ssh.h
Go to the documentation of this file.
1 /**
2  * @file ssh.h
3  * @brief Secure Shell (SSH)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2022 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSH Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.2.0
29  **/
30 
31 #ifndef _SSH_H
32 #define _SSH_H
33 
34 //Dependencies
35 #include "ssh_config.h"
36 #include "ssh_legacy.h"
37 #include "ssh_types.h"
38 #include "ssh_cert_parse.h"
39 #include "core/net.h"
40 #include "core/crypto.h"
43 #include "hash/hash_algorithms.h"
44 #include "mac/mac_algorithms.h"
45 #include "aead/aead_algorithms.h"
46 #include "pkc/dh.h"
47 #include "ecc/ecdh.h"
48 
49 
50 /*
51  * CycloneSSH Open is licensed under GPL version 2. In particular:
52  *
53  * - If you link your program to CycloneCRYPTO Open, the result is a derivative
54  * work that can only be distributed under the same GPL license terms.
55  *
56  * - If additions or changes to CycloneCRYPTO Open are made, the result is a
57  * derivative work that can only be distributed under the same license terms.
58  *
59  * - The GPL license requires that you make the source code available to
60  * whoever you make the binary available to.
61  *
62  * - If you sell or distribute a hardware product that runs CycloneCRYPTO Open,
63  * the GPL license requires you to provide public and full access to all
64  * source code on a nondiscriminatory basis.
65  *
66  * If you fully understand and accept the terms of the GPL license, then edit
67  * the os_port_config.h header and add the following directive:
68  *
69  * #define GPL_LICENSE_TERMS_ACCEPTED
70  */
71 
72 #ifndef GPL_LICENSE_TERMS_ACCEPTED
73  #error Before compiling CycloneSSH Open, you must accept the terms of the GPL license
74 #endif
75 
76 //Version string
77 #define CYCLONE_SSH_VERSION_STRING "2.2.0"
78 //Major version
79 #define CYCLONE_SSH_MAJOR_VERSION 2
80 //Minor version
81 #define CYCLONE_SSH_MINOR_VERSION 2
82 //Revision number
83 #define CYCLONE_SSH_REV_NUMBER 0
84 
85 //SSH support
86 #ifndef SSH_SUPPORT
87  #define SSH_SUPPORT ENABLED
88 #elif (SSH_SUPPORT != ENABLED && SSH_SUPPORT != DISABLED)
89  #error SSH_SUPPORT parameter is not valid
90 #endif
91 
92 //SSH client support
93 #ifndef SSH_CLIENT_SUPPORT
94  #define SSH_CLIENT_SUPPORT ENABLED
95 #elif (SSH_CLIENT_SUPPORT != ENABLED && SSH_CLIENT_SUPPORT != DISABLED)
96  #error SSH_CLIENT_SUPPORT parameter is not valid
97 #endif
98 
99 //SSH server support
100 #ifndef SSH_SERVER_SUPPORT
101  #define SSH_SERVER_SUPPORT ENABLED
102 #elif (SSH_SERVER_SUPPORT != ENABLED && SSH_SERVER_SUPPORT != DISABLED)
103  #error SSH_SERVER_SUPPORT parameter is not valid
104 #endif
105 
106 //Public key authentication support
107 #ifndef SSH_PUBLIC_KEY_AUTH_SUPPORT
108  #define SSH_PUBLIC_KEY_AUTH_SUPPORT ENABLED
109 #elif (SSH_PUBLIC_KEY_AUTH_SUPPORT != ENABLED && SSH_PUBLIC_KEY_AUTH_SUPPORT != DISABLED)
110  #error SSH_PUBLIC_KEY_AUTH_SUPPORT parameter is not valid
111 #endif
112 
113 //Password authentication support
114 #ifndef SSH_PASSWORD_AUTH_SUPPORT
115  #define SSH_PASSWORD_AUTH_SUPPORT ENABLED
116 #elif (SSH_PASSWORD_AUTH_SUPPORT != ENABLED && SSH_PASSWORD_AUTH_SUPPORT != DISABLED)
117  #error SSH_PASSWORD_AUTH_SUPPORT parameter is not valid
118 #endif
119 
120 //Certificate support (OpenSSH format)
121 #ifndef SSH_CERT_SUPPORT
122  #define SSH_CERT_SUPPORT DISABLED
123 #elif (SSH_CERT_SUPPORT != ENABLED && SSH_CERT_SUPPORT != DISABLED)
124  #error SSH_CERT_SUPPORT parameter is not valid
125 #endif
126 
127 //Extension negotiation mechanism
128 #ifndef SSH_EXT_INFO_SUPPORT
129  #define SSH_EXT_INFO_SUPPORT DISABLED
130 #elif (SSH_EXT_INFO_SUPPORT != ENABLED && SSH_EXT_INFO_SUPPORT != DISABLED)
131  #error SSH_EXT_INFO_SUPPORT parameter is not valid
132 #endif
133 
134 //"server-sig-algs" extension support
135 #ifndef SSH_SERVER_SIG_ALGS_EXT_SUPPORT
136  #define SSH_SERVER_SIG_ALGS_EXT_SUPPORT ENABLED
137 #elif (SSH_SERVER_SIG_ALGS_EXT_SUPPORT != ENABLED && SSH_SERVER_SIG_ALGS_EXT_SUPPORT != DISABLED)
138  #error SSH_SERVER_SIG_ALGS_EXT_SUPPORT parameter is not valid
139 #endif
140 
141 //"global-requests-ok" extension support
142 #ifndef SSH_GLOBAL_REQ_OK_EXT_SUPPORT
143  #define SSH_GLOBAL_REQ_OK_EXT_SUPPORT DISABLED
144 #elif (SSH_GLOBAL_REQ_OK_EXT_SUPPORT != ENABLED && SSH_GLOBAL_REQ_OK_EXT_SUPPORT != DISABLED)
145  #error SSH_GLOBAL_REQ_OK_EXT_SUPPORT parameter is not valid
146 #endif
147 
148 //Signature generation/verification callback functions
149 #ifndef SSH_SIGN_CALLBACK_SUPPORT
150  #define SSH_SIGN_CALLBACK_SUPPORT DISABLED
151 #elif (SSH_SIGN_CALLBACK_SUPPORT != ENABLED && SSH_SIGN_CALLBACK_SUPPORT != DISABLED)
152  #error SSH_SIGN_CALLBACK_SUPPORT parameter is not valid
153 #endif
154 
155 //ECDH callback functions
156 #ifndef SSH_ECDH_CALLBACK_SUPPORT
157  #define SSH_ECDH_CALLBACK_SUPPORT DISABLED
158 #elif (SSH_ECDH_CALLBACK_SUPPORT != ENABLED && SSH_ECDH_CALLBACK_SUPPORT != DISABLED)
159  #error SSH_ECDH_CALLBACK_SUPPORT parameter is not valid
160 #endif
161 
162 //Maximum number of keys the SSH entity can load
163 #ifndef SSH_MAX_HOST_KEYS
164  #define SSH_MAX_HOST_KEYS 3
165 #elif (SSH_MAX_HOST_KEYS < 1)
166  #error SSH_MAX_HOST_KEYS parameter is not valid
167 #endif
168 
169 //Maximum number of simultaneous connections
170 #ifndef SSH_MAX_CONNECTIONS
171  #define SSH_MAX_CONNECTIONS 10
172 #elif (SSH_MAX_CONNECTIONS < 1)
173  #error SSH_MAX_CONNECTIONS parameter is not valid
174 #endif
175 
176 //Maximum number of global request callbacks that can be attached
177 #ifndef SSH_MAX_GLOBAL_REQ_CALLBACKS
178  #define SSH_MAX_GLOBAL_REQ_CALLBACKS 3
179 #elif (SSH_MAX_GLOBAL_REQ_CALLBACKS < 1)
180  #error SSH_MAX_GLOBAL_REQ_CALLBACKS parameter is not valid
181 #endif
182 
183 //Maximum number of channel request callbacks that can be attached
184 #ifndef SSH_MAX_CHANNEL_REQ_CALLBACKS
185  #define SSH_MAX_CHANNEL_REQ_CALLBACKS 3
186 #elif (SSH_MAX_CHANNEL_REQ_CALLBACKS < 1)
187  #error SSH_MAX_CHANNEL_REQ_CALLBACKS parameter is not valid
188 #endif
189 
190 //Maximum number of channel open callbacks that can be attached
191 #ifndef SSH_MAX_CHANNEL_OPEN_CALLBACKS
192  #define SSH_MAX_CHANNEL_OPEN_CALLBACKS 1
193 #elif (SSH_MAX_CHANNEL_OPEN_CALLBACKS < 1)
194  #error SSH_MAX_CHANNEL_OPEN_CALLBACKS parameter is not valid
195 #endif
196 
197 //Maximum number of connection open callbacks that can be attached
198 #ifndef SSH_MAX_CONN_OPEN_CALLBACKS
199  #define SSH_MAX_CONN_OPEN_CALLBACKS 1
200 #elif (SSH_MAX_CONN_OPEN_CALLBACKS < 1)
201  #error SSH_MAX_CONN_OPEN_CALLBACKS parameter is not valid
202 #endif
203 
204 //Maximum number of connection close callbacks that can be attached
205 #ifndef SSH_MAX_CONN_CLOSE_CALLBACKS
206  #define SSH_MAX_CONN_CLOSE_CALLBACKS 1
207 #elif (SSH_MAX_CONN_CLOSE_CALLBACKS < 1)
208  #error SSH_MAX_CONN_CLOSE_CALLBACKS parameter is not valid
209 #endif
210 
211 //Maximum number of authentication attempts
212 #ifndef SSH_MAX_AUTH_ATTEMPTS
213  #define SSH_MAX_AUTH_ATTEMPTS 10
214 #elif (SSH_MAX_AUTH_ATTEMPTS < 1 && SSH_MAX_AUTH_ATTEMPTS > 20)
215  #error SSH_MAX_AUTH_ATTEMPTS parameter is not valid
216 #endif
217 
218 //Maximum packet size
219 #ifndef SSH_MAX_PACKET_SIZE
220  #define SSH_MAX_PACKET_SIZE 2048
221 #elif (SSH_MAX_PACKET_SIZE < 128)
222  #error SSH_MAX_PACKET_SIZE parameter is not valid
223 #endif
224 
225 //Size of channel TX/RX buffers
226 #ifndef SSH_CHANNEL_BUFFER_SIZE
227  #define SSH_CHANNEL_BUFFER_SIZE 2048
228 #elif (SSH_CHANNEL_BUFFER_SIZE < 128)
229  #error SSH_CHANNEL_BUFFER_SIZE parameter is not valid
230 #endif
231 
232 //Maximum length of identification string
233 #ifndef SSH_MAX_ID_LEN
234  #define SSH_MAX_ID_LEN 80
235 #elif (SSH_MAX_ID_LEN < 1)
236  #error SSH_MAX_ID_LEN parameter is not valid
237 #endif
238 
239 //Maximum length of the user name
240 #ifndef SSH_MAX_USERNAME_LEN
241  #define SSH_MAX_USERNAME_LEN 32
242 #elif (SSH_MAX_USERNAME_LEN < 0)
243  #error SSH_MAX_USERNAME_LEN parameter is not valid
244 #endif
245 
246 //Maximum length of the password
247 #ifndef SSH_MAX_PASSWORD_LEN
248  #define SSH_MAX_PASSWORD_LEN 32
249 #elif (SSH_MAX_PASSWORD_LEN < 0)
250  #error SSH_MAX_PASSWORD_LEN parameter is not valid
251 #endif
252 
253 //Maximum length of password change prompt
254 #ifndef SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN
255  #define SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN 0
256 #elif (SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN < 0)
257  #error SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN parameter is not valid
258 #endif
259 
260 //Encrypt-then-MAC mode support
261 #ifndef SSH_ETM_SUPPORT
262  #define SSH_ETM_SUPPORT DISABLED
263 #elif (SSH_ETM_SUPPORT != ENABLED && SSH_ETM_SUPPORT != DISABLED)
264  #error SSH_ETM_SUPPORT parameter is not valid
265 #endif
266 
267 //Stream cipher support (insecure)
268 #ifndef SSH_STREAM_CIPHER_SUPPORT
269  #define SSH_STREAM_CIPHER_SUPPORT DISABLED
270 #elif (SSH_STREAM_CIPHER_SUPPORT != ENABLED && SSH_STREAM_CIPHER_SUPPORT != DISABLED)
271  #error SSH_STREAM_CIPHER_SUPPORT parameter is not valid
272 #endif
273 
274 //CBC cipher mode support (weak)
275 #ifndef SSH_CBC_CIPHER_SUPPORT
276  #define SSH_CBC_CIPHER_SUPPORT DISABLED
277 #elif (SSH_CBC_CIPHER_SUPPORT != ENABLED && SSH_CBC_CIPHER_SUPPORT != DISABLED)
278  #error SSH_CBC_CIPHER_SUPPORT parameter is not valid
279 #endif
280 
281 //CTR cipher mode support
282 #ifndef SSH_CTR_CIPHER_SUPPORT
283  #define SSH_CTR_CIPHER_SUPPORT ENABLED
284 #elif (SSH_CTR_CIPHER_SUPPORT != ENABLED && SSH_CTR_CIPHER_SUPPORT != DISABLED)
285  #error SSH_CTR_CIPHER_SUPPORT parameter is not valid
286 #endif
287 
288 //GCM AEAD support (OpenSSH variant)
289 #ifndef SSH_GCM_CIPHER_SUPPORT
290  #define SSH_GCM_CIPHER_SUPPORT ENABLED
291 #elif (SSH_GCM_CIPHER_SUPPORT != ENABLED && SSH_GCM_CIPHER_SUPPORT != DISABLED)
