xref: /aosp_15_r20/external/libwebsockets/plugins/ssh-base/include/lws-ssh.h (revision 1c60b9aca93fdbc9b5f19b2d2194c91294b22281)

/*
 * libwebsockets - small server side websockets and web server implementation
 *
 * Copyright (C) 2010 - 2019 Andy Green <[email protected]>
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */

#if !defined(__LWS_SSH_H__)
#define __LWS_SSH_H__

#if defined(LWS_HAVE_SYS_TYPES_H)
#include <sys/types.h>
#endif

#if defined(LWS_WITH_MBEDTLS)
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#include "mbedtls/rsa.h"
#endif

#include "lws-plugin-ssh.h"

#define LWS_SIZE_EC25519	32
#define LWS_SIZE_EC25519_PUBKEY 32
#define LWS_SIZE_EC25519_PRIKEY 64

#define LWS_SIZE_SHA256		32
#define LWS_SIZE_SHA512		64

#define LWS_SIZE_AES256_KEY	32
#define LWS_SIZE_AES256_IV	12
#define LWS_SIZE_AES256_MAC	16
#define LWS_SIZE_AES256_BLOCK	16

#define LWS_SIZE_CHACHA256_KEY	(2 * 32)
#define POLY1305_TAGLEN		16
#define POLY1305_KEYLEN		32

#define crypto_hash_sha512_BYTES 64U

#define PEEK_U64(p) \
        (((uint64_t)(((const uint8_t *)(p))[0]) << 56) | \
         ((uint64_t)(((const uint8_t *)(p))[1]) << 48) | \
         ((uint64_t)(((const uint8_t *)(p))[2]) << 40) | \
         ((uint64_t)(((const uint8_t *)(p))[3]) << 32) | \
         ((uint64_t)(((const uint8_t *)(p))[4]) << 24) | \
         ((uint64_t)(((const uint8_t *)(p))[5]) << 16) | \
         ((uint64_t)(((const uint8_t *)(p))[6]) << 8) | \
          (uint64_t)(((const uint8_t *)(p))[7]))
#define PEEK_U32(p) \
        (((uint32_t)(((const uint8_t *)(p))[0]) << 24) | \
         ((uint32_t)(((const uint8_t *)(p))[1]) << 16) | \
         ((uint32_t)(((const uint8_t *)(p))[2]) << 8) | \
          (uint32_t)(((const uint8_t *)(p))[3]))
#define PEEK_U16(p) \
        (((uint16_t)(((const uint8_t *)(p))[0]) << 8) | \
          (uint16_t)(((const uint8_t *)(p))[1]))

#define POKE_U64(p, v) \
        do { \
                const uint64_t __v = (v); \
                ((uint8_t *)(p))[0] = (uint8_t)((__v >> 56) & 0xff); \
                ((uint8_t *)(p))[1] = (uint8_t)((__v >> 48) & 0xff); \
                ((uint8_t *)(p))[2] = (uint8_t)((__v >> 40) & 0xff); \
                ((uint8_t *)(p))[3] = (uint8_t)((__v >> 32) & 0xff); \
                ((uint8_t *)(p))[4] = (uint8_t)((__v >> 24) & 0xff); \
                ((uint8_t *)(p))[5] = (uint8_t)((__v >> 16) & 0xff); \
                ((uint8_t *)(p))[6] = (uint8_t)((__v >> 8) & 0xff); \
                ((uint8_t *)(p))[7] = (uint8_t)(__v & 0xff); \
        } while (0)
#define POKE_U32(p, v) \
        do { \
                const uint32_t __v = (v); \
                ((uint8_t *)(p))[0] = (uint8_t)((__v >> 24) & 0xff); \
                ((uint8_t *)(p))[1] = (uint8_t)((__v >> 16) & 0xff); \
                ((uint8_t *)(p))[2] = (uint8_t)((__v >> 8) & 0xff); \
                ((uint8_t *)(p))[3] = (uint8_t)(__v & 0xff); \
        } while (0)
#define POKE_U16(p, v) \
        do { \
                const uint16_t __v = (v); \
                ((uint8_t *)(p))[0] = (__v >> 8) & 0xff; \
                ((uint8_t *)(p))[1] = __v & 0xff; \
        } while (0)


