 |
TrustCore SDK NanoSSH API reference
version 7.0
|
|
TrustCore SDK NanoSSH API reference
version 7.0
|
Functions | |
| MOC_EXTERN MSTATUS | SSH_AUTH_allocStructures (sshContext *pContextSSH) |
| Initialize SSH authentication structure. More... | |
| MOC_EXTERN MSTATUS | SSH_AUTH_deallocStructures (sshContext *pContextSSH) |
| Release SSH authentication structure. More... | |
| MOC_EXTERN MSTATUS | SSH_AUTH_doProtocol (sshContext *pContextSSH, ubyte *pNewMesg, ubyte4 newMesgLen) |
| Does the Authentication Protocol for SSH. More... | |
| MOC_EXTERN sbyte4 | SSH_compareAuthKeys (const ubyte *pPubKey, ubyte4 pubKeyLength, const ubyte *pFileKey, ubyte4 fileKeyLength, sbyte4 *pRetIsMatch) |
| Authenticate a client by public key authentication. More... | |
| MOC_EXTERN sbyte4 | SSH_convertOldKeyBlobToNew (ubyte *pOldDsaPublicKeyBlob, ubyte4 oldDsaPublicKeyBlobLength, ubyte *pOldDsaPrivateKeyBlob, ubyte4 oldDsaPrivateKeyBlobLength, ubyte **ppRetNewKeyBlob, ubyte4 *pRetNewKeyBlobLength) |
| Convert a key blob from NanoSSH version 1.41 and earlier formats to version 2.02 format. More... | |
| MOC_EXTERN sbyte4 | SSH_getInstanceFromSocket (TCP_SOCKET socket) |
| Get a socket's connection instance. More... | |
| MOC_EXTERN sbyte4 | SSH_getNextConnectionInstance (sbyte4 connectionInstance) |
| Get the next connection instance from the active NanoSSH connection instance table. More... | |
| MOC_EXTERN sbyte4 | SSH_getSessionCryptoInfo (sbyte4 connectionInstance, sbyte **ppInCipherName, sbyte **ppInMacName, sbyte **ppOutCipherName, sbyte **ppOutMacName) |
| Get a NanoSSH session's cipher names. More... | |
| MOC_EXTERN sbyte4 | SSH_getSocketId (sbyte4 connectionInstance, TCP_SOCKET *pRetSocket) |
| Get a connection's socket identifier. More... | |
| MOC_EXTERN sbyte4 | SSH_initiateReKey (sbyte4 connectionInstance, ubyte4 msAllowToComply) |
| Initiate an SSH re-key operation. More... | |
| MOC_EXTERN sbyte4 | SSH_numBytesTransmitted (sbyte4 connectionInstance, ubyte8 *pRetNumBytes) |
| Get the number of bytes sent and received through a given connectionInstance. More... | |
| MOC_EXTERN sbyte4 | SSH_setUserPortForwardingPermissions (sbyte4 connectionInstance, ubyte4 memberGroups) |
| Set a connection's port forwarding access permission. More... | |
| MOC_EXTERN sbyte4 | SSH_useThisCipherList (sbyte4 connectionInstance, ubyte *pCipherList) |
| Set a server's cipher list. More... | |
| MOC_EXTERN sbyte4 | SSH_useThisHmacList (sbyte4 connectionInstance, ubyte *pHmacList) |
| Set a server's HMAC list. More... | |
| MOC_EXTERN sbyte4 | SSH_verifyPublicKeyFile (sbyte *pKeyFileData, ubyte4 fileSize) |
| Verify that an RSA or DSS/DSA or ECC or EDDSA public key file format is valid. More... | |
| MOC_EXTERN MSTATUS SSH_AUTH_allocStructures | ( | sshContext * | pContextSSH | ) |
This function initializes authDescr structure in sshContext. It initializes keyInitAuthContext with NULL values, and allocates pAuthFailueBuffer with default values.
