ssh.c
Go to the documentation of this file.
1 /**
2  * @file ssh.c
3  * @brief Secure Shell (SSH)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSH Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL SSH_TRACE_LEVEL
33 
34 //Dependencies
35 #include "ssh/ssh.h"
36 #include "ssh/ssh_algorithms.h"
37 #include "ssh/ssh_channel.h"
38 #include "ssh/ssh_key_import.h"
39 #include "ssh/ssh_cert_import.h"
40 #include "ssh/ssh_misc.h"
41 #include "pkix/pem_import.h"
42 #include "debug.h"
43 
44 //Check SSH stack configuration
45 #if (SSH_SUPPORT == ENABLED)
46 
47 
48 /**
49  * @brief SSH context initialization
50  * @param[in] context Pointer to the SSH context
51  * @param[in] connections SSH connections
52  * @param[in] numConnections Maximum number of SSH connections
53  * @param[in] channels SSH channels
54  * @param[in] numChannels Maximum number of SSH channels
55  * @return Error code
56  **/
57 
58 error_t sshInit(SshContext *context, SshConnection *connections,
59  uint_t numConnections, SshChannel *channels, uint_t numChannels)
60 {
61  uint_t i;
62  error_t error;
63  SshConnection *connection;
64  SshChannel *channel;
65 
66  //Check parameters
67  if(context == NULL || connections == NULL || numConnections == 0 ||
68  channels == NULL || numChannels == 0)
69  {
70  return ERROR_INVALID_PARAMETER;
71  }
72 
73  //Initialize status code
74  error = NO_ERROR;
75 
76  //Clear SSH context
77  osMemset(context, 0, sizeof(SshContext));
78 
79  //Attach SSH connections
80  context->numConnections = numConnections;
81  context->connections = connections;
82 
83  //Attach SSH channels
84  context->numChannels = numChannels;
85  context->channels = channels;
86 
87  //Start of exception handling block
88  do
89  {
90  //Create a mutex to prevent simultaneous access to the SSH context
91  if(!osCreateMutex(&context->mutex))
92  {
93  //Report an error
94  error = ERROR_OUT_OF_RESOURCES;
95  break;
96  }
97 
98  //Create an event object to manage connection events
99  if(!osCreateEvent(&context->event))
100  {
101  //Report an error
102  error = ERROR_OUT_OF_RESOURCES;
103  break;
104  }
105 
106  //Loop through SSH connections
107  for(i = 0; i < context->numConnections; i++)
108  {
109  //Point to the structure describing the current connection
110  connection = &context->connections[i];
111 
112  //Clear associated structure
113  osMemset(connection, 0, sizeof(SshConnection));
114  //Attach SSH context
115  connection->context = context;
116  //Index of the selected host key
117  connection->hostKeyIndex = -1;
118  //Set default state
119  connection->state = SSH_CONN_STATE_CLOSED;
120  }
121 
122  //Loop through SSH channels
123  for(i = 0; i < context->numChannels; i++)
124  {
125  //Point to the structure describing the current channel
126  channel = &context->channels[i];
127 
128  //Clear associated structure
129  osMemset(channel, 0, sizeof(SshChannel));
130  //Attach SSH context
131  channel->context = context;
132  //Set default state
133  channel->state = SSH_CHANNEL_STATE_UNUSED;
134 
135  //Create an event object to manage channel events
136  if(!osCreateEvent(&channel->event))
137  {
138  //Report an error
139  error = ERROR_OUT_OF_RESOURCES;
140  break;
141  }
142  }
143 
144  //End of exception handling block
145  } while(0);
146 
147  //Check status code
148  if(error)
149  {
150  //Clean up side effects
151  sshDeinit(context);
152  }
153 
154  //Return status code
155  return error;
156 }
157 
158 
159 /**
160  * @brief Set operation mode (client or server)
161  * @param[in] context Pointer to the SSH context
162  * @param[in] mode Specifies whether this entity is considered a client or a
163  * server
164  * @return Error code
165  **/
166 
167 error_t sshSetOperationMode(SshContext *context, SshOperationMode mode)
168 {
169  //Invalid SSH context?
170  if(context == NULL)
171  return ERROR_INVALID_PARAMETER;
172 
173  //Check parameters
174  if(mode != SSH_OPERATION_MODE_CLIENT && mode != SSH_OPERATION_MODE_SERVER)
175  return ERROR_INVALID_PARAMETER;
176 
177  //Check whether SSH operates as a client or a server
178  context->mode = mode;
179 
180  //Successful processing
181  return NO_ERROR;
182 }
183 
184 
185 /**
186  * @brief Set the pseudo-random number generator to be used
187  * @param[in] context Pointer to the SSH context
188  * @param[in] prngAlgo PRNG algorithm
189  * @param[in] prngContext Pointer to the PRNG context
190  * @return Error code
191  **/
192 
193 error_t sshSetPrng(SshContext *context, const PrngAlgo *prngAlgo,
194  void *prngContext)
195 {
196  //Invalid SSH context?
197  if(context == NULL)
198  return ERROR_INVALID_PARAMETER;
199 
200  //Check parameters
201  if(prngAlgo == NULL || prngContext == NULL)
202  return ERROR_INVALID_PARAMETER;
203 
204  //PRNG algorithm that will be used to generate random numbers
205  context->prngAlgo = prngAlgo;
206  //PRNG context
207  context->prngContext = prngContext;
208 
209  //Successful processing
210  return NO_ERROR;
211 }
212 
213 
214 /**
215  * @brief Set the user name to be used for authentication
216  * @param[in] context Pointer to the SSH context
217  * @param[in] username NULL-terminated string containing the user name
218  * @return Error code
219  **/
220 
221 error_t sshSetUsername(SshContext *context, const char_t *username)
222 {
223 #if (SSH_CLIENT_SUPPORT == ENABLED)
224  //Check parameters
225  if(context == NULL || username == NULL)
226  return ERROR_INVALID_PARAMETER;
227 
228  //Make sure the length of the user name is acceptable
229  if(osStrlen(username) > SSH_MAX_USERNAME_LEN)
230  return ERROR_INVALID_LENGTH;
231 
232  //Save user name
233  osStrcpy(context->username, username);
234 
235  //Successful processing
236  return NO_ERROR;
237 #else
238  //Not implemented
239  return ERROR_NOT_IMPLEMENTED;
240 #endif
241 }
242 
243 
244 /**
245  * @brief Set the password to be used for authentication
246  * @param[in] context Pointer to the SSH context
247  * @param[in] password NULL-terminated string containing the password
248  * @return Error code
249  **/
250 
251 error_t sshSetPassword(SshContext *context, const char_t *password)
252 {
253 #if (SSH_CLIENT_SUPPORT == ENABLED)
254  //Check parameters
255  if(context == NULL || password == NULL)
256  return ERROR_INVALID_PARAMETER;
257 
258  //Make sure the length of the password is acceptable
259  if(osStrlen(password) > SSH_MAX_PASSWORD_LEN)
260  return ERROR_INVALID_LENGTH;
261 
262  //Save password
263  osStrcpy(context->password, password);
264 
265  //Successful processing
266  return NO_ERROR;
267 #else
268  //Not implemented
269  return ERROR_NOT_IMPLEMENTED;
270 #endif
271 }
272 
273 
274 /**
275  * @brief Register host key verification callback function
276  * @param[in] context Pointer to the SSH context
277  * @param[in] callback Host key verification callback function
278  * @return Error code
279  **/
280 
281 error_t sshRegisterHostKeyVerifyCallback(SshContext *context,
282  SshHostKeyVerifyCallback callback)
283 {
284  //Check parameters
285  if(context == NULL || callback == NULL)
286  return ERROR_INVALID_PARAMETER;
287 
288  //Acquire exclusive access to the SSH context
289  osAcquireMutex(&context->mutex);
290  //Save callback function
291  context->hostKeyVerifyCallback = callback;
292  //Release exclusive access to the SSH context
293  osReleaseMutex(&context->mutex);
294 
295  //Successful processing
296  return NO_ERROR;
297 }
298 
299 
300 /**
301  * @brief Register certificate verification callback function
302  * @param[in] context Pointer to the SSH context
303  * @param[in] callback Certificate verification callback function
304  * @return Error code
305  **/
306 
307 error_t sshRegisterCertVerifyCallback(SshContext *context,
308  SshCertVerifyCallback callback)
309 {
310 #if (SSH_CERT_SUPPORT == ENABLED)
311  //Check parameters
312  if(context == NULL || callback == NULL)
313  return ERROR_INVALID_PARAMETER;
314 
315  //Acquire exclusive access to the SSH context
316  osAcquireMutex(&context->mutex);
317  //Save callback function
318  context->certVerifyCallback = callback;
319  //Release exclusive access to the SSH context
320  osReleaseMutex(&context->mutex);
321 
322  //Successful processing
323  return NO_ERROR;
324 #else
325  //Not implemented
326  return ERROR_NOT_IMPLEMENTED;
327 #endif
328 }
329 
330 
331 /**
332  * @brief Register CA public key verification callback function
333  * @param[in] context Pointer to the SSH context
334  * @param[in] callback CA public key verification callback function
335  * @return Error code
336  **/
337 
338 error_t sshRegisterCaPublicKeyVerifyCallback(SshContext *context,
339  SshCaPublicKeyVerifyCallback callback)
340 {
341 #if (SSH_CERT_SUPPORT == ENABLED)
342  //Check parameters
343  if(context == NULL || callback == NULL)
344  return ERROR_INVALID_PARAMETER;
345 
346  //Acquire exclusive access to the SSH context
347  osAcquireMutex(&context->mutex);
348  //Save callback function
349  context->caPublicKeyVerifyCallback = callback;
350  //Release exclusive access to the SSH context
351  osReleaseMutex(&context->mutex);
352 
353  //Successful processing
354  return NO_ERROR;
355 #else
356  //Not implemented
357  return ERROR_NOT_IMPLEMENTED;
358 #endif
359 }
360 
361 
362 /**
363  * @brief Register public key authentication callback function
364  * @param[in] context Pointer to the SSH context
365  * @param[in] callback Public key authentication callback function
366  * @return Error code
367  **/
368 
369 error_t sshRegisterPublicKeyAuthCallback(SshContext *context,
370  SshPublicKeyAuthCallback callback)
371 {
372 #if (SSH_PUBLIC_KEY_AUTH_SUPPORT == ENABLED)
373  //Check parameters
374  if(context == NULL || callback == NULL)
375  return ERROR_INVALID_PARAMETER;
376 
377  //Acquire exclusive access to the SSH context
378  osAcquireMutex(&context->mutex);
379  //Save callback function
380  context->publicKeyAuthCallback = callback;
381  //Release exclusive access to the SSH context
382  osReleaseMutex(&context->mutex);
383 
384  //Successful processing
385  return NO_ERROR;
386 #else
387  //Not implemented
388  return ERROR_NOT_IMPLEMENTED;
389 #endif
390 }
391 
392 
393 /**
394  * @brief Register certificate authentication callback function
395  * @param[in] context Pointer to the SSH context
396  * @param[in] callback Certificate authentication callback function
397  * @return Error code
398  **/
399 
400 error_t sshRegisterCertAuthCallback(SshContext *context,
401  SshCertAuthCallback callback)
402 {
403 #if (SSH_PUBLIC_KEY_AUTH_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
404  //Check parameters
405  if(context == NULL || callback == NULL)
406  return ERROR_INVALID_PARAMETER;
407 
408  //Acquire exclusive access to the SSH context
409  osAcquireMutex(&context->mutex);
410  //Save callback function
411  context->certAuthCallback = callback;
412  //Release exclusive access to the SSH context
413  osReleaseMutex(&context->mutex);
414 
415  //Successful processing
416  return NO_ERROR;
417 #else
418  //Not implemented
419  return ERROR_NOT_IMPLEMENTED;
420 #endif
421 }
422 
423 
424 /**
425  * @brief Register password authentication callback function
426  * @param[in] context Pointer to the SSH context
427  * @param[in] callback Password authentication callback function
428  * @return Error code
429  **/
430 
431 error_t sshRegisterPasswordAuthCallback(SshContext *context,
432  SshPasswordAuthCallback callback)
433 {
434 #if (SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
435  //Check parameters
436  if(context == NULL || callback == NULL)
437  return ERROR_INVALID_PARAMETER;
438 
439  //Acquire exclusive access to the SSH context
440  osAcquireMutex(&context->mutex);
441  //Save callback function
442  context->passwordAuthCallback = callback;
443  //Release exclusive access to the SSH context
444  osReleaseMutex(&context->mutex);
445 
446  //Successful processing
447  return NO_ERROR;
448 #else
449  //Not implemented
450  return ERROR_NOT_IMPLEMENTED;
451 #endif
452 }
453 
454 
455 /**
456  * @brief Register password change callback function
457  * @param[in] context Pointer to the SSH context
458  * @param[in] callback Password change callback function
459  * @return Error code
460  **/
461 
462 error_t sshRegisterPasswordChangeCallback(SshContext *context,
463  SshPasswordChangeCallback callback)
464 {
465 #if (SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
466  //Check parameters
467  if(context == NULL || callback == NULL)
468  return ERROR_INVALID_PARAMETER;
469 
470  //Acquire exclusive access to the SSH context
471  osAcquireMutex(&context->mutex);
472  //Save callback function
473  context->passwordChangeCallback = callback;
474  //Release exclusive access to the SSH context
475  osReleaseMutex(&context->mutex);
476 
477  //Successful processing
478  return NO_ERROR;
479 #else
480  //Not implemented
481  return ERROR_NOT_IMPLEMENTED;
482 #endif
483 }
484 
485 
486 /**
487  * @brief Register signature generation callback function
488  * @param[in] context Pointer to the SSH context
489  * @param[in] callback Signature generation callback function
490  * @return Error code
491  **/
492 
493 error_t sshRegisterSignGenCallback(SshContext *context,
494  SshSignGenCallback callback)
495 {
496 #if (SSH_SIGN_CALLBACK_SUPPORT == ENABLED)
497  //Check parameters
498  if(context == NULL || callback == NULL)
499  return ERROR_INVALID_PARAMETER;
500 
501  //Acquire exclusive access to the SSH context
502  osAcquireMutex(&context->mutex);