enum {
	SSH_MSG_DISCONNECT					= 1,
	SSH_MSG_IGNORE						= 2,
	SSH_MSG_UNIMPLEMENTED					= 3,
	SSH_MSG_DEBUG						= 4,
	SSH_MSG_SERVICE_REQUEST					= 5,
	SSH_MSG_SERVICE_ACCEPT					= 6,
	SSH_MSG_KEXINIT						= 20,
	SSH_MSG_NEWKEYS						= 21,

	/* 30 .. 49: KEX messages specific to KEX protocol */
	SSH_MSG_KEX_ECDH_INIT					= 30,
	SSH_MSG_KEX_ECDH_REPLY					= 31,

	/* 50... userauth */

	SSH_MSG_USERAUTH_REQUEST				= 50,
	SSH_MSG_USERAUTH_FAILURE				= 51,
	SSH_MSG_USERAUTH_SUCCESS				= 52,
	SSH_MSG_USERAUTH_BANNER					= 53,

	/* 60... publickey */

	SSH_MSG_USERAUTH_PK_OK					= 60,

	/* 80... connection */

	SSH_MSG_GLOBAL_REQUEST					= 80,
	SSH_MSG_REQUEST_SUCCESS					= 81,
	SSH_MSG_REQUEST_FAILURE					= 82,

	SSH_MSG_CHANNEL_OPEN					= 90,
	SSH_MSG_CHANNEL_OPEN_CONFIRMATION			= 91,
	SSH_MSG_CHANNEL_OPEN_FAILURE				= 92,
	SSH_MSG_CHANNEL_WINDOW_ADJUST				= 93,
	SSH_MSG_CHANNEL_DATA					= 94,
	SSH_MSG_CHANNEL_EXTENDED_DATA				= 95,
	SSH_MSG_CHANNEL_EOF					= 96,
	SSH_MSG_CHANNEL_CLOSE					= 97,
	SSH_MSG_CHANNEL_REQUEST					= 98,
	SSH_MSG_CHANNEL_SUCCESS					= 99,
	SSH_MSG_CHANNEL_FAILURE					= 100,

	SSH_EXTENDED_DATA_STDERR				= 1,

	SSH_CH_TYPE_SESSION					= 1,
	SSH_CH_TYPE_SCP						= 2,
	SSH_CH_TYPE_SFTP					= 3,

	SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT		= 1,
	SSH_DISCONNECT_PROTOCOL_ERROR				= 2,
	SSH_DISCONNECT_KEY_EXCHANGE_FAILED			= 3,
	SSH_DISCONNECT_RESERVED					= 4,
	SSH_DISCONNECT_MAC_ERROR				= 5,
	SSH_DISCONNECT_COMPRESSION_ERROR			= 6,
	SSH_DISCONNECT_SERVICE_NOT_AVAILABLE			= 7,
	SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED		= 8,
	SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE			= 9,
	SSH_DISCONNECT_CONNECTION_LOST				= 10,
	SSH_DISCONNECT_BY_APPLICATION				= 11,
	SSH_DISCONNECT_TOO_MANY_CONNECTIONS			= 12,
	SSH_DISCONNECT_AUTH_CANCELLED_BY_USER			= 13,
	SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE		= 14,
	SSH_DISCONNECT_ILLEGAL_USER_NAME			= 15,

	SSH_OPEN_ADMINISTRATIVELY_PROHIBITED			= 1,
	SSH_OPEN_CONNECT_FAILED					= 2,
	SSH_OPEN_UNKNOWN_CHANNEL_TYPE				= 3,
	SSH_OPEN_RESOURCE_SHORTAGE				= 4,

