1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25#if !defined(__LWS_SSH_H__)
26#define __LWS_SSH_H__
27
28#if defined(LWS_HAVE_SYS_TYPES_H)
29#include <sys/types.h>
30#endif
31
32#if defined(LWS_WITH_MBEDTLS)
33#include "mbedtls/sha1.h"
34#include "mbedtls/sha256.h"
35#include "mbedtls/sha512.h"
36#include "mbedtls/rsa.h"
37#endif
38
39#include "lws-plugin-ssh.h"
40
41#define LWS_SIZE_EC25519	32
42#define LWS_SIZE_EC25519_PUBKEY 32
43#define LWS_SIZE_EC25519_PRIKEY 64
44
45#define LWS_SIZE_SHA256		32
46#define LWS_SIZE_SHA512		64
47
48#define LWS_SIZE_AES256_KEY	32
49#define LWS_SIZE_AES256_IV	12
50#define LWS_SIZE_AES256_MAC	16
51#define LWS_SIZE_AES256_BLOCK	16
52
53#define LWS_SIZE_CHACHA256_KEY	(2 * 32)
54#define POLY1305_TAGLEN		16
55#define POLY1305_KEYLEN		32
56
57#define crypto_hash_sha512_BYTES 64U
58
59#define PEEK_U64(p) \
60        (((uint64_t)(((const uint8_t *)(p))[0]) << 56) | \
61         ((uint64_t)(((const uint8_t *)(p))[1]) << 48) | \
62         ((uint64_t)(((const uint8_t *)(p))[2]) << 40) | \
63         ((uint64_t)(((const uint8_t *)(p))[3]) << 32) | \
64         ((uint64_t)(((const uint8_t *)(p))[4]) << 24) | \
65         ((uint64_t)(((const uint8_t *)(p))[5]) << 16) | \
66         ((uint64_t)(((const uint8_t *)(p))[6]) << 8) | \
67          (uint64_t)(((const uint8_t *)(p))[7]))
68#define PEEK_U32(p) \
69        (((uint32_t)(((const uint8_t *)(p))[0]) << 24) | \
70         ((uint32_t)(((const uint8_t *)(p))[1]) << 16) | \
71         ((uint32_t)(((const uint8_t *)(p))[2]) << 8) | \
72          (uint32_t)(((const uint8_t *)(p))[3]))
73#define PEEK_U16(p) \
74        (((uint16_t)(((const uint8_t *)(p))[0]) << 8) | \
75          (uint16_t)(((const uint8_t *)(p))[1]))
76
77#define POKE_U64(p, v) \
78        do { \
79                const uint64_t __v = (v); \
80                ((uint8_t *)(p))[0] = (uint8_t)((__v >> 56) & 0xff); \
81                ((uint8_t *)(p))[1] = (uint8_t)((__v >> 48) & 0xff); \
82                ((uint8_t *)(p))[2] = (uint8_t)((__v >> 40) & 0xff); \
83                ((uint8_t *)(p))[3] = (uint8_t)((__v >> 32) & 0xff); \
84                ((uint8_t *)(p))[4] = (uint8_t)((__v >> 24) & 0xff); \
85                ((uint8_t *)(p))[5] = (uint8_t)((__v >> 16) & 0xff); \
86                ((uint8_t *)(p))[6] = (uint8_t)((__v >> 8) & 0xff); \
87                ((uint8_t *)(p))[7] = (uint8_t)(__v & 0xff); \
88        } while (0)
89#define POKE_U32(p, v) \
90        do { \
91                const uint32_t __v = (v); \
92                ((uint8_t *)(p))[0] = (uint8_t)((__v >> 24) & 0xff); \
93                ((uint8_t *)(p))[1] = (uint8_t)((__v >> 16) & 0xff); \
94                ((uint8_t *)(p))[2] = (uint8_t)((__v >> 8) & 0xff); \
95                ((uint8_t *)(p))[3] = (uint8_t)(__v & 0xff); \