503  //Save callback function
504  context->signGenCallback = callback;
505  //Release exclusive access to the SSH context
506  osReleaseMutex(&context->mutex);
507 
508  //Successful processing
509  return NO_ERROR;
510 #else
511  //Not implemented
512  return ERROR_NOT_IMPLEMENTED;
513 #endif
514 }
515 
516 
517 /**
518  * @brief Register signature verification callback function
519  * @param[in] context Pointer to the SSH context
520  * @param[in] callback Signature verification callback function
521  * @return Error code
522  **/
523 
524 error_t sshRegisterSignVerifyCallback(SshContext *context,
525  SshSignVerifyCallback callback)
526 {
527 #if (SSH_SIGN_CALLBACK_SUPPORT == ENABLED)
528  //Check parameters
529  if(context == NULL || callback == NULL)
530  return ERROR_INVALID_PARAMETER;
531 
532  //Acquire exclusive access to the SSH context
533  osAcquireMutex(&context->mutex);
534  //Save callback function
535  context->signVerifyCallback = callback;
536  //Release exclusive access to the SSH context
537  osReleaseMutex(&context->mutex);
538 
539  //Successful processing
540  return NO_ERROR;
541 #else
542  //Not implemented
543  return ERROR_NOT_IMPLEMENTED;
544 #endif
545 }
546 
547 
548 /**
549  * @brief Register ECDH key pair generation callback function
550  * @param[in] context Pointer to the SSH context
551  * @param[in] callback ECDH key pair generation callback function
552  * @return Error code
553  **/
554 
555 error_t sshRegisterEcdhKeyPairGenCallback(SshContext *context,
556  SshEcdhKeyPairGenCallback callback)
557 {
558 #if (SSH_ECDH_CALLBACK_SUPPORT == ENABLED)
559  //Check parameters
560  if(context == NULL || callback == NULL)
561  return ERROR_INVALID_PARAMETER;
562 
563  //Acquire exclusive access to the SSH context
564  osAcquireMutex(&context->mutex);
565  //Save callback function
566  context->ecdhKeyPairGenCallback = callback;
567  //Release exclusive access to the SSH context
568  osReleaseMutex(&context->mutex);
569 
570  //Successful processing
571  return NO_ERROR;
572 #else
573  //Not implemented
574  return ERROR_NOT_IMPLEMENTED;
575 #endif
576 }
577 
578 
579 /**
580  * @brief Register ECDH shared secret calculation callback function
581  * @param[in] context Pointer to the SSH context
582  * @param[in] callback ECDH shared secret calculation callback function
583  * @return Error code
584  **/
585 
586 error_t sshRegisterEcdhSharedSecretCalcCallback(SshContext *context,
587  SshEcdhSharedSecretCalcCallback callback)
588 {
589 #if (SSH_ECDH_CALLBACK_SUPPORT == ENABLED)
590  //Check parameters
591  if(context == NULL || callback == NULL)
592  return ERROR_INVALID_PARAMETER;
593 
594  //Acquire exclusive access to the SSH context
595  osAcquireMutex(&context->mutex);
596  //Save callback function
597  context->ecdhSharedSecretCalcCallback = callback;
598  //Release exclusive access to the SSH context
599  osReleaseMutex(&context->mutex);
600 
601  //Successful processing
602  return NO_ERROR;
603 #else
604  //Not implemented
605  return ERROR_NOT_IMPLEMENTED;
606 #endif
607 }
608 
609 
610 /**
611  * @brief Register global request callback function
612  * @param[in] context Pointer to the SSH context
613  * @param[in] callback Global request callback function
614  * @param[in] param An opaque pointer passed to the callback function
615  * @return Error code
616  **/
617 
618 error_t sshRegisterGlobalRequestCallback(SshContext *context,
619  SshGlobalReqCallback callback, void *param)
620 {
621  error_t error;
622  uint_t i;
623 
624  //Check parameters
625  if(context == NULL || callback == NULL)
626  return ERROR_INVALID_PARAMETER;
627 
628  //Acquire exclusive access to the SSH context
629  osAcquireMutex(&context->mutex);
630 
631  //Initialize status code
632  error = ERROR_OUT_OF_RESOURCES;
633 
634  //Multiple callbacks may be registered
635  for(i = 0; i < SSH_MAX_GLOBAL_REQ_CALLBACKS && error; i++)
636  {
637  //Unused entry?
638  if(context->globalReqCallback[i] == NULL)
639  {
640  //Save callback function
641  context->globalReqCallback[i] = callback;
642  //This opaque pointer will be directly passed to the callback function
643  context->globalReqParam[i] = param;
644 
645  //We are done
646  error = NO_ERROR;
647  }
648  }
649 
650  //Release exclusive access to the SSH context
651  osReleaseMutex(&context->mutex);
652 
653  //Return status code
654  return error;
655 }
656 
657 
658 /**
659  * @brief Unregister global request callback function
660  * @param[in] context Pointer to the SSH context
661  * @param[in] callback Previously registered callback function
662  * @return Error code
663  **/
664 
665 error_t sshUnregisterGlobalRequestCallback(SshContext *context,
666  SshGlobalReqCallback callback)
667 {
668  uint_t i;
669 
670  //Check parameters
671  if(context == NULL || callback == NULL)
672  return ERROR_INVALID_PARAMETER;
673 
674  //Acquire exclusive access to the SSH context
675  osAcquireMutex(&context->mutex);
676 
677  //Loop through registered callback functions
678  for(i = 0; i < SSH_MAX_GLOBAL_REQ_CALLBACKS; i++)
679  {
680  //Matching entry?
681  if(context->globalReqCallback[i] == callback)
682  {
683  //Unregister callback function
684  context->globalReqCallback[i] = NULL;
685  context->globalReqParam[i] = NULL;
686  }
687  }
688 
689  //Release exclusive access to the SSH context
690  osReleaseMutex(&context->mutex);
691 
692  //Successful processing
693  return NO_ERROR;
694 }
695 
696 
697 /**
698  * @brief Register channel request callback function
699  * @param[in] context Pointer to the SSH context
700  * @param[in] callback Channel request callback function
701  * @param[in] param An opaque pointer passed to the callback function
702  * @return Error code
703  **/
704 
705 error_t sshRegisterChannelRequestCallback(SshContext *context,
706  SshChannelReqCallback callback, void *param)
707 {
708  error_t error;
709  uint_t i;
710 
711  //Check parameters
712  if(context == NULL || callback == NULL)
713  return ERROR_INVALID_PARAMETER;
714 
715  //Acquire exclusive access to the SSH context
716  osAcquireMutex(&context->mutex);
717 
718  //Initialize status code
719  error = ERROR_OUT_OF_RESOURCES;
720 
721  //Multiple callbacks may be registered
722  for(i = 0; i < SSH_MAX_CHANNEL_REQ_CALLBACKS && error; i++)
723  {
724  //Unused entry?
725  if(context->channelReqCallback[i] == NULL)
726  {
727  //Save callback function
728  context->channelReqCallback[i] = callback;
729  //This opaque pointer will be directly passed to the callback function
730  context->channelReqParam[i] = param;
731 
732  //We are done
733  error = NO_ERROR;
734  }
735  }
736 
737  //Release exclusive access to the SSH context
738  osReleaseMutex(&context->mutex);
739 
740  //Return status code
741  return error;
742 }
743 
744 
745 /**
746  * @brief Unregister channel request callback function
747  * @param[in] context Pointer to the SSH context
748  * @param[in] callback Previously registered callback function
749  * @return Error code
750  **/
751 
752 error_t sshUnregisterChannelRequestCallback(SshContext *context,
753  SshChannelReqCallback callback)
754 {
755  uint_t i;
756 
757  //Check parameters
758  if(context == NULL || callback == NULL)
759  return ERROR_INVALID_PARAMETER;
760 
761  //Acquire exclusive access to the SSH context
762  osAcquireMutex(&context->mutex);
763 
764  //Loop through registered callback functions
765  for(i = 0; i < SSH_MAX_CHANNEL_REQ_CALLBACKS; i++)
766  {
767  //Matching entry?
768  if(context->channelReqCallback[i] == callback)
769  {
770  //Unregister callback function
771  context->channelReqCallback[i] = NULL;
772  context->channelReqParam[i] = NULL;
773  }
774  }
775 
776  //Release exclusive access to the SSH context
777  osReleaseMutex(&context->mutex);
778 
779  //Successful processing
780  return NO_ERROR;
781 }
782 
783 
784 /**
785  * @brief Register channel open callback function
786  * @param[in] context Pointer to the SSH context
787  * @param[in] callback Channel open callback function
788  * @param[in] param An opaque pointer passed to the callback function
789  * @return Error code
790  **/
791 
792 error_t sshRegisterChannelOpenCallback(SshContext *context,
793  SshChannelOpenCallback callback, void *param)
794 {
795  error_t error;
796  uint_t i;
797 
798  //Check parameters
799  if(context == NULL || callback == NULL)
800  return ERROR_INVALID_PARAMETER;
801 
802  //Acquire exclusive access to the SSH context
803  osAcquireMutex(&context->mutex);
804 
805  //Initialize status code
806  error = ERROR_OUT_OF_RESOURCES;
807 
808  //Multiple callbacks may be registered
809  for(i = 0; i < SSH_MAX_CHANNEL_OPEN_CALLBACKS && error; i++)
810  {
811  //Unused entry?
812  if(context->channelOpenCallback[i] == NULL)
813  {
814  //Save callback function
815  context->channelOpenCallback[i] = callback;
816  //This opaque pointer will be directly passed to the callback function
817  context->channelOpenParam[i] = param;
818 
819  //We are done
820  error = NO_ERROR;
821  }
822  }
823 
824  //Release exclusive access to the SSH context
825  osReleaseMutex(&context->mutex);
826 
827  //Return status code
828  return error;
829 }
830 
831 
832 /**
833  * @brief Unregister channel open callback function
834  * @param[in] context Pointer to the SSH context
835  * @param[in] callback Previously registered callback function
836  * @return Error code
837  **/
838 
839 error_t sshUnregisterChannelOpenCallback(SshContext *context,
840  SshChannelOpenCallback callback)
841 {
842  uint_t i;
843 
844  //Check parameters
845  if(context == NULL || callback == NULL)
846  return ERROR_INVALID_PARAMETER;
847 
848  //Acquire exclusive access to the SSH context
849  osAcquireMutex(&context->mutex);
850 
851  //Loop through registered callback functions
852  for(i = 0; i < SSH_MAX_CHANNEL_OPEN_CALLBACKS; i++)
853  {
854  //Matching entry?
855  if(context->channelOpenCallback[i] == callback)
856  {
857  //Unregister callback function
858  context->channelOpenCallback[i] = NULL;
859  context->channelOpenParam[i] = NULL;
860  }
861  }
862 
863  //Release exclusive access to the SSH context
864  osReleaseMutex(&context->mutex);
865 
866  //Successful processing
867  return NO_ERROR;
868 }
869 
870 
871 /**
872  * @brief Register connection open callback function
873  * @param[in] context Pointer to the SSH context
874  * @param[in] callback Connection open callback function
875  * @param[in] param An opaque pointer passed to the callback function
876  * @return Error code
877  **/
878 
879 error_t sshRegisterConnectionOpenCallback(SshContext *context,
880  SshConnectionOpenCallback callback, void *param)
881 {
882  error_t error;
883  uint_t i;
884 
885  //Check parameters
886  if(context == NULL || callback == NULL)
887  return ERROR_INVALID_PARAMETER;
888 
889  //Acquire exclusive access to the SSH context
890  osAcquireMutex(&context->mutex);
891 
892  //Initialize status code
893  error = ERROR_OUT_OF_RESOURCES;
894 
895  //Multiple callbacks may be registered
896  for(i = 0; i < SSH_MAX_CONN_OPEN_CALLBACKS && error; i++)
897  {
898  //Unused entry?
899  if(context->connectionOpenCallback[i] == NULL)
900  {
901  //Save callback function
902  context->connectionOpenCallback[i] = callback;
903  //This opaque pointer will be directly passed to the callback function
904  context->connectionOpenParam[i] = param;
905 
906  //We are done
907  error = NO_ERROR;
908  }
909  }
910 
911  //Release exclusive access to the SSH context
912  osReleaseMutex(&context->mutex);
913 
914  //Return status code
915  return error;
916 }
917 
918 
919 /**
920  * @brief Unregister connection open callback function
921  * @param[in] context Pointer to the SSH context
922  * @param[in] callback Previously registered callback function
923  * @return Error code
924  **/
925 
926 error_t sshUnregisterConnectionOpenCallback(SshContext *context,
927  SshConnectionOpenCallback callback)
928 {
929  uint_t i;
930 
931  //Check parameters
932  if(context == NULL || callback == NULL)
933  return ERROR_INVALID_PARAMETER;
934 
935  //Acquire exclusive access to the SSH context
936  osAcquireMutex(&context->mutex);
937 
938  //Loop through registered callback functions
939  for(i = 0; i < SSH_MAX_CONN_OPEN_CALLBACKS; i++)
940  {
941  //Matching entry?
942  if(context->connectionOpenCallback[i] == callback)
943  {
944  //Unregister callback function
945  context->connectionOpenCallback[i] = NULL;
946  context->connectionOpenParam[i] = NULL;
947  }
948  }
949 
950  //Release exclusive access to the SSH context
951  osReleaseMutex(&context->mutex);
952 
953  //Successful processing
954  return NO_ERROR;
955 }
956 
957 
958 /**
959  * @brief Register connection close callback function
960  * @param[in] context Pointer to the SSH context
961  * @param[in] callback Connection close callback function
962  * @param[in] param An opaque pointer passed to the callback function
963  * @return Error code
964  **/
965 
966 error_t sshRegisterConnectionCloseCallback(SshContext *context,
967  SshConnectionCloseCallback callback, void *param)
968 {
969  error_t error;
970  uint_t i;
971 
972  //Check parameters
973  if(context == NULL || callback == NULL)
974  return ERROR_INVALID_PARAMETER;
975 
976  //Acquire exclusive access to the SSH context
977  osAcquireMutex(&context->mutex);
978 
979  //Initialize status code
980  error = ERROR_OUT_OF_RESOURCES;
981 
982  //Multiple callbacks may be registered
983  for(i = 0; i < SSH_MAX_CONN_CLOSE_CALLBACKS && error; i++)
984  {
985  //Unused entry?