	KEX_STATE_EXPECTING_CLIENT_OFFER			= 0,
	KEX_STATE_REPLIED_TO_OFFER,
	KEX_STATE_CRYPTO_INITIALIZED,

	SSH_KEYIDX_IV						= 0,
	SSH_KEYIDX_ENC,
	SSH_KEYIDX_INTEG,

	/* things we may write on the connection */

	SSH_WT_NONE						= 0,
	SSH_WT_VERSION,
	SSH_WT_OFFER,
	SSH_WT_OFFER_REPLY,
	SSH_WT_SEND_NEWKEYS,
	SSH_WT_UA_ACCEPT,
	SSH_WT_UA_FAILURE,
	SSH_WT_UA_BANNER,
	SSH_WT_UA_PK_OK,
	SSH_WT_UA_SUCCESS,
	SSH_WT_CH_OPEN_CONF,
	SSH_WT_CH_FAILURE,
	SSH_WT_CHRQ_SUCC,
	SSH_WT_CHRQ_FAILURE,
	SSH_WT_SCP_ACK_OKAY,
	SSH_WT_SCP_ACK_ERROR,
	SSH_WT_CH_CLOSE,
	SSH_WT_CH_EOF,
	SSH_WT_WINDOW_ADJUST,
	SSH_WT_EXIT_STATUS,

	/* RX parser states */

	SSH_INITIALIZE_TRANSIENT				= 0,
	SSHS_IDSTRING,
	SSHS_IDSTRING_CR,
	SSHS_MSG_LEN,
	SSHS_MSG_PADDING,
	SSHS_MSG_ID,
	SSH_KEX_STATE_COOKIE,
	SSH_KEX_NL_KEX_ALGS_LEN,
	SSH_KEX_NL_KEX_ALGS,
	SSH_KEX_NL_SHK_ALGS_LEN,
	SSH_KEX_NL_SHK_ALGS,
	SSH_KEX_NL_EACTS_ALGS_LEN,
	SSH_KEX_NL_EACTS_ALGS,
	SSH_KEX_NL_EASTC_ALGS_LEN,
	SSH_KEX_NL_EASTC_ALGS,
	SSH_KEX_NL_MACTS_ALGS_LEN,
	SSH_KEX_NL_MACTS_ALGS,
	SSH_KEX_NL_MASTC_ALGS_LEN,
	SSH_KEX_NL_MASTC_ALGS,
	SSH_KEX_NL_CACTS_ALGS_LEN,
	SSH_KEX_NL_CACTS_ALGS,
	SSH_KEX_NL_CASTC_ALGS_LEN,
	SSH_KEX_NL_CASTC_ALGS,
	SSH_KEX_NL_LCTS_ALGS_LEN,
	SSH_KEX_NL_LCTS_ALGS,
	SSH_KEX_NL_LSTC_ALGS_LEN,
	SSH_KEX_NL_LSTC_ALGS,
	SSH_KEX_FIRST_PKT,
	SSH_KEX_RESERVED,

	SSH_KEX_STATE_ECDH_KEYLEN,
	SSH_KEX_STATE_ECDH_Q_C,

	SSHS_MSG_EAT_PADDING,
	SSH_KEX_STATE_SKIP,

	SSHS_GET_STRING_LEN,
	SSHS_GET_STRING,
	SSHS_GET_STRING_LEN_ALLOC,
	SSHS_GET_STRING_ALLOC,
	SSHS_DO_SERVICE_REQUEST,

	SSHS_DO_UAR_SVC,
	SSHS_DO_UAR_PUBLICKEY,
	SSHS_NVC_DO_UAR_CHECK_PUBLICKEY,
	SSHS_DO_UAR_SIG_PRESENT,
	SSHS_NVC_DO_UAR_ALG,
	SSHS_NVC_DO_UAR_PUBKEY_BLOB,
	SSHS_NVC_DO_UAR_SIG,

	SSHS_GET_U32,

	SSHS_NVC_CHOPEN_TYPE,
	SSHS_NVC_CHOPEN_SENDER_CH,
	SSHS_NVC_CHOPEN_WINSIZE,
	SSHS_NVC_CHOPEN_PKTSIZE,

	SSHS_NVC_CHRQ_RECIP,
	SSHS_NVC_CHRQ_TYPE,
	SSHS_CHRQ_WANT_REPLY,
        SSHS_NVC_CHRQ_TERM,
        SSHS_NVC_CHRQ_TW,
        SSHS_NVC_CHRQ_TH,
	SSHS_NVC_CHRQ_TWP,
        SSHS_NVC_CHRQ_THP,
        SSHS_NVC_CHRQ_MODES,