96        } while (0)
97#define POKE_U16(p, v) \
98        do { \
99                const uint16_t __v = (v); \
100                ((uint8_t *)(p))[0] = (__v >> 8) & 0xff; \
101                ((uint8_t *)(p))[1] = __v & 0xff; \
102        } while (0)
103
104
105enum {
106	SSH_MSG_DISCONNECT					= 1,
107	SSH_MSG_IGNORE						= 2,
108	SSH_MSG_UNIMPLEMENTED					= 3,
109	SSH_MSG_DEBUG						= 4,
110	SSH_MSG_SERVICE_REQUEST					= 5,
111	SSH_MSG_SERVICE_ACCEPT					= 6,
112	SSH_MSG_KEXINIT						= 20,
113	SSH_MSG_NEWKEYS						= 21,
114
115	/* 30 .. 49: KEX messages specific to KEX protocol */
116	SSH_MSG_KEX_ECDH_INIT					= 30,
117	SSH_MSG_KEX_ECDH_REPLY					= 31,
118
119	/* 50... userauth */
120
121	SSH_MSG_USERAUTH_REQUEST				= 50,
122	SSH_MSG_USERAUTH_FAILURE				= 51,
123	SSH_MSG_USERAUTH_SUCCESS				= 52,
124	SSH_MSG_USERAUTH_BANNER					= 53,
125
126	/* 60... publickey */
127
128	SSH_MSG_USERAUTH_PK_OK					= 60,
129
130	/* 80... connection */
131
132	SSH_MSG_GLOBAL_REQUEST					= 80,
133	SSH_MSG_REQUEST_SUCCESS					= 81,
134	SSH_MSG_REQUEST_FAILURE					= 82,
135
136	SSH_MSG_CHANNEL_OPEN					= 90,
137	SSH_MSG_CHANNEL_OPEN_CONFIRMATION			= 91,
138	SSH_MSG_CHANNEL_OPEN_FAILURE				= 92,
139	SSH_MSG_CHANNEL_WINDOW_ADJUST				= 93,
140	SSH_MSG_CHANNEL_DATA					= 94,
141	SSH_MSG_CHANNEL_EXTENDED_DATA				= 95,
142	SSH_MSG_CHANNEL_EOF					= 96,
143	SSH_MSG_CHANNEL_CLOSE					= 97,
144	SSH_MSG_CHANNEL_REQUEST					= 98,
145	SSH_MSG_CHANNEL_SUCCESS					= 99,
146	SSH_MSG_CHANNEL_FAILURE					= 100,
147
148	SSH_EXTENDED_DATA_STDERR				= 1,
149
150	SSH_CH_TYPE_SESSION					= 1,
151	SSH_CH_TYPE_SCP						= 2,
152	SSH_CH_TYPE_SFTP					= 3,
153
154	SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT		= 1,
155	SSH_DISCONNECT_PROTOCOL_ERROR				= 2,
156	SSH_DISCONNECT_KEY_EXCHANGE_FAILED			= 3,
157	SSH_DISCONNECT_RESERVED					= 4,
158	SSH_DISCONNECT_MAC_ERROR				= 5,
159	SSH_DISCONNECT_COMPRESSION_ERROR			= 6,
160	SSH_DISCONNECT_SERVICE_NOT_AVAILABLE			= 7,
161	SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED		= 8,
162	SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE			= 9,
163	SSH_DISCONNECT_CONNECTION_LOST				= 10,
164	SSH_DISCONNECT_BY_APPLICATION				= 11,
165	SSH_DISCONNECT_TOO_MANY_CONNECTIONS			= 12,
166	SSH_DISCONNECT_AUTH_CANCELLED_BY_USER			= 13,
167	SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE		= 14,
168	SSH_DISCONNECT_ILLEGAL_USER_NAME			= 15,
169
170	SSH_OPEN_ADMINISTRATIVELY_PROHIBITED			= 1,
171	SSH_OPEN_CONNECT_FAILED					= 2,
172	SSH_OPEN_UNKNOWN_CHANNEL_TYPE				= 3,
173	SSH_OPEN_RESOURCE_SHORTAGE				= 4,
174
175	KEX_STATE_EXPECTING_CLIENT_OFFER			= 0,
176	KEX_STATE_REPLIED_TO_OFFER,
177	KEX_STATE_CRYPTO_INITIALIZED,
178
179	SSH_KEYIDX_IV						= 0,
180	SSH_KEYIDX_ENC,
181	SSH_KEYIDX_INTEG,
182