986  if(context->connectionCloseCallback[i] == NULL)
987  {
988  //Save callback function
989  context->connectionCloseCallback[i] = callback;
990  //This opaque pointer will be directly passed to the callback function
991  context->connectionCloseParam[i] = param;
992 
993  //We are done
994  error = NO_ERROR;
995  }
996  }
997 
998  //Release exclusive access to the SSH context
999  osReleaseMutex(&context->mutex);
1000 
1001  //Return status code
1002  return error;
1003 }
1004 
1005 
1006 /**
1007  * @brief Unregister connection close callback function
1008  * @param[in] context Pointer to the SSH context
1009  * @param[in] callback Previously registered callback function
1010  * @return Error code
1011  **/
1012 
1013 error_t sshUnregisterConnectionCloseCallback(SshContext *context,
1014  SshConnectionCloseCallback callback)
1015 {
1016  uint_t i;
1017 
1018  //Check parameters
1019  if(context == NULL || callback == NULL)
1020  return ERROR_INVALID_PARAMETER;
1021 
1022  //Acquire exclusive access to the SSH context
1023  osAcquireMutex(&context->mutex);
1024 
1025  //Loop through registered callback functions
1026  for(i = 0; i < SSH_MAX_CONN_CLOSE_CALLBACKS; i++)
1027  {
1028  //Matching entry?
1029  if(context->connectionCloseCallback[i] == callback)
1030  {
1031  //Unregister callback function
1032  context->connectionCloseCallback[i] = NULL;
1033  context->connectionCloseParam[i] = NULL;
1034  }
1035  }
1036 
1037  //Release exclusive access to the SSH context
1038  osReleaseMutex(&context->mutex);
1039 
1040  //Successful processing
1041  return NO_ERROR;
1042 }
1043 
1044 
1045 /**
1046  * @brief Register key logging callback function (for debugging purpose only)
1047  * @param[in] context Pointer to the SSH context
1048  * @param[in] callback Key logging callback function
1049  * @return Error code
1050  **/
1051 
1052 error_t sshRegisterKeyLogCallback(SshContext *context,
1053  SshKeyLogCallback callback)
1054 {
1055 #if (SSH_KEY_LOG_SUPPORT == ENABLED)
1056  //Check parameters
1057  if(context == NULL || callback == NULL)
1058  return ERROR_INVALID_PARAMETER;
1059 
1060  //Save key logging callback function
1061  context->keyLogCallback = callback;
1062 
1063  //Successful processing
1064  return NO_ERROR;
1065 #else
1066  //Key logging is not implemented
1067  return ERROR_NOT_IMPLEMENTED;
1068 #endif
1069 }
1070 
1071 
1072 /**
1073  * @brief Load transient RSA key (for RSA key exchange)
1074  * @param[in] context Pointer to the SSH context
1075  * @param[in] index Zero-based index identifying a slot
1076  * @param[in] publicKey RSA public key (PEM, SSH2 or OpenSSH format). This
1077  * parameter is taken as reference
1078  * @param[in] publicKeyLen Length of the RSA public key
1079  * @param[in] privateKey RSA private key (PEM or OpenSSH format). This
1080  * parameter is taken as reference
1081  * @param[in] password NULL-terminated string containing the password. This
1082  * parameter is required if the private key is encrypted
1083  * @param[in] privateKeyLen Length of the RSA private key
1084  * @return Error code
1085  **/
1086 
1087 error_t sshLoadRsaKey(SshContext *context, uint_t index,
1088  const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey,
1089  size_t privateKeyLen, const char_t *password)
1090 {
1091 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_RSA_KEX_SUPPORT == ENABLED)
1092  error_t error;
1093  uint_t k;
1094  RsaPublicKey rsaPublicKey;
1095  RsaPrivateKey rsaPrivateKey;
1096 
1097  //Make sure the SSH context is valid
1098  if(context == NULL)
1099  return ERROR_INVALID_PARAMETER;
1100 
1101  //Check index
1102  if(index >= SSH_MAX_RSA_KEYS)
1103  return ERROR_INVALID_PARAMETER;
1104 
1105  //Check public key
1106  if(publicKey == NULL || publicKeyLen == 0)
1107  return ERROR_INVALID_PARAMETER;
1108 
1109  //Check private key
1110  if(privateKey == NULL || publicKeyLen == 0)
1111  return ERROR_INVALID_PARAMETER;
1112 
1113  //The password if required only for encrypted private keys
1114  if(password != NULL && osStrlen(password) > SSH_MAX_PASSWORD_LEN)
1115  return ERROR_INVALID_PASSWORD;
1116 
1117  //Initialize RSA public and private keys
1118  rsaInitPublicKey(&rsaPublicKey);
1119  rsaInitPrivateKey(&rsaPrivateKey);
1120 
1121  //Check whether the RSA public key is valid
1122  error = sshImportRsaPublicKey(&rsaPublicKey, publicKey, publicKeyLen);
1123 
1124  //Check status code
1125  if(!error)
1126  {
1127  //Check whether the RSA private key is valid
1128  error = sshImportRsaPrivateKey(&rsaPrivateKey, privateKey, privateKeyLen,
1129  password);
1130  }
1131 
1132  //Check status code
1133  if(!error)
1134  {
1135  //Get the length of the modulus, in bits
1136  k = mpiGetBitLength(&rsaPublicKey.n);
1137 
1138  //Make sure the prime modulus is acceptable
1139  if(k < SSH_MIN_RSA_MODULUS_SIZE || k > SSH_MAX_RSA_MODULUS_SIZE)
1140  {
1141  //Report an error
1142  error = ERROR_INVALID_LENGTH;
1143  }
1144  }
1145 
1146  //Release previously allocated memory
1147  rsaFreePublicKey(&rsaPublicKey);
1148  rsaFreePrivateKey(&rsaPrivateKey);
1149 
1150  //Check status code
1151  if(!error)
1152  {
1153  //Acquire exclusive access to the SSH context
1154  osAcquireMutex(&context->mutex);
1155 
1156  //Save the length of the modulus, in bits
1157  context->rsaKeys[index].modulusSize = k;
1158 
1159  //Save public key (PEM, SSH2 or OpenSSH format)
1160  context->rsaKeys[index].publicKey = publicKey;
1161  context->rsaKeys[index].publicKeyLen = publicKeyLen;
1162 
1163  //Save private key (PEM or OpenSSH format)
1164  context->rsaKeys[index].privateKey = privateKey;
1165  context->rsaKeys[index].privateKeyLen = privateKeyLen;
1166 
1167  //The password if required only for encrypted private keys
1168  if(password != NULL)
1169  {
1170  osStrcpy(context->rsaKeys[index].password, password);
1171  }
1172  else
1173  {
1174  osStrcpy(context->rsaKeys[index].password, "");
1175  }
1176 
1177  //Release exclusive access to the SSH context
1178  osReleaseMutex(&context->mutex);
1179  }
1180 
1181  //Return status code
1182  return error;
1183 #else
1184  //Not implemented
1185  return ERROR_NOT_IMPLEMENTED;
1186 #endif
1187 }
1188 
1189 
1190 /**
1191  * @brief Unload transient RSA key (for RSA key exchange)
1192  * @param[in] context Pointer to the SSH context
1193  * @param[in] index Zero-based index identifying a slot
1194  * @return Error code
1195  **/
1196 
1197 error_t sshUnloadRsaKey(SshContext *context, uint_t index)
1198 {
1199 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_RSA_KEX_SUPPORT == ENABLED)
1200  //Make sure the SSH context is valid
1201  if(context == NULL)
1202  return ERROR_INVALID_PARAMETER;
1203 
1204  //Check index
1205  if(index >= SSH_MAX_RSA_KEYS)
1206  return ERROR_INVALID_PARAMETER;
1207 
1208  //Acquire exclusive access to the SSH context
1209  osAcquireMutex(&context->mutex);
1210  //Unload the specified transient RSA key
1211  osMemset(&context->rsaKeys[index], 0, sizeof(SshRsaKey));
1212  //Release exclusive access to the SSH context
1213  osReleaseMutex(&context->mutex);
1214 
1215  //Successful processing
1216  return NO_ERROR;
1217 #else
1218  //Not implemented
1219  return ERROR_NOT_IMPLEMENTED;
1220 #endif
1221 }
1222 
1223 
1224 /**
1225  * @brief Load Diffie-Hellman group
1226  * @param[in] context Pointer to the SSH context
1227  * @param[in] index Zero-based index identifying a slot
1228  * @param[in] dhParams Diffie-Hellman parameters (PEM format). This parameter
1229  * is taken as reference
1230  * @param[in] dhParamsLen Length of the Diffie-Hellman parameters
1231  * @return Error code
1232  **/
1233 
1234 error_t sshLoadDhGexGroup(SshContext *context, uint_t index,
1235  const char_t *dhParams, size_t dhParamsLen)
1236 {
1237 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1238  error_t error;
1239  uint_t k;
1240  DhParameters params;
1241 
1242  //Make sure the SSH context is valid
1243  if(context == NULL)
1244  return ERROR_INVALID_PARAMETER;
1245 
1246  //The implementation limits the number of Diffie-Hellman groups that can
1247  //be loaded
1248  if(index >= SSH_MAX_DH_GEX_GROUPS)
1249  return ERROR_INVALID_PARAMETER;
1250 
1251  //Check Diffie-Hellman parameters
1252  if(dhParams == NULL || dhParamsLen == 0)
1253  return ERROR_INVALID_PARAMETER;
1254 
1255  //Initialize Diffie-Hellman parameters
1256  dhInitParameters(&params);
1257 
1258  //Decode the PEM structure that holds Diffie-Hellman parameters
1259  error = pemImportDhParameters(&params, dhParams, dhParamsLen);
1260 
1261  //Check status code
1262  if(!error)
1263  {
1264  //Get the length of the prime modulus, in bits
1265  k = mpiGetBitLength(&params.p);
1266 
1267  //Make sure the prime modulus is acceptable
1268  if(k < SSH_MIN_DH_MODULUS_SIZE || k > SSH_MAX_DH_MODULUS_SIZE)
1269  {
1270  //Report an error
1271  error = ERROR_INVALID_LENGTH;
1272  }
1273  }
1274 
1275  //Release previously allocated memory
1276  dhFreeParameters(&params);
1277 
1278  //Check status code
1279  if(!error)
1280  {
1281  //Acquire exclusive access to the SSH context
1282  osAcquireMutex(&context->mutex);
1283 
1284  //Save the length of the prime modulus, in bits
1285  context->dhGexGroups[index].dhModulusSize = k;
1286 
1287  //Save Diffie-Hellman parameters (PEM format)
1288  context->dhGexGroups[index].dhParams = dhParams;
1289  context->dhGexGroups[index].dhParamsLen = dhParamsLen;
1290 
1291  //Release exclusive access to the SSH context
1292  osReleaseMutex(&context->mutex);
1293  }
1294 
1295  //Return status code
1296  return error;
1297 #else
1298  //Not implemented
1299  return ERROR_NOT_IMPLEMENTED;
1300 #endif
1301 }
1302 
1303 
1304 /**
1305  * @brief Unload Diffie-Hellman group
1306  * @param[in] context Pointer to the SSH context
1307  * @param[in] index Zero-based index identifying a slot
1308  * @return Error code
1309  **/
1310 
1311 error_t sshUnloadDhGexGroup(SshContext *context, uint_t index)
1312 {
1313 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1314  //Make sure the SSH context is valid
1315  if(context == NULL)
1316  return ERROR_INVALID_PARAMETER;
1317 
1318  //Check index
1319  if(index >= SSH_MAX_DH_GEX_GROUPS)
1320  return ERROR_INVALID_PARAMETER;
1321 
1322  //Acquire exclusive access to the SSH context
1323  osAcquireMutex(&context->mutex);
1324  //Unload the specified Diffie-Hellman group
1325  osMemset(&context->dhGexGroups[index], 0, sizeof(SshDhGexGroup));
1326  //Release exclusive access to the SSH context
1327  osReleaseMutex(&context->mutex);
1328 
1329  //Successful processing
1330  return NO_ERROR;
1331 #else
1332  //Not implemented
1333  return ERROR_NOT_IMPLEMENTED;
1334 #endif
1335 }
1336 
1337 
1338 /**
1339  * @brief Load entity's host key
1340  * @param[in] context Pointer to the SSH context
1341  * @param[in] index Zero-based index identifying a slot
1342  * @param[in] publicKey Public key (PEM, SSH2 or OpenSSH format). This parameter
1343  * is taken as reference
1344  * @param[in] publicKeyLen Length of the public key
1345  * @param[in] privateKey Private key (PEM or OpenSSH format). This parameter is
1346  * taken as reference
1347  * @param[in] privateKeyLen Length of the private key
1348  * @param[in] password NULL-terminated string containing the password. This
1349  * parameter is required if the private key is encrypted
1350  * @return Error code
1351  **/
1352 
1353 error_t sshLoadHostKey(SshContext *context, uint_t index,
1354  const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey,
1355  size_t privateKeyLen, const char_t *password)
1356 {
1357  error_t error;
1358  SshHostKey *hostKey;
1359  const char_t *keyType;
1360 
1361  //Make sure the SSH context is valid
1362  if(context == NULL)
1363  return ERROR_INVALID_PARAMETER;
1364 
1365  //The implementation limits the number of host keys that can be loaded
1366  if(index >= SSH_MAX_HOST_KEYS)
1367  return ERROR_INVALID_PARAMETER;
1368 
1369  //Check public key
1370  if(publicKey == NULL || publicKeyLen == 0)
1371  return ERROR_INVALID_PARAMETER;
1372 
1373  //The private key is optional
1374  if(privateKey == NULL && privateKeyLen != 0)
1375  return ERROR_INVALID_PARAMETER;
1376 
1377  //The password if required only for encrypted private keys
1378  if(password != NULL && osStrlen(password) > SSH_MAX_PASSWORD_LEN)
1379  return ERROR_INVALID_PASSWORD;
1380 
1381  //Initialize status code
1382  error = NO_ERROR;
1383 
1384  //Retrieve public key type
1385  keyType = sshGetPublicKeyType(publicKey, publicKeyLen);
1386 
1387 #if (SSH_RSA_SIGN_SUPPORT == ENABLED)
1388  //RSA host key?
