ssh.c
Go to the documentation of this file.
1 /**
2  * @file ssh.c
3  * @brief Secure Shell (SSH)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2019-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSH Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL SSH_TRACE_LEVEL
33 
34 //Dependencies
35 #include "ssh/ssh.h"
36 #include "ssh/ssh_algorithms.h"
37 #include "ssh/ssh_channel.h"
38 #include "ssh/ssh_key_import.h"
39 #include "ssh/ssh_cert_import.h"
40 #include "ssh/ssh_misc.h"
41 #include "pkix/pem_import.h"
42 #include "debug.h"
43 
44 //Check SSH stack configuration
45 #if (SSH_SUPPORT == ENABLED)
46 
47 
48 /**
49  * @brief SSH context initialization
50  * @param[in] context Pointer to the SSH context
51  * @param[in] connections SSH connections
52  * @param[in] numConnections Maximum number of SSH connections
53  * @param[in] channels SSH channels
54  * @param[in] numChannels Maximum number of SSH channels
55  * @return Error code
56  **/
57 
58 error_t sshInit(SshContext *context, SshConnection *connections,
59  uint_t numConnections, SshChannel *channels, uint_t numChannels)
60 {
61  uint_t i;
62  error_t error;
63  SshConnection *connection;
64  SshChannel *channel;
65 
66  //Check parameters
67  if(context == NULL || connections == NULL || numConnections == 0 ||
68  channels == NULL || numChannels == 0)
69  {
71  }
72 
73  //Initialize status code
74  error = NO_ERROR;
75 
76  //Clear SSH context
77  osMemset(context, 0, sizeof(SshContext));
78 
79  //Attach SSH connections
80  context->numConnections = numConnections;
81  context->connections = connections;
82 
83  //Attach SSH channels
84  context->numChannels = numChannels;
85  context->channels = channels;
86 
87  //Start of exception handling block
88  do
89  {
90  //Create a mutex to prevent simultaneous access to the SSH context
91  if(!osCreateMutex(&context->mutex))
92  {
93  //Report an error
94  error = ERROR_OUT_OF_RESOURCES;
95  break;
96  }
97 
98  //Create an event object to manage connection events
99  if(!osCreateEvent(&context->event))
100  {
101  //Report an error
102  error = ERROR_OUT_OF_RESOURCES;
103  break;
104  }
105 
106  //Loop through SSH connections
107  for(i = 0; i < context->numConnections; i++)
108  {
109  //Point to the structure describing the current connection
110  connection = &context->connections[i];
111 
112  //Clear associated structure
113  osMemset(connection, 0, sizeof(SshConnection));
114  //Attach SSH context
115  connection->context = context;
116  //Index of the selected host key
117  connection->hostKeyIndex = -1;
118  //Set default state
119  connection->state = SSH_CONN_STATE_CLOSED;
120  }
121 
122  //Loop through SSH channels
123  for(i = 0; i < context->numChannels; i++)
124  {
125  //Point to the structure describing the current channel
126  channel = &context->channels[i];
127 
128  //Clear associated structure
129  osMemset(channel, 0, sizeof(SshChannel));
130  //Attach SSH context
131  channel->context = context;
132  //Set default state
133  channel->state = SSH_CHANNEL_STATE_UNUSED;
134 
135  //Create an event object to manage channel events
136  if(!osCreateEvent(&channel->event))
137  {
138  //Report an error
139  error = ERROR_OUT_OF_RESOURCES;
140  break;
141  }
142  }
143 
144  //End of exception handling block
145  } while(0);
146 
147  //Check status code
148  if(error)
149  {
150  //Clean up side effects
151  sshDeinit(context);
152  }
153 
154  //Return status code
155  return error;
156 }
157 
158 
159 /**
160  * @brief Set operation mode (client or server)
161  * @param[in] context Pointer to the SSH context
162  * @param[in] mode Specifies whether this entity is considered a client or a
163  * server
164  * @return Error code
165  **/
166 
168 {
169  //Invalid SSH context?
170  if(context == NULL)
172 
173  //Check parameters
176 
177  //Check whether SSH operates as a client or a server
178  context->mode = mode;
179 
180  //Successful processing
181  return NO_ERROR;
182 }
183 
184 
185 /**
186  * @brief Set the pseudo-random number generator to be used
187  * @param[in] context Pointer to the SSH context
188  * @param[in] prngAlgo PRNG algorithm
189  * @param[in] prngContext Pointer to the PRNG context
190  * @return Error code
191  **/
192 
193 error_t sshSetPrng(SshContext *context, const PrngAlgo *prngAlgo,
194  void *prngContext)
195 {
196  //Invalid SSH context?
197  if(context == NULL)
199 
200  //Check parameters
201  if(prngAlgo == NULL || prngContext == NULL)
203 
204  //PRNG algorithm that will be used to generate random numbers
205  context->prngAlgo = prngAlgo;
206  //PRNG context
207  context->prngContext = prngContext;
208 
209  //Successful processing
210  return NO_ERROR;
211 }
212 
213 
214 /**
215  * @brief Set the user name to be used for authentication
216  * @param[in] context Pointer to the SSH context
217  * @param[in] username NULL-terminated string containing the user name
218  * @return Error code
219  **/
220 
221 error_t sshSetUsername(SshContext *context, const char_t *username)
222 {
223 #if (SSH_CLIENT_SUPPORT == ENABLED)
224  //Check parameters
225  if(context == NULL || username == NULL)
227 
228  //Make sure the length of the user name is acceptable
229  if(osStrlen(username) > SSH_MAX_USERNAME_LEN)
230  return ERROR_INVALID_LENGTH;
231 
232  //Save user name
233  osStrcpy(context->username, username);
234 
235  //Successful processing
236  return NO_ERROR;
237 #else
238  //Not implemented
239  return ERROR_NOT_IMPLEMENTED;
240 #endif
241 }
242 
243 
244 /**
245  * @brief Set the password to be used for authentication
246  * @param[in] context Pointer to the SSH context
247  * @param[in] password NULL-terminated string containing the password
248  * @return Error code
249  **/
250 
251 error_t sshSetPassword(SshContext *context, const char_t *password)
252 {
253 #if (SSH_CLIENT_SUPPORT == ENABLED)
254  //Check parameters
255  if(context == NULL || password == NULL)
257 
258  //Make sure the length of the password is acceptable
259  if(osStrlen(password) > SSH_MAX_PASSWORD_LEN)
260  return ERROR_INVALID_LENGTH;
261 
262  //Save password
263  osStrcpy(context->password, password);
264 
265  //Successful processing
266  return NO_ERROR;
267 #else
268  //Not implemented
269  return ERROR_NOT_IMPLEMENTED;
270 #endif
271 }
272 
273 
274 /**
275  * @brief Register host key verification callback function
276  * @param[in] context Pointer to the SSH context
277  * @param[in] callback Host key verification callback function
278  * @return Error code
279  **/
280 
282  SshHostKeyVerifyCallback callback)
283 {
284  //Check parameters
285  if(context == NULL || callback == NULL)
287 
288  //Acquire exclusive access to the SSH context
289  osAcquireMutex(&context->mutex);
290  //Save callback function
291  context->hostKeyVerifyCallback = callback;
292  //Release exclusive access to the SSH context
293  osReleaseMutex(&context->mutex);
294 
295  //Successful processing
296  return NO_ERROR;
297 }
298 
299 
300 /**
301  * @brief Register certificate verification callback function
302  * @param[in] context Pointer to the SSH context
303  * @param[in] callback Certificate verification callback function
304  * @return Error code
305  **/
306 
308  SshCertVerifyCallback callback)
309 {
310 #if (SSH_CERT_SUPPORT == ENABLED)
311  //Check parameters
312  if(context == NULL || callback == NULL)
314 
315  //Acquire exclusive access to the SSH context
316  osAcquireMutex(&context->mutex);
317  //Save callback function
318  context->certVerifyCallback = callback;
319  //Release exclusive access to the SSH context
320  osReleaseMutex(&context->mutex);
321 
322  //Successful processing
323  return NO_ERROR;
324 #else
325  //Not implemented
326  return ERROR_NOT_IMPLEMENTED;
327 #endif
328 }
329 
330 
331 /**
332  * @brief Register CA public key verification callback function
333  * @param[in] context Pointer to the SSH context
334  * @param[in] callback CA public key verification callback function
335  * @return Error code
336  **/
337 
340 {
341 #if (SSH_CERT_SUPPORT == ENABLED)
342  //Check parameters
343  if(context == NULL || callback == NULL)
345 
346  //Acquire exclusive access to the SSH context
347  osAcquireMutex(&context->mutex);
348  //Save callback function
349  context->caPublicKeyVerifyCallback = callback;
350  //Release exclusive access to the SSH context
351  osReleaseMutex(&context->mutex);
352 
353  //Successful processing
354  return NO_ERROR;
355 #else
356  //Not implemented
357  return ERROR_NOT_IMPLEMENTED;
358 #endif
359 }
360 
361 
362 /**
363  * @brief Register public key authentication callback function
364  * @param[in] context Pointer to the SSH context
365  * @param[in] callback Public key authentication callback function
366  * @return Error code
367  **/
368 
370  SshPublicKeyAuthCallback callback)
371 {
372 #if (SSH_PUBLIC_KEY_AUTH_SUPPORT == ENABLED)
373  //Check parameters
374  if(context == NULL || callback == NULL)
376 
377  //Acquire exclusive access to the SSH context
378  osAcquireMutex(&context->mutex);
379  //Save callback function
380  context->publicKeyAuthCallback = callback;
381  //Release exclusive access to the SSH context
382  osReleaseMutex(&context->mutex);
383 
384  //Successful processing
385  return NO_ERROR;
386 #else
387  //Not implemented
388  return ERROR_NOT_IMPLEMENTED;
389 #endif
390 }
391 
392 
393 /**
394  * @brief Register certificate authentication callback function
395  * @param[in] context Pointer to the SSH context
396  * @param[in] callback Certificate authentication callback function
397  * @return Error code
398  **/
399 
401  SshCertAuthCallback callback)
402 {
403 #if (SSH_PUBLIC_KEY_AUTH_SUPPORT == ENABLED && SSH_CERT_SUPPORT == ENABLED)
404  //Check parameters
405  if(context == NULL || callback == NULL)
407 
408  //Acquire exclusive access to the SSH context
409  osAcquireMutex(&context->mutex);
410  //Save callback function
411  context->certAuthCallback = callback;
412  //Release exclusive access to the SSH context
413  osReleaseMutex(&context->mutex);
414 
415  //Successful processing
416  return NO_ERROR;
417 #else
418  //Not implemented
419  return ERROR_NOT_IMPLEMENTED;
420 #endif
421 }
422 
423 
424 /**
425  * @brief Register password authentication callback function
426  * @param[in] context Pointer to the SSH context
427  * @param[in] callback Password authentication callback function
428  * @return Error code
429  **/
430 
432  SshPasswordAuthCallback callback)
433 {
434 #if (SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
435  //Check parameters
436  if(context == NULL || callback == NULL)
438 
439  //Acquire exclusive access to the SSH context
440  osAcquireMutex(&context->mutex);
441  //Save callback function
442  context->passwordAuthCallback = callback;
443  //Release exclusive access to the SSH context
444  osReleaseMutex(&context->mutex);
445 
446  //Successful processing
447  return NO_ERROR;
448 #else
449  //Not implemented
450  return ERROR_NOT_IMPLEMENTED;
451 #endif
452 }
453 
454 
455 /**
456  * @brief Register password change callback function
457  * @param[in] context Pointer to the SSH context
458  * @param[in] callback Password change callback function
459  * @return Error code
460  **/
461 
463  SshPasswordChangeCallback callback)
464 {
465 #if (SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
466  //Check parameters
467  if(context == NULL || callback == NULL)
469 
470  //Acquire exclusive access to the SSH context
471  osAcquireMutex(&context->mutex);
472  //Save callback function
473  context->passwordChangeCallback = callback;
474  //Release exclusive access to the SSH context
475  osReleaseMutex(&context->mutex);
476 
477  //Successful processing
478  return NO_ERROR;
479 #else
480  //Not implemented
481  return ERROR_NOT_IMPLEMENTED;
482 #endif
483 }
484 
485 
486 /**
487  * @brief Register signature generation callback function
488  * @param[in] context Pointer to the SSH context
489  * @param[in] callback Signature generation callback function
490  * @return Error code
491  **/
492 
494  SshSignGenCallback callback)
495 {
496 #if (SSH_SIGN_CALLBACK_SUPPORT == ENABLED)
497  //Check parameters
498  if(context == NULL || callback == NULL)
500 
501  //Acquire exclusive access to the SSH context
502  osAcquireMutex(&context->mutex);
503  //Save callback function
504  context->signGenCallback = callback;
505  //Release exclusive access to the SSH context
506  osReleaseMutex(&context->mutex);
507 
508  //Successful processing
509  return NO_ERROR;
510 #else
511  //Not implemented
512  return ERROR_NOT_IMPLEMENTED;
513 #endif
514 }
515 
516 
517 /**
518  * @brief Register signature verification callback function
519  * @param[in] context Pointer to the SSH context
520  * @param[in] callback Signature verification callback function
521  * @return Error code
522  **/
523 
525  SshSignVerifyCallback callback)
526 {
527 #if (SSH_SIGN_CALLBACK_SUPPORT == ENABLED)
528  //Check parameters
529  if(context == NULL || callback == NULL)
531 
532  //Acquire exclusive access to the SSH context
533  osAcquireMutex(&context->mutex);
534  //Save callback function
535  context->signVerifyCallback = callback;
536  //Release exclusive access to the SSH context
537  osReleaseMutex(&context->mutex);
538 
539  //Successful processing
540  return NO_ERROR;
541 #else
542  //Not implemented
543  return ERROR_NOT_IMPLEMENTED;
544 #endif
545 }
546 
547 
548 /**
549  * @brief Register ECDH key pair generation callback function
550  * @param[in] context Pointer to the SSH context
551  * @param[in] callback ECDH key pair generation callback function
552  * @return Error code
553  **/
554 
556  SshEcdhKeyPairGenCallback callback)
557 {
558 #if (SSH_ECDH_CALLBACK_SUPPORT == ENABLED)
559  //Check parameters
560  if(context == NULL || callback == NULL)
562 
563  //Acquire exclusive access to the SSH context
564  osAcquireMutex(&context->mutex);
565  //Save callback function
566  context->ecdhKeyPairGenCallback = callback;
567  //Release exclusive access to the SSH context
568  osReleaseMutex(&context->mutex);
569 
570  //Successful processing
571  return NO_ERROR;
572 #else
573  //Not implemented
574  return ERROR_NOT_IMPLEMENTED;
575 #endif
576 }
577 
578 
579 /**
580  * @brief Register ECDH shared secret calculation callback function
581  * @param[in] context Pointer to the SSH context
582  * @param[in] callback ECDH shared secret calculation callback function
583  * @return Error code
584  **/
585 
588 {
589 #if (SSH_ECDH_CALLBACK_SUPPORT == ENABLED)
590  //Check parameters
591  if(context == NULL || callback == NULL)
593 
594  //Acquire exclusive access to the SSH context
595  osAcquireMutex(&context->mutex);
596  //Save callback function
597  context->ecdhSharedSecretCalcCallback = callback;
598  //Release exclusive access to the SSH context
599  osReleaseMutex(&context->mutex);
600 
601  //Successful processing
602  return NO_ERROR;
603 #else
604  //Not implemented
605  return ERROR_NOT_IMPLEMENTED;
606 #endif
607 }
608 
609 
610 /**
611  * @brief Register global request callback function
612  * @param[in] context Pointer to the SSH context
613  * @param[in] callback Global request callback function
614  * @param[in] param An opaque pointer passed to the callback function
615  * @return Error code
616  **/
617 
619  SshGlobalReqCallback callback, void *param)
620 {
621  error_t error;
622  uint_t i;
623 
624  //Check parameters
625  if(context == NULL || callback == NULL)
627 
628  //Acquire exclusive access to the SSH context
629  osAcquireMutex(&context->mutex);
630 
631  //Initialize status code
632  error = ERROR_OUT_OF_RESOURCES;
633 
634  //Multiple callbacks may be registered
635  for(i = 0; i < SSH_MAX_GLOBAL_REQ_CALLBACKS && error; i++)
636  {
637  //Unused entry?