	SSHS_NVC_CHRQ_ENV_NAME,
	SSHS_NVC_CHRQ_ENV_VALUE,

	SSHS_NVC_CHRQ_EXEC_CMD,

	SSHS_NVC_CHRQ_SUBSYSTEM,

	SSHS_NVC_CHRQ_WNDCHANGE_TW,
	SSHS_NVC_CHRQ_WNDCHANGE_TH,
	SSHS_NVC_CHRQ_WNDCHANGE_TWP,
	SSHS_NVC_CHRQ_WNDCHANGE_THP,

	SSHS_NVC_CH_EOF,
	SSHS_NVC_CH_CLOSE,

	SSHS_NVC_CD_RECIP,
	SSHS_NVC_CD_DATA,
	SSHS_NVC_CD_DATA_ALLOC,

	SSHS_NVC_WA_RECIP,
	SSHS_NVC_WA_ADD,

	SSHS_NVC_DISCONNECT_REASON,
	SSHS_NVC_DISCONNECT_DESC,
	SSHS_NVC_DISCONNECT_LANG,

	SSHS_SCP_COLLECTSTR			= 0,
	SSHS_SCP_PAYLOADIN			= 1,


	/* from https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13 */

	SECSH_FILEXFER_VERSION			= 6,

	/* sftp packet types */

	SSH_FXP_INIT				= 1,
	SSH_FXP_VERSION				= 2,
	SSH_FXP_OPEN				= 3,
	SSH_FXP_CLOSE				= 4,
	SSH_FXP_READ				= 5,
	SSH_FXP_WRITE				= 6,
	SSH_FXP_LSTAT				= 7,
	SSH_FXP_FSTAT				= 8,
	SSH_FXP_SETSTAT				= 9,
	SSH_FXP_FSETSTAT			= 10,
	SSH_FXP_OPENDIR				= 11,
	SSH_FXP_READDIR				= 12,
	SSH_FXP_REMOVE				= 13,
	SSH_FXP_MKDIR				= 14,
	SSH_FXP_RMDIR				= 15,
	SSH_FXP_REALPATH			= 16,
	SSH_FXP_STAT				= 17,
	SSH_FXP_RENAME				= 18,
	SSH_FXP_READLINK			= 19,
	SSH_FXP_LINK				= 21,
	SSH_FXP_BLOCK				= 22,
	SSH_FXP_UNBLOCK				= 23,
	SSH_FXP_STATUS				= 101,
	SSH_FXP_HANDLE				= 102,
	SSH_FXP_DATA				= 103,
	SSH_FXP_NAME				= 104,
	SSH_FXP_ATTRS				= 105,
	SSH_FXP_EXTENDED			= 200,
	SSH_FXP_EXTENDED_REPLY			= 201,

	/* sftp return codes */

	SSH_FX_OK				= 0,
	SSH_FX_EOF				= 1,
	SSH_FX_NO_SUCH_FILE			= 2,
	SSH_FX_PERMISSION_DENIED		= 3,
	SSH_FX_FAILURE				= 4,
	SSH_FX_BAD_MESSAGE			= 5,
	SSH_FX_NO_CONNECTION			= 6,
	SSH_FX_CONNECTION_LOST			= 7,
	SSH_FX_OP_UNSUPPORTED			= 8,
	SSH_FX_INVALID_HANDLE			= 9,
	SSH_FX_NO_SUCH_PATH			= 10,
	SSH_FX_FILE_ALREADY_EXISTS		= 11,
	SSH_FX_WRITE_PROTECT			= 12,
	SSH_FX_NO_MEDIA				= 13,
	SSH_FX_NO_SPACE_ON_FILESYSTEM		= 14,
	SSH_FX_QUOTA_EXCEEDED			= 15,
	SSH_FX_UNKNOWN_PRINCIPAL		= 16,
	SSH_FX_LOCK_CONFLICT			= 17,
	SSH_FX_DIR_NOT_EMPTY			= 18,
	SSH_FX_NOT_A_DIRECTORY			= 19,
	SSH_FX_INVALID_FILENAME			= 20,
	SSH_FX_LINK_LOOP			= 21,
	SSH_FX_CANNOT_DELETE			= 22,
	SSH_FX_INVALID_PARAMETER		= 23,
	SSH_FX_FILE_IS_A_DIRECTORY		= 24,
	SSH_FX_BYTE_RANGE_LOCK_CONFLICT		= 25,
	SSH_FX_BYTE_RANGE_LOCK_REFUSED		= 26,
	SSH_FX_DELETE_PENDING			= 27,
	SSH_FX_FILE_CORRUPT			= 28,
	SSH_FX_OWNER_INVALID			= 29,
	SSH_FX_GROUP_INVALID			= 30,
	SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK	= 31,