1389  if(sshCompareAlgo(keyType, "ssh-rsa"))
1390  {
1391  RsaPublicKey rsaPublicKey;
1392  RsaPrivateKey rsaPrivateKey;
1393 
1394  //Initialize RSA public and private keys
1395  rsaInitPublicKey(&rsaPublicKey);
1396  rsaInitPrivateKey(&rsaPrivateKey);
1397 
1398  //Check whether the RSA public key is valid
1399  error = sshImportRsaPublicKey(&rsaPublicKey, publicKey, publicKeyLen);
1400 
1401  //Check status code
1402  if(!error)
1403  {
1404  //The private key can be omitted if a public-key hardware accelerator
1405  //is used to generate signatures
1406  if(privateKey != NULL)
1407  {
1408  //Check whether the RSA private key is valid
1409  error = sshImportRsaPrivateKey(&rsaPrivateKey, privateKey,
1410  privateKeyLen, password);
1411  }
1412  }
1413 
1414  //Release previously allocated memory
1415  rsaFreePublicKey(&rsaPublicKey);
1416  rsaFreePrivateKey(&rsaPrivateKey);
1417  }
1418  else
1419 #endif
1420 #if (SSH_DSA_SIGN_SUPPORT == ENABLED)
1421  //DSA host key?
1422  if(sshCompareAlgo(keyType, "ssh-dss"))
1423  {
1424  DsaPublicKey dsaPublicKey;
1425  DsaPrivateKey dsaPrivateKey;
1426 
1427  //Initialize DSA public and private keys
1428  dsaInitPublicKey(&dsaPublicKey);
1429  dsaInitPrivateKey(&dsaPrivateKey);
1430 
1431  //Check whether the DSA public key is valid
1432  error = sshImportDsaPublicKey(&dsaPublicKey, publicKey, publicKeyLen);
1433 
1434  //Check status code
1435  if(!error)
1436  {
1437  //The private key can be omitted if a public-key hardware accelerator
1438  //is used to generate signatures
1439  if(privateKey != NULL)
1440  {
1441  //Check whether the DSA private key is valid
1442  error = sshImportDsaPrivateKey(&dsaPrivateKey, privateKey,
1443  privateKeyLen, password);
1444  }
1445  }
1446 
1447  //Release previously allocated memory
1448  dsaFreePublicKey(&dsaPublicKey);
1449  dsaFreePrivateKey(&dsaPrivateKey);
1450  }
1451  else
1452 #endif
1453 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED)
1454  //ECDSA host key?
1455  if(sshCompareAlgo(keyType, "ecdsa-sha2-nistp256") ||
1456  sshCompareAlgo(keyType, "ecdsa-sha2-nistp384") ||
1457  sshCompareAlgo(keyType, "ecdsa-sha2-nistp521"))
1458  {
1459  EcPublicKey ecPublicKey;
1460  EcPrivateKey ecPrivateKey;
1461 
1462  //Initialize ECDSA public and private keys
1463  ecInitPublicKey(&ecPublicKey);
1464  ecInitPrivateKey(&ecPrivateKey);
1465 
1466  //Check whether the ECDSA public key is valid
1467  error = sshImportEcdsaPublicKey(&ecPublicKey, publicKey, publicKeyLen);
1468 
1469  //Check status code
1470  if(!error)
1471  {
1472  //The private key can be omitted if a public-key hardware accelerator
1473  //is used to generate signatures
1474  if(privateKey != NULL)
1475  {
1476  //Check whether the ECDSA private key is valid
1477  error = sshImportEcdsaPrivateKey(&ecPrivateKey, privateKey,
1478  privateKeyLen, password);
1479  }
1480  }
1481 
1482  //Release previously allocated memory
1483  ecFreePublicKey(&ecPublicKey);
1484  ecFreePrivateKey(&ecPrivateKey);
1485  }
1486  else
1487 #endif
1488 #if (SSH_ED25519_SIGN_SUPPORT == ENABLED)
1489  //Ed25519 host key?
1490  if(sshCompareAlgo(keyType, "ssh-ed25519"))
1491  {
1492  EddsaPublicKey eddsaPublicKey;
1493  EddsaPrivateKey eddsaPrivateKey;
1494 
1495  //Initialize EdDSA public and private keys
1496  eddsaInitPublicKey(&eddsaPublicKey);
1497  eddsaInitPrivateKey(&eddsaPrivateKey);
1498 
1499  //Check whether the EdDSA public key is valid
1500  error = sshImportEd25519PublicKey(&eddsaPublicKey, publicKey,
1501  publicKeyLen);
1502 
1503  //Check status code
1504  if(!error)
1505  {
1506  //The private key can be omitted if a public-key hardware accelerator
1507  //is used to generate signatures
1508  if(privateKey != NULL)
1509  {
1510  //Check whether the EdDSA private key is valid
1511  error = sshImportEd25519PrivateKey(&eddsaPrivateKey, privateKey,
1512  privateKeyLen, password);
1513  }
1514  }
1515 
1516  //Release previously allocated memory
1517  eddsaFreePublicKey(&eddsaPublicKey);
1518  eddsaFreePrivateKey(&eddsaPrivateKey);
1519  }
1520  else
1521 #endif
1522 #if (SSH_ED448_SIGN_SUPPORT == ENABLED)
1523  //Ed448 host key?
1524  if(sshCompareAlgo(keyType, "ssh-ed448"))
1525  {
1526  EddsaPublicKey eddsaPublicKey;
1527  EddsaPrivateKey eddsaPrivateKey;
1528 
1529  //Initialize EdDSA public and private keys
1530  eddsaInitPublicKey(&eddsaPublicKey);
1531  eddsaInitPrivateKey(&eddsaPrivateKey);
1532 
1533  //Check whether the EdDSA public key is valid
1534  error = sshImportEd448PublicKey(&eddsaPublicKey, publicKey,
1535  publicKeyLen);
1536 
1537  //Check status code
1538  if(!error)
1539  {
1540  //The private key can be omitted if a public-key hardware accelerator
1541  //is used to generate signatures
1542  if(privateKey != NULL)
1543  {
1544  //Check whether the EdDSA private key is valid
1545  error = sshImportEd448PrivateKey(&eddsaPrivateKey, privateKey,
1546  privateKeyLen, password);
1547  }
1548  }
1549 
1550  //Release previously allocated memory
1551  eddsaFreePublicKey(&eddsaPublicKey);
1552  eddsaFreePrivateKey(&eddsaPrivateKey);
1553  }
1554  else
1555 #endif
1556  //Invalid host key?
1557  {
1558  //Report an error
1559  error = ERROR_INVALID_KEY;
1560  }
1561 
1562  //Check status code
1563  if(!error)
1564  {
1565  //Acquire exclusive access to the SSH context
1566  osAcquireMutex(&context->mutex);
1567 
1568  //Point to the specified slot
1569  hostKey = &context->hostKeys[index];
1570 
1571  //Set key format identifier
1572  hostKey->keyFormatId = keyType;
1573 
1574  //Save public key (PEM, SSH2 or OpenSSH format)
1575  hostKey->publicKey = publicKey;
1576  hostKey->publicKeyLen = publicKeyLen;
1577 
1578  //Save private key (PEM or OpenSSH format)
1579  hostKey->privateKey = privateKey;
1580  hostKey->privateKeyLen = privateKeyLen;
1581 
1582  //The password if required only for encrypted private keys
1583  if(password != NULL)
1584  {
1585  osStrcpy(hostKey->password, password);
1586  }
1587  else
1588  {
1589  osStrcpy(hostKey->password, "");
1590  }
1591 
1592 #if (SSH_CLIENT_SUPPORT == ENABLED)
1593  //Select the default public key algorithm to use during user
1594  //authentication
1595  hostKey->publicKeyAlgo = sshSelectPublicKeyAlgo(context,
1596  hostKey->keyFormatId, NULL);
1597 #endif
1598 
1599  //Release exclusive access to the SSH context
1600  osReleaseMutex(&context->mutex);
1601  }
1602 
1603  //Return status code
1604  return error;
1605 }
1606 
1607 
1608 /**
1609  * @brief Unload entity's host key
1610  * @param[in] context Pointer to the SSH context
1611  * @param[in] index Zero-based index identifying a slot
1612  * @return Error code
1613  **/
1614 
1615 error_t sshUnloadHostKey(SshContext *context, uint_t index)
1616 {
1617  uint_t i;
1618  SshConnection *connection;
1619 
1620  //Make sure the SSH context is valid
1621  if(context == NULL)
1622  return ERROR_INVALID_PARAMETER;
1623 
1624  //Check index
1625  if(index >= SSH_MAX_HOST_KEYS)
1626  return ERROR_INVALID_PARAMETER;
1627 
1628  //Acquire exclusive access to the SSH context
1629  osAcquireMutex(&context->mutex);
1630 
1631  //Loop through SSH connections
1632  for(i = 0; i < context->numConnections; i++)
1633  {
1634  //Point to the structure describing the current connection
1635  connection = &context->connections[i];
1636 
1637  //Key exchange in progress?
1638  if(connection->state > SSH_CONN_STATE_CLOSED &&
1639  connection->state < SSH_CONN_STATE_OPEN)
1640  {
1641  //Check whether the key pair is currently in use
1642  if(connection->hostKeyIndex == index)
1643  {
1644  //Terminate the connection immediately
1645  connection->disconnectRequest = TRUE;
1646  //Notify the SSH core of the event
1647  sshNotifyEvent(context);
1648  }
1649  }
1650  }
1651 
1652  //Unload the specified key pair
1653  osMemset(&context->hostKeys[index], 0, sizeof(SshHostKey));
1654 
1655  //Release exclusive access to the SSH context
1656  osReleaseMutex(&context->mutex);
1657 
1658  //Successful processing
1659  return NO_ERROR;
1660 }
1661 
1662 
1663 /**
1664  * @brief Load entity's certificate
1665  * @param[in] context Pointer to the SSH context
1666  * @param[in] index Zero-based index identifying a slot
1667  * @param[in] cert Certificate (OpenSSH format). This parameter is taken
1668  * as reference
1669  * @param[in] certLen Length of the certificate
1670  * @param[in] privateKey Private key (PEM or OpenSSH format). This parameter
1671  * is taken as reference
1672  * @param[in] privateKeyLen Length of the private key
1673  * @param[in] password NULL-terminated string containing the password. This
1674  * parameter is required if the private key is encrypted
1675  * @return Error code
1676  **/
1677 
1678 error_t sshLoadCertificate(SshContext *context, uint_t index,
1679  const char_t *cert, size_t certLen, const char_t *privateKey,
1680  size_t privateKeyLen, const char_t *password)
1681 {
1682 #if (SSH_CERT_SUPPORT == ENABLED)
1683  error_t error;
1684  SshHostKey *hostKey;
1685  const char_t *certType;
1686 
1687  //Make sure the SSH context is valid
1688  if(context == NULL)
1689  return ERROR_INVALID_PARAMETER;
1690 
1691  //The implementation limits the number of certificates that can be loaded
1692  if(index >= SSH_MAX_HOST_KEYS)
1693  return ERROR_INVALID_PARAMETER;
1694 
1695  //Check certificate
1696  if(cert == NULL || certLen == 0)
1697  return ERROR_INVALID_PARAMETER;
1698 
1699  //The private key is optional
1700  if(privateKey == NULL && privateKeyLen != 0)
1701  return ERROR_INVALID_PARAMETER;
1702 
1703  //The password if required only for encrypted private keys
1704  if(password != NULL && osStrlen(password) > SSH_MAX_PASSWORD_LEN)
1705  return ERROR_INVALID_PASSWORD;
1706 
1707  //Initialize status code
1708  error = NO_ERROR;
1709 
1710  //Retrieve certificate type
1711  certType = sshGetCertType(cert, certLen);
1712 
1713 #if (SSH_RSA_SIGN_SUPPORT == ENABLED)
1714  //RSA certificate?
1715  if(sshCompareAlgo(certType, "ssh-rsa-cert-v01@openssh.com"))
1716  {
1717  RsaPrivateKey rsaPrivateKey;
1718 
1719  //Initialize RSA private key
1720  rsaInitPrivateKey(&rsaPrivateKey);
1721 
1722  //The private key can be omitted if a public-key hardware accelerator
1723  //is used to generate signatures
1724  if(privateKey != NULL)
1725  {
1726  //Check whether the RSA private key is valid
1727  error = sshImportRsaPrivateKey(&rsaPrivateKey, privateKey,
1728  privateKeyLen, password);
1729  }
1730 
1731  //Release previously allocated memory
1732  rsaFreePrivateKey(&rsaPrivateKey);
1733  }
1734  else
1735 #endif
1736 #if (SSH_DSA_SIGN_SUPPORT == ENABLED)
1737  //DSA certificate?
1738  if(sshCompareAlgo(certType, "ssh-dss-cert-v01@openssh.com"))
1739  {
1740  DsaPrivateKey dsaPrivateKey;
1741 
1742  //Initialize DSA private key
1743  dsaInitPrivateKey(&dsaPrivateKey);
1744 
1745  //The private key can be omitted if a public-key hardware accelerator
1746  //is used to generate signatures
1747  if(privateKey != NULL)
1748  {
1749  //Check whether the DSA private key is valid
1750  error = sshImportDsaPrivateKey(&dsaPrivateKey, privateKey,
1751  privateKeyLen, password);
1752  }
1753 
1754  //Release previously allocated memory
1755  dsaFreePrivateKey(&dsaPrivateKey);
1756  }
1757  else
1758 #endif
1759 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED)
1760  //ECDSA certificate?