To enable this function, at least one of the following flags must be defined:
__ENABLE_MOCANA_SSH_SERVER__ | pContextSSH | SSH context whose authDescr field authContext will be populated. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS SSH_AUTH_deallocStructures | ( | sshContext * | pContextSSH | ) |
Free data in authDescr structure of sshContext.
To enable this function, at least one of the following flags must be defined:
__ENABLE_MOCANA_SSH_SERVER__ | pContextSSH | SSH context containing authDescr to release. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN MSTATUS SSH_AUTH_doProtocol | ( | sshContext * | pContextSSH, |
| ubyte * | pNewMesg, | ||
| ubyte4 | newMesgLen | ||
| ) |
Does the Authentication Protocol for SSH. Defined in RFC 4252. Receives service request and processes authentication message from client.
To enable this function, at least one of the following flags must be defined:
__ENABLE_MOCANA_SSH_SERVER__ | pContextSSH | SSH context for authentication request |
| pNewMesg | SSH binary packet containing message |
| newMesgLen | Length in bytes of pNewMesg |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_compareAuthKeys | ( | const ubyte * | pPubKey, |
| ubyte4 | pubKeyLength, | ||
| const ubyte * | pFileKey, | ||
| ubyte4 | fileKeyLength, | ||
| sbyte4 * | pRetIsMatch | ||
| ) |
This function (which should be called from the public key authentication callback method sshSettings::funcPtrPubKeyAuth) authenticates a client by public key authentication.
The key file may be any host key generated by any SSH-compliant client.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | pPubKey | Pointer to public key provided by the client. |
| pubKeyLength | Number of bytes in public key (pPubKey). |
| pFileKey | Pointer to the key on file to which the client's key will be compared. |
| fileKeyLength | Number of bytes in the key on file (pFileKey). |
| pRetIsMatch | On return, pointer to TRUE if the client's public key matches the key on file; otherwise pointer to FALSE. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_convertOldKeyBlobToNew | ( | ubyte * | pOldDsaPublicKeyBlob, |
| ubyte4 | oldDsaPublicKeyBlobLength, | ||
| ubyte * | pOldDsaPrivateKeyBlob, | ||
| ubyte4 | oldDsaPrivateKeyBlobLength, | ||
| ubyte ** | ppRetNewKeyBlob, | ||
| ubyte4 * | pRetNewKeyBlobLength | ||
| ) |
This function converts a key blob from NanoSSH version 1.41 and earlier formats to version 2.02 format. The 2.02 format adds RSA and ECC keys, providing greater flexibility and making development easier.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ Additionally, the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_OLD_DSA_CONVERSION__ __ENABLE_MOCANA_DSA__ | pOldDsaPublicKeyBlob | Pointer to original (pre-2.02 format) public key blob. |
| oldDsaPublicKeyBlobLength | Number of bytes in original public key blob (pOldDsaPublicKeyBlob). |
| pOldDsaPrivateKeyBlob | Pointer to original (pre-2.02 format) private key blob. |
| oldDsaPrivateKeyBlobLength | Number of bytes in original private key blob (pOldDsaPrivateKeyBlob). |
| ppRetNewKeyBlob | On return, pointer to new 2.02-formatted key blob, which contains both public and private keys. |
| pRetNewKeyBlobLength | On return, pointer to number of bytes in new key blob (ppRetNewKeyBlob). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_getInstanceFromSocket | ( | TCP_SOCKET | socket | ) |
This function retrieves a socket's connection instance.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | socket | TCP/IP socket whose connection instance you want. |
DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_getNextConnectionInstance | ( | sbyte4 | connectionInstance | ) |
This function traverses the active NanoSSH connection instance table, and returns the }next} connection instance. Your application can use this connection instance in a call to SSH_getSessionCryptoInfo().
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| MOC_EXTERN sbyte4 SSH_getSessionCryptoInfo | ( | sbyte4 | connectionInstance, |
| sbyte ** | ppInCipherName, | ||
| sbyte ** | ppInMacName, | ||
| sbyte ** | ppOutCipherName, | ||
| sbyte ** | ppOutMacName | ||
| ) |
This function retrieves the cipher names (strings) used for the specified NanoSSH session (connection instance).
