• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  */
24 
25 #if !defined(__LWS_SSH_H__)
26 #define __LWS_SSH_H__
27 
28 #if defined(LWS_HAVE_SYS_TYPES_H)
29 #include <sys/types.h>
30 #endif
31 
32 #if defined(LWS_WITH_MBEDTLS)
33 #include "mbedtls/sha1.h"
34 #include "mbedtls/sha256.h"
35 #include "mbedtls/sha512.h"
36 #include "mbedtls/rsa.h"
37 #endif
38 
39 #include "lws-plugin-ssh.h"
40 
41 #define LWS_SIZE_EC25519	32
42 #define LWS_SIZE_EC25519_PUBKEY 32
43 #define LWS_SIZE_EC25519_PRIKEY 64
44 
45 #define LWS_SIZE_SHA256		32
46 #define LWS_SIZE_SHA512		64
47 
48 #define LWS_SIZE_AES256_KEY	32
49 #define LWS_SIZE_AES256_IV	12
50 #define LWS_SIZE_AES256_MAC	16
51 #define LWS_SIZE_AES256_BLOCK	16
52 
53 #define LWS_SIZE_CHACHA256_KEY	(2 * 32)
54 #define POLY1305_TAGLEN		16
55 #define POLY1305_KEYLEN		32
56 
57 #define crypto_hash_sha512_BYTES 64U
58 
59 #define PEEK_U64(p) \
60         (((uint64_t)(((const uint8_t *)(p))[0]) << 56) | \
61          ((uint64_t)(((const uint8_t *)(p))[1]) << 48) | \
62          ((uint64_t)(((const uint8_t *)(p))[2]) << 40) | \
63          ((uint64_t)(((const uint8_t *)(p))[3]) << 32) | \
64          ((uint64_t)(((const uint8_t *)(p))[4]) << 24) | \
65          ((uint64_t)(((const uint8_t *)(p))[5]) << 16) | \
66          ((uint64_t)(((const uint8_t *)(p))[6]) << 8) | \
67           (uint64_t)(((const uint8_t *)(p))[7]))
68 #define PEEK_U32(p) \
69         (((uint32_t)(((const uint8_t *)(p))[0]) << 24) | \
70          ((uint32_t)(((const uint8_t *)(p))[1]) << 16) | \
71          ((uint32_t)(((const uint8_t *)(p))[2]) << 8) | \
72           (uint32_t)(((const uint8_t *)(p))[3]))
73 #define PEEK_U16(p) \
74         (((uint16_t)(((const uint8_t *)(p))[0]) << 8) | \
75           (uint16_t)(((const uint8_t *)(p))[1]))
76 
77 #define POKE_U64(p, v) \
78         do { \
79                 const uint64_t __v = (v); \
80                 ((uint8_t *)(p))[0] = (uint8_t)((__v >> 56) & 0xff); \
81                 ((uint8_t *)(p))[1] = (uint8_t)((__v >> 48) & 0xff); \
82                 ((uint8_t *)(p))[2] = (uint8_t)((__v >> 40) & 0xff); \
83                 ((uint8_t *)(p))[3] = (uint8_t)((__v >> 32) & 0xff); \
84                 ((uint8_t *)(p))[4] = (uint8_t)((__v >> 24) & 0xff); \
85                 ((uint8_t *)(p))[5] = (uint8_t)((__v >> 16) & 0xff); \
86                 ((uint8_t *)(p))[6] = (uint8_t)((__v >> 8) & 0xff); \
87                 ((uint8_t *)(p))[7] = (uint8_t)(__v & 0xff); \
