,STRING *f_string); 270 void dh_import_pubkey(SSH_SESSION *session,STRING *pubkey_string); 271 void dh_build_k(SSH_SESSION *session); 272 void make_sessionid(SSH_SESSION *session); 273 /* add data for the final cookie */ 274 void hashbufin_add_cookie(SSH_SESSION *session,unsigned char *cookie); 275 void hashbufout_add_cookie(SSH_SESSION *session); 276 void generate_session_keys(SSH_SESSION *session); 277 /* returns 1 if server signature ok, 0 otherwise. The NEXT crypto is checked, not the current one */ 278 int signature_verify(SSH_SESSION *session,STRING *signature); 279 bignum make_string_bn(STRING *string); 280 STRING *make_bignum_string(bignum num); 281 282 /* in crypt.c */ 283 u32 packet_decrypt_len(SSH_SESSION *session,char *crypted); 284 int packet_decrypt(SSH_SESSION *session, void *packet,unsigned int len); 285 char *packet_encrypt(SSH_SESSION *session,void *packet,unsigned int len); 286 /* it returns the hmac buffer if exists*/ 287 int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,char *mac); 288 289 /* in packet.c */ 290 void packet_clear_out(SSH_SESSION *session); 291 void packet_parse(SSH_SESSION *session); 292 int packet_send(SSH_SESSION *session); 293 int packet_read(SSH_SESSION *session); 294 int packet_translate(SSH_SESSION *session); 295 int packet_wait(SSH_SESSION *session,int type,int blocking); 296 297 /* connect.c */ 298 SSH_SESSION *ssh_session_new(); 299 int ssh_connect_host(const char *host,const char *bind_addr, int port, long timeout, long usec); 300 301 /* in kex.c */ 302 extern char *ssh_kex_nums[]; 303 void send_kex(SSH_SESSION *session,int server_kex); 304 void list_kex(KEX *kex); 305 int set_kex(SSH_SESSION *session); 306 int ssh_get_kex(SSH_SESSION *session, int server_kex); 307 int verify_existing_algo(int algo,char *name); 308 char **space_tokenize(char *chain); 309 310 /* in keys.c */ 311 char *ssh_type_to_char(int type); 312 PUBLIC_KEY *publickey_make_dss(BUFFER *buffer); 313 PUBLIC_KEY *publickey_make_rsa(BUFFER *buffer); 314 PUBLIC_KEY *publickey_from_string(STRING *pubkey_s); 315 SIGNATURE *signature_from_string(STRING *signature,PUBLIC_KEY *pubkey,int needed_type); 316 void signature_free(SIGNATURE *sign); 317 STRING *ssh_do_sign(SSH_SESSION *session,BUFFER *sigbuf, PRIVATE_KEY *privatekey); 318 319 /* channel.c */ 320 void channel_handle(SSH_SESSION *session, int type); 321 322 /* options.c */ 323 void options_free(SSH_OPTIONS *opt); 324 /* this function must be called when no specific username has been asked. it has to guess it */ 325 int options_default_username(SSH_OPTIONS *opt); 326 int options_default_ssh_dir(SSH_OPTIONS *opt); 327 int options_default_known_hosts_file(SSH_OPTIONS *opt); 328 329 /* buffer.c */ 330 void buffer_add_ssh_string(BUFFER *buffer,STRING *string); 331 void buffer_add_u8(BUFFER *buffer, u8 data); 332 void buffer_add_u32(BUFFER *buffer, u32 data); 333 void buffer_add_u64(BUFFER *buffer,u64 data); 334 void buffer_add_data(BUFFER *buffer, void *data, int len); 335 void buffer_add_data_begin(BUFFER *buffer,void *data,int len); 336 void buffer_add_buffer(BUFFER *buffer, BUFFER *source); 337 void buffer_reinit(BUFFER *buffer); 338 339 /* buffer_get_rest returns a pointer to the current position into the buffer */ 340 void *buffer_get_rest(BUFFER *buffer); 341 /* buffer_get_rest_len returns the number of bytes which can be read */ 342 int buffer_get_rest_len(BUFFER *buffer); 343 344 /* buffer_read_*() returns the number of bytes read, except for ssh strings */ 345 int buffer_get_u8(BUFFER *buffer,u8 *data); 346 int buffer_get_u32(BUFFER *buffer,u32 *data); 347 int buffer_get_u64(BUFFER *buffer, u64 *data); 348 349 int buffer_get_data(BUFFER *buffer,void *data,int requestedlen); 350 /* buffer_get_ssh_string() is an exception. if the String read is too large or invalid, it will answer NULL. */ 351 STRING *buffer_get_ssh_string(BUFFER *buffer); 352 /* buffer_pass_bytes acts as if len bytes have been read (used for padding) */ 353 int buffer_pass_bytes_end(BUFFER *buffer,int len); 354 int buffer_pass_bytes(BUFFER *buffer, int len); 355 356 /* in base64.c */ 357 BUFFER *base64_to_bin(char *source); 358 char *bin_to_base64(unsigned char *source, int len); 359 360 /* gzip.c */ 361 int compress_buffer(SSH_SESSION *session,BUFFER *buf); 362 int decompress_buffer(SSH_SESSION *session,BUFFER *buf); 363 364 /* wrapper.c */ 365 int crypt_set_algorithms(SSH_SESSION *); 366 CRYPTO *crypto_new(); 367 void crypto_free(CRYPTO *crypto); 368 bignum bignum_new(); 369 370 /* in misc.c */ 371 /* gets the user home dir. */ 372 char *ssh_get_user_home_dir(); 373 int ssh_file_readaccess_ok(char *file); 374 375 /* macro for byte ordering */ 376 u64 ntohll(u64); 377 #define htonll(x) ntohll(x) 378 379 380 #ifdef __cplusplus 381 } ; 382 #endif 383 384 #endif /* _LIBSSH_PRIV_H */ |