183	/* things we may write on the connection */
184
185	SSH_WT_NONE						= 0,
186	SSH_WT_VERSION,
187	SSH_WT_OFFER,
188	SSH_WT_OFFER_REPLY,
189	SSH_WT_SEND_NEWKEYS,
190	SSH_WT_UA_ACCEPT,
191	SSH_WT_UA_FAILURE,
192	SSH_WT_UA_BANNER,
193	SSH_WT_UA_PK_OK,
194	SSH_WT_UA_SUCCESS,
195	SSH_WT_CH_OPEN_CONF,
196	SSH_WT_CH_FAILURE,
197	SSH_WT_CHRQ_SUCC,
198	SSH_WT_CHRQ_FAILURE,
199	SSH_WT_SCP_ACK_OKAY,
200	SSH_WT_SCP_ACK_ERROR,
201	SSH_WT_CH_CLOSE,
202	SSH_WT_CH_EOF,
203	SSH_WT_WINDOW_ADJUST,
204	SSH_WT_EXIT_STATUS,
205
206	/* RX parser states */
207
208	SSH_INITIALIZE_TRANSIENT				= 0,
209	SSHS_IDSTRING,
210	SSHS_IDSTRING_CR,
211	SSHS_MSG_LEN,
212	SSHS_MSG_PADDING,
213	SSHS_MSG_ID,
214	SSH_KEX_STATE_COOKIE,
215	SSH_KEX_NL_KEX_ALGS_LEN,
216	SSH_KEX_NL_KEX_ALGS,
217	SSH_KEX_NL_SHK_ALGS_LEN,
218	SSH_KEX_NL_SHK_ALGS,
219	SSH_KEX_NL_EACTS_ALGS_LEN,
220	SSH_KEX_NL_EACTS_ALGS,
221	SSH_KEX_NL_EASTC_ALGS_LEN,
222	SSH_KEX_NL_EASTC_ALGS,
223	SSH_KEX_NL_MACTS_ALGS_LEN,
224	SSH_KEX_NL_MACTS_ALGS,
225	SSH_KEX_NL_MASTC_ALGS_LEN,
226	SSH_KEX_NL_MASTC_ALGS,
227	SSH_KEX_NL_CACTS_ALGS_LEN,
228	SSH_KEX_NL_CACTS_ALGS,
229	SSH_KEX_NL_CASTC_ALGS_LEN,
230	SSH_KEX_NL_CASTC_ALGS,
231	SSH_KEX_NL_LCTS_ALGS_LEN,
232	SSH_KEX_NL_LCTS_ALGS,
233	SSH_KEX_NL_LSTC_ALGS_LEN,
234	SSH_KEX_NL_LSTC_ALGS,
235	SSH_KEX_FIRST_PKT,
236	SSH_KEX_RESERVED,
237
238	SSH_KEX_STATE_ECDH_KEYLEN,
239	SSH_KEX_STATE_ECDH_Q_C,
240
241	SSHS_MSG_EAT_PADDING,
242	SSH_KEX_STATE_SKIP,
243
244	SSHS_GET_STRING_LEN,
245	SSHS_GET_STRING,
246	SSHS_GET_STRING_LEN_ALLOC,
247	SSHS_GET_STRING_ALLOC,
248	SSHS_DO_SERVICE_REQUEST,
249
250	SSHS_DO_UAR_SVC,
251	SSHS_DO_UAR_PUBLICKEY,
252	SSHS_NVC_DO_UAR_CHECK_PUBLICKEY,
253	SSHS_DO_UAR_SIG_PRESENT,
254	SSHS_NVC_DO_UAR_ALG,
255	SSHS_NVC_DO_UAR_PUBKEY_BLOB,
256	SSHS_NVC_DO_UAR_SIG,
257
258	SSHS_GET_U32,
259
260	SSHS_NVC_CHOPEN_TYPE,
261	SSHS_NVC_CHOPEN_SENDER_CH,
262	SSHS_NVC_CHOPEN_WINSIZE,
263	SSHS_NVC_CHOPEN_PKTSIZE,
264
265	SSHS_NVC_CHRQ_RECIP,
266	SSHS_NVC_CHRQ_TYPE,
267	SSHS_CHRQ_WANT_REPLY,
268        SSHS_NVC_CHRQ_TERM,
269        SSHS_NVC_CHRQ_TW,
270        SSHS_NVC_CHRQ_TH,
271	SSHS_NVC_CHRQ_TWP,
272        SSHS_NVC_CHRQ_THP,
273        SSHS_NVC_CHRQ_MODES,
274
275	SSHS_NVC_CHRQ_ENV_NAME,
276	SSHS_NVC_CHRQ_ENV_VALUE,
277
278	SSHS_NVC_CHRQ_EXEC_CMD,
279
280	SSHS_NVC_CHRQ_SUBSYSTEM,
281
282	SSHS_NVC_CHRQ_WNDCHANGE_TW,
283	SSHS_NVC_CHRQ_WNDCHANGE_TH,
284	SSHS_NVC_CHRQ_WNDCHANGE_TWP,
285	SSHS_NVC_CHRQ_WNDCHANGE_THP,
286
287	SSHS_NVC_CH_EOF,
288	SSHS_NVC_CH_CLOSE,
289
290	SSHS_NVC_CD_RECIP,
291	SSHS_NVC_CD_DATA,
292	SSHS_NVC_CD_DATA_ALLOC,
293
294	SSHS_NVC_WA_RECIP,
295	SSHS_NVC_WA_ADD,
296
297	SSHS_NVC_DISCONNECT_REASON,
298	SSHS_NVC_DISCONNECT_DESC,
299	SSHS_NVC_DISCONNECT_LANG,
300
301	SSHS_SCP_COLLECTSTR			= 0,
302	SSHS_SCP_PAYLOADIN			= 1,
303
304