1761  if(sshCompareAlgo(certType, "ecdsa-sha2-nistp256-cert-v01@openssh.com") ||
1762  sshCompareAlgo(certType, "ecdsa-sha2-nistp384-cert-v01@openssh.com") ||
1763  sshCompareAlgo(certType, "ecdsa-sha2-nistp521-cert-v01@openssh.com"))
1764  {
1765  EcPrivateKey ecPrivateKey;
1766 
1767  //Initialize EC private key
1768  ecInitPrivateKey(&ecPrivateKey);
1769 
1770  //The private key can be omitted if a public-key hardware accelerator
1771  //is used to generate signatures
1772  if(privateKey != NULL)
1773  {
1774  //Check whether the EC private key is valid
1775  error = sshImportEcdsaPrivateKey(&ecPrivateKey, privateKey,
1776  privateKeyLen, password);
1777  }
1778 
1779  //Release previously allocated memory
1780  ecFreePrivateKey(&ecPrivateKey);
1781  }
1782  else
1783 #endif
1784 #if (SSH_ED25519_SIGN_SUPPORT == ENABLED)
1785  //Ed25519 certificate?
1786  if(sshCompareAlgo(certType, "ssh-ed25519-cert-v01@openssh.com"))
1787  {
1788  EddsaPrivateKey ed25519PrivateKey;
1789 
1790  //Initialize Ed25519 private key
1791  eddsaInitPrivateKey(&ed25519PrivateKey);
1792 
1793  //The private key can be omitted if a public-key hardware accelerator
1794  //is used to generate signatures
1795  if(privateKey != NULL)
1796  {
1797  //Check whether the EdDSA private key is valid
1798  error = sshImportEd25519PrivateKey(&ed25519PrivateKey, privateKey,
1799  privateKeyLen, password);
1800  }
1801 
1802  //Release previously allocated memory
1803  eddsaFreePrivateKey(&ed25519PrivateKey);
1804  }
1805  else
1806 #endif
1807  //Invalid certificate?
1808  {
1809  //Report an error
1810  error = ERROR_BAD_CERTIFICATE;
1811  }
1812 
1813  //Check status code
1814  if(!error)
1815  {
1816  //Acquire exclusive access to the SSH context
1817  osAcquireMutex(&context->mutex);
1818 
1819  //Point to the specified slot
1820  hostKey = &context->hostKeys[index];
1821 
1822  //Set key format identifier
1823  hostKey->keyFormatId = certType;
1824 
1825  //Save certificate (OpenSSH format)
1826  hostKey->publicKey = cert;
1827  hostKey->publicKeyLen = certLen;
1828 
1829  //Save private key (PEM or OpenSSH format)
1830  hostKey->privateKey = privateKey;
1831  hostKey->privateKeyLen = privateKeyLen;
1832 
1833  //The password if required only for encrypted private keys
1834  if(password != NULL)
1835  {
1836  osStrcpy(hostKey->password, password);
1837  }
1838  else
1839  {
1840  osStrcpy(hostKey->password, "");
1841  }
1842 
1843 #if (SSH_CLIENT_SUPPORT == ENABLED)
1844  //Select the default public key algorithm to use during user
1845  //authentication
1846  hostKey->publicKeyAlgo = sshSelectPublicKeyAlgo(context,
1847  hostKey->keyFormatId, NULL);
1848 #endif
1849 
1850  //Release exclusive access to the SSH context
1851  osReleaseMutex(&context->mutex);
1852  }
1853 
1854  //Return status code
1855  return error;
1856 #else
1857  //Not implemented
1858  return ERROR_NOT_IMPLEMENTED;
1859 #endif
1860 }
1861 
1862 
1863 /**
1864  * @brief Unload entity's certificate
1865  * @param[in] context Pointer to the SSH context
1866  * @param[in] index Zero-based index identifying a slot
1867  * @return Error code
1868  **/
1869 
1870 error_t sshUnloadCertificate(SshContext *context, uint_t index)
1871 {
1872 #if (SSH_CERT_SUPPORT == ENABLED)
1873  uint_t i;
1874  SshConnection *connection;
1875 
1876  //Make sure the SSH context is valid
1877  if(context == NULL)
1878  return ERROR_INVALID_PARAMETER;
1879 
1880  //Check index
1881  if(index >= SSH_MAX_HOST_KEYS)
1882  return ERROR_INVALID_PARAMETER;
1883 
1884  //Acquire exclusive access to the SSH context
1885  osAcquireMutex(&context->mutex);
1886 
1887  //Loop through SSH connections
1888  for(i = 0; i < context->numConnections; i++)
1889  {
1890  //Point to the structure describing the current connection
1891  connection = &context->connections[i];
1892 
1893  //Key exchange in progress?
1894  if(connection->state > SSH_CONN_STATE_CLOSED &&
1895  connection->state < SSH_CONN_STATE_OPEN)
1896  {
1897  //Check whether the certificate is currently in use
1898  if(connection->hostKeyIndex == index)
1899  {
1900  //Terminate the connection immediately
1901  connection->disconnectRequest = TRUE;
1902  //Notify the SSH core of the event
1903  sshNotifyEvent(context);
1904  }
1905  }
1906  }
1907 
1908  //Unload the specified certificate
1909  osMemset(&context->hostKeys[index], 0, sizeof(SshHostKey));
1910 
1911  //Release exclusive access to the SSH context
1912  osReleaseMutex(&context->mutex);
1913 
1914  //Successful processing
1915  return NO_ERROR;
1916 #else
1917  //Not implemented
1918  return ERROR_NOT_IMPLEMENTED;
1919 #endif
1920 }
1921 
1922 
1923 /**
1924  * @brief Set password change prompt message
1925  * @param[in] connection Pointer to the SSH connection
1926  * @param[in] prompt NULL-terminated string containing the prompt message
1927  * @return Error code
1928  **/
1929 
1930 error_t sshSetPasswordChangePrompt(SshConnection *connection,
1931  const char_t *prompt)
1932 {
1933 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
1934  //Check parameters
1935  if(connection == NULL || prompt == NULL)
1936  return ERROR_INVALID_PARAMETER;
1937 
1938  //Make sure the length of the prompt string is acceptable
1939  if(osStrlen(prompt) > SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN)
1940  return ERROR_INVALID_LENGTH;
1941 
1942  //Save prompt string
1943  osStrcpy(connection->passwordChangePrompt, prompt);
1944 
1945  //Successful processing
1946  return NO_ERROR;
1947 #else
1948  //Not implemented
1949  return ERROR_NOT_IMPLEMENTED;
1950 #endif
1951 }
1952 
1953 
1954 /**
1955  * @brief Create a new SSH channel
1956  * @param[in] connection Pointer to the SSH connection
1957  * @return Handle referencing the newly created SSH channel
1958  **/
1959 
1960 SshChannel *sshCreateChannel(SshConnection *connection)
1961 {
1962  uint_t i;
1963  SshContext *context;
1964  SshChannel *channel;
1965 
1966  //Initialize handle
1967  channel = NULL;
1968 
1969  //Point to the SSH context
1970  context = connection->context;
1971 
1972  //Acquire exclusive access to the SSH context
1973  osAcquireMutex(&context->mutex);
1974 
1975  //Loop through SSH channels
1976  for(i = 0; i < context->numChannels; i++)
1977  {
1978  //Unused SSH channel?
1979  if(context->channels[i].state == SSH_CHANNEL_STATE_UNUSED)
1980  {
1981  //Point to the current SSH channel
1982  channel = &context->channels[i];
1983 
1984  //Clear the structure keeping the event field untouched
1985  osMemset(channel, 0, offsetof(SshChannel, event));
1986 
1987  osMemset((uint8_t *) channel + offsetof(SshChannel, event) + sizeof(OsEvent),
1988  0, sizeof(SshChannel) - offsetof(SshChannel, event) - sizeof(OsEvent));
1989 
1990  //Initialize channel's parameters
1991  channel->context = context;
1992  channel->connection = connection;
1993  channel->timeout = INFINITE_DELAY;
1994  channel->rxWindowSize = SSH_CHANNEL_BUFFER_SIZE;
1995 
1996  //When the implementation wish to open a new channel, it allocates a
1997  //local number for the channel (refer to RFC 4254, section 5.1)
1998  channel->localChannelNum = sshAllocateLocalChannelNum(connection);
1999 
2000  //The SSH channel has been successfully allocated
2001  channel->state = SSH_CHANNEL_STATE_RESERVED;
2002 
2003  //We are done
2004  break;
2005  }
2006  }
2007 
2008  //Release exclusive access to the SSH context
2009  osReleaseMutex(&context->mutex);
2010 
2011  //Return a handle to the newly created SSH channel
2012  return channel;
2013 }
2014 
2015 
2016 /**
2017  * @brief Set timeout for read/write operations
2018  * @param[in] channel SSH channel handle
2019  * @param[in] timeout Maximum time to wait
2020  * @return Error code
2021  **/
2022 
2023 error_t sshSetChannelTimeout(SshChannel *channel, systime_t timeout)
2024 {
2025  //Make sure the SSH channel handle is valid
2026  if(channel == NULL)
2027  return ERROR_INVALID_PARAMETER;
2028 
2029  //Save timeout value
2030  channel->timeout = timeout;
2031 
2032  //Successful processing
2033  return NO_ERROR;
2034 }
2035 
2036 
2037 /**
2038  * @brief Write data to the specified channel
2039  * @param[in] channel SSH channel handle
2040  * @param[in] data Pointer to the buffer containing the data to be transmitted
2041  * @param[in] length Number of data bytes to send
2042  * @param[out] written Actual number of bytes written (optional parameter)
2043  * @param[in] flags Set of flags that influences the behavior of this function
2044  * @return Error code
2045  **/
2046 
2047 error_t sshWriteChannel(SshChannel *channel, const void *data, size_t length,
2048  size_t *written, uint_t flags)
2049 {
2050  error_t error;
2051  size_t n;
2052  size_t totalLength;
2053  uint_t event;
2054  SshChannelBuffer *txBuffer;
2055 
2056  //Make sure the SSH channel handle is valid
2057  if(channel == NULL)
2058  return ERROR_INVALID_PARAMETER;
2059 
2060  //Check parameters
2061  if(data == NULL && length != 0)
2062  return ERROR_INVALID_PARAMETER;
2063 
2064  //Initialize status code
2065  error = NO_ERROR;
2066  //Point to the transmission buffer
2067  txBuffer = &channel->txBuffer;
2068  //Actual number of bytes written
2069  totalLength = 0;
2070 
2071  //Acquire exclusive access to the SSH context
2072  osAcquireMutex(&channel->context->mutex);
2073 
2074  //Send as much data as possible
2075  while(totalLength < length && !error)
2076  {
2077  //Check channel state
2078  if(channel->state == SSH_CHANNEL_STATE_OPEN && !channel->eofRequest &&
2079  !channel->eofSent && !channel->closeRequest && !channel->closeSent)
2080  {
2081  //Check whether the send buffer is available for writing
2082  if(txBuffer->length < SSH_CHANNEL_BUFFER_SIZE)
2083  {
2084  //Limit the number of bytes to write at a time
2085  n = SSH_CHANNEL_BUFFER_SIZE - txBuffer->length;
2086  n = MIN(n, length - totalLength);
2087 
2088  //Prevent memory writes from crossing buffer boundaries
2089  if((txBuffer->writePos + n) > SSH_CHANNEL_BUFFER_SIZE)
2090  {
2091  n = SSH_CHANNEL_BUFFER_SIZE - txBuffer->writePos;
2092  }
2093 
2094  //Copy data
2095  osMemcpy(txBuffer->data + txBuffer->writePos, data, n);
2096 
2097  //Advance the data pointer
2098  data = (uint8_t *) data + n;
2099  //Advance write position
2100  txBuffer->writePos += n;
2101 
2102  //Wrap around if necessary
2103  if(txBuffer->writePos >= SSH_CHANNEL_BUFFER_SIZE)
2104  {
2105  txBuffer->writePos -= SSH_CHANNEL_BUFFER_SIZE;
2106  }
2107 
2108  //Update buffer length
2109  txBuffer->length += n;
2110  //Update byte counter
2111  totalLength += n;
2112  }
2113  else
2114  {
2115  //Notify the SSH context that data is pending in the send buffer
2116  sshNotifyEvent(channel->context);
2117 
2118  //Wait until there is more room in the send buffer
2119  event = sshWaitForChannelEvents(channel, SSH_CHANNEL_EVENT_TX_READY,
2120  channel->timeout);
2121 
2122  //Channel not available for writing?
2123  if(event != SSH_CHANNEL_EVENT_TX_READY)
2124  {
2125  //Report a timeout error
2126  error = ERROR_TIMEOUT;
2127  }
2128  }
2129  }
2130  else
2131  {
2132  //The channel is not writable
2133  error = ERROR_WRITE_FAILED;
2134  }
2135  }
2136 
2137  //Check whether all the data has been written
2138  if(totalLength == length)
2139  {
2140  //When a party will no longer send more data to a channel, it should
2141  //send an SSH_MSG_CHANNEL_EOF message (refer to RFC 4254, section 5.3)
2142  if((flags & SSH_FLAG_EOF) != 0)
2143  {
2144  channel->eofRequest = TRUE;
2145  }
2146  }
2147 
2148  //Notify the SSH core that data is pending in the send buffer
2149  sshNotifyEvent(channel->context);
2150 
2151  //Release exclusive access to the SSH context
2152  osReleaseMutex(&channel->context->mutex);
2153 
2154  //The parameter is optional
2155  if(written != NULL)
2156  {
2157  //Total number of data that have been written
2158  *written = totalLength;
2159  }
2160 
2161  //Return status code
2162  return error;
2163 }
2164 
2165 
2166 /**
2167  * @brief Receive data from the specified channel
2168  * @param[in] channel SSH channel handle
2169  * @param[out] data Buffer where to store the incoming data
2170  * @param[in] size Maximum number of bytes that can be received
2171  * @param[out] received Number of bytes that have been received
2172  * @param[in] flags Set of flags that influences the behavior of this function
2173  * @return Error code
2174  **/
2175 
2176 error_t sshReadChannel(SshChannel *channel, void *data, size_t size,
2177  size_t *received, uint_t flags)
2178 {
2179  error_t error;
2180  size_t n;
2181  uint_t event;
2182  SshChannelBuffer *rxBuffer;
2183 
2184  //Check parameters
2185  if(channel == NULL || data == NULL || received == NULL)
2186  return ERROR_INVALID_PARAMETER;
2187 
2188  //Initialize status code
2189  error = NO_ERROR;
2190  //Point to the receive buffer
2191  rxBuffer = &channel->rxBuffer;
2192  //No data has been read yet
2193  *received = 0;
2194 
2195  //Acquire exclusive access to the SSH context
2196  osAcquireMutex(&channel->context->mutex);
2197 
2198  //Read as much data as possible
2199  while(*received < size && !error)
2200  {
2201  //Any data pending in the receive buffer?
