ssh-agent

Ssh-agent protocol parser and serialization implementation
IN THIS PACKAGE
Module Ssh_agent
module Pubkey : sig ... end
module Privkey : sig ... end
type identity = {
pubkey : Pubkey.t;
comment : string;
}

identitys are returned when querying for identities, i.e. * in Ssh_agent_identities_answer when responding to * Ssh_agentc_request_identities.

type sign_flag =
| SSH_AGENT_RSA_SHA2_256
| SSH_AGENT_RSA_SHA2_512

Flags for what hashing algorithm is desired when doing a signing request. * SHA1 is assumed otherwise.

type key_constraint =
| Lifetime of int32
| Confirm
type ssh_agent_request_type = [
| `Ssh_agentc_request_identities
| `Ssh_agentc_sign_request
| `Ssh_agentc_extension
| `Ssh_agentc_successable
]

ssh_agent_request_type is used in the below GADTs for enforcing protocol * semantics. It represents types of requests. The `Ssh_agentc_successable * type is a generalization of all requests that expect either success or * failure.

type _ ssh_agent_request =
| Ssh_agentc_request_identities : [ `Ssh_agentc_request_identities ] ssh_agent_request
| Ssh_agentc_add_identity : {
privkey : Privkey.t;
key_comment : string;
} -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_remove_identity : Pubkey.t -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_remove_all_identities : [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_add_smartcard_key : {
smartcard_id : string;
smartcard_pin : string;
} -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_remove_smartcard_key : {
smartcard_reader_id : string;
smartcard_reader_pin : string;
} -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_lock : string -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_unlock : string -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_add_id_constrained : {
privkey : Privkey.t;
key_comment : string;
key_constraints : key_constraint list;
} -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_add_smartcard_key_constrained : {
smartcard_id : string;
smartcard_pin : string;
smartcard_constraints : key_constraint list;
} -> [ `Ssh_agentc_successable ] ssh_agent_request
| Ssh_agentc_extension : {
extension_type : string;
extension_contents : string;
} -> [ `Ssh_agentc_extension ] ssh_agent_request
type any_ssh_agent_request =
| Any_request : 'a ssh_agent_request -> any_ssh_agent_request
type _ ssh_agent_response =
| Ssh_agent_failure : [< ssh_agent_request_type ] ssh_agent_response
| Ssh_agent_success : [ `Ssh_agentc_successable ] ssh_agent_response
| Ssh_agent_extension_failure : [ `Ssh_agentc_extension ] ssh_agent_response
| Ssh_agent_extension_blob : string -> [ `Ssh_agentc_extension ] ssh_agent_response(*

Generic uninterpreted response - it's up to the library user to interpret * the message body.

*)
| Ssh_agent_identities_answer : identity list -> [ `Ssh_agentc_request_identities ] ssh_agent_response
| Ssh_agent_sign_response : string -> [ `Ssh_agentc_sign_request ] ssh_agent_response
type any_ssh_agent_response =
| Any_response : 'a ssh_agent_response -> any_ssh_agent_response
type request_handler = {
handle : 'a. 'a ssh_agent_request -> 'a ssh_agent_response;
}

Any function that takes a request and returns a valid response for the * request type

module Parse : sig ... end
module Serialize : sig ... end
val is_extension_request : 'a ssh_agent_request -> bool

is_extension_request request returns true if request is * Ssh_agentc_extension. Useful for passing ~extension to * ssh_agent_message.

val unpack_any_response : 'a ssh_agent_request -> any_ssh_agent_response -> ( 'a ssh_agent_response, string ) result

unpack_any_response request response unpacks response if it is a valid * response type with regard to request, otherwise Error is returned.

val sign : Privkey.t -> Ssh_agent__Protocol_number.sign_flag list -> string -> string

sign privkey flags blob returns a signature of blob using privkey * respecting the hashing algorithms specified by flags. Currently, only RSA * signatures are supported.

val string_of_tbs : Pubkey.ssh_rsa_cert_tbs -> string

string_of_tbs to_be_signed is the string representation of to_be_signed * that must be signed by to_be_signed.Pubkey.signature_key in order to * create a valid certificate.