88         } while (0)
89 #define POKE_U32(p, v) \
90         do { \
91                 const uint32_t __v = (v); \
92                 ((uint8_t *)(p))[0] = (uint8_t)((__v >> 24) & 0xff); \
93                 ((uint8_t *)(p))[1] = (uint8_t)((__v >> 16) & 0xff); \
94                 ((uint8_t *)(p))[2] = (uint8_t)((__v >> 8) & 0xff); \
95                 ((uint8_t *)(p))[3] = (uint8_t)(__v & 0xff); \
96         } while (0)
97 #define POKE_U16(p, v) \
98         do { \
99                 const uint16_t __v = (v); \
100                 ((uint8_t *)(p))[0] = (__v >> 8) & 0xff; \
101                 ((uint8_t *)(p))[1] = __v & 0xff; \
102         } while (0)
103 
104 
105 enum {
106 	SSH_MSG_DISCONNECT					= 1,
107 	SSH_MSG_IGNORE						= 2,
108 	SSH_MSG_UNIMPLEMENTED					= 3,
109 	SSH_MSG_DEBUG						= 4,
110 	SSH_MSG_SERVICE_REQUEST					= 5,
111 	SSH_MSG_SERVICE_ACCEPT					= 6,
112 	SSH_MSG_KEXINIT						= 20,
113 	SSH_MSG_NEWKEYS						= 21,
114 
115 	/* 30 .. 49: KEX messages specific to KEX protocol */
116 	SSH_MSG_KEX_ECDH_INIT					= 30,
117 	SSH_MSG_KEX_ECDH_REPLY					= 31,
118 
119 	/* 50... userauth */
120 
121 	SSH_MSG_USERAUTH_REQUEST				= 50,
122 	SSH_MSG_USERAUTH_FAILURE				= 51,
123 	SSH_MSG_USERAUTH_SUCCESS				= 52,
124 	SSH_MSG_USERAUTH_BANNER					= 53,
125 
126 	/* 60... publickey */
127 
128 	SSH_MSG_USERAUTH_PK_OK					= 60,
129 
130 	/* 80... connection */
131 
132 	SSH_MSG_GLOBAL_REQUEST					= 80,
133 	SSH_MSG_REQUEST_SUCCESS					= 81,
134 	SSH_MSG_REQUEST_FAILURE					= 82,
135 
136 	SSH_MSG_CHANNEL_OPEN					= 90,
137 	SSH_MSG_CHANNEL_OPEN_CONFIRMATION			= 91,
138 	SSH_MSG_CHANNEL_OPEN_FAILURE				= 92,
139 	SSH_MSG_CHANNEL_WINDOW_ADJUST				= 93,
140 	SSH_MSG_CHANNEL_DATA					= 94,
141 	SSH_MSG_CHANNEL_EXTENDED_DATA				= 95,
142 	SSH_MSG_CHANNEL_EOF					= 96,
143 	SSH_MSG_CHANNEL_CLOSE					= 97,
144 	SSH_MSG_CHANNEL_REQUEST					= 98,
145 	SSH_MSG_CHANNEL_SUCCESS					= 99,
146 	SSH_MSG_CHANNEL_FAILURE					= 100,
147 
148 	SSH_EXTENDED_DATA_STDERR				= 1,
149 
150 	SSH_CH_TYPE_SESSION					= 1,
151 	SSH_CH_TYPE_SCP						= 2,
152 	SSH_CH_TYPE_SFTP					= 3,
153 
154 	SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT		= 1,
155 	SSH_DISCONNECT_PROTOCOL_ERROR				= 2,
156 	SSH_DISCONNECT_KEY_EXCHANGE_FAILED			= 3,
157 	SSH_DISCONNECT_RESERVED					= 4,
158 	SSH_DISCONNECT_MAC_ERROR				= 5,
159 	SSH_DISCONNECT_COMPRESSION_ERROR			= 6,
160 	SSH_DISCONNECT_SERVICE_NOT_AVAILABLE			= 7,
