1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  */
24 
25 #if !defined(__LWS_SSH_H__)
26 #define __LWS_SSH_H__
27 
28 #if defined(LWS_WITH_MBEDTLS)
29 #include "mbedtls/sha1.h"
30 #include "mbedtls/sha256.h"
31 #include "mbedtls/sha512.h"
32 #include "mbedtls/rsa.h"
33 #endif
34 
35 #include "lws-plugin-ssh.h"
36 
37 #define LWS_SIZE_EC25519	32
38 #define LWS_SIZE_EC25519_PUBKEY 32
39 #define LWS_SIZE_EC25519_PRIKEY 64
40 
41 #define LWS_SIZE_SHA256		32
42 #define LWS_SIZE_SHA512		64
43 
44 #define LWS_SIZE_AES256_KEY	32
45 #define LWS_SIZE_AES256_IV	12
46 #define LWS_SIZE_AES256_MAC	16
47 #define LWS_SIZE_AES256_BLOCK	16
48 
49 #define LWS_SIZE_CHACHA256_KEY	(2 * 32)
50 #define POLY1305_TAGLEN		16
51 #define POLY1305_KEYLEN		32
52 
53 #define crypto_hash_sha512_BYTES 64U
54 
55 #define PEEK_U64(p) \
56         (((uint64_t)(((const uint8_t *)(p))[0]) << 56) | \
57          ((uint64_t)(((const uint8_t *)(p))[1]) << 48) | \
58          ((uint64_t)(((const uint8_t *)(p))[2]) << 40) | \
59          ((uint64_t)(((const uint8_t *)(p))[3]) << 32) | \
60          ((uint64_t)(((const uint8_t *)(p))[4]) << 24) | \
61          ((uint64_t)(((const uint8_t *)(p))[5]) << 16) | \
62          ((uint64_t)(((const uint8_t *)(p))[6]) << 8) | \
63           (uint64_t)(((const uint8_t *)(p))[7]))
64 #define PEEK_U32(p) \
65         (((uint32_t)(((const uint8_t *)(p))[0]) << 24) | \
66          ((uint32_t)(((const uint8_t *)(p))[1]) << 16) | \
67          ((uint32_t)(((const uint8_t *)(p))[2]) << 8) | \
68           (uint32_t)(((const uint8_t *)(p))[3]))
69 #define PEEK_U16(p) \
70         (((uint16_t)(((const uint8_t *)(p))[0]) << 8) | \
71           (uint16_t)(((const uint8_t *)(p))[1]))
72 
73 #define POKE_U64(p, v) \
74         do { \
75                 const uint64_t __v = (v); \
76                 ((uint8_t *)(p))[0] = (__v >> 56) & 0xff; \
77                 ((uint8_t *)(p))[1] = (__v >> 48) & 0xff; \
78                 ((uint8_t *)(p))[2] = (__v >> 40) & 0xff; \
79                 ((uint8_t *)(p))[3] = (__v >> 32) & 0xff; \
80                 ((uint8_t *)(p))[4] = (__v >> 24) & 0xff; \
81                 ((uint8_t *)(p))[5] = (__v >> 16) & 0xff; \
82                 ((uint8_t *)(p))[6] = (__v >> 8) & 0xff; \
83                 ((uint8_t *)(p))[7] = __v & 0xff; \
84         } while (0)
85 #define POKE_U32(p, v) \
86         do { \
87                 const uint32_t __v = (v); \
88                 ((uint8_t *)(p))[0] = (__v >> 24) & 0xff; \
89                 ((uint8_t *)(p))[1] = (__v >> 16) & 0xff; \
90                 ((uint8_t *)(p))[2] = (__v >> 8) & 0xff; \
91                 ((uint8_t *)(p))[3] = __v & 0xff; \
92         } while (0)
93 #define POKE_U16(p, v) \
94         do { \
95                 const uint16_t __v = (v); \
96                 ((uint8_t *)(p))[0] = (__v >> 8) & 0xff; \