305	/* from https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13 */
306
307	SECSH_FILEXFER_VERSION			= 6,
308
309	/* sftp packet types */
310
311	SSH_FXP_INIT				= 1,
312	SSH_FXP_VERSION				= 2,
313	SSH_FXP_OPEN				= 3,
314	SSH_FXP_CLOSE				= 4,
315	SSH_FXP_READ				= 5,
316	SSH_FXP_WRITE				= 6,
317	SSH_FXP_LSTAT				= 7,
318	SSH_FXP_FSTAT				= 8,
319	SSH_FXP_SETSTAT				= 9,
320	SSH_FXP_FSETSTAT			= 10,
321	SSH_FXP_OPENDIR				= 11,
322	SSH_FXP_READDIR				= 12,
323	SSH_FXP_REMOVE				= 13,
324	SSH_FXP_MKDIR				= 14,
325	SSH_FXP_RMDIR				= 15,
326	SSH_FXP_REALPATH			= 16,
327	SSH_FXP_STAT				= 17,
328	SSH_FXP_RENAME				= 18,
329	SSH_FXP_READLINK			= 19,
330	SSH_FXP_LINK				= 21,
331	SSH_FXP_BLOCK				= 22,
332	SSH_FXP_UNBLOCK				= 23,
333	SSH_FXP_STATUS				= 101,
334	SSH_FXP_HANDLE				= 102,
335	SSH_FXP_DATA				= 103,
336	SSH_FXP_NAME				= 104,
337	SSH_FXP_ATTRS				= 105,
338	SSH_FXP_EXTENDED			= 200,
339	SSH_FXP_EXTENDED_REPLY			= 201,
340
341	/* sftp return codes */
342
343	SSH_FX_OK				= 0,
344	SSH_FX_EOF				= 1,
345	SSH_FX_NO_SUCH_FILE			= 2,
346	SSH_FX_PERMISSION_DENIED		= 3,
347	SSH_FX_FAILURE				= 4,
348	SSH_FX_BAD_MESSAGE			= 5,
349	SSH_FX_NO_CONNECTION			= 6,
350	SSH_FX_CONNECTION_LOST			= 7,
351	SSH_FX_OP_UNSUPPORTED			= 8,
352	SSH_FX_INVALID_HANDLE			= 9,
353	SSH_FX_NO_SUCH_PATH			= 10,
354	SSH_FX_FILE_ALREADY_EXISTS		= 11,
355	SSH_FX_WRITE_PROTECT			= 12,
356	SSH_FX_NO_MEDIA				= 13,
357	SSH_FX_NO_SPACE_ON_FILESYSTEM		= 14,
358	SSH_FX_QUOTA_EXCEEDED			= 15,
359	SSH_FX_UNKNOWN_PRINCIPAL		= 16,
360	SSH_FX_LOCK_CONFLICT			= 17,
361	SSH_FX_DIR_NOT_EMPTY			= 18,
362	SSH_FX_NOT_A_DIRECTORY			= 19,
363	SSH_FX_INVALID_FILENAME			= 20,
364	SSH_FX_LINK_LOOP			= 21,
365	SSH_FX_CANNOT_DELETE			= 22,
366	SSH_FX_INVALID_PARAMETER		= 23,
367	SSH_FX_FILE_IS_A_DIRECTORY		= 24,
368	SSH_FX_BYTE_RANGE_LOCK_CONFLICT		= 25,
369	SSH_FX_BYTE_RANGE_LOCK_REFUSED		= 26,
370	SSH_FX_DELETE_PENDING			= 27,
371	SSH_FX_FILE_CORRUPT			= 28,
372	SSH_FX_OWNER_INVALID			= 29,
373	SSH_FX_GROUP_INVALID			= 30,
374	SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK	= 31,
375
376
377	SSH_PENDING_TIMEOUT_CONNECT_TO_SUCCESSFUL_AUTH =
378			PENDING_TIMEOUT_USER_REASON_BASE + 0,
379
380	SSH_AUTH_STATE_NO_AUTH			= 0,
381	SSH_AUTH_STATE_GAVE_AUTH_IGNORE_REQS	= 1,
382};
383
384#define LWS_SSH_INITIAL_WINDOW 16384
385
386struct lws_ssh_userauth {
387	struct lws_genhash_ctx hash_ctx;
388	char *username;
389	char *service;
390	char *alg;
391	uint8_t *pubkey;
392	uint32_t pubkey_len;
393	uint8_t *sig;
394	uint32_t sig_len;
395	char sig_present;
396};
397
398struct lws_ssh_keys {
399	/* 3 == SSH_KEYIDX_IV (len=4), SSH_KEYIDX_ENC, SSH_KEYIDX_INTEG */
400	uint8_t key[3][LWS_SIZE_CHACHA256_KEY];
401
402	/* opaque allocation made when cipher activated */
403	void *cipher;