638  if(context->globalReqCallback[i] == NULL)
639  {
640  //Save callback function
641  context->globalReqCallback[i] = callback;
642  //This opaque pointer will be directly passed to the callback function
643  context->globalReqParam[i] = param;
644 
645  //We are done
646  error = NO_ERROR;
647  }
648  }
649 
650  //Release exclusive access to the SSH context
651  osReleaseMutex(&context->mutex);
652 
653  //Return status code
654  return error;
655 }
656 
657 
658 /**
659  * @brief Unregister global request callback function
660  * @param[in] context Pointer to the SSH context
661  * @param[in] callback Previously registered callback function
662  * @return Error code
663  **/
664 
666  SshGlobalReqCallback callback)
667 {
668  uint_t i;
669 
670  //Check parameters
671  if(context == NULL || callback == NULL)
673 
674  //Acquire exclusive access to the SSH context
675  osAcquireMutex(&context->mutex);
676 
677  //Loop through registered callback functions
678  for(i = 0; i < SSH_MAX_GLOBAL_REQ_CALLBACKS; i++)
679  {
680  //Matching entry?
681  if(context->globalReqCallback[i] == callback)
682  {
683  //Unregister callback function
684  context->globalReqCallback[i] = NULL;
685  context->globalReqParam[i] = NULL;
686  }
687  }
688 
689  //Release exclusive access to the SSH context
690  osReleaseMutex(&context->mutex);
691 
692  //Successful processing
693  return NO_ERROR;
694 }
695 
696 
697 /**
698  * @brief Register channel request callback function
699  * @param[in] context Pointer to the SSH context
700  * @param[in] callback Channel request callback function
701  * @param[in] param An opaque pointer passed to the callback function
702  * @return Error code
703  **/
704 
706  SshChannelReqCallback callback, void *param)
707 {
708  error_t error;
709  uint_t i;
710 
711  //Check parameters
712  if(context == NULL || callback == NULL)
714 
715  //Acquire exclusive access to the SSH context
716  osAcquireMutex(&context->mutex);
717 
718  //Initialize status code
719  error = ERROR_OUT_OF_RESOURCES;
720 
721  //Multiple callbacks may be registered
722  for(i = 0; i < SSH_MAX_CHANNEL_REQ_CALLBACKS && error; i++)
723  {
724  //Unused entry?
725  if(context->channelReqCallback[i] == NULL)
726  {
727  //Save callback function
728  context->channelReqCallback[i] = callback;
729  //This opaque pointer will be directly passed to the callback function
730  context->channelReqParam[i] = param;
731 
732  //We are done
733  error = NO_ERROR;
734  }
735  }
736 
737  //Release exclusive access to the SSH context
738  osReleaseMutex(&context->mutex);
739 
740  //Return status code
741  return error;
742 }
743 
744 
745 /**
746  * @brief Unregister channel request callback function
747  * @param[in] context Pointer to the SSH context
748  * @param[in] callback Previously registered callback function
749  * @return Error code
750  **/
751 
753  SshChannelReqCallback callback)
754 {
755  uint_t i;
756 
757  //Check parameters
758  if(context == NULL || callback == NULL)
760 
761  //Acquire exclusive access to the SSH context
762  osAcquireMutex(&context->mutex);
763 
764  //Loop through registered callback functions
765  for(i = 0; i < SSH_MAX_CHANNEL_REQ_CALLBACKS; i++)
766  {
767  //Matching entry?
768  if(context->channelReqCallback[i] == callback)
769  {
770  //Unregister callback function
771  context->channelReqCallback[i] = NULL;
772  context->channelReqParam[i] = NULL;
773  }
774  }
775 
776  //Release exclusive access to the SSH context
777  osReleaseMutex(&context->mutex);
778 
779  //Successful processing
780  return NO_ERROR;
781 }
782 
783 
784 /**
785  * @brief Register channel open callback function
786  * @param[in] context Pointer to the SSH context
787  * @param[in] callback Channel open callback function
788  * @param[in] param An opaque pointer passed to the callback function
789  * @return Error code
790  **/
791 
793  SshChannelOpenCallback callback, void *param)
794 {
795  error_t error;
796  uint_t i;
797 
798  //Check parameters
799  if(context == NULL || callback == NULL)
801 
802  //Acquire exclusive access to the SSH context
803  osAcquireMutex(&context->mutex);
804 
805  //Initialize status code
806  error = ERROR_OUT_OF_RESOURCES;
807 
808  //Multiple callbacks may be registered
809  for(i = 0; i < SSH_MAX_CHANNEL_OPEN_CALLBACKS && error; i++)
810  {
811  //Unused entry?
812  if(context->channelOpenCallback[i] == NULL)
813  {
814  //Save callback function
815  context->channelOpenCallback[i] = callback;
816  //This opaque pointer will be directly passed to the callback function
817  context->channelOpenParam[i] = param;
818 
819  //We are done
820  error = NO_ERROR;
821  }
822  }
823 
824  //Release exclusive access to the SSH context
825  osReleaseMutex(&context->mutex);
826 
827  //Return status code
828  return error;
829 }
830 
831 
832 /**
833  * @brief Unregister channel open callback function
834  * @param[in] context Pointer to the SSH context
835  * @param[in] callback Previously registered callback function
836  * @return Error code
837  **/
838 
840  SshChannelOpenCallback callback)
841 {
842  uint_t i;
843 
844  //Check parameters
845  if(context == NULL || callback == NULL)
847 
848  //Acquire exclusive access to the SSH context
849  osAcquireMutex(&context->mutex);
850 
851  //Loop through registered callback functions
852  for(i = 0; i < SSH_MAX_CHANNEL_OPEN_CALLBACKS; i++)
853  {
854  //Matching entry?
855  if(context->channelOpenCallback[i] == callback)
856  {
857  //Unregister callback function
858  context->channelOpenCallback[i] = NULL;
859  context->channelOpenParam[i] = NULL;
860  }
861  }
862 
863  //Release exclusive access to the SSH context
864  osReleaseMutex(&context->mutex);
865 
866  //Successful processing
867  return NO_ERROR;
868 }
869 
870 
871 /**
872  * @brief Register connection open callback function
873  * @param[in] context Pointer to the SSH context
874  * @param[in] callback Connection open callback function
875  * @param[in] param An opaque pointer passed to the callback function
876  * @return Error code
877  **/
878 
880  SshConnectionOpenCallback callback, void *param)
881 {
882  error_t error;
883  uint_t i;
884 
885  //Check parameters
886  if(context == NULL || callback == NULL)
888 
889  //Acquire exclusive access to the SSH context
890  osAcquireMutex(&context->mutex);
891 
892  //Initialize status code
893  error = ERROR_OUT_OF_RESOURCES;
894 
895  //Multiple callbacks may be registered
896  for(i = 0; i < SSH_MAX_CONN_OPEN_CALLBACKS && error; i++)
897  {
898  //Unused entry?
899  if(context->connectionOpenCallback[i] == NULL)
900  {
901  //Save callback function
902  context->connectionOpenCallback[i] = callback;
903  //This opaque pointer will be directly passed to the callback function
904  context->connectionOpenParam[i] = param;
905 
906  //We are done
907  error = NO_ERROR;
908  }
909  }
910 
911  //Release exclusive access to the SSH context
912  osReleaseMutex(&context->mutex);
913 
914  //Return status code
915  return error;
916 }
917 
918 
919 /**
920  * @brief Unregister connection open callback function
921  * @param[in] context Pointer to the SSH context
922  * @param[in] callback Previously registered callback function
923  * @return Error code
924  **/
925 
927  SshConnectionOpenCallback callback)
928 {
929  uint_t i;
930 
931  //Check parameters
932  if(context == NULL || callback == NULL)
934 
935  //Acquire exclusive access to the SSH context
936  osAcquireMutex(&context->mutex);
937 
938  //Loop through registered callback functions
939  for(i = 0; i < SSH_MAX_CONN_OPEN_CALLBACKS; i++)
940  {
941  //Matching entry?
942  if(context->connectionOpenCallback[i] == callback)
943  {
944  //Unregister callback function
945  context->connectionOpenCallback[i] = NULL;
946  context->connectionOpenParam[i] = NULL;
947  }
948  }
949 
950  //Release exclusive access to the SSH context
951  osReleaseMutex(&context->mutex);
952 
953  //Successful processing
954  return NO_ERROR;
955 }
956 
957 
958 /**
959  * @brief Register connection close callback function
960  * @param[in] context Pointer to the SSH context
961  * @param[in] callback Connection close callback function
962  * @param[in] param An opaque pointer passed to the callback function
963  * @return Error code
964  **/
965 
967  SshConnectionCloseCallback callback, void *param)
968 {
969  error_t error;
970  uint_t i;
971 
972  //Check parameters
973  if(context == NULL || callback == NULL)
975 
976  //Acquire exclusive access to the SSH context
977  osAcquireMutex(&context->mutex);
978 
979  //Initialize status code
980  error = ERROR_OUT_OF_RESOURCES;
981 
982  //Multiple callbacks may be registered
983  for(i = 0; i < SSH_MAX_CONN_CLOSE_CALLBACKS && error; i++)
984  {
985  //Unused entry?