292  #error SSH_GCM_CIPHER_SUPPORT parameter is not valid
293 #endif
294 
295 //GCM AEAD support (RFC 5647 variant)
296 #ifndef SSH_RFC5647_SUPPORT
297  #define SSH_RFC5647_SUPPORT DISABLED
298 #elif (SSH_RFC5647_SUPPORT != ENABLED && SSH_RFC5647_SUPPORT != DISABLED)
299  #error SSH_RFC5647_SUPPORT parameter is not valid
300 #endif
301 
302 //ChaCha20Poly1305 AEAD support
303 #ifndef SSH_CHACHA20_POLY1305_SUPPORT
304  #define SSH_CHACHA20_POLY1305_SUPPORT DISABLED
305 #elif (SSH_CHACHA20_POLY1305_SUPPORT != ENABLED && SSH_CHACHA20_POLY1305_SUPPORT != DISABLED)
306  #error SSH_CHACHA20_POLY1305_SUPPORT parameter is not valid
307 #endif
308 
309 //RC4 128-bit cipher support (insecure)
310 #ifndef SSH_RC4_128_SUPPORT
311  #define SSH_RC4_128_SUPPORT DISABLED
312 #elif (SSH_RC4_128_SUPPORT != ENABLED && SSH_RC4_128_SUPPORT != DISABLED)
313  #error SSH_RC4_128_SUPPORT parameter is not valid
314 #endif
315 
316 //RC4 256-bit cipher support (insecure)
317 #ifndef SSH_RC4_256_SUPPORT
318  #define SSH_RC4_256_SUPPORT DISABLED
319 #elif (SSH_RC4_256_SUPPORT != ENABLED && SSH_RC4_256_SUPPORT != DISABLED)
320  #error SSH_RC4_256_SUPPORT parameter is not valid
321 #endif
322 
323 //CAST-128 cipher support (insecure)
324 #ifndef SSH_CAST128_SUPPORT
325  #define SSH_CAST128_SUPPORT DISABLED
326 #elif (SSH_CAST128_SUPPORT != ENABLED && SSH_CAST128_SUPPORT != DISABLED)
327  #error SSH_CAST128_SUPPORT parameter is not valid
328 #endif
329 
330 //IDEA cipher support (insecure)
331 #ifndef SSH_IDEA_SUPPORT
332  #define SSH_IDEA_SUPPORT DISABLED
333 #elif (SSH_IDEA_SUPPORT != ENABLED && SSH_IDEA_SUPPORT != DISABLED)
334  #error SSH_IDEA_SUPPORT parameter is not valid
335 #endif
336 
337 //Blowfish cipher support (insecure)
338 #ifndef SSH_BLOWFISH_SUPPORT
339  #define SSH_BLOWFISH_SUPPORT DISABLED
340 #elif (SSH_BLOWFISH_SUPPORT != ENABLED && SSH_BLOWFISH_SUPPORT != DISABLED)
341  #error SSH_BLOWFISH_SUPPORT parameter is not valid
342 #endif
343 
344 //Triple DES cipher support (weak)
345 #ifndef SSH_3DES_SUPPORT
346  #define SSH_3DES_SUPPORT DISABLED
347 #elif (SSH_3DES_SUPPORT != ENABLED && SSH_3DES_SUPPORT != DISABLED)
348  #error SSH_3DES_SUPPORT parameter is not valid
349 #endif
350 
351 //AES 128-bit cipher support
352 #ifndef SSH_AES_128_SUPPORT
353  #define SSH_AES_128_SUPPORT ENABLED
354 #elif (SSH_AES_128_SUPPORT != ENABLED && SSH_AES_128_SUPPORT != DISABLED)
355  #error SSH_AES_128_SUPPORT parameter is not valid
356 #endif
357 
358 //AES 192-bit cipher support
359 #ifndef SSH_AES_192_SUPPORT
360  #define SSH_AES_192_SUPPORT ENABLED
361 #elif (SSH_AES_192_SUPPORT != ENABLED && SSH_AES_192_SUPPORT != DISABLED)
362  #error SSH_AES_192_SUPPORT parameter is not valid
363 #endif
364 
365 //AES 256-bit cipher support
366 #ifndef SSH_AES_256_SUPPORT
367  #define SSH_AES_256_SUPPORT ENABLED
368 #elif (SSH_AES_256_SUPPORT != ENABLED && SSH_AES_256_SUPPORT != DISABLED)
369  #error SSH_AES_256_SUPPORT parameter is not valid
370 #endif
371 
372 //Twofish 128-bit cipher support
373 #ifndef SSH_TWOFISH_128_SUPPORT
374  #define SSH_TWOFISH_128_SUPPORT DISABLED
375 #elif (SSH_TWOFISH_128_SUPPORT != ENABLED && SSH_TWOFISH_128_SUPPORT != DISABLED)
376  #error SSH_TWOFISH_128_SUPPORT parameter is not valid
377 #endif
378 
379 //Twofish 192-bit cipher support
380 #ifndef SSH_TWOFISH_192_SUPPORT
381  #define SSH_TWOFISH_192_SUPPORT DISABLED
382 #elif (SSH_TWOFISH_192_SUPPORT != ENABLED && SSH_TWOFISH_192_SUPPORT != DISABLED)
383  #error SSH_TWOFISH_192_SUPPORT parameter is not valid
384 #endif
385 
386 //Twofish 256-bit cipher support
387 #ifndef SSH_TWOFISH_256_SUPPORT
388  #define SSH_TWOFISH_256_SUPPORT DISABLED
389 #elif (SSH_TWOFISH_256_SUPPORT != ENABLED && SSH_TWOFISH_256_SUPPORT != DISABLED)
390  #error SSH_TWOFISH_256_SUPPORT parameter is not valid
391 #endif
392 
393 //Serpent 128-bit cipher support
394 #ifndef SSH_SERPENT_128_SUPPORT
395  #define SSH_SERPENT_128_SUPPORT DISABLED
396 #elif (SSH_SERPENT_128_SUPPORT != ENABLED && SSH_SERPENT_128_SUPPORT != DISABLED)
397  #error SSH_SERPENT_128_SUPPORT parameter is not valid
398 #endif
399 
400 //Serpent 192-bit cipher support
401 #ifndef SSH_SERPENT_192_SUPPORT
402  #define SSH_SERPENT_192_SUPPORT DISABLED
403 #elif (SSH_SERPENT_192_SUPPORT != ENABLED && SSH_SERPENT_192_SUPPORT != DISABLED)
404  #error SSH_SERPENT_192_SUPPORT parameter is not valid
405 #endif
406 
407 //Serpent 256-bit cipher support
408 #ifndef SSH_SERPENT_256_SUPPORT
409  #define SSH_SERPENT_256_SUPPORT DISABLED
410 #elif (SSH_SERPENT_256_SUPPORT != ENABLED && SSH_SERPENT_256_SUPPORT != DISABLED)
411  #error SSH_SERPENT_256_SUPPORT parameter is not valid
412 #endif
413 
414 //Camellia 128-bit cipher support
415 #ifndef SSH_CAMELLIA_128_SUPPORT
416  #define SSH_CAMELLIA_128_SUPPORT DISABLED
417 #elif (SSH_CAMELLIA_128_SUPPORT != ENABLED && SSH_CAMELLIA_128_SUPPORT != DISABLED)
418  #error SSH_CAMELLIA_128_SUPPORT parameter is not valid
419 #endif
420 
421 //Camellia 192-bit cipher support
422 #ifndef SSH_CAMELLIA_192_SUPPORT
423  #define SSH_CAMELLIA_192_SUPPORT DISABLED
424 #elif (SSH_CAMELLIA_192_SUPPORT != ENABLED && SSH_CAMELLIA_192_SUPPORT != DISABLED)
425  #error SSH_CAMELLIA_192_SUPPORT parameter is not valid
426 #endif
427 
428 //Camellia 256-bit cipher support
429 #ifndef SSH_CAMELLIA_256_SUPPORT
430  #define SSH_CAMELLIA_256_SUPPORT DISABLED
431 #elif (SSH_CAMELLIA_256_SUPPORT != ENABLED && SSH_CAMELLIA_256_SUPPORT != DISABLED)
432  #error SSH_CAMELLIA_256_SUPPORT parameter is not valid
433 #endif
434 
435 //SEED cipher support
436 #ifndef SSH_SEED_SUPPORT
437  #define SSH_SEED_SUPPORT DISABLED
438 #elif (SSH_SEED_SUPPORT != ENABLED && SSH_SEED_SUPPORT != DISABLED)
439  #error SSH_SEED_SUPPORT parameter is not valid
440 #endif
441 
442 //MD5 hash support (insecure)
443 #ifndef SSH_MD5_SUPPORT
444  #define SSH_MD5_SUPPORT DISABLED
445 #elif (SSH_MD5_SUPPORT != ENABLED && SSH_MD5_SUPPORT != DISABLED)
446  #error SSH_MD5_SUPPORT parameter is not valid
447 #endif
448 
449 //MD5/96 hash support (insecure)
450 #ifndef SSH_MD5_96_SUPPORT
451  #define SSH_MD5_96_SUPPORT DISABLED
452 #elif (SSH_MD5_96_SUPPORT != ENABLED && SSH_MD5_96_SUPPORT != DISABLED)
453  #error SSH_MD5_96_SUPPORT parameter is not valid
454 #endif
455 
456 //RIPEMD-160 hash support (weak)
457 #ifndef SSH_RIPEMD160_SUPPORT
458  #define SSH_RIPEMD160_SUPPORT DISABLED
459 #elif (SSH_RIPEMD160_SUPPORT != ENABLED && SSH_RIPEMD160_SUPPORT != DISABLED)
460  #error SSH_RIPEMD160_SUPPORT parameter is not valid
461 #endif
462 
463 //SHA-1 hash support (weak)
464 #ifndef SSH_SHA1_SUPPORT
465  #define SSH_SHA1_SUPPORT ENABLED
466 #elif (SSH_SHA1_SUPPORT != ENABLED && SSH_SHA1_SUPPORT != DISABLED)
467  #error SSH_SHA1_SUPPORT parameter is not valid
468 #endif
469 
470 //SHA-1/96 hash support (insecure)
471 #ifndef SSH_SHA1_96_SUPPORT
472  #define SSH_SHA1_96_SUPPORT DISABLED
473 #elif (SSH_SHA1_96_SUPPORT != ENABLED && SSH_SHA1_96_SUPPORT != DISABLED)
474  #error SSH_SHA1_96_SUPPORT parameter is not valid
475 #endif
476 
477 //SHA-224 hash support (weak)
478 #ifndef SSH_SHA224_SUPPORT
479  #define SSH_SHA224_SUPPORT DISABLED
480 #elif (SSH_SHA224_SUPPORT != ENABLED && SSH_SHA224_SUPPORT != DISABLED)
481  #error SSH_SHA224_SUPPORT parameter is not valid
482 #endif
483 
484 //SHA-256 hash support
485 #ifndef SSH_SHA256_SUPPORT
486  #define SSH_SHA256_SUPPORT ENABLED
487 #elif (SSH_SHA256_SUPPORT != ENABLED && SSH_SHA256_SUPPORT != DISABLED)
488  #error SSH_SHA256_SUPPORT parameter is not valid
489 #endif
490 
491 //SHA-384 hash support
492 #ifndef SSH_SHA384_SUPPORT
493  #define SSH_SHA384_SUPPORT ENABLED
494 #elif (SSH_SHA384_SUPPORT != ENABLED && SSH_SHA384_SUPPORT != DISABLED)
495  #error SSH_SHA384_SUPPORT parameter is not valid
496 #endif
497 
498 //SHA-512 hash support
499 #ifndef SSH_SHA512_SUPPORT
500  #define SSH_SHA512_SUPPORT ENABLED
501 #elif (SSH_SHA512_SUPPORT != ENABLED && SSH_SHA512_SUPPORT != DISABLED)
502  #error SSH_SHA512_SUPPORT parameter is not valid
503 #endif
504 
505 //RSA key exchange support
506 #ifndef SSH_RSA_KEX_SUPPORT
507  #define SSH_RSA_KEX_SUPPORT DISABLED
508 #elif (SSH_RSA_KEX_SUPPORT != ENABLED && SSH_RSA_KEX_SUPPORT != DISABLED)
509  #error SSH_RSA_KEX_SUPPORT parameter is not valid
510 #endif
511 
512 //Diffie-Hellman key exchange support
513 #ifndef SSH_DH_KEX_SUPPORT
514  #define SSH_DH_KEX_SUPPORT ENABLED
515 #elif (SSH_DH_KEX_SUPPORT != ENABLED && SSH_DH_KEX_SUPPORT != DISABLED)
516  #error SSH_DH_KEX_SUPPORT parameter is not valid
517 #endif
518 
519 //DH GEX key exchange support
520 #ifndef SSH_DH_GEX_KEX_SUPPORT
521  #define SSH_DH_GEX_KEX_SUPPORT DISABLED
522 #elif (SSH_DH_GEX_KEX_SUPPORT != ENABLED && SSH_DH_GEX_KEX_SUPPORT != DISABLED)
523  #error SSH_DH_GEX_KEX_SUPPORT parameter is not valid
524 #endif
525 
526 //ECDH key exchange support
527 #ifndef SSH_ECDH_KEX_SUPPORT
528  #define SSH_ECDH_KEX_SUPPORT ENABLED
529 #elif (SSH_ECDH_KEX_SUPPORT != ENABLED && SSH_ECDH_KEX_SUPPORT != DISABLED)
530  #error SSH_ECDH_KEX_SUPPORT parameter is not valid
531 #endif
532 
533 //Post-quantum hybrid key exchange support
534 #ifndef SSH_HBR_KEX_SUPPORT
535  #define SSH_HBR_KEX_SUPPORT DISABLED
536 #elif (SSH_HBR_KEX_SUPPORT != ENABLED && SSH_HBR_KEX_SUPPORT != DISABLED)
537  #error SSH_HBR_KEX_SUPPORT parameter is not valid
538 #endif
539 
540 //RSA signature support
541 #ifndef SSH_RSA_SIGN_SUPPORT
542  #define SSH_RSA_SIGN_SUPPORT ENABLED
543 #elif (SSH_RSA_SIGN_SUPPORT != ENABLED && SSH_RSA_SIGN_SUPPORT != DISABLED)
544  #error SSH_RSA_SIGN_SUPPORT parameter is not valid
545 #endif
546 
547 //DSA signature support
548 #ifndef SSH_DSA_SIGN_SUPPORT
549  #define SSH_DSA_SIGN_SUPPORT ENABLED
550 #elif (SSH_DSA_SIGN_SUPPORT != ENABLED && SSH_DSA_SIGN_SUPPORT != DISABLED)
551  #error SSH_DSA_SIGN_SUPPORT parameter is not valid
552 #endif
553 
554 //ECDSA signature support