404
405	uint8_t MAC_length;
406	uint8_t padding_alignment; /* block size */
407	uint8_t valid:1;
408	uint8_t full_length:1;
409};
410
411struct lws_kex {
412	uint8_t kex_r[256];
413	uint8_t Q_C[LWS_SIZE_EC25519]; /* client eph public key aka 'e' */
414	uint8_t eph_pri_key[LWS_SIZE_EC25519]; /* server eph private key */
415	uint8_t Q_S[LWS_SIZE_EC25519]; /* server ephemeral public key */
416	uint8_t kex_cookie[16];
417	uint8_t *I_C; /* malloc'd copy of client KEXINIT payload */
418	uint8_t *I_S; /* malloc'd copy of server KEXINIT payload */
419	uint32_t I_C_payload_len;
420	uint32_t I_C_alloc_len;
421	uint32_t I_S_payload_len;
422	uint32_t kex_r_len;
423	uint8_t match_bitfield;
424	uint8_t newkeys; /* which sides newkeys have been applied */
425
426	struct lws_ssh_keys keys_next_cts;
427	struct lws_ssh_keys keys_next_stc;
428};
429
430struct lws_subprotocol_scp {
431	char fp[128];
432	uint64_t len;
433	uint32_t attr;
434	char cmd;
435	char ips;
436};
437
438typedef union {
439	struct lws_subprotocol_scp scp;
440} lws_subprotocol;
441
442struct per_session_data__sshd;
443
444struct lws_ssh_channel {
445	struct lws_ssh_channel *next;
446
447	struct per_session_data__sshd *pss;
448
449	lws_subprotocol *sub; /* NULL, or allocated subprotocol state */
450	void *priv; /* owned by user code */
451	int type;
452	uint32_t server_ch;
453	uint32_t sender_ch;
454	int32_t window;
455	int32_t peer_window_est;
456	uint32_t max_pkt;
457
458	uint32_t spawn_pid;
459	int retcode;
460
461	uint8_t scheduled_close:1;
462	uint8_t sent_close:1;
463	uint8_t received_close:1;
464};
465
466struct per_vhost_data__sshd;
467
468struct per_session_data__sshd {
469	struct per_session_data__sshd *next;
470	struct per_vhost_data__sshd *vhd;
471	struct lws *wsi;
472
473	struct lws_kex *kex;
474	char *disconnect_desc;
475
476	uint8_t K[LWS_SIZE_EC25519]; /* shared secret */
477	uint8_t session_id[LWS_SIZE_SHA256]; /* H from first working KEX */
478	char name[64];
479	char last_auth_req_username[32];
480	char last_auth_req_service[32];
481
482	struct lws_ssh_keys active_keys_cts;
483	struct lws_ssh_keys active_keys_stc;
484	struct lws_ssh_userauth *ua;
485	struct lws_ssh_channel *ch_list;
486	struct lws_ssh_channel *ch_temp;
487
488	uint8_t *last_alloc;
489
490	union {
491		struct lws_ssh_pty pty;
492		char aux[64];
493	} args;
494
495	uint32_t ssh_sequence_ctr_cts;
496	uint32_t ssh_sequence_ctr_stc;
497
498	uint64_t payload_bytes_cts;
499	uint64_t payload_bytes_stc;
500
501	uint32_t disconnect_reason;
502
503	char V_C[64]; /* Client version String */
504	uint8_t packet_assembly[2048];
505	uint32_t pa_pos;
506
507	uint32_t msg_len;
508	uint32_t pos;
509	uint32_t len;
510	uint32_t ctr;
511	uint32_t npos;
512	uint32_t reason;
513	uint32_t channel_doing_spawn;