2202  if(rxBuffer->length > 0)
2203  {
2204  //Check channel state
2205  if(channel->state == SSH_CHANNEL_STATE_OPEN)
2206  {
2207  //Compute the number of bytes available for reading
2208  n = MIN(rxBuffer->length, size - *received);
2209 
2210  //Limit the number of bytes to copy at a time
2211  if((rxBuffer->readPos + n) > SSH_CHANNEL_BUFFER_SIZE)
2212  {
2213  n = SSH_CHANNEL_BUFFER_SIZE - rxBuffer->readPos;
2214  }
2215 
2216  //Check flags
2217  if((flags & SSH_FLAG_BREAK_CHAR) != 0)
2218  {
2219  char_t c;
2220  size_t i;
2221 
2222  //Retrieve the break character code
2223  c = LSB(flags);
2224 
2225  //Search for the specified break character
2226  for(i = 0; i < n; i++)
2227  {
2228  if(rxBuffer->data[rxBuffer->readPos + i] == c)
2229  {
2230  break;
2231  }
2232  }
2233 
2234  //Adjust the number of data to read
2235  n = MIN(n, i + 1);
2236  }
2237 
2238  //Copy data to user buffer
2239  osMemcpy(data, rxBuffer->data + rxBuffer->readPos, n);
2240 
2241  //Advance read position
2242  rxBuffer->readPos += n;
2243 
2244  //Wrap around if necessary
2245  if(rxBuffer->readPos >= SSH_CHANNEL_BUFFER_SIZE)
2246  {
2247  rxBuffer->readPos = 0;
2248  }
2249 
2250  //Update buffer length
2251  rxBuffer->length -= n;
2252  //Total number of bytes that have been received
2253  *received += n;
2254 
2255  //Update flow-control window
2256  sshUpdateChannelWindow(channel, n);
2257 
2258  //The SSH_FLAG_BREAK_CHAR flag causes the function to stop reading
2259  //data as soon as the specified break character is encountered
2260  if((flags & SSH_FLAG_BREAK_CHAR) != 0)
2261  {
2262  //Check whether a break character has been found
2263  if(n > 0 && ((uint8_t *) data)[n - 1] == LSB(flags))
2264  {
2265  break;
2266  }
2267  }
2268 
2269  //The SSH_FLAG_WAIT_ALL flag causes the function to return only
2270  //when the requested number of bytes have been read
2271  if((flags & SSH_FLAG_WAIT_ALL) == 0)
2272  {
2273  break;
2274  }
2275 
2276  //Advance data pointer
2277  data = (uint8_t *) data + n;
2278  }
2279  else
2280  {
2281  //The channel is not readable
2282  error = ERROR_READ_FAILED;
2283  }
2284  }
2285  else
2286  {
2287  //Check channel state
2288  if(channel->state == SSH_CHANNEL_STATE_OPEN)
2289  {
2290  //Check whether an SSH_MSG_CHANNEL_EOF or SSH_MSG_CHANNEL_CLOSE
2291  //message has been received
2292  if(channel->closeReceived || channel->eofReceived ||
2293  channel->connection->disconnectReceived)
2294  {
2295  //The peer will no longer send data to the channel
2296  error = ERROR_END_OF_STREAM;
2297  }
2298  else
2299  {
2300  //Wait for data to be available for reading
2301  event = sshWaitForChannelEvents(channel,
2302  SSH_CHANNEL_EVENT_RX_READY, channel->timeout);
2303 
2304  //Channel not available for reading?
2305  if(event != SSH_CHANNEL_EVENT_RX_READY)
2306  {
2307  //Report a timeout error
2308  error = ERROR_TIMEOUT;
2309  }
2310  }
2311  }
2312  else if(channel->state == SSH_CHANNEL_STATE_CLOSED)
2313  {
2314  //The peer will no longer send data to the channel
2315  if(channel->closeReceived || channel->eofReceived ||
2316  channel->connection->disconnectReceived)
2317  {
2318  error = ERROR_END_OF_STREAM;
2319  }
2320  else if(channel->connection->disconnectSent)
2321  {
2322  error = ERROR_CONNECTION_CLOSING;
2323  }
2324  else
2325  {
2326  error = ERROR_READ_FAILED;
2327  }
2328  }
2329  else
2330  {
2331  //The channel is not readable
2332  error = ERROR_READ_FAILED;
2333  }
2334  }
2335  }
2336 
2337  //Release exclusive access to the SSH context
2338  osReleaseMutex(&channel->context->mutex);
2339 
2340  //Check status code
2341  if(error == ERROR_END_OF_STREAM)
2342  {
2343  //Check flags
2344  if((flags & SSH_FLAG_BREAK_CHAR) != 0 || (flags & SSH_FLAG_WAIT_ALL) == 0)
2345  {
2346  //The user must be satisfied with data already on hand
2347  if(*received > 0)
2348  {
2349  error = NO_ERROR;
2350  }
2351  }
2352  }
2353 
2354  //Return status code
2355  return error;
2356 }
2357 
2358 
2359 /**
2360  * @brief Wait for one of a set of channels to become ready to perform I/O
2361  *
2362  * This function determines the status of one or more channels, waiting if
2363  * necessary, to perform synchronous I/O
2364  *
2365  * @param[in,out] eventDesc Set of entries specifying the events the user is interested in
2366  * @param[in] size Number of entries in the descriptor set
2367  * @param[in] extEvent External event that can abort the wait if necessary (optional)
2368  * @param[in] timeout Maximum time to wait before returning
2369  * @return Error code
2370  **/
2371 
2372 error_t sshPollChannels(SshChannelEventDesc *eventDesc, uint_t size,
2373  OsEvent *extEvent, systime_t timeout)
2374 {
2375  uint_t i;
2376  bool_t status;
2377  OsEvent *event;
2378  OsEvent eventObject;
2379 
2380  //Check parameters
2381  if(eventDesc == NULL || size == 0)
2382  return ERROR_INVALID_PARAMETER;
2383 
2384  //Try to use the supplied event object to receive notifications
2385  if(!extEvent)
2386  {
2387  //Create an event object only if necessary
2388  if(!osCreateEvent(&eventObject))
2389  {
2390  //Report an error
2391  return ERROR_OUT_OF_RESOURCES;
2392  }
2393 
2394  //Reference to the newly created event
2395  event = &eventObject;
2396  }
2397  else
2398  {
2399  //Reference to the external event
2400  event = extEvent;
2401  }
2402 
2403  //Loop through descriptors
2404  for(i = 0; i < size; i++)
2405  {
2406  //Valid channel handle?
2407  if(eventDesc[i].channel != NULL)
2408  {
2409  //Clear event flags
2410  eventDesc[i].eventFlags = 0;
2411 
2412  //Subscribe to the requested events
2413  sshRegisterUserEvents(eventDesc[i].channel, event,
2414  eventDesc[i].eventMask);
2415  }
2416  }
2417 
2418  //Block the current task until an event occurs
2419  status = osWaitForEvent(event, timeout);
2420 
2421  //Loop through descriptors
2422  for(i = 0; i < size; i++)
2423  {
2424  //Valid channel handle?
2425  if(eventDesc[i].channel != NULL)
2426  {
2427  //Any channel event in the signaled state?
2428  if(status)
2429  {
2430  //Retrieve event flags for the current channel
2431  eventDesc[i].eventFlags = sshGetUserEvents(eventDesc[i].channel);
2432  //Clear unnecessary flags
2433  eventDesc[i].eventFlags &= eventDesc[i].eventMask;
2434  }
2435 
2436  //Unsubscribe previously registered events
2437  sshUnregisterUserEvents(eventDesc[i].channel);
2438  }
2439  }
2440 
2441  //Reset event object
2442  osResetEvent(event);
2443 
2444  //Release previously allocated resources
2445  if(!extEvent)
2446  {
2447  osDeleteEvent(&eventObject);
2448  }
2449 
2450  //Return status code
2451  return status ? NO_ERROR : ERROR_TIMEOUT;
2452 }
2453 
2454 
2455 /**
2456  * @brief Close channel
2457  * @param[in] channel SSH channel handle
2458  * @return Error code
2459  **/
2460 
2461 error_t sshCloseChannel(SshChannel *channel)
2462 {
2463  error_t error;
2464  uint_t event;
2465 
2466  //Make sure the SSH channel handle is valid
2467  if(channel == NULL)
2468  return ERROR_INVALID_PARAMETER;
2469 
2470  //Initialize status code
2471  error = NO_ERROR;
2472 
2473  //Acquire exclusive access to the SSH context
2474  osAcquireMutex(&channel->context->mutex);
2475 
2476  //Check channel state
2477  if(channel->state == SSH_CHANNEL_STATE_OPEN)
2478  {
2479  //When either party wishes to terminate the channel, it sends
2480  //SSH_MSG_CHANNEL_CLOSE
2481  if(!channel->closeRequest)
2482  {
2483  //Request closure of the channel
2484  channel->closeRequest = TRUE;
2485  //Notify the SSH context that the channel should be closed
2486  sshNotifyEvent(channel->context);
2487  }
2488 
2489  //Client mode operation?
2490  if(channel->context->mode == SSH_OPERATION_MODE_CLIENT)
2491  {
2492  //Wait for the channel to close
2493  event = sshWaitForChannelEvents(channel, SSH_CHANNEL_EVENT_CLOSED,
2494  channel->timeout);
2495 
2496  //Check whether the channel is properly closed
2497  if(event != SSH_CHANNEL_EVENT_CLOSED)
2498  {
2499  //Report a timeout error
2500  error = ERROR_TIMEOUT;
2501  }
2502  }
2503  }
2504  else if(channel->state == SSH_CHANNEL_STATE_CLOSED)
2505  {
2506  //The channel is considered closed for a party when it has both sent
2507  //and received SSH_MSG_CHANNEL_CLOSE
2508  if(channel->context->mode == SSH_OPERATION_MODE_SERVER)
2509  {
2510  channel->state = SSH_CHANNEL_STATE_UNUSED;
2511  }
2512  }
2513  else
2514  {
2515  //Invalid channel state
2516  error = ERROR_WRONG_STATE;
2517  }
2518 
2519  //Release exclusive access to the SSH context
2520  osReleaseMutex(&channel->context->mutex);
2521 
2522  //Return status code
2523  return error;
2524 }
2525 
2526 
2527 /**
2528  * @brief Release channel
2529  * @param[in] channel SSH channel handle
2530  **/
2531 
2532 void sshDeleteChannel(SshChannel *channel)
2533 {
2534  //Make sure the SSH channel handle is valid
2535  if(channel != NULL)
2536  {
2537  //Acquire exclusive access to the SSH context
2538  osAcquireMutex(&channel->context->mutex);
2539  //Release SSH channel
2540  channel->state = SSH_CHANNEL_STATE_UNUSED;
2541  //Release exclusive access to the SSH context
2542  osReleaseMutex(&channel->context->mutex);
2543  }
2544 }
2545 
2546 
2547 /**
2548  * @brief Release SSH context
2549  * @param[in] context Pointer to the SSH context
2550  **/
2551 
2552 void sshDeinit(SshContext *context)
2553 {
2554  uint_t i;
2555  SshConnection *connection;
2556  SshChannel *channel;
2557 
2558  //Free previously allocated memory
2559  osDeleteMutex(&context->mutex);
2560  osDeleteEvent(&context->event);
2561 
2562  //Loop through SSH connections
2563  for(i = 0; i < context->numConnections; i++)
2564  {
2565  //Point to the structure describing the current connection
2566  connection = &context->connections[i];
2567 
2568  //Clear associated structure
2569  osMemset(connection, 0, sizeof(SshConnection));
2570  }
2571 
2572  //Loop through SSH channels
2573  for(i = 0; i < context->numChannels; i++)
2574  {
2575  //Point to the structure describing the current channel
2576  channel = &context->channels[i];
2577 
2578  //Release event object
2579  osDeleteEvent(&channel->event);
2580  //Clear associated structure
2581  osMemset(channel, 0, sizeof(SshChannel));
2582  }
2583 
2584  //Clear SSH context
2585  osMemset(context, 0, sizeof(SshContext));
2586 }
2587 
2588 #endif
ssh_channel.h
SSH channel management.
SSH_FLAG_WAIT_ALL
@ SSH_FLAG_WAIT_ALL
Definition: ssh.h:916
sshImportDsaPrivateKey
error_t sshImportDsaPrivateKey(DsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode an SSH private key file containing a DSA private key.
Definition: ssh_key_import.c:688
sshUnregisterUserEvents
void sshUnregisterUserEvents(SshChannel *channel)
Unsubscribe previously registered events.
Definition: ssh_misc.c:655
SshChannelReqCallback
error_t(* SshChannelReqCallback)(SshChannel *channel, const SshString *type, const uint8_t *data, size_t length, void *param)
Channel request callback function.
Definition: ssh.h:1274
SSH_MAX_CONN_CLOSE_CALLBACKS
#define SSH_MAX_CONN_CLOSE_CALLBACKS
Definition: ssh.h:220
bool_t
int bool_t
Definition: compiler_port.h:61
rsaFreePublicKey
void rsaFreePublicKey(RsaPublicKey *key)
Release an RSA public key.
Definition: rsa.c:113
SshOperationMode
SshOperationMode
Mode of operation.
Definition: ssh.h:891
SSH_CONN_STATE_OPEN
@ SSH_CONN_STATE_OPEN
Definition: ssh.h:1062
osCreateMutex
bool_t osCreateMutex(OsMutex *mutex)
Create a mutex object.