555 #ifndef SSH_ECDSA_SIGN_SUPPORT
556  #define SSH_ECDSA_SIGN_SUPPORT ENABLED
557 #elif (SSH_ECDSA_SIGN_SUPPORT != ENABLED && SSH_ECDSA_SIGN_SUPPORT != DISABLED)
558  #error SSH_ECDSA_SIGN_SUPPORT parameter is not valid
559 #endif
560 
561 //Ed25519 signature support
562 #ifndef SSH_ED25519_SIGN_SUPPORT
563  #define SSH_ED25519_SIGN_SUPPORT ENABLED
564 #elif (SSH_ED25519_SIGN_SUPPORT != ENABLED && SSH_ED25519_SIGN_SUPPORT != DISABLED)
565  #error SSH_ED25519_SIGN_SUPPORT parameter is not valid
566 #endif
567 
568 //Ed448 signature support
569 #ifndef SSH_ED448_SIGN_SUPPORT
570  #define SSH_ED448_SIGN_SUPPORT DISABLED
571 #elif (SSH_ED448_SIGN_SUPPORT != ENABLED && SSH_ED448_SIGN_SUPPORT != DISABLED)
572  #error SSH_ED448_SIGN_SUPPORT parameter is not valid
573 #endif
574 
575 //NIST P-256 elliptic curve support
576 #ifndef SSH_NISTP256_SUPPORT
577  #define SSH_NISTP256_SUPPORT ENABLED
578 #elif (SSH_NISTP256_SUPPORT != ENABLED && SSH_NISTP256_SUPPORT != DISABLED)
579  #error SSH_NISTP256_SUPPORT parameter is not valid
580 #endif
581 
582 //NIST P-384 elliptic curve support
583 #ifndef SSH_NISTP384_SUPPORT
584  #define SSH_NISTP384_SUPPORT ENABLED
585 #elif (SSH_NISTP384_SUPPORT != ENABLED && SSH_NISTP384_SUPPORT != DISABLED)
586  #error SSH_NISTP384_SUPPORT parameter is not valid
587 #endif
588 
589 //NIST P-521 elliptic curve support
590 #ifndef SSH_NISTP521_SUPPORT
591  #define SSH_NISTP521_SUPPORT ENABLED
592 #elif (SSH_NISTP521_SUPPORT != ENABLED && SSH_NISTP521_SUPPORT != DISABLED)
593  #error SSH_NISTP521_SUPPORT parameter is not valid
594 #endif
595 
596 //Curve25519 elliptic curve support
597 #ifndef SSH_CURVE25519_SUPPORT
598  #define SSH_CURVE25519_SUPPORT ENABLED
599 #elif (SSH_CURVE25519_SUPPORT != ENABLED && SSH_CURVE25519_SUPPORT != DISABLED)
600  #error SSH_CURVE25519_SUPPORT parameter is not valid
601 #endif
602 
603 //Curve448 elliptic curve support
604 #ifndef SSH_CURVE448_SUPPORT
605  #define SSH_CURVE448_SUPPORT DISABLED
606 #elif (SSH_CURVE448_SUPPORT != ENABLED && SSH_CURVE448_SUPPORT != DISABLED)
607  #error SSH_CURVE448_SUPPORT parameter is not valid
608 #endif
609 
610 //Streamlined NTRU Prime support
611 #ifndef SSH_SNTRUP761_SUPPORT
612  #define SSH_SNTRUP761_SUPPORT DISABLED
613 #elif (SSH_SNTRUP761_SUPPORT != ENABLED && SSH_SNTRUP761_SUPPORT != DISABLED)
614  #error SSH_SNTRUP761_SUPPORT parameter is not valid
615 #endif
616 
617 //Maximum number of transient RSA keys that can be loaded
618 #ifndef SSH_MAX_RSA_KEYS
619  #define SSH_MAX_RSA_KEYS 2
620 #elif (SSH_MAX_RSA_KEYS < 1)
621  #error SSH_MAX_RSA_KEYS parameter is not valid
622 #endif
623 
624 //Maximum number of Diffie-Hellman groups that can be loaded
625 #ifndef SSH_MAX_DH_GEX_GROUPS
626  #define SSH_MAX_DH_GEX_GROUPS 2
627 #elif (SSH_MAX_DH_GEX_GROUPS < 1)
628  #error SSH_MAX_DH_GEX_GROUPS parameter is not valid
629 #endif
630 
631 //Minimum acceptable size for Diffie-Hellman prime modulus
632 #ifndef SSH_MIN_DH_MODULUS_SIZE
633  #define SSH_MIN_DH_MODULUS_SIZE 1024
634 #elif (SSH_MIN_DH_MODULUS_SIZE < 1024)
635  #error SSH_MIN_DH_MODULUS_SIZE parameter is not valid
636 #endif
637 
638 //Preferred size for Diffie-Hellman prime modulus
639 #ifndef SSH_PREFERRED_DH_MODULUS_SIZE
640  #define SSH_PREFERRED_DH_MODULUS_SIZE 2048
641 #elif (SSH_PREFERRED_DH_MODULUS_SIZE < SSH_MIN_DH_MODULUS_SIZE)
642  #error SSH_PREFERRED_DH_MODULUS_SIZE parameter is not valid
643 #endif
644 
645 //Maximum acceptable size for Diffie-Hellman prime modulus
646 #ifndef SSH_MAX_DH_MODULUS_SIZE
647  #define SSH_MAX_DH_MODULUS_SIZE 3072
648 #elif (SSH_MAX_DH_MODULUS_SIZE < SSH_PREFERRED_DH_MODULUS_SIZE)
649  #error SSH_MAX_DH_MODULUS_SIZE parameter is not valid
650 #endif
651 
652 //Minimum acceptable size for RSA modulus
653 #ifndef SSH_MIN_RSA_MODULUS_SIZE
654  #define SSH_MIN_RSA_MODULUS_SIZE 1024
655 #elif (SSH_MIN_RSA_MODULUS_SIZE < 512)
656  #error SSH_MIN_RSA_MODULUS_SIZE parameter is not valid
657 #endif
658 
659 //Maximum acceptable size for RSA modulus
660 #ifndef SSH_MAX_RSA_MODULUS_SIZE
661  #define SSH_MAX_RSA_MODULUS_SIZE 4096
662 #elif (SSH_MAX_RSA_MODULUS_SIZE < SSH_MIN_RSA_MODULUS_SIZE)
663  #error SSH_MAX_RSA_MODULUS_SIZE parameter is not valid
664 #endif
665 
666 //Minimum acceptable size for DSA prime modulus
667 #ifndef SSH_MIN_DSA_MODULUS_SIZE
668  #define SSH_MIN_DSA_MODULUS_SIZE 1024
669 #elif (SSH_MIN_DSA_MODULUS_SIZE < 512)
670  #error SSH_MIN_DSA_MODULUS_SIZE parameter is not valid
671 #endif
672 
673 //Maximum acceptable size for DSA prime modulus
674 #ifndef SSH_MAX_DSA_MODULUS_SIZE
675  #define SSH_MAX_DSA_MODULUS_SIZE 4096
676 #elif (SSH_MAX_DSA_MODULUS_SIZE < SSH_MIN_DSA_MODULUS_SIZE)
677  #error SSH_MAX_DSA_MODULUS_SIZE parameter is not valid
678 #endif
679 
680 //Allocate memory block
681 #ifndef sshAllocMem
682  #define sshAllocMem(size) osAllocMem(size)
683 #endif
684 
685 //Deallocate memory block
686 #ifndef sshFreeMem
687  #define sshFreeMem(p) osFreeMem(p)
688 #endif
689 
690 //HMAC support
691 #if (SSH_STREAM_CIPHER_SUPPORT == ENABLED)
692  #define SSH_HMAC_SUPPORT ENABLED
693 #elif (SSH_CBC_CIPHER_SUPPORT == ENABLED)
694  #define SSH_HMAC_SUPPORT ENABLED
695 #elif (SSH_CTR_CIPHER_SUPPORT == ENABLED)
696  #define SSH_HMAC_SUPPORT ENABLED
697 #else
698  #define SSH_HMAC_SUPPORT DISABLED
699 #endif
700 
701 //Maximum key size (encryption algorithms)
702 #if (SSH_CHACHA20_POLY1305_SUPPORT == ENABLED)
703  #define SSH_MAX_ENC_KEY_SIZE 64
704 #else
705  #define SSH_MAX_ENC_KEY_SIZE 32
706 #endif
707 
708 //Maximum block size (encryption algorithms)
709 #if (SSH_AES_128_SUPPORT == ENABLED)
710  #define SSH_MAX_CIPHER_BLOCK_SIZE AES_BLOCK_SIZE
711 #elif (SSH_AES_192_SUPPORT == ENABLED)
712  #define SSH_MAX_CIPHER_BLOCK_SIZE AES_BLOCK_SIZE
713 #elif (SSH_AES_256_SUPPORT == ENABLED)
714  #define SSH_MAX_CIPHER_BLOCK_SIZE AES_BLOCK_SIZE
715 #elif (SSH_TWOFISH_128_SUPPORT == ENABLED)
716  #define SSH_MAX_CIPHER_BLOCK_SIZE TWOFISH_BLOCK_SIZE
717 #elif (SSH_TWOFISH_192_SUPPORT == ENABLED)
718  #define SSH_MAX_CIPHER_BLOCK_SIZE TWOFISH_BLOCK_SIZE
719 #elif (SSH_TWOFISH_256_SUPPORT == ENABLED)
720  #define SSH_MAX_CIPHER_BLOCK_SIZE TWOFISH_BLOCK_SIZE
721 #elif (SSH_SERPENT_128_SUPPORT == ENABLED)
722  #define SSH_MAX_CIPHER_BLOCK_SIZE SERPENT_BLOCK_SIZE
723 #elif (SSH_SERPENT_192_SUPPORT == ENABLED)
724  #define SSH_MAX_CIPHER_BLOCK_SIZE SERPENT_BLOCK_SIZE
725 #elif (SSH_SERPENT_256_SUPPORT == ENABLED)
726  #define SSH_MAX_CIPHER_BLOCK_SIZE SERPENT_BLOCK_SIZE
727 #elif (SSH_CAMELLIA_128_SUPPORT == ENABLED)
728  #define SSH_MAX_CIPHER_BLOCK_SIZE CAMELLIA_BLOCK_SIZE
729 #elif (SSH_CAMELLIA_192_SUPPORT == ENABLED)
730  #define SSH_MAX_CIPHER_BLOCK_SIZE CAMELLIA_BLOCK_SIZE
731 #elif (SSH_CAMELLIA_256_SUPPORT == ENABLED)
732  #define SSH_MAX_CIPHER_BLOCK_SIZE CAMELLIA_BLOCK_SIZE
733 #elif (SSH_SEED_SUPPORT == ENABLED)
734  #define SSH_MAX_CIPHER_BLOCK_SIZE SEED_BLOCK_SIZE
735 #elif (SSH_CAST128_SUPPORT == ENABLED)
736  #define SSH_MAX_CIPHER_BLOCK_SIZE CAST128_BLOCK_SIZE
737 #elif (SSH_IDEA_SUPPORT == ENABLED)
738  #define SSH_MAX_CIPHER_BLOCK_SIZE IDEA_BLOCK_SIZE
739 #elif (SSH_BLOWFISH_SUPPORT == ENABLED)
740  #define SSH_MAX_CIPHER_BLOCK_SIZE BLOWFISH_BLOCK_SIZE
741 #else
742  #define SSH_MAX_CIPHER_BLOCK_SIZE DES3_BLOCK_SIZE
743 #endif
744 
745 //Maximum digest size (MAC algorithms)
746 #if (SSH_SHA512_SUPPORT == ENABLED)
747  #define SSH_MAX_HASH_DIGEST_SIZE SHA512_DIGEST_SIZE
748 #elif (SSH_SHA384_SUPPORT == ENABLED)
749  #define SSH_MAX_HASH_DIGEST_SIZE SHA384_DIGEST_SIZE
750 #elif (SSH_SHA256_SUPPORT == ENABLED)
751  #define SSH_MAX_HASH_DIGEST_SIZE SHA256_DIGEST_SIZE
752 #elif (SSH_SHA1_SUPPORT == ENABLED || SSH_SHA1_96_SUPPORT == ENABLED)
753  #define SSH_MAX_HASH_DIGEST_SIZE SHA1_DIGEST_SIZE
754 #elif (SSH_RIPEMD160_SUPPORT == ENABLED)
755  #define SSH_MAX_HASH_DIGEST_SIZE RIPEMD160_DIGEST_SIZE
756 #else
757  #define SSH_MAX_HASH_DIGEST_SIZE MD5_DIGEST_SIZE
758 #endif
759 
760 //Maximum shared secret length (RSA key exchange)
761 #if (SSH_RSA_KEX_SUPPORT == ENABLED)
762  #define SSH_MAX_RSA_SHARED_SECRET_LEN ((SSH_MAX_RSA_MODULUS_SIZE + 47) / 8)
763 #else
764  #define SSH_MAX_RSA_SHARED_SECRET_LEN 0
765 #endif
766 
767 //Maximum shared secret length (Diffie-Hellman key exchange)
768 #if (SSH_DH_KEX_SUPPORT == ENABLED || SSH_DH_GEX_KEX_SUPPORT == ENABLED)
769  #define SSH_MAX_DH_SHARED_SECRET_LEN ((SSH_MAX_DH_MODULUS_SIZE + 47) / 8)
770 #else
771  #define SSH_MAX_DH_SHARED_SECRET_LEN 0
772 #endif
773 
774 //Maximum shared secret length (ECDH key exchange)
775 #if (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_NISTP521_SUPPORT == ENABLED)
776  #define SSH_MAX_ECDH_SHARED_SECRET_LEN 71
777 #elif (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_CURVE448_SUPPORT == ENABLED)
778  #define SSH_MAX_ECDH_SHARED_SECRET_LEN 61
779 #elif (SSH_ECDH_KEX_SUPPORT == ENABLED && SSH_NISTP384_SUPPORT == ENABLED)
780  #define SSH_MAX_ECDH_SHARED_SECRET_LEN 53
781 #else
782  #define SSH_MAX_ECDH_SHARED_SECRET_LEN 37
783 #endif
784 
785 //Maximum shared secret length (PQ-hybrid key exchange)
786 #if (SSH_HBR_KEX_SUPPORT == ENABLED)
787  #define SSH_MAX_HBR_SHARED_SECRET_LEN 68
788 #else
789  #define SSH_MAX_HBR_SHARED_SECRET_LEN 0
790 #endif
791 
792 //Maximum shared secret length
793 #if (SSH_MAX_RSA_SHARED_SECRET_LEN >= SSH_MAX_DH_SHARED_SECRET_LEN && \
794  SSH_MAX_RSA_SHARED_SECRET_LEN >= SSH_MAX_ECDH_SHARED_SECRET_LEN && \
795  SSH_MAX_RSA_SHARED_SECRET_LEN >= SSH_MAX_HBR_SHARED_SECRET_LEN)
796  #define SSH_MAX_SHARED_SECRET_LEN SSH_MAX_RSA_SHARED_SECRET_LEN
797 #elif (SSH_MAX_DH_SHARED_SECRET_LEN >= SSH_MAX_RSA_SHARED_SECRET_LEN && \
798  SSH_MAX_DH_SHARED_SECRET_LEN >= SSH_MAX_ECDH_SHARED_SECRET_LEN && \
799  SSH_MAX_DH_SHARED_SECRET_LEN >= SSH_MAX_HBR_SHARED_SECRET_LEN)
800  #define SSH_MAX_SHARED_SECRET_LEN SSH_MAX_DH_SHARED_SECRET_LEN