97                 ((uint8_t *)(p))[1] = __v & 0xff; \
98         } while (0)
99 
100 
101 enum {
102 	SSH_MSG_DISCONNECT					= 1,
103 	SSH_MSG_IGNORE						= 2,
104 	SSH_MSG_UNIMPLEMENTED					= 3,
105 	SSH_MSG_DEBUG						= 4,
106 	SSH_MSG_SERVICE_REQUEST					= 5,
107 	SSH_MSG_SERVICE_ACCEPT					= 6,
108 	SSH_MSG_KEXINIT						= 20,
109 	SSH_MSG_NEWKEYS						= 21,
110 
111 	/* 30 .. 49: KEX messages specific to KEX protocol */
112 	SSH_MSG_KEX_ECDH_INIT					= 30,
113 	SSH_MSG_KEX_ECDH_REPLY					= 31,
114 
115 	/* 50... userauth */
116 
117 	SSH_MSG_USERAUTH_REQUEST				= 50,
118 	SSH_MSG_USERAUTH_FAILURE				= 51,
119 	SSH_MSG_USERAUTH_SUCCESS				= 52,
120 	SSH_MSG_USERAUTH_BANNER					= 53,
121 
122 	/* 60... publickey */
123 
124 	SSH_MSG_USERAUTH_PK_OK					= 60,
125 
126 	/* 80... connection */
127 
128 	SSH_MSG_GLOBAL_REQUEST					= 80,
129 	SSH_MSG_REQUEST_SUCCESS					= 81,
130 	SSH_MSG_REQUEST_FAILURE					= 82,
131 
132 	SSH_MSG_CHANNEL_OPEN					= 90,
133 	SSH_MSG_CHANNEL_OPEN_CONFIRMATION			= 91,
134 	SSH_MSG_CHANNEL_OPEN_FAILURE				= 92,
135 	SSH_MSG_CHANNEL_WINDOW_ADJUST				= 93,
136 	SSH_MSG_CHANNEL_DATA					= 94,
137 	SSH_MSG_CHANNEL_EXTENDED_DATA				= 95,
138 	SSH_MSG_CHANNEL_EOF					= 96,
139 	SSH_MSG_CHANNEL_CLOSE					= 97,
140 	SSH_MSG_CHANNEL_REQUEST					= 98,
141 	SSH_MSG_CHANNEL_SUCCESS					= 99,
142 	SSH_MSG_CHANNEL_FAILURE					= 100,
143 
144 	SSH_EXTENDED_DATA_STDERR				= 1,
145 
146 	SSH_CH_TYPE_SESSION					= 1,
147 	SSH_CH_TYPE_SCP						= 2,
148 	SSH_CH_TYPE_SFTP					= 3,
149 
150 	SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT		= 1,
151 	SSH_DISCONNECT_PROTOCOL_ERROR				= 2,
152 	SSH_DISCONNECT_KEY_EXCHANGE_FAILED			= 3,
153 	SSH_DISCONNECT_RESERVED					= 4,
154 	SSH_DISCONNECT_MAC_ERROR				= 5,
155 	SSH_DISCONNECT_COMPRESSION_ERROR			= 6,
156 	SSH_DISCONNECT_SERVICE_NOT_AVAILABLE			= 7,
157 	SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED		= 8,
158 	SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE			= 9,
159 	SSH_DISCONNECT_CONNECTION_LOST				= 10,
160 	SSH_DISCONNECT_BY_APPLICATION				= 11,
161 	SSH_DISCONNECT_TOO_MANY_CONNECTIONS			= 12,
162 	SSH_DISCONNECT_AUTH_CANCELLED_BY_USER			= 13,
163 	SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE		= 14,
164 	SSH_DISCONNECT_ILLEGAL_USER_NAME			= 15,
165 
166 	SSH_OPEN_ADMINISTRATIVELY_PROHIBITED			= 1,
167 	SSH_OPEN_CONNECT_FAILED					= 2,
168 	SSH_OPEN_UNKNOWN_CHANNEL_TYPE				= 3,
169 	SSH_OPEN_RESOURCE_SHORTAGE				= 4,
170 
171 	KEX_STATE_EXPECTING_CLIENT_OFFER			= 0,
172 	KEX_STATE_REPLIED_TO_OFFER,
173 	KEX_STATE_CRYPTO_INITIALIZED,
174 
175 	SSH_KEYIDX_IV						= 0,
176 	SSH_KEYIDX_ENC,
177 	SSH_KEYIDX_INTEG,
178 
179 	/* things we may write on the connection */
180 
181 	SSH_WT_NONE						= 0,
182 	SSH_WT_VERSION,
183 	SSH_WT_OFFER,
184 	SSH_WT_OFFER_REPLY,