Definition: os_port_chibios.c:370
sshUnregisterConnectionOpenCallback
error_t sshUnregisterConnectionOpenCallback(SshContext *context, SshConnectionOpenCallback callback)
Unregister connection open callback function.
Definition: ssh.c:926
SshChannelEventDesc::eventMask
uint_t eventMask
Requested events.
Definition: ssh.h:1553
SshCaPublicKeyVerifyCallback
error_t(* SshCaPublicKeyVerifyCallback)(SshConnection *connection, const uint8_t *publicKey, size_t publicKeyLen)
CA public key verification callback function.
Definition: ssh.h:1188
SshConnectionCloseCallback
void(* SshConnectionCloseCallback)(SshConnection *connection, void *param)
Connection close callback function.
Definition: ssh.h:1299
SshKeyLogCallback
void(* SshKeyLogCallback)(SshConnection *connection, const char_t *key)
Key logging callback function (for debugging purpose only)
Definition: ssh.h:1307
SshHostKey::privateKey
const char_t * privateKey
Private key (PEM or OpenSSH format)
Definition: ssh.h:1147
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
PrngAlgo
#define PrngAlgo
Definition: crypto.h:973
sshUnloadRsaKey
error_t sshUnloadRsaKey(SshContext *context, uint_t index)
Unload transient RSA key (for RSA key exchange)
Definition: ssh.c:1197
sshSetPassword
error_t sshSetPassword(SshContext *context, const char_t *password)
Set the password to be used for authentication.
Definition: ssh.c:251
eddsaFreePrivateKey
void eddsaFreePrivateKey(EddsaPrivateKey *key)
Release an EdDSA private key.
Definition: eddsa.c:95
eddsaInitPrivateKey
void eddsaInitPrivateKey(EddsaPrivateKey *key)
Initialize an EdDSA private key.
Definition: eddsa.c:75
dsaFreePrivateKey
void dsaFreePrivateKey(DsaPrivateKey *key)
Release a DSA private key.
Definition: dsa.c:152
TRUE
#define TRUE
Definition: os_port.h:50
sshRegisterConnectionCloseCallback
error_t sshRegisterConnectionCloseCallback(SshContext *context, SshConnectionCloseCallback callback, void *param)
Register connection close callback function.
Definition: ssh.c:966
SSH_FLAG_BREAK_CHAR
@ SSH_FLAG_BREAK_CHAR
Definition: ssh.h:917
SSH_MAX_CHANNEL_OPEN_CALLBACKS
#define SSH_MAX_CHANNEL_OPEN_CALLBACKS
Definition: ssh.h:206
data
uint8_t data[]
Definition: ethernet.h:222
SshCertAuthCallback
error_t(* SshCertAuthCallback)(SshConnection *connection, const char_t *user, const SshCertificate *cert)
Certificate authentication callback function.
Definition: ssh.h:1204
sshCloseChannel
error_t sshCloseChannel(SshChannel *channel)
Close channel.
Definition: ssh.c:2461
OsEvent
Event object.
Definition: os_port_cmsis_rtos.h:110
sshRegisterChannelRequestCallback
error_t sshRegisterChannelRequestCallback(SshContext *context, SshChannelReqCallback callback, void *param)
Register channel request callback function.
Definition: ssh.c:705
ERROR_OUT_OF_RESOURCES
@ ERROR_OUT_OF_RESOURCES
Definition: error.h:64
SshChannelEventDesc::eventFlags
uint_t eventFlags
Returned events.
Definition: ssh.h:1554
sshGetPublicKeyType
const char_t * sshGetPublicKeyType(const char_t *input, size_t length)
Get SSH public key type.
Definition: ssh_key_import.c:1331
SshRsaKey
Transient RSA key (for RSA key exchange)
Definition: ssh.h:1116
sshUnloadDhGexGroup
error_t sshUnloadDhGexGroup(SshContext *context, uint_t index)
Unload Diffie-Hellman group.
Definition: ssh.c:1311
sshRegisterPasswordChangeCallback
error_t sshRegisterPasswordChangeCallback(SshContext *context, SshPasswordChangeCallback callback)
Register password change callback function.
Definition: ssh.c:462
totalLength
uint16_t totalLength
Definition: ipv4.h:323
sshDeleteChannel
void sshDeleteChannel(SshChannel *channel)
Release channel.
Definition: ssh.c:2532
osStrlen
#define osStrlen(s)
Definition: os_port.h:168
sshRegisterEcdhSharedSecretCalcCallback
error_t sshRegisterEcdhSharedSecretCalcCallback(SshContext *context, SshEcdhSharedSecretCalcCallback callback)
Register ECDH shared secret calculation callback function.
Definition: ssh.c:586
SshChannelBuffer
SSH channel buffer.
Definition: ssh.h:1343
ssh_key_import.h
SSH key file import functions.
ERROR_END_OF_STREAM
@ ERROR_END_OF_STREAM
Definition: error.h:211
rsaInitPrivateKey
void rsaInitPrivateKey(RsaPrivateKey *key)
Initialize an RSA private key.
Definition: rsa.c:126
RsaPublicKey::n
Mpi n
Modulus.
Definition: rsa.h:58
sshSelectPublicKeyAlgo
const char_t * sshSelectPublicKeyAlgo(SshContext *context, const char_t *keyFormatId, const SshNameList *peerAlgoList)
Public key algorithm selection.
Definition: ssh_algorithms.c:1260
sshRegisterSignVerifyCallback
error_t sshRegisterSignVerifyCallback(SshContext *context, SshSignVerifyCallback callback)
Register signature verification callback function.
Definition: ssh.c:524
ERROR_WRONG_STATE
@ ERROR_WRONG_STATE
Definition: error.h:210
sshInit
error_t sshInit(SshContext *context, SshConnection *connections, uint_t numConnections, SshChannel *channels, uint_t numChannels)
SSH context initialization.
Definition: ssh.c:58
sshReadChannel
error_t sshReadChannel(SshChannel *channel, void *data, size_t size, size_t *received, uint_t flags)
Receive data from the specified channel.
Definition: ssh.c:2176
pemImportDhParameters
error_t pemImportDhParameters(DhParameters *params, const char_t *input, size_t length)
Decode a PEM file containing Diffie-Hellman parameters.
Definition: pem_import.c:143
SSH_CHANNEL_EVENT_CLOSED
@ SSH_CHANNEL_EVENT_CLOSED
Definition: ssh.h:1101
SshHostKey::password
char_t password[SSH_MAX_PASSWORD_LEN+1]
Password used to decrypt the private key.
Definition: ssh.h:1149
SSH_CHANNEL_EVENT_TX_READY
@ SSH_CHANNEL_EVENT_TX_READY
Definition: ssh.h:1102
sshUnloadHostKey
error_t sshUnloadHostKey(SshContext *context, uint_t index)
Unload entity's host key.
Definition: ssh.c:1615
sshRegisterConnectionOpenCallback
error_t sshRegisterConnectionOpenCallback(SshContext *context, SshConnectionOpenCallback callback, void *param)
Register connection open callback function.
Definition: ssh.c:879
sshUnregisterConnectionCloseCallback
error_t sshUnregisterConnectionCloseCallback(SshContext *context, SshConnectionCloseCallback callback)
Unregister connection close callback function.
Definition: ssh.c:1013
sshRegisterGlobalRequestCallback
error_t sshRegisterGlobalRequestCallback(SshContext *context, SshGlobalReqCallback callback, void *param)
Register global request callback function.
Definition: ssh.c:618
pem_import.h
PEM file import functions.
DsaPublicKey
DSA public key.
Definition: dsa.h:61
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osResetEvent
void osResetEvent(OsEvent *event)
Set the specified event object to the nonsignaled state.
Definition: os_port_chibios.c:214
SshContext
#define SshContext
Definition: ssh.h:870
sshImportRsaPrivateKey
error_t sshImportRsaPrivateKey(RsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode an SSH private key file containing an RSA private key.
Definition: ssh_key_import.c:506
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
SshHostKey::keyFormatId
const char_t * keyFormatId
Key format identifier.
Definition: ssh.h:1144
sshRegisterCaPublicKeyVerifyCallback
error_t sshRegisterCaPublicKeyVerifyCallback(SshContext *context, SshCaPublicKeyVerifyCallback callback)
Register CA public key verification callback function.
Definition: ssh.c:338
error_t
error_t
Error codes.
Definition: error.h:43
sshRegisterChannelOpenCallback
error_t sshRegisterChannelOpenCallback(SshContext *context, SshChannelOpenCallback callback, void *param)
Register channel open callback function.
Definition: ssh.c:792
sshDeinit
void sshDeinit(SshContext *context)
Release SSH context.
Definition: ssh.c:2552
sshUnloadCertificate
error_t sshUnloadCertificate(SshContext *context, uint_t index)
Unload entity's certificate.
Definition: ssh.c:1870
SshGlobalReqCallback
error_t(* SshGlobalReqCallback)(SshConnection *connection, const SshString *name, const uint8_t *data, size_t length, void *param)
Global request callback function.
Definition: ssh.h:1266
ecInitPublicKey
void ecInitPublicKey(EcPublicKey *key)
Initialize an EC public key.
Definition: ec.c:52
rsaFreePrivateKey
void rsaFreePrivateKey(RsaPrivateKey *key)
Release an RSA private key.
Definition: rsa.c:148
sshCompareAlgo
bool_t sshCompareAlgo(const char_t *name1, const char_t *name2)
Compare algorithm names.
Definition: ssh_misc.c:1693
EddsaPublicKey
EdDSA public key.
Definition: eddsa.h:64
SSH_OPERATION_MODE_SERVER
@ SSH_OPERATION_MODE_SERVER
Definition: ssh.h:893
SshChannelOpenCallback
error_t(* SshChannelOpenCallback)(SshConnection *connection, const SshString *type, uint32_t senderChannel, uint32_t initialWindowSize, uint32_t maxPacketSize, const uint8_t *data, size_t length, void *param)
Channel open callback function.
Definition: ssh.h:1282
SSH_MAX_RSA_KEYS
#define SSH_MAX_RSA_KEYS
Definition: ssh.h:661
SSH_OPERATION_MODE_CLIENT
@ SSH_OPERATION_MODE_CLIENT
Definition: ssh.h:892
SshHostKey::publicKey
const char_t * publicKey
Public key (PEM, SSH2 or OpenSSH format)
Definition: ssh.h:1145
sshImportDsaPublicKey
error_t sshImportDsaPublicKey(DsaPublicKey *publicKey, const char_t *input, size_t length)
Decode an SSH public key file containing a DSA public key.
Definition: ssh_key_import.c:170
txBuffer
#define txBuffer
Definition: aps3_eth_driver.c:45
RsaPublicKey
RSA public key.
Definition: rsa.h:57
SshDhGexGroup
Diffie-Hellman group.
Definition: ssh.h:1131
sshRegisterCertAuthCallback
error_t sshRegisterCertAuthCallback(SshContext *context, SshCertAuthCallback callback)
Register certificate authentication callback function.
Definition: ssh.c:400
osDeleteEvent
void osDeleteEvent(OsEvent *event)
Delete an event object.
Definition: os_port_chibios.c:191
sshAllocateLocalChannelNum
uint32_t sshAllocateLocalChannelNum(SshConnection *connection)
Generate a local channel number.
Definition: ssh_channel.c:92
SshCertVerifyCallback
error_t(* SshCertVerifyCallback)(SshConnection *connection, const SshCertificate *cert)
Certificate verification callback function.
Definition: ssh.h:1180
dsaInitPrivateKey
void dsaInitPrivateKey(DsaPrivateKey *key)
Initialize a DSA private key.
Definition: dsa.c:133
SshHostKey
Host key.
Definition: ssh.h:1143
sshLoadDhGexGroup
error_t sshLoadDhGexGroup(SshContext *context, uint_t index, const char_t *dhParams, size_t dhParamsLen)
Load Diffie-Hellman group.
Definition: ssh.c:1234
sshRegisterHostKeyVerifyCallback
error_t sshRegisterHostKeyVerifyCallback(SshContext *context, SshHostKeyVerifyCallback callback)
Register host key verification callback function.
Definition: ssh.c:281
ERROR_INVALID_LENGTH
@ ERROR_INVALID_LENGTH
Definition: error.h:111
sshUnregisterChannelRequestCallback
error_t sshUnregisterChannelRequestCallback(SshContext *context, SshChannelReqCallback callback)
Unregister channel request callback function.
Definition: ssh.c:752
DhParameters::p
Mpi p
Prime modulus.
Definition: dh.h:50
sshCreateChannel
SshChannel * sshCreateChannel(SshConnection *connection)
Create a new SSH channel.
Definition: ssh.c:1960
SshPasswordChangeCallback
SshAuthStatus(* SshPasswordChangeCallback)(SshConnection *connection, const char_t *user, const char_t *oldPassword, size_t oldPasswordLen, const char_t *newPassword, size_t newPasswordLen)
Password change callback function.
Definition: ssh.h:1220
SshEcdhKeyPairGenCallback
error_t(* SshEcdhKeyPairGenCallback)(SshConnection *connection, const char_t *kexAlgo, EcPublicKey *publicKey)
ECDH key pair generation callback.
Definition: ssh.h:1249
SSH_CHANNEL_STATE_OPEN
@ SSH_CHANNEL_STATE_OPEN
Definition: ssh.h:1075
ERROR_BAD_CERTIFICATE
@ ERROR_BAD_CERTIFICATE
Definition: error.h:236
sshWriteChannel
error_t sshWriteChannel(SshChannel *channel, const void *data, size_t length, size_t *written, uint_t flags)
Write data to the specified channel.
Definition: ssh.c:2047
sshImportEd448PrivateKey
error_t sshImportEd448PrivateKey(EddsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode an SSH private key file containing an Ed448 private key.
Definition: ssh_key_import.c:1076
EcPrivateKey
EC private key.
Definition: ec.h:432
DsaPrivateKey
DSA private key.
Definition: dsa.h:72
sshPollChannels
error_t sshPollChannels(SshChannelEventDesc *eventDesc, uint_t size, OsEvent *extEvent, systime_t timeout)
Wait for one of a set of channels to become ready to perform I/O.