801 #elif (SSH_MAX_ECDH_SHARED_SECRET_LEN >= SSH_MAX_RSA_SHARED_SECRET_LEN && \
802  SSH_MAX_ECDH_SHARED_SECRET_LEN >= SSH_MAX_DH_SHARED_SECRET_LEN && \
803  SSH_MAX_ECDH_SHARED_SECRET_LEN >= SSH_MAX_HBR_SHARED_SECRET_LEN)
804  #define SSH_MAX_SHARED_SECRET_LEN SSH_MAX_ECDH_SHARED_SECRET_LEN
805 #else
806  #define SSH_MAX_SHARED_SECRET_LEN SSH_MAX_HBR_SHARED_SECRET_LEN
807 #endif
808 
809 //SSH port number
810 #define SSH_PORT 22
811 
812 //Cookie size
813 #define SSH_COOKIE_SIZE 16
814 //Data overhead caused by mpint encoding
815 #define SSH_MAX_MPINT_OVERHEAD 5
816 //Data overhead caused by packet encryption
817 #define SSH_MAX_PACKET_OVERHEAD 128
818 
819 //Size of buffer used for input/output operations
820 #define SSH_BUFFER_SIZE (SSH_MAX_PACKET_SIZE + SSH_MAX_PACKET_OVERHEAD)
821 
822 //Forward declaration of SshContext structure
823 struct _SshContext;
824 #define SshContext struct _SshContext
825 
826 //Forward declaration of SshConnection structure
827 struct _SshConnection;
828 #define SshConnection struct _SshConnection
829 
830 //Forward declaration of SshChannel structure
831 struct _SshChannel;
832 #define SshChannel struct _SshChannel
833 
834 //C++ guard
835 #ifdef __cplusplus
836 extern "C" {
837 #endif
838 
839 
840 /**
841  * @brief Mode of operation
842  **/
843 
844 typedef enum
845 {
849 
850 
851 /**
852  * @brief Authentication status
853  **/
854 
855 typedef enum
856 {
861 
862 
863 /**
864  * @brief Flags used by read and write functions
865  **/
866 
867 typedef enum
868 {
869  SSH_FLAG_EOF = 0x0100,
874  SSH_FLAG_DELAY = 0x8000
876 
877 //The SSH_FLAG_BREAK macro causes the read function to stop reading
878 //data whenever the specified break character is encountered
879 #define SSH_FLAG_BREAK(c) (SSH_FLAG_BREAK_CHAR | LSB(c))
880 
881 
882 /**
883  * @brief SSH message types
884  **/
885 
886 typedef enum
887 {
940 
941 
942 /**
943  * @brief Disconnection messages reason codes
944  **/
945 
946 typedef enum
947 {
964 
965 
966 /**
967  * @brief Channel connection failure reason codes
968  **/
969 
970 typedef enum
971 {
977 
978 
979 /**
980  * @brief SSH connection state
981  **/
982 
983 typedef enum
984 {
1017 
1018 
1019 /**
1020  * @brief SSH channel state
1021  **/
1022 
1023 typedef enum
1024 {
1030 
1031 
1032 /**
1033  * @brief SSH request states
1034  **/
1035 
1036 typedef enum
1037 {
1043 
1044 
1045 /**
1046  * @brief SSH channel events
1047  **/
1048 
1049 typedef enum
1050 {
1060 } SshChannelEvent;
1061 
1062 
1063 /**
1064  * @brief Transient RSA key (for RSA key exchange)
1065  **/
1066 
1067 typedef struct
1068 {
1069  uint_t modulusSize; ///<Length of the modulus, in bits
1070  const char_t *publicKey; ///<RSA public key (PEM, SSH2 or OpenSSH format)
1071  size_t publicKeyLen; ///<Length of the RSA public key
1072  const char_t *privateKey; ///<RSA private key (PEM or OpenSSH format)
1073  size_t privateKeyLen; ///<Length of the RSA private key
1074 } SshRsaKey;
1075 
1076 
1077 /**
1078  * @brief Diffie-Hellman group
1079  **/
1080 
1081 typedef struct
1082 {
1083  uint_t dhModulusSize; ///<Length of the prime modulus, in bits
1084  const char_t *dhParams; ///<Diffie-Hellman parameters (PEM format)
1085  size_t dhParamsLen; ///<Length of the Diffie-Hellman parameters
1086 } SshDhGexGroup;
1087 
1088 
1089 /**
1090  * @brief Host key
1091  **/
1092 
1093 typedef struct
1094 {
1095  const char_t *keyFormatId; ///<Key format identifier
1096  const char_t *publicKey; ///<Public key (PEM, SSH2 or OpenSSH format)
1097  size_t publicKeyLen; ///<Length of the public key
1098  const char_t *privateKey; ///<Private key (PEM or OpenSSH format)
1099  size_t privateKeyLen; ///<Length of the private key
1100 #if (SSH_CLIENT_SUPPORT == ENABLED)
1101  const char_t *publicKeyAlgo; ///<Public key algorithm to use during user authentication
1102 #endif
1103 } SshHostKey;
1104 
1105 
1106 /**
1107  * @brief Host key algorithm
1108  **/
1109 
1110 typedef struct
1111 {
1112  const char_t *publicKeyAlgo; ///<Public key algorithm
1113  const char_t *keyFormatId; ///<Key format identifier
1114  const char_t *signFormatId; ///<Signature format identifier
1115 } SshHostKeyAlgo;
1116 
1117 
1118 /**
1119  * @brief Host key verification callback function
1120  **/
1121 
1123  const uint8_t *hostKey, size_t hostKeyLen);
1124 
1125 
1126 /**
1127  * @brief Certificate verification callback function
1128  **/
1129 
1131  const SshCertificate *cert);
1132 
1133 
1134 /**
1135  * @brief CA public key verification callback function
1136  **/
1137 
1139  const uint8_t *publicKey, size_t publicKeyLen);
1140 
1141 
1142 /**
1143  * @brief Public key authentication callback function
1144  **/
1145 
1147  const char_t *user, const uint8_t *publicKey, size_t publicKeyLen);
1148 
1149 
1150 /**
1151  * @brief Certificate authentication callback function
1152  **/
1153 
1155  const char_t *user, const SshCertificate *cert);
1156 
1157 
1158 /**
1159  * @brief Password authentication callback function
1160  **/
1161 
1163  const char_t *user, const char_t *password, size_t passwordLen);
1164 
1165 
1166 /**
1167  * @brief Password change callback function
1168  **/
1169 
1171  const char_t *user, const char_t *oldPassword, size_t oldPasswordLen,
1172  const char_t *newPassword, size_t newPasswordLen);
1173 
1174 
1175 /**
1176  * @brief Signature generation callback function
1177  **/
1178 
1180  const char_t *publicKeyAlgo, const SshHostKey *hostKey,
1182  uint8_t *p, size_t *written);
1183 
1184 
1185 /**
1186  * @brief Signature verification callback function
1187  **/
1188 
1190  const SshString *publicKeyAlgo, const SshBinaryString *publicKeyBlob,
1192  const SshBinaryString *signatureBlob);
1193 
1194 
1195 /**
1196  * @brief ECDH key pair generation callback
1197  **/
1198 
1200  const char_t *kexAlgo, EcPublicKey *publicKey);
1201 
1202 
1203 /**
1204  * @brief ECDH shared secret calculation callback
1205  **/
1206 
1208  const char_t *kexAlgo, const EcPublicKey *publicKey, uint8_t *output,
1209  size_t *outputLen);
1210 
1211 
1212 /**
1213  * @brief Global request callback function
1214  **/
1215 
1217  const SshString *name, const uint8_t *data, size_t length, void *param);
1218 
1219 
1220 /**
1221  * @brief Channel request callback function
1222  **/
1223 
1225  const SshString *type, const uint8_t *data, size_t length, void *param);
1226 
1227 
1228 /**
1229  * @brief Channel open callback function
1230  **/
1231 
1233  const SshString *type, uint32_t senderChannel, uint32_t initialWindowSize,
1234  uint32_t maxPacketSize, const uint8_t *data, size_t length, void *param);
1235 
1236 
1237 /**
1238  * @brief Connection open callback function
1239  **/
1240 
1242  void *param);
1243 
1244 
1245 /**
1246  * @brief Connection close callback function
1247  **/
1248 
1250  void *param);
1251 
1252 
1253 /**
1254  * @brief Encryption engine
1255  **/
1256 
1257 typedef struct
1258 {
1259  CipherMode cipherMode; ///<Cipher mode of operation
1260  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1261  CipherContext cipherContext; ///<Cipher context
1262  const HashAlgo *hashAlgo; ///<Hash algorithm for MAC operations
1263  HmacContext *hmacContext; ///<HMAC context
1264  size_t macSize; ///<Size of the MAC tag, in bytes
1265  bool_t etm; ///<Encrypt-then-MAC
1266  uint8_t iv[SSH_MAX_CIPHER_BLOCK_SIZE]; ///<Initialization vector
1267  uint8_t encKey[SSH_MAX_ENC_KEY_SIZE]; ///<Encryption key
1268  size_t encKeyLen; ///<Length of the encryption key, in bytes
1269  uint8_t macKey[SSH_MAX_HASH_DIGEST_SIZE]; ///<Integrity key
1270  uint8_t seqNum[4]; ///<Sequence number
1271 #if (SSH_GCM_CIPHER_SUPPORT == ENABLED || SSH_RFC5647_SUPPORT == ENABLED)
1272  GcmContext gcmContext; ///<GCM context
1273 #endif
1274 #if (SSH_CHACHA20_POLY1305_SUPPORT == ENABLED)
1275  uint8_t aad[4]; ///<Additional authenticated data
1276 #endif
1278 
1279 
1280 /**
1281  * @brief SSH channel buffer
1282  **/
1283 
1284 typedef struct
1285 {
1287  size_t length;
1288  size_t threshold;
1289  size_t writePos;
1290  size_t readPos;
1292 
1293 
1294 /**
1295  * @brief SSH channel
1296  **/
1297 
1299 {
1300  SshChannelState state; ///<Channel state
1301  SshRequestState requestState; ///<Channel request state
1302  SshContext *context; ///<SSH context
1303  SshConnection *connection; ///<SSH connection
1308  systime_t timeout; ///<Timeout value
1309  uint32_t localChannelNum; ///<Local channel number
1310  uint32_t remoteChannelNum; ///<Remote channel number
1311  uint32_t maxPacketSize; ///<Maximum packet size
1314  size_t txWindowSize; ///<TX flow-control window
1315  size_t rxWindowSize; ///<RX flow-control window
1316  size_t rxWindowSizeInc; ///<Window size increment
1317  bool_t channelSuccessSent; ///<An SSH_MSG_CHANNEL_SUCCESS message has been sent
1318  bool_t eofRequest; ///<Channel EOF request
1319  bool_t eofSent; ///<An SSH_MSG_CHANNEL_EOF message has been sent
1320  bool_t eofReceived; ///<An SSH_MSG_CHANNEL_EOF message has been received
1321  bool_t closeRequest; ///<Channel close request
1322  bool_t closeSent; ///<An SSH_MSG_CHANNEL_CLOSE message has been sent
1323  bool_t closeReceived; ///<An SSH_MSG_CHANNEL_CLOSE message has been received
1324 };
1325 
1326 
1327 /**
1328  * @brief SSH connection
1329  **/
1330 
1332 {
1333  SshConnectionState state; ///<Connection state
1334  SshRequestState requestState; ///<Global request state
1335  SshContext *context; ///<SSH context
1336  Socket *socket; ///<Underlying socket
1337  systime_t timestamp; ///<Time stamp to manage connection timeout
1338 
1339  char_t clientId[SSH_MAX_ID_LEN + 1]; ///<Client's identification string
1340  char_t serverId[SSH_MAX_ID_LEN + 1]; ///<Server's identification string
1341  uint8_t cookie[SSH_COOKIE_SIZE]; ///<Random value generated by the sender
1342  char_t user[SSH_MAX_USERNAME_LEN + 1]; ///<User name