161 	SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED		= 8,
162 	SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE			= 9,
163 	SSH_DISCONNECT_CONNECTION_LOST				= 10,
164 	SSH_DISCONNECT_BY_APPLICATION				= 11,
165 	SSH_DISCONNECT_TOO_MANY_CONNECTIONS			= 12,
166 	SSH_DISCONNECT_AUTH_CANCELLED_BY_USER			= 13,
167 	SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE		= 14,
168 	SSH_DISCONNECT_ILLEGAL_USER_NAME			= 15,
169 
170 	SSH_OPEN_ADMINISTRATIVELY_PROHIBITED			= 1,
171 	SSH_OPEN_CONNECT_FAILED					= 2,
172 	SSH_OPEN_UNKNOWN_CHANNEL_TYPE				= 3,
173 	SSH_OPEN_RESOURCE_SHORTAGE				= 4,
174 
175 	KEX_STATE_EXPECTING_CLIENT_OFFER			= 0,
176 	KEX_STATE_REPLIED_TO_OFFER,
177 	KEX_STATE_CRYPTO_INITIALIZED,
178 
179 	SSH_KEYIDX_IV						= 0,
180 	SSH_KEYIDX_ENC,
181 	SSH_KEYIDX_INTEG,
182 
183 	/* things we may write on the connection */
184 
185 	SSH_WT_NONE						= 0,
186 	SSH_WT_VERSION,
187 	SSH_WT_OFFER,
188 	SSH_WT_OFFER_REPLY,
189 	SSH_WT_SEND_NEWKEYS,
190 	SSH_WT_UA_ACCEPT,
191 	SSH_WT_UA_FAILURE,
192 	SSH_WT_UA_BANNER,
193 	SSH_WT_UA_PK_OK,
194 	SSH_WT_UA_SUCCESS,
195 	SSH_WT_CH_OPEN_CONF,
196 	SSH_WT_CH_FAILURE,
197 	SSH_WT_CHRQ_SUCC,
198 	SSH_WT_CHRQ_FAILURE,
199 	SSH_WT_SCP_ACK_OKAY,
200 	SSH_WT_SCP_ACK_ERROR,
201 	SSH_WT_CH_CLOSE,
202 	SSH_WT_CH_EOF,
203 	SSH_WT_WINDOW_ADJUST,
204 	SSH_WT_EXIT_STATUS,
205 
206 	/* RX parser states */
207 
208 	SSH_INITIALIZE_TRANSIENT				= 0,
209 	SSHS_IDSTRING,
210 	SSHS_IDSTRING_CR,
211 	SSHS_MSG_LEN,
212 	SSHS_MSG_PADDING,
213 	SSHS_MSG_ID,
214 	SSH_KEX_STATE_COOKIE,
215 	SSH_KEX_NL_KEX_ALGS_LEN,
216 	SSH_KEX_NL_KEX_ALGS,
217 	SSH_KEX_NL_SHK_ALGS_LEN,
218 	SSH_KEX_NL_SHK_ALGS,
219 	SSH_KEX_NL_EACTS_ALGS_LEN,
220 	SSH_KEX_NL_EACTS_ALGS,
221 	SSH_KEX_NL_EASTC_ALGS_LEN,
222 	SSH_KEX_NL_EASTC_ALGS,
223 	SSH_KEX_NL_MACTS_ALGS_LEN,
224 	SSH_KEX_NL_MACTS_ALGS,
225 	SSH_KEX_NL_MASTC_ALGS_LEN,
226 	SSH_KEX_NL_MASTC_ALGS,
227 	SSH_KEX_NL_CACTS_ALGS_LEN,
228 	SSH_KEX_NL_CACTS_ALGS,
229 	SSH_KEX_NL_CASTC_ALGS_LEN,
230 	SSH_KEX_NL_CASTC_ALGS,
231 	SSH_KEX_NL_LCTS_ALGS_LEN,
232 	SSH_KEX_NL_LCTS_ALGS,
233 	SSH_KEX_NL_LSTC_ALGS_LEN,
234 	SSH_KEX_NL_LSTC_ALGS,
235 	SSH_KEX_FIRST_PKT,
236 	SSH_KEX_RESERVED,
237 
238 	SSH_KEX_STATE_ECDH_KEYLEN,
239 	SSH_KEX_STATE_ECDH_Q_C,
240 
241 	SSHS_MSG_EAT_PADDING,
242 	SSH_KEX_STATE_SKIP,
243 
244 	SSHS_GET_STRING_LEN,
245 	SSHS_GET_STRING,
246 	SSHS_GET_STRING_LEN_ALLOC,
247 	SSHS_GET_STRING_ALLOC,
248 	SSHS_DO_SERVICE_REQUEST,
249 
250 	SSHS_DO_UAR_SVC,