986  if(context->connectionCloseCallback[i] == NULL)
987  {
988  //Save callback function
989  context->connectionCloseCallback[i] = callback;
990  //This opaque pointer will be directly passed to the callback function
991  context->connectionCloseParam[i] = param;
992 
993  //We are done
994  error = NO_ERROR;
995  }
996  }
997 
998  //Release exclusive access to the SSH context
999  osReleaseMutex(&context->mutex);
1000 
1001  //Return status code
1002  return error;
1003 }
1004 
1005 
1006 /**
1007  * @brief Unregister connection close callback function
1008  * @param[in] context Pointer to the SSH context
1009  * @param[in] callback Previously registered callback function
1010  * @return Error code
1011  **/
1012 
1014  SshConnectionCloseCallback callback)
1015 {
1016  uint_t i;
1017 
1018  //Check parameters
1019  if(context == NULL || callback == NULL)
1020  return ERROR_INVALID_PARAMETER;
1021 
1022  //Acquire exclusive access to the SSH context
1023  osAcquireMutex(&context->mutex);
1024 
1025  //Loop through registered callback functions
1026  for(i = 0; i < SSH_MAX_CONN_CLOSE_CALLBACKS; i++)
1027  {
1028  //Matching entry?
1029  if(context->connectionCloseCallback[i] == callback)
1030  {
1031  //Unregister callback function
1032  context->connectionCloseCallback[i] = NULL;
1033  context->connectionCloseParam[i] = NULL;
1034  }
1035  }
1036 
1037  //Release exclusive access to the SSH context
1038  osReleaseMutex(&context->mutex);
1039 
1040  //Successful processing
1041  return NO_ERROR;
1042 }
1043 
1044 
1045 /**
1046  * @brief Register key logging callback function (for debugging purpose only)
1047  * @param[in] context Pointer to the SSH context
1048  * @param[in] callback Key logging callback function
1049  * @return Error code
1050  **/
1051 
1053  SshKeyLogCallback callback)
1054 {
1055 #if (SSH_KEY_LOG_SUPPORT == ENABLED)
1056  //Check parameters
1057  if(context == NULL || callback == NULL)
1058  return ERROR_INVALID_PARAMETER;
1059 
1060  //Save key logging callback function
1061  context->keyLogCallback = callback;
1062 
1063  //Successful processing
1064  return NO_ERROR;
1065 #else
1066  //Key logging is not implemented
1067  return ERROR_NOT_IMPLEMENTED;
1068 #endif
1069 }
1070 
1071 
1072 /**
1073  * @brief Load transient RSA key (for RSA key exchange)
1074  * @param[in] context Pointer to the SSH context
1075  * @param[in] index Zero-based index identifying a slot
1076  * @param[in] publicKey RSA public key (PEM, SSH2 or OpenSSH format). This
1077  * parameter is taken as reference
1078  * @param[in] publicKeyLen Length of the RSA public key
1079  * @param[in] privateKey RSA private key (PEM or OpenSSH format). This
1080  * parameter is taken as reference
1081  * @param[in] password NULL-terminated string containing the password. This
1082  * parameter is required if the private key is encrypted
1083  * @param[in] privateKeyLen Length of the RSA private key
1084  * @return Error code
1085  **/
1086 
1088  const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey,
1089  size_t privateKeyLen, const char_t *password)
1090 {
1091 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_RSA_KEX_SUPPORT == ENABLED)
1092  error_t error;
1093  uint_t k;
1094  RsaPublicKey rsaPublicKey;
1095  RsaPrivateKey rsaPrivateKey;
1096 
1097  //Make sure the SSH context is valid
1098  if(context == NULL)
1099  return ERROR_INVALID_PARAMETER;
1100 
1101  //Check index
1102  if(index >= SSH_MAX_RSA_KEYS)
1103  return ERROR_INVALID_PARAMETER;
1104 
1105  //Check public key
1106  if(publicKey == NULL || publicKeyLen == 0)
1107  return ERROR_INVALID_PARAMETER;
1108 
1109  //Check private key
1110  if(privateKey == NULL || publicKeyLen == 0)
1111  return ERROR_INVALID_PARAMETER;
1112 
1113  //The password if required only for encrypted private keys
1114  if(password != NULL && osStrlen(password) > SSH_MAX_PASSWORD_LEN)
1115  return ERROR_INVALID_PASSWORD;
1116 
1117  //Initialize RSA public and private keys
1118  rsaInitPublicKey(&rsaPublicKey);
1119  rsaInitPrivateKey(&rsaPrivateKey);
1120 
1121  //Check whether the RSA public key is valid
1122  error = sshImportRsaPublicKey(publicKey, publicKeyLen, &rsaPublicKey);
1123 
1124  //Check status code
1125  if(!error)
1126  {
1127  //Check whether the RSA private key is valid
1128  error = sshImportRsaPrivateKey(privateKey, privateKeyLen,
1129  password, &rsaPrivateKey);
1130  }
1131 
1132  //Check status code
1133  if(!error)
1134  {
1135  //Get the length of the modulus, in bits
1136  k = mpiGetBitLength(&rsaPublicKey.n);
1137 
1138  //Make sure the prime modulus is acceptable
1139  if(k < SSH_MIN_RSA_MODULUS_SIZE || k > SSH_MAX_RSA_MODULUS_SIZE)
1140  {
1141  //Report an error
1142  error = ERROR_INVALID_LENGTH;
1143  }
1144  }
1145 
1146  //Release previously allocated memory
1147  rsaFreePublicKey(&rsaPublicKey);
1148  rsaFreePrivateKey(&rsaPrivateKey);
1149 
1150  //Check status code
1151  if(!error)
1152  {
1153  //Acquire exclusive access to the SSH context
1154  osAcquireMutex(&context->mutex);
1155 
1156  //Save the length of the modulus, in bits
1157  context->rsaKeys[index].modulusSize = k;
1158 
1159  //Save public key (PEM, SSH2 or OpenSSH format)
1160  context->rsaKeys[index].publicKey = publicKey;
1161  context->rsaKeys[index].publicKeyLen = publicKeyLen;
1162 
1163  //Save private key (PEM or OpenSSH format)
1164  context->rsaKeys[index].privateKey = privateKey;
1165  context->rsaKeys[index].privateKeyLen = privateKeyLen;
1166 
1167  //The password if required only for encrypted private keys
1168  if(password != NULL)
1169  {
1170  osStrcpy(context->rsaKeys[index].password, password);
1171  }
1172  else
1173  {
1174  osStrcpy(context->rsaKeys[index].password, "");
1175  }
1176 
1177  //Release exclusive access to the SSH context
1178  osReleaseMutex(&context->mutex);
1179  }
1180 
1181  //Return status code
1182  return error;
1183 #else
1184  //Not implemented
1185  return ERROR_NOT_IMPLEMENTED;
1186 #endif
1187 }
1188 
1189 
1190 /**
1191  * @brief Unload transient RSA key (for RSA key exchange)
1192  * @param[in] context Pointer to the SSH context
1193  * @param[in] index Zero-based index identifying a slot
1194  * @return Error code
1195  **/
1196 
1198 {
1199 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_RSA_KEX_SUPPORT == ENABLED)
1200  //Make sure the SSH context is valid
1201  if(context == NULL)
1202  return ERROR_INVALID_PARAMETER;
1203 
1204  //Check index
1205  if(index >= SSH_MAX_RSA_KEYS)
1206  return ERROR_INVALID_PARAMETER;
1207 
1208  //Acquire exclusive access to the SSH context
1209  osAcquireMutex(&context->mutex);
1210  //Unload the specified transient RSA key
1211  osMemset(&context->rsaKeys[index], 0, sizeof(SshRsaKey));
1212  //Release exclusive access to the SSH context
1213  osReleaseMutex(&context->mutex);
1214 
1215  //Successful processing
1216  return NO_ERROR;
1217 #else
1218  //Not implemented
1219  return ERROR_NOT_IMPLEMENTED;
1220 #endif
1221 }
1222 
1223 
1224 /**
1225  * @brief Load Diffie-Hellman group
1226  * @param[in] context Pointer to the SSH context
1227  * @param[in] index Zero-based index identifying a slot
1228  * @param[in] dhParams Diffie-Hellman parameters (PEM format). This parameter
1229  * is taken as reference
1230  * @param[in] dhParamsLen Length of the Diffie-Hellman parameters
1231  * @return Error code
1232  **/
1233 
1235  const char_t *dhParams, size_t dhParamsLen)
1236 {
1237 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1238  error_t error;
1239  uint_t k;
1240  DhParameters params;
1241 
1242  //Make sure the SSH context is valid
1243  if(context == NULL)
1244  return ERROR_INVALID_PARAMETER;
1245 
1246  //The implementation limits the number of Diffie-Hellman groups that can
1247  //be loaded
1248  if(index >= SSH_MAX_DH_GEX_GROUPS)
1249  return ERROR_INVALID_PARAMETER;
1250 
1251  //Check Diffie-Hellman parameters
1252  if(dhParams == NULL || dhParamsLen == 0)
1253  return ERROR_INVALID_PARAMETER;
1254 
1255  //Initialize Diffie-Hellman parameters
1256  dhInitParameters(&params);
1257 
1258  //Decode the PEM structure that holds Diffie-Hellman parameters
1259  error = pemImportDhParameters(dhParams, dhParamsLen, &params);
1260 
1261  //Check status code
1262  if(!error)
1263  {
1264  //Get the length of the prime modulus, in bits
1265  k = mpiGetBitLength(&params.p);
1266 
1267  //Make sure the prime modulus is acceptable
1268  if(k < SSH_MIN_DH_MODULUS_SIZE || k > SSH_MAX_DH_MODULUS_SIZE)
1269  {
1270  //Report an error
1271  error = ERROR_INVALID_LENGTH;
1272  }
1273  }
1274 
1275  //Release previously allocated memory
1276  dhFreeParameters(&params);
1277 
1278  //Check status code
1279  if(!error)
1280  {
1281  //Acquire exclusive access to the SSH context
1282  osAcquireMutex(&context->mutex);
1283 
1284  //Save the length of the prime modulus, in bits
1285  context->dhGexGroups[index].dhModulusSize = k;
1286 
1287  //Save Diffie-Hellman parameters (PEM format)
1288  context->dhGexGroups[index].dhParams = dhParams;
1289  context->dhGexGroups[index].dhParamsLen = dhParamsLen;
1290 
1291  //Release exclusive access to the SSH context
1292  osReleaseMutex(&context->mutex);
1293  }
1294 
1295  //Return status code
1296  return error;
1297 #else
1298  //Not implemented
1299  return ERROR_NOT_IMPLEMENTED;
1300 #endif
1301 }
1302 
1303 
1304 /**
1305  * @brief Unload Diffie-Hellman group
1306  * @param[in] context Pointer to the SSH context
1307  * @param[in] index Zero-based index identifying a slot
1308  * @return Error code
1309  **/
1310 
1312 {
1313 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_DH_GEX_KEX_SUPPORT == ENABLED)
1314  //Make sure the SSH context is valid
1315  if(context == NULL)
1316  return ERROR_INVALID_PARAMETER;
1317 
1318  //Check index
1319  if(index >= SSH_MAX_DH_GEX_GROUPS)
1320  return ERROR_INVALID_PARAMETER;
1321 
1322  //Acquire exclusive access to the SSH context
1323  osAcquireMutex(&context->mutex);
1324  //Unload the specified Diffie-Hellman group
1325  osMemset(&context->dhGexGroups[index], 0, sizeof(SshDhGexGroup));
1326  //Release exclusive access to the SSH context
1327  osReleaseMutex(&context->mutex);
1328 
1329  //Successful processing
1330  return NO_ERROR;
1331 #else
1332  //Not implemented
1333  return ERROR_NOT_IMPLEMENTED;
1334 #endif
1335 }
1336 
1337 
1338 /**
1339  * @brief Load entity's host key
1340  * @param[in] context Pointer to the SSH context
1341  * @param[in] index Zero-based index identifying a slot
1342  * @param[in] publicKey Public key (PEM, SSH2 or OpenSSH format). This parameter
1343  * is taken as reference
1344  * @param[in] publicKeyLen Length of the public key
1345  * @param[in] privateKey Private key (PEM or OpenSSH format). This parameter is
1346  * taken as reference
1347  * @param[in] privateKeyLen Length of the private key
1348  * @param[in] password NULL-terminated string containing the password. This
1349  * parameter is required if the private key is encrypted
1350  * @return Error code
1351  **/
1352 
1354  const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey,
1355  size_t privateKeyLen, const char_t *password)
1356 {
1357  error_t error;
1358  SshHostKey *hostKey;
1359  const char_t *keyType;
1360 
1361  //Make sure the SSH context is valid
1362  if(context == NULL)
1363  return ERROR_INVALID_PARAMETER;
1364 
1365  //The implementation limits the number of host keys that can be loaded
1366  if(index >= SSH_MAX_HOST_KEYS)
1367  return ERROR_INVALID_PARAMETER;
1368 
1369  //Check public key
1370  if(publicKey == NULL || publicKeyLen == 0)
1371  return ERROR_INVALID_PARAMETER;
1372 
1373  //The private key is optional
1374  if(privateKey == NULL && privateKeyLen != 0)
1375  return ERROR_INVALID_PARAMETER;
1376 
1377  //The password if required only for encrypted private keys
1378  if(password != NULL && osStrlen(password) > SSH_MAX_PASSWORD_LEN)
1379  return ERROR_INVALID_PASSWORD;
1380 
1381  //Initialize status code
1382  error = NO_ERROR;
1383 
1384  //Retrieve public key type
1385  keyType = sshGetPublicKeyType(publicKey, publicKeyLen);
1386 
1387 #if (SSH_RSA_SIGN_SUPPORT == ENABLED)
1388  //RSA host key?