1343 
1344 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
1345  char_t passwordChangePrompt[SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN + 1]; ///<Password change prompt string
1346 #endif
1347 
1348  const char_t *kexAlgo; ///<Selected key exchange algorithm name
1349  const char_t *serverHostKeyAlgo; ///<Selected server's host key algorithm name
1350  const char_t *clientEncAlgo; ///<Selected client's encryption algorithm name
1351  const char_t *serverEncAlgo; ///<Selected server's encryption algorithm name
1352  const char_t *clientMacAlgo; ///<Selected client's MAC algorithm name
1353  const char_t *serverMacAlgo; ///<Selected server's MAC algorithm name
1354  const char_t *clientCompressAlgo; ///<Selected client's encryption algorithm name
1355  const char_t *serverCompressAlgo; ///<Selected server's encryption algorithm name
1356  int_t hostKeyIndex; ///<Index of the selected host key
1357 #if (SSH_RSA_KEX_SUPPORT == ENABLED)
1358  int_t rsaKeyIndex; ///<Index of the transient RSA key to use
1359  uint8_t *serverHostKey; ///<Server's host key
1360  size_t serverHostKeyLen; ///<Length of the server's host key, in bytes
1361 #endif
1362 #if (SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1363  int_t dhGexGroupIndex; ///<Index of the selected Diffie-Hellman group
1364 #endif
1365 
1366  uint8_t sessionId[SSH_MAX_HASH_DIGEST_SIZE]; ///<Session identifier
1367  size_t sessionIdLen; ///<Length of the session identifier, in bytes
1368  uint8_t h[SSH_MAX_HASH_DIGEST_SIZE]; ///<Exchange hash H
1369  size_t hLen; ///<Length of the exchange hash, in bytes
1370  uint8_t k[SSH_MAX_SHARED_SECRET_LEN]; ///<Shared secret K
1371  size_t kLen; ///<Length of the shared secret, in bytes
1372 
1373  const HashAlgo *hashAlgo; ///<Exchange hash algorithm
1374  HashContext hashContext; ///<Exchange hash context
1375 #if (SSH_HMAC_SUPPORT == ENABLED)
1376  HmacContext hmacContext; ///<HMAC context
1377 #endif
1378 #if (SSH_DH_KEX_SUPPORT == ENABLED || SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1379  DhContext dhContext; ///<Diffie-Hellman context
1380 #endif
1381 #if (SSH_ECDH_KEX_SUPPORT == ENABLED || SSH_HBR_KEX_SUPPORT == ENABLED)
1382  EcdhContext ecdhContext; ///<ECDH context
1383 #endif
1384 
1385  SshEncryptionEngine encryptionEngine; ///<Encryption engine
1386  SshEncryptionEngine decryptionEngine; ///<Decryption engine
1387 
1388  bool_t kexInitSent; ///<An SSH_MSG_KEXINIT message has been sent
1389  bool_t kexInitReceived; ///<An SSH_MSG_KEXINIT message has been received
1390  bool_t newKeysSent; ///<An SSH_MSG_NEWKEYS message has been sent
1391  bool_t newKeysReceived; ///<An SSH_MSG_NEWKEYS message has been received
1392  bool_t disconnectRequest; ///<Request for disconnection
1393  bool_t disconnectSent; ///<An SSH_MSG_DISCONNECT message has been sent
1394  bool_t disconnectReceived; ///<An SSH_MSG_DISCONNECT message has been received
1395  bool_t wrongGuess; ///<A wrong guessed key exchange packet follows
1396  uint_t authAttempts; ///<Number of authentication attempts
1397  bool_t publicKeyOk; ///<The provided host key is acceptable
1398  uint32_t localChannelNum; ///<Current channel number
1399 
1400 #if (SSH_EXT_INFO_SUPPORT == ENABLED)
1401  bool_t extInfoReceived; ///<"ext-info-c" or "ext-info-s" indicator has been received
1402 #endif
1403 
1404  uint8_t buffer[SSH_BUFFER_SIZE]; ///<Internal buffer
1405  size_t txBufferLen; ///<Number of bytes that are pending to be sent
1406  size_t txBufferPos; ///<Current position in TX buffer
1407  size_t rxBufferLen; ///<Number of bytes available for reading
1408  size_t rxBufferPos; ///<Current position in RX buffer
1409 };
1410 
1411 
1412 /**
1413  * @brief SSH context
1414  **/
1415 
1417 {
1418  SshOperationMode mode; ///<Mode of operation (client or server)
1419  uint_t numConnections; ///<Maximum number of SSH connections
1420  SshConnection *connections; ///<SSH connections
1421  uint_t numChannels; ///<Maximum number of SSH channels
1422  SshChannel *channels; ///<SSH channels
1423  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1424  void *prngContext; ///<Pseudo-random number generator context
1425  SshHostKey hostKeys[SSH_MAX_HOST_KEYS]; ///<List of host keys
1426 
1427 #if (SSH_CLIENT_SUPPORT == ENABLED)
1430 #endif
1431 
1432 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_RSA_KEX_SUPPORT == ENABLED)
1433  SshRsaKey rsaKeys[SSH_MAX_RSA_KEYS]; ///<Transient RSA keys (for RSA key exchange)
1434 #endif
1435 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1437 #endif
1438 
1439  SshHostKeyVerifyCallback hostKeyVerifyCallback; ///<Host key verification callback
1440 #if (SSH_CERT_SUPPORT == ENABLED)
1441  SshCertVerifyCallback certVerifyCallback; ///<Certificate verification callback
1442  SshCaPublicKeyVerifyCallback caPublicKeyVerifyCallback; ///<CA public key verification callback
1443 #endif
1444 #if (SSH_PUBLIC_KEY_AUTH_SUPPORT == ENABLED)
1445  SshPublicKeyAuthCallback publicKeyAuthCallback; ///<Public key authentication callback
1446 #endif
1447 #if (SSH_PUBLIC_KEY_AUTH_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
1448  SshCertAuthCallback certAuthCallback; ///<Certificate authentication callback
1449 #endif
1450 #if (SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
1451  SshPasswordAuthCallback passwordAuthCallback; ///<Password authentication callback
1453 #endif
1454 #if (SSH_SIGN_CALLBACK_SUPPORT == ENABLED)
1455  SshSignGenCallback signGenCallback; ///<Signature generation callback
1456  SshSignVerifyCallback signVerifyCallback; ///<Signature verification callback
1457 #endif
1458 #if (SSH_ECDH_CALLBACK_SUPPORT == ENABLED)
1459  SshEcdhKeyPairGenCallback ecdhKeyPairGenCallback; ///<ECDH key pair generation callback
1460  SshEcdhSharedSecretCalcCallback ecdhSharedSecretCalcCallback; ///<ECDH shared secret calculation callback
1461 #endif
1463  void *globalReqParam[SSH_MAX_GLOBAL_REQ_CALLBACKS]; ///<Opaque pointer passed to the global request callback
1465  void *channelReqParam[SSH_MAX_CHANNEL_REQ_CALLBACKS]; ///<Opaque pointer passed to the channel request callback
1467  void *channelOpenParam[SSH_MAX_CHANNEL_OPEN_CALLBACKS]; ///<Opaque pointer passed to the channel open callback
1469  void *connectionOpenParam[SSH_MAX_CONN_OPEN_CALLBACKS]; ///<Opaque pointer passed to the connection open callback
1471  void *connectionCloseParam[SSH_MAX_CONN_CLOSE_CALLBACKS]; ///<Opaque pointer passed to the connection close callback
1472 
1473  OsMutex mutex; ///<Mutex preventing simultaneous access to the context
1474  OsEvent event; ///<Event object used to poll the sockets
1475  SocketEventDesc eventDesc[SSH_MAX_CONNECTIONS + 1]; ///<The events the application is interested in
1476 };
1477 
1478 
1479 /**
1480  * @brief Structure describing channel events
1481  **/
1482 
1483 typedef struct
1484 {
1485  SshChannel *channel; ///<Handle to a channel to monitor
1486  uint_t eventMask; ///<Requested events
1487  uint_t eventFlags; ///<Returned events
1489 
1490 
1491 //SSH related functions
1492 error_t sshInit(SshContext *context, SshConnection *connections,
1493  uint_t numConnections, SshChannel *channels, uint_t numChannels);
1494 
1496 
1497 error_t sshSetPrng(SshContext *context, const PrngAlgo *prngAlgo,
1498  void *prngContext);
1499 
1500 error_t sshSetUsername(SshContext *context, const char_t *username);
1501 error_t sshSetPassword(SshContext *context, const char_t *password);
1502 
1504  SshHostKeyVerifyCallback callback);
1505 
1507  SshCertVerifyCallback callback);
1508 
1510  SshCaPublicKeyVerifyCallback callback);
1511 
1513  SshPublicKeyAuthCallback callback);
1514 
1516  SshCertAuthCallback callback);
1517 
1519  SshPasswordAuthCallback callback);
1520 
1522  SshPasswordChangeCallback callback);
1523 
1525  SshSignGenCallback callback);
1526 
1528  SshSignVerifyCallback callback);
1529 
1531  SshEcdhKeyPairGenCallback callback);
1532 
1535 
1537  SshGlobalReqCallback callback, void *param);
1538 
1540  SshGlobalReqCallback callback);
1541 
1543  SshChannelReqCallback callback, void *param);
1544 
1546  SshChannelReqCallback callback);
1547 
1549  SshChannelOpenCallback callback, void *param);
1550 
1552  SshChannelOpenCallback callback);
1553 
1555  SshConnectionOpenCallback callback, void *param);
1556 
1558  SshConnectionOpenCallback callback);
1559 
1561  SshConnectionCloseCallback callback, void *param);
1562 
1564  SshConnectionCloseCallback callback);
1565 
1566 error_t sshLoadRsaKey(SshContext *context, uint_t index,
1567  const char_t *publicKey, size_t publicKeyLen,
1568  const char_t *privateKey, size_t privateKeyLen);
1569 
1570 error_t sshUnloadRsaKey(SshContext *context, uint_t index);
1571 
1572 error_t sshLoadDhGexGroup(SshContext *context, uint_t index,
1573  const char_t *dhParams, size_t dhParamsLen);
1574 
1575 error_t sshUnloadDhGexGroup(SshContext *context, uint_t index);
1576 
1577 error_t sshLoadHostKey(SshContext *context, uint_t index,
1578  const char_t *publicKey, size_t publicKeyLen,
1579  const char_t *privateKey, size_t privateKeyLen);
1580 
1581 error_t sshUnloadHostKey(SshContext *context, uint_t index);
1582 
1584  const char_t *cert, size_t certLen, const char_t *privateKey,
1585  size_t privateKeyLen);
1586 
1588 
1590  const char_t *prompt);
1591 
1593 
1595 
1596 error_t sshWriteChannel(SshChannel *channel, const void *data, size_t length,
1597  size_t *written, uint_t flags);
1598 
1599 error_t sshReadChannel(SshChannel *channel, void *data, size_t size,
1600  size_t *received, uint_t flags);
1601 
1603  OsEvent *extEvent, systime_t timeout);
1604 
1606 void sshDeleteChannel(SshChannel *channel);
1607 
1608 void sshDeinit(SshContext *context);
1609 
1610 //C++ guard
1611 #ifdef __cplusplus
1612 }
1613 #endif
1614 
1615 #endif
uint8_t h[SSH_MAX_HASH_DIGEST_SIZE]
Exchange hash H.