Definition: ssh.c:2372
sshRegisterKeyLogCallback
error_t sshRegisterKeyLogCallback(SshContext *context, SshKeyLogCallback callback)
Register key logging callback function (for debugging purpose only)
Definition: ssh.c:1052
SshHostKey::publicKeyLen
size_t publicKeyLen
Length of the public key.
Definition: ssh.h:1146
SSH_CHANNEL_BUFFER_SIZE
#define SSH_CHANNEL_BUFFER_SIZE
Definition: ssh.h:241
sshRegisterPasswordAuthCallback
error_t sshRegisterPasswordAuthCallback(SshContext *context, SshPasswordAuthCallback callback)
Register password authentication callback function.
Definition: ssh.c:431
SshEcdhSharedSecretCalcCallback
error_t(* SshEcdhSharedSecretCalcCallback)(SshConnection *connection, const char_t *kexAlgo, const EcPublicKey *publicKey, uint8_t *output, size_t *outputLen)
ECDH shared secret calculation callback.
Definition: ssh.h:1257
ecFreePrivateKey
void ecFreePrivateKey(EcPrivateKey *key)
Release an EC private key.
Definition: ec.c:100
length
uint8_t length
Definition: tcp.h:375
SSH_MAX_HOST_KEYS
#define SSH_MAX_HOST_KEYS
Definition: ssh.h:178
LSB
#define LSB(x)
Definition: os_port.h:55
sshRegisterSignGenCallback
error_t sshRegisterSignGenCallback(SshContext *context, SshSignGenCallback callback)
Register signature generation callback function.
Definition: ssh.c:493
sshSetPasswordChangePrompt
error_t sshSetPasswordChangePrompt(SshConnection *connection, const char_t *prompt)
Set password change prompt message.
Definition: ssh.c:1930
MIN
#define MIN(a, b)
Definition: os_port.h:63
sshGetUserEvents
uint_t sshGetUserEvents(SshChannel *channel)
Retrieve event flags for a specified channel.
Definition: ssh_misc.c:678
sshImportEcdsaPrivateKey
error_t sshImportEcdsaPrivateKey(EcPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode an SSH private key file containing an ECDSA private key.
Definition: ssh_key_import.c:828
SshConnectionOpenCallback
error_t(* SshConnectionOpenCallback)(SshConnection *connection, void *param)
Connection open callback function.
Definition: ssh.h:1291
SshSignVerifyCallback
error_t(* SshSignVerifyCallback)(SshConnection *connection, const SshString *publicKeyAlgo, const SshBinaryString *publicKeyBlob, const SshBinaryString *sessionId, const SshBinaryString *message, const SshBinaryString *signatureBlob)
Signature verification callback function.
Definition: ssh.h:1239
rxBuffer
#define rxBuffer
Definition: aps3_eth_driver.c:47
SSH_CONN_STATE_CLOSED
@ SSH_CONN_STATE_CLOSED
Definition: ssh.h:1033
SSH_MAX_RSA_MODULUS_SIZE
#define SSH_MAX_RSA_MODULUS_SIZE
Definition: ssh.h:703
SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN
#define SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN
Definition: ssh.h:269
ERROR_CONNECTION_CLOSING
@ ERROR_CONNECTION_CLOSING
Definition: error.h:78
mpiGetBitLength
uint_t mpiGetBitLength(const Mpi *a)
Get the actual length in bits.
Definition: mpi.c:254
EddsaPrivateKey
EdDSA private key.
Definition: eddsa.h:75
sshRegisterEcdhKeyPairGenCallback
error_t sshRegisterEcdhKeyPairGenCallback(SshContext *context, SshEcdhKeyPairGenCallback callback)
Register ECDH key pair generation callback function.
Definition: ssh.c:555
sshNotifyEvent
void sshNotifyEvent(SshContext *context)
Notify the SSH context that event is occurring.
Definition: ssh_misc.c:710
systime_t
uint32_t systime_t
System time.
Definition: os_port_chibios.h:101
EcPublicKey
EC public key.
Definition: ec.h:421
flags
uint8_t flags
Definition: tcp.h:358
SSH_MAX_PASSWORD_LEN
#define SSH_MAX_PASSWORD_LEN
Definition: ssh.h:262
sshRegisterCertVerifyCallback
error_t sshRegisterCertVerifyCallback(SshContext *context, SshCertVerifyCallback callback)
Register certificate verification callback function.
Definition: ssh.c:307
ERROR_TIMEOUT
@ ERROR_TIMEOUT
Definition: error.h:95
char_t
char char_t
Definition: compiler_port.h:55
SSH_MAX_GLOBAL_REQ_CALLBACKS
#define SSH_MAX_GLOBAL_REQ_CALLBACKS
Definition: ssh.h:192
SshHostKey::publicKeyAlgo
const char_t * publicKeyAlgo
Public key algorithm to use during user authentication.
Definition: ssh.h:1151
sshUnregisterChannelOpenCallback
error_t sshUnregisterChannelOpenCallback(SshContext *context, SshChannelOpenCallback callback)
Unregister channel open callback function.
Definition: ssh.c:839
osDeleteMutex
void osDeleteMutex(OsMutex *mutex)
Delete a mutex object.
Definition: os_port_chibios.c:385
SshPublicKeyAuthCallback
error_t(* SshPublicKeyAuthCallback)(SshConnection *connection, const char_t *user, const uint8_t *publicKey, size_t publicKeyLen)
Public key authentication callback function.
Definition: ssh.h:1196
sshSetPrng
error_t sshSetPrng(SshContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: ssh.c:193
SshChannelEventDesc
Structure describing channel events.
Definition: ssh.h:1551
n
uint8_t n
Definition: dhcpv6_common.h:416
RsaPrivateKey
RSA private key.
Definition: rsa.h:68
osWaitForEvent
bool_t osWaitForEvent(OsEvent *event, systime_t timeout)
Wait until the specified event is in the signaled state.
Definition: os_port_chibios.c:229
SSH_CHANNEL_EVENT_RX_READY
@ SSH_CHANNEL_EVENT_RX_READY
Definition: ssh.h:1106
ERROR_READ_FAILED
@ ERROR_READ_FAILED
Definition: error.h:224
ERROR_WRITE_FAILED
@ ERROR_WRITE_FAILED
Definition: error.h:223
SshConnection
#define SshConnection
Definition: ssh.h:874
SSH_FLAG_EOF
@ SSH_FLAG_EOF
Definition: ssh.h:915
osAcquireMutex
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
Definition: os_port_chibios.c:396
SSH_MAX_CONN_OPEN_CALLBACKS
#define SSH_MAX_CONN_OPEN_CALLBACKS
Definition: ssh.h:213
osReleaseMutex
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
Definition: os_port_chibios.c:408
SSH_MAX_DH_MODULUS_SIZE
#define SSH_MAX_DH_MODULUS_SIZE
Definition: ssh.h:689
SSH_CHANNEL_STATE_RESERVED
@ SSH_CHANNEL_STATE_RESERVED
Definition: ssh.h:1074
SSH_MAX_DH_GEX_GROUPS
#define SSH_MAX_DH_GEX_GROUPS
Definition: ssh.h:668
sshSetUsername
error_t sshSetUsername(SshContext *context, const char_t *username)
Set the user name to be used for authentication.
Definition: ssh.c:221
osCreateEvent
bool_t osCreateEvent(OsEvent *event)
Create an event object.
Definition: os_port_chibios.c:176
ecInitPrivateKey
void ecInitPrivateKey(EcPrivateKey *key)
Initialize an EC private key.
Definition: ec.c:80
sshImportEcdsaPublicKey
error_t sshImportEcdsaPublicKey(EcPublicKey *publicKey, const char_t *input, size_t length)
Decode an SSH public key file containing an ECDSA public key.
Definition: ssh_key_import.c:253
ssh_cert_import.h
SSH certificate import functions.
SSH_MAX_CHANNEL_REQ_CALLBACKS
#define SSH_MAX_CHANNEL_REQ_CALLBACKS
Definition: ssh.h:199
ssh_misc.h
SSH helper functions.
sshUpdateChannelWindow
error_t sshUpdateChannelWindow(SshChannel *channel, uint32_t windowSizeInc)
Update channel flow-control window.
Definition: ssh_channel.c:577
SshPasswordAuthCallback
SshAuthStatus(* SshPasswordAuthCallback)(SshConnection *connection, const char_t *user, const char_t *password, size_t passwordLen)
Password authentication callback function.
Definition: ssh.h:1212
sshRegisterUserEvents
void sshRegisterUserEvents(SshChannel *channel, OsEvent *event, uint_t eventMask)
Subscribe to the specified channel events.
Definition: ssh_misc.c:620
eddsaFreePublicKey
void eddsaFreePublicKey(EddsaPublicKey *key)
Release an EdDSA public key.
Definition: eddsa.c:63
sshImportEd25519PrivateKey
error_t sshImportEd25519PrivateKey(EddsaPrivateKey *privateKey, const char_t *input, size_t length, const char_t *password)
Decode an SSH private key file containing an Ed25519 private key.
Definition: ssh_key_import.c:960
sshRegisterPublicKeyAuthCallback
error_t sshRegisterPublicKeyAuthCallback(SshContext *context, SshPublicKeyAuthCallback callback)
Register public key authentication callback function.
Definition: ssh.c:369
SshHostKey::privateKeyLen
size_t privateKeyLen
Length of the private key.
Definition: ssh.h:1148
ERROR_INVALID_PASSWORD
@ ERROR_INVALID_PASSWORD
Definition: error.h:281
sshImportRsaPublicKey
error_t sshImportRsaPublicKey(RsaPublicKey *publicKey, const char_t *input, size_t length)
Decode an SSH public key file containing an RSA public key.
Definition: ssh_key_import.c:87
DhParameters
Diffie-Hellman parameters.
Definition: dh.h:49
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
SSH_CHANNEL_STATE_CLOSED
@ SSH_CHANNEL_STATE_CLOSED
Definition: ssh.h:1076
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
sshSetOperationMode
error_t sshSetOperationMode(SshContext *context, SshOperationMode mode)
Set operation mode (client or server)
Definition: ssh.c:167
sshSetChannelTimeout
error_t sshSetChannelTimeout(SshChannel *channel, systime_t timeout)
Set timeout for read/write operations.
Definition: ssh.c:2023
SshSignGenCallback
error_t(* SshSignGenCallback)(SshConnection *connection, const char_t *publicKeyAlgo, const SshHostKey *hostKey, const SshBinaryString *sessionId, const SshBinaryString *message, uint8_t *p, size_t *written)
Signature generation callback function.
Definition: ssh.h:1229
sshUnregisterGlobalRequestCallback
error_t sshUnregisterGlobalRequestCallback(SshContext *context, SshGlobalReqCallback callback)
Unregister global request callback function.
Definition: ssh.c:665
ssh.h
Secure Shell (SSH)
ssh_algorithms.h
SSH algorithm negotiation.
sshLoadHostKey
error_t sshLoadHostKey(SshContext *context, uint_t index, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's host key.
Definition: ssh.c:1353
SshHostKeyVerifyCallback
error_t(* SshHostKeyVerifyCallback)(SshConnection *connection, const uint8_t *hostKey, size_t hostKeyLen)
Host key verification callback function.
Definition: ssh.h:1172
eddsaInitPublicKey
void eddsaInitPublicKey(EddsaPublicKey *key)
Initialize an EdDSA public key.
Definition: eddsa.c:48
SSH_MAX_USERNAME_LEN
#define SSH_MAX_USERNAME_LEN
Definition: ssh.h:255
dhFreeParameters
void dhFreeParameters(DhParameters *params)
Release Diffie-Hellman parameters.
Definition: dh.c:102
osStrcpy
#define osStrcpy(s1, s2)
Definition: os_port.h:210
SSH_CHANNEL_STATE_UNUSED
@ SSH_CHANNEL_STATE_UNUSED
Definition: ssh.h:1073
dsaFreePublicKey
void dsaFreePublicKey(DsaPublicKey *key)
Release a DSA public key.
Definition: dsa.c:119
sshLoadCertificate
error_t sshLoadCertificate(SshContext *context, uint_t index, const char_t *cert, size_t certLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
Definition: ssh.c:1678
dsaInitPublicKey
void dsaInitPublicKey(DsaPublicKey *key)
Initialize a DSA public key.
Definition: dsa.c:105
ERROR_INVALID_KEY
@ ERROR_INVALID_KEY
Definition: error.h:106
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
c
uint8_t c
Definition: ndp.h:514
debug.h
Debugging facilities.
sshGetCertType
const char_t * sshGetCertType(const char_t *input, size_t length)
Get SSH certificate type.
Definition: ssh_cert_import.c:343
rsaInitPublicKey
void rsaInitPublicKey(RsaPublicKey *key)
Initialize an RSA public key.
Definition: rsa.c:100
sshImportEd448PublicKey
error_t sshImportEd448PublicKey(EddsaPublicKey *publicKey, const char_t *input, size_t length)
Decode an SSH public key file containing an Ed448 public key.
Definition: ssh_key_import.c:420
SshChannel
#define SshChannel
Definition: ssh.h:878
ecFreePublicKey
void ecFreePublicKey(EcPublicKey *key)
Release an EC public key.
Definition: ec.c:68
sshLoadRsaKey
error_t sshLoadRsaKey(SshContext *context, uint_t index, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load transient RSA key (for RSA key exchange)
Definition: ssh.c:1087
INFINITE_DELAY
#define INFINITE_DELAY
Definition: os_port.h:75
dhInitParameters
void dhInitParameters(DhParameters *params)
Initialize Diffie-Hellman parameters.
Definition: dh.c:88
sshWaitForChannelEvents
uint_t sshWaitForChannelEvents(SshChannel *channel, uint_t eventMask, systime_t timeout)
Wait for a particular SSH channel event.
Definition: ssh_channel.c:345
sshImportEd25519PublicKey
error_t sshImportEd25519PublicKey(EddsaPublicKey *publicKey, const char_t *input, size_t length)
Decode an SSH public key file containing an Ed25519 public key.
Definition: ssh_key_import.c:336