185 	SSH_WT_SEND_NEWKEYS,
186 	SSH_WT_UA_ACCEPT,
187 	SSH_WT_UA_FAILURE,
188 	SSH_WT_UA_BANNER,
189 	SSH_WT_UA_PK_OK,
190 	SSH_WT_UA_SUCCESS,
191 	SSH_WT_CH_OPEN_CONF,
192 	SSH_WT_CH_FAILURE,
193 	SSH_WT_CHRQ_SUCC,
194 	SSH_WT_CHRQ_FAILURE,
195 	SSH_WT_SCP_ACK_OKAY,
196 	SSH_WT_SCP_ACK_ERROR,
197 	SSH_WT_CH_CLOSE,
198 	SSH_WT_CH_EOF,
199 	SSH_WT_WINDOW_ADJUST,
200 	SSH_WT_EXIT_STATUS,
201 
202 	/* RX parser states */
203 
204 	SSH_INITIALIZE_TRANSIENT				= 0,
205 	SSHS_IDSTRING,
206 	SSHS_IDSTRING_CR,
207 	SSHS_MSG_LEN,
208 	SSHS_MSG_PADDING,
209 	SSHS_MSG_ID,
210 	SSH_KEX_STATE_COOKIE,
211 	SSH_KEX_NL_KEX_ALGS_LEN,
212 	SSH_KEX_NL_KEX_ALGS,
213 	SSH_KEX_NL_SHK_ALGS_LEN,
214 	SSH_KEX_NL_SHK_ALGS,
215 	SSH_KEX_NL_EACTS_ALGS_LEN,
216 	SSH_KEX_NL_EACTS_ALGS,
217 	SSH_KEX_NL_EASTC_ALGS_LEN,
218 	SSH_KEX_NL_EASTC_ALGS,
219 	SSH_KEX_NL_MACTS_ALGS_LEN,
220 	SSH_KEX_NL_MACTS_ALGS,
221 	SSH_KEX_NL_MASTC_ALGS_LEN,
222 	SSH_KEX_NL_MASTC_ALGS,
223 	SSH_KEX_NL_CACTS_ALGS_LEN,
224 	SSH_KEX_NL_CACTS_ALGS,
225 	SSH_KEX_NL_CASTC_ALGS_LEN,
226 	SSH_KEX_NL_CASTC_ALGS,
227 	SSH_KEX_NL_LCTS_ALGS_LEN,
228 	SSH_KEX_NL_LCTS_ALGS,
229 	SSH_KEX_NL_LSTC_ALGS_LEN,
230 	SSH_KEX_NL_LSTC_ALGS,
231 	SSH_KEX_FIRST_PKT,
232 	SSH_KEX_RESERVED,
233 
234 	SSH_KEX_STATE_ECDH_KEYLEN,
235 	SSH_KEX_STATE_ECDH_Q_C,
236 
237 	SSHS_MSG_EAT_PADDING,
238 	SSH_KEX_STATE_SKIP,
239 
240 	SSHS_GET_STRING_LEN,
241 	SSHS_GET_STRING,
242 	SSHS_GET_STRING_LEN_ALLOC,
243 	SSHS_GET_STRING_ALLOC,
244 	SSHS_DO_SERVICE_REQUEST,
245 
246 	SSHS_DO_UAR_SVC,
247 	SSHS_DO_UAR_PUBLICKEY,
248 	SSHS_NVC_DO_UAR_CHECK_PUBLICKEY,
249 	SSHS_DO_UAR_SIG_PRESENT,
250 	SSHS_NVC_DO_UAR_ALG,
251 	SSHS_NVC_DO_UAR_PUBKEY_BLOB,
252 	SSHS_NVC_DO_UAR_SIG,
253 
254 	SSHS_GET_U32,
255 
256 	SSHS_NVC_CHOPEN_TYPE,
257 	SSHS_NVC_CHOPEN_SENDER_CH,
258 	SSHS_NVC_CHOPEN_WINSIZE,
259 	SSHS_NVC_CHOPEN_PKTSIZE,
260 
261 	SSHS_NVC_CHRQ_RECIP,
262 	SSHS_NVC_CHRQ_TYPE,
263 	SSHS_CHRQ_WANT_REPLY,
264         SSHS_NVC_CHRQ_TERM,
265         SSHS_NVC_CHRQ_TW,
266         SSHS_NVC_CHRQ_TH,
267 	SSHS_NVC_CHRQ_TWP,
268         SSHS_NVC_CHRQ_THP,
269         SSHS_NVC_CHRQ_MODES,
270 
271 	SSHS_NVC_CHRQ_ENV_NAME,
272 	SSHS_NVC_CHRQ_ENV_VALUE,
273 
274 	SSHS_NVC_CHRQ_EXEC_CMD,
275 
276 	SSHS_NVC_CHRQ_SUBSYSTEM,
277 
278 	SSHS_NVC_CH_EOF,
279 	SSHS_NVC_CH_CLOSE,
280 
281 	SSHS_NVC_CD_RECIP,
282 	SSHS_NVC_CD_DATA,
283 	SSHS_NVC_CD_DATA_ALLOC,
284 
285 	SSHS_NVC_WA_RECIP,
286 	SSHS_NVC_WA_ADD,
287 
288 	SSHS_NVC_DISCONNECT_REASON,
289 	SSHS_NVC_DISCONNECT_DESC,
290 	SSHS_NVC_DISCONNECT_LANG,
291 
292 	SSHS_SCP_COLLECTSTR			= 0,
293 	SSHS_SCP_PAYLOADIN			= 1,
294 
295 
296 	/* from https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13 */
297 
298 	SECSH_FILEXFER_VERSION			= 6,
299 
300 	/* sftp packet types */
301 
302 	SSH_FXP_INIT				= 1,