251 	SSHS_DO_UAR_PUBLICKEY,
252 	SSHS_NVC_DO_UAR_CHECK_PUBLICKEY,
253 	SSHS_DO_UAR_SIG_PRESENT,
254 	SSHS_NVC_DO_UAR_ALG,
255 	SSHS_NVC_DO_UAR_PUBKEY_BLOB,
256 	SSHS_NVC_DO_UAR_SIG,
257 
258 	SSHS_GET_U32,
259 
260 	SSHS_NVC_CHOPEN_TYPE,
261 	SSHS_NVC_CHOPEN_SENDER_CH,
262 	SSHS_NVC_CHOPEN_WINSIZE,
263 	SSHS_NVC_CHOPEN_PKTSIZE,
264 
265 	SSHS_NVC_CHRQ_RECIP,
266 	SSHS_NVC_CHRQ_TYPE,
267 	SSHS_CHRQ_WANT_REPLY,
268         SSHS_NVC_CHRQ_TERM,
269         SSHS_NVC_CHRQ_TW,
270         SSHS_NVC_CHRQ_TH,
271 	SSHS_NVC_CHRQ_TWP,
272         SSHS_NVC_CHRQ_THP,
273         SSHS_NVC_CHRQ_MODES,
274 
275 	SSHS_NVC_CHRQ_ENV_NAME,
276 	SSHS_NVC_CHRQ_ENV_VALUE,
277 
278 	SSHS_NVC_CHRQ_EXEC_CMD,
279 
280 	SSHS_NVC_CHRQ_SUBSYSTEM,
281 
282 	SSHS_NVC_CHRQ_WNDCHANGE_TW,
283 	SSHS_NVC_CHRQ_WNDCHANGE_TH,
284 	SSHS_NVC_CHRQ_WNDCHANGE_TWP,
285 	SSHS_NVC_CHRQ_WNDCHANGE_THP,
286 
287 	SSHS_NVC_CH_EOF,
288 	SSHS_NVC_CH_CLOSE,
289 
290 	SSHS_NVC_CD_RECIP,
291 	SSHS_NVC_CD_DATA,
292 	SSHS_NVC_CD_DATA_ALLOC,
293 
294 	SSHS_NVC_WA_RECIP,
295 	SSHS_NVC_WA_ADD,
296 
297 	SSHS_NVC_DISCONNECT_REASON,
298 	SSHS_NVC_DISCONNECT_DESC,
299 	SSHS_NVC_DISCONNECT_LANG,
300 
301 	SSHS_SCP_COLLECTSTR			= 0,
302 	SSHS_SCP_PAYLOADIN			= 1,
303 
304 
305 	/* from https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13 */
306 
307 	SECSH_FILEXFER_VERSION			= 6,
308 
309 	/* sftp packet types */
310 
311 	SSH_FXP_INIT				= 1,
312 	SSH_FXP_VERSION				= 2,
313 	SSH_FXP_OPEN				= 3,
314 	SSH_FXP_CLOSE				= 4,
315 	SSH_FXP_READ				= 5,
316 	SSH_FXP_WRITE				= 6,
317 	SSH_FXP_LSTAT				= 7,
318 	SSH_FXP_FSTAT				= 8,
319 	SSH_FXP_SETSTAT				= 9,
320 	SSH_FXP_FSETSTAT			= 10,
321 	SSH_FXP_OPENDIR				= 11,
322 	SSH_FXP_READDIR				= 12,
323 	SSH_FXP_REMOVE				= 13,
324 	SSH_FXP_MKDIR				= 14,
325 	SSH_FXP_RMDIR				= 15,
326 	SSH_FXP_REALPATH			= 16,
327 	SSH_FXP_STAT				= 17,
328 	SSH_FXP_RENAME				= 18,
329 	SSH_FXP_READLINK			= 19,
330 	SSH_FXP_LINK				= 21,
331 	SSH_FXP_BLOCK				= 22,
332 	SSH_FXP_UNBLOCK				= 23,
333 	SSH_FXP_STATUS				= 101,
334 	SSH_FXP_HANDLE				= 102,
335 	SSH_FXP_DATA				= 103,
336 	SSH_FXP_NAME				= 104,
337 	SSH_FXP_ATTRS				= 105,
338 	SSH_FXP_EXTENDED			= 200,
339 	SSH_FXP_EXTENDED_REPLY			= 201,
340 
341 	/* sftp return codes */
342 
343 	SSH_FX_OK				= 0,
344 	SSH_FX_EOF				= 1,
345 	SSH_FX_NO_SUCH_FILE			= 2,
346 	SSH_FX_PERMISSION_DENIED		= 3,
347 	SSH_FX_FAILURE				= 4,
348 	SSH_FX_BAD_MESSAGE			= 5,
349 	SSH_FX_NO_CONNECTION			= 6,