	SSH_PENDING_TIMEOUT_CONNECT_TO_SUCCESSFUL_AUTH =
			PENDING_TIMEOUT_USER_REASON_BASE + 0,

	SSH_AUTH_STATE_NO_AUTH			= 0,
	SSH_AUTH_STATE_GAVE_AUTH_IGNORE_REQS	= 1,
};

#define LWS_SSH_INITIAL_WINDOW 16384

struct lws_ssh_userauth {
	struct lws_genhash_ctx hash_ctx;
	char *username;
	char *service;
	char *alg;
	uint8_t *pubkey;
	uint32_t pubkey_len;
	uint8_t *sig;
	uint32_t sig_len;
	char sig_present;
};

struct lws_ssh_keys {
	/* 3 == SSH_KEYIDX_IV (len=4), SSH_KEYIDX_ENC, SSH_KEYIDX_INTEG */
	uint8_t key[3][LWS_SIZE_CHACHA256_KEY];

	/* opaque allocation made when cipher activated */
	void *cipher;

	uint8_t MAC_length;
	uint8_t padding_alignment; /* block size */
	uint8_t valid:1;
	uint8_t full_length:1;
};

struct lws_kex {
	uint8_t kex_r[256];
	uint8_t Q_C[LWS_SIZE_EC25519]; /* client eph public key aka 'e' */
	uint8_t eph_pri_key[LWS_SIZE_EC25519]; /* server eph private key */
	uint8_t Q_S[LWS_SIZE_EC25519]; /* server ephemeral public key */
	uint8_t kex_cookie[16];
	uint8_t *I_C; /* malloc'd copy of client KEXINIT payload */
	uint8_t *I_S; /* malloc'd copy of server KEXINIT payload */
	uint32_t I_C_payload_len;
	uint32_t I_C_alloc_len;
	uint32_t I_S_payload_len;
	uint32_t kex_r_len;
	uint8_t match_bitfield;
	uint8_t newkeys; /* which sides newkeys have been applied */

	struct lws_ssh_keys keys_next_cts;
	struct lws_ssh_keys keys_next_stc;
};

struct lws_subprotocol_scp {
	char fp[128];
	uint64_t len;
	uint32_t attr;
	char cmd;
	char ips;
};

typedef union {
	struct lws_subprotocol_scp scp;
} lws_subprotocol;

struct per_session_data__sshd;

struct lws_ssh_channel {
	struct lws_ssh_channel *next;

	struct per_session_data__sshd *pss;

	lws_subprotocol *sub; /* NULL, or allocated subprotocol state */
	void *priv; /* owned by user code */
	int type;
	uint32_t server_ch;
	uint32_t sender_ch;
	int32_t window;
	int32_t peer_window_est;
	uint32_t max_pkt;

	uint32_t spawn_pid;
	int retcode;

	uint8_t scheduled_close:1;
	uint8_t sent_close:1;
	uint8_t received_close:1;
};

struct per_vhost_data__sshd;

struct per_session_data__sshd {
	struct per_session_data__sshd *next;
	struct per_vhost_data__sshd *vhd;
	struct lws *wsi;

	struct lws_kex *kex;
	char *disconnect_desc;