303 	SSH_FXP_VERSION				= 2,
304 	SSH_FXP_OPEN				= 3,
305 	SSH_FXP_CLOSE				= 4,
306 	SSH_FXP_READ				= 5,
307 	SSH_FXP_WRITE				= 6,
308 	SSH_FXP_LSTAT				= 7,
309 	SSH_FXP_FSTAT				= 8,
310 	SSH_FXP_SETSTAT				= 9,
311 	SSH_FXP_FSETSTAT			= 10,
312 	SSH_FXP_OPENDIR				= 11,
313 	SSH_FXP_READDIR				= 12,
314 	SSH_FXP_REMOVE				= 13,
315 	SSH_FXP_MKDIR				= 14,
316 	SSH_FXP_RMDIR				= 15,
317 	SSH_FXP_REALPATH			= 16,
318 	SSH_FXP_STAT				= 17,
319 	SSH_FXP_RENAME				= 18,
320 	SSH_FXP_READLINK			= 19,
321 	SSH_FXP_LINK				= 21,
322 	SSH_FXP_BLOCK				= 22,
323 	SSH_FXP_UNBLOCK				= 23,
324 	SSH_FXP_STATUS				= 101,
325 	SSH_FXP_HANDLE				= 102,
326 	SSH_FXP_DATA				= 103,
327 	SSH_FXP_NAME				= 104,
328 	SSH_FXP_ATTRS				= 105,
329 	SSH_FXP_EXTENDED			= 200,
330 	SSH_FXP_EXTENDED_REPLY			= 201,
331 
332 	/* sftp return codes */
333 
334 	SSH_FX_OK				= 0,
335 	SSH_FX_EOF				= 1,
336 	SSH_FX_NO_SUCH_FILE			= 2,
337 	SSH_FX_PERMISSION_DENIED		= 3,
338 	SSH_FX_FAILURE				= 4,
339 	SSH_FX_BAD_MESSAGE			= 5,
340 	SSH_FX_NO_CONNECTION			= 6,
341 	SSH_FX_CONNECTION_LOST			= 7,
342 	SSH_FX_OP_UNSUPPORTED			= 8,
343 	SSH_FX_INVALID_HANDLE			= 9,
344 	SSH_FX_NO_SUCH_PATH			= 10,
345 	SSH_FX_FILE_ALREADY_EXISTS		= 11,
346 	SSH_FX_WRITE_PROTECT			= 12,
347 	SSH_FX_NO_MEDIA				= 13,
348 	SSH_FX_NO_SPACE_ON_FILESYSTEM		= 14,
349 	SSH_FX_QUOTA_EXCEEDED			= 15,
350 	SSH_FX_UNKNOWN_PRINCIPAL		= 16,
351 	SSH_FX_LOCK_CONFLICT			= 17,
352 	SSH_FX_DIR_NOT_EMPTY			= 18,
353 	SSH_FX_NOT_A_DIRECTORY			= 19,
354 	SSH_FX_INVALID_FILENAME			= 20,
355 	SSH_FX_LINK_LOOP			= 21,
356 	SSH_FX_CANNOT_DELETE			= 22,
357 	SSH_FX_INVALID_PARAMETER		= 23,
358 	SSH_FX_FILE_IS_A_DIRECTORY		= 24,
359 	SSH_FX_BYTE_RANGE_LOCK_CONFLICT		= 25,
360 	SSH_FX_BYTE_RANGE_LOCK_REFUSED		= 26,
361 	SSH_FX_DELETE_PENDING			= 27,
362 	SSH_FX_FILE_CORRUPT			= 28,
363 	SSH_FX_OWNER_INVALID			= 29,
364 	SSH_FX_GROUP_INVALID			= 30,
365 	SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK	= 31,
366 
367 
368 	SSH_PENDING_TIMEOUT_CONNECT_TO_SUCCESSFUL_AUTH =
369 			PENDING_TIMEOUT_USER_REASON_BASE + 0,
370 
371 	SSH_AUTH_STATE_NO_AUTH			= 0,
372 	SSH_AUTH_STATE_GAVE_AUTH_IGNORE_REQS	= 1,
373 };
374 
375 #define LWS_SSH_INITIAL_WINDOW 16384
376 
377 struct lws_ssh_userauth {
378 	struct lws_genhash_ctx hash_ctx;
379 	char *username;
380 	char *service;
381 	char *alg;
382 	uint8_t *pubkey;
383 	uint32_t pubkey_len;
384 	uint8_t *sig;
385 	uint32_t sig_len;
386 	char sig_present;
387 };
388 
389 struct lws_ssh_keys {
390 	/* 3 == SSH_KEYIDX_IV (len=4), SSH_KEYIDX_ENC, SSH_KEYIDX_INTEG */
391 	uint8_t key[3][LWS_SIZE_CHACHA256_KEY];
392 
393 	/* opaque allocation made when cipher activated */
394 	void *cipher;
395 
396 	uint8_t MAC_length;
397 	uint8_t padding_alignment; /* block size */
398 	uint8_t valid:1;
399 	uint8_t full_length:1;