350 	SSH_FX_CONNECTION_LOST			= 7,
351 	SSH_FX_OP_UNSUPPORTED			= 8,
352 	SSH_FX_INVALID_HANDLE			= 9,
353 	SSH_FX_NO_SUCH_PATH			= 10,
354 	SSH_FX_FILE_ALREADY_EXISTS		= 11,
355 	SSH_FX_WRITE_PROTECT			= 12,
356 	SSH_FX_NO_MEDIA				= 13,
357 	SSH_FX_NO_SPACE_ON_FILESYSTEM		= 14,
358 	SSH_FX_QUOTA_EXCEEDED			= 15,
359 	SSH_FX_UNKNOWN_PRINCIPAL		= 16,
360 	SSH_FX_LOCK_CONFLICT			= 17,
361 	SSH_FX_DIR_NOT_EMPTY			= 18,
362 	SSH_FX_NOT_A_DIRECTORY			= 19,
363 	SSH_FX_INVALID_FILENAME			= 20,
364 	SSH_FX_LINK_LOOP			= 21,
365 	SSH_FX_CANNOT_DELETE			= 22,
366 	SSH_FX_INVALID_PARAMETER		= 23,
367 	SSH_FX_FILE_IS_A_DIRECTORY		= 24,
368 	SSH_FX_BYTE_RANGE_LOCK_CONFLICT		= 25,
369 	SSH_FX_BYTE_RANGE_LOCK_REFUSED		= 26,
370 	SSH_FX_DELETE_PENDING			= 27,
371 	SSH_FX_FILE_CORRUPT			= 28,
372 	SSH_FX_OWNER_INVALID			= 29,
373 	SSH_FX_GROUP_INVALID			= 30,
374 	SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK	= 31,
375 
376 
377 	SSH_PENDING_TIMEOUT_CONNECT_TO_SUCCESSFUL_AUTH =
378 			PENDING_TIMEOUT_USER_REASON_BASE + 0,
379 
380 	SSH_AUTH_STATE_NO_AUTH			= 0,
381 	SSH_AUTH_STATE_GAVE_AUTH_IGNORE_REQS	= 1,
382 };
383 
384 #define LWS_SSH_INITIAL_WINDOW 16384
385 
386 struct lws_ssh_userauth {
387 	struct lws_genhash_ctx hash_ctx;
388 	char *username;
389 	char *service;
390 	char *alg;
391 	uint8_t *pubkey;
392 	uint32_t pubkey_len;
393 	uint8_t *sig;
394 	uint32_t sig_len;
395 	char sig_present;
396 };
397 
398 struct lws_ssh_keys {
399 	/* 3 == SSH_KEYIDX_IV (len=4), SSH_KEYIDX_ENC, SSH_KEYIDX_INTEG */
400 	uint8_t key[3][LWS_SIZE_CHACHA256_KEY];
401 
402 	/* opaque allocation made when cipher activated */
403 	void *cipher;
404 
405 	uint8_t MAC_length;
406 	uint8_t padding_alignment; /* block size */
407 	uint8_t valid:1;
408 	uint8_t full_length:1;
409 };
410 
411 struct lws_kex {
412 	uint8_t kex_r[256];
413 	uint8_t Q_C[LWS_SIZE_EC25519]; /* client eph public key aka 'e' */
414 	uint8_t eph_pri_key[LWS_SIZE_EC25519]; /* server eph private key */
415 	uint8_t Q_S[LWS_SIZE_EC25519]; /* server ephemeral public key */
416 	uint8_t kex_cookie[16];
417 	uint8_t *I_C; /* malloc'd copy of client KEXINIT payload */
418 	uint8_t *I_S; /* malloc'd copy of server KEXINIT payload */
419 	uint32_t I_C_payload_len;
420 	uint32_t I_C_alloc_len;
421 	uint32_t I_S_payload_len;
422 	uint32_t kex_r_len;
423 	uint8_t match_bitfield;
424 	uint8_t newkeys; /* which sides newkeys have been applied */
425 
426 	struct lws_ssh_keys keys_next_cts;