	uint8_t K[LWS_SIZE_EC25519]; /* shared secret */
	uint8_t session_id[LWS_SIZE_SHA256]; /* H from first working KEX */
	char name[64];
	char last_auth_req_username[32];
	char last_auth_req_service[32];

	struct lws_ssh_keys active_keys_cts;
	struct lws_ssh_keys active_keys_stc;
	struct lws_ssh_userauth *ua;
	struct lws_ssh_channel *ch_list;
	struct lws_ssh_channel *ch_temp;

	uint8_t *last_alloc;

	union {
		struct lws_ssh_pty pty;
		char aux[64];
	} args;

	uint32_t ssh_sequence_ctr_cts;
	uint32_t ssh_sequence_ctr_stc;

	uint64_t payload_bytes_cts;
	uint64_t payload_bytes_stc;

	uint32_t disconnect_reason;

	char V_C[64]; /* Client version String */
	uint8_t packet_assembly[2048];
	uint32_t pa_pos;

	uint32_t msg_len;
	uint32_t pos;
	uint32_t len;
	uint32_t ctr;
	uint32_t npos;
	uint32_t reason;
	uint32_t channel_doing_spawn;
	int next_ch_num;

	uint8_t K_S[LWS_SIZE_EC25519]; /* server public key */

	uint32_t copy_to_I_C:1;
	uint32_t okayed_userauth:1;
	uint32_t sent_banner:1;
	uint32_t seen_auth_req_before:1;
	uint32_t serviced_stderr_last:1;
	uint32_t kex_state;
	uint32_t chrq_server_port;
	uint32_t ch_recip;
	uint32_t count_auth_attempts;

	char parser_state;
	char state_after_string;
	char first_coming;
	uint8_t rq_want_reply;
	uint8_t ssh_auth_state;

	uint8_t msg_id;
	uint8_t msg_padding;
	uint8_t write_task[8];
	struct lws_ssh_channel *write_channel[8];
	uint8_t wt_head, wt_tail;
};

struct per_vhost_data__sshd {
	struct lws_context *context;
	struct lws_vhost *vhost;
	const struct lws_protocols *protocol;
	struct per_session_data__sshd *live_pss_list;
	const struct lws_ssh_ops *ops;
};


struct host_keys {
	uint8_t *data;
	uint32_t len;
};

extern struct host_keys host_keys[];

extern int
crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
			     const unsigned char *p);

extern int
ed25519_key_parse(uint8_t *p, size_t len, char *type, size_t type_len,
                  uint8_t *pub, uint8_t *pri);

extern int
kex_ecdh(struct per_session_data__sshd *pss, uint8_t *result, uint32_t *plen);

extern uint32_t
lws_g32(uint8_t **p);

extern uint32_t
lws_p32(uint8_t *p, uint32_t v);

extern int
lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len);

extern const char *lws_V_S;

extern int
lws_chacha_activate(struct lws_ssh_keys *keys);

extern void
lws_chacha_destroy(struct lws_ssh_keys *keys);

extern uint32_t
lws_chachapoly_get_length(struct lws_ssh_keys *keys, uint32_t seq,
			  const uint8_t *in4);

extern void
poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
    const u_char key[POLY1305_KEYLEN]);

extern int
lws_chacha_decrypt(struct lws_ssh_keys *keys, uint32_t seq,
		   const uint8_t *ct, uint32_t len, uint8_t *pt);
extern int
lws_chacha_encrypt(struct lws_ssh_keys *keys, uint32_t seq,
		   const uint8_t *ct, uint32_t len, uint8_t *pt);

extern void
lws_pad_set_length(struct per_session_data__sshd *pss, void *start, uint8_t **p,
		   struct lws_ssh_keys *keys);

extern size_t
get_gen_server_key_25519(struct per_session_data__sshd *pss, uint8_t *b, size_t len);

extern int
crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen,
		    const unsigned char *m, size_t mlen,
		    const unsigned char *sk);

extern int
crypto_sign_ed25519_keypair(struct lws_context *context, uint8_t *pk,
			    uint8_t *sk);

#endif