1 /* $OpenBSD: kex.h,v 1.71 2015/02/16 22:13:32 djm Exp $ */
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #include "buffer.h" /* XXX for typedef */
31 #include "key.h" /* XXX for typedef */
33 #ifdef WITH_LEAKMALLOC
34 #include "leakmalloc.h"
38 # ifdef OPENSSL_HAS_ECC
39 # include <openssl/ec.h>
40 # else /* OPENSSL_HAS_ECC */
42 # define EC_GROUP void
43 # define EC_POINT void
44 # endif /* OPENSSL_HAS_ECC */
45 #else /* WITH_OPENSSL */
47 # define EC_GROUP void
48 # define EC_POINT void
49 #endif /* WITH_OPENSSL */
51 #define KEX_COOKIE_LEN 16
53 #define KEX_DH1 "diffie-hellman-group1-sha1"
54 #define KEX_DH14 "diffie-hellman-group14-sha1"
55 #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
56 #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
57 #define KEX_RESUME "resume@appgate.com"
58 #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
59 #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
60 #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
61 #define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org"
65 #define COMP_DELAYED 2
67 #define CURVE25519_SIZE 32
69 enum kex_init_proposals {
71 PROPOSAL_SERVER_HOST_KEY_ALGS,
72 PROPOSAL_ENC_ALGS_CTOS,
73 PROPOSAL_ENC_ALGS_STOC,
74 PROPOSAL_MAC_ALGS_CTOS,
75 PROPOSAL_MAC_ALGS_STOC,
76 PROPOSAL_COMP_ALGS_CTOS,
77 PROPOSAL_COMP_ALGS_STOC,
99 #define KEX_INIT_SENT 0x0001
103 const struct sshcipher *cipher;
126 size_t session_id_len;
127 struct newkeys *newkeys[MODE_MAX];
142 char *client_version_string;
143 char *server_version_string;
144 int (*verify_host_key)(struct sshkey *, struct ssh *);
145 struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
146 struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
147 int (*host_key_index)(struct sshkey *, int, struct ssh *);
148 int (*sign)(struct sshkey *, struct sshkey *,
149 u_char **, size_t *, const u_char *, size_t, u_int);
150 int (*kex[KEX_MAX])(struct ssh *);
151 /* kex specific state */
153 u_int min, max, nbits; /* GEX */
154 EC_KEY *ec_client_key; /* ECDH */
155 const EC_GROUP *ec_group; /* ECDH */
156 u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
157 u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
160 int kex_names_valid(const char *);
161 char *kex_alg_list(char);
163 int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
164 int kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
165 void kex_free_newkeys(struct newkeys *);
166 void kex_free(struct kex *);
168 int kex_buf2prop(struct sshbuf *, int *, char ***);
169 int kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
170 void kex_prop_free(char **);
172 int kex_send_kexinit(struct ssh *);
173 int kex_input_kexinit(int, u_int32_t, void *);
174 int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
175 int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
176 int kex_send_newkeys(struct ssh *);
178 int kexdh_client(struct ssh *);
179 int kexdh_server(struct ssh *);
180 int kexgex_client(struct ssh *);
181 int kexgex_server(struct ssh *);
182 int kexecdh_client(struct ssh *);
183 int kexecdh_server(struct ssh *);
184 int kexc25519_client(struct ssh *);
185 int kexc25519_server(struct ssh *);
187 int kex_dh_hash(const char *, const char *,
188 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
189 const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
191 int kexgex_hash(int, const char *, const char *,
192 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
194 const BIGNUM *, const BIGNUM *, const BIGNUM *,
195 const BIGNUM *, const BIGNUM *,
198 int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
199 const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
200 const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
202 int kex_c25519_hash(int, const char *, const char *, const char *, size_t,
203 const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
204 const u_char *, size_t, u_char *, size_t *);
206 void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
207 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
208 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
209 int kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
210 const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
211 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
212 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
215 derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
217 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
218 void dump_digest(char *, u_char *, int);
221 #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)