400 };
401 
402 struct lws_kex {
403 	uint8_t kex_r[256];
404 	uint8_t Q_C[LWS_SIZE_EC25519]; /* client eph public key aka 'e' */
405 	uint8_t eph_pri_key[LWS_SIZE_EC25519]; /* server eph private key */
406 	uint8_t Q_S[LWS_SIZE_EC25519]; /* server ephemeral public key */
407 	uint8_t kex_cookie[16];
408 	uint8_t *I_C; /* malloc'd copy of client KEXINIT payload */
409 	uint8_t *I_S; /* malloc'd copy of server KEXINIT payload */
410 	uint32_t I_C_payload_len;
411 	uint32_t I_C_alloc_len;
412 	uint32_t I_S_payload_len;
413 	uint32_t kex_r_len;
414 	uint8_t match_bitfield;
415 	uint8_t newkeys; /* which sides newkeys have been applied */
416 
417 	struct lws_ssh_keys keys_next_cts;
418 	struct lws_ssh_keys keys_next_stc;
419 };
420 
421 struct lws_subprotocol_scp {
422 	char fp[128];
423 	uint64_t len;
424 	uint32_t attr;
425 	char cmd;
426 	char ips;
427 };
428 
429 typedef union {
430 	struct lws_subprotocol_scp scp;
431 } lws_subprotocol;
432 
433 struct per_session_data__sshd;
434 
435 struct lws_ssh_channel {
436 	struct lws_ssh_channel *next;
437 
438 	struct per_session_data__sshd *pss;
439 
440 	lws_subprotocol *sub; /* NULL, or allocated subprotocol state */
441 	void *priv; /* owned by user code */
442 	int type;
443 	uint32_t server_ch;
444 	uint32_t sender_ch;
445 	int32_t window;
446 	int32_t peer_window_est;
447 	uint32_t max_pkt;
448 
449 	uint32_t spawn_pid;
450 	int retcode;
451 
452 	uint8_t scheduled_close:1;
453 	uint8_t sent_close:1;
454 	uint8_t received_close:1;
455 };
456 
457 struct per_vhost_data__sshd;
458 
459 struct per_session_data__sshd {
460 	struct per_session_data__sshd *next;
461 	struct per_vhost_data__sshd *vhd;
462 	struct lws *wsi;
463 
464 	struct lws_kex *kex;
465 	char *disconnect_desc;
466 
467 	uint8_t K[LWS_SIZE_EC25519]; /* shared secret */
468 	uint8_t session_id[LWS_SIZE_SHA256]; /* H from first working KEX */
469 	char name[64];
470 	char last_auth_req_username[32];
471 	char last_auth_req_service[32];
472 
473 	struct lws_ssh_keys active_keys_cts;
474 	struct lws_ssh_keys active_keys_stc;
475 	struct lws_ssh_userauth *ua;
476 	struct lws_ssh_channel *ch_list;
477 	struct lws_ssh_channel *ch_temp;
478 
479 	uint8_t *last_alloc;
480 
481 	union {
482 		struct lws_ssh_pty pty;
483 		char aux[64];
484 	} args;
485 
486 	uint32_t ssh_sequence_ctr_cts;
487 	uint32_t ssh_sequence_ctr_stc;
488 
489 	uint64_t payload_bytes_cts;
490 	uint64_t payload_bytes_stc;
491 
492 	uint32_t disconnect_reason;
493 
494 	char V_C[64]; /* Client version String */
495 	uint8_t packet_assembly[2048];
496 	uint32_t pa_pos;
497 
498 	uint32_t msg_len;
499 	uint32_t pos;
500 	uint32_t len;
501 	uint32_t ctr;
502 	uint32_t npos;
503 	uint32_t reason;
504 	uint32_t channel_doing_spawn;
505 	int next_ch_num;
506 
507 	uint8_t K_S[LWS_SIZE_EC25519]; /* server public key */