1389  if(sshCompareAlgo(keyType, "ssh-rsa"))
1390  {
1391  RsaPublicKey rsaPublicKey;
1392  RsaPrivateKey rsaPrivateKey;
1393 
1394  //Initialize RSA public and private keys
1395  rsaInitPublicKey(&rsaPublicKey);
1396  rsaInitPrivateKey(&rsaPrivateKey);
1397 
1398  //Check whether the RSA public key is valid
1399  error = sshImportRsaPublicKey(publicKey, publicKeyLen, &rsaPublicKey);
1400 
1401  //Check status code
1402  if(!error)
1403  {
1404  //The private key can be omitted if a public-key hardware accelerator
1405  //is used to generate signatures
1406  if(privateKey != NULL)
1407  {
1408  //Check whether the RSA private key is valid
1409  error = sshImportRsaPrivateKey(privateKey, privateKeyLen,
1410  password, &rsaPrivateKey);
1411  }
1412  }
1413 
1414  //Release previously allocated memory
1415  rsaFreePublicKey(&rsaPublicKey);
1416  rsaFreePrivateKey(&rsaPrivateKey);
1417  }
1418  else
1419 #endif
1420 #if (SSH_DSA_SIGN_SUPPORT == ENABLED)
1421  //DSA host key?
1422  if(sshCompareAlgo(keyType, "ssh-dss"))
1423  {
1424  DsaPublicKey dsaPublicKey;
1425  DsaPrivateKey dsaPrivateKey;
1426 
1427  //Initialize DSA public and private keys
1428  dsaInitPublicKey(&dsaPublicKey);
1429  dsaInitPrivateKey(&dsaPrivateKey);
1430 
1431  //Check whether the DSA public key is valid
1432  error = sshImportDsaPublicKey(publicKey, publicKeyLen, &dsaPublicKey);
1433 
1434  //Check status code
1435  if(!error)
1436  {
1437  //The private key can be omitted if a public-key hardware accelerator
1438  //is used to generate signatures
1439  if(privateKey != NULL)
1440  {
1441  //Check whether the DSA private key is valid
1442  error = sshImportDsaPrivateKey(privateKey, privateKeyLen,
1443  password, &dsaPrivateKey);
1444  }
1445  }
1446 
1447  //Release previously allocated memory
1448  dsaFreePublicKey(&dsaPublicKey);
1449  dsaFreePrivateKey(&dsaPrivateKey);
1450  }
1451  else
1452 #endif
1453 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED)
1454  //ECDSA host key?
1455  if(sshCompareAlgo(keyType, "ecdsa-sha2-nistp256") ||
1456  sshCompareAlgo(keyType, "ecdsa-sha2-nistp384") ||
1457  sshCompareAlgo(keyType, "ecdsa-sha2-nistp521"))
1458  {
1459  EcDomainParameters ecParams;
1460  EcPublicKey ecPublicKey;
1461  EcPrivateKey ecPrivateKey;
1462 
1463  //Initialize ECDSA public and private keys
1464  ecInitDomainParameters(&ecParams);
1465  ecInitPublicKey(&ecPublicKey);
1466  ecInitPrivateKey(&ecPrivateKey);
1467 
1468  //Check whether the ECDSA public key is valid
1469  error = sshImportEcdsaPublicKey(publicKey, publicKeyLen, &ecParams,
1470  &ecPublicKey);
1471 
1472  //Check status code
1473  if(!error)
1474  {
1475  //The private key can be omitted if a public-key hardware accelerator
1476  //is used to generate signatures
1477  if(privateKey != NULL)
1478  {
1479  //Check whether the ECDSA private key is valid
1480  error = sshImportEcdsaPrivateKey(privateKey, privateKeyLen,
1481  password, &ecPrivateKey);
1482  }
1483  }
1484 
1485  //Release previously allocated memory
1486  ecFreeDomainParameters(&ecParams);
1487  ecFreePublicKey(&ecPublicKey);
1488  ecFreePrivateKey(&ecPrivateKey);
1489  }
1490  else
1491 #endif
1492 #if (SSH_ED25519_SIGN_SUPPORT == ENABLED)
1493  //Ed25519 host key?
1494  if(sshCompareAlgo(keyType, "ssh-ed25519"))
1495  {
1496  EddsaPublicKey eddsaPublicKey;
1497  EddsaPrivateKey eddsaPrivateKey;
1498 
1499  //Initialize EdDSA public and private keys
1500  eddsaInitPublicKey(&eddsaPublicKey);
1501  eddsaInitPrivateKey(&eddsaPrivateKey);
1502 
1503  //Check whether the EdDSA public key is valid
1504  error = sshImportEd25519PublicKey(publicKey, publicKeyLen,
1505  &eddsaPublicKey);
1506 
1507  //Check status code
1508  if(!error)
1509  {
1510  //The private key can be omitted if a public-key hardware accelerator
1511  //is used to generate signatures
1512  if(privateKey != NULL)
1513  {
1514  //Check whether the EdDSA private key is valid
1515  error = sshImportEd25519PrivateKey(privateKey, privateKeyLen,
1516  password, &eddsaPrivateKey);
1517  }
1518  }
1519 
1520  //Release previously allocated memory
1521  eddsaFreePublicKey(&eddsaPublicKey);
1522  eddsaFreePrivateKey(&eddsaPrivateKey);
1523  }
1524  else
1525 #endif
1526 #if (SSH_ED448_SIGN_SUPPORT == ENABLED)
1527  //Ed448 host key?
1528  if(sshCompareAlgo(keyType, "ssh-ed448"))
1529  {
1530  EddsaPublicKey eddsaPublicKey;
1531  EddsaPrivateKey eddsaPrivateKey;
1532 
1533  //Initialize EdDSA public and private keys
1534  eddsaInitPublicKey(&eddsaPublicKey);
1535  eddsaInitPrivateKey(&eddsaPrivateKey);
1536 
1537  //Check whether the EdDSA public key is valid
1538  error = sshImportEd448PublicKey(publicKey, publicKeyLen,
1539  &eddsaPublicKey);
1540 
1541  //Check status code
1542  if(!error)
1543  {
1544  //The private key can be omitted if a public-key hardware accelerator
1545  //is used to generate signatures
1546  if(privateKey != NULL)
1547  {
1548  //Check whether the EdDSA private key is valid
1549  error = sshImportEd448PrivateKey(privateKey, privateKeyLen,
1550  password, &eddsaPrivateKey);
1551  }
1552  }
1553 
1554  //Release previously allocated memory
1555  eddsaFreePublicKey(&eddsaPublicKey);
1556  eddsaFreePrivateKey(&eddsaPrivateKey);
1557  }
1558  else
1559 #endif
1560  //Invalid host key?
1561  {
1562  //Report an error
1563  error = ERROR_INVALID_KEY;
1564  }
1565 
1566  //Check status code
1567  if(!error)
1568  {
1569  //Acquire exclusive access to the SSH context
1570  osAcquireMutex(&context->mutex);
1571 
1572  //Point to the specified slot
1573  hostKey = &context->hostKeys[index];
1574 
1575  //Set key format identifier
1576  hostKey->keyFormatId = keyType;
1577 
1578  //Save public key (PEM, SSH2 or OpenSSH format)
1579  hostKey->publicKey = publicKey;
1580  hostKey->publicKeyLen = publicKeyLen;
1581 
1582  //Save private key (PEM or OpenSSH format)
1583  hostKey->privateKey = privateKey;
1584  hostKey->privateKeyLen = privateKeyLen;
1585 
1586  //The password if required only for encrypted private keys
1587  if(password != NULL)
1588  {
1589  osStrcpy(hostKey->password, password);
1590  }
1591  else
1592  {
1593  osStrcpy(hostKey->password, "");
1594  }
1595 
1596 #if (SSH_CLIENT_SUPPORT == ENABLED)
1597  //Select the default public key algorithm to use during user
1598  //authentication
1599  hostKey->publicKeyAlgo = sshSelectPublicKeyAlgo(context,
1600  hostKey->keyFormatId, NULL);
1601 #endif
1602 
1603  //Release exclusive access to the SSH context
1604  osReleaseMutex(&context->mutex);
1605  }
1606 
1607  //Return status code
1608  return error;
1609 }
1610 
1611 
1612 /**
1613  * @brief Unload entity's host key
1614  * @param[in] context Pointer to the SSH context
1615  * @param[in] index Zero-based index identifying a slot
1616  * @return Error code
1617  **/
1618 
1620 {
1621  uint_t i;
1622  SshConnection *connection;
1623 
1624  //Make sure the SSH context is valid
1625  if(context == NULL)
1626  return ERROR_INVALID_PARAMETER;
1627 
1628  //Check index
1629  if(index >= SSH_MAX_HOST_KEYS)
1630  return ERROR_INVALID_PARAMETER;
1631 
1632  //Acquire exclusive access to the SSH context
1633  osAcquireMutex(&context->mutex);
1634 
1635  //Loop through SSH connections
1636  for(i = 0; i < context->numConnections; i++)
1637  {
1638  //Point to the structure describing the current connection
1639  connection = &context->connections[i];
1640 
1641  //Key exchange in progress?
1642  if(connection->state > SSH_CONN_STATE_CLOSED &&
1643  connection->state < SSH_CONN_STATE_OPEN)
1644  {
1645  //Check whether the key pair is currently in use
1646  if(connection->hostKeyIndex == index)
1647  {
1648  //Terminate the connection immediately
1649  connection->disconnectRequest = TRUE;
1650  //Notify the SSH core of the event
1651  sshNotifyEvent(context);
1652  }
1653  }
1654  }
1655 
1656  //Unload the specified key pair
1657  osMemset(&context->hostKeys[index], 0, sizeof(SshHostKey));
1658 
1659  //Release exclusive access to the SSH context
1660  osReleaseMutex(&context->mutex);
1661 
1662  //Successful processing
1663  return NO_ERROR;
1664 }
1665 
1666 
1667 /**
1668  * @brief Load entity's certificate
1669  * @param[in] context Pointer to the SSH context
1670  * @param[in] index Zero-based index identifying a slot
1671  * @param[in] cert Certificate (OpenSSH format). This parameter is taken
1672  * as reference
1673  * @param[in] certLen Length of the certificate
1674  * @param[in] privateKey Private key (PEM or OpenSSH format). This parameter
1675  * is taken as reference
1676  * @param[in] privateKeyLen Length of the private key
1677  * @param[in] password NULL-terminated string containing the password. This
1678  * parameter is required if the private key is encrypted
1679  * @return Error code
1680  **/
1681 
1683  const char_t *cert, size_t certLen, const char_t *privateKey,
1684  size_t privateKeyLen, const char_t *password)
1685 {
1686 #if (SSH_CERT_SUPPORT == ENABLED)
1687  error_t error;
1688  SshHostKey *hostKey;
1689  const char_t *certType;
1690 
1691  //Make sure the SSH context is valid
1692  if(context == NULL)
1693  return ERROR_INVALID_PARAMETER;
1694 
1695  //The implementation limits the number of certificates that can be loaded
1696  if(index >= SSH_MAX_HOST_KEYS)
1697  return ERROR_INVALID_PARAMETER;
1698 
1699  //Check certificate
1700  if(cert == NULL || certLen == 0)
1701  return ERROR_INVALID_PARAMETER;
1702 
1703  //The private key is optional
1704  if(privateKey == NULL && privateKeyLen != 0)
1705  return ERROR_INVALID_PARAMETER;
1706 
1707  //The password if required only for encrypted private keys
1708  if(password != NULL && osStrlen(password) > SSH_MAX_PASSWORD_LEN)
1709  return ERROR_INVALID_PASSWORD;
1710 
1711  //Initialize status code
1712  error = NO_ERROR;
1713 
1714  //Retrieve certificate type
1715  certType = sshGetCertType(cert, certLen);
1716 
1717 #if (SSH_RSA_SIGN_SUPPORT == ENABLED)
1718  //RSA certificate?