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection(), SSH_ASYNC_acceptConnection(), or SSH_getNextConnectionInstance.() |
| ppInCipherName | On return, pointer to string containing the inbound cipher name (for example, "AES-256-CBC" or "BLOWFISH-CBC"). |
| ppInMacName | On return, pointer to string containing the inbound MAC name (for example, "HMAC-MD5-96" or "HMAC-SHA1"). |
| ppOutCipherName | On return, pointer to string containing the outbound cipher name (for example, "3DES-CBC"). |
| ppOutMacName | On return, pointer to string containing the outbound MAC name (for example, "HMAC-SHA1-96" or "HMAC-MD5"). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_getSocketId | ( | sbyte4 | connectionInstance, |
| TCP_SOCKET * | pRetSocket | ||
| ) |
This function retrieves a connection instance's socket identifier.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| pRetSocket | On return, pointer to the socket corresponding to the connection instance. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_initiateReKey | ( | sbyte4 | connectionInstance, |
| ubyte4 | msAllowToComply | ||
| ) |
This function initiates an SSH re-key operation. NanoSSH automatically processes re-key requests from SSH clients.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| msAllowToComply | Number of milliseconds to wait for an SSH client to respond before closing the session. Zero (0) indicates that the request is not being strictly enforced. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_numBytesTransmitted | ( | sbyte4 | connectionInstance, |
| ubyte8 * | pRetNumBytes | ||
| ) |
This function returns (through the pRetNumBytes parameter) the number of bytes sent and received through a given connectionInstance. Typical usage for this function is to determine when it's appropriate to initiate a re-key exchange operation.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| pRetNumBytes | On return, the number of bytes received and transmitted. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_setUserPortForwardingPermissions | ( | sbyte4 | connectionInstance, |
| ubyte4 | memberGroups | ||
| ) |
This function sets a connection's port forwarding access permission to the specified combination of the following bit flag constants:
MOCANA_SSH_ALLOW_DIRECT_TCPIP MOCANA_SSH_ALLOW_FORWARDED_TCPIP MOCANA_SSH_ALLOW_PRIVILEGED_DIRECT_TCPIP To enable this function, the following flag must be defined in moptions.h:
__ENABLE_MOCANA_SSH_PORT_FORWARDING__ Additionally, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| memberGroups | Combination of bit flag constant(s) specifying the desired port forwarding access permission. |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_useThisCipherList | ( | sbyte4 | connectionInstance, |
| ubyte * | pCipherList | ||
| ) |
This function dynamically updates cipher support selection.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| pCipherList | Pointer to a C string (NULL-terminated) cipher list to advertise. (See ssh_trans.c for the list of available ciphers.) |
CONNECT_NEGOTIATE.OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_useThisHmacList | ( | sbyte4 | connectionInstance, |
| ubyte * | pHmacList | ||
| ) |
This function dynamically updates HMAC support selelction.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | connectionInstance | Connection instance returned from SSH_acceptConnection() or SSH_ASYNC_acceptConnection(). |
| pHmacList | Pointer to a C string (NULL-terminated) HMAC list to advertise. (See ssh_trans.c for the list of available HMACs.) |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.| MOC_EXTERN sbyte4 SSH_verifyPublicKeyFile | ( | sbyte * | pKeyFileData, |
| ubyte4 | fileSize | ||
| ) |
This function verifies that the specified SSH RSA or DSS/DSA or ECC or EDDSA public key file format is valid, thereby proving a client's identity. You should call this function to verify every key file that is uploaded to the NanoSSH server or your device.
To enable this function, at least one of the following flags must be defined in moptions.h:
__ENABLE_MOCANA_SSH_SERVER__ __ENABLE_MOCANA_SSH_ASYNC_SERVER_API__ | pKeyFileData | Pointer to authentication key to be verified. |
| fileSize | Number of bytes in the public key (pKeyFileData). |
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.