Definition: ssh.h:1368
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: ssh.h:1423
bool_t closeSent
An SSH_MSG_CHANNEL_CLOSE message has been sent.
Definition: ssh.h:1322
@ SSH_FLAG_WAIT_ALL
Definition: ssh.h:870
uint8_t length
Definition: coap_common.h:193
SocketEventDesc eventDesc[SSH_MAX_CONNECTIONS+1]
The events the application is interested in.
Definition: ssh.h:1475
SshEcdhKeyPairGenCallback ecdhKeyPairGenCallback
ECDH key pair generation callback.
Definition: ssh.h:1459
size_t privateKeyLen
Length of the RSA private key.
Definition: ssh.h:1073
error_t(* SshChannelReqCallback)(SshChannel *channel, const SshString *type, const uint8_t *data, size_t length, void *param)
Channel request callback function.
Definition: ssh.h:1224
systime_t timeout
Timeout value.
Definition: ssh.h:1308
@ SSH_MSG_KEX_DH_REPLY
Definition: ssh.h:905
@ SSH_OPEN_RESOURCE_SHORTAGE
Definition: ssh.h:975
size_t rxWindowSizeInc
Window size increment.
Definition: ssh.h:1316
Generic hash algorithm context.
char_t clientId[SSH_MAX_ID_LEN+1]
Client's identification string.
Definition: ssh.h:1339
error_t sshLoadHostKey(SshContext *context, uint_t index, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Load entity's host key.
Definition: ssh.c:1308
#define SSH_MAX_CONN_CLOSE_CALLBACKS
Definition: ssh.h:206
int bool_t
Definition: compiler_port.h:48
HMAC algorithm context.
Definition: hmac.h:59
@ SSH_CONN_STATE_USER_AUTH_REPLY
Definition: ssh.h:1012
const char_t * clientEncAlgo
Selected client's encryption algorithm name.
Definition: ssh.h:1350
SshOperationMode
Mode of operation.
Definition: ssh.h:845
@ SSH_CONN_STATE_OPEN
Definition: ssh.h:1014
void * globalReqParam[SSH_MAX_GLOBAL_REQ_CALLBACKS]
Opaque pointer passed to the global request callback.
Definition: ssh.h:1463
SshGlobalReqCallback globalReqCallback[SSH_MAX_GLOBAL_REQ_CALLBACKS]
Global request callbacks.
Definition: ssh.h:1462
@ SSH_CHANNEL_EVENT_CONNECTED
Definition: ssh.h:1052
const char_t * clientMacAlgo
Selected client's MAC algorithm name.
Definition: ssh.h:1352
uint_t eventMask
Requested events.
Definition: ssh.h:1486
error_t sshUnloadDhGexGroup(SshContext *context, uint_t index)
Unload Diffie-Hellman group.
Definition: ssh.c:1268
error_t sshInit(SshContext *context, SshConnection *connections, uint_t numConnections, SshChannel *channels, uint_t numChannels)
SSH context initialization.
Definition: ssh.c:58
@ SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
Definition: ssh.h:922
uint8_t data[]
Definition: ethernet.h:220
SshChannelState
SSH channel state.
Definition: ssh.h:1024
size_t serverHostKeyLen
Length of the server's host key, in bytes.
Definition: ssh.h:1360
signed int int_t
Definition: compiler_port.h:44
@ SSH_AUTH_STATUS_FAILURE
Definition: ssh.h:857
error_t(* SshCaPublicKeyVerifyCallback)(SshConnection *connection, const uint8_t *publicKey, size_t publicKeyLen)
CA public key verification callback function.
Definition: ssh.h:1138
void(* SshConnectionCloseCallback)(SshConnection *connection, void *param)
Connection close callback function.
Definition: ssh.h:1249
Binary string.
Definition: ssh_types.h:67
@ SSH_CONN_STATE_KEX_DH_GEX_REQUEST
Definition: ssh.h:995
const char_t * privateKey
Private key (PEM or OpenSSH format)
Definition: ssh.h:1098
#define PrngAlgo
Definition: crypto.h:833
error_t sshSetPrng(SshContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: ssh.c:193
@ SSH_CONN_STATE_SERVER_EXT_INFO_2
Definition: ssh.h:1007
void * connectionOpenParam[SSH_MAX_CONN_OPEN_CALLBACKS]
Opaque pointer passed to the connection open callback.
Definition: ssh.h:1469
const char_t * publicKeyAlgo
Public key algorithm.
Definition: ssh.h:1112
@ SSH_CONN_STATE_KEX_RSA_SECRET
Definition: ssh.h:991
bool_t closeReceived
An SSH_MSG_CHANNEL_CLOSE message has been received.
Definition: ssh.h:1323
SshChannelEvent
SSH channel events.
Definition: ssh.h:1050
uint8_t p
Definition: ndp.h:298
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
Definition: ssh.h:1262
size_t rxBufferLen
Number of bytes available for reading.
Definition: ssh.h:1407
SshContext * context
SSH context.
Definition: ssh.h:1302
@ SSH_CONN_STATE_SERVICE_ACCEPT
Definition: ssh.h:1009
@ SSH_AUTH_STATUS_SUCCESS
Definition: ssh.h:858
Collection of AEAD algorithms.
@ SSH_DISCONNECT_COMPRESSION_ERROR
Definition: ssh.h:953
@ SSH_FLAG_BREAK_CHAR
Definition: ssh.h:871
#define SSH_MAX_CHANNEL_OPEN_CALLBACKS
Definition: ssh.h:192
error_t(* SshCertAuthCallback)(SshConnection *connection, const char_t *user, const SshCertificate *cert)
Certificate authentication callback function.
Definition: ssh.h:1154
@ SSH_DISCONNECT_MAC_ERROR
Definition: ssh.h:952
SshSignVerifyCallback signVerifyCallback
Signature verification callback.
Definition: ssh.h:1456
size_t txBufferPos
Current position in TX buffer.
Definition: ssh.h:1406
Event object.
const char_t * publicKey
RSA public key (PEM, SSH2 or OpenSSH format)
Definition: ssh.h:1070
Generic cipher algorithm context.
@ SSH_MSG_CHANNEL_FAILURE
Definition: ssh.h:938
GcmContext gcmContext
GCM context.
Definition: ssh.h:1272
OsEvent event
Event object used to poll the sockets.
Definition: ssh.h:1474
error_t sshLoadCertificate(SshContext *context, uint_t index, const char_t *cert, size_t certLen, const char_t *privateKey, size_t privateKeyLen)
Load entity's certificate.
Definition: ssh.c:1621
size_t threshold
Definition: ssh.h:1288
error_t sshUnloadCertificate(SshContext *context, uint_t index)
Unload entity's certificate.
Definition: ssh.c:1799
size_t macSize
Size of the MAC tag, in bytes.
Definition: ssh.h:1264
uint_t eventFlags
Returned events.
Definition: ssh.h:1487
size_t rxWindowSize
RX flow-control window.
Definition: ssh.h:1315
error_t sshRegisterEcdhSharedSecretCalcCallback(SshContext *context, SshEcdhSharedSecretCalcCallback callback)
Register ECDH shared secret calculation callback function.
Definition: ssh.c:586
SshConnectionState
SSH connection state.
Definition: ssh.h:984
void * channelReqParam[SSH_MAX_CHANNEL_REQ_CALLBACKS]
Opaque pointer passed to the channel request callback.
Definition: ssh.h:1465
ECDH (Elliptic Curve Diffie-Hellman) key exchange.
@ SSH_MSG_CHANNEL_SUCCESS
Definition: ssh.h:937
bool_t eofRequest
Channel EOF request.
Definition: ssh.h:1318
@ SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE
Definition: ssh.h:956
Transient RSA key (for RSA key exchange)
Definition: ssh.h:1068
error_t sshUnregisterConnectionOpenCallback(SshContext *context, SshConnectionOpenCallback callback)
Unregister connection open callback function.
Definition: ssh.c:926
SshConnectionCloseCallback connectionCloseCallback[SSH_MAX_CONN_CLOSE_CALLBACKS]
Connection close callback function.
Definition: ssh.h:1470
SshChannel * channel
Handle to a channel to monitor.
Definition: ssh.h:1485
SshChannelBuffer txBuffer
TX buffer.
Definition: ssh.h:1312
char_t name[]
@ SSH_MSG_CHANNEL_OPEN_CONFIRMATION
Definition: ssh.h:929
@ SSH_MSG_REQUEST_FAILURE
Definition: ssh.h:927
size_t txBufferLen
Number of bytes that are pending to be sent.
Definition: ssh.h:1405
size_t txWindowSize
TX flow-control window.
Definition: ssh.h:1314
#define SSH_MAX_SHARED_SECRET_LEN
Definition: ssh.h:796
const char_t * privateKey
RSA private key (PEM or OpenSSH format)
Definition: ssh.h:1072
SSH channel buffer.
Definition: ssh.h:1285
error_t sshRegisterCaPublicKeyVerifyCallback(SshContext *context, SshCaPublicKeyVerifyCallback callback)
Register CA public key verification callback function.
Definition: ssh.c:338
error_t sshLoadDhGexGroup(SshContext *context, uint_t index, const char_t *dhParams, size_t dhParamsLen)
Load Diffie-Hellman group.
Definition: ssh.c:1191
SshCaPublicKeyVerifyCallback caPublicKeyVerifyCallback
CA public key verification callback.
Definition: ssh.h:1442
SshMessageType
SSH message types.
Definition: ssh.h:887
SshConnection * connection
SSH connection.
Definition: ssh.h:1303
error_t sshRegisterPasswordChangeCallback(SshContext *context, SshPasswordChangeCallback callback)
Register password change callback function.
Definition: ssh.c:462
@ SSH_CONN_STATE_KEX_DH_GEX_GROUP
Definition: ssh.h:996
@ SSH_MSG_NEWCOMPRESS
Definition: ssh.h:896
@ SSH_CONN_STATE_SERVER_EXT_INFO_1
Definition: ssh.h:1006
Structure describing socket events.
Definition: socket.h:365
char_t username[SSH_MAX_USERNAME_LEN+1]
User name.
Definition: ssh.h:1428
uint_t eventFlags
Definition: ssh.h:1306
uint_t numChannels
Maximum number of SSH channels.
Definition: ssh.h:1421
SshCertVerifyCallback certVerifyCallback
Certificate verification callback.
Definition: ssh.h:1441
Encryption engine.
Definition: ssh.h:1258
#define SSH_MAX_CIPHER_BLOCK_SIZE
Definition: ssh.h:710
@ SSH_OPEN_ADMINISTRATIVELY_PROHIBITED
Definition: ssh.h:972
@ SSH_CHANNEL_EVENT_CLOSED
Definition: ssh.h:1053
@ SSH_CONN_STATE_DISCONNECT
Definition: ssh.h:1015
error_t sshRegisterPasswordAuthCallback(SshContext *context, SshPasswordAuthCallback callback)
Register password authentication callback function.
Definition: ssh.c:431
@ SSH_MSG_KEX_DH_GEX_REPLY
Definition: ssh.h:910
@ SSH_REQUEST_STATE_PENDING
Definition: ssh.h:1039
uint32_t remoteChannelNum
Remote channel number.
Definition: ssh.h:1310
error_t sshUnregisterGlobalRequestCallback(SshContext *context, SshGlobalReqCallback callback)
Unregister global request callback function.
Definition: ssh.c:665
@ SSH_CHANNEL_EVENT_TX_READY
Definition: ssh.h:1054
uint_t numConnections
Maximum number of SSH connections.
Definition: ssh.h:1419
int_t dhGexGroupIndex
Index of the selected Diffie-Hellman group.
Definition: ssh.h:1363
SshAuthStatus
Authentication status.
Definition: ssh.h:856
bool_t eofReceived
An SSH_MSG_CHANNEL_EOF message has been received.
Definition: ssh.h:1320
@ SSH_DISCONNECT_BY_APPLICATION
Definition: ssh.h:958
error_t sshUnloadRsaKey(SshContext *context, uint_t index)
Unload transient RSA key (for RSA key exchange)
Definition: ssh.c:1154
@ SSH_MSG_CHANNEL_DATA
Definition: ssh.h:932
@ SSH_CHANNEL_EVENT_TX_SHUTDOWN
Definition: ssh.h:1057
Diffie-Hellman context.
Definition: dh.h:60
error_t sshReadChannel(SshChannel *channel, void *data, size_t size, size_t *received, uint_t flags)
Receive data from the specified channel.
Definition: ssh.c:2107
void * channelOpenParam[SSH_MAX_CHANNEL_OPEN_CALLBACKS]
Opaque pointer passed to the channel open callback.
Definition: ssh.h:1467
@ SSH_CONN_STATE_KEX_HBR_INIT
Definition: ssh.h:1001
@ SSH_MSG_KEX_DH_INIT
Definition: ssh.h:904
@ SSH_MSG_GLOBAL_REQUEST
Definition: ssh.h:925
Diffie-Hellman key exchange.
@ SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT
Definition: ssh.h:948
#define SshContext
Definition: ssh.h:824
error_t sshUnloadHostKey(SshContext *context, uint_t index)
Unload entity's host key.
Definition: ssh.c:1560
const char_t * keyFormatId
Key format identifier.
Definition: ssh.h:1095
@ SSH_MSG_NEWKEYS
Definition: ssh.h:898
@ SSH_MSG_INVALID
Definition: ssh.h:888
size_t kLen
Length of the shared secret, in bytes.
Definition: ssh.h:1371
char_t type
size_t hLen
Length of the exchange hash, in bytes.