1719  if(sshCompareAlgo(certType, "ssh-rsa-cert-v01@openssh.com"))
1720  {
1721  RsaPrivateKey rsaPrivateKey;
1722 
1723  //Initialize RSA private key
1724  rsaInitPrivateKey(&rsaPrivateKey);
1725 
1726  //The private key can be omitted if a public-key hardware accelerator
1727  //is used to generate signatures
1728  if(privateKey != NULL)
1729  {
1730  //Check whether the RSA private key is valid
1731  error = sshImportRsaPrivateKey(privateKey, privateKeyLen,
1732  password, &rsaPrivateKey);
1733  }
1734 
1735  //Release previously allocated memory
1736  rsaFreePrivateKey(&rsaPrivateKey);
1737  }
1738  else
1739 #endif
1740 #if (SSH_DSA_SIGN_SUPPORT == ENABLED)
1741  //DSA certificate?
1742  if(sshCompareAlgo(certType, "ssh-dss-cert-v01@openssh.com"))
1743  {
1744  DsaPrivateKey dsaPrivateKey;
1745 
1746  //Initialize DSA private key
1747  dsaInitPrivateKey(&dsaPrivateKey);
1748 
1749  //The private key can be omitted if a public-key hardware accelerator
1750  //is used to generate signatures
1751  if(privateKey != NULL)
1752  {
1753  //Check whether the DSA private key is valid
1754  error = sshImportDsaPrivateKey(privateKey, privateKeyLen,
1755  password, &dsaPrivateKey);
1756  }
1757 
1758  //Release previously allocated memory
1759  dsaFreePrivateKey(&dsaPrivateKey);
1760  }
1761  else
1762 #endif
1763 #if (SSH_ECDSA_SIGN_SUPPORT == ENABLED)
1764  //ECDSA certificate?
1765  if(sshCompareAlgo(certType, "ecdsa-sha2-nistp256-cert-v01@openssh.com") ||
1766  sshCompareAlgo(certType, "ecdsa-sha2-nistp384-cert-v01@openssh.com") ||
1767  sshCompareAlgo(certType, "ecdsa-sha2-nistp521-cert-v01@openssh.com"))
1768  {
1769  EcPrivateKey ecPrivateKey;
1770 
1771  //Initialize EC private key
1772  ecInitPrivateKey(&ecPrivateKey);
1773 
1774  //The private key can be omitted if a public-key hardware accelerator
1775  //is used to generate signatures
1776  if(privateKey != NULL)
1777  {
1778  //Check whether the EC private key is valid
1779  error = sshImportEcdsaPrivateKey(privateKey, privateKeyLen,
1780  password, &ecPrivateKey);
1781  }
1782 
1783  //Release previously allocated memory
1784  ecFreePrivateKey(&ecPrivateKey);
1785  }
1786  else
1787 #endif
1788 #if (SSH_ED25519_SIGN_SUPPORT == ENABLED)
1789  //Ed25519 certificate?
1790  if(sshCompareAlgo(certType, "ssh-ed25519-cert-v01@openssh.com"))
1791  {
1792  EddsaPrivateKey ed25519PrivateKey;
1793 
1794  //Initialize Ed25519 private key
1795  eddsaInitPrivateKey(&ed25519PrivateKey);
1796 
1797  //The private key can be omitted if a public-key hardware accelerator
1798  //is used to generate signatures
1799  if(privateKey != NULL)
1800  {
1801  //Check whether the EdDSA private key is valid
1802  error = sshImportEd25519PrivateKey(privateKey, privateKeyLen,
1803  password, &ed25519PrivateKey);
1804  }
1805 
1806  //Release previously allocated memory
1807  eddsaFreePrivateKey(&ed25519PrivateKey);
1808  }
1809  else
1810 #endif
1811  //Invalid certificate?
1812  {
1813  //Report an error
1814  error = ERROR_BAD_CERTIFICATE;
1815  }
1816 
1817  //Check status code
1818  if(!error)
1819  {
1820  //Acquire exclusive access to the SSH context
1821  osAcquireMutex(&context->mutex);
1822 
1823  //Point to the specified slot
1824  hostKey = &context->hostKeys[index];
1825 
1826  //Set key format identifier
1827  hostKey->keyFormatId = certType;
1828 
1829  //Save certificate (OpenSSH format)
1830  hostKey->publicKey = cert;
1831  hostKey->publicKeyLen = certLen;
1832 
1833  //Save private key (PEM or OpenSSH format)
1834  hostKey->privateKey = privateKey;
1835  hostKey->privateKeyLen = privateKeyLen;
1836 
1837  //The password if required only for encrypted private keys
1838  if(password != NULL)
1839  {
1840  osStrcpy(hostKey->password, password);
1841  }
1842  else
1843  {
1844  osStrcpy(hostKey->password, "");
1845  }
1846 
1847 #if (SSH_CLIENT_SUPPORT == ENABLED)
1848  //Select the default public key algorithm to use during user
1849  //authentication
1850  hostKey->publicKeyAlgo = sshSelectPublicKeyAlgo(context,
1851  hostKey->keyFormatId, NULL);
1852 #endif
1853 
1854  //Release exclusive access to the SSH context
1855  osReleaseMutex(&context->mutex);
1856  }
1857 
1858  //Return status code
1859  return error;
1860 #else
1861  //Not implemented
1862  return ERROR_NOT_IMPLEMENTED;
1863 #endif
1864 }
1865 
1866 
1867 /**
1868  * @brief Unload entity's certificate
1869  * @param[in] context Pointer to the SSH context
1870  * @param[in] index Zero-based index identifying a slot
1871  * @return Error code
1872  **/
1873 
1875 {
1876 #if (SSH_CERT_SUPPORT == ENABLED)
1877  uint_t i;
1878  SshConnection *connection;
1879 
1880  //Make sure the SSH context is valid
1881  if(context == NULL)
1882  return ERROR_INVALID_PARAMETER;
1883 
1884  //Check index
1885  if(index >= SSH_MAX_HOST_KEYS)
1886  return ERROR_INVALID_PARAMETER;
1887 
1888  //Acquire exclusive access to the SSH context
1889  osAcquireMutex(&context->mutex);
1890 
1891  //Loop through SSH connections
1892  for(i = 0; i < context->numConnections; i++)
1893  {
1894  //Point to the structure describing the current connection
1895  connection = &context->connections[i];
1896 
1897  //Key exchange in progress?
1898  if(connection->state > SSH_CONN_STATE_CLOSED &&
1899  connection->state < SSH_CONN_STATE_OPEN)
1900  {
1901  //Check whether the certificate is currently in use
1902  if(connection->hostKeyIndex == index)
1903  {
1904  //Terminate the connection immediately
1905  connection->disconnectRequest = TRUE;
1906  //Notify the SSH core of the event
1907  sshNotifyEvent(context);
1908  }
1909  }
1910  }
1911 
1912  //Unload the specified certificate
1913  osMemset(&context->hostKeys[index], 0, sizeof(SshHostKey));
1914 
1915  //Release exclusive access to the SSH context
1916  osReleaseMutex(&context->mutex);
1917 
1918  //Successful processing
1919  return NO_ERROR;
1920 #else
1921  //Not implemented
1922  return ERROR_NOT_IMPLEMENTED;
1923 #endif
1924 }
1925 
1926 
1927 /**
1928  * @brief Set password change prompt message
1929  * @param[in] connection Pointer to the SSH connection
1930  * @param[in] prompt NULL-terminated string containing the prompt message
1931  * @return Error code
1932  **/
1933 
1935  const char_t *prompt)
1936 {
1937 #if (SSH_SERVER_SUPPORT == ENABLED && SSH_PASSWORD_AUTH_SUPPORT == ENABLED)
1938  //Check parameters
1939  if(connection == NULL || prompt == NULL)
1940  return ERROR_INVALID_PARAMETER;
1941 
1942  //Make sure the length of the prompt string is acceptable
1944  return ERROR_INVALID_LENGTH;
1945 
1946  //Save prompt string
1947  osStrcpy(connection->passwordChangePrompt, prompt);
1948 
1949  //Successful processing
1950  return NO_ERROR;
1951 #else
1952  //Not implemented
1953  return ERROR_NOT_IMPLEMENTED;
1954 #endif
1955 }
1956 
1957 
1958 /**
1959  * @brief Create a new SSH channel
1960  * @param[in] connection Pointer to the SSH connection
1961  * @return Handle referencing the newly created SSH channel
1962  **/
1963 
1965 {
1966  uint_t i;
1967  SshContext *context;
1968  SshChannel *channel;
1969 
1970  //Initialize handle
1971  channel = NULL;
1972 
1973  //Point to the SSH context
1974  context = connection->context;
1975 
1976  //Acquire exclusive access to the SSH context
1977  osAcquireMutex(&context->mutex);
1978 
1979  //Loop through SSH channels
1980  for(i = 0; i < context->numChannels; i++)
1981  {
1982  //Unused SSH channel?
1983  if(context->channels[i].state == SSH_CHANNEL_STATE_UNUSED)
1984  {
1985  //Point to the current SSH channel
1986  channel = &context->channels[i];
1987 
1988  //Clear the structure keeping the event field untouched
1989  osMemset(channel, 0, offsetof(SshChannel, event));
1990 
1991  osMemset((uint8_t *) channel + offsetof(SshChannel, event) + sizeof(OsEvent),
1992  0, sizeof(SshChannel) - offsetof(SshChannel, event) - sizeof(OsEvent));
1993 
1994  //Initialize channel's parameters
1995  channel->context = context;
1996  channel->connection = connection;
1997  channel->timeout = INFINITE_DELAY;
1998  channel->rxWindowSize = SSH_CHANNEL_BUFFER_SIZE;
1999 
2000  //When the implementation wish to open a new channel, it allocates a
2001  //local number for the channel (refer to RFC 4254, section 5.1)
2002  channel->localChannelNum = sshAllocateLocalChannelNum(connection);
2003 
2004  //The SSH channel has been successfully allocated
2005  channel->state = SSH_CHANNEL_STATE_RESERVED;
2006 
2007  //We are done
2008  break;
2009  }
2010  }
2011 
2012  //Release exclusive access to the SSH context
2013  osReleaseMutex(&context->mutex);
2014 
2015  //Return a handle to the newly created SSH channel
2016  return channel;
2017 }
2018 
2019 
2020 /**
2021  * @brief Set timeout for read/write operations
2022  * @param[in] channel SSH channel handle
2023  * @param[in] timeout Maximum time to wait
2024  * @return Error code
2025  **/
2026 
2028 {
2029  //Make sure the SSH channel handle is valid
2030  if(channel == NULL)
2031  return ERROR_INVALID_PARAMETER;
2032 
2033  //Save timeout value
2034  channel->timeout = timeout;
2035 
2036  //Successful processing
2037  return NO_ERROR;
2038 }
2039 
2040 
2041 /**
2042  * @brief Write data to the specified channel
2043  * @param[in] channel SSH channel handle
2044  * @param[in] data Pointer to the buffer containing the data to be transmitted
2045  * @param[in] length Number of data bytes to send
2046  * @param[out] written Actual number of bytes written (optional parameter)
2047  * @param[in] flags Set of flags that influences the behavior of this function
2048  * @return Error code
2049  **/
2050 
2051 error_t sshWriteChannel(SshChannel *channel, const void *data, size_t length,
2052  size_t *written, uint_t flags)
2053 {
2054  error_t error;
2055  size_t n;
2056  size_t totalLength;
2057  uint_t event;
2059 
2060  //Make sure the SSH channel handle is valid
2061  if(channel == NULL)
2062  return ERROR_INVALID_PARAMETER;
2063 
2064  //Check parameters
2065  if(data == NULL && length != 0)
2066  return ERROR_INVALID_PARAMETER;
2067 
2068  //Initialize status code
2069  error = NO_ERROR;
2070  //Point to the transmission buffer
2071  txBuffer = &channel->txBuffer;
2072  //Actual number of bytes written
2073  totalLength = 0;
2074 
2075  //Acquire exclusive access to the SSH context
2076  osAcquireMutex(&channel->context->mutex);
2077 
2078  //Send as much data as possible
2079  while(totalLength < length && !error)
2080  {
2081  //Check channel state
2082  if(channel->state == SSH_CHANNEL_STATE_OPEN && !channel->eofRequest &&
2083  !channel->eofSent && !channel->closeRequest && !channel->closeSent)
2084  {
2085  //Check whether the send buffer is available for writing
2086  if(txBuffer->length < SSH_CHANNEL_BUFFER_SIZE)
2087  {
2088  //Limit the number of bytes to write at a time
2089  n = SSH_CHANNEL_BUFFER_SIZE - txBuffer->length;
2090  n = MIN(n, length - totalLength);
2091 
2092  //Prevent memory writes from crossing buffer boundaries
2093  if((txBuffer->writePos + n) > SSH_CHANNEL_BUFFER_SIZE)
2094  {
2095  n = SSH_CHANNEL_BUFFER_SIZE - txBuffer->writePos;
2096  }
2097 
2098  //Copy data
2099  osMemcpy(txBuffer->data + txBuffer->writePos, data, n);
2100 
2101  //Advance the data pointer
2102  data = (uint8_t *) data + n;
2103  //Advance write position
2104  txBuffer->writePos += n;
2105 
2106  //Wrap around if necessary
2107  if(txBuffer->writePos >= SSH_CHANNEL_BUFFER_SIZE)
2108  {
2109  txBuffer->writePos -= SSH_CHANNEL_BUFFER_SIZE;
2110  }
2111 
2112  //Update buffer length
2113  txBuffer->length += n;
2114  //Update byte counter
2115  totalLength += n;
2116  }
2117  else
2118  {
2119  //Notify the SSH context that data is pending in the send buffer
2120  sshNotifyEvent(channel->context);
2121 
2122  //Wait until there is more room in the send buffer
2124  channel->timeout);
2125 
2126  //Channel not available for writing?