427 	struct lws_ssh_keys keys_next_stc;
428 };
429 
430 struct lws_subprotocol_scp {
431 	char fp[128];
432 	uint64_t len;
433 	uint32_t attr;
434 	char cmd;
435 	char ips;
436 };
437 
438 typedef union {
439 	struct lws_subprotocol_scp scp;
440 } lws_subprotocol;
441 
442 struct per_session_data__sshd;
443 
444 struct lws_ssh_channel {
445 	struct lws_ssh_channel *next;
446 
447 	struct per_session_data__sshd *pss;
448 
449 	lws_subprotocol *sub; /* NULL, or allocated subprotocol state */
450 	void *priv; /* owned by user code */
451 	int type;
452 	uint32_t server_ch;
453 	uint32_t sender_ch;
454 	int32_t window;
455 	int32_t peer_window_est;
456 	uint32_t max_pkt;
457 
458 	uint32_t spawn_pid;
459 	int retcode;
460 
461 	uint8_t scheduled_close:1;
462 	uint8_t sent_close:1;
463 	uint8_t received_close:1;
464 };
465 
466 struct per_vhost_data__sshd;
467 
468 struct per_session_data__sshd {
469 	struct per_session_data__sshd *next;
470 	struct per_vhost_data__sshd *vhd;
471 	struct lws *wsi;
472 
473 	struct lws_kex *kex;
474 	char *disconnect_desc;
475 
476 	uint8_t K[LWS_SIZE_EC25519]; /* shared secret */
477 	uint8_t session_id[LWS_SIZE_SHA256]; /* H from first working KEX */
478 	char name[64];
479 	char last_auth_req_username[32];
480 	char last_auth_req_service[32];
481 
482 	struct lws_ssh_keys active_keys_cts;
483 	struct lws_ssh_keys active_keys_stc;
484 	struct lws_ssh_userauth *ua;
485 	struct lws_ssh_channel *ch_list;
486 	struct lws_ssh_channel *ch_temp;
487 
488 	uint8_t *last_alloc;
489 
490 	union {
491 		struct lws_ssh_pty pty;
492 		char aux[64];
493 	} args;
494 
495 	uint32_t ssh_sequence_ctr_cts;
496 	uint32_t ssh_sequence_ctr_stc;
497 
498 	uint64_t payload_bytes_cts;
499 	uint64_t payload_bytes_stc;
500 
501 	uint32_t disconnect_reason;
502 
503 	char V_C[64]; /* Client version String */
504 	uint8_t packet_assembly[2048];
505 	uint32_t pa_pos;
506 
507 	uint32_t msg_len;
508 	uint32_t pos;
509 	uint32_t len;
510 	uint32_t ctr;
511 	uint32_t npos;
512 	uint32_t reason;
513 	uint32_t channel_doing_spawn;
514 	int next_ch_num;
515 
516 	uint8_t K_S[LWS_SIZE_EC25519]; /* server public key */
517 
518 	uint32_t copy_to_I_C:1;
519 	uint32_t okayed_userauth:1;
520 	uint32_t sent_banner:1;
521 	uint32_t seen_auth_req_before:1;
522 	uint32_t serviced_stderr_last:1;
523 	uint32_t kex_state;
524 	uint32_t chrq_server_port;
525 	uint32_t ch_recip;
526 	uint32_t count_auth_attempts;
527 
528 	char parser_state;