Definition: ssh.h:1369
error_t sshCloseChannel(SshChannel *channel)
Close channel.
Definition: ssh.c:2392
error_t
Error codes.
Definition: error.h:43
uint32_t seqNum
Definition: tcp.h:339
SSH connection.
Definition: ssh.h:1332
CipherMode cipherMode
Cipher mode of operation.
Definition: ssh.h:1259
uint8_t cookie[SSH_COOKIE_SIZE]
Random value generated by the sender.
Definition: ssh.h:1341
bool_t closeRequest
Channel close request.
Definition: ssh.h:1321
error_t(* SshGlobalReqCallback)(SshConnection *connection, const SshString *name, const uint8_t *data, size_t length, void *param)
Global request callback function.
Definition: ssh.h:1216
@ SSH_MSG_USERAUTH_INFO_RESPONSE
Definition: ssh.h:924
bool_t disconnectRequest
Request for disconnection.
Definition: ssh.h:1392
@ SSH_MSG_CHANNEL_CLOSE
Definition: ssh.h:935
SshRsaKey rsaKeys[SSH_MAX_RSA_KEYS]
Transient RSA keys (for RSA key exchange)
Definition: ssh.h:1433
#define SSH_MAX_ID_LEN
Definition: ssh.h:234
@ SSH_MSG_USERAUTH_PK_OK
Definition: ssh.h:921
@ SSH_CONN_STATE_KEX_HBR_REPLY
Definition: ssh.h:1002
error_t sshRegisterSignGenCallback(SshContext *context, SshSignGenCallback callback)
Register signature generation callback function.
Definition: ssh.c:493
uint32_t localChannelNum
Current channel number.
Definition: ssh.h:1398
@ SSH_OPERATION_MODE_SERVER
Definition: ssh.h:847
error_t(* SshChannelOpenCallback)(SshConnection *connection, const SshString *type, uint32_t senderChannel, uint32_t initialWindowSize, uint32_t maxPacketSize, const uint8_t *data, size_t length, void *param)
Channel open callback function.
Definition: ssh.h:1232
uint_t authAttempts
Number of authentication attempts.
Definition: ssh.h:1396
bool_t kexInitReceived
An SSH_MSG_KEXINIT message has been received.
Definition: ssh.h:1389
#define SSH_MAX_RSA_KEYS
Definition: ssh.h:619
@ SSH_OPERATION_MODE_CLIENT
Definition: ssh.h:846
@ SSH_MSG_KEXRSA_DONE
Definition: ssh.h:903
size_t publicKeyLen
Length of the RSA public key.
Definition: ssh.h:1071
@ SSH_MSG_KEX_DH_GEX_REQUEST_OLD
Definition: ssh.h:906
const char_t * publicKey
Public key (PEM, SSH2 or OpenSSH format)
Definition: ssh.h:1096
@ SSH_CONN_STATE_KEX_ECDH_INIT
Definition: ssh.h:999
Diffie-Hellman group.
Definition: ssh.h:1082
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: ssh.h:1260
bool_t publicKeyOk
The provided host key is acceptable.
Definition: ssh.h:1397
@ SSH_FLAG_NO_DELAY
Definition: ssh.h:873
size_t writePos
Definition: ssh.h:1289
EcdhContext ecdhContext
ECDH context.
Definition: ssh.h:1382
@ SSH_FLAG_DELAY
Definition: ssh.h:874
char_t passwordChangePrompt[SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN+1]
Password change prompt string.
Definition: ssh.h:1345
@ SSH_MSG_SERVICE_REQUEST
Definition: ssh.h:893
const char_t * kexAlgo
Selected key exchange algorithm name.
Definition: ssh.h:1348
error_t(* SshCertVerifyCallback)(SshConnection *connection, const SshCertificate *cert)
Certificate verification callback function.
Definition: ssh.h:1130
SshChannelBuffer rxBuffer
RX buffer.
Definition: ssh.h:1313
Host key.
Definition: ssh.h:1094
uint_t eventMask
Definition: ssh.h:1305
const char_t * dhParams
Diffie-Hellman parameters (PEM format)
Definition: ssh.h:1084
error_t sshPollChannels(SshChannelEventDesc *eventDesc, uint_t size, OsEvent *extEvent, systime_t timeout)
Wait for one of a set of channels to become ready to perform I/O.
Definition: ssh.c:2303
bool_t etm
Encrypt-then-MAC.
Definition: ssh.h:1265
@ SSH_MSG_USERAUTH_REQUEST
Definition: ssh.h:915
bool_t eofSent
An SSH_MSG_CHANNEL_EOF message has been sent.
Definition: ssh.h:1319
General definitions for cryptographic algorithms.
SshAuthStatus(* SshPasswordChangeCallback)(SshConnection *connection, const char_t *user, const char_t *oldPassword, size_t oldPasswordLen, const char_t *newPassword, size_t newPasswordLen)
Password change callback function.
Definition: ssh.h:1170
CipherContext cipherContext
Cipher context.
Definition: ssh.h:1261
error_t(* SshEcdhKeyPairGenCallback)(SshConnection *connection, const char_t *kexAlgo, EcPublicKey *publicKey)
ECDH key pair generation callback.
Definition: ssh.h:1199
@ SSH_CHANNEL_STATE_OPEN
Definition: ssh.h:1027
SSH certificate parsing.
@ SSH_CONN_STATE_KEX_ECDH_REPLY
Definition: ssh.h:1000
@ SSH_MSG_USERAUTH_FAILURE
Definition: ssh.h:916
const char_t * serverEncAlgo
Selected server's encryption algorithm name.
Definition: ssh.h:1351
@ SSH_MSG_DEBUG
Definition: ssh.h:892
SshEncryptionEngine encryptionEngine
Encryption engine.
Definition: ssh.h:1385
SshHostKey hostKeys[SSH_MAX_HOST_KEYS]
List of host keys.
Definition: ssh.h:1425
@ SSH_CONN_STATE_KEX_RSA_PUB_KEY
Definition: ssh.h:990
error_t sshRegisterChannelOpenCallback(SshContext *context, SshChannelOpenCallback callback, void *param)
Register channel open callback function.
Definition: ssh.c:792
error_t sshRegisterHostKeyVerifyCallback(SshContext *context, SshHostKeyVerifyCallback callback)
Register host key verification callback function.
Definition: ssh.c:281
SshDisconnectReasonCode
Disconnection messages reason codes.
Definition: ssh.h:947
Block cipher modes of operation.
@ SSH_CONN_STATE_CLIENT_ID
Definition: ssh.h:986
@ SSH_MSG_CHANNEL_OPEN_FAILURE
Definition: ssh.h:930
size_t publicKeyLen
Length of the public key.
Definition: ssh.h:1097
error_t sshSetPassword(SshContext *context, const char_t *password)
Set the password to be used for authentication.
Definition: ssh.c:251
HashContext hashContext
Exchange hash context.
Definition: ssh.h:1374
error_t sshUnregisterChannelOpenCallback(SshContext *context, SshChannelOpenCallback callback)
Unregister channel open callback function.
Definition: ssh.c:839
error_t sshUnregisterChannelRequestCallback(SshContext *context, SshChannelReqCallback callback)
Unregister channel request callback function.
Definition: ssh.c:752
#define SSH_CHANNEL_BUFFER_SIZE
Definition: ssh.h:227
@ SSH_MSG_USERAUTH_BANNER
Definition: ssh.h:918
@ SSH_DISCONNECT_CONNECTION_LOST
Definition: ssh.h:957
Host key algorithm.
Definition: ssh.h:1111
@ SSH_REQUEST_STATE_IDLE
Definition: ssh.h:1038
error_t(* SshEcdhSharedSecretCalcCallback)(SshConnection *connection, const char_t *kexAlgo, const EcPublicKey *publicKey, uint8_t *output, size_t *outputLen)
ECDH shared secret calculation callback.
Definition: ssh.h:1207
@ SSH_MSG_DISCONNECT
Definition: ssh.h:889
SshPasswordChangeCallback passwordChangeCallback
Password change callback.
Definition: ssh.h:1452
bool_t newKeysReceived
An SSH_MSG_NEWKEYS message has been received.
Definition: ssh.h:1391
error_t sshWriteChannel(SshChannel *channel, const void *data, size_t length, size_t *written, uint_t flags)
Write data to the specified channel.
Definition: ssh.c:1978
#define SSH_MAX_HOST_KEYS
Definition: ssh.h:164
@ SSH_CHANNEL_EVENT_TIMEOUT
Definition: ssh.h:1051
error_t sshRegisterConnectionCloseCallback(SshContext *context, SshConnectionCloseCallback callback, void *param)
Register connection close callback function.
Definition: ssh.c:966
error_t sshRegisterConnectionOpenCallback(SshContext *context, SshConnectionOpenCallback callback, void *param)
Register connection open callback function.
Definition: ssh.c:879
@ SSH_CONN_STATE_SERVER_NEW_KEYS
Definition: ssh.h:1004
@ SSH_AUTH_STATUS_PASSWORD_EXPIRED
Definition: ssh.h:859
SshChannelOpenCallback channelOpenCallback[SSH_MAX_CHANNEL_OPEN_CALLBACKS]
Channel open callbacks.
Definition: ssh.h:1466
CipherMode
Cipher operation modes.
Definition: crypto.h:857
uint8_t buffer[SSH_BUFFER_SIZE]
Internal buffer.
Definition: ssh.h:1404
bool_t kexInitSent
An SSH_MSG_KEXINIT message has been sent.
Definition: ssh.h:1388
String.
Definition: ssh_types.h:56
@ SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED
Definition: ssh.h:955
@ SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE
Definition: ssh.h:961
error_t(* SshConnectionOpenCallback)(SshConnection *connection, void *param)
Connection open callback function.
Definition: ssh.h:1241
error_t(* SshSignVerifyCallback)(SshConnection *connection, const SshString *publicKeyAlgo, const SshBinaryString *publicKeyBlob, const SshBinaryString *sessionId, const SshBinaryString *message, const SshBinaryString *signatureBlob)
Signature verification callback function.
Definition: ssh.h:1189
@ SSH_MSG_USERAUTH_SUCCESS
Definition: ssh.h:917
size_t rxBufferPos
Current position in RX buffer.
Definition: ssh.h:1408
@ SSH_CONN_STATE_CLOSED
Definition: ssh.h:985
@ SSH_CHANNEL_EVENT_TX_DONE
Definition: ssh.h:1055
bool_t extInfoReceived
"ext-info-c" or "ext-info-s" indicator has been received
Definition: ssh.h:1401
const char_t * clientCompressAlgo
Selected client's encryption algorithm name.
Definition: ssh.h:1354
#define SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN
Definition: ssh.h:255
@ SSH_DISCONNECT_SERVICE_NOT_AVAILABLE
Definition: ssh.h:954
#define SSH_MAX_HASH_DIGEST_SIZE
Definition: ssh.h:747
error_t sshSetPasswordChangePrompt(SshConnection *connection, const char_t *prompt)
Set password change prompt message.
Definition: ssh.c:1859
uint8_t * serverHostKey
Server's host key.
Definition: ssh.h:1359
uint8_t k[SSH_MAX_SHARED_SECRET_LEN]
Shared secret K.
Definition: ssh.h:1370
Collection of hash algorithms.
@ SSH_CONN_STATE_USER_AUTH_SUCCESS
Definition: ssh.h:1013
Mutex object.
@ SSH_REQUEST_STATE_FAILURE
Definition: ssh.h:1041
const char_t * keyFormatId
Key format identifier.
Definition: ssh.h:1113
@ SSH_CONN_STATE_CLIENT_NEW_KEYS
Definition: ssh.h:1003
error_t sshSetUsername(SshContext *context, const char_t *username)
Set the user name to be used for authentication.
Definition: ssh.c:221
uint32_t systime_t
System time.
#define SSH_MAX_CONNECTIONS
Definition: ssh.h:171
@ SSH_DISCONNECT_PROTOCOL_ERROR
Definition: ssh.h:949
bool_t channelSuccessSent
An SSH_MSG_CHANNEL_SUCCESS message has been sent.
Definition: ssh.h:1317
EC public key.
Definition: ec.h:94
int_t hostKeyIndex
Index of the selected host key.
Definition: ssh.h:1356
uint8_t flags
Definition: tcp.h:349
void * connectionCloseParam[SSH_MAX_CONN_CLOSE_CALLBACKS]
Opaque pointer passed to the connection close callback.
Definition: ssh.h:1471
#define SSH_MAX_PASSWORD_LEN
Definition: ssh.h:248
char char_t
Definition: compiler_port.h:43
char_t serverId[SSH_MAX_ID_LEN+1]
Server's identification string.
Definition: ssh.h:1340
GCM context.
Definition: gcm.h:64
#define SSH_MAX_GLOBAL_REQ_CALLBACKS
Definition: ssh.h:178
SshConnection * connections
SSH connections.
Definition: ssh.h:1420
const char_t * publicKeyAlgo
Public key algorithm to use during user authentication.
Definition: ssh.h:1101
@ SSH_MSG_CHANNEL_OPEN
Definition: ssh.h:928
@ SSH_OPEN_CONNECT_FAILED
Definition: ssh.h:973
#define SSH_MAX_ENC_KEY_SIZE
Definition: ssh.h:703
SshRequestState
SSH request states.