514	int next_ch_num;
515
516	uint8_t K_S[LWS_SIZE_EC25519]; /* server public key */
517
518	uint32_t copy_to_I_C:1;
519	uint32_t okayed_userauth:1;
520	uint32_t sent_banner:1;
521	uint32_t seen_auth_req_before:1;
522	uint32_t serviced_stderr_last:1;
523	uint32_t kex_state;
524	uint32_t chrq_server_port;
525	uint32_t ch_recip;
526	uint32_t count_auth_attempts;
527
528	char parser_state;
529	char state_after_string;
530	char first_coming;
531	uint8_t rq_want_reply;
532	uint8_t ssh_auth_state;
533
534	uint8_t msg_id;
535	uint8_t msg_padding;
536	uint8_t write_task[8];
537	struct lws_ssh_channel *write_channel[8];
538	uint8_t wt_head, wt_tail;
539};
540
541struct per_vhost_data__sshd {
542	struct lws_context *context;
543	struct lws_vhost *vhost;
544	const struct lws_protocols *protocol;
545	struct per_session_data__sshd *live_pss_list;
546	const struct lws_ssh_ops *ops;
547};
548
549
550struct host_keys {
551	uint8_t *data;
552	uint32_t len;
553};
554
555extern struct host_keys host_keys[];
556
557extern int
558crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
559			     const unsigned char *p);
560
561extern int
562ed25519_key_parse(uint8_t *p, size_t len, char *type, size_t type_len,
563                  uint8_t *pub, uint8_t *pri);
564
565extern int
566kex_ecdh(struct per_session_data__sshd *pss, uint8_t *result, uint32_t *plen);
567
568extern uint32_t
569lws_g32(uint8_t **p);
570
571extern uint32_t
572lws_p32(uint8_t *p, uint32_t v);
573
574extern int
575lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len);
576
577extern const char *lws_V_S;
578
579extern int
580lws_chacha_activate(struct lws_ssh_keys *keys);
581
582extern void
583lws_chacha_destroy(struct lws_ssh_keys *keys);
584
585extern uint32_t
586lws_chachapoly_get_length(struct lws_ssh_keys *keys, uint32_t seq,
587			  const uint8_t *in4);
588
589extern void
590poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
591    const u_char key[POLY1305_KEYLEN]);
592
593extern int
594lws_chacha_decrypt(struct lws_ssh_keys *keys, uint32_t seq,
595		   const uint8_t *ct, uint32_t len, uint8_t *pt);
596extern int
597lws_chacha_encrypt(struct lws_ssh_keys *keys, uint32_t seq,
598		   const uint8_t *ct, uint32_t len, uint8_t *pt);
599
600extern void
601lws_pad_set_length(struct per_session_data__sshd *pss, void *start, uint8_t **p,
602		   struct lws_ssh_keys *keys);
603
604extern size_t
605get_gen_server_key_25519(struct per_session_data__sshd *pss, uint8_t *b, size_t len);
606
607extern int
608crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen,
609		    const unsigned char *m, size_t mlen,
610		    const unsigned char *sk);
611
612extern int
613crypto_sign_ed25519_keypair(struct lws_context *context, uint8_t *pk,
614			    uint8_t *sk);
615
616#endif
617