529 	char state_after_string;
530 	char first_coming;
531 	uint8_t rq_want_reply;
532 	uint8_t ssh_auth_state;
533 
534 	uint8_t msg_id;
535 	uint8_t msg_padding;
536 	uint8_t write_task[8];
537 	struct lws_ssh_channel *write_channel[8];
538 	uint8_t wt_head, wt_tail;
539 };
540 
541 struct per_vhost_data__sshd {
542 	struct lws_context *context;
543 	struct lws_vhost *vhost;
544 	const struct lws_protocols *protocol;
545 	struct per_session_data__sshd *live_pss_list;
546 	const struct lws_ssh_ops *ops;
547 };
548 
549 
550 struct host_keys {
551 	uint8_t *data;
552 	uint32_t len;
553 };
554 
555 extern struct host_keys host_keys[];
556 
557 extern int
558 crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
559 			     const unsigned char *p);
560 
561 extern int
562 ed25519_key_parse(uint8_t *p, size_t len, char *type, size_t type_len,
563                   uint8_t *pub, uint8_t *pri);
564 
565 extern int
566 kex_ecdh(struct per_session_data__sshd *pss, uint8_t *result, uint32_t *plen);
567 
568 extern uint32_t
569 lws_g32(uint8_t **p);
570 
571 extern uint32_t
572 lws_p32(uint8_t *p, uint32_t v);
573 
574 extern int
575 lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len);
576 
577 extern const char *lws_V_S;
578 
579 extern int
580 lws_chacha_activate(struct lws_ssh_keys *keys);
581 
582 extern void
583 lws_chacha_destroy(struct lws_ssh_keys *keys);
584 
585 extern uint32_t
586 lws_chachapoly_get_length(struct lws_ssh_keys *keys, uint32_t seq,
587 			  const uint8_t *in4);
588 
589 extern void
590 poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
591     const u_char key[POLY1305_KEYLEN]);
592 
593 extern int
594 lws_chacha_decrypt(struct lws_ssh_keys *keys, uint32_t seq,
595 		   const uint8_t *ct, uint32_t len, uint8_t *pt);
596 extern int
597 lws_chacha_encrypt(struct lws_ssh_keys *keys, uint32_t seq,
598 		   const uint8_t *ct, uint32_t len, uint8_t *pt);
599 
600 extern void
601 lws_pad_set_length(struct per_session_data__sshd *pss, void *start, uint8_t **p,
602 		   struct lws_ssh_keys *keys);
603 
604 extern size_t
605 get_gen_server_key_25519(struct per_session_data__sshd *pss, uint8_t *b, size_t len);
606 
607 extern int
608 crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen,
609 		    const unsigned char *m, size_t mlen,
610 		    const unsigned char *sk);
611 
612 extern int
613 crypto_sign_ed25519_keypair(struct lws_context *context, uint8_t *pk,
614 			    uint8_t *sk);
615 
616 #endif
617