Definition: ssh.h:1037
@ SSH_DISCONNECT_AUTH_CANCELLED_BY_USER
Definition: ssh.h:960
size_t readPos
Definition: ssh.h:1290
@ SSH_REQUEST_STATE_SUCCESS
Definition: ssh.h:1040
@ SSH_CHANNEL_EVENT_RX_SHUTDOWN
Definition: ssh.h:1059
@ SSH_CONN_STATE_SERVER_KEX_INIT
Definition: ssh.h:989
SshChannelFlags
Flags used by read and write functions.
Definition: ssh.h:868
error_t(* SshPublicKeyAuthCallback)(SshConnection *connection, const char_t *user, const uint8_t *publicKey, size_t publicKeyLen)
Public key authentication callback function.
Definition: ssh.h:1146
@ SSH_CONN_STATE_SERVER_ID
Definition: ssh.h:987
@ SSH_CONN_STATE_KEX_DH_INIT
Definition: ssh.h:993
error_t sshRegisterCertAuthCallback(SshContext *context, SshCertAuthCallback callback)
Register certificate authentication callback function.
Definition: ssh.c:400
@ SSH_MSG_CHANNEL_REQUEST
Definition: ssh.h:936
const HashAlgo * hashAlgo
Exchange hash algorithm.
Definition: ssh.h:1373
@ SSH_CONN_STATE_CLIENT_EXT_INFO
Definition: ssh.h:1005
SSH data type representations.
Structure describing channel events.
Definition: ssh.h:1484
@ SSH_DISCONNECT_KEY_EXCHANGE_FAILED
Definition: ssh.h:950
@ SSH_CHANNEL_EVENT_RX_READY
Definition: ssh.h:1058
@ SSH_CONN_STATE_KEX_RSA_DONE
Definition: ssh.h:992
@ SSH_MSG_HBR_INIT
Definition: ssh.h:913
const char_t * serverHostKeyAlgo
Selected server's host key algorithm name.
Definition: ssh.h:1349
HmacContext hmacContext
HMAC context.
Definition: ssh.h:1376
@ SSH_CONN_STATE_SERVICE_REQUEST
Definition: ssh.h:1008
#define SshConnection
Definition: ssh.h:828
@ SSH_FLAG_EOF
Definition: ssh.h:869
Legacy definitions.
@ SSH_MSG_CHANNEL_EOF
Definition: ssh.h:934
SshOpenFailureReasonCode
Channel connection failure reason codes.
Definition: ssh.h:971
#define SSH_MAX_CONN_OPEN_CALLBACKS
Definition: ssh.h:199
@ SSH_MSG_HBR_REPLY
Definition: ssh.h:914
@ SSH_CONN_STATE_USER_AUTH_REQUEST
Definition: ssh.h:1011
SshRequestState requestState
Channel request state.
Definition: ssh.h:1301
error_t sshUnregisterConnectionCloseCallback(SshContext *context, SshConnectionCloseCallback callback)
Unregister connection close callback function.
Definition: ssh.c:1013
@ SSH_MSG_CHANNEL_WINDOW_ADJUST
Definition: ssh.h:931
@ SSH_MSG_KEX_DH_GEX_INIT
Definition: ssh.h:909
@ SSH_CHANNEL_STATE_RESERVED
Definition: ssh.h:1026
@ SSH_MSG_KEXRSA_PUBKEY
Definition: ssh.h:901
error_t sshRegisterChannelRequestCallback(SshContext *context, SshChannelReqCallback callback, void *param)
Register channel request callback function.
Definition: ssh.c:705
#define Socket
Definition: socket.h:36
uint8_t sessionId[]
Definition: tls.h:1687
systime_t timestamp
Time stamp to manage connection timeout.
Definition: ssh.h:1337
@ SSH_CONN_STATE_CLIENT_KEX_INIT
Definition: ssh.h:988
#define SSH_MAX_DH_GEX_GROUPS
Definition: ssh.h:626
@ SSH_MSG_KEX_ECDH_INIT
Definition: ssh.h:911
error_t sshSetOperationMode(SshContext *context, SshOperationMode mode)
Set operation mode (client or server)
Definition: ssh.c:167
size_t sessionIdLen
Length of the session identifier, in bytes.
Definition: ssh.h:1367
@ SSH_FLAG_BREAK_CRLF
Definition: ssh.h:872
@ SSH_CONN_STATE_KEX_DH_GEX_REPLY
Definition: ssh.h:998
OsEvent * userEvent
Definition: ssh.h:1307
@ SSH_MSG_USERAUTH_INFO_REQUEST
Definition: ssh.h:923
uint8_t sessionId[SSH_MAX_HASH_DIGEST_SIZE]
Session identifier.
Definition: ssh.h:1366
uint8_t message[]
Definition: chap.h:152
uint32_t localChannelNum
Local channel number.
Definition: ssh.h:1309
Common interface for encryption algorithms.
Definition: crypto.h:952
error_t sshRegisterCertVerifyCallback(SshContext *context, SshCertVerifyCallback callback)
Register certificate verification callback function.
Definition: ssh.c:307
#define SSH_MAX_CHANNEL_REQ_CALLBACKS
Definition: ssh.h:185
SshAuthStatus(* SshPasswordAuthCallback)(SshConnection *connection, const char_t *user, const char_t *password, size_t passwordLen)
Password authentication callback function.
Definition: ssh.h:1162
@ SSH_MSG_KEX_DH_GEX_REQUEST
Definition: ssh.h:907
SshCertAuthCallback certAuthCallback
Certificate authentication callback.
Definition: ssh.h:1448
@ SSH_MSG_REQUEST_SUCCESS
Definition: ssh.h:926
@ SSH_MSG_IGNORE
Definition: ssh.h:890
char_t password[SSH_MAX_PASSWORD_LEN+1]
Password.
Definition: ssh.h:1429
const char_t * serverCompressAlgo
Selected server's encryption algorithm name.
Definition: ssh.h:1355
Collection of MAC algorithms.
void sshDeleteChannel(SshChannel *channel)
Release channel.
Definition: ssh.c:2463
bool_t disconnectSent
An SSH_MSG_DISCONNECT message has been sent.
Definition: ssh.h:1393
SshChannelReqCallback channelReqCallback[SSH_MAX_CHANNEL_REQ_CALLBACKS]
Channel request callbacks.
Definition: ssh.h:1464
uint8_t mode
Definition: ntp_common.h:149
@ SSH_CONN_STATE_KEX_DH_REPLY
Definition: ssh.h:994
size_t privateKeyLen
Length of the private key.
Definition: ssh.h:1099
@ SSH_MSG_KEX_MAX
Definition: ssh.h:900
SshConnectionOpenCallback connectionOpenCallback[SSH_MAX_CONN_OPEN_CALLBACKS]
Connection open callback function.
Definition: ssh.h:1468
uint_t dhModulusSize
Length of the prime modulus, in bits.
Definition: ssh.h:1083
@ SSH_DISCONNECT_RESERVED
Definition: ssh.h:951
@ SSH_MSG_SERVICE_ACCEPT
Definition: ssh.h:894
HmacContext * hmacContext
HMAC context.
Definition: ssh.h:1263
Common interface for hash algorithms.
Definition: crypto.h:930
@ SSH_MSG_KEXRSA_SECRET
Definition: ssh.h:902
SshChannelState state
Channel state.
Definition: ssh.h:1300
error_t sshRegisterEcdhKeyPairGenCallback(SshContext *context, SshEcdhKeyPairGenCallback callback)
Register ECDH key pair generation callback function.
Definition: ssh.c:555
@ SSH_CONN_STATE_KEX_DH_GEX_INIT
Definition: ssh.h:997
bool_t newKeysSent
An SSH_MSG_NEWKEYS message has been sent.
Definition: ssh.h:1390
@ SSH_MSG_UNIMPLEMENTED
Definition: ssh.h:891
@ SSH_OPEN_UNKNOWN_CHANNEL_TYPE
Definition: ssh.h:974
void * prngContext
Pseudo-random number generator context.
Definition: ssh.h:1424
error_t sshLoadRsaKey(SshContext *context, uint_t index, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen)
Load transient RSA key (for RSA key exchange)
Definition: ssh.c:1058
OsMutex mutex
Mutex preventing simultaneous access to the context.
Definition: ssh.h:1473
@ SSH_MSG_USERAUTH_MAX
Definition: ssh.h:920
SshRequestState requestState
Global request state.
Definition: ssh.h:1334
const char_t * serverMacAlgo
Selected server's MAC algorithm name.
Definition: ssh.h:1353
#define SSH_COOKIE_SIZE
Definition: ssh.h:813
SshPasswordAuthCallback passwordAuthCallback
Password authentication callback.
Definition: ssh.h:1451
error_t sshRegisterSignVerifyCallback(SshContext *context, SshSignVerifyCallback callback)
Register signature verification callback function.
Definition: ssh.c:524
int_t rsaKeyIndex
Index of the transient RSA key to use.
Definition: ssh.h:1358
SshSignGenCallback signGenCallback
Signature generation callback.
Definition: ssh.h:1455
SshDhGexGroup dhGexGroups[SSH_MAX_DH_GEX_GROUPS]
Diffie-Hellman groups.
Definition: ssh.h:1436
unsigned int uint_t
Definition: compiler_port.h:45
@ SSH_MSG_EXT_INFO
Definition: ssh.h:895
@ SSH_CHANNEL_STATE_CLOSED
Definition: ssh.h:1028
bool_t disconnectReceived
An SSH_MSG_DISCONNECT message has been received.
Definition: ssh.h:1394
TCP/IP stack core.
SshContext * context
SSH context.
Definition: ssh.h:1335
SshChannel * sshCreateChannel(SshConnection *connection)
Create a new SSH channel.
Definition: ssh.c:1889
char_t user[SSH_MAX_USERNAME_LEN+1]
User name.
Definition: ssh.h:1342
@ SSH_MSG_KEX_ECDH_REPLY
Definition: ssh.h:912
size_t length
Definition: ssh.h:1287
@ SSH_MSG_USERAUTH_MIN
Definition: ssh.h:919
error_t(* SshSignGenCallback)(SshConnection *connection, const char_t *publicKeyAlgo, const SshHostKey *hostKey, const SshBinaryString *sessionId, const SshBinaryString *message, uint8_t *p, size_t *written)
Signature generation callback function.
Definition: ssh.h:1179
@ SSH_MSG_KEX_DH_GEX_GROUP
Definition: ssh.h:908
SshEncryptionEngine decryptionEngine
Decryption engine.
Definition: ssh.h:1386
SshPublicKeyAuthCallback publicKeyAuthCallback
Public key authentication callback.
Definition: ssh.h:1445
OsEvent event
Definition: ssh.h:1304
error_t(* SshHostKeyVerifyCallback)(SshConnection *connection, const uint8_t *hostKey, size_t hostKeyLen)
Host key verification callback function.
Definition: ssh.h:1122
#define SSH_MAX_USERNAME_LEN
Definition: ssh.h:241
@ SSH_CHANNEL_STATE_UNUSED
Definition: ssh.h:1025
SshChannel * channels
SSH channels.
Definition: ssh.h:1422
error_t sshRegisterGlobalRequestCallback(SshContext *context, SshGlobalReqCallback callback, void *param)
Register global request callback function.
Definition: ssh.c:618
SshConnectionState state
Connection state.
Definition: ssh.h:1333
uint_t modulusSize
Length of the modulus, in bits.
Definition: ssh.h:1069
DhContext dhContext
Diffie-Hellman context.
Definition: ssh.h:1379
#define SSH_BUFFER_SIZE
Definition: ssh.h:820
error_t sshSetChannelTimeout(SshChannel *channel, systime_t timeout)
Set timeout for read/write operations.
Definition: ssh.c:1954
error_t sshRegisterPublicKeyAuthCallback(SshContext *context, SshPublicKeyAuthCallback callback)
Register public key authentication callback function.
Definition: ssh.c:369
@ SSH_DISCONNECT_TOO_MANY_CONNECTIONS
Definition: ssh.h:959
SshHostKeyVerifyCallback hostKeyVerifyCallback
Host key verification callback.
Definition: ssh.h:1439
SSH context.
Definition: ssh.h:1417
ECDH context.
Definition: ecdh.h:59
@ SSH_CONN_STATE_USER_AUTH_BANNER
Definition: ssh.h:1010
const char_t * signFormatId
Signature format identifier.
Definition: ssh.h:1114
SSH certificate (OpenSSH format)
size_t encKeyLen
Length of the encryption key, in bytes.
Definition: ssh.h:1268
SshOperationMode mode
Mode of operation (client or server)
Definition: ssh.h:1418
@ SSH_MSG_KEX_MIN
Definition: ssh.h:899
#define SshChannel
Definition: ssh.h:832
SshEcdhSharedSecretCalcCallback ecdhSharedSecretCalcCallback
ECDH shared secret calculation callback.
Definition: ssh.h:1460
Socket * socket
Underlying socket.
Definition: ssh.h:1336
uint32_t maxPacketSize
Maximum packet size.
Definition: ssh.h:1311
@ SSH_CHANNEL_EVENT_TX_ACKED
Definition: ssh.h:1056
void sshDeinit(SshContext *context)
Release SSH context.
Definition: ssh.c:2483
@ SSH_MSG_CHANNEL_EXTENDED_DATA
Definition: ssh.h:933
bool_t wrongGuess
A wrong guessed key exchange packet follows.
Definition: ssh.h:1395
SSH channel.
Definition: ssh.h:1299
size_t dhParamsLen
Length of the Diffie-Hellman parameters.
Definition: ssh.h:1085
@ SSH_DISCONNECT_ILLEGAL_USER_NAME
Definition: ssh.h:962
@ SSH_MSG_KEXINIT
Definition: ssh.h:897