2127  if(event != SSH_CHANNEL_EVENT_TX_READY)
2128  {
2129  //Report a timeout error
2130  error = ERROR_TIMEOUT;
2131  }
2132  }
2133  }
2134  else
2135  {
2136  //The channel is not writable
2137  error = ERROR_WRITE_FAILED;
2138  }
2139  }
2140 
2141  //Check whether all the data has been written
2142  if(totalLength == length)
2143  {
2144  //When a party will no longer send more data to a channel, it should
2145  //send an SSH_MSG_CHANNEL_EOF message (refer to RFC 4254, section 5.3)
2146  if((flags & SSH_FLAG_EOF) != 0)
2147  {
2148  channel->eofRequest = TRUE;
2149  }
2150  }
2151 
2152  //Notify the SSH core that data is pending in the send buffer
2153  sshNotifyEvent(channel->context);
2154 
2155  //Release exclusive access to the SSH context
2156  osReleaseMutex(&channel->context->mutex);
2157 
2158  //The parameter is optional
2159  if(written != NULL)
2160  {
2161  //Total number of data that have been written
2162  *written = totalLength;
2163  }
2164 
2165  //Return status code
2166  return error;
2167 }
2168 
2169 
2170 /**
2171  * @brief Receive data from the specified channel
2172  * @param[in] channel SSH channel handle
2173  * @param[out] data Buffer where to store the incoming data
2174  * @param[in] size Maximum number of bytes that can be received
2175  * @param[out] received Number of bytes that have been received
2176  * @param[in] flags Set of flags that influences the behavior of this function
2177  * @return Error code
2178  **/
2179 
2180 error_t sshReadChannel(SshChannel *channel, void *data, size_t size,
2181  size_t *received, uint_t flags)
2182 {
2183  error_t error;
2184  size_t n;
2185  uint_t event;
2187 
2188  //Check parameters
2189  if(channel == NULL || data == NULL || received == NULL)
2190  return ERROR_INVALID_PARAMETER;
2191 
2192  //Initialize status code
2193  error = NO_ERROR;
2194  //Point to the receive buffer
2195  rxBuffer = &channel->rxBuffer;
2196  //No data has been read yet
2197  *received = 0;
2198 
2199  //Acquire exclusive access to the SSH context
2200  osAcquireMutex(&channel->context->mutex);
2201 
2202  //Read as much data as possible
2203  while(*received < size && !error)
2204  {
2205  //Any data pending in the receive buffer?
2206  if(rxBuffer->length > 0)
2207  {
2208  //Check channel state
2209  if(channel->state == SSH_CHANNEL_STATE_OPEN)
2210  {
2211  //Compute the number of bytes available for reading
2212  n = MIN(rxBuffer->length, size - *received);
2213 
2214  //Limit the number of bytes to copy at a time
2215  if((rxBuffer->readPos + n) > SSH_CHANNEL_BUFFER_SIZE)
2216  {
2217  n = SSH_CHANNEL_BUFFER_SIZE - rxBuffer->readPos;
2218  }
2219 
2220  //Check flags
2221  if((flags & SSH_FLAG_BREAK_CHAR) != 0)
2222  {
2223  char_t c;
2224  size_t i;
2225 
2226  //Retrieve the break character code
2227  c = LSB(flags);
2228 
2229  //Search for the specified break character
2230  for(i = 0; i < n; i++)
2231  {
2232  if(rxBuffer->data[rxBuffer->readPos + i] == c)
2233  {
2234  break;
2235  }
2236  }
2237 
2238  //Adjust the number of data to read
2239  n = MIN(n, i + 1);
2240  }
2241 
2242  //Copy data to user buffer
2243  osMemcpy(data, rxBuffer->data + rxBuffer->readPos, n);
2244 
2245  //Advance read position
2246  rxBuffer->readPos += n;
2247 
2248  //Wrap around if necessary
2249  if(rxBuffer->readPos >= SSH_CHANNEL_BUFFER_SIZE)
2250  {
2251  rxBuffer->readPos = 0;
2252  }
2253 
2254  //Update buffer length
2255  rxBuffer->length -= n;
2256  //Total number of bytes that have been received
2257  *received += n;
2258 
2259  //Update flow-control window
2260  sshUpdateChannelWindow(channel, n);
2261 
2262  //The SSH_FLAG_BREAK_CHAR flag causes the function to stop reading
2263  //data as soon as the specified break character is encountered
2264  if((flags & SSH_FLAG_BREAK_CHAR) != 0)
2265  {
2266  //Check whether a break character has been found
2267  if(n > 0 && ((uint8_t *) data)[n - 1] == LSB(flags))
2268  {
2269  break;
2270  }
2271  }
2272 
2273  //The SSH_FLAG_WAIT_ALL flag causes the function to return only
2274  //when the requested number of bytes have been read
2275  if((flags & SSH_FLAG_WAIT_ALL) == 0)
2276  {
2277  break;
2278  }
2279 
2280  //Advance data pointer
2281  data = (uint8_t *) data + n;
2282  }
2283  else
2284  {
2285  //The channel is not readable
2286  error = ERROR_READ_FAILED;
2287  }
2288  }
2289  else
2290  {
2291  //Check channel state
2292  if(channel->state == SSH_CHANNEL_STATE_OPEN)
2293  {
2294  //Check whether an SSH_MSG_CHANNEL_EOF or SSH_MSG_CHANNEL_CLOSE
2295  //message has been received
2296  if(channel->closeReceived || channel->eofReceived ||
2297  channel->connection->disconnectReceived)
2298  {
2299  //The peer will no longer send data to the channel
2300  error = ERROR_END_OF_STREAM;
2301  }
2302  else
2303  {
2304  //Wait for data to be available for reading
2305  event = sshWaitForChannelEvents(channel,
2306  SSH_CHANNEL_EVENT_RX_READY, channel->timeout);
2307 
2308  //Channel not available for reading?
2309  if(event != SSH_CHANNEL_EVENT_RX_READY)
2310  {
2311  //Report a timeout error
2312  error = ERROR_TIMEOUT;
2313  }
2314  }
2315  }
2316  else if(channel->state == SSH_CHANNEL_STATE_CLOSED)
2317  {
2318  //The peer will no longer send data to the channel
2319  if(channel->closeReceived || channel->eofReceived ||
2320  channel->connection->disconnectReceived)
2321  {
2322  error = ERROR_END_OF_STREAM;
2323  }
2324  else if(channel->connection->disconnectSent)
2325  {
2326  error = ERROR_CONNECTION_CLOSING;
2327  }
2328  else
2329  {
2330  error = ERROR_READ_FAILED;
2331  }
2332  }
2333  else
2334  {
2335  //The channel is not readable
2336  error = ERROR_READ_FAILED;
2337  }
2338  }
2339  }
2340 
2341  //Release exclusive access to the SSH context
2342  osReleaseMutex(&channel->context->mutex);
2343 
2344  //Check status code
2345  if(error == ERROR_END_OF_STREAM)
2346  {
2347  //Check flags
2348  if((flags & SSH_FLAG_BREAK_CHAR) != 0 || (flags & SSH_FLAG_WAIT_ALL) == 0)
2349  {
2350  //The user must be satisfied with data already on hand
2351  if(*received > 0)
2352  {
2353  error = NO_ERROR;
2354  }
2355  }
2356  }
2357 
2358  //Return status code
2359  return error;
2360 }
2361 
2362 
2363 /**
2364  * @brief Wait for one of a set of channels to become ready to perform I/O
2365  *
2366  * This function determines the status of one or more channels, waiting if
2367  * necessary, to perform synchronous I/O
2368  *
2369  * @param[in,out] eventDesc Set of entries specifying the events the user is interested in
2370  * @param[in] size Number of entries in the descriptor set
2371  * @param[in] extEvent External event that can abort the wait if necessary (optional)
2372  * @param[in] timeout Maximum time to wait before returning
2373  * @return Error code
2374  **/
2375 
2377  OsEvent *extEvent, systime_t timeout)
2378 {
2379  uint_t i;
2380  bool_t status;
2381  OsEvent *event;
2382  OsEvent eventObject;
2383 
2384  //Check parameters
2385  if(eventDesc == NULL || size == 0)
2386  return ERROR_INVALID_PARAMETER;
2387 
2388  //Try to use the supplied event object to receive notifications
2389  if(!extEvent)
2390  {
2391  //Create an event object only if necessary
2392  if(!osCreateEvent(&eventObject))
2393  {
2394  //Report an error
2395  return ERROR_OUT_OF_RESOURCES;
2396  }
2397 
2398  //Reference to the newly created event
2399  event = &eventObject;
2400  }
2401  else
2402  {
2403  //Reference to the external event
2404  event = extEvent;
2405  }
2406 
2407  //Loop through descriptors
2408  for(i = 0; i < size; i++)
2409  {
2410  //Valid channel handle?
2411  if(eventDesc[i].channel != NULL)
2412  {
2413  //Clear event flags
2414  eventDesc[i].eventFlags = 0;
2415 
2416  //Subscribe to the requested events
2417  sshRegisterUserEvents(eventDesc[i].channel, event,
2418  eventDesc[i].eventMask);
2419  }
2420  }
2421 
2422  //Block the current task until an event occurs
2423  status = osWaitForEvent(event, timeout);
2424 
2425  //Loop through descriptors
2426  for(i = 0; i < size; i++)
2427  {
2428  //Valid channel handle?
2429  if(eventDesc[i].channel != NULL)
2430  {
2431  //Any channel event in the signaled state?
2432  if(status)
2433  {
2434  //Retrieve event flags for the current channel
2435  eventDesc[i].eventFlags = sshGetUserEvents(eventDesc[i].channel);
2436  //Clear unnecessary flags
2437  eventDesc[i].eventFlags &= eventDesc[i].eventMask;
2438  }
2439 
2440  //Unsubscribe previously registered events
2441  sshUnregisterUserEvents(eventDesc[i].channel);
2442  }
2443  }
2444 
2445  //Reset event object
2446  osResetEvent(event);
2447 
2448  //Release previously allocated resources
2449  if(!extEvent)
2450  {
2451  osDeleteEvent(&eventObject);
2452  }
2453 
2454  //Return status code
2455  return status ? NO_ERROR : ERROR_TIMEOUT;
2456 }
2457 
2458 
2459 /**
2460  * @brief Close channel
2461  * @param[in] channel SSH channel handle
2462  * @return Error code
2463  **/
2464 
2466 {
2467  error_t error;
2468  uint_t event;
2469 
2470  //Make sure the SSH channel handle is valid
2471  if(channel == NULL)
2472  return ERROR_INVALID_PARAMETER;
2473 
2474  //Initialize status code
2475  error = NO_ERROR;
2476 
2477  //Acquire exclusive access to the SSH context
2478  osAcquireMutex(&channel->context->mutex);
2479 
2480  //Check channel state
2481  if(channel->state == SSH_CHANNEL_STATE_OPEN)
2482  {
2483  //When either party wishes to terminate the channel, it sends
2484  //SSH_MSG_CHANNEL_CLOSE
2485  if(!channel->closeRequest)
2486  {
2487  //Request closure of the channel
2488  channel->closeRequest = TRUE;
2489  //Notify the SSH context that the channel should be closed
2490  sshNotifyEvent(channel->context);
2491  }
2492 
2493  //Client mode operation?