508 
509 	uint32_t copy_to_I_C:1;
510 	uint32_t okayed_userauth:1;
511 	uint32_t sent_banner:1;
512 	uint32_t seen_auth_req_before:1;
513 	uint32_t serviced_stderr_last:1;
514 	uint32_t kex_state;
515 	uint32_t chrq_server_port;
516 	uint32_t ch_recip;
517 	uint32_t count_auth_attempts;
518 
519 	char parser_state;
520 	char state_after_string;
521 	char first_coming;
522 	uint8_t rq_want_reply;
523 	uint8_t ssh_auth_state;
524 
525 	uint8_t msg_id;
526 	uint8_t msg_padding;
527 	uint8_t write_task[8];
528 	struct lws_ssh_channel *write_channel[8];
529 	uint8_t wt_head, wt_tail;
530 };
531 
532 struct per_vhost_data__sshd {
533 	struct lws_context *context;
534 	struct lws_vhost *vhost;
535 	const struct lws_protocols *protocol;
536 	struct per_session_data__sshd *live_pss_list;
537 	const struct lws_ssh_ops *ops;
538 };
539 
540 
541 struct host_keys {
542 	uint8_t *data;
543 	uint32_t len;
544 };
545 
546 extern struct host_keys host_keys[];
547 
548 extern int
549 crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
550 			     const unsigned char *p);
551 
552 extern int
553 ed25519_key_parse(uint8_t *p, size_t len, char *type, size_t type_len,
554                   uint8_t *pub, uint8_t *pri);
555 
556 extern int
557 kex_ecdh(struct per_session_data__sshd *pss, uint8_t *result, uint32_t *plen);
558 
559 extern uint32_t
560 lws_g32(uint8_t **p);
561 
562 extern uint32_t
563 lws_p32(uint8_t *p, uint32_t v);
564 
565 extern int
566 lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len);
567 
568 extern const char *lws_V_S;
569 
570 extern int
571 lws_chacha_activate(struct lws_ssh_keys *keys);
572 
573 extern void
574 lws_chacha_destroy(struct lws_ssh_keys *keys);
575 
576 extern uint32_t
577 lws_chachapoly_get_length(struct lws_ssh_keys *keys, uint32_t seq,
578 			  const uint8_t *in4);
579 
580 extern void
581 poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
582     const u_char key[POLY1305_KEYLEN]);
583 
584 extern int
585 lws_chacha_decrypt(struct lws_ssh_keys *keys, uint32_t seq,
586 		   const uint8_t *ct, uint32_t len, uint8_t *pt);
587 extern int
588 lws_chacha_encrypt(struct lws_ssh_keys *keys, uint32_t seq,
589 		   const uint8_t *ct, uint32_t len, uint8_t *pt);
590 
591 extern void
592 lws_pad_set_length(struct per_session_data__sshd *pss, void *start, uint8_t **p,
593 		   struct lws_ssh_keys *keys);
594 
595 extern size_t
596 get_gen_server_key_25519(struct per_session_data__sshd *pss, uint8_t *b, size_t len);
597 
598 extern int
599 crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen,
600 		    const unsigned char *m, size_t mlen,
601 		    const unsigned char *sk);
602 
603 extern int
604 crypto_sign_ed25519_keypair(struct lws_context *context, uint8_t *pk,
605 			    uint8_t *sk);
606 
607 #endif
608