2494  if(channel->context->mode == SSH_OPERATION_MODE_CLIENT)
2495  {
2496  //Wait for the channel to close
2498  channel->timeout);
2499 
2500  //Check whether the channel is properly closed
2501  if(event != SSH_CHANNEL_EVENT_CLOSED)
2502  {
2503  //Report a timeout error
2504  error = ERROR_TIMEOUT;
2505  }
2506  }
2507  }
2508  else if(channel->state == SSH_CHANNEL_STATE_CLOSED)
2509  {
2510  //The channel is considered closed for a party when it has both sent
2511  //and received SSH_MSG_CHANNEL_CLOSE
2512  if(channel->context->mode == SSH_OPERATION_MODE_SERVER)
2513  {
2514  channel->state = SSH_CHANNEL_STATE_UNUSED;
2515  }
2516  }
2517  else
2518  {
2519  //Invalid channel state
2520  error = ERROR_WRONG_STATE;
2521  }
2522 
2523  //Release exclusive access to the SSH context
2524  osReleaseMutex(&channel->context->mutex);
2525 
2526  //Return status code
2527  return error;
2528 }
2529 
2530 
2531 /**
2532  * @brief Release channel
2533  * @param[in] channel SSH channel handle
2534  **/
2535 
2537 {
2538  //Make sure the SSH channel handle is valid
2539  if(channel != NULL)
2540  {
2541  //Acquire exclusive access to the SSH context
2542  osAcquireMutex(&channel->context->mutex);
2543  //Release SSH channel
2544  channel->state = SSH_CHANNEL_STATE_UNUSED;
2545  //Release exclusive access to the SSH context
2546  osReleaseMutex(&channel->context->mutex);
2547  }
2548 }
2549 
2550 
2551 /**
2552  * @brief Release SSH context
2553  * @param[in] context Pointer to the SSH context
2554  **/
2555 
2556 void sshDeinit(SshContext *context)
2557 {
2558  uint_t i;
2559  SshConnection *connection;
2560  SshChannel *channel;
2561 
2562  //Free previously allocated memory
2563  osDeleteMutex(&context->mutex);
2564  osDeleteEvent(&context->event);
2565 
2566  //Loop through SSH connections
2567  for(i = 0; i < context->numConnections; i++)
2568  {
2569  //Point to the structure describing the current connection
2570  connection = &context->connections[i];
2571 
2572  //Clear associated structure
2573  osMemset(connection, 0, sizeof(SshConnection));
2574  }
2575 
2576  //Loop through SSH channels
2577  for(i = 0; i < context->numChannels; i++)
2578  {
2579  //Point to the structure describing the current channel
2580  channel = &context->channels[i];
2581 
2582  //Release event object
2583  osDeleteEvent(&channel->event);
2584  //Clear associated structure
2585  osMemset(channel, 0, sizeof(SshChannel));
2586  }
2587 
2588  //Clear SSH context
2589  osMemset(context, 0, sizeof(SshContext));
2590 }
2591 
2592 #endif
#define rxBuffer
#define txBuffer
unsigned int uint_t
Definition: compiler_port.h:50
char char_t
Definition: compiler_port.h:48
int bool_t
Definition: compiler_port.h:53
#define PrngAlgo
Definition: crypto.h:917
Debugging facilities.
void dhFreeParameters(DhParameters *params)
Release Diffie-Hellman parameters.
Definition: dh.c:102
void dhInitParameters(DhParameters *params)
Initialize Diffie-Hellman parameters.
Definition: dh.c:88
uint8_t n
void dsaFreePrivateKey(DsaPrivateKey *key)
Release a DSA private key.
Definition: dsa.c:150
void dsaInitPrivateKey(DsaPrivateKey *key)
Initialize a DSA private key.
Definition: dsa.c:133
void dsaInitPublicKey(DsaPublicKey *key)
Initialize a DSA public key.
Definition: dsa.c:105
void dsaFreePublicKey(DsaPublicKey *key)
Release a DSA public key.
Definition: dsa.c:119
void ecFreeDomainParameters(EcDomainParameters *params)
Release EC domain parameters.
Definition: ec.c:72
void ecInitDomainParameters(EcDomainParameters *params)
Initialize EC domain parameters.
Definition: ec.c:51
void ecInitPublicKey(EcPublicKey *key)
Initialize an EC public key.
Definition: ec.c:153
void ecFreePrivateKey(EcPrivateKey *key)
Release an EdDSA private key.
Definition: ec.c:192
void ecFreePublicKey(EcPublicKey *key)
Release an EC public key.
Definition: ec.c:165
void ecInitPrivateKey(EcPrivateKey *key)
Initialize an EC private key.
Definition: ec.c:177
void eddsaFreePrivateKey(EddsaPrivateKey *key)
Release an EdDSA private key.
Definition: eddsa.c:89
void eddsaInitPublicKey(EddsaPublicKey *key)
Initialize an EdDSA public key.
Definition: eddsa.c:49
void eddsaFreePublicKey(EddsaPublicKey *key)
Release an EdDSA public key.
Definition: eddsa.c:61
void eddsaInitPrivateKey(EddsaPrivateKey *key)
Initialize an EdDSA private key.
Definition: eddsa.c:73
error_t
Error codes.
Definition: error.h:43
@ ERROR_INVALID_PASSWORD
Definition: error.h:279
@ ERROR_CONNECTION_CLOSING
Definition: error.h:78
@ ERROR_INVALID_KEY
Definition: error.h:106
@ ERROR_TIMEOUT
Definition: error.h:95
@ ERROR_OUT_OF_RESOURCES
Definition: error.h:64
@ ERROR_WRITE_FAILED
Definition: error.h:221
@ ERROR_END_OF_STREAM
Definition: error.h:210
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
@ NO_ERROR
Success.
Definition: error.h:44
@ ERROR_BAD_CERTIFICATE
Definition: error.h:234
@ ERROR_WRONG_STATE
Definition: error.h:209
@ ERROR_READ_FAILED
Definition: error.h:222
@ ERROR_INVALID_LENGTH
Definition: error.h:111
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
uint8_t data[]
Definition: ethernet.h:222
uint16_t totalLength
Definition: ipv4.h:292
uint_t mpiGetBitLength(const Mpi *a)
Get the actual length in bits.
Definition: mpi.c:234
uint8_t c
Definition: ndp.h:514
#define osMemset(p, value, length)
Definition: os_port.h:135
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
#define LSB(x)
Definition: os_port.h:55
#define MIN(a, b)
Definition: os_port.h:63
#define osStrlen(s)
Definition: os_port.h:165
#define TRUE
Definition: os_port.h:50
#define INFINITE_DELAY
Definition: os_port.h:75
#define osStrcpy(s1, s2)
Definition: os_port.h:207
bool_t osCreateMutex(OsMutex *mutex)
Create a mutex object.
bool_t osWaitForEvent(OsEvent *event, systime_t timeout)
Wait until the specified event is in the signaled state.
void osDeleteEvent(OsEvent *event)
Delete an event object.
void osDeleteMutex(OsMutex *mutex)
Delete a mutex object.
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
void osResetEvent(OsEvent *event)
Set the specified event object to the nonsignaled state.
bool_t osCreateEvent(OsEvent *event)
Create an event object.
uint32_t systime_t
System time.
error_t pemImportDhParameters(const char_t *input, size_t length, DhParameters *params)
Decode a PEM file containing Diffie-Hellman parameters.
Definition: pem_import.c:149
PEM file import functions.
void rsaFreePrivateKey(RsaPrivateKey *key)
Release an RSA private key.
Definition: rsa.c:153
void rsaFreePublicKey(RsaPublicKey *key)
Release an RSA public key.
Definition: rsa.c:118
void rsaInitPrivateKey(RsaPrivateKey *key)
Initialize an RSA private key.
Definition: rsa.c:131
void rsaInitPublicKey(RsaPublicKey *key)
Initialize an RSA public key.
Definition: rsa.c:105
error_t sshUnregisterChannelRequestCallback(SshContext *context, SshChannelReqCallback callback)
Unregister channel request callback function.
Definition: ssh.c:752
error_t sshUnregisterChannelOpenCallback(SshContext *context, SshChannelOpenCallback callback)
Unregister channel open callback function.
Definition: ssh.c:839
error_t sshUnregisterGlobalRequestCallback(SshContext *context, SshGlobalReqCallback callback)
Unregister global request callback function.
Definition: ssh.c:665
error_t sshSetOperationMode(SshContext *context, SshOperationMode mode)
Set operation mode (client or server)
Definition: ssh.c:167
error_t sshLoadHostKey(SshContext *context, uint_t index, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's host key.
Definition: ssh.c:1353
error_t sshSetChannelTimeout(SshChannel *channel, systime_t timeout)
Set timeout for read/write operations.
Definition: ssh.c:2027
error_t sshUnloadDhGexGroup(SshContext *context, uint_t index)
Unload Diffie-Hellman group.
Definition: ssh.c:1311
SshChannel * sshCreateChannel(SshConnection *connection)
Create a new SSH channel.
Definition: ssh.c:1964
error_t sshLoadCertificate(SshContext *context, uint_t index, const char_t *cert, size_t certLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
Definition: ssh.c:1682
error_t sshRegisterSignVerifyCallback(SshContext *context, SshSignVerifyCallback callback)
Register signature verification callback function.
Definition: ssh.c:524
error_t sshRegisterPasswordChangeCallback(SshContext *context, SshPasswordChangeCallback callback)
Register password change callback function.
Definition: ssh.c:462
error_t sshRegisterGlobalRequestCallback(SshContext *context, SshGlobalReqCallback callback, void *param)
Register global request callback function.
Definition: ssh.c:618
error_t sshLoadDhGexGroup(SshContext *context, uint_t index, const char_t *dhParams, size_t dhParamsLen)
Load Diffie-Hellman group.
Definition: ssh.c:1234
error_t sshRegisterHostKeyVerifyCallback(SshContext *context, SshHostKeyVerifyCallback callback)
Register host key verification callback function.
Definition: ssh.c:281
error_t sshRegisterChannelRequestCallback(SshContext *context, SshChannelReqCallback callback, void *param)
Register channel request callback function.
Definition: ssh.c:705
error_t sshRegisterCertVerifyCallback(SshContext *context, SshCertVerifyCallback callback)
Register certificate verification callback function.
Definition: ssh.c:307
error_t sshCloseChannel(SshChannel *channel)
Close channel.
Definition: ssh.c:2465
error_t sshRegisterEcdhKeyPairGenCallback(SshContext *context, SshEcdhKeyPairGenCallback callback)
Register ECDH key pair generation callback function.
Definition: ssh.c:555
error_t sshRegisterKeyLogCallback(SshContext *context, SshKeyLogCallback callback)
Register key logging callback function (for debugging purpose only)
Definition: ssh.c:1052
error_t sshRegisterPasswordAuthCallback(SshContext *context, SshPasswordAuthCallback callback)
Register password authentication callback function.
Definition: ssh.c:431
error_t sshPollChannels(SshChannelEventDesc *eventDesc, uint_t size, OsEvent *extEvent, systime_t timeout)
Wait for one of a set of channels to become ready to perform I/O.
Definition: ssh.c:2376
error_t sshSetPassword(SshContext *context, const char_t *password)
Set the password to be used for authentication.
Definition: ssh.c:251
error_t sshRegisterConnectionCloseCallback(SshContext *context, SshConnectionCloseCallback callback, void *param)
Register connection close callback function.
Definition: ssh.c:966
error_t sshUnloadCertificate(SshContext *context, uint_t index)
Unload entity's certificate.
Definition: ssh.c:1874
error_t sshRegisterCertAuthCallback(SshContext *context, SshCertAuthCallback callback)
Register certificate authentication callback function.
Definition: ssh.c:400
error_t sshRegisterChannelOpenCallback(SshContext *context, SshChannelOpenCallback callback, void *param)
Register channel open callback function.
Definition: ssh.c:792
error_t sshSetUsername(SshContext *context, const char_t *username)
Set the user name to be used for authentication.
Definition: ssh.c:221
error_t sshRegisterEcdhSharedSecretCalcCallback(SshContext *context, SshEcdhSharedSecretCalcCallback callback)
Register ECDH shared secret calculation callback function.
Definition: ssh.c:586
error_t sshSetPrng(SshContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: ssh.c:193
error_t sshInit(SshContext *context, SshConnection *connections, uint_t numConnections, SshChannel *channels, uint_t numChannels)
SSH context initialization.
Definition: ssh.c:58
error_t sshWriteChannel(SshChannel *channel, const void *data, size_t length, size_t *written, uint_t flags)
Write data to the specified channel.
Definition: ssh.c:2051
error_t sshUnloadRsaKey(SshContext *context, uint_t index)
Unload transient RSA key (for RSA key exchange)
Definition: ssh.c:1197
error_t sshReadChannel(SshChannel *channel, void *data, size_t size, size_t *received, uint_t flags)
Receive data from the specified channel.
Definition: ssh.c:2180
error_t sshSetPasswordChangePrompt(SshConnection *connection, const char_t *prompt)
Set password change prompt message.
Definition: ssh.c:1934
error_t sshRegisterConnectionOpenCallback(SshContext *context, SshConnectionOpenCallback callback, void *param)
Register connection open callback function.
Definition: ssh.c:879
error_t sshUnregisterConnectionCloseCallback(SshContext *context, SshConnectionCloseCallback callback)
Unregister connection close callback function.
Definition: ssh.c:1013
error_t sshUnloadHostKey(SshContext *context, uint_t index)
Unload entity's host key.
Definition: ssh.c:1619
error_t sshUnregisterConnectionOpenCallback(SshContext *context, SshConnectionOpenCallback callback)
Unregister connection open callback function.
Definition: ssh.c:926
error_t sshRegisterPublicKeyAuthCallback(SshContext *context, SshPublicKeyAuthCallback callback)
Register public key authentication callback function.
Definition: ssh.c:369
void sshDeleteChannel(SshChannel *channel)
Release channel.
Definition: ssh.c:2536
error_t sshLoadRsaKey(SshContext *context, uint_t index, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load transient RSA key (for RSA key exchange)
Definition: ssh.c:1087
error_t sshRegisterCaPublicKeyVerifyCallback(SshContext *context, SshCaPublicKeyVerifyCallback callback)
Register CA public key verification callback function.
Definition: ssh.c:338
void sshDeinit(SshContext *context)
Release SSH context.
Definition: ssh.c:2556
error_t sshRegisterSignGenCallback(SshContext *context, SshSignGenCallback callback)
Register signature generation callback function.
Definition: ssh.c:493
Secure Shell (SSH)
#define SSH_MAX_CHANNEL_REQ_CALLBACKS
Definition: ssh.h:199
SshAuthStatus(* SshPasswordAuthCallback)(SshConnection *connection, const char_t *user, const char_t *password, size_t passwordLen)
Password authentication callback function.
Definition: ssh.h:1221
error_t(* SshChannelOpenCallback)(SshConnection *connection, const SshString *type, uint32_t senderChannel, uint32_t initialWindowSize, uint32_t maxPacketSize, const uint8_t *data, size_t length, void *param)
Channel open callback function.
Definition: ssh.h:1291
error_t(* SshChannelReqCallback)(SshChannel *channel, const SshString *type, const uint8_t *data, size_t length, void *param)
Channel request callback function.
Definition: ssh.h:1283
error_t(* SshConnectionOpenCallback)(SshConnection *connection, void *param)
Connection open callback function.
Definition: ssh.h:1300
#define SSH_CHANNEL_BUFFER_SIZE
Definition: ssh.h:241
void(* SshConnectionCloseCallback)(SshConnection *connection, void *param)
Connection close callback function.
Definition: ssh.h:1308
error_t(* SshSignVerifyCallback)(SshConnection *connection, const SshString *publicKeyAlgo, const SshBinaryString *publicKeyBlob, const SshBinaryString *sessionId, const SshBinaryString *message, const SshBinaryString *signatureBlob)
Signature verification callback function.
Definition: ssh.h:1248
#define SSH_MAX_CHANNEL_OPEN_CALLBACKS
Definition: ssh.h:206
error_t(* SshCaPublicKeyVerifyCallback)(SshConnection *connection, const uint8_t *publicKey, size_t publicKeyLen)
CA public key verification callback function.
Definition: ssh.h:1197
@ SSH_CHANNEL_STATE_RESERVED
Definition: ssh.h:1083
@ SSH_CHANNEL_STATE_OPEN
Definition: ssh.h:1084
@ SSH_CHANNEL_STATE_UNUSED
Definition: ssh.h:1082
@ SSH_CHANNEL_STATE_CLOSED
Definition: ssh.h:1085
#define SSH_MAX_PASSWORD_LEN
Definition: ssh.h:262
@ SSH_CONN_STATE_OPEN
Definition: ssh.h:1071
@ SSH_CONN_STATE_CLOSED
Definition: ssh.h:1042
#define SSH_MAX_HOST_KEYS
Definition: ssh.h:178
#define SSH_MAX_PASSWORD_CHANGE_PROMPT_LEN
Definition: ssh.h:269
error_t(* SshGlobalReqCallback)(SshConnection *connection, const SshString *name, const uint8_t *data, size_t length, void *param)
Global request callback function.
Definition: ssh.h:1275
error_t(* SshCertVerifyCallback)(SshConnection *connection, const SshCertificate *cert)
Certificate verification callback function.
Definition: ssh.h:1189
#define SSH_MAX_USERNAME_LEN
Definition: ssh.h:255
#define SSH_MAX_RSA_MODULUS_SIZE
Definition: ssh.h:710
void(* SshKeyLogCallback)(SshConnection *connection, const char_t *key)
Key logging callback function (for debugging purpose only)
Definition: ssh.h:1316
#define SshChannel
Definition: ssh.h:887
SshOperationMode
Mode of operation.
Definition: ssh.h:900
@ SSH_OPERATION_MODE_SERVER
Definition: ssh.h:902
@ SSH_OPERATION_MODE_CLIENT
Definition: ssh.h:901
error_t(* SshEcdhKeyPairGenCallback)(SshConnection *connection, const char_t *kexAlgo, EcPublicKey *publicKey)
ECDH key pair generation callback.
Definition: ssh.h:1258
error_t(* SshHostKeyVerifyCallback)(SshConnection *connection, const uint8_t *hostKey, size_t hostKeyLen)
Host key verification callback function.
Definition: ssh.h:1181
error_t(* SshCertAuthCallback)(SshConnection *connection, const char_t *user, const SshCertificate *cert)
Certificate authentication callback function.
Definition: ssh.h:1213
@ SSH_FLAG_BREAK_CHAR
Definition: ssh.h:926
@ SSH_FLAG_WAIT_ALL
Definition: ssh.h:925
@ SSH_FLAG_EOF
Definition: ssh.h:924
error_t(* SshSignGenCallback)(SshConnection *connection, const char_t *publicKeyAlgo, const SshHostKey *hostKey, const SshBinaryString *sessionId, const SshBinaryString *message, uint8_t *p, size_t *written)
Signature generation callback function.
Definition: ssh.h:1238
#define SSH_MAX_GLOBAL_REQ_CALLBACKS
Definition: ssh.h:192
#define SSH_MAX_DH_GEX_GROUPS
Definition: ssh.h:675
#define SSH_MAX_CONN_OPEN_CALLBACKS
Definition: ssh.h:213
SshAuthStatus(* SshPasswordChangeCallback)(SshConnection *connection, const char_t *user, const char_t *oldPassword, size_t oldPasswordLen, const char_t *newPassword, size_t newPasswordLen)
Password change callback function.
Definition: ssh.h:1229
#define SshConnection
Definition: ssh.h:883
error_t(* SshPublicKeyAuthCallback)(SshConnection *connection, const char_t *user, const uint8_t *publicKey, size_t publicKeyLen)
Public key authentication callback function.
Definition: ssh.h:1205
#define SshContext
Definition: ssh.h:879
#define SSH_MAX_RSA_KEYS
Definition: ssh.h:668
#define SSH_MAX_DH_MODULUS_SIZE
Definition: ssh.h:696
@ SSH_CHANNEL_EVENT_TX_READY
Definition: ssh.h:1111
@ SSH_CHANNEL_EVENT_RX_READY
Definition: ssh.h:1115
@ SSH_CHANNEL_EVENT_CLOSED
Definition: ssh.h:1110
#define SSH_MAX_CONN_CLOSE_CALLBACKS
Definition: ssh.h:220
error_t(* SshEcdhSharedSecretCalcCallback)(SshConnection *connection, const char_t *kexAlgo, const EcPublicKey *publicKey, uint8_t *output, size_t *outputLen)
ECDH shared secret calculation callback.
Definition: ssh.h:1266
const char_t * sshSelectPublicKeyAlgo(SshContext *context, const char_t *keyFormatId, const SshNameList *peerAlgoList)
Public key algorithm selection.
SSH algorithm negotiation.
const char_t * sshGetCertType(const char_t *input, size_t length)
Get SSH certificate type.
SSH certificate import functions.
uint32_t sshAllocateLocalChannelNum(SshConnection *connection)
Generate a local channel number.
Definition: ssh_channel.c:92
error_t sshUpdateChannelWindow(SshChannel *channel, uint32_t windowSizeInc)
Update channel flow-control window.
Definition: ssh_channel.c:577
uint_t sshWaitForChannelEvents(SshChannel *channel, uint_t eventMask, systime_t timeout)
Wait for a particular SSH channel event.
Definition: ssh_channel.c:345
SSH channel management.
error_t sshImportRsaPublicKey(const char_t *input, size_t length, RsaPublicKey *publicKey)
Decode an SSH public key file containing an RSA public key.
error_t sshImportEd25519PublicKey(const char_t *input, size_t length, EddsaPublicKey *publicKey)
Decode an SSH public key file containing an Ed25519 public key.
error_t sshImportEd448PublicKey(const char_t *input, size_t length, EddsaPublicKey *publicKey)
Decode an SSH public key file containing an Ed448 public key.
error_t sshImportDsaPublicKey(const char_t *input, size_t length, DsaPublicKey *publicKey)
Decode an SSH public key file containing a DSA public key.
const char_t * sshGetPublicKeyType(const char_t *input, size_t length)
Get SSH public key type.
error_t sshImportDsaPrivateKey(const char_t *input, size_t length, const char_t *password, DsaPrivateKey *privateKey)
Decode an SSH private key file containing a DSA private key.
error_t sshImportEd448PrivateKey(const char_t *input, size_t length, const char_t *password, EddsaPrivateKey *privateKey)
Decode an SSH private key file containing an Ed448 private key.
error_t sshImportEcdsaPublicKey(const char_t *input, size_t length, EcDomainParameters *params, EcPublicKey *publicKey)
Decode an SSH public key file containing an ECDSA public key.
error_t sshImportEd25519PrivateKey(const char_t *input, size_t length, const char_t *password, EddsaPrivateKey *privateKey)
Decode an SSH private key file containing an Ed25519 private key.
error_t sshImportRsaPrivateKey(const char_t *input, size_t length, const char_t *password, RsaPrivateKey *privateKey)
Decode an SSH private key file containing an RSA private key.
error_t sshImportEcdsaPrivateKey(const char_t *input, size_t length, const char_t *password, EcPrivateKey *privateKey)
Decode an SSH private key file containing an ECDSA private key.
SSH key file import functions.
void sshUnregisterUserEvents(SshChannel *channel)
Unsubscribe previously registered events.
Definition: ssh_misc.c:654
void sshRegisterUserEvents(SshChannel *channel, OsEvent *event, uint_t eventMask)
Subscribe to the specified channel events.
Definition: ssh_misc.c:619
bool_t sshCompareAlgo(const char_t *name1, const char_t *name2)
Compare algorithm names.
Definition: ssh_misc.c:1653
void sshNotifyEvent(SshContext *context)
Notify the SSH context that event is occurring.
Definition: ssh_misc.c:709
uint_t sshGetUserEvents(SshChannel *channel)
Retrieve event flags for a specified channel.
Definition: ssh_misc.c:677
SSH helper functions.
Diffie-Hellman parameters.
Definition: dh.h:49
Mpi p
Prime modulus.
Definition: dh.h:50
DSA private key.
Definition: dsa.h:72
DSA public key.
Definition: dsa.h:61
EC domain parameters.
Definition: ec.h:76
EC private key.
Definition: ec.h:104
EC public key.
Definition: ec.h:94
EdDSA private key.
Definition: eddsa.h:59
EdDSA public key.
Definition: eddsa.h:49
Event object.
RSA private key.
Definition: rsa.h:68
RSA public key.
Definition: rsa.h:57
Mpi n
Modulus.
Definition: rsa.h:58
SSH channel buffer.
Definition: ssh.h:1352
Structure describing channel events.
Definition: ssh.h:1560
uint_t eventMask
Requested events.
Definition: ssh.h:1562
uint_t eventFlags
Returned events.
Definition: ssh.h:1563
Diffie-Hellman group.
Definition: ssh.h:1140
Host key.
Definition: ssh.h:1152
const char_t * privateKey
Private key (PEM or OpenSSH format)
Definition: ssh.h:1156
const char_t * publicKey
Public key (PEM, SSH2 or OpenSSH format)
Definition: ssh.h:1154
char_t password[SSH_MAX_PASSWORD_LEN+1]
Password used to decrypt the private key.
Definition: ssh.h:1158
const char_t * publicKeyAlgo
Public key algorithm to use during user authentication.
Definition: ssh.h:1160
size_t publicKeyLen
Length of the public key.
Definition: ssh.h:1155
size_t privateKeyLen
Length of the private key.
Definition: ssh.h:1157
const char_t * keyFormatId
Key format identifier.
Definition: ssh.h:1153
Transient RSA key (for RSA key exchange)
Definition: ssh.h:1125
uint8_t length
Definition: tcp.h:368
uint8_t flags
Definition: tcp.h:351